Date: Sat, 20 Jul 2002 09:09:06 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14527 for review Message-ID: <200207201609.g6KG96RA057313@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14527 Change 14527 by rwatson@rwatson_curry on 2002/07/20 09:05:59 Teach policies about mpo_cred_check_readlink(). In particular, teach TE to handle symlinks as their own object class. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#42 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#36 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#37 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#6 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#53 (text+ko) ==== @@ -1494,6 +1494,24 @@ } static int +mac_biba_cred_check_readlink(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(vnodelabel); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_biba_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label) { @@ -1937,6 +1955,8 @@ (macop_t)mac_biba_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_biba_cred_check_open_vnode }, + { MAC_CRED_CHECK_READLINK, + (macop_t)mac_biba_cred_check_readlink }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_biba_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#42 (text+ko) ==== @@ -1437,6 +1437,21 @@ } static int +mac_mls_cred_check_readlink(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel) +{ + struct mac_mls *subj, *obj; + + subj = SLOT(&cred->cr_label); + obj = SLOT(vnodelabel); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label) { @@ -1880,6 +1895,8 @@ (macop_t)mac_mls_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_mls_cred_check_open_vnode }, + { MAC_CRED_CHECK_READLINK, + (macop_t)mac_mls_cred_check_readlink }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_mls_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#36 (text+ko) ==== @@ -684,6 +684,14 @@ } static int +mac_none_cred_check_readlink(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel) +{ + + return (0); +} + +static int mac_none_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label) { @@ -970,6 +978,8 @@ (macop_t)mac_none_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_none_cred_check_open_vnode }, + { MAC_CRED_CHECK_READLINK, + (macop_t)mac_none_cred_check_readlink }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_none_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#37 (text+ko) ==== @@ -421,6 +421,13 @@ default: return ("fs unknown"); } + + case MAC_TE_CLASS_SYLINK: + switch (operation) { + default: + return ("symlink unknown"); + } + default: return ("unknown unknown"); } @@ -1045,6 +1052,20 @@ } static int +mac_te_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel) +{ + struct mac_te *subj, *obj; + + subj = SLOT(&cred->cr_label); + obj = SLOT(filelabel); + KASSERT(vp->v_type == VLNK); + + return (mac_te_check(subj, obj, MAC_TE_CLASS_SYMLINK, + MAC_TE_OPERATION_SYMLINK_READLINK)); +} + +static int mac_te_cred_check_see_cred(struct ucred *u1, struct ucred *u2) { @@ -1106,6 +1127,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_GETACL)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_GETACL)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_GETACL)); @@ -1121,6 +1145,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_DIR_GETEXTATTR)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_GETEXTATTR); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_GETEXTATTR)); @@ -1154,6 +1181,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_SETACL)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_SETACL)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_SETACL)); @@ -1184,6 +1214,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_ADMIN)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_ADMIN)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_ADMIN)); @@ -1199,6 +1232,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_ADMIN)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_ADMIN)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_ADMIN)); @@ -1214,6 +1250,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_ADMIN)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK, ADMIN)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_ADMIN)); @@ -1229,6 +1268,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_ADMIN)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_ADMIN)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_ADMIN)); @@ -1272,13 +1314,16 @@ MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_WRITE); if (error) return (error); - if (vp->v_type == VDIR) { + switch (vp->v_type) { + case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_DELETE)); - } else { + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_DELETE); + default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_DELETE)); - } } static int @@ -1290,6 +1335,9 @@ case VDIR: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_DELETEACL)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_DELETEACL)); default: return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_DELETEACL)); @@ -1308,10 +1356,17 @@ if (error) return (error); /* Not really correct. */ - return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), - vp->v_type == VDIR ? MAC_TE_CLASS_DIR : MAC_TE_CLASS_FILE, - vp->v_type == VDIR ? MAC_TE_OPERATION_DIR_DELETE : - MAC_TE_OPERATION_FILE_DELETE)); + switch (vp->v_type) { + case VDIR: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_DELETE)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_DELETE)); + default: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_DELETE)); + } } static int @@ -1325,10 +1380,17 @@ if (error || label == NULL || vp == NULL) return (error); /* Not really correct. */ - return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), - vp->v_type == VDIR ? MAC_TE_CLASS_DIR : MAC_TE_CLASS_FILE, - vp->v_type == VDIR ? MAC_TE_OPERATION_DIR_DELETE : - MAC_TE_OPERATION_FILE_DELETE)); + switch (vp->v_type) { + case VDIR: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_DELETE)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_DELETE)); + default: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_DELETE)); + } } static int @@ -1337,11 +1399,17 @@ { int error; - error = mac_te_check(SLOT(&cred->cr_label), SLOT(label), - vp->v_type == VDIR ? MAC_TE_CLASS_DIR : MAC_TE_CLASS_FILE, - vp->v_type == VDIR ? MAC_TE_OPERATION_DIR_STAT : - MAC_TE_OPERATION_FILE_STAT); - return (error); + switch (vp->v_type) { + case VDIR: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_DIR, MAC_TE_OPERATION_DIR_STAT)); + case VLNK: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_STAT)); + default: + return (mac_te_check(SLOT(&cred->cr_label), SLOT(label), + MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_STAT)); + } } static void @@ -1551,6 +1619,8 @@ { MAC_CRED_CHECK_GETEXTATTR_VNODE, (macop_t)mac_te_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_te_cred_check_open_vnode }, + { MAC_CRED_CHECK_READLINK, + (macop_t)mac_te_cred_check_readlink }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_te_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#6 (text+ko) ==== @@ -110,4 +110,13 @@ #define MAC_TE_OPERATION_SOCKET_CONNECT 3 #define MAC_TE_OPERATION_SOCKET_LISTEN 4 +#define MAC_TE_CLASS_SYMLINK 8 +#define MAC_TE_OPERATION_SYMLINK_ADMIN 1 +#define MAC_TE_OPERATION_SYMLINK_DELETE 2 +#define MAC_TE_OPERATION_SYMLINK_DELETEACL 3 +#define MAC_TE_OPERATION_SYMLINK_GETACL 4 +#define MAC_TE_OPERATION_SYMLINK_GETEXTATTR 5 +#define MAC_TE_OPERATION_SYMLINK_READLINK 6 +#define MAC_TE_OPERATION_SYMLINK_STAT 7 + #endif /* _SYS_SECURITY_MAC_TE_H */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#6 (text+ko) ==== @@ -877,6 +877,14 @@ } static int +mac_test_cred_check_readlink(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel) +{ + + return (0); +} + +static int mac_test_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label) { @@ -1161,6 +1169,8 @@ (macop_t)mac_test_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_test_cred_check_open_vnode }, + { MAC_CRED_CHECK_READLINK, + (macop_t)mac_test_cred_check_readlink }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_test_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207201609.g6KG96RA057313>