From owner-p4-projects Thu Aug 22 13:24:53 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1C0E737B400; Thu, 22 Aug 2002 13:24:17 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0EDF37B401 for ; Thu, 22 Aug 2002 13:24:16 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B0E043EB2 for ; Thu, 22 Aug 2002 13:24:11 -0700 (PDT) (envelope-from green@freebsd.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7MKOAJU050842 for ; Thu, 22 Aug 2002 13:24:10 -0700 (PDT) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7MKOAdb050839 for perforce@freebsd.org; Thu, 22 Aug 2002 13:24:10 -0700 (PDT) Date: Thu, 22 Aug 2002 13:24:10 -0700 (PDT) Message-Id: <200208222024.g7MKOAdb050839@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 16433 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16433 Change 16433 by green@green_laptop_2 on 2002/08/22 13:23:29 Here's a first pass at implementing Lomac in the TrustedBSD framework. Well, it does some things, and doesn't crash... ;) Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#18 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_fork.c#17 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#256 edit .. //depot/projects/trustedbsd/mac/sys/kern/subr_trap.c#11 edit .. //depot/projects/trustedbsd/mac/sys/modules/Makefile#30 edit .. //depot/projects/trustedbsd/mac/sys/modules/mac_lomac/Makefile#1 add .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#1 add .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#1 add .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#40 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#157 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#121 edit .. //depot/projects/trustedbsd/mac/sys/sys/proc.h#20 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#18 (text+ko) ==== @@ -41,6 +41,7 @@ #include "opt_compat.h" #include "opt_ktrace.h" +#include "opt_mac.h" #include #include @@ -61,6 +62,7 @@ #include #include /* for acct_process() function prototype */ #include +#include #include #include #include @@ -745,6 +747,9 @@ */ vm_waitproc(p); mtx_destroy(&p->p_mtx); +#ifdef MAC + mac_destroy_proc(p); +#endif uma_zfree(proc_zone, p); sx_xlock(&allproc_lock); nprocs--; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_fork.c#17 (text+ko) ==== @@ -40,6 +40,7 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include #include @@ -56,6 +57,7 @@ #include #include #include +#include #include #include #include @@ -306,6 +308,9 @@ /* Allocate new proc. */ newproc = uma_zalloc(proc_zone, M_WAITOK); +#ifdef MAC + mac_init_proc(newproc); +#endif /* * Although process entries are dynamically created, we still keep ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#256 (text+ko) ==== @@ -185,6 +185,8 @@ &nmacsockets, 0, "number of sockets in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, pipes, CTLFLAG_RD, &nmacpipes, 0, "number of pipes in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, procs, CTLFLAG_RD, + &nmacprocs, 0, "number of procs in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD, &nmacmounts, 0, "number of mounts in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD, @@ -200,7 +202,7 @@ static int mac_policy_unregister(struct mac_policy_conf *mpc); static int mac_stdcreatevnode_ea(struct vnode *vp); -static void mac_cred_mmapped_drop_perms(struct thread *td, +void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, struct vm_map *map); @@ -416,6 +418,10 @@ mpc->mpc_ops->mpo_init_pipe = mpe->mpe_function; break; + case MAC_INIT_PROC: + mpc->mpc_ops->mpo_init_proc = + mpe->mpe_function; + break; case MAC_INIT_SOCKET: mpc->mpc_ops->mpo_init_socket = mpe->mpe_function; @@ -460,6 +466,10 @@ mpc->mpc_ops->mpo_destroy_pipe = mpe->mpe_function; break; + case MAC_DESTROY_PROC: + mpc->mpc_ops->mpo_destroy_proc = + mpe->mpe_function; + break; case MAC_DESTROY_SOCKET: mpc->mpc_ops->mpo_destroy_socket = mpe->mpe_function; @@ -842,6 +852,10 @@ mpc->mpc_ops->mpo_check_vnode_write = mpe->mpe_function; break; + case MAC_PRE_SYSCALL_RETURN: + mpc->mpc_ops->mpo_pre_syscall_return = + mpe->mpe_function; + break; /* default: printf("MAC policy `%s': unknown operation %d\n", @@ -1133,6 +1147,28 @@ } void +mac_init_proc(struct proc *p) +{ + + mac_init_label(&p->p_label); + MAC_PERFORM(init_proc, p, &p->p_label); +#ifdef MAC_DEBUG + atomic_add_int(&nmacprocs, 1); +#endif +} + +void +mac_destroy_proc(struct proc *p) +{ + + MAC_PERFORM(destroy_proc, p, &p->p_label); + mac_destroy_label(&p->p_label); +#ifdef MAC_DEBUG + atomic_subtract_int(&nmacprocs, 1); +#endif +} + +void mac_init_bpfdesc(struct bpf_d *bpf_d) { @@ -2129,7 +2165,7 @@ * memory space, and revoke access (in the least surprising ways we * know) when necessary. The process lock is not held here. */ -static void +void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) { @@ -2892,6 +2928,13 @@ return (mac_externalize(&so->so_label, extmac)); } +void +mac_pre_syscall_return(void) +{ + + MAC_PERFORM(pre_syscall_return); +} + int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so, struct mac *extmac) ==== //depot/projects/trustedbsd/mac/sys/kern/subr_trap.c#11 (text+ko) ==== @@ -38,6 +38,7 @@ * $FreeBSD: src/sys/kern/subr_trap.c,v 1.221 2002/07/11 02:18:33 mini Exp $ */ +#include "opt_mac.h" #ifdef __i386__ #include "opt_npx.h" #endif @@ -48,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -88,6 +90,9 @@ mtx_unlock(&Giant); #endif +#ifdef MAC + mac_pre_syscall_return(); +#endif /* * XXX we cheat slightly on the locking here to avoid locking in * the usual case. Setting td_priority here is essentially an ==== //depot/projects/trustedbsd/mac/sys/modules/Makefile#30 (text+ko) ==== @@ -51,6 +51,7 @@ mac_biba \ mac_bsdextended \ mac_ifoff \ + mac_lomac \ mac_mls \ mac_none \ mac_partition \ ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#40 (text+ko) ==== @@ -87,6 +87,7 @@ #define MOUNTMAGIC 0xc7c46e47 #define SOCKETMAGIC 0x9199c6cd #define PIPEMAGIC 0xdc6c9919 +#define PROCMAGIC 0x3b4be98f #define CREDMAGIC 0x9a5a4987 #define TEMPMAGIC 0x70336678 #define VNODEMAGIC 0x1a67a45c @@ -124,6 +125,9 @@ static int init_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, &init_count_pipe, 0, "pipe init calls"); +static int init_count_proc; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD, + &init_count_proc, 0, "pipe init calls"); static int init_count_temp; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD, &init_count_temp, 0, "temp init calls"); @@ -158,6 +162,9 @@ static int destroy_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, &destroy_count_pipe, 0, "pipe destroy calls"); +static int destroy_count_proc; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD, + &destroy_count_proc, 0, "pipe destroy calls"); static int destroy_count_temp; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_temp, CTLFLAG_RD, &destroy_count_temp, 0, "temp destroy calls"); @@ -276,6 +283,14 @@ } static void +mac_test_init_proc(struct proc *p, struct label *label) +{ + + SLOT(label) = PROCMAGIC; + atomic_add_int(&init_count_proc, 1); +} + +static void mac_test_init_temp(struct label *label) { @@ -424,6 +439,20 @@ } static void +mac_test_destroy_proc(struct proc *p, struct label *label) +{ + + if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) { + atomic_add_int(&destroy_count_proc, 1); + SLOT(label) = EXMAGIC; + } else if (SLOT(label) == EXMAGIC) { + Debugger("mac_test_destroy_proc: