Date: Sun, 21 Jul 2002 12:14:18 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14619 for review Message-ID: <200207211914.g6LJEIjk078562@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14619 Change 14619 by rwatson@rwatson_curry on 2002/07/21 12:13:41 Various preps for improved VFS access control extensibility: - Comment various VOP's that will shortly be instrumented, both in generic VFS entry points and in the ctty code. - Add instrumentation to cttyopen(), since it invokes vn_open(). Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#8 edit .. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#4 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#23 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#8 (text+ko) ==== @@ -35,6 +35,7 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -44,6 +45,7 @@ #include <sys/kthread.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/namei.h> #include <sys/proc.h> @@ -766,6 +768,9 @@ vn_start_write(vp, &mp, V_WAIT); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); +#ifdef MAC + /* XXXMAC: Write authorization checks here. */ +#endif error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); if (error == 0 && uio != NULL) { (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); ==== //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#4 (text+ko) ==== @@ -38,12 +38,15 @@ * Indirect driver for controlling tty. */ +#include "opt_mac.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/conf.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/mac.h> #include <sys/sx.h> #include <sys/proc.h> #include <sys/ttycom.h> @@ -94,6 +97,13 @@ if (ttyvp == NULL) return (ENXIO); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + error = mac_cred_check_open_vnode(td->td_ucred, ttyvp, flag); + if (error) { + VOP_UNLOCK(ttyvp, 0, td); + return (error); + } +#endif error = VOP_OPEN(ttyvp, flag, NOCRED, td); VOP_UNLOCK(ttyvp, 0, td); return (error); @@ -149,6 +159,9 @@ (error = vn_start_write(ttyvp, &mp, V_WAIT | PCATCH)) != 0) return (error); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + /* XXXMAC: Write authorization check here. */ +#endif error = VOP_WRITE(ttyvp, uio, flag, NOCRED); VOP_UNLOCK(ttyvp, 0, td); vn_finished_write(mp); @@ -189,6 +202,9 @@ PROC_UNLOCK(td->td_proc); return (error); } +#ifdef MAC + /* XXXMAC: Ioctl authorization check here. */ +#endif return (VOP_IOCTL(ttyvp, cmd, addr, flag, NOCRED, td)); } @@ -210,6 +226,9 @@ if (ttyvp == NULL) /* try operation to get EOF/failure */ return (seltrue(dev, events, td)); +#ifdef MAC + /* XXXMAC: Poll authorization check here. */ +#endif return (VOP_POLL(ttyvp, events, td->td_ucred, td)); } ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#23 (text+ko) ==== @@ -397,8 +397,14 @@ auio.uio_rw = rw; auio.uio_td = td; if (rw == UIO_READ) { +#ifdef MAC + /* XXXMAC: Read authorization check here. */ +#endif error = VOP_READ(vp, &auio, ioflg, cred); } else { +#ifdef MAC + /* XXXMAC: Write authorization check here. */ +#endif error = VOP_WRITE(vp, &auio, ioflg, cred); } if (aresid) @@ -486,6 +492,9 @@ ioflag |= sequential_heuristic(uio, fp); +#ifdef MAC + /* XXXMAC: Read authorization check here. */ +#endif error = VOP_READ(vp, uio, ioflag, cred); if ((flags & FOF_OFFSET) == 0) fp->f_offset = uio->uio_offset; @@ -537,6 +546,9 @@ if ((flags & FOF_OFFSET) == 0) uio->uio_offset = fp->f_offset; ioflag |= sequential_heuristic(uio, fp); +#ifdef MAC + /* XXXMAC: Write authorization check here. */ +#endif error = VOP_WRITE(vp, uio, ioflag, cred); if ((flags & FOF_OFFSET) == 0) fp->f_offset = uio->uio_offset; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207211914.g6LJEIjk078562>