]> git.saurik.com Git - apple/xnu.git/blob - security/mac_vfs_subr.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1228.5.18.tar.gz
[apple/xnu.git] / security / mac_vfs_subr.c
1 /*
2 * Copyright (c) 2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 #include <sys/param.h>
29 #include <sys/vnode.h>
30 #include <sys/vnode_internal.h>
31 #include <sys/kauth.h>
32 #include <sys/namei.h>
33 #include <sys/mount.h>
34 #include <sys/mount_internal.h>
35 #include <sys/uio_internal.h>
36 #include <sys/xattr.h>
37
38 #include <security/mac_internal.h>
39
40 /*
41 * Caller holds reference or sets VNODE_LABEL_NEEDREF to non-zero.
42 *
43 * Function will drop lock and reference on return.
44 */
45 int
46 vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
47 struct componentname *cnp, int flags, vfs_context_t ctx)
48 {
49 int error;
50
51 error = 0;
52
53 vnode_lock(vp);
54
55 if (vp->v_lflag & VL_LABELED) {
56 if (!(flags & VNODE_LABEL_NEEDREF))
57 vnode_put_locked(vp);
58 vnode_unlock(vp);
59 return (0);
60 }
61
62 if ((flags & VNODE_LABEL_NEEDREF) && vnode_get_locked(vp)) {
63 vnode_unlock(vp);
64 return (ENOENT);
65 }
66
67 if ((vp->v_lflag & VL_LABEL) == 0) {
68 vp->v_lflag |= VL_LABEL;
69
70 /* Could sleep on disk I/O, drop lock. */
71 vnode_unlock(vp);
72 if (flags & VNODE_LABEL_CREATE)
73 error = mac_vnode_notify_create(ctx,
74 mp, dvp, vp, cnp);
75 else
76 error = mac_vnode_label_associate(mp, vp, ctx);
77 vnode_lock(vp);
78
79 if ((error == 0) && (vp->v_flag & VNCACHEABLE))
80 vp->v_lflag |= VL_LABELED;
81 vp->v_lflag &= ~VL_LABEL;
82
83 if (vp->v_lflag & VL_LABELWAIT) {
84 vp->v_lflag &= ~VL_LABELWAIT;
85 wakeup(vp->v_label);
86 }
87 vnode_put_locked(vp);
88 vnode_unlock(vp);
89 } else {
90 struct timespec ts;
91
92 ts.tv_sec = 10;
93 ts.tv_nsec = 0;
94
95 while (vp->v_lflag & VL_LABEL) {
96 vp->v_lflag |= VL_LABELWAIT;
97 error = msleep(vp->v_label, &vp->v_lock, PVFS|PDROP,
98 "vnode_label", &ts);
99 vnode_lock(vp);
100 if (error == EWOULDBLOCK) {
101 vprint("vnode label timeout", vp);
102 break;
103 }
104 }
105 /* XXX: what should be done if labeling failed (above)? */
106 vnode_put_locked(vp);
107 vnode_unlock(vp);
108 }
109
110 return (error);
111 }
112
113
114 /*
115 * Clear the "labeled" flag on a VNODE.
116 * VNODE will have label re-associated upon
117 * next call to lookup().
118 *
119 * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL
120 * Caller holds vnode lock.
121 */
122 void
123 vnode_relabel(struct vnode *vp)
124 {
125
126 /* Wait for any other labeling to complete. */
127 while (vp->v_lflag & VL_LABEL) {
128 vp->v_lflag |= VL_LABELWAIT;
129 (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_relabel", 0);
130 }
131
132 /* Clear labeled flag */
133 vp->v_lflag &= ~VL_LABELED;
134
135 return;
136 }
137
138 /*
139 * VFS XATTR helpers.
140 */
141
142 int
143 mac_vnop_setxattr (struct vnode *vp, const char *name, char *buf, size_t len)
144 {
145 vfs_context_t ctx;
146 int options = XATTR_NOSECURITY;
147 char uio_buf[ UIO_SIZEOF(1) ];
148 uio_t auio;
149 int error;
150
151 if (vfs_isrdonly(vp->v_mount))
152 return (EROFS);
153
154 ctx = vfs_context_current();
155 auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_WRITE,
156 &uio_buf[0], sizeof(uio_buf));
157 uio_addiov(auio, CAST_USER_ADDR_T(buf), len);
158
159 error = vn_setxattr(vp, name, auio, options, ctx);
160
161 return (error);
162 }
163
164 int
165 mac_vnop_getxattr (struct vnode *vp, const char *name, char *buf, size_t len,
166 size_t *attrlen)
167 {
168 vfs_context_t ctx = vfs_context_current();
169 int options = XATTR_NOSECURITY;
170 char uio_buf[ UIO_SIZEOF(1) ];
171 uio_t auio;
172 int error;
173
174 auio = uio_createwithbuffer(1, 0, UIO_SYSSPACE, UIO_READ,
175 &uio_buf[0], sizeof(uio_buf));
176 uio_addiov(auio, CAST_USER_ADDR_T(buf), len);
177
178 error = vn_getxattr(vp, name, auio, attrlen, options, ctx);
179 *attrlen = len - uio_resid(auio);
180
181 return (error);
182 }
183
184 int
185 mac_vnop_removexattr (struct vnode *vp, const char *name)
186 {
187 vfs_context_t ctx = vfs_context_current();
188 int options = XATTR_NOSECURITY;
189 int error;
190
191 if (vfs_isrdonly(vp->v_mount))
192 return (EROFS);
193
194 error = vn_removexattr(vp, name, options, ctx);
195
196 return (error);
197 }
mirror of XNU