From owner-p4-projects Sat Oct 5 18:37:27 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 82DD437B404; Sat, 5 Oct 2002 18:37:22 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0165D37B401 for ; Sat, 5 Oct 2002 18:37:22 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A376743E42 for ; Sat, 5 Oct 2002 18:37:21 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g961bLCo009212 for ; Sat, 5 Oct 2002 18:37:21 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g961bLEv009209 for perforce@freebsd.org; Sat, 5 Oct 2002 18:37:21 -0700 (PDT) Date: Sat, 5 Oct 2002 18:37:21 -0700 (PDT) Message-Id: <200210060137.g961bLEv009209@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 18773 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18773 Change 18773 by rwatson@rwatson_tislabs on 2002/10/05 18:37:07 Move the mmap protection limitations to the correct place in the file based on our sort order for access control checks. Change return types to int from vm_prot_t (left-over from the old mmap protection approach). Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#126 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#109 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#126 (text+ko) ==== @@ -1933,6 +1933,34 @@ } static int +mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, + struct label *label, int prot) +{ + struct mac_biba *subj, *obj; + + /* + * Rely on the use of open()-time protections to handle + * non-revocation cases. + */ + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + } + if (prot & VM_PROT_WRITE) { + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + } + + return (0); +} + +static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, mode_t acc_mode) { @@ -2296,34 +2324,6 @@ return (0); } -static vm_prot_t -mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - struct mac_biba *subj, *obj; - - /* - * Rely on the use of open()-time protections to handle - * non-revocation cases. - */ - if (!mac_biba_enabled || !mac_biba_revocation_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_biba_dominate_single(obj, subj)) - return (EACCES); - } - if (prot & VM_PROT_WRITE) { - if (!mac_biba_dominate_single(subj, obj)) - return (EACCES); - } - - return (0); -} - static struct mac_policy_op_entry mac_biba_ops[] = { { MAC_DESTROY, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#109 (text+ko) ==== @@ -1983,6 +1983,34 @@ } static int +mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, + struct label *label, int prot) +{ + struct mac_mls *subj, *obj; + + /* + * Rely on the use of open()-time protections to handle + * non-revocation cases. + */ + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + } + if (prot & VM_PROT_WRITE) { + if (!mac_mls_dominate_single(obj, subj)) + return (EACCES); + } + + return (0); +} + +static int mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, mode_t acc_mode) { @@ -2346,34 +2374,6 @@ return (0); } -static vm_prot_t -mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) -{ - struct mac_mls *subj, *obj; - - /* - * Rely on the use of open()-time protections to handle - * non-revocation cases. - */ - if (!mac_mls_enabled || !mac_mls_revocation_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_mls_dominate_single(subj, obj)) - return (EACCES); - } - if (prot & VM_PROT_WRITE) { - if (!mac_mls_dominate_single(obj, subj)) - return (EACCES); - } - - return (0); -} - static struct mac_policy_op_entry mac_mls_ops[] = { { MAC_DESTROY, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message