Date: Tue, 3 Jun 2003 06:46:17 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 32472 for review Message-ID: <200306031346.h53DkHG7077672@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=32472 Change 32472 by cvance@cvance_korben on 2003/06/03 06:46:02 - Fix many style issues - Add cred_has_capability() and add some capability-like checks - Add the remaining {process,sysarch,system} access control checks Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#5 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#5 (text+ko) ==== @@ -75,15 +75,35 @@ static void sebsd_init(struct mac_policy_conf *mpc) { + printf("sebsd:: init\n"); } static void sebsd_destroy(struct mac_policy_conf *mpc) { + printf("sebsd:: destroy\n"); } +/* + * Check whether a task is allowed to use a capability. + */ +static int +cred_has_capability(struct ucred *cred, int cap) +{ + struct task_security_struct *task; + avc_audit_data_t ad; + + task = SLOT(&cred->cr_label); + + AVC_AUDIT_DATA_INIT(&ad, CAP); + ad.u.cap = cap; + + return avc_has_perm_audit(task->sid, task->sid, + SECCLASS_CAPABILITY, cap, &ad); +} + static int cred_has_perm(struct ucred *cred, struct proc *proc, access_vector_t perm) { @@ -310,6 +330,7 @@ static void sebsd_destroy_label(struct label *label) { + free(SLOT(label), M_SEBSD); SLOT(label) = NULL; } @@ -317,6 +338,7 @@ static void sebsd_relabel_cred(struct ucred *cred, struct label *newlabel) { + printf("sebsd_relabel_cred:: This does nothing\n"); } @@ -556,8 +578,7 @@ if (rc == 0) lnksec->sid = newsid; - /* TBD: debugging */ - if (1 || sebsd_verbose > 1) { + if (sebsd_verbose > 1) { printf("%s(%s): sbsid=%d, mountpoint=%s, rc=%d, sclass=%d, " "computedsid=%d, dirent=%d\n", __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, @@ -758,6 +779,20 @@ } static int +sebsd_check_proc_debug(struct ucred *cred, struct proc *proc) +{ + + return(cred_has_perm(cred, proc, PROCESS__PTRACE)); +} + +static int +sebsd_check_proc_sched(struct ucred *cred, struct proc *proc) +{ + + return(cred_has_perm(cred, proc, PROCESS__SETSCHED)); +} + +static int sebsd_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { access_vector_t perm; @@ -782,9 +817,8 @@ static void sebsd_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, - struct label *interpvnodelabel, - struct image_params *imgp, struct label *execlabel) + struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel, + struct image_params *imgp, struct label *execlabel) { struct task_security_struct *otask, *ntask; struct vnode_security_struct *file; @@ -1187,35 +1221,39 @@ static int sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *label) { + return vnode_has_perm(cred, vp, FILE__POLL, NULL); } static int sebsd_check_vnode_read(struct ucred *cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *label) { + return vnode_has_perm(cred, vp, FILE__READ, NULL); } static int sebsd_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dlabel) { + return vnode_has_perm(cred, dvp, DIR__READ, NULL); } static int sebsd_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *label) { + return vnode_has_perm(cred, vp, FILE__READ, NULL); } static int sebsd_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *oldlabel, struct label *newlabel) + struct label *oldlabel, struct label *newlabel) { struct task_security_struct *task; struct vnode_security_struct *old, *new; @@ -1255,8 +1293,8 @@ static int sebsd_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, - struct label *label, struct componentname *cnp) + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) { struct task_security_struct *task; struct vnode_security_struct *old_dir, *old_file; @@ -1291,9 +1329,8 @@ static int sebsd_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, - struct label *label, int samedir, - struct componentname *cnp) + struct label *dlabel, struct vnode *vp, struct label *label, int samedir, + struct componentname *cnp) { struct task_security_struct *task; struct vnode_security_struct *new_dir, *new_file; @@ -1355,74 +1392,142 @@ static int sebsd_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *label) { + /* TBD: Not Implemented */ return 0; } static int sebsd_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *label, acl_type_t type, struct acl *acl) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, - const char *name, struct uio *uio) + struct label *label, int attrnamespace, const char *name, struct uio *uio) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *label, u_long flags) + struct label *label, u_long