PERFORCE change 108825 for review
Todd Miller
millert at FreeBSD.org
Tue Oct 31 14:33:50 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=108825
Change 108825 by millert at millert_macbook on 2006/10/31 14:31:03
Back out @108433 for now, it can panic the system.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#29 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#6 (text+ko) ====
@@ -706,8 +706,6 @@
#endif
case AVC_AUDIT_DATA_FS:
if (a->u.fs.vp && tsk) {
- char *pbuf = NULL;
- char *path = a->u.fs.path;
struct vnode *vp = a->u.fs.vp;
struct vnode_attr va;
struct vfs_context vfs_ctx =
@@ -715,22 +713,10 @@
VATTR_INIT(&va);
VATTR_WANTED(&va, va_fileid);
if (vnode_getattr(vp, &va, &vfs_ctx) == 0) {
- audit_log_format(ab, " inode=%llu, "
- "mountpoint=%s,", va.va_fileid,
+ audit_log_format(ab,
+ " inode=%llu, mountpoint=%s,",
+ va.va_fileid,
vp->v_mount->mnt_vfsstat.f_mntonname);
- if (path == NULL) {
- int len = MAXPATHLEN;
- pbuf = sebsd_malloc(MAXPATHLEN,
- M_SEBSD, M_NOWAIT);
- if (pbuf != NULL &&
- !vn_getpath(vp, pbuf, &len))
- path = pbuf;
- }
- if (path != NULL)
- audit_log_format(ab,
- " path=%s,", path);
- if (pbuf != NULL)
- sebsd_free(pbuf, M_SEBSD);
break;
}
audit_log_format(ab,
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#4 (text+ko) ====
@@ -49,7 +49,6 @@
union {
struct {
struct vnode *vp;
- char *path;
} fs;
struct {
char *netif;
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#29 (text+ko) ====
@@ -440,7 +440,7 @@
}
static int
-vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm)
+vnode_has_perm(struct ucred *cred, struct vnode *vp, u_int32_t perm)
{
struct task_security_struct *task;
struct vnode_security_struct *file;
@@ -451,7 +451,6 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
- ad.u.fs.path = path;
/* Update security class if not set or vnode was recycled. */
if (file->sclass == 0 || vp->v_type == VBAD)
@@ -1483,7 +1482,7 @@
vsec = SLOT(vl);
task = SLOT(cred->cr_label);
- rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON);
+ rc = vnode_has_perm(cred, vp, FILE__MOUNTON);
if (rc)
goto done;
@@ -1951,7 +1950,7 @@
if (mask == 0)
return (0);
- return (vnode_has_perm(cred, vp, NULL,
+ return (vnode_has_perm(cred, vp,
file_mask_to_av(vp->v_type, mask)));
}
@@ -1961,7 +1960,7 @@
{
/* MAY_EXEC ~= DIR__SEARCH */
- return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, DIR__SEARCH));
}
static int
@@ -1971,7 +1970,7 @@
/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
/* MAY_EXEC ~= DIR__SEARCH */
- return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, DIR__SEARCH));
}
static int
@@ -1996,7 +1995,6 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = dvp;
- ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__ADD_NAME | DIR__SEARCH, &ad);
@@ -2053,7 +2051,6 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
- ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__SEARCH | DIR__REMOVE_NAME, &ad);
@@ -2076,7 +2073,7 @@
struct label *label, acl_type_t type)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
#endif
@@ -2086,10 +2083,10 @@
{
int error;
- error = vnode_has_perm(cred, v1, NULL, FILE__READ | FILE__WRITE);
+ error = vnode_has_perm(cred, v1, FILE__READ | FILE__WRITE);
if (error)
return (error);
- return (vnode_has_perm(cred, v2, NULL, FILE__READ | FILE__WRITE));
+ return (vnode_has_perm(cred, v2, FILE__READ | FILE__WRITE));
}
static int
@@ -2154,7 +2151,7 @@
struct label *label, acl_type_t type)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, FILE__GETATTR));
}
#endif
@@ -2163,7 +2160,7 @@
struct label *vlabel, struct attrlist *alist)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, FILE__GETATTR));
}
static int
@@ -2171,7 +2168,7 @@
struct label *label, const char *name, struct uio *uio)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, FILE__GETATTR));
}
#if defined(FILE__POLL) && defined(FILE__GETATTR)
