Cross Reference: /freebsd-10.1-release/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 151115 ) new ( 156225 )

full compact

mac_process.c (151115)	mac_process.c (156225)
1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h>	1/- 2 Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 22 unchanged lines hidden (view full) --- 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <sys/cdefs.h>
39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 151115 2005-10-09 02:37:27Z csjp $");	39__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 156225 2006-03-02 22:13:28Z tegge $");
40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 277 unchanged lines hidden (view full) --- 325 struct vm_map map) 326{ 327* struct vm_map_entry vme; 328* int vfslocked, result; 329 vm_prot_t revokeperms; 330 vm_object_t backing_object, object; 331 vm_ooffset_t offset; 332 struct vnode *vp;	40 41#include "opt_mac.h" 42 43#include <sys/param.h> 44#include <sys/condvar.h> 45#include <sys/imgact.h> 46#include <sys/kernel.h> 47#include <sys/lock.h> --- 277 unchanged lines hidden (view full) --- 325 struct vm_map map) 326{ 327* struct vm_map_entry vme; 328* int vfslocked, result; 329 vm_prot_t revokeperms; 330 vm_object_t backing_object, object; 331 vm_ooffset_t offset; 332 struct vnode *vp;
	333 struct mount *mp;
333 334 if (!mac_mmap_revocation) 335 return; 336 337 vm_map_lock_read(map); 338 for (vme = map->header.next; vme != &map->header; vme = vme->next) { 339 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { 340 mac_cred_mmapped_drop_perms_recurse(td, cred, --- 61 unchanged lines hidden (view full) --- 402 } else { 403 if (revokeperms & VM_PROT_WRITE) { 404 /* 405 * In the more complicated case, flush out all 406 * pending changes to the object then turn it 407 * copy-on-write. 408 / 409* vm_object_reference(object);	334 335 if (!mac_mmap_revocation) 336 return; 337 338 vm_map_lock_read(map); 339 for (vme = map->header.next; vme != &map->header; vme = vme->next) { 340 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { 341 mac_cred_mmapped_drop_perms_recurse(td, cred, --- 61 unchanged lines hidden (view full) --- 403 } else { 404 if (revokeperms & VM_PROT_WRITE) { 405 /* 406 * In the more complicated case, flush out all 407 * pending changes to the object then turn it 408 * copy-on-write. 409 / 410* vm_object_reference(object);
	411 (void) vn_start_write(vp, &mp, V_WAIT);
410 vn_lock(vp, LK_EXCLUSIVE \| LK_RETRY, td); 411 VM_OBJECT_LOCK(object); 412 vm_object_page_clean(object, 413 OFF_TO_IDX(offset), 414 OFF_TO_IDX(offset + vme->end - vme->start + 415 PAGE_MASK), 416 OBJPC_SYNC); 417 VM_OBJECT_UNLOCK(object); 418 VOP_UNLOCK(vp, 0, td);	412 vn_lock(vp, LK_EXCLUSIVE \| LK_RETRY, td); 413 VM_OBJECT_LOCK(object); 414 vm_object_page_clean(object, 415 OFF_TO_IDX(offset), 416 OFF_TO_IDX(offset + vme->end - vme->start + 417 PAGE_MASK), 418 OBJPC_SYNC); 419 VM_OBJECT_UNLOCK(object); 420 VOP_UNLOCK(vp, 0, td);
	421 vn_finished_write(mp);
419 vm_object_deallocate(object); 420 /* 421 * Why bother if there's no read permissions 422 * anymore? For the rest, we need to leave 423 * the write permissions on for COW, or 424 * remove them entirely if configured to. 425 / 426* if (!mac_mmap_revocation_via_cow) { --- 249 unchanged lines hidden ---	422 vm_object_deallocate(object); 423 /* 424 * Why bother if there's no read permissions 425 * anymore? For the rest, we need to leave 426 * the write permissions on for COW, or 427 * remove them entirely if configured to. 428 / 429* if (!mac_mmap_revocation_via_cow) { --- 249 unchanged lines hidden ---