From owner-p4-projects@FreeBSD.ORG Wed Oct 11 17:35:31 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A44B016A59A; Wed, 11 Oct 2006 17:35:31 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6151616A596 for ; Wed, 11 Oct 2006 17:35:31 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D41C6440D0 for ; Wed, 11 Oct 2006 17:28:46 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9BHSZT6090859 for ; Wed, 11 Oct 2006 17:28:35 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9BHSZro090856 for perforce@freebsd.org; Wed, 11 Oct 2006 17:28:35 GMT (envelope-from millert@freebsd.org) Date: Wed, 11 Oct 2006 17:28:35 GMT Message-Id: <200610111728.k9BHSZro090856@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107693 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2006 17:35:32 -0000 http://perforce.freebsd.org/chv.cgi?CH=107693 Change 107693 by millert@millert_macbook on 2006/10/11 17:28:17 Add markup to mac_policy.h and teach mac_parse.pl about it. Move the file label out of struct fileproc and back into struct fileglob. Replace the multiple framework functions uses by fdesc to label a vnode with a single one that calls one of several entry points depending on the type of the underlying object represented by the vnode. Redo labeling of /dev/fd. We now extract the label from the underlying object (vnode, socket, pipe, posix sem/shm). For kqueue and fsevent structures we just use the fileglob label. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_generic.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/file_internal.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#11 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#8 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#14 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#12 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#14 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#24 edit .. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mk_stubs.awk#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_parse.pl#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#12 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#4 (text+ko) ==== @@ -381,7 +381,8 @@ pop = &fdp->fd_ofileflags[fd]; #ifdef MAC - error = mac_file_check_fcntl(proc_ucred(p), fp, uap->cmd, uap->arg); + error = mac_file_check_fcntl(proc_ucred(p), fp->f_fglob, uap->cmd, + uap->arg); if (error) goto out; #endif @@ -402,7 +403,8 @@ case F_GETFD: #ifdef MAC - error = mac_file_check_get_ofileflags(proc_ucred(p), fp, *pop); + error = mac_file_check_get_ofileflags(proc_ucred(p), + fp->f_fglob, *pop); if (error == 0) #endif *retval = (*pop & UF_EXCLOSE)? 1 : 0; @@ -411,8 +413,8 @@ case F_SETFD: #ifdef MAC error = mac_file_check_change_ofileflags(proc_ucred(p), - fp, *pop, (*pop &~ UF_EXCLOSE) | - ((uap->arg & 1) ? UF_EXCLOSE : 0)); + fp->f_fglob, *pop, (*pop &~ UF_EXCLOSE) | + (uap->arg & 1 ? UF_EXCLOSE : 0)); if (error == 0) #endif *pop = (*pop &~ UF_EXCLOSE) | @@ -421,7 +423,8 @@ case F_GETFL: #ifdef MAC - error = mac_file_check_get_flags(proc_ucred(p), fp, fp->f_flag); + error = mac_file_check_get_flags(proc_ucred(p), fp->f_fglob, + fp->f_flag); if (error == 0) #endif *retval = OFLAGS(fp->f_flag); @@ -430,7 +433,7 @@ case F_SETFL: #ifdef MAC error = mac_file_check_change_flags(proc_ucred(p), - fp, fp->f_flag, (fp->f_flag & ~FCNTLFLAGS) | + fp->f_fglob, fp->f_flag, (fp->f_flag & ~FCNTLFLAGS) | (FFLAGS(CAST_DOWN(int, uap->arg)) & FCNTLFLAGS)); if (error) goto out; @@ -985,7 +988,7 @@ fg_ref(ofp); #ifdef MAC - error = mac_file_check_dup(proc_ucred(p), ofp, new); + error = mac_file_check_dup(proc_ucred(p), ofp->f_fglob, new); if (error) { fg_drop(ofp); _fdrelse(fdp, new); @@ -1003,10 +1006,6 @@ nfp->f_flags = ofp->f_flags; nfp->f_fglob = ofp->f_fglob; nfp->f_iocount = 0; -#ifdef MAC - mac_file_label_init(nfp); - mac_file_label_copy(ofp->f_label, nfp->f_label); -#endif fdp->fd_ofiles[new] = nfp; fdp->fd_ofileflags[new] = fdp->fd_ofileflags[old] &~ UF_EXCLOSE; @@ -1123,9 +1122,6 @@ if (!locked) proc_fdunlock(p); -#ifdef MAC - mac_file_label_destroy(fp); -#endif FREE_ZONE(fp, sizeof *fp, M_FILEPROC); return(error); } @@ -1477,9 +1473,6 @@ fdp->fd_ofiles[fd] == NULL && !(fdp->fd_ofileflags[fd] & UF_RESERVED)) fdp->fd_lastfile--; -#ifdef MAC - mac_file_label_destroy(fp); -#endif FREE_ZONE(fp, sizeof *fp, M_FILEPROC); } @@ -1947,14 +1940,14 @@ fg->fg_count = 1; fp->f_fglob = fg; #ifdef MAC - mac_file_label_init(fp); + mac_file_label_init(fg); #endif proc_fdlock(p); fp->f_cred = kauth_cred_proc_ref(p); #ifdef MAC - mac_file_label_associate(fp->f_cred, fp); + mac_file_label_associate(fp->f_cred, fg); #endif lck_mtx_lock(file_flist_lock); @@ -2002,6 +1995,9 @@ } lck_mtx_destroy(&fg->fg_lock, file_lck_grp); +#ifdef MAC + mac_file_label_destroy(fg); +#endif FREE_ZONE(fg, sizeof *fg, M_FILEGLOB); } @@ -2023,7 +2019,7 @@ if ((*flags & UF_RESERVED) == 0 && ((*flags & UF_EXCLOSE) != 0 #ifdef MAC - || (fp && mac_file_check_inherit(proc_ucred(p), fp)) + || (fp && mac_file_check_inherit(proc_ucred(p), fp->f_fglob)) #endif )) { if (i < fdp->fd_knlistsize) @@ -2033,15 +2029,8 @@ if (i == fdp->fd_lastfile && i > 0) fdp->fd_lastfile--; closef_locked(fp, fp->f_fglob, p); -#ifdef MAC - mac_file_label_destroy(fp); -#endif FREE_ZONE(fp, sizeof *fp, M_FILEPROC); } -#ifdef MAC - else if ((*flags & UF_RESERVED) == 0 && fp != NULL) - mac_file_label_update(proc_ucred(p), fp); -#endif i--; fpp--; flags--; } @@ -2202,10 +2191,6 @@ fp->f_iocount = 0; fp->f_fglob = ofp->f_fglob; (void)fg_ref(fp); -#ifdef MAC - mac_file_label_init(fp); - mac_file_label_copy(ofp->f_label, fp->f_label); -#endif *fpp = fp; } else { *fpp = NULL; @@ -2261,9 +2246,6 @@ if (fp->f_flags & FP_WAITEVENT) (void)waitevent_close(p, fp); (void) closef_locked(fp, fp->f_fglob, p); -#ifdef MAC - mac_file_label_destroy(fp); -#endif FREE_ZONE(fp, sizeof *fp, M_FILEPROC); } } @@ -2443,9 +2425,6 @@ proc_fdunlock(p); fg_free(fp->f_fglob); -#ifdef MAC - mac_file_label_destroy(fp); -#endif FREE_ZONE(fp, sizeof *fp, M_FILEPROC); } @@ -2485,7 +2464,7 @@ if (how & LOCK_UN) { lf.l_type = F_UNLCK; #ifdef MAC - error = mac_file_check_change_flags(proc_ucred(p), fp, + error = mac_file_check_change_flags(proc_ucred(p), fp->f_fglob, fp->f_flag, fp->f_flag & ~FHASLOCK); if (error) goto out; @@ -2503,7 +2482,7 @@ goto out; } #ifdef MAC - error = mac_file_check_change_flags(proc_ucred(p), fp, + error = mac_file_check_change_flags(proc_ucred(p), fp->f_fglob, fp->f_flag, fp->f_flag | FHASLOCK); if (error) goto out; @@ -2581,7 +2560,7 @@ return (EBADF); } #ifdef MAC - myerror = mac_file_check_dup(proc_ucred(p), wfp, dfd); + myerror = mac_file_check_dup(proc_ucred(p), wfp->f_fglob, dfd); if (myerror) { proc_fdunlock(p); return (myerror); @@ -2638,9 +2617,6 @@ proc_fdunlock(p); -#ifdef MAC - mac_file_label_destroy(wfp); -#endif FREE_ZONE(wfp, sizeof *fp, M_FILEPROC); return (0); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_generic.c#3 (text+ko) ==== @@ -739,7 +739,7 @@ } #ifdef MAC - error = mac_file_check_ioctl(proc_ucred(p), fp, uap->com, + error = mac_file_check_ioctl(proc_ucred(p), fp->f_fglob, uap->com, (void *)uap->data); if (error) goto out; @@ -771,7 +771,7 @@ case FIONCLEX: #ifdef MAC error = mac_file_check_change_ofileflags(proc_ucred(p), - fp, *fdflags(p, uap->fd), + fp->f_fglob, *fdflags(p, uap->fd), *fdflags(p, uap->fd) & ~UF_EXCLOSE); if (error == 0) #endif @@ -780,7 +780,7 @@ case FIOCLEX: #ifdef MAC error = mac_file_check_change_ofileflags(proc_ucred(p), - fp, *fdflags(p, uap->fd), + fp->f_fglob, *fdflags(p, uap->fd), *fdflags(p, uap->fd) | UF_EXCLOSE); if (error == 0) #endif @@ -849,7 +849,7 @@ case FIONBIO: #ifdef MAC - error = mac_file_check_change_flags(proc_ucred(p), fp, + error = mac_file_check_change_flags(proc_ucred(p), fp->f_fglob, fp->f_flag, *(int *)datap ? fp->f_flag | FNONBLOCK : fp->f_flag & ~FNONBLOCK); if (error) @@ -864,7 +864,7 @@ case FIOASYNC: #ifdef MAC - error = mac_file_check_change_flags(proc_ucred(p), fp, + error = mac_file_check_change_flags(proc_ucred(p), fp->f_fglob, fp->f_flag, *(int *)datap ? fp->f_flag | FASYNC : fp->f_flag & ~FASYNC); if (error) ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#7 (text+ko) ==== @@ -129,8 +129,8 @@ static void unp_gc(void); static void unp_scan(struct mbuf *, void (*)(struct fileglob *)); static void unp_mark(struct fileglob *); -static void unp_discard(struct fileproc *); -static void unp_discard_fdlocked(struct fileproc *, struct proc *); +static void unp_discard(struct fileglob *); +static void unp_discard_fdlocked(struct fileglob *, struct proc *); static int unp_internalize(struct mbuf *, struct proc *); static int unp_listen(struct unpcb *, struct proc *); @@ -1059,8 +1059,9 @@ struct proc *p = current_proc(); /* XXX */ int i; struct cmsghdr *cm = mtod(rights, struct cmsghdr *); - struct fileproc **rp = (struct fileproc **)(cm + 1); + struct fileglob **rp = (struct fileglob **)(cm + 1); struct fileproc *fp; + struct fileglob *fg; int newfds = (cm->cmsg_len - sizeof(*cm)) / sizeof (int); int f; @@ -1071,8 +1072,8 @@ */ if (!fdavail(p, newfds)) { for (i = 0; i < newfds; i++) { - fp = *rp; - unp_discard_fdlocked(fp, p); + fg = *rp; + unp_discard_fdlocked(fg, p); *rp++ = 0; } proc_fdunlock(p); @@ -1086,26 +1087,27 @@ * XXX this assumes a pointer and int are the same size...! */ for (i = 0; i < newfds; i++) { - fp = *rp; #ifdef MAC /* * If receive access is denied, don't pass along * and error message, just discard the descriptor. */ - if (mac_file_check_receive(proc_ucred(p), fp)) { + if (mac_file_check_receive(p->p_ucred, *rp)) { + fg = *rp; *rp++ = 0; - unp_discard_fdlocked(fp, p); + unp_discard_fdlocked(fg, p); continue; } #endif if (fdalloc(p, 0, &f)) panic("unp_externalize"); + fg = *rp; + MALLOC_ZONE(fp, struct fileproc *, sizeof(struct fileproc), M_FILEPROC, M_WAITOK); + bzero(fp, sizeof(struct fileproc)); fp->f_iocount = 0; -#ifdef MAC - mac_file_label_update(proc_ucred(p), fp); -#endif + fp->f_fglob = fg; p->p_fd->fd_ofiles[f] = fp; - fg_removeuipc(fp->f_fglob); + fg_removeuipc(fg); *fdflags(p, f) &= ~UF_RESERVED; unp_rights--; *(int *)rp++ = f; @@ -1150,8 +1152,8 @@ struct proc *p) { struct cmsghdr *cm = mtod(control, struct cmsghdr *); - struct fileproc **rp; - struct fileproc *fp, *ofp; + struct fileglob **rp; + struct fileproc *fp; register int i, error; int oldfds; int fdgetf_noref(proc_t, struct fileglob **, struct fileproc **); @@ -1163,28 +1165,20 @@ oldfds = (cm->cmsg_len - sizeof (*cm)) / sizeof (int); proc_fdlock(p); - rp = (struct fileproc **)(cm + 1); + rp = (struct fileglob **)(cm + 1); for (i = 0; i < oldfds; i++) { - if (error = fdgetf_noref(p, *(int *)rp++, (struct fileproc **)0)) { + if (error = fdgetf_noref(p, *(int *)rp++, (struct fileglob **)0)) { proc_fdunlock(p); return (error); } } - rp = (struct fileproc **)(cm + 1); + rp = (struct fileglob **)(cm + 