Date: Tue, 23 Jul 2013 20:43:47 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 231382 for review Message-ID: <201307232043.r6NKhlMG093540@skunkworks.freebsd.org>
index | next in thread | raw e-mail
http://p4web.freebsd.org/@@231382?ac=10 Change 231382 by rwatson@rwatson_cinnamon on 2013/07/23 20:43:26 Add 70-80 new TESLA assertions relating to MAC, process access-control, and sysctl privilege checking. Affected files ... .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ctl.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ioctl.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_note.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_osrel.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_rlimit.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_status.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_type.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_cpuset.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_mib.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#5 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/ksched.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/sys_process.c#3 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#3 edit .. //depot/projects/ctsrd/tesla/src/sys/modules/Makefile#4 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#3 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/sys/tesla-kernel.h#7 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#13 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#2 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#3 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#3 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs.c#2 (text+ko) ==== @@ -54,6 +54,8 @@ #include <sys/systm.h> #include <sys/vnode.h> +#include <sys/tesla-kernel.h> + #include <vm/vm.h> #include <vm/pmap.h> #include <vm/vm_param.h> @@ -72,6 +74,8 @@ struct vnode *textvp; int error; + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0); + freepath = NULL; PROC_LOCK(p); textvp = p->p_textvp; ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ctl.c#2 (text+ko) ==== @@ -46,6 +46,7 @@ #include <sys/sbuf.h> #include <sys/signalvar.h> #include <sys/sx.h> +#include <sys/tesla-kernel.h> #include <sys/uio.h> #include <fs/pseudofs/pseudofs.h> @@ -312,6 +313,8 @@ int error; struct namemap *nm; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + if (uio == NULL || uio->uio_rw != UIO_WRITE) return (EOPNOTSUPP); ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ioctl.c#2 (text+ko) ==== @@ -38,6 +38,7 @@ #include <sys/proc.h> #include <sys/signalvar.h> #include <sys/systm.h> +#include <sys/tesla-kernel.h> #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> @@ -70,6 +71,8 @@ int ival; #endif + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + KASSERT(p != NULL, ("%s() called without a process", __func__)); PROC_LOCK_ASSERT(p, MA_OWNED); ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_note.c#2 (text+ko) ==== @@ -39,13 +39,20 @@ #include <sys/lock.h> #include <sys/mutex.h> #include <sys/sbuf.h> +#include <sys/tesla-kernel.h> #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> +/* Required for TESLA assertion. */ +#include <sys/proc.h> + int procfs_doprocnote(PFS_FILL_ARGS) { + + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + sbuf_trim(sb); sbuf_finish(sb); /* send to process's notify function */ ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_osrel.c#2 (text+ko) ==== @@ -34,6 +34,7 @@ #include <sys/proc.h> #include <sys/sbuf.h> #include <sys/uio.h> +#include <sys/tesla-kernel.h> #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> @@ -44,6 +45,8 @@ const char *pp; int