diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2008-10-28 11:33:06 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2008-10-28 11:33:06 +0000 |
commit | 212ab0cfb38a01878cc1bd44eeb4e6fcab384d5d (patch) | |
tree | c420c1b771a2ef873bf25185956726906057b6fe /sys/security/mac_mls | |
parent | 0dde8f1194da7e18827beabc2e7acc7918556f9d (diff) | |
download | src-212ab0cfb38a01878cc1bd44eeb4e6fcab384d5d.tar.gz src-212ab0cfb38a01878cc1bd44eeb4e6fcab384d5d.zip |
Notes
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index a8da56bd4a67..84b8c9949b13 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -776,6 +776,17 @@ mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, mls_copy_effective(source, dest); } +static void +mls_cred_associate_nfsd(struct ucred *cred) +{ + struct mac_mls *label; + + label = SLOT(cred->cr_label); + mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); + mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + static int mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) { @@ -855,6 +866,30 @@ mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) } static void +mls_cred_create_init(struct ucred *cred) +{ + struct mac_mls *dest; + + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + +static void +mls_cred_create_swapper(struct ucred *cred) +{ + struct mac_mls *dest; + + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + +static void mls_cred_relabel(struct ucred *cred, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1523,17 +1558,6 @@ mls_posixsem_create(struct ucred *cred, struct ksem *ks, mls_copy_effective(source, dest); } -static void -mls_proc_associate_nfsd(struct ucred *cred) -{ - struct mac_mls *label; - - label = SLOT(cred->cr_label); - mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); - mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - static int mls_proc_check_debug(struct ucred *cred, struct proc *p) { @@ -1594,30 +1618,6 @@ mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) return (0); } -static void -mls_proc_create_init(struct ucred *cred) -{ - struct mac_mls *dest; - - dest = SLOT(cred->cr_label); - - mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - -static void -mls_proc_create_swapper(struct ucred *cred) -{ - struct mac_mls *dest; - - dest = SLOT(cred->cr_label); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - static int mls_socket_check_deliver(struct socket *so, struct label *solabel, struct mbuf *m, struct label *mlabel) @@ -2957,9 +2957,12 @@ static struct mac_policy_ops mls_ops = .mpo_bpfdesc_destroy_label = mls_destroy_label, .mpo_bpfdesc_init_label = mls_init_label, + .mpo_cred_associate_nfsd = mls_cred_associate_nfsd, .mpo_cred_check_relabel = mls_cred_check_relabel, .mpo_cred_check_visible = mls_cred_check_visible, .mpo_cred_copy_label = mls_copy_label, + .mpo_cred_create_init = mls_cred_create_init, + .mpo_cred_create_swapper = mls_cred_create_swapper, .mpo_cred_destroy_label = mls_destroy_label, .mpo_cred_externalize_label = mls_externalize_label, .mpo_cred_init_label = mls_init_label, @@ -3051,12 +3054,9 @@ static struct mac_policy_ops mls_ops = .mpo_posixsem_destroy_label = mls_destroy_label, .mpo_posixsem_init_label = mls_init_label, - .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, .mpo_proc_check_debug = mls_proc_check_debug, .mpo_proc_check_sched = mls_proc_check_sched, .mpo_proc_check_signal = mls_proc_check_signal, - .mpo_proc_create_init = mls_proc_create_init, - .mpo_proc_create_swapper = mls_proc_create_swapper, .mpo_socket_check_deliver = mls_socket_check_deliver, .mpo_socket_check_relabel = mls_socket_check_relabel, |