From owner-p4-projects@FreeBSD.ORG Tue Nov 14 16:20:31 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CC25C16A412; Tue, 14 Nov 2006 16:20:31 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9135616A492 for ; Tue, 14 Nov 2006 16:20:31 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F20FC43F42 for ; Tue, 14 Nov 2006 16:10:38 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kAEGAcRe072580 for ; Tue, 14 Nov 2006 16:10:38 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kAEGAcWW072575 for perforce@freebsd.org; Tue, 14 Nov 2006 16:10:38 GMT (envelope-from millert@freebsd.org) Date: Tue, 14 Nov 2006 16:10:38 GMT Message-Id: <200611141610.kAEGAcWW072575@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 109934 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2006 16:20:32 -0000 http://perforce.freebsd.org/chv.cgi?CH=109934 Change 109934 by millert@millert_g5tower on 2006/11/14 16:10:13 Add a pathlen parameter to the filesystem audit info. This lets us use the component path name in a more useful manner. At the same time, be mindful of whether the path refers to a directory or a file in the directory and adjust the length accordingly. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#8 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#31 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#8 (text+ko) ==== @@ -708,6 +708,7 @@ if (a->u.fs.vp && tsk) { char *pbuf = NULL; char *path = a->u.fs.path; + int pathlen = a->u.fs.pathlen; struct vnode *vp = a->u.fs.vp; struct vnode_attr va; struct vfs_context vfs_ctx = @@ -719,22 +720,26 @@ "mountpoint=%s,", va.va_fileid, vp->v_mount->mnt_vfsstat.f_mntonname); if (path == NULL) { - int len = MAXPATHLEN; + pathlen = MAXPATHLEN; pbuf = sebsd_malloc(MAXPATHLEN, M_SEBSD, M_NOWAIT); if (pbuf != NULL && - !vn_getpath(vp, pbuf, &len)) + !vn_getpath(vp, pbuf, &pathlen)) { path = pbuf; + pathlen--; /* for NUL */ + } } - if (path != NULL) + if (path != NULL) { audit_log_format(ab, - " path=%s,", path); + " path=%.*s,", pathlen, + path); + } if (pbuf != NULL) sebsd_free(pbuf, M_SEBSD); - break; + } else { + audit_log_format(ab, + " fs/inode info not available"); } - audit_log_format(ab, - " fs/inode info not available"); } break; case AVC_AUDIT_DATA_NET: ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#6 (text+ko) ==== @@ -50,6 +50,7 @@ struct { struct vnode *vp; char *path; + int pathlen; } fs; struct { char *netif; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#31 (text+ko) ==== @@ -440,7 +440,8 @@ } static int -vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm) +vnode_has_perm(struct ucred *cred, struct vnode *vp, struct componentname *cnp, + u_int32_t perm) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -451,7 +452,12 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; - ad.u.fs.path = path; + if (cnp != NULL) { + ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; + if ((perm & DIR__SEARCH) == 0) + ad.u.fs.pathlen += 1 + cnp->cn_namelen; + } /* Update security class if not set or vnode was recycled. */ if (file->sclass == 0 || vp->v_type == VBAD) @@ -1997,6 +2003,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = dvp; ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__ADD_NAME | DIR__SEARCH, &ad); @@ -2007,6 +2014,7 @@ if (rc) return (rc); + ad.u.fs.pathlen += 1 + cnp->cn_namelen; rc = avc_has_perm(task->sid, newsid, tclass, FILE__CREATE, &ad); if (rc) return (rc); @@ -2026,11 +2034,9 @@ #endif rc = avc_has_perm(newsid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); - if (rc) - return (rc); } - return (0); + return (rc); } static int @@ -2054,6 +2060,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__REMOVE_NAME, &ad); @@ -2065,6 +2072,7 @@ else av = FILE__UNLINK; + ad.u.fs.pathlen += 1 + cnp->cn_namelen; rc = avc_has_perm(task->sid, file->sid, file->sclass, av, &ad); return (rc); @@ -2212,16 +2220,18 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__ADD_NAME, &ad); if (rc) return (rc); + ad.u.fs.pathlen += 1 + cnp->cn_namelen; rc = avc_has_perm(task->sid, file->sid, file->sclass, FILE__LINK, &ad); - return (0); + return (rc); } static int @@ -2232,7 +2242,7 @@ return (ENOTDIR); /* TBD: DIR__READ as well? */ - return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH)); + return (vnode_has_perm(cred, dvp, cnp, DIR__SEARCH)); } static int @@ -2348,6 +2358,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR, DIR__REMOVE_NAME | DIR__SEARCH, &ad); @@ -2359,8 +2370,9 @@ return (0); /* TBD: debugging */ } - rc = avc_has_perm(task->sid, old_file->sid, - old_file->sclass, FILE__RENAME, &ad); + ad.u.fs.pathlen += 1 + cnp->cn_namelen; + rc = avc_has_perm(task->sid, old_file->sid, old_file->sclass, + FILE__RENAME, &ad); if (rc) return (rc); @@ -2407,28 +2419,25 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf - 1; - rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL); - if (rc) - return (rc); - - if (vp) { + rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, &ad); + if (rc == 0 && vp != NULL) { if (new_file->sclass == 0) { printf("%s: ERROR, sid=%d, sclass=0, v_type=%d\n", __func__, new_file->sid, vp->v_type); return (0); /* TBD: debugging */ } + ad.u.fs.pathlen += 1 + cnp->cn_namelen; if (vp->v_type == VDIR) rc = avc_has_perm(task->sid, new_file->sid, new_file->sclass, DIR__RMDIR, NULL); else rc = avc_has_perm(task->sid, new_file->sid, new_file->sclass, FILE__UNLINK, NULL); - if (rc) - return (rc); } - return (0); + return (rc); } static int