ov, osrel, i; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + if (uio == NULL) return (EOPNOTSUPP); if (uio->uio_rw == UIO_READ) { ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_rlimit.c#2 (text+ko) ==== @@ -55,6 +55,7 @@ #include <sys/sbuf.h> #include <sys/types.h> #include <sys/malloc.h> +#include <sys/tesla-kernel.h> #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> @@ -66,6 +67,8 @@ struct plimit *limp; int i; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + /* * Obtain a private reference to resource limits */ ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_status.c#2 (text+ko) ==== @@ -51,6 +51,7 @@ #include <sys/resourcevar.h> #include <sys/sbuf.h> #include <sys/sysent.h> +#include <sys/tesla-kernel.h> #include <sys/tty.h> #include <vm/vm.h> @@ -73,6 +74,8 @@ int pid, ppid, pgid, sid; int i; + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0); + pid = p->p_pid; PROC_LOCK(p); ppid = p->p_pptr ? p->p_pptr->p_pid : 0; ==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_type.c#2 (text+ko) ==== @@ -38,6 +38,7 @@ #include <sys/proc.h> #include <sys/sbuf.h> #include <sys/sysent.h> +#include <sys/tesla-kernel.h> #include <fs/pseudofs/pseudofs.h> #include <fs/procfs/procfs.h> @@ -47,6 +48,8 @@ { static const char *none = "Not Available"; + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0); + if (p != NULL && p->p_sysent && p->p_sysent->sv_name) sbuf_printf(sb, "%s", p->p_sysent->sv_name); else ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_cpuset.c#2 (text+ko) ==== @@ -54,6 +54,7 @@ #include <sys/limits.h> #include <sys/bus.h> #include <sys/interrupt.h> +#include <sys/tesla-kernel.h> #include <vm/uma.h> @@ -538,6 +539,8 @@ } } PROC_LOCK_ASSERT(p, MA_OWNED); + TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), p) == 0); + /* * Now that the appropriate locks are held and we have enough cpusets, * make sure the operation will succeed before applying changes. The @@ -713,6 +716,9 @@ error = cpuset_which(CPU_WHICH_TID, id, &p, &td, &set); if (error) goto out; + + TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), p) == 0); + set = NULL; thread_lock(td); error = cpuset_shadow(td->td_cpuset, nset, mask); ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_mib.c#2 (text+ko) ==== @@ -53,8 +53,12 @@ #include <sys/jail.h> #include <sys/smp.h> #include <sys/sx.h> +#include <sys/tesla-kernel.h> #include <sys/unistd.h> +/* Required for TESLA assertion. */ +#include <sys/priv.h> + SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0, "Sysctl internal magic"); SYSCTL_NODE(, CTL_KERN, kern, CTLFLAG_RW|CTLFLAG_CAPRD, 0, @@ -292,6 +296,9 @@ error = sysctl_handle_string(oidp, tmpname, len, req); if (req->newptr != NULL && error == 0) { + TESLA_SYSCALL_PREVIOUSLY(priv_check(req->td, + PRIV_SYSCTL_WRITEJAIL) == 0); + /* * Copy the locally set hostname to all jails that share * this host info. @@ -349,6 +356,10 @@ error = sysctl_handle_int(oidp, &level, 0, req); if (error || !req->newptr) return (error); + + TESLA_SYSCALL_PREVIOUSLY(priv_check(req->td, PRIV_SYSCTL_WRITEJAIL) == + 0); + /* Permit update only if the new securelevel exceeds the old. */ sx_slock(&allprison_lock); mtx_lock(&pr->pr_mtx); ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#5 (text+ko) ==== ==== //depot/projects/ctsrd/tesla/src/sys/kern/ksched.c#2 (text+ko) ==== @@ -48,6 +48,7 @@ #include <sys/posix4.h> #include <sys/resource.h> #include <sys/sched.h> +#include <sys/tesla-kernel.h> FEATURE(kposix_priority_scheduling, "POSIX P1003.1B realtime extensions"); @@ -136,6 +137,8 @@ int policy; int e; + TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), td->td_proc) == 0); + e = getscheduler(ksched, td, &policy); if (e == 0) @@ -152,6 +155,8 @@ { struct rtprio rtp; + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0); + pri_to_rtp(td, &rtp); if (RTP_PRIO_IS_REALTIME(rtp.type)) param->sched_priority = rtpprio_to_p4prio(rtp.prio); @@ -182,6 +187,8 @@ int e = 0; struct rtprio rtp; + TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), td->td_proc) == 0); + switch(policy) { case SCHED_RR: @@ -224,6 +231,9 @@ int ksched_getscheduler(struct ksched *ksched, struct thread *td, int *policy) { + + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0); + return getscheduler(ksched, td, policy); } @@ -286,6 +296,9 @@ ksched_rr_get_interval(struct ksched *ksched, struct thread *td, struct timespec *timespec) { + + TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0); + *timespec = ksched->rr_interval; return 0; ==== //depot/projects/ctsrd/tesla/src/sys/kern/sys_process.c#3 (text+ko) ==== @@ -48,6 +48,7 @@ #include <sys/sx.h> #include <sys/malloc.h> #include <sys/signalvar.h> +#include <sys/tesla-kernel.h> #include <machine/reg.h> @@ -140,6 +141,8 @@ proc_read_regs(struct thread *td, struct reg *regs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_regs(td, regs)); } @@ -147,6 +150,8 @@ proc_write_regs(struct thread *td, struct reg *regs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_regs(td, regs)); } @@ -154,6 +159,8 @@ proc_read_dbregs(struct thread *td, struct dbreg *dbregs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_dbregs(td, dbregs)); } @@ -161,6 +168,8 @@ proc_write_dbregs(struct thread *td, struct dbreg *dbregs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_dbregs(td, dbregs)); } @@ -172,6 +181,8 @@ proc_read_fpregs(struct thread *td, struct fpreg *fpregs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_fpregs(td, fpregs)); } @@ -179,6 +190,8 @@ proc_write_fpregs(struct thread *td, struct fpreg *fpregs) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_fpregs(td, fpregs)); } @@ -188,6 +201,8 @@ proc_read_regs32(struct thread *td, struct reg32 *regs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_regs32(td, regs32)); } @@ -195,6 +210,8 @@ proc_write_regs32(struct thread *td, struct reg32 *regs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_regs32(td, regs32)); } @@ -202,6 +219,8 @@ proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_dbregs32(td, dbregs32)); } @@ -209,6 +228,8 @@ proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_dbregs32(td, dbregs32)); } @@ -216,6 +237,8 @@ proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(fill_fpregs32(td, fpregs32)); } @@ -223,6 +246,8 @@ proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(set_fpregs32(td, fpregs32)); } #endif @@ -231,6 +256,8 @@ proc_sstep(struct thread *td) { + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0); + PROC_ACTION(ptrace_single_step(td)); } @@ -242,6 +269,8 @@ vm_prot_t reqprot; int error, fault_flags, page_offset, writing; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + /* * Assert that someone has locked this vmspace. (Should be * curthread but we can't assert that.) This keeps the process @@ -337,6 +366,8 @@ u_int pathlen; int error, index; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + error = 0; obj = NULL; @@ -443,6 +474,8 @@ struct ptrace_vm_entry pve; int error; + TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0); + pve.pve_entry = pve32->pve_entry; pve.pve_pathlen = pve32->pve_pathlen; pve.pve_path = (void *)(uintptr_t)pve32->pve_path; ==== //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#3 (text+ko) ==== @@ -136,6 +136,8 @@ #include <sys/uio.h> #include <sys/jail.h> #include <sys/syslog.h> +#include <sys/tesla-kernel.h> + #include <netinet/in.h> #include <net/vnet.h> @@ -422,6 +424,11 @@ struct socket *so; int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_create(cred, dom, type, + proto) == 0); +#endif + if (proto) prp = pffindproto(dom, proto, type); else @@ -617,6 +624,11 @@ { int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) == + 0); +#endif + CURVNET_SET(so->so_vnet); error = (*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td); CURVNET_RESTORE(); @@ -628,6 +640,11 @@ { int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) == + 0); +#endif + CURVNET_SET(so->so_vnet); error = (*so->so_proto->pr_usrreqs->pru_bindat)(fd, so, nam, td); CURVNET_RESTORE(); @@ -651,6 +668,10 @@ { int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_listen(ANY(ptr), so) == 0); +#endif + CURVNET_SET(so->so_vnet); error = (*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td); CURVNET_RESTORE(); @@ -898,6 +919,12 @@ { int error; +#ifdef MAC + /* Access-control check is on head rather than so. */ + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_accept(ANY(ptr), ANY(ptr)) == + 0); +#endif + SOCK_LOCK(so); KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF")); so->so_state &= ~SS_NOFDREF; @@ -913,6 +940,11 @@ soconnect(struct socket *so, struct sockaddr *nam, struct thread *td) { +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_connect(td->td_ucred, so, + nam) == 0); +#endif + return (soconnectat(AT_FDCWD, so, nam, td)); } @@ -1450,6 +1482,10 @@ { int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_send(ANY(ptr), so) == 0); +#endif + CURVNET_SET(so->so_vnet); error = so->so_proto->pr_usrreqs->pru_sosend(so, addr, uio, top, control, flags, td); @@ -2406,6 +2442,10 @@ { int error; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_receive(ANY(ptr), so) == 0); +#endif + CURVNET_SET(so->so_vnet); error = (so->so_proto->pr_usrreqs->pru_soreceive(so, psa, uio, mp0, controlp, flagsp)); @@ -3079,6 +3119,14 @@ { int revents = 0; +#ifdef MAC + /* + * XXXRW: Should be active_cred but actually fp->f_cred is getting + * passed down the stack, so the wrong cred here! + */ + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0); +#endif + SOCKBUF_LOCK(&so->so_snd); SOCKBUF_LOCK(&so->so_rcv); if (events & (POLLIN | POLLRDNORM)) @@ -3124,6 +3172,10 @@ struct socket *so = kn->kn_fp->f_data; struct sockbuf *sb; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0); +#endif + switch (kn->kn_filter) { case EVFILT_READ: if (so->so_options & SO_ACCEPTCONN) ==== //depot/projects/ctsrd/tesla/src/sys/modules/Makefile#4 (text+ko) ==== @@ -261,7 +261,6 @@ ppc \ ppi \ pps \ - procfs \ pseudofs \ ${_pst} \ pty \ @@ -359,6 +358,10 @@ ${_zfs} \ zlib \ +# XXXRW: Temporarily disable procfs build for TESLA, as the module contains +# assertions which don't build as a module. +# procfs \ + .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64" _filemon= filemon .endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#2 (text+ko) ==== @@ -66,6 +66,7 @@ #include <sys/file.h> #include <sys/namei.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <vm/vm.h> #include <vm/pmap.h> @@ -195,6 +196,9 @@ mac_cred_relabel(struct ucred *cred, struct label *newlabel) { + TESLA_SYSCALL(previously(mac_cred_check_relabel(cred, newlabel) == + 0)); + MAC_POLICY_PERFORM_NOSLEEP(cred_relabel, cred, newlabel); } ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#2 (text+ko) ==== @@ -55,11 +55,16 @@ #include <sys/vnode.h> #include <sys/pipe.