PERFORCE change 111013 for review

Mon Dec 4 08:37:10 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=111013

Change 111013 by millert at millert_g5tower on 2006/12/04 16:31:09

	The data field of mac_file_check_ioctl() is not usable
	as it is a pointer into userspace.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_generic.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#21 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#30 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#23 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#47 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_generic.c#6 (text+ko) ====

@@ -747,8 +747,7 @@
 	}
 
 #ifdef MAC
-	error = mac_file_check_ioctl(proc_ucred(p), fp->f_fglob, uap->com,
-	    (void *)uap->data);
+	error = mac_file_check_ioctl(proc_ucred(p), fp->f_fglob, uap->com);
 	if (error)
 		goto out;
 #endif

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#9 (text+ko) ====

@@ -116,12 +116,11 @@
 }
 
 int
-mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_long cmd,
-    void *data)
+mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_long cmd)
 {
 	int error;
 
-	MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd, data);
+	MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#21 (text+ko) ====

@@ -132,7 +132,7 @@
 int	mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_inherit(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
-	    u_long com, void *data);
+	    u_long cmd);
 int	mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op,
 	    struct flock *fl);
 int	mac_file_check_mmap(struct ucred *cred, struct fileglob *fg,

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#30 (text+ko) ====

@@ -725,8 +725,7 @@
 	struct ucred *cred,
 	struct fileglob *fg,
 	struct label *label,
-	unsigned long cmd,
-	void *data
+	unsigned long cmd
 );
 /**
   @brief Access control check for file locking

==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#23 (text+ko) ====

@@ -1985,12 +1985,12 @@
 
 static int
 mac_mls_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
-    struct label *fdlabel, unsigned long com, void *data)
+    struct label *fdlabel, unsigned long com)
 {
 
 	if (!mac_mls_enabled)
 		return (0);
-	MLS_MESSAGE("file_check_ioctl:  fp %p com %d(%x) data %d(%p)\n", fp, com, data);
+	MLS_MESSAGE("file_check_ioctl:  fp %p com %d(%x)\n", fp, com);
 #warning Implement mac_mls_file_check_ioctl()
 	return (0);
 }

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#47 (text+ko) ====

@@ -3105,7 +3105,7 @@
  */
 static int
 sebsd_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
-    struct label *fglabel, u_long com, void *data)
+    struct label *fglabel, u_long com)
 {
 
 	return (file_has_perm(cred, fg, fglabel, 0));
