| mac_bsdextended.c (101099) | mac_bsdextended.c (102129) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
| 37 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 101099 2002-07-31 18:07:45Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 102129 2002-08-19 19:04:53Z rwatson $ |
| 38 */ 39/* 40 * Developed by the TrustedBSD Project. 41 * "BSD Extended" MAC policy, allowing the administrator to impose 42 * mandatory rules regarding users and some system objects. 43 * 44 * XXX: Much locking support required here. 45 */ --- 624 unchanged lines hidden (view full) --- 670 671 error = VOP_GETATTR(vp, &vap, cred, curthread); 672 if (error) 673 return (error); 674 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 675} 676 677static int | 38 */ 39/* 40 * Developed by the TrustedBSD Project. 41 * "BSD Extended" MAC policy, allowing the administrator to impose 42 * mandatory rules regarding users and some system objects. 43 * 44 * XXX: Much locking support required here. 45 */ --- 624 unchanged lines hidden (view full) --- 670 671 error = VOP_GETATTR(vp, &vap, cred, curthread); 672 if (error) 673 return (error); 674 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 675} 676 677static int |
| 678mac_bsdextended_check_vnode_stat(struct ucred *cred, struct vnode *vp, 679 struct label *label) | 678mac_bsdextended_check_vnode_stat(struct ucred *active_cred, 679 struct ucred *file_cred, struct vnode *vp, struct label *label) |
| 680{ 681 struct vattr vap; 682 int error; 683 684 if (!mac_bsdextended_enabled) 685 return (0); 686 | 680{ 681 struct vattr vap; 682 int error; 683 684 if (!mac_bsdextended_enabled) 685 return (0); 686 |
| 687 error = VOP_GETATTR(vp, &vap, cred, curthread); | 687 error = VOP_GETATTR(vp, &vap, active_cred, curthread); |
| 688 if (error) 689 return (error); | 688 if (error) 689 return (error); |
| 690 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VSTAT)); | 690 return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 691 VSTAT)); |
| 691} 692 693static struct mac_policy_op_entry mac_bsdextended_ops[] = 694{ 695 { MAC_DESTROY, 696 (macop_t)mac_bsdextended_destroy }, 697 { MAC_INIT, 698 (macop_t)mac_bsdextended_init }, --- 51 unchanged lines hidden --- | 692} 693 694static struct mac_policy_op_entry mac_bsdextended_ops[] = 695{ 696 { MAC_DESTROY, 697 (macop_t)mac_bsdextended_destroy }, 698 { MAC_INIT, 699 (macop_t)mac_bsdextended_init }, --- 51 unchanged lines hidden --- |