diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:21:40 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:21:40 +0000 |
commit | b5a9c0344c93a4baad65172b9e0509bd7e9f599a (patch) | |
tree | 0593c65f5efd3a5f98e6b736ee3ab9e68faf6dae /sys/kern/vfs_lookup.c | |
parent | f103a76ebd421344544b6a88b78e6112f95facd9 (diff) | |
download | FreeBSD-src-b5a9c0344c93a4baad65172b9e0509bd7e9f599a.zip FreeBSD-src-b5a9c0344c93a4baad65172b9e0509bd7e9f599a.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Authorize vop_readlink() and vop_lookup() activities during recursive
path lookup via namei() via calls to appropriate MAC entry points.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/vfs_lookup.c')
-rw-r--r-- | sys/kern/vfs_lookup.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 9c24f52..e8cabd5 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -40,11 +40,13 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/mutex.h> #include <sys/namei.h> #include <sys/vnode.h> @@ -213,6 +215,11 @@ namei(ndp) error = ELOOP; break; } +#ifdef MAC + error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp); + if (error) + break; +#endif if (ndp->ni_pathlen > 1) cp = uma_zalloc(namei_zone, M_WAITOK); else @@ -463,6 +470,11 @@ dirloop: * We now have a segment name to search for, and a directory to search. */ unionlookup: +#ifdef MAC + error = mac_check_vnode_lookup(td->td_ucred, dp, cnp); + if (error) + goto bad; +#endif ndp->ni_dvp = dp; ndp->ni_vp = NULL; cnp->cn_flags &= ~PDIRUNLOCK; |