From owner-trustedbsd-cvs@FreeBSD.ORG Fri Oct 6 13:22:22 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8940516A416 for ; Fri, 6 Oct 2006 13:22:22 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7573243D58 for ; Fri, 6 Oct 2006 13:22:21 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 5015346C8F for ; Fri, 6 Oct 2006 09:22:20 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 4B78457088; Fri, 6 Oct 2006 13:22:18 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 2939816A47C; Fri, 6 Oct 2006 13:22:18 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D57F316A403 for ; Fri, 6 Oct 2006 13:22:17 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BC0143D66 for ; Fri, 6 Oct 2006 13:22:13 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k96DMDH6004591 for ; Fri, 6 Oct 2006 13:22:13 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k96DMC6B004586 for perforce@freebsd.org; Fri, 6 Oct 2006 13:22:12 GMT (envelope-from millert@freebsd.org) Date: Fri, 6 Oct 2006 13:22:12 GMT Message-Id: <200610061322.k96DMC6B004586@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107356 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 13:22:22 -0000 http://perforce.freebsd.org/chv.cgi?CH=107356 Change 107356 by millert@millert_g5tower on 2006/10/06 13:21:44 Some minor policy function name renaming. Add vnode_label1(), a simplified version of vnode_label(). Add vnode_relabel() which clears the VL_LABELED flag causing the vnode to be relabeled at next lookup/reference. Perform vnode labeling in vnode_getiocount(). This routine is called by: vget_internal() vnode_getwithvid() vnode_getwithref() This closes a theoretical race, not actually reproduced. Change mpo_vnode_label_update_extattr_t to return int, non-zero indicating to the framework that the vnode label should be refreshed. Call vnode_relabel() in mac_vnode_label_update_extattr() if policies indicate that the vnode label should be refreshed. This resolves the 'update' race. Hold vnode lock across call to mpo_vnode_label_update(). This resolves the 'setlabel' race. Update policies to conform to new semantics of mpo_vnode_label_update_extattr. Generally this means that the function is gutted and replaced with a strcmp(). Remove the LCTX label entrypoints from MLS. Add sysctl to 'vanity' to enable iowait simulation. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.cpp#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.cpp#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#17 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#13 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#10 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#12 edit .. //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#23 edit .. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#11 edit .. //depot/projects/trustedbsd/sedarwin8/policies/vanity/vanity.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/sefos-install.txt#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.cpp#2 (text+ko) ==== @@ -147,7 +147,7 @@ IOLog("%s/%s ", mdata->data[k].key, mdata->data[k].value); IOLog("\n"); #endif - error = mac_check_device_allowed(MAC_DEVICE_FIREWIRE, mdata); + error = mac_iokit_check_device(MAC_DEVICE_FIREWIRE, mdata); kmem_free(kernel_map, (vm_offset_t)mdata, mdata->size); if (error == 0) { IOLog("%s: com_sparta_driver_DeviceAccessControlFireWire device allowed\n", getName()); ==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.h#2 (text+ko) ==== @@ -52,7 +52,7 @@ extern "C" vm_map_t kernel_map; extern "C" void kmem_free(vm_map_t map, vm_offset_t addr, vm_size_t size); -extern "C" int mac_check_device_allowed(int, struct