diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 19:04:53 +0000 |
commit | a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae (patch) | |
tree | 77c1982dd4eb706f6b2cec714687d0049945f5b5 /sys/kern/vfs_vnops.c | |
parent | 32d992cd392a444b63141edb7a5b5d0483eb36f2 (diff) | |
download | FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.zip FreeBSD-src-a1cb1e3bedf5e17c3e47858fd715df1bf1e274ae.tar.gz |
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/vfs_vnops.c')
-rw-r--r-- | sys/kern/vfs_vnops.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 08bdeb2..fc6c78e 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -402,9 +402,11 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred, #ifdef MAC if ((ioflg & IO_NOMACCHECK) == 0) { if (rw == UIO_READ) - error = mac_check_vnode_read(active_cred, vp); + error = mac_check_vnode_read(active_cred, file_cred, + vp); else - error = mac_check_vnode_write(active_cred, vp); + error = mac_check_vnode_write(active_cred, file_cred, + vp); } #endif if (error == 0) { @@ -505,7 +507,7 @@ vn_read(fp, uio, active_cred, flags, td) ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_read(active_cred, vp); + error = mac_check_vnode_read(active_cred, fp->f_cred, vp); if (error == 0) #endif error = VOP_READ(vp, uio, ioflag, fp->f_cred); @@ -560,7 +562,7 @@ vn_write(fp, uio, active_cred, flags, td) uio->uio_offset = fp->f_offset; ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_write(active_cred, vp); + error = mac_check_vnode_write(active_cred, fp->f_cred, vp); if (error == 0) #endif error = VOP_WRITE(vp, uio, ioflag, fp->f_cred); @@ -610,7 +612,7 @@ vn_stat(vp, sb, active_cred, file_cred, td) u_short mode; #ifdef MAC - error = mac_check_vnode_stat(active_cred, vp); + error = mac_check_vnode_stat(active_cred, file_cred, vp); if (error) return (error); #endif @@ -805,7 +807,7 @@ vn_poll(fp, events, active_cred, td) vp = (struct vnode *)fp->f_data; #ifdef MAC vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_poll(active_cred, vp); + error = mac_check_vnode_poll(active_cred, fp->f_cred, vp); VOP_UNLOCK(vp, 0, td); if (error) return (error); |