From 01e990be896435b353485b6fa96f55ecbba2500c Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 2 Aug 2002 20:33:05 +0000 Subject: [PATCH] Improve ordering of MAC entry points in mac_policy_op structure. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs --- sys/security/mac/mac_policy.h | 12 ++++++------ sys/sys/mac_policy.h | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index d2d88333301..f38c017a6ad 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -284,6 +284,10 @@ struct mac_policy_ops { int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp); + vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, + struct vnode *vp, struct label *label, int newmapping); + int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, + struct label *label, int op); int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, struct label *label, mode_t acc_mode); int (*mpo_check_vnode_readdir)(struct ucred *cred, @@ -320,10 +324,6 @@ struct mac_policy_ops { struct timespec atime, struct timespec mtime); int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, struct label *label); - vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, - struct vnode *vp, struct label *label, int newmapping); - int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, - struct label *label, int op); }; typedef const void *macop_t; @@ -425,6 +425,8 @@ enum mac_op_constant { MAC_CHECK_VNODE_GETACL, MAC_CHECK_VNODE_GETEXTATTR, MAC_CHECK_VNODE_LOOKUP, + MAC_CHECK_VNODE_MMAP_PERMS, + MAC_CHECK_VNODE_OP, MAC_CHECK_VNODE_OPEN, MAC_CHECK_VNODE_READDIR, MAC_CHECK_VNODE_READLINK, @@ -439,8 +441,6 @@ enum mac_op_constant { MAC_CHECK_VNODE_SETOWNER, MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, - MAC_CHECK_VNODE_MMAP_PERMS, - MAC_CHECK_VNODE_OP, }; struct mac_policy_op_entry { diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index d2d88333301..f38c017a6ad 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -284,6 +284,10 @@ struct mac_policy_ops { int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp); + vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, + struct vnode *vp, struct label *label, int newmapping); + int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, + struct label *label, int op); int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, struct label *label, mode_t acc_mode); int (*mpo_check_vnode_readdir)(struct ucred *cred, @@ -320,10 +324,6 @@ struct mac_policy_ops { struct timespec atime, struct timespec mtime); int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, struct label *label); - vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, - struct vnode *vp, struct label *label, int newmapping); - int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, - struct label *label, int op); }; typedef const void *macop_t; @@ -425,6 +425,8 @@ enum mac_op_constant { MAC_CHECK_VNODE_GETACL, MAC_CHECK_VNODE_GETEXTATTR, MAC_CHECK_VNODE_LOOKUP, + MAC_CHECK_VNODE_MMAP_PERMS, + MAC_CHECK_VNODE_OP, MAC_CHECK_VNODE_OPEN, MAC_CHECK_VNODE_READDIR, MAC_CHECK_VNODE_READLINK, @@ -439,8 +441,6 @@ enum mac_op_constant { MAC_CHECK_VNODE_SETOWNER, MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, - MAC_CHECK_VNODE_MMAP_PERMS, - MAC_CHECK_VNODE_OP, }; struct mac_policy_op_entry {