PERFORCE change 110130 for review

Todd Miller millert at FreeBSD.org
Thu Nov 16 21:32:44 UTC 2006


http://perforce.freebsd.org/chv.cgi?CH=110130

Change 110130 by millert at millert_macbook on 2006/11/16 21:32:30

	Some mac_file_check_fcntl fixes:
	 - fix type of "arg", it should be user_long_t
	 - add label arg to mpo_file_check_fcntl_t

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#20 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#29 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#8 (text+ko) ====

@@ -106,11 +106,12 @@
 }
 
 int
-mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd, long arg)
+mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd,
+    user_long_t arg)
 {
 	int error;
 
-	MAC_CHECK(file_check_fcntl, cred, fg, cmd, arg);
+	MAC_CHECK(file_check_fcntl, cred, fg, fg->fg_label, cmd, arg);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#20 (text+ko) ====

@@ -126,7 +126,7 @@
 int	mac_file_check_create(struct ucred *cred);
 int	mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd);
 int	mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd,
-	    long arg);
+	    user_long_t arg);
 int	mac_file_check_get(struct ucred *cred, struct fileglob *fg,
 	    char *elements, int len);
 int	mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#29 (text+ko) ====

@@ -633,6 +633,7 @@
   @brief Access control check for fcntl
   @param cred Subject credential
   @param fg Fileglob structure
+  @param label Policy label for fg
   @param cmd Control operation to be performed; see fcntl(2)
   @param arg fcnt arguments; see fcntl(2)
 
@@ -645,8 +646,9 @@
 typedef int mpo_file_check_fcntl_t(
 	struct ucred *cred,
 	struct fileglob *fg,
+	struct label *label,
 	int cmd,
-	long arg
+	user_long_t arg
 );
 /**
   @brief Access control check for mac_get_fd


More information about the trustedbsd-cvs mailing list