Date: Tue, 5 Nov 2002 10:25:03 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20709 for review Message-ID: <200211051825.gA5IP3r2048270@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20709 Change 20709 by rwatson@rwatson_tislabs on 2002/11/05 10:24:09 Use execlabel rather than imgp->execlabel. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 (text+ko) ==== @@ -311,7 +311,7 @@ sebsd_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, - struct image_params *imgp) + struct image_params *imgp, struct label *execlabel) { struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; @@ -329,12 +329,12 @@ * So just make the transition. */ ntask->osid = otask->sid; - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { (void)security_transition_sid(otask->sid, file->sid, SECCLASS_PROCESS, &ntask->sid); } else { ntask->sid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } if (otask->sid != ntask->sid) { @@ -352,7 +352,8 @@ sebsd_execve_will_transition(struct ucred *old, struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, - struct image_params *imgp) + struct image_params *imgp, + struct label *execlabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -368,12 +369,12 @@ * Should have already checked all the permissions, so just see if * the SIDS are going to match. */ - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { (void)security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); } else { newsid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } return (newsid != task->sid); @@ -743,7 +744,8 @@ static int sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp) + struct label *label, struct image_params *imgp, + struct label *execlabel) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -753,14 +755,14 @@ task = SLOT(&cred->cr_label); file = SLOT(label); - if (imgp->execlabel == NULL) { + if (execlabel == NULL) { rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); if (rc) return EACCES; } else { newsid = ((struct task_security_struct *) - SLOT(imgp->execlabel))->sid; + SLOT(execlabel))->sid; } AVC_AUDIT_DATA_INIT(&ad, FS); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051825.gA5IP3r2048270>