From da1a848c61b09f2607111b298ac57fe2dcb183da Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 5 Jul 2001 17:10:46 +0000 Subject: o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). The p_can(...) construct was a premature (and, it turns out, awkward) abstraction. The individual calls to p_canxxx() better reflect differences between the inter-process authorization checks, such as differing checks based on the type of signal. This has a side effect of improving code readability. o Replace direct credential authorization checks in ktrace() with invocation of p_candebug(), while maintaining the special case check of KTR_ROOT. This allows ktrace() to "play more nicely" with new mandatory access control schemes, as well as making its authorization checks consistent with other "debugging class" checks. o Eliminate "privused" construct for p_can*() calls which allowed the caller to determine if privilege was required for successful evaluation of the access control check. This primitive is currently unused, and as such, serves only to complicate the API. Approved by: ({procfs,linprocfs} changes) des Obtained from: TrustedBSD Project --- sys/posix4/p1003_1b.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sys/posix4') diff --git a/sys/posix4/p1003_1b.c b/sys/posix4/p1003_1b.c index 5b9bee0..1c356e3 100644 --- a/sys/posix4/p1003_1b.c +++ b/sys/posix4/p1003_1b.c @@ -122,7 +122,7 @@ int sched_setparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -148,7 +148,7 @@ int sched_getparam(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -180,7 +180,7 @@ int sched_setscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SCHED, NULL); + e = p_cansched(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -205,7 +205,7 @@ int sched_getscheduler(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); @@ -246,7 +246,7 @@ int sched_rr_get_interval(struct proc *p, return (ESRCH); } - e = p_can(p, targetp, P_CAN_SEE, NULL); + e = p_cansee(p, targetp); PROC_UNLOCK(targetp); if (e) return (e); -- cgit v1.1