FreeBSD Mail Archives

Date:      Tue, 24 Dec 2002 14:06:48 -0800 (PST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 22719 for review
Message-ID:  <200212242206.gBOM6m4M097665@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help

http://perforce.freebsd.org/chv.cgi?CH=22719

Change 22719 by rwatson@rwatson_paprika on 2002/12/24 14:06:46

	Instrument and authorize sysarch(), the platform-dependent service
	access system call.  Perform authorization only for sysarch() calls
	that require suser privilege, since those are the ones we're most
	interested in right now.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/alpha/alpha/sys_machdep.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/i386/i386/sys_machdep.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#372 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#194 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#116 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#92 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#226 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#180 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/alpha/alpha/sys_machdep.c#7 (text+ko) ====

@@ -35,9 +35,12 @@
  *
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/sysent.h>
@@ -114,6 +117,12 @@
 	if (error)
 		return (error);
 
+#ifdef MAC
+	error = mac_check_sysarch_ioperm(td->td_ucred));
+	if (error)
+		return (error);
+#endif
+
 	error = securelevel_gt(td->td_ucred, 0);
 	if (error)
 		return (error);

==== //depot/projects/trustedbsd/mac/sys/i386/i386/sys_machdep.c#8 (text+ko) ====

@@ -36,10 +36,12 @@
  */
 
 #include "opt_kstack_pages.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
@@ -183,6 +185,10 @@
 	if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0)
 		return (error);
 
+#ifdef MAC
+	if ((error = mac_check_sysarch_ioperm(td->td_ucred)) != 0)
+		return (error);
+#endif
 	if ((error = suser(td)) != 0)
 		return (error);
 	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#372 (text+ko) ====

@@ -2622,6 +2622,18 @@
 }
 
 int
+mac_check_sysarch_ioperm(struct ucred *cred)
+{
+	int error;
+
+	if (!mac_enforce_system)
+		return (0);
+
+	MAC_CHECK(check_sysarch_ioperm, cred);
+	return (error);
+}
+
+int
 mac_check_system_acct(struct ucred *cred, struct vnode *vp)
 {
 	int error;

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#194 (text+ko) ====

@@ -1892,6 +1892,24 @@
 }
 
 static int
+mac_biba_check_sysarch_ioperm(struct ucred *cred)
+{
+	struct mac_biba *subj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
+static int
 mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -2708,6 +2726,7 @@
 	.mpo_check_socket_deliver = mac_biba_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_biba_check_socket_relabel,
 	.mpo_check_socket_visible = mac_biba_check_socket_visible,
+	.mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_biba_check_system_acct,
 	.mpo_check_system_settime = mac_biba_check_system_settime,
 	.mpo_check_system_swapon = mac_biba_check_system_swapon,

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#116 (text+ko) ====

@@ -670,6 +670,13 @@
 }
 
 static int
+mac_none_check_sysarch_ioperm(struct ucred *cred)
+{
+
+	return (0);
+}
+
+static int
 mac_none_check_system_acct(struct ucred *cred, struct vnode *vp,
     struct label *vlabel)
 {
@@ -1070,6 +1077,7 @@
 	.mpo_check_socket_listen = mac_none_check_socket_listen,
 	.mpo_check_socket_relabel = mac_none_check_socket_relabel,
 	.mpo_check_socket_visible = mac_none_check_socket_visible,
+	.mpo_check_sysarch_ioperm = mac_none_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_none_check_system_acct,
 	.mpo_check_system_reboot = mac_none_check_system_reboot,
 	.mpo_check_system_settime = mac_none_check_system_settime,

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#92 (text+ko) ====

@@ -1066,6 +1066,13 @@
 }
 
 static int
+mac_test_check_sysarch_ioperm(struct ucred *cred)
+{
+
+	return (0);
+}
+
+static int
 mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -1467,6 +1474,7 @@
 	.mpo_check_socket_listen = mac_test_check_socket_listen,
 	.mpo_check_socket_relabel = mac_test_check_socket_relabel,
 	.mpo_check_socket_visible = mac_test_check_socket_visible,
+	.mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_test_check_system_acct,
 	.mpo_check_system_reboot = mac_test_check_system_reboot,
 	.mpo_check_system_settime = mac_test_check_system_settime,

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#226 (text+ko) ====

@@ -265,6 +265,7 @@
 int	mac_check_socket_receive(struct ucred *cred, struct socket *so);
 int	mac_check_socket_send(struct ucred *cred, struct socket *so);
 int	mac_check_socket_visible(struct ucred *cred, struct socket *so);
+int	mac_check_sysarch_ioperm(struct ucred *cred);
 int	mac_check_system_acct(struct ucred *cred, struct vnode *vp);
 int	mac_check_system_nfsd(struct ucred *cred);
 int	mac_check_system_reboot(struct ucred *cred, int howto);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#180 (text+ko) ====

@@ -323,6 +323,7 @@
 		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_socket_visible)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel);
+	int	(*mpo_check_sysarch_ioperm)(struct ucred *cred);
 	int	(*mpo_check_system_acct)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel);
 	int	(*mpo_check_system_nfsd)(struct ucred *cred);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212242206.gBOM6m4M097665>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation