mac_framework.c (109153) | mac_framework.c (109623) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 19 unchanged lines hidden (view full) --- 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * |
36 * $FreeBSD: head/sys/security/mac/mac_framework.c 109153 2003-01-13 00:33:17Z dillon $ | 36 * $FreeBSD: head/sys/security/mac/mac_framework.c 109623 2003-01-21 08:56:16Z alfred $ |
37 */ 38/* 39 * Developed by the TrustedBSD Project. 40 * 41 * Framework for extensible kernel access control. Kernel and userland 42 * interface to the framework, policy registration and composition. 43 */ 44 --- 708 unchanged lines hidden (view full) --- 753#endif 754} 755 756void 757mac_init_pipe(struct pipe *pipe) 758{ 759 struct label *label; 760 | 37 */ 38/* 39 * Developed by the TrustedBSD Project. 40 * 41 * Framework for extensible kernel access control. Kernel and userland 42 * interface to the framework, policy registration and composition. 43 */ 44 --- 708 unchanged lines hidden (view full) --- 753#endif 754} 755 756void 757mac_init_pipe(struct pipe *pipe) 758{ 759 struct label *label; 760 |
761 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); | 761 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO); |
762 pipe->pipe_label = label; 763 pipe->pipe_peer->pipe_label = label; 764 mac_init_pipe_label(label); 765} 766 767void 768mac_init_proc(struct proc *p) 769{ --- 548 unchanged lines hidden (view full) --- 1318 error = copyin(mac_p, &mac, sizeof(mac)); 1319 if (error) 1320 return (error); 1321 1322 error = mac_check_structmac_consistent(&mac); 1323 if (error) 1324 return (error); 1325 | 762 pipe->pipe_label = label; 763 pipe->pipe_peer->pipe_label = label; 764 mac_init_pipe_label(label); 765} 766 767void 768mac_init_proc(struct proc *p) 769{ --- 548 unchanged lines hidden (view full) --- 1318 error = copyin(mac_p, &mac, sizeof(mac)); 1319 if (error) 1320 return (error); 1321 1322 error = mac_check_structmac_consistent(&mac); 1323 if (error) 1324 return (error); 1325 |
1326 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 1326 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
1327 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 1328 if (error) { 1329 free(buffer, M_MACTEMP); 1330 return (error); 1331 } 1332 1333 mac_init_cred_label(execlabelstorage); 1334 error = mac_internalize_cred_label(execlabelstorage, buffer); --- 1387 unchanged lines hidden (view full) --- 2722 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); 2723 if (error) 2724 return (error); 2725 2726 error = mac_check_structmac_consistent(&mac); 2727 if (error) 2728 return (error); 2729 | 1327 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 1328 if (error) { 1329 free(buffer, M_MACTEMP); 1330 return (error); 1331 } 1332 1333 mac_init_cred_label(execlabelstorage); 1334 error = mac_internalize_cred_label(execlabelstorage, buffer); --- 1387 unchanged lines hidden (view full) --- 2722 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); 2723 if (error) 2724 return (error); 2725 2726 error = mac_check_structmac_consistent(&mac); 2727 if (error) 2728 return (error); 2729 |
2730 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 2730 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
2731 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 2732 if (error) { 2733 free(elements, M_MACTEMP); 2734 return (error); 2735 } 2736 | 2731 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 2732 if (error) { 2733 free(elements, M_MACTEMP); 2734 return (error); 2735 } 2736 |
2737 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 2737 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
2738 error = mac_externalize_ifnet_label(&ifnet->if_label, elements, | 2738 error = mac_externalize_ifnet_label(&ifnet->if_label, elements, |
2739 buffer, mac.m_buflen, M_WAITOK); | 2739 buffer, mac.m_buflen, 0); |
