CVS commit: src/sys

Elad Efrat Fri, 02 Oct 2009 18:41:45 -0700

Module Name:    src
Committed By:   elad
Date:           Sat Oct  3 01:41:39 UTC 2009


Modified Files:
        src/sys/kern: uipc_socket.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Finish moving socket policy to the subsystem.


To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_socket.c
cvs rdiff -u -r1.18 -r1.19 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/uipc_socket.c
diff -u src/sys/kern/uipc_socket.c:1.191 src/sys/kern/uipc_socket.c:1.192
--- src/sys/kern/uipc_socket.c:1.191	Fri Oct  2 23:50:16 2009
+++ src/sys/kern/uipc_socket.c	Sat Oct  3 01:41:39 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $	*/
+/*	$NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $");
 
 #include "opt_compat_netbsd.h"
 #include "opt_sock_counters.h"
@@ -470,6 +470,11 @@
 
 		break;
 
+	case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
+		result = KAUTH_RESULT_ALLOW;
+
+		break;
+
 	default:
 		break;
 	}

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.18 src/sys/secmodel/suser/secmodel_suser.c:1.19
--- src/sys/secmodel/suser/secmodel_suser.c:1.18	Sat Oct  3 01:30:25 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Sat Oct  3 01:41:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -822,14 +822,14 @@
 			}
 
 			if (secmodel_bsd44_curtain) {
+				struct socket *so;
 				uid_t so_uid;
 
-				so_uid =
-				    ((struct socket *)arg1)->so_uidinfo->ui_uid;
-				if (kauth_cred_geteuid(cred) == so_uid)
-					result = KAUTH_RESULT_ALLOW;
-			} else
-				result = KAUTH_RESULT_ALLOW;
+				so = (struct socket *)arg1;
+				so_uid = so->so_uidinfo->ui_uid;
+				if (kauth_cred_geteuid(cred) != so_uid)
+					result = KAUTH_RESULT_DENY;
+			}
 
 			break;

CVS commit: src/sys

Reply via email to