PERFORCE change 14655 for review
Robert Watson
rwatson at freebsd.org
Mon Jul 22 02:03:11 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14655
Change 14655 by rwatson at rwatson_paprika on 2002/07/21 19:03:10
Add componentname arguments to the rename_{to,from} entry points
so that policies can make decisions based on the looked up names.
No policies currently use that information.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#186 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#59 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#62 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#42 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#50 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#43 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#45 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#119 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#82 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#186 (text+ko) ====
@@ -1921,7 +1921,7 @@
int
mac_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp)
+ struct vnode *vp, struct componentname *cnp)
{
int error;
@@ -1939,13 +1939,13 @@
return (error);
MAC_CHECK(cred_check_rename_from_vnode, cred, dvp, &dvp->v_label, vp,
- &vp->v_label);
+ &vp->v_label, cnp);
return (error);
}
int
mac_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, int samedir)
+ struct vnode *vp, int samedir, struct componentname *cnp)
{
int error;
@@ -1964,7 +1964,7 @@
return (error);
}
MAC_CHECK(cred_check_rename_to_vnode, cred, dvp, &dvp->v_label, vp,
- vp != NULL ? &vp->v_label : NULL, samedir);
+ vp != NULL ? &vp->v_label : NULL, samedir, cnp);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#59 (text+ko) ====
@@ -3686,7 +3686,7 @@
fvp = fromnd.ni_vp;
#ifdef MAC
error = mac_cred_check_rename_from_vnode(td->td_ucred, fromnd.ni_dvp,
- fvp);
+ fvp, &fromnd.ni_cnd);
if (error) {
NDFREE(&fromnd, NDF_ONLY_PNBUF);
vrele(fromnd.ni_dvp);
@@ -3745,7 +3745,7 @@
#ifdef MAC
else
error = mac_cred_check_rename_to_vnode(td->td_ucred, tdvp,
- tond.ni_vp, fromnd.ni_dvp == tdvp);
+ tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
#endif /* MAC */
out:
if (!error) {
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#62 (text+ko) ====
@@ -1550,7 +1550,8 @@
static int
mac_biba_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -1573,7 +1574,8 @@
static int
mac_biba_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
struct mac_biba *subj, *obj;
==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#42 (text+ko) ====
@@ -509,7 +509,7 @@
static int
mac_bsdextended_cred_check_rename_from_vnode(struct ucred *cred,
struct vnode *dvp, struct label *dlabel, struct vnode *vp,
- struct label *label)
+ struct label *label, struct componentname *cnp)
{
struct vattr vap;
int error;
@@ -534,7 +534,7 @@
static int
mac_bsdextended_cred_check_rename_to_vnode(struct ucred *cred,
struct vnode *dvp, struct label *dlabel, struct vnode *vp,
- struct label *label, int samedir)
+ struct label *label, int samedir, struct componentname *cnp)
{
struct vattr vap;
int error;
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#50 (text+ko) ====
@@ -1493,7 +1493,8 @@
static int
mac_mls_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
struct mac_mls *subj, *obj;
@@ -1516,7 +1517,8 @@
static int
mac_mls_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
struct mac_mls *subj, *obj;
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#43 (text+ko) ====
@@ -710,7 +710,8 @@
static int
mac_none_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
return (0);
@@ -718,7 +719,8 @@
static int
mac_none_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#45 (text+ko) ====
@@ -1360,7 +1360,8 @@
static int
mac_te_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
int error;
@@ -1384,7 +1385,8 @@
static int
mac_te_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
int error;
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#13 (text+ko) ====
@@ -903,7 +903,8 @@
static int
mac_test_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
return (0);
@@ -911,7 +912,8 @@
static int
mac_test_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#119 (text+ko) ====
@@ -279,9 +279,9 @@
int mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
int mac_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp);
+ struct vnode *vp, struct componentname *cnp);
int mac_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, int samedir);
+ struct vnode *vp, int samedir, struct componentname *cnp);
int mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp,
mode_t acc_mode);
int mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp);
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#82 (text+ko) ====
@@ -283,10 +283,12 @@
struct vnode *vp, struct label *label);
int (*mpo_cred_check_rename_from_vnode)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel,
- struct vnode *vp, struct label *label);
+ struct vnode *vp, struct label *label,
+ struct componentname *cnp);
int (*mpo_cred_check_rename_to_vnode)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel,
- struct vnode *vp, struct label *label, int samedir);
+ struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp);
int (*mpo_cred_check_revoke_vnode)(struct ucred *cred,
struct vnode *vp, struct label *label);
int (*mpo_cred_check_setacl_vnode)(struct ucred *cred,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list