diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-04-22 16:18:10 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-04-22 16:18:10 +0000 |
| commit | 1c94b6d3ee7cc5a273997e5dd61d432475bed233 (patch) | |
| tree | 1a5de6c7822c50a3ed2d30c9621d0e6c1932b16f /sys/security/mac_lomac/mac_lomac.c | |
| parent | c729a4c68dbc009109dc4dacf19bd61514820196 (diff) | |
| download | FreeBSD-src-1c94b6d3ee7cc5a273997e5dd61d432475bed233.zip FreeBSD-src-1c94b6d3ee7cc5a273997e5dd61d432475bed233.tar.gz | |
In the MAC Framework implementation, file systems have two per-mountpoint
labels: the mount label (label of the mountpoint) and the fs label (label
of the file system). In practice, policies appear to only ever use one,
and the distinction is not helpful.
Combine mnt_mntlabel and mnt_fslabel into a single mnt_label, and
eliminate extra machinery required to maintain the additional label.
Update policies to reflect removal of extra entry points and label.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Diffstat (limited to 'sys/security/mac_lomac/mac_lomac.c')
| -rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index c52cf70..c85ec2f 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -949,15 +949,13 @@ mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_lomac_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_lomac_copy_single(source, dest); - dest = SLOT(fslabel); - mac_lomac_copy_single(source, dest); } static void @@ -986,7 +984,7 @@ mac_lomac_update_devfsdirent(struct mount *mp, } static void -mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { @@ -999,13 +997,13 @@ mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel, } static int -mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_lomac temp, *source, *dest; int buflen, error; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); buflen = sizeof(temp); @@ -1014,7 +1012,7 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the fslabel. */ + /* Fall back to the mntlabel. */ mac_lomac_copy_single(source, dest); return (0); } else if (error) @@ -1047,11 +1045,11 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, static void mac_lomac_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_lomac *source, *dest; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); mac_lomac_copy_single(source, dest); @@ -1059,7 +1057,7 @@ mac_lomac_associate_vnode_singlelabel(struct mount *mp, static int mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { struct mac_lomac *source, *dest, *dir, temp; @@ -2833,7 +2831,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_init_ipq_label = mac_lomac_init_label_waitcheck, .mpo_init_mbuf_label = mac_lomac_init_label_waitcheck, .mpo_init_mount_label = mac_lomac_init_label, - .mpo_init_mount_fs_label = mac_lomac_init_label, .mpo_init_pipe_label = mac_lomac_init_label, .mpo_init_proc_label = mac_lomac_init_proc_label, .mpo_init_socket_label = mac_lomac_init_label_waitcheck, @@ -2848,7 +2845,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_destroy_ipq_label = mac_lomac_destroy_label, .mpo_destroy_mbuf_label = mac_lomac_destroy_label, .mpo_destroy_mount_label = mac_lomac_destroy_label, - .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, .mpo_destroy_pipe_label = mac_lomac_destroy_label, .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, .mpo_destroy_syncache_label = mac_lomac_destroy_label, |
