From owner-p4-projects@FreeBSD.ORG Tue Oct 3 15:19:21 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id B4A3016A55C; Tue, 3 Oct 2006 15:19:21 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77BFB16A54B for ; Tue, 3 Oct 2006 15:19:21 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AF4643D46 for ; Tue, 3 Oct 2006 15:19:21 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k93FJLK7030059 for ; Tue, 3 Oct 2006 15:19:21 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k93FJKRr030056 for perforce@freebsd.org; Tue, 3 Oct 2006 15:19:20 GMT (envelope-from millert@freebsd.org) Date: Tue, 3 Oct 2006 15:19:20 GMT Message-Id: <200610031519.k93FJKRr030056@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107190 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 15:19:21 -0000 http://perforce.freebsd.org/chv.cgi?CH=107190 Change 107190 by millert@millert_macbook on 2006/10/03 15:19:01 Add support for DTYPE_VNODE in mac_{get,set}_fd(2). Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#14 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#14 (text+ko) ==== @@ -1523,6 +1523,7 @@ size_t ulen; struct socket *so; struct label *intlabel; + struct vnode *vp; AUDIT_ARG(fd, uap->fd); @@ -1568,6 +1569,20 @@ buffer, mac.m_buflen); mac_socket_free_label(intlabel); break; + case DTYPE_VNODE: + intlabel = mac_vnode_alloc_label(); + vp = (struct vnode *)fp->f_fglob->fg_data; + + error = vnode_getwithref(vp); + if (error == 0) { + mac_vnode_copy_label(vp->v_label, intlabel); + error = mac_vnode_externalize_label(intlabel, + elements, buffer, + mac.m_buflen, M_WAITOK); + vnode_put(vp); + } + mac_vnode_free_label(intlabel); + break; default: error = ENOSYS; // only sockets are handled so far } @@ -1669,11 +1684,13 @@ struct fileproc *fp; struct mac mac; + struct vfs_context context; int error; size_t ulen; char *buffer; struct label *intlabel; struct socket *so; + struct vnode *vp; AUDIT_ARG(fd, uap->fd); @@ -1717,6 +1734,27 @@ } mac_socket_free_label(intlabel); break; + case DTYPE_VNODE: + intlabel = mac_vnode_alloc_label(); + + error = mac_vnode_internalize_label(intlabel, buffer); + if (error) { + mac_vnode_free_label(intlabel); + break; + } + + context.vc_proc = p; + context.vc_ucred = kauth_cred_get(); + vp = (struct vnode *)fp->f_fglob->fg_data; + + error = vnode_getwithref(vp); + if (error == 0) { + error = vn_setlabel(vp, intlabel, &context); + vnode_put(vp); + } + + mac_vnode_free_label(intlabel); + break; default: error = ENOSYS; // only sockets are handled at this point }