Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry
point to mac_check_vnode_unlink(), reflecting UNIX naming conventions. This is the first of several commits to synchronize the MAC Framework in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X Leopard. Reveiwed by: csjp, Samy Bahra <sbahra at gwu dot edu> Submitted by: Jacques Vidrine <nectar at apple dot com> Obtained from: Apple Computer, Inc. Sponsored by: SPARTA, SPAWAR Approved by: re (bmah)
This commit is contained in:
parent
d903306a26
commit
45e0f3d63d
@ -1693,7 +1693,7 @@ restart:
|
||||
goto restart;
|
||||
}
|
||||
#ifdef MAC
|
||||
error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
|
||||
error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
|
||||
&nd.ni_cnd);
|
||||
if (error)
|
||||
goto out;
|
||||
@ -3550,7 +3550,7 @@ restart:
|
||||
goto out;
|
||||
}
|
||||
#ifdef MAC
|
||||
error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
|
||||
error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
|
||||
&nd.ni_cnd);
|
||||
if (error)
|
||||
goto out;
|
||||
|
@ -351,8 +351,6 @@ int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
struct componentname *cnp, struct vattr *vap);
|
||||
int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct vnode *vp, struct componentname *cnp);
|
||||
int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
acl_type_t type);
|
||||
int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
@ -400,6 +398,8 @@ int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
struct timespec atime, struct timespec mtime);
|
||||
int mac_check_vnode_stat(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
int mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct vnode *vp, struct componentname *cnp);
|
||||
int mac_check_vnode_write(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
int mac_getsockopt_label(struct ucred *cred, struct socket *so,
|
||||
|
@ -524,10 +524,6 @@ typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred,
|
||||
typedef int (*mpo_check_vnode_create_t)(struct ucred *cred,
|
||||
struct vnode *dvp, struct label *dvplabel,
|
||||
struct componentname *cnp, struct vattr *vap);
|
||||
typedef int (*mpo_check_vnode_delete_t)(struct ucred *cred,
|
||||
struct vnode *dvp, struct label *dvplabel,
|
||||
struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp);
|
||||
typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
|
||||
struct vnode *vp, struct label *vplabel,
|
||||
acl_type_t type);
|
||||
@ -604,6 +600,10 @@ typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred,
|
||||
typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp,
|
||||
struct label *vplabel);
|
||||
typedef int (*mpo_check_vnode_unlink_t)(struct ucred *cred,
|
||||
struct vnode *dvp, struct label *dvplabel,
|
||||
struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp);
|
||||
typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp,
|
||||
struct label *vplabel);
|
||||
@ -868,7 +868,6 @@ struct mac_policy_ops {
|
||||
mpo_check_vnode_chdir_t mpo_check_vnode_chdir;
|
||||
mpo_check_vnode_chroot_t mpo_check_vnode_chroot;
|
||||
mpo_check_vnode_create_t mpo_check_vnode_create;
|
||||
mpo_check_vnode_delete_t mpo_check_vnode_delete;
|
||||
mpo_check_vnode_deleteacl_t mpo_check_vnode_deleteacl;
|
||||
mpo_check_vnode_deleteextattr_t mpo_check_vnode_deleteextattr;
|
||||
mpo_check_vnode_exec_t mpo_check_vnode_exec;
|
||||
@ -897,6 +896,7 @@ struct mac_policy_ops {
|
||||
mpo_check_vnode_setowner_t mpo_check_vnode_setowner;
|
||||
mpo_check_vnode_setutimes_t mpo_check_vnode_setutimes;
|
||||
mpo_check_vnode_stat_t mpo_check_vnode_stat;
|
||||
mpo_check_vnode_unlink_t mpo_check_vnode_unlink;
|
||||
mpo_check_vnode_write_t mpo_check_vnode_write;
|
||||
mpo_associate_nfsd_label_t mpo_associate_nfsd_label;
|
||||
mpo_create_mbuf_from_firewall_t mpo_create_mbuf_from_firewall;
|
||||
|
@ -390,20 +390,6 @@ mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
|
||||
ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
|
||||
|
||||
MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp,
|
||||
vp->v_label, cnp);
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
acl_type_t type)
|
||||
@ -740,6 +726,20 @@ mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_unlink");
|
||||
ASSERT_VOP_LOCKED(vp, "mac_check_vnode_unlink");
|
||||
|
||||
MAC_CHECK(check_vnode_unlink, cred, dvp, dvp->v_label, vp,
|
||||
vp->v_label, cnp);
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp)
|
||||
|
@ -2624,30 +2624,6 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_biba *subj, *obj;
|
||||
|
||||
