From owner-p4-projects  Sun Jul 21 12:14:31 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D932237B401; Sun, 21 Jul 2002 12:14:19 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A3C537B400
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 12:14:19 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1331943E65
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 12:14:19 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6LJEIJU078591
	for <perforce@freebsd.org>; Sun, 21 Jul 2002 12:14:18 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6LJEIjk078562
	for perforce@freebsd.org; Sun, 21 Jul 2002 12:14:18 -0700 (PDT)
Date: Sun, 21 Jul 2002 12:14:18 -0700 (PDT)
Message-Id: <200207211914.g6LJEIjk078562@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 14619 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14619

Change 14619 by rwatson@rwatson_curry on 2002/07/21 12:13:41

	Various preps for improved VFS access control extensibility:
	
	- Comment various VOP's that will shortly be instrumented,
	  both in generic VFS entry points and in the ctty code.
	- Add instrumentation to cttyopen(), since it invokes vn_open().

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#4 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#23 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#8 (text+ko) ====

@@ -35,6 +35,7 @@
  */
 
 #include "opt_ktrace.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -44,6 +45,7 @@
 #include <sys/kthread.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/namei.h>
 #include <sys/proc.h>
@@ -766,6 +768,9 @@
 	vn_start_write(vp, &mp, V_WAIT);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 	(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
+#ifdef MAC
+	/* XXXMAC: Write authorization checks here. */
+#endif
 	error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
 	if (error == 0 && uio != NULL) {
 		(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);

==== //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#4 (text+ko) ====

@@ -38,12 +38,15 @@
  * Indirect driver for controlling tty.
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
+#include <sys/mac.h>
 #include <sys/sx.h>
 #include <sys/proc.h>
 #include <sys/ttycom.h>
@@ -94,6 +97,13 @@
 	if (ttyvp == NULL)
 		return (ENXIO);
 	vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
+#ifdef MAC
+	error = mac_cred_check_open_vnode(td->td_ucred, ttyvp, flag);
+	if (error) {
+		VOP_UNLOCK(ttyvp, 0, td);
+		return (error);
+	}
+#endif
 	error = VOP_OPEN(ttyvp, flag, NOCRED, td);
 	VOP_UNLOCK(ttyvp, 0, td);
 	return (error);
@@ -149,6 +159,9 @@
 	    (error = vn_start_write(ttyvp, &mp, V_WAIT | PCATCH)) != 0)
 		return (error);
 	vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
+#ifdef MAC
+	/* XXXMAC: Write authorization check here. */
+#endif
 	error = VOP_WRITE(ttyvp, uio, flag, NOCRED);
 	VOP_UNLOCK(ttyvp, 0, td);
 	vn_finished_write(mp);
@@ -189,6 +202,9 @@
 		PROC_UNLOCK(td->td_proc);
 		return (error);
 	}
+#ifdef MAC
+	/* XXXMAC: Ioctl authorization check here. */
+#endif
 	return (VOP_IOCTL(ttyvp, cmd, addr, flag, NOCRED, td));
 }
 
@@ -210,6 +226,9 @@
 	if (ttyvp == NULL)
 		/* try operation to get EOF/failure */
 		return (seltrue(dev, events, td));
+#ifdef MAC
+	/* XXXMAC: Poll authorization check here. */
+#endif
 	return (VOP_POLL(ttyvp, events, td->td_ucred, td));
 }
 

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#23 (text+ko) ====

@@ -397,8 +397,14 @@
 	auio.uio_rw = rw;
 	auio.uio_td = td;
 	if (rw == UIO_READ) {
+#ifdef MAC
+		/* XXXMAC: Read authorization check here. */
+#endif
 		error = VOP_READ(vp, &auio, ioflg, cred);
 	} else {
+#ifdef MAC
+		/* XXXMAC: Write authorization check here. */
+#endif
 		error = VOP_WRITE(vp, &auio, ioflg, cred);
 	}
 	if (aresid)
@@ -486,6 +492,9 @@
 
 	ioflag |= sequential_heuristic(uio, fp);
 
+#ifdef MAC
+	/* XXXMAC: Read authorization check here. */
+#endif
 	error = VOP_READ(vp, uio, ioflag, cred);
 	if ((flags & FOF_OFFSET) == 0)
 		fp->f_offset = uio->uio_offset;
@@ -537,6 +546,9 @@
 	if ((flags & FOF_OFFSET) == 0)
 		uio->uio_offset = fp->f_offset;
 	ioflag |= sequential_heuristic(uio, fp);
+#ifdef MAC
+	/* XXXMAC: Write authorization check here. */
+#endif
 	error = VOP_WRITE(vp, uio, ioflag, cred);
 	if ((flags & FOF_OFFSET) == 0)
 		fp->f_offset = uio->uio_offset;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message