The V* flags passed using an accmode_t to the access() and open()
access control checks in mac_bsdextended are not in the same namespace as the MBI_ flags used in ugidfw policies, so add an explicit conversion routine to get from one to the other. Obtained from: TrustedBSD Project
This commit is contained in:
parent
9aa53c183c
commit
fbca48f8d5
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 1999-2002, 2007 Robert N. M. Watson
|
||||
* Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
|
||||
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2005 Tom Rhodes
|
||||
* Copyright (c) 2006 SPARTA, Inc.
|
||||
@ -465,6 +465,27 @@ ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
return (ugidfw_check(cred, vp, &vap, acc_mode));
|
||||
}
|
||||
|
||||
int
|
||||
ugidfw_accmode2mbi(accmode_t accmode)
|
||||
{
|
||||
int mbi;
|
||||
|
||||
mbi = 0;
|
||||
if (accmode & VEXEC)
|
||||
mbi |= MBI_EXEC;
|
||||
if (accmode & VWRITE)
|
||||
mbi |= MBI_WRITE;
|
||||
if (accmode & VREAD)
|
||||
mbi |= MBI_READ;
|
||||
if (accmode & VADMIN)
|
||||
mbi |= MBI_ADMIN;
|
||||
if (accmode & VSTAT)
|
||||
mbi |= MBI_STAT;
|
||||
if (accmode & VAPPEND)
|
||||
mbi |= MBI_APPEND;
|
||||
return (mbi);
|
||||
}
|
||||
|
||||
static struct mac_policy_ops ugidfw_ops =
|
||||
{
|
||||
.mpo_destroy = ugidfw_destroy,
|
||||
|
@ -34,6 +34,7 @@
|
||||
/*
|
||||
* Central access control routines used by object-specific checks.
|
||||
*/
|
||||
int ugidfw_accmode2mbi(accmode_t accmode);
|
||||
int ugidfw_check(struct ucred *cred, struct vnode *vp, struct vattr *vap,
|
||||
int acc_mode);
|
||||
int ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright (c) 1999-2002, 2007 Robert N. M. Watson
|
||||
* Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
|
||||
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2005 Tom Rhodes
|
||||
* Copyright (c) 2006 SPARTA, Inc.
|
||||
@ -65,11 +65,7 @@ ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, accmode_t accmode)
|
||||
{
|
||||
|
||||
/*
|
||||
* XXX: We pass accmode_t variable containing V* constants
|
||||
* as an int containing MBI_* constants.
|
||||
*/
|
||||
return (ugidfw_check_vp(cred, vp, (int)accmode));
|
||||
return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode)));
|
||||
}
|
||||
|
||||
int
|
||||
@ -175,11 +171,7 @@ ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, accmode_t accmode)
|
||||
{
|
||||
|
||||
/*
|
||||
* XXX: We pass accmode_t variable containing V* constants
|
||||
* as an int containing MBI_* constants.
|
||||
*/
|
||||
return (ugidfw_check_vp(cred, vp, (int)accmode));
|
||||
return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode)));
|
||||
}
|
||||
|
||||
int
|
||||
|
Loading…
x
Reference in New Issue
Block a user