Add necessary instrumentation to IBCS2 emulation support for mandatory

access control: as with SVR4, very few changes required since almost all services are implemented by wrapping existing native FreeBSD system calls. Only readdir() calls need additional instrumentation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-08-12 01:45:40 +00:00 · 2002-08-12 01:45:40 +00:00 · 22f1120fb6
commit 22f1120fb6
parent 7d834ce78d
1 changed files with 15 additions and 0 deletions
--- a/sys/i386/ibcs2/ibcs2_misc.c
+++ b/sys/i386/ibcs2/ibcs2_misc.c
@ -54,6 +54,8 @@
 * IBCS2 system calls that are implemented differently in BSD are
 * handled here.
 */
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/dirent.h>
@ -61,6 +63,7 @@
 #include <sys/filedesc.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/file.h>			/* Must come after sys/malloc.h */
 #include <sys/mutex.h>
@ -348,6 +351,12 @@ ibcs2_getdents(td, uap)
 		cookies = NULL;
 	}

+#ifdef MAC
+	error = mac_check_vnode_readdir(td->td_ucred, vp);
+	if (error)
+		goto out;
+#endif
+
 	/*
 	 * First we read into the malloc'ed buffer, then
 	 * we massage it into user space, one record at a time.
@ -503,6 +512,12 @@ ibcs2_read(td, uap)
 		cookies = NULL;
 	}

+#ifdef MAC
+	error = mac_check_vnode_readdir(td->td_ucred, vp);
+	if (error)
+		goto out;
+#endif
+
 	/*
 	 * First we read into the malloc'ed buffer, then
 	 * we massage it into user space, one record at a time.