diff options
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 2 | ||||
-rw-r--r-- | sys/fs/procfs/procfs.c | 1 | ||||
-rw-r--r-- | sys/fs/procfs/procfs.h | 3 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_mac.c | 68 | ||||
-rw-r--r-- | sys/fs/pseudofs/pseudofs.h | 10 | ||||
-rw-r--r-- | sys/fs/pseudofs/pseudofs_vnops.c | 47 |
6 files changed, 1 insertions, 130 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 869a20f..f7b99d5 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -167,7 +167,7 @@ loop: de->de_vnode = vp; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - mac_create_devfs_vnode(de, vp); + mac_associate_vnode_devfs(mp, de, vp); #endif *vpp = vp; return (0); diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c index e99653a..f6cab6a 100644 --- a/sys/fs/procfs/procfs.c +++ b/sys/fs/procfs/procfs.c @@ -153,7 +153,6 @@ procfs_init(PFS_INIT_ARGS) dir = pfs_create_dir(root, "pid", procfs_attr, NULL, PFS_PROCDEP); - dir->pn_refreshlabel = procfs_piddir_refreshlabel; pfs_create_file(dir, "cmdline", procfs_doproccmdline, NULL, NULL, PFS_RD); pfs_create_file(dir, "ctl", procfs_doprocctl, diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h index 61f6e954..4baaf50 100644 --- a/sys/fs/procfs/procfs.h +++ b/sys/fs/procfs/procfs.h @@ -61,9 +61,6 @@ int procfs_close(PFS_CLOSE_ARGS); /* Attributes */ int procfs_attr(PFS_ATTR_ARGS); -/* MAC */ -int procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS); - /* Visibility */ int procfs_notsystem(PFS_VIS_ARGS); int procfs_candebug(PFS_VIS_ARGS); diff --git a/sys/fs/procfs/procfs_mac.c b/sys/fs/procfs/procfs_mac.c deleted file mode 100644 index ea5c9f5..0000000 --- a/sys/fs/procfs/procfs_mac.c +++ /dev/null @@ -1,68 +0,0 @@ -/*- - * Copyright (c) 2002 Network Associates Technology, Inc. - * All rights reserved. - * - * This software was developed in part by NAI Labs, the Security Research - * Division of Network Associates, Inc. under DARPA/SPAWAR contract - * N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include "opt_mac.h" - -#include <sys/param.h> -#include <sys/lock.h> -#include <sys/mac.h> -#include <sys/mount.h> -#include <sys/mutex.h> -#include <sys/proc.h> -#include <sys/systm.h> -#include <sys/ucred.h> -#include <sys/vnode.h> - -#include <fs/pseudofs/pseudofs.h> -#include <fs/procfs/procfs.h> - -int -procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS) -{ -#ifdef MAC - - if (p == NULL) - mac_update_vnode_from_mount(vp, vp->v_mount); - else { - PROC_LOCK(p); - mac_update_procfsvnode(vp, p->p_ucred); - PROC_UNLOCK(p); - } - - return (0); -#else - return (EOPNOTSUPP); -#endif -} diff --git a/sys/fs/pseudofs/pseudofs.h b/sys/fs/pseudofs/pseudofs.h index c7a64dd..2b9d01b 100644 --- a/sys/fs/pseudofs/pseudofs.h +++ b/sys/fs/pseudofs/pseudofs.h @@ -145,15 +145,6 @@ struct ucred; typedef int (*pfs_getextattr_t)(PFS_GETEXTATTR_ARGS); /* - * Getlabel callback - */ -#define PFS_REFRESHLABEL_ARGS \ - struct thread *td, struct proc *p, struct vnode *vp, \ - struct pfs_node *pn, struct ucred *cred -struct mac; -typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS); - -/* * Last-close callback */ #define PFS_CLOSE_ARGS \ @@ -194,7 +185,6 @@ struct pfs_node { pfs_attr_t pn_attr; pfs_vis_t pn_vis; pfs_getextattr_t pn_getextattr; - pfs_refreshlabel_t pn_refreshlabel; void *pn_data; int pn_flags; diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index 932adc0..b797aeb 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -28,8 +28,6 @@ * $FreeBSD$ */ -#include "opt_mac.h" - #include <sys/param.h> #include <sys/kernel.h> #include <sys/systm.h> @@ -37,7 +35,6 @@ #include <sys/dirent.h> #include <sys/fcntl.h> #include <sys/lock.h> -#include <sys/mac.h> #include <sys/mount.h> #include <sys/mutex.h> #include <sys/namei.h> @@ -732,50 +729,6 @@ pfs_reclaim(struct vop_reclaim_args *va) return (pfs_vncache_free(va->a_vp)); } -#ifdef MAC -/* - * Refresh the vnode label as appropriate for the pseudo-file system. - */ -static int -pfs_refreshlabel(struct vop_refreshlabel_args *va) -{ - struct vnode *vn = va->a_vp; - struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data; - struct pfs_node *pn = pvd->pvd_pn; - struct proc *proc = NULL; - int error; - - PFS_TRACE((pd->pn_name)); - - if (pn->pn_refreshlabel == NULL) { - mac_update_vnode_from_mount(vn, vn->v_mount); - return (0); - } - - /* - * This is necessary because either process' privileges may - * have changed since the last open() call. - */ - if (!pfs_visible(curthread, pn, pvd->pvd_pid)) - PFS_RETURN (EIO); - - /* XXX duplicate bits of pfs_visible() */ - if (pvd->pvd_pid != NO_PID) { - if ((proc = pfind(pvd->pvd_pid)) == NULL) - PFS_RETURN (EIO); - _PHOLD(proc); - PROC_UNLOCK(proc); - } - - error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred); - - if (proc != NULL) - PRELE(proc); - - PFS_RETURN (error); -} -#endif - /* * Set attributes */ |