Pass active_cred and file_cred into the MAC framework explicitly

for mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred
when calling these checks with a struct file available.  Otherwise,
pass NOCRED.  All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 11 insertions, 4 deletions

diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index fce45fe..c09fbd7 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -734,7 +734,7 @@ open(td, uap)
 		vat.va_size = 0;
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-		error = mac_check_vnode_write(td->td_ucred, vp);
+		error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp);
 		if (error == 0)
 #endif
 			error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
@@ -2367,7 +2367,8 @@ truncate(td, uap)
 	if (vp->v_type == VDIR)
 		error = EISDIR;
 #ifdef MAC
-	else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
+	else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp))) {
+	}
 #endif
 	else if ((error = vn_writechk(vp)) == 0 &&
 	    (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
@@ -2424,7 +2425,9 @@ ftruncate(td, uap)
 	if (vp->v_type == VDIR)
 		error = EISDIR;
 #ifdef MAC
-	else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
+	else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred,
+	    vp))) {
+	}
 #endif
 	else if ((error = vn_writechk(vp)) == 0) {
 		VATTR_NULL(&vattr);
@@ -3342,7 +3345,11 @@ fhopen(td, uap)
 		VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);	/* XXX */
 #ifdef MAC
-		error = mac_check_vnode_write(td->td_ucred, vp);
+		/*
+		 * We don't yet have fp->f_cred, so use td->td_ucred, which
+		 * should be right.
+		 */
+		error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp);
 		if (error == 0) {
 #endif
 			VATTR_NULL(vap);