From owner-p4-projects Mon Jan 13 12:10:25 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id DB8A437B405; Mon, 13 Jan 2003 12:10:22 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E62537B401 for ; Mon, 13 Jan 2003 12:10:22 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14D2F43ED8 for ; Mon, 13 Jan 2003 12:10:22 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0DKALfh018650 for ; Mon, 13 Jan 2003 12:10:21 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0DKAL95018634 for perforce@freebsd.org; Mon, 13 Jan 2003 12:10:21 -0800 (PST) Date: Mon, 13 Jan 2003 12:10:21 -0800 (PST) Message-Id: <200301132010.h0DKAL95018634@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 23690 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=23690 Change 23690 by green@green_laptop_2 on 2003/01/13 12:09:28 Add basic SEBSD entry points to implement a basic "KLD capability". Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#66 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#66 (text+ko) ==== @@ -1488,6 +1488,54 @@ *(struct vnode_security_struct *)SLOT(src); } +/* + * Check for permission to load KLDs, given by the overly-broad + * capability:sys_module. + */ +static int +sebsd_check_kld_load(struct ucred *cred, struct vnode *vp, + struct label *vlabel) +{ + struct task_security_struct *tsec; + + tsec = SLOT(&cred->cr_label); + /* + * The vnode doesn't need to be checked here, since the read + * operations inside the kldload(2) implementation are + * individually checked against the same thread credentials. + */ + return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, + CAPABILITY__SYS_MODULE, NULL)); +} + +/* + * Check for permission to query KLDs, given by the overly-broad + * capability:sys_module. + */ +static int +sebsd_check_kld_stat(struct ucred *cred) +{ + struct task_security_struct *tsec; + + tsec = SLOT(&cred->cr_label); + return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, + CAPABILITY__SYS_MODULE, NULL)); +} + +/* + * Check for permission to unload KLDs, given by the overly-broad + * capability:sys_module. + */ +static int +sebsd_check_kld_unload(struct ucred *cred) +{ + struct task_security_struct *tsec; + + tsec = SLOT(&cred->cr_label); + return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, + CAPABILITY__SYS_MODULE, NULL)); +} + static struct mac_policy_ops sebsd_ops = { /* Init Labels */ .mpo_init = sebsd_init, @@ -1530,6 +1578,9 @@ /* Check Labels */ .mpo_check_cred_relabel = sebsd_check_cred_relabel, + .mpo_check_kld_stat = sebsd_check_kld_stat, + .mpo_check_kld_load = sebsd_check_kld_load, + .mpo_check_kld_unload = sebsd_check_kld_unload, .mpo_check_mount_stat = sebsd_check_mount_stat, .mpo_check_proc_signal = sebsd_check_proc_signal, .mpo_check_system_swapon = sebsd_check_system_swapon, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message