From owner-p4-projects Tue Jul 23 10:59:21 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EAA4F37B401; Tue, 23 Jul 2002 10:59:09 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 694E637B400 for ; Tue, 23 Jul 2002 10:59:09 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D20BA43E3B for ; Tue, 23 Jul 2002 10:59:08 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6NHx8JU014152 for ; Tue, 23 Jul 2002 10:59:08 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6NHx88V014149 for perforce@freebsd.org; Tue, 23 Jul 2002 10:59:08 -0700 (PDT) Date: Tue, 23 Jul 2002 10:59:08 -0700 (PDT) Message-Id: <200207231759.g6NHx88V014149@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 14786 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14786 Change 14786 by rwatson@rwatson_tislabs on 2002/07/23 10:59:04 Implement the access() policy entry point for the policies where it had not yet been implemented. For TE, MLS, and Biba, simply wrap the existing open() check since the logic is identical. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#65 (text+ko) ==== @@ -1322,6 +1322,14 @@ } static int +mac_biba_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_biba_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_biba_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1980,6 +1988,8 @@ (macop_t)mac_biba_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_biba_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_biba_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_biba_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#53 (text+ko) ==== @@ -1265,6 +1265,14 @@ } static int +mac_mls_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_mls_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_mls_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1923,6 +1931,8 @@ (macop_t)mac_mls_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_mls_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_mls_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_mls_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#44 (text+ko) ==== @@ -604,6 +604,14 @@ } static int +mac_none_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (0); +} + +static int mac_none_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -969,6 +977,8 @@ (macop_t)mac_none_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_none_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_none_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_none_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#46 (text+ko) ==== @@ -1290,6 +1290,14 @@ } static int +mac_te_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (mac_te_cred_check_open_vnode(cred, vp, label, flags)); +} + +static int mac_te_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1617,6 +1625,8 @@ (macop_t)mac_te_cred_check_relabel_vnode }, { MAC_CRED_CHECK_STATFS, (macop_t)mac_te_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_te_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_te_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_te_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, (macop_t)mac_te_cred_check_chroot_vnode }, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#14 (text+ko) ==== @@ -797,6 +797,14 @@ } static int +mac_test_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t flags) +{ + + return (0); +} + +static int mac_test_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1160,6 +1168,8 @@ (macop_t)mac_test_cred_check_statfs }, { MAC_CRED_CHECK_DEBUG_PROC, (macop_t)mac_test_cred_check_debug_proc }, + { MAC_CRED_CHECK_ACCESS_VNODE, + (macop_t)mac_test_cred_check_access_vnode }, { MAC_CRED_CHECK_CHDIR_VNODE, (macop_t)mac_test_cred_check_chdir_vnode }, { MAC_CRED_CHECK_CHROOT_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message