Implement read(2)/write(2) and neccessary lseek(2) for posix shmfd. - src

diff options


context:
space:
mode:

author	Konstantin Belousov <kib@FreeBSD.org>	2013-08-21 17:45:00 +0000
committer	Konstantin Belousov <kib@FreeBSD.org>	2013-08-21 17:45:00 +0000
commit	940cb0e2bb228ca52f2d29c9c990be0634aec7e4 (patch)
tree	d04455df948dc71b9ece838e75596e329c610c9d /sys/security/mac
parent	c0a46535c4465293c3d28bf18d84fef3b06f9741 (diff)

Notes

Diffstat (limited to 'sys/security/mac')

-rw-r--r--

sys/security/mac/mac_framework.h

-rw-r--r--

sys/security/mac/mac_policy.h

-rw-r--r--

sys/security/mac/mac_posix_shm.c

3 files changed, 46 insertions, 0 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 92aedea4ef75..77cb8bcb60c4 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h

@@ -243,6 +243,8 @@ int mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,

int prot, int flags);

int mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,

accmode_t accmode);

+int mac_posixshm_check_read(struct ucred *active_cred,

+ struct ucred *file_cred, struct shmfd *shmfd);

int mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,

mode_t mode);

int mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,

@@ -252,6 +254,8 @@ int mac_posixshm_check_stat(struct ucred *active_cred,

int mac_posixshm_check_truncate(struct ucred *active_cred,

struct ucred *file_cred, struct shmfd *shmfd);

int mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd);

+int mac_posixshm_check_write(struct ucred *active_cred,

+ struct ucred *file_cred, struct shmfd *shmfd);

void mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd);

void mac_posixshm_destroy(struct shmfd *);

void mac_posixshm_init(struct shmfd *);

diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 090dc4058104..dadadb5828b3 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h

@@ -363,6 +363,9 @@ typedef int (*mpo_posixshm_check_mmap_t)(struct ucred *cred,

typedef int (*mpo_posixshm_check_open_t)(struct ucred *cred,

struct shmfd *shmfd, struct label *shmlabel,

accmode_t accmode);

+typedef int (*mpo_posixshm_check_read_t)(struct ucred *active_cred,

+ struct ucred *file_cred, struct shmfd *shmfd,

+ struct label *shmlabel);

typedef int (*mpo_posixshm_check_setmode_t)(struct ucred *cred,

struct shmfd *shmfd, struct label *shmlabel,

mode_t mode);

@@ -377,6 +380,9 @@ typedef int (*mpo_posixshm_check_truncate_t)(struct ucred *active_cred,

struct label *shmlabel);

typedef int (*mpo_posixshm_check_unlink_t)(struct ucred *cred,

struct shmfd *shmfd, struct label *shmlabel);

+typedef int (*mpo_posixshm_check_write_t)(struct ucred *active_cred,

+ struct ucred *file_cred, struct shmfd *shmfd,

+ struct label *shmlabel);

typedef void (*mpo_posixshm_create_t)(struct ucred *cred,

struct shmfd *shmfd, struct label *shmlabel);

typedef void (*mpo_posixshm_destroy_label_t)(struct label *label);

@@ -818,11 +824,13 @@ struct mac_policy_ops {

mpo_posixshm_check_create_t mpo_posixshm_check_create;

mpo_posixshm_check_mmap_t mpo_posixshm_check_mmap;

mpo_posixshm_check_open_t mpo_posixshm_check_open;

+ mpo_posixshm_check_read_t mpo_posixshm_check_read;

mpo_posixshm_check_setmode_t mpo_posixshm_check_setmode;

mpo_posixshm_check_setowner_t mpo_posixshm_check_setowner;

mpo_posixshm_check_stat_t mpo_posixshm_check_stat;

mpo_posixshm_check_truncate_t mpo_posixshm_check_truncate;

mpo_posixshm_check_unlink_t mpo_posixshm_check_unlink;

+ mpo_posixshm_check_write_t mpo_posixshm_check_write;

mpo_posixshm_create_t mpo_posixshm_create;

mpo_posixshm_destroy_label_t mpo_posixshm_destroy_label;

mpo_posixshm_init_label_t mpo_posixshm_init_label;

diff --git a/sys/security/mac/mac_posix_shm.c b/sys/security/mac/mac_posix_shm.c
index d5d15fc4248c..1202d46303a3 100644
--- a/sys/security/mac/mac_posix_shm.c
+++ b/sys/security/mac/mac_posix_shm.c

@@ -228,3 +228,37 @@ mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, uid_t uid,

return (error);

}

+MAC_CHECK_PROBE_DEFINE3(posixshm_check_read, "struct ucred *",

+ "struct ucred *", "struct shmfd *");

+int

+mac_posixshm_check_read(struct ucred *active_cred, struct ucred *file_cred,

+ struct shmfd *shmfd)

+ int error;

+ MAC_POLICY_CHECK_NOSLEEP(posixshm_check_read, active_cred,

+ file_cred, shmfd, shmfd->shm_label);

+ MAC_CHECK_PROBE3(posixshm_check_read, error, active_cred,

+ file_cred, shmfd);

+ return (error);

+MAC_CHECK_PROBE_DEFINE3(posixshm_check_write, "struct ucred *",

+ "struct ucred *", "struct shmfd *");

+int

+mac_posixshm_check_write(struct ucred *active_cred, struct ucred *file_cred,

+ struct shmfd *shmfd)

+ int error;

+ MAC_POLICY_CHECK_NOSLEEP(posixshm_check_write, active_cred,

+ file_cred, shmfd, shmfd->shm_label);

+ MAC_CHECK_PROBE3(posixshm_check_write, error, active_cred,

+ file_cred, shmfd);

+ return (error);