From owner-p4-projects Tue Oct 15 5:31:23 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E976937B404; Tue, 15 Oct 2002 05:31:19 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82A7737B401 for ; Tue, 15 Oct 2002 05:31:19 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2034D43E42 for ; Tue, 15 Oct 2002 05:31:19 -0700 (PDT) (envelope-from cvance@tislabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9FCVIMt050308 for ; Tue, 15 Oct 2002 05:31:18 -0700 (PDT) (envelope-from cvance@tislabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.3/Submit) id g9FCVIM3050305 for perforce@freebsd.org; Tue, 15 Oct 2002 05:31:18 -0700 (PDT) Date: Tue, 15 Oct 2002 05:31:18 -0700 (PDT) Message-Id: <200210151231.g9FCVIM3050305@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cvance@tislabs.com using -f From: Chris Vance Subject: PERFORCE change 19330 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=19330 Change 19330 by cvance@cvance_laptop on 2002/10/15 05:30:46 Update permission checks for mmap functions Remove old, unused externalize functions Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 (text+ko) ==== @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -980,56 +981,35 @@ return vnode_has_perm(cred, vp, FILE__WRITE, NULL); } +/* + * Also registered for MAC_CHECK_VNODE_MPROTECT + */ static int sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping) { -#ifdef TBD + access_vector_t av; - /* TBD: Incomplete */ + /* + * TBD: Incomplete? + * Write access only matters if the mapping is shared. + */ if (vp) { - /* read access is always possible with a mapping */ av = FILE__READ; - /* write access only matters if the mapping is shared */ - if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) + if (newmapping & PROT_WRITE) av |= FILE__WRITE; - if (prot & PROT_EXEC) + if (newmapping & PROT_EXEC) av |= FILE__EXECUTE; - return vnode_has_perm(cred, vp, av, NULL); + return (vnode_has_perm(cred, vp, av, NULL)); } -#endif - return (0); } static int -sebsd_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int newmapping) -{ - /* TBD: Not Implemented */ - return (VM_PROT_ALL); -} - -#if 0 -static int -sebsd_externalize_vnode_oldmac(struct label *label, struct oldmac *extmac) -{ - /* TBD: this assumes vnodes only and only stores '5' */ - struct vnode_security_struct *vsec; - - vsec = SLOT(label); - if (vsec) - extmac->m_sebsd.ms_psid = (uint32_t)5; - - return 0; -} -#endif - -static int sebsd_externalize_sid(security_id_t sid, struct mac_element *element, int *claimed) { @@ -1141,10 +1121,6 @@ { MAC_EXTERNALIZE_CRED_LABEL, sebsd_externalize_cred_label }, { MAC_EXTERNALIZE_VNODE_LABEL, sebsd_externalize_vnode_label }, { MAC_INTERNALIZE_VNODE_LABEL, sebsd_internalize_vnode_label }, -#if 0 - { MAC_EXTERNALIZE_VNODE_OLDMAC, - (macop_t)sebsd_externalize_vnode_oldmac }, -#endif /* Create Labels */ { MAC_CREATE_CRED, @@ -1184,7 +1160,7 @@ { MAC_CHECK_VNODE_MMAP, (macop_t)sebsd_check_vnode_mmap }, { MAC_CHECK_VNODE_MPROTECT, - (macop_t)sebsd_check_vnode_mprotect }, + (macop_t)sebsd_check_vnode_mmap }, { MAC_CHECK_VNODE_OPEN, (macop_t)sebsd_check_vnode_open }, { MAC_CHECK_VNODE_POLL, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message