From owner-p4-projects  Sun Jul 21 19: 3:30 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id F36F637B401; Sun, 21 Jul 2002 19:03:12 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C0A037B400
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 19:03:12 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 26FBA43E42
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 19:03:12 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6M23CJU086922
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 19:03:12 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6M23BJ7086918
	for perforce@freebsd.org; Sun, 21 Jul 2002 19:03:11 -0700 (PDT)
Date: Sun, 21 Jul 2002 19:03:11 -0700 (PDT)
Message-Id: <200207220203.g6M23BJ7086918@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 14655 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14655

Change 14655 by rwatson@rwatson_paprika on 2002/07/21 19:03:10

	Add componentname arguments to the rename_{to,from} entry points
	so that policies can make decisions based on the looked up names.
	No policies currently use that information.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#186 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#59 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#62 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#42 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#50 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#43 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#45 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#119 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#82 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#186 (text+ko) ====

@@ -1921,7 +1921,7 @@
 
 int
 mac_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct vnode *vp)
+    struct vnode *vp, struct componentname *cnp)
 {
 	int error;
 
@@ -1939,13 +1939,13 @@
 		return (error);
 
 	MAC_CHECK(cred_check_rename_from_vnode, cred, dvp, &dvp->v_label, vp,
-	    &vp->v_label);
+	    &vp->v_label, cnp);
 	return (error);
 }
 
 int
 mac_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct vnode *vp, int samedir)
+    struct vnode *vp, int samedir, struct componentname *cnp)
 {
 	int error;
 
@@ -1964,7 +1964,7 @@
 			return (error);
 	}
 	MAC_CHECK(cred_check_rename_to_vnode, cred, dvp, &dvp->v_label, vp,
-	    vp != NULL ? &vp->v_label : NULL, samedir);
+	    vp != NULL ? &vp->v_label : NULL, samedir, cnp);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#59 (text+ko) ====

@@ -3686,7 +3686,7 @@
 	fvp = fromnd.ni_vp;
 #ifdef MAC
 	error = mac_cred_check_rename_from_vnode(td->td_ucred, fromnd.ni_dvp,
-	    fvp);
+	    fvp, &fromnd.ni_cnd);
 	if (error) {
 		NDFREE(&fromnd, NDF_ONLY_PNBUF);
 		vrele(fromnd.ni_dvp);
@@ -3745,7 +3745,7 @@
 #ifdef MAC
 	else
 		error = mac_cred_check_rename_to_vnode(td->td_ucred, tdvp,
-		    tond.ni_vp, fromnd.ni_dvp == tdvp);
+		    tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
 #endif /* MAC */
 out:
 	if (!error) {

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#62 (text+ko) ====

@@ -1550,7 +1550,8 @@
 
 static int
 mac_biba_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label)
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
 {
 	struct mac_biba *subj, *obj;
 
@@ -1573,7 +1574,8 @@
 
 static int
 mac_biba_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+    struct componentname *cnp)
 {
 	struct mac_biba *subj, *obj;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#42 (text+ko) ====

@@ -509,7 +509,7 @@
 static int
 mac_bsdextended_cred_check_rename_from_vnode(struct ucred *cred,
     struct vnode *dvp, struct label *dlabel, struct vnode *vp,
-    struct label *label)
+    struct label *label, struct componentname *cnp)
 {
 	struct vattr vap;
 	int error;
@@ -534,7 +534,7 @@
 static int
 mac_bsdextended_cred_check_rename_to_vnode(struct ucred *cred,
     struct vnode *dvp, struct label *dlabel, struct vnode *vp,
-    struct label *label, int samedir)
+    struct label *label, int samedir, struct componentname *cnp)
 {
 	struct vattr vap;
 	int error;

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#50 (text+ko) ====

@@ -1493,7 +1493,8 @@
 
 static int
 mac_mls_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label)
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
 {
 	struct mac_mls *subj, *obj;
 
@@ -1516,7 +1517,8 @@
 
 static int
 mac_mls_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+    struct componentname *cnp)
 {
 	struct mac_mls *subj, *obj;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#43 (text+ko) ====

@@ -710,7 +710,8 @@
 
 static int
 mac_none_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label)
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
 {
 
 	return (0);
@@ -718,7 +719,8 @@
 
 static int
 mac_none_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+    struct componentname *cnp)
 {
 
 	return (0);

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#45 (text+ko) ====

@@ -1360,7 +1360,8 @@
 
 static int
 mac_te_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label)
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
 {
 	int error;
 
@@ -1384,7 +1385,8 @@
 
 static int
 mac_te_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+    struct componentname *cnp)
 {
 	int error;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#13 (text+ko) ====

@@ -903,7 +903,8 @@
 
 static int
 mac_test_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label)
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
 {
 
 	return (0);
@@ -911,7 +912,8 @@
 
 static int
 mac_test_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+    struct componentname *cnp)
 {
 
 	return (0);

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#119 (text+ko) ====

@@ -279,9 +279,9 @@
 int	mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp,
 	    struct vnode *vp, struct componentname *cnp);
 int	mac_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
-	    struct vnode *vp);
+	    struct vnode *vp, struct componentname *cnp);
 int	mac_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
-	    struct vnode *vp, int samedir);
+	    struct vnode *vp, int samedir, struct componentname *cnp);
 int	mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp,
 	    mode_t acc_mode);
 int	mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#82 (text+ko) ====

@@ -283,10 +283,12 @@
 		    struct vnode *vp, struct label *label);
 	int	(*mpo_cred_check_rename_from_vnode)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dlabel,
-		    struct vnode *vp, struct label *label);
+		    struct vnode *vp, struct label *label,
+		    struct componentname *cnp);
 	int	(*mpo_cred_check_rename_to_vnode)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dlabel,
-		    struct vnode *vp, struct label *label, int samedir);
+		    struct vnode *vp, struct label *label, int samedir,
+		    struct componentname *cnp);
 	int	(*mpo_cred_check_revoke_vnode)(struct ucred *cred,
 		    struct vnode *vp, struct label *label);
 	int	(*mpo_cred_check_setacl_vnode)(struct ucred *cred,

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message