| mac_process.c (102949) | mac_process.c (103135) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
| 39 * $FreeBSD: head/sys/security/mac/mac_process.c 102949 2002-09-05 07:02:43Z bde $ | 39 * $FreeBSD: head/sys/security/mac/mac_process.c 103135 2002-09-09 17:10:16Z rwatson $ |
| 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 2076 unchanged lines hidden (view full) --- 2124 * memory space, and revoke access (in the least surprising ways we 2125 * know) when necessary. The process lock is not held here. 2126 */ 2127static void 2128mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) 2129{ 2130 2131 /* XXX freeze all other threads */ | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 2076 unchanged lines hidden (view full) --- 2124 * memory space, and revoke access (in the least surprising ways we 2125 * know) when necessary. The process lock is not held here. 2126 */ 2127static void 2128mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) 2129{ 2130 2131 /* XXX freeze all other threads */ |
| 2132 mtx_lock(&Giant); | |
| 2133 mac_cred_mmapped_drop_perms_recurse(td, cred, 2134 &td->td_proc->p_vmspace->vm_map); | 2132 mac_cred_mmapped_drop_perms_recurse(td, cred, 2133 &td->td_proc->p_vmspace->vm_map); |
| 2135 mtx_unlock(&Giant); | |
| 2136 /* XXX allow other threads to continue */ 2137} 2138 2139static __inline const char * 2140prot2str(vm_prot_t prot) 2141{ 2142 2143 switch (prot & VM_PROT_ALL) { --- 894 unchanged lines hidden (view full) --- 3038 3039 /* 3040 * Grab additional reference for use while revoking mmaps, prior 3041 * to releasing the proc lock and sharing the cred. 3042 */ 3043 crhold(newcred); 3044 PROC_UNLOCK(p); 3045 | 2134 /* XXX allow other threads to continue */ 2135} 2136 2137static __inline const char * 2138prot2str(vm_prot_t prot) 2139{ 2140 2141 switch (prot & VM_PROT_ALL) { --- 894 unchanged lines hidden (view full) --- 3036 3037 /* 3038 * Grab additional reference for use while revoking mmaps, prior 3039 * to releasing the proc lock and sharing the cred. 3040 */ 3041 crhold(newcred); 3042 PROC_UNLOCK(p); 3043 |
| 3044 mtx_lock(&Giant); |
|
| 3046 mac_cred_mmapped_drop_perms(td, newcred); | 3045 mac_cred_mmapped_drop_perms(td, newcred); |
| 3046 mtx_unlock(&Giant); |
|
| 3047 3048 crfree(newcred); /* Free revocation reference. */ 3049 crfree(oldcred); 3050 mac_destroy_temp(&intlabel); 3051 return (0); 3052} 3053 3054/* --- 257 unchanged lines hidden --- | 3047 3048 crfree(newcred); /* Free revocation reference. */ 3049 crfree(oldcred); 3050 mac_destroy_temp(&intlabel); 3051 return (0); 3052} 3053 3054/* --- 257 unchanged lines hidden --- |