Date: Fri, 7 Nov 2003 11:52:50 -0800 (PST) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 41656 for review Message-ID: <200311071952.hA7JqopY070993@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=41656 Change 41656 by cvance@cvance_osx_laptop on 2003/11/07 11:52:29 add mac_check_vnode_deleteextattr and mac_check_vnode_listextattr entry points to the framework (they were recently added on FreeBSD) Add extattr syscall implementations (untested). I really wouldn't recommend using these yet, plus the filesystem-specific code is ENOTSUP Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#26 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/extattr.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#7 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#6 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#6 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#10 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#26 (text+ko) ==== @@ -1697,6 +1697,21 @@ return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, attrnamespace, name); + return (error); +} + #if 0 int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, @@ -1783,6 +1798,21 @@ } int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattrs"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, attrnamespace); + return (error); +} + +int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) { ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/extattr.h#2 (text+ko) ==== @@ -40,7 +40,7 @@ #define EXTATTR_NAMESPACE_SYSTEM 0x00000002 #define EXTATTR_NAMESPACE_SYSTEM_STRING "system" -#ifdef _KERNEL +#ifdef KERNEL #define EXTATTR_MAXNAMELEN NAME_MAX struct thread; @@ -76,5 +76,5 @@ const char *_attrname, const void *_data, size_t _nbytes); __END_DECLS -#endif /* !_KERNEL */ +#endif /* !KERNEL */ #endif /* !_SYS_EXTATTR_H_ */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#7 (text+ko) ==== @@ -287,6 +287,8 @@ struct componentname *cnp, struct vattr *vap); int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name); #if 0 int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, acl_type_t type); @@ -301,6 +303,8 @@ int attrnamespace, const char *name, struct uio *uio); int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace); int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp); int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#6 (text+ko) ==== @@ -393,6 +393,8 @@ struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_deleteextattr)(struct ucred *cred, + struct vnode *vp, int attrnamespace, const char *name); #if 0 int (*mpo_check_vnode_deleteacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); @@ -408,6 +410,8 @@ int (*mpo_check_vnode_link)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_listextattr)(struct ucred *cred, + struct vnode *vp, int attrnamespace); int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/vfs/vfs_syscalls.c#6 (text+ko) ==== @@ -72,6 +72,7 @@ #include <sys/uio.h> #include <sys/malloc.h> #include <sys/dirent.h> +#include <sys/extattr.h> #include <sys/attr.h> #include <sys/sysctl.h> #include <sys/ubc.h> @@ -2862,7 +2863,7 @@ # if (BYTE_ORDER != LITTLE_ENDIAN) if (vp->v_mount->mnt_maxsymlinklen <= 0) { error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, - (int *)0, (u_long *)0); + (int *)0, (u_long **)0); fp->f_offset = auio.uio_offset; } else # endif @@ -2874,7 +2875,7 @@ MALLOC(dirbuf, caddr_t, uap->count, M_TEMP, M_WAITOK); kiov.iov_base = dirbuf; error = VOP_READDIR(vp, &kuio, fp->f_cred, &eofflag, - (int *)0, (u_long *)0); + (int *)0, (u_long **)0); fp->f_offset = kuio.uio_offset; if (error == 0) { readcnt = uap->count - kuio.uio_resid; @@ -3025,7 +3026,7 @@ if (error == 0) #endif error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, - (int *)0, (u_long *)0); + (int *)0, (u_long **)0); fp->f_offset = auio.uio_offset; VOP_UNLOCK(vp, 0, p); if (error) @@ -3516,7 +3517,7 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); error = VOP_READDIRATTR (vp, &attributelist, &auio, actualcount, uap->options, &newstate, &eofflag, - &actualcount, ((u_long **)0), p->p_cred); + &actualcount, ((u_long **)0), p->p_ucred); VOP_UNLOCK(vp, 0, p); if (error) return (error); @@ -4001,7 +4002,7 @@ filename_vp = NULL; if (uap->filename != NULL) { NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, - uap->filename, td); + uap->filename, p); error = namei(&nd); if (error) return (error); @@ -4010,7 +4011,7 @@ } /* uap->path is always defined. */ - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) { if (filename_vp != NULL) @@ -4027,7 +4028,7 @@ } error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace, - uap->attrname != NULL ? attrname : NULL, td); + uap->attrname != NULL ? attrname : NULL, p); vn_finished_write(mp_writable); /* @@ -4052,21 +4053,16 @@ */ static int extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname, - void *data, size_t nbytes, struct proc *p) + void *data, size_t nbytes, struct proc *p, register_t *retval) { - return (ENOTSUP); -#if 0 struct mount *mp; struct uio auio; struct iovec aiov; ssize_t cnt; int error; - error = vn_start_write(vp, &mp, V_WAIT | PCATCH); - if (error) - return (error); - VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); aiov.iov_base = data; aiov.iov_len = nbytes; @@ -4080,26 +4076,24 @@ auio.uio_resid = nbytes; auio.uio_rw = UIO_WRITE; auio.uio_segflg = UIO_USERSPACE; - auio.uio_td = td; + auio.uio_procp = p; cnt = nbytes; #ifdef MAC - error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, + error = mac_check_vnode_setextattr(p->p_ucred, vp, attrnamespace, attrname, &auio); if (error) goto done; #endif error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, - td->td_ucred, td); + p->p_ucred, p); cnt -= auio.uio_resid; - td->td_retval[0] = cnt; + *retval = cnt; done: - VOP_UNLOCK(vp, 0, td); - vn_finished_write(mp); + VOP_UNLOCK(vp, 0, p); return (error); -#endif } struct extattr_set_fd_args { @@ -4116,8 +4110,6 @@ register struct extattr_set_fd_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct file *fp; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4126,16 +4118,14 @@ if (error) return (error); - error = getvnode(td->td_proc->p_fd, uap->fd, &fp); + error = getvnode(p, uap->fd, &fp); if (error) return (error); - error = extattr_set_vp(fp->f_vnode, uap->attrnamespace, - attrname, uap->data, uap->nbytes, td); - fdrop(fp, td); + error = extattr_set_vp((struct vnode *)fp->f_data, uap->attrnamespace, + attrname, uap->data, uap->nbytes, p, retval); return (error); -#endif } struct extattr_set_file_args { @@ -4152,8 +4142,6 @@ register struct extattr_set_file_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4162,18 +4150,16 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname, - uap->data, uap->nbytes, td); + uap->data, uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } struct extattr_set_link_args { @@ -4190,8 +4176,6 @@ register struct extattr_set_link_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4200,18 +4184,16 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname, - uap->data, uap->nbytes, td); + uap->data, uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } /*- @@ -4226,10 +4208,8 @@ */ static int extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname, - void *data, size_t nbytes, struct proc *p) + void *data, size_t nbytes, struct proc *p, register_t *retval) { - return (ENOTSUP); -#if 0 struct uio auio, *auiop; struct iovec aiov; ssize_t cnt; @@ -4243,10 +4223,10 @@ * away for FreeBSD 5.3. */ if (strlen(attrname) == 0) - return (extattr_list_vp(vp, attrnamespace, data, nbytes, td)); + return (extattr_list_vp(vp, attrnamespace, data, nbytes, p, retval)); - VOP_LEASE(vp, td, td->td_ucred, LEASE_READ); - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VOP_LEASE(vp, p, p->p_ucred, LEASE_READ); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); /* * Slightly unusual semantics: if the user provides a NULL data @@ -4268,32 +4248,31 @@ auio.uio_resid = nbytes; auio.uio_rw = UIO_READ; auio.uio_segflg = UIO_USERSPACE; - auio.uio_td = td; + auio.uio_procp = p; auiop = &auio; cnt = nbytes; } else sizep = &size; #ifdef MAC - error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace, + error = mac_check_vnode_getextattr(p->p_ucred, vp, attrnamespace, attrname, &auio); if (error) goto done; #endif error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep, - td->td_ucred, td); + p->p_ucred, p); if (auiop != NULL) { cnt -= auio.uio_resid; - td->td_retval[0] = cnt; + *retval = cnt; } else - td->td_retval[0] = size; + *retval = size; done: - VOP_UNLOCK(vp, 0, td); + VOP_UNLOCK(vp, 0, p); return (error); -#endif } struct extattr_get_fd_args { @@ -4310,8 +4289,6 @@ register struct extattr_get_fd_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct file *fp; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4320,16 +4297,14 @@ if (error) return (error); - error = getvnode(td->td_proc->p_fd, uap->fd, &fp); + error = getvnode(p, uap->fd, &fp); if (error) return (error); - error = extattr_get_vp(fp->f_vnode, uap->attrnamespace, - attrname, uap->data, uap->nbytes, td); + error = extattr_get_vp((struct vnode *)fp->f_data, uap->attrnamespace, + attrname, uap->data, uap->nbytes, p, retval); - fdrop(fp, td); return (error); -#endif } struct extattr_get_file_args { @@ -4346,8 +4321,6 @@ register struct extattr_get_file_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4356,18 +4329,16 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname, - uap->data, uap->nbytes, td); + uap->data, uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } struct extattr_get_link_args { @@ -4384,8 +4355,6 @@ register struct extattr_get_link_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4394,18 +4363,16 @@ if (error) return (error); - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname, - uap->data, uap->nbytes, td); + uap->data, uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } /* @@ -4420,38 +4387,33 @@ */ static int extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname, - struct proc *p) + struct proc *p, register_t *retval) { - return (ENOTSUP); -#if 0 struct mount *mp; int error; - error = vn_start_write(vp, &mp, V_WAIT | PCATCH); if (error) return (error); - VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); #ifdef MAC - error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace, + error = mac_check_vnode_deleteextattr(p->p_ucred, vp, attrnamespace, attrname); if (error) goto done; #endif - error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred, - td); + error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, p->p_ucred, + p); if (error == EOPNOTSUPP) error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL, - td->td_ucred, td); + p->p_ucred, p); #ifdef MAC done: #endif - VOP_UNLOCK(vp, 0, td); - vn_finished_write(mp); + VOP_UNLOCK(vp, 0, p); return (error); -#endif } struct extattr_delete_fd_args { @@ -4466,8 +4428,6 @@ register struct extattr_delete_fd_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct file *fp; struct vnode *vp; char attrname[EXTATTR_MAXNAMELEN]; @@ -4477,15 +4437,13 @@ if (error) return (error); - error = getvnode(td->td_proc->p_fd, uap->fd, &fp); + error = getvnode(p, uap->fd, &fp); if (error) return (error); - vp = fp->f_vnode; + vp = (struct vnode *)fp->f_data; - error = extattr_delete_vp(vp, uap->attrnamespace, attrname, td); - fdrop(fp, td); + error = extattr_delete_vp(vp, uap->attrnamespace, attrname, p, retval); return (error); -#endif } struct extattr_delete_file_args { @@ -4500,8 +4458,6 @@ register struct extattr_delete_file_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4510,16 +4466,15 @@ if (error) return(error); - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return(error); - NDFREE(&nd, NDF_ONLY_PNBUF); - error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td); + error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, p, + retval); vrele(nd.ni_vp); return(error); -#endif } struct extattr_delete_link_args { @@ -4534,8 +4489,6 @@ register struct extattr_delete_link_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; char attrname[EXTATTR_MAXNAMELEN]; int error; @@ -4544,16 +4497,15 @@ if (error) return(error); - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return(error); - NDFREE(&nd, NDF_ONLY_PNBUF); - error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td); + error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, p, + retval); vrele(nd.ni_vp); return(error); -#endif } /*- @@ -4568,18 +4520,16 @@ */ static int extattr_list_vp(struct vnode *vp, int attrnamespace, void *data, - size_t nbytes, struct proc *p) + size_t nbytes, struct proc *p, register_t *retval) { - return (ENOTSUP); -#if 0 struct uio auio, *auiop; size_t size, *sizep; struct iovec aiov; ssize_t cnt; int error; - VOP_LEASE(vp, td, td->td_ucred, LEASE_READ); - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VOP_LEASE(vp, p, p->p_ucred, LEASE_READ); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); auiop = NULL; sizep = NULL; @@ -4596,31 +4546,30 @@ auio.uio_resid = nbytes; auio.uio_rw = UIO_READ; auio.uio_segflg = UIO_USERSPACE; - auio.uio_td = td; + auio.uio_procp = p; auiop = &auio; cnt = nbytes; } else sizep = &size; #ifdef MAC - error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace); + error = mac_check_vnode_listextattr(p->p_ucred, vp, attrnamespace); if (error) goto done; #endif error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep, - td->td_ucred, td); + p->p_ucred, p); if (auiop != NULL) { cnt -= auio.uio_resid; - td->td_retval[0] = cnt; + *retval = cnt; } else - td->td_retval[0] = size; + *retval = size; done: - VOP_UNLOCK(vp, 0, td); + VOP_UNLOCK(vp, 0, p); return (error); -#endif } @@ -4637,69 +4586,71 @@ register struct extattr_list_fd_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct file *fp; int error; - error = getvnode(td->td_proc->p_fd, uap->fd, &fp); + error = getvnode(p, uap->fd, &fp); if (error) return (error); - error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data, - uap->nbytes, td); + error = extattr_list_vp((struct vnode *)fp->f_data, + uap->attrnamespace, uap->data, + uap->nbytes, p, retval); - fdrop(fp, td); return (error); -#endif } +struct extattr_list_file_args { + char *path; + int attrnamespace; + void *data; + size_t nbytes; +}; int extattr_list_file(p, uap, retval) struct proc *p; register struct extattr_list_file_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data, - uap->nbytes, td); + uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } +struct extattr_list_link_args { + char *path; + int attrnamespace; + void *data; + size_t nbytes; +}; + int extattr_list_link(p, uap, retval) struct proc *p; register struct extattr_list_link_args *uap; register_t *retval; { - return (ENOTSUP); -#if 0 struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, p); error = namei(&nd); if (error) return (error); - NDFREE(&nd, NDF_ONLY_PNBUF); error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data, - uap->nbytes, td); + uap->nbytes, p, retval); vrele(nd.ni_vp); return (error); -#endif } ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#10 (text+ko) ==== @@ -1196,6 +1196,7 @@ if (execlabel == NULL) { (void)security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); +#if 0 int len; char *ts, *ns, *fs; security_sid_to_context (task->sid, &ts, &len); @@ -1205,6 +1206,7 @@ security_free_context (ts); security_free_context (fs); security_free_context (ns); +#endif } else { newsid = ((struct task_security_struct *) SLOT(execlabel))->sid; @@ -2319,6 +2321,8 @@ #endif #ifdef EXTATTR .mpo_check_vnode_getextattr = sebsd_check_vnode_getextattr, + .mpo_check_vnode_listextattr = NOT_IMPLEMENTED, + .mpo_check_vnode_deleteextattr = NOT_IMPLEMENTED, #endif .mpo_check_vnode_link = sebsd_check_vnode_link, .mpo_check_vnode_lookup = sebsd_check_vnode_lookup,home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311071952.hA7JqopY070993>