From owner-p4-projects@FreeBSD.ORG Thu Feb 23 19:22:19 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6C3E916A423; Thu, 23 Feb 2006 19:22:19 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1858E16A420 for ; Thu, 23 Feb 2006 19:22:19 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D166743D46 for ; Thu, 23 Feb 2006 19:22:18 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1NJMIaM015246 for ; Thu, 23 Feb 2006 19:22:18 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1NJMIXl015243 for perforce@freebsd.org; Thu, 23 Feb 2006 19:22:18 GMT (envelope-from millert@freebsd.org) Date: Thu, 23 Feb 2006 19:22:18 GMT Message-Id: <200602231922.k1NJMIXl015243@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 92285 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:22:20 -0000 http://perforce.freebsd.org/chv.cgi?CH=92285 Change 92285 by millert@millert_g4tower on 2006/02/23 19:21:40 Add 2 new methods to the security server: mach_get_task_label() which gets the label handle of a task and mach_get_label() which allocates a new label handle and copies a port's label into it. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 (text+ko) ==== @@ -1760,6 +1760,47 @@ return kr; } +/* + * Get a label handle representing the given port's port label. + */ +kern_return_t +mach_get_label( + ipc_space_t space, + mach_port_name_t name, + mach_port_name_t *outlabel) +{ + ipc_entry_t entry; + ipc_port_t port; + struct label outl; + kern_return_t kr; + + if (!MACH_PORT_VALID(name)) + return KERN_INVALID_NAME; + + /* Lookup the port name in the task's space. */ + kr = ipc_right_lookup_write(space, name, &entry); + if (kr != KERN_SUCCESS) + return kr; + + /* Make sure we are not dealing with a label handle. */ + port = (ipc_port_t) entry->ie_object; + ip_lock(port); + is_write_unlock(space); + if (ip_kotype(port) == IKOT_LABELH) { + /* already is a label handle! */ + ip_unlock(port); + return KERN_INVALID_ARGUMENT; + } + + /* Copy the port label and stash it in a new label handle. */ + mac_init_port_label(&outl); + mac_copy_port_label(&port->ip_label, &outl); + kr = labelh_new_user(space, &outl, outlabel); + ip_unlock(port); + + return KERN_SUCCESS; +} + /* also works on label handles */ kern_return_t ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 (text+ko) ==== @@ -31,6 +31,32 @@ #include kern_return_t +mach_get_task_label( + task_t t, + mach_port_name_t *outlabel) +{ + ipc_labelh_t lh = t->label; + ipc_space_t space = t->itk_space; + kern_return_t kr; + + ip_lock(lh->lh_port); + lh->lh_port->ip_mscount++; + lh->lh_port->ip_srights++; + ip_reference(lh->lh_port); + ip_unlock(lh->lh_port); + kr = ipc_object_copyout(space, lh->lh_port, + MACH_MSG_TYPE_PORT_SEND, 0, outlabel); + if (kr != KERN_SUCCESS) { + ip_lock(lh->lh_port); + ip_release(lh->lh_port); + ip_check_unlock(lh->lh_port); + *outlabel = MACH_PORT_NULL; + } + + return (KERN_SUCCESS); +} + +kern_return_t mach_get_task_label_text( task_t t, labelstr_t policies, ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 (text+ko) ==== @@ -13,6 +13,20 @@ type labelstr_t = c_string[*:512]; /** + @brief Retrieve a task label as a label handle + @param task Target's task port + @param label Returned label handle + + This call retrieves a label handle label for the + specified task, with respect to the specified policies. + + @return Standard MiG return values (0 for success) +*/ + +routine mach_get_task_label(task : task_t; + out label : mach_port_name_t); + +/** @brief Retrieve a task label in textual form @param task Target's task port @param policies Comma-delimited list of policies to query @@ -29,6 +43,26 @@ out label : labelstr_t); /** + @brief Retrieve a port label as a label handle + @param task Issuer's task port + @param port Port to query label from + @param label Returned label handle + + This call retrieves a label handle label for the + specified task, with respect to the specified policies. + + This call retrieves a label handle for the specified port, with + respect to the specified policies. If the port represents a label + handle, KERN_INVALID_ARGUMENT is returned. + + @return Standard MiG return values (0 for success) +*/ + +routine mach_get_label(task : ipc_space_t; + port : mach_port_name_t; + out label : mach_port_name_t); + +/** @brief Retrieve a port label in textual form @param task Issuer's task port @param name Port to query label from