summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/security/mac_biba/mac_biba.c1
-rw-r--r--sys/security/mac_lomac/mac_lomac.c31
-rw-r--r--sys/security/mac_mls/mac_mls.c1
-rw-r--r--sys/security/mac_stub/mac_stub.c9
-rw-r--r--sys/security/mac_test/mac_test.c14
5 files changed, 2 insertions, 54 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 5abab8b..bf32677 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -3151,7 +3151,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr,
.mpo_check_vnode_lookup = mac_biba_check_vnode_lookup,
.mpo_check_vnode_mmap = mac_biba_check_vnode_mmap,
- .mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap,
.mpo_check_vnode_open = mac_biba_check_vnode_open,
.mpo_check_vnode_poll = mac_biba_check_vnode_poll,
.mpo_check_vnode_read = mac_biba_check_vnode_read,
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 4dd1572..117f256 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -2207,34 +2207,6 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
return (0);
}
-static int
-mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
- struct label *label, int prot)
-{
- struct mac_lomac *subj, *obj;
-
- /*
- * Rely on the use of open()-time protections to handle
- * non-revocation cases.
- */
- if (!mac_lomac_enabled || !revocation_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(label);
-
- if (prot & VM_PROT_WRITE) {
- if (!mac_lomac_subject_dominate(subj, obj))
- return (EACCES);
- }
- if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
- }
-
- return (0);
-}
-
static void
mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
struct label *label, /* XXX vm_prot_t */ int *prot)
@@ -2733,7 +2705,6 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_check_vnode_link = mac_lomac_check_vnode_link,
.mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap,
.mpo_check_vnode_mmap_downgrade = mac_lomac_check_vnode_mmap_downgrade,
- .mpo_check_vnode_mprotect = mac_lomac_check_vnode_mprotect,
.mpo_check_vnode_open = mac_lomac_check_vnode_open,
.mpo_check_vnode_read = mac_lomac_check_vnode_read,
.mpo_check_vnode_relabel = mac_lomac_check_vnode_relabel,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 7537722..b2f525a 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2918,7 +2918,6 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_check_vnode_listextattr = mac_mls_check_vnode_listextattr,
.mpo_check_vnode_lookup = mac_mls_check_vnode_lookup,
.mpo_check_vnode_mmap = mac_mls_check_vnode_mmap,
- .mpo_check_vnode_mprotect = mac_mls_check_vnode_mmap,
.mpo_check_vnode_open = mac_mls_check_vnode_open,
.mpo_check_vnode_poll = mac_mls_check_vnode_poll,
.mpo_check_vnode_read = mac_mls_check_vnode_read,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index aaaa7b3..8ea7cb3 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -1058,14 +1058,6 @@ stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
}
static int
-stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
- struct label *label, int prot)
-{
-
- return (0);
-}
-
-static int
stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, int acc_mode)
{
@@ -1377,7 +1369,6 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
.mpo_check_vnode_lookup = stub_check_vnode_lookup,
.mpo_check_vnode_mmap = stub_check_vnode_mmap,
- .mpo_check_vnode_mprotect = stub_check_vnode_mprotect,
.mpo_check_vnode_open = stub_check_vnode_open,
.mpo_check_vnode_poll = stub_check_vnode_poll,
.mpo_check_vnode_read = stub_check_vnode_read,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index f174ecb..bdef613 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -2005,17 +2005,6 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
}
static int
-mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
- struct label *label, int prot)
-{
-
- ASSERT_CRED_LABEL(cred->cr_label);
- ASSERT_VNODE_LABEL(label);
-
- return (0);
-}
-
-static int
mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, int acc_mode)
{
@@ -2396,7 +2385,6 @@ static struct mac_policy_ops mac_test_ops =
.mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr,
.mpo_check_vnode_lookup = mac_test_check_vnode_lookup,
.mpo_check_vnode_mmap = mac_test_check_vnode_mmap,
- .mpo_check_vnode_mprotect = mac_test_check_vnode_mprotect,
.mpo_check_vnode_open = mac_test_check_vnode_open,
.mpo_check_vnode_poll = mac_test_check_vnode_poll,
.mpo_check_vnode_read = mac_test_check_vnode_read,
OpenPOWER on IntegriCloud