summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/vfs_syscalls.c4
-rw-r--r--sys/security/mac/mac_framework.h4
-rw-r--r--sys/security/mac/mac_policy.h10
-rw-r--r--sys/security/mac/mac_vfs.c28
-rw-r--r--sys/security/mac_biba/mac_biba.c50
-rw-r--r--sys/security/mac_bsdextended/mac_bsdextended.c28
-rw-r--r--sys/security/mac_lomac/mac_lomac.c50
-rw-r--r--sys/security/mac_mls/mac_mls.c50
-rw-r--r--sys/security/mac_stub/mac_stub.c20
-rw-r--r--sys/security/mac_test/mac_test.c32
10 files changed, 138 insertions, 138 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index d90e322..07a8de1 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1693,7 +1693,7 @@ restart:
goto restart;
}
#ifdef MAC
- error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
+ error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
&nd.ni_cnd);
if (error)
goto out;
@@ -3550,7 +3550,7 @@ restart:
goto out;
}
#ifdef MAC
- error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
+ error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
&nd.ni_cnd);
if (error)
goto out;
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index a6df18d..56fbe33 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -351,8 +351,6 @@ int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp, struct vattr *vap);
-int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, struct componentname *cnp);
int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
@@ -400,6 +398,8 @@ int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
struct timespec atime, struct timespec mtime);
int mac_check_vnode_stat(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
+int mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
int mac_check_vnode_write(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
int mac_getsockopt_label(struct ucred *cred, struct socket *so,
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index bf9ad1a..dfcb987 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -524,10 +524,6 @@ typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred,
typedef int (*mpo_check_vnode_create_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct componentname *cnp, struct vattr *vap);
-typedef int (*mpo_check_vnode_delete_t)(struct ucred *cred,
- struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel,
- struct componentname *cnp);
typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
acl_type_t type);
@@ -604,6 +600,10 @@ typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred,
typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
+typedef int (*mpo_check_vnode_unlink_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp);
typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
@@ -868,7 +868,6 @@ struct mac_policy_ops {
mpo_check_vnode_chdir_t mpo_check_vnode_chdir;
mpo_check_vnode_chroot_t mpo_check_vnode_chroot;
mpo_check_vnode_create_t mpo_check_vnode_create;
- mpo_check_vnode_delete_t mpo_check_vnode_delete;
mpo_check_vnode_deleteacl_t mpo_check_vnode_deleteacl;
mpo_check_vnode_deleteextattr_t mpo_check_vnode_deleteextattr;
mpo_check_vnode_exec_t mpo_check_vnode_exec;
@@ -897,6 +896,7 @@ struct mac_policy_ops {
mpo_check_vnode_setowner_t mpo_check_vnode_setowner;
mpo_check_vnode_setutimes_t mpo_check_vnode_setutimes;
mpo_check_vnode_stat_t mpo_check_vnode_stat;
+ mpo_check_vnode_unlink_t mpo_check_vnode_unlink;
mpo_check_vnode_write_t mpo_check_vnode_write;
mpo_associate_nfsd_label_t mpo_associate_nfsd_label;
mpo_create_mbuf_from_firewall_t mpo_create_mbuf_from_firewall;
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index ed716db..ad6a0e6 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -391,20 +391,6 @@ mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
}
int
-mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
- struct componentname *cnp)
-{
- int error;
-
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
-
- MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp,
- vp->v_label, cnp);
- return (error);
-}
-
-int
mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
acl_type_t type)
{
@@ -741,6 +727,20 @@ mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
}
int
+mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+ struct componentname *cnp)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_unlink");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_unlink");
+
+ MAC_CHECK(check_vnode_unlink, cred, dvp, dvp->v_label, vp,
+ vp->v_label, cnp);
+ return (error);
+}
+
+int
mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 9396b38..7d56b6b 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -2625,30 +2625,6 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
}
static int
-mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
- struct mac_biba *subj, *obj;
-
- if (!mac_biba_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(dvplabel);
-
- if (!mac_biba_dominate_effective(subj, obj))
- return (EACCES);
-
- obj = SLOT(vplabel);
-
- if (!mac_biba_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type)
{
@@ -3187,6 +3163,30 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
