diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 22:23:02 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 22:23:02 +0000 |
| commit | b246ee0a3cced8c39f5aaa8505242e775d93e8c4 (patch) | |
| tree | 1b32476766408c94dcee10b7fe67f140d5da3e23 /sys/compat/linux/linux_file.c | |
| parent | 41f4dc56d14bda3dbbebfdb61740397a2caf7321 (diff) | |
| download | FreeBSD-src-b246ee0a3cced8c39f5aaa8505242e775d93e8c4.zip FreeBSD-src-b246ee0a3cced8c39f5aaa8505242e775d93e8c4.tar.gz | |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module. In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/compat/linux/linux_file.c')
| -rw-r--r-- | sys/compat/linux/linux_file.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/compat/linux/linux_file.c b/sys/compat/linux/linux_file.c index 4f37d75..3c459dd 100644 --- a/sys/compat/linux/linux_file.c +++ b/sys/compat/linux/linux_file.c @@ -29,6 +29,7 @@ */ #include "opt_compat.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -38,6 +39,7 @@ #include <sys/file.h> #include <sys/filedesc.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mount.h> #include <sys/mutex.h> @@ -325,6 +327,13 @@ again: cookies = NULL; } +#ifdef MAC + /* + * Do directory search MAC check using non-cached credentials. + */ + if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp)) + goto out; +#endif /* MAC */ if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, &cookies))) goto out; |
