Date: Tue, 15 Aug 2006 21:21:33 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 104124 for review Message-ID: <200608152121.k7FLLXMd066010@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104124 Change 104124 by millert@millert_g4tower on 2006/08/15 21:20:37 Cruft removal: Remove unused reserved fields in struct label. Remove bogus definitions for atomic operations. Remove code for debugging inconsist vnode labels. Remove unneeded include of mac.h in policy modules. Remove MAC_DEBUG. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/_label.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/conf/MASTER#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_label.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#2 (text+ko) ==== @@ -94,7 +94,6 @@ options HW_FOOTPRINT # Cache footprint support # <hw_foot> options MAC # Mandatory ACcess Control options MAC_SOCKET # MAC socket labels -#options MAC_DEBUG options LCTX # Login Context options MACH # Standard Mach features # <mach> options MACH_ASSERT # Compile in assertions # <test> ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#2 (text+ko) ==== @@ -66,13 +66,6 @@ #define MSG_DEBUG #undef MSG_DEBUG_OK -/* Uncomment this line to see MAC debugging output. */ -/* #define MAC_DEBUG */ -#ifdef MAC_DEBUG -#define MPRINTF(a) printf(a) -#else -#define MPRINTF(a) -#endif static void msg_freehdr(struct msg *msghdr); typedef int sy_call_t(struct proc *, void *, int *); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#2 (text+ko) ==== @@ -34,7 +34,7 @@ * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. - * Copyright (c) 2005 SPARTA, Inc. + * Copyright (c) 2005-2006 SPARTA, Inc. */ #include <sys/param.h> @@ -62,14 +62,6 @@ /* Uncomment this line to see the debugging output */ /* #define SEM_DEBUG */ -/* Uncomment this line to see MAC debugging output. */ -/* #define MAC_DEBUG */ -#ifdef MAC_DEBUG -#define MPRINTF(a) printf(a) -#else -#define MPRINTF(a) -#endif - #define M_SYSVSEM M_TEMP ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#2 (text+ko) ==== @@ -55,7 +55,7 @@ * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. - * Copyright (c) 2005 SPARTA, Inc. + * Copyright (c) 2005-2006 SPARTA, Inc. */ @@ -91,14 +91,6 @@ #include <kern/locks.h> -/* Uncomment this line to see MAC debugging output. */ -/* #define MAC_DEBUG */ -#ifdef MAC_DEBUG -#define MPRINTF(a) printf a -#else -#define MPRINTF(a) -#endif - static void shminit(void *); #if 0 SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL) ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/_label.h#2 (text+ko) ==== @@ -45,8 +45,6 @@ #define MAC_MAX_SLOTS 8 #define MAC_FLAG_INITIALIZED 0x0000001 /* Is initialized for use. */ -#define MAC_FLAG_CLEAN 0x0000002 /* Is cleaned for re-use. */ -#define MAC_FLAG_ASSOC 0x0000004 /* */ struct label { int l_flags; @@ -54,9 +52,6 @@ void *l_ptr; long l_long; } l_perpolicy[MAC_MAX_SLOTS]; - void *reserved1; - void *reserved2; - void *reserved3; }; #endif /* !_SECURITY_LABEL_H_ */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/conf/MASTER#2 (text+ko) ==== @@ -55,5 +55,4 @@ options AUDIT # Security event auditing options MAC # Mandatory Access Controls options MAC_ALWAYS_LABEL_MBUF -#options MAC_DEBUG options LCTX # Login Context ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#2 (text+ko) ==== @@ -152,51 +152,6 @@ &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); -#ifdef MAC_DEBUG -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - -SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, - "TrustedBSD MAC object counters"); - -u_int nmaccreds=0, nmacmounts=0, nmactemp=0, nmacvnodes=0, - nmacdevfsdirents=0, nmacprocs=0, nmac_psem=0, nmac_pshm=0, - nmacsockets=0, - nmacsysvsemas=0, nmacsysvshms=0, nmacmbufs=0; - -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, - &nmaccreds, 0, "number