Date: Mon, 18 Mar 2013 16:00:20 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 223013 for review Message-ID: <201303181600.r2IG0Kio009889@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@223013?ac=10 Change 223013 by rwatson@rwatson_cinnamon on 2013/03/18 16:00:18 Add a second TESLA assertion relating to MAC enforcement on vnode operations. Modify the existing assertion to use 'vp' instead of 'ap->a_vp' as currently only variables, not more complex expressions, are permitted. Would be useful to fix this. Affected files ... .. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#3 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#3 (text+ko) ==== @@ -408,7 +408,15 @@ #endif } +#ifdef TESLA /* + * XXXRW: It would be nice if we didn't have to do this. + */ +#include <security/mac/mac_framework.h> +void trap(struct trapframe *frame); +#endif + +/* * Vnode op for reading. */ static int @@ -434,6 +442,9 @@ int ioflag; vp = ap->a_vp; + TESLA_WITHIN(trap, previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), + vp) == 0)); + uio = ap->a_uio; ioflag = ap->a_ioflag; if (ap->a_ioflag & IO_EXT) @@ -646,10 +657,10 @@ int seqcount; int blkoffset, error, flags, ioflag, size, xfersize; - TESLA_WITHIN(trap, previously(mac_check_vnode_write(ANY(ptr), ANY(ptr), - ap->a_vp))); + vp = ap->a_vp; + TESLA_WITHIN(trap, previously(mac_vnode_check_write(ANY(ptr), + ANY(ptr), vp) == 0)); - vp = ap->a_vp; uio = ap->a_uio; ioflag = ap->a_ioflag; if (ap->a_ioflag & IO_EXT)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303181600.r2IG0Kio009889>