PERFORCE change 15399 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 1 17:58:02 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15399
Change 15399 by rwatson at rwatson_paprika on 2002/08/01 10:57:22
Integ MAC changes back in from the main tree.
Affected files ...
.. //depot/projects/trustedbsd/base/contrib/tar/src/extract.c#3 integrate
.. //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#34 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/conf/GENERIC#12 integrate
.. //depot/projects/trustedbsd/base/sys/i386/conf/GENERIC#14 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#18 integrate
.. //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#17 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_socket2.c#17 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#15 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#19 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#23 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#18 integrate
.. //depot/projects/trustedbsd/base/sys/modules/Makefile#18 integrate
.. //depot/projects/trustedbsd/base/sys/modules/mac_biba/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_bsdextended/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_ifoff/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_mls/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_none/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_seeotheruids/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/mac_test/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/pc98/conf/GENERIC#13 integrate
.. //depot/projects/trustedbsd/base/sys/powerpc/conf/GENERIC#6 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/conf/GENERIC#13 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#2 integrate
.. //depot/projects/trustedbsd/base/usr.bin/sockstat/sockstat.c#3 integrate
Differences ...
==== //depot/projects/trustedbsd/base/contrib/tar/src/extract.c#3 (text+ko) ====
@@ -19,7 +19,7 @@
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
-/* $FreeBSD: src/contrib/tar/src/extract.c,v 1.4 2002/07/03 12:44:31 sobomax Exp $ */
+/* $FreeBSD: src/contrib/tar/src/extract.c,v 1.5 2002/08/01 17:32:08 sobomax Exp $ */
#include "system.h"
#include <quotearg.h>
@@ -129,6 +129,9 @@
{
umask (newdir_umask); /* restore the kernel umask */
current_umask = newdir_umask;
+#ifdef __FreeBSD__
+ same_permissions_option++;
+#endif
}
}
@@ -184,7 +187,7 @@
mode = current_stat_info->st_mode ^ invert_permissions;
}
- if (chmod (file_name, mode) != 0)
+ if (chmod (file_name, mode & ~ current_umask) != 0)
chmod_error_details (file_name, mode);
}
==== //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#34 (text+ko) ====
@@ -3,7 +3,7 @@
<corpauthor>The FreeBSD Project</corpauthor>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.401 2002/07/31 20:09:07 bmah Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.402 2002/08/01 15:27:51 bmah Exp $</pubdate>
<copyright>
<year>2000</year>
@@ -1959,6 +1959,11 @@
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>.
&merged;</para>
+ <para>A heap buffer overflow in the XDR decoder has been fixed.
+ For more details, see security advisory <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:34.rpc.asc">FreeBSD-SA-02:34</ulink>.
+ &merged;</para>
+
</sect2>
<sect2 id="userland">
==== //depot/projects/trustedbsd/base/sys/alpha/conf/GENERIC#12 (text+ko) ====
@@ -4,7 +4,7 @@
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
-# http://www.FreeBSD.org/handbook/kernelconfig-config.html
+# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
@@ -18,7 +18,7 @@
#
# For hardware specific information check HARDWARE.TXT
#
-# $FreeBSD: src/sys/alpha/conf/GENERIC,v 1.146 2002/07/23 06:36:23 peter Exp $
+# $FreeBSD: src/sys/alpha/conf/GENERIC,v 1.147 2002/08/01 17:21:03 blackend Exp $
machine alpha
cpu EV4
==== //depot/projects/trustedbsd/base/sys/i386/conf/GENERIC#14 (text+ko) ====
@@ -4,7 +4,7 @@
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
-# http://www.FreeBSD.org/handbook/kernelconfig-config.html
+# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
@@ -16,7 +16,7 @@
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
-# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.352 2002/07/23 06:35:08 peter Exp $
+# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.353 2002/08/01 17:21:09 blackend Exp $
machine i386
cpu I486_CPU
==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#3 (text+ko) ====
@@ -36,7 +36,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_mac.c,v 1.2 2002/07/30 21:36:05 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_mac.c,v 1.3 2002/08/01 17:47:55 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
@@ -46,6 +46,7 @@
*/
#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/extattr.h>
#include <sys/kernel.h>
==== //depot/projects/trustedbsd/base/sys/kern/kern_prot.c#18 (text+ko) ====
@@ -37,7 +37,7 @@
* SUCH DAMAGE.
