diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-26 14:14:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-26 14:14:01 +0000 |
commit | 4d365126c56c98cc583a57b1f74c056f6bdd0dda (patch) | |
tree | 6ace3718f53e161903fa580eccd02a909bc33998 /sys/security/mac_test | |
parent | 7e74b0e98ce5feca153d6580166a2c1e0b0aad02 (diff) | |
download | FreeBSD-src-4d365126c56c98cc583a57b1f74c056f6bdd0dda.zip FreeBSD-src-4d365126c56c98cc583a57b1f74c056f6bdd0dda.tar.gz |
Add a new MAC framework and policy entry point,
mpo_check_proc_setaudit_addr to be used when controlling use of
setaudit_addr(), rather than mpo_check_proc_setaudit(), which takes a
different argument type.
Reviewed by: csjp
Approved by: re (kensmith)
Diffstat (limited to 'sys/security/mac_test')
-rw-r--r-- | sys/security/mac_test/mac_test.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index ad49d14..bbc3cf2 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1668,6 +1668,18 @@ mac_test_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai) return (0); } +COUNTER_DECL(check_proc_setaudit_addr); +static int +mac_test_check_proc_setaudit_addr(struct ucred *cred, + struct auditinfo_addr *aia) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(check_proc_setaudit_addr); + + return (0); +} + COUNTER_DECL(check_proc_setauid); static int mac_test_check_proc_setauid(struct ucred *cred, uid_t auid) @@ -2608,6 +2620,7 @@ static struct mac_policy_ops mac_test_ops = .mpo_check_proc_debug = mac_test_check_proc_debug, .mpo_check_proc_sched = mac_test_check_proc_sched, .mpo_check_proc_setaudit = mac_test_check_proc_setaudit, + .mpo_check_proc_setaudit_addr = mac_test_check_proc_setaudit_addr, .mpo_check_proc_setauid = mac_test_check_proc_setauid, .mpo_check_proc_setuid = mac_test_check_proc_setuid, .mpo_check_proc_seteuid = mac_test_check_proc_seteuid, |