Date: Sun, 21 Jul 2002 16:39:11 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14647 for review Message-ID: <200207212339.g6LNdBqP066549@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14647 Change 14647 by rwatson@rwatson_curry on 2002/07/21 16:38:23 Pass name information on vnode creation so that policies may make decisions based on the requested name. No policies currently do. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#184 edit .. //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#17 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#57 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#25 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#60 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#39 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#48 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#41 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#43 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#11 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#117 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#80 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#184 (text+ko) ==== @@ -1600,7 +1600,7 @@ int mac_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct vattr *vap) + struct componentname *cnp, struct vattr *vap) { int error; @@ -1613,7 +1613,7 @@ if (error) return (error); - MAC_CHECK(cred_check_create_vnode, cred, dvp, &dvp->v_label, vap); + MAC_CHECK(cred_check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap); return (error); } ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#17 (text+ko) ==== @@ -639,7 +639,8 @@ vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); FILEDESC_UNLOCK(td->td_proc->p_fd); #ifdef MAC - error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, &vattr); + error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, + &nd.ni_cnd, &vattr); #endif /* MAC */ if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#57 (text+ko) ==== @@ -1942,7 +1942,7 @@ #ifdef MAC if (error == 0 && !whiteout) error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, - &vattr); + &nd.ni_cnd, &vattr); #endif /* MAC */ if (!error) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); @@ -2011,7 +2011,8 @@ vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); #ifdef MAC - error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, &vattr); + error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, + &nd.ni_cnd, &vattr); #endif /* MAC */ if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); @@ -2136,7 +2137,8 @@ FILEDESC_UNLOCK(td->td_proc->p_fd); vattr.va_type = VLNK; #ifdef MAC - error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, &vattr); + error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, + &nd.ni_cnd, &vattr); #endif /* MAC */ if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); @@ -3853,7 +3855,8 @@ vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); #ifdef MAC - error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, &vattr); + error = mac_cred_check_create_vnode(td->td_ucred, nd.ni_dvp, + &nd.ni_cnd, &vattr); #endif /* MAC */ if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#25 (text+ko) ==== @@ -140,7 +140,7 @@ } #ifdef MAC error = mac_cred_check_create_vnode(cred, ndp->ni_dvp, - vap); + &ndp->ni_cnd, vap); #endif /* MAC */ if (error == 0) { VOP_LEASE(ndp->ni_dvp, td, cred, LEASE_WRITE); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#60 (text+ko) ==== @@ -1357,7 +1357,7 @@ static int mac_biba_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { struct mac_biba *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#39 (text+ko) ==== @@ -338,7 +338,7 @@ static int mac_bsdextended_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { struct vattr dvap; int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#48 (text+ko) ==== @@ -1300,7 +1300,7 @@ static int mac_mls_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { struct mac_mls *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#41 (text+ko) ==== @@ -621,7 +621,7 @@ static int mac_none_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#43 (text+ko) ==== @@ -1309,7 +1309,7 @@ static int mac_te_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { return (mac_te_check(SLOT(&cred->cr_label), SLOT(dlabel), ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#11 (text+ko) ==== @@ -814,7 +814,7 @@ static int mac_test_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap) { return (0); ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#117 (text+ko) ==== @@ -252,7 +252,7 @@ int mac_cred_check_connect_socket(struct ucred *cred, struct socket *so, struct sockaddr *sa); int mac_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct vattr *vap); + struct componentname *cnp, struct vattr *vap); int mac_cred_check_deleteacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type); int mac_cred_check_getacl_vnode(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#80 (text+ko) ==== @@ -256,7 +256,7 @@ struct vnode *dvp, struct label *dlabel); int (*mpo_cred_check_create_vnode)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, - struct vattr *vap); + struct componentname *cnp, struct vattr *vap); int (*mpo_cred_check_delete_vnode)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, void *label); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207212339.g6LNdBqP066549>