diff options
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 1 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 31 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 1 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 9 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 14 |
5 files changed, 2 insertions, 54 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 5abab8b..bf32677 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -3151,7 +3151,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap, .mpo_check_vnode_open = mac_biba_check_vnode_open, .mpo_check_vnode_poll = mac_biba_check_vnode_poll, .mpo_check_vnode_read = mac_biba_check_vnode_read, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 4dd1572..117f256 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -2207,34 +2207,6 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); } -static int -mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - struct mac_lomac *subj, *obj; - - /* - * Rely on the use of open()-time protections to handle - * non-revocation cases. - */ - if (!mac_lomac_enabled || !revocation_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(label); - - if (prot & VM_PROT_WRITE) { - if (!mac_lomac_subject_dominate(subj, obj)) - return (EACCES); - } - if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_lomac_dominate_single(obj, subj)) - return (EACCES); - } - - return (0); -} - static void mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, struct label *label, /* XXX vm_prot_t */ int *prot) @@ -2733,7 +2705,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_check_vnode_link = mac_lomac_check_vnode_link, .mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap, .mpo_check_vnode_mmap_downgrade = mac_lomac_check_vnode_mmap_downgrade, - .mpo_check_vnode_mprotect = mac_lomac_check_vnode_mprotect, .mpo_check_vnode_open = mac_lomac_check_vnode_open, .mpo_check_vnode_read = mac_lomac_check_vnode_read, .mpo_check_vnode_relabel = mac_lomac_check_vnode_relabel, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 7537722..b2f525a 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2918,7 +2918,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_vnode_listextattr = mac_mls_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_mls_check_vnode_lookup, .mpo_check_vnode_mmap = mac_mls_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_mls_check_vnode_mmap, .mpo_check_vnode_open = mac_mls_check_vnode_open, .mpo_check_vnode_poll = mac_mls_check_vnode_poll, .mpo_check_vnode_read = mac_mls_check_vnode_read, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index aaaa7b3..8ea7cb3 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -1058,14 +1058,6 @@ stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, } static int -stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - - return (0); -} - -static int stub_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, int acc_mode) { @@ -1377,7 +1369,6 @@ static struct mac_policy_ops mac_stub_ops = .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, .mpo_check_vnode_lookup = stub_check_vnode_lookup, .mpo_check_vnode_mmap = stub_check_vnode_mmap, - .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, .mpo_check_vnode_open = stub_check_vnode_open, .mpo_check_vnode_poll = stub_check_vnode_poll, .mpo_check_vnode_read = stub_check_vnode_read, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index f174ecb..bdef613 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -2005,17 +2005,6 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, } static int -mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - - ASSERT_CRED_LABEL(cred->cr_label); - ASSERT_VNODE_LABEL(label); - - return (0); -} - -static int mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, int acc_mode) { @@ -2396,7 +2385,6 @@ static struct mac_policy_ops mac_test_ops = .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_test_check_vnode_lookup, .mpo_check_vnode_mmap = mac_test_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_test_check_vnode_mprotect, .mpo_check_vnode_open = mac_test_check_vnode_open, .mpo_check_vnode_poll = mac_test_check_vnode_poll, .mpo_check_vnode_read = mac_test_check_vnode_read, |