Date: Tue, 14 Nov 2006 18:51:17 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 109960 for review Message-ID: <200611141851.kAEIpHL4011995@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109960 Change 109960 by millert@millert_g5tower on 2006/11/14 18:51:12 Rename mac_vnode_label_associate_file() to mac_vnode_label_associate_fdesc() and pass in a richer set of args. With this we no longer need a vnode_label_associate_cred entry point. The policy itself can decide whether to fall back to the cred or mount label in the abscence of a file label. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 (text+ko) ==== @@ -56,6 +56,7 @@ struct bpf_d; struct componentname; struct devnode; +struct fdescnode; struct fileglob; struct ifnet; struct lctx; @@ -149,8 +150,8 @@ struct vnode *vp); int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp); void mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp); -int mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, - struct vnode *vp); +int mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, + struct vnode *vp, vfs_context_t ctx); void mac_devfs_label_associate_device(dev_t dev, struct devnode *de, const char *fullpath); void mac_devfs_label_associate_directory(char *dirname, int dirnamelen, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 (text+ko) ==== @@ -1462,6 +1462,8 @@ /** @brief Associate a file label with a vnode @param cred User credential + @param mp Fdesc mount point + @param mntlabel Fdesc mount point label @param fg Fileglob structure @param label Policy label for fg @param vp Vnode to label @@ -1473,6 +1475,8 @@ */ typedef void mpo_vnode_label_associate_file_t( struct ucred *cred, + struct mount *mp, + struct label *mntlabel, struct fileglob *fg, struct label *label, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 (text+ko) ==== @@ -256,8 +256,7 @@ struct fdescnode *fnp; struct fileglob *fg; struct proc *p; - int error; - int fd; + int error, fd; error = 0; @@ -269,11 +268,7 @@ break; case VT_FDESC: fnp = VTOFDESC(vp); - p = vfs_context_proc(ctx); - fd = fnp->fd_fd; - fg = fd != -1 ? p->p_fd->fd_ofiles[fd]->f_fglob : NULL; - error = mac_vnode_label_associate_file(vfs_context_ucred(ctx), - fg, vp); + error = mac_vnode_label_associate_fdesc(mp, fnp, vp, ctx); break; default: error = mac_vnode_label_associate_extattr(mp, vp); @@ -778,10 +773,6 @@ if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) mp->mnt_flag |= MNT_MULTILABEL; - /* MULTILABEL on FDESC. */ - if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) - mp->mnt_flag |= MNT_MULTILABEL; - /* MULTILABEL on all NFS filesystems. */ if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0) mp->mnt_flag |= MNT_MULTILABEL; @@ -939,9 +930,10 @@ } int -mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, - struct vnode *vp) +mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, + struct vnode *vp, vfs_context_t ctx) { + struct fileglob *fg; struct pseminfo *psem; struct pshminfo *pshm; struct xsocket xso; @@ -951,14 +943,15 @@ int error; /* - * If no backing file, use the cred label. + * If no backing file, let the policy choose which label to use. */ - if (fg == NULL) { - MAC_PERFORM(vnode_label_associate_cred, cred, - vp, vp->v_label); + if (fnp->fd_fd == -1) { + MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx), + mp, mp->mnt_mntlabel, NULL, NULL, vp, vp->v_label); return (0); } + fg = (*fdfile(vfs_context_proc(ctx), fnp->fd_fd))->f_fglob; switch (fg->fg_type) { case DTYPE_VNODE: fvp = (struct vnode *)fg->fg_data; @@ -970,37 +963,40 @@ case DTYPE_SOCKET: so = (struct socket *)fg->fg_data; sotoxsocket(so, &xso); - MAC_PERFORM(vnode_label_associate_socket, cred, &xso, - so->so_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_socket, + vfs_context_ucred(ctx), &xso, so->so_label, + vp, vp->v_label); break; case DTYPE_PSXSHM: /* XXX: should hold the PSHM_SUBSYS lock. */ pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data); if (pshm == NULL) return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixshm, cred, pshm, - pshm->pshm_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_posixshm, + vfs_context_ucred(ctx), pshm, pshm->pshm_label, + vp, vp->v_label); break; case DTYPE_PSXSEM: /* XXX: should hold the PSEM_SUBSYS lock. */ psem = psemnodeinfo((struct psemnode *)fg->fg_data); if (psem == NULL) return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixsem, cred, psem, - psem->psem_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_posixsem, + vfs_context_ucred(ctx), psem, psem->psem_label, + vp, vp->v_label); vnode_unlock(vp); break; case DTYPE_PIPE: /* XXX: should PIPE_LOCK */ cpipe = (struct pipe *)fg->fg_data; - MAC_PERFORM(vnode_label_associate_pipe, cred, cpipe, - cpipe->pipe_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_pipe, vfs_context_ucred(ctx), + cpipe, cpipe->pipe_label, vp, vp->v_label); break; case DTYPE_KQUEUE: case DTYPE_FSEVENTS: default: - MAC_PERFORM(vnode_label_associate_file, cred, fg, fg->fg_label, - vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx), + mp, mp->mnt_mntlabel, fg, fg->fg_label, vp, vp->v_label); break; } return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611141851.kAEIpHL4011995>