From owner-p4-projects@FreeBSD.ORG  Tue Oct 31 14:32:36 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1199716A511; Tue, 31 Oct 2006 14:32:36 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A96EF16A4D8
	for <perforce@freebsd.org>; Tue, 31 Oct 2006 14:32:35 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60C1943D68
	for <perforce@freebsd.org>; Tue, 31 Oct 2006 14:32:16 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9VEVl01017998
	for <perforce@freebsd.org>; Tue, 31 Oct 2006 14:31:47 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9VEVlMn017995
	for perforce@freebsd.org; Tue, 31 Oct 2006 14:31:47 GMT
	(envelope-from millert@freebsd.org)
Date: Tue, 31 Oct 2006 14:31:47 GMT
Message-Id: <200610311431.k9VEVlMn017995@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 108825 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2006 14:32:36 -0000

http://perforce.freebsd.org/chv.cgi?CH=108825

Change 108825 by millert@millert_macbook on 2006/10/31 14:31:03

	Back out @108433 for now, it can panic the system.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#29 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#6 (text+ko) ====

@@ -706,8 +706,6 @@
 #endif
 		case AVC_AUDIT_DATA_FS:
 			if (a->u.fs.vp && tsk) {
-				char *pbuf = NULL;
-				char *path = a->u.fs.path;
 				struct vnode *vp = a->u.fs.vp;
 				struct vnode_attr va;
 				struct vfs_context vfs_ctx =
@@ -715,22 +713,10 @@
 				VATTR_INIT(&va);
 				VATTR_WANTED(&va, va_fileid);
 				if (vnode_getattr(vp, &va, &vfs_ctx) == 0) {
-					audit_log_format(ab, " inode=%llu, "
-					    "mountpoint=%s,", va.va_fileid, 
+					audit_log_format(ab,
+					    " inode=%llu, mountpoint=%s,",
+					    va.va_fileid, 
 					    vp->v_mount->mnt_vfsstat.f_mntonname);
-					if (path == NULL) {
-						int len = MAXPATHLEN;
-						pbuf = sebsd_malloc(MAXPATHLEN,
-						    M_SEBSD, M_NOWAIT);
-						if (pbuf != NULL &&
-						    !vn_getpath(vp, pbuf, &len))
-							path = pbuf;
-					}
-					if (path != NULL)
-						audit_log_format(ab,
-						    " path=%s,", path);
-					if (pbuf != NULL)
-						sebsd_free(pbuf, M_SEBSD);
 					break;
 				}
 				audit_log_format(ab,

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#4 (text+ko) ====

@@ -49,7 +49,6 @@
 	union 	{
 		struct {
 			struct vnode *vp;
-			char *path;
 		} fs;
 		struct {
 			char *netif;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#29 (text+ko) ====

@@ -440,7 +440,7 @@
 }
 
 static int
-vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm)
+vnode_has_perm(struct ucred *cred, struct vnode *vp, u_int32_t perm)
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
@@ -451,7 +451,6 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
-	ad.u.fs.path = path;
 
 	/* Update security class if not set or vnode was recycled. */
 	if (file->sclass == 0 || vp->v_type == VBAD)
@@ -1483,7 +1482,7 @@
 	vsec = SLOT(vl);
 	task = SLOT(cred->cr_label);
 
-	rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON);
+	rc = vnode_has_perm(cred, vp, FILE__MOUNTON);
 	if (rc)
 		goto done;
 
@@ -1951,7 +1950,7 @@
 	if (mask == 0)
 		return (0);
 
-	return (vnode_has_perm(cred, vp, NULL,
+	return (vnode_has_perm(cred, vp,
 	    file_mask_to_av(vp->v_type, mask)));
 }
 
@@ -1961,7 +1960,7 @@
 {
 
 	/* MAY_EXEC ~= DIR__SEARCH */
-	return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
 }
 
 static int
@@ -1971,7 +1970,7 @@
 
 	/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
 	/* MAY_EXEC ~= DIR__SEARCH */
-	return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
 }
 
 static int
@@ -1996,7 +1995,6 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = dvp;
-	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__ADD_NAME | DIR__SEARCH, &ad);
@@ -2053,7 +2051,6 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
-	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__SEARCH | DIR__REMOVE_NAME, &ad);
@@ -2076,7 +2073,7 @@
     struct label *label, acl_type_t type)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 #endif
 
@@ -2086,10 +2083,10 @@
 {
 	int error;
 
-	error = vnode_has_perm(cred, v1, NULL, FILE__READ | FILE__WRITE);
+	error = vnode_has_perm(cred, v1, FILE__READ | FILE__WRITE);
 	if (error)
 		return (error);
-	return (vnode_has_perm(cred, v2, NULL, FILE__READ | FILE__WRITE));
+	return (vnode_has_perm(cred, v2, FILE__READ | FILE__WRITE));
 }
 
 static int
@@ -2154,7 +2151,7 @@
     struct label *label, acl_type_t type)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, FILE__GETATTR));
 }
 #endif
 
