From 5743072acfd292c98911ffb9ccbb0889d58912a6 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 10 Jan 2009 10:58:41 +0000 Subject: Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. --- sys/security/mac_partition/mac_partition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sys/security/mac_partition/mac_partition.c') diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 7eca1f9..2fecb27 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -316,4 +316,4 @@ static struct mac_policy_ops partition_ops = }; MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", - MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot, MPC_OBJECT_CRED); + MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); -- cgit v1.1