2740 if (error == 0) 2741 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 2742 2743 free(buffer, M_MACTEMP); 2744 free(elements, M_MACTEMP); 2745 2746 return (error); 2747} --- 10 unchanged lines hidden (view full) --- 2758 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); 2759 if (error) 2760 return (error); 2761 2762 error = mac_check_structmac_consistent(&mac); 2763 if (error) 2764 return (error); 2765 | 2740 if (error == 0) 2741 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 2742 2743 free(buffer, M_MACTEMP); 2744 free(elements, M_MACTEMP); 2745 2746 return (error); 2747} --- 10 unchanged lines hidden (view full) --- 2758 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac)); 2759 if (error) 2760 return (error); 2761 2762 error = mac_check_structmac_consistent(&mac); 2763 if (error) 2764 return (error); 2765 |
2766 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 2766 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
2767 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 2768 if (error) { 2769 free(buffer, M_MACTEMP); 2770 return (error); 2771 } 2772 2773 mac_init_ifnet_label(&intlabel); 2774 error = mac_internalize_ifnet_label(&intlabel, buffer); --- 59 unchanged lines hidden (view full) --- 2834 struct label intlabel; 2835 char *buffer; 2836 int error; 2837 2838 error = mac_check_structmac_consistent(mac); 2839 if (error) 2840 return (error); 2841 | 2767 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 2768 if (error) { 2769 free(buffer, M_MACTEMP); 2770 return (error); 2771 } 2772 2773 mac_init_ifnet_label(&intlabel); 2774 error = mac_internalize_ifnet_label(&intlabel, buffer); --- 59 unchanged lines hidden (view full) --- 2834 struct label intlabel; 2835 char *buffer; 2836 int error; 2837 2838 error = mac_check_structmac_consistent(mac); 2839 if (error) 2840 return (error); 2841 |
2842 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); | 2842 buffer = malloc(mac->m_buflen, M_MACTEMP, 0); |
2843 error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); 2844 if (error) { 2845 free(buffer, M_MACTEMP); 2846 return (error); 2847 } 2848 | 2843 error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); 2844 if (error) { 2845 free(buffer, M_MACTEMP); 2846 return (error); 2847 } 2848 |
2849 mac_init_socket_label(&intlabel, M_WAITOK); | 2849 mac_init_socket_label(&intlabel, 0); |
2850 error = mac_internalize_socket_label(&intlabel, buffer); 2851 free(buffer, M_MACTEMP); 2852 if (error) { 2853 mac_destroy_socket_label(&intlabel); 2854 return (error); 2855 } 2856 2857 mac_check_socket_relabel(cred, so, &intlabel); --- 30 unchanged lines hidden (view full) --- 2888{ 2889 char *buffer, *elements; 2890 int error; 2891 2892 error = mac_check_structmac_consistent(mac); 2893 if (error) 2894 return (error); 2895 | 2850 error = mac_internalize_socket_label(&intlabel, buffer); 2851 free(buffer, M_MACTEMP); 2852 if (error) { 2853 mac_destroy_socket_label(&intlabel); 2854 return (error); 2855 } 2856 2857 mac_check_socket_relabel(cred, so, &intlabel); --- 30 unchanged lines hidden (view full) --- 2888{ 2889 char *buffer, *elements; 2890 int error; 2891 2892 error = mac_check_structmac_consistent(mac); 2893 if (error) 2894 return (error); 2895 |
2896 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); | 2896 elements = malloc(mac->m_buflen, M_MACTEMP, 0); |
2897 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL); 2898 if (error) { 2899 free(elements, M_MACTEMP); 2900 return (error); 2901 } 2902 | 2897 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL); 2898 if (error) { 2899 free(elements, M_MACTEMP); 2900 return (error); 2901 } 2902 |
2903 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 2903 buffer = malloc(mac->m_buflen, M_MACTEMP, M_ZERO); |
2904 error = mac_externalize_socket_label(&so->so_label, elements, | 2904 error = mac_externalize_socket_label(&so->so_label, elements, |
2905 buffer, mac->m_buflen, M_WAITOK); | 2905 buffer, mac->m_buflen, 0); |
