xnu-3789.70.16.tar.gz

[apple/xnu.git] / security / mac_file.c

diff --git a/security/mac_file.c b/security/mac_file.c
index c1aa3281be8f264debe7fed9d9b435daab071d91..7f2de809cd5ec3973a7c9366f7f111cf5bc4d91a 100644 (file)
--- a/security/mac_file.c
+++ b/security/mac_file.c
@@ -193,6 +193,17 @@ mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op,
        return (error);
 }
 
+int
+mac_file_check_library_validation(struct proc *proc,
+       struct fileglob *fg, off_t slice_offset,
+       user_long_t error_message, size_t error_message_size)
+{
+       int error;
+
+       MAC_CHECK(file_check_library_validation, proc, fg, slice_offset, error_message, error_message_size);
+       return (error);
+}
+
 /*
  * On some platforms, VM_PROT_READ implies VM_PROT_EXECUTE. If that is true,
  * both prot and maxprot will have VM_PROT_EXECUTE set after file_check_mmap
@@ -228,3 +239,45 @@ mac_file_check_mmap_downgrade(struct ucred *cred, struct fileglob *fg,
 
        *prot = result;
 }
+
+
+/*
+ * fileglob XATTR helpers.
+ */
+
+int
+mac_file_setxattr(struct fileglob *fg, const char *name, char *buf, size_t len) {
+       struct vnode *vp = NULL;
+
+       if (!fg || FILEGLOB_DTYPE(fg) != DTYPE_VNODE) {
+               return EFTYPE;
+       }
+
+       vp = (struct vnode *)fg->fg_data;
+       return mac_vnop_setxattr(vp, name, buf, len);
+}
+
+int
+mac_file_getxattr(struct fileglob *fg, const char *name, char *buf, size_t len,
+               size_t *attrlen) {
+       struct vnode *vp = NULL;
+
+       if (!fg || FILEGLOB_DTYPE(fg) != DTYPE_VNODE) {
+               return EFTYPE;
+       }
+
+       vp = (struct vnode *)fg->fg_data;
+       return mac_vnop_getxattr(vp, name, buf, len, attrlen);
+}
+
+int
+mac_file_removexattr(struct fileglob *fg, const char *name) {
+       struct vnode *vp = NULL;
+
+       if (!fg || FILEGLOB_DTYPE(fg) != DTYPE_VNODE) {
+               return EFTYPE;
+       }
+
+       vp = (struct vnode *)fg->fg_data;
+       return mac_vnop_removexattr(vp, name);
+}