PERFORCE change 113505 for review

Todd Miller millert at FreeBSD.org
Thu Jan 25 15:04:34 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=113505

Change 113505 by millert at millert_macbook on 2007/01/25 15:03:29

	Pass in a struct componentname * to some more vfs entrypoints
	where it is available.  We could add more if we are willing
	to move some nameidone() calls in the vendor sources.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#22 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#39 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#47 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#26 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#78 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#6 (text+ko) ====

@@ -697,15 +697,15 @@
 		 */
 		if (perms & W_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(ctx),
-			    vp, W_OK) != 0)
+			    vp, cnp, W_OK) != 0)
 				perms &= ~W_OK;
 		if (perms & R_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(ctx),
-			    vp, R_OK) != 0)
+			    vp, cnp, R_OK) != 0)
 				perms &= ~R_OK;
 		if (perms & X_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(ctx),
-			     vp, X_OK) != 0)
+			     vp, cnp, X_OK) != 0)
 				perms &= ~X_OK;
 #endif /* MAC */
 		KAUTH_DEBUG("ATTRLIST - returning user access %x", perms);
@@ -1195,15 +1195,15 @@
 		 */
 		if (perms & W_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(&context),
-			    vp, W_OK) != 0)
+			    vp, cnp, W_OK) != 0)
 				perms &= ~W_OK;
 		if (perms & R_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(&context),
-			    vp, R_OK) != 0)
+			    vp, cnp, R_OK) != 0)
 				perms &= ~R_OK;
 		if (perms & X_OK)
 			if (mac_vnode_check_access(vfs_context_ucred(&context),
-			    vp, X_OK) != 0)
+			    vp, cnp, X_OK) != 0)
 				perms &= ~X_OK;
 #endif /* MAC */
 		VFS_DEBUG(ctx, vp, "ATTRLIST - granting perms %d", perms);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#22 (text+ko) ====

@@ -376,7 +376,7 @@
 	}
 #ifdef MAC
 	error = mac_mount_check_mount(vfs_context_ucred(&context), vp,
-	    vfsp->vfc_name);
+	    &nd.ni_cnd, vfsp->vfc_name);
 	if (error != 0)
 		goto out1;
 #endif
@@ -1608,7 +1608,8 @@
 		return (error);
 
 #ifdef MAC
-	error = mac_vnode_check_chroot(vfs_context_ucred(&context), nd.ni_vp);
+	error = mac_vnode_check_chroot(vfs_context_ucred(&context), nd.ni_vp,
+	    &nd.ni_cnd);
 	if (error) {
 		vnode_put(nd.ni_vp);
 		return (error);
@@ -2540,7 +2541,8 @@
  * Check access permissions.
  */
 static int
-access1(vnode_t vp, vnode_t dvp, int uflags, vfs_context_t ctx)
+access1(vnode_t vp, vnode_t dvp, struct component *cnp, int uflags,
+    vfs_context_t ctx)
 {
  	kauth_action_t action;
 	int error;
@@ -2575,7 +2577,7 @@
 	}
 	
 #ifdef MAC
-	error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags);
+	error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, cnp, uflags);
 	if (error)
 		return (error);
 #endif /* MAC */
@@ -2727,7 +2729,8 @@
 			break;
 		case 0:
 			/* run this access check */
-			result[i] = access1(vp, dvp, input[i].ad_flags, &context);
+			result[i] = access1(vp, dvp, NULL, input[i].ad_flags,
+			    &context);
 			break;
 		default:
 			/* fatal lookup error */
@@ -2779,7 +2782,7 @@
  	if (error)
  		goto out;
 
-	error = access1(nd.ni_vp, nd.ni_dvp, uap->flags, &context);
+	error = access1(nd.ni_vp, nd.ni_dvp, &nd.ni_cnd, uap->flags, &context);
  	
  	vnode_put(nd.ni_vp);
  	if (uap->flags & _DELETE_OK)

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#39 (text+ko) ====

@@ -204,7 +204,7 @@
 	    struct vfs_attr *vfa);
 int	mac_mount_check_label_update(struct ucred *cred, struct mount *mp);
 int	mac_mount_check_mount(struct ucred *cred, struct vnode *vp,
-	    const char *vfc_name);
+	    struct componentname *cnp, const char *vfc_name);
 int	mac_mount_check_remount(struct ucred *cred, struct mount *mp);
 int	mac_mount_check_setattr(struct ucred *cred, struct mount *mp,
 	    struct vfs_attr *vfa);
@@ -368,9 +368,10 @@
 int	mac_task_check_get_port(struct ucred *cred, struct task *task);
 void	mac_thread_userret(int code, int error, struct thread *thread);
 int	mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
-	    int acc_mode);
+	    struct componentname *cnp, int acc_mode);
 int	mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
-int	mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
+int	mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
+	    struct componentname *cnp);
 int	mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
 	    struct componentname *cnp, struct vnode_attr *vap);
 int	mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#47 (text+ko) ====

