Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 26 Jul 2003 12:13:28 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 35050 for review
Message-ID:  <200307261913.h6QJDSjL069329@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=35050

Change 35050 by rwatson@rwatson_tislabs on 2003/07/26 12:13:16

	Use the mac_check_vnode_deleteextattr and
	mac_check_vnode_listextattr checks to test for delete and
	list permission rather than setextattr and getextattr
	checks.
	
	Policy updates to follow.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#392 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#106 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#392 (text+ko) ====

@@ -1663,6 +1663,22 @@
 }
 
 int
+mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+    int attrnamespace, const char *name)
+{
+	int error;
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr");
+
+	if (!mac_enforce_fs)
+		return (0);
+
+	MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label,
+	    attrnamespace, name);
+	return (error);
+}
+
+int
 mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
     struct image_params *imgp)
 {
@@ -1727,6 +1743,22 @@
 }
 
 int
+mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+    int attrnamespace)
+{
+	int error;
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr");
+
+	if (!mac_enforce_fs)
+		return (0);
+
+	MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label,
+	    attrnamespace);
+	return (error);
+}
+
+int
 mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
     struct componentname *cnp)
 {

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#106 (text+ko) ====

@@ -4240,8 +4240,8 @@
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 
 #ifdef MAC
-	error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace,
-	    attrname, NULL);
+	error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace,
+	    attrname);
 	if (error)
 		goto done;
 #endif
@@ -4387,8 +4387,7 @@
 		sizep = &size;
 
 #ifdef MAC
-	error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace,
-	    "", &auio);
+	error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace);
 	if (error)
 		goto done;
 #endif

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307261913.h6QJDSjL069329>