Teach the OSF/1 emulation layer a little more about mandatory access

control: perform checks during OSF/1 statfs()-related calls by invoking mac_check_mount_stat(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-08-12 01:16:55 +00:00 · 2002-08-12 01:16:55 +00:00 · 34a762e335
commit 34a762e335
parent 9b63136347
1 changed files with 19 additions and 0 deletions
--- a/sys/alpha/osf1/osf1_mount.c
+++ b/sys/alpha/osf1/osf1_mount.c
@ -32,6 +32,7 @@
 * $FreeBSD$
 */

+#include "opt_mac.h"
 #include "opt_nfs.h"

 #include <sys/param.h>
@ -42,6 +43,7 @@
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/vnode.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
@ -131,6 +133,11 @@ osf1_statfs(td, uap)
 	mp = nd.ni_vp->v_mount;
 	sp = &mp->mnt_stat;
 	vrele(nd.ni_vp);
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error)
+		return (error);
+#endif
 	if ((error = VFS_STATFS(mp, sp, td)))
 		return (error);
 	sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
@ -153,6 +160,13 @@ osf1_fstatfs(td, uap)
 	if ((error = getvnode(td->td_proc->p_fd, SCARG(uap, fd), &fp)))
 		return (error);
 	mp = ((struct vnode *)fp->f_data)->v_mount;
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error) {
+		fdrop(fp, td);
+		return (error);
+	}
+#endif
 	sp = &mp->mnt_stat;
 	error = VFS_STATFS(mp, sp, td);
 	fdrop(fp, td);
@ -183,6 +197,11 @@ osf1_getfsstat(td, uap)
 	for (count = 0, mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
 		nmp = TAILQ_NEXT(mp, mnt_list);
 		if (osf_sfsp && count < maxcount) {
+#ifdef MAC
+			error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+			if (error)
+				continue;
+#endif
 			sp = &mp->mnt_stat;
 			/*
 			 * If OSF1_MNT_NOWAIT is specified, do not refresh the