PERFORCE change 109960 for review

Tue Nov 14 18:54:10 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=109960

Change 109960 by millert at millert_g5tower on 2006/11/14 18:51:12

	Rename mac_vnode_label_associate_file() to
	mac_vnode_label_associate_fdesc() and pass in a richer set
	of args.  With this we no longer need a vnode_label_associate_cred
	entry point.  The policy itself can decide whether to fall
	back to the cred or mount label in the abscence of a file label.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 (text+ko) ====

@@ -56,6 +56,7 @@
 struct bpf_d;
 struct componentname;
 struct devnode;
+struct fdescnode;
 struct fileglob;
 struct ifnet;
 struct lctx;
@@ -149,8 +150,8 @@
 	    struct vnode *vp);
 int	mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
 void	mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp);
-int	mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
-	    struct vnode *vp);
+int	mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
+	    struct vnode *vp, vfs_context_t ctx);
 void	mac_devfs_label_associate_device(dev_t dev, struct devnode *de,
 	    const char *fullpath);
 void	mac_devfs_label_associate_directory(char *dirname, int dirnamelen,

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 (text+ko) ====

@@ -1462,6 +1462,8 @@
 /**
   @brief Associate a file label with a vnode
   @param cred User credential
+  @param mp Fdesc mount point
+  @param mntlabel Fdesc mount point label
   @param fg Fileglob structure
   @param label Policy label for fg
   @param vp Vnode to label
@@ -1473,6 +1475,8 @@
 */
 typedef void mpo_vnode_label_associate_file_t(
 	struct ucred *cred,
+	struct mount *mp,
+	struct label *mntlabel,
 	struct fileglob *fg,
 	struct label *label,
 	struct vnode *vp,

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 (text+ko) ====

@@ -256,8 +256,7 @@
 	struct fdescnode *fnp;
 	struct fileglob *fg;
 	struct proc *p;
-	int error;
-	int fd;
+	int error, fd;
 
 	error = 0;
 
@@ -269,11 +268,7 @@
 		break;
 	case VT_FDESC:
 		fnp = VTOFDESC(vp);
-		p = vfs_context_proc(ctx);
-		fd = fnp->fd_fd;
-		fg = fd != -1 ? p->p_fd->fd_ofiles[fd]->f_fglob : NULL;
-		error = mac_vnode_label_associate_file(vfs_context_ucred(ctx),
-		    fg, vp);
+		error = mac_vnode_label_associate_fdesc(mp, fnp, vp, ctx);
 		break;
 	default:
 		error = mac_vnode_label_associate_extattr(mp, vp);
@@ -778,10 +773,6 @@
 	if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0)
 		mp->mnt_flag |= MNT_MULTILABEL;
 
-	/* MULTILABEL on FDESC. */
-	if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0)
-		mp->mnt_flag |= MNT_MULTILABEL;
-
 	/* MULTILABEL on all NFS filesystems. */
 	if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0)
 		mp->mnt_flag |= MNT_MULTILABEL;
@@ -939,9 +930,10 @@
 }
 
 int
-mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
-    struct vnode *vp)
+mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
+    struct vnode *vp, vfs_context_t ctx)
 {
+	struct fileglob *fg;
 	struct pseminfo *psem;
 	struct pshminfo *pshm;
 	struct xsocket xso;
@@ -951,14 +943,15 @@
 	int error;
 
 	/*
-	 * If no backing file, use the cred label.
+	 * If no backing file, let the policy choose which label to use.
 	 */
-	if (fg == NULL) {
-		MAC_PERFORM(vnode_label_associate_cred, cred,
-		    vp, vp->v_label);
+	if (fnp->fd_fd == -1) {
+		MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx),
+		    mp, mp->mnt_mntlabel, NULL, NULL, vp, vp->v_label);
 		return (0);
 	}
 
+	fg = (*fdfile(vfs_context_proc(ctx), fnp->fd_fd))->f_fglob;
 	switch (fg->fg_type) {
 	case DTYPE_VNODE:
 		fvp = (struct vnode *)fg->fg_data;
@@ -970,37 +963,40 @@
 	case DTYPE_SOCKET:
 		so = (struct socket *)fg->fg_data;
 		sotoxsocket(so, &xso);
-		MAC_PERFORM(vnode_label_associate_socket, cred, &xso,
-		    so->so_label, vp, vp->v_label);
+		MAC_PERFORM(vnode_label_associate_socket,
+		    vfs_context_ucred(ctx), &xso, so->so_label,
+		    vp, vp->v_label);
 		break;
 	case DTYPE_PSXSHM:
 		/* XXX: should hold the PSHM_SUBSYS lock. */
 		pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data);
 		if (pshm == NULL)
 			return (EINVAL);
-		MAC_PERFORM(vnode_label_associate_posixshm, cred, pshm,
-		    pshm->pshm_label, vp, vp->v_label);
+		MAC_PERFORM(vnode_label_associate_posixshm,
+		    vfs_context_ucred(ctx), pshm, pshm->pshm_label,
+		    vp, vp->v_label);
 		break;
 	case DTYPE_PSXSEM:
 		/* XXX: should hold the PSEM_SUBSYS lock. */
 		psem = psemnodeinfo((struct psemnode *)fg->fg_data);
 		if (psem == NULL)
 			return (EINVAL);
-		MAC_PERFORM(vnode_label_associate_posixsem, cred, psem,
-		    psem->psem_label, vp, vp->v_label);
+		MAC_PERFORM(vnode_label_associate_posixsem,
+		    vfs_context_ucred(ctx), psem, psem->psem_label,
+		    vp, vp->v_label);
 		vnode_unlock(vp);
 		break;
 	case DTYPE_PIPE:
 		/* XXX: should PIPE_LOCK */
 		cpipe = (struct pipe *)fg->fg_data;
-		MAC_PERFORM(vnode_label_associate_pipe, cred, cpipe,
-		    cpipe->pipe_label, vp, vp->v_label);
+		MAC_PERFORM(vnode_label_associate_pipe, vfs_context_ucred(ctx),
+		    cpipe, cpipe->pipe_label, vp, vp->v_label);
 		break;
 	case DTYPE_KQUEUE:
 	case DTYPE_FSEVENTS:
 	default:
-		MAC_PERFORM(vnode_label_associate_file, cred, fg, fg->fg_label,
-		    vp, vp->v_label);
+		MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx),
+		    mp, mp->mnt_mntlabel, fg, fg->fg_label, vp, vp->v_label);
 		break;
 	}
 	return (0);
