From owner-p4-projects  Sun Jul 21 13:19:54 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D462C37B401; Sun, 21 Jul 2002 13:19:46 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 78E8A37B400
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 13:19:46 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 179A943E42
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 13:19:46 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6LKJjJU002871
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 13:19:45 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6LKJjvW002868
	for perforce@freebsd.org; Sun, 21 Jul 2002 13:19:45 -0700 (PDT)
Date: Sun, 21 Jul 2002 13:19:45 -0700 (PDT)
Message-Id: <200207212019.g6LKJjvW002868@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 14629 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14629

Change 14629 by rwatson@rwatson_curry on 2002/07/21 13:18:49

	Provide the componentname from lookup()/namei() to the MAC
	framework and policies so that policies can make decisions
	based on the name.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#182 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#16 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#116 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#79 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#182 (text+ko) ====

@@ -1669,7 +1669,8 @@
 }
 
 int
-mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp) 
+mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp,
+    struct componentname *cnp)
 {
 	int error;
 		
@@ -1682,7 +1683,7 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(cred_check_lookup_vnode, cred, dvp, &dvp->v_label);
+	MAC_CHECK(cred_check_lookup_vnode, cred, dvp, &dvp->v_label, cnp);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#16 (text+ko) ====

@@ -573,7 +573,7 @@
 	 * Execute MAC lookup policy check here, in the heart of all
 	 * "sanctioned" lookup operations.
 	 */
-	error = mac_cred_check_lookup_vnode(td->td_ucred, dp);
+	error = mac_cred_check_lookup_vnode(td->td_ucred, dp, cnp);
 	if (error)
 		goto bad;
 #endif /* MAC */

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#116 (text+ko) ====

@@ -195,6 +195,7 @@
  * Kernel functions to manage and evaluate labels.
  */
 struct bpf_d;
+struct componentname;
 struct devfs_dirent;
 struct ifnet;
 struct ifreq;
@@ -260,7 +261,8 @@
 	    int attrnamespace, const char *name, struct uio *uio);
 int	mac_cred_check_listen_socket(struct ucred *cred,
 	    struct socket *socket);
-int	mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp);
+int	mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp,
+ 	    struct componentname *cnp);
 int	mac_cred_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
 	    acl_type_t type, struct acl *acl);
 int	mac_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp,

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#79 (text+ko) ====

@@ -272,7 +272,8 @@
 	int	(*mpo_cred_check_listen_socket)(struct ucred *cred,
 		    struct socket *socket, struct label *socketlabel);
 	int	(*mpo_cred_check_lookup_vnode)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel);
+		    struct vnode *dvp, struct label *dlabel,
+		    struct componentname *cnp);
 	int	(*mpo_cred_check_open_vnode)(struct ucred *cred,
 		    struct vnode *vp, struct label *label,
 		    mode_t acc_mode);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message