of ucreds in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, procs, CTLFLAG_RD, - &nmacprocs, 0, "number of procs in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, - &nmacmounts, 0, "number of mounts in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, - &nmactemp, 0, "number of temporary labels in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, - &nmacvnodes, 0, "number of vnodes in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sockets, CTLFLAG_RD, - &nmacsockets, 0, "number of sockets in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, - &nmacdevfsdirents, 0, "number of devfs dirents inuse"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_sem, CTLFLAG_RD, - &nmac_psem, 0, "number of posix semaphore identifiers in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_shm, CTLFLAG_RD, - &nmac_pshm, 0, "number of posix shared memory identifiers in use"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sysv_sems, CTLFLAG_RD, - &nmacsysvsemas, 0, "number of sysv ipc semaphore identifiers inuse"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sysv_shms, CTLFLAG_RD, - &nmacsysvsemas, 0, "number of sysv shared memory identifiers inuse"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, - &nmacmbufs, 0, "number of mbuf identifiers inuse"); -#endif - /* * mac_static_base_mpc holds a pointer to the single instance of the base * policy MAC configuration structure. This pointer must be set at boot, @@ -488,22 +443,6 @@ sysctl_register_oid(&sysctl__security_mac_enforce_vm); sysctl_register_oid(&sysctl__security_mac_mmap_revocation); sysctl_register_oid(&sysctl__security_mac_mmap_revocation_via_cow); -#ifdef MAC_DEBUG - sysctl_register_oid(&sysctl__security_mac_debug); - sysctl_register_oid(&sysctl__security_mac_debug_label_fallback); - sysctl_register_oid(&sysctl__security_mac_debug_counters); - sysctl_register_oid(&sysctl__security_mac_debug_counters_creds); - sysctl_register_oid(&sysctl__security_mac_debug_counters_procs); - sysctl_register_oid(&sysctl__security_mac_debug_counters_mounts); - sysctl_register_oid(&sysctl__security_mac_debug_counters_temp); - sysctl_register_oid(&sysctl__security_mac_debug_counters_vnodes); - sysctl_register_oid(&sysctl__security_mac_debug_counters_devfsdirents); - sysctl_register_oid(&sysctl__security_mac_debug_counters_posix_sem); - sysctl_register_oid(&sysctl__security_mac_debug_counters_posix_shm); - sysctl_register_oid(&sysctl__security_mac_debug_counters_sysv_sems); - sysctl_register_oid(&sysctl__security_mac_debug_counters_sysv_shms); - sysctl_register_oid(&sysctl__security_mac_debug_counters_mbufs); -#endif printf("MAC Framework successfully initialized\n"); /* Call bsd init functions of already loaded policies */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#2 (text+ko) ==== @@ -66,20 +66,6 @@ SYSCTL_DECL(_security); SYSCTL_DECL(_security_mac); -#ifdef MAC_DEBUG -SYSCTL_DECL(_security_mac_debug); -SYSCTL_DECL(_security_mac_debug_counters); - -#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1); -#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1); - -#else - -#define MAC_DEBUG_COUNTER_INC(x) -#define MAC_DEBUG_COUNTER_DEC(x) - -#endif /* MAC_DEBUG */ - extern int mac_late; LIST_HEAD(mac_policy_list_t, mac_policy_conf); @@ -164,8 +150,6 @@ void mac_labelzone_init(void); struct label *mac_labelzone_alloc(int flags); void mac_labelzone_free(struct label *label); -void mac_labelzone_clean(struct label *label); -void mac_labelzone_associate(struct label *label); void mac_init_label(struct label *label); void mac_destroy_label(struct label *label); @@ -540,9 +524,6 @@ #define ASSERT_VOP_LOCKED(vp,msg) -#define atomic_add_int(P, V) (*(u_int*)(P) += (V)) -#define atomic_subtract_int(P, V) (*(u_int*)(P) -= (V)) - struct __mac_get_pid_args; struct __mac_get_proc_args; struct __mac_set_proc_args; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_label.c#2 (text+ko) ==== @@ -58,10 +58,11 @@ l = (struct label *) zalloc_noblock(zone_label); if (l == NULL) return (NULL); - } else + } else { l = (struct label *) zalloc(zone_label); + } bzero(l, sizeof(struct label)); - l->l_flags = MAC_FLAG_INITIALIZED | MAC_FLAG_CLEAN; + l->l_flags = MAC_FLAG_INITIALIZED; return (l); } @@ -77,42 +78,3 @@ bzero(l, sizeof(struct label)); zfree(zone_label, l); } - -void -mac_labelzone_clean(struct label *l) -{ - - if (l == NULL) - panic("Clean of NULL MAC label\n"); - - if ((l->l_flags & MAC_FLAG_INITIALIZED) == 0) - panic("Clean of uninitialized label\n"); - -#if 0 - /* This case is probably OK */ - if (l->l_flags & MAC_FLAG_CLEAN) { - printf("Clean of already clean label, flags=%d\n", l->l_flags); - return; - } -#endif - - l->l_flags |= MAC_FLAG_CLEAN; - l->l_flags &= ~MAC_FLAG_ASSOC; -} - -void -mac_labelzone_associate(struct label *l) -{ - - if (l == NULL) - panic("Associate of NULL MAC label\n"); - - if ((l->l_flags & MAC_FLAG_INITIALIZED) == 0) - panic("Associate of uninitialized label\n"); - - if (l->l_flags & MAC_FLAG_ASSOC) - printf("Associate of already associated label\n"); - - l->l_flags &= ~MAC_FLAG_CLEAN; - l->l_flags |= MAC_FLAG_ASSOC; -} ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#2 (text+ko) ==== @@ -40,12 +40,8 @@ #include <security/mac_internal.h> -#ifdef MAC_DEBUG -extern u_int nmacmbufs; -#endif +int mac_label_mbufs = 1; /* Exported via sysctl in mac_base.c */ -int mac_label_mbufs = 1; - struct label * mac_mbuf_to_label(struct mbuf *mbuf) { @@ -86,7 +82,7 @@ MAC_CHECK(init_mbuf_label, label, flag); if (error) printf("%s(): mpo_init_mbuf_label() failed!\n", __func__); - MAC_DEBUG_COUNTER_INC(&nmacmbufs); + return (error); } @@ -98,7 +94,6 @@ label = (struct label *)(tag + 1); MAC_PERFORM(destroy_mbuf_label, label); mac_destroy_label(label); - MAC_DEBUG_COUNTER_DEC(&nmacmbufs); return; } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#2 (text+ko) ==== @@ -49,12 +49,6 @@ &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe); -#ifdef MAC_DEBUG -static unsigned int nmacpipes; -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD, - &nmacpipes, 0, "number of pipes in use"); -#endif - /* Define this to PIPE_LOCK_ASSERT(x, y) if mutex assertions are desired. */ #define MAC_PIPE_LOCK_ASSERT(x, y) @@ -65,7 +59,6 @@ label = mac_labelzone_alloc(M_WAITOK); MAC_PERFORM(init_pipe_label, label); - MAC_DEBUG_COUNTER_INC(&nmacpipes); return (label); } @@ -82,7 +75,6 @@ MAC_PERFORM(destroy_pipe_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacpipes); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#2 (text+ko) ==== @@ -46,10 +46,6 @@ &mac_enforce_posix_sem, 0, "Enforce MAC policy on Posix Semaphores"); TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem); -#ifdef MAC_DEBUG -extern u_int nmac_psem; -#endif - static struct label * mac_posix_sem_label_alloc(void) { @@ -57,7 +53,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_posix_sem_label, label); - MAC_DEBUG_COUNTER_INC(&nmac_psem); return (label); } @@ -74,7 +69,6 @@ MAC_PERFORM(destroy_posix_sem_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmac_psem); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#2 (text+ko) ==== @@ -46,10 +46,6 @@ &mac_enforce_pshm, 0, "Enforce MAC policy on Posix Shared memory"); TUNABLE_INT("security.mac.enforce_posix_shm", &mac_enforce_posix_shm); -#ifdef MAC_DEBUG -extern u_int nmac_pshm; -#endif - static struct label * mac_posix_shm_label_alloc(void) { @@ -57,7 +53,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_posix_shm_label, label); - MAC_DEBUG_COUNTER_INC(&nmac_pshm); return (label); } @@ -74,7 +69,6 @@ MAC_PERFORM(destroy_posix_shm_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmac_pshm); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#2 (text+ko) ==== @@ -47,10 +47,6 @@ #include <security/mac_internal.h> -#ifdef MAC_DEBUG -extern u_int nmaccreds, nmacprocs; -#endif - struct label * mac_cred_label_alloc(void) { @@ -58,7 +54,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_cred_label, label); - MAC_DEBUG_COUNTER_INC(&nmaccreds); return (label); } @@ -76,7 +71,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_proc_label, label); - MAC_DEBUG_COUNTER_INC(&nmacprocs); return (label); } @@ -92,7 +86,6 @@ { MAC_PERFORM(destroy_cred_label, label); - MAC_DEBUG_COUNTER_DEC(&nmaccreds); mac_labelzone_free(label); } @@ -125,7 +118,6 @@ { MAC_PERFORM(destroy_proc_label, label); - MAC_DEBUG_COUNTER_DEC(&nmacprocs); mac_labelzone_free(label); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#2 (text+ko) ==== @@ -64,9 +64,6 @@ extern int mac_enforce_socket; -#ifdef MAC_DEBUG -extern u_int nmacsockets; -#endif struct label * mac_socket_label_alloc(int flag) @@ -84,7 +81,7 @@ mac_labelzone_free(label); return (NULL); } - MAC_DEBUG_COUNTER_INC(&nmacsockets); + return (label); } @@ -104,7 +101,7 @@ mac_labelzone_free(label); return (NULL); } - MAC_DEBUG_COUNTER_INC(&nmacsockets); + return (label); } @@ -130,7 +127,6 @@ MAC_PERFORM(destroy_socket_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacsockets); } static void @@ -139,7 +135,6 @@ MAC_PERFORM(destroy_socket_peer_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacsockets); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#2 (text+ko) ==== @@ -52,10 +52,6 @@ &mac_enforce_sysv_sem, 0, "Enforce MAC policy on System V IPC Semaphores"); TUNABLE_INT("security.mac.enforce_sysv_sem", &mac_enforce_sysv_sem); -#ifdef MAC_DEBUG -extern u_int nmacsysvsemas; -#endif - static struct label * mac_sysv_sem_label_alloc(void) { @@ -63,7 +59,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_sysv_sem_label, label); - MAC_DEBUG_COUNTER_INC(&nmacsysvsemas); return (label); } @@ -80,7 +75,6 @@ MAC_PERFORM(destroy_sysv_sem_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacsysvsemas); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#2 (text+ko) ==== @@ -55,10 +55,6 @@ "Enforce MAC policy on System V IPC shared memory"); TUNABLE_INT("security.mac.enforce_sysv", &mac_enforce_sysv_shm); -#ifdef MAC_DEBUG -extern u_int nmacsysvshms; -#endif - static struct label * mac_sysv_shm_label_alloc(void) { @@ -66,7 +62,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_sysv_shm_label, label); - MAC_DEBUG_COUNTER_INC(&nmacsysvshms); return (label); } @@ -83,7 +78,6 @@ MAC_PERFORM(destroy_sysv_shm_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacsysvshms); } void ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#2 (text+ko) ==== @@ -48,15 +48,7 @@ #include <security/mac_internal.h> -#ifdef MAC_DEBUG -extern u_int nmacmounts, nmacvnodes, nmaccleanvnodes, nmacassocvnodes, - nmacdevfsdirents; - -extern u_int nmacassocsingle, nmacassocxattr, nmacassoccreate, nmacassoccopy, - nmacassocdevfs; -#endif - static struct label * mac_devfsdirent_label_alloc(void) { @@ -64,7 +56,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_devfsdirent_label, label); - MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents); return (label); } @@ -82,7 +73,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_mount_label, label); - MAC_DEBUG_COUNTER_INC(&nmacmounts); return (label); } @@ -93,7 +83,6 @@ label = mac_labelzone_alloc(MAC_WAITOK); MAC_PERFORM(init_mount_fs_label, label); - MAC_DEBUG_COUNTER_INC(&nmacmounts); return (label); } @@ -120,7 +109,6 @@ { vp->v_label = mac_vnode_label_alloc(); - MAC_DEBUG_COUNTER_INC(&nmacvnodes); } /* @@ -132,18 +120,7 @@ mac_cleanup_vnode(vnode_t vp) { - if ((vp->v_label->l_flags & MAC_FLAG_CLEAN) && - ((vp->v_flag & VSYSTEM) == 0)) { - vprint("Second clean", vp); - printf(", vp=%x, vid=%d mp=%p