diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-04-22 16:18:10 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-04-22 16:18:10 +0000 |
| commit | 1c94b6d3ee7cc5a273997e5dd61d432475bed233 (patch) | |
| tree | 1a5de6c7822c50a3ed2d30c9621d0e6c1932b16f /sys/security/mac/mac_policy.h | |
| parent | c729a4c68dbc009109dc4dacf19bd61514820196 (diff) | |
| download | FreeBSD-src-1c94b6d3ee7cc5a273997e5dd61d432475bed233.zip FreeBSD-src-1c94b6d3ee7cc5a273997e5dd61d432475bed233.tar.gz | |
In the MAC Framework implementation, file systems have two per-mountpoint
labels: the mount label (label of the mountpoint) and the fs label (label
of the file system). In practice, policies appear to only ever use one,
and the distinction is not helpful.
Combine mnt_mntlabel and mnt_fslabel into a single mnt_label, and
eliminate extra machinery required to maintain the additional label.
Update policies to reflect removal of extra entry points and label.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Diffstat (limited to 'sys/security/mac/mac_policy.h')
| -rw-r--r-- | sys/security/mac/mac_policy.h | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 451633f..77d3f98 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -127,7 +127,6 @@ typedef void (*mpo_init_sysv_shm_label_t)(struct label *label); typedef int (*mpo_init_ipq_label_t)(struct label *label, int flag); typedef int (*mpo_init_mbuf_label_t)(struct label *label, int flag); typedef void (*mpo_init_mount_label_t)(struct label *label); -typedef void (*mpo_init_mount_fs_label_t)(struct label *label); typedef int (*mpo_init_socket_label_t)(struct label *label, int flag); typedef int (*mpo_init_socket_peer_label_t)(struct label *label, int flag); @@ -147,7 +146,6 @@ typedef void (*mpo_destroy_sysv_shm_label_t)(struct label *label); typedef void (*mpo_destroy_ipq_label_t)(struct label *label); typedef void (*mpo_destroy_mbuf_label_t)(struct label *label); typedef void (*mpo_destroy_mount_label_t)(struct label *label); -typedef void (*mpo_destroy_mount_fs_label_t)(struct label *label); typedef void (*mpo_destroy_socket_label_t)(struct label *label); typedef void (*mpo_destroy_socket_peer_label_t)(struct label *label); typedef void (*mpo_destroy_pipe_label_t)(struct label *label); @@ -198,14 +196,14 @@ typedef int (*mpo_internalize_vnode_label_t)(struct label *label, * like file system objects. */ typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp, - struct label *fslabel, struct devfs_dirent *de, + struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel); typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp, - struct label *fslabel, struct vnode *vp, + struct label *mntlabel, struct vnode *vp, struct label *vlabel); typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp, - struct label *fslabel, struct vnode *vp, + struct label *mntlabel, struct vnode *vp, struct label *vlabel); typedef void (*mpo_create_devfs_device_t)(struct ucred *cred, struct mount *mp, struct cdev *dev, @@ -218,12 +216,12 @@ typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred, struct label *ddlabel, struct devfs_dirent *de, struct label *delabel); typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred, - struct mount *mp, struct label *fslabel, + struct mount *mp, struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp); typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel); + struct label *mntlabel); typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label); typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred, @@ -645,7 +643,6 @@ struct mac_policy_ops { mpo_init_ipq_label_t mpo_init_ipq_label; mpo_init_mbuf_label_t mpo_init_mbuf_label; mpo_init_mount_label_t mpo_init_mount_label; - mpo_init_mount_fs_label_t mpo_init_mount_fs_label; mpo_init_socket_label_t mpo_init_socket_label; mpo_init_socket_peer_label_t mpo_init_socket_peer_label; mpo_init_pipe_label_t mpo_init_pipe_label; @@ -665,7 +662,6 @@ struct mac_policy_ops { mpo_destroy_ipq_label_t mpo_destroy_ipq_label; mpo_destroy_mbuf_label_t mpo_destroy_mbuf_label; mpo_destroy_mount_label_t mpo_destroy_mount_label; - mpo_destroy_mount_fs_label_t mpo_destroy_mount_fs_label; mpo_destroy_socket_label_t mpo_destroy_socket_label; mpo_destroy_socket_peer_label_t mpo_destroy_socket_peer_label; mpo_destroy_pipe_label_t mpo_destroy_pipe_label; |
