svn commit: r189533 - in head/sys: kern security/mac
security/mac_biba security/mac_bsdextended security/mac_lomac
security/mac_mls security/mac_stub security/mac_test
Robert Watson
rwatson at FreeBSD.org
Sun Mar 8 05:32:07 PDT 2009
Author: rwatson
Date: Sun Mar 8 12:32:06 2009
New Revision: 189533
URL: http://svn.freebsd.org/changeset/base/189533
Log:
Remove 'uio' argument from MAC Framework and MAC policy entry points for
extended attribute get/set; in the case of get an uninitialized user
buffer was passed before the EA was retrieved, making it of relatively
little use; the latter was simply unused by any policies.
Obtained from: TrustedBSD Project
Sponsored by: Google, Inc.
Modified:
head/sys/kern/vfs_extattr.c
head/sys/security/mac/mac_framework.h
head/sys/security/mac/mac_policy.h
head/sys/security/mac/mac_vfs.c
head/sys/security/mac_biba/mac_biba.c
head/sys/security/mac_bsdextended/ugidfw_internal.h
head/sys/security/mac_bsdextended/ugidfw_vnode.c
head/sys/security/mac_lomac/mac_lomac.c
head/sys/security/mac_mls/mac_mls.c
head/sys/security/mac_stub/mac_stub.c
head/sys/security/mac_test/mac_test.c
Modified: head/sys/kern/vfs_extattr.c
==============================================================================
--- head/sys/kern/vfs_extattr.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/kern/vfs_extattr.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -195,7 +195,7 @@ extattr_set_vp(struct vnode *vp, int att
#ifdef MAC
error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,
- attrname, &auio);
+ attrname);
if (error)
goto done;
#endif
@@ -373,7 +373,7 @@ extattr_get_vp(struct vnode *vp, int att
#ifdef MAC
error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace,
- attrname, &auio);
+ attrname);
if (error)
goto done;
#endif
Modified: head/sys/security/mac/mac_framework.h
==============================================================================
--- head/sys/security/mac/mac_framework.h Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac/mac_framework.h Sun Mar 8 12:32:06 2009 (r189533)
@@ -85,7 +85,6 @@ struct pipepair;
struct thread;
struct timespec;
struct ucred;
-struct uio;
struct vattr;
struct vnode;
struct vop_setlabel_args;
@@ -377,7 +376,7 @@ int mac_vnode_check_exec(struct ucred *c
int mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
int mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- int attrnamespace, const char *name, struct uio *uio);
+ int attrnamespace, const char *name);
int mac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
int mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
@@ -404,7 +403,7 @@ int mac_vnode_check_revoke(struct ucred
int mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
acl_type_t type, struct acl *acl);
int mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- int attrnamespace, const char *name, struct uio *uio);
+ int attrnamespace, const char *name);
int mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
u_long flags);
int mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
Modified: head/sys/security/mac/mac_policy.h
==============================================================================
--- head/sys/security/mac/mac_policy.h Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac/mac_policy.h Sun Mar 8 12:32:06 2009 (r189533)
@@ -97,7 +97,6 @@ struct sysctl_oid;
struct sysctl_req;
struct thread;
struct ucred;
-struct uio;
struct vattr;
struct vnode;
@@ -557,7 +556,7 @@ typedef int (*mpo_vnode_check_getacl_t)(
acl_type_t type);
typedef int (*mpo_vnode_check_getextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
- int attrnamespace, const char *name, struct uio *uio);
+ int attrnamespace, const char *name);
typedef int (*mpo_vnode_check_link_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel,
@@ -606,7 +605,7 @@ typedef int (*mpo_vnode_check_setacl_t)(
struct acl *acl);
typedef int (*mpo_vnode_check_setextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
- int attrnamespace, const char *name, struct uio *uio);
+ int attrnamespace, const char *name);
typedef int (*mpo_vnode_check_setflags_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, u_long flags);
typedef int (*mpo_vnode_check_setmode_t)(struct ucred *cred,
Modified: head/sys/security/mac/mac_vfs.c
==============================================================================
--- head/sys/security/mac/mac_vfs.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac/mac_vfs.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -506,14 +506,14 @@ MAC_CHECK_PROBE_DEFINE4(vnode_check_gete
int
mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- int attrnamespace, const char *name, struct uio *uio)
+ int attrnamespace, const char *name)
{
int error;
ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getextattr");
MAC_CHECK(vnode_check_getextattr, cred, vp, vp->v_label,
- attrnamespace, name, uio);
+ attrnamespace, name);
MAC_CHECK_PROBE4(vnode_check_getextattr, error, cred, vp,
attrnamespace, name);
@@ -798,14 +798,14 @@ MAC_CHECK_PROBE_DEFINE4(vnode_check_sete
int
mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- int attrnamespace, const char *name, struct uio *uio)
