From owner-p4-projects@FreeBSD.ORG Thu Jun 9 04:43:04 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A959816A420; Thu, 9 Jun 2005 04:43:03 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 826B516A41C for ; Thu, 9 Jun 2005 04:43:03 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53CF643D48 for ; Thu, 9 Jun 2005 04:43:03 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j594h3d5087253 for ; Thu, 9 Jun 2005 04:43:03 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j594h2kT087250 for perforce@freebsd.org; Thu, 9 Jun 2005 04:43:02 GMT (envelope-from csjp@freebsd.org) Date: Thu, 9 Jun 2005 04:43:02 GMT Message-Id: <200506090443.j594h2kT087250@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 78222 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 04:43:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=78222 Change 78222 by csjp@csjp_xor on 2005/06/09 04:42:31 Introduce two new entry points: mac_syscall_enter mac_syscall_exit These entry points can be used for controlling access to to execution paths within the kernel. Currently we do not check the return value of mac_syscall_exit as we can only run into problems by allowing the mac_syscall_exit entry point to propagate return values back to the syscall. Currently we only support the i386 architecture, but I will be adding support for the others once we test this concept. Affected files ... .. //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#36 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#9 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#274 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#231 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#36 (text+ko) ==== @@ -50,6 +50,7 @@ #include "opt_ktrace.h" #include "opt_npx.h" #include "opt_trap.h" +#include "opt_mac.h" #include #include @@ -61,6 +62,7 @@ #include #include #include +#include #include #include #include @@ -879,6 +881,9 @@ int narg; int args[8]; u_int code; +#ifdef MAC + int mac_error; +#endif /* * note: PCPU_LAZY_INC() can only be used if we can afford @@ -933,11 +938,10 @@ if (p->p_sysent->sv_mask) code &= p->p_sysent->sv_mask; - - if (code >= p->p_sysent->sv_size) - callp = &p->p_sysent->sv_table[0]; - else - callp = &p->p_sysent->sv_table[code]; + + if (code >= p->p_sysent->sv_size) + code = 0; + callp = &p->p_sysent->sv_table[code]; narg = callp->sy_narg & SYF_ARGMASK; @@ -972,8 +976,14 @@ STOPEVENT(p, S_SCE, narg); PTRACESTOP_SC(p, td, S_PT_SCE); - +#ifdef MAC + mac_error = mac_syscall_enter(td, args, code); + if (mac_error == 0) + error = (*callp->sy_call)(td, args); + mac_syscall_exit(td, args, code, error, mac_error); +#else error = (*callp->sy_call)(td, args); +#endif } switch (error) { ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#9 (text+ko) ==== @@ -49,6 +49,10 @@ #include +static int mac_enforce_syscall = 1; +SYSCTL_INT(_security_mac, OID_AUTO, enforce_syscall, CTLFLAG_RW, + &mac_enforce_syscall, 0, "Enforce MAC policy on system calls"); + static int mac_enforce_kld = 1; SYSCTL_INT(_security_mac, OID_AUTO, enforce_kld, CTLFLAG_RW, &mac_enforce_kld, 0, "Enforce MAC policy on kld operations"); @@ -266,3 +270,32 @@ return (error); } + +int +mac_syscall_enter(struct thread *td, int *args, int code) +{ + int error; + + if (!mac_enforce_syscall) + return (0); + MAC_CHECK(syscall_enter, td, args, code); + return (error); +} + +int +mac_syscall_exit(struct thread *td, int *args, int code, int errcode, + int mac_error) +{ + int error; + + if (!mac_enforce_syscall) + return (0); + MAC_CHECK(syscall_exit, td, args, code, errcode, mac_error); + /* + * Since we do not care about this return value, unconditioanlly + * return 0. We can only run into problems by allowing this entry + * point to propagate return values back to the syscall. + */ + + return (0); +} ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#274 (text+ko) ==== @@ -390,6 +390,9 @@ int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); +int mac_syscall_enter(struct thread *td, int *args, int code); +int mac_syscall_exit(struct thread *td, int *args, int code, + int errcode, int mac_error); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#231 (text+ko) ==== @@ -491,6 +491,9 @@ int (*mpo_check_system_sysctl)(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); + int (*mpo_syscall_enter)(struct thread *td, int *args, int code); + int (*mpo_syscall_exit)(struct thread *td, int *args, int code, + int error, int mac_error); int (*mpo_check_vnode_access)(struct ucred *cred, struct vnode *vp, struct label *label, int acc_mode); int (*mpo_check_vnode_chdir)(struct ucred *cred,