flags) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t mode) + struct label *label, mode_t mode) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *label, uid_t uid, gid_t gid) + struct label *label, uid_t uid, gid_t gid) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *label, struct timespec atime, - struct timespec mtime) + struct label *label, struct timespec atime, struct timespec mtime) { + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_stat(struct ucred *cred, struct ucred *file_cred, - struct vnode *vp, struct label *vnodelabel) + struct vnode *vp, struct label *vnodelabel) { + return vnode_has_perm(cred, vp, FILE__GETATTR, NULL); } static int +sebsd_check_sysarch_ioperm(struct ucred *cred) +{ + + return(cred_has_capability(cred, CAPABILITY__SYS_RAWIO)); +} + +static int +sebsd_check_system_acct(struct ucred *cred, struct vnode *vp, + struct label *vlabel) +{ + + return(cred_has_capability(cred, CAPABILITY__SYS_PACCT)); +} + +/* + * TBD: LSM/SELinux doesn't have a nfsd hook + */ +static int +sebsd_check_system_nfsd(struct ucred *cred) +{ + + return (0); +} + + +static int +sebsd_check_system_reboot(struct ucred *cred, int howto) +{ + + return(cred_has_capability(cred, CAPABILITY__SYS_BOOT)); +} + +static int +sebsd_check_system_settime(struct ucred *cred) +{ + + return (0); +} + +static int sebsd_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel) + struct label *vnodelabel) +{ + + return vnode_has_perm(cred, vp, FILE__SWAPON, NULL); +} + +static int +sebsd_check_system_swapoff(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel) { + return vnode_has_perm(cred, vp, FILE__SWAPON, NULL); } +/* + * TBD: Sysctl access control is not currently implemented + */ static int +sebsd_check_system_sysctl(struct ucred *cred, int *name, + u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, + size_t newlen) +{ + + return (0); +} + +static int sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *label) { + return vnode_has_perm(cred, vp, FILE__WRITE, NULL); } @@ -1431,9 +1536,8 @@ */ static int sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int newmapping) + struct label *label, int newmapping) { - access_vector_t av; /* @@ -1506,6 +1610,7 @@ static void sebsd_copy_vnode_label(struct label *src, struct label *dest) { + *(struct vnode_security_struct *)SLOT(dest) = *(struct vnode_security_struct *)SLOT(src); } @@ -1518,16 +1623,13 @@ sebsd_check_kld_load(struct ucred *cred, struct vnode *vp, struct label *vlabel) { - struct task_security_struct *tsec; - tsec = SLOT(&cred->cr_label); /* * The vnode doesn't need to be checked here, since the read * operations inside the kldload(2) implementation are * individually checked against the same thread credentials. */ - return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, - CAPABILITY__SYS_MODULE, NULL)); + return (cred_has_capability(cred, CAPABILITY__SYS_MODULE)); } /* @@ -1537,11 +1639,8 @@ static int sebsd_check_kld_stat(struct ucred *cred) { - struct task_security_struct *tsec; - tsec = SLOT(&cred->cr_label); - return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, - CAPABILITY__SYS_MODULE, NULL)); + return (cred_has_capability(cred, CAPABILITY__SYS_MODULE)); } /* @@ -1551,11 +1650,8 @@ static int sebsd_check_kld_unload(struct ucred *cred) { - struct task_security_struct *tsec; - tsec = SLOT(&cred->cr_label); - return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY, - CAPABILITY__SYS_MODULE, NULL)); + return (cred_has_capability(cred, CAPABILITY__SYS_MODULE)); } static int @@ -1707,8 +1803,17 @@ .mpo_check_kld_load = sebsd_check_kld_load, .mpo_check_kld_unload = sebsd_check_kld_unload, .mpo_check_mount_stat = sebsd_check_mount_stat, + .mpo_check_proc_debug = sebsd_check_proc_debug, + .mpo_check_proc_sched = sebsd_check_proc_sched, .mpo_check_proc_signal = sebsd_check_proc_signal, + .mpo_check_sysarch_ioperm = sebsd_check_sysarch_ioperm, + .mpo_check_system_acct = sebsd_check_system_acct, + .mpo_check_system_nfsd = sebsd_check_system_nfsd, + .mpo_check_system_reboot = sebsd_check_system_reboot, + .mpo_check_system_settime = sebsd_check_system_settime, .mpo_check_system_swapon = sebsd_check_system_swapon, + .mpo_check_system_swapoff = sebsd_check_system_swapoff, + .mpo_check_system_sysctl = sebsd_check_system_sysctl, .mpo_check_vnode_access = sebsd_check_vnode_access, .mpo_check_vnode_chdir = sebsd_check_vnode_chdir, .mpo_check_vnode_chroot = sebsd_check_vnode_chroot,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306031346.h53DkHG7077672>