Cross Reference: /freebsd-10.0-release/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 150923 ) new ( 151115 )

full compact

mac_process.c (150923)	mac_process.c (151115)
1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h>	1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h>
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 150923 2005-10-04 14:47:47Z csjp $");	39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 151115 2005-10-09 02:37:27Z csjp $");
40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 274 unchanged lines hidden (view full) --- 322 323static void 324mac_cred_mmapped_drop_perms_recurse(struct thread td, struct ucred cred, 325 struct vm_map map) 326{ 327* struct vm_map_entry vme; 328* int vfslocked, result; 329 vm_prot_t revokeperms;	40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 274 unchanged lines hidden (view full) --- 322 323static void 324mac_cred_mmapped_drop_perms_recurse(struct thread td, struct ucred cred, 325 struct vm_map map) 326{ 327* struct vm_map_entry vme; 328* int vfslocked, result; 329 vm_prot_t revokeperms;
330 vm_object_t object;	330 vm_object_t backing_object, object;
331 vm_ooffset_t offset; 332 struct vnode vp; 333* 334 if (!mac_mmap_revocation) 335 return; 336 337 vm_map_lock_read(map); 338 for (vme = map->header.next; vme != &map->header; vme = vme->next) { --- 10 unchanged lines hidden (view full) --- 349 continue; 350 /* 351 * Drill down to the deepest backing object. 352 / 353* offset = vme->offset; 354 object = vme->object.vm_object; 355 if (object == NULL) 356 continue;	331 vm_ooffset_t offset; 332 struct vnode vp; 333* 334 if (!mac_mmap_revocation) 335 return; 336 337 vm_map_lock_read(map); 338 for (vme = map->header.next; vme != &map->header; vme = vme->next) { --- 10 unchanged lines hidden (view full) --- 349 continue; 350 /* 351 * Drill down to the deepest backing object. 352 / 353* offset = vme->offset; 354 object = vme->object.vm_object; 355 if (object == NULL) 356 continue;
357 /* XXXCSJP We need to lock the object before walking 358 * the backing object list. 359 / 360* while (object->backing_object != NULL) {	357 VM_OBJECT_LOCK(object); 358 while ((backing_object = object->backing_object) != NULL) { 359 VM_OBJECT_LOCK(backing_object);
361 offset += object->backing_object_offset;	360 offset += object->backing_object_offset;
362 object = object->backing_object;	361 VM_OBJECT_UNLOCK(object); 362 object = backing_object;
363 }	363 }
	364 VM_OBJECT_UNLOCK(object);
364 /* 365 * At the moment, vm_maps and objects aren't considered 366 * by the MAC system, so only things with backing by a 367 * normal object (read: vnodes) are checked. 368 / 369* if (object->type != OBJT_VNODE) 370 continue; 371 vp = (struct vnode )object->handle; --- 303 unchanged lines hidden* ---	365 /* 366 * At the moment, vm_maps and objects aren't considered 367 * by the MAC system, so only things with backing by a 368 * normal object (read: vnodes) are checked. 369 / 370* if (object->type != OBJT_VNODE) 371 continue; 372 vp = (struct vnode )object->handle; --- 303 unchanged lines hidden* ---