PERFORCE change 105353 for review

Todd Miller millert at FreeBSD.org
Wed Aug 30 20:38:37 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=105353

Change 105353 by millert at millert_g4tower on 2006/08/30 20:33:21

	Use proc_ucred() instead of peeking inside struct proc directly.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_syscall.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#8 (text+ko) ====

@@ -270,7 +270,7 @@
 	struct task_security_struct *task, *target;
 
 	task = SLOT(cred->cr_label);
-	target = SLOT(proc->p_ucred->cr_label);
+	target = SLOT(proc_ucred(proc)->cr_label);
 
 	return (avc_has_perm(task->sid, target->sid,
 	    SECCLASS_PROCESS, perm, NULL));
@@ -1658,7 +1658,7 @@
 	case LCID_REMOVE:	/* Orphan */
 
 		/* loginwindow.app/MAC.loginPlugin orphaned process. */
-		dst = SLOT(p->p_ucred->cr_label);
+		dst = SLOT(proc_ucred(p)->cr_label);
 		if (dst->sid != dst->osid) {
 			/*
 			 * TBD: Need to flush any open files that are now
@@ -1676,8 +1676,8 @@
 	default:		/* Adopt */
 
 		/* loginwindow.app/MAC.loginPlugin adopted process. */
-		src = SLOT(p0->p_ucred->cr_label);
-		dst = SLOT(p->p_ucred->cr_label);
+		src = SLOT(proc_ucred(p0)->cr_label);
+		dst = SLOT(proc_ucred(p)->cr_label);
 
 		if (src->sid != dst->sid) {
 			/*

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_syscall.c#3 (text+ko) ====

@@ -60,7 +60,7 @@
 	void *kdata;
 	int rc;
 	
-	rc = cred_has_security(p->p_ucred, SECURITY__LOAD_POLICY);
+	rc = cred_has_security(proc_ucred(p), SECURITY__LOAD_POLICY);
 	if (rc)
 		return (rc);
 
@@ -81,7 +81,7 @@
 	void *kdata;
 	int rc;
 	
-	rc = cred_has_security(p->p_ucred, SECURITY__LOAD_POLICY);
+	rc = cred_has_security(proc_ucred(p), SECURITY__LOAD_POLICY);
 	if (rc)
 		return (rc);
 
@@ -165,7 +165,7 @@
 	{
 		char *str;
 
-		error = cred_has_security(p->p_ucred, SECURITY__SETBOOL);
+		error = cred_has_security(proc_ucred(p), SECURITY__SETBOOL);
 		if (error)
 			return (error);
 
@@ -186,7 +186,7 @@
 	}
 
 	case SEBSDCALL_COMMIT_BOOLS:
-		error = cred_has_security(p->p_ucred, SECURITY__SETBOOL);
+		error = cred_has_security(proc_ucred(p), SECURITY__SETBOOL);
 		if (error)
 			return (error);
 		return (security_commit_pending_bools());

More information about the trustedbsd-cvs mailing list