From owner-svn-src-head@FreeBSD.ORG Fri Sep 2 17:40:40 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EF5E106566B; Fri, 2 Sep 2011 17:40:40 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0B7D68FC0C; Fri, 2 Sep 2011 17:40:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p82HeeEc009479; Fri, 2 Sep 2011 17:40:40 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p82Hedjp009470; Fri, 2 Sep 2011 17:40:39 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201109021740.p82Hedjp009470@svn.freebsd.org> From: Robert Watson Date: Fri, 2 Sep 2011 17:40:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r225344 - in head/sys: kern security/mac security/mac_biba security/mac_mls security/mac_stub security/mac_test X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 17:40:40 -0000 Author: rwatson Date: Fri Sep 2 17:40:39 2011 New Revision: 225344 URL: http://svn.freebsd.org/changeset/base/225344 Log: Correct several issues in the integration of POSIX shared memory objects and the new setmode and setowner fileops in FreeBSD 9.0: - Add new MAC Framework entry point mac_posixshm_check_create() to allow MAC policies to authorise shared memory use. Provide a stub policy and test policy templates. - Add missing Biba and MLS implementations of mac_posixshm_check_setmode() and mac_posixshm_check_setowner(). - Add 'accmode' argument to mac_posixshm_check_open() -- unlike the mac_posixsem_check_open() entry point it was modeled on, the access mode is required as shared memory access can be read-only as well as writable; this isn't true of POSIX semaphores. - Implement full range of POSIX shared memory entry points for Biba and MLS. Sponsored by: Google Inc. Obtained from: TrustedBSD Project Approved by: re (kib) Modified: head/sys/kern/uipc_shm.c head/sys/security/mac/mac_framework.h head/sys/security/mac/mac_policy.h head/sys/security/mac/mac_posix_shm.c head/sys/security/mac_biba/mac_biba.c head/sys/security/mac_mls/mac_mls.c head/sys/security/mac_stub/mac_stub.c head/sys/security/mac_test/mac_test.c Modified: head/sys/kern/uipc_shm.c ============================================================================== --- head/sys/kern/uipc_shm.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/kern/uipc_shm.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2006 Robert N. M. Watson + * Copyright (c) 2006, 2011 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,25 +31,21 @@ * * TODO: * - * (2) Need to export data to a userland tool via a sysctl. Should ipcs(1) + * (1) Need to export data to a userland tool via a sysctl. Should ipcs(1) * and ipcrm(1) be expanded or should new tools to manage both POSIX * kernel semaphores and POSIX shared memory be written? * - * (3) Add support for this file type to fstat(1). + * (2) Add support for this file type to fstat(1). * - * (4) Resource limits? Does this need its own resource limits or are the + * (3) Resource limits? Does this need its own resource limits or are the * existing limits in mmap(2) sufficient? * - * (5) Partial page truncation. vnode_pager_setsize() will zero any parts + * (4) Partial page truncation. vnode_pager_setsize() will zero any parts * of a partially mapped page as a result of ftruncate(2)/truncate(2). * We can do the same (with the same pmap evil), but do we need to * worry about the bits on disk if the page is swapped out or will the * swapper zero the parts of a page that are invalid if the page is * swapped back in for us? - * - * (6) Add MAC support in mac_biba(4) and mac_mls(4). - * - * (7) Add a MAC check_create() hook for creating new named objects. */ #include @@ -551,8 +547,16 @@ shm_open(struct thread *td, struct shm_o if (shmfd == NULL) { /* Object does not yet exist, create it if requested. */ if (uap->flags & O_CREAT) { - shmfd = shm_alloc(td->td_ucred, cmode); - shm_insert(path, fnv, shmfd); +#ifdef MAC + error = mac_posixshm_check_create(td->td_ucred, + path); + if (error == 0) { +#endif + shmfd = shm_alloc(td->td_ucred, cmode); + shm_insert(path, fnv, shmfd); +#ifdef MAC + } +#endif } else { free(path, M_SHMFD); error = ENOENT; @@ -569,7 +573,7 @@ shm_open(struct thread *td, struct shm_o else { #ifdef MAC error = mac_posixshm_check_open(td->td_ucred, - shmfd); + shmfd, FFLAGS(uap->flags & O_ACCMODE)); if (error == 0) #endif error = shm_access(shmfd, td->td_ucred, Modified: head/sys/security/mac/mac_framework.h ============================================================================== --- head/sys/security/mac/mac_framework.h Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac/mac_framework.h Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005-2006 SPARTA, Inc. * All