diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 15:45:16 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 15:45:16 +0000 |
commit | 751f2d0c51ea2bbdb1625338052d19ecbb5f9f26 (patch) | |
tree | ed4ec9c3ffc090c01937ac072f89167be5573552 /sys/fs/devfs/devfs_devs.c | |
parent | d829fd90ded403dd4a4a677af12efeec9fef680d (diff) | |
download | FreeBSD-src-751f2d0c51ea2bbdb1625338052d19ecbb5f9f26.zip FreeBSD-src-751f2d0c51ea2bbdb1625338052d19ecbb5f9f26.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Instrument devfs to support per-dirent MAC labels. In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries. Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store. This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/fs/devfs/devfs_devs.c')
-rw-r--r-- | sys/fs/devfs/devfs_devs.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sys/fs/devfs/devfs_devs.c b/sys/fs/devfs/devfs_devs.c index fd378b8..15a2018 100644 --- a/sys/fs/devfs/devfs_devs.c +++ b/sys/fs/devfs/devfs_devs.c @@ -30,6 +30,7 @@ */ #include "opt_devfs.h" +#include "opt_mac.h" #ifndef NODEVFS #include <sys/param.h> @@ -38,6 +39,7 @@ #include <sys/dirent.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/proc.h> #include <sys/sysctl.h> @@ -207,6 +209,9 @@ devfs_newdirent(char *name, int namelen) vfs_timestamp(&de->de_ctime); de->de_mtime = de->de_atime = de->de_ctime; de->de_links = 1; +#ifdef MAC + mac_init_devfsdirent(de); +#endif return (de); } @@ -254,6 +259,9 @@ devfs_delete(struct devfs_dirent *dd, struct devfs_dirent *de) if (de->de_vnode) de->de_vnode->v_data = NULL; TAILQ_REMOVE(&dd->de_dlist, de, de_list); +#ifdef MAC + mac_destroy_devfsdirent(de); +#endif FREE(de, M_DEVFS); } @@ -325,6 +333,10 @@ devfs_populate(struct devfs_mount *dm) de = devfs_find(dd, s, q - s); if (de == NULL) { de = devfs_vmkdir(s, q - s, dd); +#ifdef MAC + mac_create_devfs_directory(s, q - s, + de); +#endif de->de_inode = dm->dm_inode++; TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); dd->de_links++; @@ -350,6 +362,9 @@ devfs_populate(struct devfs_mount *dm) de->de_mode = dev->si_mode; de->de_dirent->d_type = DT_CHR; } +#ifdef MAC + mac_create_devfs_device(dev, de); +#endif *dep = de; de->de_dir = dd; devfs_rules_apply(dm, de); |