* Copyright (c) 2007 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_acct, cred, vp,
vp != NULL ? vp->v_label : NULL);
- return (error);
-}
-
-int
-mac_system_check_chud(kauth_cred_t cred)
-{
- int error;
-
- if (!mac_system_enforce)
- return (0);
-
- MAC_CHECK(system_check_chud, cred);
-
- return (error);
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_host_priv, cred);
- return (error);
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_info, cred, info_type);
- return (error);
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_nfsd, cred);
- return (error);
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_reboot, cred, howto);
- return (error);
+ return error;
}
+
int
mac_system_check_settime(kauth_cred_t cred)
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_settime, cred);
- return (error);
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_swapon, cred, vp, vp->v_label);
- return (error);
+ return error;
}
int
{
int error;
-
-
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_swapoff, cred, vp, vp->v_label);
- return (error);
+ return error;
}
int
mac_system_check_sysctlbyname(kauth_cred_t cred, const char *namestring, int *name,
- u_int namelen, user_addr_t oldctl, size_t oldlen,
- user_addr_t newctl, size_t newlen)
+ size_t namelen, user_addr_t oldctl, size_t oldlen,
+ user_addr_t newctl, size_t newlen)
{
int error;
-
- if (!mac_system_enforce)
- return (0);
+
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_sysctlbyname, cred, namestring,
- name, namelen, oldctl, oldlen, newctl, newlen);
-
- return (error);
+ name, namelen, oldctl, oldlen, newctl, newlen);
+
+ return error;
}
int
{
int error;
- if (!mac_system_enforce)
- return (0);
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_system_enforce) {
+ return 0;
+ }
+#endif
MAC_CHECK(system_check_kas_info, cred, selector);
- return (error);
+ return error;
}
projects / apple / xnu.git / blobdiff