rights reserved. @@ -238,9 +238,11 @@ void mac_posixsem_create(struct ucred * void mac_posixsem_destroy(struct ksem *); void mac_posixsem_init(struct ksem *); +int mac_posixshm_check_create(struct ucred *cred, const char *path); int mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, int prot, int flags); -int mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd); +int mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, + accmode_t accmode); int mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, mode_t mode); int mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, Modified: head/sys/security/mac/mac_policy.h ============================================================================== --- head/sys/security/mac/mac_policy.h Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac/mac_policy.h Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005-2006 SPARTA, Inc. * Copyright (c) 2008 Apple Inc. @@ -355,11 +355,14 @@ typedef void (*mpo_posixsem_create_t)(st typedef void (*mpo_posixsem_destroy_label_t)(struct label *label); typedef void (*mpo_posixsem_init_label_t)(struct label *label); +typedef int (*mpo_posixshm_check_create_t)(struct ucred *cred, + const char *path); typedef int (*mpo_posixshm_check_mmap_t)(struct ucred *cred, struct shmfd *shmfd, struct label *shmlabel, int prot, int flags); typedef int (*mpo_posixshm_check_open_t)(struct ucred *cred, - struct shmfd *shmfd, struct label *shmlabel); + struct shmfd *shmfd, struct label *shmlabel, + accmode_t accmode); typedef int (*mpo_posixshm_check_setmode_t)(struct ucred *cred, struct shmfd *shmfd, struct label *shmlabel, mode_t mode); @@ -812,6 +815,7 @@ struct mac_policy_ops { mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label; mpo_posixsem_init_label_t mpo_posixsem_init_label; + mpo_posixshm_check_create_t mpo_posixshm_check_create; mpo_posixshm_check_mmap_t mpo_posixshm_check_mmap; mpo_posixshm_check_open_t mpo_posixshm_check_open; mpo_posixshm_check_setmode_t mpo_posixshm_check_setmode; Modified: head/sys/security/mac/mac_posix_shm.c ============================================================================== --- head/sys/security/mac/mac_posix_shm.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac/mac_posix_shm.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,6 +1,6 @@ /*- * Copyright (c) 2003-2006 SPARTA, Inc. - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2011 Robert N. M. Watson * All rights reserved. * * This software was developed for the FreeBSD Project in part by Network @@ -101,6 +101,20 @@ mac_posixshm_create(struct ucred *cred, shmfd->shm_label); } +MAC_CHECK_PROBE_DEFINE2(posixshm_check_create, "struct ucred *", + "const char *"); + +int +mac_posixshm_check_create(struct ucred *cred, const char *path) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(posixshm_check_create, cred, path); + MAC_CHECK_PROBE2(posixshm_check_create, error, cred, path); + + return (error); +} + MAC_CHECK_PROBE_DEFINE4(posixshm_check_mmap, "struct ucred *", "struct shmfd *", "int", "int"); @@ -118,17 +132,18 @@ mac_posixshm_check_mmap(struct ucred *cr return (error); } -MAC_CHECK_PROBE_DEFINE2(posixshm_check_open, "struct ucred *", - "struct shmfd *"); +MAC_CHECK_PROBE_DEFINE3(posixshm_check_open, "struct ucred *", + "struct shmfd *", "accmode_t accmode"); int -mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd) +mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, + accmode_t accmode) { int error; MAC_POLICY_CHECK_NOSLEEP(posixshm_check_open, cred, shmfd, - shmfd->shm_label); - MAC_CHECK_PROBE2(posixshm_check_open, error, cred, shmfd); + shmfd->shm_label, accmode); + MAC_CHECK_PROBE3(posixshm_check_open, error, cred, shmfd, accmode); return (error); } Modified: head/sys/security/mac_biba/mac_biba.c ============================================================================== --- head/sys/security/mac_biba/mac_biba.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac_biba/mac_biba.