2906 if (error == 0) 2907 error = copyout(buffer, mac->m_string, strlen(buffer)+1); 2908 2909 free(buffer, M_MACTEMP); 2910 free(elements, M_MACTEMP); 2911 2912 return (error); 2913} --- 4 unchanged lines hidden (view full) --- 2918{ 2919 char *elements, *buffer; 2920 int error; 2921 2922 error = mac_check_structmac_consistent(mac); 2923 if (error) 2924 return (error); 2925 | 2906 if (error == 0) 2907 error = copyout(buffer, mac->m_string, strlen(buffer)+1); 2908 2909 free(buffer, M_MACTEMP); 2910 free(elements, M_MACTEMP); 2911 2912 return (error); 2913} --- 4 unchanged lines hidden (view full) --- 2918{ 2919 char *elements, *buffer; 2920 int error; 2921 2922 error = mac_check_structmac_consistent(mac); 2923 if (error) 2924 return (error); 2925 |
2926 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); | 2926 elements = malloc(mac->m_buflen, M_MACTEMP, 0); |
2927 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL); 2928 if (error) { 2929 free(elements, M_MACTEMP); 2930 return (error); 2931 } 2932 | 2927 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL); 2928 if (error) { 2929 free(elements, M_MACTEMP); 2930 return (error); 2931 } 2932 |
2933 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 2933 buffer = malloc(mac->m_buflen, M_MACTEMP, M_ZERO); |
2934 error = mac_externalize_socket_peer_label(&so->so_peerlabel, | 2934 error = mac_externalize_socket_peer_label(&so->so_peerlabel, |
2935 elements, buffer, mac->m_buflen, M_WAITOK); | 2935 elements, buffer, mac->m_buflen, 0); |
2936 if (error == 0) 2937 error = copyout(buffer, mac->m_string, strlen(buffer)+1); 2938 2939 free(buffer, M_MACTEMP); 2940 free(elements, M_MACTEMP); 2941 2942 return (error); 2943} --- 91 unchanged lines hidden (view full) --- 3035 tcred = NULL; /* Satisfy gcc. */ 3036 error = p_cansee(td, tproc); 3037 if (error == 0) 3038 tcred = crhold(tproc->p_ucred); 3039 PROC_UNLOCK(tproc); 3040 if (error) 3041 return (error); 3042 | 2936 if (error == 0) 2937 error = copyout(buffer, mac->m_string, strlen(buffer)+1); 2938 2939 free(buffer, M_MACTEMP); 2940 free(elements, M_MACTEMP); 2941 2942 return (error); 2943} --- 91 unchanged lines hidden (view full) --- 3035 tcred = NULL; /* Satisfy gcc. */ 3036 error = p_cansee(td, tproc); 3037 if (error == 0) 3038 tcred = crhold(tproc->p_ucred); 3039 PROC_UNLOCK(tproc); 3040 if (error) 3041 return (error); 3042 |
3043 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3043 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
3044 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3045 if (error) { 3046 free(elements, M_MACTEMP); 3047 crfree(tcred); 3048 return (error); 3049 } 3050 | 3044 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3045 if (error) { 3046 free(elements, M_MACTEMP); 3047 crfree(tcred); 3048 return (error); 3049 } 3050 |
3051 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 3051 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
3052 error = mac_externalize_cred_label(&tcred->cr_label, elements, | 3052 error = mac_externalize_cred_label(&tcred->cr_label, elements, |
3053 buffer, mac.m_buflen, M_WAITOK); | 3053 buffer, mac.m_buflen, 0); |
3054 if (error == 0) 3055 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3056 3057 free(buffer, M_MACTEMP); 3058 free(elements, M_MACTEMP); 3059 crfree(tcred); 3060 return (error); 3061} --- 11 unchanged lines hidden (view full) --- 3073 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3074 if (error) 3075 return (error); 3076 3077 error = mac_check_structmac_consistent(&mac); 3078 if (error) 3079 return (error); 3080 | 3054 if (error == 0) 3055 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3056 3057 free(buffer, M_MACTEMP); 3058 free(elements, M_MACTEMP); 3059 crfree(tcred); 3060 return (error); 3061} --- 11 unchanged lines hidden (view full) --- 3073 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3074 if (error) 3075 return (error); 3076 3077 error = mac_check_structmac_consistent(&mac); 3078 if (error) 3079 return (error); 3080 |
3081 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3081 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
