1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_vfs.c 104269 2002-10-01 04:30:19Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 2519 unchanged lines hidden (view full) --- 2567} 2568 2569int 2570mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd, 2571 void *data) 2572{ 2573 int error; 2574 |
2575 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2576 2577 if (!mac_enforce_pipe) 2578 return (0); 2579 |
2580 MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data); 2581 2582 return (error); 2583} 2584 2585int 2586mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe) 2587{ 2588 int error; 2589 |
2590 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2591 2592 if (!mac_enforce_pipe) 2593 return (0); 2594 |
2595 MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label); 2596 2597 return (error); 2598} 2599 2600int 2601mac_check_pipe_read(struct ucred *cred, struct pipe *pipe) 2602{ 2603 int error; 2604 |
2605 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2606 2607 if (!mac_enforce_pipe) 2608 return (0); 2609 |
2610 MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label); 2611 2612 return (error); 2613} 2614 2615static int 2616mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 2617 struct label *newlabel) 2618{ 2619 int error; 2620 |
2621 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2622 2623 if (!mac_enforce_pipe) 2624 return (0); 2625 |
2626 MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel); 2627 2628 return (error); 2629} 2630 2631int 2632mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe) 2633{ 2634 int error; 2635 |
2636 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2637 2638 if (!mac_enforce_pipe) 2639 return (0); 2640 |
2641 MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label); 2642 2643 return (error); 2644} 2645 2646int 2647mac_check_pipe_write(struct ucred *cred, struct pipe *pipe) 2648{ 2649 int error; 2650 |
2651 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2652 2653 if (!mac_enforce_pipe) 2654 return (0); 2655 |
2656 MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label); 2657 2658 return (error); 2659} 2660 2661int 2662mac_check_proc_debug(struct ucred *cred, struct proc *proc) 2663{ --- 250 unchanged lines hidden (view full) --- 2914 return (0); 2915} 2916 2917int 2918mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label) 2919{ 2920 int error; 2921 |
2922 PIPE_LOCK_ASSERT(pipe, MA_OWNED); 2923 |
2924 error = mac_check_pipe_relabel(cred, pipe, label); 2925 if (error) 2926 return (error); 2927 2928 mac_relabel_pipe(cred, pipe, label); 2929 2930 return (0); 2931} --- 287 unchanged lines hidden (view full) --- 3219 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 3220 error = vn_setlabel(vp, &intlabel, td->td_ucred); 3221 VOP_UNLOCK(vp, 0, td); 3222 vn_finished_write(mp); 3223 mac_destroy_temp(&intlabel); 3224 break; 3225 case DTYPE_PIPE: 3226 pipe = (struct pipe *)fp->f_data; |
3227 PIPE_LOCK(pipe); |
3228 error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel); |
3229 PIPE_UNLOCK(pipe); |
3230 break; 3231 default: 3232 error = EINVAL; 3233 } 3234 3235out2: 3236 fdrop(fp, td); 3237out1: --- 128 unchanged lines hidden --- |