fd: make rights a mandatory argument to fget_unlocked

This commit is contained in:
mjg 2015-06-16 09:52:36 +00:00
parent 1b5e46102c
commit a5a3a94b02
4 changed files with 20 additions and 14 deletions

View File

@ -622,6 +622,7 @@ svr4_sys_fchroot(td, uap)
struct thread *td; struct thread *td;
struct svr4_sys_fchroot_args *uap; struct svr4_sys_fchroot_args *uap;
{ {
cap_rights_t rights;
struct filedesc *fdp = td->td_proc->p_fd; struct filedesc *fdp = td->td_proc->p_fd;
struct vnode *vp; struct vnode *vp;
struct file *fp; struct file *fp;
@ -630,7 +631,7 @@ svr4_sys_fchroot(td, uap)
if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0) if ((error = priv_check(td, PRIV_VFS_FCHROOT)) != 0)
return error; return error;
/* XXX: we have the chroot priv... what cap might we need? all? */ /* XXX: we have the chroot priv... what cap might we need? all? */
if ((error = getvnode(fdp, uap->fd, 0, &fp)) != 0) if ((error = getvnode(fdp, uap->fd, cap_rights_init(&rights), &fp)) != 0)
return error; return error;
vp = fp->f_vnode; vp = fp->f_vnode;
VREF(vp); VREF(vp);

View File

@ -746,7 +746,8 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
arg = arg ? 128 * 1024: 0; arg = arg ? 128 * 1024: 0;
/* FALLTHROUGH */ /* FALLTHROUGH */
case F_READAHEAD: case F_READAHEAD:
error = fget_unlocked(fdp, fd, NULL, &fp, NULL); error = fget_unlocked(fdp, fd,
cap_rights_init(&rights), &fp, NULL);
if (error != 0) if (error != 0)
break; break;
if (fp->f_type != DTYPE_VNODE) { if (fp->f_type != DTYPE_VNODE) {
@ -2368,11 +2369,9 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
if (fp == NULL) if (fp == NULL)
return (EBADF); return (EBADF);
#ifdef CAPABILITIES #ifdef CAPABILITIES
if (needrightsp != NULL) { error = cap_check(&haverights, needrightsp);
error = cap_check(&haverights, needrightsp); if (error != 0)
if (error != 0) return (error);
return (error);
}
#endif #endif
retry: retry:
count = fp->f_count; count = fp->f_count;

View File

@ -33,6 +33,7 @@
#include <sys/file.h> #include <sys/file.h>
#include <sys/filedesc.h> #include <sys/filedesc.h>
#include <sys/refcount.h> #include <sys/refcount.h>
#include <sys/capsicum.h>
#include <sys/proc.h> #include <sys/proc.h>
#include <linux/fs.h> #include <linux/fs.h>
@ -46,10 +47,11 @@ extern struct fileops linuxfileops;
static inline struct linux_file * static inline struct linux_file *
linux_fget(unsigned int fd) linux_fget(unsigned int fd)
{ {
cap_rights_t rights;
struct file *file; struct file *file;
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file, if (fget_unlocked(curthread->td_proc->p_fd, fd,
NULL) != 0) { cap_rights_init(&rights), &file, NULL) != 0) {
return (NULL); return (NULL);
} }
return (struct linux_file *)file->f_data; return (struct linux_file *)file->f_data;
@ -71,10 +73,11 @@ fput(struct linux_file *filp)
static inline void static inline void
put_unused_fd(unsigned int fd) put_unused_fd(unsigned int fd)
{ {
cap_rights_t rights;
struct file *file; struct file *file;
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file, if (fget_unlocked(curthread->td_proc->p_fd, fd,
NULL) != 0) { cap_rights_init(&rights), &file, NULL) != 0) {
return; return;
} }
/* /*
@ -91,10 +94,11 @@ put_unused_fd(unsigned int fd)
static inline void static inline void
fd_install(unsigned int fd, struct linux_file *filp) fd_install(unsigned int fd, struct linux_file *filp)
{ {
cap_rights_t rights;
struct file *file; struct file *file;
if (fget_unlocked(curthread->td_proc->p_fd, fd, NULL, &file, if (fget_unlocked(curthread->td_proc->p_fd, fd,
NULL) != 0) { cap_rights_init(&rights), &file, NULL) != 0) {
file = NULL; file = NULL;
} }
filp->_file = file; filp->_file = file;

View File

@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h> #include <sys/param.h>
#include <sys/filedesc.h> #include <sys/filedesc.h>
#include <sys/capsicum.h>
#include <sys/ipc.h> #include <sys/ipc.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/proc.h> #include <sys/proc.h>
@ -894,6 +895,7 @@ audit_arg_fcntl_rights(uint32_t fcntlrights)
void void
audit_sysclose(struct thread *td, int fd) audit_sysclose(struct thread *td, int fd)
{ {
cap_rights_t rights;
struct kaudit_record *ar; struct kaudit_record *ar;
struct vnode *vp; struct vnode *vp;
struct file *fp; struct file *fp;
@ -906,7 +908,7 @@ audit_sysclose(struct thread *td, int fd)
audit_arg_fd(fd); audit_arg_fd(fd);
if (getvnode(td->td_proc->p_fd, fd, 0, &fp) != 0) if (getvnode(td->td_proc->p_fd, fd, cap_rights_init(&rights), &fp) != 0)
return; return;
vp = fp->f_vnode; vp = fp->f_vnode;