From owner-trustedbsd-cvs@FreeBSD.ORG Wed May 24 16:14:26 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F10216A821 for ; Wed, 24 May 2006 16:14:26 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69A0443D5F for ; Wed, 24 May 2006 16:14:14 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 9374746C44 for ; Wed, 24 May 2006 12:14:12 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 99396585E1; Wed, 24 May 2006 16:13:00 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 93BBF16A81F; Wed, 24 May 2006 16:13:00 +0000 (UTC) X-Original-To: perforce@FreeBSD.org Delivered-To: perforce@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E9A016A809 for ; Wed, 24 May 2006 16:13:00 +0000 (UTC) (envelope-from deker@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DC8643D46 for ; Wed, 24 May 2006 16:12:59 +0000 (GMT) (envelope-from deker@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k4OGC7d3022550 for ; Wed, 24 May 2006 16:12:07 GMT (envelope-from deker@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k4OGC7Z7022547 for perforce@freebsd.org; Wed, 24 May 2006 16:12:07 GMT (envelope-from deker@FreeBSD.org) Date: Wed, 24 May 2006 16:12:07 GMT Message-Id: <200605241612.k4OGC7Z7022547@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to deker@FreeBSD.org using -f From: Rob Deker To: Perforce Change Reviews Cc: Subject: PERFORCE change 97745 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 16:14:27 -0000 http://perforce.freebsd.org/chv.cgi?CH=97745 Change 97745 by deker@sebsd_build on 2006/05/24 16:12:02 Add patch from pleblanc with the following comments: Added the same classes of missing entry points to sebsd as were added to sedarwin. Specifically: mpo_check_system_* acct reboot settime mpo_check_proc_* wait setuid seteuid setgid setegid setreuid setregid setresuid setresgid All supported SYSV and POSIX IPC syscalls are already implemented, and the BSD MAC Framework doesn't have audit hooks yet. This builds & boots; works during brief normal usage at least. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#43 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#43 (text+ko) ==== @@ -97,6 +97,28 @@ panic("sebsd_destroy"); } +static int +signal_to_av(int signum) +{ + uint32_t perm; + + switch (signum) { + case SIGCHLD: + perm = PROCESS__SIGCHLD; + break; + case SIGKILL: + perm = PROCESS__SIGKILL; + break; + case SIGSTOP: + perm = PROCESS__SIGSTOP; + break; + default: + perm = PROCESS__SIGNAL; + break; + } + return perm; +} + /* * Check whether a task is allowed to use a capability. */ @@ -1116,27 +1138,73 @@ return (cred_has_perm(cred, proc, PROCESS__SETSCHED)); } +/* + * TBD: The SETGID and SETUID capabilities are currently used for + * all functions in those families. + */ +static int +sebsd_check_proc_setgid(struct ucred *cred, gid_t gid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETGID)); +} + +static int +sebsd_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETGID)); +} + +static int +sebsd_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETGID)); +} + +static int +sebsd_check_proc_setuid(struct ucred *cred, uid_t uid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETUID)); +} + +static int +sebsd_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETUID)); +} + +static int +sebsd_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, + uid_t suid) +{ + + return (cred_has_capability(cred, CAPABILITY__SETUID)); +} + static int sebsd_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { u_int32_t perm; - switch (signum) { - case SIGCHLD: - perm = PROCESS__SIGCHLD; - break; - case SIGKILL: - perm = PROCESS__SIGKILL; - break; - case SIGSTOP: - perm = PROCESS__SIGSTOP; - break; - default: - perm = PROCESS__SIGNAL; - break; - } + perm = signal_to_av(signum); + return (cred_has_perm(cred, proc, perm)); +} + +static int +sebsd_check_proc_wait(struct ucred *cred, struct proc *proc) +{ + u_int32_t perm, exit_status; + + exit_status = proc->p_xstat; // (promote to 32 btis) + exit_status &= 0177; - return (cred_has_perm(cred, proc, perm)); + perm = signal_to_av(exit_status); + return (cred_has_perm(cred, proc, perm)); } static void @@ -1812,6 +1880,14 @@ return (vnode_has_perm(cred, vp, FILE__GETATTR)); } +static int +sebsd_check_system_acct(struct ucred *cred, struct vnode *c, + struct label *vl) +{ + + return (cred_has_capability(cred, CAPABILITY__SYS_PACCT)); +} + /* * TBD: LSM/SELinux doesn't have a nfsd hook */ @@ -1823,6 +1899,20 @@ } static int +sebsd_check_system_reboot(struct ucred *cred, int how) +{ + + return (cred_has_capability(cred, CAPABILITY__SYS_BOOT)); +} + +static int +sebsd_check_system_settime(struct ucred *cred) +{ + + return (cred_has_capability(cred, CAPABILITY__SYS_TIME)); +} + +static int sebsd_check_system_swapon(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -2488,11 +2578,11 @@ .mpo_check_mount = sebsd_check_mount, .mpo_check_umount = sebsd_check_umount, .mpo_check_remount = sebsd_check_remount, + .mpo_check_sysv_msgmsq = sebsd_check_sysv_msgmsq, .mpo_check_sysv_msgrcv = sebsd_check_sysv_msgrcv, .mpo_check_sysv_msgrmid = sebsd_check_sysv_msgrmid, .mpo_check_sysv_msqget = sebsd_check_sysv_msqget, .mpo_check_sysv_msqsnd = sebsd_check_sysv_msqsnd, - .mpo_check_sysv_msgmsq = sebsd_check_sysv_msgmsq, .mpo_check_sysv_msqrcv = sebsd_check_sysv_msqrcv, .mpo_check_sysv_msqctl = sebsd_check_sysv_msqctl, .mpo_check_sysv_semctl = sebsd_check_sysv_semctl, @@ -2520,8 +2610,20 @@ .mpo_check_proc_debug = sebsd_check_proc_debug, .mpo_check_proc_sched = sebsd_check_proc_sched, + .mpo_check_proc_setuid = sebsd_check_proc_setuid, + .mpo_check_proc_seteuid = sebsd_check_proc_setuid, + .mpo_check_proc_setgid = sebsd_check_proc_setgid, + .mpo_check_proc_setegid = sebsd_check_proc_setgid, + .mpo_check_proc_setreuid = sebsd_check_proc_setreuid, + .mpo_check_proc_setregid = sebsd_check_proc_setregid, + .mpo_check_proc_setresuid = sebsd_check_proc_setresuid, + .mpo_check_proc_setresgid = sebsd_check_proc_setresgid, .mpo_check_proc_signal = sebsd_check_proc_signal, + .mpo_check_proc_wait = sebsd_check_proc_wait, + .mpo_check_system_acct = sebsd_check_system_acct, .mpo_check_system_nfsd = sebsd_check_system_nfsd, + .mpo_check_system_reboot = sebsd_check_system_reboot, + .mpo_check_system_settime = sebsd_check_system_settime, .mpo_check_system_swapon = sebsd_check_system_swapon, .mpo_check_system_swapoff = sebsd_check_system_swapoff, .mpo_check_system_sysctl = sebsd_check_system_sysctl,