From owner-p4-projects Tue Jul 30 19:15:51 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3898037B400; Tue, 30 Jul 2002 19:15:13 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB98E37B401 for ; Tue, 30 Jul 2002 19:15:12 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA93043E42 for ; Tue, 30 Jul 2002 19:15:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6V2FBJU025142 for ; Tue, 30 Jul 2002 19:15:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6V2FBfC025139 for perforce@freebsd.org; Tue, 30 Jul 2002 19:15:11 -0700 (PDT) Date: Tue, 30 Jul 2002 19:15:11 -0700 (PDT) Message-Id: <200207310215.g6V2FBfC025139@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15264 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15264 Change 15264 by rwatson@rwatson_tislabs on 2002/07/30 19:14:19 Trickle IFC MAC changes back into the TrustedBSD source tree. Affected files ... .. //depot/projects/trustedbsd/base/sys/kern/init_main.c#14 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/subr_mbuf.c#11 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#8 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#3 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#20 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/kern/init_main.c#14 (text+ko) ==== @@ -39,7 +39,7 @@ * SUCH DAMAGE. * * @(#)init_main.c 8.9 (Berkeley) 1/21/94 - * $FreeBSD: src/sys/kern/init_main.c,v 1.200 2002/07/31 00:39:19 rwatson Exp $ + * $FreeBSD: src/sys/kern/init_main.c,v 1.201 2002/07/31 01:11:29 rwatson Exp $ */ #include "opt_init_path.h" @@ -519,6 +519,9 @@ VREF(p->p_fd->fd_rdir); FILEDESC_UNLOCK(p->p_fd); VOP_UNLOCK(rootvnode, 0, td); +#ifdef MAC + mac_create_root_mount(td->td_ucred, TAILQ_FIRST(&mountlist)); +#endif if (devfs_present) { /* ==== //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#17 (text+ko) ==== @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94 - * $FreeBSD: src/sys/kern/kern_prot.c,v 1.162 2002/07/31 00:39:19 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_prot.c,v 1.163 2002/07/31 00:48:24 rwatson Exp $ */ /* @@ -1379,6 +1379,10 @@ if ((error = prison_check(u1, u2))) return (error); +#ifdef MAC + if ((error = mac_check_cred_visible(u1, u2))) + return (error); +#endif if ((error = cr_seeotheruids(u1, u2))) return (error); return (0); @@ -1420,6 +1424,10 @@ error = prison_check(cred, proc->p_ucred); if (error) return (error); +#ifdef MAC + if ((error = mac_check_proc_signal(cred, proc, signum))) + return (error); +#endif error = cr_seeotheruids(cred, proc->p_ucred); if (error) return (error); @@ -1521,6 +1529,10 @@ return (0); if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); +#ifdef MAC + if ((error = mac_check_proc_sched(td->td_ucred, p))) + return (error); +#endif if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) return (error); if (td->td_ucred->cr_ruid == p->p_ucred->cr_ruid) @@ -1578,6 +1590,10 @@ return (0); if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); +#ifdef MAC + if ((error = mac_check_proc_debug(td->td_ucred, p))) + return (error); +#endif if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) return (error); @@ -1652,11 +1668,13 @@ error = prison_check(cred, so->so_cred); if (error) return (ENOENT); +#ifdef MAC + error = mac_check_socket_visible(cred, so); + if (error) + return (error); +#endif if (cr_seeotheruids(cred, so->so_cred)) return (ENOENT); -#ifdef MAC - /* XXX: error = mac_cred_check_seesocket() here. */ -#endif return (0); } ==== //depot/projects/trustedbsd/base/sys/kern/subr_mbuf.c#11 (text+ko) ==== @@ -25,13 +25,16 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/subr_mbuf.c,v 1.24 2002/07/30 21:06:27 bmilekic Exp $ + * $FreeBSD: