From owner-p4-projects@FreeBSD.ORG Mon Oct 20 16:32:19 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 227D516A4C1; Mon, 20 Oct 2003 16:32:19 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF06016A4BF for ; Mon, 20 Oct 2003 16:32:18 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF35643F3F for ; Mon, 20 Oct 2003 16:32:16 -0700 (PDT) (envelope-from Hrishikesh_Dandekar@NAI.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9KNWGXJ099405 for ; Mon, 20 Oct 2003 16:32:16 -0700 (PDT) (envelope-from Hrishikesh_Dandekar@NAI.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9KNWGB7099402 for perforce@freebsd.org; Mon, 20 Oct 2003 16:32:16 -0700 (PDT) (envelope-from Hrishikesh_Dandekar@NAI.com) Date: Mon, 20 Oct 2003 16:32:16 -0700 (PDT) Message-Id: <200310202332.h9KNWGB7099402@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to Hrishikesh_Dandekar@NAI.com using -f From: Hrishikesh Dandekar To: Perforce Change Reviews Subject: PERFORCE change 40040 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2003 23:32:19 -0000 http://perforce.freebsd.org/chv.cgi?CH=40040 Change 40040 by hdandeka@hdandeka_yash on 2003/10/20 16:31:49 Reverse Integrate the Sys V IPC and Posix sem related changes to the SEBSD module from the rishi_sebsd branch to the sebsd parent branch. Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_ipc.te#2 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_task_create.te#2 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_task_setpgid.te#2 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/flask/access_vectors#3 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/flask/security_classes#2 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/macros/global_macros.te#3 integrate .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/mls#2 integrate .. //depot/projects/trustedbsd/sebsd/sys/i386/conf/MAC#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#3 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#3 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#23 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_labels.h#6 integrate Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_ipc.te#2 (text+ko) ==== @@ -27,6 +27,7 @@ allow test_ipc_read_t test_ipc_base_t:msgq r_msgq_perms; allow test_ipc_read_t test_ipc_base_t:shm r_shm_perms; allow test_ipc_read_t test_ipc_base_t:msg {receive}; +allow test_ipc_read_t test_ipc_base_t:posix_sem r_posix_sem_perms; # Ok, not strictly a read-only domain, it needs unix_write (course # grain permission) in order to test some finer grained permissions allow test_ipc_read_t test_ipc_base_t:msgq {unix_write}; @@ -38,6 +39,7 @@ allow test_ipc_base_t test_ipc_read_t:sem rw_sem_perms; allow test_ipc_base_t test_ipc_read_t:msgq rw_msgq_perms; allow test_ipc_base_t test_ipc_read_t:shm rw_shm_perms; +allow test_ipc_base_t test_ipc_read_t:posix_sem rw_posix_sem_perms; allow test_ipc_base_t kernel_t:system { ipc_info }; # allow the associate domain to only associate with @@ -45,6 +47,7 @@ allow test_ipc_associate_t test_ipc_base_t:sem {unix_read unix_write associate}; allow test_ipc_associate_t test_ipc_base_t:shm {unix_read unix_write associate}; allow test_ipc_associate_t test_ipc_base_t:msgq {unix_read unix_write associate}; +allow test_ipc_associate_t test_ipc_base_t:posix_sem {associate}; # allow to lock down an IPC region created by self ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_task_create.te#2 (text+ko) ==== @@ -30,9 +30,10 @@ allow test_create_no_t self:unix_stream_socket connectto; # Access System V IPC objects created by processes in the same domain. allow test_create_no_t self:sem rw_sem_perms; -allow test_create_no_t self:msg { send receive }; +allow test_create_no_t self:msg { send receive destroy }; allow test_create_no_t self:msgq rw_msgq_perms; allow test_create_no_t self:shm rw_shm_perms; +allow test_create_no_t self:posix_sem rw_posix_sem_perms; # Send SIGCHLD to init. allow test_create_no_t init_t:process sigchld; # Use descriptors created by login, sshd, or newrole. ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/test/test_task_setpgid.te#2 (text+ko) ==== @@ -29,9 +29,10 @@ allow test_setpgid_no_t self:unix_stream_socket connectto; # Access System V IPC objects created by processes in the same domain. allow test_setpgid_no_t self:sem rw_sem_perms; -allow test_setpgid_no_t self:msg { send receive }; +allow test_setpgid_no_t self:msg { send receive destroy }; allow test_setpgid_no_t self:msgq rw_msgq_perms; allow test_setpgid_no_t self:shm rw_shm_perms; +allow test_setpgid_no_t self:posix_sem rw_posix_sem_perms; # Send SIGCHLD to init. allow test_setpgid_no_t init_t:process sigchld; # Use descriptors created by login, sshd, or newrole. ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/flask/access_vectors#3 (text+ko) ==== @@ -256,12 +256,19 @@ { send receive + destroy } class shm inherits ipc + +class posix_sem { - lock + associate + disassociate + destroy + write + read } ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/flask/security_classes#2 (text+ko) ==== @@ -40,4 +40,7 @@ class shm class ipc +#Posix.1b-related classes +class posix_sem + # FLASK ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/macros/global_macros.te#3 (text+ko) ==== @@ -165,7 +165,9 @@ define(`r_msgq_perms', `{ associate getattr read unix_read }') define(`rw_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }') define(`r_shm_perms', `{ associate getattr read unix_read }') -define(`rw_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }') +define(`rw_shm_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }') +define(`r_posix_sem_perms', `{ associate disassociate read }') +define(`rw_posix_sem_perms', `{ associate disassociate destroy write read }') # # Mimic the dac_override capability from linux @@ -598,9 +600,10 @@ # Access System V IPC objects created by processes in the same domain. allow $1 self:sem rw_sem_perms; -allow $1 self:msg { send receive }; +allow $1 self:msg { send receive destroy }; allow $1 self:msgq rw_msgq_perms; allow $1 self:shm rw_shm_perms; +allow $1 self:posix_sem rw_posix_sem_perms; # Use descriptors created by login, sshd, or newrole. allow $1 local_login_t:fd use; ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/mls#2 (text+ko) ==== @@ -212,11 +212,18 @@ { send : write receive : read + destroy : write } class shm + +class posix_sem { - lock : write + associate : none + disassociate : none + destroy : write + write : write + read : read } class security ==== //depot/projects/trustedbsd/sebsd/sys/i386/conf/MAC#5 (text+ko) ==== @@ -57,6 +57,7 @@ options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions +options P1003_1B_SEMAPHORES #POSIX P1003_1B semaphores options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#4 (text+ko) ==== @@ -67,7 +67,12 @@ { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" }, { SECCLASS_MSG, MSG__SEND, "send" }, { SECCLASS_MSG, MSG__RECEIVE, "receive" }, - { SECCLASS_SHM, SHM__LOCK, "lock" }, + { SECCLASS_MSG, MSG__DESTROY, "destroy" }, + { SECCLASS_POSIX_SEM, POSIX_SEM__ASSOCIATE, "associate" }, + { SECCLASS_POSIX_SEM, POSIX_SEM__DISASSOCIATE, "disassociate" }, + { SECCLASS_POSIX_SEM, POSIX_SEM__DESTROY, "destroy" }, + { SECCLASS_POSIX_SEM, POSIX_SEM__WRITE, "write" }, + { SECCLASS_POSIX_SEM, POSIX_SEM__READ, "read" }, { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" }, { SECCLASS_SECURITY, SECURITY__NOTIFY_PERM, "notify_perm" }, { SECCLASS_SECURITY, SECURITY__TRANSITION_SID, "transition_sid" }, ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#5 (text+ko) ==== @@ -527,6 +527,7 @@ #define MSG__SEND 0x0000000000000001UL #define MSG__RECEIVE 0x0000000000000002UL +#define MSG__DESTROY 0x0000000000000004UL #define SHM__WRITE 0x0000000000000020UL #define SHM__UNIX_WRITE 0x0000000000000100UL @@ -538,7 +539,11 @@ #define SHM__DESTROY 0x0000000000000002UL #define SHM__GETATTR 0x0000000000000004UL -#define SHM__LOCK 0x0000000000000200UL +#define POSIX_SEM__ASSOCIATE 0x0000000000000001UL +#define POSIX_SEM__DISASSOCIATE 0x0000000000000002UL +#define POSIX_SEM__DESTROY 0x0000000000000004UL +#define POSIX_SEM__WRITE 0x0000000000000008UL +#define POSIX_SEM__READ 0x0000000000000010UL #define SECURITY__COMPUTE_AV 0x0000000000000001UL #define SECURITY__NOTIFY_PERM 0x0000000000000002UL ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#4 (text+ko) ==== @@ -34,5 +34,6 @@ "msgq", "shm", "ipc", + "posix_sem", }; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#3 (text+ko) ==== @@ -36,6 +36,7 @@ #define SECCLASS_MSGQ 27 #define SECCLASS_SHM 28 #define SECCLASS_IPC 29 +#define SECCLASS_POSIX_SEM 30 /* * Security identifier indices for initial entities ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#4 (text+ko) ==== @@ -256,12 +256,19 @@ { send receive + destroy } class shm inherits ipc + +class posix_sem { - lock + associate + disassociate + destroy + write + read } ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#3 (text+ko) ==== @@ -40,4 +40,7 @@ class shm class ipc +#Posix.1b-related classes +class posix_sem + # FLASK ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#23 (text+ko) ==== @@ -52,7 +52,13 @@ #include #include #include +#include +#include +#include +#include +#include + #include #include @@ -378,6 +384,16 @@ } static void +sebsd_init_ipc_label(struct label *label) +{ + struct ipc_security_struct *new; + + new = malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK); + new->sid = SECINITSID_UNLABELED; + SLOT(label) = new; +} + +static void sebsd_destroy_label(struct label *label) { @@ -393,6 +409,16 @@ } static void +sebsd_cleanup_ipc_label(struct label *label) +{ + struct ipc_security_struct *ipcsec; + + ipcsec = SLOT(label); + bzero(ipcsec, sizeof(struct ipc_security_struct)); + ipcsec->sid = SECINITSID_UNLABELED; +} + +static void sebsd_associate_vnode_devfs(struct mount *mp, struct label *fslabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) @@ -521,6 +547,90 @@ } static void +sebsd_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + struct task_security_struct *tsec; + struct ipc_security_struct *msqsec; + struct ipc_security_struct *msgsec; + + tsec = SLOT(&cred->cr_label); + msqsec = SLOT(msqlabel); + msgsec = SLOT(msglabel); + + bzero(msgsec, sizeof(*msgsec)); + msgsec->sclass = SECCLASS_MSG; + + /* XXX should we return an error if security_transition_sid, + * Or, should we assign the msg object the thread sid? + */ + if(security_transition_sid(tsec->sid, msqsec->sid, + SECCLASS_MSG, &msgsec->sid) < 0) { + printf("Warning: security_transition_sid failed on + create_ipc_msgmsg\n"); + printf("Assigning the requesting thread's sid to the msg\n"); + msgsec->sid = tsec->sid; + } +} + +static void +sebsd_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + struct task_security_struct *tsec; + struct ipc_security_struct *ipcsec; + + tsec = SLOT(&cred->cr_label); + ipcsec = SLOT(msqlabel); + + ipcsec->sid = tsec->sid; + ipcsec->sclass = SECCLASS_MSGQ; +} + +static void +sebsd_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + struct task_security_struct *tsec; + struct ipc_security_struct *ipcsec; + + tsec = SLOT(&cred->cr_label); + ipcsec = SLOT(semalabel); + + ipcsec->sid = tsec->sid; + ipcsec->sclass = SECCLASS_SEM; +} + +static void +sebsd_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + struct task_security_struct *tsec; + struct ipc_security_struct *ipcsec; + + tsec = SLOT(&cred->cr_label); + ipcsec = SLOT(shmlabel); + + ipcsec->sid = tsec->sid; + ipcsec->sclass = SECCLASS_SHM; +} + +static void +sebsd_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct task_security_struct *tsec; + struct ipc_security_struct *ipcsec; + + tsec = SLOT(&cred->cr_label); + ipcsec = SLOT(ks_label); + + ipcsec->sid = tsec->sid; + ipcsec->sclass = SECCLASS_POSIX_SEM; + +} + +static void sebsd_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) @@ -1976,6 +2086,270 @@ FD__USE, NULL)); } +static int +ipc_has_perm(struct ucred *cred, struct label *label, access_vector_t perm) +{ + struct task_security_struct *task; + struct ipc_security_struct *ipcsec; + + task = SLOT(&cred->cr_label); + ipcsec = SLOT(label); + + /* + * TBD: No audit information yet + */ + + return(avc_has_perm_ref(task->sid, ipcsec->sid, ipcsec->sclass, + perm, &ipcsec->avcr)); +} + +static int +sebsd_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr) +{ + + return(ipc_has_perm(cred, &msgptr->label, MSG__RECEIVE)); +} + +static int +sebsd_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr) +{ + + return(ipc_has_perm(cred, &msgptr->label, MSG__DESTROY)); +} + +static int +sebsd_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) +{ + + return(ipc_has_perm(cred, &msqkptr->label, MSGQ__ASSOCIATE)); +} + +static int +sebsd_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) +{ + + /* Can this process write to the queue? */ + return(ipc_has_perm(cred, &msqkptr->label, MSGQ__WRITE)); +} + +static int +sebsd_check_ipc_msgmsq(struct ucred *cred, struct msg *msgptr, + struct msqid_kernel *msqkptr) +{ + int rc; + struct task_security_struct *task; + struct ipc_security_struct *msgsec; + struct ipc_security_struct *msqsec; + + task = SLOT(&cred->cr_label); + msgsec = SLOT(&msgptr->label); + msqsec = SLOT(&msqkptr->label); + + /* + * TBD: No audit information yet + */ + + /* Can this process send the message */ + rc = avc_has_perm_ref(task->sid, msgsec->sid, msgsec->sclass, + MSG__SEND, &msgsec->avcr); + if (rc) + return (rc); + + /* Can the message be put in the message queue? */ + return(avc_has_perm_ref(msgsec->sid, msqsec->sid, msqsec->sclass, + MSGQ__ENQUEUE, &msqsec->avcr)); +} + +static int +sebsd_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) +{ + + return(ipc_has_perm(cred, &msqkptr->label, MSGQ__READ)); +} + +static int +sebsd_check_ipc_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + int cmd) +{ + access_vector_t perm; + + switch(cmd) { + case IPC_RMID: + perm = MSGQ__DESTROY; + break; + case IPC_SET: + perm = MSGQ__SETATTR; + break; + case IPC_STAT: + perm = MSGQ__GETATTR | MSGQ__ASSOCIATE; + break; + default: + return (EACCES); + } + + /* + * TBD: No audit information yet + */ + return(ipc_has_perm(cred, &msqkptr->label, perm)); +} + +static int +sebsd_check_ipc_semctl(struct ucred *cred, struct semid_kernel *semakptr, + int cmd) +{ + access_vector_t perm; + + switch(cmd) { + case GETPID: + case GETNCNT: + case GETZCNT: + perm = SEM__GETATTR; + break; + case GETVAL: + case GETALL: + perm = SEM__READ; + break; + case SETVAL: + case SETALL: + perm = SEM__WRITE; + break; + case IPC_RMID: + perm = SEM__DESTROY; + break; + case IPC_SET: + perm = SEM__SETATTR; + break; + case IPC_STAT: + perm = SEM__GETATTR | SEM__ASSOCIATE; + break; + default: + return (EACCES); + } + + /* + * TBD: No audit information yet + */ + return(ipc_has_perm(cred, &semakptr->label, perm)); +} + +static int +sebsd_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr) +{ + + return(ipc_has_perm(cred, &semakptr->label, SEM__ASSOCIATE)); +} + +static int +sebsd_check_ipc_semop(struct ucred *cred, struct semid_kernel *semakptr, + size_t accesstype) +{ + access_vector_t perm; + perm = 0UL; + + if( accesstype & SEM_R ) + perm = SEM__READ; + if( accesstype & SEM_A ) + perm = SEM__READ | SEM__WRITE; + + return(ipc_has_perm(cred, &semakptr->label, perm)); +} + +static int +sebsd_check_ipc_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + int shmflg) +{ + access_vector_t perm; + + if (shmflg & SHM_RDONLY) + perm = SHM__READ; + else + perm = SHM__READ | SHM__WRITE; + + return(ipc_has_perm(cred, &shmsegptr->label, perm)); +} + +static int +sebsd_check_ipc_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + int cmd) +{ + access_vector_t perm; + + switch(cmd) { + case IPC_RMID: + perm = SHM__DESTROY; + break; + case IPC_SET: + perm = SHM__SETATTR; + break; + case IPC_STAT: + case SHM_STAT: + perm = SHM__GETATTR | SHM__ASSOCIATE; + break; + default: + return (EACCES); + } + + return(ipc_has_perm(cred, &shmsegptr->label, perm)); + +} + +static int +sebsd_check_ipc_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + int shmflg) +{ + + return(ipc_has_perm(cred, &shmsegptr->label, SHM__ASSOCIATE)); +} + +static int +sebsd_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DISASSOCIATE)); +} + +static int +sebsd_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY)); +} + +static int +sebsd_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__READ)); +} + +static int +sebsd_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__ASSOCIATE)); +} + +static int +sebsd_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE)); +} + +static int +sebsd_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY)); +} + +static int +sebsd_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +{ + + return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE)); +} + static struct mac_policy_ops sebsd_ops = { /* Init Labels */ .mpo_init = sebsd_init, @@ -1984,11 +2358,16 @@ .mpo_init_devfsdirent_label = sebsd_init_vnode_label, .mpo_init_file_label = sebsd_init_file_label, .mpo_init_ifnet_label = sebsd_init_network_label, + .mpo_init_ipc_msgmsg_label = sebsd_init_ipc_label, + .mpo_init_ipc_msgqueue_label = sebsd_init_ipc_label, + .mpo_init_ipc_sema_label = sebsd_init_ipc_label, + .mpo_init_ipc_shm_label = sebsd_init_ipc_label, .mpo_init_ipq_label = sebsd_init_network_label_waitcheck, .mpo_init_mbuf_label = sebsd_init_network_label_waitcheck, .mpo_init_mount_label = sebsd_init_mount_label, .mpo_init_mount_fs_label = sebsd_init_mount_fs_label, .mpo_init_pipe_label = sebsd_init_vnode_label, + .mpo_init_posix_ksem_label = sebsd_init_ipc_label, .mpo_init_socket_label = sebsd_init_network_label_waitcheck, .mpo_init_socket_peer_label = sebsd_init_network_label_waitcheck, .mpo_init_vnode_label = sebsd_init_vnode_label, @@ -1999,12 +2378,17 @@ .mpo_destroy_cred_label = sebsd_destroy_label, .mpo_destroy_devfsdirent_label = sebsd_destroy_label, .mpo_destroy_ifnet_label = sebsd_destroy_label, + .mpo_destroy_ipc_msgmsg_label = sebsd_destroy_label, + .mpo_destroy_ipc_msgqueue_label = sebsd_destroy_label, + .mpo_destroy_ipc_sema_label = sebsd_destroy_label, + .mpo_destroy_ipc_shm_label = sebsd_destroy_label, .mpo_destroy_ipq_label = sebsd_destroy_label, .mpo_destroy_mbuf_label = sebsd_destroy_label, .mpo_destroy_file_label = sebsd_destroy_label, .mpo_destroy_mount_label = sebsd_destroy_label, .mpo_destroy_mount_fs_label = sebsd_destroy_label, .mpo_destroy_pipe_label = sebsd_destroy_label, + .mpo_destroy_posix_ksem_label = sebsd_destroy_label, .mpo_destroy_socket_label = sebsd_destroy_label, .mpo_destroy_socket_peer_label = sebsd_destroy_label, .mpo_destroy_vnode_label = sebsd_destroy_label, @@ -2054,9 +2438,14 @@ .mpo_create_devfs_directory = sebsd_create_devfs_directory, .mpo_create_devfs_symlink = sebsd_create_devfs_symlink, .mpo_create_file = sebsd_create_file, + .mpo_create_ipc_msgmsg = sebsd_create_ipc_msgmsg, + .mpo_create_ipc_msgqueue = sebsd_create_ipc_msgqueue, + .mpo_create_ipc_sema = sebsd_create_ipc_sema, + .mpo_create_ipc_shm = sebsd_create_ipc_shm, /* .mpo_create_mbuf_from_socket = sebsd_create_mbuf_from_socket, */ .mpo_create_mount = sebsd_create_mount, .mpo_create_pipe = sebsd_create_pipe, + .mpo_create_posix_ksem = sebsd_create_posix_ksem, .mpo_create_proc0 = sebsd_create_proc0, .mpo_create_proc1 = sebsd_create_proc1, .mpo_create_root_mount = sebsd_create_root_mount, @@ -2086,6 +2475,20 @@ .mpo_check_mount = sebsd_check_mount, .mpo_check_umount = sebsd_check_umount, .mpo_check_remount = sebsd_check_remount, + .mpo_check_ipc_msgrcv = sebsd_check_ipc_msgrcv, + .mpo_check_ipc_msgrmid = sebsd_check_ipc_msgrmid, + .mpo_check_ipc_msqget = sebsd_check_ipc_msqget, + .mpo_check_ipc_msqsnd = sebsd_check_ipc_msqsnd, + .mpo_check_ipc_msgmsq = sebsd_check_ipc_msgmsq, + .mpo_check_ipc_msqrcv = sebsd_check_ipc_msqrcv, + .mpo_check_ipc_msqctl = sebsd_check_ipc_msqctl, + .mpo_check_ipc_semctl = sebsd_check_ipc_semctl, + .mpo_check_ipc_semget = sebsd_check_ipc_semget, + .mpo_check_ipc_semop = sebsd_check_ipc_semop, + .mpo_check_ipc_shmat = sebsd_check_ipc_shmat, + .mpo_check_ipc_shmctl = sebsd_check_ipc_shmctl, + /* .mpo_check_ipc_shmdt = sebsd_check_ipc_shmdt, */ + .mpo_check_ipc_shmget = sebsd_check_ipc_shmget, .mpo_check_mount_stat = sebsd_check_mount_stat, .mpo_check_pipe_ioctl = sebsd_check_pipe_ioctl, @@ -2095,6 +2498,14 @@ .mpo_check_pipe_stat = sebsd_check_pipe_stat, .mpo_check_pipe_write = sebsd_check_pipe_write, + .mpo_check_posix_sem_close = sebsd_check_posix_sem_close, + .mpo_check_posix_sem_destroy = sebsd_check_posix_sem_destroy, + .mpo_check_posix_sem_getvalue = sebsd_check_posix_sem_getvalue, + .mpo_check_posix_sem_openexisting = sebsd_check_posix_sem_openexisting, + .mpo_check_posix_sem_post = sebsd_check_posix_sem_post, + .mpo_check_posix_sem_unlink = sebsd_check_posix_sem_unlink, + .mpo_check_posix_sem_wait = sebsd_check_posix_sem_wait, + .mpo_check_proc_debug = sebsd_check_proc_debug, .mpo_check_proc_sched = sebsd_check_proc_sched, .mpo_check_proc_signal = sebsd_check_proc_signal, @@ -2143,7 +2554,10 @@ .mpo_setlabel_vnode_extattr = sebsd_setlabel_vnode_extattr, /*.mpo_set_socket_peer_from_mbuf = sebsd_set_socket_peer_from_mbuf,*/ /*.mpo_set_socket_peer_from_socket = sebsd_set_socket_peer_from_socket,*/ - + .mpo_cleanup_ipc_msgmsg = sebsd_cleanup_ipc_label, + .mpo_cleanup_ipc_msgqueue = sebsd_cleanup_ipc_label, + .mpo_cleanup_ipc_sema = sebsd_cleanup_ipc_label, + .mpo_cleanup_ipc_shm = sebsd_cleanup_ipc_label, .mpo_syscall = sebsd_syscall, }; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_labels.h#6 (text+ko) ==== @@ -65,6 +65,12 @@ struct avc_entry_ref avcr; }; +struct ipc_security_struct { + security_id_t sid; + security_class_t sclass; + struct avc_entry_ref avcr; +}; + struct mount_security_struct { security_id_t sid; /* SID of file system */ #ifndef __FreeBSD__