From owner-p4-projects Tue Nov 5 10:26:54 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D5B2D37B404; Tue, 5 Nov 2002 10:26:50 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D8B237B401 for ; Tue, 5 Nov 2002 10:26:50 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06B0543E42 for ; Tue, 5 Nov 2002 10:26:50 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5IP3mV048273 for ; Tue, 5 Nov 2002 10:25:03 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gA5IP3r2048270 for perforce@freebsd.org; Tue, 5 Nov 2002 10:25:03 -0800 (PST) Date: Tue, 5 Nov 2002 10:25:03 -0800 (PST) Message-Id: <200211051825.gA5IP3r2048270@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20709 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20709 Change 20709 by rwatson@rwatson_tislabs on 2002/11/05 10:24:09 Use execlabel rather than imgp->execlabel. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 (text+ko) ==== @@ -311,7 +311,7 @@ sebsd_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, - struct image_params *imgp) + struct image_params *imgp, struct label *execlabel) { struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; @@ -329,12 +329,12 @@ * So just make the transition. */ ntask->osid = otask->sid; - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { (void)security_transition_sid(otask->sid, file->sid, SECCLASS_PROCESS, &ntask->sid); } else { ntask->sid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } if (otask->sid != ntask->sid) { @@ -352,7 +352,8 @@ sebsd_execve_will_transition(struct ucred *old, struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, - struct image_params *imgp) + struct image_params *imgp, + struct label *execlabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -368,12 +369,12 @@ * Should have already checked all the permissions, so just see if * the SIDS are going to match. */ - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { (void)security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); } else { newsid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } return (newsid != task->sid); @@ -743,7 +744,8 @@ static int sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp) + struct label *label, struct image_params *imgp, + struct label *execlabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -753,14 +755,14 @@ task = SLOT(&cred->cr_label); file = SLOT(label); - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); if (rc) return EACCES; } else { newsid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } AVC_AUDIT_DATA_INIT(&ad, FS); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message