diff options
| -rw-r--r-- | sys/fs/devfs/devfs.h | 2 | ||||
| -rw-r--r-- | sys/fs/devfs/devfs_devs.c | 6 | ||||
| -rw-r--r-- | sys/fs/devfs/devfs_vfsops.c | 3 | ||||
| -rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 4 | ||||
| -rw-r--r-- | sys/kern/kern_mac.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_net.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 15 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_system.c | 20 | ||||
| -rw-r--r-- | sys/security/mac/mac_vfs.c | 20 | ||||
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 18 | ||||
| -rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 18 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 18 | ||||
| -rw-r--r-- | sys/security/mac_none/mac_none.c | 18 | ||||
| -rw-r--r-- | sys/security/mac_stub/mac_stub.c | 18 | ||||
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 18 | ||||
| -rw-r--r-- | sys/sys/mac.h | 12 | ||||
| -rw-r--r-- | sys/sys/mac_policy.h | 15 |
23 files changed, 199 insertions, 158 deletions
diff --git a/sys/fs/devfs/devfs.h b/sys/fs/devfs/devfs.h index a30bbde..7c660ec 100644 --- a/sys/fs/devfs/devfs.h +++ b/sys/fs/devfs/devfs.h @@ -168,7 +168,7 @@ struct devfs_dirent { }; struct devfs_mount { - struct vnode *dm_root; /* Root node */ + struct mount *dm_mount; struct devfs_dirent *dm_rootdir; struct devfs_dirent *dm_basedir; unsigned dm_generation; diff --git a/sys/fs/devfs/devfs_devs.c b/sys/fs/devfs/devfs_devs.c index c01eba4..cb7c99c 100644 --- a/sys/fs/devfs/devfs_devs.c +++ b/sys/fs/devfs/devfs_devs.c @@ -334,8 +334,8 @@ devfs_populate(struct devfs_mount *dm) if (de == NULL) { de = devfs_vmkdir(s, q - s, dd); #ifdef MAC - mac_create_devfs_directory(s, q - s, - de); + mac_create_devfs_directory( + dm->dm_mount, s, q - s, de); #endif de->de_inode = dm->dm_inode++; TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); @@ -363,7 +363,7 @@ devfs_populate(struct devfs_mount *dm) de->de_dirent->d_type = DT_CHR; } #ifdef MAC - mac_create_devfs_device(dev, de); + mac_create_devfs_device(dm->dm_mount, dev, de); #endif *dep = de; de->de_dir = dd; diff --git a/sys/fs/devfs/devfs_vfsops.c b/sys/fs/devfs/devfs_vfsops.c index 5f4d855..e74b4e9 100644 --- a/sys/fs/devfs/devfs_vfsops.c +++ b/sys/fs/devfs/devfs_vfsops.c @@ -88,6 +88,7 @@ devfs_nmount(mp, ndp, td) #ifdef MAC mp->mnt_flag |= MNT_MULTILABEL; #endif + fmp->dm_mount = mp; mp->mnt_data = (qaddr_t) fmp; vfs_getnewfsid(mp); @@ -96,7 +97,7 @@ devfs_nmount(mp, ndp, td) fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL); fmp->dm_rootdir->de_inode = 2; #ifdef MAC - mac_create_devfs_directory("", 0, fmp->dm_rootdir); + mac_create_devfs_directory(mp, "", 0, fmp->dm_rootdir); #endif fmp->dm_basedir = fmp->dm_rootdir; devfs_rules_newmount(fmp, td); diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index f7b99d5..844d6bc 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -832,7 +832,7 @@ devfs_setlabel(ap) de = vp->v_data; mac_relabel_vnode(ap->a_cred, vp, ap->a_label); - mac_update_devfsdirent(de, vp); + mac_update_devfsdirent(vp->v_mount, de, vp); return (0); } @@ -869,7 +869,7 @@ devfs_symlink(ap) bcopy(ap->a_target, de->de_symlink, i); lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread); #ifdef MAC - mac_create_devfs_symlink(ap->a_cnp->cn_cred, dd, de); + mac_create_devfs_symlink(ap->a_cnp->cn_cred, dmp->dm_mount, dd, de); #endif TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0); diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 10fe51d..257d131 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index b03a172..18399f7 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -171,18 +171,20 @@ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); -void mac_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *de); -void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, +void mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de); +void mac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de); +void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); void mac_create_root_mount(struct ucred *cred, struct mount *mp); void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel); -void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp); /* * Labeling event operations: IPC objects. diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 454e6c6..825e45c 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -142,13 +142,15 @@ struct mac_policy_ops { void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, - struct label *label); - void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, + void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev, struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, + struct label *label); void (*mpo_create_devfs_symlink)(struct ucred *cred, - struct devfs_dirent *dd, struct label *ddlabel, - struct devfs_dirent *de, struct label *delabel); + struct mount *mp, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel); int (*mpo_create_vnode_extattr)(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *dvp, struct label *dlabel, @@ -163,7 +165,8 @@ struct mac_policy_ops { int (*mpo_setlabel_vnode_extattr)(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct label *intlabel); - void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + void (*mpo_update_devfsdirent)(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 10fe51d..257d131 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index d342d5f..74a279e 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -800,8 +800,8 @@ mac_biba_copy_label(struct label *src, struct label *dest) * a lot like file system objects. */ static void -mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_biba_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_biba *mac_biba; int biba_type; @@ -822,8 +822,8 @@ mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, } static void -mac_biba_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_biba_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_biba *mac_biba; @@ -832,8 +832,9 @@ mac_biba_create_devfs_directory(char *dirname, int dirnamelen, } static void -mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_biba *source, *dest; @@ -882,8 +883,9 @@ mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, } static void -mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_biba_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { struct mac_biba *source, *dest; diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 48d1880..a531f25 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -943,8 +943,8 @@ mac_lomac_copy_label(struct label *src, struct label *dest) * a lot like file system objects. */ static void -mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_lomac_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_lomac *mac_lomac; int lomac_type; @@ -966,8 +966,8 @@ mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, } static void -mac_lomac_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_lomac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_lomac *mac_lomac; @@ -976,8 +976,9 @@ mac_lomac_create_devfs_directory(char *dirname, int dirnamelen, } static void -mac_lomac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_lomac *source, *dest; @@ -1026,8 +1027,9 @@ mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp, } static void -mac_lomac_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_lomac_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { struct mac_lomac *source, *dest; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index b42c1e4..df81135 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -766,8 +766,8 @@ mac_mls_copy_label(struct label *src, struct label *dest) * a lot like file system objects. */ static void -mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_mls_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_mls *mac_mls; int mls_type; @@ -791,8 +791,8 @@ mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, } static void -mac_mls_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_mls_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_mls *mac_mls; @@ -801,8 +801,9 @@ mac_mls_create_devfs_directory(char *dirname, int dirnamelen, } static void -mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_mls *source, *dest; @@ -851,8 +852,9 @@ mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, } static void -mac_mls_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_mls_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { struct mac_mls *source, *dest; diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index 0550793..99440db 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -169,22 +169,23 @@ mac_none_associate_vnode_singlelabel(struct mount *mp, } static void -mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_none_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_none_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_none_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } @@ -228,8 +229,9 @@ mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, } static void -mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_none_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { } diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 0550793..99440db 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -169,22 +169,23 @@ mac_none_associate_vnode_singlelabel(struct mount *mp, } static void -mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_none_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_none_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_none_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } @@ -228,8 +229,9 @@ mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, } static void -mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_none_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { } diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 0dc09a9..26f6a55 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -518,22 +518,23 @@ mac_test_associate_vnode_singlelabel(struct mount *mp, } static void -mac_test_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_test_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_test_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_test_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } @@ -577,8 +578,9 @@ mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, } static void -mac_test_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_test_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { } diff --git a/sys/sys/mac.h b/sys/sys/mac.h index b03a172..18399f7 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -171,18 +171,20 @@ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); -void mac_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *de); -void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, +void mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de); +void mac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de); +void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct devfs_dirent *de); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); void mac_create_root_mount(struct ucred *cred, struct mount *mp); void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel); -void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp); /* * Labeling event operations: IPC objects. diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index 454e6c6..825e45c 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -142,13 +142,15 @@ struct mac_policy_ops { void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, - struct label *label); - void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, + void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev, struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, + struct label *label); void (*mpo_create_devfs_symlink)(struct ucred *cred, - struct devfs_dirent *dd, struct label *ddlabel, - struct devfs_dirent *de, struct label *delabel); + struct mount *mp, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel); int (*mpo_create_vnode_extattr)(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *dvp, struct label *dlabel, @@ -163,7 +165,8 @@ struct mac_policy_ops { int (*mpo_setlabel_vnode_extattr)(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct label *intlabel); - void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + void (*mpo_update_devfsdirent)(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); |