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <security/mac/mac_framework.h> #include <security/mac/mac_internal.h> #include <security/mac/mac_policy.h> +/* Forward declaration for TESLA. */ +static int mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *newlabel); + struct label * mac_pipe_label_alloc(void) { @@ -138,6 +143,9 @@ struct label *newlabel) { + TESLA_SYSCALL_PREVIOUSLY(mac_pipe_check_relabel(cred, pp, newlabel) + == 0); + MAC_POLICY_PERFORM_NOSLEEP(pipe_relabel, cred, pp, pp->pp_label, newlabel); } ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#3 (text+ko) ==== @@ -65,6 +65,7 @@ #include <sys/file.h> #include <sys/namei.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <vm/vm.h> #include <vm/pmap.h> @@ -170,12 +171,18 @@ return (error); } imgp->execlabel = label; + + TESLA_SYSCALL_EVENTUALLY(called(mac_execve_exit)); + return (0); } void mac_execve_exit(struct image_params *imgp) { + + TESLA_SYSCALL_PREVIOUSLY(called(mac_execve_enter(imgp, ANY(ptr)))); + if (imgp->execlabel != NULL) { mac_cred_label_free(imgp->execlabel); imgp->execlabel = NULL; @@ -192,14 +199,21 @@ mac_vnode_copy_label(interpvp->v_label, *interpvplabel); } else *interpvplabel = NULL; + + TESLA_SYSCALL_EVENTUALLY(called(mac_execve_interpreter_exit)); } void mac_execve_interpreter_exit(struct label *interpvplabel) { - if (interpvplabel != NULL) + if (interpvplabel != NULL) { + /* Awkwardly, _exit() may be called even if _enter() wasn't. */ + TESLA_SYSCALL_PREVIOUSLY(called( + mac_execve_interpreter_enter(ANY(ptr), ANY(ptr)))); + mac_vnode_label_free(interpvplabel); + } } /* ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#2 (text+ko) ==== @@ -64,6 +64,7 @@ #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <net/bpfdesc.h> #include <net/if.h> @@ -77,6 +78,10 @@ #include <security/mac/mac_internal.h> #include <security/mac/mac_policy.h> +/* Definition required for TESLA assertion. */ +static int mac_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *newlabel); + /* * Currently, sockets hold two labels: the label of the socket itself, and a * peer label, which may be used by policies to hold a copy of the label of @@ -253,6 +258,9 @@ struct label *newlabel) { + TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_relabel(cred, so, newlabel) + == 0); + SOCK_LOCK_ASSERT(so); MAC_POLICY_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label, ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#2 (text+ko) ==== @@ -65,6 +65,7 @@ #include <sys/namei.h> #include <sys/sdt.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <vm/vm.h> #include <vm/pmap.h> @@ -948,6 +949,9 @@ struct label *newlabel) { + TESLA_SYSCALL(previously(mac_vnode_check_relabel(cred, vp, newlabel) + == 0)); + MAC_POLICY_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel); } ==== //depot/projects/ctsrd/tesla/src/sys/sys/tesla-kernel.h#7 (text+ko) ==== @@ -45,6 +45,11 @@ #define incallstack(fn) TSEQUENCE(called(fn), TESLA_ASSERTION_SITE, returned(fn)) +#if 0 +/* XXXRW: This doesn't yet work. */ +struct timespec __tesla_any_timespec(); +#endif + /* * Convenient assertion wrappers for various scopes. */ ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#13 (text+ko) ==== @@ -77,13 +77,12 @@ #include <sys/priv.h> #include <sys/rwlock.h> #include <sys/stat.h> +#include <sys/tesla-kernel.h> #include <sys/vmmeter.h> #include <sys/vnode.h> #include <security/mac/mac_framework.h> -#include <sys/tesla-kernel.h> - #include <vm/vm.h> #include <vm/vm_param.h> #include <vm/vm_extern.h> @@ -92,6 +91,10 @@ #include <vm/vm_pager.h> #include <vm/vnode_pager.h> +/* Required for TESLA assertion. */ +struct inode; +#include <ufs/ufs/acl.h> + #include <ufs/ufs/extattr.h> #include <ufs/ufs/quota.h> #include <ufs/ufs/inode.h> @@ -437,12 +440,10 @@ vp = ap->a_vp; #ifdef MAC - TESLA_SYSCALL(previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) - == 