PERFORCE change 20709 for review

Robert Watson rwatson at freebsd.org
Tue Nov 5 18:25:03 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20709

Change 20709 by rwatson at rwatson_tislabs on 2002/11/05 10:24:09

	Use execlabel rather than imgp->execlabel.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#57 (text+ko) ====

@@ -311,7 +311,7 @@
 sebsd_execve_transition(struct ucred *old, struct ucred *new,
 			struct vnode *vp, struct label *vnodelabel,
 			struct label *interpvnodelabel,
-			struct image_params *imgp)
+			struct image_params *imgp, struct label *execlabel)
 {
 	struct task_security_struct *otask, *ntask;
 	struct vnode_security_struct *file;
@@ -329,12 +329,12 @@
 	 * So just make the transition.
 	 */
 	ntask->osid = otask->sid;
-	if (imgp->execlabel == NULL) {
+	if (execlabel == NULL) {
 		(void)security_transition_sid(otask->sid, file->sid,
 					      SECCLASS_PROCESS, &ntask->sid);
 	} else {
 		ntask->sid = ((struct task_security_struct *)
-		    SLOT(imgp->execlabel))->sid;
+		    SLOT(execlabel))->sid;
 	}
 
 	if (otask->sid != ntask->sid) {
@@ -352,7 +352,8 @@
 sebsd_execve_will_transition(struct ucred *old, struct vnode *vp,
 			     struct label *vnodelabel,
 			     struct label *interpvnodelabel,
-			     struct image_params *imgp)
+			     struct image_params *imgp,
+			     struct label *execlabel)
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
@@ -368,12 +369,12 @@
 	 * Should have already checked all the permissions, so just see if
 	 * the SIDS are going to match. 
 	 */
-	if (imgp->execlabel == NULL) {
+	if (execlabel == NULL) {
 		(void)security_transition_sid(task->sid, file->sid,
 					      SECCLASS_PROCESS, &newsid);
 	} else {
 		newsid = ((struct task_security_struct *)
-		    SLOT(imgp->execlabel))->sid;
+		    SLOT(execlabel))->sid;
 	}
 
 	return (newsid != task->sid);
@@ -743,7 +744,8 @@
 
 static int
 sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp,
-		       struct label *label, struct image_params *imgp)
+		       struct label *label, struct image_params *imgp,
+		       struct label *execlabel)
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
@@ -753,14 +755,14 @@
 
 	task = SLOT(&cred->cr_label);
 	file = SLOT(label);
-	if (imgp->execlabel == NULL) {
+	if (execlabel == NULL) {
 		rc = security_transition_sid(task->sid, file->sid,
 					     SECCLASS_PROCESS, &newsid);
 		if (rc)
 			return EACCES;
 	} else {
 		newsid = ((struct task_security_struct *)
-		    SLOT(imgp->execlabel))->sid;
+		    SLOT(execlabel))->sid;
 	}
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list