*
* @(#)kern_prot.c 8.6 (Berkeley) 1/21/94
- * $FreeBSD: src/sys/kern/kern_prot.c,v 1.163 2002/07/31 00:48:24 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_prot.c,v 1.164 2002/08/01 17:47:55 rwatson Exp $
*/
/*
@@ -52,8 +52,8 @@
#include <sys/acct.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mutex.h>
#include <sys/sx.h>
#include <sys/proc.h>
==== //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#5 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tty_tty.c 8.2 (Berkeley) 9/23/93
- * $FreeBSD: src/sys/kern/tty_tty.c,v 1.40 2002/08/01 01:09:54 rwatson Exp $
+ * $FreeBSD: src/sys/kern/tty_tty.c,v 1.41 2002/08/01 17:47:55 rwatson Exp $
*/
/*
@@ -45,8 +45,8 @@
#include <sys/conf.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mutex.h>
-#include <sys/mac.h>
#include <sys/sx.h>
#include <sys/proc.h>
#include <sys/ttycom.h>
==== //depot/projects/trustedbsd/base/sys/kern/uipc_mbuf.c#9 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.96 2002/07/31 01:51:34 rwatson Exp $
+ * $FreeBSD: src/sys/kern/uipc_mbuf.c,v 1.97 2002/08/01 17:47:55 rwatson Exp $
*/
#include "opt_mac.h"
@@ -41,8 +41,8 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mbuf.h>
#include <sys/sysctl.h>
#include <sys/domain.h>
==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#17 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
- * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.128 2002/08/01 03:45:40 rwatson Exp $
+ * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.129 2002/08/01 17:47:56 rwatson Exp $
*/
#include "opt_inet.h"
@@ -42,8 +42,8 @@
#include <sys/systm.h>
#include <sys/fcntl.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mbuf.h>
#include <sys/mutex.h>
#include <sys/domain.h>
==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket2.c#17 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_socket2.c 8.1 (Berkeley) 6/10/93
- * $FreeBSD: src/sys/kern/uipc_socket2.c,v 1.100 2002/07/31 03:03:22 rwatson Exp $
+ * $FreeBSD: src/sys/kern/uipc_socket2.c,v 1.101 2002/08/01 17:47:56 rwatson Exp $
*/
#include "opt_mac.h"
@@ -44,8 +44,8 @@
#include <sys/file.h> /* for maxfiles */
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mbuf.h>
#include <sys/mutex.h>
#include <sys/proc.h>
==== //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#15 (text+ko) ====
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94
- * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.121 2002/07/31 16:39:49 rwatson Exp $
+ * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.122 2002/08/01 17:47:56 rwatson Exp $
*/
#include "opt_compat.h"
@@ -45,6 +45,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mutex.h>
#include <sys/sysproto.h>
#include <sys/malloc.h>
==== //depot/projects/trustedbsd/base/sys/kern/vfs_mount.c#4 (text+ko) ====
@@ -61,7 +61,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.79 2002/07/31 01:11:29 rwatson Exp $
+ * $FreeBSD: src/sys/kern/vfs_mount.c,v 1.80 2002/08/01 17:47:56 rwatson Exp $
*/
#include <sys/param.h>
@@ -69,8 +69,8 @@
#include <sys/cons.h>
#include <sys/kernel.h>
#include <sys/linker.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
==== //depot/projects/trustedbsd/base/sys/kern/vfs_subr.c#19 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95
- * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.386 2002/07/31 12:25:28 des Exp $
+ * $FreeBSD: src/sys/kern/vfs_subr.c,v 1.387 2002/08/01 17:47:56 rwatson Exp $
*/
/*
@@ -54,8 +54,8 @@
#include <sys/fcntl.h>
#include <sys/kernel.h>
#include <sys/kthread.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/namei.h>
#include <sys/stat.h>
==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#23 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
- * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.276 2002/08/01 03:50:08 rwatson Exp $
+ * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.278 2002/08/01 17:47:56 rwatson Exp $
*/
/* For 4.3 integer FS ID compatibility */
@@ -48,8 +48,8 @@
#include <sys/bio.h>
#include <sys/buf.h>
#include <sys/sysent.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/sysproto.h>
@@ -733,7 +733,12 @@
VATTR_NULL(&vat);
vat.va_size = 0;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_op(td->td_ucred, vp,
+ MAC_OP_VNODE_WRITE);
+ if (error == 0)
+#endif
+ error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
if (error)
@@ -1305,6 +1310,11 @@
