summaryrefslogtreecommitdiffstats
path: root/sys/kern
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-01 20:44:52 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-01 20:44:52 +0000
commiteac603fb18056d40de5410c7662fda3986c240a2 (patch)
treeef06ad305049de06727bc367da2f41c299735c86 /sys/kern
parenta1b63b5aa60b492e2fd02dcdc383903f3e2667b8 (diff)
downloadFreeBSD-src-eac603fb18056d40de5410c7662fda3986c240a2.zip
FreeBSD-src-eac603fb18056d40de5410c7662fda3986c240a2.tar.gz
Introduce support for Mandatory Access Control and extensible
kernel access control. Invoke appropriate MAC framework entry points to authorize readdir() operations in the native ABI. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/vfs_extattr.c15
-rw-r--r--sys/kern/vfs_syscalls.c15
2 files changed, 28 insertions, 2 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index a38fa6a..f02f62f 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -2865,6 +2865,14 @@ unionread:
auio.uio_resid = SCARG(uap, count);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error) {
+ VOP_UNLOCK(vp, 0, td);
+ fdrop(fp, td);
+ return (error);
+ }
+#endif
# if (BYTE_ORDER != LITTLE_ENDIAN)
if (vp->v_mount->mnt_maxsymlinklen <= 0) {
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
@@ -3000,7 +3008,12 @@ unionread:
/* vn_lock(vp, LK_SHARED | LK_RETRY, td); */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
- error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error == 0)
+#endif
+ error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
+ NULL);
fp->f_offset = auio.uio_offset;
VOP_UNLOCK(vp, 0, td);
if (error) {
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index a38fa6a..f02f62f 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -2865,6 +2865,14 @@ unionread:
auio.uio_resid = SCARG(uap, count);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error) {
+ VOP_UNLOCK(vp, 0, td);
+ fdrop(fp, td);
+ return (error);
+ }
+#endif
# if (BYTE_ORDER != LITTLE_ENDIAN)
if (vp->v_mount->mnt_maxsymlinklen <= 0) {
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
@@ -3000,7 +3008,12 @@ unionread:
/* vn_lock(vp, LK_SHARED | LK_RETRY, td); */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
- error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error == 0)
+#endif
+ error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
+ NULL);
fp->f_offset = auio.uio_offset;
VOP_UNLOCK(vp, 0, td);
if (error) {
OpenPOWER on IntegriCloud