diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-08 18:04:00 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-08 18:04:00 +0000 |
commit | 95c4afbed0766fa2e0e178afbc7d5beb07b7d2da (patch) | |
tree | 94c9056b7e25038cd9bc0451a0843b3eb2732681 /sys/security/mac/mac_syscalls.c | |
parent | b6d1dfe9661a9cf26ec5b73d41a857a8bd1794ac (diff) | |
download | FreeBSD-src-95c4afbed0766fa2e0e178afbc7d5beb07b7d2da.zip FreeBSD-src-95c4afbed0766fa2e0e178afbc7d5beb07b7d2da.tar.gz |
Add an explicit execlabel argument to exec-related MAC policy entry
points, rather than relying on policies to grub around in the
image activator instance structure.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac/mac_syscalls.c')
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 9f76f05..69fa5ad 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1307,7 +1307,7 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, return; MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, - interpvnodelabel, imgp); + interpvnodelabel, imgp, imgp->execlabel); } int @@ -1323,7 +1323,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp, result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, - interpvnodelabel, imgp); + interpvnodelabel, imgp, imgp->execlabel); return (result); } @@ -1428,7 +1428,8 @@ mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, if (!mac_enforce_process && !mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp); + MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label, imgp, + imgp->execlabel); return (error); } |