summaryrefslogtreecommitdiffstats
path: root/sys/kern/vfs_vnops.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-19 19:04:53 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-19 19:04:53 +0000
commita1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch)
tree77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/kern/vfs_vnops.c
parent32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff)
downloadFreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip
FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred when calling these checks with a struct file available. Otherwise, pass NOCRED. All currently MAC policies use active_cred, but could now offer the cached credential semantic used for the base system security model. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/vfs_vnops.c')
-rw-r--r--sys/kern/vfs_vnops.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 08bdeb2..fc6c78e 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -402,9 +402,11 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred,
#ifdef MAC
if ((ioflg & IO_NOMACCHECK) == 0) {
if (rw == UIO_READ)
- error = mac_check_vnode_read(active_cred, vp);
+ error = mac_check_vnode_read(active_cred, file_cred,
+ vp);
else
- error = mac_check_vnode_write(active_cred, vp);
+ error = mac_check_vnode_write(active_cred, file_cred,
+ vp);
}
#endif
if (error == 0) {
@@ -505,7 +507,7 @@ vn_read(fp, uio, active_cred, flags, td)
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_read(active_cred, vp);
+ error = mac_check_vnode_read(active_cred, fp->f_cred, vp);
if (error == 0)
#endif
error = VOP_READ(vp, uio, ioflag, fp->f_cred);
@@ -560,7 +562,7 @@ vn_write(fp, uio, active_cred, flags, td)
uio->uio_offset = fp->f_offset;
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_write(active_cred, vp);
+ error = mac_check_vnode_write(active_cred, fp->f_cred, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, uio, ioflag, fp->f_cred);
@@ -610,7 +612,7 @@ vn_stat(vp, sb, active_cred, file_cred, td)
u_short mode;
#ifdef MAC
- error = mac_check_vnode_stat(active_cred, vp);
+ error = mac_check_vnode_stat(active_cred, file_cred, vp);
if (error)
return (error);
#endif
@@ -805,7 +807,7 @@ vn_poll(fp, events, active_cred, td)
vp = (struct vnode *)fp->f_data;
#ifdef MAC
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_check_vnode_poll(active_cred, vp);
+ error = mac_check_vnode_poll(active_cred, fp->f_cred, vp);
VOP_UNLOCK(vp, 0, td);
if (error)
return (error);
OpenPOWER on IntegriCloud