1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
freebsd/sys/kern
Robert Watson 9ca435893b In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
..
bus_if.m Add bus_child_present and the child_present method to bus_if.m 2002-07-21 03:28:43 +00:00
clock_if.m
device_if.m
genassym.sh
imgact_aout.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
imgact_elf32.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf64.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
imgact_elfN.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_gzip.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_shell.c
inflate.c
init_main.c Refresh the credential on the first initproc thread following divorcing 2002-08-07 17:53:31 +00:00
init_sysent.c Regen. 2002-08-06 15:16:55 +00:00
kern_acct.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
kern_acl.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
kern_clock.c
kern_condvar.c Remove code that removes thread from sleep queue before 2002-07-30 20:34:30 +00:00
kern_conf.c
kern_descrip.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
kern_environment.c
kern_event.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
kern_exec.c - Hold the vnode lock throughout execve. 2002-08-13 06:55:28 +00:00
kern_exit.c Revert previous revision which accidentally snuck in with another commit. 2002-08-01 13:44:33 +00:00
kern_fork.c Move code block added in 1.157 to a safer part of fork1(). 2002-08-07 11:31:45 +00:00
kern_idle.c Slight cleanup of some comments/whitespace. 2002-08-01 18:45:10 +00:00
kern_intr.c Slight cleanup of some comments/whitespace. 2002-08-01 18:45:10 +00:00
kern_jail.c The jail syscall calls chroot, which is not mpsafe, so put back a 2002-07-01 20:46:01 +00:00
kern_kse.c Fix a comment. 2002-08-01 19:10:40 +00:00
kern_kthread.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
kern_ktr.c
kern_ktrace.c If we fail to write to a vnode during a ktrace write, then we drop all 2002-08-01 13:35:38 +00:00
kern_linker.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
kern_lock.c
kern_lockf.c Add a #include for <sys/mount.h> 2002-08-13 10:07:05 +00:00
kern_mac.c Rename mac_check_socket_receive() to mac_check_socket_deliver() so that 2002-08-15 18:51:26 +00:00
kern_malloc.c
kern_mib.c
kern_module.c - Remove Giant acquisition from modevent(), modfnext(), modstat() and 2002-06-26 00:31:44 +00:00
kern_mtxpool.c
kern_mutex.c Disable optimization of spinlocks on UP kernels w/o debugging for now 2002-07-27 16:54:23 +00:00
kern_ntptime.c
kern_physio.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
kern_poll.c Temporarily disable polling when no processes are active, while I 2002-08-04 21:00:49 +00:00
kern_proc.c Fix typos; each file has at least one s/seperat/separat/ 2002-08-11 13:05:30 +00:00
kern_prot.c Include file cleanup; mac.h and malloc.h at one point had ordering 2002-08-01 17:47:56 +00:00
kern_resource.c Widen struct sockbuf's sb_timeo member to int from short. With 2002-07-24 03:02:43 +00:00
kern_sema.c
kern_shutdown.c Revert previous revision which was accidentally committed and has not been 2002-08-01 13:39:33 +00:00
kern_sig.c Do some work on keeping better track of stopped/continued state. 2002-08-08 06:18:41 +00:00
kern_subr.c o Convert a vm_page_sleep_busy() into a vm_page_sleep_if_busy() 2002-08-04 06:27:37 +00:00
kern_switch.c - Optimize wakeup() and its friends; if a thread waken up is being 2002-07-30 06:54:05 +00:00
kern_sx.c
kern_synch.c Slight cleanup of some comments/whitespace. 2002-08-01 18:45:10 +00:00
kern_syscalls.c
kern_sysctl.c Introduce a new sysctl flag, CTLFLAG_SKIP, which will cause 2002-08-10 19:56:45 +00:00
kern_tc.c Use a semicolon at the end of a function-like macro invocation. Kills 2002-07-15 13:13:04 +00:00
kern_thread.c Fix a comment. 2002-08-01 19:10:40 +00:00
kern_time.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
kern_timeout.c
kern_uuid.c Fix a minor whitespace style nit that broke 'grep ^uuidgen'. 2002-07-09 19:36:50 +00:00
kern_xxx.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
ksched.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
link_aout.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
link_elf_obj.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
link_elf.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
linker_if.m
Make.tags.inc
Makefile
makesyscalls.sh Introduce syscall.master option 'COMPAT4' which allows one to wrap 2002-07-12 06:38:34 +00:00
md4c.c
md5c.c Bring sys/kern/md5c.c in sync with the userland version. 2002-06-24 14:15:25 +00:00
p1003_1b.c
posix4_mib.c
subr_acl_posix1e.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
subr_autoconf.c
subr_blist.c
subr_bus.c Add bus_child_present and the child_present method to bus_if.m 2002-07-21 03:28:43 +00:00
subr_clist.c
subr_clock.c Use the CPU_* OID constants instead of OID_AUTO for the clock-related 2002-08-07 19:43:54 +00:00
