Date: Sat, 10 Jan 2009 10:58:41 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r187016 - in head/sys/security: mac mac_biba mac_bsdextended mac_ifoff mac_lomac mac_mls mac_none mac_partition mac_portacl mac_seeotheruids mac_stub mac_test Message-ID: <200901101058.n0AAwfVB095558@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Sat Jan 10 10:58:41 2009 New Revision: 187016 URL: http://svn.freebsd.org/changeset/base/187016 Log: Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine <nectar at apple.com> Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Modified: head/sys/security/mac/mac_framework.c head/sys/security/mac/mac_internal.h head/sys/security/mac/mac_policy.h head/sys/security/mac_biba/mac_biba.c head/sys/security/mac_bsdextended/mac_bsdextended.c head/sys/security/mac_ifoff/mac_ifoff.c head/sys/security/mac_lomac/mac_lomac.c head/sys/security/mac_mls/mac_mls.c head/sys/security/mac_none/mac_none.c head/sys/security/mac_partition/mac_partition.c head/sys/security/mac_portacl/mac_portacl.c head/sys/security/mac_seeotheruids/mac_seeotheruids.c head/sys/security/mac_stub/mac_stub.c head/sys/security/mac_test/mac_test.c Modified: head/sys/security/mac/mac_framework.c ============================================================================== --- head/sys/security/mac/mac_framework.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac/mac_framework.c Sat Jan 10 10:58:41 2009 (r187016) @@ -3,7 +3,7 @@ * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005-2006 SPARTA, Inc. - * Copyright (c) 2008 Apple Inc. + * Copyright (c) 2008-2009 Apple Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -329,10 +329,48 @@ mac_late_init(void) } /* - * After the policy list has changed, walk the list to update any global - * flags. Currently, we support only one flag, and it's conditionally - * defined; as a result, the entire function is conditional. Eventually, the - * #else case might also iterate across the policies. + * Given a policy, derive from its set of non-NULL label init methods what + * object types the policy is interested in. + */ +static uint64_t +mac_policy_getlabeled(struct mac_policy_conf *mpc) +{ + uint64_t labeled; + +#define MPC_FLAG(method, flag) \ + if (mpc->mpc_ops->mpo_ ## method != NULL) \ + labeled |= (flag); \ + + labeled = 0; + MPC_FLAG(cred_init_label, MPC_OBJECT_CRED); + MPC_FLAG(proc_init_label, MPC_OBJECT_PROC); + MPC_FLAG(vnode_init_label, MPC_OBJECT_VNODE); + MPC_FLAG(inpcb_init_label, MPC_OBJECT_INPCB); + MPC_FLAG(socket_init_label, MPC_OBJECT_SOCKET); + MPC_FLAG(devfs_init_label, MPC_OBJECT_DEVFS); + MPC_FLAG(mbuf_init_label, MPC_OBJECT_MBUF); + MPC_FLAG(ipq_init_label, MPC_OBJECT_IPQ); + MPC_FLAG(ifnet_init_label, MPC_OBJECT_IFNET); + MPC_FLAG(bpfdesc_init_label, MPC_OBJECT_BPFDESC); + MPC_FLAG(pipe_init_label, MPC_OBJECT_PIPE); + MPC_FLAG(mount_init_label, MPC_OBJECT_MOUNT); + MPC_FLAG(posixsem_init_label, MPC_OBJECT_POSIXSEM); + MPC_FLAG(posixshm_init_label, MPC_OBJECT_POSIXSHM); + MPC_FLAG(sysvmsg_init_label, MPC_OBJECT_SYSVMSG); + MPC_FLAG(sysvmsq_init_label, MPC_OBJECT_SYSVMSQ); + MPC_FLAG(sysvsem_init_label, MPC_OBJECT_SYSVSEM); + MPC_FLAG(sysvshm_init_label, MPC_OBJECT_SYSVSHM); + MPC_FLAG(syncache_init_label, MPC_OBJECT_SYNCACHE); + MPC_FLAG(ip6q_init_label, MPC_OBJECT_IP6Q); + +#undef