PERFORCE change 109980 for review
Todd Miller
millert at FreeBSD.org
Tue Nov 14 20:50:35 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=109980
Change 109980 by millert at millert_g5tower on 2006/11/14 20:35:34
Split sebsd_file_check_ioctl into sebsd_file_check_ioctl() and
sebsd_vnode_check_ioctl().
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#40 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#40 (text+ko) ====
@@ -3085,26 +3085,33 @@
}
#endif
+/*
+ * The file ioctl check are split into fd and vnode components.
+ */
static int
sebsd_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
struct label *fglabel, u_long com, void *data)
{
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- int error;
tsec = SLOT(cred->cr_label);
fsec = SLOT(fglabel);
- error = avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD,
- FD__USE, NULL);
- if (error)
- return (error);
- if (fg->fg_type != DTYPE_VNODE)
- return (0);
+ return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL));
+}
+
+static int
+sebsd_vnode_check_ioctl(struct ucred *cred, struct vnode *vp,
+ struct label *label, int com, caddr_t data)
+{
+ struct task_security_struct *tsec;
+ struct vnode_security_struct *vsec;
+
+ tsec = SLOT(cred->cr_label);
+ vsec = SLOT(label);
- return (vnode_has_perm(cred, (struct vnode *)fg->fg_data,
- NULL, FILE__IOCTL));
+ return (vnode_has_perm(cred, vp, NULL, FILE__IOCTL));
}
/*
@@ -3709,6 +3716,7 @@
// .mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter,
.mpo_vnode_check_link = sebsd_vnode_check_link,
.mpo_vnode_check_lookup = sebsd_vnode_check_lookup,
+ .mpo_vnode_check_ioctl = sebsd_vnode_check_ioctl,
.mpo_vnode_check_open = sebsd_vnode_check_open,
.mpo_vnode_check_read = sebsd_vnode_check_read,
.mpo_vnode_check_readdir = sebsd_vnode_check_readdir,
More information about the trustedbsd-cvs
mailing list