freebsd-skq/sys/fs
Robert Watson d26dd2d99e When devfs cloning takes place, provide access to the credential of the
process that caused the clone event to take place for the device driver
creating the device.  This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.

- Add a cred reference to struct cdev, so that when a device node is
  instantiated as a vnode, the cloning credential can be exposed to
  MAC.

- Add make_dev_cred(), a version of make_dev() that additionally
  accepts the credential to stick in the struct cdev.  Implement it and
  make_dev() in terms of a back-end make_dev_credv().

- Add a new event handler, dev_clone_cred, which can be registered to
  receive the credential instead of dev_clone, if desired.

- Modify the MAC entry point mac_create_devfs_device() to accept an
  optional credential pointer (may be NULL), so that MAC policies can
  inspect and act on the label or other elements of the credential
  when initializing the skeleton device protections.

- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
  so that the pty clone credential is exposed to the MAC Framework.

While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty.  This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.

Submitted by:	Andrew Reisse <andrew.reisse@sparta.com>
Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
MFC after:	1 week
MFC note:	Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
..
cd9660 - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
coda - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
deadfs - Deadfs may now use the standard vop lock, get rid of dead_lock(). 2005-03-13 12:06:20 +00:00
devfs When devfs cloning takes place, provide access to the credential of the 2005-07-14 10:22:09 +00:00
fdescfs - Update vfs_root implementations to match the new prototype. None of 2005-03-24 07:36:16 +00:00
fifofs - The VI_DOOMED flag now signals the end of a vnode's relationship with 2005-03-13 12:18:25 +00:00
hpfs - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
msdosfs Disable negative name caching for msdosfs to work around a bug. 2005-04-16 23:47:19 +00:00
ntfs The printf(9) `%p' conversion specifier puts an "0x" in 2005-05-06 00:15:57 +00:00
nullfs - As this is presently the one and only place where duplicate acquires of 2005-04-22 22:42:44 +00:00
nwfs Do not dereference dvp pointer before doing a NULL check. 2005-05-11 19:08:38 +00:00
portalfs - We no longer have to bother with PDIRUNLOCK, lookup() handles it for us. 2005-03-28 09:34:36 +00:00
procfs Jumbo-commit to enhance 32 bit application support on 64 bit kernels. 2005-06-30 07:49:22 +00:00
pseudofs - Since we don't hold a usecount in pfs_exit we have to get a holdcnt 2005-07-07 07:33:10 +00:00
smbfs Staticize a symbol used only in this file. 2005-05-06 20:47:09 +00:00
udf Regrab dvp only when ISDOTDOT. 2005-07-09 13:52:49 +00:00
umapfs - Update vfs_root implementations to match the new prototype. None of 2005-03-24 07:36:16 +00:00
unionfs - Set the v_object pointer after a successful VOP_OPEN(). This isn't a 2005-05-03 11:05:33 +00:00