Differential D10385 Diff 38027 head/sys/security/mac/mac_syscalls.c

Changeset View

Standalone View

head/sys/security/mac/mac_syscalls.c

Show First 20 Lines • Show All 224 Lines • ▼ Show 20 Lines	sys___mac_get_fd(struct thread td, struct __mac_get_fd_args uap)
char elements, buffer;		char elements, buffer;
struct label *intlabel;		struct label *intlabel;
struct file *fp;		struct file *fp;
struct mac mac;		struct mac mac;
struct vnode *vp;		struct vnode *vp;
struct pipe *pipe;		struct pipe *pipe;
struct socket *so;		struct socket *so;
cap_rights_t rights;		cap_rights_t rights;
short label_type;
int error;		int error;

error = copyin(uap->mac_p, &mac, sizeof(mac));		error = copyin(uap->mac_p, &mac, sizeof(mac));
if (error)		if (error)
return (error);		return (error);

error = mac_check_structmac_consistent(&mac);		error = mac_check_structmac_consistent(&mac);
if (error)		if (error)
return (error);		return (error);

elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);		elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);		error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
if (error) {		if (error) {
free(elements, M_MACTEMP);		free(elements, M_MACTEMP);
return (error);		return (error);
}		}

buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK \| M_ZERO);		buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK \| M_ZERO);
error = fget(td, uap->fd, cap_rights_init(&rights, CAP_MAC_GET), &fp);		error = fget(td, uap->fd, cap_rights_init(&rights, CAP_MAC_GET), &fp);
if (error)		if (error)
goto out;		goto out;

label_type = fp->f_type;
switch (fp->f_type) {		switch (fp->f_type) {
case DTYPE_FIFO:		case DTYPE_FIFO:
case DTYPE_VNODE:		case DTYPE_VNODE:
if (!(mac_labeled & MPC_OBJECT_VNODE)) {		if (!(mac_labeled & MPC_OBJECT_VNODE)) {
error = EINVAL;		error = EINVAL;
goto out_fdrop;		goto out_fdrop;
}		}
vp = fp->f_vnode;		vp = fp->f_vnode;
▲ Show 20 Lines • Show All 469 Lines • Show Last 20 Lines