From owner-p4-projects Tue Oct 15 15:43:12 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 86A2137B404; Tue, 15 Oct 2002 15:43:07 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DF3C37B401 for ; Tue, 15 Oct 2002 15:43:07 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6093D43E4A for ; Tue, 15 Oct 2002 15:43:06 -0700 (PDT) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9FMh6Mt015686 for ; Tue, 15 Oct 2002 15:43:06 -0700 (PDT) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.3/Submit) id g9FMh56g015681 for perforce@freebsd.org; Tue, 15 Oct 2002 15:43:05 -0700 (PDT) Date: Tue, 15 Oct 2002 15:43:05 -0700 (PDT) Message-Id: <200210152243.g9FMh56g015681@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 19357 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=19357 Change 19357 by green@green_laptop_2 on 2002/10/15 15:42:19 Fix the merge-o's. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#90 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#90 (text+ko) ==== @@ -897,6 +897,11 @@ return (error); goto restart; } +#ifdef MAC + if (error == 0 && !whiteout) + error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, + &nd.ni_cnd, &vattr); +#endif /* MAC */ if (!error) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); if (whiteout) @@ -969,10 +974,19 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); +#ifdef MAC + error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + &vattr); + if (error) + goto out; +#endif /* MAC */ VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); if (error == 0) vput(nd.ni_vp); +#ifdef MAC +out: +#endif /* MAC */ NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); vn_finished_write(mp); @@ -1111,11 +1125,21 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); +#ifdef MAC + vattr.va_type = VLNK; + error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + &vattr); + if (error) + goto out2; +#endif /* MAC */ VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath); - NDFREE(&nd, NDF_ONLY_PNBUF); if (error == 0) vput(nd.ni_vp); +#ifdef MAC +out2: +#endif /* MAC */ + NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); vn_finished_write(mp); ASSERT_VOP_UNLOCKED(nd.ni_dvp, "symlink"); @@ -1163,6 +1187,7 @@ return (error); goto restart; } + /* XXXMAC: need a permission check here */ VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -1231,8 +1256,17 @@ return (error); goto restart; } +#ifdef MAC + error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp, + &nd.ni_cnd); + if (error) + goto out; +#endif /* MAC */ VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); +#ifdef MAC +out: +#endif /* MAC */ vn_finished_write(mp); } NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2715,10 +2749,26 @@ int error; bwillwrite(); +#ifdef MAC + NDINIT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART, pathseg, + from, td); +#else /* MAC */ NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART, pathseg, from, td); +#endif /* MAC */ if ((error = namei(&fromnd)) != 0) return (error); fvp = fromnd.ni_vp; +#ifdef MAC + error = mac_check_vnode_rename_from(td->td_ucred, fromnd.ni_dvp, fvp, + &fromnd.ni_cnd); + if (error) { + NDFREE(&fromnd, NDF_ONLY_PNBUF); + vrele(fromnd.ni_dvp); + vrele(fvp); + goto out1; + } + NDFREE(&fromnd, NDF_ONLY_UNLOCK); +#endif /* MAC */ if ((error = vn_start_write(fvp, &mp, V_WAIT | PCATCH)) != 0) { NDFREE(&fromnd, NDF_ONLY_PNBUF); vrele(fromnd.ni_dvp); @@ -2757,6 +2807,11 @@ */ if (fvp == tvp) error = -1; +#ifdef MAC + else + error = mac_check_vnode_rename_to(td->td_ucred, tdvp, + tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd); +#endif /* MAC */ out: if (!error) { VOP_LEASE(tdvp, td, td->td_ucred, LEASE_WRITE); @@ -2860,8 +2915,17 @@ FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); +#ifdef MAC + error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + &vattr); + if (error) + goto out; +#endif /* MAC */ VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); +#ifdef MAC +out: +#endif /* MAC */ NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); if (!error) @@ -2924,6 +2988,12 @@ error = EBUSY; goto out; } +#ifdef MAC + error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp, + &nd.ni_cnd); + if (error) + goto out; +#endif if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { NDFREE(&nd, NDF_ONLY_PNBUF); if (nd.ni_dvp == vp) @@ -3835,7 +3905,9 @@ cnt -= auio.uio_resid; td->td_retval[0] = cnt; +#ifdef MAC done: +#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message