PERFORCE change 21231 for review

Mon Nov 18 15:34:13 GMT 2002

http://perforce.freebsd.org/chv.cgi?CH=21231

Change 21231 by green at green_laptop_2 on 2002/11/18 07:33:28

	Possibly print more vnode info on what causes demotion in
	mac_lomac.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#42 (text+ko) ====

@@ -503,8 +503,9 @@
 
 static int
 maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel,
-    const char *actionname, const char *objname)
+    const char *actionname, const char *objname, struct vnode *vpq)
 {
+	struct vattr va;
 	static const char xxx[] = "<<XXX>>";
 	struct mac_lomac_proc *subj = PSLOT(&curthread->td_proc->p_label);
 	char *subjlabeltext, *objlabeltext, *subjtext, *text;
@@ -572,10 +573,21 @@
 			free(text, M_MACLOMAC);
 	}
 	pgid = p->p_pgrp->pg_id;		/* XXX could be stale? */
-	log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to"
-	    " level %s after %s a level-%s %s\n",
-	    subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid,
-	    p->p_comm, subjtext, actionname, objlabeltext, objname);
+	if (vpq != NULL && VOP_GETATTR(vpq, &va, curthread->td_ucred,
+	    curthread) == 0) {
+		log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to"
+		    " level %s after %s a level-%s %s (inode=%ld, "
+		    "mountpount=%s)\n",
+		    subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid,
+		    p->p_comm, subjtext, actionname, objlabeltext, objname,
+		    va.va_fileid, vpq->v_mount->mnt_stat.f_mntonname);
+	} else {
+		log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to"
+		    " level %s after %s a level-%s %s\n",
+		    subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid,
+		    p->p_comm, subjtext, actionname, objlabeltext, objname);
+	}
+		
 	if (subjlabeltext != xxx)
 		free(subjlabeltext, M_MACLOMAC);
 	if (objlabeltext != xxx)
@@ -1537,7 +1549,7 @@
 	 */
 	if (mac_lomac_enabled && revocation_enabled &&
 	    !mac_lomac_dominate_single(obj, source))
-		(void)maybe_demote(source, obj, "executing", "file");
+		(void)maybe_demote(source, obj, "executing", "file", vp);
 }
 
 static int
@@ -1816,7 +1828,7 @@
 	obj = SLOT((pipelabel));
 
 	if (!mac_lomac_dominate_single(obj, subj))
-		return (maybe_demote(subj, obj, "reading", "pipe"));
+		return (maybe_demote(subj, obj, "reading", "pipe", NULL));
 
 	return (0);
 }
@@ -2198,7 +2210,7 @@
 	}
 	if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
 		if (!mac_lomac_dominate_single(obj, subj))
-			return (maybe_demote(subj, obj, "mapping", "file"));
+			return (maybe_demote(subj, obj, "mapping", "file", vp));
 	}
 
 	return (0);
@@ -2286,7 +2298,7 @@
 	obj = SLOT(label);
 
 	if (!mac_lomac_dominate_single(obj, subj))
-		return (maybe_demote(subj, obj, "reading", "file"));
+		return (maybe_demote(subj, obj, "reading", "file", vp));
 
 	return (0);
 }
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

