kern: security: Improve scalability of MAC checks

The concept of resource borders is mostly used for resources that can easily be mapped into memory, synced and contain attributes. However, some things (e.g., a network resource, keyboard input, etc) may not be great with raw memory mappings. This commit mitigates this problem. Signed-off-by: Ian Moffett <ian@osmora.org>
author: Ian Moffett <ian@osmora.org> 2025-10-09 15:46:59 -0400
committer: Ian Moffett <ian@osmora.org> 2025-10-09 15:46:59 -0400
commit: 22a4e1692886c118955da0326ed45bf4a8f7682e (patch)
tree: ea3f71b3140f442a260a0ebc3cc7c365445339c3 /src/sys/compat/unix
parent: 55af95ee7eb7ac85a0da2cfe5c76745fc718e96e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/sys/compat/unix/os/os_mac.c b/src/sys/compat/unix/os/os_mac.c
index be0ec84..4b52868 100644
--- a/src/sys/compat/unix/os/os_mac.c
+++ b/src/sys/compat/unix/os/os_mac.c
@@ -92,7 +92,7 @@ sys_query(struct syscall_args *scargs)
     }
 
     /* Can we even touch this? */
-    error = mac_check_creds(self, bop);
+    error = mac_check_lvl(self, bop->level);
     if (error < 0) {
         return error;
     }
author	Ian Moffett <ian@osmora.org>	2025-10-09 15:46:59 -0400
committer	Ian Moffett <ian@osmora.org>	2025-10-09 15:46:59 -0400
commit	22a4e1692886c118955da0326ed45bf4a8f7682e (patch)
tree	ea3f71b3140f442a260a0ebc3cc7c365445339c3 /src/sys/compat/unix
parent	55af95ee7eb7ac85a0da2cfe5c76745fc718e96e (diff)