From owner-p4-projects Thu Aug 1 10:59:10 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 34C4137B407; Thu, 1 Aug 2002 10:58:04 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D91B437B401 for ; Thu, 1 Aug 2002 10:58:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5B0243E7B for ; Thu, 1 Aug 2002 10:58:02 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g71Hw2JU020808 for ; Thu, 1 Aug 2002 10:58:02 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g71Hw2E1020805 for perforce@freebsd.org; Thu, 1 Aug 2002 10:58:02 -0700 (PDT) Date: Thu, 1 Aug 2002 10:58:02 -0700 (PDT) Message-Id: <200208011758.g71Hw2E1020805@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15399 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15399 Change 15399 by rwatson@rwatson_paprika on 2002/08/01 10:57:22 Integ MAC changes back in from the main tree. Affected files ... .. //depot/projects/trustedbsd/base/contrib/tar/src/extract.c#3 integrate .. //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#34 integrate .. //depot/projects/trustedbsd/base/sys/alpha/conf/GENERIC#12 integrate .. //depot/projects/trustedbsd/base/sys/i386/conf/GENERIC#14 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#3 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#18 integrate .. //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#5 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#9 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_socket2.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#15 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#4 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#19 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#23 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#18 integrate .. //depot/projects/trustedbsd/base/sys/modules/Makefile#18 integrate .. //depot/projects/trustedbsd/base/sys/modules/mac_biba/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_bsdextended/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_ifoff/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_mls/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_none/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_seeotheruids/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/mac_test/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/pc98/conf/GENERIC#13 integrate .. //depot/projects/trustedbsd/base/sys/powerpc/conf/GENERIC#6 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/conf/GENERIC#13 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#2 integrate .. //depot/projects/trustedbsd/base/usr.bin/sockstat/sockstat.c#3 integrate Differences ... ==== //depot/projects/trustedbsd/base/contrib/tar/src/extract.c#3 (text+ko) ==== @@ -19,7 +19,7 @@ with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/* $FreeBSD: src/contrib/tar/src/extract.c,v 1.4 2002/07/03 12:44:31 sobomax Exp $ */ +/* $FreeBSD: src/contrib/tar/src/extract.c,v 1.5 2002/08/01 17:32:08 sobomax Exp $ */ #include "system.h" #include @@ -129,6 +129,9 @@ { umask (newdir_umask); /* restore the kernel umask */ current_umask = newdir_umask; +#ifdef __FreeBSD__ + same_permissions_option++; +#endif } } @@ -184,7 +187,7 @@ mode = current_stat_info->st_mode ^ invert_permissions; } - if (chmod (file_name, mode) != 0) + if (chmod (file_name, mode & ~ current_umask) != 0) chmod_error_details (file_name, mode); } ==== //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#34 (text+ko) ==== @@ -3,7 +3,7 @@ The FreeBSD Project - $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.401 2002/07/31 20:09:07 bmah Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.402 2002/08/01 15:27:51 bmah Exp $ 2000 @@ -1959,6 +1959,11 @@ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33. &merged; + A heap buffer overflow in the XDR decoder has been fixed. + For more details, see security advisory FreeBSD-SA-02:34. + &merged; + ==== //depot/projects/trustedbsd/base/sys/alpha/conf/GENERIC#12 (text+ko) ==== @@ -4,7 +4,7 @@ # For more information on this file, please read the handbook section on # Kernel Configuration Files: # -# http://www.FreeBSD.org/handbook/kernelconfig-config.html +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the @@ -18,7 +18,7 @@ # # For hardware specific information check HARDWARE.TXT # -# $FreeBSD: src/sys/alpha/conf/GENERIC,v 1.146 2002/07/23 06:36:23 peter Exp $ +# $FreeBSD: src/sys/alpha/conf/GENERIC,v 1.147 2002/08/01 17:21:03 blackend Exp $ machine alpha cpu EV4 ==== //depot/projects/trustedbsd/base/sys/i386/conf/GENERIC#14 (text+ko) ==== @@ -4,7 +4,7 @@ # For more information on this file, please read the handbook section on # Kernel Configuration Files: # -# http://www.FreeBSD.org/handbook/kernelconfig-config.html +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the @@ -16,7 +16,7 @@ # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # -# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.352 2002/07/23 06:35:08 peter Exp $ +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.353 2002/08/01 17:21:09 blackend Exp $ machine i386 cpu I486_CPU ==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#3 (text+ko) ==== @@ -36,7 +36,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/kern_mac.c,v 1.2 2002/07/30 21:36:05 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_mac.c,v 1.3 2002/08/01 17:47:55 rwatson Exp $ */ /* * Developed by the TrustedBSD Project. @@ -46,6 +46,7 @@ */ #include "opt_mac.h" + #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#18 (text+ko) ==== @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 - * $FreeBSD: src/sys/kern/kern_prot.c,v 1.163 2002/07/31 00:48:24 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_prot.c,v 1.164 2002/08/01 17:47:55 rwatson Exp $ */ /* @@ -52,8 +52,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tty_tty.c 8.2 (Berkeley) 9/23/93 - * $FreeBSD: src/sys/kern/tty_tty.c,v 1.40 2002/08/01 01:09:54 rwatson Exp $ + * $FreeBSD: src/sys/kern/tty_tty.c,v 1.41 2002/08/01 17:47:55 rwatson Exp $ */ /* @@ -45,8 +45,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#9 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.96 2002/07/31 01:51:34 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.97 2002/08/01 17:47:55 rwatson Exp $ */ #include "opt_mac.h" @@ -41,8 +41,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#17 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94 - * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.128 2002/08/01 03:45:40 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.129 2002/08/01 17:47:56 rwatson Exp $ */ #include "opt_inet.h" @@ -42,8 +42,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket2.c#17 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_socket2.c 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/kern/uipc_socket2.c,v 1.100 2002/07/31 03:03:22 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_socket2.c,v 1.101 2002/08/01 17:47:56 rwatson Exp $ */ #include "opt_mac.h" @@ -44,8 +44,8 @@ #include /* for maxfiles */ #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#15 (text+ko) ==== @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94 - * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.121 2002/07/31 16:39:49 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.122 2002/08/01 17:47:56 rwatson Exp $ */ #include "opt_compat.h" @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#4 (text+ko) ==== @@ -61,7 +61,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.79 2002/07/31 01:11:29 rwatson Exp $ + * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.80 2002/08/01 17:47:56 rwatson Exp $ */ #include @@ -69,8 +69,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#19 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95 - * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.386 2002/07/31 12:25:28 des Exp $ + * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.387 2002/08/01 17:47:56 rwatson Exp $ */ /* @@ -54,8 +54,8 @@ #include #include #include +#include #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#23 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.276 2002/08/01 03:50:08 rwatson Exp $ + * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.278 2002/08/01 17:47:56 rwatson Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -48,8 +48,8 @@ #include #include #include +#include #include -#include #include #include #include @@ -733,7 +733,12 @@ VATTR_NULL(&vat); vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_SETATTR(vp, &vat, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_op(td->td_ucred, vp, + MAC_OP_VNODE_WRITE); + if (error == 0) +#endif + error = VOP_SETATTR(vp, &vat, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); if (error) @@ -1305,6 +1310,11 @@ flags |= VWRITE; if (user_flags & X_OK) flags |= VEXEC; +#ifdef MAC + error = mac_check_vnode_access(cred, vp, flags); + if (error) + return (error); +#endif if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) error = VOP_ACCESS(vp, flags, cred, td); } @@ -1746,6 +1756,13 @@ return (error); NDFREE(&nd, NDF_ONLY_PNBUF); vp = nd.ni_vp; +#ifdef MAC + error = mac_check_vnode_readlink(td->td_ucred, vp); + if (error) { + vput(vp); + return (error); + } +#endif if (vp->v_type != VLNK) error = EINVAL; else { @@ -1794,9 +1811,16 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - VATTR_NULL(&vattr); - vattr.va_flags = flags; - error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags); + if (error == 0) { +#endif + VATTR_NULL(&vattr); + vattr.va_flags = flags; + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); +#ifdef MAC + } +#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); @@ -1902,7 +1926,11 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); VATTR_NULL(&vattr); vattr.va_mode = mode & ALLPERMS; - error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_setmode(td->td_ucred, vp, vattr.va_mode); + if (error == 0) +#endif + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2019,7 +2047,12 @@ VATTR_NULL(&vattr); vattr.va_uid = uid; vattr.va_gid = gid; - error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_setowner(td->td_ucred, vp, vattr.va_uid, + vattr.va_gid); + if (error == 0) +#endif + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2178,7 +2211,12 @@ vattr.va_birthtime = ts[2]; if (nullflag) vattr.va_vaflags |= VA_UTIMES_NULL; - error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_setutimes(td->td_ucred, vp, vattr.va_atime, + vattr.va_mtime); + if (error == 0) +#endif + error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return error; @@ -2328,6 +2366,10 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (vp->v_type == VDIR) error = EISDIR; +#ifdef MAC + else if ((error = mac_check_vnode_op(td->td_ucred, vp, + MAC_OP_VNODE_WRITE))) {} +#endif else if ((error = vn_writechk(vp)) == 0 && (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { VATTR_NULL(&vattr); @@ -2382,6 +2424,10 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); if (vp->v_type == VDIR) error = EISDIR; +#ifdef MAC + else if ((error = mac_check_vnode_op(td->td_ucred, vp, + MAC_OP_VNODE_WRITE))) {} +#endif else if ((error = vn_writechk(vp)) == 0) { VATTR_NULL(&vattr); vattr.va_size = SCARG(uap, length); @@ -3073,6 +3119,13 @@ vput(vp); return (EINVAL); } +#ifdef MAC + error = mac_check_vnode_revoke(td->td_ucred, vp); + if (error) { + vput(vp); + return (error); + } +#endif error = VOP_GETATTR(vp, &vattr, td->td_ucred, td); if (error) { vput(vp); @@ -3257,6 +3310,11 @@ mode |= VREAD; if (fmode & O_APPEND) mode |= VAPPEND; +#ifdef MAC + error = mac_check_vnode_open(td->td_ucred, vp, mode); + if (error) + goto bad; +#endif if (mode) { error = VOP_ACCESS(vp, mode, td->td_ucred, td); if (error) @@ -3270,9 +3328,17 @@ } VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */ - VATTR_NULL(vap); - vap->va_size = 0; - error = VOP_SETATTR(vp, vap, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_op(td->td_ucred, vp, + MAC_OP_VNODE_WRITE); + if (error == 0) { +#endif + VATTR_NULL(vap); + vap->va_size = 0; + error = VOP_SETATTR(vp, vap, td->td_ucred, td); +#ifdef MAC + } +#endif vn_finished_write(mp); if (error) goto bad; @@ -3584,6 +3650,13 @@ auio.uio_td = td; cnt = nbytes; +#ifdef MAC + error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, + attrname, &auio); + if (error) + goto done; +#endif + error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, td->td_ucred, td); cnt -= auio.uio_resid; @@ -3704,6 +3777,13 @@ } else sizep = &size; +#ifdef MAC + error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace, + attrname, &auio); + if (error) + goto done; +#endif + error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep, td->td_ucred, td); @@ -3800,6 +3880,11 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, + attrname, NULL); +#endif + error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL, td->td_ucred, td); ==== //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#18 (text+ko) ==== @@ -36,9 +36,11 @@ * SUCH DAMAGE. * * @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94 - * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.154 2002/07/31 12:19:49 des Exp $ + * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.156 2002/08/01 17:23:22 rwatson Exp $ */ +#include "opt_mac.h" + #include #include #include @@ -46,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -187,22 +190,29 @@ error = EOPNOTSUPP; goto bad; } + mode = 0; + if (fmode & (FWRITE | O_TRUNC)) { + if (vp->v_type == VDIR) { + error = EISDIR; + goto bad; + } + mode |= VWRITE; + } + if (fmode & FREAD) + mode |= VREAD; + if (fmode & O_APPEND) + mode |= VAPPEND; +#ifdef MAC + error = mac_check_vnode_open(cred, vp, mode); + if (error) + goto bad; +#endif if ((fmode & O_CREAT) == 0) { - mode = 0; - if (fmode & (FWRITE | O_TRUNC)) { - if (vp->v_type == VDIR) { - error = EISDIR; - goto bad; - } + if (mode & VWRITE) { error = vn_writechk(vp); if (error) goto bad; - mode |= VWRITE; } - if (fmode & FREAD) - mode |= VREAD; - if (fmode & O_APPEND) - mode |= VAPPEND; if (mode) { error = VOP_ACCESS(vp, mode, cred, td); if (error) @@ -383,9 +393,17 @@ auio.uio_rw = rw; auio.uio_td = td; if (rw == UIO_READ) { - error = VOP_READ(vp, &auio, ioflg, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ); + if (error == 0) +#endif + error = VOP_READ(vp, &auio, ioflg, cred); } else { - error = VOP_WRITE(vp, &auio, ioflg, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + if (error == 