mac_module_data *); +extern "C" int mac_iokit_check_device(int, struct mac_module_data *); // Uncomment to enable debug output #define DEVICEACCESSCONTROL_DEBUG 1 ==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.cpp#2 (text+ko) ==== @@ -83,7 +83,7 @@ #define NUM_DESCRIPTORS 10 /* * Get the descriptor information from the device and pass it to - * mac_check_device_allowed() to determine whether the device is allowed. + * mac_iokit_check_device() to determine whether the device is allowed. */ IOService *com_sparta_driver_DeviceAccessControlUSB::probe(IOService *provider, SInt32 *score) { @@ -154,7 +154,7 @@ mdata->data[k].value, mdata->data[k].value_size); IOLog("\n"); #endif - error = mac_check_device_allowed(MAC_DEVICE_USB, mdata); + error = mac_iokit_check_device(MAC_DEVICE_USB, mdata); kmem_free(kernel_map, (vm_offset_t)mdata, mdata->size); if (error == 0) { IOLog("%s: com_sparta_driver_DeviceAccessControlUSB device allowed\n", getName()); ==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.h#2 (text+ko) ==== @@ -51,7 +51,7 @@ extern "C" vm_map_t kernel_map; extern "C" void kmem_free(vm_map_t map, vm_offset_t addr, vm_size_t size); -extern "C" int mac_check_device_allowed(int, struct mac_module_data *); +extern "C" int mac_iokit_check_device(int, struct mac_module_data *); // Uncomment to enable debug output #define DEVICEACCESSCONTROL_DEBUG 1 ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#5 (text+ko) ==== @@ -101,7 +101,7 @@ #ifdef MAC if (error) return (error); - error = mac_system_check_reboot(kauth_cred_get(), uap->opt); + error = mac_system_check_reboot(proc_ucred(p), uap->opt); #endif if (!error) { SET(p->p_flag, P_REBOOT); /* No more signals for this proc */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#5 (text+ko) ==== @@ -3400,6 +3400,19 @@ vnode_unlock(vp); return(ENOENT); } +#ifdef MAC + if (vnode_mount(vp) != NULL && + vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL) { + int error; + + error = vnode_label1(vp); + if (error) { + if (!locked) + vnode_unlock(vp); + return (error); + } + } +#endif /* * will return VL_DEAD ones */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#17 (text+ko) ==== @@ -927,7 +927,6 @@ mac_policy_release_exclusive(); mac_policy_removefrom_labellist(handle); - if (mpc->mpc_data) { struct mac_module_data *mmd = mpc->mpc_data; kfree(mmd, mmd->size); @@ -1875,7 +1874,7 @@ error = mpc->mpc_ops->mpo_policy_syscall(p, uap->call, uap->arg); break; - } + } } if (mac_policy_list_conditional_busy() != 0) { for (; i <= mac_policy_list.maxindex; i++) { ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#7 (text+ko) ==== @@ -127,7 +127,7 @@ void mac_vnode_label_destroy(struct vnode *); int mac_mount_label_internalize(struct label *, char *string); int mac_mount_label_externalize(struct label *label, char *elements, - char *outbuf, size_t outbuflen); + char *outbuf, size_t outbuflen); int mac_mount_label_get(struct mount *mp, user_addr_t mac_p); struct label *mac_cred_label_alloc(void); @@ -170,6 +170,8 @@ #define VNODE_LABEL_NEEDREF 2 int vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp, int flags, vfs_context_t ctx); +int vnode_label1(struct vnode *vp); +void vnode_relabel(struct vnode *vp); /* * Labeling event operations: Posix IPC primitives @@ -218,7 +220,7 @@ void mac_cred_label_associate(struct ucred *cred_parent, struct ucred *cred_child); int mac_execve_enter(user_addr_t mac_p, struct label *execlabel); #if 0 -void mac_execve_exit(struct image_params *imgp); +void mac_execve_exit(struct image_params *imgp); #endif void mac_cred_label_update_execve(struct ucred *old, struct ucred *newcred, struct vnode *vp, struct label *scriptvnodelabel, @@ -242,7 +244,7 @@ void mac_pipe_label_copy(struct label *src, struct label *dest); void mac_pipe_label_associate(struct ucred *cred, struct pipe *cpipe); int mac_pipe_label_update(struct ucred *cred, struct pipe *cpipe, - struct label *label); + struct label *label); /* * Label cleanup operation: This is the inverse complement for the mac_create @@ -337,7 +339,7 @@ int mac_pipe_check_kqfilter(struct ucred *cred, struct knote *kn, struct pipe *cpipe); int mac_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe, - u_long com, void *data); + unsigned long cmd, void *data); int mac_pipe_check_read(struct ucred *cred, struct pipe *cpipe); int mac_pipe_check_select(struct ucred *cred, struct pipe *cpipe, int which); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#7 (text+ko) ==== @@ -31,8 +31,7 @@ void mac_task_label_update_internal(struct label *pl, struct task *t); int mac_port_label_compute(struct label *subj, struct label *obj, const char *serv, struct label *out); -int mac_port_check_method(struct label *task, struct label *port, - int msgid); +int mac_port_check_method(struct label *task, struct label *port, int msgid); #ifdef MAC void mac_policy_init(void); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#6 (text+ko) ==== @@ -71,7 +71,7 @@ * On failure, caller should cleanup with m_tag_free(). */ int -mac_mbuf_tag_init (struct m_tag *tag, int flag) +mac_mbuf_tag_init(struct m_tag *tag, int flag) { struct label *label; int error; @@ -87,7 +87,7 @@ } void -mac_mbuf_tag_destroy (struct m_tag *tag) +mac_mbuf_tag_destroy(struct m_tag *tag) { struct label *label; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#13 (text+ko) ==== @@ -855,8 +855,12 @@ This entry point is called after the label update has occurred, so it cannot return a failure. However, the operation is preceded by the mpo_vnode_check_setextattr() access control check. + + If the vnode label needs to be updated the policy should return + a non-zero value. The vnode label will be marked for re-association + by the framework. */ -typedef void mpo_vnode_label_update_extattr_t( +typedef int mpo_vnode_label_update_extattr_t( struct mount *mp, struct label *mntlabel, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#10 (text+ko) ==== @@ -48,7 +48,7 @@ #include /* convert {R,W,X}_OK values to V{READ,WRITE,EXEC} */ -#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6) +#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6) static struct label * mac_devfsdirent_label_alloc(void) @@ -286,14 +286,28 @@ return (error); } +/* + * Extended attribute 'name' was updated via + * vn_setxattr() or vn_removexattr(). Allow the + * policy to update the vnode label. + */ void mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp, const char *name) { + int error; - ASSERT_VOP_LOCKED(vp, __func__); - MAC_PERFORM(vnode_label_update_extattr, mp, mp->mnt_mntlabel, vp, + error = 0; + + MAC_CHECK(vnode_label_update_extattr, mp, mp->mnt_mntlabel, vp, vp->v_label, name); + if (error == 0) + return; + + vnode_lock(vp); + vnode_relabel(vp); + vnode_unlock(vp); + return; } static int @@ -931,7 +945,9 @@ mac_vnode_label_update(struct ucred *cred, struct vnode *vp, struct label *newlabel) { + vnode_lock(vp); MAC_PERFORM(vnode_label_update, cred, vp, vp->v_label, newlabel); + vnode_unlock(vp); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#5 (text+ko) ==== @@ -65,7 +65,7 @@ vp->v_lflag |= VL_LABELWAIT; error = msleep(vp->v_label, &vp->v_lock, PVFS|PDROP, - "vnode label", &ts); + "vnode_label", &ts); if (error == EWOULDBLOCK) vprint("vnode label