Date: Wed, 24 Jul 2002 11:41:06 -0700 (PDT) From: Adam Migus <amigus@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 14853 for review Message-ID: <200207241841.g6OIf6jx069460@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14853 Change 14853 by amigus@amigus_ganymede on 2002/07/24 11:41:05 Integ from my pipe's branch. Appears to work. Comments welcome. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#194 integrate .. //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#12 integrate .. //depot/projects/trustedbsd/mac/sys/modules/Makefile#26 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#69 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#57 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#46 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#51 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#16 integrate .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#122 integrate .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#87 integrate .. //depot/projects/trustedbsd/mac/sys/sys/pipe.h#3 integrate Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#194 (text+ko) ==== @@ -60,6 +60,7 @@ #include <sys/file.h> #include <sys/namei.h> #include <sys/socket.h> +#include <sys/pipe.h> #include <sys/socketvar.h> #include <sys/sx.h> #include <sys/sysctl.h> @@ -130,6 +131,10 @@ &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); +static int mac_enforce_pipe = 1; +SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, + &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); + static int mac_label_size = sizeof(struct mac); SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, &mac_label_size, 0, "Pre-compiled MAC label size"); @@ -249,6 +254,7 @@ MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector"); MALLOC_DEFINE(M_TMPLABEL, "tmplabel", "temporary user-label copied storage"); +MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes"); const size_t maxlabelsize = 65536; /* @@ -545,6 +551,9 @@ mpc->mpc_ops->mpo_create_mbuf_from_socket = mpe->mpe_function; break; + case MAC_CREATE_PIPE: + mpc->mpc_ops->mpo_create_pipe = mpe->mpe_function; + break; case MAC_CREATE_SOCKET: mpc->mpc_ops->mpo_create_socket = mpe->mpe_function; break; @@ -552,6 +561,9 @@ mpc->mpc_ops->mpo_create_socket_from_socket = mpe->mpe_function; break; + case MAC_RELABEL_PIPE: + mpc->mpc_ops->mpo_relabel_pipe = mpe->mpe_function; + break; case MAC_RELABEL_SOCKET: mpc->mpc_ops->mpo_relabel_socket = mpe->mpe_function; break; @@ -662,6 +674,10 @@ mpc->mpc_ops->mpo_cred_check_relabel_ifnet = mpe->mpe_function; break; + case MAC_CRED_CHECK_RELABEL_PIPE: + mpc->mpc_ops->mpo_cred_check_relabel_pipe = + mpe->mpe_function; + break; case MAC_CRED_CHECK_RELABEL_SOCKET: mpc->mpc_ops->mpo_cred_check_relabel_socket = mpe->mpe_function; @@ -793,6 +809,14 @@ mpc->mpc_ops->mpo_cred_check_vnode_op = mpe->mpe_function; break; + case MAC_CRED_CHECK_PIPE_IOCTL: + mpc->mpc_ops->mpo_cred_check_pipe_ioctl = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_PIPE_OP: + mpc->mpc_ops->mpo_cred_check_pipe_op = + mpe->mpe_function; + break; case MAC_IFNET_CHECK_SEND_MBUF: mpc->mpc_ops->mpo_ifnet_check_send_mbuf = mpe->mpe_function; @@ -825,6 +849,10 @@ mpc->mpc_ops->mpo_init_mount = mpe->mpe_function; break; + case MAC_INIT_PIPE: + mpc->mpc_ops->mpo_init_pipe = + mpe->mpe_function; + break; case MAC_INIT_SOCKET: mpc->mpc_ops->mpo_init_socket = mpe->mpe_function; @@ -865,6 +893,10 @@ mpc->mpc_ops->mpo_destroy_mount = mpe->mpe_function; break; + case MAC_DESTROY_PIPE: + mpc->mpc_ops->mpo_destroy_pipe = + mpe->mpe_function; + break; case MAC_DESTROY_SOCKET: mpc->mpc_ops->mpo_destroy_socket = mpe->mpe_function; @@ -1399,7 +1431,7 @@ static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, - nmacipqs; + nmacipqs, nmacpipes; SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD, @@ -1412,6 +1444,8 @@ &nmacbpfdescs, 0, "number of bpfdescs in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, sockets, CTLFLAG_RD, &nmacsockets, 0, "number of sockets in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, pipes, CTLFLAG_RD, + &nmacpipes, 0, "number of pipes in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD, &nmacmounts, 0, "number of mounts in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD, @@ -1519,6 +1553,29 @@ } void +mac_init_pipe(struct pipe *pipe) +{ + struct label *label; + + label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); + mac_init_label(label); + pipe->pipe_label = label; + pipe->pipe_peer->pipe_label = label; + MAC_PERFORM(init_pipe, pipe, pipe->pipe_label); + atomic_add_int(&nmacpipes, 1); +} + +void +mac_destroy_pipe(struct pipe *pipe) +{ + + MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label); + mac_destroy_label(pipe->pipe_label); + free(pipe->pipe_label, M_MACPIPELABEL); + atomic_subtract_int(&nmacpipes, 1); +} + +void mac_init_bpfdesc(struct bpf_d *bpf_d) { @@ -2223,6 +2280,13 @@ } void +mac_create_pipe(struct ucred *cred, struct pipe *pipe) +{ + + MAC_PERFORM(create_pipe, cred, pipe, pipe->pipe_label); +} + +void mac_create_socket_from_socket(struct socket *oldsocket, struct socket *newsocket) { @@ -2239,6 +2303,13 @@ MAC_PERFORM(relabel_socket, cred, socket, &socket->so_label, newlabel); } +static void +mac_relabel_pipe(struct ucred *cred, struct pipe *pipe, struct label *newlabel) +{ + + MAC_PERFORM(relabel_pipe, cred, pipe, pipe->pipe_label, newlabel); +} + void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) { @@ -2370,6 +2441,40 @@ return (error); } +static int +mac_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *newlabel) +{ + int error; + + MAC_CHECK(cred_check_relabel_pipe, cred, pipe, pipe->pipe_label, + newlabel); + + return (error); +} + +int +mac_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op) +{ + int error; + + MAC_CHECK(cred_check_pipe_op, cred, pipe, pipe->pipe_label, op); + + return (error); +} + +int +mac_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + unsigned long cmd, void *data) +{ + int error; + + MAC_CHECK(cred_check_pipe_ioctl, cred, pipe, pipe->pipe_label, + cmd, data); + + return (error); +} + void mac_create_mount(struct ucred *cred, struct mount *mp) { @@ -2637,6 +2742,20 @@ } int +mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label) +{ + int error; + + error = mac_cred_check_relabel_pipe(cred, pipe, label); + if (error) + return (error); + + mac_relabel_pipe(cred, pipe, label); + + return (0); +} + +int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, struct mac *extmac) { @@ -2808,6 +2927,7 @@ struct file *fp; struct mac extmac; struct vnode *vp; + struct pipe *pipe; int error; mtx_lock(&Giant); @@ -2827,7 +2947,10 @@ error = mac_externalize(&vp->v_label, &extmac); VOP_UNLOCK(vp, 0, td); break; - + case DTYPE_PIPE: + pipe = (struct pipe *)fp->f_data; + error = mac_externalize(pipe->pipe_label, &extmac); + break; default: error = EINVAL; } @@ -2884,6 +3007,7 @@ struct label intlabel; struct mount *mp; struct vnode *vp; + struct pipe *pipe; int error; mtx_lock(&Giant); @@ -2911,13 +3035,16 @@ error = vn_setlabel(vp, &intlabel, td->td_ucred); VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); + mac_destroy_temp(&intlabel); + break; + case DTYPE_PIPE: + pipe = (struct pipe *)fp->f_data; + error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel); break; - default: error = EINVAL; } - mac_destroy_temp(&intlabel); out2: fdrop(fp, td); out1: ==== //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#12 (text+ko) ==== @@ -49,9 +49,12 @@ * amount of kernel virtual memory. */ +#include "opt_mac.