From owner-p4-projects Sat Oct 26 20:30:32 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1525137B404; Sat, 26 Oct 2002 20:30:17 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D62F37B401 for ; Sat, 26 Oct 2002 20:30:16 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id E579243E6A for ; Sat, 26 Oct 2002 20:30:15 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9R3TImV062305 for ; Sat, 26 Oct 2002 20:29:18 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9R3TIv6062299 for perforce@freebsd.org; Sat, 26 Oct 2002 20:29:18 -0700 (PDT) Date: Sat, 26 Oct 2002 20:29:18 -0700 (PDT) Message-Id: <200210270329.g9R3TIv6062299@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20222 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20222 Change 20222 by rwatson@rwatson_tislabs on 2002/10/26 20:29:17 Push reboot, sysctl, swapon checks into a new _system_ namespace, since these operations fall into class of operations that affect not just the subject and specific object, but system configuration as a whole. The renames were: mac_check_reboot() -> mac_check_system_reboot() mac_check_vnode_swapon() -> mac_check_system_swapon() mac_check_sysctl() -> mac_check_system_sysctl() Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#334 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#15 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_sysctl.c#14 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#164 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#58 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#134 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#93 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#67 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#197 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#151 edit .. //depot/projects/trustedbsd/mac/sys/vm/vm_swap.c#13 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#334 (text+ko) ==== @@ -888,10 +888,6 @@ mpc->mpc_ops->mpo_check_proc_signal = mpe->mpe_function; break; - case MAC_CHECK_REBOOT: - mpc->mpc_ops->mpo_check_reboot = - mpe->mpe_function; - break; case MAC_CHECK_SOCKET_BIND: mpc->mpc_ops->mpo_check_socket_bind = mpe->mpe_function; @@ -924,8 +920,16 @@ mpc->mpc_ops->mpo_check_socket_visible = mpe->mpe_function; break; - case MAC_CHECK_SYSCTL: - mpc->mpc_ops->mpo_check_sysctl = + case MAC_CHECK_SYSTEM_REBOOT: + mpc->mpc_ops->mpo_check_system_reboot = + mpe->mpe_function; + break; + case MAC_CHECK_SYSTEM_SWAPON: + mpc->mpc_ops->mpo_check_system_swapon = + mpe->mpe_function; + break; + case MAC_CHECK_SYSTEM_SYSCTL: + mpc->mpc_ops->mpo_check_system_sysctl = mpe->mpe_function; break; case MAC_CHECK_VNODE_ACCESS: @@ -1048,10 +1052,6 @@ mpc->mpc_ops->mpo_check_vnode_stat = mpe->mpe_function; break; - case MAC_CHECK_VNODE_SWAPON: - mpc->mpc_ops->mpo_check_vnode_swapon = - mpe->mpe_function; - break; case MAC_CHECK_VNODE_WRITE: mpc->mpc_ops->mpo_check_vnode_write = mpe->mpe_function; @@ -2366,20 +2366,6 @@ } int -mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp) -{ - int error; - - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_swapon"); - - if (!mac_enforce_fs) - return (0); - - MAC_CHECK(check_vnode_swapon, cred, vp, &vp->v_label); - return (error); -} - -int mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp) { @@ -2966,19 +2952,6 @@ } int -mac_check_reboot(struct ucred *cred, int howto) -{ - int error; - - if (!mac_enforce_reboot) - return (0); - - MAC_CHECK(check_reboot, cred, howto); - - return (error); -} - -int mac_check_socket_bind(struct ucred *ucred, struct socket *socket, struct sockaddr *sockaddr) { @@ -3086,8 +3059,35 @@ } int -mac_check_sysctl(struct ucred *cred, int *name, u_int namelen, void *old, - size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_check_system_reboot(struct ucred *cred, int howto) +{ + int error; + + if (!mac_enforce_reboot) + return (0); + + MAC_CHECK(check_system_reboot, cred, howto); + + return (error); +} + +int +mac_check_system_swapon(struct ucred *cred, struct vnode *vp) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label); + return (error); +} + +int +mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, + void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) { int error; @@ -3098,8 +3098,8 @@ if (!mac_enforce_sysctl) return (0); - MAC_CHECK(check_sysctl, cred, name, namelen, old, oldlenp, inkernel, - new, newlen); + MAC_CHECK(check_system_sysctl, cred, name, namelen, old, oldlenp, + inkernel, new, newlen); return (error); } ==== //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#15 (text+ko) ==== @@ -163,7 +163,7 @@ error = 0; #ifdef MAC - error = mac_check_reboot(td->td_ucred, uap->opt); + error = mac_check_system_reboot(td->td_ucred, uap->opt); #endif if (error == 0) error = suser(td); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_sysctl.c#14 (text+ko) ==== @@ -1241,8 +1241,8 @@ SYSCTL_LOCK(); #ifdef MAC - error = mac_check_sysctl(td->td_ucred, name, namelen, old, oldlenp, - inkernel, new, newlen); + error = mac_check_system_sysctl(td->td_ucred, name, namelen, old, + oldlenp, inkernel, new, newlen); if (error) { SYSCTL_UNLOCK(); return (error); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#164 (text+ko) ==== @@ -1874,7 +1874,28 @@ } static int -mac_biba_check_sysctl(struct ucred *cred, int *name, u_int namelen, +mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_subject_privileged(subj)) + return (EPERM); + + if (!mac_biba_high_single(obj)) + return (EACCES); + + return (0); +} + +static int +mac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) { struct mac_biba *subj; @@ -2473,27 +2494,6 @@ } static int -mac_biba_check_vnode_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - struct mac_biba *subj, *obj; - - if (!mac_biba_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - if (!mac_biba_subject_privileged(subj)) - return (EPERM); - - if (!mac_biba_high_single(obj)) - return (EACCES); - - return (0); -} - -static int mac_biba_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { @@ -2709,8 +2709,10 @@ (macop_t)mac_biba_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, (macop_t)mac_biba_check_socket_visible }, - { MAC_CHECK_SYSCTL, - (macop_t)mac_biba_check_sysctl }, + { MAC_CHECK_SYSTEM_SWAPON, + (macop_t)mac_biba_check_system_swapon }, + { MAC_CHECK_SYSTEM_SYSCTL, + (macop_t)mac_biba_check_system_sysctl }, { MAC_CHECK_VNODE_ACCESS, (macop_t)mac_biba_check_vnode_open }, { MAC_CHECK_VNODE_CHDIR, @@ -2769,8 +2771,6 @@ (macop_t)mac_biba_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_biba_check_vnode_stat }, - { MAC_CHECK_VNODE_SWAPON, - (macop_t)mac_biba_check_vnode_swapon }, { MAC_CHECK_VNODE_WRITE, (macop_t)mac_biba_check_vnode_write }, { MAC_OP_LAST, NULL } ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#58 (text+ko) ==== @@ -292,6 +292,22 @@ } static int +mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); +} + +static int mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, struct label *label, mode_t flags) { @@ -718,28 +734,14 @@ VSTAT)); } -static int -mac_bsdextended_check_vnode_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - struct vattr vap; - int error; - - if (!mac_bsdextended_enabled) - return (0); - - error = VOP_GETATTR(vp, &vap, cred, curthread); - if (error) - return (error); - return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); -} - static struct mac_policy_op_entry mac_bsdextended_ops[] = { { MAC_DESTROY, (macop_t)mac_bsdextended_destroy }, { MAC_INIT, (macop_t)mac_bsdextended_init }, + { MAC_CHECK_SYSTEM_SWAPON, + (macop_t)mac_bsdextended_check_system_swapon }, { MAC_CHECK_VNODE_ACCESS, (macop_t)mac_bsdextended_check_vnode_access }, { MAC_CHECK_VNODE_CHDIR, @@ -788,8 +790,6 @@ (macop_t)mac_bsdextended_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_bsdextended_check_vnode_stat }, - { MAC_CHECK_VNODE_SWAPON, - (macop_t)mac_bsdextended_check_vnode_swapon }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#134 (text+ko) ==== @@ -1792,6 +1792,25 @@ } static int +mac_mls_check_vnode_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (!mac_mls_dominate_single(obj, subj) || + !mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -2357,25 +2376,6 @@ } static int -mac_mls_check_vnode_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - struct mac_mls *subj, *obj; - - if (!mac_mls_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - if (!mac_mls_dominate_single(obj, subj) || - !mac_mls_dominate_single(subj, obj)) - return (EACCES); - - return (0); -} - -static int mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { @@ -2591,6 +2591,8 @@ (macop_t)mac_mls_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, (macop_t)mac_mls_check_socket_visible }, + { MAC_CHECK_SYSTEM_SWAPON, + (macop_t)mac_mls_check_vnode_swapon }, { MAC_CHECK_VNODE_ACCESS, (macop_t)mac_mls_check_vnode_open }, { MAC_CHECK_VNODE_CHDIR, @@ -2649,8 +2651,6 @@ (macop_t)mac_mls_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_mls_check_vnode_stat }, - { MAC_CHECK_VNODE_SWAPON, - (macop_t)mac_mls_check_vnode_swapon }, { MAC_CHECK_VNODE_WRITE, (macop_t)mac_mls_check_vnode_write }, { MAC_OP_LAST, NULL } ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#93 (text+ko) ==== @@ -625,6 +625,29 @@ } static int +mac_none_check_system_reboot(struct ucred *cred, int how) +{ + + return (0); +} + +static int +mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int +mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, + void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +{ + + return (0); +} + +static int mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, struct label *label, mode_t flags) { @@ -861,14 +884,6 @@ } static int -mac_none_check_vnode_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - - return (0); -} - -static int mac_none_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { @@ -1082,6 +1097,12 @@ (macop_t)mac_none_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, (macop_t)mac_none_check_socket_visible }, + { MAC_CHECK_SYSTEM_REBOOT, + (macop_t)mac_none_check_system_reboot }, + { MAC_CHECK_SYSTEM_SWAPON, + (macop_t)mac_none_check_system_swapon }, + { MAC_CHECK_SYSTEM_SYSCTL, + (macop_t)mac_none_check_system_sysctl }, { MAC_CHECK_VNODE_ACCESS, (macop_t)mac_none_check_vnode_access }, { MAC_CHECK_VNODE_CHDIR, @@ -1140,8 +1161,6 @@ (macop_t)mac_none_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_none_check_vnode_stat }, - { MAC_CHECK_VNODE_SWAPON, - (macop_t)mac_none_check_vnode_swapon }, { MAC_CHECK_VNODE_WRITE, (macop_t)mac_none_check_vnode_write }, { MAC_OP_LAST, NULL } ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#67 (text+ko) ==== @@ -1021,6 +1021,14 @@ } static int +mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (0); +} + +static int mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, struct label *label, mode_t flags) { @@ -1257,14 +1265,6 @@ } static int -mac_test_check_vnode_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - - return (0); -} - -static int mac_test_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { @@ -1480,6 +1480,8 @@ (macop_t)mac_test_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, (macop_t)mac_test_check_socket_visible }, + { MAC_CHECK_SYSTEM_SWAPON, + (macop_t)mac_test_check_system_swapon }, { MAC_CHECK_VNODE_ACCESS, (macop_t)mac_test_check_vnode_access }, { MAC_CHECK_VNODE_CHDIR, @@ -1538,8 +1540,6 @@ (macop_t)mac_test_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_test_check_vnode_stat }, - { MAC_CHECK_VNODE_SWAPON, - (macop_t)mac_test_check_vnode_swapon }, { MAC_CHECK_VNODE_WRITE, (macop_t)mac_test_check_vnode_write }, { MAC_OP_LAST, NULL } ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#197 (text+ko) ==== @@ -298,7 +298,6 @@ int mac_check_proc_sched(struct ucred *cred, struct proc *proc); int mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum); -int mac_check_reboot(struct ucred *cred, int howto); int mac_check_socket_bind(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, @@ -308,9 +307,11 @@ int mac_check_socket_receive(struct ucred *cred, struct socket *so); int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); -int mac_check_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, - size_t newlen); +int mac_check_system_reboot(struct ucred *cred, int howto); +int mac_check_system_swapon(struct ucred *cred, struct vnode *vp); +int mac_check_system_sysctl(struct ucred *cred, int *name, + u_int namelen, void *old, size_t *oldlenp, int inkernel, + void *new, size_t newlen); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); @@ -362,7 +363,6 @@ struct timespec atime, struct timespec mtime); int mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); -int mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp); int mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#151 (text+ko) ==== @@ -296,7 +296,6 @@ struct proc *proc); int (*mpo_check_proc_signal)(struct ucred *cred, struct proc *proc, int signum); - int (*mpo_check_reboot)(struct ucred *cred, int howto); int (*mpo_check_socket_bind)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr); @@ -317,6 +316,9 @@ struct socket *so, struct label *socketlabel); int (*mpo_check_socket_visible)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_system_reboot)(struct ucred *cred, int howto); + int (*mpo_check_system_swapon)(struct ucred *cred, + struct vnode *vp, struct label *label); int (*mpo_check_sysctl)(struct ucred *cred, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen); @@ -396,8 +398,6 @@ int (*mpo_check_vnode_stat)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); - int (*mpo_check_vnode_swapon)(struct ucred *cred, - struct vnode *vp, struct label *label); int (*mpo_check_vnode_write)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); @@ -506,7 +506,6 @@ MAC_CHECK_PROC_DEBUG, MAC_CHECK_PROC_SCHED, MAC_CHECK_PROC_SIGNAL, - MAC_CHECK_REBOOT, MAC_CHECK_SOCKET_BIND, MAC_CHECK_SOCKET_CONNECT, MAC_CHECK_SOCKET_DELIVER, @@ -515,7 +514,9 @@ MAC_CHECK_SOCKET_RELABEL, MAC_CHECK_SOCKET_SEND, MAC_CHECK_SOCKET_VISIBLE, - MAC_CHECK_SYSCTL, + MAC_CHECK_SYSTEM_REBOOT, + MAC_CHECK_SYSTEM_SWAPON, + MAC_CHECK_SYSTEM_SYSCTL, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, MAC_CHECK_VNODE_CHROOT, @@ -546,7 +547,6 @@ MAC_CHECK_VNODE_SETOWNER, MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, - MAC_CHECK_VNODE_SWAPON, MAC_CHECK_VNODE_WRITE, }; ==== //depot/projects/trustedbsd/mac/sys/vm/vm_swap.c#13 (text+ko) ==== @@ -290,7 +290,7 @@ found: (void) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_swapon(td->td_ucred, vp); + error = mac_check_system_swapon(td->td_ucred, vp); if (error == 0) #endif error = VOP_OPEN(vp, FREAD | FWRITE, td->td_ucred, td); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message