1); for (i = 0; i < oldfds; i++) { - (void) fdgetf_noref(p, *(int *)rp, &ofp); - MALLOC_ZONE(fp, struct fileproc *, sizeof(struct fileproc), - M_FILEPROC, M_WAITOK); - bzero(fp, sizeof(struct fileproc)); - fp->f_fglob = ofp->f_fglob; -#ifdef MAC - mac_file_label_init(fp); - mac_file_label_copy(ofp->f_label, fp->f_label); -#endif + (void) fdgetf_noref(p, *(int *)rp, &fp); fg_insertuipc(fp->f_fglob); - *rp++ = fp; + *rp++ = fp->f_fglob; unp_rights++; } proc_fdunlock(p); @@ -1393,7 +1387,7 @@ { if (m) { - unp_scan(m, (void (*)(struct fileglob *))unp_discard); + unp_scan(m, unp_discard); } } @@ -1458,27 +1452,23 @@ /* should run under kernel funnel */ static void -unp_discard(fp) - struct fileproc *fp; +unp_discard(fg) + struct fileglob *fg; { struct proc *p = current_proc(); /* XXX */ proc_fdlock(p); - unp_discard_fdlocked(fp, p); + unp_discard_fdlocked(fg, p); proc_fdunlock(p); } static void -unp_discard_fdlocked(fp, p) - struct fileproc *fp; +unp_discard_fdlocked(fg, p) + struct fileglob *fg; struct proc *p; { - fg_removeuipc(fp->f_fglob); + fg_removeuipc(fg); unp_rights--; - (void) closef_locked((struct fileproc *)0, fp->f_fglob, p); -#ifdef MAC - mac_file_label_destroy(fp); -#endif - FREE(fp, M_FILEPROC); + (void) closef_locked((struct fileproc *)0, fg, p); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#3 (text+ko) ==== @@ -226,10 +226,6 @@ struct componentname *cnp = ap->a_cnp; char *pname = cnp->cn_nameptr; struct proc *p = vfs_context_proc(ap->a_context); -#ifdef MAC - struct filedesc *fdp = p->p_fd; - struct fileproc *fp; -#endif int numfiles = p->p_fd->fd_nfiles; int fd; int error; @@ -327,9 +323,8 @@ goto bad; VTOFDESC(fvp)->fd_fd = fd; #ifdef MAC - fp = fdp->fd_ofiles[fd]; - mac_vnode_label_associate_file(vfs_context_ucred(ap->a_context), - fp, fvp); + mac_vnode_label_associate_file(proc_ucred(p), + p->p_fd->fd_ofiles[fd]->f_fglob, fvp); #endif *vpp = fvp; return (0); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/file_internal.h#4 (text+ko) ==== @@ -86,7 +86,6 @@ int32_t f_iocount; struct fileglob * f_fglob; void * f_waddr; - struct label *f_label; }; #define FILEPROC_NULL (struct fileproc *)0 @@ -140,6 +139,7 @@ int32_t fg_lflags; /* file global flags */ unsigned int fg_lockpc[4]; unsigned int fg_unlockpc[4]; + struct label *fg_label; }; /* file types */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#11 (text+ko) ==== @@ -1739,7 +1739,8 @@ type |= F_WAIT; #ifdef MAC error = mac_file_check_change_flags(vfs_context_ucred(ctx), - fp, fp->f_fglob->fg_flag, fp->f_fglob->fg_flag | FHASLOCK); + fp->f_fglob, fp->f_fglob->fg_flag, + fp->f_fglob->fg_flag | FHASLOCK); if (error) goto bad; #endif @@ -2473,10 +2474,10 @@ #ifdef MAC if (uap->whence == L_INCR && uap->offset == 0) error = mac_file_check_get_offset(vfs_context_ucred(&context), - fp); + fp->f_fglob); else error = mac_file_check_change_offset(vfs_context_ucred(&context), - fp); + fp->f_fglob); if (error) { file_drop(uap->fd); return (error); @@ -4492,7 +4493,7 @@ context.vc_ucred = fp->f_fglob->fg_cred; #ifdef MAC - error = mac_file_check_change_offset(kauth_cred_get(), fp); + error = mac_file_check_change_offset(kauth_cred_get(), fp->f_fglob); if (error) goto out; #endif @@ -4810,7 +4811,8 @@ context.vc_ucred = kauth_cred_get(); #ifdef MAC - error = mac_file_check_change_offset(vfs_context_ucred(&context), fp); + error = mac_file_check_change_offset(vfs_context_ucred(&context), + fp->f_fglob); if (error) goto out; #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#3 (text+ko) ==== @@ -64,10 +64,10 @@ } void -mac_file_label_init(struct fileproc *fp) +mac_file_label_init(struct