src/sys/kern/subr_mbuf.c,v 1.25 2002/07/31 01:42:19 rwatson Exp $ */ +#include "opt_mac.h" #include "opt_param.h" + #include #include #include +#include #include #include #include @@ -802,6 +805,11 @@ struct mb_bucket *bucket; u_int owner; +#ifdef MAC + if (type != MT_NOTMBUF && ((struct mbuf *)m)->m_flags & M_PKTHDR) + mac_destroy_mbuf((struct mbuf *)m); +#endif + bucket = mb_list->ml_btable[MB_BUCKET_INDX(m, mb_list)]; /* @@ -1254,8 +1262,15 @@ struct mbuf *mb; mb = (struct mbuf *)mb_alloc(&mb_list_mbuf, how, type, 0, NULL); - if (mb != NULL) + if (mb != NULL) { _mbhdr_setup(mb, type); +#ifdef MAC + if (mac_init_mbuf(mb, how) != 0) { + mb_free(&mb_list_mbuf, mb, type, 0, NULL); + return (NULL); + } +#endif + } return (mb); } @@ -1298,6 +1313,12 @@ mb = (struct mbuf *)mb_alloc(&mb_list_mbuf, how, type, 0, NULL); if (mb != NULL) { _mbhdr_setup(mb, type); +#ifdef MAC + if (mac_init_mbuf(mb, how) != 0) { + mb_free(&mb_list_mbuf, mb, type, 0, NULL); + return (NULL); + } +#endif bzero(mtod(mb, caddr_t), MHLEN); } return (mb); ==== //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#8 (text+ko) ==== @@ -31,15 +31,18 @@ * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.95 2002/07/30 18:28:58 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.96 2002/07/31 01:51:34 rwatson Exp $ */ +#include "opt_mac.h" #include "opt_param.h" + #include #include #include #include #include +#include #include #include #include @@ -75,9 +78,17 @@ KASSERT(to->m_flags & M_PKTHDR, ("m_copy_pkthdr() called on non-header")); #endif +#ifdef MAC + if (to->m_flags & M_PKTHDR) + mac_destroy_mbuf(to); +#endif to->m_data = to->m_pktdat; to->m_flags = from->m_flags & M_COPYFLAGS; to->m_pkthdr = from->m_pkthdr; +#ifdef MAC + mac_init_mbuf(to, 1); /* XXXMAC no way to fail */ + mac_create_mbuf_from_mbuf(from, to); +#endif from->m_pkthdr.aux = NULL; } @@ -98,6 +109,9 @@ } if (m->m_flags & M_PKTHDR) { M_COPY_PKTHDR(mn, m); +#ifdef MAC + mac_destroy_mbuf(m); +#endif m->m_flags &= ~M_PKTHDR; } mn->m_next = m; ==== //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#3 (text+ko) ==== @@ -61,7 +61,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.78 2002/07/29 06:26:55 jeff Exp $ + * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.79 2002/07/31 01:11:29 rwatson Exp $ */ #include @@ -70,6 +70,7 @@ #include #include #include +#include #include #include #include @@ -86,6 +87,7 @@ #include "opt_rootdevname.h" #include "opt_ddb.h" +#include "opt_mac.h" #ifdef DDB #include @@ -643,8 +645,12 @@ mp->mnt_stat.f_owner = td->td_ucred->cr_uid; strncpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); mp->mnt_iosize_max = DFLTPHYS; +#ifdef MAC + mac_init_mount(mp); + mac_create_mount(td->td_ucred, mp); +#endif VOP_UNLOCK(vp, 0, td); - mp->mnt_optnew = optlist; + mp->mnt_optnew = optlist; /* XXXMAC: should this be above? */ update: /* @@ -662,6 +668,9 @@ else { mp->mnt_vfc->vfc_refcount--; vfs_unbusy(mp, td); +#ifdef MAC + mac_destroy_mount(mp); +#endif free(mp, M_MOUNT); } vrele(vp); @@ -752,6 +761,9 @@ mtx_unlock(&vp->v_interlock); mp->mnt_vfc->vfc_refcount--; vfs_unbusy(mp, td); +#ifdef MAC + mac_destroy_mount(mp); +#endif free(mp, M_MOUNT); vput(vp); goto bad; @@ -999,6 +1011,10 @@ mp->mnt_stat.f_owner = td->td_ucred->cr_uid; strncpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); mp->mnt_iosize_max = DFLTPHYS; +#ifdef MAC + mac_init_mount(mp); + mac_create_mount(td->td_ucred, mp); +#endif VOP_UNLOCK(vp, 0, td); update: /* @@ -1016,6 +1032,9 @@ else { mp->mnt_vfc->vfc_refcount--; vfs_unbusy(mp, td); +#ifdef MAC + mac_destroy_mount(mp); +#endif free(mp, M_MOUNT); } vrele(vp); @@ -1093,6 +1112,9 @@ mtx_unlock(&vp->v_interlock); mp->mnt_vfc->vfc_refcount--; vfs_unbusy(mp, td); +#ifdef