diff options
| -rw-r--r-- | src/sys/compat/unix/os/os_mac.c | 2 | ||||
| -rw-r--r-- | src/sys/include/os/mac.h | 9 | ||||
| -rw-r--r-- | src/sys/os/os_mac.c | 11 |
3 files changed, 10 insertions, 12 deletions
diff --git a/src/sys/compat/unix/os/os_mac.c b/src/sys/compat/unix/os/os_mac.c index be0ec84..4b52868 100644 --- a/src/sys/compat/unix/os/os_mac.c +++ b/src/sys/compat/unix/os/os_mac.c @@ -92,7 +92,7 @@ sys_query(struct syscall_args *scargs) } /* Can we even touch this? */ - error = mac_check_creds(self, bop); + error = mac_check_lvl(self, bop->level); if (error < 0) { return error; } diff --git a/src/sys/include/os/mac.h b/src/sys/include/os/mac.h index 2c20eab..7e7f083 100644 --- a/src/sys/include/os/mac.h +++ b/src/sys/include/os/mac.h @@ -92,15 +92,16 @@ struct mac_border { /* * Check creds with a specific process and a specific - * resource border. + * MAC level, useful when a resource border is not enough + * for a specific application. * - * @procp: Process to check with border - * @mbp: Border to 'procp' is trying to access + * @procp: Process to check with level + * @lvl: Level to check * * Returns zero if the check passed, otherwise a less than * zero value if the check failed. */ -int mac_check_creds(struct proc *procp, struct mac_border *mbp); +int mac_check_lvl(struct proc *procp, mac_level_t lvl); /* * Map a resource into process address space by diff --git a/src/sys/os/os_mac.c b/src/sys/os/os_mac.c index 898b476..2443b23 100644 --- a/src/sys/os/os_mac.c +++ b/src/sys/os/os_mac.c @@ -39,17 +39,14 @@ static struct mac_border *bortab[__BORDER_MAX] = { [BORDER_FBDEV] = &g_fbdev_border }; -/* - * Check process creds against border - */ int -mac_check_creds(struct proc *procp, struct mac_border *mbp) +mac_check_lvl(struct proc *procp, mac_level_t lvl) { - if (procp == NULL || mbp == NULL) { + if (procp == NULL) { return -EINVAL; } - if (procp->level < mbp->level) { + if (procp->level < lvl) { return -EACCES; } @@ -75,7 +72,7 @@ mac_map(struct mac_border *mbp, off_t off, size_t len, void **res, int flags) return -EINVAL; } - error = mac_check_creds(procp, mbp); + error = mac_check_lvl(procp, mbp->level); if (error < 0) { return error; } |