Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Sep 2002 09:32:11 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 17933 for review
Message-ID:  <200209221632.g8MGWBkY051428@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17933

Change 17933 by rwatson@rwatson_paprika on 2002/09/22 09:31:12

	Apparently I neglected to commit the mac_mls implementation of
	mpo_check_vnode_link() when I added that.  Presumably a missed
	p4 edit after a local chmod +w while on travel.  Here it is.
	As with other implementations, we have to wait for the IFC of
	the VOP_LINK() changes from Don Lewis before we can do the
	label checks on the target vnode.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#92 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#92 (text+ko) ====

@@ -1691,6 +1691,31 @@
 }
 
 static int
+mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+	struct mac_mls *subj, *obj;
+ 
+	if (!mac_mls_enabled)
+		return (0);
+   
+	subj = SLOT(&cred->cr_label);
+	obj = SLOT(dlabel);
+ 
+	if (!mac_mls_dominate_single(obj, subj))
+		return (EACCES);
+
+#if 0
+	obj = SLOT(dlabel);
+	if (!mac_mls_dominate_single(obj, subj))
+		return (EACCES);
+#endif
+
+	return (0);   
+}
+
+static int
 mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,  
     struct label *dlabel, struct componentname *cnp)
 {
@@ -2308,6 +2333,8 @@
 	    (macop_t)mac_mls_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_mls_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_mls_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_mls_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209221632.g8MGWBkY051428>