Module Name: src
Committed By: maxv
Date: Sat Dec 12 14:57:52 UTC 2015
Modified Files:
src/sys/secmodel/extensions: secmodel_extensions.c
Log Message:
secmodel_extensions_system_cb() is not mount-specific, even though
KAUTH_SYSTEM_MOUNT happens to be the only option handled here.
Put everything into a swith(action). No functional change.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/sys/secmodel/extensions/secmodel_extensions.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/extensions/secmodel_extensions.c
diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.6 src/sys/secmodel/extensions/secmodel_extensions.c:1.7
--- src/sys/secmodel/extensions/secmodel_extensions.c:1.6 Tue Feb 25 18:30:13 2014
+++ src/sys/secmodel/extensions/secmodel_extensions.c Sat Dec 12 14:57:52 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.6 2014/02/25 18:30:13 pooka Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <[email protected]>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.6 2014/02/25 18:30:13 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -330,54 +330,60 @@ secmodel_extensions_system_cb(kauth_cred
req = (enum kauth_system_req)arg0;
result = KAUTH_RESULT_DEFER;
- if (action != KAUTH_SYSTEM_MOUNT || dovfsusermount == 0)
- return result;
-
- switch (req) {
- case KAUTH_REQ_SYSTEM_MOUNT_NEW:
- vp = (vnode_t *)arg1;
- mp = vp->v_mount;
- flags = (u_long)arg2;
-
- /*
- * Ensure that the user owns the directory onto which the
- * mount is attempted.
- */
- vn_lock(vp, LK_SHARED | LK_RETRY);
- error = VOP_GETATTR(vp, &va, cred);
- VOP_UNLOCK(vp);
- if (error)
+ switch (action) {
+ case KAUTH_SYSTEM_MOUNT:
+ if (dovfsusermount == 0)
break;
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_MOUNT_NEW:
+ vp = (vnode_t *)arg1;
+ mp = vp->v_mount;
+ flags = (u_long)arg2;
+
+ /*
+ * Ensure that the user owns the directory onto which
+ * the mount is attempted.
+ */
+ vn_lock(vp, LK_SHARED | LK_RETRY);
+ error = VOP_GETATTR(vp, &va, cred);
+ VOP_UNLOCK(vp);
+ if (error)
+ break;
+
+ if (va.va_uid != kauth_cred_geteuid(cred))
+ break;
+
+ error = usermount_common_policy(mp, flags);
+ if (error)
+ break;
- if (va.va_uid != kauth_cred_geteuid(cred))
- break;
+ result = KAUTH_RESULT_ALLOW;
- error = usermount_common_policy(mp, flags);
- if (error)
break;
- result = KAUTH_RESULT_ALLOW;
-
- break;
+ case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
+ mp = arg1;
- case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
- mp = arg1;
+ /* Must own the mount. */
+ if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred))
+ result = KAUTH_RESULT_ALLOW;
- /* Must own the mount. */
- if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred))
- result = KAUTH_RESULT_ALLOW;
+ break;
- break;
+ case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
+ mp = arg1;
+ flags = (u_long)arg2;
+
+ /* Must own the mount. */
+ if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) &&
+ usermount_common_policy(mp, flags) == 0)
+ result = KAUTH_RESULT_ALLOW;
- case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
- mp = arg1;
- flags = (u_long)arg2;
-
- /* Must own the mount. */
- if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) &&
- usermount_common_policy(mp, flags) == 0)
- result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
break;
default:
