Date: Tue, 8 Oct 2002 04:59:34 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18927 for review Message-ID: <200210081159.g98BxYOM052945@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18927 Change 18927 by cvance@cvance_laptop on 2002/10/08 04:58:50 Remove debugging statement that somehow survived until now Affected files ... .. //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 edit Differences ... ==== //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 (text+ko) ==== @@ -220,7 +220,6 @@ } argc -= optind; argv += optind; - printf("optind = %d, argc now %d\n", optind, argc); if (argc < 2) { printUsage(); ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 (text+ko) ==== @@ -114,6 +114,60 @@ return (cred_has_system(td->td_proc->p_ucred, perm)); } +static __inline security_class_t +vnode_type_to_security_class(enum vtype vt) +{ + switch (vt) { + case VREG: + return SECCLASS_FILE; + case VDIR: + return SECCLASS_DIR; + case VBLK: + return SECCLASS_BLK_FILE; + case VCHR: + return SECCLASS_CHR_FILE; + case VLNK: + return SECCLASS_LNK_FILE; + case VSOCK: + return SECCLASS_SOCK_FILE; + case VFIFO: + return SECCLASS_FIFO_FILE; + case VNON: + case VBAD: + return SECCLASS_FILE; + } + + return SECCLASS_FILE; +} + +static __inline access_vector_t +file_mask_to_av(enum vtype vt, int mask) +{ + access_vector_t av = 0; + + if (vt != VDIR) { + if (mask & VEXEC) + av |= FILE__EXECUTE; + if (mask & VREAD) + av |= FILE__READ; + + if (mask & VAPPEND) + av |= FILE__APPEND; + else if (mask & VWRITE) + av |= FILE__WRITE; + + } else { + if (mask & VEXEC) + av |= DIR__SEARCH; + if (mask & VWRITE) + av |= DIR__WRITE; + if (mask & VREAD) + av |= DIR__READ; + } + + return av; +} + static int vnode_has_perm(struct ucred *cred, struct vnode *vp, access_vector_t perm, avc_entry_ref_t *aeref) @@ -298,32 +352,6 @@ return (newsid != task->sid); } -static __inline security_class_t -vnode_type_to_security_class(enum vtype vt) -{ - switch (vt) { - case VREG: - return SECCLASS_FILE; - case VDIR: - return SECCLASS_DIR; - case VBLK: - return SECCLASS_BLK_FILE; - case VCHR: - return SECCLASS_CHR_FILE; - case VLNK: - return SECCLASS_LNK_FILE; - case VSOCK: - return SECCLASS_SOCK_FILE; - case VFIFO: - return SECCLASS_FIFO_FILE; - case VNON: - case VBAD: - return SECCLASS_FILE; - } - - return SECCLASS_FILE; -} - static void sebsd_init_vnode_label(struct label *label) { @@ -500,9 +528,11 @@ sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp, struct label *label, mode_t flags) { + if (!flags) + return 0; - /* TBD: Not Implemented */ - return (0); + return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, flags), + NULL); } static int @@ -686,16 +716,18 @@ sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, mode_t acc_mode) { - /* TBD: Not Implemented */ - return 0; + if (!acc_mode) + return 0; + + return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), + NULL); } static int sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__POLL, NULL); } static int @@ -928,8 +960,26 @@ sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping) { - /* TBD: Not Implemented */ - return 0; +#ifdef TBD + access_vector_t av; + + /* TBD: Incomplete */ + if (vp) { + /* read access is always possible with a mapping */ + av = FILE__READ; + + /* write access only matters if the mapping is shared */ + if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) + av |= FILE__WRITE; + + if (prot & PROT_EXEC) + av |= FILE__EXECUTE; + + return vnode_has_perm(cred, vp, av, NULL); + } +#endif + + return (0); } static int To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210081159.g98BxYOM052945>