Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_vfs_subr.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 #include <sys/param.h> 29 #include <sys/vnode.h> 30 #include <sys/vnode_internal.h> 31 #include <sys/kauth.h> 32 #include <sys/namei.h> 33 #include <sys/mount.h> 34 #include <sys/mount_internal.h> 35 #include <sys/uio_internal.h> 36 #include <sys/xattr.h> 37 38 #include <security/mac_internal.h> 39 40 /* 41 * Caller holds reference or sets VNODE_LABEL_NEEDREF to non-zero. 42 * 43 * Function will drop lock and reference on return. 44 */ 45 int 46 vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp, 47 struct componentname *cnp, int flags, vfs_context_t ctx) 48 { 49 int error; 50 51 error = 0; 52 53 vnode_lock(vp); 54 55 if (vp->v_lflag & VL_LABELED) { 56 if (!(flags & VNODE_LABEL_NEEDREF)) 57 vnode_put_locked(vp); 58 vnode_unlock(vp); 59 return (0); 60 } 61 62 if ((flags & VNODE_LABEL_NEEDREF) && vnode_get_locked(vp)) { 63 vnode_unlock(vp); 64 return (ENOENT); 65 } 66 67 if ((vp->v_lflag & VL_LABEL) == 0) { 68 vp->v_lflag |= VL_LABEL; 69 70 /* Could sleep on disk I/O, drop lock. */ 71 vnode_unlock(vp); 72 if (flags & VNODE_LABEL_CREATE) 73 error = mac_vnode_notify_create(ctx, 74 mp, dvp, vp, cnp); 75 else 76 error = mac_vnode_label_associate(mp, vp, ctx); 77 vnode_lock(vp); 78 79 if ((error == 0) && (vp->v_flag & VNCACHEABLE)) 80 vp->v_lflag |= VL_LABELED; 81 vp->v_lflag &= ~VL_LABEL; 82 83 if (vp->v_lflag & VL_LABELWAIT) { 84 vp->v_lflag &= ~VL_LABELWAIT; 85 wakeup(vp->v_label); 86 } 87 vnode_put_locked(vp); 88 vnode_unlock(vp); 89 } else { 90 struct timespec ts; 91 92 ts.tv_sec = 10; 93 ts.tv_nsec = 0; 94 95 while (vp->v_lflag & VL_LABEL) { 96 vp->v_lflag |= VL_LABELWAIT; 97 error = msleep(vp->v_label, &vp->v_lock, PVFS|PDROP, 98 "vnode_label", &ts); 99 vnode_lock(vp); 100 if (error == EWOULDBLOCK) { 101 vprint("vnode label timeout", vp); 102 break; 103 } 104 } 105 /* XXX: what should be done if labeling failed (above)? */ 106 vnode_put_locked(vp); 107 vnode_unlock(vp); 108 } 109 110 return (error); 111 } 112 113 114 /* 115 * Clear the "labeled" flag on a VNODE. 116 * VNODE will have label re-associated upon 117 * next call to lookup(). 118 * 119 * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL 120 * Caller holds vnode lock. 121 */ 122 void 123 vnode_relabel(struct vnode *vp) 124 { 125 126 /* Wait for any other labeling to complete. */ 127 while (vp->v_lflag & VL_LABEL) { 128 vp->v_lflag |= VL_LABELWAIT; 129 (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_relabel", 0); 130 } 131 132 /* Clear labeled flag */ 133 vp->v_lflag &= ~VL_LABELED; 134 135 return; 136 } 137 138 /* 139 * VFS XATTR helpers. 140 */ 141 142 int 143 mac_vnop_setxattr (struct vnode *vp, const char *name, char *buf, size_t len) 144 { 145 vfs_context_t ctx; 146 int options = XATTR_NOSECURITY; 147 char uio_buf[ UIO_SIZEOF(1) ]; 148 uio_t auio; 149 int error; 150 151 if (vfs_isrdonly(vp->v_mount)) 152 return (EROFS); 153 154 ctx = vfs_context_current(); 155 auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_WRITE, 156 &uio_buf[0], sizeof(uio_buf)); 157 uio_addiov(auio, CAST_USER_ADDR_T(buf), len); 158 159 error = vn_setxattr(vp, name, auio, options, ctx); 160 161 return (error); 162 } 163 164 int 165 mac_vnop_getxattr (struct vnode *vp, const char *name, char *buf, size_t len, 166 size_t *attrlen) 167 { 168 vfs_context_t ctx = vfs_context_current(); 169 int options = XATTR_NOSECURITY; 170 char uio_buf[ UIO_SIZEOF(1) ]; 171 uio_t auio; 172 int error; 173 174 auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_READ, 175 &uio_buf[0], sizeof(uio_buf)); 176 uio_addiov(auio, CAST_USER_ADDR_T(buf), len); 177 178 error = vn_getxattr(vp, name, auio, attrlen, options, ctx); 179 *attrlen = len - uio_resid(auio); 180 181 return (error); 182 } 183 184 int 185 mac_vnop_removexattr (struct vnode *vp, const char *name) 186 { 187 vfs_context_t ctx = vfs_context_current(); 188 int options = XATTR_NOSECURITY; 189 int error; 190 191 if (vfs_isrdonly(vp->v_mount)) 192 return (EROFS); 193 194 error = vn_removexattr(vp, name, options, ctx); 195 196 return (error); 197 }
Cache object: 29f1f887b28926af0a1487298b8b2fdf
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]