From owner-p4-projects@FreeBSD.ORG  Fri Apr 29 14:48:14 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 5FC5216A4D0; Fri, 29 Apr 2005 14:48:14 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CF2F16A4CE
	for <perforce@freebsd.org>; Fri, 29 Apr 2005 14:48:14 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D72A143D48
	for <perforce@freebsd.org>; Fri, 29 Apr 2005 14:48:13 +0000 (GMT)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3TEmDmr057692
	for <perforce@freebsd.org>; Fri, 29 Apr 2005 14:48:13 GMT
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3TEmDsh057689
	for perforce@freebsd.org; Fri, 29 Apr 2005 14:48:13 GMT
	(envelope-from areisse@nailabs.com)
Date: Fri, 29 Apr 2005 14:48:13 GMT
Message-Id: <200504291448.j3TEmDsh057689@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 76200 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2005 14:48:15 -0000

http://perforce.freebsd.org/chv.cgi?CH=76200

Change 76200 by areisse@areisse_ibook on 2005/04/29 14:48:09

	Enable access checks on all bootstrap namespace methods.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.defs#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/Makefile#3 (text+ko) ====

@@ -33,7 +33,6 @@
 DEBUG_LIBS = $(LIBS)
 PROF_LIBS = $(LIBS)
 
-
 NEXTSTEP_PB_CFLAGS = -DMACH_USER_API
 WINDOWS_PB_CFLAGS = -DMACH_USER_API
 PDO_UNIX_PB_CFLAGS = -DMACH_USER_API
@@ -57,3 +56,5 @@
 -include Makefile.postamble
 
 -include Makefile.dependencies
+
+include ../../build/Mig.mk

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#3 (text+ko) ====

@@ -975,6 +975,7 @@
     service_t *servicep;
     server_t *serverp;
     kern_return_t result;
+    mach_msg_mac_trailer_t *trailer = (mach_msg_mac_trailer_t *) (((char*)Request)+Request->msgh_size);
 	mig_reply_error_t *reply;
         
 	debug("received message on port %x\n", Request->msgh_local_port);
@@ -1156,8 +1157,11 @@
      
 	else {	/* must be a service request */
 		debug("Handled request.");
-		return bootstrap_server(Request, Reply);
+		boolean_t result = bootstrap_server(Request, Reply);
+		//mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender);
+		return result;
 	}
+	//mach_port_destroy(mach_task_self(), trailer->msgh_labels.sender);
 	return TRUE;
 }
 
@@ -1179,6 +1183,7 @@
 						bootstrapMaxRequestSize,
 						bootstrap_port_set,
                         MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_SENDER)|
+                        MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AV)|
                         MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0));
 		if (mresult != MACH_MSG_SUCCESS)
 				kern_error(mresult, "mach_msg_server");

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.defs#2 (text+ko) ====

@@ -135,7 +135,7 @@
  * Errors:	Returns appropriate kernel errors on rpc failure.
  *		Returns BOOTSTRAP_NOT_PRIVILEGED, bootstrap or uid invalid.
  */
-routine bootstrap_create_server(
+routine bootstrap_create_server checkaccess(
 		bootstrap_port	: mach_port_t;
 		server_cmd	: cmd_t;
 		server_uid	: integer_t;
@@ -158,7 +158,7 @@
  * children (or any offspring that it does not want to count as part
  * of the "server" for mach_init registration and re-launch purposes).
  */
-routine bootstrap_unprivileged(
+routine bootstrap_unprivileged checkaccess (
 		bootstrap_port	: mach_port_t;
 	out	unpriv_port	: mach_port_t);
 
@@ -183,7 +183,7 @@
  *		Returns BOOTSTRAP_SERVICE_ACTIVE, if service has already been
  *			registered or checked-in.
  */
-routine bootstrap_check_in(
+routine bootstrap_check_in checkaccess(
 			bootstrap_port	: mach_port_t;
 			service_name	: name_t;
 		out	service_port	: mach_port_move_receive_t);
@@ -210,7 +210,7 @@
  *		Returns BOOTSTRAP_NAME_IN_USE, if service has already been
  *			register or checked-in.
  */
-routine bootstrap_register(
+routine bootstrap_register checkaccess(
 		bootstrap_port	: mach_port_t;
 		service_name	: name_t;
 		service_port	: mach_port_t);
@@ -228,7 +228,7 @@
  * Errors:	Returns appropriate kernel errors on rpc failure.
  *		Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist.
  */
-routine bootstrap_look_up(
+routine bootstrap_look_up checkaccess(
 		bootstrap_port	: mach_port_t;
 		service_name	: name_t;
 	out	service_port	: mach_port_t);
@@ -255,7 +255,7 @@
  *		If all services are known, all_services_known is true on
  *			return, if any service is unknown, it's false.
  */
-routine bootstrap_look_up_array(
+routine bootstrap_look_up_array checkaccess(
 		bootstrap_port	: mach_port_t;
 		service_names	: name_array_t;
 	out	service_ports	: mach_port_array_t;
@@ -275,7 +275,7 @@
  *	with an effective user id of root (as determined by the security
  *	token in the message trailer).
  */
-routine bootstrap_parent(
+routine bootstrap_parent checkaccess(
 		bootstrap_port	: mach_port_t;
  ServerSecToken	token		: security_token_t;
 	out	parent_port	: mach_port_make_send_t);
@@ -292,7 +292,7 @@
  * Errors:	Returns appropriate kernel errors on rpc failure.
  *		Returns BOOTSTRAP_UNKNOWN_SERVICE, if service does not exist.
  */
-routine bootstrap_status(
+routine bootstrap_status checkaccess(
 		bootstrap_port	:	mach_port_t;
 		service_name	:	name_t;
 	out	service_active	:	bootstrap_status_t);
@@ -309,7 +309,7 @@
  *			
  * Errors:	Returns appropriate kernel errors on rpc failure.
  */
-routine bootstrap_info(
+routine bootstrap_info checkaccess(
 		bootstrap_port	: mach_port_t;
 	out	service_names	: name_array_t, dealloc;
 	out server_names	: name_array_t, dealloc;
@@ -335,7 +335,7 @@
  *
  * Errors:	Returns appropriate kernel errors on rpc failure.
  */
-routine bootstrap_subset(
+routine bootstrap_subset checkaccess(
 		bootstrap_port	: mach_port_t;
 		requestor_port	: mach_port_t;
 	out	subset_port	: mach_port_t);
@@ -353,7 +353,7 @@
  * Errors:	Returns appropriate kernel errors on rpc failure.
  *		Returns BOOTSTRAP_SERVICE_ACTIVE, if service already exists.
  */
-routine bootstrap_create_service(
+routine bootstrap_create_service checkaccess(
 		bootstrap_port	: mach_port_t;
 		service_name	: name_t;
 	out	service_port	: mach_port_t);