From owner-p4-projects@FreeBSD.ORG Sat Nov 8 21:52:37 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 37E5A16A4D0; Sat, 8 Nov 2003 21:52:37 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 086A016A4CE for ; Sat, 8 Nov 2003 21:52:37 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E8B543FB1 for ; Sat, 8 Nov 2003 21:52:36 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA95qZXJ053267 for ; Sat, 8 Nov 2003 21:52:36 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA95qZV6053264 for perforce@freebsd.org; Sat, 8 Nov 2003 21:52:35 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 8 Nov 2003 21:52:35 -0800 (PST) Message-Id: <200311090552.hA95qZV6053264@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 41787 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2003 05:52:37 -0000 http://perforce.freebsd.org/chv.cgi?CH=41787 Change 41787 by rwatson@rwatson_paprika on 2003/11/08 21:52:12 Add explicit label arguments to ksem policy entry points so that policy modules can avoid explicit knowledge of the ksem structure for label-only decisions. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#224 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#72 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#182 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#9 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#116 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#200 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#6 (text+ko) ==== @@ -92,8 +92,7 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_close, cred, ksemptr); + MAC_CHECK(check_posix_sem_close, cred, ksemptr, &ksemptr->ks_label); return(error); } @@ -106,8 +105,8 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_destroy, cred, ksemptr); + MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, + &ksemptr->ks_label); return(error); } @@ -120,8 +119,8 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr); + MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr, + &ksemptr->ks_label); return(error); } @@ -134,8 +133,8 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr); + MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr, + &ksemptr->ks_label); return(error); } @@ -148,8 +147,7 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_post, cred, ksemptr); + MAC_CHECK(check_posix_sem_post, cred, ksemptr, &ksemptr->ks_label); return(error); } @@ -162,8 +160,7 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_unlink, cred, ksemptr); + MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, &ksemptr->ks_label); return(error); } @@ -176,8 +173,7 @@ if (!mac_enforce_posix_sem) return (0); - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_wait, cred, ksemptr); + MAC_CHECK(check_posix_sem_wait, cred, ksemptr, &ksemptr->ks_label); return(error); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#224 (text+ko) ==== @@ -2155,7 +2155,8 @@ } static int -mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_biba *subj, *obj; @@ -2172,7 +2173,8 @@ } static int -mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_biba *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#72 (text+ko) ==== @@ -2277,7 +2277,8 @@ } static int -mac_lomac_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +mac_lomac_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_lomac *subj, *obj; @@ -2285,7 +2286,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_lomac_dominate_single(subj, obj)) return (EACCES); @@ -2294,7 +2295,8 @@ } static int -mac_lomac_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +mac_lomac_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_lomac *subj, *obj; @@ -2302,7 +2304,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_lomac_dominate_single(obj, subj)) return (maybe_demote(subj, obj, "sem_getvalue", "posix_sem", NULL)); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#182 (text+ko) ==== @@ -2049,7 +2049,8 @@ } static int -mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_mls *subj, *obj; @@ -2057,7 +2058,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_mls_dominate_single(obj, subj)) return (EACCES); @@ -2066,7 +2067,8 @@ } static int -mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { struct mac_mls *subj, *obj; @@ -2074,7 +2076,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_mls_dominate_single(subj, obj)) return (EACCES); ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#9 (text+ko) ==== @@ -271,7 +271,8 @@ } static void -stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) +stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { } @@ -802,49 +803,56 @@ } static int -stub_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); } static int -stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#116 (text+ko) ==== @@ -1611,7 +1611,8 @@ } static int -mac_test_check_posix_ksem(struct ucred *cred, struct ksem *ksemptr) +mac_test_check_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) { ASSERT_CRED_LABEL(cred->cr_label); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#200 (text+ko) ==== @@ -386,19 +386,19 @@ int (*mpo_check_pipe_write)(struct ucred *cred, struct pipe *pipe, struct label *pipelabel); int (*mpo_check_posix_sem_close)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_destroy)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_getvalue)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_openexisting)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_post)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_unlink)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_posix_sem_wait)(struct ucred *cred, - struct ksem *ksemptr); + struct ksem *ksemptr, struct label *ks_label); int (*mpo_check_proc_debug)(struct ucred *cred, struct proc *proc); int (*mpo_check_proc_sched)(struct ucred *cred,