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. @@ -14,6 +14,9 @@ * This software was enhanced by SPARTA ISSO under SPAWAR contract * N66001-04-C-6019 ("SEFOS"). * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -1622,6 +1625,42 @@ biba_posixsem_check_openunlink(struct uc } static int +biba_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, + struct label *kslabel, mode_t mode) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, + struct label *kslabel, uid_t uid, gid_t gid) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int biba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, struct ksem *ks, struct label *kslabel) { @@ -1669,6 +1708,156 @@ biba_posixsem_create(struct ucred *cred, biba_copy_effective(source, dest); } +static int +biba_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, int prot, int flags) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled || !revocation_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + } + if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + } + + return (0); +} + +static int +biba_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, accmode_t accmode) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + } + if (accmode & VMODIFY_PERMS) { + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + } + + return (0); +} + +static int +biba_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, mode_t mode) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, uid_t uid, gid_t gid) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, + struct shmfd *shmfd, struct label *shmlabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(active_cred->cr_label); + obj = SLOT(shmlabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +biba_posixshm_check_truncate(struct ucred *active_cred, + struct ucred *file_cred, struct shmfd *shmfd, struct label *shmlabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(active_cred->cr_label); + obj = SLOT(shmlabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static void +biba_posixshm_create(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); + + biba_copy_effective(source, dest); +} + /* * Some system privileges are allowed regardless of integrity grade; others * are allowed only when running with privilege with respect to the Biba @@ -3455,6 +3644,8 @@ static struct mac_policy_ops mac_biba_op .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, .mpo_posixsem_check_open = biba_posixsem_check_openunlink, .mpo_posixsem_check_post = biba_posixsem_check_write, + .mpo_posixsem_check_setmode = biba_posixsem_check_setmode, + .mpo_posixsem_check_setowner = biba_posixsem_check_setowner, .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, .mpo_posixsem_check_wait = biba_posixsem_check_write, @@ -3462,6 +3653,17 @@ static struct mac_policy_ops mac_biba_op .mpo_posixsem_destroy_label = biba_destroy_label, .mpo_posixsem_init_label = biba_init_label, + .mpo_posixshm_check_mmap = biba_posixshm_check_mmap, + .mpo_posixshm_check_open = biba_posixshm_check_open, + .mpo_posixshm_check_setmode = biba_posixshm_check_setmode, + .mpo_posixshm_check_setowner = biba_posixshm_check_setowner, + .mpo_posixshm_check_stat = biba_posixshm_check_stat, + .mpo_posixshm_check_truncate = biba_posixshm_check_truncate, + .mpo_posixshm_check_unlink = biba_posixshm_check_unlink, + .mpo_posixshm_create = biba_posixshm_create, + .mpo_posixshm_destroy_label = biba_destroy_label, + .mpo_posixshm_init_label = biba_init_label, + .mpo_priv_check = biba_priv_check, .mpo_proc_check_debug = biba_proc_check_debug, Modified: head/sys/security/mac_mls/mac_mls.c ============================================================================== --- head/sys/security/mac_mls/mac_mls.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac_mls/mac_mls.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. @@ -14,6 +14,9 @@ * This software was enhanced by SPARTA ISSO under SPAWAR contract * N66001-04-C-6019 ("SEFOS"). * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -1532,6 +1535,42 @@ mls_posixsem_check_rdonly(struct ucred * } static int +mls_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, + struct label *shmlabel, mode_t mode) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, + struct label *shmlabel, uid_t uid, gid_t gid) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int mls_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, struct ksem *ks, struct label *kslabel) { @@ -1562,6 +1601,159 @@ mls_posixsem_create(struct ucred *cred, } static int +mls_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, int prot, int flags) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + } + if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + } + + return (0); +} + +static int +mls_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, accmode_t accmode) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + } + if (accmode & VMODIFY_PERMS) { + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + } + + return (0); +} + +static int +mls_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, mode_t mode) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel, uid_t uid, gid_t gid) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, + struct shmfd *shmfd, struct label *shmlabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(active_cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mls_posixshm_check_truncate(struct ucred *active_cred, + struct ucred *file_cred, struct shmfd *shmfd, struct label *shmlabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(active_cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmlabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static void +mls_posixshm_create(struct ucred *cred, struct shmfd *shmfd, + struct label *shmlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); + + mls_copy_effective(source, dest); +} + +static int mls_proc_check_debug(struct ucred *cred, struct proc *p) { struct mac_mls *subj, *obj; @@ -3075,6 +3267,8 @@ static struct mac_policy_ops mls_ops = .