Attachment #155932 for bug #199654

View | Details | Raw Unified | Return to bug 199654
Collapse All | Expand All

Lines 164-171 linux_getcwd_scandir(lvpp, uvpp, bpp, bufp, td) Link Here

(-)b/sys/compat/linux/linux_getcwd.c (-1 / +5 lines)
164	#ifdef MAC	164	#ifdef MAC
165	error = mac_vnode_check_lookup(td->td_ucred, lvp, &cn);	165	error = mac_vnode_check_lookup(td->td_ucred, lvp, &cn);
166	if (error == 0)	166	if (error == 0)
167	#endif	167	#endif /* MAC */
168	error = VOP_LOOKUP(lvp, uvpp, &cn);	168	error = VOP_LOOKUP(lvp, uvpp, &cn);
		169	#ifdef MAC
		170	if (error == 0)
		171	mac_vnode_post_lookup(td->td_ucred, lvp, &cn, *uvpp);
		172	#endif /* MAC */
169	if (error) {	173	if (error) {
170	vput(lvp);	174	vput(lvp);
171	*lvpp = NULL;	175	*lvpp = NULL;

Lines 538-543 restart: Link Here

(-)b/sys/kern/uipc_usrreq.c (+4 lines)
538	if (error == 0)	538	if (error == 0)
539	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	539	error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
540	NDFREE(&nd, NDF_ONLY_PNBUF);	540	NDFREE(&nd, NDF_ONLY_PNBUF);
		541	#ifdef MAC
		542	if (error == 0)
		543	mac_vnode_post_create(td->td_ucred, nd.ni_dvp, nd.ni_vp, &nd.ni_cnd, &vattr);
		544	#endif
541	vput(nd.ni_dvp);	545	vput(nd.ni_dvp);
542	if (error) {	546	if (error) {
543	vn_finished_write(mp);	547	vn_finished_write(mp);

Lines 757-762 unionlookup: Link Here

(-)b/sys/kern/vfs_lookup.c (+8 lines)
757	goto success;	757	goto success;
758	} else	758	} else
759	cnp->cn_lkflags = lkflags_save;	759	cnp->cn_lkflags = lkflags_save;
		760
		761	#ifdef MAC
		762	if ((cnp->cn_flags & NOMACCHECK) == 0) {
		763	mac_vnode_post_lookup(cnp->cn_thread->td_ucred, dp,
		764	cnp, ndp->ni_vp);
		765	}
		766	#endif
		767
760	#ifdef NAMEI_DIAGNOSTIC	768	#ifdef NAMEI_DIAGNOSTIC
761	printf("found\n");	769	printf("found\n");
762	#endif	770	#endif

Lines 1334-1341 restart: Link Here

(-)b/sys/kern/vfs_syscalls.c (-3 / +26 lines)
1334	else {	1334	else {
1335	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,	1335	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
1336	&nd.ni_cnd, &vattr);	1336	&nd.ni_cnd, &vattr);
1337	if (error == 0)	1337	if (error == 0) {
		1338	#ifdef MAC
		1339	mac_vnode_post_create(td->td_ucred,
		1340	nd.ni_dvp, nd.ni_vp,
		1341	&nd.ni_cnd, &vattr);
		1342	#endif
1338	vput(nd.ni_vp);	1343	vput(nd.ni_vp);
		1344	}
1339	}	1345	}
1340	}	1346	}
1341	NDFREE(&nd, NDF_ONLY_PNBUF);	1347	NDFREE(&nd, NDF_ONLY_PNBUF);
Lines 1425-1432 restart: Link Here
1425	goto out;	1431	goto out;
1426	#endif	1432	#endif
1427	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	1433	error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
1428	if (error == 0)	1434	if (error == 0) {
		1435	#ifdef MAC
		1436	mac_vnode_post_create(td->td_ucred,
		1437	nd.ni_dvp, nd.ni_vp,
		1438	&nd.ni_cnd, &vattr);
		1439	#endif
1429	vput(nd.ni_vp);	1440	vput(nd.ni_vp);
		1441	}
1430	#ifdef MAC	1442	#ifdef MAC
1431	out:	1443	out:
1432	#endif	1444	#endif
Lines 1694-1701 restart: Link Here
1694	goto out2;	1706	goto out2;
1695	#endif	1707	#endif
1696	error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);	1708	error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
1697	if (error == 0)	1709	if (error == 0) {
		1710	#ifdef MAC
		1711	mac_vnode_post_create(td->td_ucred,
		1712	nd.ni_dvp, nd.ni_vp,
		1713	&nd.ni_cnd, &vattr);
		1714	#endif
1698	vput(nd.ni_vp);	1715	vput(nd.ni_vp);
		1716	}
1699	#ifdef MAC	1717	#ifdef MAC
1700	out2:	1718	out2:
1701	#endif	1719	#endif
Lines 3755-3760 restart: Link Here
3755	#endif	3773	#endif
3756	error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);	3774	error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
3757	#ifdef MAC	3775	#ifdef MAC
		3776	if (error == 0) {
		3777	mac_vnode_post_create(td->td_ucred,
		3778	nd.ni_dvp, nd.ni_vp,
		3779	&nd.ni_cnd, &vattr);
		3780	}
3758	out:	3781	out:
3759	#endif	3782	#endif
3760	NDFREE(&nd, NDF_ONLY_PNBUF);	3783	NDFREE(&nd, NDF_ONLY_PNBUF);