timeout", vp); vnode_put(vp); @@ -78,6 +78,68 @@ } /* + * Perform label association. + * + * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL + * Caller holds vnode lock. + */ +int +vnode_label1(struct vnode *vp) +{ + int error; + + error = 0; + + if ((vp->v_lflag & (VL_LABEL|VL_LABELED)) == 0) { + vp->v_lflag |= VL_LABEL; + + /* Could sleep on disk I/O, drop lock. */ + vnode_unlock(vp); + error = mac_vnode_label_associate_extattr(vnode_mount(vp), vp); + vnode_lock(vp); + + vp->v_lflag |= VL_LABELED; + vp->v_lflag &= ~VL_LABEL; + if (vp->v_lflag & VL_LABELWAIT) { + vp->v_lflag &= ~VL_LABELWAIT; + wakeup(vp->v_label); + } + } else + /* Wait for other labeling to complete. */ + if (vp->v_lflag & VL_LABEL) { + vp->v_lflag |= VL_LABELWAIT; + (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_label", 0); + + } + + return (error); +} + +/* + * Clear the "labeled" flag on a VNODE. + * VNODE will have label re-associated upon + * next call to lookup()/vnode_getiocount(). + * + * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL + * Caller holds vnode lock. + */ +void +vnode_relabel(struct vnode *vp) +{ + + /* Wait for other labeling to complete. */ + while (vp->v_lflag & VL_LABEL) { + vp->v_lflag |= VL_LABELWAIT; + (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_relabel", 0); + } + + /* Clear labeled flag */ + vp->v_lflag &= ~VL_LABELED; + + return; +} + +/* * VFS XATTR helpers. */ ==== //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#7 (text+ko) ==== @@ -353,25 +353,14 @@ return (error); } -static void +static int color_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { - int error; - size_t buflen = 16; - char buf[buflen]; - co_setlabel(vlabel, NULL); - error = mac_vnop_getxattr(vp, MAC_COLOR_XATTR_NAME, buf, - sizeof(buf), &buflen); - - /* It's ok to have a NULL file label */ - if (error) - return; - - co_setlabelstring(vlabel, buf); - - return; + if (bcmp(name, MAC_COLOR_XATTR_NAME, sizeof(MAC_COLOR_XATTR_NAME)) != 0) + return (0); + return (1); } @@ -381,7 +370,6 @@ { int error; struct color *color; - struct vfs_context context; color = co_getlabel(intlabel); if (color == NULL) ==== //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#6 (text+ko) ==== @@ -320,7 +320,7 @@ * Add a reference to 'src' to 'dst'. */ static void -mac_console_reference_label (struct label *src, struct label *dest) +mac_console_label_reference (struct label *src, struct label *dest) { struct mac_console *mc; @@ -349,12 +349,12 @@ #ifdef APPLE static void -mac_console_cred_create (struct ucred *parent_cred, struct ucred *child_cred) +mac_console_cred_label_associate (struct ucred *parent_cred, struct ucred *child_cred) { if (parent_cred == NULL || child_cred == NULL) return; - mac_console_reference_label(parent_cred->cr_label, child_cred->cr_label); + mac_console_label_reference(parent_cred->cr_label, child_cred->cr_label); } #endif @@ -505,7 +505,7 @@ kauth_cred_rele(oldcred); #endif - mac_console_reference_label(l->lc_label, p->p_ucred->cr_label); + mac_console_label_reference(l->lc_label, p->p_ucred->cr_label); return; } @@ -513,7 +513,7 @@ mac_console_lctx_notify_join (struct proc *p, struct lctx *l) { - mac_console_reference_label(l->lc_label, p->p_ucred->cr_label); + mac_console_label_reference(l->lc_label, p->p_ucred->cr_label); return; } @@ -629,7 +629,7 @@ #endif if (error) { sbuf_delete(sb); - return (error); + return (0); } sbuf_finish(sb); @@ -749,9 +749,9 @@ .mpo_cred_label_destroy = mac_console_label_destroy, #if defined(__FreeBSD__) - .mpo_cred_label_copy = mac_console_reference_label, + .mpo_copy_cred_label = mac_console_label_reference, #elif