While 'mode_t' seemed like a good idea for the access mode argument for
MAC access() and open() checks, the argument actually has an int type where it becomes available. Switch to using 'int' for the mode argument throughout the MAC Framework and policy modules. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
47a6766105
commit
b914de36c0
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=106212
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -256,7 +256,7 @@ int mac_check_system_sysctl(struct ucred *cred, int *name,
|
||||
u_int namelen, void *old, size_t *oldlenp, int inkernel,
|
||||
void *new, size_t newlen);
|
||||
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
int flags);
|
||||
int acc_mode);
|
||||
int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
@ -279,7 +279,7 @@ int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
int prot);
|
||||
int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
mode_t acc_mode);
|
||||
int acc_mode);
|
||||
int mac_check_vnode_poll(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
int mac_check_vnode_read(struct ucred *active_cred,
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -317,7 +317,7 @@ struct mac_policy_ops {
|
||||
u_int namelen, void *old, size_t *oldlenp, int inkernel,
|
||||
void *new, size_t newlen);
|
||||
int (*mpo_check_vnode_access)(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int flags);
|
||||
struct vnode *vp, struct label *label, int acc_mode);
|
||||
int (*mpo_check_vnode_chdir)(struct ucred *cred,
|
||||
struct vnode *dvp, struct label *dlabel);
|
||||
int (*mpo_check_vnode_chroot)(struct ucred *cred,
|
||||
@ -350,7 +350,7 @@ struct mac_policy_ops {
|
||||
int (*mpo_check_vnode_mprotect)(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int prot);
|
||||
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t acc_mode);
|
||||
struct label *label, int acc_mode);
|
||||
int (*mpo_check_vnode_poll)(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp,
|
||||
struct label *label);
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
|
||||
if (!mac_enforce_fs)
|
||||
return (0);
|
||||
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
|
||||
MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
|
||||
return (error);
|
||||
}
|
||||
|
||||
@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
|
||||
}
|
||||
|
||||
int
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
|
||||
mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
{
|
||||
int error;
|
||||
|
||||
|
||||
@ -2147,7 +2147,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, mode_t acc_mode)
|
||||
struct label *vnodelabel, int acc_mode)
|
||||
{
|
||||
struct mac_biba *subj, *obj;
|
||||
|
||||
|
||||
@ -204,7 +204,7 @@ mac_bsdextended_destroy(struct mac_policy_conf *mpc)
|
||||
|
||||
static int
|
||||
mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule,
|
||||
struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode)
|
||||
struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode)
|
||||
{
|
||||
int match;
|
||||
|
||||
@ -274,7 +274,7 @@ mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
|
||||
mode_t acc_mode)
|
||||
int acc_mode)
|
||||
{
|
||||
int error, i;
|
||||
|
||||
@ -293,7 +293,7 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t flags)
|
||||
struct label *label, int acc_mode)
|
||||
{
|
||||
struct vattr vap;
|
||||
int error;
|
||||
@ -304,7 +304,7 @@ mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
error = VOP_GETATTR(vp, &vap, cred, curthread);
|
||||
if (error)
|
||||
return (error);
|
||||
return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags));
|
||||
return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode));
|
||||
}
|
||||
|
||||
static int
|
||||
@ -489,7 +489,7 @@ mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, mode_t acc_mode)
|
||||
struct label *filelabel, int acc_mode)
|
||||
{
|
||||
struct vattr vap;
|
||||
int error;
|
||||
|
||||
@ -2010,7 +2010,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, mode_t acc_mode)
|
||||
struct label *vnodelabel, int acc_mode)
|
||||
{
|
||||
struct mac_mls *subj, *obj;
|
||||
|
||||
|
||||
@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
|
||||
|
||||
static int
|
||||
mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t flags)
|
||||
struct label *label, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, mode_t acc_mode)
|
||||
struct label *filelabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
|
||||
@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
|
||||
|
||||
static int
|
||||
mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t flags)
|
||||
struct label *label, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, mode_t acc_mode)
|
||||
struct label *filelabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
|
||||
@ -968,7 +968,7 @@ mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
|
||||
|
||||
static int
|
||||
mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t flags)
|
||||
struct label *label, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1074,7 +1074,7 @@ mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, mode_t acc_mode)
|
||||
struct label *filelabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
|
||||
@ -256,7 +256,7 @@ int mac_check_system_sysctl(struct ucred *cred, int *name,
|
||||
u_int namelen, void *old, size_t *oldlenp, int inkernel,
|
||||
void *new, size_t newlen);
|
||||
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
int flags);
|
||||
int acc_mode);
|
||||
int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
|
||||
int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
@ -279,7 +279,7 @@ int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
int prot);
|
||||
int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
mode_t acc_mode);
|
||||
int acc_mode);
|
||||
int mac_check_vnode_poll(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
int mac_check_vnode_read(struct ucred *active_cred,
|
||||
|
||||
@ -317,7 +317,7 @@ struct mac_policy_ops {
|
||||
u_int namelen, void *old, size_t *oldlenp, int inkernel,
|
||||
void *new, size_t newlen);
|
||||
int (*mpo_check_vnode_access)(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int flags);
|
||||
struct vnode *vp, struct label *label, int acc_mode);
|
||||
int (*mpo_check_vnode_chdir)(struct ucred *cred,
|
||||
struct vnode *dvp, struct label *dlabel);
|
||||
int (*mpo_check_vnode_chroot)(struct ucred *cred,
|
||||
@ -350,7 +350,7 @@ struct mac_policy_ops {
|
||||
int (*mpo_check_vnode_mprotect)(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int prot);
|
||||
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t acc_mode);
|
||||
struct label *label, int acc_mode);
|
||||
int (*mpo_check_vnode_poll)(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp,
|
||||
struct label *label);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user