summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-12 16:15:34 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-12 16:15:34 +0000
commitd14df136e25899f51c4b8aa65ddd3bd2c112e532 (patch)
tree469acb8d2bf9e76cea15420d324ea0a3d031ed97 /sys
parentcaa152031758d04e19a87ea5055271e0d46ce680 (diff)
downloadFreeBSD-src-d14df136e25899f51c4b8aa65ddd3bd2c112e532.zip
FreeBSD-src-d14df136e25899f51c4b8aa65ddd3bd2c112e532.tar.gz
Implement IO_NOMACCHECK in vn_rdwr() -- perform MAC checks (assuming
'options MAC') as long as IO_NOMACCHECK is not set in the IO flags. If IO_NOMACCHECK is set, bypass MAC checks in vn_rdwr(). This allows vn_rdwr() to be used as a utility function inside of file systems where MAC checks have already been performed, or where the operation is being done on behalf of the kernel not the user. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI LAbs
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/vfs_vnops.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 9657c3b..2f65b45 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -394,10 +394,23 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
auio.uio_segflg = segflg;
auio.uio_rw = rw;
auio.uio_td = td;
- if (rw == UIO_READ)
- error = VOP_READ(vp, &auio, ioflg, cred);
- else
- error = VOP_WRITE(vp, &auio, ioflg, cred);
+ error = 0;
+#ifdef MAC
+ if ((ioflg & IO_NOMACCHECK) == 0) {
+ if (rw == UIO_READ)
+ error = mac_check_vnode_op(cred, vp,
+ MAC_OP_VNODE_READ);
+ else
+ error = mac_check_vnode_op(cred, vp,
+ MAC_OP_VNODE_WRITE);
+ }
+#endif
+ if (error == 0) {
+ if (rw == UIO_READ)
+ error = VOP_READ(vp, &auio, ioflg, cred);
+ else
+ error = VOP_WRITE(vp, &auio, ioflg, cred);
+ }
if (aresid)
*aresid = auio.uio_resid;
else
OpenPOWER on IntegriCloud