flags |= VWRITE;
if (user_flags & X_OK)
flags |= VEXEC;
+#ifdef MAC
+ error = mac_check_vnode_access(cred, vp, flags);
+ if (error)
+ return (error);
+#endif
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, flags, cred, td);
}
@@ -1746,6 +1756,13 @@
return (error);
NDFREE(&nd, NDF_ONLY_PNBUF);
vp = nd.ni_vp;
+#ifdef MAC
+ error = mac_check_vnode_readlink(td->td_ucred, vp);
+ if (error) {
+ vput(vp);
+ return (error);
+ }
+#endif
if (vp->v_type != VLNK)
error = EINVAL;
else {
@@ -1794,9 +1811,16 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- VATTR_NULL(&vattr);
- vattr.va_flags = flags;
- error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags);
+ if (error == 0) {
+#endif
+ VATTR_NULL(&vattr);
+ vattr.va_flags = flags;
+ error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
+#ifdef MAC
+ }
+#endif
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return (error);
@@ -1902,7 +1926,11 @@
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
VATTR_NULL(&vattr);
vattr.va_mode = mode & ALLPERMS;
- error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_setmode(td->td_ucred, vp, vattr.va_mode);
+ if (error == 0)
+#endif
+ error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return error;
@@ -2019,7 +2047,12 @@
VATTR_NULL(&vattr);
vattr.va_uid = uid;
vattr.va_gid = gid;
- error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_setowner(td->td_ucred, vp, vattr.va_uid,
+ vattr.va_gid);
+ if (error == 0)
+#endif
+ error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return error;
@@ -2178,7 +2211,12 @@
vattr.va_birthtime = ts[2];
if (nullflag)
vattr.va_vaflags |= VA_UTIMES_NULL;
- error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_setutimes(td->td_ucred, vp, vattr.va_atime,
+ vattr.va_mtime);
+ if (error == 0)
+#endif
+ error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return error;
@@ -2328,6 +2366,10 @@
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
if (vp->v_type == VDIR)
error = EISDIR;
+#ifdef MAC
+ else if ((error = mac_check_vnode_op(td->td_ucred, vp,
+ MAC_OP_VNODE_WRITE))) {}
+#endif
else if ((error = vn_writechk(vp)) == 0 &&
(error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
VATTR_NULL(&vattr);
@@ -2382,6 +2424,10 @@
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
if (vp->v_type == VDIR)
error = EISDIR;
+#ifdef MAC
+ else if ((error = mac_check_vnode_op(td->td_ucred, vp,
+ MAC_OP_VNODE_WRITE))) {}
+#endif
else if ((error = vn_writechk(vp)) == 0) {
VATTR_NULL(&vattr);
vattr.va_size = SCARG(uap, length);
@@ -3073,6 +3119,13 @@
vput(vp);
return (EINVAL);
}
+#ifdef MAC
+ error = mac_check_vnode_revoke(td->td_ucred, vp);
+ if (error) {
+ vput(vp);
+ return (error);
+ }
+#endif
error = VOP_GETATTR(vp, &vattr, td->td_ucred, td);
if (error) {
vput(vp);
@@ -3257,6 +3310,11 @@
mode |= VREAD;
if (fmode & O_APPEND)
mode |= VAPPEND;
+#ifdef MAC
+ error = mac_check_vnode_open(td->td_ucred, vp, mode);
+ if (error)
+ goto bad;
+#endif
if (mode) {
error = VOP_ACCESS(vp, mode, td->td_ucred, td);
if (error)
@@ -3270,9 +3328,17 @@
}
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */
- VATTR_NULL(vap);
- vap->va_size = 0;
- error = VOP_SETATTR(vp, vap, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_op(td->td_ucred, vp,
+ MAC_OP_VNODE_WRITE);
+ if (error == 0) {
+#endif
+ VATTR_NULL(vap);
+ vap->va_size = 0;
+ error = VOP_SETATTR(vp, vap, td->td_ucred, td);
+#ifdef MAC
+ }
+#endif
vn_finished_write(mp);
if (error)
goto bad;
@@ -3584,6 +3650,13 @@
auio.uio_td = td;
cnt = nbytes;
+#ifdef MAC
+ error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace,
+ attrname, &auio);
+ if (error)
+ goto done;
+#endif
+
error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
td->td_ucred, td);
cnt -= auio.uio_resid;
@@ -3704,6 +3777,13 @@
} else
sizep = &size;
+#ifdef MAC
+ error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace,
+ attrname, &auio);
+ if (error)
+ goto done;
+#endif
+
error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
td->td_ucred, td);
@@ -3800,6 +3880,11 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+#ifdef MAC
+ error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace,
+ attrname, NULL);
+#endif
+
error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL, td->td_ucred,
td);
==== //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#18 (text+ko) ====
@@ -36,9 +36,11 @@
* SUCH DAMAGE.