if (!mac_biba_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_biba_dominate_effective(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_biba_dominate_effective(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, acl_type_t type)
|
||||
@ -3186,6 +3162,30 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_biba_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_biba *subj, *obj;
|
||||
|
||||
if (!mac_biba_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_biba_dominate_effective(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_biba_dominate_effective(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_biba_check_vnode_write(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
|
||||
@ -3389,7 +3389,6 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_check_vnode_chdir = mac_biba_check_vnode_chdir,
|
||||
.mpo_check_vnode_chroot = mac_biba_check_vnode_chroot,
|
||||
.mpo_check_vnode_create = mac_biba_check_vnode_create,
|
||||
.mpo_check_vnode_delete = mac_biba_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_deleteextattr = mac_biba_check_vnode_deleteextattr,
|
||||
.mpo_check_vnode_exec = mac_biba_check_vnode_exec,
|
||||
@ -3415,6 +3414,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_check_vnode_setowner = mac_biba_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes,
|
||||
.mpo_check_vnode_stat = mac_biba_check_vnode_stat,
|
||||
.mpo_check_vnode_unlink = mac_biba_check_vnode_unlink,
|
||||
.mpo_check_vnode_write = mac_biba_check_vnode_write,
|
||||
.mpo_associate_nfsd_label = mac_biba_associate_nfsd_label,
|
||||
.mpo_create_mbuf_from_firewall = mac_biba_create_mbuf_from_firewall,
|
||||
|
@ -503,19 +503,6 @@ mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
|
||||
if (error)
|
||||
return (error);
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, acl_type_t type)
|
||||
@ -708,6 +695,19 @@ mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
|
||||
return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
|
||||
if (error)
|
||||
return (error);
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
}
|
||||
|
||||
static struct mac_policy_ops mac_bsdextended_ops =
|
||||
{
|
||||
.mpo_destroy = mac_bsdextended_destroy,
|
||||
@ -720,7 +720,6 @@ static struct mac_policy_ops mac_bsdextended_ops =
|
||||
.mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,
|
||||
.mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot,
|
||||
.mpo_check_vnode_create = mac_bsdextended_check_create_vnode,
|
||||
.mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr,
|
||||
.mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec,
|
||||
@ -742,6 +741,7 @@ static struct mac_policy_ops mac_bsdextended_ops =
|
||||
.mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes,
|
||||
.mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat,
|
||||
.mpo_check_vnode_unlink = mac_bsdextended_check_vnode_unlink,
|
||||
};
|
||||
|
||||
MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended,
|
||||
|
@ -2344,30 +2344,6 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_lomac *subj, *obj;
|
||||
|
||||
if (!mac_lomac_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_lomac_subject_dominate(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_lomac_subject_dominate(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, acl_type_t type)
|
||||
@ -2752,6 +2728,30 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_lomac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_lomac *subj, *obj;
|
||||
|
||||
if (!mac_lomac_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_lomac_subject_dominate(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_lomac_subject_dominate(subj, obj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_lomac_check_vnode_write(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
|
||||
@ -2933,7 +2933,6 @@ static struct mac_policy_ops mac_lomac_ops =
|
||||
.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
|
||||
.mpo_check_vnode_access = mac_lomac_check_vnode_open,
|
||||
.mpo_check_vnode_create = mac_lomac_check_vnode_create,
|
||||
.mpo_check_vnode_delete = mac_lomac_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = mac_lomac_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_link = mac_lomac_check_vnode_link,
|
||||
.mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap,
|
||||
@ -2950,6 +2949,7 @@ static struct mac_policy_ops mac_lomac_ops =
|
||||
.mpo_check_vnode_setmode = mac_lomac_check_vnode_setmode,
|
||||
.mpo_check_vnode_setowner = mac_lomac_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = mac_lomac_check_vnode_setutimes,
|
||||
.mpo_check_vnode_unlink = mac_lomac_check_vnode_unlink,
|
||||
.mpo_check_vnode_write = mac_lomac_check_vnode_write,
|
||||
