diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:43:25 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 16:43:25 +0000 |
| commit | 1a7cd1a210c4be2ec85df8513276938c23be1b95 (patch) | |
| tree | b56250ebc97ff756401e26512847769076ec6e53 /sys/security/mac_test/mac_test.c | |
| parent | 25617b8fc0dd0452d39b8873c1df9d7fc6fbbf9c (diff) | |
| download | FreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.zip FreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.tar.gz | |
Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/security/mac_test/mac_test.c')
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 2e0d3ca..5c97a1b 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -983,6 +983,22 @@ mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, } static int +mac_test_check_vnode_poll(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int +mac_test_check_vnode_read(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1088,6 +1104,14 @@ mac_test_check_vnode_stat(struct ucred *cred, struct vnode *vp, return (0); } +static int +mac_test_check_vnode_write(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + static struct mac_policy_op_entry mac_test_ops[] = { { MAC_DESTROY, @@ -1278,6 +1302,10 @@ static struct mac_policy_op_entry mac_test_ops[] = (macop_t)mac_test_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_test_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_test_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_test_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_test_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -1304,6 +1332,8 @@ static struct mac_policy_op_entry mac_test_ops[] = (macop_t)mac_test_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_test_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_test_check_vnode_write }, { MAC_OP_LAST, NULL } }; |
