diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:43:25 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:43:25 +0000 |
| commit | 1a7cd1a210c4be2ec85df8513276938c23be1b95 (patch) | |
| tree | b56250ebc97ff756401e26512847769076ec6e53 /sys/security/mac_stub | |
| parent | 25617b8fc0dd0452d39b8873c1df9d7fc6fbbf9c (diff) | |
| download | FreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.zip FreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.tar.gz | |
Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac_stub')
| -rw-r--r-- | sys/security/mac_stub/mac_stub.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index b1f154e..b7e5fdd 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -775,6 +775,22 @@ mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, } static int +mac_none_check_vnode_poll(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int +mac_none_check_vnode_read(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, struct label *dlabel) { @@ -880,6 +896,14 @@ mac_none_check_vnode_stat(struct ucred *cred, struct vnode *vp, return (0); } +static int +mac_none_check_vnode_write(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + static struct mac_policy_op_entry mac_none_ops[] = { { MAC_DESTROY, @@ -1072,6 +1096,10 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_none_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_none_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_none_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_none_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -1098,6 +1126,8 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_none_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_none_check_vnode_write }, { MAC_OP_LAST, NULL } }; |
