xnu-4570.1.46.tar.gz

[apple/xnu.git] / security / mac_internal.h

diff --git a/security/mac_internal.h b/security/mac_internal.h
index 153e7d727cda79356b557051dea933cafded0e54..0f034d23fdab8ae11851f55d488f3b1150d35253 100644 (file)
--- a/security/mac_internal.h
+++ b/security/mac_internal.h
@@ -79,7 +79,6 @@
 #include <security/mac_policy.h>
 #include <security/mac_data.h>
 #include <sys/sysctl.h>
-#include <kern/wait_queue.h>
 #include <kern/locks.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
@@ -171,46 +170,31 @@ extern unsigned int mac_label_mbufs;
 
 extern unsigned int mac_label_vnodes;
 
-static int mac_proc_check_enforce(proc_t p, int enforce_flags);
+static bool mac_proc_check_enforce(proc_t p);
 
-static __inline__ int mac_proc_check_enforce(proc_t p, int enforce_flags)
+static __inline__ bool mac_proc_check_enforce(proc_t p)
 {
 #if CONFIG_MACF
-       return ((p->p_mac_enforce & enforce_flags) != 0);
+       // Don't apply policies to the kernel itself.
+       return (p != kernproc);
 #else
-#pragma unused(p,enforce_flags)
-       return 0;
-#endif
+#pragma unused(p)
+       return false;
+#endif // CONFIG_MACF
 }
 
-static int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags);
-static void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags);
-
-static __inline__ int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags)
-{
-       proc_t proc = vfs_context_proc(ctx);
-
-       if (proc == NULL)
-               return 0;
-
-       return (mac_proc_check_enforce(proc, enforce_flags));
-}
+static bool mac_cred_check_enforce(kauth_cred_t cred);
 
-static __inline__ void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags)
+static __inline__ bool mac_cred_check_enforce(kauth_cred_t cred)
 {
 #if CONFIG_MACF
-       proc_t proc = vfs_context_proc(ctx);
-
-       if (proc == NULL)
-               return;
-
-       mac_proc_set_enforce(proc, enforce_flags);
+       return (cred != proc_ucred(kernproc));
 #else
-#pragma unused(ctx,enforce_flags)
-#endif
+#pragma unused(p)
+       return false;
+#endif // CONFIG_MACF
 }
 
-
 /*
  * MAC Framework infrastructure functions.
  */
@@ -234,7 +218,6 @@ int   mac_check_structmac_consistent(struct mac *mac);
 #endif
        
 int mac_cred_label_externalize(struct label *, char *e, char *out, size_t olen, int flags);
-int mac_lctx_label_externalize(struct label *, char *e, char *out, size_t olen);
 #if CONFIG_MACF_SOCKET
 int mac_socket_label_externalize(struct label *, char *e, char *out, size_t olen);
 #endif /* CONFIG_MACF_SOCKET */
@@ -243,7 +226,6 @@ int mac_pipe_label_externalize(struct label *label, char *elements,
  char *outbuf, size_t outbuflen);
 
 int mac_cred_label_internalize(struct label *label, char *string);
-int mac_lctx_label_internalize(struct label *label, char *string);
 #if CONFIG_MACF_SOCKET
 int mac_socket_label_internalize(struct label *label, char *string);
 #endif /* CONFIG_MACF_SOCKET */
@@ -416,8 +398,6 @@ struct __mac_get_pid_args;
 struct __mac_get_proc_args;
 struct __mac_set_proc_args;
 struct __mac_get_lcid_args;
-struct __mac_get_lctx_args;
-struct __mac_set_lctx_args;
 struct __mac_get_fd_args;
 struct __mac_get_file_args;
 struct __mac_get_link_args;