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, .mpo_posixsem_check_open = mls_posixsem_check_openunlink, .mpo_posixsem_check_post = mls_posixsem_check_write, + .mpo_posixsem_check_setmode = mls_posixsem_check_setmode, + .mpo_posixsem_check_setowner = mls_posixsem_check_setowner, .mpo_posixsem_check_stat = mls_posixsem_check_rdonly, .mpo_posixsem_check_unlink = mls_posixsem_check_openunlink, .mpo_posixsem_check_wait = mls_posixsem_check_write, @@ -3082,6 +3276,17 @@ static struct mac_policy_ops mls_ops = .mpo_posixsem_destroy_label = mls_destroy_label, .mpo_posixsem_init_label = mls_init_label, + .mpo_posixshm_check_mmap = mls_posixshm_check_mmap, + .mpo_posixshm_check_open = mls_posixshm_check_open, + .mpo_posixshm_check_setmode = mls_posixshm_check_setmode, + .mpo_posixshm_check_setowner = mls_posixshm_check_setowner, + .mpo_posixshm_check_stat = mls_posixshm_check_stat, + .mpo_posixshm_check_truncate = mls_posixshm_check_truncate, + .mpo_posixshm_check_unlink = mls_posixshm_check_unlink, + .mpo_posixshm_create = mls_posixshm_create, + .mpo_posixshm_destroy_label = mls_destroy_label, + .mpo_posixshm_init_label = mls_init_label, + .mpo_proc_check_debug = mls_proc_check_debug, .mpo_proc_check_sched = mls_proc_check_sched, .mpo_proc_check_signal = mls_proc_check_signal, Modified: head/sys/security/mac_stub/mac_stub.c ============================================================================== --- head/sys/security/mac_stub/mac_stub.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac_stub/mac_stub.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2005-2006 SPARTA, Inc. * Copyright (c) 2008 Apple Inc. @@ -734,6 +734,13 @@ stub_posixsem_create(struct ucred *cred, } static int +stub_posixshm_check_create(struct ucred *cred, const char *path) +{ + + return (0); +} + +static int stub_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, struct label *shmlabel, int prot, int flags) { @@ -743,7 +750,7 @@ stub_posixshm_check_mmap(struct ucred *c static int stub_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, - struct label *shmlabel) + struct label *shmlabel, accmode_t accmode) { return (0); @@ -1772,6 +1779,7 @@ static struct mac_policy_ops stub_ops = .mpo_posixsem_destroy_label = stub_destroy_label, .mpo_posixsem_init_label = stub_init_label, + .mpo_posixshm_check_create = stub_posixshm_check_create, .mpo_posixshm_check_mmap = stub_posixshm_check_mmap, .mpo_posixshm_check_open = stub_posixshm_check_open, .mpo_posixshm_check_setmode = stub_posixshm_check_setmode, Modified: head/sys/security/mac_test/mac_test.c ============================================================================== --- head/sys/security/mac_test/mac_test.c Fri Sep 2 17:36:01 2011 (r225343) +++ head/sys/security/mac_test/mac_test.c Fri Sep 2 17:40:39 2011 (r225344) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. * Copyright (c) 2008 Apple Inc. @@ -1390,6 +1390,15 @@ test_posixsem_init_label(struct label *l COUNTER_INC(posixsem_init_label); } +COUNTER_DECL(posixshm_check_create); +static int +test_posixshm_check_create(struct ucred *cred, const char *path) +{ + + COUNTER_INC(posixshm_check_create); + return (0); +} + COUNTER_DECL(posixshm_check_mmap); static int test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, @@ -1405,7 +1414,7 @@ test_posixshm_check_mmap(struct ucred *c COUNTER_DECL(posixshm_check_open); static int test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, - struct label *shmfdlabel) + struct label *shmfdlabel, accmode_t accmode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); @@ -3102,6 +3111,7 @@ static struct mac_policy_ops test_ops = .mpo_posixsem_destroy_label = test_posixsem_destroy_label, .mpo_posixsem_init_label = test_posixsem_init_label, + .mpo_posixshm_check_create = test_posixshm_check_create, .mpo_posixshm_check_mmap = test_posixshm_check_mmap, .mpo_posixshm_check_open = test_posixshm_check_open, .mpo_posixshm_check_setmode = test_posixshm_check_setmode,