PERFORCE change 231264 for review

[Brooks Davis]

http://p4web.freebsd.org/@@231264?ac=10

Change 231264 by brooks at brooks_zenith on 2013/07/18 21:36:08

	When we read, write, or truncate a file via most applicable
	syscalls, ensure that we checked for the correct capability when
	translating from file descriptor to struct file.

Affected files ...

.. //depot/projects/ctsrd/tesla/src/sys/kern/vfs_vnops.c#3 edit

Differences ...

==== //depot/projects/ctsrd/tesla/src/sys/kern/vfs_vnops.c#3 (text+ko) ====

@@ -68,10 +68,16 @@
 #include <sys/conf.h>
 #include <sys/syslog.h>
 #include <sys/unistd.h>
+#include <sys/capability.h>
+#include <sys/syscallsubr.h>
+#include <sys/tesla-kernel.h>
 
 #include <security/audit/audit.h>
 #include <security/mac/mac_framework.h>
 
+#include <tesla-macros.h>
+#include <tesla.h>
+
 #include <vm/vm.h>
 #include <vm/vm_extern.h>
 #include <vm/pmap.h>
@@ -707,6 +713,10 @@
 	}
 	offset = uio->uio_offset;
 
+	TESLA_WITHIN(kern_readv, previously(fget_unlocked(ANY(ptr), ANY(int),
+	    bitmask(CAP_READ), ANY(int), &fp, ANY(ptr)) == 0));
+	TESLA_WITHIN(kern_preadv, previously(fget_unlocked(ANY(ptr), ANY(int),
+	    bitmask(CAP_PREAD), ANY(int), &fp, ANY(ptr)) == 0));
 #ifdef MAC
 	error = mac_vnode_check_read(active_cred, fp->f_cred, vp);
 	if (error == 0)
@@ -812,6 +822,10 @@
 	}
 	offset = uio->uio_offset;
 
+	TESLA_WITHIN(kern_writev, previously(fget_unlocked(ANY(ptr), ANY(int),
+	    bitmask(CAP_WRITE), ANY(int), &fp, ANY(ptr)) == 0));
+	TESLA_WITHIN(kern_pwritev, previously(fget_unlocked(ANY(ptr), ANY(int),
+	    bitmask(CAP_PWRITE), ANY(int), &fp, ANY(ptr)) == 0));
 #ifdef MAC
 	error = mac_vnode_check_write(active_cred, fp->f_cred, vp);
 	if (error == 0)
@@ -1200,6 +1214,8 @@
 	if (error)
 		goto out;
 #endif
+	TESLA_WITHIN(kern_ftruncate, previously(fget_unlocked(ANY(ptr),
+	    ANY(int), bitmask(CAP_FTRUNCATE), ANY(int), &fp, ANY(ptr)) == 0));
 	error = vn_writechk(vp);
 	if (error == 0) {
 		VATTR_NULL(&vattr);