summaryrefslogtreecommitdiffstats
path: root/sys/kern
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-19 16:43:25 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-19 16:43:25 +0000
commit1a7cd1a210c4be2ec85df8513276938c23be1b95 (patch)
treeb56250ebc97ff756401e26512847769076ec6e53 /sys/kern
parent25617b8fc0dd0452d39b8873c1df9d7fc6fbbf9c (diff)
downloadFreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.zip
FreeBSD-src-1a7cd1a210c4be2ec85df8513276938c23be1b95.tar.gz
Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write(). This improves the consistency with other existing vnode checks, and allows policies to avoid implementing switch statements to determine what operations they do and do not want to authorize. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/kern_ktrace.c2
-rw-r--r--sys/kern/kern_mac.c67
-rw-r--r--sys/kern/tty_tty.c6
-rw-r--r--sys/kern/vfs_extattr.c12
-rw-r--r--sys/kern/vfs_syscalls.c12
-rw-r--r--sys/kern/vfs_vnops.c12
6 files changed, 74 insertions, 37 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c
index 5a40e09..a21f5e2 100644
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@@ -771,7 +771,7 @@ ktr_writerequest(struct ktr_request *req)
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(cred, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 0d6a898..f8cb676 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -755,14 +755,18 @@ mac_policy_register(struct mac_policy_conf *mpc)
mpc->mpc_ops->mpo_check_vnode_mmap_perms =
mpe->mpe_function;
break;
- case MAC_CHECK_VNODE_OP:
- mpc->mpc_ops->mpo_check_vnode_op =
- mpe->mpe_function;
- break;
case MAC_CHECK_VNODE_OPEN:
mpc->mpc_ops->mpo_check_vnode_open =
mpe->mpe_function;
break;
+ case MAC_CHECK_VNODE_POLL:
+ mpc->mpc_ops->mpo_check_vnode_poll =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_VNODE_READ:
+ mpc->mpc_ops->mpo_check_vnode_read =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_VNODE_READDIR:
mpc->mpc_ops->mpo_check_vnode_readdir =
mpe->mpe_function;
@@ -815,6 +819,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
mpc->mpc_ops->mpo_check_vnode_stat =
mpe->mpe_function;
break;
+ case MAC_CHECK_VNODE_WRITE:
+ mpc->mpc_ops->mpo_check_vnode_write =
+ mpe->mpe_function;
+ break;
/*
default:
printf("MAC policy `%s': unknown operation %d\n",
@@ -1762,30 +1770,48 @@ mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping)
}
int
-mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
{
int error;
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
+
if (!mac_enforce_fs)
return (0);
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_op");
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+ return (error);
+}
+
+int
+mac_check_vnode_poll(struct ucred *cred, struct vnode *vp)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll");
+
+ if (!mac_enforce_fs)
+ return (0);
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_op, cred, vp, &vp->v_label, op);
+ MAC_CHECK(check_vnode_poll, cred, vp, &vp->v_label);
return (error);
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_read(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read");
if (!mac_enforce_fs)
return (0);
@@ -1794,7 +1820,8 @@ mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
if (error)
return (error);
- MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+ MAC_CHECK(check_vnode_read, cred, vp, &vp->v_label);
+
return (error);
}
@@ -2050,6 +2077,26 @@ mac_check_vnode_stat(struct ucred *cred, struct vnode *vp)
return (error);
}
+int
+mac_check_vnode_write(struct ucred *cred, struct vnode *vp)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write");
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_write, cred, vp, &vp->v_label);
+
+ return (error);
+}
+
+
/*
* When relabeling a process, call out to the policies for the maximum
* permission allowed for each object type we know about in its
diff --git a/sys/kern/tty_tty.c b/sys/kern/tty_tty.c
index f70f585..86132d9 100644
--- a/sys/kern/tty_tty.c
+++ b/sys/kern/tty_tty.c
@@ -131,7 +131,7 @@ cttyread(dev, uio, flag)
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
/* XXX: Shouldn't the cred below be td->td_ucred not NOCRED? */
- error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_READ);
+ error = mac_check_vnode_read(td->td_ucred, ttyvp);
if (error == 0)
#endif
error = VOP_READ(ttyvp, uio, flag, NOCRED);
@@ -166,7 +166,7 @@ cttywrite(dev, uio, flag)
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
/* XXX: shouldn't the cred below be td->td_ucred not NOCRED? */
- error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, ttyvp);
if (error == 0)
#endif
error = VOP_WRITE(ttyvp, uio, flag, NOCRED);
@@ -236,7 +236,7 @@ cttypoll(dev, events, td)
return (seltrue(dev, events, td));
#ifdef MAC
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_POLL);
+ error = mac_check_vnode_poll(td->td_ucred, ttyvp);
VOP_UNLOCK(ttyvp, 0, td);
if (error)
return (error);
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index 39f8423..fce45fe 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -734,8 +734,7 @@ open(td, uap)
vat.va_size = 0;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, vp);
if (error == 0)
#endif
error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
@@ -2368,8 +2367,7 @@ truncate(td, uap)
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
#endif
else if ((error = vn_writechk(vp)) == 0 &&
(error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
@@ -2426,8 +2424,7 @@ ftruncate(td, uap)
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
#endif
else if ((error = vn_writechk(vp)) == 0) {
VATTR_NULL(&vattr);
@@ -3345,8 +3342,7 @@ fhopen(td, uap)
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, vp);
if (error == 0) {
#endif
VATTR_NULL(vap);
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 39f8423..fce45fe 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -734,8 +734,7 @@ open(td, uap)
vat.va_size = 0;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, vp);
if (error == 0)
#endif
error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
@@ -2368,8 +2367,7 @@ truncate(td, uap)
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
#endif
else if ((error = vn_writechk(vp)) == 0 &&
(error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
@@ -2426,8 +2424,7 @@ ftruncate(td, uap)
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, vp))) {}
#endif
else if ((error = vn_writechk(vp)) == 0) {
VATTR_NULL(&vattr);
@@ -3345,8 +3342,7 @@ fhopen(td, uap)
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, vp);
if (error == 0) {
#endif
VATTR_NULL(vap);
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 07e5fc9..08bdeb2 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -402,11 +402,9 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred,
#ifdef MAC
if ((ioflg & IO_NOMACCHECK) == 0) {
if (rw == UIO_READ)
- error = mac_check_vnode_op(active_cred, vp,
- MAC_OP_VNODE_READ);
+ error = mac_check_vnode_read(active_cred, vp);
else
- error = mac_check_vnode_op(active_cred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(active_cred, vp);
}
#endif
if (error == 0) {
@@ -507,7 +505,7 @@ vn_read(fp, uio, active_cred, flags, td)
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_op(active_cred, vp, MAC_OP_VNODE_READ);
+ error = mac_check_vnode_read(active_cred, vp);
if (error == 0)
#endif
error = VOP_READ(vp, uio, ioflag, fp->f_cred);
@@ -562,7 +560,7 @@ vn_write(fp, uio, active_cred, flags, td)
uio->uio_offset = fp->f_offset;
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_op(active_cred, vp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(active_cred, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, uio, ioflag, fp->f_cred);
@@ -807,7 +805,7 @@ vn_poll(fp, events, active_cred, td)
vp = (struct vnode *)fp->f_data;
#ifdef MAC
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_check_vnode_op(active_cred, vp, MAC_OP_VNODE_POLL);
+ error = mac_check_vnode_poll(active_cred, vp);
VOP_UNLOCK(vp, 0, td);
if (error)
return (error);
OpenPOWER on IntegriCloud