From owner-p4-projects@FreeBSD.ORG Mon Apr 18 16:45:24 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 903FB16A4D0; Mon, 18 Apr 2005 16:45:24 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E01816A4CE for ; Mon, 18 Apr 2005 16:45:24 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19C6E43D31 for ; Mon, 18 Apr 2005 16:45:24 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3IGjNCu005313 for ; Mon, 18 Apr 2005 16:45:23 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3IGjNoE005310 for perforce@freebsd.org; Mon, 18 Apr 2005 16:45:23 GMT (envelope-from areisse@nailabs.com) Date: Mon, 18 Apr 2005 16:45:23 GMT Message-Id: <200504181645.j3IGjNoE005310@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 75498 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 16:45:25 -0000 http://perforce.freebsd.org/chv.cgi?CH=75498 Change 75498 by areisse@areisse_ibook on 2005/04/18 16:45:05 Initial support for access vectors in a mach message trailer. A new entry point, mac_check_ipc_methods, returns an access vector mapping routine numbers to permitted/denied bits. This vector is then stored in the message trailer (if requested by the recipient). Currently, any access decisions are made using the sender's task label at the time of the sending, and the recipient port label at the time of receive. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 (text+ko) ==== @@ -67,6 +67,7 @@ struct vnode; struct devnode; struct task; +struct msg_access_vector; struct mac_policy_ops { /* @@ -478,6 +479,9 @@ int (*mpo_audit_postselect)(struct ucred *cred, unsigned short syscode, void *args, int error, int retval); + + void (*mpo_check_ipc_methods)(struct label *task, + struct label *port, struct msg_access_vector *av); }; struct mac_policy_conf { ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 (text+ko) ==== @@ -274,6 +274,18 @@ trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option); #if 1 + + if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_AV)) { + if (kmsg->ikm_sender != IO_NULL && + IP_VALID(kmsg->ikm_header.msgh_remote_port)) { + mac_check_ipc_methods + (&kmsg->ikm_sender->lh_label, + &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av); + } + else + memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t)); + } + if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_LABELS)) { if (kmsg->ikm_sender != IO_NULL) { ipc_object_t lh = &kmsg->ikm_sender->lh_object; ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 (text+ko) ==== @@ -25,6 +25,7 @@ * SUCH DAMAGE. */ +#include #include /* tasks */ @@ -58,3 +59,5 @@ int mac_check_port_hold_receive (struct label *task, struct label *port); int mac_check_task_service_access (task_t self, task_t obj, const char *perm); + +void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 (text+ko) ==== @@ -331,6 +331,11 @@ mach_port_name_t sender; } msg_labels_t; +typedef struct msg_access_vector +{ + unsigned int av[4]; +} msg_access_vector_t; + typedef struct { mach_msg_trailer_type_t msgh_trailer_type; @@ -339,6 +344,7 @@ security_token_t msgh_sender; audit_token_t msgh_audit; msg_labels_t msgh_labels; + msg_access_vector_t msgh_av; } mach_msg_mac_trailer_t; #define MACH_MSG_TRAILER_MINIMUM_SIZE sizeof(mach_msg_trailer_t) @@ -513,6 +519,7 @@ #define MACH_RCV_TRAILER_SENDER 2 #define MACH_RCV_TRAILER_AUDIT 3 #define MACH_RCV_TRAILER_LABELS 4 +#define MACH_RCV_TRAILER_AV 8 #define MACH_RCV_TRAILER_TYPE(x) (((x) & 0xf) << 28) #define MACH_RCV_TRAILER_ELEMENTS(x) (((x) & 0xf) << 24) ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 (text+ko) ==== @@ -32,6 +32,7 @@ */ #include +#include void mac_init_port_label (struct label *l) @@ -171,3 +172,27 @@ return (error); } + +void +mac_check_ipc_methods(struct label *task, struct label *port, + msg_access_vector_t *av) +{ + struct mac_policy_conf *mpc; + int entrycount; + + memset(av, 0xff, sizeof(msg_access_vector_t)); + + LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { + if (mpc->mpc_ops->mpo_check_ipc_methods != NULL) + mpc->mpc_ops->mpo_check_ipc_methods( + task, port, av); + } + if ((entrycount = mac_policy_list_conditional_busy()) != 0) { + LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { + if (mpc->mpc_ops->mpo_check_ipc_methods != NULL) + mpc->mpc_ops->mpo_check_ipc_methods( + task, port, av); + } + mac_policy_list_unbusy(); + } +}