Date: Thu, 28 Apr 2005 20:14:44 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 76154 for review Message-ID: <200504282014.j3SKEi9Y072151@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76154 Change 76154 by areisse@areisse_ibook on 2005/04/28 20:13:47 More progress on exposing and automating mach ipc security checks: -Pass the actual message id in the entry point (although it still produces a vector) -The sebsd policy reads a file mapping message id ranges to flask security classes, permitting automated generation of security class and permission specifications with Mig. Any number of mach interfaces may use the same TE types, as long as the message ids involved are all different. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 (text+ko) ==== @@ -481,7 +481,7 @@ int retval); void (*mpo_check_ipc_methods)(struct label *task, - struct label *port, struct msg_access_vector *av); + struct label *port, int msgid, struct msg_access_vector *av); }; struct mac_policy_conf { ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 (text+ko) ==== @@ -280,7 +280,9 @@ IP_VALID(kmsg->ikm_header.msgh_remote_port)) { mac_check_ipc_methods (&kmsg->ikm_sender->lh_label, - &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av); + &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, + kmsg->ikm_header.msgh_id, + &trailer->msgh_av); } else memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t)); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 (text+ko) ==== @@ -60,4 +60,4 @@ int mac_check_task_service_access (task_t self, task_t obj, const char *perm); -void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av); +void mac_check_ipc_methods (struct label *task, struct label *port, int msgid, msg_access_vector_t *av); ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 (text+ko) ==== @@ -174,7 +174,7 @@ } void -mac_check_ipc_methods(struct label *task, struct label *port, +mac_check_ipc_methods(struct label *task, struct label *port, int msgid, msg_access_vector_t *av) { struct mac_policy_conf *mpc; @@ -185,13 +185,13 @@ LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { if (mpc->mpc_ops->mpo_check_ipc_methods != NULL) mpc->mpc_ops->mpo_check_ipc_methods( - task, port, av); + task, port, msgid, av); } if ((entrycount = mac_policy_list_conditional_busy()) != 0) { LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { if (mpc->mpc_ops->mpo_check_ipc_methods != NULL) mpc->mpc_ops->mpo_check_ipc_methods( - task, port, av); + task, port, msgid, av); } mac_policy_list_unbusy(); } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 (text+ko) ==== @@ -5,7 +5,7 @@ OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \ ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \ - ss/sidtab.o ss/symtab.o avc/avc.o + ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o sedarwin.kext.tar: sedarwin.o ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 (text+ko) ==== @@ -148,6 +148,8 @@ if (security_init()) { panic("SEBSD: couldn't read policy file"); } + + sebsd_mach_av_init(); } static void @@ -1252,7 +1254,7 @@ extern int selinux_enforcing; static void -sebsd_check_ipc_methods(struct label *subj, struct label *obj, +sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid, msg_access_vector_t *av) { struct task_security_struct *tsec, *psec; @@ -1264,15 +1266,7 @@ if (!selinux_enforcing) return; - for (i = 0; i < 4; i++) - { - struct av_decision avd; - security_class_t tclass = SECCLASS_PORT_METHODS1 + i; - - avc_has_perm_noaudit (tsec->sid, psec->sid, tclass, 0xffffffff, NULL, &avd); - - av->av[i] &= avd.allowed; - } + sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av); } static int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504282014.j3SKEi9Y072151>