diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
commit | a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch) | |
tree | 77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/security/mac_none | |
parent | 32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff) | |
download | FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz |
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac_none')
-rw-r--r-- | sys/security/mac_none/mac_none.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index bc2da67..e473dd8 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -799,16 +799,16 @@ mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, } static int -mac_none_check_vnode_poll(struct ucred *cred, struct vnode *vp, - struct label *label) +mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *vp, struct label *label) { return (0); } static int -mac_none_check_vnode_read(struct ucred *cred, struct vnode *vp, - struct label *label) +mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *vp, struct label *label) { return (0); @@ -913,16 +913,16 @@ mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, } static int -mac_none_check_vnode_stat(struct ucred *cred, struct vnode *vp, - struct label *label) +mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *vp, struct label *label) { return (0); } static int -mac_none_check_vnode_write(struct ucred *cred, struct vnode *vp, - struct label *label) +mac_none_check_vnode_write(struct ucred *active_cred, + struct ucred *file_cred, struct vnode *vp, struct label *label) { return (0); |