From owner-p4-projects@FreeBSD.ORG  Thu Apr 28 20:14:46 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id BEF9716A4EB; Thu, 28 Apr 2005 20:14:45 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7856F16A4D6
	for <perforce@freebsd.org>; Thu, 28 Apr 2005 20:14:45 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 36E3F43D41
	for <perforce@freebsd.org>; Thu, 28 Apr 2005 20:14:45 +0000 (GMT)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3SKEjmI072154
	for <perforce@freebsd.org>; Thu, 28 Apr 2005 20:14:45 GMT
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3SKEi9Y072151
	for perforce@freebsd.org; Thu, 28 Apr 2005 20:14:44 GMT
	(envelope-from areisse@nailabs.com)
Date: Thu, 28 Apr 2005 20:14:44 GMT
Message-Id: <200504282014.j3SKEi9Y072151@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 76154 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2005 20:14:46 -0000

http://perforce.freebsd.org/chv.cgi?CH=76154

Change 76154 by areisse@areisse_ibook on 2005/04/28 20:13:47

	More progress on exposing and automating mach ipc security checks:
	-Pass the actual message id in the entry point (although it still
	 produces a vector)
	-The sebsd policy reads a file mapping message id ranges to 
	 flask security classes, permitting automated generation of 
	 security class and permission specifications with Mig. Any number
	 of mach interfaces may use the same TE types, as long as the
	 message ids involved are all different.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#1 add

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 (text+ko) ====

@@ -481,7 +481,7 @@
 		    int retval);
 
 	void	(*mpo_check_ipc_methods)(struct label *task,
-		    struct label *port, struct msg_access_vector *av);
+		    struct label *port, int msgid, struct msg_access_vector *av);
 };
 
 struct mac_policy_conf {

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 (text+ko) ====

@@ -280,7 +280,9 @@
 		      IP_VALID(kmsg->ikm_header.msgh_remote_port)) {
 		    mac_check_ipc_methods
 		      (&kmsg->ikm_sender->lh_label,
-		       &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av);
+		       &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label,
+		       kmsg->ikm_header.msgh_id,
+		       &trailer->msgh_av);
 		  }
 		  else
 			  memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t));

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 (text+ko) ====

@@ -60,4 +60,4 @@
 
 int mac_check_task_service_access (task_t self, task_t obj, const char *perm);
 
-void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av);
+void mac_check_ipc_methods (struct label *task, struct label *port, int msgid, msg_access_vector_t *av);

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 (text+ko) ====

@@ -174,7 +174,7 @@
 }
 
 void
-mac_check_ipc_methods(struct label *task, struct label *port,
+mac_check_ipc_methods(struct label *task, struct label *port, int msgid,
     msg_access_vector_t *av)
 {
 	struct mac_policy_conf *mpc;
@@ -185,13 +185,13 @@
 	LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
 		if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
 			mpc->mpc_ops->mpo_check_ipc_methods(
-			    task, port, av);
+			    task, port, msgid, av);
 	}
 	if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
 			if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
 				mpc->mpc_ops->mpo_check_ipc_methods(
-				    task, port, av);
+				    task, port, msgid, av);
 		}
 		mac_policy_list_unbusy();
 	}

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 (text+ko) ====

@@ -5,7 +5,7 @@
 
 OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \
        ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \
-       ss/sidtab.o ss/symtab.o avc/avc.o
+       ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o
 
 sedarwin.kext.tar: sedarwin.o
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 (text+ko) ====

@@ -148,6 +148,8 @@
 	if (security_init()) {
 		panic("SEBSD: couldn't read policy file");
 	}
+
+	sebsd_mach_av_init();
 }
 
 static void
@@ -1252,7 +1254,7 @@
 extern int selinux_enforcing;
 
 static void
-sebsd_check_ipc_methods(struct label *subj, struct label *obj,
+sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid,
     msg_access_vector_t *av)
 {
 	struct task_security_struct *tsec, *psec;
@@ -1264,15 +1266,7 @@
 	if (!selinux_enforcing)
 		return;
 
-	for (i = 0; i < 4; i++)
-	{
-		struct av_decision avd;
-		security_class_t   tclass = SECCLASS_PORT_METHODS1 + i;
-
-		avc_has_perm_noaudit (tsec->sid, psec->sid, tclass, 0xffffffff, NULL, &avd);
-
-		av->av[i] &= avd.allowed;
-	}
+	sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av);
 }
 
 static int