d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Assert that appropriate vnodes are locked in mac_execve_will_transition().

Browse Source 
Allow transitioning to be twiddled off using the process and fs enforcement
flags, although at some point this should probably be its own flag.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
rwatson 2002-11-05 15:11:33 +00:00
parent c2166f1034
commit 373a915367
9 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/kern/kern_mac.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_framework.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_internal.h
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_net.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_pipe.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_process.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_syscalls.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_system.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);

8
sys/security/mac/mac_vfs.c
View File

@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return;
MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
}
@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
{
int result;
ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
if (!mac_enforce_process && !mac_enforce_fs)
return (0);
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);