Date: Tue, 14 Nov 2006 18:53:21 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 109962 for review Message-ID: <200611141853.kAEIrLEc012745@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109962 Change 109962 by millert@millert_g5tower on 2006/11/14 18:52:51 Adapt vnode_label_associate_file(), remove vnode_label_associate_cred() Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#37 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#17 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#37 (text+ko) ==== @@ -753,34 +753,33 @@ } static void -sebsd_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp, - struct label *vlabel) -{ - struct task_security_struct *tsec; - struct vnode_security_struct *vsec; - - tsec = SLOT(cred->cr_label); - vsec = SLOT(vlabel); - - vsec->sid = vsec->task_sid = tsec->sid; - vsec->sclass = SECCLASS_FILE; /* XXX */ -} - -static void -sebsd_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, +sebsd_vnode_label_associate_file(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct fileglob *fg, struct label *fglabel, struct vnode *vp, struct label *vlabel) { struct task_security_struct *tsec; struct file_security_struct *fsec; struct vnode_security_struct *vsec; + struct mount_security_struct *sbsec; tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); vsec = SLOT(vlabel); + vsec->task_sid = tsec->sid; + vsec->sclass = vnode_type_to_security_class(vp->v_type); - vsec->sid = fsec->sid; - vsec->task_sid = tsec->sid; - vsec->sclass = SECCLASS_FILE; /* XXX */ + /* + * Use file label if it exists, otherwise fall back + * on mount or cred labels. + */ + if (fglabel) { + fsec = SLOT(fglabel); + vsec->sid = fsec->sid; + } else if (mntlabel) { + sbsec = SLOT(mntlabel); + vsec->sid = sbsec->sid; + } else { + vsec->sid = tsec->sid; + } } static void @@ -3625,7 +3624,6 @@ .mpo_vnode_label_associate_posixsem = sebsd_vnode_label_associate_posixsem, .mpo_vnode_label_associate_posixshm = sebsd_vnode_label_associate_posixshm, .mpo_vnode_label_associate_pipe = sebsd_vnode_label_associate_pipe, - .mpo_vnode_label_associate_cred = sebsd_vnode_label_associate_cred, .mpo_vnode_label_associate_file = sebsd_vnode_label_associate_file, .mpo_devfs_label_update = sebsd_devfs_update, ==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#17 (text+ko) ==== @@ -1171,26 +1171,21 @@ } static void -mac_test_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, - struct label *fglabel, struct vnode *vp, struct label *vlabel) +mac_test_vnode_label_associate_file(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct fileglob *fg, struct label *fglabel, + struct vnode *vp, struct label *vlabel) { CHECKNULL(cred); - CHECKNULL(fg); CHECKNULL(vp); INIT_LABEL(vlabel, VNODETYPE); - USE_LABEL(fglabel, FILETYPE); -} -static void -mac_test_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp, - struct label *vlabel) -{ - CHECKNULL(cred); - CHECKNULL(vp); - - INIT_LABEL(vlabel, VNODETYPE); - USE_LABEL(cred->cr_label, CREDTYPE); + if (fglabel) { + CHECKNULL(fg); + USE_LABEL(fglabel, FILETYPE); + } else { + USE_LABEL(cred->cr_label, CREDTYPE); + } } static void @@ -1922,7 +1917,6 @@ mac_test_vnode_label_associate_posixshm, .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe, .mpo_vnode_label_associate_file = mac_test_vnode_label_associate_file, - .mpo_vnode_label_associate_cred = mac_test_vnode_label_associate_cred, .mpo_devfs_label_associate_device= mac_test_devfs_label_associate_device, .mpo_devfs_label_associate_directory=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611141853.kAEIrLEc012745>