dup destroy"); + } else { + Debugger("mac_test_destroy_proc: corrupted label"); + } +} + +static void mac_test_destroy_temp(struct label *label) { @@ -1167,6 +1196,8 @@ (macop_t)mac_test_init_mount }, { MAC_INIT_PIPE, (macop_t)mac_test_init_pipe }, + { MAC_INIT_PROC, + (macop_t)mac_test_init_proc }, { MAC_INIT_SOCKET, (macop_t)mac_test_init_socket }, { MAC_INIT_TEMP, @@ -1189,6 +1220,8 @@ (macop_t)mac_test_destroy_mount }, { MAC_DESTROY_PIPE, (macop_t)mac_test_destroy_pipe }, + { MAC_DESTROY_PROC, + (macop_t)mac_test_destroy_proc }, { MAC_DESTROY_SOCKET, (macop_t)mac_test_destroy_socket }, { MAC_DESTROY_TEMP, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#157 (text+ko) ==== @@ -230,6 +230,7 @@ void mac_init_pipe(struct pipe *); int mac_init_mbuf(struct mbuf *m, int how); void mac_init_mount(struct mount *); +void mac_init_proc(struct proc *); void mac_init_vnode(struct vnode *); void mac_destroy_bpfdesc(struct bpf_d *); void mac_destroy_cred(struct ucred *); @@ -238,6 +239,7 @@ void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipe *); +void mac_destroy_proc(struct proc *); void mac_destroy_mbuf(struct mbuf *); void mac_destroy_mount(struct mount *); void mac_destroy_vnode(struct vnode *); @@ -300,6 +302,7 @@ int mac_execve_will_transition(struct ucred *old, struct vnode *vp); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); +void mac_pre_syscall_return(void); /* Access control checks. */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); @@ -384,6 +387,7 @@ struct mac *extmac); int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label); +void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); /* * Calls to help various file systems implement labeling functionality ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#121 (text+ko) ==== @@ -81,6 +81,7 @@ int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label); void (*mpo_init_mount)(struct mount *, struct label *mntlabel, struct label *fslabel); + void (*mpo_init_proc)(struct proc *p, struct label *label); void (*mpo_init_socket)(struct socket *so, struct label *label, struct label *peerlabel); void (*mpo_init_pipe)(struct pipe *pipe, struct label *label); @@ -95,6 +96,7 @@ void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label); void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel, struct label *fslabel); + void (*mpo_destroy_proc)(struct proc *p, struct label *label); void (*mpo_destroy_socket)(struct socket *so, struct label *label, struct label *peerlabel); void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label); @@ -347,6 +349,7 @@ int (*mpo_check_vnode_write)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); + void (*mpo_pre_syscall_return)(void); }; typedef const void *macop_t; @@ -364,6 +367,7 @@ MAC_INIT_MBUF, MAC_INIT_MOUNT, MAC_INIT_PIPE, + MAC_INIT_PROC, MAC_INIT_SOCKET, MAC_INIT_TEMP, MAC_INIT_VNODE, @@ -375,6 +379,7 @@ MAC_DESTROY_MBUF, MAC_DESTROY_MOUNT, MAC_DESTROY_PIPE, + MAC_DESTROY_PROC, MAC_DESTROY_SOCKET, MAC_DESTROY_TEMP, MAC_DESTROY_VNODE, @@ -471,6 +476,7 @@ MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, MAC_CHECK_VNODE_WRITE, + MAC_PRE_SYSCALL_RETURN, }; struct mac_policy_op_entry { ==== //depot/projects/trustedbsd/mac/sys/sys/proc.h#20 (text+ko) ==== @@ -50,6 +50,7 @@ #include /* XXX */ #include #include +#include #ifndef _KERNEL #include /* For structs itimerval, timeval. */ #else @@ -537,6 +538,7 @@ struct proc *p_peers; /* (c) */ struct proc *p_leader; /* (b) */ void *p_emuldata; /* (c) Emulator state data. */ + struct label p_label; /* process (not subject) MAC label */ }; #define p_rlimit p_limit->pl_rlimit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message