PERFORCE change 18427 for review

Robert Watson rwatson at freebsd.org
Tue Oct 1 02:10:17 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18427

Change 18427 by rwatson at rwatson_paprika on 2002/09/30 19:09:27

	Target vp in VOP_LINK() is now locked at the cross-filesystem
	layer, so uncomment the passing of vp into the policies and
	implement checks using the target vp in policies.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#284 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#120 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#54 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#100 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#80 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#284 (text+ko) ====

@@ -2221,9 +2221,7 @@
 	 * provide it as the link argument.
 	 */
 	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_lookup");
-#if 0
 	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_lookup");
-#endif
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2232,19 +2230,12 @@
 	if (error)
 		return (error);
 
-#if 0
 	error = vn_refreshlabel(vp, cred);
 	if (error)
 		return (error);
-#endif
 
-#if 0
 	MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp,
 	    &vp->v_label, cnp);
-#else
-	MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, NULL, NULL,
-	    cnp);
-#endif
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#120 (text+ko) ====

@@ -1942,12 +1942,10 @@
 	if (!mac_biba_dominate_single(subj, obj))
 		return (EACCES);
 
-#if 0
 	obj = SLOT(label);
  
 	if (!mac_biba_dominate_single(subj, obj))
 		return (EACCES);
-#endif
 
 	return (0);   
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#54 (text+ko) ====

@@ -462,14 +462,12 @@
 	if (error)
 		return (error);
 
-#if 0
 	error = VOP_GETATTR(vp, &vap, cred, curthread);
 	if (error)
 		return (error);
 	error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE);
 	if (error)
 		return (error);
-#endif
 	return (0);
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#100 (text+ko) ====

@@ -1905,11 +1905,9 @@
 	if (!mac_mls_dominate_single(obj, subj))
 		return (EACCES);
 
-#if 0
 	obj = SLOT(dlabel);
 	if (!mac_mls_dominate_single(obj, subj))
 		return (EACCES);
-#endif
 
 	return (0);   
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#80 (text+ko) ====

@@ -1162,16 +1162,14 @@
 	    MAC_TE_OPERATION_DIR_WRITE);
 	if (error)
 		return (error);
-#if 0
 	switch (vp->v_type) {
 	case VLNK:
 		return (mac_te_check(&cred->cr_label, label,
 		    MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_LINK));
 	default:
-		return (mac_te_check(&cred->cr_labl, label,
+		return (mac_te_check(&cred->cr_label, label,
 		    MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_LINK));
 	}
-#endif
 
 	return (error);
 }
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list