PERFORCE change 15925 for review
Robert Watson
rwatson at freebsd.org
Tue Aug 13 15:44:45 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15925
Change 15925 by rwatson at rwatson_paprika on 2002/08/13 08:44:13
Rename saved_cred to file_cred for vnode check calls accepting
a cached credential. This better reflects the source of the
credential, increasing the chances that people will get it
right when adding these checks in new situations, especially
those where an operation occurs without a struct file but
where there is a credential that could conceivably be thought
of as "saved".
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#237 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#47 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#98 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#50 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#80 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#64 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#72 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#34 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#151 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#114 edit
.. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#41 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#237 (text+ko) ====
@@ -1747,7 +1747,7 @@
}
int
-mac_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
@@ -1761,13 +1761,13 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_poll, active_cred, saved_cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp, &vp->v_label);
return (error);
}
int
-mac_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
@@ -1781,7 +1781,7 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_read, active_cred, saved_cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_read, active_cred, file_cred, vp, &vp->v_label);
return (error);
}
@@ -2021,7 +2021,7 @@
}
int
-mac_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
@@ -2035,13 +2035,13 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_stat, active_cred, saved_cred, vp,
+ MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
&vp->v_label);
return (error);
}
int
-mac_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
@@ -2055,7 +2055,7 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_write, active_cred, saved_cred, vp, &vp->v_label);
+ MAC_CHECK(check_vnode_write, active_cred, file_cred, vp, &vp->v_label);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#47 (text+ko) ====
@@ -303,17 +303,17 @@
* Vnode close call
*/
int
-vn_close(vp, flags, saved_cred, td)
+vn_close(vp, flags, file_cred, td)
register struct vnode *vp;
int flags;
- struct ucred *saved_cred;
+ struct ucred *file_cred;
struct thread *td;
{
int error;
if (flags & FWRITE)
vp->v_writecount--;
- error = VOP_CLOSE(vp, flags, saved_cred, td);
+ error = VOP_CLOSE(vp, flags, file_cred, td);
/*
* XXX - In certain instances VOP_CLOSE has to do the vrele
* itself. If the vrele has been done, it will return EAGAIN
@@ -363,7 +363,7 @@
* Package up an I/O request on a vnode into a uio and do it.
*/
int
-vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, saved_cred,
+vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred,
aresid, td)
enum uio_rw rw;
struct vnode *vp;
@@ -373,7 +373,7 @@
enum uio_seg segflg;
int ioflg;
struct ucred *active_cred;
- struct ucred *saved_cred;
+ struct ucred *file_cred;
int *aresid;
struct thread *td;
{
@@ -409,16 +409,16 @@
#ifdef MAC
if ((ioflg & IO_NOMACCHECK) == 0) {
if (rw == UIO_READ)
- error = mac_check_vnode_read(active_cred, saved_cred,
+ error = mac_check_vnode_read(active_cred, file_cred,
vp);
else
- error = mac_check_vnode_write(active_cred, saved_cred,
+ error = mac_check_vnode_write(active_cred, file_cred,
vp);
}
#endif
if (error == 0) {
- if (saved_cred)
- cred = saved_cred;
+ if (file_cred)
+ cred = file_cred;
else
cred = active_cred;
@@ -450,7 +450,7 @@
*/
int
vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, active_cred,
- saved_cred, aresid, td)
+ file_cred, aresid, td)
enum uio_rw rw;
struct vnode *vp;
caddr_t base;
@@ -459,7 +459,7 @@
enum uio_seg segflg;
int ioflg;
struct ucred *active_cred;
- struct ucred *saved_cred;
+ struct ucred *file_cred;
int *aresid;
struct thread *td;
{
@@ -471,7 +471,7 @@
if (rw != UIO_READ && vp->v_type == VREG)
bwillwrite();
error = vn_rdwr(rw, vp, base, chunk, offset, segflg,
- ioflg, active_cred, saved_cred, aresid, td);
+ ioflg, active_cred, file_cred, aresid, td);
len -= chunk; /* aresid calc already includes length */
if (error)
break;
@@ -607,11 +607,11 @@
* Stat a vnode; implementation for the stat syscall
*/
int
-vn_stat(vp, sb, active_cred, saved_cred, td)
+vn_stat(vp, sb, active_cred, file_cred, td)
struct vnode *vp;
register struct stat *sb;
struct ucred *active_cred;
- struct ucred *saved_cred;
+ struct ucred *file_cred;
struct thread *td;
{
struct vattr vattr;
@@ -620,8 +620,7 @@
u_short mode;
#ifdef MAC
- /* XXXMAC: Should pass in saved_cred. */
- error = mac_check_vnode_stat(active_cred, saved_cred, vp);
+ error = mac_check_vnode_stat(active_cred, file_cred, vp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#98 (text+ko) ====
@@ -1841,7 +1841,7 @@
}
static int
-mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_biba *subj, *obj;
@@ -1858,7 +1858,7 @@
}
static int
-mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_biba *subj, *obj;
@@ -2142,7 +2142,7 @@
}
static int
-mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *vnodelabel)
{
struct mac_biba *subj, *obj;
@@ -2160,7 +2160,7 @@
}
static int
-mac_biba_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_biba_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_biba *subj, *obj;
==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#50 (text+ko) ====
@@ -676,7 +676,7 @@
static int
mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp, struct label *label)
+ struct ucred *file_cred, struct vnode *vp, struct label *label)
{
struct vattr vap;
int error;
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#80 (text+ko) ====
@@ -1796,7 +1796,7 @@
}
static int
-mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_mls *subj, *obj;
@@ -1813,7 +1813,7 @@
}
static int
-mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_mls *subj, *obj;
@@ -2097,7 +2097,7 @@
}
static int
-mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *vnodelabel)
{
struct mac_mls *subj, *obj;
@@ -2115,7 +2115,7 @@
}
static int
-mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
struct mac_mls *subj, *obj;
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#64 (text+ko) ====
@@ -775,7 +775,7 @@
}
static int
-mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -783,7 +783,7 @@
}
static int
-mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -889,7 +889,7 @@
}
static int
-mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -897,7 +897,7 @@
}
static int
-mac_none_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_none_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#72 (text+ko) ====
@@ -1324,7 +1324,7 @@
}
static int
-mac_te_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_te_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
int error;
@@ -1339,7 +1339,7 @@
}
static int
-mac_te_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_te_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
int error;
@@ -1551,7 +1551,7 @@
}
static int
-mac_te_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_te_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -1569,7 +1569,7 @@
}
static int
-mac_te_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_te_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
int error;
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#34 (text+ko) ====
@@ -983,7 +983,7 @@
}
static int
-mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -991,7 +991,7 @@
}
static int
-mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -1097,7 +1097,7 @@
}
static int
-mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *saved_cred,
+mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
@@ -1105,7 +1105,7 @@
}
static int
-mac_test_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+mac_test_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#151 (text+ko) ====
@@ -365,9 +365,9 @@
int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
mode_t acc_mode);
int mac_check_vnode_poll(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp);
+ struct ucred *file_cred, struct vnode *vp);
int mac_check_vnode_read(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp);
+ struct ucred *file_cred, struct vnode *vp);
int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
@@ -388,7 +388,7 @@
int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
struct timespec atime, struct timespec mtime);
int mac_check_vnode_stat(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp);
+ struct ucred *file_cred, struct vnode *vp);
int mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
struct mac *extmac);
int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
@@ -402,7 +402,7 @@
int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
struct label *label);
int mac_check_vnode_write(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp);
+ struct ucred *file_cred, struct vnode *vp);
/*
* Calls to help various file systems implement labeling functionality
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#114 (text+ko) ====
@@ -296,10 +296,10 @@
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t acc_mode);
int (*mpo_check_vnode_poll)(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
int (*mpo_check_vnode_read)(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
int (*mpo_check_vnode_readdir)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel);
@@ -334,10 +334,10 @@
struct vnode *vp, struct label *label,
struct timespec atime, struct timespec mtime);
int (*mpo_check_vnode_stat)(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
int (*mpo_check_vnode_write)(struct ucred *active_cred,
- struct ucred *saved_cred, struct vnode *vp,
+ struct ucred *file_cred, struct vnode *vp,
struct label *label);
};
==== //depot/projects/trustedbsd/mac/sys/sys/vnode.h#41 (text+ko) ====
@@ -701,7 +701,7 @@
void vprint(char *label, struct vnode *vp);
int vrecycle(struct vnode *vp, struct mtx *inter_lkp,
struct thread *td);
-int vn_close(struct vnode *vp, int flags, struct ucred *saved_cred,
+int vn_close(struct vnode *vp, int flags, struct ucred *file_cred,
struct thread *td);
void vn_finished_write(struct mount *mp);
int vn_isdisk(struct vnode *vp, int *errp);
@@ -720,14 +720,14 @@
int vn_pollrecord(struct vnode *vp, struct thread *p, int events);
int vn_rdwr(enum uio_rw rw, struct vnode *vp, caddr_t base,
int len, off_t offset, enum uio_seg segflg, int ioflg,
- struct ucred *active_cred, struct ucred *saved_cred,
+ struct ucred *active_cred, struct ucred *file_cred,
int *aresid, struct thread *td);
int vn_rdwr_inchunks(enum uio_rw rw, struct vnode *vp, caddr_t base,
int len, off_t offset, enum uio_seg segflg, int ioflg,
- struct ucred *active_cred, struct ucred *saved_cred,
+ struct ucred *active_cred, struct ucred *file_cred,
int *aresid, struct thread *td);
int vn_stat(struct vnode *vp, struct stat *sb, struct ucred *active_cred,
- struct ucred *saved_cred, struct thread *td);
+ struct ucred *file_cred, struct thread *td);
int vn_start_write(struct vnode *vp, struct mount **mpp, int flags);
dev_t vn_todev(struct vnode *vp);
int vn_write_suspend_wait(struct vnode *vp, struct mount *mp,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list