diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
commit | a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch) | |
tree | 77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/kern/vfs_extattr.c | |
parent | 32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff) | |
download | FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz |
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/vfs_extattr.c')
-rw-r--r-- | sys/kern/vfs_extattr.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index fce45fe..c09fbd7 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -734,7 +734,7 @@ open(td, uap) vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_write(td->td_ucred, vp); + error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp); if (error == 0) #endif error = VOP_SETATTR(vp, &vat, td->td_ucred, td); @@ -2367,7 +2367,8 @@ truncate(td, uap) if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {} + else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp))) { + } #endif else if ((error = vn_writechk(vp)) == 0 && (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { @@ -2424,7 +2425,9 @@ ftruncate(td, uap) if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {} + else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred, + vp))) { + } #endif else if ((error = vn_writechk(vp)) == 0) { VATTR_NULL(&vattr); @@ -3342,7 +3345,11 @@ fhopen(td, uap) VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */ #ifdef MAC - error = mac_check_vnode_write(td->td_ucred, vp); + /* + * We don't yet have fp->f_cred, so use td->td_ucred, which + * should be right. + */ + error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp); if (error == 0) { #endif VATTR_NULL(vap); |