+ int attrnamespace, const char *name)
{
int error;
ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setextattr");
MAC_CHECK(vnode_check_setextattr, cred, vp, vp->v_label,
- attrnamespace, name, uio);
+ attrnamespace, name);
MAC_CHECK_PROBE4(vnode_check_setextattr, error, cred, vp,
attrnamespace, name);
Modified: head/sys/security/mac_biba/mac_biba.c
==============================================================================
--- head/sys/security/mac_biba/mac_biba.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_biba/mac_biba.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -2775,8 +2775,7 @@ biba_vnode_check_getacl(struct ucred *cr
static int
biba_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_biba *subj, *obj;
@@ -3116,8 +3115,7 @@ biba_vnode_check_setacl(struct ucred *cr
static int
biba_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_biba *subj, *obj;
Modified: head/sys/security/mac_bsdextended/ugidfw_internal.h
==============================================================================
--- head/sys/security/mac_bsdextended/ugidfw_internal.h Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_bsdextended/ugidfw_internal.h Sun Mar 8 12:32:06 2009 (r189533)
@@ -72,8 +72,7 @@ int ugidfw_vnode_check_exec(struct ucred
int ugidfw_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type);
int ugidfw_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio);
+ struct label *vplabel, int attrnamespace, const char *name);
int ugidfw_vnode_check_link(struct ucred *cred, struct vnode *dvp,
struct label *dvplabel, struct vnode *vp, struct label *label,
struct componentname *cnp);
@@ -98,8 +97,7 @@ int ugidfw_vnode_check_revoke(struct ucr
int ugidfw_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
struct label *vplabel, acl_type_t type, struct acl *acl);
int ugidfw_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio);
+ struct label *vplabel, int attrnamespace, const char *name);
int ugidfw_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
struct label *vplabel, u_long flags);
int ugidfw_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
Modified: head/sys/security/mac_bsdextended/ugidfw_vnode.c
==============================================================================
--- head/sys/security/mac_bsdextended/ugidfw_vnode.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_bsdextended/ugidfw_vnode.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -127,8 +127,7 @@ ugidfw_vnode_check_getacl(struct ucred *
int
ugidfw_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
return (ugidfw_check_vp(cred, vp, MBI_READ));
@@ -236,8 +235,7 @@ ugidfw_check_setacl_vnode(struct ucred *
int
ugidfw_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
return (ugidfw_check_vp(cred, vp, MBI_WRITE));
Modified: head/sys/security/mac_lomac/mac_lomac.c
==============================================================================
--- head/sys/security/mac_lomac/mac_lomac.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_lomac/mac_lomac.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -2631,8 +2631,7 @@ lomac_vnode_check_setacl(struct ucred *c
static int
lomac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_lomac *subj, *obj;
Modified: head/sys/security/mac_mls/mac_mls.c
==============================================================================
--- head/sys/security/mac_mls/mac_mls.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_mls/mac_mls.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -2398,8 +2398,7 @@ mls_vnode_check_getacl(struct ucred *cre
static int
mls_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_mls *subj, *obj;
@@ -2739,8 +2738,7 @@ mls_vnode_check_setacl(struct ucred *cre
static int
mls_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_mls *subj, *obj;
Modified: head/sys/security/mac_stub/mac_stub.c
==============================================================================
--- head/sys/security/mac_stub/mac_stub.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_stub/mac_stub.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -1283,8 +1283,7 @@ stub_vnode_check_getacl(struct ucred *cr
static int
stub_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
return (0);
@@ -1422,8 +1421,7 @@ stub_vnode_check_setacl(struct ucred *cr
static int
stub_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
return (0);
Modified: head/sys/security/mac_test/mac_test.c
==============================================================================
--- head/sys/security/mac_test/mac_test.c Sun Mar 8 12:22:00 2009 (r189532)
+++ head/sys/security/mac_test/mac_test.c Sun Mar 8 12:32:06 2009 (r189533)
@@ -2435,8 +2435,7 @@ test_vnode_check_getacl(struct ucred *cr
COUNTER_DECL(vnode_check_getextattr);
static int
test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
@@ -2642,8 +2641,7 @@ test_vnode_check_setacl(struct ucred *cr
COUNTER_DECL(vnode_check_setextattr);
static int
test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int attrnamespace, const char *name,
- struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
More information about the svn-src-all
mailing list