From owner-p4-projects@FreeBSD.ORG  Thu Oct 26 19:23:33 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C567A16A415; Thu, 26 Oct 2006 19:23:33 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 85A2716A407
	for <perforce@freebsd.org>; Thu, 26 Oct 2006 19:23:33 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5136A43D66
	for <perforce@freebsd.org>; Thu, 26 Oct 2006 19:23:33 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9QJNXH6078544
	for <perforce@freebsd.org>; Thu, 26 Oct 2006 19:23:33 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9QJNWTi078540
	for perforce@freebsd.org; Thu, 26 Oct 2006 19:23:32 GMT
	(envelope-from millert@freebsd.org)
Date: Thu, 26 Oct 2006 19:23:32 GMT
Message-Id: <200610261923.k9QJNWTi078540@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 108512 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2006 19:23:34 -0000

http://perforce.freebsd.org/chv.cgi?CH=108512

Change 108512 by millert@millert_macbook on 2006/10/26 19:22:30

	Resolve a problem in error handling.  A vnode is not labeled
	if mac_vnode_label_associate_extattr() returns non-zero.
	Add comments regarding edge cases (label failure with waiting
	processes).  Alter the MLS policy to handle policy errors
	in a useful manner.  Some refinement may be required.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#16 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#6 (text+ko) ====

@@ -49,7 +49,8 @@
 			error = mac_vnode_label_associate_extattr(mp, vp);
 		vnode_lock(vp);
 
-		vp->v_lflag |= VL_LABELED;
+		if (error == 0)
+			vp->v_lflag |= VL_LABELED;
 		vp->v_lflag &= ~VL_LABEL;
 		if (vp->v_lflag & VL_LABELWAIT) {
 			vp->v_lflag &= ~VL_LABELWAIT;
@@ -68,6 +69,7 @@
 				"vnode_label", &ts);
 		if (error == EWOULDBLOCK)
 			vprint("vnode label timeout", vp);
+		/* XXX: what should be done if labeling failed (above)? */
 		vnode_put(vp);
 		return (error);
 	}
@@ -98,7 +100,8 @@
 		error = mac_vnode_label_associate_extattr(vnode_mount(vp), vp);
 		vnode_lock(vp);
 
-		vp->v_lflag |= VL_LABELED;
+		if (error == 0)
+			vp->v_lflag |= VL_LABELED;
 		vp->v_lflag &= ~VL_LABEL;
 		if (vp->v_lflag & VL_LABELWAIT) {
 			vp->v_lflag &= ~VL_LABELWAIT;
@@ -109,7 +112,7 @@
 	if (vp->v_lflag & VL_LABEL) {
 		vp->v_lflag |= VL_LABELWAIT;
 		(void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_label", 0);
-
+		/* XXX: what should be done if labeling failed (above)? */
 	}
 
 	return (error);

==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#16 (text+ko) ====

@@ -1204,9 +1204,7 @@
 	error = mac_vnop_getxattr(vp, MAC_MLS_EXTATTR_NAME,
 				  (char *)&temp, sizeof(temp), &buflen);
 	if (error == ENOATTR || error == ENOTSUP || error == EPERM) {
-		/* Fall back to the mntlabel. */
-		mac_mls_copy_effective(source, dest);
-		return (0);
+		goto fallback;
 	} else if (error)
 		return (error);
 
@@ -1214,20 +1212,28 @@
 		printf("mac_mls_vnode_label_associate_extattr: bad size %d\n",
 		    buflen);
 		MLS_MESSAGE("mac_mls_vnode_label_associate_extattr : EPERM\n");
-		return (EPERM);
+		goto badlabel;
 	}
 	if (mac_mls_valid(&temp) != 0) {
 		printf("mac_mls_vnode_label_associate_extattr: invalid\n");
 		MLS_MESSAGE("mac_mls_vnode_label_associate_extattr : EPERM\n");
-		return (EPERM);
+		goto badlabel;
 	}
 	if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) {
 		printf("mac_mls_associated_vnode_extattr: not effective\n");
-		MLS_RETURN (EPERM);
+		goto badlabel;
 	}
 
 	mac_mls_copy_effective(&temp, dest);
 	return (0);
+
+badlabel:
+	/* Clear the invalid/bad label. */
+	mac_vnop_removexattr(vp, MAC_MLS_EXTATTR_NAME);
+fallback:
+	/* Fall back to the mntlabel. */
+	mac_mls_copy_effective(source, dest);
+	return (0);
 }
 
 static int