Date: Thu, 26 Feb 2009 10:56:13 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r189063 - head/sys/kern Message-ID: <200902261056.n1QAuDTL025375@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Thu Feb 26 10:56:13 2009 New Revision: 189063 URL: http://svn.freebsd.org/changeset/base/189063 Log: Add static tracing for privilege checking: priv:kernel:priv_check:priv_ok fires for granted privileges priv:kernel:priv_check:priv_errr fires for denied privileges The first argument is the requested privilege number. The naming convention is a little different from the OpenSolaris equivilent because we can't have '-' in probefunc names, and our privilege namespace is different. MFC after: 1 week Modified: head/sys/kern/kern_priv.c Modified: head/sys/kern/kern_priv.c ============================================================================== --- head/sys/kern/kern_priv.c Thu Feb 26 10:38:19 2009 (r189062) +++ head/sys/kern/kern_priv.c Thu Feb 26 10:56:13 2009 (r189063) @@ -1,5 +1,6 @@ /*- * Copyright (c) 2006 nCircle Network Security, Inc. + * Copyright (c) 2009 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert N. M. Watson for the TrustedBSD @@ -27,6 +28,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "opt_kdtrace.h" #include "opt_mac.h" #include <sys/cdefs.h> @@ -37,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/priv.h> #include <sys/proc.h> +#include <sys/sdt.h> #include <sys/sysctl.h> #include <sys/systm.h> @@ -57,6 +60,14 @@ SYSCTL_INT(_security_bsd, OID_AUTO, suse &suser_enabled, 0, "processes with uid 0 have privilege"); TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled); +SDT_PROVIDER_DEFINE(priv); + +SDT_PROBE_DEFINE(priv, kernel, priv_check, priv_ok); +SDT_PROBE_ARGTYPE(priv, kernel, priv_check, priv_ok, 0, "int"); + +SDT_PROBE_DEFINE(priv, kernel, priv_check, priv_err); +SDT_PROBE_ARGTYPE(priv, kernel, priv_check, priv_err, 0, "int"); + /* * Check a credential for privilege. Lots of good reasons to deny privilege; * only a few to grant it. @@ -76,7 +87,7 @@ priv_check_cred(struct ucred *cred, int #ifdef MAC error = mac_priv_check(cred, priv); if (error) - return (error); + goto out; #endif /* @@ -85,7 +96,7 @@ priv_check_cred(struct ucred *cred, int */ error = prison_priv_check(cred, priv); if (error) - return (error); + goto out; /* * Having determined if privilege is restricted by various policies, @@ -103,13 +114,17 @@ priv_check_cred(struct ucred *cred, int case PRIV_MAXFILES: case PRIV_MAXPROC: case PRIV_PROC_LIMIT: - if (cred->cr_ruid == 0) - return (0); + if (cred->cr_ruid == 0) { + error = 0; + goto out; + } break; default: - if (cred->cr_uid == 0) - return (0); + if (cred->cr_uid == 0) { + error = 0; + goto out; + } break; } } @@ -119,10 +134,26 @@ priv_check_cred(struct ucred *cred, int * privilege. */ #ifdef MAC - if (mac_priv_grant(cred, priv) == 0) - return (0); + if (mac_priv_grant(cred, priv) == 0) { + error = 0; + goto out; + } #endif - return (EPERM); + + /* + * The default is deny, so if no policies have granted it, reject + * with a privilege error here. + */ + error = EPERM; +out: + if (error) { + SDT_PROBE(priv, kernel, priv_check, priv_err, priv, 0, 0, 0, + 0); + } else { + SDT_PROBE(priv, kernel, priv_check, priv_ok, priv, 0, 0, 0, + 0); + } + return (error); } int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902261056.n1QAuDTL025375>