git: 41d1660fcf39 - stable/14 - MAC/do: Rename rule_is_valid() => rule_applies()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 03 Apr 2025 19:31:53 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=41d1660fcf39a44a14756b97ec067c63b3de64a2
commit 41d1660fcf39a44a14756b97ec067c63b3de64a2
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-01 13:24:47 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:56 +0000
MAC/do: Rename rule_is_valid() => rule_applies()
This function checks whether a rule applies in the current context,
i.e., if the subject's users/groups match that of the rule. By
contrast, it doesn't check if the rule as specified by the user is valid
(i.e., consistent).
Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47592
(cherry picked from commit ccae2774897c1f8bb11f696d5895fb686db98176)
---
sys/security/mac_do/mac_do.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 2ddc13d62b4f..4cc2a7971545 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -406,7 +406,7 @@ init(struct mac_policy_conf *mpc)
}
static bool
-rule_is_valid(struct ucred *cred, struct rule *r)
+rule_applies(struct ucred *cred, struct rule *r)
{
if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
return (true);
@@ -427,7 +427,7 @@ priv_grant(struct ucred *cred, int priv)
rule = mac_do_rule_find(cred->cr_prison, &pr);
TAILQ_FOREACH(r, &rule->head, r_entries) {
- if (rule_is_valid(cred, r)) {
+ if (rule_applies(cred, r)) {
switch (priv) {
case PRIV_CRED_SETGROUPS:
case PRIV_CRED_SETUID:
@@ -466,7 +466,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
rule = mac_do_rule_find(cred->cr_prison, &pr);
TAILQ_FOREACH(r, &rule->head, r_entries) {
- if (rule_is_valid(cred, r)) {
+ if (rule_applies(cred, r)) {
mtx_unlock(&pr->pr_mtx);
return (0);
}