Date: Tue, 14 Nov 2006 18:50:14 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 109957 for review Message-ID: <200611141850.kAEIoEgf011279@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109957 Change 109957 by millert@millert_g5tower on 2006/11/14 18:49:39 - Add accessor function to get p{sem,shm}info from p{sem,shm}node. - Move filesystem specific labeling out of devfs/fdesc. - Provide protoypes in devfsdefs.h to quiet warnings. - Export fdesc.h to kernel build. - Add mac_vnode_label_associate(). - Change mac_vnode_label_associate_file() to return int. - Shuffle and update includes for mac_vfs.c - Default to MULTILABEL for fdesc. - Handle labeling of non FD vnodes in mac_vnode_label_associate_file() - Remove vnode locking from mac_vnode_label_associate_file(). - Add comments about possible locking needs in mac_vnode_label_associate_file(). - Get Posix SEM/SHM info struct from fileglob data via accessor. - Don't mark vnodes as 'LABELED' if vnode is not cachable. This will cause label association each time the vnode is requested. - Don't try default xattr implementation on EPERM from VNOP. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfsdefs.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_sem.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_shm.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#14 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#22 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#17 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#36 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#16 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#4 (text+ko) ==== @@ -1083,3 +1083,11 @@ { return (ENOTSUP); } + +struct pseminfo * +psemnodeinfo (struct psemnode *node) +{ + if (node == NULL) + return (NULL); + return (node->pinfo); +} ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#4 (text+ko) ==== @@ -1084,3 +1084,11 @@ { return(ENOTSUP); } + +struct pshminfo * +pshmnodeinfo (struct pshmnode *node) +{ + if (node == NULL) + return (NULL); + return (node->pinfo); +} ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#6 (text+ko) ==== @@ -1076,22 +1076,6 @@ } } -#ifdef MAC - vnode_lock(vn_p); - if ((vn_p->v_lflag & VL_LABELED) == 0) { - vn_p->v_lflag |= VL_LABEL; - mac_vnode_label_associate_devfs(dnp->dn_dvm->mount, dnp, vn_p); - - vn_p->v_lflag |= VL_LABELED; - vn_p->v_lflag &= ~VL_LABEL; - if (vn_p->v_lflag & VL_LABELWAIT) { - vn_p->v_lflag &= ~VL_LABELWAIT; - wakeup(vn_p->v_label); - } - } - vnode_unlock(vn_p); -#endif - dnp->dn_lflags &= ~DN_CREATE; if (dnp->dn_lflags & DN_CREATEWAIT) { dnp->dn_lflags &= ~DN_CREATEWAIT; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfsdefs.h#3 (text+ko) ==== @@ -196,6 +196,14 @@ #define DEVFS_UNLOCK() lck_mtx_unlock(&devfs_mutex) +static __inline__ void DEVFS_INCR_ENTRIES(void); +static __inline__ void DEVFS_DECR_ENTRIES(void); +static __inline__ void DEVFS_INCR_NODES(void); +static __inline__ void DEVFS_DECR_NODES(void); +static __inline__ void DEVFS_INCR_MOUNTS(void); +static __inline__ void DEVFS_DECR_MOUNTS(void); +static __inline__ void DEVFS_INCR_STRINGSPACE(int); +static __inline__ void DEVFS_DECR_STRINGSPACE(int); static __inline__ void DEVFS_INCR_ENTRIES() ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/Makefile#2 (text+ko) ==== @@ -19,10 +19,10 @@ EXPINC_SUBDIRS_I386 = \ -DATAFILES = +DATAFILES = \ + fdesc.h -PRIVATE_DATAFILES = \ - fdesc.h +PRIVATE_DATAFILES = INSTALL_MI_LIST = ${DATAFILES} ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#5 (text+ko) ==== @@ -328,10 +328,6 @@ if (error) goto bad; VTOFDESC(fvp)->fd_fd = fd; -#ifdef MAC - mac_vnode_label_associate_file(proc_ucred(p), - p->p_fd->fd_ofiles[fd]->f_fglob, fvp); -#endif *vpp = fvp; return (0); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_sem.h#2 (text+ko) ==== @@ -62,6 +62,8 @@ struct label * psem_label; }; +struct pseminfo * psemnodeinfo (struct psemnode *); + #define PSEMINFO_NULL (struct pseminfo *)0 #define PSEM_NONE 1 ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_shm.h#2 (text+ko) ==== @@ -65,6 +65,9 @@ #endif /* DIAGNOSTIC */ struct label * pshm_label; }; + +struct pshminfo * pshmnodeinfo (struct pshmnode *node); + #define PSHMINFO_NULL (struct pshminfo *)0 #define PSHM_NONE 1 ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#14 (text+ko) ==== @@ -144,11 +144,12 @@ * Labeling event operations: file system objects, and things that * look a lot like file system objects. */ +int mac_vnode_label_associate(struct mount *mp, struct vnode *vp, vfs_context_t ctx); void mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de, struct vnode *vp); int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp); void mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp); -void mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, +int mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, struct vnode *vp); void mac_devfs_label_associate_device(dev_t dev, struct devnode *de, const char *fullpath); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#22 (text+ko) ==== @@ -1444,6 +1444,22 @@ ); /** + @brief Associate a user credential with a vnode + @param cred User credential + @param vp Vnode to label + @param vlabel Label associated with vp + + Associate label information for the vnode, vp, with a + user credential. + The label should be stored in the supplied vlabel parameter. +*/ +typedef void mpo_vnode_label_associate_cred_t( + struct ucred *cred, + struct vnode *vp, + struct label *vlabel +); + +/** @brief Associate a file label with a vnode @param cred User credential @param fg Fileglob structure @@ -5426,6 +5442,7 @@ mpo_vnode_label_associate_posixsem_t *mpo_vnode_label_associate_posixsem; mpo_vnode_label_associate_posixshm_t *mpo_vnode_label_associate_posixshm; mpo_vnode_label_associate_pipe_t *mpo_vnode_label_associate_pipe; + mpo_vnode_label_associate_cred_t *mpo_vnode_label_associate_cred; mpo_vnode_label_associate_file_t *mpo_vnode_label_associate_file; mpo_devfs_label_associate_device_t *mpo_devfs_label_associate_device; mpo_devfs_label_associate_directory_t *mpo_devfs_label_associate_directory; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#17 (text+ko) ==== @@ -36,19 +36,22 @@ */ #include <sys/param.h> -#include <sys/vnode.h> -#include <sys/vnode_internal.h> -#include <miscfs/devfs/devfsdefs.h> +#include <sys/systm.h> +#include <sys/kernel.h> +#include <sys/proc.h> #include <sys/kauth.h> + +#include <sys/file_internal.h> #include <sys/namei.h> -#include <sys/mount.h> #include <sys/mount_internal.h> -#include <sys/file.h> -#include <sys/file_internal.h> -#include <sys/uio_internal.h> #include <sys/pipe.h> #include <sys/posix_sem.h> #include <sys/posix_shm.h> +#include <sys/uio_internal.h> +#include <sys/vnode_internal.h> + +#include <miscfs/devfs/devfsdefs.h> +#include <miscfs/fdesc/fdesc.h> #include <security/mac_internal.h> @@ -246,13 +249,49 @@ vp->v_label); } +int +mac_vnode_label_associate(struct mount *mp, struct vnode *vp, vfs_context_t ctx) +{ + struct devnode *dnp; + struct fdescnode *fnp; + struct fileglob *fg; + struct proc *p; + int error; + int fd; + + error = 0; + + /* XXX: should not inspect v_tag in kernel! */ + switch (vp->v_tag) { + case VT_DEVFS: + dnp = VTODN(vp); + mac_vnode_label_associate_devfs(mp, dnp, vp); + break; + case VT_FDESC: + fnp = VTOFDESC(vp); + p = vfs_context_proc(ctx); + fd = fnp->fd_fd; + fg = fd != -1 ? p->p_fd->fd_ofiles[fd]->f_fglob : NULL; + error = mac_vnode_label_associate_file(vfs_context_ucred(ctx), + fg, vp); + break; + default: + error = mac_vnode_label_associate_extattr(mp, vp); + break; + } + + return (error); +} + void mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de, struct vnode *vp) { - MAC_PERFORM(vnode_label_associate_devfs, mp, mp ? mp->mnt_mntlabel : NULL, de, - de->dn_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_devfs, + mp, mp ? mp->mnt_mntlabel : NULL, + de, de->dn_label, + vp, vp->v_label); } int @@ -739,6 +778,10 @@ if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) mp->mnt_flag |= MNT_MULTILABEL; + /* MULTILABEL on FDESC. */ + if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) + mp->mnt_flag |= MNT_MULTILABEL; + /* MULTILABEL on all NFS filesystems. */ if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0) mp->mnt_flag |= MNT_MULTILABEL; @@ -895,7 +938,7 @@ return (0); } -void +int mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, struct vnode *vp) { @@ -904,50 +947,61 @@ struct xsocket xso; struct socket *so; struct pipe *cpipe; + struct vnode *fvp; + int error; + /* + * If no backing file, use the cred label. + */ + if (fg == NULL) { + MAC_PERFORM(vnode_label_associate_cred, cred, + vp, vp->v_label); + return (0); + } + switch (fg->fg_type) { case DTYPE_VNODE: - vnode_lock(vp); - MAC_PERFORM(vnode_label_copy, - ((struct vnode *)fg->fg_data)->v_label, vp->v_label); - vnode_unlock(vp); + fvp = (struct vnode *)fg->fg_data; + if ((error = vnode_getwithref(fvp))) + return (error); + MAC_PERFORM(vnode_label_copy, fvp->v_label, vp->v_label); + (void)vnode_put(fvp); break; case DTYPE_SOCKET: so = (struct socket *)fg->fg_data; sotoxsocket(so, &xso); - vnode_lock(vp); MAC_PERFORM(vnode_label_associate_socket, cred, &xso, so->so_label, vp, vp->v_label); - vnode_unlock(vp); break; case DTYPE_PSXSHM: - pshm = (struct pshminfo *)fg->fg_data; - vnode_lock(vp); + /* XXX: should hold the PSHM_SUBSYS lock. */ + pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data); + if (pshm == NULL) + return (EINVAL); MAC_PERFORM(vnode_label_associate_posixshm, cred, pshm, pshm->pshm_label, vp, vp->v_label); - vnode_unlock(vp); break; case DTYPE_PSXSEM: - psem = (struct pseminfo *)fg->fg_data; - vnode_lock(vp); + /* XXX: should hold the PSEM_SUBSYS lock. */ + psem = psemnodeinfo((struct psemnode *)fg->fg_data); + if (psem == NULL) + return (EINVAL); MAC_PERFORM(vnode_label_associate_posixsem, cred, psem, psem->psem_label, vp, vp->v_label); vnode_unlock(vp); break; case DTYPE_PIPE: + /* XXX: should PIPE_LOCK */ cpipe = (struct pipe *)fg->fg_data; - vnode_lock(vp); MAC_PERFORM(vnode_label_associate_pipe, cred, cpipe, cpipe->pipe_label, vp, vp->v_label); - vnode_unlock(vp); break; case DTYPE_KQUEUE: case DTYPE_FSEVENTS: default: - vnode_lock(vp); MAC_PERFORM(vnode_label_associate_file, cred, fg, fg->fg_label, vp, vp->v_label); - vnode_unlock(vp); break; } + return (0); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#7 (text+ko) ==== @@ -1,7 +1,6 @@ #include <sys/param.h> #include <sys/vnode.h> #include <sys/vnode_internal.h> -#include <miscfs/devfs/devfsdefs.h> #include <sys/kauth.h> #include <sys/namei.h> #include <sys/mount.h> @@ -46,10 +45,10 @@ error = mac_vnode_notify_create(vfs_context_ucred(ctx), mp, dvp, vp, cnp); else - error = mac_vnode_label_associate_extattr(mp, vp); + error = mac_vnode_label_associate(mp, vp, ctx); vnode_lock(vp); - if (error == 0) + if ((error == 0) && (vp->v_flag & VNCACHEABLE)) vp->v_lflag |= VL_LABELED; vp->v_lflag &= ~VL_LABEL; if (vp->v_lflag & VL_LABELWAIT) { @@ -88,19 +87,22 @@ int vnode_label1(struct vnode *vp) { + struct vfs_context ctx; int error; error = 0; + ctx.vc_proc = current_proc(); + ctx.vc_ucred = kauth_cred_get(); if ((vp->v_lflag & (VL_LABEL|VL_LABELED)) == 0) { vp->v_lflag |= VL_LABEL; /* Could sleep on disk I/O, drop lock. */ vnode_unlock(vp); - error = mac_vnode_label_associate_extattr(vnode_mount(vp), vp); + error = mac_vnode_label_associate(vnode_mount(vp), vp, &ctx); vnode_lock(vp); - if (error == 0) + if ((error == 0) && (vp->v_flag & VNCACHEABLE)) vp->v_lflag |= VL_LABELED; vp->v_lflag &= ~VL_LABEL; if (vp->v_lflag & VL_LABELWAIT) { @@ -183,7 +185,7 @@ uio_addiov(auio, CAST_USER_ADDR_T(buf), len); error = VNOP_GETXATTR(vp, name, auio, attrlen, 0, &context); - if (error == ENOTSUP || error == EPERM) + if (error == ENOTSUP) error = default_getxattr(vp, name, auio, attrlen, 0, &context); *attrlen = len - uio_resid(auio); @@ -200,7 +202,7 @@ context.vc_ucred = kauth_cred_get(); error = VNOP_REMOVEXATTR(vp, name, 0, &context); - if (error == ENOTSUP || error == EPERM) + if (error == ENOTSUP) error = default_removexattr(vp, name, 0, &context); return (error); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#36 (text+ko) ==== @@ -753,6 +753,20 @@ } static void +sebsd_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp, + struct label *vlabel) +{ + struct task_security_struct *tsec; + struct vnode_security_struct *vsec; + + tsec = SLOT(cred->cr_label); + vsec = SLOT(vlabel); + + vsec->sid = vsec->task_sid = tsec->sid; + vsec->sclass = SECCLASS_FILE; /* XXX */ +} + +static void sebsd_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, struct label *fglabel, struct vnode *vp, struct label *vlabel) { @@ -766,7 +780,7 @@ vsec->sid = fsec->sid; vsec->task_sid = tsec->sid; - vsec->sclass = SECCLASS_FILE; + vsec->sclass = SECCLASS_FILE; /* XXX */ } static void @@ -3611,6 +3625,7 @@ .mpo_vnode_label_associate_posixsem = sebsd_vnode_label_associate_posixsem, .mpo_vnode_label_associate_posixshm = sebsd_vnode_label_associate_posixshm, .mpo_vnode_label_associate_pipe = sebsd_vnode_label_associate_pipe, + .mpo_vnode_label_associate_cred = sebsd_vnode_label_associate_cred, .mpo_vnode_label_associate_file = sebsd_vnode_label_associate_file, .mpo_devfs_label_update = sebsd_devfs_update, ==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#16 (text+ko) ==== @@ -1183,6 +1183,17 @@ } static void +mac_test_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp, + struct label *vlabel) +{ + CHECKNULL(cred); + CHECKNULL(vp); + + INIT_LABEL(vlabel, VNODETYPE); + USE_LABEL(cred->cr_label, CREDTYPE); +} + +static void mac_test_devfs_label_associate_device(dev_t dev, struct devnode *de, struct label *label, const char *fullpath) { @@ -1911,6 +1922,7 @@ mac_test_vnode_label_associate_posixshm, .mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe, .mpo_vnode_label_associate_file = mac_test_vnode_label_associate_file, + .mpo_vnode_label_associate_cred = mac_test_vnode_label_associate_cred, .mpo_devfs_label_associate_device= mac_test_devfs_label_associate_device, .mpo_devfs_label_associate_directory=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611141850.kAEIoEgf011279>