From 97ad1768f7183226cbe25a8f99219ef3cc582de9 Mon Sep 17 00:00:00 2001 From: rwatson Date: Mon, 12 Aug 2002 01:16:55 +0000 Subject: Teach the OSF/1 emulation layer a little more about mandatory access control: perform checks during OSF/1 statfs()-related calls by invoking mac_check_mount_stat(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs --- sys/alpha/osf1/osf1_mount.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'sys') diff --git a/sys/alpha/osf1/osf1_mount.c b/sys/alpha/osf1/osf1_mount.c index faa9178..0a1347a 100644 --- a/sys/alpha/osf1/osf1_mount.c +++ b/sys/alpha/osf1/osf1_mount.c @@ -32,6 +32,7 @@ * $FreeBSD$ */ +#include "opt_mac.h" #include "opt_nfs.h" #include @@ -42,6 +43,7 @@ #include #include #include +#include #include #include #include @@ -131,6 +133,11 @@ osf1_statfs(td, uap) mp = nd.ni_vp->v_mount; sp = &mp->mnt_stat; vrele(nd.ni_vp); +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) + return (error); +#endif if ((error = VFS_STATFS(mp, sp, td))) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; @@ -153,6 +160,13 @@ osf1_fstatfs(td, uap) if ((error = getvnode(td->td_proc->p_fd, SCARG(uap, fd), &fp))) return (error); mp = ((struct vnode *)fp->f_data)->v_mount; +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) { + fdrop(fp, td); + return (error); + } +#endif sp = &mp->mnt_stat; error = VFS_STATFS(mp, sp, td); fdrop(fp, td); @@ -183,6 +197,11 @@ osf1_getfsstat(td, uap) for (count = 0, mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) { nmp = TAILQ_NEXT(mp, mnt_list); if (osf_sfsp && count < maxcount) { +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) + continue; +#endif sp = &mp->mnt_stat; /* * If OSF1_MNT_NOWAIT is specified, do not refresh the -- cgit v1.1