Date: Sun, 21 Jul 2002 17:24:07 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14651 for review Message-ID: <200207220024.g6M0O7uG074118@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14651 Change 14651 by rwatson@rwatson_curry on 2002/07/21 17:23:29 When deleting a vnode, provide the componentname to the MAC framework and to policies. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#185 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#58 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#61 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#40 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#49 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#42 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#44 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#12 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#118 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#81 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#185 (text+ko) ==== @@ -1877,7 +1877,7 @@ int mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct vnode *vp) + struct vnode *vp, struct componentname *cnp) { int error; @@ -1895,7 +1895,7 @@ return (error); MAC_CHECK(cred_check_delete_vnode, cred, dvp, &dvp->v_label, vp, - &vp->v_label); + &vp->v_label, cnp); return (error); } ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#58 (text+ko) ==== @@ -2260,7 +2260,7 @@ if (!error) { #ifdef MAC error = mac_cred_check_delete_vnode(td->td_ucred, nd.ni_dvp, - vp); + vp, &nd.ni_cnd); if (error == 0) { #endif VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); @@ -3919,7 +3919,8 @@ goto out; } #ifdef MAC - error = mac_cred_check_delete_vnode(td->td_ucred, nd.ni_dvp, vp); + error = mac_cred_check_delete_vnode(td->td_ucred, nd.ni_dvp, + vp, &nd.ni_cnd); if (error) goto out; #endif ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#61 (text+ko) ==== @@ -1375,7 +1375,8 @@ static int mac_biba_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { struct mac_biba *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#40 (text+ko) ==== @@ -354,7 +354,8 @@ static int mac_bsdextended_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { struct vattr vap; int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#49 (text+ko) ==== @@ -1318,7 +1318,8 @@ static int mac_mls_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { struct mac_mls *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#42 (text+ko) ==== @@ -629,7 +629,8 @@ static int mac_none_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#44 (text+ko) ==== @@ -1318,7 +1318,8 @@ static int mac_te_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#12 (text+ko) ==== @@ -822,7 +822,8 @@ static int mac_test_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { return (0); ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#118 (text+ko) ==== @@ -277,7 +277,7 @@ struct timespec atime, struct timespec mtime); int mac_cred_check_stat_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct vnode *vp); + struct vnode *vp, struct componentname *cnp); int mac_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct vnode *vp); int mac_cred_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#81 (text+ko) ==== @@ -259,7 +259,7 @@ struct componentname *cnp, struct vattr *vap); int (*mpo_cred_check_delete_vnode)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, void *label); + struct vnode *vp, void *label, struct componentname *cnp); int (*mpo_cred_check_deleteacl_vnode)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); int (*mpo_cred_check_exec_vnode)(struct ucred *cred, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207220024.g6M0O7uG074118>