MPC_FLAG + return (labeled); +} + +/* + * When policies are loaded or unloaded, walk the list of registered policies + * and built mac_labeled, a bitmask representing the union of all objects + * requiring labels across all policies. */ static void mac_policy_updateflags(void) @@ -343,9 +381,9 @@ mac_policy_updateflags(void) mac_labeled = 0; LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) - mac_labeled |= mpc->mpc_labeled; + mac_labeled |= mac_policy_getlabeled(mpc); LIST_FOREACH(mpc, &mac_policy_list, mpc_list) - mac_labeled |= mpc->mpc_labeled; + mac_labeled |= mac_policy_getlabeled(mpc); } static int Modified: head/sys/security/mac/mac_internal.h ============================================================================== --- head/sys/security/mac/mac_internal.h Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac/mac_internal.h Sat Jan 10 10:58:41 2009 (r187016) @@ -4,6 +4,7 @@ * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * Copyright (c) 2006 nCircle Network Security, Inc. * Copyright (c) 2006 SPARTA, Inc. + * Copyright (c) 2009 Apple, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -83,6 +84,34 @@ struct label { intptr_t l_perpolicy[MAC_MAX_SLOTS]; }; + +/* + * Flags for mac_labeled, a bitmask of object types need across the union of + * all policies currently registered with the MAC Framework, used to key + * whether or not labels are allocated and constructors for the type are + * invoked. + */ +#define MPC_OBJECT_CRED 0x0000000000000001 +#define MPC_OBJECT_PROC 0x0000000000000002 +#define MPC_OBJECT_VNODE 0x0000000000000004 +#define MPC_OBJECT_INPCB 0x0000000000000008 +#define MPC_OBJECT_SOCKET 0x0000000000000010 +#define MPC_OBJECT_DEVFS 0x0000000000000020 +#define MPC_OBJECT_MBUF 0x0000000000000040 +#define MPC_OBJECT_IPQ 0x0000000000000080 +#define MPC_OBJECT_IFNET 0x0000000000000100 +#define MPC_OBJECT_BPFDESC 0x0000000000000200 +#define MPC_OBJECT_PIPE 0x0000000000000400 +#define MPC_OBJECT_MOUNT 0x0000000000000800 +#define MPC_OBJECT_POSIXSEM 0x0000000000001000 +#define MPC_OBJECT_POSIXSHM 0x0000000000002000 +#define MPC_OBJECT_SYSVMSG 0x0000000000004000 +#define MPC_OBJECT_SYSVMSQ 0x0000000000008000 +#define MPC_OBJECT_SYSVSEM 0x0000000000010000 +#define MPC_OBJECT_SYSVSHM 0x0000000000020000 +#define MPC_OBJECT_SYNCACHE 0x0000000000040000 +#define MPC_OBJECT_IP6Q 0x0000000000080000 + /* * MAC Framework global variables. */ Modified: head/sys/security/mac/mac_policy.h ============================================================================== --- head/sys/security/mac/mac_policy.h Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac/mac_policy.h Sat Jan 10 10:58:41 2009 (r187016) @@ -956,9 +956,9 @@ struct mac_policy_conf { int *mpc_field_off; /* security field */ int mpc_runtime_flags; /* flags */ int _mpc_spare1; /* Spare. */ - uint64_t mpc_labeled; /* Labeled objects. */ uint64_t _mpc_spare2; /* Spare. */ - void *_mpc_spare3; /* Spare. */ + uint64_t _mpc_spare3; /* Spare. */ + void *_mpc_spare4; /* Spare. */ LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */ }; @@ -969,31 +969,6 @@ struct mac_policy_conf { /* Flags for the mpc_runtime_flags field. */ #define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 -/* - * Flags for mpc_labeled