Date: Wed, 4 May 2005 10:52:47 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 76482 for review Message-ID: <200505041052.j44AqlO3036571@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76482 Change 76482 by rwatson@rwatson_tislabs on 2005/05/04 10:52:03 Integrate TrustedBSD base branch, primarily to loop back the merge of POSIX semaphore labeling and access control from FreeBSD CVS. Affected files ... .. //depot/projects/trustedbsd/base/lib/libc/stdio/fopen.3#7 integrate .. //depot/projects/trustedbsd/base/sys/conf/files#85 integrate .. //depot/projects/trustedbsd/base/sys/dev/usb/uvisor.c#16 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_sem.c#13 integrate .. //depot/projects/trustedbsd/base/sys/modules/sem/Makefile#2 integrate .. //depot/projects/trustedbsd/base/sys/net/bpf.c#33 integrate .. //depot/projects/trustedbsd/base/sys/posix4/ksem.h#2 integrate .. //depot/projects/trustedbsd/base/sys/security/mac/mac_posix_sem.c#1 branch .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#44 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#40 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#12 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#36 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac.h#43 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#41 integrate .. //depot/projects/trustedbsd/base/usr.sbin/authpf/Makefile#3 integrate Differences ... ==== //depot/projects/trustedbsd/base/lib/libc/stdio/fopen.3#7 (text+ko) ==== @@ -34,7 +34,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)fopen.3 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/lib/libc/stdio/fopen.3,v 1.18 2003/01/26 10:01:59 tjr Exp $ +.\" $FreeBSD: src/lib/libc/stdio/fopen.3,v 1.19 2005/05/04 08:12:44 des Exp $ .\" .Dd January 26, 2003 .Dt FOPEN 3 @@ -74,7 +74,7 @@ Open for reading and writing. The stream is positioned at the beginning of the file. .It Dq Li w -Truncate file to zero length or create text file for writing. +Truncate to zero length or create text file for writing. The stream is positioned at the beginning of the file. .It Dq Li w+ Open for reading and writing. ==== //depot/projects/trustedbsd/base/sys/conf/files#85 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.1019 2005/04/29 02:40:15 scottl Exp $ +# $FreeBSD: src/sys/conf/files,v 1.1020 2005/05/04 10:39:13 rwatson Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -1733,6 +1733,7 @@ security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac security/mac/mac_pipe.c optional mac +security/mac/mac_posix_sem.c optional mac security/mac/mac_process.c optional mac security/mac/mac_socket.c optional mac security/mac/mac_system.c optional mac ==== //depot/projects/trustedbsd/base/sys/dev/usb/uvisor.c#16 (text+ko) ==== @@ -1,5 +1,5 @@ /* $NetBSD: uvisor.c,v 1.9 2001/01/23 14:04:14 augustss Exp $ */ -/* $FreeBSD: src/sys/dev/usb/uvisor.c,v 1.23 2005/01/06 01:43:29 imp Exp $ */ +/* $FreeBSD: src/sys/dev/usb/uvisor.c,v 1.24 2005/05/04 00:46:24 julian Exp $ */ /* Also already merged from NetBSD: * $NetBSD: uvisor.c,v 1.12 2001/11/13 06:24:57 lukem Exp $ @@ -142,7 +142,19 @@ * Unknown PalmOS stuff. */ #define UVISOR_GET_PALM_INFORMATION 0x04 -#define UVISOR_GET_PALM_INFORMATION_LEN 0x14 +#define UVISOR_GET_PALM_INFORMATION_LEN 0x44 + +struct uvisor_palm_connection_info { + uByte num_ports; + uByte endpoint_numbers_different; + uWord reserved1; + struct { + uDWord port_function_id; + uByte port; + uByte end_point_info; + uWord reserved; + } connections[UVISOR_MAX_CONN]; +}; /* @@ -165,7 +177,7 @@ Static usbd_status uvisor_init(struct