diff options
author | pjd <pjd@FreeBSD.org> | 2004-02-22 12:31:44 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2004-02-22 12:31:44 +0000 |
commit | 01d59d6bbb5b5f5108b1f5454d11ff3b3be2dad6 (patch) | |
tree | 1c4d31f4b056d45cd39f0c68f6aad1b1af2ebd1c /sys/security/mac/mac_framework.h | |
parent | fb7918f5d7ebb7e391b17203a42b3a5a6d07af2b (diff) | |
download | FreeBSD-src-01d59d6bbb5b5f5108b1f5454d11ff3b3be2dad6.zip FreeBSD-src-01d59d6bbb5b5f5108b1f5454d11ff3b3be2dad6.tar.gz |
Reimplement sysctls handling by MAC framework.
Now I believe it is done in the right way.
Removed some XXMAC cases, we now assume 'high' integrity level for all
sysctls, except those with CTLFLAG_ANYBODY flag set. No more magic.
Reviewed by: rwatson
Approved by: rwatson, scottl (mentor)
Tested with: LINT (compilation), mac_biba(4) (functionality)
Diffstat (limited to 'sys/security/mac/mac_framework.h')
-rw-r--r-- | sys/security/mac/mac_framework.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 895c7e3..59c247a 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -120,6 +120,8 @@ struct mount; struct proc; struct sockaddr; struct socket; +struct sysctl_oid; +struct sysctl_req; struct pipepair; struct thread; struct timespec; @@ -281,9 +283,8 @@ int mac_check_system_reboot(struct ucred *cred, int howto); int mac_check_system_settime(struct ucred *cred); int mac_check_system_swapon(struct ucred *cred, struct vnode *vp); int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); -int mac_check_system_sysctl(struct ucred *cred, int *name, - u_int namelen, void *old, size_t *oldlenp, int inkernel, - void *new, size_t newlen); +int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); |