PERFORCE change 18927 for review
Chris Vance
cvance at freebsd.org
Tue Oct 8 11:59:34 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18927
Change 18927 by cvance at cvance_laptop on 2002/10/08 04:58:50
Remove debugging statement that somehow survived until now
Affected files ...
.. //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 (text+ko) ====
@@ -220,7 +220,6 @@
}
argc -= optind;
argv += optind;
- printf("optind = %d, argc now %d\n", optind, argc);
if (argc < 2) {
printUsage();
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 (text+ko) ====
@@ -114,6 +114,60 @@
return (cred_has_system(td->td_proc->p_ucred, perm));
}
+static __inline security_class_t
+vnode_type_to_security_class(enum vtype vt)
+{
+ switch (vt) {
+ case VREG:
+ return SECCLASS_FILE;
+ case VDIR:
+ return SECCLASS_DIR;
+ case VBLK:
+ return SECCLASS_BLK_FILE;
+ case VCHR:
+ return SECCLASS_CHR_FILE;
+ case VLNK:
+ return SECCLASS_LNK_FILE;
+ case VSOCK:
+ return SECCLASS_SOCK_FILE;
+ case VFIFO:
+ return SECCLASS_FIFO_FILE;
+ case VNON:
+ case VBAD:
+ return SECCLASS_FILE;
+ }
+
+ return SECCLASS_FILE;
+}
+
+static __inline access_vector_t
+file_mask_to_av(enum vtype vt, int mask)
+{
+ access_vector_t av = 0;
+
+ if (vt != VDIR) {
+ if (mask & VEXEC)
+ av |= FILE__EXECUTE;
+ if (mask & VREAD)
+ av |= FILE__READ;
+
+ if (mask & VAPPEND)
+ av |= FILE__APPEND;
+ else if (mask & VWRITE)
+ av |= FILE__WRITE;
+
+ } else {
+ if (mask & VEXEC)
+ av |= DIR__SEARCH;
+ if (mask & VWRITE)
+ av |= DIR__WRITE;
+ if (mask & VREAD)
+ av |= DIR__READ;
+ }
+
+ return av;
+}
+
static int
vnode_has_perm(struct ucred *cred, struct vnode *vp, access_vector_t perm,
avc_entry_ref_t *aeref)
@@ -298,32 +352,6 @@
return (newsid != task->sid);
}
-static __inline security_class_t
-vnode_type_to_security_class(enum vtype vt)
-{
- switch (vt) {
- case VREG:
- return SECCLASS_FILE;
- case VDIR:
- return SECCLASS_DIR;
- case VBLK:
- return SECCLASS_BLK_FILE;
- case VCHR:
- return SECCLASS_CHR_FILE;
- case VLNK:
- return SECCLASS_LNK_FILE;
- case VSOCK:
- return SECCLASS_SOCK_FILE;
- case VFIFO:
- return SECCLASS_FIFO_FILE;
- case VNON:
- case VBAD:
- return SECCLASS_FILE;
- }
-
- return SECCLASS_FILE;
-}
-
static void
sebsd_init_vnode_label(struct label *label)
{
@@ -500,9 +528,11 @@
sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
+ if (!flags)
+ return 0;
- /* TBD: Not Implemented */
- return (0);
+ return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, flags),
+ NULL);
}
static int
@@ -686,16 +716,18 @@
sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, mode_t acc_mode)
{
- /* TBD: Not Implemented */
- return 0;
+ if (!acc_mode)
+ return 0;
+
+ return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode),
+ NULL);
}
static int
sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
- /* TBD: Not Implemented */
- return 0;
+ return vnode_has_perm(cred, vp, FILE__POLL, NULL);
}
static int
@@ -928,8 +960,26 @@
sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
struct label *label, int newmapping)
{
- /* TBD: Not Implemented */
- return 0;
+#ifdef TBD
+ access_vector_t av;
+
+ /* TBD: Incomplete */
+ if (vp) {
+ /* read access is always possible with a mapping */
+ av = FILE__READ;
+
+ /* write access only matters if the mapping is shared */
+ if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE))
+ av |= FILE__WRITE;
+
+ if (prot & PROT_EXEC)
+ av |= FILE__EXECUTE;
+
+ return vnode_has_perm(cred, vp, av, NULL);
+ }
+#endif
+
+ return (0);
}
static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list