Date: Mon, 22 Jan 2007 15:11:20 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113319 for review Message-ID: <200701221511.l0MFBKl4002932@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113319 Change 113319 by millert@millert_macbook on 2007/01/22 15:10:57 - Add entry points for vnode_check_{list, delete}extattr - Add a comment to vnode_check_set, it doesn't look complete Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#58 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#58 (text+ko) ==== @@ -2086,6 +2086,34 @@ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); } +static int +sebsd_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); +} + +static int +sebsd_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, + struct label *label, const char *name) +{ + + /* + * Our policy labels may not be removed. + * Labels may be changed, but all files must be labeled. + */ + if (bcmp(name, SEBSD_MAC_EXTATTR_NAME, + sizeof(SEBSD_MAC_EXTATTR_NAME)) == 0) + return (EPERM); + + /* + * Otherwise, it's not a recognized attribute and we do as + * SELinux does and check ordinary setattr permissions. + */ + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); +} + #if defined(FILE__POLL) && defined(FILE__GETATTR) static int sebsd_vnode_check_kqfilter(struct ucred *cred, struct ucred *file_cred, @@ -2386,6 +2414,14 @@ struct label *label, const char *name, struct uio *uio) { + /* + * XXX - This doesn't look like we're checking enough + * update_extattr doesn't actually check any permissions, + * it's called too late. + * + * If the 'name' belongs to our policy, we should make sure + * the new value is valid and permitted. + */ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } @@ -3513,6 +3549,7 @@ .mpo_vnode_check_chdir = sebsd_vnode_check_chdir, .mpo_vnode_check_chroot = sebsd_vnode_check_chroot, .mpo_vnode_check_create = sebsd_vnode_check_create, + .mpo_vnode_check_deleteextattr = sebsd_vnode_check_deleteextattr, .mpo_vnode_check_exchangedata = sebsd_vnode_check_exchangedata, .mpo_vnode_check_exec = sebsd_vnode_check_exec, .mpo_vnode_check_getattrlist = sebsd_vnode_check_getattrlist, @@ -3520,6 +3557,7 @@ .mpo_vnode_check_ioctl = sebsd_vnode_check_ioctl, .mpo_vnode_check_label_update = sebsd_vnode_check_label_update, .mpo_vnode_check_link = sebsd_vnode_check_link, + .mpo_vnode_check_listextattr = sebsd_vnode_check_listextattr, .mpo_vnode_check_lookup = sebsd_vnode_check_lookup, .mpo_vnode_check_open = sebsd_vnode_check_open, .mpo_vnode_check_read = sebsd_vnode_check_read,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221511.l0MFBKl4002932>