PERFORCE change 223013 for review
Robert Watson
rwatson at FreeBSD.org
Mon Mar 18 16:00:22 UTC 2013
http://p4web.freebsd.org/@@223013?ac=10
Change 223013 by rwatson at rwatson_cinnamon on 2013/03/18 16:00:18
Add a second TESLA assertion relating to MAC enforcement on vnode
operations. Modify the existing assertion to use 'vp' instead of
'ap->a_vp' as currently only variables, not more complex
expressions, are permitted. Would be useful to fix this.
Affected files ...
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#3 edit
Differences ...
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#3 (text+ko) ====
@@ -408,7 +408,15 @@
#endif
}
+#ifdef TESLA
/*
+ * XXXRW: It would be nice if we didn't have to do this.
+ */
+#include <security/mac/mac_framework.h>
+void trap(struct trapframe *frame);
+#endif
+
+/*
* Vnode op for reading.
*/
static int
@@ -434,6 +442,9 @@
int ioflag;
vp = ap->a_vp;
+ TESLA_WITHIN(trap, previously(mac_vnode_check_read(ANY(ptr), ANY(ptr),
+ vp) == 0));
+
uio = ap->a_uio;
ioflag = ap->a_ioflag;
if (ap->a_ioflag & IO_EXT)
@@ -646,10 +657,10 @@
int seqcount;
int blkoffset, error, flags, ioflag, size, xfersize;
- TESLA_WITHIN(trap, previously(mac_check_vnode_write(ANY(ptr), ANY(ptr),
- ap->a_vp)));
+ vp = ap->a_vp;
+ TESLA_WITHIN(trap, previously(mac_vnode_check_write(ANY(ptr),
+ ANY(ptr), vp) == 0));
- vp = ap->a_vp;
uio = ap->a_uio;
ioflag = ap->a_ioflag;
if (ap->a_ioflag & IO_EXT)
More information about the p4-projects
mailing list