summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_policy.h
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-19 19:04:53 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-19 19:04:53 +0000
commita1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch)
tree77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/security/mac/mac_policy.h
parent32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff)
downloadFreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip
FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred when calling these checks with a struct file available. Otherwise, pass NOCRED. All currently MAC policies use active_cred, but could now offer the cached credential semantic used for the base system security model. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac/mac_policy.h')
-rw-r--r--sys/security/mac/mac_policy.h12
1 files changed, 8 insertions, 4 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index d0065aa..c3f2046 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -301,9 +301,11 @@ struct mac_policy_ops {
struct vnode *vp, struct label *label, int newmapping);
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t acc_mode);
- int (*mpo_check_vnode_poll)(struct ucred *cred, struct vnode *vp,
+ int (*mpo_check_vnode_poll)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
- int (*mpo_check_vnode_read)(struct ucred *cred, struct vnode *vp,
+ int (*mpo_check_vnode_read)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
int (*mpo_check_vnode_readdir)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel);
@@ -337,9 +339,11 @@ struct mac_policy_ops {
int (*mpo_check_vnode_setutimes)(struct ucred *cred,
struct vnode *vp, struct label *label,
struct timespec atime, struct timespec mtime);
- int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp,
+ int (*mpo_check_vnode_stat)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
- int (*mpo_check_vnode_write)(struct ucred *cred, struct vnode *vp,
+ int (*mpo_check_vnode_write)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
};
OpenPOWER on IntegriCloud