PERFORCE change 18348 for review

Mon Sep 30 00:22:16 GMT 2002

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18348

Change 18348 by rwatson at rwatson_tislabs on 2002/09/29 17:21:45

	Add mac_get_link() and mac_set_link(), variations on
	mac_get_file() and mac_set_file() that don't follow symlinks,
	permitting label operations to be performed on symlinks
	themselves.  Similar in notion to lchown()/lstat() vs
	chown()/stat().

Affected files ...

.. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#9 edit
.. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_set.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#31 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#281 edit
.. //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#31 edit
.. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#27 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#164 edit
.. //depot/projects/trustedbsd/mac/sys/sys/syscall.h#31 edit
.. //depot/projects/trustedbsd/mac/sys/sys/syscall.mk#31 edit
.. //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#32 edit

Differences ...

==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#9 (text+ko) ====

@@ -38,6 +38,13 @@
 #include <stdlib.h>
 
 int
+mac_get_fd(int fd, struct mac *label)
+{
+
+	return (__mac_get_fd(fd, label));
+}
+
+int
 mac_get_file(const char *path, struct mac *label)
 {
 
@@ -45,10 +52,10 @@
 }
 
 int
-mac_get_fd(int fd, struct mac *label)
+mac_get_link(const char *path, struct mac *label)
 {
 
-	return (__mac_get_fd(fd, label));
+	return (__mac_get_link(path, label));
 }
 
 int

==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_set.c#6 (text+ko) ====

@@ -35,6 +35,13 @@
 #include <sys/mac.h>
 
 int
+mac_set_fd(int fd, struct mac *label)
+{
+
+	return (__mac_set_fd(fd, label));
+}
+
+int
 mac_set_file(const char *path, struct mac *label)
 {
 
@@ -42,10 +49,10 @@
 }
 
 int
-mac_set_fd(int fd, struct mac *label)
+mac_set_link(const char *path, struct mac *label)
 {
 
-	return (__mac_set_fd(fd, label));
+	return (__mac_set_link(path, label));
 }
 
 int

==== //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#31 (text+ko) ====

@@ -425,4 +425,6 @@
 	{ SYF_MPSAFE | AS(mac_syscall_args), (sy_call_t *)mac_syscall },	/* 394 = mac_syscall */
 	{ SYF_MPSAFE | AS(__mac_get_pid_args), (sy_call_t *)__mac_get_pid },	/* 395 = __mac_get_pid */
 	{ SYF_MPSAFE | AS(macctl_args), (sy_call_t *)macctl },	/* 396 = macctl */
+	{ SYF_MPSAFE | AS(__mac_get_link_args), (sy_call_t *)__mac_get_link },	/* 397 = __mac_get_link */
+	{ SYF_MPSAFE | AS(__mac_set_link_args), (sy_call_t *)__mac_set_link },	/* 398 = __mac_set_link */
 };

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#281 (text+ko) ====

@@ -3917,6 +3917,65 @@
  * MPSAFE
  */
 int
+__mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
+{
+	struct mac_element *element_array;
+	struct nameidata nd;
+	struct label intlabel;
+	struct mac mac;
+	int destroy_label, error;
+
+	destroy_label = 0;
+	mtx_lock(&Giant);				/* VFS */
+
+	element_array =  NULL;
+
+	error = copyin(SCARG(uap, mac_p), &mac, sizeof(mac));
+	if (error)
+		goto out;
+
+	error = mac_copyin_element_array(&mac, &element_array);
+	if (error)
+		goto out;
+
+	NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE,
+	    SCARG(uap, path_p), td);
+	error = namei(&nd);
+	if (error)
+		goto out;
+
+	error = vn_refreshlabel(nd.ni_vp, td->td_ucred);
+	if (error == 0) {
+		mac_init_vnode_label(&intlabel);
+		destroy_label = 1;
+		mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
+	}
+	NDFREE(&nd, 0);
+	if (error)
+		goto out2;
+
+	if (error == 0)
+		error = mac_externalize_vnode_label(&intlabel, &mac,
+		    element_array);
+	if (error == 0)
+		error = mac_copyout_element_array(&mac, element_array);
+
+out2:
+	if (destroy_label)
+		mac_destroy_vnode_label(&intlabel);
+
+out:
+	if (element_array != NULL)
+		mac_free_element_array(element_array);
+
+	mtx_unlock(&Giant);				/* VFS */
+	return (error);
+}
+
+/*
+ * MPSAFE
+ */
+int
 __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
 {
 	struct mac_element *element_array;
@@ -4052,6 +4111,58 @@
  * MPSAFE
  */
 int
+__mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
+{
+	struct mac_element *element_array;
+	struct nameidata nd;
+	struct mac extmac;
+	struct label intlabel;
+	struct mount *mp;
+	int error;
+
+	mtx_lock(&Giant);				/* VFS */
+
+	error = copyin(SCARG(uap, mac_p), &extmac, sizeof(extmac));
+	if (error)
+		goto out1;
+
+	error = mac_copyin_element_array(&extmac, &element_array);
+	if (error)
+		goto out1;
+
+	mac_init_vnode_label(&intlabel);
+	error = mac_internalize_vnode_label(&intlabel, &extmac,
+	    element_array);
+	mac_free_element_array(element_array);
+	if (error)
+		goto out2;
+
+	NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE,
+	    SCARG(uap, path_p), td);
+	error = namei(&nd);
+	if (error)
+		goto out2;
+	error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
+	if (error)
+		goto out3;
+
+	error = vn_setlabel(nd.ni_vp, &intlabel, td->td_ucred);
+
+	vn_finished_write(mp);
+
+out3:
+	NDFREE(&nd, 0);
+out2:
+	mac_destroy_vnode_label(&intlabel);
+out1:
+	mtx_unlock(&Giant);				/* VFS */
+	return (error);
+}
+
+/*
+ * MPSAFE
+ */
+int
 mac_syscall(struct thread *td, struct mac_syscall_args *uap)
 {
 	struct mac_policy_conf *mpc;