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/fcntl.h> +#include <sys/mac.h> #include <sys/file.h> #include <sys/filedesc.h> #include <sys/filio.h> @@ -266,6 +269,16 @@ td->td_retval[1] = fd; rpipe->pipe_peer = wpipe; wpipe->pipe_peer = rpipe; +#ifdef MAC + /* + * struct pipe represents a pipe endpoint. The MAC label is shared + * between connected endpoints. As a result mac_init_pipe() and + * mac_create_pipe() should only be called on one of the endpoints + * after they have been connected. + */ + mac_init_pipe(rpipe); + mac_create_pipe(td->td_ucred, rpipe); +#endif /* MAC */ mtx_init(pmtx, "pipe mutex", NULL, MTX_DEF | MTX_RECURSE); rpipe->pipe_mtxp = wpipe->pipe_mtxp = pmtx; fdrop(rf, td); @@ -454,6 +467,12 @@ if (error) goto unlocked_error; +#ifdef MAC + error = mac_cred_check_pipe_op(cred, rpipe, MAC_OP_PIPE_READ); + if (error) + goto locked_error; +#endif /* MAC */ + while (uio->uio_resid) { /* * normal pipe buffer receive @@ -559,6 +578,9 @@ goto unlocked_error; } } +#ifdef MAC /* XXX: suppress compiler warning. */ +locked_error: +#endif /* MAC */ pipeunlock(rpipe); /* XXX: should probably do this before getting any locks. */ @@ -850,6 +872,13 @@ PIPE_UNLOCK(rpipe); return (EPIPE); } +#ifdef MAC + error = mac_cred_check_pipe_op(cred, wpipe, MAC_OP_PIPE_WRITE); + if (error) { + PIPE_UNLOCK(rpipe); + return (error); + } +#endif /* MAC */ ++wpipe->pipe_busy; /* @@ -1121,7 +1150,13 @@ struct thread *td; { struct pipe *mpipe = (struct pipe *)fp->f_data; +#ifdef MAC + int error; + error = mac_cred_check_pipe_ioctl(td->td_ucred, mpipe, cmd, data); + if (error) + return (error); +#endif /* MAC */ switch (cmd) { case FIONBIO: @@ -1176,7 +1211,13 @@ struct pipe *rpipe = (struct pipe *)fp->f_data; struct pipe *wpipe; int revents = 0; +#ifdef MAC + int error; + error = mac_cred_check_pipe_op(td->td_ucred, rpipe, MAC_OP_PIPE_POLL); + if (error) + return (error); +#endif /* MAC */ wpipe = rpipe->pipe_peer; PIPE_LOCK(rpipe); if (events & (POLLIN | POLLRDNORM)) @@ -1223,7 +1264,13 @@ struct thread *td; { struct pipe *pipe = (struct pipe *)fp->f_data; +#ifdef MAC + int error; + error = mac_cred_check_pipe_op(td->td_ucred, pipe, MAC_OP_PIPE_STAT); + if (error) + return (error); +#endif /* MAC */ bzero((caddr_t)ub, sizeof(*ub)); ub->st_mode = S_IFIFO; ub->st_blksize = pipe->pipe_buffer.size; @@ -1318,6 +1365,13 @@ cpipe->pipe_state |= PIPE_WANT | PIPE_EOF; msleep(cpipe, PIPE_MTX(cpipe), PRIBIO, "pipecl", 0); } +#ifdef MAC + /* + * Destroy MAC data + */ + if (cpipe->pipe_peer) + mac_destroy_pipe(cpipe); +#endif /* MAC */ /* * Disconnect from peer ==== //depot/projects/trustedbsd/mac/sys/modules/Makefile#26 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#69 (text+ko) ==== @@ -57,6 +57,7 @@ #include <sys/file.h> #include <sys/socket.h> #include <sys/socketvar.h> +#include <sys/pipe.h> #include <sys/sysctl.h> #include <fs/devfs/devfs.h> @@ -455,6 +456,13 @@ } static void +mac_biba_init_pipe(struct pipe *pipe, struct label *label) +{ + + SLOT(label) = biba_alloc(M_WAITOK); +} + +static void mac_biba_init_subject(struct ucred *ucred, struct