fileglob *fg) { - fp->f_label = mac_file_label_alloc(); + fg->fg_label = mac_file_label_alloc(); } static void @@ -79,34 +79,20 @@ } void -mac_file_label_associate(struct ucred *cred, struct fileproc *fp) +mac_file_label_associate(struct ucred *cred, struct fileglob *fg) { - MAC_PERFORM(file_label_associate, cred, fp, fp->f_label); + MAC_PERFORM(file_label_associate, cred, fg, fg->fg_label); } void -mac_file_label_update(struct ucred *cred, struct fileproc *fp) +mac_file_label_destroy(struct fileglob *fg) { - MAC_PERFORM(file_label_update, cred, fp, fp->f_label); -} - -void -mac_file_label_copy(struct label *src, struct label *dest) -{ - - MAC_PERFORM(file_label_copy, src, dest); + mac_file_label_free(fg->fg_label); + fg->fg_label = NULL; } -void -mac_file_label_destroy(struct fileproc *fp) -{ - - mac_file_label_free(fp->f_label); - fp->f_label = NULL; -} - int mac_file_check_create(struct ucred *cred) { @@ -119,147 +105,147 @@ } int -mac_file_check_dup(struct ucred *cred, struct fileproc *fp, int newfd) +mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_dup, cred, fp, fp->f_label, newfd); + MAC_CHECK(file_check_dup, cred, fg, fg->fg_label, newfd); return (error); } int -mac_file_check_fcntl(struct ucred *cred, struct fileproc *fp, int cmd, long arg) +mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd, long arg) { int error; - MAC_CHECK(file_check_fcntl, cred, fp, cmd, arg); + MAC_CHECK(file_check_fcntl, cred, fg, cmd, arg); return (error); } int -mac_file_check_ioctl(struct ucred *cred, struct fileproc *fp, u_long cmd, +mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_long cmd, void *data) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_ioctl, cred, fp, fp->f_label, cmd, data); + MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd, data); return (error); } int -mac_file_check_inherit(struct ucred *cred, struct fileproc *fp) +mac_file_check_inherit(struct ucred *cred, struct fileglob *fg) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_inherit, cred, fp, fp->f_label); + MAC_CHECK(file_check_inherit, cred, fg, fg->fg_label); return (error); } int -mac_file_check_receive(struct ucred *cred, struct fileproc *fp) +mac_file_check_receive(struct ucred *cred, struct fileglob *fg) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_receive, cred, fp, fp->f_label); + MAC_CHECK(file_check_receive, cred, fg, fg->fg_label); return (error); } int -mac_file_check_get_flags(struct ucred *cred, struct fileproc *fp, +mac_file_check_get_flags(struct ucred *cred, struct fileglob *fg, u_int flags) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_get_flags, cred, fp, fp->f_label, flags); + MAC_CHECK(file_check_get_flags, cred, fg, fg->fg_label, flags); return (error); } int -mac_file_check_get_ofileflags(struct ucred *cred, struct fileproc *fp, +mac_file_check_get_ofileflags(struct ucred *cred, struct fileglob *fg, char flags) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_get_ofileflags, cred, fp, fp->f_label, flags); + MAC_CHECK(file_check_get_ofileflags, cred, fg, fg->fg_label, flags); return (error); } int -mac_file_check_change_flags(struct ucred *cred, struct fileproc *fp, +mac_file_check_change_flags(struct ucred *cred, struct fileglob *fg, u_int oldflags, u_int newflags) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_change_flags, cred, fp, fp->f_label, oldflags, + MAC_CHECK(file_check_change_flags, cred, fg, fg->fg_label, oldflags, newflags); return (error); } int -mac_file_check_change_ofileflags(struct ucred *cred, struct fileproc *fp, +mac_file_check_change_ofileflags(struct ucred *cred, struct fileglob *fg, char