From 9162f64b58d01ec01481d60b6cdc06ffd8e8c7fc Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sat, 10 Jan 2009 10:58:41 +0000 Subject: Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. --- sys/security/mac_ifoff/mac_ifoff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sys/security/mac_ifoff') diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index 8543d2b5e56f..e49e3ad13bdf 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -170,4 +170,4 @@ static struct mac_policy_ops ifoff_ops = }; MAC_POLICY_SET(&ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); -- cgit v1.2.3