aboutsummaryrefslogtreecommitdiff
path: root/sys/sys/mac_policy.h
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2002-10-22 15:53:43 +0000
committerRobert Watson <rwatson@FreeBSD.org>2002-10-22 15:53:43 +0000
commit1cbfd977fdaf8581569f097b51c4a3d8e386aa0b (patch)
tree6a24bba13df50f300ec31a1b71f9ed5936c155b5 /sys/sys/mac_policy.h
parent2789e47e2cad8f8a97023475a98de16f6d3e50fe (diff)
downloadsrc-1cbfd977fdaf8581569f097b51c4a3d8e386aa0b.tar.gz
src-1cbfd977fdaf8581569f097b51c4a3d8e386aa0b.zip
Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to
perform authorization checks during swapon() events; policies might choose to enforce protections based on the credential requesting the swap configuration, the target of the swap operation, or other factors such as internal policy state. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Notes
Notes: svn path=/head/; revision=105717
Diffstat (limited to 'sys/sys/mac_policy.h')
-rw-r--r--sys/sys/mac_policy.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h
index 28ed3a85f2d3..aabc95e3e745 100644
--- a/sys/sys/mac_policy.h
+++ b/sys/sys/mac_policy.h
@@ -385,6 +385,8 @@ struct mac_policy_ops {
int (*mpo_check_vnode_stat)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *label);
+ int (*mpo_check_vnode_swapon)(struct ucred *cred,
+ struct vnode *vp, struct label *label);
int (*mpo_check_vnode_write)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *label);
@@ -531,6 +533,7 @@ enum mac_op_constant {
MAC_CHECK_VNODE_SETOWNER,
MAC_CHECK_VNODE_SETUTIMES,
MAC_CHECK_VNODE_STAT,
+ MAC_CHECK_VNODE_SWAPON,
MAC_CHECK_VNODE_WRITE,
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 18:06:02 +0000