From owner-p4-projects Sun Jul 28 19: 9:32 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3EA9637B401; Sun, 28 Jul 2002 19:09:08 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD40237B400 for ; Sun, 28 Jul 2002 19:09:07 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68B4A43E42 for ; Sun, 28 Jul 2002 19:09:07 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6T297JU040721 for ; Sun, 28 Jul 2002 19:09:07 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6T297no040718 for perforce@freebsd.org; Sun, 28 Jul 2002 19:09:07 -0700 (PDT) Date: Sun, 28 Jul 2002 19:09:07 -0700 (PDT) Message-Id: <200207290209.g6T297no040718@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15087 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15087 Change 15087 by rwatson@rwatson_paprika on 2002/07/28 19:08:58 Rearrange some functions and entry points to improve consistency. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#206 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#206 (text+ko) ==== @@ -763,6 +763,14 @@ mpc->mpc_ops->mpo_check_vnode_lookup = mpe->mpe_function; break; + case MAC_CHECK_VNODE_MMAP_PERMS: + mpc->mpc_ops->mpo_check_vnode_mmap_perms = + mpe->mpe_function; + break; + case MAC_CHECK_VNODE_OP: + mpc->mpc_ops->mpo_check_vnode_op = + mpe->mpe_function; + break; case MAC_CHECK_VNODE_OPEN: mpc->mpc_ops->mpo_check_vnode_open = mpe->mpe_function; @@ -819,14 +827,6 @@ mpc->mpc_ops->mpo_check_vnode_stat = mpe->mpe_function; break; - case MAC_CHECK_VNODE_MMAP_PERMS: - mpc->mpc_ops->mpo_check_vnode_mmap_perms = - mpe->mpe_function; - break; - case MAC_CHECK_VNODE_OP: - mpc->mpc_ops->mpo_check_vnode_op = - mpe->mpe_function; - break; case MAC_INIT_BPFDESC: mpc->mpc_ops->mpo_init_bpfdesc = mpe->mpe_function; @@ -1742,6 +1742,49 @@ } int +mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, + struct componentname *cnp) +{ + int error; + + ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete"); + + if (!mac_enforce_fs) + return (0); + + error = vn_refreshlabel(dvp, cred); + if (error) + return (error); + error = vn_refreshlabel(vp, cred); + if (error) + return (error); + + MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp, + &vp->v_label, cnp); + return (error); +} + +int +mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, + acl_type_t type) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl"); + + if (!mac_enforce_fs) + return (0); + + error = vn_refreshlabel(vp, cred); + if (error) + return (error); + + MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type); + return (error); +} + +int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp) { int error; @@ -1900,68 +1943,60 @@ } int -mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp) +mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke"); + ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from"); if (!mac_enforce_fs) return (0); - error = vn_refreshlabel(vp, cred); + error = vn_refreshlabel(dvp, cred); if (error) return (error); - - MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label); - return (error); -} - -int -mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type, - struct acl *acl) -{ - int error; - - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl"); - - if (!mac_enforce_fs) - return (0); - error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl); + MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp, + &vp->v_label, cnp); return (error); } int -mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - int attrnamespace, const char *name, struct uio *uio) +mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, int samedir, struct componentname *cnp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr"); + ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to"); if (!mac_enforce_fs) return (0); - error = vn_refreshlabel(vp, cred); + error = vn_refreshlabel(dvp, cred); if (error) return (error); - - MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label, - attrnamespace, name, uio); + if (vp != NULL) { + error = vn_refreshlabel(vp, cred); + if (error) + return (error); + } + MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp, + vp != NULL ? &vp->v_label : NULL, samedir, cnp); return (error); } int -mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags) +mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke"); if (!mac_enforce_fs) return (0); @@ -1970,16 +2005,17 @@ if (error) return (error); - MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label); return (error); } int -mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode) +mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type, + struct acl *acl) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl"); if (!mac_enforce_fs) return (0); @@ -1988,17 +2024,17 @@ if (error) return (error); - MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode); + MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl); return (error); } int -mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid, - gid_t gid) +mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr"); if (!mac_enforce_fs) return (0); @@ -2007,17 +2043,17 @@ if (error) return (error); - MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid); + MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label, + attrnamespace, name, uio); return (error); } int -mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct timespec atime, struct timespec mtime) +mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags"); if (!mac_enforce_fs) return (0); @@ -2026,42 +2062,35 @@ if (error) return (error); - MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, - mtime); + MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags); return (error); } int -mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, - struct componentname *cnp) +mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete"); - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode"); if (!mac_enforce_fs) return (0); - error = vn_refreshlabel(dvp, cred); - if (error) - return (error); error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp, - &vp->v_label, cnp); + MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode); return (error); } int -mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - acl_type_t type) +mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid, + gid_t gid) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner"); if (!mac_enforce_fs) return (0); @@ -2070,56 +2099,27 @@ if (error) return (error); - MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type); + MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid); return (error); } int -mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct vnode *vp, struct componentname *cnp) +mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, + struct timespec atime, struct timespec mtime) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from"); - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes"); if (!mac_enforce_fs) return (0); - error = vn_refreshlabel(dvp, cred); - if (error) - return (error); error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp, - &vp->v_label, cnp); - return (error); -} - -int -mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct vnode *vp, int samedir, struct componentname *cnp) -{ - int error; - - ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to"); - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to"); - - if (!mac_enforce_fs) - return (0); - - error = vn_refreshlabel(dvp, cred); - if (error) - return (error); - if (vp != NULL) { - error = vn_refreshlabel(vp, cred); - if (error) - return (error); - } - MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp, - vp != NULL ? &vp->v_label : NULL, samedir, cnp); + MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime, + mtime); return (error); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message