summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-10-30 17:56:57 +0000
committerrwatson <rwatson@FreeBSD.org>2002-10-30 17:56:57 +0000
commit27e2336a32675b2cd36865c86a1d9fb1c8259586 (patch)
tree28dc5ac7a288e9d5b8d25e23b9c642940599a61c /sys/security
parent6fdca8338e43b711db64d55811c025e999e87299 (diff)
downloadFreeBSD-src-27e2336a32675b2cd36865c86a1d9fb1c8259586.zip
FreeBSD-src-27e2336a32675b2cd36865c86a1d9fb1c8259586.tar.gz
While 'mode_t' seemed like a good idea for the access mode argument for
MAC access() and open() checks, the argument actually has an int type where it becomes available. Switch to using 'int' for the mode argument throughout the MAC Framework and policy modules. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_framework.c6
-rw-r--r--sys/security/mac/mac_framework.h4
-rw-r--r--sys/security/mac/mac_internal.h6
-rw-r--r--sys/security/mac/mac_net.c6
-rw-r--r--sys/security/mac/mac_pipe.c6
-rw-r--r--sys/security/mac/mac_policy.h4
-rw-r--r--sys/security/mac/mac_process.c6
-rw-r--r--sys/security/mac/mac_syscalls.c6
-rw-r--r--sys/security/mac/mac_system.c6
-rw-r--r--sys/security/mac/mac_vfs.c6
-rw-r--r--sys/security/mac_biba/mac_biba.c2
-rw-r--r--sys/security/mac_bsdextended/mac_bsdextended.c10
-rw-r--r--sys/security/mac_mls/mac_mls.c2
-rw-r--r--sys/security/mac_none/mac_none.c4
-rw-r--r--sys/security/mac_stub/mac_stub.c4
-rw-r--r--sys/security/mac_test/mac_test.c4
16 files changed, 41 insertions, 41 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 68ad4b4..9a6a5f4 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -256,7 +256,7 @@ int mac_check_system_sysctl(struct ucred *cred, int *name,
u_int namelen, void *old, size_t *oldlenp, int inkernel,
void *new, size_t newlen);
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
- int flags);
+ int acc_mode);
int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
@@ -279,7 +279,7 @@ int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
int prot);
int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
- mode_t acc_mode);
+ int acc_mode);
int mac_check_vnode_poll(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
int mac_check_vnode_read(struct ucred *active_cred,
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 6485743..cb7222c 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -317,7 +317,7 @@ struct mac_policy_ops {
u_int namelen, void *old, size_t *oldlenp, int inkernel,
void *new, size_t newlen);
int (*mpo_check_vnode_access)(struct ucred *cred,
- struct vnode *vp, struct label *label, int flags);
+ struct vnode *vp, struct label *label, int acc_mode);
int (*mpo_check_vnode_chdir)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel);
int (*mpo_check_vnode_chroot)(struct ucred *cred,
@@ -350,7 +350,7 @@ struct mac_policy_ops {
int (*mpo_check_vnode_mprotect)(struct ucred *cred,
struct vnode *vp, struct label *label, int prot);
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t acc_mode);
+ struct label *label, int acc_mode);
int (*mpo_check_vnode_poll)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *label);
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index bb2e3ef..5c3da06 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
@@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
return (error);
}
@@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index b57adfe..97de18a 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -2147,7 +2147,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, mode_t acc_mode)
+ struct label *vnodelabel, int acc_mode)
{
struct mac_biba *subj, *obj;
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index e6148cc..23d5b7c 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -204,7 +204,7 @@ mac_bsdextended_destroy(struct mac_policy_conf *mpc)
static int
mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule,
- struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode)
+ struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode)
{
int match;
@@ -274,7 +274,7 @@ mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule,
static int
mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
- mode_t acc_mode)
+ int acc_mode)
{
int error, i;
@@ -293,7 +293,7 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
static int
mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t flags)
+ struct label *label, int acc_mode)
{
struct vattr vap;
int error;
@@ -304,7 +304,7 @@ mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
error = VOP_GETATTR(vp, &vap, cred, curthread);
if (error)
return (error);
- return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags));
+ return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode));
}
static int
@@ -489,7 +489,7 @@ mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
static int
mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *filelabel, mode_t acc_mode)
+ struct label *filelabel, int acc_mode)
{
struct vattr vap;
int error;
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 744e073..21b97a0 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2010,7 +2010,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
static int
mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, mode_t acc_mode)
+ struct label *vnodelabel, int acc_mode)
{
struct mac_mls *subj, *obj;
diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c
index 4bcf21f..3eef294 100644
--- a/sys/security/mac_none/mac_none.c
+++ b/sys/security/mac_none/mac_none.c
@@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
static int
mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t flags)
+ struct label *label, int acc_mode)
{
return (0);
@@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
static int
mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *filelabel, mode_t acc_mode)
+ struct label *filelabel, int acc_mode)
{
return (0);
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 4bcf21f..3eef294 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
static int
mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t flags)
+ struct label *label, int acc_mode)
{
return (0);
@@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
static int
mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *filelabel, mode_t acc_mode)
+ struct label *filelabel, int acc_mode)
{
return (0);
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 6a2cf76..a422d27 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -968,7 +968,7 @@ mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
static int
mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t flags)
+ struct label *label, int acc_mode)
{
return (0);
@@ -1074,7 +1074,7 @@ mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
static int
mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *filelabel, mode_t acc_mode)
+ struct label *filelabel, int acc_mode)
{
return (0);
OpenPOWER on IntegriCloud