Date: Mon, 4 Dec 2006 18:32:18 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 111042 for review Message-ID: <200612041832.kB4IWIkn088852@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=111042 Change 111042 by millert@millert_g5tower on 2006/12/04 18:31:19 Implement vnode_label_associate_* entry points. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 edit .. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 (text+ko) ==== @@ -1190,6 +1190,27 @@ mac_mls_copy_effective(source, dest); } +static void +mac_mls_vnode_label_associate_file(struct ucred *cred, + struct mount *mp, struct label *mntlabel, + struct fileglob *fg, struct label *fglabel, + struct vnode *vp, struct label *vlabel) +{ + struct mac_mls *source, *dest; + + if (fglabel != NULL) + source = SLOT(fglabel); + else + if (mntlabel != NULL) + source = SLOT(mntlabel); + else + source = SLOT(cred->cr_label); + + dest = SLOT(vlabel); + + mac_mls_copy_effective(source, dest); +} + static int mac_mls_vnode_label_associate_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) @@ -1250,6 +1271,44 @@ } static void +mac_mls_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe, + struct label *pipelabel, struct vnode *vp, struct label *vlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(pipelabel); + dest = SLOT(vlabel); + + mac_mls_copy_effective(source, dest); +} + +static void +mac_mls_vnode_label_associate_posixsem(struct ucred *cred, + struct pseminfo *psem, struct label *psemlabel, struct vnode *vp, + struct label *vlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(psemlabel); + dest = SLOT(vlabel); + + mac_mls_copy_effective(source, dest); +} + +static void +mac_mls_vnode_label_associate_posixshm(struct ucred *cred, + struct pshminfo *pshm, struct label *pshmlabel, struct vnode *vp, + struct label *vlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(pshmlabel); + dest = SLOT(vlabel); + + mac_mls_copy_effective(source, dest); +} + +static void mac_mls_vnode_label_associate_singlelabel(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { @@ -1261,6 +1320,18 @@ mac_mls_copy_effective(source, dest); } +static void +mac_mls_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso, + struct label *solabel, struct vnode *vp, struct label *vlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(solabel); + dest = SLOT(vlabel); + + mac_mls_copy_effective(source, dest); +} + static int mac_mls_vnode_notify_create(struct ucred *cred, struct mount *mp, struct label *mntlabel, struct vnode *dvp, struct label *dlabel, @@ -2696,12 +2767,12 @@ static int mac_mls_mount_check_fsctl(struct ucred *cred, struct mount *mp, - struct label *mntlabel, int com, caddr_t data) + struct label *mntlabel, int com) { if (!mac_mls_enabled) return (0); - MLS_MESSAGE("file_check_fsctl: mp %p com %d(%x) data %d(%p)\n", mp, com, data); + MLS_MESSAGE("file_check_fsctl: mp %p com %d(%x)\n", mp, com, data); #warning Implement mac_mls_file_check_fsctl() return (0); } @@ -2784,7 +2855,7 @@ static int mac_mls_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe, - struct label *pipelabel, unsigned long cmd, void *data) + struct label *pipelabel, unsigned long cmd) { struct mac_mls *subj, *obj; @@ -3375,12 +3446,12 @@ static int mac_mls_vnode_check_ioctl(struct ucred *cred, struct vnode *vp, - struct label *label, int com, caddr_t data) + struct label *label, int com) { if (!mac_mls_enabled) return (0); - MLS_MESSAGE("vnode_check_ioctl: fp %p com %d(%x) data %d(%p)\n", fp, com, com, data, data); + MLS_MESSAGE("vnode_check_ioctl: vp %p com %d(%x)\n", vp, com, com); #warning Implement mac_mls_vnode_check_ioctl() return (0); } @@ -4079,8 +4150,13 @@ .mpo_cred_label_associate_user = mac_mls_cred_label_associate_user, .mpo_vnode_label_associate_devfs = mac_mls_vnode_label_associate_devfs, + .mpo_vnode_label_associate_file = mac_mls_vnode_label_associate_file, .mpo_vnode_label_associate_extattr = mac_mls_vnode_label_associate_extattr, + .mpo_vnode_label_associate_pipe = mac_mls_vnode_label_associate_pipe, + .mpo_vnode_label_associate_posixsem = mac_mls_vnode_label_associate_posixsem, + .mpo_vnode_label_associate_posixshm = mac_mls_vnode_label_associate_posixshm, .mpo_vnode_label_associate_singlelabel= mac_mls_vnode_label_associate_singlelabel, + .mpo_vnode_label_associate_socket= mac_mls_vnode_label_associate_socket, .mpo_vnode_label_recycle = mac_mls_recycle_label, .mpo_vnode_label_copy = mac_mls_label_copy, .mpo_vnode_notify_create = mac_mls_vnode_notify_create, ==== //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 (text+ko) ==== @@ -295,7 +295,7 @@ if (error == ENOATTR) return (0); - if (error == EOPNOTSUPP) { + if (error == ENOTSUP) { ro_setflags(vlabel, RO_FLAG_READONLY | RO_FLAG_NOTSUPP); return (0); } ==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 (text+ko) ==== @@ -1081,7 +1081,7 @@ * Labeling event operations: file system objects, and things that look * a lot like file system objects. */ - + /* mp can be NULL in this fcn */ static void mac_test_vnode_label_associate_devfs(struct mount *mp, struct label *mntlabel, @@ -1110,26 +1110,35 @@ } static void -mac_test_vnode_label_associate_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) +mac_test_vnode_label_associate_file(struct ucred *cred, + struct mount *mp, struct label *mntlabel, + struct fileglob *fg, struct label *fglabel, + struct vnode *vp, struct label *vlabel) { + CHECKNULL(cred); CHECKNULL(mp); CHECKNULL(vp); INIT_LABEL(vlabel, VNODETYPE); - USE_LABEL(mntlabel, MOUNTTYPE); + + if (fglabel) { + CHECKNULL(fg); + USE_LABEL(fglabel, FILETYPE); + } else { + USE_LABEL(mntlabel, MOUNTTYPE); + } } static void -mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso, - struct label *solabel, struct vnode *vp, struct label *vlabel) +mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe, + struct label *pipelabel, struct vnode *vp, struct label *vlabel) { CHECKNULL(cred); - CHECKNULL(xso); + CHECKNULL(cpipe); CHECKNULL(vp); INIT_LABEL(vlabel, VNODETYPE); - USE_LABEL(solabel, SOCKETTYPE); + USE_LABEL(pipelabel, PIPETYPE); } static void @@ -1157,37 +1166,31 @@ INIT_LABEL(vlabel, VNODETYPE); USE_LABEL(pshmlabel, POSIXSHMTYPE); } - + static void -mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe, - struct label *pipelabel, struct vnode *vp, struct label *vlabel) +mac_test_vnode_label_associate_singlelabel(struct mount *mp, + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { - CHECKNULL(cred); - CHECKNULL(cpipe); + CHECKNULL(mp); CHECKNULL(vp); INIT_LABEL(vlabel, VNODETYPE); - USE_LABEL(pipelabel, PIPETYPE); + USE_LABEL(mntlabel, MOUNTTYPE); } static void -mac_test_vnode_label_associate_file(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct fileglob *fg, struct label *fglabel, - struct vnode *vp, struct label *vlabel) +mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso, + struct label *solabel, struct vnode *vp, struct label *vlabel) { CHECKNULL(cred); + CHECKNULL(xso); CHECKNULL(vp); INIT_LABEL(vlabel, VNODETYPE); - - if (fglabel) { - CHECKNULL(fg); - USE_LABEL(fglabel, FILETYPE); - } else { - USE_LABEL(cred->cr_label, CREDTYPE); - } + USE_LABEL(solabel, SOCKETTYPE); } +/* The ucred and mount parameters can be NULL for this fcn */ static void mac_test_devfs_label_associate_device(dev_t dev, struct devnode *de, struct label *label, const char *fullpath) @@ -1231,8 +1234,8 @@ CHECKNULL(cred); CHECKNULL(mp); + USE_LABEL(cred->cr_label, CREDTYPE); INIT_LABEL(mntlabel, MOUNTTYPE); - USE_LABEL(cred->cr_label, CREDTYPE); } static void @@ -1907,16 +1910,16 @@ .mpo_vnode_label_associate_devfs= mac_test_vnode_label_associate_devfs, .mpo_vnode_label_associate_extattr= mac_test_vnode_label_associate_extattr, + .mpo_vnode_label_associate_file= mac_test_vnode_label_associate_file, + .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe, + .mpo_vnode_label_associate_posixsem= + mac_test_vnode_label_associate_posixsem, + .mpo_vnode_label_associate_posixshm= + mac_test_vnode_label_associate_posixshm, .mpo_vnode_label_associate_singlelabel= mac_test_vnode_label_associate_singlelabel, .mpo_vnode_label_associate_socket= mac_test_vnode_label_associate_socket, - .mpo_vnode_label_associate_posixsem= - mac_test_vnode_label_associate_posixsem, - .mpo_vnode_label_associate_posixshm= - mac_test_vnode_label_associate_posixshm, - .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe, - .mpo_vnode_label_associate_file = mac_test_vnode_label_associate_file, .mpo_devfs_label_associate_device= mac_test_devfs_label_associate_device, .mpo_devfs_label_associate_directory=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612041832.kB4IWIkn088852>