Changeset View
Changeset View
Standalone View
Standalone View
sys/security/mac_bsdextended/mac_bsdextended.h
| Context not available. | |||||
| #define MBI_ADMIN 010000 | #define MBI_ADMIN 010000 | ||||
| #define MBI_STAT 020000 | #define MBI_STAT 020000 | ||||
| #define MBI_APPEND 040000 | #define MBI_APPEND 040000 | ||||
| #define MBI_FORCE_ASLR_ENABLED 0x01 | |||||
| #define MBI_FORCE_ASLR_DISABLED 0x02 | |||||
| #define MBI_ALLPAX (MBI_FORCE_ASLR_ENABLED | MBI_FORCE_ASLR_DISABLED) | |||||
| #define MBI_ALLPERM (MBI_EXEC | MBI_WRITE | MBI_READ | MBI_ADMIN | \ | #define MBI_ALLPERM (MBI_EXEC | MBI_WRITE | MBI_READ | MBI_ADMIN | \ | ||||
| MBI_STAT | MBI_APPEND) | MBI_STAT | MBI_APPEND) | ||||
| Context not available. | |||||
rwatson: These don't belong here: they are not used in the policy, and should not be visible outside of… | |||||
Not Done Inline ActionsWill address in the next patch. lattera-gmail.com: Will address in the next patch. | |||||
These don't belong here: they are not used in the policy, and should not be visible outside of the policy. If you want to use mac_bsdextended to manage this in the future, you need a separate set of flags that are globally defined in the kernel, and then a mapping within mac_bsdextended. See also similar vnode permission flags.