Remove policy references to mpo_check_vnode_mprotect(), which is

currently unimplemented. Update copyrights. Pointed out by: csjp
2005-01-26 23:43:32 +00:00 · 2005-01-26 23:43:32 +00:00 · c77cf2b162
commit c77cf2b162
parent 017a4322b5
5 changed files with 2 additions and 54 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -3151,7 +3151,6 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr,
 	.mpo_check_vnode_lookup = mac_biba_check_vnode_lookup,
 	.mpo_check_vnode_mmap = mac_biba_check_vnode_mmap,
-	.mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap,
 	.mpo_check_vnode_open = mac_biba_check_vnode_open,
 	.mpo_check_vnode_poll = mac_biba_check_vnode_poll,
 	.mpo_check_vnode_read = mac_biba_check_vnode_read,
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@ -1,6 +1,6 @@
 /*-
 * Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed by Robert Watson for the TrustedBSD Project.
@ -2207,34 +2207,6 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 	return (0);
 }

-static int
-mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
-    struct label *label, int prot)
-{
-	struct mac_lomac *subj, *obj;
-
-	/*
-	 * Rely on the use of open()-time protections to handle
-	 * non-revocation cases.
-	 */
-	if (!mac_lomac_enabled || !revocation_enabled)
-		return (0);
-
-	subj = SLOT(cred->cr_label);
-	obj = SLOT(label);
-
-	if (prot & VM_PROT_WRITE) {
-		if (!mac_lomac_subject_dominate(subj, obj))
-			return (EACCES);
-	}
-	if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
-		if (!mac_lomac_dominate_single(obj, subj))
-			return (EACCES);
-	}
-
-	return (0);
-}
-
 static void
 mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
    struct label *label, /* XXX vm_prot_t */ int *prot)
@ -2733,7 +2705,6 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_check_vnode_link = mac_lomac_check_vnode_link,
 	.mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap,
 	.mpo_check_vnode_mmap_downgrade = mac_lomac_check_vnode_mmap_downgrade,
-	.mpo_check_vnode_mprotect = mac_lomac_check_vnode_mprotect,
 	.mpo_check_vnode_open = mac_lomac_check_vnode_open,
 	.mpo_check_vnode_read = mac_lomac_check_vnode_read,
 	.mpo_check_vnode_relabel = mac_lomac_check_vnode_relabel,
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -2918,7 +2918,6 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_check_vnode_listextattr = mac_mls_check_vnode_listextattr,
 	.mpo_check_vnode_lookup = mac_mls_check_vnode_lookup,
 	.mpo_check_vnode_mmap = mac_mls_check_vnode_mmap,
-	.mpo_check_vnode_mprotect = mac_mls_check_vnode_mmap,
 	.mpo_check_vnode_open = mac_mls_check_vnode_open,
 	.mpo_check_vnode_poll = mac_mls_check_vnode_poll,
 	.mpo_check_vnode_read = mac_mls_check_vnode_read,
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@ -1057,14 +1057,6 @@ stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 	return (0);
 }

-static int
-stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
-    struct label *label, int prot)
-{
-
-	return (0);
-}
-
 static int
 stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
    struct label *filelabel, int acc_mode)
@ -1377,7 +1369,6 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
 	.mpo_check_vnode_lookup = stub_check_vnode_lookup,
 	.mpo_check_vnode_mmap = stub_check_vnode_mmap,
-	.mpo_check_vnode_mprotect = stub_check_vnode_mprotect,
 	.mpo_check_vnode_open = stub_check_vnode_open,
 	.mpo_check_vnode_poll = stub_check_vnode_poll,
 	.mpo_check_vnode_read = stub_check_vnode_read,
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@ -1,6 +1,6 @@
 /*-
 * Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed by Robert Watson for the TrustedBSD Project.
@ -2004,17 +2004,6 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 	return (0);
 }

-static int
-mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
-    struct label *label, int prot)
-{
-
-	ASSERT_CRED_LABEL(cred->cr_label);
-	ASSERT_VNODE_LABEL(label);
-
-	return (0);
-}
-
 static int
 mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
    struct label *filelabel, int acc_mode)
@ -2396,7 +2385,6 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr,
 	.mpo_check_vnode_lookup = mac_test_check_vnode_lookup,
 	.mpo_check_vnode_mmap = mac_test_check_vnode_mmap,
-	.mpo_check_vnode_mprotect = mac_test_check_vnode_mprotect,
 	.mpo_check_vnode_open = mac_test_check_vnode_open,
 	.mpo_check_vnode_poll = mac_test_check_vnode_poll,
 	.mpo_check_vnode_read = mac_test_check_vnode_read,