From b246ee0a3cced8c39f5aaa8505242e775d93e8c4 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Thu, 1 Aug 2002 22:23:02 +0000
Subject: Introduce support for Mandatory Access Control and extensible kernel
 access control.

Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module.  In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/compat/linux/linux_stats.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'sys/compat/linux/linux_stats.c')

diff --git a/sys/compat/linux/linux_stats.c b/sys/compat/linux/linux_stats.c
index 9da9323..5ceb22a 100644
--- a/sys/compat/linux/linux_stats.c
+++ b/sys/compat/linux/linux_stats.c
@@ -28,12 +28,15 @@
  * $FreeBSD$
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/dirent.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/proc.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
 #include <sys/stat.h>
@@ -247,6 +250,11 @@ linux_statfs(struct thread *td, struct linux_statfs_args *args)
 	mp = ndp->ni_vp->v_mount;
 	bsd_statfs = &mp->mnt_stat;
 	vrele(ndp->ni_vp);
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error)
+		return (error);
+#endif
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error)
 		return error;
@@ -282,6 +290,13 @@ linux_fstatfs(struct thread *td, struct linux_fstatfs_args *args)
 	if (error)
 		return error;
 	mp = ((struct vnode *)fp->f_data)->v_mount;
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error) {
+		fdrop(fp, td);
+		return (error);
+	}
+#endif
 	bsd_statfs = &mp->mnt_stat;
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error) {
@@ -344,6 +359,11 @@ linux_ustat(struct thread *td, struct linux_ustat_args *args)
 	if (vfinddev(dev, VCHR, &vp)) {
 		if (vp->v_mount == NULL)
 			return (EINVAL);
+#ifdef MAC
+		error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+		if (error)
+			return (error);
+#endif
 		stat = &(vp->v_mount->mnt_stat);
 		error = VFS_STATFS(vp->v_mount, stat, td);
 		if (error)
-- 
cgit v1.1