diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-12-06 21:48:03 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-12-06 21:48:03 +0000 |
| commit | 08335c63bf85bb1d25ca094ab55a04b390c0acda (patch) | |
| tree | 80bf1fc6acf72a565465aa4b66b0dba3b2b80af2 /sys/security/mac | |
| parent | 55ee8acb7fba4f6a262ab48a2a5ed1753cc12dcc (diff) | |
| download | FreeBSD-src-08335c63bf85bb1d25ca094ab55a04b390c0acda.zip FreeBSD-src-08335c63bf85bb1d25ca094ab55a04b390c0acda.tar.gz | |
Rename mac_create_cred() MAC Framework entry point to mac_copy_cred(),
and the mpo_create_cred() MAC policy entry point to
mpo_copy_cred_label(). This is more consistent with similar entry
points for creation and label copying, as mac_create_cred() was
called from crdup() as opposed to during process creation. For
a number of policies, this removes the requirement for special
handling when copying credential labels, and improves consistency.
Approved by: re (scottl)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 2 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 4 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 81dad5a..098a2bd 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -229,7 +229,7 @@ void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); /* * Labeling event operations: processes. */ -void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); +void mac_copy_cred(struct ucred *cr1, struct ucred *cr2); int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); void mac_execve_exit(struct image_params *imgp); void mac_execve_transition(struct ucred *old, struct ucred *new, diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 518f883..be43253 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -111,6 +111,8 @@ struct mac_policy_ops { void (*mpo_destroy_pipe_label)(struct label *label); void (*mpo_destroy_proc_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); + void (*mpo_copy_cred_label)(struct label *src, + struct label *dest); void (*mpo_copy_mbuf_label)(struct label *src, struct label *dest); void (*mpo_copy_pipe_label)(struct label *src, @@ -264,8 +266,6 @@ struct mac_policy_ops { /* * Labeling event operations: processes. */ - void (*mpo_create_cred)(struct ucred *parent_cred, - struct ucred *child_cred); void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 68d847d..5c82e7c 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -222,10 +222,10 @@ mac_thread_userret(struct thread *td) * deltas. This function allows that processing to take place. */ void -mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) +mac_copy_cred(struct ucred *src, struct ucred *dest) { - MAC_PERFORM(create_cred, parent_cred, child_cred); + MAC_PERFORM(copy_cred_label, src->cr_label, dest->cr_label); } int |