declaring which objects should have labels allocated - * for them by the MAC Framework. - */ -#define MPC_OBJECT_CRED 0x0000000000000001 -#define MPC_OBJECT_PROC 0x0000000000000002 -#define MPC_OBJECT_VNODE 0x0000000000000004 -#define MPC_OBJECT_INPCB 0x0000000000000008 -#define MPC_OBJECT_SOCKET 0x0000000000000010 -#define MPC_OBJECT_DEVFS 0x0000000000000020 -#define MPC_OBJECT_MBUF 0x0000000000000040 -#define MPC_OBJECT_IPQ 0x0000000000000080 -#define MPC_OBJECT_IFNET 0x0000000000000100 -#define MPC_OBJECT_BPFDESC 0x0000000000000200 -#define MPC_OBJECT_PIPE 0x0000000000000400 -#define MPC_OBJECT_MOUNT 0x0000000000000800 -#define MPC_OBJECT_POSIXSEM 0x0000000000001000 -#define MPC_OBJECT_POSIXSHM 0x0000000000002000 -#define MPC_OBJECT_SYSVMSG 0x0000000000004000 -#define MPC_OBJECT_SYSVMSQ 0x0000000000008000 -#define MPC_OBJECT_SYSVSEM 0x0000000000010000 -#define MPC_OBJECT_SYSVSHM 0x0000000000020000 -#define MPC_OBJECT_SYNCACHE 0x0000000000040000 -#define MPC_OBJECT_IP6Q 0x0000000000080000 - /*- * The TrustedBSD MAC Framework has a major version number, MAC_VERSION, * which defines the ABI of the Framework present in the kernel (and depended @@ -1009,15 +984,13 @@ struct mac_policy_conf { */ #define MAC_VERSION 4 -#define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted, \ - labeled) \ +#define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \ static struct mac_policy_conf mpname##_mac_policy_conf = { \ .mpc_name = #mpname, \ .mpc_fullname = mpfullname, \ .mpc_ops = mpops, \ .mpc_loadtime_flags = mpflags, \ .mpc_field_off = privdata_wanted, \ - .mpc_labeled = labeled, \ }; \ static moduledata_t mpname##_mod = { \ #mpname, \ Modified: head/sys/security/mac_biba/mac_biba.c ============================================================================== --- head/sys/security/mac_biba/mac_biba.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_biba/mac_biba.c Sat Jan 10 10:58:41 2009 (r187016) @@ -3545,26 +3545,5 @@ static struct mac_policy_ops mac_biba_op .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, }; -#define BIBA_OBJECTS (MPC_OBJECT_CRED | \ - /* MPC_OBJECT_PROC | */ \ - MPC_OBJECT_VNODE | \ - MPC_OBJECT_INPCB | \ - MPC_OBJECT_SOCKET | \ - MPC_OBJECT_DEVFS | \ - MPC_OBJECT_MBUF | \ - MPC_OBJECT_IPQ | \ - MPC_OBJECT_IP6Q | \ - MPC_OBJECT_IFNET | \ - MPC_OBJECT_BPFDESC | \ - MPC_OBJECT_PIPE | \ - MPC_OBJECT_MOUNT | \ - MPC_OBJECT_POSIXSEM | \ - /* MPC_OBJECT_POSIXSHM | */ \ - MPC_OBJECT_SYSVMSG | \ - MPC_OBJECT_SYSVMSQ | \ - MPC_OBJECT_SYSVSEM | \ - MPC_OBJECT_SYSVSHM | \ - MPC_OBJECT_SYNCACHE) - MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", - MPC_LOADTIME_FLAG_NOTLATE, &biba_slot, BIBA_OBJECTS); + MPC_LOADTIME_FLAG_NOTLATE, &biba_slot); Modified: head/sys/security/mac_bsdextended/mac_bsdextended.c ============================================================================== --- head/sys/security/mac_bsdextended/mac_bsdextended.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_bsdextended/mac_bsdextended.c Sat Jan 10 10:58:41 2009 (r187016) @@ -523,4 +523,4 @@ static struct mac_policy_ops ugidfw_ops }; MAC_POLICY_SET(&ugidfw_ops, mac_bsdextended, "TrustedBSD MAC/BSD Extended", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_ifoff/mac_ifoff.c ============================================================================== --- head/sys/security/mac_ifoff/mac_ifoff.