Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/secmodel/extensions secmodel_extensions_system_cb() is n...
details: https://anonhg.NetBSD.org/src/rev/907b0fd91a7e
branches: trunk
changeset: 342199:907b0fd91a7e
user: maxv <maxv%NetBSD.org@localhost>
date: Sat Dec 12 14:57:52 2015 +0000
description:
secmodel_extensions_system_cb() is not mount-specific, even though
KAUTH_SYSTEM_MOUNT happens to be the only option handled here.
Put everything into a swith(action). No functional change.
diffstat:
sys/secmodel/extensions/secmodel_extensions.c | 88 ++++++++++++++------------
1 files changed, 47 insertions(+), 41 deletions(-)
diffs (118 lines):
diff -r 79f69925b348 -r 907b0fd91a7e sys/secmodel/extensions/secmodel_extensions.c
--- a/sys/secmodel/extensions/secmodel_extensions.c Sat Dec 12 14:47:37 2015 +0000
+++ b/sys/secmodel/extensions/secmodel_extensions.c Sat Dec 12 14:57:52 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.6 2014/02/25 18:30:13 pooka Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.6 2014/02/25 18:30:13 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -330,54 +330,60 @@
req = (enum kauth_system_req)arg0;
result = KAUTH_RESULT_DEFER;
- if (action != KAUTH_SYSTEM_MOUNT || dovfsusermount == 0)
- return result;
-
- switch (req) {
- case KAUTH_REQ_SYSTEM_MOUNT_NEW:
- vp = (vnode_t *)arg1;
- mp = vp->v_mount;
- flags = (u_long)arg2;
+ switch (action) {
+ case KAUTH_SYSTEM_MOUNT:
+ if (dovfsusermount == 0)
+ break;
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_MOUNT_NEW:
+ vp = (vnode_t *)arg1;
+ mp = vp->v_mount;
+ flags = (u_long)arg2;
- /*
- * Ensure that the user owns the directory onto which the
- * mount is attempted.
- */
- vn_lock(vp, LK_SHARED | LK_RETRY);
- error = VOP_GETATTR(vp, &va, cred);
- VOP_UNLOCK(vp);
- if (error)
- break;
+ /*
+ * Ensure that the user owns the directory onto which
+ * the mount is attempted.
+ */
+ vn_lock(vp, LK_SHARED | LK_RETRY);
+ error = VOP_GETATTR(vp, &va, cred);
+ VOP_UNLOCK(vp);
+ if (error)
+ break;
- if (va.va_uid != kauth_cred_geteuid(cred))
+ if (va.va_uid != kauth_cred_geteuid(cred))
+ break;
+
+ error = usermount_common_policy(mp, flags);
+ if (error)
+ break;
+
+ result = KAUTH_RESULT_ALLOW;
+
break;
- error = usermount_common_policy(mp, flags);
- if (error)
+ case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
+ mp = arg1;
+
+ /* Must own the mount. */
+ if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred))
+ result = KAUTH_RESULT_ALLOW;
+
break;
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
- case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
- mp = arg1;
-
- /* Must own the mount. */
- if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred))
- result = KAUTH_RESULT_ALLOW;
+ case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
+ mp = arg1;
+ flags = (u_long)arg2;
- break;
-
- case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
- mp = arg1;
- flags = (u_long)arg2;
+ /* Must own the mount. */
+ if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) &&
+ usermount_common_policy(mp, flags) == 0)
+ result = KAUTH_RESULT_ALLOW;
- /* Must own the mount. */
- if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) &&
- usermount_common_policy(mp, flags) == 0)
- result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
break;
default:
Home |
Main Index |
Thread Index |
Old Index