diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:59:37 +0000 |
| commit | fd544421f3cc773adffc30e30d715352a4a0e51e (patch) | |
| tree | 179942e973f357333f9720ca7246b8b3ad349cef /sys/security/mac_none/mac_none.c | |
| parent | d0709eea67e0ae904f80928991bf3ce66b3fcbc4 (diff) | |
| download | FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.zip FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.tar.gz | |
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac_none/mac_none.c')
| -rw-r--r-- | sys/security/mac_none/mac_none.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index b7e5fdd..bc2da67 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -601,8 +601,16 @@ mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, } static int -mac_none_check_pipe_op(struct ucred *cred, struct pipe *pipe, - struct label *pipelabel, int op) +mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + + return (0); +} + +static int +mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) { return (0); @@ -617,6 +625,22 @@ mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, } static int +mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + + return (0); +} + +static int +mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + + return (0); +} + +static int mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) { @@ -1052,10 +1076,16 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_check_mount_stat }, { MAC_CHECK_PIPE_IOCTL, (macop_t)mac_none_check_pipe_ioctl }, - { MAC_CHECK_PIPE_OP, - (macop_t)mac_none_check_pipe_op }, + { MAC_CHECK_PIPE_POLL, + (macop_t)mac_none_check_pipe_poll }, + { MAC_CHECK_PIPE_READ, + (macop_t)mac_none_check_pipe_read }, { MAC_CHECK_PIPE_RELABEL, (macop_t)mac_none_check_pipe_relabel }, + { MAC_CHECK_PIPE_STAT, + (macop_t)mac_none_check_pipe_stat }, + { MAC_CHECK_PIPE_WRITE, + (macop_t)mac_none_check_pipe_write }, { MAC_CHECK_PROC_DEBUG, (macop_t)mac_none_check_proc_debug }, { MAC_CHECK_PROC_SCHED, |
