diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-10-02 02:42:38 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-10-02 02:42:38 +0000 |
| commit | 92dbb82a47dc27aff8b0e9470f2272e799797b9f (patch) | |
| tree | 81842f8d46f9993f87a705e87627ee32a0867eaa /sys/security | |
| parent | b6fcb4fec3bc56bca6493436c67288104dad2c92 (diff) | |
Notes
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 2 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_net.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 2 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_system.c | 11 | ||||
| -rw-r--r-- | sys/security/mac/mac_vfs.c | 11 |
10 files changed, 92 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index b413220a3942..ebb65cb24f94 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -200,6 +200,7 @@ struct proc; struct sockaddr; struct socket; struct pipe; +struct thread; struct timespec; struct ucred; struct uio; @@ -293,6 +294,7 @@ void mac_execve_transition(struct ucred *old, struct ucred *new, int mac_execve_will_transition(struct ucred *old, struct vnode *vp); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); +void mac_thread_userret(struct thread *td); /* Access control checks. */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index c3f2046f86cc..52fee339af9b 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -220,6 +220,7 @@ struct mac_policy_ops { void (*mpo_create_proc1)(struct ucred *cred); void (*mpo_relabel_cred)(struct ucred *cred, struct label *newlabel); + void (*mpo_thread_userret)(struct thread *thread); /* * Access control checks. @@ -419,6 +420,7 @@ enum mac_op_constant { MAC_CREATE_PROC0, MAC_CREATE_PROC1, MAC_RELABEL_CRED, + MAC_THREAD_USERRET, MAC_CHECK_BPFDESC_RECEIVE, MAC_CHECK_CRED_RELABEL, MAC_CHECK_CRED_VISIBLE, diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index cdbf726bdccb..2c07abe4f7b9 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; + case MAC_THREAD_USERRET: + mpc->mpc_ops->mpo_thread_userret = + mpe->mpe_function; + break; case MAC_CHECK_BPFDESC_RECEIVE: mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; @@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred) MAC_PERFORM(create_proc1, cred); } +void +mac_thread_userret(struct thread *td) +{ + + MAC_PERFORM(thread_userret, td); +} + /* * When a new process is created, its label must be initialized. Generally, * this involves inheritence from the parent process, modulo possible |