Date: Tue, 15 Oct 2002 05:31:18 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19330 for review Message-ID: <200210151231.g9FCVIM3050305@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19330 Change 19330 by cvance@cvance_laptop on 2002/10/15 05:30:46 Update permission checks for mmap functions Remove old, unused externalize functions Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 (text+ko) ==== @@ -41,6 +41,7 @@ #include <sys/kernel.h> #include <sys/mac.h> #include <sys/malloc.h> +#include <sys/mman.h> #include <sys/mount.h> #include <sys/proc.h> #include <sys/systm.h> @@ -980,56 +981,35 @@ return vnode_has_perm(cred, vp, FILE__WRITE, NULL); } +/* + * Also registered for MAC_CHECK_VNODE_MPROTECT + */ static int sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping) { -#ifdef TBD + access_vector_t av; - /* TBD: Incomplete */ + /* + * TBD: Incomplete? + * Write access only matters if the mapping is shared. + */ if (vp) { - /* read access is always possible with a mapping */ av = FILE__READ; - /* write access only matters if the mapping is shared */ - if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) + if (newmapping & PROT_WRITE) av |= FILE__WRITE; - if (prot & PROT_EXEC) + if (newmapping & PROT_EXEC) av |= FILE__EXECUTE; - return vnode_has_perm(cred, vp, av, NULL); + return (vnode_has_perm(cred, vp, av, NULL)); } -#endif - return (0); } static int -sebsd_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, - struct label *label, int newmapping) -{ - /* TBD: Not Implemented */ - return (VM_PROT_ALL); -} - -#if 0 -static int -sebsd_externalize_vnode_oldmac(struct label *label, struct oldmac *extmac) -{ - /* TBD: this assumes vnodes only and only stores '5' */ - struct vnode_security_struct *vsec; - - vsec = SLOT(label); - if (vsec) - extmac->m_sebsd.ms_psid = (uint32_t)5; - - return 0; -} -#endif - -static int sebsd_externalize_sid(security_id_t sid, struct mac_element *element, int *claimed) { @@ -1141,10 +1121,6 @@ { MAC_EXTERNALIZE_CRED_LABEL, sebsd_externalize_cred_label }, { MAC_EXTERNALIZE_VNODE_LABEL, sebsd_externalize_vnode_label }, { MAC_INTERNALIZE_VNODE_LABEL, sebsd_internalize_vnode_label }, -#if 0 - { MAC_EXTERNALIZE_VNODE_OLDMAC, - (macop_t)sebsd_externalize_vnode_oldmac }, -#endif /* Create Labels */ { MAC_CREATE_CRED, @@ -1184,7 +1160,7 @@ { MAC_CHECK_VNODE_MMAP, (macop_t)sebsd_check_vnode_mmap }, { MAC_CHECK_VNODE_MPROTECT, - (macop_t)sebsd_check_vnode_mprotect }, + (macop_t)sebsd_check_vnode_mmap }, { MAC_CHECK_VNODE_OPEN, (macop_t)sebsd_check_vnode_open }, { MAC_CHECK_VNODE_POLL, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210151231.g9FCVIM3050305>