Implement mac_create_devfs_symlink() for policies that interact with

vnode labels. Sync from MAC tree. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
svn path=/head/; revision=104535
2002-10-05 18:56:25 +00:00 · 2002-10-05 18:56:25 +00:00 · eea8ea3108 · 2020-12-20 02:59:44 +00:00
commit eea8ea3108
parent 5f79a2e33a
5 changed files with 55 additions and 0 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -476,6 +476,18 @@ mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
 	mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
 }

+static void
+mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+{
+	struct mac_biba *source, *dest;
+
+	source = SLOT(&cred->cr_label);
+	dest = SLOT(delabel);
+
+	mac_biba_copy_single(source, dest);
+}
+
 static void
 mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
@ -1983,6 +1995,8 @@ static struct mac_policy_op_entry mac_biba_ops[] =
 	    (macop_t)mac_biba_create_devfs_device },
 	{ MAC_CREATE_DEVFS_DIRECTORY,
 	    (macop_t)mac_biba_create_devfs_directory },
+	{ MAC_CREATE_DEVFS_SYMLINK,
+	    (macop_t)mac_biba_create_devfs_symlink },
 	{ MAC_CREATE_DEVFS_VNODE,
 	    (macop_t)mac_biba_create_devfs_vnode },
 	{ MAC_CREATE_VNODE,
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -468,6 +468,18 @@ mac_mls_create_devfs_directory(char *dirname, int dirnamelen,
 	mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0);
 }

+static void
+mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(&cred->cr_label);
+	dest = SLOT(delabel);
+
+	mac_mls_copy_single(source, dest);
+}
+
 static void
 mac_mls_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
@ -1945,6 +1957,8 @@ static struct mac_policy_op_entry mac_mls_ops[] =
 	    (macop_t)mac_mls_create_devfs_device },
 	{ MAC_CREATE_DEVFS_DIRECTORY,
 	    (macop_t)mac_mls_create_devfs_directory },
+	{ MAC_CREATE_DEVFS_SYMLINK,
+	    (macop_t)mac_mls_create_devfs_symlink },
 	{ MAC_CREATE_DEVFS_VNODE,
 	    (macop_t)mac_mls_create_devfs_vnode },
 	{ MAC_CREATE_VNODE,
--- a/sys/security/mac_none/mac_none.c
+++ b/sys/security/mac_none/mac_none.c
@ -152,6 +152,13 @@ mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,

 }

+static void
+mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+{
+
+}
+
 static void
 mac_none_create_devfs_directory(char *dirname, int dirnamelen,
    struct devfs_dirent *devfs_dirent, struct label *label)
@ -892,6 +899,8 @@ static struct mac_policy_op_entry mac_none_ops[] =
 	    (macop_t)mac_none_create_devfs_device },
 	{ MAC_CREATE_DEVFS_DIRECTORY,
 	    (macop_t)mac_none_create_devfs_directory },
+	{ MAC_CREATE_DEVFS_SYMLINK,
+	    (macop_t)mac_none_create_devfs_symlink },
 	{ MAC_CREATE_DEVFS_VNODE,
 	    (macop_t)mac_none_create_devfs_vnode },
 	{ MAC_CREATE_VNODE,
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@ -152,6 +152,13 @@ mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,

 }

+static void
+mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+{
+
+}
+
 static void
 mac_none_create_devfs_directory(char *dirname, int dirnamelen,
    struct devfs_dirent *devfs_dirent, struct label *label)
@ -892,6 +899,8 @@ static struct mac_policy_op_entry mac_none_ops[] =
 	    (macop_t)mac_none_create_devfs_device },
 	{ MAC_CREATE_DEVFS_DIRECTORY,
 	    (macop_t)mac_none_create_devfs_directory },
+	{ MAC_CREATE_DEVFS_SYMLINK,
+	    (macop_t)mac_none_create_devfs_symlink },
 	{ MAC_CREATE_DEVFS_VNODE,
 	    (macop_t)mac_none_create_devfs_vnode },
 	{ MAC_CREATE_VNODE,
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@ -535,6 +535,13 @@ mac_test_create_devfs_directory(char *dirname, int dirnamelen,

 }

+static void
+mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+{
+
+}
+
 static void
 mac_test_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
@ -1268,6 +1275,8 @@ static struct mac_policy_op_entry mac_test_ops[] =
 	    (macop_t)mac_test_create_devfs_device },
 	{ MAC_CREATE_DEVFS_DIRECTORY,
 	    (macop_t)mac_test_create_devfs_directory },
+	{ MAC_CREATE_DEVFS_SYMLINK,
+	    (macop_t)mac_test_create_devfs_symlink },
 	{ MAC_CREATE_DEVFS_VNODE,
 	    (macop_t)mac_test_create_devfs_vnode },
 	{ MAC_CREATE_VNODE,