D14175.id.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D14175.id.diff
View Options

	Index: head/sys/security/mac/mac_syscalls.c
	===================================================================
	--- head/sys/security/mac/mac_syscalls.c
	+++ head/sys/security/mac/mac_syscalls.c
	@@ -76,6 +76,11 @@

	FEATURE(security_mac, "Mandatory Access Control Framework support");

	+static int kern___mac_get_path(struct thread td, const char path_p,
	+ struct mac *mac_p, int follow);
	+static int kern___mac_set_path(struct thread td, const char path_p,
	+ struct mac *mac_p, int follow);
	+
	int
	sys___mac_get_pid(struct thread td, struct __mac_get_pid_args uap)
	{
	@@ -315,57 +320,21 @@
	int
	sys___mac_get_file(struct thread td, struct __mac_get_file_args uap)
	{
	- char elements, buffer;
	- struct nameidata nd;
	- struct label *intlabel;
	- struct mac mac;
	- int error;

	- if (!(mac_labeled & MPC_OBJECT_VNODE))
	- return (EINVAL);
	-
	- error = copyin(uap->mac_p, &mac, sizeof(mac));
	- if (error)
	- return (error);
	-
	- error = mac_check_structmac_consistent(&mac);
	- if (error)
	- return (error);
	-
	- elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
	- error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
	- if (error) {
	- free(elements, M_MACTEMP);
	- return (error);
	- }
	-
	- buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK \| M_ZERO);
	- NDINIT(&nd, LOOKUP, LOCKLEAF \| FOLLOW, UIO_USERSPACE,
	- uap->path_p, td);
	- error = namei(&nd);
	- if (error)
	- goto out;
	-
	- intlabel = mac_vnode_label_alloc();
	- mac_vnode_copy_label(nd.ni_vp->v_label, intlabel);
	- error = mac_vnode_externalize_label(intlabel, elements, buffer,
	- mac.m_buflen);
	-
	- NDFREE(&nd, 0);
	- mac_vnode_label_free(intlabel);
	- if (error == 0)
	- error = copyout(buffer, mac.m_string, strlen(buffer)+1);
	-
	-out:
	- free(buffer, M_MACTEMP);
	- free(elements, M_MACTEMP);
	-
	- return (error);
	+ return (kern___mac_get_path(td, uap->path_p, uap->mac_p, FOLLOW));
	}

	int
	sys___mac_get_link(struct thread td, struct __mac_get_link_args uap)
	{
	+
	+ return (kern___mac_get_path(td, uap->path_p, uap->mac_p, NOFOLLOW));
	+}
	+
	+static int
	+kern___mac_get_path(struct thread td, const char path_p, struct mac *mac_p,
	+ int follow)
	+{
	char elements, buffer;
	struct nameidata nd;
	struct label *intlabel;
	@@ -375,7 +344,7 @@
	if (!(mac_labeled & MPC_OBJECT_VNODE))
	return (EINVAL);

	- error = copyin(uap->mac_p, &mac, sizeof(mac));
	+ error = copyin(mac_p, &mac, sizeof(mac));
	if (error)
	return (error);

	@@ -391,8 +360,7 @@
	}

	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK \| M_ZERO);
	- NDINIT(&nd, LOOKUP, LOCKLEAF \| NOFOLLOW, UIO_USERSPACE,
	- uap->path_p, td);
	+ NDINIT(&nd, LOOKUP, LOCKLEAF \| follow, UIO_USERSPACE, path_p, td);
	error = namei(&nd);
	if (error)
	goto out;
	@@ -518,58 +486,21 @@
	int
	sys___mac_set_file(struct thread td, struct __mac_set_file_args uap)
	{
	- struct label *intlabel;
	- struct nameidata nd;
	- struct mount *mp;
	- struct mac mac;
	- char *buffer;
	- int error;

	- if (!(mac_labeled & MPC_OBJECT_VNODE))
	- return (EINVAL);
	-
	- error = copyin(uap->mac_p, &mac, sizeof(mac));
	- if (error)
	- return (error);
	-
	- error = mac_check_structmac_consistent(&mac);
	- if (error)
	- return (error);
	-
	- buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
	- error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
	- if (error) {
	- free(buffer, M_MACTEMP);
	- return (error);
	- }
	-
	- intlabel = mac_vnode_label_alloc();
	- error = mac_vnode_internalize_label(intlabel, buffer);
	- free(buffer, M_MACTEMP);
	- if (error)
	- goto out;
	-
	- NDINIT(&nd, LOOKUP, LOCKLEAF \| FOLLOW, UIO_USERSPACE,
	- uap->path_p, td);
	- error = namei(&nd);
	- if (error == 0) {
	- error = vn_start_write(nd.ni_vp, &mp, V_WAIT \| PCATCH);
	- if (error == 0) {
	- error = vn_setlabel(nd.ni_vp, intlabel,
	- td->td_ucred);
	- vn_finished_write(mp);
	- }
	- }
	-
	- NDFREE(&nd, 0);
	-out:
	- mac_vnode_label_free(intlabel);
	- return (error);
	+ return (kern___mac_set_path(td, uap->path_p, uap->mac_p, FOLLOW));
	}

	int
	sys___mac_set_link(struct thread td, struct __mac_set_link_args uap)
	{
	+
	+ return (kern___mac_set_path(td, uap->path_p, uap->mac_p, NOFOLLOW));
	+}
	+
	+static int
	+kern___mac_set_path(struct thread td, const char path_p, struct mac *mac_p,
	+ int follow)
	+{
	struct label *intlabel;
	struct nameidata nd;
	struct mount *mp;
	@@ -580,7 +511,7 @@
	if (!(mac_labeled & MPC_OBJECT_VNODE))
	return (EINVAL);

	- error = copyin(uap->mac_p, &mac, sizeof(mac));
	+ error = copyin(mac_p, &mac, sizeof(mac));
	if (error)
	return (error);

	@@ -601,8 +532,7 @@
	if (error)
	goto out;

	- NDINIT(&nd, LOOKUP, LOCKLEAF \| NOFOLLOW, UIO_USERSPACE,
	- uap->path_p, td);
	+ NDINIT(&nd, LOOKUP, LOCKLEAF \| follow, UIO_USERSPACE, path_p, td);
	error = namei(&nd);
	if (error == 0) {
	error = vn_start_write(nd.ni_vp, &mp, V_WAIT \| PCATCH);

File Metadata

Mime Type: text/plain
Expires: Mon, Mar 16, 5:57 AM (2 h, 22 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29756758
Default Alt Text: D14175.id.diff (4 KB)

D14175.id.diffNo OneTemporaryActions

D14175.id.diffView Options

File Metadata

Event Timeline

D14175.id.diff
No OneTemporary
Actions

D14175.id.diff
View Options