Date: Tue, 23 Jul 2002 10:59:08 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14786 for review Message-ID: <200207231759.g6NHx88V014149@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14786 Change 14786 by rwatson@rwatson_tislabs on 2002/07/23 10:59:04 Implement the access() policy entry point for the policies where it had not yet been implemented. For TE, MLS, and Biba, simply wrap the existing open() check since the logic is identical. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 (text+ko) ==== @@ -1322,6 +1322,14 @@ } static int +mac_biba_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_biba_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_biba_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1980,6 +1988,8 @@ (macop_t)mac_biba_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_biba_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_biba_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_biba_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 (text+ko) ==== @@ -1265,6 +1265,14 @@ } static int +mac_mls_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_mls_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_mls_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1923,6 +1931,8 @@ (macop_t)mac_mls_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_mls_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_mls_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_mls_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 (text+ko) ==== @@ -604,6 +604,14 @@ } static int +mac_none_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (0); +} + +static int mac_none_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -969,6 +977,8 @@ (macop_t)mac_none_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_none_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_none_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_none_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 (text+ko) ==== @@ -1290,6 +1290,14 @@ } static int +mac_te_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_te_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_te_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1617,6 +1625,8 @@ (macop_t)mac_te_cred_check_relabel_vnode }, { MAC_CRED_CHECK_STATFS, (macop_t)mac_te_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_te_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_te_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_te_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, (macop_t)mac_te_cred_check_chroot_vnode }, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 (text+ko) ==== @@ -797,6 +797,14 @@ } static int +mac_test_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (0); +} + +static int mac_test_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1160,6 +1168,8 @@ (macop_t)mac_test_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_test_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_test_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_test_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207231759.g6NHx88V014149>