diff options
Diffstat (limited to 'sys/security/mac/mac_process.c')
-rw-r--r-- | sys/security/mac/mac_process.c | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 3594586..98ee6cf 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson + * Copyright (c) 1999-2002, 2008 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * Copyright (c) 2005 Samy Al Bahra @@ -160,25 +160,20 @@ mac_proc_destroy(struct proc *p) } } -int -mac_cred_externalize_label(struct label *label, char *elements, - char *outbuf, size_t outbuflen) -{ - int error; - - MAC_EXTERNALIZE(cred, label, elements, outbuf, outbuflen); - - return (error); -} - -int -mac_cred_internalize_label(struct label *label, char *string) +/* + * When a thread becomes an NFS server daemon, its credential may need to be + * updated to reflect this so that policies can recognize when file system + * operations originate from the network. + * + * At some point, it would be desirable if the credential used for each NFS + * RPC could be set based on the RPC context (i.e., source system, etc) to + * provide more fine-grained access control. + */ +void +mac_cred_associate_nfsd(struct ucred *cred) { - int error; - MAC_INTERNALIZE(cred, label, string); - - return (error); + MAC_PERFORM(cred_associate_nfsd, cred); } /* @@ -186,10 +181,10 @@ mac_cred_internalize_label(struct label *label, char *string) * processes and threads are spawned. */ void -mac_proc_create_swapper(struct ucred *cred) +mac_cred_create_swapper(struct ucred *cred) { - MAC_PERFORM(proc_create_swapper, cred); + MAC_PERFORM(cred_create_swapper, cred); } /* @@ -197,26 +192,31 @@ mac_proc_create_swapper(struct ucred *cred) * userland processes and threads are spawned. */ void -mac_proc_create_init(struct ucred *cred) +mac_cred_create_init(struct ucred *cred) { - MAC_PERFORM(proc_create_init, cred); + MAC_PERFORM(cred_create_init, cred); } -/* - * When a thread becomes an NFS server daemon, its credential may need to be - * updated to reflect this so that policies can recognize when file system - * operations originate from the network. - * - * At some point, it would be desirable if the credential used for each NFS - * RPC could be set based on the RPC context (i.e., source system, etc) to - * provide more fine-grained access control. - */ -void -mac_proc_associate_nfsd(struct ucred *cred) +int +mac_cred_externalize_label(struct label *label, char *elements, + char *outbuf, size_t outbuflen) { + int error; - MAC_PERFORM(proc_associate_nfsd, cred); + MAC_EXTERNALIZE(cred, label, elements, outbuf, outbuflen); + + return (error); +} + +int +mac_cred_internalize_label(struct label *label, char *string) +{ + int error; + + MAC_INTERNALIZE(cred, label, string); + + return (error); } void |