Date: Fri, 21 Apr 2006 18:30:45 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 95810 for review Message-ID: <200604211830.k3LIUjbt094790@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=95810 Change 95810 by millert@millert_g5tower on 2006/04/21 18:30:32 Remove a horrible policy hack and have mach_init use mac_execve() instead. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#9 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#9 (text+ko) ==== @@ -49,6 +49,7 @@ #import <sys/time.h> #import <sys/resource.h> #import <sys/wait.h> +#import <sys/mac.h> #import <pthread.h> #import <string.h> #import <ctype.h> @@ -825,8 +826,9 @@ static void exec_server(server_t *serverp) { - char **argv; + char **argv, *cp, textlabel[512]; sigset_t mask; + mac_t label; /* * Setup environment for server, someday this should be Mach stuff @@ -881,12 +883,19 @@ sigemptyset(&mask); (void) sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL); + if (mach_get_task_label_text(mach_task_self(), "sebsd", textlabel) == 0 + && (cp = rindex(textlabel, ':')) != NULL) { + *(cp + 1) = '\0'; + strlcat(textlabel, "mach_servers_d"); + if (mac_from_text(&label, textlabel) == 0) + mac_set_proc(label); + } execv(argv[0], argv); unix_fatal("Disabled server %x bootstrap %x: \"%s\": exec()", serverp->port, serverp->bootstrap->bootstrap_port, serverp->cmd); -} +} static char ** argvize(const char *string) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#9 (text+ko) ==== @@ -37,7 +37,7 @@ install: $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 ${POLICY} ${DESTDIR} $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR} - $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin + $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin/contexts $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin (cd $(CURDIR)/.. && tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/ && tar -xf -) (cd $(FLASK)/.. && tar -cf - flask) | (cd $(DESTDIR)/private/etc/sedarwin/policy && tar -xf -) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#6 (text+ko) ==== @@ -310,63 +310,6 @@ ################################# # -# domain_exec_trans(parent_domain, child_domain) -# -# Permissions for transitioning to a new domain. -# - -define(`domain_exec_trans',` - -# -# Allow the process to transition to the new domain. -# -allow $1 $2:process transition; - -# -# Do not audit when glibc secure mode is enabled upon the transition. -# -dontaudit $1 $2:process noatsecure; - -# -# Allow the process to execute the program. -# -allow $1 *:file { read x_file_perms }; - -# -# Allow the process to reap the new domain. -# -allow $2 $1:process sigchld; - -# -# Allow the new domain to inherit and use file -# descriptions from the creating process and vice versa. -# -allow $2 $1:fd use; -allow $1 $2:fd use; - -# -# Allow the new domain to write back to the old domain via a pipe. -# -allow $2 $1:fifo_file rw_file_perms; - -# -# Allow the new domain to read and execute the program. -# -allow $2 *:file rx_file_perms; - -# -# Allow the new domain to be entered via the program. -# -allow $2 *:file entrypoint; - -# -# Make the transition -# -type_transition $1 *:process $2; -') - -################################# -# # domain_auto_trans(parent_domain, program_type, child_domain) # # Define a default domain transition and allow it. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#9 (text+ko) ==== @@ -131,15 +131,14 @@ #allow init_d { bin_t shell_exec_t file_t }:dir_file_class_set rw_file_perms; #allow init_d bin_t:file execute_no_trans; -# Things executed by mach_init transition to mach_servers_d -# XXX - awful hack -domain_exec_trans(mach_init_d,mach_servers_d); - # Transition from init_d -> mach_init_d when mach_init starts # and then back to init_d when BSD init is exec'd domain_auto_trans(init_d,mach_init_exec_t,mach_init_d); domain_auto_trans(mach_init_d,init_exec_t,init_d); +# mach_init_d does its own transition to mach_servers_d +allow mach_init_d mach_servers_d:process transition; + # User transitions for login and sshd domain_auto_trans(init_d,login_exec_t,login_d); domain_auto_trans(user_d,login_exec_t,login_d); @@ -194,11 +193,17 @@ allow user_d security_t:security *; # Transitions for mach servers started by mach_init -domain_auto_trans(mach_init_d,windowserver_exec_t,windowserver_d); -domain_auto_trans(mach_init_d,lookupd_exec_t,lookupd_d); -domain_auto_trans(mach_init_d,notifyd_exec_t,notifyd_d); -domain_auto_trans(mach_init_d,diskarbitrationd_exec_t,diskarbitrationd_d); -domain_auto_trans(mach_init_d,configd_exec_t,configd_d); +allow mach_servers_d file_t:file entrypoint; +domain_auto_trans(mach_servers_d,windowserver_exec_t,windowserver_d); +allow mach_servers_d windowserver_exec_t:file entrypoint; +domain_auto_trans(mach_servers_d,lookupd_exec_t,lookupd_d); +allow mach_servers_d lookupd_exec_t:file entrypoint; +domain_auto_trans(mach_servers_d,notifyd_exec_t,notifyd_d); +allow mach_servers_d notifyd_exec_t:file entrypoint; +domain_auto_trans(mach_servers_d,diskarbitrationd_exec_t,diskarbitrationd_d); +allow mach_servers_d diskarbitrationd_exec_t:file entrypoint; +domain_auto_trans(mach_servers_d,configd_exec_t,configd_d); +allow mach_servers_d configd_exec_t:file entrypoint; # Transitions for things started by BSD init domain_auto_trans(init_d,systemstarter_exec_t,systemstarter_d);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604211830.k3LIUjbt094790>