diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
commit | fd544421f3cc773adffc30e30d715352a4a0e51e (patch) | |
tree | 179942e973f357333f9720ca7246b8b3ad349cef /sys/kern/sys_pipe.c | |
parent | d0709eea67e0ae904f80928991bf3ce66b3fcbc4 (diff) | |
download | FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.zip FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.tar.gz |
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/sys_pipe.c')
-rw-r--r-- | sys/kern/sys_pipe.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c index d956501..489aeaf 100644 --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -469,7 +469,7 @@ pipe_read(fp, uio, active_cred, flags, td) goto unlocked_error; #ifdef MAC - error = mac_check_pipe_op(active_cred, rpipe, MAC_OP_PIPE_READ); + error = mac_check_pipe_read(active_cred, rpipe); if (error) goto locked_error; #endif @@ -885,7 +885,7 @@ pipe_write(fp, uio, active_cred, flags, td) return (EPIPE); } #ifdef MAC - error = mac_check_pipe_op(active_cred, wpipe, MAC_OP_PIPE_WRITE); + error = mac_check_pipe_write(active_cred, wpipe); if (error) { PIPE_UNLOCK(rpipe); return (error); @@ -1233,7 +1233,7 @@ pipe_poll(fp, events, active_cred, td) wpipe = rpipe->pipe_peer; PIPE_LOCK(rpipe); #ifdef MAC - error = mac_check_pipe_op(active_cred, rpipe, MAC_OP_PIPE_POLL); + error = mac_check_pipe_poll(active_cred, rpipe); if (error) goto locked_error; #endif @@ -1289,7 +1289,7 @@ pipe_stat(fp, ub, active_cred, td) int error; /* XXXMAC: Pipe should be locked for this check. */ - error = mac_check_pipe_op(active_cred, pipe, MAC_OP_PIPE_STAT); + error = mac_check_pipe_stat(active_cred, pipe); if (error) return (error); #endif |