subr_devstat.c
subr_disk.c
subr_disklabel.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_diskmbr.c
subr_diskslice.c Fix DIOCGMEDIASIZE and DIOCGSECTORSIZE ioctls to work for all 2002-07-23 14:30:27 +00:00
subr_eventhandler.c Wrap a line longer than 80 characters. 2002-07-19 17:44:44 +00:00
subr_hints.c
subr_kobj.c Convert hit and miss counters to unsigned values. Surely negative values 2002-06-10 22:40:26 +00:00
subr_log.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_mbuf.c Make m_flags an int instead of a short, this is consistent with the 2002-08-15 14:09:16 +00:00
subr_mchain.c Convert GNU-styled variadic macros to ISO(9x) style. 2002-07-15 13:15:31 +00:00
subr_module.c
subr_param.c
subr_pcpu.c
subr_power.c Use ISO 9X variadic macro format; arguments are not optional, just 2002-07-15 17:17:56 +00:00
subr_prf.c Make kern.log_console_output a tuneable aswell as a sysctl. 2002-08-11 18:47:42 +00:00
subr_prof.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_rman.c
subr_rtc.c Use the CPU_* OID constants instead of OID_AUTO for the clock-related 2002-08-07 19:43:54 +00:00
subr_sbuf.c
subr_scanf.c
subr_smp.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
subr_taskqueue.c If we fail to write to a vnode during a ktrace write, then we drop all 2002-08-01 13:35:38 +00:00
subr_trap.c Revert removal of cred_free_thread(): It is used to ensure that a thread's 2002-07-11 02:18:33 +00:00
subr_turnstile.c Disable optimization of spinlocks on UP kernels w/o debugging for now 2002-07-27 16:54:23 +00:00
subr_witness.c Silence compiler warnings when DDB is not defined. 2002-07-15 02:03:17 +00:00
subr_xxx.c
sys_generic.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
sys_pipe.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
sys_process.c Do preserve the error result from calling p_cansee() and use that when 2002-07-20 22:44:39 +00:00
sys_socket.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
syscalls.c Regen. 2002-08-06 15:16:55 +00:00
syscalls.master Rename mac_policy() to mac_syscall() to be more reflective of its 2002-08-06 15:15:53 +00:00
sysv_ipc.c
sysv_msg.c Make SYSVMSG mpsafe. Right now there is a global lock over the 2002-08-13 08:00:36 +00:00
sysv_sem.c Make SYSVSEM mpsafe. Each semaphore set gets its own lock, however 2002-08-13 08:47:17 +00:00
sysv_shm.c return foo -> return (foo) 2002-08-15 02:10:12 +00:00
tty_compat.c
tty_conf.c
tty_cons.c Remove new console devices with cnremove before initializing them in 2002-08-06 18:56:41 +00:00
tty_pty.c
tty_subr.c
tty_tty.c Enforce MAC policy in cttyread() as well as the other operations 2002-08-12 16:45:19 +00:00
tty.c Clear up confusion in ugly code. ^T gave wrong results for RSS. 2002-07-18 21:19:56 +00:00
uipc_accf.c
uipc_cow.c Moved sf_buf_alloc and sf_buf_free function declarations to sys/socketvar.h 2002-08-13 19:03:19 +00:00
uipc_domain.c
uipc_jumbo.c o Lock page queue accesses by vm_page_free(). 2002-07-21 19:06:46 +00:00
uipc_mbuf2.c
uipc_mbuf.c Include file cleanup; mac.h and malloc.h at one point had ordering 2002-08-01 17:47:56 +00:00
uipc_proto.c
uipc_sockbuf.c Include file cleanup; mac.h and malloc.h at one point had ordering 2002-08-01 17:47:56 +00:00
uipc_socket2.c Include file cleanup; mac.h and malloc.h at one point had ordering 2002-08-01 17:47:56 +00:00
uipc_socket.c Use the credential authorizing the socket creation operation to perform 2002-08-12 16:49:03 +00:00
uipc_syscalls.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
uipc_usrreq.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:18:42 +00:00
vfs_acl.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
vfs_aio.c o Make a correction to the last change: In aio_cancel(2) return AIO_ALLDONE 2002-08-11 19:04:17 +00:00
vfs_bio.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_cache.c - Move a VOP assert to the right place. 2002-08-05 08:55:53 +00:00
vfs_cluster.c o Lock page accesses by vm_page_io_start() with the page queues lock. 2002-07-31 07:27:08 +00:00
vfs_default.c Remember to unlock the (optional) vnode in vfs_stdextattrctl(). Failing 2002-08-13 11:11:51 +00:00
vfs_export.c Partial backout of 1.318, remove error handling added because it may be 2002-06-30 05:23:58 +00:00
vfs_extattr.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_init.c We don't need to check the return value of malloc() against 2002-06-22 21:44:11 +00:00
vfs_lookup.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_mount.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_subr.c - Extend the vnode_free_list_mtx to cover numvnodes and freevnodes. This 2002-08-13 05:29:48 +00:00
vfs_syscalls.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_vnops.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
vnode_if.src Begin committing support for Mandatory Access Control and extensible 2002-07-30 22:15:09 +00:00