diff options
| -rw-r--r-- | sys/conf/files | 1 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs.c | 1 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs.h | 3 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_mac.c | 68 | ||||
| -rw-r--r-- | sys/modules/procfs/Makefile | 2 |
5 files changed, 75 insertions, 0 deletions
diff --git a/sys/conf/files b/sys/conf/files index 52488e3..0823f4f 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -730,6 +730,7 @@ fs/procfs/procfs_ctl.c optional procfs fs/procfs/procfs_dbregs.c optional procfs fs/procfs/procfs_fpregs.c optional procfs fs/procfs/procfs_ioctl.c optional procfs +fs/procfs/procfs_mac.c optional procfs fs/procfs/procfs_map.c optional procfs fs/procfs/procfs_mem.c optional procfs fs/procfs/procfs_note.c optional procfs diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c index 8083ba6..d91d23e 100644 --- a/sys/fs/procfs/procfs.c +++ b/sys/fs/procfs/procfs.c @@ -153,6 +153,7 @@ procfs_init(PFS_INIT_ARGS) dir = pfs_create_dir(root, "pid", &procfs_attr, NULL, PFS_PROCDEP); + dir->pn_refreshlabel = &procfs_piddir_refreshlabel; pfs_create_file(dir, "cmdline", &procfs_doproccmdline, NULL, NULL, PFS_RD); pfs_create_file(dir, "ctl", &procfs_doprocctl, diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h index 4baaf50..61f6e954 100644 --- a/sys/fs/procfs/procfs.h +++ b/sys/fs/procfs/procfs.h @@ -61,6 +61,9 @@ int procfs_close(PFS_CLOSE_ARGS); /* Attributes */ int procfs_attr(PFS_ATTR_ARGS); +/* MAC */ +int procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS); + /* Visibility */ int procfs_notsystem(PFS_VIS_ARGS); int procfs_candebug(PFS_VIS_ARGS); diff --git a/sys/fs/procfs/procfs_mac.c b/sys/fs/procfs/procfs_mac.c new file mode 100644 index 0000000..ea5c9f5 --- /dev/null +++ b/sys/fs/procfs/procfs_mac.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002 Network Associates Technology, Inc. + * All rights reserved. + * + * This software was developed in part by NAI Labs, the Security Research + * Division of Network Associates, Inc. under DARPA/SPAWAR contract + * N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include "opt_mac.h" + +#include <sys/param.h> +#include <sys/lock.h> +#include <sys/mac.h> +#include <sys/mount.h> +#include <sys/mutex.h> +#include <sys/proc.h> +#include <sys/systm.h> +#include <sys/ucred.h> +#include <sys/vnode.h> + +#include <fs/pseudofs/pseudofs.h> +#include <fs/procfs/procfs.h> + +int +procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS) +{ +#ifdef MAC + + if (p == NULL) + mac_update_vnode_from_mount(vp, vp->v_mount); + else { + PROC_LOCK(p); + mac_update_procfsvnode(vp, p->p_ucred); + PROC_UNLOCK(p); + } + + return (0); +#else + return (EOPNOTSUPP); +#endif +} diff --git a/sys/modules/procfs/Makefile b/sys/modules/procfs/Makefile index 75e23a0..d4f41b3 100644 --- a/sys/modules/procfs/Makefile +++ b/sys/modules/procfs/Makefile @@ -4,11 +4,13 @@ KMOD= procfs SRCS= +SRCS+= opt_mac.h SRCS+= vnode_if.h SRCS+= procfs_ctl.c SRCS+= procfs_dbregs.c SRCS+= procfs_fpregs.c SRCS+= procfs_ioctl.c +SRCS+= procfs_mac.c SRCS+= procfs_map.c SRCS+= procfs_mem.c SRCS+= procfs_note.c |
