diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2007-09-10 00:00:18 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2007-09-10 00:00:18 +0000 |
| commit | 45e0f3d63d90c6f80f3f231f3f8e185e644c70e9 (patch) | |
| tree | 6d07b0ffd85b745bb08a976a4412f5862aba277b /sys/security/mac_mls | |
| parent | d903306a267227e32733712fef0c11e71c31b459 (diff) | |
| download | src-45e0f3d63d90c6f80f3f231f3f8e185e644c70e9.tar.gz src-45e0f3d63d90c6f80f3f231f3f8e185e644c70e9.zip | |
Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry
point to mac_check_vnode_unlink(), reflecting UNIX naming conventions.
This is the first of several commits to synchronize the MAC Framework
in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X
Leopard.
Reveiwed by: csjp, Samy Bahra <sbahra at gwu dot edu>
Submitted by: Jacques Vidrine <nectar at apple dot com>
Obtained from: Apple Computer, Inc.
Sponsored by: SPARTA, SPAWAR
Approved by: re (bmah)
Notes
Notes:
svn path=/head/; revision=172107
Diffstat (limited to 'sys/security/mac_mls')
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 7660b65cfa8c..cc4e1adf28bb 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2272,30 +2272,6 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel, struct vnode *vp, struct label *vplabel, - struct componentname *cnp) -{ - struct mac_mls *subj, *obj; - - if (!mac_mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(dvplabel); - - if (!mac_mls_dominate_effective(obj, subj)) - return (EACCES); - - obj = SLOT(vplabel); - - if (!mac_mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, struct label *vplabel, acl_type_t type) { @@ -2834,6 +2810,30 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, } static int +mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + struct componentname *cnp) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(dvplabel); + + if (!mac_mls_dominate_effective(obj, subj)) + return (EACCES); + + obj = SLOT(vplabel); + + if (!mac_mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { @@ -3011,7 +3011,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_vnode_chdir = mac_mls_check_vnode_chdir, .mpo_check_vnode_chroot = mac_mls_check_vnode_chroot, .mpo_check_vnode_create = mac_mls_check_vnode_create, - .mpo_check_vnode_delete = mac_mls_check_vnode_delete, .mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl, .mpo_check_vnode_deleteextattr = mac_mls_check_vnode_deleteextattr, .mpo_check_vnode_exec = mac_mls_check_vnode_exec, @@ -3037,6 +3036,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_vnode_setowner = mac_mls_check_vnode_setowner, .mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes, .mpo_check_vnode_stat = mac_mls_check_vnode_stat, + .mpo_check_vnode_unlink = mac_mls_check_vnode_unlink, .mpo_check_vnode_write = mac_mls_check_vnode_write, .mpo_associate_nfsd_label = mac_mls_associate_nfsd_label, .mpo_create_mbuf_from_firewall = mac_mls_create_mbuf_from_firewall, |