Date: Thu, 9 Feb 2006 21:35:04 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91474 for review Message-ID: <200602092135.k19LZ4Td042759@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91474 Change 91474 by millert@millert_ibook on 2006/02/09 21:34:37 Add mprotect entry point Add some casts to quiet gcc For mmap entry point, check flags for MAP_SHARED Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#28 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#28 (text+ko) ==== @@ -1186,13 +1186,13 @@ psec = SLOT(obj); tsec = SLOT(subj); - cld = hashtab_search (policydb.p_classes.table, s); + cld = hashtab_search(policydb.p_classes.table, (void *)s); if (cld == NULL) return EINVAL; - p = hashtab_search (cld->permissions.table, pn); + p = hashtab_search(cld->permissions.table, (void *)pn); if (p == NULL && cld->comdatum) - p = hashtab_search (cld->comdatum->permissions.table, pn); + p = hashtab_search(cld->comdatum->permissions.table, (void *)pn); if (p == NULL) return EINVAL; @@ -1212,7 +1212,7 @@ tsec = SLOT(subj); osec = SLOT(out); - cld = hashtab_search (policydb.p_classes.table, s); + cld = hashtab_search(policydb.p_classes.table, (void *)s); if (cld == NULL) return EINVAL; @@ -1409,7 +1409,7 @@ /* loginwindow.app/MAC.loginPlugin orphaned process. */ dst = SLOT(p->p_ucred->cr_label); #ifdef SEFOS_DEBUG - printf("sebsd_check_proc_setlcid (orphan): pid %d, lcid %d, sid 0x%x -> 0x%x\n", pid, lcid, dst->sid, dst->osid); + printf("sebsd_check_proc_setlcid (orphan): pid %d, lcid %d, sid 0x%x -> 0x%x\n", pid, lcid, dst->sid, dst->osid); // XXX #endif if (dst->sid != dst->osid) { /* @@ -1424,7 +1424,7 @@ case LCID_CREATE: /* Create */ /* nop */ #ifdef SEFOS_DEBUG - printf("sebsd_check_proc_setlcid (create): pid %d, lcid %d\n", pid, lcid); + printf("sebsd_check_proc_setlcid (create): pid %d, lcid %d\n", pid, lcid); // XXX #endif break; @@ -1435,7 +1435,7 @@ dst = SLOT(p->p_ucred->cr_label); #ifdef SEFOS_DEBUG - printf("sebsd_check_proc_setlcid (adopt): pid %d, lcid %d, sid 0x%x -> 0x%x\n", pid, lcid, dst->sid, src->sid); + printf("sebsd_check_proc_setlcid (adopt): pid %d, lcid %d, sid 0x%x -> 0x%x\n", pid, lcid, dst->sid, src->sid); // XXX #endif if (src->sid != dst->sid) { /* @@ -2267,12 +2267,9 @@ return vnode_has_perm(cred, vp, FILE__WRITE, NULL); } -/* - * Also registered for MAC_CHECK_VNODE_MPROTECT - */ static int sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int newmapping, int flags, int *maxprot) + struct label *label, int prot, int flags, int *maxprot) { access_vector_t av; @@ -2283,10 +2280,33 @@ if (vp) { av = FILE__READ; - if (newmapping & PROT_WRITE) + if ((prot & PROT_WRITE) && (flags & MAP_SHARED)) + av |= FILE__WRITE; + + if (prot & PROT_EXEC) + av |= FILE__EXECUTE; + + return (vnode_has_perm(cred, vp, av, NULL)); + } + return (0); +} + +static int +sebsd_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, + struct label *label, int prot) +{ + access_vector_t av; + + /* + * TBD: Incomplete? + */ + if (vp) { + av = FILE__READ; + + if (prot & PROT_WRITE) av |= FILE__WRITE; - if (newmapping & PROT_EXEC) + if (prot & PROT_EXEC) av |= FILE__EXECUTE; return (vnode_has_perm(cred, vp, av, NULL)); @@ -2614,8 +2634,8 @@ .mpo_destroy = sebsd_destroy, .mpo_destroy_cred_label = sebsd_destroy_cred_label, - .mpo_destroy_task_label = sebsd_destroy_cred_label, - .mpo_destroy_port_label = sebsd_destroy_cred_label, + .mpo_destroy_task_label = sebsd_destroy_task_label, + .mpo_destroy_port_label = sebsd_destroy_port_label, .mpo_destroy_vnode_label = sebsd_destroy_vnode_label, .mpo_destroy_devfsdirent_label = sebsd_destroy_vnode_label, @@ -2686,6 +2706,7 @@ .mpo_check_vnode_link = sebsd_check_vnode_link, .mpo_check_vnode_lookup = sebsd_check_vnode_lookup, .mpo_check_vnode_mmap = sebsd_check_vnode_mmap, + .mpo_check_vnode_mprotect = sebsd_check_vnode_mprotect, .mpo_check_vnode_open = sebsd_check_vnode_open, .mpo_check_vnode_poll = sebsd_check_vnode_poll, .mpo_check_vnode_read = sebsd_check_vnode_read,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602092135.k19LZ4Td042759>