MAC + mac_destroy_mount(mp); +#endif free(mp, M_MOUNT); vput(vp); } @@ -1304,6 +1326,9 @@ vrele(coveredvp); if (mp->mnt_kern_flag & MNTK_MWAIT) wakeup(mp); +#ifdef MAC + mac_destroy_mount(mp); +#endif if (mp->mnt_op->vfs_mount == NULL) vfs_freeopts(mp->mnt_opt); free(mp, M_MOUNT); @@ -1350,6 +1375,10 @@ mp->mnt_stat.f_mntonname[0] = '/'; mp->mnt_stat.f_mntonname[1] = 0; (void) copystr(devname, mp->mnt_stat.f_mntfromname, MNAMELEN - 1, 0); +#ifdef MAC + mac_init_mount(mp); + mac_create_mount(td->td_ucred, mp); +#endif *mpp = mp; return (0); } @@ -1502,6 +1531,9 @@ if (error != 0) { if (mp != NULL) { vfs_unbusy(mp, curthread); +#ifdef MAC + mac_destroy_mount(mp); +#endif free(mp, M_MOUNT); } printf("Root mount failed: %d\n", error); ==== //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#17 (text+ko) ==== @@ -36,13 +36,14 @@ * SUCH DAMAGE. * * @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95 - * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.382 2002/07/29 06:26:55 jeff Exp $ + * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.384 2002/07/31 02:05:12 rwatson Exp $ */ /* * External virtual filesystem routines */ #include "opt_ddb.h" +#include "opt_mac.h" #include #include @@ -54,6 +55,7 @@ #include #include #include +#include #include #include #include @@ -801,6 +803,9 @@ uma_zfree(vnodepoll_zone, vp->v_pollinfo); } vp->v_pollinfo = NULL; +#ifdef MAC + mac_destroy_vnode(vp); +#endif vp->v_flag = 0; vp->v_lastw = 0; vp->v_lasta = 0; @@ -827,6 +832,9 @@ vp->v_tag = tag; vp->v_op = vops; lockinit(&vp->v_lock, PVFS, "vnlock", VLKTIMEOUT, LK_NOPAUSE); +#ifdef MAC + mac_init_vnode(vp); +#endif insmntque(vp, mp); *vpp = vp; vp->v_usecount = 1; @@ -3218,7 +3226,7 @@ * vnode's type, "mode", uid and gid, requested access mode, credentials, * and optional call-by-reference privused argument allowing vaccess() * to indicate to the caller whether privilege was used to satisfy the - * request. Returns 0 on success, or an errno on failure. + * request (obsoleted). Returns 0 on success, or an errno on failure. */ int vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused) ==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#20 (text+ko) ==== @@ -36,11 +36,12 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.272 2002/07/30 18:48:25 rwatson Exp $ + * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.273 2002/07/31 01:27:33 rwatson Exp $ */ /* For 4.3 integer FS ID compatibility */ #include "opt_compat.h" +#include "opt_mac.h" #include #include @@ -48,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -225,6 +227,11 @@ sp = &mp->mnt_stat; NDFREE(&nd, NDF_ONLY_PNBUF); vrele(nd.ni_vp); +#ifdef MAC + error = mac_check_mount_stat(td->td_ucred, mp); + if (error) + return (error); +#endif error = VFS_STATFS(mp, sp, td); if (error) return (error); @@ -267,6 +274,11 @@ fdrop(fp, td); if (mp == NULL) return (EBADF); +#ifdef MAC + error = mac_check_mount_stat(td->td_ucred, mp); + if (error) + return (error); +#endif sp = &mp->mnt_stat; error = VFS_STATFS(mp, sp, td); if (error) @@ -309,6 +321,12 @@ count = 0; mtx_lock(&mountlist_mtx); for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { +#ifdef MAC + if (mac_check_mount_stat(td->td_ucred, mp) != 0) { + nmp = TAILQ_NEXT(mp, mnt_list); + continue; + } +#endif if (vfs_busy(mp, LK_NOWAIT, &mountlist_mtx, td)) { nmp = TAILQ_NEXT(mp, mnt_list); continue; @@ -3415,6 +3433,11 @@ mp = vp->v_mount; sp = &mp->mnt_stat; vput(vp); +#ifdef MAC + error = mac_check_mount_stat(td->td_ucred, mp); + if (error) + return (error); +#endif if ((error = VFS_STATFS(mp, sp, td)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message