From owner-trustedbsd-cvs@FreeBSD.ORG Tue Nov 14 20:50:33 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B297816A40F for ; Tue, 14 Nov 2006 20:50:33 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 922EE43F8F for ; Tue, 14 Nov 2006 20:45:20 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 774C046D4C for ; Tue, 14 Nov 2006 15:45:15 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 203B7D139C; Tue, 14 Nov 2006 20:42:52 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id B9DA116A6D7; Tue, 14 Nov 2006 20:42:23 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E00116A6D4 for ; Tue, 14 Nov 2006 20:42:23 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6962B43FAB for ; Tue, 14 Nov 2006 20:36:35 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kAEKaZHk047300 for ; Tue, 14 Nov 2006 20:36:35 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kAEKaYGK047297 for perforce@freebsd.org; Tue, 14 Nov 2006 20:36:34 GMT (envelope-from millert@freebsd.org) Date: Tue, 14 Nov 2006 20:36:34 GMT Message-Id: <200611142036.kAEKaYGK047297@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 109982 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2006 20:50:33 -0000 http://perforce.freebsd.org/chv.cgi?CH=109982 Change 109982 by millert@millert_g5tower on 2006/11/14 20:36:33 Add file_to_av() for converting fg_flags to an av perm. Make av perm optional in file_has_perm() so it can be used more. Use file_has_perm() in more places. In sebsd_file_check_change_flags use FILE__WRITE for the av if we are adding O_APPEND to the file flags. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#42 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#42 (text+ko) ==== @@ -409,6 +409,23 @@ } static __inline u_int32_t +file_to_av(struct fileglob *fg) +{ + u_int32_t av = 0; + + if (fg->fg_flag & FREAD) + av |= FILE__READ; + if (fg->fg_flag & FWRITE) { + if (fg->fg_flag & O_APPEND) + av |= FILE__APPEND; + else + av |= FILE__WRITE; + } + + return (av); +} + +static __inline u_int32_t file_mask_to_av(enum vtype vt, int mask) { u_int32_t av = 0; @@ -485,8 +502,8 @@ return (rc); } - /* Check underlying vnode if there is one. */ - if (fg->fg_type == DTYPE_VNODE && fg->fg_data != NULL) { + /* Check underlying vnode if there is one and we were passed a perm. */ + if (perm && fg->fg_type == DTYPE_VNODE && fg->fg_data != NULL) { rc = vnode_has_perm(cred, (struct vnode *)fg->fg_data, NULL, perm); } @@ -3090,135 +3107,86 @@ sebsd_file_check_ioctl(struct ucred *cred, struct fileglob *fg, struct label *fglabel, u_long com, void *data) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, 0)); } static int sebsd_vnode_check_ioctl(struct ucred *cred, struct vnode *vp, struct label *label, int com, caddr_t data) { - struct task_security_struct *tsec; - struct vnode_security_struct *vsec; - tsec = SLOT(cred->cr_label); - vsec = SLOT(label); - return (vnode_has_perm(cred, vp, NULL, FILE__IOCTL)); } -/* - * Simplify all other fd permissions to just "use" for now. The ones we - * implement in SEBSD roughly correlate to the SELinux FD__USE permissions, - * and not the fine-grained FLASK permissions. - */ static int sebsd_file_check_receive(struct ucred *cred, struct fileglob *fg, struct label *fglabel) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, file_to_av(fg))); } static int sebsd_file_check_dup(struct ucred *cred, struct fileglob *fg, struct label *fglabel, int newfd) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, file_to_av(fg))); } static int sebsd_file_check_get_flags(struct ucred *cred, struct fileglob *fg, struct label *fglabel, u_int flags) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, 0)); } static int sebsd_file_check_get_ofileflags(struct ucred *cred, struct fileglob *fg, struct label *fglabel, char flags) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, 0)); } static int sebsd_file_check_change_flags(struct ucred *cred, struct fileglob *fg, struct label *fglabel, u_int oldflags, u_int newflags) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; + u_int32_t av = 0; + + if ((newflags & O_APPEND) && !(oldflags & O_APPEND)) + av = FILE__WRITE; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, av)); } static int sebsd_file_check_change_ofileflags(struct ucred *cred, struct fileglob *fg, struct label *fglabel, char oldflags, char newflags) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + /* XXX - should set av to something */ + return (file_has_perm(cred, fg, fglabel, 0)); } static int sebsd_file_check_get_offset(struct ucred *cred, struct fileglob *fg, struct label *fglabel) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + return (file_has_perm(cred, fg, fglabel, 0)); } static int sebsd_file_check_change_offset(struct ucred *cred, struct fileglob *fg, struct label *fglabel) { - struct task_security_struct *tsec; - struct file_security_struct *fsec; - tsec = SLOT(cred->cr_label); - fsec = SLOT(fglabel); - return (avc_has_perm(tsec->sid, fsec->sid, SECCLASS_FD, - FD__USE, NULL)); + /* XXX - should set av to something */ + return (file_has_perm(cred, fg, fglabel, 0)); } static int