PERFORCE change 93364 for review
Todd Miller
millert at FreeBSD.org
Wed Mar 15 19:52:56 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=93364
Change 93364 by millert at millert_p3 on 2006/03/15 19:51:56
Add sebsd_update_devfsdirent().
Check for fullpath == NULL in devfs functions that have it
as a parameter. This is overkill as we really only need
to do this in sebsd_create_devfs_directory() (which is called
with a NULL fullpath from devfs_mount() via devfs_vmkdir()).
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#41 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#41 (text+ko) ====
@@ -443,6 +443,20 @@
*/
}
+static void
+sebsd_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp, struct label *vlabel)
+{
+ struct vnode_security_struct *vsec, *dsec;
+
+ vsec = SLOT(vlabel);
+ dsec = SLOT(delabel);
+
+ dsec->sid = vsec->sid;
+ dsec->task_sid = vsec->task_sid;
+ dsec->sclass = vsec->sclass;
+}
+
static int
sebsd_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
struct vnode *vp, struct label *vlabel)
@@ -644,9 +658,12 @@
dirent_type_to_security_class(devfs_dirent->de_dirent->d_type);
/* Obtain a SID based on the fstype, path, and class. */
- path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
- path[0] = '/';
- strcpy(&path[1], fullpath);
+ if (fullpath != NULL) {
+ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
+ path[0] = '/';
+ strcpy(&path[1], fullpath);
+ } else
+ path = "/";
rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
&newsid);
@@ -675,7 +692,8 @@
"dirent=%d\n", path, sbsec->sid, mp->mnt_stat.f_mntonname,
rc, dirent->sclass, newsid, dirent->sid);
}
- free(path, M_SEBSD);
+ if (fullpath != NULL)
+ free(path, M_SEBSD);
}
static void
@@ -698,9 +716,12 @@
dirent->sclass = SECCLASS_DIR;
/* Obtain a SID based on the fstype, path, and class. */
- path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
- path[0] = '/';
- strcpy(&path[1], fullpath);
+ if (fullpath != NULL) {
+ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
+ path[0] = '/';
+ strcpy(&path[1], fullpath);
+ } else
+ path = "/";
rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
&newsid);
if (rc == 0)
@@ -713,7 +734,8 @@
__func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc,
dirent->sclass, newsid, dirent->sid);
}
- free(path, M_SEBSD);
+ if (fullpath != NULL)
+ free(path, M_SEBSD);
}
static void
@@ -740,9 +762,12 @@
lnksec->sclass = SECCLASS_LNK_FILE;
/* Obtain a SID based on the fstype, path, and class. */
- path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
- path[0] = '/';
- strcpy(&path[1], fullpath);
+ if (fullpath != NULL) {
+ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
+ path[0] = '/';
+ strcpy(&path[1], fullpath);
+ } else
+ path = "/";
rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass,
&newsid);
if (rc == 0)
@@ -754,7 +779,8 @@
sbsec->sid, mp->mnt_stat.f_mntonname, rc,
lnksec->sclass, newsid, lnksec->sid);
}
- free(path, M_SEBSD);
+ if (fullpath != NULL)
+ free(path, M_SEBSD);
}
/*
@@ -2457,6 +2483,7 @@
/* .mpo_create_socket = sebsd_create_socket, */
/* .mpo_create_socket_from_socket = sebsd_create_socket_from_socket, */
.mpo_create_vnode_extattr = sebsd_create_vnode_extattr,
+ .mpo_update_devfsdirent = sebsd_update_devfsdirent,
.mpo_associate_vnode_devfs = sebsd_associate_vnode_devfs,
.mpo_associate_vnode_singlelabel = sebsd_associate_vnode_singlelabel,
.mpo_associate_vnode_extattr = sebsd_associate_vnode_extattr,
More information about the trustedbsd-cvs
mailing list