From eea8ea3108e14d0141e405192e1260813f90ae5a Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sat, 5 Oct 2002 18:56:25 +0000 Subject: [PATCH] Implement mac_create_devfs_symlink() for policies that interact with vnode labels. Sync from MAC tree. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_biba/mac_biba.c | 14 ++++++++++++++ sys/security/mac_mls/mac_mls.c | 14 ++++++++++++++ sys/security/mac_none/mac_none.c | 9 +++++++++ sys/security/mac_stub/mac_stub.c | 9 +++++++++ sys/security/mac_test/mac_test.c | 9 +++++++++ 5 files changed, 55 insertions(+) diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index eb1345fdc8e8..53d492d376d8 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -476,6 +476,18 @@ mac_biba_create_devfs_directory(char *dirname, int dirnamelen, mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); } +static void +mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(delabel); + + mac_biba_copy_single(source, dest); +} + static void mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) @@ -1983,6 +1995,8 @@ static struct mac_policy_op_entry mac_biba_ops[] = (macop_t)mac_biba_create_devfs_device }, { MAC_CREATE_DEVFS_DIRECTORY, (macop_t)mac_biba_create_devfs_directory }, + { MAC_CREATE_DEVFS_SYMLINK, + (macop_t)mac_biba_create_devfs_symlink }, { MAC_CREATE_DEVFS_VNODE, (macop_t)mac_biba_create_devfs_vnode }, { MAC_CREATE_VNODE, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 4adc3f5e9f8f..57aacd37ce85 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -468,6 +468,18 @@ mac_mls_create_devfs_directory(char *dirname, int dirnamelen, mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0); } +static void +mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(delabel); + + mac_mls_copy_single(source, dest); +} + static void mac_mls_create_devfs_vnode(struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) @@ -1945,6 +1957,8 @@ static struct mac_policy_op_entry mac_mls_ops[] = (macop_t)mac_mls_create_devfs_device }, { MAC_CREATE_DEVFS_DIRECTORY, (macop_t)mac_mls_create_devfs_directory }, + { MAC_CREATE_DEVFS_SYMLINK, + (macop_t)mac_mls_create_devfs_symlink }, { MAC_CREATE_DEVFS_VNODE, (macop_t)mac_mls_create_devfs_vnode }, { MAC_CREATE_VNODE, diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index 4bda24ebab31..3029e03c5217 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -152,6 +152,13 @@ mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, } +static void +mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +{ + +} + static void mac_none_create_devfs_directory(char *dirname, int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) @@ -892,6 +899,8 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_create_devfs_device }, { MAC_CREATE_DEVFS_DIRECTORY, (macop_t)mac_none_create_devfs_directory }, + { MAC_CREATE_DEVFS_SYMLINK, + (macop_t)mac_none_create_devfs_symlink }, { MAC_CREATE_DEVFS_VNODE, (macop_t)mac_none_create_devfs_vnode }, { MAC_CREATE_VNODE, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 4bda24ebab31..3029e03c5217 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -152,6 +152,13 @@ mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, } +static void +mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +{ + +} + static void mac_none_create_devfs_directory(char *dirname, int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) @@ -892,6 +899,8 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_create_devfs_device }, { MAC_CREATE_DEVFS_DIRECTORY, (macop_t)mac_none_create_devfs_directory }, + { MAC_CREATE_DEVFS_SYMLINK, + (macop_t)mac_none_create_devfs_symlink }, { MAC_CREATE_DEVFS_VNODE, (macop_t)mac_none_create_devfs_vnode }, { MAC_CREATE_VNODE, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index bff758a3a1f9..6727aa7c11a2 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -535,6 +535,13 @@ mac_test_create_devfs_directory(char *dirname, int dirnamelen, } +static void +mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +{ + +} + static void mac_test_create_devfs_vnode(struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) @@ -1268,6 +1275,8 @@ static struct mac_policy_op_entry mac_test_ops[] = (macop_t)mac_test_create_devfs_device }, { MAC_CREATE_DEVFS_DIRECTORY, (macop_t)mac_test_create_devfs_directory }, + { MAC_CREATE_DEVFS_SYMLINK, + (macop_t)mac_test_create_devfs_symlink }, { MAC_CREATE_DEVFS_VNODE, (macop_t)mac_test_create_devfs_vnode }, { MAC_CREATE_VNODE,