*
* @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94
- * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.154 2002/07/31 12:19:49 des Exp $
+ * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.156 2002/08/01 17:23:22 rwatson Exp $
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/fcntl.h>
@@ -46,6 +48,7 @@
#include <sys/stat.h>
#include <sys/proc.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
@@ -187,22 +190,29 @@
error = EOPNOTSUPP;
goto bad;
}
+ mode = 0;
+ if (fmode & (FWRITE | O_TRUNC)) {
+ if (vp->v_type == VDIR) {
+ error = EISDIR;
+ goto bad;
+ }
+ mode |= VWRITE;
+ }
+ if (fmode & FREAD)
+ mode |= VREAD;
+ if (fmode & O_APPEND)
+ mode |= VAPPEND;
+#ifdef MAC
+ error = mac_check_vnode_open(cred, vp, mode);
+ if (error)
+ goto bad;
+#endif
if ((fmode & O_CREAT) == 0) {
- mode = 0;
- if (fmode & (FWRITE | O_TRUNC)) {
- if (vp->v_type == VDIR) {
- error = EISDIR;
- goto bad;
- }
+ if (mode & VWRITE) {
error = vn_writechk(vp);
if (error)
goto bad;
- mode |= VWRITE;
}
- if (fmode & FREAD)
- mode |= VREAD;
- if (fmode & O_APPEND)
- mode |= VAPPEND;
if (mode) {
error = VOP_ACCESS(vp, mode, cred, td);
if (error)
@@ -383,9 +393,17 @@
auio.uio_rw = rw;
auio.uio_td = td;
if (rw == UIO_READ) {
- error = VOP_READ(vp, &auio, ioflg, cred);
+#ifdef MAC
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
+ if (error == 0)
+#endif
+ error = VOP_READ(vp, &auio, ioflg, cred);
} else {
- error = VOP_WRITE(vp, &auio, ioflg, cred);
+#ifdef MAC
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ if (error == 0)
+#endif
+ error = VOP_WRITE(vp, &auio, ioflg, cred);
}
if (aresid)
*aresid = auio.uio_resid;
@@ -472,7 +490,11 @@
ioflag |= sequential_heuristic(uio, fp);
- error = VOP_READ(vp, uio, ioflag, cred);
+#ifdef MAC
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
+ if (error == 0)
+#endif
+ error = VOP_READ(vp, uio, ioflag, cred);
if ((flags & FOF_OFFSET) == 0)
fp->f_offset = uio->uio_offset;
fp->f_nextoff = uio->uio_offset;
@@ -523,7 +545,11 @@
if ((flags & FOF_OFFSET) == 0)
uio->uio_offset = fp->f_offset;
ioflag |= sequential_heuristic(uio, fp);
- error = VOP_WRITE(vp, uio, ioflag, cred);
+#ifdef MAC
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ if (error == 0)
+#endif
+ error = VOP_WRITE(vp, uio, ioflag, cred);
if ((flags & FOF_OFFSET) == 0)
fp->f_offset = uio->uio_offset;
fp->f_nextoff = uio->uio_offset;
@@ -566,6 +592,12 @@
int error;
u_short mode;
+#ifdef MAC
+ error = mac_check_vnode_stat(td->td_ucred, vp);
+ if (error)
+ return (error);
+#endif
+
vap = &vattr;
error = VOP_GETATTR(vp, vap, td->td_ucred, td);
if (error)
@@ -747,6 +779,19 @@
struct ucred *cred;
struct thread *td;
{
+ struct vnode *vp;
+#ifdef MAC
+ int error;
+#endif
+
+ vp = (struct vnode *)fp->f_data;
+#ifdef MAC
+ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_POLL);
+ VOP_UNLOCK(vp, 0, td);
+ if (error)
+ return (error);
+#endif
return (VOP_POLL(((struct vnode *)fp->f_data), events, cred, td));
}
==== //depot/projects/trustedbsd/base/sys/modules/Makefile#18 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/sys/modules/Makefile,v 1.247 2002/07/30 17:44:28 joe Exp $
