PERFORCE change 107190 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=107190

Change 107190 by millert at millert_macbook on 2006/10/03 15:19:01

	Add support for DTYPE_VNODE in mac_{get,set}_fd(2).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#14 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#14 (text+ko) ====

@@ -1523,6 +1523,7 @@
 	size_t ulen;
 	struct socket *so;
 	struct label *intlabel;
+	struct vnode *vp;
 
 	AUDIT_ARG(fd, uap->fd);
 
@@ -1568,6 +1569,20 @@
 				 buffer, mac.m_buflen);
 			mac_socket_free_label(intlabel);
 			break;
+		case DTYPE_VNODE:
+			intlabel = mac_vnode_alloc_label();
+			vp = (struct vnode *)fp->f_fglob->fg_data;
+
+			error = vnode_getwithref(vp);
+			if (error == 0) {
+				mac_vnode_copy_label(vp->v_label, intlabel);
+				error = mac_vnode_externalize_label(intlabel,
+						elements, buffer,
+						mac.m_buflen, M_WAITOK);
+				vnode_put(vp);
+			}
+			mac_vnode_free_label(intlabel);
+			break;
 		default:
 			error = ENOSYS;   // only sockets are handled so far
 	}
@@ -1669,11 +1684,13 @@
 
 	struct fileproc *fp;
 	struct mac mac;
+	struct vfs_context context;
 	int error;
 	size_t ulen;
 	char *buffer;
 	struct label *intlabel;
 	struct socket *so;
+	struct vnode *vp;
 
 	AUDIT_ARG(fd, uap->fd);
 
@@ -1717,6 +1734,27 @@
 			}
 			mac_socket_free_label(intlabel);
 			break;
+		case DTYPE_VNODE:
+			intlabel = mac_vnode_alloc_label();
+
+			error = mac_vnode_internalize_label(intlabel, buffer);
+			if (error) {
+				mac_vnode_free_label(intlabel);
+				break;
+			}
+
+			context.vc_proc = p;
+			context.vc_ucred = kauth_cred_get();
+			vp = (struct vnode *)fp->f_fglob->fg_data;
+
+			error = vnode_getwithref(vp);
+			if (error == 0) {
+				error = vn_setlabel(vp, intlabel, &context);
+				vnode_put(vp);
+			}
+
+			mac_vnode_free_label(intlabel);
+			break;
 		default:
 			error = ENOSYS;  // only sockets are handled at this point
 	}