PERFORCE change 19330 for review

Tue Oct 15 12:31:18 GMT 2002

http://perforce.freebsd.org/chv.cgi?CH=19330

Change 19330 by cvance at cvance_laptop on 2002/10/15 05:30:46

	Update permission checks for mmap functions
	Remove old, unused externalize functions

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#37 (text+ko) ====

@@ -41,6 +41,7 @@
 #include <sys/kernel.h>
 #include <sys/mac.h>
 #include <sys/malloc.h>
+#include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
@@ -980,56 +981,35 @@
 	return vnode_has_perm(cred, vp, FILE__WRITE, NULL);
 }
 
+/*
+ * Also registered for MAC_CHECK_VNODE_MPROTECT
+ */
 static int
 sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 		       struct label *label, int newmapping)
 {
-#ifdef TBD
+
 	access_vector_t av;
 	
-	/* TBD: Incomplete */
+	/*
+	 * TBD: Incomplete?
+	 * Write access only matters if the mapping is shared.
+	 */
 	if (vp) {
-		/* read access is always possible with a mapping */
 		av = FILE__READ;
 
-		/* write access only matters if the mapping is shared */
-		if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) 
+		if (newmapping & PROT_WRITE) 
 			av |= FILE__WRITE;
 
-		if (prot & PROT_EXEC) 
+		if (newmapping & PROT_EXEC) 
 			av |= FILE__EXECUTE;
 
-		return vnode_has_perm(cred, vp, av, NULL);
+		return (vnode_has_perm(cred, vp, av, NULL));
 	}
-#endif
-
 	return (0);
 }
 
 static int
-sebsd_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
-			   struct label *label, int newmapping)
-{
-	/* TBD: Not Implemented */
-	return (VM_PROT_ALL);
-}
-
-#if 0
-static int
-sebsd_externalize_vnode_oldmac(struct label *label, struct oldmac *extmac)
-{
-	/* TBD: this assumes vnodes only and only stores '5' */
-	struct vnode_security_struct *vsec;
-
-	vsec = SLOT(label);
-	if (vsec)
-		extmac->m_sebsd.ms_psid = (uint32_t)5;
-
-	return 0;
-}
-#endif
-
-static int
 sebsd_externalize_sid(security_id_t sid, struct mac_element *element,
     int *claimed)
 {
@@ -1141,10 +1121,6 @@
 	{ MAC_EXTERNALIZE_CRED_LABEL, sebsd_externalize_cred_label },
 	{ MAC_EXTERNALIZE_VNODE_LABEL, sebsd_externalize_vnode_label },
 	{ MAC_INTERNALIZE_VNODE_LABEL, sebsd_internalize_vnode_label },
-#if 0
-	{ MAC_EXTERNALIZE_VNODE_OLDMAC,
-	    (macop_t)sebsd_externalize_vnode_oldmac },
-#endif
 
 	/* Create Labels */
 	{ MAC_CREATE_CRED, 
@@ -1184,7 +1160,7 @@
 	{ MAC_CHECK_VNODE_MMAP,
 	    (macop_t)sebsd_check_vnode_mmap },
 	{ MAC_CHECK_VNODE_MPROTECT,
-	    (macop_t)sebsd_check_vnode_mprotect },
+	    (macop_t)sebsd_check_vnode_mmap },
 	{ MAC_CHECK_VNODE_OPEN,
 	    (macop_t)sebsd_check_vnode_open },
 	{ MAC_CHECK_VNODE_POLL,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

