summaryrefslogtreecommitdiffstats
path: root/sys/security/mac_stub/mac_stub.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-19 16:59:37 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-19 16:59:37 +0000
commitfd544421f3cc773adffc30e30d715352a4a0e51e (patch)
tree179942e973f357333f9720ca7246b8b3ad349cef /sys/security/mac_stub/mac_stub.c
parentd0709eea67e0ae904f80928991bf3ce66b3fcbc4 (diff)
downloadFreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.zip
FreeBSD-src-fd544421f3cc773adffc30e30d715352a4a0e51e.tar.gz
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(), and mac_check_pipe_write(). This is improves consistency with other access control entry points and permits security modules to only control the object methods that they are interested in, avoiding switch statements. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac_stub/mac_stub.c')
-rw-r--r--sys/security/mac_stub/mac_stub.c38
1 files changed, 34 insertions, 4 deletions
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index b7e5fdd..bc2da67 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -601,8 +601,16 @@ mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
}
static int
-mac_none_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
+mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+
+ return (0);
+}
+
+static int
+mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
{
return (0);
@@ -617,6 +625,22 @@ mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
}
static int
+mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+
+ return (0);
+}
+
+static int
+mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+
+ return (0);
+}
+
+static int
mac_none_check_proc_debug(struct ucred *cred, struct proc *proc)
{
@@ -1052,10 +1076,16 @@ static struct mac_policy_op_entry mac_none_ops[] =
(macop_t)mac_none_check_mount_stat },
{ MAC_CHECK_PIPE_IOCTL,
(macop_t)mac_none_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_none_check_pipe_op },
+ { MAC_CHECK_PIPE_POLL,
+ (macop_t)mac_none_check_pipe_poll },
+ { MAC_CHECK_PIPE_READ,
+ (macop_t)mac_none_check_pipe_read },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_none_check_pipe_relabel },
+ { MAC_CHECK_PIPE_STAT,
+ (macop_t)mac_none_check_pipe_stat },
+ { MAC_CHECK_PIPE_WRITE,
+ (macop_t)mac_none_check_pipe_write },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_none_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
OpenPOWER on IntegriCloud