From a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Mon, 19 Aug 2002 19:04:53 +0000
Subject: Pass active_cred and file_cred into the MAC framework explicitly for
 mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred when calling
 these checks with a struct file available.  Otherwise, pass NOCRED.  All
 currently MAC policies use active_cred, but could now offer the cached
 credential semantic used for the base system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/security/mac/mac_framework.h | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'sys/security/mac/mac_framework.h')

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 0696f3c..b413220 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -338,8 +338,10 @@ u_char	mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp,
 	    int newmapping);
 int	mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
 	    mode_t acc_mode);
-int	mac_check_vnode_poll(struct ucred *cred, struct vnode *vp);
-int	mac_check_vnode_read(struct ucred *cred, struct vnode *vp);
+int	mac_check_vnode_poll(struct ucred *active_cred,
+	    struct ucred *file_cred, struct vnode *vp);
+int	mac_check_vnode_read(struct ucred *active_cred,
+	    struct ucred *file_cred, struct vnode *vp);
 int	mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
 int	mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
 int	mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
@@ -359,8 +361,10 @@ int	mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
 	    uid_t uid, gid_t gid);
 int	mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
 	    struct timespec atime, struct timespec mtime);
-int	mac_check_vnode_stat(struct ucred *cred, struct vnode *vp);
-int	mac_check_vnode_write(struct ucred *cred, struct vnode *vp);
+int	mac_check_vnode_stat(struct ucred *active_cred,
+	    struct ucred *file_cred, struct vnode *vp);
+int	mac_check_vnode_write(struct ucred *active_cred,
+	    struct ucred *file_cred, struct vnode *vp);
 int	mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
 	    struct mac *extmac);
 int	mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
-- 
cgit v1.1