Date: Sun, 9 Nov 2003 16:03:16 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 41838 for review Message-ID: <200311100003.hAA03GUP046690@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=41838 Change 41838 by rwatson@rwatson_paprika on 2003/11/09 16:02:36 Update for recent changes in the MAC Framework: labels pointers are now passed in for a various of System V and Posix IPC primitives, rather than requiring the policy to dereference the passed in IPC structures. Credentials now contain a label pointer. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#25 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#25 (text+ko) ==== @@ -107,7 +107,7 @@ struct task_security_struct *task; struct avc_audit_data ad; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); AVC_AUDIT_DATA_INIT(&ad, CAP); ad.u.cap = cap; @@ -121,8 +121,8 @@ { struct task_security_struct *task, *target; - task = SLOT(&cred->cr_label); - target = SLOT(&proc->p_ucred->cr_label); + task = SLOT(cred->cr_label); + target = SLOT(proc->p_ucred->cr_label); return (avc_has_perm_ref(task->sid, target->sid, SECCLASS_PROCESS, perm, &target->avcr)); @@ -135,8 +135,8 @@ struct mount_security_struct *sbsec; struct task_security_struct *task; - task = SLOT(&cred->cr_label); - sbsec = SLOT(&mp->mnt_mntlabel); + task = SLOT(cred->cr_label); + sbsec = SLOT(mp->mnt_mntlabel); return (avc_has_perm_audit(task->sid, sbsec->sid, SECCLASS_FILESYSTEM, perm, ad)); @@ -147,7 +147,7 @@ { struct task_security_struct *task; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); return (avc_has_perm(task->sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, perm, NULL, NULL)); @@ -158,7 +158,7 @@ { struct task_security_struct *task; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); return (avc_has_perm(task->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, perm, NULL, NULL)); @@ -266,8 +266,8 @@ struct vnode_security_struct *file; struct avc_audit_data ad; - task = SLOT(&cred->cr_label); - file = SLOT(&vp->v_label); + task = SLOT(cred->cr_label); + file = SLOT(vp->v_label); AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; @@ -294,7 +294,7 @@ struct task_security_struct *task; struct vnode_security_struct *file; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); file = SLOT(pipe->pipe_label); /* @@ -524,8 +524,8 @@ if (rc <= 0) return; - parent = SLOT(&cred_parent->cr_label); - task = SLOT(&cred_child->cr_label); + parent = SLOT(cred_parent->cr_label); + task = SLOT(cred_child->cr_label); /* Default to using the attributes from the parent process */ task->osid = parent->osid; @@ -540,7 +540,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(label); fsec->sid = tsec->sid; @@ -554,7 +554,7 @@ struct ipc_security_struct *msqsec; struct ipc_security_struct *msgsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); msqsec = SLOT(msqlabel); msgsec = SLOT(msglabel); @@ -580,7 +580,7 @@ struct task_security_struct *tsec; struct ipc_security_struct *ipcsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); ipcsec = SLOT(msqlabel); ipcsec->sid = tsec->sid; @@ -594,7 +594,7 @@ struct task_security_struct *tsec; struct ipc_security_struct *ipcsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); ipcsec = SLOT(semalabel); ipcsec->sid = tsec->sid; @@ -608,7 +608,7 @@ struct task_security_struct *tsec; struct ipc_security_struct *ipcsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); ipcsec = SLOT(shmlabel); ipcsec->sid = tsec->sid; @@ -622,7 +622,7 @@ struct task_security_struct *tsec; struct ipc_security_struct *ipcsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); ipcsec = SLOT(ks_label); ipcsec->sid = tsec->sid; @@ -642,7 +642,7 @@ struct vnode_security_struct *dirent; dirent = SLOT(label); - sbsec = SLOT(&mp->mnt_mntlabel); + sbsec = SLOT(mp->mnt_mntlabel); /* Default to the filesystem SID. */ dirent->sid = sbsec->sid; @@ -663,7 +663,7 @@ /* If there was a creating process (currently only for /dev/pty*), try a type_transition rule. */ if (cr != NULL) { - struct task_security_struct *task = SLOT(&cr->cr_label); + struct task_security_struct *task = SLOT(cr->cr_label); /* XXX: uses the type specified by genfs instead of the parent directory like it should! */ @@ -695,7 +695,7 @@ struct vnode_security_struct *dirent; dirent = SLOT(label); - sbsec = SLOT(&mp->mnt_mntlabel); + sbsec = SLOT(mp->mnt_mntlabel); /* Default to the filesystem SID. */ dirent->sid = sbsec->sid; @@ -738,7 +738,7 @@ dirsec = SLOT(ddlabel); lnksec = SLOT(delabel); - sbsec = SLOT(&mp->mnt_mntlabel); + sbsec = SLOT(mp->mnt_mntlabel); /* Default to the filesystem SID. */ lnksec->sid = dirsec->sid; @@ -774,7 +774,7 @@ struct task_security_struct *tsec; struct vnode_security_struct *vsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); vsec = SLOT(pipelabel); vsec->sid = vsec->task_sid = tsec->sid; @@ -786,7 +786,7 @@ { struct task_security_struct *task; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); task->osid = task->sid = SECINITSID_KERNEL; printf("sebsd_create_proc0:: using SECINITSID_KERNEL = %d\n", SECINITSID_KERNEL); @@ -797,7 +797,7 @@ { struct task_security_struct *task; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); task->osid = SECINITSID_KERNEL; task->sid = SECINITSID_INIT; printf("sebsd_create_proc1:: using SICINITSID_INIT = %d\n", @@ -901,7 +901,7 @@ mtx_unlock(&mntvnode_mtx); vn_lock(vp, LK_INTERLOCK | LK_EXCLUSIVE | LK_RETRY, curthread); (void)sebsd_associate_vnode_extattr(mp, fslabel, vp, - &vp->v_label); + vp->v_label); VOP_UNLOCK(vp, 0, curthread); mtx_lock(&mntvnode_mtx); vp = nvp; @@ -922,7 +922,7 @@ int error; int tclass; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); dir = SLOT(parentlabel); vsec = SLOT(childlabel); tclass = vnode_type_to_security_class (child->v_type); @@ -967,7 +967,7 @@ struct task_security_struct *nsec, *tsec; nsec = SLOT(newlabel); - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); if (nsec != NULL && nsec->sid != tsec->sid) return EPERM; return 0; @@ -985,7 +985,7 @@ struct mount_security_struct *sbsec; vsec = SLOT(vl); - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); rc = vnode_has_perm (cred, vp, FILE__MOUNTON, NULL); if (rc) @@ -1075,7 +1075,7 @@ struct vnode_security_struct *newfile; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); file = SLOT(pipelabel); newfile = SLOT(newlabel); @@ -1160,8 +1160,8 @@ struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; - otask = SLOT(&old->cr_label); - ntask = SLOT(&new->cr_label); + otask = SLOT(old->cr_label); + ntask = SLOT(new->cr_label); if (interpvnodelabel != NULL) file = SLOT(interpvnodelabel); else @@ -1201,7 +1201,7 @@ struct vnode_security_struct *file; security_id_t newsid; - task = SLOT(&old->cr_label); + task = SLOT(old->cr_label); if (interpvnodelabel != NULL) file = SLOT(interpvnodelabel); else @@ -1394,7 +1394,7 @@ struct avc_audit_data ad; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); dir = SLOT(dlabel); tclass = vnode_type_to_security_class(vap->va_type); @@ -1418,7 +1418,7 @@ if (dvp->v_mount) { /* XXX: mpo_check_vnode_create should probably pass the mntlabel */ - sbsec = SLOT (&dvp->v_mount->mnt_mntlabel); + sbsec = SLOT (dvp->v_mount->mnt_mntlabel); rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); if (rc) @@ -1439,7 +1439,7 @@ access_vector_t av; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); file = SLOT(label); dir = SLOT(dlabel); @@ -1481,7 +1481,7 @@ struct avc_audit_data ad; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); file = SLOT(label); if (execlabel == NULL) { rc = security_transition_sid(task->sid, file->sid, @@ -1559,7 +1559,7 @@ struct avc_audit_data ad; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); file = SLOT(label); dir = SLOT(dlabel); @@ -1640,7 +1640,7 @@ struct avc_audit_data ad; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); old = SLOT(oldlabel); new = SLOT(oldlabel); @@ -1665,7 +1665,7 @@ if (vp->v_mount) { /* XXX: mpo_check_vnode_relabel should probably pass the mntlabel */ - sbsec = SLOT (&vp->v_mount->mnt_mntlabel); + sbsec = SLOT (vp->v_mount->mnt_mntlabel); rc = avc_has_perm_audit (new->sid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); if (rc) @@ -1685,7 +1685,7 @@ struct avc_audit_data ad; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); old_dir = SLOT(dlabel); old_file = SLOT(label); @@ -1722,7 +1722,7 @@ access_vector_t av; int rc; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); new_dir = SLOT(dlabel); #ifdef notdef @@ -1998,7 +1998,7 @@ { struct task_security_struct *tsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_FD, FD__CREATE, NULL)); } @@ -2015,7 +2015,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2028,7 +2028,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2041,7 +2041,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2054,7 +2054,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2067,7 +2067,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2080,7 +2080,7 @@ struct task_security_struct *tsec; struct file_security_struct *fsec; - tsec = SLOT(&cred->cr_label); + tsec = SLOT(cred->cr_label); fsec = SLOT(fplabel); return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); @@ -2092,7 +2092,7 @@ struct task_security_struct *task; struct ipc_security_struct *ipcsec; - task = SLOT(&cred->cr_label); + task = SLOT(cred->cr_label); ipcsec = SLOT(label); /* @@ -2104,46 +2104,51 @@ } static int -sebsd_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr) +sebsd_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { - return(ipc_has_perm(cred, &msgptr->label, MSG__RECEIVE)); + return(ipc_has_perm(cred, msglabel, MSG__RECEIVE)); } static