Introduce support for Mandatory Access Control and extensible

kernel access control. Invoke the necessary MAC entry points to maintain labels on vnodes. In particular, initialize the label when the vnode is allocated or reused, and destroy the label when the vnode is going to be released, or reused. Wow, an object where there really is exactly one place where it's allocated, and one other where it's freed. Amazing. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-07-31 02:03:46 +00:00 · 2002-07-31 02:03:46 +00:00 · 261170743f
commit 261170743f
parent 40d00aeb44
1 changed files with 8 additions and 0 deletions
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@ -43,6 +43,7 @@
 * External virtual filesystem routines
 */
 #include "opt_ddb.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -54,6 +55,7 @@
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 #include <sys/malloc.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
 #include <sys/stat.h>
@ -801,6 +803,9 @@ getnewvnode(tag, mp, vops, vpp)
 			uma_zfree(vnodepoll_zone, vp->v_pollinfo);
 		}
 		vp->v_pollinfo = NULL;
+#ifdef MAC
+		mac_destroy_vnode(vp);
+#endif
 		vp->v_flag = 0;
 		vp->v_lastw = 0;
 		vp->v_lasta = 0;
@ -827,6 +832,9 @@ getnewvnode(tag, mp, vops, vpp)
 	vp->v_tag = tag;
 	vp->v_op = vops;
 	lockinit(&vp->v_lock, PVFS, "vnlock", VLKTIMEOUT, LK_NOPAUSE);
+#ifdef MAC
+	mac_init_vnode(vp);
+#endif
 	insmntque(vp, mp);
 	*vpp = vp;
 	vp->v_usecount = 1;