PERFORCE change 111042 for review
Todd Miller
millert at FreeBSD.org
Mon Dec 4 10:33:06 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=111042
Change 111042 by millert at millert_g5tower on 2006/12/04 18:31:19
Implement vnode_label_associate_* entry points.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 (text+ko) ====
==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 (text+ko) ====
@@ -1190,6 +1190,27 @@
mac_mls_copy_effective(source, dest);
}
+static void
+mac_mls_vnode_label_associate_file(struct ucred *cred,
+ struct mount *mp, struct label *mntlabel,
+ struct fileglob *fg, struct label *fglabel,
+ struct vnode *vp, struct label *vlabel)
+{
+ struct mac_mls *source, *dest;
+
+ if (fglabel != NULL)
+ source = SLOT(fglabel);
+ else
+ if (mntlabel != NULL)
+ source = SLOT(mntlabel);
+ else
+ source = SLOT(cred->cr_label);
+
+ dest = SLOT(vlabel);
+
+ mac_mls_copy_effective(source, dest);
+}
+
static int
mac_mls_vnode_label_associate_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
@@ -1250,6 +1271,44 @@
}
static void
+mac_mls_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
+ struct label *pipelabel, struct vnode *vp, struct label *vlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(pipelabel);
+ dest = SLOT(vlabel);
+
+ mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_vnode_label_associate_posixsem(struct ucred *cred,
+ struct pseminfo *psem, struct label *psemlabel, struct vnode *vp,
+ struct label *vlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(psemlabel);
+ dest = SLOT(vlabel);
+
+ mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_vnode_label_associate_posixshm(struct ucred *cred,
+ struct pshminfo *pshm, struct label *pshmlabel, struct vnode *vp,
+ struct label *vlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(pshmlabel);
+ dest = SLOT(vlabel);
+
+ mac_mls_copy_effective(source, dest);
+}
+
+static void
mac_mls_vnode_label_associate_singlelabel(struct mount *mp,
struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
@@ -1261,6 +1320,18 @@
mac_mls_copy_effective(source, dest);
}
+static void
+mac_mls_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
+ struct label *solabel, struct vnode *vp, struct label *vlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(solabel);
+ dest = SLOT(vlabel);
+
+ mac_mls_copy_effective(source, dest);
+}
+
static int
mac_mls_vnode_notify_create(struct ucred *cred, struct mount *mp,
struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
@@ -2696,12 +2767,12 @@
static int
mac_mls_mount_check_fsctl(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, int com, caddr_t data)
+ struct label *mntlabel, int com)
{
if (!mac_mls_enabled)
return (0);
- MLS_MESSAGE("file_check_fsctl: mp %p com %d(%x) data %d(%p)\n", mp, com, data);
+ MLS_MESSAGE("file_check_fsctl: mp %p com %d(%x)\n", mp, com, data);
#warning Implement mac_mls_file_check_fsctl()
return (0);
}
@@ -2784,7 +2855,7 @@
static int
mac_mls_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe,
- struct label *pipelabel, unsigned long cmd, void *data)
+ struct label *pipelabel, unsigned long cmd)
{
struct mac_mls *subj, *obj;
@@ -3375,12 +3446,12 @@
static int
mac_mls_vnode_check_ioctl(struct ucred *cred, struct vnode *vp,
- struct label *label, int com, caddr_t data)
+ struct label *label, int com)
{
if (!mac_mls_enabled)
return (0);
- MLS_MESSAGE("vnode_check_ioctl: fp %p com %d(%x) data %d(%p)\n", fp, com, com, data, data);
+ MLS_MESSAGE("vnode_check_ioctl: vp %p com %d(%x)\n", vp, com, com);
#warning Implement mac_mls_vnode_check_ioctl()
return (0);
}
@@ -4079,8 +4150,13 @@
.mpo_cred_label_associate_user = mac_mls_cred_label_associate_user,
.mpo_vnode_label_associate_devfs = mac_mls_vnode_label_associate_devfs,
+ .mpo_vnode_label_associate_file = mac_mls_vnode_label_associate_file,
.mpo_vnode_label_associate_extattr = mac_mls_vnode_label_associate_extattr,
+ .mpo_vnode_label_associate_pipe = mac_mls_vnode_label_associate_pipe,
+ .mpo_vnode_label_associate_posixsem = mac_mls_vnode_label_associate_posixsem,
+ .mpo_vnode_label_associate_posixshm = mac_mls_vnode_label_associate_posixshm,
.mpo_vnode_label_associate_singlelabel= mac_mls_vnode_label_associate_singlelabel,
+ .mpo_vnode_label_associate_socket= mac_mls_vnode_label_associate_socket,
.mpo_vnode_label_recycle = mac_mls_recycle_label,
.mpo_vnode_label_copy = mac_mls_label_copy,
.mpo_vnode_notify_create = mac_mls_vnode_notify_create,
==== //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 (text+ko) ====
@@ -295,7 +295,7 @@
if (error == ENOATTR)
return (0);
- if (error == EOPNOTSUPP) {
+ if (error == ENOTSUP) {
ro_setflags(vlabel, RO_FLAG_READONLY | RO_FLAG_NOTSUPP);
return (0);
}
==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 (text+ko) ====
@@ -1081,7 +1081,7 @@
* Labeling event operations: file system objects, and things that look
* a lot like file system objects.
