diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-08-21 14:34:54 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-08-21 14:34:54 +0000 |
| commit | 15931b828562c66c2854a8381c3e03b9a5c609b2 (patch) | |
| tree | 22a58e2b67918a8a00405af6adc906a4312d0bdf /sys/security/mac_bsdextended | |
| parent | d11ff12dc05a90cc3492b6384c85f94f3d4fced1 (diff) | |
| download | FreeBSD-src-15931b828562c66c2854a8381c3e03b9a5c609b2.zip FreeBSD-src-15931b828562c66c2854a8381c3e03b9a5c609b2.tar.gz | |
Implementations of mpo_check_vnode_deleteextattr() and
mpo_check_vnode_listextattr() for Biba, MLS, and BSD Extended.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_bsdextended')
| -rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 22a1492..940109a 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -418,6 +418,22 @@ mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, } static int +mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + struct label *label, int attrnamespace, const char *name) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); +} + +static int mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct label *label, struct image_params *imgp, struct label *execlabel) @@ -495,6 +511,22 @@ mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, } static int +mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + struct label *label, int attrnamespace) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -752,10 +784,12 @@ static struct mac_policy_ops mac_bsdextended_ops = .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, + .mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr, .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, + .mpo_check_vnode_listextattr = mac_bsdextended_check_vnode_listextattr, .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, .mpo_check_vnode_open = mac_bsdextended_check_vnode_open, .mpo_check_vnode_readdir = mac_bsdextended_check_vnode_readdir, |
