From owner-p4-projects Fri Dec 20 6:12:42 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E520F37B405; Fri, 20 Dec 2002 06:12:34 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BFC737B401 for ; Fri, 20 Dec 2002 06:12:34 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FEED43EE8 for ; Fri, 20 Dec 2002 06:12:34 -0800 (PST) (envelope-from cvance@tislabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gBKECXfh074895 for ; Fri, 20 Dec 2002 06:12:33 -0800 (PST) (envelope-from cvance@tislabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gBKECXG3074892 for perforce@freebsd.org; Fri, 20 Dec 2002 06:12:33 -0800 (PST) Date: Fri, 20 Dec 2002 06:12:33 -0800 (PST) Message-Id: <200212201412.gBKECXG3074892@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cvance@tislabs.com using -f From: Chris Vance Subject: PERFORCE change 22551 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=22551 Change 22551 by cvance@cvance_laptop on 2002/12/20 06:11:57 Implement the sebsd_load_policy system call for SEBSD so that the policy may be updated at run time. This will NOT revoke existing permissions, it just permits a new policy to be loaded into the security server. It's primary use is in developing policy configuration for test machines. This functionality required some pretty stiff locking (effectively bringing the system to a halt), but loading a policy is not expected to occur very frequently. To support the above changes, the file open/read/close operations now grab Giant. Additionally, the open operation can now take a pathname from a userspace string. Affected files ... .. //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 (text+ko) ==== @@ -56,3 +56,9 @@ { return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_TOGGLE , NULL); } + +int +sebsd_load_policy(const char *path) +{ + return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path); +} ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 (text+ko) ==== @@ -117,16 +117,35 @@ task = SLOT(&cred->cr_label); - return avc_has_perm(task->sid, SECINITSID_KERNEL, - SECCLASS_SYSTEM, perm); + return (avc_has_perm(task->sid, SECINITSID_KERNEL, + SECCLASS_SYSTEM, perm)); +} + +static int +cred_has_security(struct ucred *cred, access_vector_t perm) +{ + struct task_security_struct *task; + + task = SLOT(&cred->cr_label); + + return (avc_has_perm(task->sid, SECINITSID_SECURITY, + SECCLASS_SECURITY, perm)); } int thread_has_system(struct thread *td, access_vector_t perm) { + return (cred_has_system(td->td_proc->p_ucred, perm)); } +int +thread_has_security(struct thread *td, access_vector_t perm) +{ + + return (cred_has_security(td->td_proc->p_ucred, perm)); +} + static __inline security_class_t vnode_type_to_security_class(enum vtype vt) { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 (text+ko) ==== @@ -53,6 +53,7 @@ extern int security_init(void); extern int sebsd_syscall(struct thread *td, int call, void *args); extern int thread_has_system(struct thread *td, access_vector_t perm); +extern int thread_has_security(struct thread *td, access_vector_t perm); #endif /* _KERNEL */ #endif /* _SYS_SECURITY_SEBSD_H */ ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 (text+ko) ==== @@ -42,7 +42,32 @@ #include #include +#include #include +#include +#include + +static int +sys_load_policy(struct thread *td, char *path) +{ + FILE *fp; + int rc; + + rc = thread_has_security(td, SECURITY__LOAD_POLICY); + if (rc) + return (rc); + + fp = sebsd_fopen(path, "r", UIO_USERSPACE); + if (!fp) { + printf("ss: unable to open policy file\n"); + return (EINVAL); + } + + rc = security_load_policy(fp); + (void)fclose(fp); + + return (rc); +} int sebsd_syscall(struct thread *td, int call, void *args) @@ -56,6 +81,9 @@ case SEBSDCALL_AVC_ENFORCING: err = sys_avc_enforcing(td); break; + case SEBSDCALL_LOAD_POLICY: + err = sys_load_policy(td, (char *)args); + break; default: err = EINVAL; break; ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 (text+ko) ==== @@ -4,10 +4,11 @@ /* * TBD: Should we really try to line up with SELinux? */ -#define SEBSDCALL_AVC_TOGGLE 11 -#define SEBSDCALL_AVC_ENFORCING 40 +#define SEBSDCALL_LOAD_POLICY 7 +#define SEBSDCALL_AVC_TOGGLE 11 +#define SEBSDCALL_AVC_ENFORCING 40 -#define SEBSDCALL_NUM 40 +#define SEBSDCALL_NUM 40 /* Structure definitions for compute_av call */ struct security_query { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 (text+ko) ==== @@ -130,7 +130,10 @@ } h->htable[i] = NULL; } + /* XXX TBD: Shouldn't need giant for deallocation */ + mtx_lock(&Giant); sebsd_free(h->htable, M_SEBSD_SS); + mtx_unlock(&Giant); } @@ -164,8 +167,12 @@ { int i; + /* XXX TBD: Shouldn't need giant for allocation */ + mtx_lock(&Giant); h->htable = sebsd_malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE, - M_SEBSD_SS, M_WAITOK | M_ZERO); + M_SEBSD_SS, M_WAITOK | M_ZERO); + mtx_unlock(&Giant); + if (!h->htable) return -1; for (i = 0; i < AVTAB_SIZE; i++) ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 (text+ko) ==== @@ -53,14 +53,16 @@ { int error; + mtx_lock(&Giant); error = vn_close(fp->FILE_vp, fp->FILE_saved_open_flags, curthread->td_ucred, curthread); + mtx_unlock(&Giant); sebsd_free(fp, M_TEMP); return (error); } FILE * -fopen(const char *path, const char *type) +sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg) { struct nameidata nd; struct thread *td = curthread; @@ -71,12 +73,15 @@ return (NULL); fp = sebsd_malloc(sizeof(*fp), M_TEMP, M_WAITOK | M_ZERO); fp->FILE_saved_open_flags = FREAD; - NDINIT(&nd, LOOKUP, LOCKLEAF, UIO_SYSSPACE, path, td); + mtx_lock(&Giant); + NDINIT(&nd, LOOKUP, LOCKLEAF, pathseg, path, td); error = vn_open(&nd, &fp->FILE_saved_open_flags, 0); if (error) return (NULL); NDFREE(&nd, NDF_ONLY_PNBUF); VOP_UNLOCK(nd.ni_vp, 0, td); + mtx_unlock(&Giant); + fp->FILE_vp = nd.ni_vp; fp->FILE_uio.uio_iov = &fp->FILE_iov; fp->FILE_uio.uio_iovcnt = 1; @@ -89,6 +94,13 @@ return (fp); } +FILE * +fopen(const char *path, const char *type) +{ + + return (sebsd_fopen(path, type, UIO_SYSSPACE)); +} + size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp) { @@ -97,9 +109,11 @@ fp->FILE_uio.uio_iov->iov_base = ptr; fp->FILE_uio.uio_resid = fp->FILE_uio.uio_iov->iov_len = size * nmemb; fp->FILE_uio.uio_td = td; + mtx_lock(&Giant); vn_lock(fp->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, td); (void)VOP_READ(fp->FILE_vp, &fp->FILE_uio, 0, td->td_ucred); VOP_UNLOCK(fp->FILE_vp, 0, td); + mtx_unlock(&Giant); return (((size * nmemb) - fp->FILE_uio.uio_resid) / size); } ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 (text+ko) ==== @@ -54,6 +54,7 @@ int fclose(FILE *fp); FILE *fopen(const char *path, const char *type); +FILE *sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg); size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp); #else /* _KERNEL */ #include To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message