+# $FreeBSD: src/sys/modules/Makefile,v 1.248 2002/08/01 17:41:26 rwatson Exp $
.if exists(${.CURDIR}/../crypto) && !defined(NOCRYPT)
_random= random
@@ -48,6 +48,13 @@
libmchain \
lnc \
lpt \
+ mac_biba \
+ mac_bsdextended \
+ mac_ifoff \
+ mac_mls \
+ mac_none \
+ mac_seeotheruids \
+ mac_test \
md \
mii \
mlx \
==== //depot/projects/trustedbsd/base/sys/pc98/conf/GENERIC#13 (text+ko) ====
@@ -4,7 +4,7 @@
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
-# http://www.FreeBSD.org/handbook/kernelconfig-config.html
+# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
@@ -16,7 +16,7 @@
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
-# $FreeBSD: src/sys/pc98/conf/GENERIC,v 1.210 2002/07/23 06:37:14 peter Exp $
+# $FreeBSD: src/sys/pc98/conf/GENERIC,v 1.211 2002/08/01 17:20:58 blackend Exp $
machine pc98
#cpu I386_CPU #Do not enable with other cpu types
==== //depot/projects/trustedbsd/base/sys/powerpc/conf/GENERIC#6 (text+ko) ====
@@ -4,7 +4,7 @@
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
-# http://www.FreeBSD.org/handbook/kernelconfig-config.html
+# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
@@ -16,7 +16,7 @@
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
-# $FreeBSD: src/sys/powerpc/conf/GENERIC,v 1.10 2002/07/23 06:38:21 peter Exp $
+# $FreeBSD: src/sys/powerpc/conf/GENERIC,v 1.11 2002/08/01 17:21:13 blackend Exp $
machine powerpc
cpu MPC750
==== //depot/projects/trustedbsd/base/sys/sparc64/conf/GENERIC#13 (text+ko) ====
@@ -4,7 +4,7 @@
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
-# http://www.FreeBSD.org/handbook/kernelconfig-config.html
+# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
@@ -18,7 +18,7 @@
#
# For hardware specific information check HARDWARE.TXT
#
-# $FreeBSD: src/sys/sparc64/conf/GENERIC,v 1.28 2002/07/27 15:28:35 mike Exp $
+# $FreeBSD: src/sys/sparc64/conf/GENERIC,v 1.29 2002/08/01 17:21:18 blackend Exp $
machine sparc64
cpu SUN4U
==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#2 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/mac_policy.h,v 1.1 2002/07/30 21:32:34 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac_policy.h,v 1.2 2002/08/01 17:32:01 rwatson Exp $
*/
/*
* Kernel interface for MAC policy modules.
@@ -326,7 +326,7 @@
struct label *label, int op);
};
-typedef void *macop_t;
+typedef const void *macop_t;
enum mac_op_constant {
MAC_OP_LAST,
@@ -445,7 +445,7 @@
struct mac_policy_op_entry {
enum mac_op_constant mpe_constant; /* what this hook implements */
- void *mpe_function; /* hook's implementation */
+ macop_t mpe_function; /* hook's implementation */
};
struct mac_policy_conf {
==== //depot/projects/trustedbsd/base/usr.bin/sockstat/sockstat.c#3 (text+ko) ====
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/usr.bin/sockstat/sockstat.c,v 1.2 2002/08/01 11:02:30 des Exp $");
+__FBSDID("$FreeBSD: src/usr.bin/sockstat/sockstat.c,v 1.3 2002/08/01 16:49:31 des Exp $");
#include <sys/param.h>
#include <sys/socket.h>
@@ -39,6 +39,8 @@
#include <sys/un.h>
#include <sys/unpcb.h>
+#include <net/route.h>
+
#include <netinet/in.h>
#include <netinet/in_pcb.h>
#include <netinet/tcp.h>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list