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_ifoff/mac_ifoff.c Sat Jan 10 10:58:41 2009 (r187016) @@ -170,4 +170,4 @@ static struct mac_policy_ops ifoff_ops = }; MAC_POLICY_SET(&ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_lomac/mac_lomac.c ============================================================================== --- head/sys/security/mac_lomac/mac_lomac.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_lomac/mac_lomac.c Sat Jan 10 10:58:41 2009 (r187016) @@ -3052,26 +3052,5 @@ static struct mac_policy_ops lomac_ops = .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, }; -#define LOMAC_OBJECTS (MPC_OBJECT_CRED | \ - /* MPC_OBJECT_PROC | */ \ - MPC_OBJECT_VNODE | \ - MPC_OBJECT_INPCB | \ - MPC_OBJECT_SOCKET | \ - MPC_OBJECT_DEVFS | \ - MPC_OBJECT_MBUF | \ - MPC_OBJECT_IPQ | \ - MPC_OBJECT_IP6Q | \ - MPC_OBJECT_IFNET | \ - MPC_OBJECT_BPFDESC | \ - MPC_OBJECT_PIPE | \ - MPC_OBJECT_MOUNT | \ - /* MPC_OBJECT_POSIXSEM | */ \ - /* MPC_OBJECT_POSIXSHM | */ \ - /* MPC_OBJECT_SYSVMSG | */ \ - /* MPC_OBJECT_SYSVMSQ | */ \ - /* MPC_OBJECT_SYSVSEM | */ \ - /* MPC_OBJECT_SYSVSHM | */ \ - MPC_OBJECT_SYNCACHE) - MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC", - MPC_LOADTIME_FLAG_NOTLATE, &lomac_slot, LOMAC_OBJECTS); + MPC_LOADTIME_FLAG_NOTLATE, &lomac_slot); Modified: head/sys/security/mac_mls/mac_mls.c ============================================================================== --- head/sys/security/mac_mls/mac_mls.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_mls/mac_mls.c Sat Jan 10 10:58:41 2009 (r187016) @@ -3162,26 +3162,5 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, }; -#define MLS_OBJECTS (MPC_OBJECT_CRED | \ - /* MPC_OBJECT_PROC | */ \ - MPC_OBJECT_VNODE | \ - MPC_OBJECT_INPCB | \ - MPC_OBJECT_SOCKET | \ - MPC_OBJECT_DEVFS | \ - MPC_OBJECT_MBUF | \ - MPC_OBJECT_IPQ | \ - MPC_OBJECT_IP6Q | \ - MPC_OBJECT_IFNET | \ - MPC_OBJECT_BPFDESC | \ - MPC_OBJECT_PIPE | \ - MPC_OBJECT_MOUNT | \ - MPC_OBJECT_POSIXSEM | \ - /* MPC_OBJECT_POSIXSHM | */ \ - MPC_OBJECT_SYSVMSG | \ - MPC_OBJECT_SYSVMSQ | \ - MPC_OBJECT_SYSVSEM | \ - MPC_OBJECT_SYSVSHM | \ - MPC_OBJECT_SYNCACHE) - MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", - MPC_LOADTIME_FLAG_NOTLATE, &mls_slot, MLS_OBJECTS); + MPC_LOADTIME_FLAG_NOTLATE, &mls_slot); Modified: head/sys/security/mac_none/mac_none.c ============================================================================== --- head/sys/security/mac_none/mac_none.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_none/mac_none.c Sat Jan 10 10:58:41 2009 (r187016) @@ -53,4 +53,4 @@ static struct mac_policy_ops none_ops = }; MAC_POLICY_SET(&none_ops, mac_none, "TrustedBSD MAC/None", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_partition/mac_partition.c ============================================================================== --- head/sys/security/mac_partition/mac_partition.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_partition/mac_partition.c Sat Jan 10 10:58:41 2009 (r187016) @@ -316,4 +316,4 @@ static struct mac_policy_ops partition_o }; MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", - MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot, MPC_OBJECT_CRED); + MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); Modified: head/sys/security/mac_portacl/mac_portacl.c ============================================================================== --- head/sys/security/mac_portacl/mac_portacl.