int -sebsd_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr) +sebsd_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { - return(ipc_has_perm(cred, &msgptr->label, MSG__DESTROY)); + return(ipc_has_perm(cred, msglabel, MSG__DESTROY)); } static int -sebsd_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) +sebsd_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { - return(ipc_has_perm(cred, &msqkptr->label, MSGQ__ASSOCIATE)); + return(ipc_has_perm(cred, msqklabel, MSGQ__ASSOCIATE)); } static int -sebsd_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) +sebsd_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { /* Can this process write to the queue? */ - return(ipc_has_perm(cred, &msqkptr->label, MSGQ__WRITE)); + return(ipc_has_perm(cred, msqklabel, MSGQ__WRITE)); } static int sebsd_check_ipc_msgmsq(struct ucred *cred, struct msg *msgptr, - struct msqid_kernel *msqkptr) + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) { int rc; struct task_security_struct *task; struct ipc_security_struct *msgsec; struct ipc_security_struct *msqsec; - task = SLOT(&cred->cr_label); - msgsec = SLOT(&msgptr->label); - msqsec = SLOT(&msqkptr->label); + task = SLOT(cred->cr_label); + msgsec = SLOT(msglabel); + msqsec = SLOT(msqklabel); /* * TBD: No audit information yet @@ -2161,15 +2166,16 @@ } static int -sebsd_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) +sebsd_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { - return(ipc_has_perm(cred, &msqkptr->label, MSGQ__READ)); + return(ipc_has_perm(cred, msqklabel, MSGQ__READ)); } static int sebsd_check_ipc_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - int cmd) + struct label *msqklabel, int cmd) { access_vector_t perm; @@ -2190,12 +2196,12 @@ /* * TBD: No audit information yet */ - return(ipc_has_perm(cred, &msqkptr->label, perm)); + return(ipc_has_perm(cred, msqklabel, perm)); } static int sebsd_check_ipc_semctl(struct ucred *cred, struct semid_kernel *semakptr, - int cmd) + struct label *semaklabel, int cmd) { access_vector_t perm; @@ -2229,19 +2235,20 @@ /* * TBD: No audit information yet */ - return(ipc_has_perm(cred, &semakptr->label, perm)); + return(ipc_has_perm(cred, semaklabel, perm)); } static int -sebsd_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr) +sebsd_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) { - return(ipc_has_perm(cred, &semakptr->label, SEM__ASSOCIATE)); + return(ipc_has_perm(cred, semaklabel, SEM__ASSOCIATE)); } static int sebsd_check_ipc_semop(struct ucred *cred, struct semid_kernel *semakptr, - size_t accesstype) + struct label *semaklabel, size_t accesstype) { access_vector_t perm; perm = 0UL; @@ -2251,12 +2258,12 @@ if( accesstype & SEM_A ) perm = SEM__READ | SEM__WRITE; - return(ipc_has_perm(cred, &semakptr->label, perm)); + return(ipc_has_perm(cred, semaklabel, perm)); } static int sebsd_check_ipc_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - int shmflg) + struct label *shmseglabel, int shmflg) { access_vector_t perm; @@ -2265,12 +2272,12 @@ else perm = SHM__READ | SHM__WRITE; - return(ipc_has_perm(cred, &shmsegptr->label, perm)); + return(ipc_has_perm(cred, shmseglabel, perm)); } static int sebsd_check_ipc_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - int cmd) + struct label *shmseglabel, int cmd) { access_vector_t perm; @@ -2289,65 +2296,72 @@ return (EACCES); } - return(ipc_has_perm(cred, &shmsegptr->label, perm)); + return(ipc_has_perm(cred, shmseglabel, perm)); } static int sebsd_check_ipc_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - int shmflg) + struct label *shmseglabel, int shmflg) { - return(ipc_has_perm(cred, &shmsegptr->label, SHM__ASSOCIATE)); + return(ipc_has_perm(cred, shmseglabel, SHM__ASSOCIATE)); } static int -sebsd_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DISASSOCIATE)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__DISASSOCIATE)); } static int -sebsd_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__DESTROY)); } static int -sebsd_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__READ)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__READ)); } static int -sebsd_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__ASSOCIATE)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__ASSOCIATE)); } static int -sebsd_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__WRITE)); } static int -sebsd_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__DESTROY)); } static int -sebsd_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +sebsd_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { - return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE)); + return(ipc_has_perm(cred, ks_label, POSIX_SEM__WRITE)); } static struct mac_policy_ops sebsd_ops = {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311100003.hAA03GUP046690>