fs=%s\n", - vp, vp->v_id, vp->v_mount, - vp->v_mount ? vp->v_mount->mnt_vfsstat.f_mntonname : "none" - ); - } - MAC_PERFORM(cleanup_vnode_label, vp->v_label); - mac_labelzone_clean(vp->v_label); - MAC_DEBUG_COUNTER_INC(&nmaccleanvnodes); } static void @@ -152,7 +129,6 @@ MAC_PERFORM(destroy_devfsdirent_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents); } void @@ -169,7 +145,6 @@ MAC_PERFORM(destroy_mount_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacmounts); } static void @@ -178,7 +153,6 @@ MAC_PERFORM(destroy_mount_fs_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacmounts); } void @@ -202,7 +176,6 @@ MAC_PERFORM(destroy_vnode_label, label); mac_labelzone_free(label); - MAC_DEBUG_COUNTER_DEC(&nmacvnodes); } void @@ -211,7 +184,6 @@ mac_vnode_label_free(vp->v_label); vp->v_label = NULL; - MAC_DEBUG_COUNTER_DEC(&nmacvnodes); } void @@ -219,8 +191,6 @@ { MAC_PERFORM(copy_vnode_label, src, dest); - mac_labelzone_associate(dest); - MAC_DEBUG_COUNTER_INC(&nmacassoccopy); } @@ -261,7 +231,6 @@ int error; MAC_INTERNALIZE_LIST(vnode, label, string); - mac_labelzone_associate(label); return (error); } @@ -272,7 +241,6 @@ int error; MAC_INTERNALIZE_LIST(mount_fs, label, string); - mac_labelzone_associate(label); return (error); } @@ -315,9 +283,6 @@ struct vnode *vp) { - mac_labelzone_associate(vp->v_label); - MAC_DEBUG_COUNTER_INC(&nmacassocdevfs); - MAC_PERFORM(associate_vnode_devfs, mp, mp ? mp->mnt_fslabel : NULL, de, de->dn_label, vp, vp->v_label); } @@ -332,10 +297,6 @@ MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp, vp->v_label); - mac_labelzone_associate(vp->v_label); - MAC_DEBUG_COUNTER_INC(&nmacassocxattr); - MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes); - return (error); } @@ -343,13 +304,8 @@ mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp) { - MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp, - vp->v_label); - - mac_labelzone_associate(vp->v_label); - MAC_DEBUG_COUNTER_INC(&nmacassocvnodes); - MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes); - MAC_DEBUG_COUNTER_INC(&nmacassocsingle); + MAC_PERFORM(associate_vnode_singlelabel, mp, + mp ? mp->mnt_fslabel : NULL, vp, vp->v_label); } int @@ -361,10 +317,6 @@ ASSERT_VOP_LOCKED(dvp, __func__); ASSERT_VOP_LOCKED(vp, __func__); - mac_labelzone_associate(vp->v_label); - MAC_DEBUG_COUNTER_INC(&nmacassoccreate); - MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes); - MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel, dvp, dvp->v_label, vp, vp->v_label, cnp); ==== //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#2 (text+ko) ==== @@ -34,7 +34,6 @@ #include <sys/kernel.h> #include <libkern/libkern.h> -#include <security/mac.h> #include <security/mac_policy.h> #include <vm/vm_kern.h> ==== //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#2 (text+ko) ==== @@ -36,7 +36,6 @@ #include <sys/kernel.h> #include <libkern/libkern.h> -#include <security/mac.h> #include <security/mac_policy.h> #include <vm/vm_kern.h> ==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#2 (text+ko) ==== @@ -119,8 +119,6 @@ #ifdef APPLE #define TUNABLE_INT(x, y) -#define atomic_add_int(P, V) (*(u_int*)(P) += (V)) -#define atomic_subtract_int(P, V) (*(u_int*)(P) -= (V)) #endif /* APPLE */ #define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr) @@ -147,10 +145,6 @@ &mac_mls_enabled, 0, "Enforce MAC/MLS policy"); TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled); -static int destroyed_not_inited; -SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, - &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); - static int ptys_equal = 0; SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 0, "Label pty devices as mls/equal on create"); @@ -200,7 +194,7 @@ if (mac_mls != NULL) mac_zfree(zone_mls, (void *)mac_mls); else - atomic_add_int(&destroyed_not_inited, 1); + panic("Mac