*/
-
+
/* mp can be NULL in this fcn */
static void
mac_test_vnode_label_associate_devfs(struct mount *mp, struct label *mntlabel,
@@ -1110,26 +1110,35 @@
}
static void
-mac_test_vnode_label_associate_singlelabel(struct mount *mp,
- struct label *mntlabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_file(struct ucred *cred,
+ struct mount *mp, struct label *mntlabel,
+ struct fileglob *fg, struct label *fglabel,
+ struct vnode *vp, struct label *vlabel)
{
+ CHECKNULL(cred);
CHECKNULL(mp);
CHECKNULL(vp);
INIT_LABEL(vlabel, VNODETYPE);
- USE_LABEL(mntlabel, MOUNTTYPE);
+
+ if (fglabel) {
+ CHECKNULL(fg);
+ USE_LABEL(fglabel, FILETYPE);
+ } else {
+ USE_LABEL(mntlabel, MOUNTTYPE);
+ }
}
static void
-mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
- struct label *solabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
+ struct label *pipelabel, struct vnode *vp, struct label *vlabel)
{
CHECKNULL(cred);
- CHECKNULL(xso);
+ CHECKNULL(cpipe);
CHECKNULL(vp);
INIT_LABEL(vlabel, VNODETYPE);
- USE_LABEL(solabel, SOCKETTYPE);
+ USE_LABEL(pipelabel, PIPETYPE);
}
static void
@@ -1157,37 +1166,31 @@
INIT_LABEL(vlabel, VNODETYPE);
USE_LABEL(pshmlabel, POSIXSHMTYPE);
}
-
+
static void
-mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
- struct label *pipelabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_singlelabel(struct mount *mp,
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
- CHECKNULL(cred);
- CHECKNULL(cpipe);
+ CHECKNULL(mp);
CHECKNULL(vp);
INIT_LABEL(vlabel, VNODETYPE);
- USE_LABEL(pipelabel, PIPETYPE);
+ USE_LABEL(mntlabel, MOUNTTYPE);
}
static void
-mac_test_vnode_label_associate_file(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct fileglob *fg, struct label *fglabel,
- struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
+ struct label *solabel, struct vnode *vp, struct label *vlabel)
{
CHECKNULL(cred);
+ CHECKNULL(xso);
CHECKNULL(vp);
INIT_LABEL(vlabel, VNODETYPE);
-
- if (fglabel) {
- CHECKNULL(fg);
- USE_LABEL(fglabel, FILETYPE);
- } else {
- USE_LABEL(cred->cr_label, CREDTYPE);
- }
+ USE_LABEL(solabel, SOCKETTYPE);
}
+/* The ucred and mount parameters can be NULL for this fcn */
static void
mac_test_devfs_label_associate_device(dev_t dev, struct devnode *de,
struct label *label, const char *fullpath)
@@ -1231,8 +1234,8 @@
CHECKNULL(cred);
CHECKNULL(mp);
+ USE_LABEL(cred->cr_label, CREDTYPE);
INIT_LABEL(mntlabel, MOUNTTYPE);
- USE_LABEL(cred->cr_label, CREDTYPE);
}
static void
@@ -1907,16 +1910,16 @@
.mpo_vnode_label_associate_devfs= mac_test_vnode_label_associate_devfs,
.mpo_vnode_label_associate_extattr=
mac_test_vnode_label_associate_extattr,
+ .mpo_vnode_label_associate_file= mac_test_vnode_label_associate_file,
+ .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe,
+ .mpo_vnode_label_associate_posixsem=
+ mac_test_vnode_label_associate_posixsem,
+ .mpo_vnode_label_associate_posixshm=
+ mac_test_vnode_label_associate_posixshm,
.mpo_vnode_label_associate_singlelabel=
mac_test_vnode_label_associate_singlelabel,
.mpo_vnode_label_associate_socket=
mac_test_vnode_label_associate_socket,
- .mpo_vnode_label_associate_posixsem=
- mac_test_vnode_label_associate_posixsem,
- .mpo_vnode_label_associate_posixshm=
- mac_test_vnode_label_associate_posixshm,
- .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe,
- .mpo_vnode_label_associate_file = mac_test_vnode_label_associate_file,
.mpo_devfs_label_associate_device=
mac_test_devfs_label_associate_device,
.mpo_devfs_label_associate_directory=
More information about the trustedbsd-cvs
mailing list