diff options
Diffstat (limited to 'sys/security/mac/mac_system.c')
-rw-r--r-- | sys/security/mac/mac_system.c | 56 |
1 files changed, 30 insertions, 26 deletions
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 380466e..588e019 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1,5 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2006 SPARTA, Inc. * Copyright (c) 2007 Robert N. M. Watson * All rights reserved. * @@ -11,6 +12,9 @@ * Portions of this software were developed by Robert Watson for the * TrustedBSD Project. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -63,116 +67,116 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_policy.h> int -mac_check_kenv_dump(struct ucred *cred) +mac_kenv_check_dump(struct ucred *cred) { int error; - MAC_CHECK(check_kenv_dump, cred); + MAC_CHECK(kenv_check_dump, cred); return (error); } int -mac_check_kenv_get(struct ucred *cred, char *name) +mac_kenv_check_get(struct ucred *cred, char *name) { int error; - MAC_CHECK(check_kenv_get, cred, name); + MAC_CHECK(kenv_check_get, cred, name); return (error); } int -mac_check_kenv_set(struct ucred *cred, char *name, char *value) +mac_kenv_check_set(struct ucred *cred, char *name, char *value) { int error; - MAC_CHECK(check_kenv_set, cred, name, value); + MAC_CHECK(kenv_check_set, cred, name, value); return (error); } int -mac_check_kenv_unset(struct ucred *cred, char *name) +mac_kenv_check_unset(struct ucred *cred, char *name) { int error; - MAC_CHECK(check_kenv_unset, cred, name); + MAC_CHECK(kenv_check_unset, cred, name); return (error); } int -mac_check_kld_load(struct ucred *cred, struct vnode *vp) +mac_kld_check_load(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_kld_load"); + ASSERT_VOP_LOCKED(vp, "mac_kld_check_load"); - MAC_CHECK(check_kld_load, cred, vp, vp->v_label); + MAC_CHECK(kld_check_load, cred, vp, vp->v_label); return (error); } int -mac_check_kld_stat(struct ucred *cred) +mac_kld_check_stat(struct ucred *cred) { int error; - MAC_CHECK(check_kld_stat, cred); + MAC_CHECK(kld_check_stat, cred); return (error); } int -mac_check_system_acct(struct ucred *cred, struct vnode *vp) +mac_system_check_acct(struct ucred *cred, struct vnode *vp) { int error; if (vp != NULL) { - ASSERT_VOP_LOCKED(vp, "mac_check_system_acct"); + ASSERT_VOP_LOCKED(vp, "mac_system_check_acct"); } - MAC_CHECK(check_system_acct, cred, vp, + MAC_CHECK(system_check_acct, cred, vp, vp != NULL ? vp->v_label : NULL); return (error); } int -mac_check_system_reboot(struct ucred *cred, int howto) +mac_system_check_reboot(struct ucred *cred, int howto) { int error; - MAC_CHECK(check_system_reboot, cred, howto); + MAC_CHECK(system_check_reboot, cred, howto); return (error); } int -mac_check_system_swapon(struct ucred *cred, struct vnode *vp) +mac_system_check_swapon(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon"); + ASSERT_VOP_LOCKED(vp, "mac_system_check_swapon"); - MAC_CHECK(check_system_swapon, cred, vp, vp->v_label); + MAC_CHECK(system_check_swapon, cred, vp, vp->v_label); return (error); } int -mac_check_system_swapoff(struct ucred *cred, struct vnode *vp) +mac_system_check_swapoff(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_system_swapoff"); + ASSERT_VOP_LOCKED(vp, "mac_system_check_swapoff"); - MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label); + MAC_CHECK(system_check_swapoff, cred, vp, vp->v_label); return (error); } int -mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, +mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req) { int error; @@ -181,7 +185,7 @@ mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, * XXXMAC: We would very much like to assert the SYSCTL_LOCK here, * but since it's not exported from kern_sysctl.c, we can't. */ - MAC_CHECK(check_system_sysctl, cred, oidp, arg1, arg2, req); + MAC_CHECK(system_check_sysctl, cred, oidp, arg1, arg2, req); return (error); } |