@@ -2163,7 +2160,7 @@
     struct label *vlabel, struct attrlist *alist)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, FILE__GETATTR));
 }
 
 static int
@@ -2171,7 +2168,7 @@
     struct label *label, const char *name, struct uio *uio)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, FILE__GETATTR));
 }
 
 #if defined(FILE__POLL) && defined(FILE__GETATTR)
@@ -2183,9 +2180,9 @@
 	switch (kn->kn_filter) {
 	case EVFILT_READ:
 	case EVFILT_WRITE:
-		return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
+		return (vnode_has_perm(cred, vp, FILE__POLL));
 	case EVFILT_VNODE:
-		return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+		return (vnode_has_perm(cred, vp, FILE__GETATTR));
 	default:
 		return (0);
 	}
@@ -2211,7 +2208,6 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
-	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__SEARCH | DIR__ADD_NAME, &ad);
@@ -2232,7 +2228,7 @@
 		return (ENOTDIR);
 
 	/* TBD: DIR__READ as well? */
-	return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
 }
 
 static int
@@ -2251,7 +2247,7 @@
 	if (!mask)
 		return (0);
 
-	return (vnode_has_perm(cred, vp, NULL,
+	return (vnode_has_perm(cred, vp,
 	    file_mask_to_av(vp->v_type, mask)));
 }
 
@@ -2260,7 +2256,7 @@
     struct vnode *vp, struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__READ));
+	return (vnode_has_perm(cred, vp, FILE__READ));
 }
 
 static int
@@ -2268,7 +2264,7 @@
     struct label *dlabel)
 {
 
-	return (vnode_has_perm(cred, dvp, NULL, DIR__READ));
+	return (vnode_has_perm(cred, dvp, DIR__READ));
 }
 
 static int
@@ -2276,7 +2272,7 @@
     struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__READ));
+	return (vnode_has_perm(cred, vp, FILE__READ));
 }
 
 static int
@@ -2346,8 +2342,6 @@
 	sebsd_audit_sid("source directory", old_dir->sid);
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	ad.u.fs.vp = vp;
-	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR,
 	    DIR__REMOVE_NAME | DIR__SEARCH, &ad);
@@ -2406,7 +2400,6 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
-	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL);
 	if (rc)
@@ -2446,7 +2439,7 @@
     struct label *label, int which)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
+	return (vnode_has_perm(cred, vp, FILE__POLL));
 }
 #endif
 
@@ -2456,7 +2449,7 @@
     struct label *label, acl_type_t type, struct acl *acl)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 #endif
 
@@ -2466,7 +2459,7 @@
     struct label *vlabel, struct attrlist *alist)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 #endif
 
@@ -2475,7 +2468,7 @@
     struct label *label, const char *name, struct uio *uio)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 
 static int
@@ -2483,7 +2476,7 @@
     struct label *label, u_long flags)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 
 static int
@@ -2491,7 +2484,7 @@
     struct label *label, mode_t mode)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 
 static int
@@ -2499,7 +2492,7 @@
     struct label *label, uid_t uid, gid_t gid)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 
 static int
@@ -2507,7 +2500,7 @@
     struct label *label, struct timespec atime, struct timespec mtime)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
 
 static int
@@ -2515,7 +2508,7 @@
     struct vnode *vp, struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, FILE__GETATTR));
 }
 
 static int
@@ -2838,7 +2831,7 @@
     struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
+	return (vnode_has_perm(cred, vp, FILE__SWAPON));
 }
 
 #if 0
@@ -2847,7 +2840,7 @@
     struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
+	return (vnode_has_perm(cred, vp, FILE__SWAPON));
 }
 #endif
 
@@ -2870,7 +2863,7 @@
     struct vnode *vp, struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, NULL, FILE__WRITE));
+	return (vnode_has_perm(cred, vp, FILE__WRITE));
 }
 
 static int
@@ -2892,7 +2885,7 @@
 		if (prot & PROT_EXEC)
 			av |= FILE__EXECUTE;
 
-		return (vnode_has_perm(cred, vp, NULL, av));
+		return (vnode_has_perm(cred, vp, av));
 	}
 	return (0);
 }
@@ -2915,7 +2908,7 @@
 		if (prot & PROT_EXEC)
 			av |= FILE__EXECUTE;
 
-		return (vnode_has_perm(cred, vp, NULL, av));
+		return (vnode_has_perm(cred, vp, av));
 	}
 	return (0);
 }
@@ -3033,7 +3026,7 @@
 		return (0);
 
 	return (vnode_has_perm(cred, (struct vnode *)fg->fg_data,
-	    NULL, FILE__IOCTL));
+	    FILE__IOCTL));
 }
 
 /*