diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:18:42 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:18:42 +0000 |
commit | f103a76ebd421344544b6a88b78e6112f95facd9 (patch) | |
tree | 43ff4b7ac0913e94920224a9d3ab4bc366c696e3 /sys/kern/uipc_usrreq.c | |
parent | 07d1a754b06c2d22c01897140e53cde80802e605 (diff) | |
download | FreeBSD-src-f103a76ebd421344544b6a88b78e6112f95facd9.zip FreeBSD-src-f103a76ebd421344544b6a88b78e6112f95facd9.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Authorize the creation of UNIX domain sockets in the file system
namespace via an appropriate invocation a MAC framework entry
point.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/uipc_usrreq.c')
-rw-r--r-- | sys/kern/uipc_usrreq.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index a946ff3..dac95c9 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -45,6 +45,7 @@ #include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/mutex.h> #include <sys/namei.h> @@ -638,8 +639,14 @@ restart: FILEDESC_LOCK(td->td_proc->p_fd); vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); FILEDESC_UNLOCK(td->td_proc->p_fd); - VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); +#ifdef MAC + error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + &vattr); +#endif /* MAC */ + if (error == 0) { + VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); + error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); + } NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); if (error) { |