From 22a4e1692886c118955da0326ed45bf4a8f7682e Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Thu, 9 Oct 2025 15:46:59 -0400
Subject: kern: security: Improve scalability of MAC checks

The concept of resource borders is mostly used for resources that can
easily be mapped into memory, synced and contain attributes. However,
some things (e.g., a network resource, keyboard input, etc) may not be
great with raw memory mappings. This commit mitigates this problem.

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 src/sys/compat/unix/os/os_mac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/sys/compat/unix/os')

diff --git a/src/sys/compat/unix/os/os_mac.c b/src/sys/compat/unix/os/os_mac.c
index be0ec84..4b52868 100644
--- a/src/sys/compat/unix/os/os_mac.c
+++ b/src/sys/compat/unix/os/os_mac.c
@@ -92,7 +92,7 @@ sys_query(struct syscall_args *scargs)
     }
 
     /* Can we even touch this? */
-    error = mac_check_creds(self, bop);
+    error = mac_check_lvl(self, bop->level);
     if (error < 0) {
         return error;
     }
-- 
cgit v1.2.3