diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 20:44:52 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 20:44:52 +0000 |
commit | eac603fb18056d40de5410c7662fda3986c240a2 (patch) | |
tree | ef06ad305049de06727bc367da2f41c299735c86 /sys/kern | |
parent | a1b63b5aa60b492e2fd02dcdc383903f3e2667b8 (diff) | |
download | FreeBSD-src-eac603fb18056d40de5410c7662fda3986c240a2.zip FreeBSD-src-eac603fb18056d40de5410c7662fda3986c240a2.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC framework entry points to authorize readdir()
operations in the native ABI.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/vfs_extattr.c | 15 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 15 |
2 files changed, 28 insertions, 2 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index a38fa6a..f02f62f 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -2865,6 +2865,14 @@ unionread: auio.uio_resid = SCARG(uap, count); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error) { + VOP_UNLOCK(vp, 0, td); + fdrop(fp, td); + return (error); + } +#endif # if (BYTE_ORDER != LITTLE_ENDIAN) if (vp->v_mount->mnt_maxsymlinklen <= 0) { error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, @@ -3000,7 +3008,12 @@ unionread: /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; - error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL); +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error == 0) +#endif + error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, + NULL); fp->f_offset = auio.uio_offset; VOP_UNLOCK(vp, 0, td); if (error) { diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index a38fa6a..f02f62f 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2865,6 +2865,14 @@ unionread: auio.uio_resid = SCARG(uap, count); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error) { + VOP_UNLOCK(vp, 0, td); + fdrop(fp, td); + return (error); + } +#endif # if (BYTE_ORDER != LITTLE_ENDIAN) if (vp->v_mount->mnt_maxsymlinklen <= 0) { error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, @@ -3000,7 +3008,12 @@ unionread: /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; - error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL); +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error == 0) +#endif + error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, + NULL); fp->f_offset = auio.uio_offset; VOP_UNLOCK(vp, 0, td); if (error) { |