From owner-p4-projects@FreeBSD.ORG  Fri Apr 20 14:56:17 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A46EE16A404; Fri, 20 Apr 2007 14:56:17 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5000D16A402
	for <perforce@freebsd.org>; Fri, 20 Apr 2007 14:56:17 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 3DEEC13C457
	for <perforce@freebsd.org>; Fri, 20 Apr 2007 14:56:17 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l3KEuHqK025283
	for <perforce@freebsd.org>; Fri, 20 Apr 2007 14:56:17 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l3KEuGg7025276
	for perforce@freebsd.org; Fri, 20 Apr 2007 14:56:16 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Fri, 20 Apr 2007 14:56:16 GMT
Message-Id: <200704201456.l3KEuGg7025276@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 118479 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2007 14:56:18 -0000

http://perforce.freebsd.org/chv.cgi?CH=118479

Change 118479 by rwatson@rwatson_zoo on 2007/04/20 14:56:02

	Implement audit MAC checks for mac_biba, mac_bsdextended, mac_lomac,
	mac_mls, mac_stub, mac_test.
	
	Implement and/or sort missing system checks for mac_bsdextended,
	mac_lomac, mac_mls, mac_stub, mac_test.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/mac_biba/mac_biba.c#11 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac_bsdextended/mac_bsdextended.c#11 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac_lomac/mac_lomac.c#10 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac_mls/mac_mls.c#9 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac_stub/mac_stub.c#8 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac_test/mac_test.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/mac_biba/mac_biba.c#11 (text+ko) ====

@@ -2304,6 +2304,50 @@
 }
 
 static int
+mac_biba_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *vplabel)
+{
+	struct mac_biba *subj, *obj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	if (vplabel == NULL)
+		return (0);
+
+	obj = SLOT(vplabel);
+	if (!mac_biba_high_effective(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_biba_check_system_auditon(struct ucred *cred, int cmd)
+{
+	struct mac_biba *subj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
+static int
 mac_biba_check_system_settime(struct ucred *cred)
 {
 	struct mac_biba *subj;
@@ -3204,6 +3248,8 @@
 	.mpo_check_socket_visible = mac_biba_check_socket_visible,
 	.mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_biba_check_system_acct,
+	.mpo_check_system_auditctl = mac_biba_check_system_auditctl,
+	.mpo_check_system_auditon = mac_biba_check_system_auditon,
 	.mpo_check_system_settime = mac_biba_check_system_settime,
 	.mpo_check_system_swapon = mac_biba_check_system_swapon,
 	.mpo_check_system_swapoff = mac_biba_check_system_swapoff,

==== //depot/projects/trustedbsd/audit3/sys/security/mac_bsdextended/mac_bsdextended.c#11 (text+ko) ====

@@ -488,6 +488,30 @@
 }
 
 static int
+mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
+static int
+mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
+static int
+mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
+static int
 mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -739,6 +763,9 @@
 {
 	.mpo_destroy = mac_bsdextended_destroy,
 	.mpo_init = mac_bsdextended_init,
+	.mpo_check_system_acct = mac_bsdextended_check_system_acct,
+	.mpo_check_system_auditctl = mac_bsdextended_check_system_auditctl,
+	.mpo_check_system_swapoff = mac_bsdextended_check_system_swapoff,
 	.mpo_check_system_swapon = mac_bsdextended_check_system_swapon,
 	.mpo_check_vnode_access = mac_bsdextended_check_vnode_access,
 	.mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,

==== //depot/projects/trustedbsd/audit3/sys/security/mac_lomac/mac_lomac.c#10 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
  * All rights reserved.
  *
@@ -2046,6 +2046,65 @@
 }
 
 static int
+mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	return (0);
+}
+
+static int
 mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -2700,6 +2759,9 @@
 	.mpo_check_socket_deliver = mac_lomac_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_lomac_check_socket_relabel,
 	.mpo_check_socket_visible = mac_lomac_check_socket_visible,
+	.mpo_check_system_acct = mac_lomac_check_system_acct,
+	.mpo_check_system_auditctl = mac_lomac_check_system_auditctl,
+	.mpo_check_system_swapoff = mac_lomac_check_system_swapoff,
 	.mpo_check_system_swapon = mac_lomac_check_system_swapon,
 	.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
 	.mpo_check_vnode_access = mac_lomac_check_vnode_open,

==== //depot/projects/trustedbsd/audit3/sys/security/mac_mls/mac_mls.c#9 (text+ko) ====

@@ -2165,6 +2165,44 @@
 }
 
 static int
+mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (!mac_mls_dominate_effective(obj, subj) ||
+	    !mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (!mac_mls_dominate_effective(obj, subj) ||
+	    !mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
 mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -2972,6 +3010,8 @@
 	.mpo_check_socket_deliver = mac_mls_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_mls_check_socket_relabel,
 	.mpo_check_socket_visible = mac_mls_check_socket_visible,
+	.mpo_check_system_acct = mac_mls_check_system_acct,
+	.mpo_check_system_auditctl = mac_mls_check_system_auditctl,
 	.mpo_check_system_swapon = mac_mls_check_system_swapon,
 	.mpo_check_vnode_access = mac_mls_check_vnode_open,
 	.mpo_check_vnode_chdir = mac_mls_check_vnode_chdir,