oldflags, char newflags) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_change_ofileflags, cred, fp, fp->f_label, + MAC_CHECK(file_check_change_ofileflags, cred, fg, fg->fg_label, oldflags, newflags); return (error); } int -mac_file_check_get_offset(struct ucred *cred, struct fileproc *fp) +mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_get_offset, cred, fp, fp->f_label); + MAC_CHECK(file_check_get_offset, cred, fg, fg->fg_label); return (error); } int -mac_file_check_change_offset(struct ucred *cred, struct fileproc *fp) +mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg) { int error; if (!mac_enforce_file) return (0); - MAC_CHECK(file_check_change_offset, cred, fp, fp->f_label); + MAC_CHECK(file_check_change_offset, cred, fg, fg->fg_label); return (error); } int -mac_file_check_get(struct ucred *cred, struct fileproc *fp, char *elements, +mac_file_check_get(struct ucred *cred, struct fileglob *fg, char *elements, int len) { int error; - MAC_CHECK(file_check_get, cred, fp, elements, len); + MAC_CHECK(file_check_get, cred, fg, elements, len); return (error); } int -mac_file_check_set(struct ucred *cred, struct fileproc *fp, char *buf, +mac_file_check_set(struct ucred *cred, struct fileglob *fg, char *buf, int buflen) { int error; - MAC_CHECK(file_check_set, cred, fp, buf, buflen); + MAC_CHECK(file_check_set, cred, fg, buf, buflen); return (error); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#8 (text+ko) ==== @@ -56,7 +56,7 @@ struct bpf_d; struct componentname; struct devnode; -struct fileproc; +struct fileglob; struct ifnet; struct lctx; struct mac; @@ -89,7 +89,7 @@ */ void mac_cred_label_init(struct ucred *); void mac_devfs_label_init(struct devnode *); -void mac_file_label_init(struct fileproc *fp); +void mac_file_label_init(struct fileglob *fg); int mac_mbuf_label_init(struct mbuf *, int); int mac_mbuf_tag_init(struct m_tag *, int); void mac_mount_label_init(struct mount *); @@ -105,15 +105,13 @@ void mac_vnode_label_init(struct vnode *vp); void mac_vnode_label_copy(struct label *, struct label *label); void mac_devfs_label_copy(struct label *, struct label *label); -void mac_file_label_copy(struct label *, struct label *label); void mac_mbuf_tag_copy(struct m_tag *, struct m_tag *); void mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to); void mac_socket_label_copy(struct label *from, struct label *to); -void mac_file_label_associate(struct ucred *cred, struct fileproc *fp); -void mac_file_label_update(struct ucred *cred, struct fileproc *fp); +void mac_file_label_associate(struct ucred *cred, struct fileglob *fg); void mac_cred_label_destroy(struct ucred *); void mac_devfs_label_destroy(struct devnode *); -void mac_file_label_destroy(struct fileproc *fp); +void mac_file_label_destroy(struct fileglob *fg); void mac_mbuf_label_destroy(struct mbuf *); void mac_mbuf_tag_destroy(struct m_tag *); void mac_mount_label_destroy(struct mount *); @@ -150,10 +148,10 @@ struct vnode *vp); int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp); void mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp); -void mac_vnode_label_associate_file(struct ucred *cred, struct fileproc *fp, +void mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, struct vnode *vp); -void mac_devfs_label_associate_device(struct ucred *cr, struct mount *mp, dev_t dev, - struct devnode *de, const char *fullpath); +void mac_devfs_label_associate_device(struct ucred *cr, struct mount *mp, + dev_t dev, struct devnode *de, const char *fullpath); void mac_devfs_label_associate_directory(struct mount *mp, char *dirname, int dirnamelen, struct