From owner-p4-projects@FreeBSD.ORG Wed Mar 15 19:52:30 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 813D316A429; Wed, 15 Mar 2006 19:52:30 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4033916A401 for ; Wed, 15 Mar 2006 19:52:30 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C425943D48 for ; Wed, 15 Mar 2006 19:52:29 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k2FJqTJA083588 for ; Wed, 15 Mar 2006 19:52:29 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k2FJqSNx083526 for perforce@freebsd.org; Wed, 15 Mar 2006 19:52:28 GMT (envelope-from millert@freebsd.org) Date: Wed, 15 Mar 2006 19:52:28 GMT Message-Id: <200603151952.k2FJqSNx083526@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 93364 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Mar 2006 19:52:30 -0000 http://perforce.freebsd.org/chv.cgi?CH=93364 Change 93364 by millert@millert_p3 on 2006/03/15 19:51:56 Add sebsd_update_devfsdirent(). Check for fullpath == NULL in devfs functions that have it as a parameter. This is overkill as we really only need to do this in sebsd_create_devfs_directory() (which is called with a NULL fullpath from devfs_mount() via devfs_vmkdir()). Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#41 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#41 (text+ko) ==== @@ -443,6 +443,20 @@ */ } +static void +sebsd_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vlabel) +{ + struct vnode_security_struct *vsec, *dsec; + + vsec = SLOT(vlabel); + dsec = SLOT(delabel); + + dsec->sid = vsec->sid; + dsec->task_sid = vsec->task_sid; + dsec->sclass = vsec->sclass; +} + static int sebsd_associate_vnode_extattr(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel) @@ -644,9 +658,12 @@ dirent_type_to_security_class(devfs_dirent->de_dirent->d_type); /* Obtain a SID based on the fstype, path, and class. */ - path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); - path[0] = '/'; - strcpy(&path[1], fullpath); + if (fullpath != NULL) { + path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); + path[0] = '/'; + strcpy(&path[1], fullpath); + } else + path = "/"; rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, &newsid); @@ -675,7 +692,8 @@ "dirent=%d\n", path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, dirent->sclass, newsid, dirent->sid); } - free(path, M_SEBSD); + if (fullpath != NULL) + free(path, M_SEBSD); } static void @@ -698,9 +716,12 @@ dirent->sclass = SECCLASS_DIR; /* Obtain a SID based on the fstype, path, and class. */ - path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); - path[0] = '/'; - strcpy(&path[1], fullpath); + if (fullpath != NULL) { + path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); + path[0] = '/'; + strcpy(&path[1], fullpath); + } else + path = "/"; rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, &newsid); if (rc == 0) @@ -713,7 +734,8 @@ __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, dirent->sclass, newsid, dirent->sid); } - free(path, M_SEBSD); + if (fullpath != NULL) + free(path, M_SEBSD); } static void @@ -740,9 +762,12 @@ lnksec->sclass = SECCLASS_LNK_FILE; /* Obtain a SID based on the fstype, path, and class. */ - path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); - path[0] = '/'; - strcpy(&path[1], fullpath); + if (fullpath != NULL) { + path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); + path[0] = '/'; + strcpy(&path[1], fullpath); + } else + path = "/"; rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass, &newsid); if (rc == 0) @@ -754,7 +779,8 @@ sbsec->sid, mp->mnt_stat.f_mntonname, rc, lnksec->sclass, newsid, lnksec->sid); } - free(path, M_SEBSD); + if (fullpath != NULL) + free(path, M_SEBSD); } /* @@ -2457,6 +2483,7 @@ /* .mpo_create_socket = sebsd_create_socket, */ /* .mpo_create_socket_from_socket = sebsd_create_socket_from_socket, */ .mpo_create_vnode_extattr = sebsd_create_vnode_extattr, + .mpo_update_devfsdirent = sebsd_update_devfsdirent, .mpo_associate_vnode_devfs = sebsd_associate_vnode_devfs, .mpo_associate_vnode_singlelabel = sebsd_associate_vnode_singlelabel, .mpo_associate_vnode_extattr = sebsd_associate_vnode_extattr,