uvisor_softc *); -Static usbd_status clie_3_5_init(struct uvisor_softc *); +/*Static usbd_status clie_3_5_init(struct uvisor_softc *);*/ Static void uvisor_close(void *, int); @@ -207,9 +219,11 @@ struct usb_devno uv_dev; u_int16_t uv_flags; #define PALM4 0x0001 +#define VISOR 0x0002 +#define PALM35 0x0004 }; static const struct uvisor_type uvisor_devs[] = { - {{ USB_VENDOR_HANDSPRING, USB_PRODUCT_HANDSPRING_VISOR }, 0 }, + {{ USB_VENDOR_HANDSPRING, USB_PRODUCT_HANDSPRING_VISOR }, VISOR }, {{ USB_VENDOR_HANDSPRING, USB_PRODUCT_HANDSPRING_TREO }, PALM4 }, {{ USB_VENDOR_HANDSPRING, USB_PRODUCT_HANDSPRING_TREO600 }, PALM4 }, {{ USB_VENDOR_PALM, USB_PRODUCT_PALM_M500 }, PALM4 }, @@ -226,7 +240,7 @@ {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_41 }, PALM4 }, {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_S360 }, PALM4 }, {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_NX60 }, PALM4 }, - {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_35 }, 0 }, + {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_35 }, PALM35 }, /* {{ USB_VENDOR_SONY, USB_PRODUCT_SONY_CLIE_25 }, PALM4 },*/ }; #define uvisor_lookup(v, p) ((const struct uvisor_type *)usb_lookup(uvisor_devs, v, p)) @@ -342,10 +356,12 @@ ucom->sc_opkthdrlen = 0; ucom->sc_callback = &uvisor_callback; +#if 0 if (uaa->vendor == USB_VENDOR_SONY && uaa->product == USB_PRODUCT_SONY_CLIE_35) err = clie_3_5_init(sc); else +#endif err = uvisor_init(sc); if (err) { @@ -413,22 +429,24 @@ usbd_status err; usb_device_request_t req; struct uvisor_connection_info coninfo; + struct uvisor_palm_connection_info pconinfo; int actlen; uWord avail; char buffer[256]; - DPRINTF(("uvisor_init: getting connection info\n")); - req.bmRequestType = UT_READ_VENDOR_ENDPOINT; - req.bRequest = UVISOR_GET_CONNECTION_INFORMATION; - USETW(req.wValue, 0); - USETW(req.wIndex, 0); - USETW(req.wLength, UVISOR_CONNECTION_INFO_SIZE); - err = usbd_do_request_flags(sc->sc_ucom.sc_udev, &req, &coninfo, - USBD_SHORT_XFER_OK, &actlen, - USBD_DEFAULT_TIMEOUT); - if (err) - return (err); - + if (sc->sc_flags & VISOR) { + DPRINTF(("uvisor_init: getting connection info\n")); + req.bmRequestType = UT_READ_VENDOR_ENDPOINT; + req.bRequest = UVISOR_GET_CONNECTION_INFORMATION; + USETW(req.wValue, 0); + USETW(req.wIndex, 0); + USETW(req.wLength, UVISOR_CONNECTION_INFO_SIZE); + err = usbd_do_request_flags(sc->sc_ucom.sc_udev, &req, &coninfo, + USBD_SHORT_XFER_OK, &actlen, + USBD_DEFAULT_TIMEOUT); + if (err) + return (err); + } #ifdef USB_DEBUG { int i, np; @@ -462,15 +480,29 @@ #endif if (sc->sc_flags & PALM4) { + int port; /* Palm OS 4.0 Hack */ req.bmRequestType = UT_READ_VENDOR_ENDPOINT; req.bRequest = UVISOR_GET_PALM_INFORMATION; USETW(req.wValue, 0); USETW(req.wIndex, 0); USETW(req.wLength, UVISOR_GET_PALM_INFORMATION_LEN); - err = usbd_do_request(sc->sc_ucom.sc_udev, &req, buffer); + err = usbd_do_request_flags(sc->sc_ucom.sc_udev, &req, &pconinfo, + USBD_SHORT_XFER_OK, &actlen, + USBD_DEFAULT_TIMEOUT); if (err) return (err); + + if (pconinfo.endpoint_numbers_different) { + port = pconinfo.connections[0].end_point_info; + sc->sc_ucom.sc_bulkin_no = (port >> 4) | UE_DIR_IN; + sc->sc_ucom.sc_bulkout_no = (port & 0xf) | UE_DIR_OUT; + } else { + port = pconinfo.connections[0].port; + sc->sc_ucom.sc_bulkin_no = port | UE_DIR_IN; + sc->sc_ucom.sc_bulkout_no = port | UE_DIR_OUT; + } +#if 0 req.bmRequestType = UT_READ_VENDOR_ENDPOINT; req.bRequest = UVISOR_GET_PALM_INFORMATION; USETW(req.wValue, 0); @@ -479,8 +511,33 @@ err = usbd_do_request(sc->sc_ucom.sc_udev, &req, buffer); if (err) return (err); +#endif } + if (sc->sc_flags & PALM35) { + /* get the config number */ + DPRINTF(("clie_3_5_init: getting config info\n")); + req.bmRequestType = UT_READ; + req.bRequest = UR_GET_CONFIG; + USETW(req.wValue, 0); + USETW(req.wIndex, 0); + USETW(req.wLength, 1); + err = usbd_do_request(sc->sc_ucom.sc_udev, &req, buffer); + if (err) + return (err); + + /* get the interface number */ + DPRINTF(("clie_3_5_init: get the interface number\n")); + req.bmRequestType = UT_READ_DEVICE; + req.bRequest = UR_GET_INTERFACE; + USETW(req.wValue, 0); + USETW(req.wIndex, 0); + USETW(req.wLength, 1); + err = usbd_do_request(sc->sc_ucom.sc_udev, &req, buffer); + if (err) + return (err); + } + DPRINTF(("uvisor_init: getting available bytes\n")); req.bmRequestType = UT_READ_VENDOR_ENDPOINT; req.bRequest = UVISOR_REQUEST_BYTES_AVAILABLE; @@ -496,6 +553,7 @@ return (err); } +#if 0 usbd_status clie_3_5_init(struct uvisor_softc *sc) { @@ -565,6 +623,7 @@ DPRINTF(("clie_3_5_init: done\n")); return (err); } +#endif void uvisor_close(void *addr, int portno) ==== //depot/projects/trustedbsd/base/sys/kern/uipc_sem.c#13 (text+ko) ==== @@ -1,8 +1,14 @@ /*- * Copyright (c) 2002 Alfred Perlstein <alfred@FreeBSD.org> + * Copyright (c) 2003-2005 SPARTA, Inc. * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * + * This software was developed for the FreeBSD Project in part by Network + * Associates Laboratories, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), + * as part of the DARPA CHATS research program. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -26,8 +32,9 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/uipc_sem.c,v 1.18 2005/05/03 20:21:24 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/uipc_sem.c,v 1.19 2005/05/04 10:39:13 rwatson Exp $"); +#include "opt_mac.h" #include "opt_posix.h" #include <sys/param.h> @@ -47,6 +54,7 @@ #include <sys/sysent.h> #include <sys/sysctl.h> #include <sys/time.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/fcntl.h> @@ -210,6 +218,10 @@ ret->ks_onlist = 0; cv_init(&ret->ks_cv, "sem"); LIST_INIT(&ret->ks_users); +#ifdef MAC + mac_init_posix_sem(ret); + mac_create_posix_sem(uc, ret); +#endif if (name != NULL) sem_enter(td->td_proc, ret); *ksret = ret; @@ -385,17 +397,20 @@ ksnew->ks_onlist = 1; DP(("sem_create: done, about to unlock...\n")); } - mtx_unlock(&sem_lock); } else { +#ifdef MAC + error = mac_check_posix_sem_open(td->td_ucred, ks); + if (error) + goto err_open; +#endif /* * if we aren't the creator, then enforce permissions. */ error = sem_perm(td, ks); - if (!error) - sem_ref(ks); + if (error) + goto err_open; + sem_ref(ks); mtx_unlock(&sem_lock); - if (error) - return (error); id = SEM_TO_ID(ks); if (dir == UIO_USERSPACE) { error = copyout(&id, idp, sizeof(id)); @@ -411,8 +426,9 @@ sem_enter(td->td_proc, ks); mtx_lock(&sem_lock); sem_rel(ks); - mtx_unlock(&sem_lock); } +err_open: + mtx_unlock(&sem_lock); return (error); } @@ -545,10 +561,17 @@ mtx_lock(&sem_lock); ks = sem_lookup_byname(name); - if (ks == NULL) + if (ks != NULL) { +#ifdef MAC + error = mac_check_posix_sem_unlink(td->td_ucred, ks); + if (error) { + mtx_unlock(&sem_lock); + return (error); + } +#endif + error = sem_perm(td, ks); + } else error = ENOENT; - else - error = sem_perm(td, ks); DP(("sem_unlink: '%s' ks = %p, error = %d\n", name, ks, error)); if (error == 0) { LIST_REMOVE(ks, ks_entry); @@ -620,6 +643,11 @@ error = EINVAL; goto err; } +#ifdef MAC + error = mac_check_posix_sem_post(td->td_ucred, ks); + if (error) + goto err; +#endif if (ks->ks_value == SEM_VALUE_MAX) { error = EOVERFLOW; goto err; @@ -720,6 +748,13 @@ error = EINVAL; goto err; } +#ifdef MAC + error = mac_check_posix_sem_wait(td->td_ucred, ks); + if (error) { + DP(("kern_sem_wait mac failed\n")); + goto err; + } +#endif DP(("kern_sem_wait value = %d, tryflag %d\n", ks->ks_value, tryflag)); if (ks->ks_value == 0) { ks->ks_waiters++; @@ -778,6 +813,13 @@ mtx_unlock(&sem_lock); return (EINVAL); } +#ifdef MAC + error = mac_check_posix_sem_getvalue(td->td_ucred, ks); + if (error) { + mtx_unlock(&sem_lock); + return (error); + } +#endif val = ks->ks_value; mtx_unlock(&sem_lock); error = copyout(&val, uap->val, sizeof(val)); @@ -805,6 +847,11 @@ error = EINVAL; goto err; } +#ifdef MAC + error = mac_check_posix_sem_destroy(td->td_ucred, ks); + if (error) + goto err; +#endif if (ks->ks_waiters != 0) { error = EBUSY; goto err; ==== //depot/projects/trustedbsd/base/sys/modules/sem/Makefile#2 (text+ko) ==== @@ -1,8 +1,8 @@ -# $FreeBSD: src/sys/modules/sem/Makefile,v 1.1 2002/09/19 00:43:32 alfred Exp $ +# $FreeBSD: src/sys/modules/sem/Makefile,v 1.2 2005/05/04 10:39:14 rwatson Exp $ .PATH: ${.CURDIR}/../../kern KMOD= sem -SRCS= uipc_sem.c opt_posix.h +SRCS= uipc_sem.c opt_mac.h opt_posix.h .include <bsd.kmod.mk> ==== //depot/projects/trustedbsd/base/sys/net/bpf.c#33 (text+ko) ==== @@ -33,7 +33,7 @@ * * @(#)bpf.c 8.4 (Berkeley) 1/9/95 * - * $FreeBSD: src/sys/net/bpf.c,v 1.148 2005/03/31 12:19:43 phk Exp $ + * $FreeBSD: src/sys/net/bpf.c,v 1.149 2005/05/04 03:09:28 csjp Exp $ */ #include "opt_bpf.h" @@ -81,12 +81,13 @@ /* * The default read buffer size is patchable. */ +SYSCTL_NODE(_net, OID_AUTO, bpf, CTLFLAG_RW, 0, "bpf sysctl"); static int bpf_bufsize = 4096; -SYSCTL_INT(_debug, OID_AUTO, bpf_bufsize, CTLFLAG_RW, - &bpf_bufsize, 0, ""); +SYSCTL_INT(_net_bpf, OID_AUTO, bufsize, CTLFLAG_RW, + &bpf_bufsize, 0, ""); static int bpf_maxbufsize = BPF_MAXBUFSIZE; -SYSCTL_INT(_debug, OID_AUTO, bpf_maxbufsize, CTLFLAG_RW, - &bpf_maxbufsize, 0, ""); +SYSCTL_INT(_net_bpf, OID_AUTO, maxbufsize, CTLFLAG_RW, + &bpf_maxbufsize, 0, ""); /* * bpf_iflist is a list of BPF interface structures, each corresponding to a @@ -116,6 +117,8 @@ static int bpf_setdlt(struct bpf_d *, u_int); static void filt_bpfdetach(struct knote *); static int filt_bpfread(struct knote *, long); +static void bpf_drvinit(void *); +static void bpf_clone(void *, char *, int, struct cdev **); static d_open_t bpfopen; static d_close_t bpfclose; @@ -523,6 +526,8 @@ bpf_wakeup(d) struct bpf_d *d; { + + BPFD_LOCK_ASSERT(d); if (d->bd_state == BPF_WAITING) { callout_stop(&d->bd_callout); d->bd_state = BPF_IDLE; @@ -1313,6 +1318,7 @@ int hdrlen = d->bd_bif->bif_hdrlen; int do_wakeup = 0; + BPFD_LOCK_ASSERT(d); /* * Figure out how many bytes to move. If the packet is * greater or equal to the snapshot length, transfer that @@ -1586,10 +1592,6 @@ return (bp == NULL ? EINVAL : 0); } -static void bpf_drvinit(void *unused); - -static void bpf_clone(void *arg, char *name, int namelen, struct cdev **dev); - static void bpf_clone(arg, name, namelen, dev) void *arg; ==== //depot/projects/trustedbsd/base/sys/posix4/ksem.h#2 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/posix4/ksem.h,v 1.1 2005/05/03 20:21:24 rwatson Exp $ + * $FreeBSD: src/sys/posix4/ksem.h,v 1.2 2005/05/04 10:39:14 rwatson Exp $ */ #ifndef _POSIX4_KSEM_H_ @@ -33,6 +33,9 @@ #error "no user-servicable parts inside" #endif +#include <sys/condvar.h> +#include <sys/queue.h> + struct kuser { pid_t ku_pid; LIST_ENTRY(kuser) ku_next; @@ -50,6 +53,7 @@ struct cv ks_cv; /* waiters sleep here */ int ks_waiters; /* number of waiters */ LIST_HEAD(, kuser) ks_users; /* pids using this sem */ + struct label *ks_label; /* MAC label */ }; #endif /* !