@@ -2183,9 +2180,9 @@
switch (kn->kn_filter) {
case EVFILT_READ:
case EVFILT_WRITE:
- return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
+ return (vnode_has_perm(cred, vp, FILE__POLL));
case EVFILT_VNODE:
- return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, FILE__GETATTR));
default:
return (0);
}
@@ -2211,7 +2208,6 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
- ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__SEARCH | DIR__ADD_NAME, &ad);
@@ -2232,7 +2228,7 @@
return (ENOTDIR);
/* TBD: DIR__READ as well? */
- return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, DIR__SEARCH));
}
static int
@@ -2251,7 +2247,7 @@
if (!mask)
return (0);
- return (vnode_has_perm(cred, vp, NULL,
+ return (vnode_has_perm(cred, vp,
file_mask_to_av(vp->v_type, mask)));
}
@@ -2260,7 +2256,7 @@
struct vnode *vp, struct label *label)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__READ));
+ return (vnode_has_perm(cred, vp, FILE__READ));
}
static int
@@ -2268,7 +2264,7 @@
struct label *dlabel)
{
- return (vnode_has_perm(cred, dvp, NULL, DIR__READ));
+ return (vnode_has_perm(cred, dvp, DIR__READ));
}
static int
@@ -2276,7 +2272,7 @@
struct label *label)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__READ));
+ return (vnode_has_perm(cred, vp, FILE__READ));
}
static int
@@ -2346,8 +2342,6 @@
sebsd_audit_sid("source directory", old_dir->sid);
AVC_AUDIT_DATA_INIT(&ad, FS);
- ad.u.fs.vp = vp;
- ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR,
DIR__REMOVE_NAME | DIR__SEARCH, &ad);
@@ -2406,7 +2400,6 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
- ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL);
if (rc)
@@ -2446,7 +2439,7 @@
struct label *label, int which)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
+ return (vnode_has_perm(cred, vp, FILE__POLL));
}
#endif
@@ -2456,7 +2449,7 @@
struct label *label, acl_type_t type, struct acl *acl)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
#endif
@@ -2466,7 +2459,7 @@
struct label *vlabel, struct attrlist *alist)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
#endif
@@ -2475,7 +2468,7 @@
struct label *label, const char *name, struct uio *uio)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
static int
@@ -2483,7 +2476,7 @@
struct label *label, u_long flags)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
static int
@@ -2491,7 +2484,7 @@
struct label *label, mode_t mode)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
static int
@@ -2499,7 +2492,7 @@
struct label *label, uid_t uid, gid_t gid)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
static int
@@ -2507,7 +2500,7 @@
struct label *label, struct timespec atime, struct timespec mtime)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
static int
@@ -2515,7 +2508,7 @@
struct vnode *vp, struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, FILE__GETATTR));
}
static int
@@ -2838,7 +2831,7 @@
struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
+ return (vnode_has_perm(cred, vp, FILE__SWAPON));
}
#if 0
@@ -2847,7 +2840,7 @@
struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
+ return (vnode_has_perm(cred, vp, FILE__SWAPON));
}
#endif
@@ -2870,7 +2863,7 @@
struct vnode *vp, struct label *label)
{
- return (vnode_has_perm(cred, vp, NULL, FILE__WRITE));
+ return (vnode_has_perm(cred, vp, FILE__WRITE));
}
static int
@@ -2892,7 +2885,7 @@
if (prot & PROT_EXEC)
av |= FILE__EXECUTE;
- return (vnode_has_perm(cred, vp, NULL, av));
+ return (vnode_has_perm(cred, vp, av));
}
return (0);
}
@@ -2915,7 +2908,7 @@
if (prot & PROT_EXEC)
av |= FILE__EXECUTE;
- return (vnode_has_perm(cred, vp, NULL, av));
+ return (vnode_has_perm(cred, vp, av));
}
return (0);
}
@@ -3033,7 +3026,7 @@
return (0);
return (vnode_has_perm(cred, (struct vnode *)fg->fg_data,
- NULL, FILE__IOCTL));
+ FILE__IOCTL));
}
/*
More information about the trustedbsd-cvs
mailing list