.mpo_thread_userret = mac_lomac_thread_userret,
|
||||
.mpo_create_mbuf_from_firewall = mac_lomac_create_mbuf_from_firewall,
|
||||
|
@ -2271,30 +2271,6 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_mls *subj, *obj;
|
||||
|
||||
if (!mac_mls_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_mls_dominate_effective(obj, subj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_mls_dominate_effective(obj, subj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, acl_type_t type)
|
||||
@ -2833,6 +2809,30 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
struct mac_mls *subj, *obj;
|
||||
|
||||
if (!mac_mls_enabled)
|
||||
return (0);
|
||||
|
||||
subj = SLOT(cred->cr_label);
|
||||
obj = SLOT(dvplabel);
|
||||
|
||||
if (!mac_mls_dominate_effective(obj, subj))
|
||||
return (EACCES);
|
||||
|
||||
obj = SLOT(vplabel);
|
||||
|
||||
if (!mac_mls_dominate_effective(obj, subj))
|
||||
return (EACCES);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
@ -3011,7 +3011,6 @@ static struct mac_policy_ops mac_mls_ops =
|
||||
.mpo_check_vnode_chdir = mac_mls_check_vnode_chdir,
|
||||
.mpo_check_vnode_chroot = mac_mls_check_vnode_chroot,
|
||||
.mpo_check_vnode_create = mac_mls_check_vnode_create,
|
||||
.mpo_check_vnode_delete = mac_mls_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_deleteextattr = mac_mls_check_vnode_deleteextattr,
|
||||
.mpo_check_vnode_exec = mac_mls_check_vnode_exec,
|
||||
@ -3037,6 +3036,7 @@ static struct mac_policy_ops mac_mls_ops =
|
||||
.mpo_check_vnode_setowner = mac_mls_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes,
|
||||
.mpo_check_vnode_stat = mac_mls_check_vnode_stat,
|
||||
.mpo_check_vnode_unlink = mac_mls_check_vnode_unlink,
|
||||
.mpo_check_vnode_write = mac_mls_check_vnode_write,
|
||||
.mpo_associate_nfsd_label = mac_mls_associate_nfsd_label,
|
||||
.mpo_create_mbuf_from_firewall = mac_mls_create_mbuf_from_firewall,
|
||||
|
@ -1182,15 +1182,6 @@ stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, acl_type_t type)
|
||||
@ -1412,6 +1403,15 @@ stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
@ -1623,7 +1623,6 @@ static struct mac_policy_ops mac_stub_ops =
|
||||
.mpo_check_vnode_chdir = stub_check_vnode_chdir,
|
||||
.mpo_check_vnode_chroot = stub_check_vnode_chroot,
|
||||
.mpo_check_vnode_create = stub_check_vnode_create,
|
||||
.mpo_check_vnode_delete = stub_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
|
||||
.mpo_check_vnode_exec = stub_check_vnode_exec,
|
||||
@ -1651,6 +1650,7 @@ static struct mac_policy_ops mac_stub_ops =
|
||||
.mpo_check_vnode_setowner = stub_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
|
||||
.mpo_check_vnode_stat = stub_check_vnode_stat,
|
||||
.mpo_check_vnode_unlink = stub_check_vnode_unlink,
|
||||
.mpo_check_vnode_write = stub_check_vnode_write,
|
||||
.mpo_priv_check = stub_priv_check,
|
||||
.mpo_priv_grant = stub_priv_grant,
|
||||
|
@ -2098,21 +2098,6 @@ mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
return (0);
|
||||
}
|
||||
|
||||
COUNTER_DECL(check_vnode_delete);
|
||||
static int
|
||||
mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_delete);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
COUNTER_DECL(check_vnode_deleteacl);
|
||||
static int
|
||||
mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
@ -2455,6 +2440,21 @@ mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
return (0);
|
||||
}
|
||||
|
||||
COUNTER_DECL(check_vnode_unlink);
|
||||
static int
|
||||
mac_test_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_unlink);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
COUNTER_DECL(check_vnode_write);
|
||||
static int
|
||||
mac_test_check_vnode_write(struct ucred *active_cred,
|
||||
@ -2656,7 +2656,6 @@ static struct mac_policy_ops mac_test_ops =
|
||||
.mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
|
||||
.mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
|
||||
.mpo_check_vnode_create = mac_test_check_vnode_create,
|
||||
.mpo_check_vnode_delete = mac_test_check_vnode_delete,
|
||||
.mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
|
||||
.mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
|
||||
.mpo_check_vnode_exec = mac_test_check_vnode_exec,
|
||||
@ -2682,6 +2681,7 @@ static struct mac_policy_ops mac_test_ops =
|
||||
.mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
|
||||
.mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
|
||||
.mpo_check_vnode_stat = mac_test_check_vnode_stat,
|
||||
.mpo_check_vnode_unlink = mac_test_check_vnode_unlink,
|
||||
.mpo_check_vnode_write = mac_test_check_vnode_write,
|
||||
};
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user