X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/fe8ab488e9161c46dd9885d58fc52996dc0249ff..5ba3f43ea354af8ad55bea84372a2bc834d8757c:/security/mac_internal.h

diff --git a/security/mac_internal.h b/security/mac_internal.h
index 153e7d727..0f034d23f 100644
--- a/security/mac_internal.h
+++ b/security/mac_internal.h
@@ -79,7 +79,6 @@
 #include <security/mac_policy.h>
 #include <security/mac_data.h>
 #include <sys/sysctl.h>
-#include <kern/wait_queue.h>
 #include <kern/locks.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
@@ -171,46 +170,31 @@ extern unsigned int mac_label_mbufs;
 
 extern unsigned int mac_label_vnodes;
 
-static int mac_proc_check_enforce(proc_t p, int enforce_flags);
+static bool mac_proc_check_enforce(proc_t p);
 
-static __inline__ int mac_proc_check_enforce(proc_t p, int enforce_flags)
+static __inline__ bool mac_proc_check_enforce(proc_t p)
 {
 #if CONFIG_MACF
-	return ((p->p_mac_enforce & enforce_flags) != 0);
+	// Don't apply policies to the kernel itself.
+	return (p != kernproc);
 #else
-#pragma unused(p,enforce_flags)
-	return 0;
-#endif
+#pragma unused(p)
+	return false;
+#endif // CONFIG_MACF
 }
 
-static int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags);
-static void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags);
-
-static __inline__ int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags)
-{
-	proc_t proc = vfs_context_proc(ctx);
-
-	if (proc == NULL)
-		return 0;
-
-	return (mac_proc_check_enforce(proc, enforce_flags));
-}
+static bool mac_cred_check_enforce(kauth_cred_t cred);
 
-static __inline__ void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags)
+static __inline__ bool mac_cred_check_enforce(kauth_cred_t cred)
 {
 #if CONFIG_MACF
-	proc_t proc = vfs_context_proc(ctx);
-
-	if (proc == NULL)
-		return;
-
-	mac_proc_set_enforce(proc, enforce_flags);
+	return (cred != proc_ucred(kernproc));
 #else
-#pragma unused(ctx,enforce_flags)
-#endif
+#pragma unused(p)
+	return false;
+#endif // CONFIG_MACF
 }
 
-
 /*
  * MAC Framework infrastructure functions.
  */
@@ -234,7 +218,6 @@ int   mac_check_structmac_consistent(struct mac *mac);
 #endif
 	
 int mac_cred_label_externalize(struct label *, char *e, char *out, size_t olen, int flags);
-int mac_lctx_label_externalize(struct label *, char *e, char *out, size_t olen);
 #if CONFIG_MACF_SOCKET
 int mac_socket_label_externalize(struct label *, char *e, char *out, size_t olen);
 #endif /* CONFIG_MACF_SOCKET */
@@ -243,7 +226,6 @@ int mac_pipe_label_externalize(struct label *label, char *elements,
  char *outbuf, size_t outbuflen);
 
 int mac_cred_label_internalize(struct label *label, char *string);
-int mac_lctx_label_internalize(struct label *label, char *string);
 #if CONFIG_MACF_SOCKET
 int mac_socket_label_internalize(struct label *label, char *string);
 #endif /* CONFIG_MACF_SOCKET */
@@ -416,8 +398,6 @@ struct __mac_get_pid_args;
 struct __mac_get_proc_args;
 struct __mac_set_proc_args;
 struct __mac_get_lcid_args;
-struct __mac_get_lctx_args;
-struct __mac_set_lctx_args;
 struct __mac_get_fd_args;
 struct __mac_get_file_args;
 struct __mac_get_link_args;