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_portacl/mac_portacl.c Sat Jan 10 10:58:41 2009 (r187016) @@ -490,4 +490,4 @@ static struct mac_policy_ops portacl_ops }; MAC_POLICY_SET(&portacl_ops, mac_portacl, "TrustedBSD MAC/portacl", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_seeotheruids/mac_seeotheruids.c ============================================================================== --- head/sys/security/mac_seeotheruids/mac_seeotheruids.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_seeotheruids/mac_seeotheruids.c Sat Jan 10 10:58:41 2009 (r187016) @@ -186,4 +186,4 @@ static struct mac_policy_ops seeotheruid }; MAC_POLICY_SET(&seeotheruids_ops, mac_seeotheruids, - "TrustedBSD MAC/seeotheruids", MPC_LOADTIME_FLAG_UNLOADOK, NULL, 0); + "TrustedBSD MAC/seeotheruids", MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_stub/mac_stub.c ============================================================================== --- head/sys/security/mac_stub/mac_stub.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_stub/mac_stub.c Sat Jan 10 10:58:41 2009 (r187016) @@ -1800,26 +1800,5 @@ static struct mac_policy_ops stub_ops = .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, }; -#define STUB_OBJECTS (MPC_OBJECT_CRED | \ - /* XXX: MPC_OBJECT_PROC | */ \ - MPC_OBJECT_VNODE | \ - MPC_OBJECT_INPCB | \ - MPC_OBJECT_SOCKET | \ - MPC_OBJECT_DEVFS | \ - MPC_OBJECT_MBUF | \ - MPC_OBJECT_IPQ | \ - MPC_OBJECT_IP6Q | \ - MPC_OBJECT_IFNET | \ - MPC_OBJECT_BPFDESC | \ - MPC_OBJECT_PIPE | \ - MPC_OBJECT_MOUNT | \ - MPC_OBJECT_POSIXSEM | \ - MPC_OBJECT_POSIXSHM | \ - MPC_OBJECT_SYSVMSG | \ - MPC_OBJECT_SYSVMSQ | \ - MPC_OBJECT_SYSVSEM | \ - MPC_OBJECT_SYSVSHM | \ - MPC_OBJECT_SYNCACHE) - MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", - MPC_LOADTIME_FLAG_UNLOADOK, NULL, STUB_OBJECTS); + MPC_LOADTIME_FLAG_UNLOADOK, NULL); Modified: head/sys/security/mac_test/mac_test.c ============================================================================== --- head/sys/security/mac_test/mac_test.c Sat Jan 10 10:25:25 2009 (r187015) +++ head/sys/security/mac_test/mac_test.c Sat Jan 10 10:58:41 2009 (r187016) @@ -3139,26 +3139,5 @@ static struct mac_policy_ops test_ops = .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, }; -#define TEST_OBJECTS (MPC_OBJECT_CRED | \ - MPC_OBJECT_PROC | \ - MPC_OBJECT_VNODE | \ - MPC_OBJECT_INPCB | \ - MPC_OBJECT_SOCKET | \ - MPC_OBJECT_DEVFS | \ - MPC_OBJECT_MBUF | \ - MPC_OBJECT_IPQ | \ - MPC_OBJECT_IP6Q | \ - MPC_OBJECT_IFNET | \ - MPC_OBJECT_BPFDESC | \ - MPC_OBJECT_PIPE | \ - MPC_OBJECT_MOUNT | \ - MPC_OBJECT_POSIXSEM | \ - MPC_OBJECT_POSIXSHM | \ - MPC_OBJECT_SYSVMSG | \ - MPC_OBJECT_SYSVMSQ | \ - MPC_OBJECT_SYSVSEM | \ - MPC_OBJECT_SYSVSHM | \ - MPC_OBJECT_SYNCACHE) - MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", - MPC_LOADTIME_FLAG_UNLOADOK, &test_slot, TEST_OBJECTS); + MPC_LOADTIME_FLAG_UNLOADOK, &test_slot);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901101058.n0AAwfVB095558>