}
static int
+mac_biba_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(dvplabel);
+
+ if (!mac_biba_dominate_effective(subj, obj))
+ return (EACCES);
+
+ obj = SLOT(vplabel);
+
+ if (!mac_biba_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_biba_check_vnode_write(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
{
@@ -3389,7 +3389,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_check_vnode_chdir = mac_biba_check_vnode_chdir,
.mpo_check_vnode_chroot = mac_biba_check_vnode_chroot,
.mpo_check_vnode_create = mac_biba_check_vnode_create,
- .mpo_check_vnode_delete = mac_biba_check_vnode_delete,
.mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl,
.mpo_check_vnode_deleteextattr = mac_biba_check_vnode_deleteextattr,
.mpo_check_vnode_exec = mac_biba_check_vnode_exec,
@@ -3415,6 +3414,7 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_check_vnode_setowner = mac_biba_check_vnode_setowner,
.mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes,
.mpo_check_vnode_stat = mac_biba_check_vnode_stat,
+ .mpo_check_vnode_unlink = mac_biba_check_vnode_unlink,
.mpo_check_vnode_write = mac_biba_check_vnode_write,
.mpo_associate_nfsd_label = mac_biba_associate_nfsd_label,
.mpo_create_mbuf_from_firewall = mac_biba_create_mbuf_from_firewall,
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index c51dde2..bdeadce 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -504,19 +504,6 @@ mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
}
static int
-mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
- int error;
-
- error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
- if (error)
- return (error);
- return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
-}
-
-static int
mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type)
{
@@ -708,6 +695,19 @@ mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
}
+static int
+mac_bsdextended_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+ int error;
+
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
+ if (error)
+ return (error);
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
static struct mac_policy_ops mac_bsdextended_ops =
{
.mpo_destroy = mac_bsdextended_destroy,
@@ -720,7 +720,6 @@ static struct mac_policy_ops mac_bsdextended_ops =
.mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,
.mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot,
.mpo_check_vnode_create = mac_bsdextended_check_create_vnode,
- .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete,
.mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl,
.mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr,
.mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec,
@@ -742,6 +741,7 @@ static struct mac_policy_ops mac_bsdextended_ops =
.mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner,
.mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes,
.mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat,
+ .mpo_check_vnode_unlink = mac_bsdextended_check_vnode_unlink,
};
MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended,
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 8d9b13e..008a761 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -2345,30 +2345,6 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
}
static int
-mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(dvplabel);
-
- if (!mac_lomac_subject_dominate(subj, obj))
- return (EACCES);
-
- obj = SLOT(vplabel);
-
- if (!mac_lomac_subject_dominate(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type)
{
@@ -2753,6 +2729,30 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
}
static int
+mac_lomac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!mac_lomac_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(dvplabel);
+
+ if (!mac_lomac_subject_dominate(subj, obj))
+ return (EACCES);
+
+ obj = SLOT(vplabel);
+
+ if (!mac_lomac_subject_dominate(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_lomac_check_vnode_write(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
{
@@ -2933,7 +2933,6 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
.mpo_check_vnode_access = mac_lomac_check_vnode_open,
.mpo_check_vnode_create = mac_lomac_check_vnode_create,
- .mpo_check_vnode_delete = mac_lomac_check_vnode_delete,
.mpo_check_vnode_deleteacl = mac_lomac_check_vnode_deleteacl,
.mpo_check_vnode_link = mac_lomac_check_vnode_link,
.mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap,
@@ -2950,6 +2949,7 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_check_vnode_setmode = mac_lomac_check_vnode_setmode,
.mpo_check_vnode_setowner = mac_lomac_check_vnode_setowner,
.mpo_check_vnode_setutimes = mac_lomac_check_vnode_setutimes,
+ .mpo_check_vnode_unlink = mac_lomac_check_vnode_unlink,
.mpo_check_vnode_write = mac_lomac_check_vnode_write,
.mpo_thread_userret = mac_lomac_thread_userret,
.mpo_create_mbuf_from_firewall = mac_lomac_create_mbuf_from_firewall,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 7660b65..cc4e1ad 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -2272,30 +2272,6 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp,
