From 4d365126c56c98cc583a57b1f74c056f6bdd0dda Mon Sep 17 00:00:00 2001 From: rwatson Date: Tue, 26 Jun 2007 14:14:01 +0000 Subject: Add a new MAC framework and policy entry point, mpo_check_proc_setaudit_addr to be used when controlling use of setaudit_addr(), rather than mpo_check_proc_setaudit(), which takes a different argument type. Reviewed by: csjp Approved by: re (kensmith) --- sys/security/mac_test/mac_test.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'sys/security/mac_test') diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index ad49d14..bbc3cf2 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1668,6 +1668,18 @@ mac_test_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai) return (0); } +COUNTER_DECL(check_proc_setaudit_addr); +static int +mac_test_check_proc_setaudit_addr(struct ucred *cred, + struct auditinfo_addr *aia) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(check_proc_setaudit_addr); + + return (0); +} + COUNTER_DECL(check_proc_setauid); static int mac_test_check_proc_setauid(struct ucred *cred, uid_t auid) @@ -2608,6 +2620,7 @@ static struct mac_policy_ops mac_test_ops = .mpo_check_proc_debug = mac_test_check_proc_debug, .mpo_check_proc_sched = mac_test_check_proc_sched, .mpo_check_proc_setaudit = mac_test_check_proc_setaudit, + .mpo_check_proc_setaudit_addr = mac_test_check_proc_setaudit_addr, .mpo_check_proc_setauid = mac_test_check_proc_setauid, .mpo_check_proc_setuid = mac_test_check_proc_setuid, .mpo_check_proc_seteuid = mac_test_check_proc_seteuid, -- cgit v1.1