@@ -1619,6 +1619,7 @@
   @param cred Subject credential
   @param vp Vnode that is to be the mount point
   @param vlabel Label associated with the vnode
+  @param cnp Component name for vp
   @param vfc_name Filesystem type name
 
   Determine whether the subject identified by the credential can perform
@@ -1631,6 +1632,7 @@
 	struct ucred *cred,
 	struct vnode *vp,
 	struct label *vlabel,
+	struct componentname *cnp,
 	const char *vfc_name
 );
 /**
@@ -4391,6 +4393,7 @@
   @param cred Subject credential
   @param vp Object vnode
   @param label Label for vp
+  @param cnp Component name for vp
   @param acc_mode access(2) flags
 
   Determine how invocations of access(2) and related calls by the
@@ -4407,6 +4410,7 @@
 	struct ucred *cred,
 	struct vnode *vp,
 	struct label *label,
+	struct componentname *cnp,
 	int acc_mode
 );
 /**
@@ -4432,6 +4436,7 @@
   @param cred Subject credential
   @param dvp Directory vnode
   @param dlabel Policy label associated with dvp
+  @param cnp Component name for dvp
 
   Determine whether the subject identified by the credential should be
   allowed to chroot(2) into the specified directory (dvp).
@@ -4442,7 +4447,8 @@
 typedef int mpo_vnode_check_chroot_t(
 	struct ucred *cred,
 	struct vnode *dvp,
-	struct label *dlabel
+	struct label *dlabel,
+	struct componentname *cnp
 );
 /**
   @brief Access control check for creating vnode

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#26 (text+ko) ====

@@ -379,13 +379,14 @@
 }
 
 int
-mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode)
+mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
+    struct componentname *cnp, int acc_mode)
 {
 	int error, mask;
 
 	/* Convert {R,W,X}_OK values to V{READ,WRITE,EXEC} for entry points */
 	mask = ACCESS_MODE_TO_VNODE_MASK(acc_mode);
-	MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, mask);
+	MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, cnp, mask);
 	return (error);
 }
 
@@ -399,11 +400,12 @@
 }
 
 int
-mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp)
+mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
+    struct componentname *cnp)
 {
 	int error;
 
-	MAC_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label);
+	MAC_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label, cnp);
 	return (error);
 }
 
@@ -810,11 +812,12 @@
 }
 
 int
-mac_mount_check_mount(struct ucred *cred, struct vnode *vp, const char *vfc_name)
+mac_mount_check_mount(struct ucred *cred, struct vnode *vp,
+    struct componentname *cnp, const char *vfc_name)
 {
 	int error;
 
-	MAC_CHECK(mount_check_mount, cred, vp, vp->v_label, vfc_name);
+	MAC_CHECK(mount_check_mount, cred, vp, vp->v_label, cnp, vfc_name);
 
 	return (error);
 }

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#78 (text+ko) ====

@@ -1454,7 +1454,7 @@
 
 static int
 sebsd_mount_check_mount(struct ucred *cred, struct vnode *vp, struct label *vl,
-    const char *vfc_name)
+    struct componentname *cnp, const char *vfc_name)
 {
 	int rc;
 	u_int32_t sid;
@@ -1465,7 +1465,7 @@
 	vsec = SLOT(vl);
 	task = SLOT(cred->cr_label);
 
-	rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON);
+	rc = vnode_has_perm(cred, vp, cnp, FILE__MOUNTON);
 	if (rc)
 		goto done;
 
@@ -1906,14 +1906,14 @@
 
 static int
 sebsd_vnode_check_access(struct ucred *cred, struct vnode *vp,
-    struct label *filelabel, int mask)
+    struct label *filelabel, struct componentname *cnp, int mask)
 {
 
 	/* existence check (F_OK) */
 	if (mask == 0)
 		return (0);
 
-	return (vnode_has_perm(cred, vp, NULL,
+	return (vnode_has_perm(cred, vp, cnp,
 	    file_mask_to_av(vp->v_type, mask)));
 }
 
@@ -1928,12 +1928,12 @@
 
 static int
 sebsd_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
-    struct label *dlabel)
+    struct label *dlabel, struct componentname *cnp)
 {
 
 	/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
 	/* MAY_EXEC ~= DIR__SEARCH */
-	return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, cnp, DIR__SEARCH));
 }
 
 static int

More information about the trustedbsd-cvs mailing list