}
static int
-mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
- struct mac_mls *subj, *obj;
-
- if (!mac_mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(dvplabel);
-
- if (!mac_mls_dominate_effective(obj, subj))
- return (EACCES);
-
- obj = SLOT(vplabel);
-
- if (!mac_mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type)
{
@@ -2834,6 +2810,30 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
}
static int
+mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(dvplabel);
+
+ if (!mac_mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ obj = SLOT(vplabel);
+
+ if (!mac_mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *vplabel)
{
@@ -3011,7 +3011,6 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_check_vnode_chdir = mac_mls_check_vnode_chdir,
.mpo_check_vnode_chroot = mac_mls_check_vnode_chroot,
.mpo_check_vnode_create = mac_mls_check_vnode_create,
- .mpo_check_vnode_delete = mac_mls_check_vnode_delete,
.mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl,
.mpo_check_vnode_deleteextattr = mac_mls_check_vnode_deleteextattr,
.mpo_check_vnode_exec = mac_mls_check_vnode_exec,
@@ -3037,6 +3036,7 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_check_vnode_setowner = mac_mls_check_vnode_setowner,
.mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes,
.mpo_check_vnode_stat = mac_mls_check_vnode_stat,
+ .mpo_check_vnode_unlink = mac_mls_check_vnode_unlink,
.mpo_check_vnode_write = mac_mls_check_vnode_write,
.mpo_associate_nfsd_label = mac_mls_associate_nfsd_label,
.mpo_create_mbuf_from_firewall = mac_mls_create_mbuf_from_firewall,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 7bd2388..8c39999 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -1183,15 +1183,6 @@ stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
}
static int
-stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
-
- return (0);
-}
-
-static int
stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type)
{
@@ -1413,6 +1404,15 @@ stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
}
static int
+stub_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+
+ return (0);
+}
+
+static int
stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *vplabel)
{
@@ -1623,7 +1623,6 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_check_vnode_chdir = stub_check_vnode_chdir,
.mpo_check_vnode_chroot = stub_check_vnode_chroot,
.mpo_check_vnode_create = stub_check_vnode_create,
- .mpo_check_vnode_delete = stub_check_vnode_delete,
.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
.mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
.mpo_check_vnode_exec = stub_check_vnode_exec,
@@ -1651,6 +1650,7 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_check_vnode_setowner = stub_check_vnode_setowner,
.mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
.mpo_check_vnode_stat = stub_check_vnode_stat,
+ .mpo_check_vnode_unlink = stub_check_vnode_unlink,
.mpo_check_vnode_write = stub_check_vnode_write,
.mpo_priv_check = stub_priv_check,
.mpo_priv_grant = stub_priv_grant,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index bbc3cf2..14b67b6 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -2098,21 +2098,6 @@ mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
return (0);
}
-COUNTER_DECL(check_vnode_delete);
-static int
-mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct vnode *vp, struct label *vplabel,
- struct componentname *cnp)
-{
-
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(dvplabel, MAGIC_VNODE);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(check_vnode_delete);
-
- return (0);
-}
-
COUNTER_DECL(check_vnode_deleteacl);
static int
mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
@@ -2455,6 +2440,21 @@ mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
return (0);
}
+COUNTER_DECL(check_vnode_unlink);
+static int
+mac_test_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp)
+{
+
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(dvplabel, MAGIC_VNODE);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(check_vnode_unlink);
+
+ return (0);
+}
+
COUNTER_DECL(check_vnode_write);
static int
mac_test_check_vnode_write(struct ucred *active_cred,
@@ -2656,7 +2656,6 @@ static struct mac_policy_ops mac_test_ops =
.mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
.mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
.mpo_check_vnode_create = mac_test_check_vnode_create,
- .mpo_check_vnode_delete = mac_test_check_vnode_delete,
.mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
.mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
.mpo_check_vnode_exec = mac_test_check_vnode_exec,
@@ -2682,6 +2681,7 @@ static struct mac_policy_ops mac_test_ops =
.mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
.mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
.mpo_check_vnode_stat = mac_test_check_vnode_stat,
+ .mpo_check_vnode_unlink = mac_test_check_vnode_unlink,
.mpo_check_vnode_write = mac_test_check_vnode_write,
};
OpenPOWER on IntegriCloud