fd: make 'rights' a manadatory argument to fget* functions
This commit is contained in:
parent
35acf35c2e
commit
feeee4c707
@ -52,9 +52,10 @@ static __inline void
|
||||
releasef(int fd)
|
||||
{
|
||||
struct file *fp;
|
||||
cap_rights_t rights;
|
||||
|
||||
/* No CAP_ rights required, as we're only releasing. */
|
||||
if (fget(curthread, fd, NULL, &fp) == 0) {
|
||||
if (fget(curthread, fd, cap_rights_init(&rights), &fp) == 0) {
|
||||
fdrop(fp, curthread);
|
||||
fdrop(fp, curthread);
|
||||
}
|
||||
|
@ -139,13 +139,14 @@ translate_fd_major_minor(struct thread *td, int fd, struct stat *buf)
|
||||
{
|
||||
struct file *fp;
|
||||
struct vnode *vp;
|
||||
cap_rights_t rights;
|
||||
int major, minor;
|
||||
|
||||
/*
|
||||
* No capability rights required here.
|
||||
*/
|
||||
if ((!S_ISCHR(buf->st_mode) && !S_ISBLK(buf->st_mode)) ||
|
||||
fget(td, fd, 0, &fp) != 0)
|
||||
fget(td, fd, cap_rights_init(&rights), &fp) != 0)
|
||||
return;
|
||||
vp = fp->f_vnode;
|
||||
if (vp != NULL && vp->v_rdev != NULL &&
|
||||
|
@ -288,6 +288,7 @@ fdesc_lookup(ap)
|
||||
struct thread *td = cnp->cn_thread;
|
||||
struct file *fp;
|
||||
struct fdesc_get_ino_args arg;
|
||||
cap_rights_t rights;
|
||||
int nlen = cnp->cn_namelen;
|
||||
u_int fd, fd1;
|
||||
int error;
|
||||
@ -332,7 +333,7 @@ fdesc_lookup(ap)
|
||||
/*
|
||||
* No rights to check since 'fp' isn't actually used.
|
||||
*/
|
||||
if ((error = fget(td, fd, NULL, &fp)) != 0)
|
||||
if ((error = fget(td, fd, cap_rights_init(&rights), &fp)) != 0)
|
||||
goto bad;
|
||||
|
||||
/* Check if we're looking up ourselves. */
|
||||
|
@ -2423,13 +2423,10 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags,
|
||||
{
|
||||
struct filedesc *fdp;
|
||||
struct file *fp;
|
||||
cap_rights_t needrights;
|
||||
int error;
|
||||
|
||||
*fpp = NULL;
|
||||
fdp = td->td_proc->p_fd;
|
||||
if (needrightsp == NULL)
|
||||
needrightsp = cap_rights_init(&needrights);
|
||||
error = fget_unlocked(fdp, fd, needrightsp, &fp, seqp);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
@ -2058,6 +2058,7 @@ sys_aio_cancel(struct thread *td, struct aio_cancel_args *uap)
|
||||
struct aiocblist *cbe, *cbn;
|
||||
struct file *fp;
|
||||
struct socket *so;
|
||||
cap_rights_t rights;
|
||||
int error;
|
||||
int remove;
|
||||
int cancelled = 0;
|
||||
@ -2065,7 +2066,7 @@ sys_aio_cancel(struct thread *td, struct aio_cancel_args *uap)
|
||||
struct vnode *vp;
|
||||
|
||||
/* Lookup file object. */
|
||||
error = fget(td, uap->fd, NULL, &fp);
|
||||
error = fget(td, uap->fd, cap_rights_init(&rights), &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
@ -32,6 +32,7 @@
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/capsicum.h>
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/filedesc.h>
|
||||
#include <sys/libkern.h>
|
||||
@ -467,6 +468,7 @@ audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath)
|
||||
char *rbuf, *fbuf, *copy;
|
||||
struct filedesc *fdp;
|
||||
struct sbuf sbf;
|
||||
cap_rights_t rights;
|
||||
int error, needslash;
|
||||
|
||||
WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "%s: at %s:%d",
|
||||
@ -495,7 +497,7 @@ audit_canon_path(struct thread *td, int dirfd, char *path, char *cpath)
|
||||
vhold(cvnp);
|
||||
} else {
|
||||
/* XXX: fgetvp() that vhold()s vnode instead of vref()ing it would be better */
|
||||
error = fgetvp(td, dirfd, NULL, &cvnp);
|
||||
error = fgetvp(td, dirfd, cap_rights_init(&rights), &cvnp);
|
||||
if (error) {
|
||||
FILEDESC_SUNLOCK(fdp);
|
||||
cpath[0] = '\0';
|
||||
|
Loading…
Reference in New Issue
Block a user