mac_lomac.c (184407) | mac_lomac.c (184412) |
---|---|
1/*- 2 * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
38 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 184407 2008-10-28 11:33:06Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 184412 2008-10-28 12:49:07Z rwatson $ |
39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Low-watermark floating label mandatory integrity policy. 45 */ 46 --- 2173 unchanged lines hidden (view full) --- 2220 int dodrop; 2221 2222 mtx_lock(&subj->mtx); 2223 if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { 2224 dodrop = 0; 2225 mtx_unlock(&subj->mtx); 2226 newcred = crget(); 2227 /* | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Low-watermark floating label mandatory integrity policy. 45 */ 46 --- 2173 unchanged lines hidden (view full) --- 2220 int dodrop; 2221 2222 mtx_lock(&subj->mtx); 2223 if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { 2224 dodrop = 0; 2225 mtx_unlock(&subj->mtx); 2226 newcred = crget(); 2227 /* |
2228 * Prevent a lock order reversal in 2229 * mac_cred_mmapped_drop_perms; ideally, the other user of 2230 * subj->mtx wouldn't be holding Giant. | 2228 * Prevent a lock order reversal in mac_proc_vm_revoke; 2229 * ideally, the other user of subj->mtx wouldn't be holding 2230 * Giant. |
2231 */ 2232 mtx_lock(&Giant); 2233 PROC_LOCK(p); 2234 mtx_lock(&subj->mtx); 2235 /* 2236 * Check if we lost the race while allocating the cred. 2237 */ 2238 if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { --- 6 unchanged lines hidden (view full) --- 2245 lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); 2246 p->p_ucred = newcred; 2247 crfree(oldcred); 2248 dodrop = 1; 2249 out: 2250 mtx_unlock(&subj->mtx); 2251 PROC_UNLOCK(p); 2252 if (dodrop) | 2231 */ 2232 mtx_lock(&Giant); 2233 PROC_LOCK(p); 2234 mtx_lock(&subj->mtx); 2235 /* 2236 * Check if we lost the race while allocating the cred. 2237 */ 2238 if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { --- 6 unchanged lines hidden (view full) --- 2245 lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); 2246 p->p_ucred = newcred; 2247 crfree(oldcred); 2248 dodrop = 1; 2249 out: 2250 mtx_unlock(&subj->mtx); 2251 PROC_UNLOCK(p); 2252 if (dodrop) |
2253 mac_cred_mmapped_drop_perms(curthread, newcred); | 2253 mac_proc_vm_revoke(curthread); |
2254 mtx_unlock(&Giant); 2255 } else { 2256 mtx_unlock(&subj->mtx); 2257 } 2258} 2259 2260static int 2261lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, --- 815 unchanged lines hidden --- | 2254 mtx_unlock(&Giant); 2255 } else { 2256 mtx_unlock(&subj->mtx); 2257 } 2258} 2259 2260static int 2261lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, --- 815 unchanged lines hidden --- |