PERFORCE change 14786 for review

Robert Watson rwatson at freebsd.org
Tue Jul 23 17:59:08 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14786

Change 14786 by rwatson at rwatson_tislabs on 2002/07/23 10:59:04

	Implement the access() policy entry point for the policies where
	it had not yet been implemented.  For TE, MLS, and Biba, simply
	wrap the existing open() check since the logic is identical.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 (text+ko) ====

@@ -1322,6 +1322,14 @@
 }
 
 static int
+mac_biba_cred_check_access_vnode(struct ucred *cred, struct vnode *vp,
+    struct label *label, mode_t flags)
+{
+
+	return (mac_biba_cred_check_open_vnode(cred, vp, label, flags));
+}
+
+static int
 mac_biba_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -1980,6 +1988,8 @@
 	    (macop_t)mac_biba_cred_check_statfs },
 	{ MAC_CRED_CHECK_DEBUG_PROC,
 	    (macop_t)mac_biba_cred_check_debug_proc },
+	{ MAC_CRED_CHECK_ACCESS_VNODE,
+	    (macop_t)mac_biba_cred_check_access_vnode },
 	{ MAC_CRED_CHECK_CHDIR_VNODE,
 	    (macop_t)mac_biba_cred_check_chdir_vnode },
 	{ MAC_CRED_CHECK_CHROOT_VNODE,

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 (text+ko) ====

@@ -1265,6 +1265,14 @@
 }
 
 static int
+mac_mls_cred_check_access_vnode(struct ucred *cred, struct vnode *vp,
+    struct label *label, mode_t flags)
+{
+
+	return (mac_mls_cred_check_open_vnode(cred, vp, label, flags));
+}
+
+static int
 mac_mls_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -1923,6 +1931,8 @@
 	    (macop_t)mac_mls_cred_check_statfs },
 	{ MAC_CRED_CHECK_DEBUG_PROC,
 	    (macop_t)mac_mls_cred_check_debug_proc },
+	{ MAC_CRED_CHECK_ACCESS_VNODE,
+	    (macop_t)mac_mls_cred_check_access_vnode },
 	{ MAC_CRED_CHECK_CHDIR_VNODE,
 	    (macop_t)mac_mls_cred_check_chdir_vnode },
 	{ MAC_CRED_CHECK_CHROOT_VNODE,

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 (text+ko) ====

@@ -604,6 +604,14 @@
 }
 
 static int
+mac_none_cred_check_access_vnode(struct ucred *cred, struct vnode *vp,
+    struct label *label, mode_t flags)
+{
+
+	return (0);
+}
+
+static int
 mac_none_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -969,6 +977,8 @@
 	    (macop_t)mac_none_cred_check_statfs },
 	{ MAC_CRED_CHECK_DEBUG_PROC,
 	    (macop_t)mac_none_cred_check_debug_proc },
+	{ MAC_CRED_CHECK_ACCESS_VNODE,
+	    (macop_t)mac_none_cred_check_access_vnode },
 	{ MAC_CRED_CHECK_CHDIR_VNODE,
 	    (macop_t)mac_none_cred_check_chdir_vnode },
 	{ MAC_CRED_CHECK_CHROOT_VNODE,

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 (text+ko) ====

@@ -1290,6 +1290,14 @@
 }
 
 static int
+mac_te_cred_check_access_vnode(struct ucred *cred, struct vnode *vp,
+    struct label *label, mode_t flags)
+{
+
+	return (mac_te_cred_check_open_vnode(cred, vp, label, flags));
+}
+
+static int
 mac_te_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -1617,6 +1625,8 @@
 	    (macop_t)mac_te_cred_check_relabel_vnode },
 	{ MAC_CRED_CHECK_STATFS, (macop_t)mac_te_cred_check_statfs },
 	{ MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_te_cred_check_debug_proc },
+	{ MAC_CRED_CHECK_ACCESS_VNODE,
+	    (macop_t)mac_te_cred_check_access_vnode },
 	{ MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_te_cred_check_chdir_vnode },
 	{ MAC_CRED_CHECK_CHROOT_VNODE,
 	    (macop_t)mac_te_cred_check_chroot_vnode },

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 (text+ko) ====

@@ -797,6 +797,14 @@
 }
 
 static int
+mac_test_cred_check_access_vnode(struct ucred *cred, struct vnode *vp,
+    struct label *label, mode_t flags)
+{
+
+	return (0);
+}
+
+static int
 mac_test_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -1160,6 +1168,8 @@
 	    (macop_t)mac_test_cred_check_statfs },
 	{ MAC_CRED_CHECK_DEBUG_PROC,
 	    (macop_t)mac_test_cred_check_debug_proc },
+	{ MAC_CRED_CHECK_ACCESS_VNODE,
+	    (macop_t)mac_test_cred_check_access_vnode },
 	{ MAC_CRED_CHECK_CHDIR_VNODE,
 	    (macop_t)mac_test_cred_check_chdir_vnode },
 	{ MAC_CRED_CHECK_CHROOT_VNODE,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list