Lines 226-231 restart: Link Here

(-)b/sys/kern/vfs_vnops.c (+5 lines)
226	#endif	226	#endif
227	error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp,	227	error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp,
228	&ndp->ni_cnd, vap);	228	&ndp->ni_cnd, vap);
		229	#ifdef MAC
		230	if (error == 0)
		231	mac_vnode_post_create(cred, ndp->ni_dvp, ndp->ni_vp,
		232	&ndp->ni_cnd, vap);
		233	#endif
229	vput(ndp->ni_dvp);	234	vput(ndp->ni_dvp);
230	vn_finished_write(mp);	235	vn_finished_write(mp);
231	if (error) {	236	if (error) {

Lines 379-384 int mac_vnode_check_chdir(struct ucred cred, struct vnode dvp); Link Here

(-)b/sys/security/mac/mac_framework.h (+5 lines)
379	int mac_vnode_check_chroot(struct ucred cred, struct vnode dvp);	379	int mac_vnode_check_chroot(struct ucred cred, struct vnode dvp);
380	int mac_vnode_check_create(struct ucred cred, struct vnode dvp,	380	int mac_vnode_check_create(struct ucred cred, struct vnode dvp,
381	struct componentname cnp, struct vattr vap);	381	struct componentname cnp, struct vattr vap);
		382	void mac_vnode_post_create(struct ucred cred, struct vnode dvp,
		383	struct vnode vp, struct componentname cnp,
		384	struct vattr *vap);
382	int mac_vnode_check_deleteacl(struct ucred cred, struct vnode vp,	385	int mac_vnode_check_deleteacl(struct ucred cred, struct vnode vp,
383	acl_type_t type);	386	acl_type_t type);
384	int mac_vnode_check_deleteextattr(struct ucred cred, struct vnode vp,	387	int mac_vnode_check_deleteextattr(struct ucred cred, struct vnode vp,
Lines 395-400 int mac_vnode_check_listextattr(struct ucred cred, struct vnode vp, Link Here
395	int attrnamespace);	398	int attrnamespace);
396	int mac_vnode_check_lookup(struct ucred cred, struct vnode dvp,	399	int mac_vnode_check_lookup(struct ucred cred, struct vnode dvp,
397	struct componentname *cnp);	400	struct componentname *cnp);
		401	void mac_vnode_post_lookup(struct ucred cred, struct vnode dvp,
		402	struct componentname cnp, struct vnode vp);
398	int mac_vnode_check_mmap(struct ucred cred, struct vnode vp, int prot,	403	int mac_vnode_check_mmap(struct ucred cred, struct vnode vp, int prot,
399	int flags);	404	int flags);
400	int mac_vnode_check_mprotect(struct ucred cred, struct vnode vp,	405	int mac_vnode_check_mprotect(struct ucred cred, struct vnode vp,

Lines 559-564 typedef int (mpo_vnode_check_chroot_t)(struct ucred cred, Link Here