3082 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3083 if (error) { 3084 free(elements, M_MACTEMP); 3085 return (error); 3086 } 3087 | 3082 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3083 if (error) { 3084 free(elements, M_MACTEMP); 3085 return (error); 3086 } 3087 |
3088 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 3088 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
3089 error = mac_externalize_cred_label(&td->td_ucred->cr_label, | 3089 error = mac_externalize_cred_label(&td->td_ucred->cr_label, |
3090 elements, buffer, mac.m_buflen, M_WAITOK); | 3090 elements, buffer, mac.m_buflen, 0); |
3091 if (error == 0) 3092 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3093 3094 free(buffer, M_MACTEMP); 3095 free(elements, M_MACTEMP); 3096 return (error); 3097} 3098 --- 13 unchanged lines hidden (view full) --- 3112 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3113 if (error) 3114 return (error); 3115 3116 error = mac_check_structmac_consistent(&mac); 3117 if (error) 3118 return (error); 3119 | 3091 if (error == 0) 3092 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3093 3094 free(buffer, M_MACTEMP); 3095 free(elements, M_MACTEMP); 3096 return (error); 3097} 3098 --- 13 unchanged lines hidden (view full) --- 3112 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3113 if (error) 3114 return (error); 3115 3116 error = mac_check_structmac_consistent(&mac); 3117 if (error) 3118 return (error); 3119 |
3120 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3120 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
3121 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3122 if (error) { 3123 free(buffer, M_MACTEMP); 3124 return (error); 3125 } 3126 3127 mac_init_cred_label(&intlabel); 3128 error = mac_internalize_cred_label(&intlabel, buffer); --- 60 unchanged lines hidden (view full) --- 3189 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3190 if (error) 3191 return (error); 3192 3193 error = mac_check_structmac_consistent(&mac); 3194 if (error) 3195 return (error); 3196 | 3121 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3122 if (error) { 3123 free(buffer, M_MACTEMP); 3124 return (error); 3125 } 3126 3127 mac_init_cred_label(&intlabel); 3128 error = mac_internalize_cred_label(&intlabel, buffer); --- 60 unchanged lines hidden (view full) --- 3189 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3190 if (error) 3191 return (error); 3192 3193 error = mac_check_structmac_consistent(&mac); 3194 if (error) 3195 return (error); 3196 |
3197 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3197 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
3198 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3199 if (error) { 3200 free(elements, M_MACTEMP); 3201 return (error); 3202 } 3203 | 3198 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3199 if (error) { 3200 free(elements, M_MACTEMP); 3201 return (error); 3202 } 3203 |
3204 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 3204 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
3205 mtx_lock(&Giant); /* VFS */ 3206 error = fget(td, uap->fd, &fp); 3207 if (error) 3208 goto out; 3209 3210 label_type = fp->f_type; 3211 switch (fp->f_type) { 3212 case DTYPE_FIFO: --- 23 unchanged lines hidden (view full) --- 3236 } 3237 fdrop(fp, td); 3238 3239 switch (label_type) { 3240 case DTYPE_FIFO: 3241 case DTYPE_VNODE: 3242 if (error == 0) 3243 error = mac_externalize_vnode_label(&intlabel, | 3205 mtx_lock(&Giant); /* VFS */ 3206 error = fget(td, uap->fd, &fp); 3207 if (error) 3208 goto out; 3209 3210 label_type = fp->f_type; 3211 switch (fp->f_type) { 3212 case DTYPE_FIFO: --- 23 unchanged lines hidden (view full) --- 3236 } 3237 fdrop(fp, td); 3238 3239 switch (label_type) { 3240 case DTYPE_FIFO: 3241 case DTYPE_VNODE: 3242 if (error == 0) 3243 error = mac_externalize_vnode_label(&intlabel, |
3244 elements, buffer, mac.m_buflen, M_WAITOK); | 3244 elements, buffer, mac.m_buflen, 0); |
