diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
commit | fd544421f3cc773adffc30e30d715352a4a0e51e (patch) | |
tree | 179942e973f357333f9720ca7246b8b3ad349cef /sys/kern/kern_mac.c | |
parent | d0709eea67e0ae904f80928991bf3ce66b3fcbc4 (diff) | |
download | FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.zip FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.tar.gz |
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_mac.c')
-rw-r--r-- | sys/kern/kern_mac.c | 50 |
1 files changed, 46 insertions, 4 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index f8cb676..7bf7393 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -667,14 +667,26 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_pipe_ioctl = mpe->mpe_function; break; - case MAC_CHECK_PIPE_OP: - mpc->mpc_ops->mpo_check_pipe_op = + case MAC_CHECK_PIPE_POLL: + mpc->mpc_ops->mpo_check_pipe_poll = + mpe->mpe_function; + break; + case MAC_CHECK_PIPE_READ: + mpc->mpc_ops->mpo_check_pipe_read = mpe->mpe_function; break; case MAC_CHECK_PIPE_RELABEL: mpc->mpc_ops->mpo_check_pipe_relabel = mpe->mpe_function; break; + case MAC_CHECK_PIPE_STAT: + mpc->mpc_ops->mpo_check_pipe_stat = + mpe->mpe_function; + break; + case MAC_CHECK_PIPE_WRITE: + mpc->mpc_ops->mpo_check_pipe_write = + mpe->mpe_function; + break; case MAC_CHECK_PROC_DEBUG: mpc->mpc_ops->mpo_check_proc_debug = mpe->mpe_function; @@ -2539,11 +2551,21 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd, } int -mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op) +mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe) { int error; - MAC_CHECK(check_pipe_op, cred, pipe, pipe->pipe_label, op); + MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label); + + return (error); +} + +int +mac_check_pipe_read(struct ucred *cred, struct pipe *pipe) +{ + int error; + + MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label); return (error); } @@ -2560,6 +2582,26 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } int +mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe) +{ + int error; + + MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label); + + return (error); +} + +int +mac_check_pipe_write(struct ucred *cred, struct pipe *pipe) +{ + int error; + + MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label); + + return (error); +} + +int mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; |