(-)b/sys/security/mac/mac_policy.h (+10 lines)
559	typedef int (mpo_vnode_check_create_t)(struct ucred cred,	559	typedef int (mpo_vnode_check_create_t)(struct ucred cred,
560	struct vnode dvp, struct label dvplabel,	560	struct vnode dvp, struct label dvplabel,
561	struct componentname cnp, struct vattr vap);	561	struct componentname cnp, struct vattr vap);
		562	typedef void (mpo_vnode_post_create_t)(struct ucred cred,
		563	struct vnode dvp, struct label dvplabel,
		564	struct vnode vp, struct label vplabel,
		565	struct componentname cnp, struct vattr vap);
562	typedef int (mpo_vnode_check_deleteacl_t)(struct ucred cred,	566	typedef int (mpo_vnode_check_deleteacl_t)(struct ucred cred,
563	struct vnode vp, struct label vplabel,	567	struct vnode vp, struct label vplabel,
564	acl_type_t type);	568	acl_type_t type);
Lines 584-589 typedef int (mpo_vnode_check_listextattr_t)(struct ucred cred, Link Here
584	typedef int (mpo_vnode_check_lookup_t)(struct ucred cred,	588	typedef int (mpo_vnode_check_lookup_t)(struct ucred cred,
585	struct vnode dvp, struct label dvplabel,	589	struct vnode dvp, struct label dvplabel,
586	struct componentname *cnp);	590	struct componentname *cnp);
		591	typedef void (mpo_vnode_post_lookup_t)(struct ucred cred,
		592	struct vnode dvp, struct label dvplabel,
		593	struct componentname cnp, struct vnode vp,
		594	struct label *vplabel);
587	typedef int (mpo_vnode_check_mmap_t)(struct ucred cred,	595	typedef int (mpo_vnode_check_mmap_t)(struct ucred cred,
588	struct vnode vp, struct label label, int prot,	596	struct vnode vp, struct label label, int prot,
589	int flags);	597	int flags);
Lines 921-926 struct mac_policy_ops { Link Here
921	mpo_vnode_check_chdir_t mpo_vnode_check_chdir;	929	mpo_vnode_check_chdir_t mpo_vnode_check_chdir;
922	mpo_vnode_check_chroot_t mpo_vnode_check_chroot;	930	mpo_vnode_check_chroot_t mpo_vnode_check_chroot;
923	mpo_vnode_check_create_t mpo_vnode_check_create;	931	mpo_vnode_check_create_t mpo_vnode_check_create;
		932	mpo_vnode_post_create_t mpo_vnode_post_create;
924	mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl;	933	mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl;
925	mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr;	934	mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr;
926	mpo_vnode_check_exec_t mpo_vnode_check_exec;	935	mpo_vnode_check_exec_t mpo_vnode_check_exec;
Lines 929-934 struct mac_policy_ops { Link Here
929	mpo_vnode_check_link_t mpo_vnode_check_link;	938	mpo_vnode_check_link_t mpo_vnode_check_link;
930	mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr;	939	mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr;
931	mpo_vnode_check_lookup_t mpo_vnode_check_lookup;	940	mpo_vnode_check_lookup_t mpo_vnode_check_lookup;
		941	mpo_vnode_post_lookup_t mpo_vnode_post_lookup;
932	mpo_vnode_check_mmap_t mpo_vnode_check_mmap;	942	mpo_vnode_check_mmap_t mpo_vnode_check_mmap;
933	mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade;	943	mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade;
934	mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect;	944	mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect;

Lines 434-439 mac_vnode_check_create(struct ucred cred, struct vnode dvp, Link Here

(-)b/sys/security/mac/mac_vfs.c (+28 lines)
434	return (error);	434	return (error);
435	}	435	}
436		436
		437	void
		438	mac_vnode_post_create(struct ucred cred, struct vnode dvp, struct vnode *vp,
		439	struct componentname cnp, struct vattr vap)
		440	{
		441	ASSERT_VOP_LOCKED(dvp, "mac_vnode_post_create");
		442	ASSERT_VOP_LOCKED(vp, "mac_vnode_post_create");
		443
		444	MAC_POLICY_PERFORM(vnode_post_create, cred,
		445	dvp, dvp->v_label,
		446	vp, vp->v_label,
		447	cnp, vap);
		448
		449	return;
		450	}
		451
437	MAC_CHECK_PROBE_DEFINE3(vnode_check_deleteacl, "struct ucred *",	452	MAC_CHECK_PROBE_DEFINE3(vnode_check_deleteacl, "struct ucred *",
438	"struct vnode *", "acl_type_t");	453	"struct vnode *", "acl_type_t");
439		454
Lines 578-583 mac_vnode_check_lookup(struct ucred cred, struct vnode dvp, Link Here
578	return (error);	593	return (error);
579	}	594	}
580		595
		596	void
		597	mac_vnode_post_lookup(struct ucred cred, struct vnode dvp,
		598	struct componentname cnp, struct vnode vp)
		599	{
		600	ASSERT_VOP_LOCKED(dvp, "mac_vnode_post_lookup");
		601	ASSERT_VOP_LOCKED(vp, "mac_vnode_post_lookup");
		602
		603	MAC_POLICY_PERFORM(vnode_post_lookup, cred, dvp, dvp->v_label, cnp,
		604	vp, vp->v_label);
		605
		606	return;
		607	}
		608
581	MAC_CHECK_PROBE_DEFINE4(vnode_check_mmap, "struct ucred ", "struct vnode ",	609	MAC_CHECK_PROBE_DEFINE4(vnode_check_mmap, "struct ucred ", "struct vnode ",
582	"int", "int");	610	"int", "int");
583		611

Return to bug 199654