Introduce support for Mandatory Access Control and extensible

kernel access control.

Restructure the vn_open_cred() access control checks to invoke
the MAC entry point for open authorization.  Note that MAC can
reject open requests where existing DAC code skips the open
authorization check due to O_CREAT.  However, the failure mode
here is the same as other failure modes following creation,
wherein an empty file may be left behind.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 21 insertions, 11 deletions

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index c759196..402b9f9 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -39,6 +39,8 @@
  * $FreeBSD$
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/fcntl.h>
@@ -46,6 +48,7 @@
 #include <sys/stat.h>
 #include <sys/proc.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
 #include <sys/namei.h>
@@ -187,22 +190,29 @@ restart:
 		error = EOPNOTSUPP;
 		goto bad;
 	}
+	mode = 0;
+	if (fmode & (FWRITE | O_TRUNC)) {
+		if (vp->v_type == VDIR) {
+			error = EISDIR;
+			goto bad;
+		}
+		mode |= VWRITE;
+	}
+	if (fmode & FREAD)
+		mode |= VREAD;
+	if (fmode & O_APPEND)
+		mode |= VAPPEND;
+#ifdef MAC
+	error = mac_check_vnode_open(cred, vp, mode);
+	if (error)
+		goto bad;
+#endif
 	if ((fmode & O_CREAT) == 0) {
-		mode = 0;
-		if (fmode & (FWRITE | O_TRUNC)) {
-			if (vp->v_type == VDIR) {
-				error = EISDIR;
-				goto bad;
-			}
+		if (mode & VWRITE) {
 			error = vn_writechk(vp);
 			if (error)
 				goto bad;
-			mode |= VWRITE;
 		}
-		if (fmode & FREAD)
-			mode |= VREAD;
-		if (fmode & O_APPEND)
-			mode |= VAPPEND;
 		if (mode) {
 		        error = VOP_ACCESS(vp, mode, cred, td);
 			if (error)