From owner-p4-projects Wed Oct 2 20:16:36 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6DFB137B406; Wed, 2 Oct 2002 20:16:26 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 157FB37B404 for ; Wed, 2 Oct 2002 20:16:26 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A532343E77 for ; Wed, 2 Oct 2002 20:16:25 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g933GPCo088923 for ; Wed, 2 Oct 2002 20:16:25 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g933GPXn088913 for perforce@freebsd.org; Wed, 2 Oct 2002 20:16:25 -0700 (PDT) Date: Wed, 2 Oct 2002 20:16:25 -0700 (PDT) Message-Id: <200210030316.g933GPXn088913@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 18570 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18570 Change 18570 by rwatson@rwatson_tislabs on 2002/10/02 20:16:02 Implement two new MAC framework and policy entry points: mac_check_socket_receive(cred, so) mpo_check_socket_receive(cred, so, solabel) Authorize reception of data from socket 'so' by cred 'cred'. mac_check_socket_send(cred, so) mpo_check_socket_send(cred, so, solabel) Authorize transmission of data over socket 'so' by cred 'cred' These entry points are implemented above the per-protocol pru_send(), pru_sosend(), pru_rcv*(), and pru_soreceive() calls. Currently we don't enforce these protections for sockets used in fifos, since we already provide above-VFS protection of fifo over fifofs. In the future, we may want to pass additional context information to these entry points. Affected files ... .. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_stream.c#9 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#289 edit .. //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#14 edit .. //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#24 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#169 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#130 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_stream.c#9 (text+ko) ==== @@ -39,6 +39,8 @@ #define COMPAT_43 1 +#include "opt_mac.h" + #include #include #include @@ -47,6 +49,7 @@ #include #include #include /* Must come after sys/malloc.h */ +#include #include #include #include @@ -165,6 +168,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -262,6 +272,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#289 (text+ko) ==== @@ -856,10 +856,18 @@ mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_RECEIVE: + mpc->mpc_ops->mpo_check_socket_receive = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_RELABEL: mpc->mpc_ops->mpo_check_socket_relabel = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_SEND: + mpc->mpc_ops->mpo_check_socket_send = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_VISIBLE: mpc->mpc_ops->mpo_check_socket_visible = mpe->mpe_function; @@ -3308,6 +3316,16 @@ return (error); } +int +mac_check_socket_receive(struct ucred *cred, struct socket *so) +{ + int error; + + MAC_CHECK(check_socket_receive, cred, so, &so->so_label); + + return (error); +} + static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) @@ -3320,6 +3338,20 @@ return (error); } +/* + * XXXMAC: It might eventually be desirable to pass in address information + * to the send and possibly receive calls. + */ +int +mac_check_socket_send(struct ucred *cred, struct socket *so) +{ + int error; + + MAC_CHECK(check_socket_send, cred, so, &so->so_label); + + return (error); +} + int mac_check_socket_visible(struct ucred *cred, struct socket *socket) { ==== //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#14 (text+ko) ==== @@ -68,6 +68,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_receive(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_soreceive(so, 0, uio, 0, 0, 0); mtx_unlock(&Giant); return (error); @@ -86,6 +93,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_send(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_sosend(so, 0, uio, 0, 0, 0, uio->uio_td); mtx_unlock(&Giant); ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#24 (text+ko) ==== @@ -605,6 +605,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto bad; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -882,6 +889,15 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) { + fputsock(so); + return (error); + } +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -1732,6 +1748,12 @@ goto done; } +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done; +#endif + /* * If specified, get the pointer to the sf_hdtr struct for * any headers/trailers. ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#169 (text+ko) ==== @@ -334,6 +334,8 @@ struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_receive(struct ucred *cred, struct socket *so); +int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#130 (text+ko) ==== @@ -308,9 +308,13 @@ struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_receive)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); + int (*mpo_check_socket_send)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_visible)(struct ucred *cred, struct socket *so, struct label *socketlabel); int (*mpo_check_vnode_access)(struct ucred *cred, @@ -503,7 +507,9 @@ MAC_CHECK_SOCKET_CONNECT, MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, + MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_RELABEL, + MAC_CHECK_SOCKET_SEND, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message