From owner-p4-projects@FreeBSD.ORG Wed Aug 20 11:23:27 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6E0EA16A4C1; Wed, 20 Aug 2003 11:23:27 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0620816A4BF for ; Wed, 20 Aug 2003 11:23:27 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36FF943FE9 for ; Wed, 20 Aug 2003 11:23:26 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h7KINQ0U082466 for ; Wed, 20 Aug 2003 11:23:26 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h7KINPKS082463 for perforce@freebsd.org; Wed, 20 Aug 2003 11:23:25 -0700 (PDT) Date: Wed, 20 Aug 2003 11:23:25 -0700 (PDT) Message-Id: <200308201823.h7KINPKS082463@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 36499 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2003 18:23:28 -0000 http://perforce.freebsd.org/chv.cgi?CH=36499 Change 36499 by rwatson@rwatson_paprika on 2003/08/20 11:23:18 Trim trailing whitespace to reduce diffs between branches. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#68 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#68 (text+ko) ==== @@ -76,12 +76,14 @@ static void sebsd_init(struct mac_policy_conf *mpc) { + printf("sebsd:: init\n"); } static void sebsd_destroy(struct mac_policy_conf *mpc) { + printf("sebsd:: destroy\n"); } @@ -93,7 +95,7 @@ task = SLOT(&cred->cr_label); target = SLOT(&proc->p_ucred->cr_label); - return (avc_has_perm_ref(task->sid, target->sid, SECCLASS_PROCESS, + return (avc_has_perm_ref(task->sid, target->sid, SECCLASS_PROCESS, perm, &target->avcr)); } @@ -118,7 +120,7 @@ task = SLOT(&cred->cr_label); - return (avc_has_perm(task->sid, SECINITSID_KERNEL, + return (avc_has_perm(task->sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, perm)); } @@ -129,7 +131,7 @@ task = SLOT(&cred->cr_label); - return (avc_has_perm(task->sid, SECINITSID_SECURITY, + return (avc_has_perm(task->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, perm)); } @@ -139,16 +141,16 @@ return (cred_has_system(td->td_proc->p_ucred, perm)); } - + int thread_has_security(struct thread *td, access_vector_t perm) { return (cred_has_security(td->td_proc->p_ucred, perm)); } - + static __inline security_class_t -vnode_type_to_security_class(enum vtype vt) +vnode_type_to_security_class(enum vtype vt) { switch (vt) { case VREG: @@ -200,27 +202,27 @@ } static __inline access_vector_t -file_mask_to_av(enum vtype vt, int mask) +file_mask_to_av(enum vtype vt, int mask) { access_vector_t av = 0; if (vt != VDIR) { - if (mask & VEXEC) + if (mask & VEXEC) av |= FILE__EXECUTE; - if (mask & VREAD) + if (mask & VREAD) av |= FILE__READ; if (mask & VAPPEND) av |= FILE__APPEND; - else if (mask & VWRITE) + else if (mask & VWRITE) av |= FILE__WRITE; } else { - if (mask & VEXEC) + if (mask & VEXEC) av |= DIR__SEARCH; - if (mask & VWRITE) + if (mask & VWRITE) av |= DIR__WRITE; - if (mask & VREAD) + if (mask & VREAD) av |= DIR__READ; } @@ -253,7 +255,7 @@ return 0; /* TBD: debugging */ } } - return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, perm, aeref ? aeref : &file->avcr, &ad); } @@ -301,6 +303,7 @@ static void sebsd_destroy_label(struct label *label) { + free(SLOT(label), M_SEBSD); SLOT(label) = NULL; } @@ -308,6 +311,7 @@ static void sebsd_relabel_cred(struct ucred *cred, struct label *newlabel) { + printf("sebsd_relabel_cred:: This does nothing\n"); } @@ -349,16 +353,18 @@ context_len = sizeof(context); /* TBD: bad fixed length */ error = vn_extattr_get(vp, IO_NODELOCKED, - SEBSD_MAC_EXTATTR_NAMESPACE, + SEBSD_MAC_EXTATTR_NAMESPACE, SEBSD_MAC_EXTATTR_NAME, &context_len, context, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { vsec->sid = SECINITSID_UNLABELED; /* Use the default label */ struct vattr va; + /* (void)VOP_GETATTR(vp, &va, curthread->td_ucred, curthread); printf("sebsd_update_vnode_from_extattr: no label for " "inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid); + */ goto dosclass; } if (error) { @@ -418,7 +424,7 @@ parent = SLOT(&cred_parent->cr_label); task = SLOT(&cred_child->cr_label); - /* Default to using the attributes from the parent process */ + /* Default to using the attributes from the parent process */ task->osid = parent->osid; task->sid = parent->sid; @@ -442,14 +448,14 @@ /* Default to the filesystem SID. */ dirent->sid = sbsec->sid; dirent->task_sid = SECINITSID_KERNEL; - dirent->sclass = + dirent->sclass = dirent_type_to_security_class(devfs_dirent->de_dirent->d_type); /* Obtain a SID based on the fstype, path, and class. */ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); - rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, + rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, &newsid); if (rc == 0) dirent->sid = newsid; @@ -487,7 +493,7 @@ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); - rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, + rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, &newsid); if (rc == 0) dirent->sid = newsid; @@ -495,8 +501,8 @@ /* TBD: debugging */ if (sebsd_verbose > 1) { printf("%s(%s): sbsid=%d, mountpoint=%s, " - "rc=%d, sclass=%d, computedsid=%d, dirent=%d\n", - __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, + "rc=%d, sclass=%d, computedsid=%d, dirent=%d\n", + __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, dirent->sclass, newsid, dirent->sid); } free(path, M_SEBSD); @@ -530,16 +536,15 @@ path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); - rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass, + rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass, &newsid); if (rc == 0) lnksec->sid = newsid; - /* TBD: debugging */ - if (1 || sebsd_verbose > 1) { + if (sebsd_verbose > 1) { printf("%s(%s): sbsid=%d, mountpoint=%s, rc=%d, sclass=%d, " - "computedsid=%d, dirent=%d\n", __func__, path, - sbsec->sid, mp->mnt_stat.f_mntonname, rc, + "computedsid=%d, dirent=%d\n", __func__, path, + sbsec->sid, mp->mnt_stat.f_mntonname, rc, lnksec->sclass, newsid, lnksec->sid); } free(path, M_SEBSD); @@ -601,14 +606,14 @@ unique and persistent inode numbers. */ sbsec->uses_psids = 1; - /* + /* * TBD: need to correctly label mountpoint with persistent * label at this point (currently vnode is unavailable) */ break; case SECURITY_FS_USE_TRANS: - /* Transition SIDs are used for pseudo filesystems like + /* Transition SIDs are used for pseudo filesystems like devpts and tmpfs where you want the SID to be derived from the SID of the creating process and the SID of the filesystem. */ @@ -627,12 +632,12 @@ break; case SECURITY_FS_USE_NONE: /* No labeling support configured for this filesystem type. - Don't appear to require labeling for binfmt_misc, bdev, + Don't appear to require labeling for binfmt_misc, bdev, or rootfs. */ break; default: printf("%s: security_fs_use(%s) returned unrecognized " - "behavior %d\n", __FUNCTION__, mp->mnt_vfc->vfc_name, + "behavior %d\n", __FUNCTION__, mp->mnt_vfc->vfc_name, behavior); behavior = SECURITY_FS_USE_NONE; break; @@ -698,7 +703,7 @@ vsec->sclass = vnode_type_to_security_class(child->v_type); /* store label in vnode */ - error = security_sid_to_context(vsec->sid, &context, + error = security_sid_to_context(vsec->sid, &context, &context_len); if (error) return (error); @@ -756,14 +761,13 @@ break; } - return cred_has_perm(cred, proc, perm); + return (cred_has_perm(cred, proc, perm)); } static void sebsd_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, - struct label *interpvnodelabel, - struct image_params *imgp, struct label *execlabel) + struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, + struct image_params *imgp, struct label *execlabel) { struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; @@ -817,7 +821,7 @@ /* * Should have already checked all the permissions, so just see if - * the SIDS are going to match. + * the SIDS are going to match. */ if (execlabel == NULL) { (void)security_transition_sid(task->sid, file->sid, @@ -839,7 +843,7 @@ if (strcmp("sebsd", element_name) != 0) return (0); - (*claimed)++; + (*claimed)++; if (strlcpy(context, element_data, sizeof(context)) >= sizeof(context)) @@ -966,8 +970,8 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = dvp; - rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, - DIR__ADD_NAME | DIR__SEARCH, + rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, + DIR__ADD_NAME | DIR__SEARCH, &dir->avcr, &ad); if (rc) return rc; @@ -987,9 +991,9 @@ */ if (dir->i_sb) { sbsec = dir->i_sb->s_security; - rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, + rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); -#endif +#endif return 0; } @@ -1012,7 +1016,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; - rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, + rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__REMOVE_NAME, &dir->avcr, &ad); if (rc) @@ -1023,7 +1027,7 @@ else av = FILE__UNLINK; - rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, av, &file->avcr, &ad); return (rc); @@ -1063,7 +1067,7 @@ ad.u.fs.vp = vp; if (newsid == task->sid) { - rc = avc_has_perm_audit(task->sid, file->sid, SECCLASS_FILE, + rc = avc_has_perm_audit(task->sid, file->sid, SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); if (rc) @@ -1077,7 +1081,7 @@ if (rc) return EACCES; - rc = avc_has_perm_audit(newsid, file->sid, SECCLASS_FILE, + rc = avc_has_perm_audit(newsid, file->sid, SECCLASS_FILE, FILE__ENTRYPOINT, &ad); if (rc) @@ -1086,10 +1090,10 @@ /* * TBD: Check ptrace permission between the parent and * the new SID for this process if this process is - * being traced. + * being traced. */ - /* + /* * TBD: Check share permission between the old and new * SIDs of the process if the process will share * state. @@ -1132,19 +1136,19 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; - rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, + rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__ADD_NAME, &dir->avcr, &ad); if (rc) return rc; - rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, FILE__LINK, &file->avcr, &ad); return (0); } static int -sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, +sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1213,12 +1217,12 @@ old->sid, vp->v_type); return 0; /* TBD: debugging */ } - rc = avc_has_perm_ref_audit(task->sid, old->sid, old->sclass, + rc = avc_has_perm_ref_audit(task->sid, old->sid, old->sclass, FILE__RELABELFROM, &old->avcr, &ad); if (rc) return (rc); - rc = avc_has_perm_audit(task->sid, new->sid, old->sclass, + rc = avc_has_perm_audit(task->sid, new->sid, old->sclass, FILE__RELABELTO, &ad); if (rc) @@ -1234,7 +1238,7 @@ static int sebsd_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, + struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp) { struct task_security_struct *task; @@ -1259,8 +1263,8 @@ return 0; /* TBD: debugging */ } - rc = avc_has_perm_ref_audit(task->sid, old_file->sid, - old_file->sclass, FILE__RENAME, + rc = avc_has_perm_ref_audit(task->sid, old_file->sid, + old_file->sclass, FILE__RENAME, &old_file->avcr, &ad); if (rc) return (rc); @@ -1270,7 +1274,7 @@ static int sebsd_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, + struct label *dlabel, struct vnode *vp, struct label *label, int samedir, struct componentname *cnp) { @@ -1289,7 +1293,7 @@ * test. TBD - find a way! */ if (vp->v_type == VDIR && !samedir) { - rc = avc_has_perm_ref(task->sid, old_file->sid, + rc = avc_has_perm_ref(task->sid, old_file->sid, old_file->sclass, DIR__REPARENT, &old_file->avcr); if (rc) @@ -1304,7 +1308,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; - rc = avc_has_perm_ref(task->sid, new_dir->sid, SECCLASS_DIR, + rc = avc_has_perm_ref(task->sid, new_dir->sid, SECCLASS_DIR, av, &new_dir->avcr); if (rc) return (rc); @@ -1317,11 +1321,11 @@ return 0; /* TBD: debugging */ } if (vp->v_type == VDIR) { - rc = avc_has_perm_ref(task->sid, new_file->sid, + rc = avc_has_perm_ref(task->sid, new_file->sid, new_file->sclass, DIR__RMDIR, &new_file->avcr); } else { - rc = avc_has_perm_ref(task->sid, new_file->sid, + rc = avc_has_perm_ref(task->sid, new_file->sid, new_file->sclass, FILE__UNLINK, &new_file->avcr); } @@ -1349,7 +1353,7 @@ static int sebsd_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, + struct label *label, int attrnamespace, const char *name, struct uio *uio) { return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); @@ -1378,7 +1382,7 @@ static int sebsd_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *label, struct timespec atime, + struct label *label, struct timespec atime, struct timespec mtime) { return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); @@ -1399,7 +1403,7 @@ } static int -sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred, +sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { return vnode_has_perm(cred, vp, FILE__WRITE, NULL); @@ -1422,10 +1426,10 @@ if (vp) { av = FILE__READ; - if (newmapping & PROT_WRITE) + if (newmapping & PROT_WRITE) av |= FILE__WRITE; - if (newmapping & PROT_EXEC) + if (newmapping & PROT_EXEC) av |= FILE__EXECUTE; return (vnode_has_perm(cred, vp, av, NULL));