From owner-p4-projects  Fri Oct 25  9:51:11 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6113237B404; Fri, 25 Oct 2002 09:51:07 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE00C37B401
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 09:51:06 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 692B243E4A
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 09:51:06 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9PGoGmV006478
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 09:50:16 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9PGoFtw006471
	for perforce@freebsd.org; Fri, 25 Oct 2002 09:50:15 -0700 (PDT)
Date: Fri, 25 Oct 2002 09:50:15 -0700 (PDT)
Message-Id: <200210251650.g9PGoFtw006471@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 20129 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=20129

Change 20129 by rwatson@rwatson_tislabs on 2002/10/25 09:49:22

	Add mac_check_reboot(), which permits policies to get in on
	the access control decision to reboot a machine.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#329 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#14 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#192 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#148 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#329 (text+ko) ====

@@ -143,6 +143,11 @@
     &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
 TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process);
 
+static int	mac_enforce_reboot = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_reboot, CTLFLAG_RW,
+    &mac_enforce_reboot, 0, "Enforce MAC policy for reboot operations");
+TUNABLE_INT("security.mac.enforce_reboot", &mac_enforce_reboot);
+
 static int	mac_enforce_socket = 1;
 SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW,
     &mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
@@ -883,6 +888,10 @@
 			mpc->mpc_ops->mpo_check_proc_signal =
 			    mpe->mpe_function;
 			break;
+		case MAC_CHECK_REBOOT:
+			mpc->mpc_ops->mpo_check_reboot =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_SOCKET_BIND:
 			mpc->mpc_ops->mpo_check_socket_bind =
 			    mpe->mpe_function;
@@ -2957,6 +2966,19 @@
 }
 
 int
+mac_check_reboot(struct ucred *cred, int howto)
+{
+	int error;
+
+	if (!mac_enforce_reboot)
+		return (0);
+
+	MAC_CHECK(check_reboot, cred, howto);
+
+	return (error);
+}
+
+int
 mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
     struct sockaddr *sockaddr)
 {

==== //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#14 (text+ko) ====

@@ -43,6 +43,7 @@
 #include "opt_ddb_trace.h"
 #include "opt_ddb_unattended.h"
 #include "opt_hw_wdog.h"
+#include "opt_mac.h"
 #include "opt_panic.h"
 #include "opt_show_busybufs.h"
 
@@ -56,6 +57,7 @@
 #include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
@@ -159,10 +161,17 @@
 {
 	int error;
 
-	mtx_lock(&Giant);
-	if ((error = suser(td)) == 0)
+	error = 0;
+#ifdef MAC
+	error = mac_check_reboot(td->td_ucred, uap->opt);
+#endif
+	if (error == 0)
+		error = suser(td);
+	if (error == 0) {
+		mtx_lock(&Giant);
 		boot(uap->opt);
-	mtx_unlock(&Giant);
+		mtx_unlock(&Giant);
+	}
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#192 (text+ko) ====

@@ -302,6 +302,7 @@
 int	mac_check_proc_sched(struct ucred *cred, struct proc *proc);
 int	mac_check_proc_signal(struct ucred *cred, struct proc *proc,
 	    int signum);
+int	mac_check_reboot(struct ucred *cred, int howto);
 int	mac_check_socket_bind(struct ucred *cred, struct socket *so,
 	    struct sockaddr *sockaddr);
 int	mac_check_socket_connect(struct ucred *cred, struct socket *so,

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#148 (text+ko) ====

@@ -297,6 +297,7 @@
 		    struct proc *proc);
 	int	(*mpo_check_proc_signal)(struct ucred *cred,
 		    struct proc *proc, int signum);
+	int	(*mpo_check_reboot)(struct ucred *cred, int howto);
 	int	(*mpo_check_socket_bind)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel,
 		    struct sockaddr *sockaddr);
@@ -506,6 +507,7 @@
 	MAC_CHECK_PROC_DEBUG,
 	MAC_CHECK_PROC_SCHED,
 	MAC_CHECK_PROC_SIGNAL,
+	MAC_CHECK_REBOOT,
 	MAC_CHECK_SOCKET_BIND,
 	MAC_CHECK_SOCKET_CONNECT,
 	MAC_CHECK_SOCKET_DELIVER,

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message