==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#31 (text+ko) ====

@@ -404,4 +404,6 @@
 	"mac_syscall",			/* 394 = mac_syscall */
 	"__mac_get_pid",			/* 395 = __mac_get_pid */
 	"macctl",			/* 396 = macctl */
+	"__mac_get_link",			/* 397 = __mac_get_link */
+	"__mac_set_link",			/* 398 = __mac_set_link */
 };

==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#27 (text+ko) ====

@@ -572,3 +572,7 @@
 395	MSTD	BSD	{ int __mac_get_pid(pid_t pid, struct mac *mac_p); }
 396	MSTD	BSD	{ int macctl(char *policy, u_int op, void *arg, \
 				u_int arglen, void *ret, u_int *retlen); }
+397	MSTD	BSD	{ int __mac_get_link(const char *path_p, \
+			    struct mac *mac_p); }
+398	MSTD	BSD	{ int __mac_set_link(const char *path_p, \
+			    struct mac *mac_p); }

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#164 (text+ko) ====

@@ -139,6 +139,7 @@
 int		 mac_from_text(mac_t *_label, const char *_text);
 int		 mac_get_fd(int _fd, mac_t _label);
 int		 mac_get_file(const char *_path, mac_t _label);
+int		 mac_get_link(const char *_path, mac_t _label);
 int		 mac_get_pid(pid_t _pid, mac_t _label);
 int		 mac_get_proc(mac_t _label);
 int		 mac_is_present(const char *_policyname);
@@ -148,6 +149,7 @@
 int		 mac_prepare_process_label(mac_t *_label);
 int		 mac_set_fd(int _fildes, const mac_t _label);
 int		 mac_set_file(const char *_path, mac_t _label);
+int		 mac_set_link(const char *_path, mac_t _label);
 int		 mac_set_proc(const mac_t _label);
 int		 mac_syscall(const char *_policyname, int _call, void *_arg);
 int		 mac_to_text(mac_t mac, char **_text);

==== //depot/projects/trustedbsd/mac/sys/sys/syscall.h#31 (text+ko) ====

@@ -310,4 +310,6 @@
 #define	SYS_mac_syscall	394
 #define	SYS___mac_get_pid	395
 #define	SYS_macctl	396
-#define	SYS_MAXSYSCALL	397
+#define	SYS___mac_get_link	397
+#define	SYS___mac_set_link	398
+#define	SYS_MAXSYSCALL	399

==== //depot/projects/trustedbsd/mac/sys/sys/syscall.mk#31 (text+ko) ====

@@ -258,4 +258,6 @@
 	sendfile.o \
 	mac_syscall.o \
 	__mac_get_pid.o \
-	macctl.o
+	macctl.o \
+	__mac_get_link.o \
+	__mac_set_link.o

==== //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#32 (text+ko) ====

@@ -1137,6 +1137,14 @@
 	char ret_l_[PADL_(void *)]; void * ret; char ret_r_[PADR_(void *)];
 	char retlen_l_[PADL_(u_int *)]; u_int * retlen; char retlen_r_[PADR_(u_int *)];
 };
+struct __mac_get_link_args {
+	char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)];
+	char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)];
+};
+struct __mac_set_link_args {
+	char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)];
+	char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)];
+};
 int	nosys(struct thread *, struct nosys_args *);
 void	sys_exit(struct thread *, struct sys_exit_args *);
 int	fork(struct thread *, struct fork_args *);
@@ -1392,6 +1400,8 @@
 int	mac_syscall(struct thread *, struct mac_syscall_args *);
 int	__mac_get_pid(struct thread *, struct __mac_get_pid_args *);
 int	macctl(struct thread *, struct macctl_args *);
+int	__mac_get_link(struct thread *, struct __mac_get_link_args *);
+int	__mac_set_link(struct thread *, struct __mac_set_link_args *);
 
 #ifdef COMPAT_43
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

