diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
commit | a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch) | |
tree | 77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/kern/tty_tty.c | |
parent | 32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff) | |
download | FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz |
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/tty_tty.c')
-rw-r--r-- | sys/kern/tty_tty.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sys/kern/tty_tty.c b/sys/kern/tty_tty.c index 86132d9..a3a7a39 100644 --- a/sys/kern/tty_tty.c +++ b/sys/kern/tty_tty.c @@ -104,6 +104,7 @@ cttyopen(dev, flag, mode, td) return (error); } #endif + /* XXX: Shouldn't this cred be td->td_ucred not NOCRED? */ error = VOP_OPEN(ttyvp, flag, NOCRED, td); VOP_UNLOCK(ttyvp, 0, td); return (error); @@ -130,10 +131,10 @@ cttyread(dev, uio, flag) return (EIO); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - /* XXX: Shouldn't the cred below be td->td_ucred not NOCRED? */ - error = mac_check_vnode_read(td->td_ucred, ttyvp); + error = mac_check_vnode_read(td->td_ucred, NOCRED, ttyvp); if (error == 0) #endif + /* XXX: Shouldn't this cred be td->td_ucred not NOCRED? */ error = VOP_READ(ttyvp, uio, flag, NOCRED); VOP_UNLOCK(ttyvp, 0, td); return (error); @@ -165,10 +166,10 @@ cttywrite(dev, uio, flag) return (error); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - /* XXX: shouldn't the cred below be td->td_ucred not NOCRED? */ - error = mac_check_vnode_write(td->td_ucred, ttyvp); + error = mac_check_vnode_write(td->td_ucred, NOCRED, ttyvp); if (error == 0) #endif + /* XXX: shouldn't this cred be td->td_ucred not NOCRED? */ error = VOP_WRITE(ttyvp, uio, flag, NOCRED); VOP_UNLOCK(ttyvp, 0, td); vn_finished_write(mp); @@ -236,7 +237,7 @@ cttypoll(dev, events, td) return (seltrue(dev, events, td)); #ifdef MAC vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_poll(td->td_ucred, ttyvp); + error = mac_check_vnode_poll(td->td_ucred, NOCRED, ttyvp); VOP_UNLOCK(ttyvp, 0, td); if (error) return (error); |