PERFORCE change 100991 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jul 8 13:06:12 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=100991
Change 100991 by rwatson at rwatson_zoo on 2006/07/08 13:05:00
Rename.
Affected files ...
.. //depot/projects/trustedbsd/mac2/sys/security/mac_bsdextended/mac_bsdextended.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/mac2/sys/security/mac_bsdextended/mac_bsdextended.c#2 (text+ko) ====
@@ -2,6 +2,7 @@
* Copyright (c) 2005 Tom Rhodes
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -12,6 +13,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -234,7 +238,7 @@
CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules");
static void
-mac_bsdextended_init(struct mac_policy_conf *mpc)
+mac_bsdextended_policy_init(struct mac_policy_conf *mpc)
{
/* Initialize ruleset lock. */
@@ -244,7 +248,7 @@
}
static void
-mac_bsdextended_destroy(struct mac_policy_conf *mpc)
+mac_bsdextended_policy_destroy(struct mac_policy_conf *mpc)
{
/* Destroy ruleset lock. */
@@ -503,7 +507,7 @@
}
static int
-mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_system_check_swapon(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -511,7 +515,7 @@
}
static int
-mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_access(struct ucred *cred, struct vnode *vp,
struct label *label, int acc_mode)
{
@@ -519,7 +523,7 @@
}
static int
-mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -527,7 +531,7 @@
}
static int
-mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -543,21 +547,7 @@
}
static int
-mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label,
- struct componentname *cnp)
-{
- int error;
-
- error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
- if (error)
- return (error);
-
- return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
-}
-
-static int
-mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
struct label *label, acl_type_t type)
{
@@ -565,7 +555,7 @@
}
static int
-mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name)
{
@@ -573,7 +563,7 @@
}
static int
-mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_exec(struct ucred *cred, struct vnode *vp,
struct label *label, struct image_params *imgp,
struct label *execlabel)
{
@@ -582,7 +572,7 @@
}
static int
-mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
struct label *label, acl_type_t type)
{
@@ -590,7 +580,7 @@
}
static int
-mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
@@ -598,7 +588,7 @@
}
static int
-mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
@@ -615,7 +605,7 @@
}
static int
-mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace)
{
@@ -623,7 +613,7 @@
}
static int
-mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp)
{
@@ -631,7 +621,7 @@
}
static int
-mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, int acc_mode)
{
@@ -639,7 +629,7 @@
}
static int
-mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -647,7 +637,7 @@
}
static int
-mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_readdlink(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -655,7 +645,7 @@
}
static int
-mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
@@ -670,7 +660,7 @@
}
static int
-mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+mac_bsdextended_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
struct componentname *cnp)
{
@@ -687,7 +677,7 @@
}
static int
-mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -703,7 +693,7 @@
}
static int
-mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
@@ -711,7 +701,7 @@
}
static int
-mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
struct label *label, u_long flags)
{
@@ -719,7 +709,7 @@
}
static int
-mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t mode)
{
@@ -727,7 +717,7 @@
}
static int
-mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
struct label *label, uid_t uid, gid_t gid)
{
@@ -735,7 +725,7 @@
}
static int
-mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+mac_bsdextended_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
struct label *label, struct timespec atime, struct timespec utime)
{
@@ -743,44 +733,58 @@
}
static int
-mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
+mac_bsdextended_vnode_check_stat(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp, struct label *label)
{
return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
}
+static int
+mac_bsdextended_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
+{
+ int error;
+
+ error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
+ if (error)
+ return (error);
+
+ return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
static struct mac_policy_ops mac_bsdextended_ops =
{
- .mpo_destroy = mac_bsdextended_destroy,
- .mpo_init = mac_bsdextended_init,
- .mpo_check_system_swapon = mac_bsdextended_check_system_swapon,
- .mpo_check_vnode_access = mac_bsdextended_check_vnode_access,
- .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,
- .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot,
- .mpo_check_vnode_create = mac_bsdextended_check_create_vnode,
- .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete,
- .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl,
- .mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr,
- .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec,
- .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl,
- .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr,
- .mpo_check_vnode_link = mac_bsdextended_check_vnode_link,
- .mpo_check_vnode_listextattr = mac_bsdextended_check_vnode_listextattr,
- .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup,
- .mpo_check_vnode_open = mac_bsdextended_check_vnode_open,
- .mpo_check_vnode_readdir = mac_bsdextended_check_vnode_readdir,
- .mpo_check_vnode_readlink = mac_bsdextended_check_vnode_readdlink,
- .mpo_check_vnode_rename_from = mac_bsdextended_check_vnode_rename_from,
- .mpo_check_vnode_rename_to = mac_bsdextended_check_vnode_rename_to,
- .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke,
- .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode,
- .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr,
- .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags,
- .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode,
- .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner,
- .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes,
- .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat,
+ .mpo_policy_destroy = mac_bsdextended_policy_destroy,
+ .mpo_policy_init = mac_bsdextended_policy_init,
+ .mpo_system_check_swapon = mac_bsdextended_system_check_swapon,
+ .mpo_vnode_check_access = mac_bsdextended_vnode_check_access,
+ .mpo_vnode_check_chdir = mac_bsdextended_vnode_check_chdir,
+ .mpo_vnode_check_chroot = mac_bsdextended_vnode_check_chroot,
+ .mpo_vnode_check_create = mac_bsdextended_check_create_vnode,
+ .mpo_vnode_check_deleteacl = mac_bsdextended_vnode_check_deleteacl,
+ .mpo_vnode_check_deleteextattr = mac_bsdextended_vnode_check_deleteextattr,
+ .mpo_vnode_check_exec = mac_bsdextended_vnode_check_exec,
+ .mpo_vnode_check_getacl = mac_bsdextended_vnode_check_getacl,
+ .mpo_vnode_check_getextattr = mac_bsdextended_vnode_check_getextattr,
+ .mpo_vnode_check_link = mac_bsdextended_vnode_check_link,
+ .mpo_vnode_check_listextattr = mac_bsdextended_vnode_check_listextattr,
+ .mpo_vnode_check_lookup = mac_bsdextended_vnode_check_lookup,
+ .mpo_vnode_check_open = mac_bsdextended_vnode_check_open,
+ .mpo_vnode_check_readdir = mac_bsdextended_vnode_check_readdir,
+ .mpo_vnode_check_readlink = mac_bsdextended_vnode_check_readdlink,
+ .mpo_vnode_check_rename_from = mac_bsdextended_vnode_check_rename_from,
+ .mpo_vnode_check_rename_to = mac_bsdextended_vnode_check_rename_to,
+ .mpo_vnode_check_revoke = mac_bsdextended_vnode_check_revoke,
+ .mpo_vnode_check_setacl = mac_bsdextended_check_setacl_vnode,
+ .mpo_vnode_check_setextattr = mac_bsdextended_vnode_check_setextattr,
+ .mpo_vnode_check_setflags = mac_bsdextended_vnode_check_setflags,
+ .mpo_vnode_check_setmode = mac_bsdextended_vnode_check_setmode,
+ .mpo_vnode_check_setowner = mac_bsdextended_vnode_check_setowner,
+ .mpo_vnode_check_setutimes = mac_bsdextended_vnode_check_setutimes,
+ .mpo_vnode_check_stat = mac_bsdextended_vnode_check_stat,
+ .mpo_vnode_check_unlink = mac_bsdextended_vnode_check_unlink,
};
MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended,
More information about the trustedbsd-cvs
mailing list