_POSIX4_KSEM_H_ */ ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#44 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.84 2005/04/14 16:03:29 csjp Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.85 2005/05/04 10:39:14 rwatson Exp $ */ /* @@ -65,6 +65,8 @@ #include <sys/sem.h> #include <sys/shm.h> +#include <posix4/ksem.h> + #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -1035,6 +1037,18 @@ } static void +mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(ks_label); + + mac_biba_copy_effective(source, dest); +} + +static void mac_biba_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -2088,6 +2102,42 @@ } static int +mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(ks_label); + + if (!mac_biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(ks_label); + + if (!mac_biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) { struct mac_biba *subj, *obj; @@ -3014,6 +3064,7 @@ .mpo_init_mount_label = mac_biba_init_label, .mpo_init_mount_fs_label = mac_biba_init_label, .mpo_init_pipe_label = mac_biba_init_label, + .mpo_init_posix_sem_label = mac_biba_init_label, .mpo_init_socket_label = mac_biba_init_label_waitcheck, .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, .mpo_init_vnode_label = mac_biba_init_label, @@ -3031,6 +3082,7 @@ .mpo_destroy_mount_label = mac_biba_destroy_label, .mpo_destroy_mount_fs_label = mac_biba_destroy_label, .mpo_destroy_pipe_label = mac_biba_destroy_label, + .mpo_destroy_posix_sem_label = mac_biba_destroy_label, .mpo_destroy_socket_label = mac_biba_destroy_label, .mpo_destroy_socket_peer_label = mac_biba_destroy_label, .mpo_destroy_vnode_label = mac_biba_destroy_label, @@ -3065,6 +3117,7 @@ .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, .mpo_create_pipe = mac_biba_create_pipe, + .mpo_create_posix_sem = mac_biba_create_posix_sem, .mpo_create_socket = mac_biba_create_socket, .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, .mpo_relabel_pipe = mac_biba_relabel_pipe, @@ -3126,6 +3179,12 @@ .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, .mpo_check_pipe_stat = mac_biba_check_pipe_stat, .mpo_check_pipe_write = mac_biba_check_pipe_write, + .mpo_check_posix_sem_destroy = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_getvalue = mac_biba_check_posix_sem_rdonly, + .mpo_check_posix_sem_open = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_post = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_unlink = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_wait = mac_biba_check_posix_sem_write, .mpo_check_proc_debug = mac_biba_check_proc_debug, .mpo_check_proc_sched = mac_biba_check_proc_sched, .mpo_check_proc_signal = mac_biba_check_proc_signal, ==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#40 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.69 2005/04/14 16:03:29 csjp Exp $ + * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.70 2005/05/04 10:39:15 rwatson Exp $ */ /* @@ -65,6 +65,8 @@ #include <sys/sem.h> #include <sys/shm.h> +#include <posix4/ksem.h> + #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -1004,6 +1006,18 @@ } static void +mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(ks_label); + + mac_mls_copy_effective(source, dest); +} + +static void mac_mls_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -1975,6 +1989,42 @@ } static int +mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(ks_label); + + if (!mac_mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(ks_label); + + if (!mac_mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) { struct mac_mls *subj, *obj; @@ -2788,6 +2838,7 @@ .mpo_init_mount_label = mac_mls_init_label, .mpo_init_mount_fs_label = mac_mls_init_label, .mpo_init_pipe_label = mac_mls_init_label, + .mpo_init_posix_sem_label = mac_mls_init_label, .mpo_init_socket_label = mac_mls_init_label_waitcheck, .mpo_init_socket_peer_label = mac_mls_init_label_waitcheck, .mpo_init_vnode_label = mac_mls_init_label, @@ -2805,6 +2856,7 @@ .mpo_destroy_mount_label = mac_mls_destroy_label, .mpo_destroy_mount_fs_label = mac_mls_destroy_label, .mpo_destroy_pipe_label = mac_mls_destroy_label, + .mpo_destroy_posix_sem_label = mac_mls_destroy_label, .mpo_destroy_socket_label = mac_mls_destroy_label, .mpo_destroy_socket_peer_label = mac_mls_destroy_label, .mpo_destroy_vnode_label = mac_mls_destroy_label, @@ -2839,6 +2891,7 @@ .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, .mpo_create_pipe = mac_mls_create_pipe, + .mpo_create_posix_sem = mac_mls_create_posix_sem, .mpo_create_socket = mac_mls_create_socket, .mpo_create_socket_from_socket = mac_mls_create_socket_from_socket, .mpo_relabel_pipe = mac_mls_relabel_pipe, @@ -2898,6 +2951,12 @@ .mpo_check_pipe_relabel = mac_mls_check_pipe_relabel, .mpo_check_pipe_stat = mac_mls_check_pipe_stat, .mpo_check_pipe_write = mac_mls_check_pipe_write, + .mpo_check_posix_sem_destroy = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_getvalue = mac_mls_check_posix_sem_rdonly, + .mpo_check_posix_sem_open = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_post = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_unlink = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_wait = mac_mls_check_posix_sem_write, .mpo_check_proc_debug = mac_mls_check_proc_debug, .mpo_check_proc_sched = mac_mls_check_proc_sched, .mpo_check_proc_signal = mac_mls_check_proc_signal, ==== //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#12 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.48 2005/04/18 13:36:57 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.49 2005/05/04 10:39:15 rwatson Exp $ */ /* @@ -63,6 +63,8 @@ #include <sys/sem.h> #include <sys/shm.h> +#include <posix4/ksem.h> + #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -273,6 +275,13 @@ } static void +stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + +} + +static void stub_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -821,6 +830,54 @@ } static int +stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int stub_check_proc_debug(struct ucred *cred, struct proc *proc) { @@ -1326,6 +1383,7 @@ .mpo_init_mount_label = stub_init_label, .mpo_init_mount_fs_label = stub_init_label, .mpo_init_pipe_label = stub_init_label, + .mpo_init_posix_sem_label = stub_init_label, .mpo_init_socket_label = stub_init_label_waitcheck, .mpo_init_socket_peer_label = stub_init_label_waitcheck, .mpo_init_vnode_label = stub_init_label, @@ -1343,6 +1401,7 @@ .mpo_destroy_mount_label = stub_destroy_label, .mpo_destroy_mount_fs_label = stub_destroy_label, .mpo_destroy_pipe_label = stub_destroy_label, + .mpo_destroy_posix_sem_label = stub_destroy_label, .mpo_destroy_socket_label = stub_destroy_label, .mpo_destroy_socket_peer_label = stub_destroy_label, .mpo_destroy_vnode_label = stub_destroy_label, @@ -1381,6 +1440,7 @@ .mpo_update_devfsdirent = stub_update_devfsdirent, .