defined(__APPLE__) - .mpo_cred_label_associate = mac_console_cred_create, + .mpo_cred_label_associate = mac_console_cred_label_associate, #endif .mpo_cred_label_externalize = mac_console_label_externalize, .mpo_cred_label_internalize = mac_console_label_internalize, @@ -773,7 +773,7 @@ .mpo_vnode_label_internalize = mac_console_label_internalize, .mpo_vnode_label_update = mac_console_vnode_label_update, - .mpo_vnode_label_associate_extattr = mac_console_vnode_label_associate_extattr, + .mpo_vnode_label_associate_extattr= mac_console_vnode_label_associate_extattr, .mpo_vnode_label_store = mac_console_vnode_label_store, .mpo_vnode_check_access = mac_console_vnode_check_open, ==== //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#3 (text+ko) ==== @@ -30,6 +30,8 @@ #include +static mac_policy_handle_t mac_device_access_handle; + /* * define DA_DEBUG to display run-time debugging information * #define DA_DEBUG 1 @@ -126,8 +128,6 @@ }; static unsigned int devlist_ents = sizeof(devlist) / sizeof(struct allowed_devs); -static mac_policy_handle_t device_access_handle; - /* * SYSCTL entry points */ @@ -181,7 +181,7 @@ } static int -device_access_check_device(int devtype, struct mac_module_data *mdata) +device_access_iokit_check_device(int devtype, struct mac_module_data *mdata) { unsigned int matches; unsigned int i, j; @@ -212,8 +212,8 @@ .mpo_policy_destroy = device_access_policy_destroy, .mpo_policy_init = device_access_policy_init, .mpo_policy_initbsd = device_access_policy_initbsd, - .mpo_iokit_check_device = device_access_check_device, + .mpo_iokit_check_device = device_access_iokit_check_device, }; -MAC_POLICY_SET(device_access_handle, &mac_device_access_ops, device_access, +MAC_POLICY_SET(mac_device_access_handle, &mac_device_access_ops, device_access, POLICY_DESC, NULL, 0, NULL, 0, 0); ==== //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#6 (text+ko) ==== @@ -217,14 +217,14 @@ return (0); } -static void +static int extattr_test_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { XA_TRACE; XA_VALID(vlabel, "update"); DPRINTF(("%s called for %s!\n", __FUNCTION__, name)); - return; + return (0); } /* @@ -300,7 +300,7 @@ XA_TRACE; if (!mac_extattr_test_enabled) return(0); - XA_VALID(vlabel, "vnode_create"); + XA_VALID(vlabel, "vnode_label_associate"); xa_filllabel(SLOT(vlabel)); error = mac_vnop_setxattr(vp, MAC_EXTATTR_XATTR_NAME, (char *)SLOT(vlabel), XA_SIZE); ==== //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#6 (text+ko) ==== @@ -120,7 +120,7 @@ } static void -mac_fwinteg_finalize(void) +mac_fwinteg_notify_finalize(void) { struct policy_entry *pe; @@ -138,7 +138,7 @@ .mpo_policy_init = mac_fwinteg_policy_init, .mpo_base_check_module_load = mac_fwinteg_base_check_module_load, .mpo_base_check_module_unload = mac_fwinteg_base_check_module_unload, - .mpo_base_notify_finalize = mac_fwinteg_finalize + .mpo_base_notify_finalize = mac_fwinteg_notify_finalize }; MAC_POLICY_SET(mac_fwinteg_handle, &mac_fwinteg_ops, fwinteg, POLICY_DESC, ==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#12 (text+ko) ==== @@ -627,7 +627,7 @@ static void -mac_mls_cleanup_label(struct label *label) +mac_mls_recycle_label(struct label *label) { bzero(SLOT(label), sizeof(struct mac_mls)); @@ -924,7 +924,7 @@ (rangelow == NULL && rangehigh == NULL), ("mac_mls_parse: range mismatch")); - bzero(mac_mls, sizeof(*mac_mls)); + bzero(mac_mls, sizeof(struct mac_mls)); if (effective != NULL) { error = mac_mls_parse_element(&mac_mls->mm_effective, effective); if (error) @@ -1200,7 +1200,7 @@ dest = SLOT(vlabel); buflen = 0; - bzero(&temp, sizeof(temp)); + bzero(&temp, sizeof(struct mac_mls)); error = mac_vnop_getxattr(vp, MAC_MLS_EXTATTR_NAME, (char *)&temp, sizeof(temp), &buflen); @@ -1231,58 +1231,14 @@ return (0); } -static void +static int mac_mls_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { - struct mac_mls temp, *source, *dest; - size_t buflen; - int error; if (bcmp(name, MAC_MLS_EXTATTR_NAME, sizeof(MAC_MLS_EXTATTR_NAME)) != 0) - return; - - source = SLOT(mntlabel); - dest = SLOT(vlabel); - - /* The vnode label had a previous value */ - /* XXX: bzero(dest, sizeof(dest)); */ - - buflen = 0; - bzero(&temp, sizeof(temp)); - - error = mac_vnop_getxattr(vp, MAC_MLS_EXTATTR_NAME, - (char *)&temp, sizeof(temp), &buflen); - if (error) - goto out; - - if (buflen != sizeof(temp)) { - printf("mac_mls_vnode_label_update_extattr: bad size %d\n", - buflen); - MLS_MESSAGE("mac_mls_vnode_label_update_extattr : EPERM\n"); - goto out; - } - if (mac_mls_valid(&temp) != 0) { - printf("mac_mls_vnode_label_update_extattr: invalid\n"); - MLS_MESSAGE("mac_mls_vnode_label_update_extattr : EPERM\n"); - goto out; - } - if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { - printf("mac_mls_vnode_label_update_extattr: not effective\n"); - goto out; - } - - mac_mls_copy_effective(&temp, dest); - return; - -out: - /* - * The operation has already been permitted via - * mac_mls_vnode_check_setextattr, we cannot fail here. - * Instead, fall back to the mntlabel. - */ - mac_mls_copy_effective(source, dest); - return; + return (0); + return (1); } static void @@ -1305,7 +1261,7 @@ struct mac_mls *source, *dest, temp; int error; - bzero(&temp, sizeof(temp)); + bzero(&temp, sizeof(struct mac_mls)); source = SLOT(cred->cr_label); dest = SLOT(vlabel); @@ -1330,7 +1286,7 @@ struct mac_mls *source, temp; int error; - bzero(&temp, sizeof(temp)); + bzero(&temp, sizeof(struct mac_mls)); source = SLOT(intlabel); if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) @@ -1647,24 +1603,9 @@ } /* - * Labeling event operations: Login Context + * Label recycle/flush operations. */ - static void -mac_mls_lctx_label_update (struct lctx *l, struct label *newlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(l->lc_label); - - mac_mls_copy(source, dest); -} - -/* - * Label cleanup/flush operations. - */ -static void mac_mls_sysvsem_label_recycle(struct label *semalabel) { @@ -4027,15 +3968,17 @@ static struct mac_policy_ops mac_mls_ops = { - .mpo_policy_destroy = mac_mls_policy_destroy, - .mpo_policy_init = mac_mls_policy_init, - .mpo_policy_initbsd = mac_mls_policy_initbsd, + .mpo_policy_destroy = mac_mls_policy_destroy, + .mpo_policy_init = mac_mls_policy_init, + .mpo_policy_initbsd = mac_mls_policy_initbsd, .mpo_policy_syscall = mac_mls_syscall, .mpo_port_label_compute = mac_mls_port_label_compute, .mpo_port_check_service = mac_mls_port_check_service, .mpo_cred_check_label_update = mac_mls_cred_check_label_update, .mpo_cred_check_visible = mac_mls_cred_check_visible, + .mpo_file_check_fcntl = mac_mls_file_check_fcntl, + .mpo_file_check_ioctl = mac_mls_file_check_ioctl, .mpo_file_check_get = mac_mls_file_check_get, .mpo_file_check_set = mac_mls_file_check_set, .mpo_cred_label_destroy = mac_mls_label_destroy, @@ -4045,19 +3988,12 @@ .mpo_cred_label_internalize = mac_mls_label_internalize, .mpo_cred_label_associate = mac_mls_cred_label_associate, .mpo_cred_label_update = mac_mls_cred_label_update, - .mpo_file_check_fcntl = mac_mls_file_check_fcntl, - .mpo_file_check_ioctl = mac_mls_file_check_ioctl, - .mpo_lctx_label_destroy = mac_mls_label_destroy, - .mpo_lctx_label_init = mac_mls_label_init, - .mpo_lctx_label_externalize = mac_mls_label_externalize, - .mpo_lctx_label_internalize = mac_mls_label_internalize, - .mpo_lctx_label_update = mac_mls_lctx_label_update, .mpo_devfs_label_copy = mac_mls_label_copy, .mpo_devfs_label_associate_device = mac_mls_devfs_label_associate_device, .mpo_devfs_label_associate_directory= mac_mls_devfs_label_associate_directory, .mpo_devfs_label_destroy = mac_mls_label_destroy, .mpo_devfs_label_init = mac_mls_label_init, - .mpo_devfs_label_update = mac_mls_devfs_label_update, + .mpo_devfs_label_update = mac_mls_devfs_label_update, .mpo_mount_check_stat = mac_mls_mount_check_stat, .mpo_mount_check_getattr = mac_mls_mount_check_getattr, .mpo_mount_check_setattr = mac_mls_mount_check_setattr, @@ -4071,8 +4007,8 @@ .mpo_task_label_init = mac_mls_label_init, .mpo_port_label_destroy = mac_mls_label_destroy, .mpo_task_label_destroy = mac_mls_label_destroy, + .mpo_port_label_copy = mac_mls_label_copy, .mpo_task_label_copy = mac_mls_label_copy, - .mpo_port_label_copy = mac_mls_label_copy, .mpo_port_label_update_cred = mac_mls_port_label_update_cred, .mpo_task_label_update = mac_mls_task_label_update, .mpo_port_label_associate = mac_mls_port_label_associate, @@ -4102,8 +4038,8 @@ .mpo_vnode_label_associate_devfs = mac_mls_vnode_label_associate_devfs, .mpo_vnode_label_associate_extattr = mac_mls_vnode_label_associate_extattr, .mpo_vnode_label_associate_singlelabel= mac_mls_vnode_label_associate_singlelabel, - .mpo_vnode_label_recycle = mac_mls_cleanup_label, - .mpo_vnode_label_copy = mac_mls_label_copy, + .mpo_vnode_label_recycle = mac_mls_recycle_label, + .mpo_vnode_label_copy = mac_mls_label_copy, .mpo_vnode_notify_create = mac_mls_vnode_notify_create, .mpo_vnode_label_update_extattr = mac_mls_vnode_label_update_extattr, .mpo_vnode_label_destroy = mac_mls_label_destroy, @@ -4207,8 +4143,8 @@ .mpo_mbuf_label_destroy = mac_mls_mbuf_label_destroy, .mpo_socket_label_destroy = mac_mls_label_destroy, .mpo_socketpeer_label_destroy = mac_mls_label_destroy, - .mpo_socket_label_internalize = mac_mls_label_internalize, - .mpo_socket_label_externalize = mac_mls_label_externalize, + .mpo_socket_label_internalize = mac_mls_label_internalize, + .mpo_socket_label_externalize = mac_mls_label_externalize, .mpo_socketpeer_label_externalize = mac_mls_label_externalize, .mpo_mbuf_label_associate_bpfdesc = mac_mls_mbuf_label_associate_bpfdesc, .mpo_mbuf_label_associate_ifnet = mac_mls_mbuf_label_associate_ifnet, @@ -4218,7 +4154,7 @@ .mpo_socket_label_update = mac_mls_socket_label_update, .mpo_socketpeer_label_associate_mbuf= mac_mls_socketpeer_label_associate_mbuf, .mpo_socketpeer_label_associate_socket= mac_mls_socketpeer_label_associate_socket, - .mpo_socket_check_accept = mac_mls_socket_check_accept, + .mpo_socket_check_accept = mac_mls_socket_check_accept, .mpo_socket_check_bind = mac_mls_socket_check_bind, .mpo_socket_check_connect = mac_mls_socket_check_connect, .mpo_socket_check_create = mac_mls_socket_check_create, ==== //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#5 (text+ko) ==== @@ -21,6 +21,10 @@ (strcmp(mp->mnt_vfsstat.f_fstypename, "hfs") == 0)) mp->mnt_flag |= MNT_MULTILABEL; + /* MULTILABEL on DEVFS. */ + if (strcmp(mp->mnt_vfsstat.f_fstypename, "devfs") == 0) + mp->mnt_flag |= MNT_MULTILABEL; + /* MULTILABEL on all NFS filesystems. */ if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0) mp->mnt_flag |= MNT_MULTILABEL; ==== //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#5 (text+ko) ==== @@ -118,7 +118,7 @@ static void -readonly_cleanup_label(struct label *label) +readonly_label_recycle(struct label *label) { RO_VALID(label, "cleanup"); @@ -239,38 +239,14 @@ sysctl_register_oid(&sysctl__security_mac_readonly_enabled); } -static