summaryrefslogtreecommitdiff
path: root/sys/security
diff options
context:
space:
mode:
authorMateusz Guzik <mjg@FreeBSD.org>2020-07-29 17:05:31 +0000
committerMateusz Guzik <mjg@FreeBSD.org>2020-07-29 17:05:31 +0000
commitfad6dd772d15214036aeea34a1c280dc8390fdfb (patch)
tree11456ecdf1ba39687023a155e7e226dcf5ce59b7 /sys/security
parentfd8c6a48abe0ad2ba64b611fe044830f89b30138 (diff)
Notes
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_framework.c3
-rw-r--r--sys/security/mac/mac_framework.h4
2 files changed, 7 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index aea3789d572f..41c0779fa78e 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -139,6 +139,7 @@ FPFLAG(vnode_check_read);
FPFLAG(vnode_check_write);
FPFLAG(vnode_check_mmap);
FPFLAG_RARE(vnode_check_poll);
+FPFLAG_RARE(vnode_check_rename_from);
#undef FPFLAG
#undef FPFLAG_RARE
@@ -427,6 +428,8 @@ struct mac_policy_fastpath_elem mac_policy_fastpath_array[] = {
.flag = &mac_vnode_check_mmap_fp_flag },
{ .offset = FPO(vnode_check_poll),
.flag = &mac_vnode_check_poll_fp_flag },
+ { .offset = FPO(vnode_check_rename_from),
+ .flag = &mac_vnode_check_rename_from_fp_flag },
};
static void
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index e917eeb3c893..7ef13dcce758 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -482,6 +482,10 @@ mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
#endif
int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
+#define mac_vnode_check_rename_from_enabled() __predict_false(mac_vnode_check_rename_from_fp_flag)
+#ifdef MAC
+extern bool mac_vnode_check_rename_from_fp_flag;
+#endif
int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
int mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,