0) +#endif + error = VOP_WRITE(vp, &auio, ioflg, cred); } if (aresid) *aresid = auio.uio_resid; @@ -472,7 +490,11 @@ ioflag |= sequential_heuristic(uio, fp); - error = VOP_READ(vp, uio, ioflag, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ); + if (error == 0) +#endif + error = VOP_READ(vp, uio, ioflag, cred); if ((flags & FOF_OFFSET) == 0) fp->f_offset = uio->uio_offset; fp->f_nextoff = uio->uio_offset; @@ -523,7 +545,11 @@ if ((flags & FOF_OFFSET) == 0) uio->uio_offset = fp->f_offset; ioflag |= sequential_heuristic(uio, fp); - error = VOP_WRITE(vp, uio, ioflag, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + if (error == 0) +#endif + error = VOP_WRITE(vp, uio, ioflag, cred); if ((flags & FOF_OFFSET) == 0) fp->f_offset = uio->uio_offset; fp->f_nextoff = uio->uio_offset; @@ -566,6 +592,12 @@ int error; u_short mode; +#ifdef MAC + error = mac_check_vnode_stat(td->td_ucred, vp); + if (error) + return (error); +#endif + vap = &vattr; error = VOP_GETATTR(vp, vap, td->td_ucred, td); if (error) @@ -747,6 +779,19 @@ struct ucred *cred; struct thread *td; { + struct vnode *vp; +#ifdef MAC + int error; +#endif + + vp = (struct vnode *)fp->f_data; +#ifdef MAC + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_POLL); + VOP_UNLOCK(vp, 0, td); + if (error) + return (error); +#endif return (VOP_POLL(((struct vnode *)fp->f_data), events, cred, td)); } ==== //depot/projects/trustedbsd/base/sys/modules/Makefile#18 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/modules/Makefile,v 1.247 2002/07/30 17:44:28 joe Exp $ +# $FreeBSD: src/sys/modules/Makefile,v 1.248 2002/08/01 17:41:26 rwatson Exp $ .if exists(${.CURDIR}/../crypto) && !defined(NOCRYPT) _random= random @@ -48,6 +48,13 @@ libmchain \ lnc \ lpt \ + mac_biba \ + mac_bsdextended \ + mac_ifoff \ + mac_mls \ + mac_none \ + mac_seeotheruids \ + mac_test \ md \ mii \ mlx \ ==== //depot/projects/trustedbsd/base/sys/pc98/conf/GENERIC#13 (text+ko) ==== @@ -4,7 +4,7 @@ # For more information on this file, please read the handbook section on # Kernel Configuration Files: # -# http://www.FreeBSD.org/handbook/kernelconfig-config.html +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the @@ -16,7 +16,7 @@ # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # -# $FreeBSD: src/sys/pc98/conf/GENERIC,v 1.210 2002/07/23 06:37:14 peter Exp $ +# $FreeBSD: src/sys/pc98/conf/GENERIC,v 1.211 2002/08/01 17:20:58 blackend Exp $ machine pc98 #cpu I386_CPU #Do not enable with other cpu types ==== //depot/projects/trustedbsd/base/sys/powerpc/conf/GENERIC#6 (text+ko) ==== @@ -4,7 +4,7 @@ # For more information on this file, please read the handbook section on # Kernel Configuration Files: # -# http://www.FreeBSD.org/handbook/kernelconfig-config.html +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the @@ -16,7 +16,7 @@ # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # -# $FreeBSD: src/sys/powerpc/conf/GENERIC,v 1.10 2002/07/23 06:38:21 peter Exp $ +# $FreeBSD: src/sys/powerpc/conf/GENERIC,v 1.11 2002/08/01 17:21:13 blackend Exp $ machine powerpc cpu MPC750 ==== //depot/projects/trustedbsd/base/sys/sparc64/conf/GENERIC#13 (text+ko) ==== @@ -4,7 +4,7 @@ # For more information on this file, please read the handbook section on # Kernel Configuration Files: # -# http://www.FreeBSD.org/handbook/kernelconfig-config.html +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the @@ -18,7 +18,7 @@ # # For hardware specific information check HARDWARE.TXT # -# $FreeBSD: src/sys/sparc64/conf/GENERIC,v 1.28 2002/07/27 15:28:35 mike Exp $ +# $FreeBSD: src/sys/sparc64/conf/GENERIC,v 1.29 2002/08/01 17:21:18 blackend Exp $ machine sparc64 cpu SUN4U ==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#2 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac_policy.h,v 1.1 2002/07/30 21:32:34 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac_policy.h,v 1.2 2002/08/01 17:32:01 rwatson Exp $ */ /* * Kernel interface for MAC policy modules. @@ -326,7 +326,7 @@ struct label *label, int op); }; -typedef void *macop_t; +typedef const void *macop_t; enum mac_op_constant { MAC_OP_LAST, @@ -445,7 +445,7 @@ struct mac_policy_op_entry { enum mac_op_constant mpe_constant; /* what this hook implements */ - void *mpe_function; /* hook's implementation */ + macop_t mpe_function; /* hook's implementation */ }; struct mac_policy_conf { ==== //depot/projects/trustedbsd/base/usr.bin/sockstat/sockstat.c#3 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include -__FBSDID("$FreeBSD: src/usr.bin/sockstat/sockstat.c,v 1.2 2002/08/01 11:02:30 des Exp $"); +__FBSDID("$FreeBSD: src/usr.bin/sockstat/sockstat.c,v 1.3 2002/08/01 16:49:31 des Exp $"); #include #include @@ -39,6 +39,8 @@ #include #include +#include + #include #include #include To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message