3245 mac_destroy_vnode_label(&intlabel); 3246 break; 3247 case DTYPE_PIPE: 3248 error = mac_externalize_pipe_label(&intlabel, elements, | 3245 mac_destroy_vnode_label(&intlabel); 3246 break; 3247 case DTYPE_PIPE: 3248 error = mac_externalize_pipe_label(&intlabel, elements, |
3249 buffer, mac.m_buflen, M_WAITOK); | 3249 buffer, mac.m_buflen, 0); |
3250 mac_destroy_pipe_label(&intlabel); 3251 break; 3252 default: 3253 panic("__mac_get_fd: corrupted label_type"); 3254 } 3255 3256 if (error == 0) 3257 error = copyout(buffer, mac.m_string, strlen(buffer)+1); --- 21 unchanged lines hidden (view full) --- 3279 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3280 if (error) 3281 return (error); 3282 3283 error = mac_check_structmac_consistent(&mac); 3284 if (error) 3285 return (error); 3286 | 3250 mac_destroy_pipe_label(&intlabel); 3251 break; 3252 default: 3253 panic("__mac_get_fd: corrupted label_type"); 3254 } 3255 3256 if (error == 0) 3257 error = copyout(buffer, mac.m_string, strlen(buffer)+1); --- 21 unchanged lines hidden (view full) --- 3279 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3280 if (error) 3281 return (error); 3282 3283 error = mac_check_structmac_consistent(&mac); 3284 if (error) 3285 return (error); 3286 |
3287 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3287 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
3288 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3289 if (error) { 3290 free(elements, M_MACTEMP); 3291 return (error); 3292 } 3293 | 3288 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3289 if (error) { 3290 free(elements, M_MACTEMP); 3291 return (error); 3292 } 3293 |
3294 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 3294 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
3295 mtx_lock(&Giant); /* VFS */ 3296 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p, 3297 td); 3298 error = namei(&nd); 3299 if (error) 3300 goto out; 3301 3302 mac_init_vnode_label(&intlabel); 3303 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); 3304 error = mac_externalize_vnode_label(&intlabel, elements, buffer, | 3295 mtx_lock(&Giant); /* VFS */ 3296 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p, 3297 td); 3298 error = namei(&nd); 3299 if (error) 3300 goto out; 3301 3302 mac_init_vnode_label(&intlabel); 3303 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); 3304 error = mac_externalize_vnode_label(&intlabel, elements, buffer, |
3305 mac.m_buflen, M_WAITOK); | 3305 mac.m_buflen, 0); |
3306 3307 NDFREE(&nd, 0); 3308 mac_destroy_vnode_label(&intlabel); 3309 3310 if (error == 0) 3311 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3312 3313out: --- 20 unchanged lines hidden (view full) --- 3334 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3335 if (error) 3336 return (error); 3337 3338 error = mac_check_structmac_consistent(&mac); 3339 if (error) 3340 return (error); 3341 | 3306 3307 NDFREE(&nd, 0); 3308 mac_destroy_vnode_label(&intlabel); 3309 3310 if (error == 0) 3311 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3312 3313out: --- 20 unchanged lines hidden (view full) --- 3334 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3335 if (error) 3336 return (error); 3337 3338 error = mac_check_structmac_consistent(&mac); 3339 if (error) 3340 return (error); 3341 |
3342 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3342 elements = malloc(mac.m_buflen, M_MACTEMP, 0); |
3343 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3344 if (error) { 3345 free(elements, M_MACTEMP); 3346 return (error); 3347 } 3348 | 3343 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 3344 if (error) { 3345 free(elements, M_MACTEMP); 3346 return (error); 3347 } 3348 |
3349 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); | 3349 buffer = malloc(mac.m_buflen, M_MACTEMP, M_ZERO); |