void +static int readonly_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { - int error; - size_t buflen; - struct ro_label ro; - bzero(&ro, sizeof(struct ro_label)); - ro_setflags(vlabel, RO_FLAG_CLEAN); - error = mac_vnop_getxattr(vp, MAC_READONLY_XATTR_NAME, (char *)&ro, - sizeof(struct ro_label), &buflen); - - if (error == ENOATTR) - return; - if (error == EOPNOTSUPP) { - ro_setflags(vlabel, RO_FLAG_READONLY | RO_FLAG_NOTSUPP); - return; - } - if (error) - return; /* too bad */ - - if (buflen != sizeof(struct ro_label)) { - /* vnode label is read only, not failure */ - printf("MAC readonly bad size(%d) on read xattr\n", buflen); - ro_setflags(vlabel, RO_FLAG_NOTSUPP); - return; - } - - ro_setflags(vlabel, ro.flags); - - return; + if (bcmp(name, MAC_READONLY_XATTR_NAME, sizeof(MAC_READONLY_XATTR_NAME)) != 0) + return (0); + return (1); } static int @@ -528,7 +504,7 @@ .mpo_policy_initbsd = readonly_policy_initbsd, .mpo_vnode_label_init = readonly_label_init, .mpo_vnode_label_destroy = readonly_label_destroy, - .mpo_vnode_label_recycle = readonly_cleanup_label, + .mpo_vnode_label_recycle = readonly_label_recycle, .mpo_vnode_label_update_extattr = readonly_vnode_label_update_extattr, .mpo_vnode_label_copy = readonly_label_copy, .mpo_vnode_label_externalize = readonly_label_externalize, ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#23 (text+ko) ==== @@ -756,47 +756,16 @@ } /* - * Update the label on a vnode after its extattr has been modified - * by Vendor functions. Note that we don't reset the security class - * since the underlying vnode type should not have changed. + * We want to update the label on a vnode if its extattr has been modified + * by Vendor functions. */ -static void +static int sebsd_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { - struct mount_security_struct *sbsec; - struct vnode_security_struct *vsec; - /* - * TBD: static buffers aren't a good idea, and SELinux contexts - * aren't restricted in length. - */ - char context[256]; - size_t context_len = sizeof(context); - int error; - if (strcmp(name, SEBSD_MAC_EXTATTR_NAME) != 0) - return; - - vsec = SLOT(vlabel); - - error = mac_vnop_getxattr(vp, SEBSD_MAC_EXTATTR_NAME, - context, sizeof(context), &context_len); - if (!error) { - error = security_context_to_sid(context, context_len, - &vsec->sid); - if (error) - printf("%s: ERROR mapping context to sid: %.*s\n", - __func__, context_len, context); - } - - /* Fall back to the mount label on error */ - if (error) { - if (mntlabel) { - sbsec = SLOT(mntlabel); - vsec->sid = sbsec->sid; - } else - vsec->sid = SECINITSID_UNLABELED; - } + return (bcmp(name, SEBSD_MAC_EXTATTR_NAME, + sizeof(SEBSD_MAC_EXTATTR_NAME)) == 0); } static void ==== //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#5 (text+ko) ==== @@ -105,7 +105,7 @@ static int global_naxdepth = 0; // highest recursion level // TODO add a timestamp for time of last call // TODO add a timestamp for time of last reset -static short global_enable = STACKTRACE_OFF; // STACKTRACE_ON, STACKTRACE_OFF or STACKTRACE_FULL; starts OFF till initbsd +static short global_enable = STACKTRACE_OFF; // STACKTRACE_ON, STACKTRACE_OFF or STACKTRACE_FULL; starts OFF till policy_initbsd /* * Initialize buffer pointers. ==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#11 (text+ko) ==== @@ -843,7 +843,7 @@ CLEANUP_LABEL(label, VNODETYPE); } -static void +static int mac_test_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel, char *name) { @@ -853,6 +853,8 @@ USE_LABEL(mntlabel, MOUNTTYPE); USE_LABEL(vlabel, VNODETYPE); + + return (0); >>> TRUNCATED FOR MAIL (1000 lines) <<<