freebsd-dev/sys/security
Robert Watson 1aa37f5392 Improve locking of pipe mutexes in the context of MAC:
(1) Where previously the pipe mutex was selectively grabbed during
    pipe_ioctl(), now always grab it and then release if if not
    needed.  This protects the call to mac_check_pipe_ioctl() to
    make sure the label remains consistent.  (Note: it looks
    like sigio locking may be incorrect for fgetown() since we
    call it not-by-reference and sigio locking assumes call by
    reference).

(2) In pipe_stat(), lock the pipe if MAC is compiled in so that
    the call to mac_check_pipe_stat() gets a locked pipe to
    protect label consistency.  We still release the lock before
    returning actual stat() data, risking inconsistency, but
    apparently our pipe locking model accepts that risk.

(3) In various pipe MAC authorization checks, assert that the pipe
    lock is held.

(4) Grab the lock when performing a pipe relabel operation, and
    assert it a little deeper in the stack.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-01 04:30:19 +00:00
..
lomac - Use vrefcnt() instead of v_usecount. 2002-09-25 02:42:43 +00:00
mac Improve locking of pipe mutexes in the context of MAC: 2002-10-01 04:30:19 +00:00
mac_biba Remove another missed trailing space. 2002-09-21 19:50:28 +00:00
mac_bsdextended Pass active_cred and file_cred into the MAC framework explicitly 2002-08-19 19:04:53 +00:00
mac_ifoff Rename mac_check_socket_receive() to mac_check_socket_deliver() so that 2002-08-15 18:51:27 +00:00
mac_mls Trim trailing whitespace from the ends of lines. 2002-09-21 19:26:59 +00:00
mac_none Prefer NULL to 0 when passing a NULL pointer. 2002-08-20 02:54:09 +00:00
mac_seeotheruids Introduce support for Mandatory Access Control and extensible 2002-07-31 18:07:45 +00:00
mac_stub Prefer NULL to 0 when passing a NULL pointer. 2002-08-20 02:54:09 +00:00
mac_test Provide stub mpo_syscall() implementations for mac_none and mac_test. 2002-08-20 02:53:35 +00:00