diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-12-09 03:44:28 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-12-09 03:44:28 +0000 |
| commit | c5caffe9c429caa50e5fbb079d7ee14257116c62 (patch) | |
| tree | d6e9f6d24a2d8fb99e7d51ac22d960517e26182b /sys/security/mac | |
| parent | 5fcceddc0789f268ea6002c625215947c0cbe4b9 (diff) | |
| download | FreeBSD-src-c5caffe9c429caa50e5fbb079d7ee14257116c62.zip FreeBSD-src-c5caffe9c429caa50e5fbb079d7ee14257116c62.tar.gz | |
Remove dm_root entry from struct devfs_mount. It's never set, and is
unused. Replace it with a dm_mount back-pointer to the struct mount
that the devfs_mount is associated with. Export that pointer to MAC
Framework entry points, where all current policies don't use the
pointer. This permits the SEBSD port of SELinux's FLASK/TE to compile
out-of-the-box on 5.0-CURRENT with full file system labeling support.
Approved by: re (murray)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_net.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 15 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_system.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_vfs.c | 20 |
10 files changed, 104 insertions, 83 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index b03a172..18399f7 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -171,18 +171,20 @@ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); -void mac_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *de); -void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, +void mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de); +void mac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de); +void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); void mac_create_root_mount(struct ucred *cred, struct mount *mp); void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel); -void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp); /* * Labeling event operations: IPC objects. diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 454e6c6..825e45c 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -142,13 +142,15 @@ struct mac_policy_ops { void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, - struct label *label); - void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, + void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev, struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, + struct label *label); void (*mpo_create_devfs_symlink)(struct ucred *cred, - struct devfs_dirent *dd, struct label *ddlabel, - struct devfs_dirent *de, struct label *delabel); + struct mount *mp, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel); int (*mpo_create_vnode_extattr)(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *dvp, struct label *dlabel, @@ -163,7 +165,8 @@ struct mac_policy_ops { int (*mpo_setlabel_vnode_extattr)(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct label *intlabel); - void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + void (*mpo_update_devfsdirent)(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } |
