Date: Thu, 23 Feb 2006 19:22:18 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92285 for review Message-ID: <200602231922.k1NJMIXl015243@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92285 Change 92285 by millert@millert_g4tower on 2006/02/23 19:21:40 Add 2 new methods to the security server: mach_get_task_label() which gets the label handle of a task and mach_get_label() which allocates a new label handle and copies a port's label into it. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 (text+ko) ==== @@ -1760,6 +1760,47 @@ return kr; } +/* + * Get a label handle representing the given port's port label. + */ +kern_return_t +mach_get_label( + ipc_space_t space, + mach_port_name_t name, + mach_port_name_t *outlabel) +{ + ipc_entry_t entry; + ipc_port_t port; + struct label outl; + kern_return_t kr; + + if (!MACH_PORT_VALID(name)) + return KERN_INVALID_NAME; + + /* Lookup the port name in the task's space. */ + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; + + /* Make sure we are not dealing with a label handle. */ + port = (ipc_port_t) entry->ie_object; + ip_lock(port); + is_write_unlock(space); + if (ip_kotype(port) == IKOT_LABELH) { + /* already is a label handle! */ + ip_unlock(port); + return KERN_INVALID_ARGUMENT; + } + + /* Copy the port label and stash it in a new label handle. */ + mac_init_port_label(&outl); + mac_copy_port_label(&port->ip_label, &outl); + kr = labelh_new_user(space, &outl, outlabel); + ip_unlock(port); + + return KERN_SUCCESS; +} + /* also works on label handles */ kern_return_t ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 (text+ko) ==== @@ -31,6 +31,32 @@ #include <kern/task.h> kern_return_t +mach_get_task_label( + task_t t, + mach_port_name_t *outlabel) +{ + ipc_labelh_t lh = t->label; + ipc_space_t space = t->itk_space; + kern_return_t kr; + + ip_lock(lh->lh_port); + lh->lh_port->ip_mscount++; + lh->lh_port->ip_srights++; + ip_reference(lh->lh_port); + ip_unlock(lh->lh_port); + kr = ipc_object_copyout(space, lh->lh_port, + MACH_MSG_TYPE_PORT_SEND, 0, outlabel); + if (kr != KERN_SUCCESS) { + ip_lock(lh->lh_port); + ip_release(lh->lh_port); + ip_check_unlock(lh->lh_port); + *outlabel = MACH_PORT_NULL; + } + + return (KERN_SUCCESS); +} + +kern_return_t mach_get_task_label_text( task_t t, labelstr_t policies, ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 (text+ko) ==== @@ -13,6 +13,20 @@ type labelstr_t = c_string[*:512]; /** + @brief Retrieve a task label as a label handle + @param task Target's task port + @param label Returned label handle + + This call retrieves a label handle label for the + specified task, with respect to the specified policies. + + @return Standard MiG return values (0 for success) +*/ + +routine mach_get_task_label(task : task_t; + out label : mach_port_name_t); + +/** @brief Retrieve a task label in textual form @param task Target's task port @param policies Comma-delimited list of policies to query @@ -29,6 +43,26 @@ out label : labelstr_t); /** + @brief Retrieve a port label as a label handle + @param task Issuer's task port + @param port Port to query label from + @param label Returned label handle + + This call retrieves a label handle label for the + specified task, with respect to the specified policies. + + This call retrieves a label handle for the specified port, with + respect to the specified policies. If the port represents a label + handle, KERN_INVALID_ARGUMENT is returned. + + @return Standard MiG return values (0 for success) +*/ + +routine mach_get_label(task : ipc_space_t; + port : mach_port_name_t; + out label : mach_port_name_t); + +/** @brief Retrieve a port label in textual form @param task Issuer's task port @param name Port to query label from
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602231922.k1NJMIXl015243>