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, .mpo_create_pipe = stub_create_pipe, + .mpo_create_posix_sem = stub_create_posix_sem, .mpo_create_socket = stub_create_socket, .mpo_create_socket_from_socket = stub_create_socket_from_socket, .mpo_relabel_pipe = stub_relabel_pipe, @@ -1451,6 +1511,12 @@ .mpo_check_pipe_relabel = stub_check_pipe_relabel, .mpo_check_pipe_stat = stub_check_pipe_stat, .mpo_check_pipe_write = stub_check_pipe_write, + .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy, + .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue, + .mpo_check_posix_sem_open = stub_check_posix_sem_open, + .mpo_check_posix_sem_post = stub_check_posix_sem_post, + .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink, + .mpo_check_posix_sem_wait = stub_check_posix_sem_wait, .mpo_check_proc_debug = stub_check_proc_debug, .mpo_check_proc_sched = stub_check_proc_sched, .mpo_check_proc_setuid = stub_check_proc_setuid, ==== //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#36 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.57 2005/04/18 13:36:57 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.58 2005/05/04 10:39:15 rwatson Exp $ */ /* @@ -62,6 +62,8 @@ #include <sys/sem.h> #include <sys/shm.h> +#include <posix4/ksem.h> + #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -130,6 +132,8 @@ SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ )) #define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \ SLOT(x) == 0, ("%s: Bad PIPE label", __func__ )) +#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \ + SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ )) #define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \ SLOT(x) == 0, ("%s: Bad PROC label", __func__ )) #define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \ @@ -190,6 +194,9 @@ static int init_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, &init_count_pipe, 0, "pipe init calls"); +static int init_count_posixsems; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD, + &init_count_posixsems, 0, "posix sems init calls"); static int init_count_proc; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD, &init_count_proc, 0, "proc init calls"); @@ -247,6 +254,9 @@ static int destroy_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, &destroy_count_pipe, 0, "pipe destroy calls"); +static int destroy_count_posixsems; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_posixsems, CTLFLAG_RD, + &destroy_count_posixsems, 0, "posix sems destroy calls"); static int destroy_count_proc; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD, &destroy_count_proc, 0, "proc destroy calls"); @@ -447,6 +457,14 @@ } static void +mac_test_init_posix_sem_label(struct label *label) +{ + + SLOT(label) = POSIXSEMMAGIC; + atomic_add_int(&init_count_posixsems, 1); +} + +static void mac_test_init_proc_label(struct label *label) { @@ -697,6 +715,20 @@ } static void +mac_test_destroy_posix_sem_label(struct label *label) +{ + + if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) { + atomic_add_int(&destroy_count_posixsems, 1); + SLOT(label) = EXMAGIC; + } else if (SLOT(label) == EXMAGIC) { + DEBUGGER("mac_test_destroy_posix_sem: dup destroy"); + } else { + DEBUGGER("mac_test_destroy_posix_sem: corrupted label"); + } +} + +static void mac_test_destroy_proc_label(struct label *label) { @@ -954,6 +986,15 @@ } static void +mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem, + struct label *posixlabel) +{ + + ASSERT_CRED_LABEL(cred->cr_label); + ASSERT_POSIX_LABEL(posixlabel); +} + +static void mac_test_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -1677,6 +1718,17 @@ } static int +mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505041052.j44AqlO3036571>