summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_framework.h4
-rw-r--r--sys/security/mac/mac_policy.h6
-rw-r--r--sys/security/mac/mac_vfs.c9
-rw-r--r--sys/security/mac_biba/mac_biba.c4
-rw-r--r--sys/security/mac_lomac/mac_lomac.c4
-rw-r--r--sys/security/mac_mls/mac_mls.c4
-rw-r--r--sys/security/mac_stub/mac_stub.c4
-rw-r--r--sys/security/mac_test/mac_test.c7
8 files changed, 27 insertions, 15 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 810c320..e21edec 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -200,8 +200,8 @@ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp);
int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void mac_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *de);
+void mac_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de);
void mac_create_devfs_directory(struct mount *mp, char *dirname,
int dirnamelen, struct devfs_dirent *de);
void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 6f10638..506f7d0 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -11,6 +11,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -191,7 +194,8 @@ struct mac_policy_ops {
void (*mpo_associate_vnode_singlelabel)(struct mount *mp,
struct label *fslabel, struct vnode *vp,
struct label *vlabel);
- void (*mpo_create_devfs_device)(struct mount *mp, struct cdev *dev,
+ void (*mpo_create_devfs_device)(struct ucred *cred,
+ struct mount *mp, struct cdev *dev,
struct devfs_dirent *de, struct label *label);
void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname,
int dirnamelen, struct devfs_dirent *de,
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index acf21a5..647697b 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -2,6 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 McAfee, Inc.
+ * Copyright (c) 2005 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -12,6 +13,9 @@
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -939,10 +943,11 @@ mac_check_mount_stat(struct ucred *cred, struct mount *mount)
}
void
-mac_create_devfs_device(struct mount *mp, struct cdev *dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de)
{
- MAC_PERFORM(create_devfs_device, mp, dev, de, de->de_label);
+ MAC_PERFORM(create_devfs_device, cred, mp, dev, de, de->de_label);
}
void
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 8faf806..8d5e9db 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -780,8 +780,8 @@ mac_biba_copy_label(struct label *src, struct label *dest)
* a lot like file system objects.
*/
static void
-mac_biba_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *devfs_dirent, struct label *label)
+mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
{
struct mac_biba *mac_biba;
int biba_type;
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 1a090ec..cb2ebdf 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -900,8 +900,8 @@ mac_lomac_copy_label(struct label *src, struct label *dest)
* a lot like file system objects.
*/
static void
-mac_lomac_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *devfs_dirent, struct label *label)
+mac_lomac_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
{
struct mac_lomac *mac_lomac;
int lomac_type;
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index a6c1511..1599cc0 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -746,8 +746,8 @@ mac_mls_copy_label(struct label *src, struct label *dest)
* a lot like file system objects.
*/
static void
-mac_mls_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *devfs_dirent, struct label *label)
+mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
{
struct mac_mls *mac_mls;
int mls_type;
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index f22a48a..8a520a1 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -187,8 +187,8 @@ stub_associate_vnode_singlelabel(struct mount *mp,
}
static void
-stub_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *devfs_dirent, struct label *label)
+stub_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
{
}
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 312287e..3c51215 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -865,10 +865,13 @@ mac_test_associate_vnode_singlelabel(struct mount *mp,
}
static void
-mac_test_create_devfs_device(struct mount *mp, struct cdev *dev,
- struct devfs_dirent *devfs_dirent, struct label *label)
+mac_test_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
{
+ if (cred != NULL) {
+ ASSERT_CRED_LABEL(cred->cr_label);
+ }
ASSERT_DEVFS_LABEL(label);
}
OpenPOWER on IntegriCloud