diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-27 10:38:57 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-27 10:38:57 +0000 |
commit | 744e5dbc9764b724274c5c8fc99fa5a56574e3f5 (patch) | |
tree | 0fa6beaa43438c902673b4568c616720bff307cd | |
parent | 5899a19cd0458cd0b2a8416612625c2ccf40037a (diff) | |
download | FreeBSD-src-744e5dbc9764b724274c5c8fc99fa5a56574e3f5.zip FreeBSD-src-744e5dbc9764b724274c5c8fc99fa5a56574e3f5.tar.gz |
Give each posixsem MAC Framework entry point its own counter and test case
in the mac_test policy, rather than sharing a single function for all of
the access control checks.
Obtained from: TrustedBSD Project
-rw-r--r-- | sys/security/mac_test/mac_test.c | 83 |
1 files changed, 74 insertions, 9 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 04a6571..e59bcf9 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1612,15 +1612,80 @@ test_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } -COUNTER_DECL(posixsem_check); +COUNTER_DECL(posixsem_check_destroy); static int -test_posixsem_check(struct ucred *cred, struct ksem *ks, +test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, struct label *kslabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check); + COUNTER_INC(posixsem_check_destroy); + + return (0); +} + +COUNTER_DECL(posixsem_check_getvalue); +static int +test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_getvalue); + + return (0); +} + +COUNTER_DECL(posixsem_check_open); +static int +test_posixsem_check_open(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_open); + + return (0); +} + +COUNTER_DECL(posixsem_check_post); +static int +test_posixsem_check_post(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_post); + + return (0); +} + +COUNTER_DECL(posixsem_check_unlink); +static int +test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_unlink); + + return (0); +} + +COUNTER_DECL(posixsem_check_wait); +static int +test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_wait); return (0); } @@ -2616,12 +2681,12 @@ static struct mac_policy_ops test_ops = .mpo_pipe_check_relabel = test_pipe_check_relabel, .mpo_pipe_check_stat = test_pipe_check_stat, .mpo_pipe_check_write = test_pipe_check_write, - .mpo_posixsem_check_destroy = test_posixsem_check, - .mpo_posixsem_check_getvalue = test_posixsem_check, - .mpo_posixsem_check_open = test_posixsem_check, - .mpo_posixsem_check_post = test_posixsem_check, - .mpo_posixsem_check_unlink = test_posixsem_check, - .mpo_posixsem_check_wait = test_posixsem_check, + .mpo_posixsem_check_destroy = test_posixsem_check_destroy, + .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, + .mpo_posixsem_check_open = test_posixsem_check_open, + .mpo_posixsem_check_post = test_posixsem_check_post, + .mpo_posixsem_check_unlink = test_posixsem_check_unlink, + .mpo_posixsem_check_wait = test_posixsem_check_wait, .mpo_proc_check_debug = test_proc_check_debug, .mpo_proc_check_sched = test_proc_check_sched, .mpo_proc_check_setaudit = test_proc_check_setaudit, |