0) || - previously(mac_vnode_check_readdir(ANY(ptr), vp) == 0)); - TESLA_PAGE_FAULT(previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), - vp) == 0) || - previously(mac_vnode_check_readdir(ANY(ptr), vp) == 0)); + TESLA_SYSCALL(incallstack(ufs_readdir) || + previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0)); + TESLA_PAGE_FAULT(incallstack(ufs_readdir) || + previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0)); #endif uio = ap->a_uio; @@ -1482,6 +1483,12 @@ int ealen, olen, eapad1, eapad2, error, i, easize; u_char *eae, *p; +#ifdef MAC + TESLA_SYSCALL(incallstack(ufs_setacl) || + previously(mac_vnode_check_deleteextattr(ANY(ptr), ap->a_vp, + ap->a_attrnamespace, ap->a_name) == 0)); +#endif + ip = VTOI(ap->a_vp); fs = ip->i_fs; @@ -1569,6 +1576,12 @@ unsigned easize; int error, ealen; +#ifdef MAC + TESLA_SYSCALL(incallstack(ufs_getacl) || + previously(mac_vnode_check_getextattr(ANY(ptr), ap->a_vp, + ap->a_attrnamespace, ap->a_name) == 0)); +#endif + ip = VTOI(ap->a_vp); fs = ip->i_fs; @@ -1625,6 +1638,11 @@ uint32_t ul; int error, ealen; +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_listextattr(ANY(ptr), + ap->a_vp, ap->a_attrnamespace) == 0); +#endif + ip = VTOI(ap->a_vp); fs = ip->i_fs; @@ -1689,6 +1707,12 @@ int olen, eapad1, eapad2, error, i, easize; u_char *eae, *p; +#ifdef MAC + TESLA_SYSCALL(incallstack(ufs_setacl) || + mac_vnode_check_setextattr(ANY(ptr), ap->a_vp, + ap->a_attrnamespace, ap->a_name) == 0); +#endif + ip = VTOI(ap->a_vp); fs = ip->i_fs; ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#2 (text+ko) ==== @@ -45,7 +45,11 @@ #include <sys/acl.h> #include <sys/event.h> #include <sys/extattr.h> +#include <sys/tesla-kernel.h> +/* Required for TESLA assertion. */ +#include <security/mac/mac_framework.h> + #include <ufs/ufs/quota.h> #include <ufs/ufs/inode.h> #include <ufs/ufs/acl.h> @@ -359,6 +363,11 @@ } */ *ap; { +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_getacl(ANY(ptr), ap->a_vp, + ap->a_type) == 0); +#endif + if ((ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) == 0) return (EOPNOTSUPP); @@ -609,6 +618,16 @@ struct thread *td; } */ *ap; { + +#ifdef MAC + if (ap->a_aclp == NULL) + TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_deleteacl(ANY(ptr), + ap->a_vp, ap->a_type) == 0); + else + TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setacl(ANY(ptr), + ap->a_vp, ap->a_type, ap->a_aclp) == 0); +#endif + if ((ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) == 0) return (EOPNOTSUPP); ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#3 (text+ko) ==== @@ -51,6 +51,7 @@ #include <sys/mount.h> #include <sys/vnode.h> #include <sys/sysctl.h> +#include <sys/tesla-kernel.h> #include <vm/vm.h> #include <vm/vm_extern.h> @@ -211,6 +212,11 @@ } */ *ap; { +#ifdef MAC + TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_lookup(ANY(ptr), ap->a_dvp, + ap->a_cnp) == 0); +#endif + return (ufs_lookup_ino(ap->a_dvp, ap->a_vpp, ap->a_cnp, NULL)); } ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#3 (text+ko) ==== @@ -61,11 +61,15 @@ #include <sys/lockf.h> #include <sys/conf.h> #include <sys/acl.h> +#include <sys/tesla-kernel.h> #include <security/mac/mac_framework.h> #include <sys/file.h> /* XXX */ +/* Required for TESLA assertion. */ +#include <sys/syscallsubr.h> + #include <vm/vm.h> #include <vm/vm_extern.h> @@ -269,6 +273,11 @@ struct vnode *vp = ap->a_vp; struct inode *ip; +#ifdef MAC + TESLA_SYSCALL(incallstack(kern_execve) || + mac_vnode_check_open(ANY(ptr), vp, ANY(int)) == 0); +#endif + >>> TRUNCATED FOR MAIL (1000 lines) <<<help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307232043.r6NKhlMG093540>