D36082.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D36082.diff
View Options

	diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
	--- a/sys/security/mac/mac_framework.h
	+++ b/sys/security/mac/mac_framework.h
	@@ -271,7 +271,22 @@
	#endif
	#define mac_pipe_check_stat_enabled() __predict_false(mac_pipe_check_stat_fp_flag)
	int mac_pipe_check_stat(struct ucred cred, struct pipepair pp);
	-int mac_pipe_check_read(struct ucred cred, struct pipepair pp);
	+int mac_pipe_check_read_impl(struct ucred cred, struct pipepair pp);
	+#ifdef MAC
	+extern bool mac_pipe_check_read_fp_flag;
	+#else
	+#define mac_pipe_check_read_fp_flag false
	+#endif
	+#define mac_pipe_check_read_enabled() __predict_false(mac_pipe_check_read_fp_flag)
	+static inline int
	+mac_pipe_check_read(struct ucred cred, struct pipepair pp)
	+{
	+
	+ if (mac_pipe_check_read_enabled())
	+ return (mac_pipe_check_read_impl(cred, pp));
	+ return (0);
	+}
	+
	int mac_pipe_check_write(struct ucred cred, struct pipepair pp);
	void mac_pipe_create(struct ucred cred, struct pipepair pp);
	void mac_pipe_destroy(struct pipepair *);
	diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
	--- a/sys/security/mac/mac_framework.c
	+++ b/sys/security/mac/mac_framework.c
	@@ -145,6 +145,7 @@
	FPFLAG_RARE(vnode_check_readlink);
	FPFLAG_RARE(pipe_check_stat);
	FPFLAG_RARE(pipe_check_poll);
	+FPFLAG_RARE(pipe_check_read);
	FPFLAG_RARE(ifnet_create_mbuf);
	FPFLAG_RARE(ifnet_check_transmit);

	@@ -447,6 +448,8 @@
	.flag = &mac_pipe_check_stat_fp_flag },
	{ .offset = FPO(pipe_check_poll),
	.flag = &mac_pipe_check_poll_fp_flag },
	+ { .offset = FPO(pipe_check_read),
	+ .flag = &mac_pipe_check_read_fp_flag },
	{ .offset = FPO(ifnet_create_mbuf),
	.flag = &mac_ifnet_create_mbuf_fp_flag },
	{ .offset = FPO(ifnet_check_transmit),
	diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
	--- a/sys/security/mac/mac_pipe.c
	+++ b/sys/security/mac/mac_pipe.c
	@@ -179,7 +179,7 @@
	"struct pipepair *");

	int
	-mac_pipe_check_read(struct ucred cred, struct pipepair pp)
	+mac_pipe_check_read_impl(struct ucred cred, struct pipepair pp)
	{
	int error;

File Metadata

Mime Type: text/plain
Expires: Fri, Jan 17, 11:52 AM (19 h, 29 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15838398
Default Alt Text: D36082.diff (2 KB)

D36082.diffNo OneTemporaryActions

D36082.diffView Options

File Metadata

Event Timeline

D36082.diff
No OneTemporary
Actions

D36082.diff
View Options