From owner-p4-projects Sat Jul 20 13: 7:36 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id DB3DA37B401; Sat, 20 Jul 2002 13:07:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EA0B37B400 for ; Sat, 20 Jul 2002 13:07:12 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15CD943E31 for ; Sat, 20 Jul 2002 13:07:12 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6KK7BJU006147 for ; Sat, 20 Jul 2002 13:07:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6KK7BeX006144 for perforce@freebsd.org; Sat, 20 Jul 2002 13:07:11 -0700 (PDT) Date: Sat, 20 Jul 2002 13:07:11 -0700 (PDT) Message-Id: <200207202007.g6KK7BeX006144@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 14545 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14545 Change 14545 by rwatson@rwatson_curry on 2002/07/20 13:06:37 Differentiate "search" and "readdir" MAC checks, since lookup may be seperately authorized from the ability to read the object. While I'm there, implement the mac_bsdextended_readlink check, since it was missed in a prior pass. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#180 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#56 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#34 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#44 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#38 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#40 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#8 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#8 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#114 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#77 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#180 (text+ko) ==== @@ -554,7 +554,11 @@ mpc->mpc_ops->mpo_cred_check_open_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_READLINK: + case MAC_CRED_CHECK_READDIR_VNODE: + mpc->mpc_ops->mpo_cred_check_readdir_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_READLINK_VNODE: mpc->mpc_ops->mpo_cred_check_readlink_vnode = mpe->mpe_function; break; @@ -1683,6 +1687,24 @@ } int +mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp) +{ + int error; + + ASSERT_VOP_LOCKED(dvp, "mac_cred_check_readdir_vnode"); + + if (!mac_enforce_fs) + return (0); + + error = vn_refreshlabel(dvp, cred); + if (error) + return (error); + + MAC_CHECK(cred_check_readdir_vnode, cred, dvp, &dvp->v_label); + return (error); +} + +int mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp) { int error; ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#53 (text+ko) ==== @@ -4004,7 +4004,7 @@ * Using the process credentials, not the cached ones owned by the fd, * check for ability to search in a directory before reading from it. */ - error = mac_cred_check_search_vnode(td->td_ucred, vp); + error = mac_cred_check_readdir_vnode(td->td_ucred, vp); if (error) { VOP_UNLOCK(vp, 0, td); fdrop(fp, td); @@ -4152,7 +4152,7 @@ * Here also, don't use cached credentials for checking directory * search MAC. */ - error = mac_cred_check_search_vnode(td->td_ucred, vp); + error = mac_cred_check_readdir_vnode(td->td_ucred, vp); if (error == 0) #endif /* MAC */ error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#56 (text+ko) ==== @@ -1494,6 +1494,24 @@ } static int +mac_bibe_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_biba_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *label) { @@ -1955,6 +1973,8 @@ (macop_t)mac_biba_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_biba_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_biba_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_biba_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#34 (text+ko) ==== @@ -458,6 +458,38 @@ } static int +mac_bsdextended_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int +mac_bsdextended_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int mac_bsdextended_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct mac *dlabel, struct vnode *vp, struct mac *label) { @@ -741,6 +773,10 @@ (macop_t)mac_bsdextended_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_bsdextended_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_bsdextended_cred_check_readdir_vnode }, + { MAC_CRED_CHECK_READLINK_VNODE, + (macop_t)mac_bsdextended_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_bsdextended_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#44 (text+ko) ==== @@ -1437,11 +1437,32 @@ } static int +mac_mls_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(vnodelabel); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { struct mac_mls *subj, *obj; + if (!mac_mls_enabled) + return (0); + subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); @@ -1895,6 +1916,8 @@ (macop_t)mac_mls_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_mls_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_mls_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_mls_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#38 (text+ko) ==== @@ -684,6 +684,14 @@ } static int +mac_none_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp, + struct label *dlabel) +{ + + return (0); +} + +static int mac_none_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -978,6 +986,8 @@ (macop_t)mac_none_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_none_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_none_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_none_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#40 (text+ko) ==== @@ -1052,6 +1052,19 @@ } static int +mac_te_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_te *subj, *obj; + + subj = SLOT(&cred->cr_label); + obj = SLOT(dlabel); + + return (mac_te_check(subj, obj, MAC_TE_CLASS_DIR, + MAC_TE_OPERATION_DIR_READDIR)); +} + +static int mac_te_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -1617,6 +1630,8 @@ { MAC_CRED_CHECK_GETEXTATTR_VNODE, (macop_t)mac_te_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_te_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_te_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_te_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#8 (text+ko) ==== @@ -93,10 +93,11 @@ #define MAC_TE_OPERATION_DIR_GETEXTATTR 7 #define MAC_TE_OPERATION_DIR_LOOKUP 8 #define MAC_TE_OPERATION_DIR_READ 9 -#define MAC_TE_OPERATION_DIR_SETACL 10 -#define MAC_TE_OPERATION_DIR_SETEXTATTR 11 -#define MAC_TE_OPERATION_DIR_STAT 12 -#define MAC_TE_OPERATION_DIR_WRITE 13 +#define MAC_TE_OPERATION_DIR_READDIR 10 +#define MAC_TE_OPERATION_DIR_SETACL 11 +#define MAC_TE_OPERATION_DIR_SETEXTATTR 12 +#define MAC_TE_OPERATION_DIR_STAT 13 +#define MAC_TE_OPERATION_DIR_WRITE 14 #define MAC_TE_CLASS_FS 5 #define MAC_TE_OPERATION_FS_STATFS 1 ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#8 (text+ko) ==== @@ -877,6 +877,14 @@ } static int +mac_test_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + + return (0); +} + +static int mac_test_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -1169,6 +1177,8 @@ (macop_t)mac_test_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_test_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_test_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_test_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#114 (text+ko) ==== @@ -282,6 +282,7 @@ struct vnode *vp, int samedir); int mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode); +int mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_statfs(struct ucred *cred, struct mount *mp); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#77 (text+ko) ==== @@ -274,6 +274,8 @@ int (*mpo_cred_check_open_vnode)(struct ucred *cred, struct vnode *vp, struct label *label, mode_t acc_mode); + int (*mpo_cred_check_readdir_vnode)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); int (*mpo_cred_check_readlink_vnode)(struct ucred *cred, struct vnode *vp, struct label *label); int (*mpo_cred_check_rename_from_vnode)(struct ucred *cred, @@ -405,6 +407,7 @@ MAC_CRED_CHECK_GETEXTATTR_VNODE, MAC_CRED_CHECK_LISTEN_SOCKET, MAC_CRED_CHECK_OPEN_VNODE, + MAC_CRED_CHECK_READDIR_VNODE, MAC_CRED_CHECK_READLINK_VNODE, MAC_CRED_CHECK_RENAME_FROM_VNODE, MAC_CRED_CHECK_RENAME_TO_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message