Date: Mon, 22 Jan 2007 15:11:19 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113318 for review Message-ID: <200701221511.l0MFBJnQ002917@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113318 Change 113318 by millert@millert_macbook on 2007/01/22 15:10:21 Set sclass for all label types. For socket labels this means we no longer need to re-compute the sclass post-associate. Also add some XXX for potential issues. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#57 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_labels.h#6 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#57 (text+ko) ==== @@ -185,6 +185,7 @@ if (!kau_will_audit()) return; + /* XXX - malloc could sleep */ if (sbuf_new(&sb, NULL, 0, SBUF_AUTOEXTEND) == NULL) { printf("%s: failed to allocate an sbuf for auditing\n", __func__); @@ -612,8 +613,7 @@ vsec->sid = nsec->sid; vsec->task_sid = tsec->sid; - vsec->sclass = socket_type_to_security_class(xso->xso_family, - xso->so_type, xso->xso_protocol); + vsec->sclass = nsec->sclass; } static void @@ -862,6 +862,7 @@ /* Default to using the attributes from the parent process */ task->osid = parent->osid; task->sid = parent->sid; + task->sclass = parent->sclass; } static void @@ -875,6 +876,7 @@ fsec = SLOT(label); fsec->sid = tsec->sid; + fsec->sclass = SECCLASS_FD; } static void @@ -905,6 +907,7 @@ psec = SLOT(port); psec->sid = SECINITSID_KERNEL; + psec->sclass = SECCLASS_MACH_PORT; } /* XXX - the Darwin framework lacks ifnet and bpf labels */ @@ -1039,6 +1042,7 @@ dirent->sclass = devfs_type_to_security_class(devfs_dirent->dn_type); /* Obtain a SID based on the fstype, path, and class. */ + /* XXX - malloc could sleep */ path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); @@ -1071,6 +1075,7 @@ dirent->sclass = devfs_type_to_security_class(de->dn_type); /* Obtain a SID based on the fstype, path, and class. */ + /* XXX - malloc could sleep */ path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); @@ -1112,6 +1117,7 @@ task = SLOT(cred->cr_label); task->osid = task->sid = SECINITSID_KERNEL; + task->sclass = SECCLASS_PROCESS; } static void @@ -1161,6 +1167,7 @@ break; } sbsec->behavior = behavior; /* note: behavior 16 bits in sbsec */ + sbsec->sclass = SECCLASS_FILESYSTEM; } static void @@ -1173,6 +1180,8 @@ tsec = SLOT(cred->cr_label); nsec = SLOT(solabel); nsec->sid = nsec->task_sid = tsec->sid; + nsec->sclass = socket_type_to_security_class(xso->xso_family, + xso->so_type, xso->xso_protocol); } static void @@ -2463,7 +2472,6 @@ struct sockaddr_in *sin; struct sockaddr_in6 *sin6; in_port_t port; - u_int16_t sclass; u_int32_t sid, node_perm; int error; @@ -2490,9 +2498,6 @@ port = ntohs(sin6->sin6_port); } - sclass = socket_type_to_security_class(xso->xso_family, xso->so_type, - xso->xso_protocol); - if (port) { /* XXX - check against net.inet.ip.portrange.last? */ error = security_port_sid(xso->xso_family, xso->so_type, @@ -2502,13 +2507,13 @@ AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sport = htons(port); ad.u.net.family = xso->xso_family; - error = avc_has_perm(nsec->sid, sid, sclass, + error = avc_has_perm(nsec->sid, sid, nsec->sclass, SOCKET__NAME_BIND, &ad); if (error) return (error); } - switch (sclass) { + switch (nsec->sclass) { case SECCLASS_TCP_SOCKET: node_perm = TCP_SOCKET__NODE_BIND; break; @@ -2533,7 +2538,7 @@ bcopy(&ad.u.net.v6info.saddr, &sin6->sin6_addr, sizeof(ad.u.net.v6info.saddr)); - error = avc_has_perm(nsec->sid, sid, sclass, node_perm, &ad); + error = avc_has_perm(nsec->sid, sid, nsec->sclass, node_perm, &ad); return (error); } @@ -2547,7 +2552,6 @@ struct sockaddr_in *sin; struct sockaddr_in6 *sin6; in_port_t port; - u_int16_t sclass; u_int32_t sid; int error; @@ -2555,12 +2559,8 @@ if (error) return (error); - sclass = socket_type_to_security_class(xso->xso_family, xso->so_type, - xso->xso_protocol); - - if (sclass == SECCLASS_TCP_SOCKET) { - nsec = SLOT(socklabel); - + nsec = SLOT(socklabel); + if (nsec->sclass == SECCLASS_TCP_SOCKET) { if (xso->xso_family == AF_INET) { sin = (struct sockaddr_in *)addr; port = ntohs(sin->sin_port); @@ -2577,7 +2577,7 @@ AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.dport = htons(port); ad.u.net.family = xso->xso_family; - error = avc_has_perm(nsec->sid, sid, sclass, + error = avc_has_perm(nsec->sid, sid, nsec->sclass, TCP_SOCKET__NAME_CONNECT, &ad); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_labels.h#6 (text+ko) ==== @@ -44,10 +44,10 @@ struct sebsd_label { u_int32_t osid; /* task_sid for all but task_security_struct */ u_int32_t sid; - u_int16_t sclass; /* only used for vnode and ipc */ + u_int16_t sclass; u_int16_t behavior; /* only used for mount */ }; -#define task_sid osid +#define task_sid osid /* XXX - need to be separate if polymorphic */ #define task_security_struct sebsd_label #define file_security_struct sebsd_label
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221511.l0MFBJnQ002917>