MLS Module: mls_free called on NULL label"); } static int @@ -561,7 +555,6 @@ sysctl_register_oid(&sysctl__security_mac_mls); sysctl_register_oid(&sysctl__security_mac_mls_label_size); sysctl_register_oid(&sysctl__security_mac_mls_enabled); - sysctl_register_oid(&sysctl__security_mac_mls_destroyed_not_inited); sysctl_register_oid(&sysctl__security_mac_mls_ptys_equal); sysctl_register_oid(&sysctl__security_mac_mls_revocation_enabled); sysctl_register_oid(&sysctl__security_mac_mls_max_compartments); @@ -1925,26 +1918,6 @@ return (MAC_AUDIT_DEFAULT); } -#ifdef LATER -static int -mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) -{ - struct mac_mls *a, *b; - - if (!mac_mls_enabled) - return (0); - - a = SLOT(bpflabel); - b = SLOT(ifnetlabel); - - if (mac_mls_equal_effective(a, b)) - return (0); - - MLS_RETURN (EACCES); -} -#endif /* LATER */ - static int mac_mls_request_object_label (struct label *subj, struct label *obj, const char *serv, struct label *out) @@ -2705,6 +2678,15 @@ return (0); } +/* + * All System V shared memory operations modify struct shmid_ds. + * The MLS policy must require both read and write access for all operations. + */ + +/* + * shmat() modifies shmid_ds.shm_atime (last shmat() time) + * shmat() modifies shmid_ds.shm_nattch (# of current attaches) + */ static int mac_mls_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) @@ -2717,15 +2699,13 @@ subj = SLOT(cred->cr_label); obj = SLOT(shmseglabel); - if (!mac_mls_dominate_effective(subj, obj)) - MLS_RETURN (EACCES); - if ((shmflg & SHM_RDONLY) == 0) - if (!mac_mls_dominate_effective(obj, subj)) - MLS_RETURN (EACCES); - - return (0); + MLS_RETURN_CHECK(MLS_CHECK_EQUAL); } +/* + * shmctl() modifies shmid_ds.shm_ctime (last change by shmctl()) + * shmctl() modifies shmid_ds.shm_lpid (pid of last shm op) + */ static int mac_mls_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) @@ -2738,28 +2718,12 @@ subj = SLOT(cred->cr_label); obj = SLOT(shmseglabel); - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!mac_mls_dominate_effective(obj, subj)) - MLS_RETURN (EACCES); - break; - - case IPC_STAT: - if (!mac_mls_dominate_effective(subj, obj)) - MLS_RETURN (EACCES); - break; - default: - MLS_RETURN (EACCES); - } - - return (0); + MLS_RETURN_CHECK(MLS_CHECK_EQUAL); } /* - * TODO: Do we check the integrity of the implicit write access caused - * by the bookkeeping tasks associated with the shmdt call, which may - * modify/delete the shmseg meta-data and/or the shared segment itself? + * shmdt() modifies shmid_ds.shm_dtime (last shmdt() time) + * shmdt() modifies shmid_ds.shm_nattch (# of current attaches) */ static int mac_mls_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, @@ -2773,12 +2737,12 @@ subj = SLOT(cred->cr_label); obj = SLOT(shmseglabel); - if (!mac_mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); + MLS_RETURN_CHECK(MLS_CHECK_EQUAL); } +/* + * shmget() modifies shmid_ds.shm_lpid (pid of last shm op) + */ static int mac_mls_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) @@ -2791,10 +2755,7 @@ subj = SLOT(cred->cr_label); obj = SLOT(shmseglabel); - if (!mac_mls_dominate_effective(subj, obj)) - MLS_RETURN (EACCES); - - return (0); + MLS_RETURN_CHECK(MLS_CHECK_EQUAL); } static int @@ -3180,18 +3141,26 @@ struct label *vlabel) { struct mac_mls *subj, *obj; + int error; if (!mac_mls_enabled) return (0); - /* XXXMAC: should we ever deny permission to turn accounting off? */ - if (vlabel == NULL) - return (0); + subj = SLOT(cred->cr_label); + error = mac_mls_subject_privileged(subj); - subj = SLOT(cred->cr_label); - obj = SLOT(vlabel); + if (error == 0) { + if (vlabel == NULL) { + KASSERT((vp == NULL), + ("mac_mls_check_system_acct: no label for vp")); + } else { + obj = SLOT(vlabel); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608152121.k7FLLXMd066010>