==== //depot/projects/trustedbsd/audit3/sys/security/mac_stub/mac_stub.c#8 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 McAfee, Inc.
  * Copyright (c) 2005 SPARTA, Inc.
  * All rights reserved.
@@ -920,6 +920,20 @@
 }
 
 static int
+stub_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+
+	return (0);
+}
+
+static int
+stub_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+
+	return (0);
+}
+
+static int
 stub_check_proc_setuid(struct ucred *cred, uid_t uid)
 {
 
@@ -1096,6 +1110,28 @@
 }
 
 static int
+stub_check_system_audit(struct ucred *cred, void *record, int length)
+{
+
+	return (0);
+}
+
+static int
+stub_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *vlabel)
+{
+
+	return (0);
+}
+
+static int
+stub_check_system_auditon(struct ucred *cred, int cmd)
+{
+
+	return (0);
+}
+
+static int
 stub_check_system_nfsd(struct ucred *cred)
 {
 
@@ -1117,7 +1153,7 @@
 }
 
 static int
-stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
+stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1125,7 +1161,7 @@
 }
 
 static int
-stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1576,6 +1612,8 @@
 	.mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
 	.mpo_check_proc_debug = stub_check_proc_debug,
 	.mpo_check_proc_sched = stub_check_proc_sched,
+	.mpo_check_proc_setaudit = stub_check_proc_setaudit,
+	.mpo_check_proc_setauid = stub_check_proc_setauid,
 	.mpo_check_proc_setuid = stub_check_proc_setuid,
 	.mpo_check_proc_seteuid = stub_check_proc_seteuid,
 	.mpo_check_proc_setgid = stub_check_proc_setgid,
@@ -1601,11 +1639,14 @@
 	.mpo_check_socket_visible = stub_check_socket_visible,
 	.mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
 	.mpo_check_system_acct = stub_check_system_acct,
+	.mpo_check_system_audit = stub_check_system_audit,
+	.mpo_check_system_auditctl = stub_check_system_auditctl,
+	.mpo_check_system_auditon = stub_check_system_auditon,
 	.mpo_check_system_nfsd = stub_check_system_nfsd,
 	.mpo_check_system_reboot = stub_check_system_reboot,
 	.mpo_check_system_settime = stub_check_system_settime,
+	.mpo_check_system_swapoff = stub_check_system_swapoff,
 	.mpo_check_system_swapon = stub_check_system_swapon,
-	.mpo_check_system_swapoff = stub_check_system_swapoff,
 	.mpo_check_system_sysctl = stub_check_system_sysctl,
 	.mpo_check_vnode_access = stub_check_vnode_access,
 	.mpo_check_vnode_chdir = stub_check_vnode_chdir,

==== //depot/projects/trustedbsd/audit3/sys/security/mac_test/mac_test.c#8 (text+ko) ====

@@ -1712,6 +1712,24 @@
 }
 
 static int
+mac_test_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
+static int
+mac_test_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
+static int
 mac_test_check_proc_setuid(struct ucred *cred, uid_t uid)
 {
 
@@ -1942,11 +1960,45 @@
 {
 
 	ASSERT_CRED_LABEL(cred->cr_label);
+	if (label != NULL) {
+		ASSERT_VNODE_LABEL(label);
+	}
+
+	return (0);
+}
+
+static int
+mac_test_check_system_audit(struct ucred *cred, void *record, int length)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
 
 	return (0);
 }
 
 static int
+mac_test_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+	if (label != NULL) {
+		ASSERT_VNODE_LABEL(label);
+	}
+
+	return (0);
+}
+
+static int
+mac_test_check_system_auditon(struct ucred *cred, int cmd)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
+static int
 mac_test_check_system_reboot(struct ucred *cred, int how)
 {
 
@@ -1965,7 +2017,7 @@
 }
 
 static int
-mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
+mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1976,7 +2028,7 @@
 }
 
 static int
-mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -2515,6 +2567,8 @@
 	.mpo_check_posix_sem_wait = mac_test_check_posix_sem,
 	.mpo_check_proc_debug = mac_test_check_proc_debug,
 	.mpo_check_proc_sched = mac_test_check_proc_sched,
+	.mpo_check_proc_setaudit = mac_test_check_proc_setaudit,
+	.mpo_check_proc_setauid = mac_test_check_proc_setauid,
 	.mpo_check_proc_setuid = mac_test_check_proc_setuid,
 	.mpo_check_proc_seteuid = mac_test_check_proc_seteuid,
 	.mpo_check_proc_setgid = mac_test_check_proc_setgid,
@@ -2539,10 +2593,13 @@
 	.mpo_check_socket_visible = mac_test_check_socket_visible,
 	.mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_test_check_system_acct,
+	.mpo_check_system_audit = mac_test_check_system_audit,
+	.mpo_check_system_auditctl = mac_test_check_system_auditctl,
+	.mpo_check_system_auditon = mac_test_check_system_auditon,
 	.mpo_check_system_reboot = mac_test_check_system_reboot,
 	.mpo_check_system_settime = mac_test_check_system_settime,
+	.mpo_check_system_swapoff = mac_test_check_system_swapoff,
 	.mpo_check_system_swapon = mac_test_check_system_swapon,
-	.mpo_check_system_swapoff = mac_test_check_system_swapoff,
 	.mpo_check_system_sysctl = mac_test_check_system_sysctl,
 	.mpo_check_vnode_access = mac_test_check_vnode_access,
 	.mpo_check_vnode_chdir = mac_test_check_vnode_chdir,