3350 mtx_lock(&Giant); /* VFS */ 3351 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p, 3352 td); 3353 error = namei(&nd); 3354 if (error) 3355 goto out; 3356 3357 mac_init_vnode_label(&intlabel); 3358 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); 3359 error = mac_externalize_vnode_label(&intlabel, elements, buffer, | 3350 mtx_lock(&Giant); /* VFS */ 3351 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p, 3352 td); 3353 error = namei(&nd); 3354 if (error) 3355 goto out; 3356 3357 mac_init_vnode_label(&intlabel); 3358 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel); 3359 error = mac_externalize_vnode_label(&intlabel, elements, buffer, |
3360 mac.m_buflen, M_WAITOK); | 3360 mac.m_buflen, 0); |
3361 NDFREE(&nd, 0); 3362 mac_destroy_vnode_label(&intlabel); 3363 3364 if (error == 0) 3365 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3366 3367out: 3368 mtx_unlock(&Giant); /* VFS */ --- 22 unchanged lines hidden (view full) --- 3391 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3392 if (error) 3393 return (error); 3394 3395 error = mac_check_structmac_consistent(&mac); 3396 if (error) 3397 return (error); 3398 | 3361 NDFREE(&nd, 0); 3362 mac_destroy_vnode_label(&intlabel); 3363 3364 if (error == 0) 3365 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 3366 3367out: 3368 mtx_unlock(&Giant); /* VFS */ --- 22 unchanged lines hidden (view full) --- 3391 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3392 if (error) 3393 return (error); 3394 3395 error = mac_check_structmac_consistent(&mac); 3396 if (error) 3397 return (error); 3398 |
3399 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3399 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
3400 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3401 if (error) { 3402 free(buffer, M_MACTEMP); 3403 return (error); 3404 } 3405 3406 mtx_lock(&Giant); /* VFS */ 3407 --- 69 unchanged lines hidden (view full) --- 3477 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3478 if (error) 3479 return (error); 3480 3481 error = mac_check_structmac_consistent(&mac); 3482 if (error) 3483 return (error); 3484 | 3400 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3401 if (error) { 3402 free(buffer, M_MACTEMP); 3403 return (error); 3404 } 3405 3406 mtx_lock(&Giant); /* VFS */ 3407 --- 69 unchanged lines hidden (view full) --- 3477 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3478 if (error) 3479 return (error); 3480 3481 error = mac_check_structmac_consistent(&mac); 3482 if (error) 3483 return (error); 3484 |
3485 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3485 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
3486 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3487 if (error) { 3488 free(buffer, M_MACTEMP); 3489 return (error); 3490 } 3491 3492 mac_init_vnode_label(&intlabel); 3493 error = mac_internalize_vnode_label(&intlabel, buffer); --- 39 unchanged lines hidden (view full) --- 3533 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3534 if (error) 3535 return (error); 3536 3537 error = mac_check_structmac_consistent(&mac); 3538 if (error) 3539 return (error); 3540 | 3486 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3487 if (error) { 3488 free(buffer, M_MACTEMP); 3489 return (error); 3490 } 3491 3492 mac_init_vnode_label(&intlabel); 3493 error = mac_internalize_vnode_label(&intlabel, buffer); --- 39 unchanged lines hidden (view full) --- 3533 error = copyin(uap->mac_p, &mac, sizeof(mac)); 3534 if (error) 3535 return (error); 3536 3537 error = mac_check_structmac_consistent(&mac); 3538 if (error) 3539 return (error); 3540 |
3541 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); | 3541 buffer = malloc(mac.m_buflen, M_MACTEMP, 0); |
3542 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3543 if (error) { 3544 free(buffer, M_MACTEMP); 3545 return (error); 3546 } 3547 3548 mac_init_vnode_label(&intlabel); 3549 error = mac_internalize_vnode_label(&intlabel, buffer); --- 132 unchanged lines hidden --- | 3542 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 3543 if (error) { 3544 free(buffer, M_MACTEMP); 3545 return (error); 3546 } 3547 3548 mac_init_vnode_label(&intlabel); 3549 error = mac_internalize_vnode_label(&intlabel, buffer); --- 132 unchanged lines hidden --- |