PERFORCE change 18944 for review

Brian Feldman green at freebsd.org
Tue Oct 8 18:45:03 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18944

Change 18944 by green at green_laptop_2 on 2002/10/08 11:44:26

	Implement sebsd_internalize_vnode_label so that setfmac now
	works.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#34 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#34 (text+ko) ====

@@ -443,11 +443,10 @@
 		vsec->sid = SECINITSID_UNLABELED; /* Use the default label */
 		struct vattr va;
 
-		VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
+		(void)VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
 		printf("sebsd_update_vnode_from_extattr: no label for "
 		       "inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid);
-
-		return (0);
+		goto dosclass;
 	}
 	if (error) {
 		return (error); /* Fail closed */
@@ -468,6 +467,7 @@
 		return (0); /* TBD bad, bad, bad */
 	}
 
+dosclass:
 	/* TBD:	 */
  	vsec->sclass = vnode_type_to_security_class(vp->v_type);
 	if (vsec->sclass == 0) {
@@ -477,6 +477,28 @@
 	return (0);
 }
 
+static int
+sebsd_internalize_vnode_label(struct label *label, struct mac *mac,
+    struct mac_element *element, int *claimed)
+{
+	char context[128];
+	size_t context_len;
+	struct vnode_security_struct *vsec;
+	int error;
+
+	if (strcmp("sebsd", element->me_name) != 0)
+		return (0);
+        (*claimed)++;
+	if (element->me_datalen > sizeof(context))
+		return (ENAMETOOLONG);
+        error = copyinstr(element->me_data, context, element->me_datalen,
+	    &context_len);
+        if (error)
+                return (error);
+	vsec = SLOT(label);
+	return (security_context_to_sid(context, context_len, &vsec->sid));
+}
+
 static void
 sebsd_relabel_vnode(struct ucred *cred, struct vnode *vp,
 		    struct label *vnodelabel, struct label *label)
@@ -521,6 +543,8 @@
 	if (error) {
 		/* TBD: this is probably bad... */
 		return;
+	} else {
+		dest->sid = source->sid;
 	}
 }
 
@@ -1087,6 +1111,7 @@
 	/* In/Out */
 	{ MAC_EXTERNALIZE_CRED_LABEL, sebsd_externalize_cred_label },
 	{ MAC_EXTERNALIZE_VNODE_LABEL, sebsd_externalize_vnode_label },
+	{ MAC_INTERNALIZE_VNODE_LABEL, sebsd_internalize_vnode_label },
 #if 0
 	{ MAC_EXTERNALIZE_VNODE_OLDMAC,
 	    (macop_t)sebsd_externalize_vnode_oldmac },
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list