diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2025-11-06 22:15:45 -0600 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2026-01-15 18:23:39 -0600 |
| commit | 626fe12e2801a06c59eaa056ecf11f573e30ecbb (patch) | |
| tree | b09ed047631a3433d69e0669fbd10727c63aca13 /sys | |
| parent | 31c2728185d1705634ff84c93936a4c91a651b22 (diff) | |
kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.
We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53957
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 3e9908fb9da9..2a8b8d1f18ce 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -90,6 +90,35 @@ struct mac32 { }; #endif +static int +mac_label_copyin_string(struct mac *const mac, char **const u_string, + int flag) +{ + char *buffer; + int error; + + error = mac_check_structmac_consistent(mac); + if (error != 0) + return (error); + + /* 'm_buflen' not too big checked by function call above. */ + buffer = malloc(mac->m_buflen, M_MACTEMP, flag); + if (buffer == NULL) + return (ENOMEM); + + error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); + if (error != 0) { + free(buffer, M_MACTEMP); + return (error); + } + + MPASS(error == 0); + if (u_string != NULL) + *u_string = mac->m_string; + mac->m_string = buffer; + return (0); +} + /* * Copyin a 'struct mac', including the string pointed to by 'm_string'. * @@ -101,7 +130,6 @@ int mac_label_copyin(const void *const u_mac, struct mac *const mac, char **const u_string) { - char *buffer; int error; #ifdef COMPAT_FREEBSD32 @@ -122,23 +150,7 @@ mac_label_copyin(const void *const u_mac, struct mac *const mac, return (error); } - error = mac_check_structmac_consistent(mac); - if (error != 0) - return (error); - - /* 'm_buflen' not too big checked by function call above. */ - buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL); - if (error != 0) { - free(buffer, M_MACTEMP); - return (error); - } - - MPASS(error == 0); - if (u_string != NULL) - *u_string = mac->m_string; - mac->m_string = buffer; - return (0); + return (mac_label_copyin_string(mac, u_string, M_WAITOK)); } void |