From f79fd8d75dd2dbf45f899ab499e2f41e29577b14 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 5 Oct 2002 18:25:48 +0000 Subject: Merge implementation of mpo_check_vnode_link() for various appropriate file-system aware MAC policies. Sync to MAC tree. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_bsdextended/mac_bsdextended.c | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'sys/security/mac_bsdextended') diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 7fae867..e6148cc 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -445,6 +445,33 @@ mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, } static int +mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(dvp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); + return (0); +} + +static int mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -715,6 +742,8 @@ static struct mac_policy_op_entry mac_bsdextended_ops[] = (macop_t)mac_bsdextended_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_bsdextended_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_bsdextended_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_bsdextended_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, -- cgit v1.1