diff options
| author | Mateusz Guzik <mjg@FreeBSD.org> | 2020-07-29 17:05:31 +0000 |
|---|---|---|
| committer | Mateusz Guzik <mjg@FreeBSD.org> | 2020-07-29 17:05:31 +0000 |
| commit | fad6dd772d15214036aeea34a1c280dc8390fdfb (patch) | |
| tree | 11456ecdf1ba39687023a155e7e226dcf5ce59b7 /sys/security | |
| parent | fd8c6a48abe0ad2ba64b611fe044830f89b30138 (diff) | |
Notes
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 3 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index aea3789d572f..41c0779fa78e 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -139,6 +139,7 @@ FPFLAG(vnode_check_read); FPFLAG(vnode_check_write); FPFLAG(vnode_check_mmap); FPFLAG_RARE(vnode_check_poll); +FPFLAG_RARE(vnode_check_rename_from); #undef FPFLAG #undef FPFLAG_RARE @@ -427,6 +428,8 @@ struct mac_policy_fastpath_elem mac_policy_fastpath_array[] = { .flag = &mac_vnode_check_mmap_fp_flag }, { .offset = FPO(vnode_check_poll), .flag = &mac_vnode_check_poll_fp_flag }, + { .offset = FPO(vnode_check_rename_from), + .flag = &mac_vnode_check_rename_from_fp_flag }, }; static void diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index e917eeb3c893..7ef13dcce758 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -482,6 +482,10 @@ mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, #endif int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp); int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp); +#define mac_vnode_check_rename_from_enabled() __predict_false(mac_vnode_check_rename_from_fp_flag) +#ifdef MAC +extern bool mac_vnode_check_rename_from_fp_flag; +#endif int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); int mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, |