diff options
| author | jhb <jhb@FreeBSD.org> | 2008-06-23 21:37:53 +0000 |
|---|---|---|
| committer | jhb <jhb@FreeBSD.org> | 2008-06-23 21:37:53 +0000 |
| commit | 437891381c13fcfea1097ae4d151f60dbcd8f601 (patch) | |
| tree | 99442461adc39a20433f25399980988944e1cf03 /sys/security/mac | |
| parent | 0203c01701d045d8cccc12f303fdd5dc4c2a6c1b (diff) | |
| download | FreeBSD-src-437891381c13fcfea1097ae4d151f60dbcd8f601.zip FreeBSD-src-437891381c13fcfea1097ae4d151f60dbcd8f601.tar.gz | |
Remove the posixsem_check_destroy() MAC check. It is semantically identical
to doing a MAC check for close(), but no other types of close() (including
close(2) and ksem_close(2)) have MAC checks.
Discussed with: rwatson
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 1 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 3 | ||||
| -rw-r--r-- | sys/security/mac/mac_posix_sem.c | 10 |
3 files changed, 0 insertions, 14 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 9b02e4f..c68d2d1 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -189,7 +189,6 @@ void mac_pipe_init(struct pipepair *); int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp, struct label *label); -int mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks); int mac_posixsem_check_getvalue(struct ucred *cred,struct ksem *ks); int mac_posixsem_check_open(struct ucred *cred, struct ksem *ks); int mac_posixsem_check_post(struct ucred *cred, struct ksem *ks); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 8f27ebb..f0fa755 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -288,8 +288,6 @@ typedef int (*mpo_pipe_internalize_label_t)(struct label *label, typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp, struct label *oldlabel, struct label *newlabel); -typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred, - struct ksem *ks, struct label *kslabel); typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred, struct ksem *ks, struct label *kslabel); typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred, @@ -741,7 +739,6 @@ struct mac_policy_ops { mpo_pipe_internalize_label_t mpo_pipe_internalize_label; mpo_pipe_relabel_t mpo_pipe_relabel; - mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy; mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue; mpo_posixsem_check_open_t mpo_posixsem_check_open; mpo_posixsem_check_post_t mpo_posixsem_check_post; diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c index 4b40142..68fb56c 100644 --- a/sys/security/mac/mac_posix_sem.c +++ b/sys/security/mac/mac_posix_sem.c @@ -91,16 +91,6 @@ mac_posixsem_create(struct ucred *cred, struct ksem *ks) } int -mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks) -{ - int error; - - MAC_CHECK(posixsem_check_destroy, cred, ks, ks->ks_label); - - return (error); -} - -int mac_posixsem_check_open(struct ucred *cred, struct ksem *ks) { int error; |
