From owner-svn-src-all@FreeBSD.ORG  Wed Apr 22 01:54:27 2015
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BA0FCF68;
 Wed, 22 Apr 2015 01:54:27 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A772519E2;
 Wed, 22 Apr 2015 01:54:27 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3M1sRrv031385;
 Wed, 22 Apr 2015 01:54:27 GMT (envelope-from rodrigc@FreeBSD.org)
Received: (from rodrigc@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3M1sQOi031375;
 Wed, 22 Apr 2015 01:54:26 GMT (envelope-from rodrigc@FreeBSD.org)
Message-Id: <201504220154.t3M1sQOi031375@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: rodrigc set sender to
 rodrigc@FreeBSD.org using -f
From: Craig Rodrigues <rodrigc@FreeBSD.org>
Date: Wed, 22 Apr 2015 01:54:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r281845 - in head: lib/libc/stdio libexec/rtld-elf
 sys/kern sys/sys
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2015 01:54:27 -0000

Author: rodrigc
Date: Wed Apr 22 01:54:25 2015
New Revision: 281845
URL: https://svnweb.freebsd.org/changeset/base/281845

Log:
  Support file verification in MAC.
  
  * Add VCREAT flag to indicate when a new file is being created
  * Add VVERIFY to indicate verification is required
  * Both VCREAT and VVERIFY are only passed on the MAC method vnode_check_open
    and are removed from the accmode after
  * Add O_VERIFY flag to rtld open of objects
  * Add 'v' flag to __sflags to set O_VERIFY flag.
  
  Submitted by:		Steve Kiernan <stevek@juniper.net>
  Obtained from:		Juniper Networks, Inc.
  GitHub Pull Request:	https://github.com/freebsd/freebsd/pull/27
  Relnotes:		yes

Modified:
  head/lib/libc/stdio/flags.c
  head/libexec/rtld-elf/rtld.c
  head/sys/kern/vfs_vnops.c
  head/sys/sys/fcntl.h
  head/sys/sys/vnode.h

Modified: head/lib/libc/stdio/flags.c
==============================================================================
--- head/lib/libc/stdio/flags.c	Wed Apr 22 01:35:29 2015	(r281844)
+++ head/lib/libc/stdio/flags.c	Wed Apr 22 01:54:25 2015	(r281845)
@@ -97,6 +97,10 @@ __sflags(const char *mode, int *optr)
 			/* set close-on-exec */
 			o |= O_CLOEXEC;
 			break;
+		case 'v':
+			/* verify */
+			o |= O_VERIFY;
+			break;
 		default:
 			known = 0;
 			break;

Modified: head/libexec/rtld-elf/rtld.c
==============================================================================
--- head/libexec/rtld-elf/rtld.c	Wed Apr 22 01:35:29 2015	(r281844)
+++ head/libexec/rtld-elf/rtld.c	Wed Apr 22 01:54:25 2015	(r281845)
@@ -2165,7 +2165,7 @@ load_object(const char *name, int fd_u, 
 	 * To avoid a race, we open the file and use fstat() rather than
 	 * using stat().
 	 */
-	if ((fd = open(path, O_RDONLY | O_CLOEXEC)) == -1) {
+	if ((fd = open(path, O_RDONLY | O_CLOEXEC | O_VERIFY)) == -1) {
 	    _rtld_error("Cannot open \"%s\"", path);
 	    free(path);
 	    return (NULL);
@@ -2855,7 +2855,7 @@ search_library_pathfds(const char *name,
 		dirfd = parse_libdir(fdstr);
 		if (dirfd < 0)
 			break;
-		fd = __sys_openat(dirfd, name, O_RDONLY | O_CLOEXEC);
+		fd = __sys_openat(dirfd, name, O_RDONLY | O_CLOEXEC | O_VERIFY);
 		if (fd >= 0) {
 			*fdp = fd;
 			len = strlen(fdstr) + strlen(name) + 3;

Modified: head/sys/kern/vfs_vnops.c
==============================================================================
--- head/sys/kern/vfs_vnops.c	Wed Apr 22 01:35:29 2015	(r281844)
+++ head/sys/kern/vfs_vnops.c	Wed Apr 22 01:54:25 2015	(r281845)
@@ -306,9 +306,15 @@ vn_open_vnode(struct vnode *vp, int fmod
 	if ((fmode & O_APPEND) && (fmode & FWRITE))
 		accmode |= VAPPEND;
 #ifdef MAC
+	if (fmode & O_CREAT)
+		accmode |= VCREAT;
+	if (fmode & O_VERIFY)
+		accmode |= VVERIFY;
 	error = mac_vnode_check_open(cred, vp, accmode);
 	if (error)
 		return (error);
+
+	accmode &= ~(VCREAT | VVERIFY);
 #endif
 	if ((fmode & O_CREAT) == 0) {
 		if (accmode & VWRITE) {

Modified: head/sys/sys/fcntl.h
==============================================================================
--- head/sys/sys/fcntl.h	Wed Apr 22 01:35:29 2015	(r281844)
+++ head/sys/sys/fcntl.h	Wed Apr 22 01:54:25 2015	(r281845)
@@ -129,6 +129,10 @@ typedef	__pid_t		pid_t;
 #define	O_CLOEXEC	0x00100000
 #endif
 
+#if __BSD_VISIBLE
+#define	O_VERIFY	0x00200000	/* open only after verification */
+#endif
+
 /*
  * XXX missing O_DSYNC, O_RSYNC.
  */

Modified: head/sys/sys/vnode.h
==============================================================================
--- head/sys/sys/vnode.h	Wed Apr 22 01:35:29 2015	(r281844)
+++ head/sys/sys/vnode.h	Wed Apr 22 01:54:25 2015	(r281845)
@@ -336,6 +336,8 @@ struct vattr {
 #define	VWRITE_ACL	 	000040000000 /* change ACL and/or file mode */
 #define	VWRITE_OWNER	 	000100000000 /* change file owner */
 #define	VSYNCHRONIZE	 	000200000000 /* not used */
+#define	VCREAT			000400000000 /* creating new file */
+#define	VVERIFY			001000000000 /* verification required */
 
 /*
  * Permissions that were traditionally granted only to the file owner.