Date: Fri, 20 Dec 2002 06:12:33 -0800 (PST) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 22551 for review Message-ID: <200212201412.gBKECXG3074892@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=22551 Change 22551 by cvance@cvance_laptop on 2002/12/20 06:11:57 Implement the sebsd_load_policy system call for SEBSD so that the policy may be updated at run time. This will NOT revoke existing permissions, it just permits a new policy to be loaded into the security server. It's primary use is in developing policy configuration for test machines. This functionality required some pretty stiff locking (effectively bringing the system to a halt), but loading a policy is not expected to occur very frequently. To support the above changes, the file open/read/close operations now grab Giant. Additionally, the open operation can now take a pathname from a userspace string. Affected files ... .. //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 (text+ko) ==== @@ -56,3 +56,9 @@ { return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_TOGGLE , NULL); } + +int +sebsd_load_policy(const char *path) +{ + return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path); +} ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 (text+ko) ==== @@ -117,16 +117,35 @@ task = SLOT(&cred->cr_label); - return avc_has_perm(task->sid, SECINITSID_KERNEL, - SECCLASS_SYSTEM, perm); + return (avc_has_perm(task->sid, SECINITSID_KERNEL, + SECCLASS_SYSTEM, perm)); +} + +static int +cred_has_security(struct ucred *cred, access_vector_t perm) +{ + struct task_security_struct *task; + + task = SLOT(&cred->cr_label); + + return (avc_has_perm(task->sid, SECINITSID_SECURITY, + SECCLASS_SECURITY, perm)); } int thread_has_system(struct thread *td, access_vector_t perm) { + return (cred_has_system(td->td_proc->p_ucred, perm)); } +int +thread_has_security(struct thread *td, access_vector_t perm) +{ + + return (cred_has_security(td->td_proc->p_ucred, perm)); +} + static __inline security_class_t vnode_type_to_security_class(enum vtype vt) { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 (text+ko) ==== @@ -53,6 +53,7 @@ extern int security_init(void); extern int sebsd_syscall(struct thread *td, int call, void *args); extern int thread_has_system(struct thread *td, access_vector_t perm); +extern int thread_has_security(struct thread *td, access_vector_t perm); #endif /* _KERNEL */ #endif /* _SYS_SECURITY_SEBSD_H */ ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 (text+ko) ==== @@ -42,7 +42,32 @@ #include <security/sebsd/sebsd.h> #include <security/sebsd/sebsd_syscalls.h> +#include <security/sebsd/linux-compat.h> #include <security/sebsd/avc/avc.h> +#include <security/sebsd/ss/fileutils.h> +#include <security/sebsd/ss/services.h> + +static int +sys_load_policy(struct thread *td, char *path) +{ + FILE *fp; + int rc; + + rc = thread_has_security(td, SECURITY__LOAD_POLICY); + if (rc) + return (rc); + + fp = sebsd_fopen(path, "r", UIO_USERSPACE); + if (!fp) { + printf("ss: unable to open policy file\n"); + return (EINVAL); + } + + rc = security_load_policy(fp); + (void)fclose(fp); + + return (rc); +} int sebsd_syscall(struct thread *td, int call, void *args) @@ -56,6 +81,9 @@ case SEBSDCALL_AVC_ENFORCING: err = sys_avc_enforcing(td); break; + case SEBSDCALL_LOAD_POLICY: + err = sys_load_policy(td, (char *)args); + break; default: err = EINVAL; break; ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 (text+ko) ==== @@ -4,10 +4,11 @@ /* * TBD: Should we really try to line up with SELinux? */ -#define SEBSDCALL_AVC_TOGGLE 11 -#define SEBSDCALL_AVC_ENFORCING 40 +#define SEBSDCALL_LOAD_POLICY 7 +#define SEBSDCALL_AVC_TOGGLE 11 +#define SEBSDCALL_AVC_ENFORCING 40 -#define SEBSDCALL_NUM 40 +#define SEBSDCALL_NUM 40 /* Structure definitions for compute_av call */ struct security_query { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 (text+ko) ==== @@ -130,7 +130,10 @@ } h->htable[i] = NULL; } + /* XXX TBD: Shouldn't need giant for deallocation */ + mtx_lock(&Giant); sebsd_free(h->htable, M_SEBSD_SS); + mtx_unlock(&Giant); } @@ -164,8 +167,12 @@ { int i; + /* XXX TBD: Shouldn't need giant for allocation */ + mtx_lock(&Giant); h->htable = sebsd_malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE, - M_SEBSD_SS, M_WAITOK | M_ZERO); + M_SEBSD_SS, M_WAITOK | M_ZERO); + mtx_unlock(&Giant); + if (!h->htable) return -1; for (i = 0; i < AVTAB_SIZE; i++) ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 (text+ko) ==== @@ -53,14 +53,16 @@ { int error; + mtx_lock(&Giant); error = vn_close(fp->FILE_vp, fp->FILE_saved_open_flags, curthread->td_ucred, curthread); + mtx_unlock(&Giant); sebsd_free(fp, M_TEMP); return (error); } FILE * -fopen(const char *path, const char *type) +sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg) { struct nameidata nd; struct thread *td = curthread; @@ -71,12 +73,15 @@ return (NULL); fp = sebsd_malloc(sizeof(*fp), M_TEMP, M_WAITOK | M_ZERO); fp->FILE_saved_open_flags = FREAD; - NDINIT(&nd, LOOKUP, LOCKLEAF, UIO_SYSSPACE, path, td); + mtx_lock(&Giant); + NDINIT(&nd, LOOKUP, LOCKLEAF, pathseg, path, td); error = vn_open(&nd, &fp->FILE_saved_open_flags, 0); if (error) return (NULL); NDFREE(&nd, NDF_ONLY_PNBUF); VOP_UNLOCK(nd.ni_vp, 0, td); + mtx_unlock(&Giant); + fp->FILE_vp = nd.ni_vp; fp->FILE_uio.uio_iov = &fp->FILE_iov; fp->FILE_uio.uio_iovcnt = 1; @@ -89,6 +94,13 @@ return (fp); } +FILE * +fopen(const char *path, const char *type) +{ + + return (sebsd_fopen(path, type, UIO_SYSSPACE)); +} + size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp) { @@ -97,9 +109,11 @@ fp->FILE_uio.uio_iov->iov_base = ptr; fp->FILE_uio.uio_resid = fp->FILE_uio.uio_iov->iov_len = size * nmemb; fp->FILE_uio.uio_td = td; + mtx_lock(&Giant); vn_lock(fp->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, td); (void)VOP_READ(fp->FILE_vp, &fp->FILE_uio, 0, td->td_ucred); VOP_UNLOCK(fp->FILE_vp, 0, td); + mtx_unlock(&Giant); return (((size * nmemb) - fp->FILE_uio.uio_resid) / size); } ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 (text+ko) ==== @@ -54,6 +54,7 @@ int fclose(FILE *fp); FILE *fopen(const char *path, const char *type); +FILE *sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg); size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp); #else /* _KERNEL */ #include <stdio.h> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212201412.gBKECXG3074892>