From c77cf2b162f913fdb3da226dd204a2299c020a81 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 26 Jan 2005 23:43:32 +0000 Subject: [PATCH] Remove policy references to mpo_check_vnode_mprotect(), which is currently unimplemented. Update copyrights. Pointed out by: csjp --- sys/security/mac_biba/mac_biba.c | 1 - sys/security/mac_lomac/mac_lomac.c | 31 +----------------------------- sys/security/mac_mls/mac_mls.c | 1 - sys/security/mac_stub/mac_stub.c | 9 --------- sys/security/mac_test/mac_test.c | 14 +------------- 5 files changed, 2 insertions(+), 54 deletions(-) diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 5abab8b56470..bf3267744842 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -3151,7 +3151,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap, .mpo_check_vnode_open = mac_biba_check_vnode_open, .mpo_check_vnode_poll = mac_biba_check_vnode_poll, .mpo_check_vnode_read = mac_biba_check_vnode_read, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 4dd157288039..117f25628a35 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -2207,34 +2207,6 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); } -static int -mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - struct mac_lomac *subj, *obj; - - /* - * Rely on the use of open()-time protections to handle - * non-revocation cases. - */ - if (!mac_lomac_enabled || !revocation_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(label); - - if (prot & VM_PROT_WRITE) { - if (!mac_lomac_subject_dominate(subj, obj)) - return (EACCES); - } - if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_lomac_dominate_single(obj, subj)) - return (EACCES); - } - - return (0); -} - static void mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, struct label *label, /* XXX vm_prot_t */ int *prot) @@ -2733,7 +2705,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_check_vnode_link = mac_lomac_check_vnode_link, .mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap, .mpo_check_vnode_mmap_downgrade = mac_lomac_check_vnode_mmap_downgrade, - .mpo_check_vnode_mprotect = mac_lomac_check_vnode_mprotect, .mpo_check_vnode_open = mac_lomac_check_vnode_open, .mpo_check_vnode_read = mac_lomac_check_vnode_read, .mpo_check_vnode_relabel = mac_lomac_check_vnode_relabel, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 753772274939..b2f525a57bc2 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2918,7 +2918,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_vnode_listextattr = mac_mls_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_mls_check_vnode_lookup, .mpo_check_vnode_mmap = mac_mls_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_mls_check_vnode_mmap, .mpo_check_vnode_open = mac_mls_check_vnode_open, .mpo_check_vnode_poll = mac_mls_check_vnode_poll, .mpo_check_vnode_read = mac_mls_check_vnode_read, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index aaaa7b30efc6..8ea7cb39bcaf 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -1057,14 +1057,6 @@ stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); } -static int -stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - - return (0); -} - static int stub_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, int acc_mode) @@ -1377,7 +1369,6 @@ static struct mac_policy_ops mac_stub_ops = .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, .mpo_check_vnode_lookup = stub_check_vnode_lookup, .mpo_check_vnode_mmap = stub_check_vnode_mmap, - .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, .mpo_check_vnode_open = stub_check_vnode_open, .mpo_check_vnode_poll = stub_check_vnode_poll, .mpo_check_vnode_read = stub_check_vnode_read, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index f174ecb883dc..bdef613734b4 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -2004,17 +2004,6 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); } -static int -mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - - ASSERT_CRED_LABEL(cred->cr_label); - ASSERT_VNODE_LABEL(label); - - return (0); -} - static int mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, int acc_mode) @@ -2396,7 +2385,6 @@ static struct mac_policy_ops mac_test_ops = .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_test_check_vnode_lookup, .mpo_check_vnode_mmap = mac_test_check_vnode_mmap, - .mpo_check_vnode_mprotect = mac_test_check_vnode_mprotect, .mpo_check_vnode_open = mac_test_check_vnode_open, .mpo_check_vnode_poll = mac_test_check_vnode_poll, .mpo_check_vnode_read = mac_test_check_vnode_read,