label *label) { @@ -539,6 +547,14 @@ } static void +mac_biba_destroy_pipe(struct pipe *pipe, struct label *label) +{ + + biba_free(SLOT(label)); + SLOT(label) = NULL; +} + +static void mac_biba_destroy_subject(struct ucred *ucred, struct label *label) { @@ -781,6 +797,18 @@ } static void +mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(pipelabel); + + mac_biba_copy_single(source, dest); +} + +static void mac_biba_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -808,6 +836,18 @@ } static void +mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(pipelabel); + + mac_biba_copy_single(source, dest); +} + +static void mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, struct socket *socket, struct label *socketpeerlabel) { @@ -1223,6 +1263,40 @@ } static int +mac_biba_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + struct mac_biba *subj, *obj, *new; + + new = SLOT(newlabel); + subj = SLOT(&cred->cr_label); + obj = SLOT(pipelabel); + + if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) + return (EINVAL); + + /* + * To relabel a pipe, the old pipe label must be in the subject + * range. + */ + if (!mac_biba_single_in_range(obj, subj)) + return (EPERM); + + /* + * To relabel a pipe, the new pipe label must be in the subject + * range. + */ + if (!mac_biba_single_in_range(new, subj)) + return (EPERM); + + /* + * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. + */ + + return (0); +} + +static int mac_biba_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel) { struct mac_biba *subj, *new; @@ -1888,6 +1962,49 @@ } } +static int +mac_biba_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, int op) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((pipelabel)); + + switch(op) { + case MAC_OP_PIPE_READ: + case MAC_OP_PIPE_STAT: + case MAC_OP_PIPE_POLL: + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + break; + case MAC_OP_PIPE_WRITE: + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + break; + default: + panic("mac_biba_cred_check_pipe_op: invalid pipe operation"); + } + + return (0); +} + +static int +mac_biba_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) +{ + + if(!mac_biba_enabled) + return (0); + + /* XXX: This will be implemented soon... */ + + return (0); +} + static struct mac_policy_op_entry mac_biba_ops[] = { { MAC_DESTROY, @@ -1906,6 +2023,8 @@ (macop_t)mac_biba_init_mbuf }, { MAC_INIT_MOUNT, (macop_t)mac_biba_init_mount }, + { MAC_INIT_PIPE, + (macop_t)mac_biba_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_biba_init_socket }, { MAC_INIT_SUBJECT, @@ -1926,6 +2045,8 @@ (macop_t)mac_biba_destroy_mbuf }, { MAC_DESTROY_MOUNT, (macop_t)mac_biba_destroy_mount }, + { MAC_DESTROY_PIPE, + (macop_t)mac_biba_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_biba_destroy_socket }, { MAC_DESTROY_SUBJECT, @@ -1962,10 +2083,14 @@ (macop_t)mac_biba_update_vnode_from_mount }, { MAC_CREATE_MBUF_FROM_SOCKET, (macop_t)mac_biba_create_mbuf_from_socket }, + { MAC_CREATE_PIPE, + (macop_t)mac_biba_create_pipe }, { MAC_CREATE_SOCKET, (macop_t)mac_biba_create_socket }, { MAC_CREATE_SOCKET_FROM_SOCKET, (macop_t)mac_biba_create_socket_from_socket }, + { MAC_RELABEL_PIPE, + (macop_t)mac_biba_relabel_pipe }, { MAC_RELABEL_SOCKET, (macop_t)mac_biba_relabel_socket }, { MAC_SET_SOCKET_PEER_FROM_MBUF, @@ -2020,6 +2145,8 @@ (macop_t)mac_biba_cred_check_see_socket }, { MAC_CRED_CHECK_RELABEL_IFNET, (macop_t)mac_biba_cred_check_relabel_ifnet }, + { MAC_CRED_CHECK_RELABEL_PIPE, + (macop_t)mac_biba_cred_check_relabel_pipe }, { MAC_CRED_CHECK_RELABEL_SOCKET, (macop_t)mac_biba_cred_check_relabel_socket }, { MAC_CRED_CHECK_RELABEL_SUBJECT, @@ -2052,6 +2179,10 @@ (macop_t)mac_biba_cred_check_lookup_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_biba_cred_check_open_vnode }, + { MAC_CRED_CHECK_PIPE_IOCTL, + (macop_t)mac_biba_cred_check_pipe_ioctl }, + { MAC_CRED_CHECK_PIPE_OP, + (macop_t)mac_biba_cred_check_pipe_op }, { MAC_CRED_CHECK_READDIR_VNODE, (macop_t)mac_biba_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#57 (text+ko) ==== @@ -57,6 +57,7 @@ #include <sys/file.h> #include <sys/socket.h> #include <sys/socketvar.h> +#include <sys/pipe.h> #include <sys/sysctl.h> #include <fs/devfs/devfs.h> @@ -433,6 +434,13 @@ } static void +mac_mls_init_pipe(struct pipe *pipe, struct label *label) +{ + + SLOT(label) = mls_alloc(M_WAITOK); +} + +static void mac_mls_init_subject(struct ucred *ucred, struct label *label) { @@ -517,6 +525,14 @@ } static void +mac_mls_destroy_pipe(struct pipe *pipe, struct label *label) +{ + + mls_free(SLOT(label)); + SLOT(label) = NULL; +} + +static void mac_mls_destroy_subject(struct ucred *ucred, struct label *label) { @@ -762,6 +778,18 @@ } static void +mac_mls_create_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(pipelabel); + + mac_mls_copy_single(source, dest); +} + +static void mac_mls_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -789,6 +817,18 @@ } static void +mac_mls_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(pipelabel); + + mac_mls_copy_single(source, dest); +} + +static void mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, struct socket *socket, struct label *socketpeerlabel) { @@ -1162,6 +1202,40 @@ } static int +mac_mls_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + struct mac_mls *subj, *obj, *new; + + new = SLOT(newlabel); + subj = SLOT(&cred->cr_label); + obj = SLOT(pipelabel); + + if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) + return (EINVAL); + + /* + * To relabel a pipe, the old pipe label must be in the subject + * range. + */ + if (!mac_mls_single_in_range(obj, subj)) + return (EPERM); + + /* + * To relabel a pipe, the new pipe label must be in the subject + * range. + */ + if (!mac_mls_single_in_range(new, subj)) + return (EPERM); + + /* + * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. + */ + + return (0); +} + +static int mac_mls_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel) { struct mac_mls *subj, *new; @@ -1827,6 +1901,49 @@ } } +static int +mac_mls_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, int op) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((pipelabel)); + + switch(op) { + case MAC_OP_PIPE_READ: + case MAC_OP_PIPE_STAT: + case MAC_OP_PIPE_POLL: + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + break; + case MAC_OP_PIPE_WRITE: + if (!mac_mls_dominate_single(obj, subj)) + return (EACCES); + break; + default: + panic("mac_mls_cred_check_pipe_op: invalid pipe operation"); + } + + return (0); +} + +static int +mac_mls_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) +{ + + if(!mac_mls_enabled) + return (0); + + /* XXX: This will be implemented soon... */ + + return (0); +} + static struct mac_policy_op_entry mac_mls_ops[] = { { MAC_DESTROY, @@ -1845,6 +1962,8 @@ (macop_t)mac_mls_init_mbuf }, { MAC_INIT_MOUNT, (macop_t)mac_mls_init_mount }, + { MAC_INIT_PIPE, + (macop_t)mac_mls_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_mls_init_socket }, { MAC_INIT_SUBJECT, @@ -1865,6 +1984,8 @@ (macop_t)mac_mls_destroy_mbuf }, { MAC_DESTROY_MOUNT, (macop_t)mac_mls_destroy_mount }, + { MAC_DESTROY_PIPE, + (macop_t)mac_mls_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_mls_destroy_socket }, { MAC_DESTROY_SUBJECT, @@ -1901,10 +2022,14 @@ (macop_t)mac_mls_update_vnode_from_mount }, { MAC_CREATE_MBUF_FROM_SOCKET, (macop_t)mac_mls_create_mbuf_from_socket }, + { MAC_CREATE_PIPE, + (macop_t)mac_mls_create_pipe }, { MAC_CREATE_SOCKET, (macop_t)mac_mls_create_socket }, { MAC_CREATE_SOCKET_FROM_SOCKET, (macop_t)mac_mls_create_socket_from_socket }, + { MAC_RELABEL_PIPE, + (macop_t)mac_mls_relabel_pipe }, { MAC_RELABEL_SOCKET, (macop_t)mac_mls_relabel_socket }, { MAC_SET_SOCKET_PEER_FROM_MBUF, @@ -1959,6 +2084,8 @@ (macop_t)mac_mls_cred_check_see_socket }, { MAC_CRED_CHECK_RELABEL_IFNET, (macop_t)mac_mls_cred_check_relabel_ifnet }, + { MAC_CRED_CHECK_RELABEL_PIPE, + (macop_t)mac_mls_cred_check_relabel_pipe }, { MAC_CRED_CHECK_RELABEL_SOCKET, (macop_t)mac_mls_cred_check_relabel_socket }, { MAC_CRED_CHECK_RELABEL_SUBJECT, @@ -1991,6 +2118,10 @@ (macop_t)mac_mls_cred_check_lookup_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_mls_cred_check_open_vnode }, + { MAC_CRED_CHECK_PIPE_IOCTL, + (macop_t)mac_mls_cred_check_pipe_ioctl }, + { MAC_CRED_CHECK_PIPE_OP, + (macop_t)mac_mls_cred_check_pipe_op }, { MAC_CRED_CHECK_READDIR_VNODE, (macop_t)mac_mls_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#46 (text+ko) ==== @@ -57,6 +57,7 @@ #include <sys/file.h> #include <sys/socket.h> #include <sys/socketvar.h> +#include <sys/pipe.h> #include <sys/sysctl.h> #include <fs/devfs/devfs.h> @@ -147,6 +148,12 @@ } static void +mac_none_init_pipe(struct pipe *pipe, struct label *label) +{ + +} + +static void mac_none_init_subject(struct ucred *ucred, struct label *label) { @@ -210,6 +217,12 @@ } static void +mac_none_destroy_pipe(struct pipe *pipe, struct label *label) +{ + +} + +static void mac_none_destroy_subject(struct ucred *ucred, struct label *label) { @@ -342,6 +355,13 @@ } static void +mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel) +{ + +} + +static void mac_none_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -357,6 +377,13 @@ } static void +mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + +} + +static void mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, struct socket *socket, struct label *socketpeerlabel) { @@ -577,6 +604,14 @@ } static int +mac_none_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, struct label *newlabel) +{ + + return (0); +} + +static int mac_none_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel) { @@ -832,6 +867,22 @@ return (0); } +static int +mac_none_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, int op) +{ + + return (0); +} + +static int +mac_none_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) +{ + + return (0); +} + static struct mac_policy_op_entry mac_none_ops[] = { { MAC_DESTROY, @@ -850,6 +901,8 @@ (macop_t)mac_none_init_mbuf }, { MAC_INIT_MOUNT, (macop_t)mac_none_init_mount }, + { MAC_INIT_PIPE, + (macop_t)mac_none_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_none_init_socket }, { MAC_INIT_SUBJECT, @@ -870,6 +923,8 @@ (macop_t)mac_none_destroy_mbuf }, { MAC_DESTROY_MOUNT, (macop_t)mac_none_destroy_mount }, + { MAC_DESTROY_PIPE, + (macop_t)mac_none_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_none_destroy_socket }, { MAC_DESTROY_SUBJECT, @@ -906,10 +961,14 @@ (macop_t)mac_none_update_vnode_from_mount }, { MAC_CREATE_MBUF_FROM_SOCKET, (macop_t)mac_none_create_mbuf_from_socket }, >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207241841.g6OIf6jx069460>