PERFORCE change 15029 for review

Robert Watson rwatson at freebsd.org
Sun Jul 28 02:47:21 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15029

Change 15029 by rwatson at rwatson_paprika on 2002/07/27 19:46:50

	mac_bsdextended doesn't implement inter-process/credential checks,
	so don't include stubs for those entry points.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#46 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#46 (text+ko) ====

@@ -690,70 +690,12 @@
 	return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VSTAT));
 }
 
-static int
-mac_bsdextended_check_see_cred(struct ucred *u1, struct ucred *u2)
-{
-
-	if (!mac_bsdextended_enabled)
-		return (0);
-
-	return (0);
-}
-
-static int
-mac_bsdextended_check_see_socket(struct ucred *cred, struct socket *socket)
-{
-
-	if (!mac_bsdextended_enabled)
-		return (0);
-
-	return (0);
-}
-
-static int
-mac_bsdextended_cred_cantouch(struct ucred *cred, struct proc *proc)
-{
-
-	if (!mac_bsdextended_enabled)
-		return (0);
-
-	return (0);
-}
-
-static int
-mac_bsdextended_check_signal_proc(struct ucred *cred, struct proc *proc,
-    int signum)
-{
-
-	return (mac_bsdextended_cred_cantouch(cred, proc));
-}
-
-static int
-mac_bsdextended_check_sched_proc(struct ucred *cred, struct proc *proc)
-{
-
-	return (mac_bsdextended_cred_cantouch(cred, proc));
-}
-
-static int
-mac_bsdextended_check_debug_proc(struct ucred *cred, struct proc *proc)
-{
-
-	return (mac_bsdextended_cred_cantouch(cred, proc));
-}
-
 static struct mac_policy_op_entry mac_bsdextended_ops[] =
 {
 	{ MAC_DESTROY,
 	    (macop_t)mac_bsdextended_destroy },
 	{ MAC_INIT,
 	    (macop_t)mac_bsdextended_init },
-	{ MAC_CHECK_SEE_CRED,
-	    (macop_t)mac_bsdextended_check_see_cred },
-	{ MAC_CHECK_SEE_SOCKET,
-	    (macop_t)mac_bsdextended_check_see_socket },
-	{ MAC_CHECK_DEBUG_PROC,
-	    (macop_t)mac_bsdextended_check_debug_proc },
 	{ MAC_CHECK_ACCESS_VNODE,
 	    (macop_t)mac_bsdextended_check_access_vnode },
 	{ MAC_CHECK_CHDIR_VNODE,
@@ -798,10 +740,6 @@
 	    (macop_t)mac_bsdextended_check_setowner_vnode },
 	{ MAC_CHECK_SETUTIMES_VNODE,
 	    (macop_t)mac_bsdextended_check_setutimes_vnode },
-	{ MAC_CHECK_SCHED_PROC,
-	    (macop_t)mac_bsdextended_check_sched_proc },
-	{ MAC_CHECK_SIGNAL_PROC,
-	    (macop_t)mac_bsdextended_check_signal_proc },
 	{ MAC_CHECK_STAT_VNODE,
 	    (macop_t)mac_bsdextended_check_stat_vnode },
 	{ MAC_OP_LAST, NULL }
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list