devnode *de, const char *fullpath); int mac_vnode_notify_create(struct ucred *cred, struct mount *mp, @@ -292,27 +290,27 @@ int mac_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqptr); int mac_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, int cmd); -int mac_file_check_fcntl(struct ucred *cred, struct fileproc *fp, int cmd, +int mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd, long arg); -int mac_file_check_get(struct ucred *cred, struct fileproc *fp, +int mac_file_check_get(struct ucred *cred, struct fileglob *fg, char *elements, int len); int mac_file_check_create(struct ucred *cred); -int mac_file_check_dup(struct ucred *cred, struct fileproc *fp, int newfd); -int mac_file_check_ioctl(struct ucred *cred, struct fileproc *fp, +int mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd); +int mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_long com, void *data); -int mac_file_check_inherit(struct ucred *cred, struct fileproc *fp); -int mac_file_check_receive(struct ucred *cred, struct fileproc *fp); -int mac_file_check_get_flags(struct ucred *cred, struct fileproc *fp, +int mac_file_check_inherit(struct ucred *cred, struct fileglob *fg); +int mac_file_check_receive(struct ucred *cred, struct fileglob *fg); +int mac_file_check_get_flags(struct ucred *cred, struct fileglob *fg, u_int flags); -int mac_file_check_get_ofileflags(struct ucred *cred, struct fileproc *fp, +int mac_file_check_get_ofileflags(struct ucred *cred, struct fileglob *fg, char flags); -int mac_file_check_change_flags(struct ucred *cred, struct fileproc *fp, +int mac_file_check_change_flags(struct ucred *cred, struct fileglob *fg, u_int oldflags, u_int newflags); int mac_file_check_change_ofileflags(struct ucred *cred, - struct fileproc *fp, char oldflags, char newflags); -int mac_file_check_get_offset(struct ucred *cred, struct fileproc *fp); -int mac_file_check_change_offset(struct ucred *cred, struct fileproc *fp); -int mac_file_check_set(struct ucred *cred, struct fileproc *fp, + struct fileglob *fg, char oldflags, char newflags); +int mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg); +int mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg); +int mac_file_check_set(struct ucred *cred, struct fileglob *fg, char *buf, int buflen); int mac_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#14 (text+ko) ==== @@ -59,7 +59,7 @@ struct attrlist; struct bpf_d; struct devnode; -struct fileproc; +struct fileglob; struct ifnet; struct ipq; struct label; @@ -68,6 +68,9 @@ struct mac_policy_conf; struct mbuf; struct mount; +struct pipe; +struct pseminfo; +struct pshminfo; struct sbuf; struct semid_kernel; struct shmid_kernel; @@ -540,24 +543,12 @@ /** @brief Create file label @param cred Subject credential - @param fp Fileproc structure - @param label Policy label for fp + @param fg Fileglob structure + @param label Policy label for fg */ typedef void mpo_file_label_associate_t( struct ucred *cred, - struct fileproc *fp, - struct label *label -); - -/** - @brief Update file label - @param cred Subject credential - @param fp Fileproc structure - @param label New policy label for fp -*/ -typedef void mpo_file_label_update_t( - struct ucred *cred, - struct fileproc *fp, + struct fileglob *fg, struct label *label ); @@ -991,19 +982,6 @@ ); /** - @brief Copy a file label - @param src Source file label - @param dest Destination file label - - Copy the file label information from src to dest. This is - used when duplicating, passing or inheriting file descriptors. -*/ -typedef void mpo_file_label_copy_t( - struct label *src, - struct label *dest -); - -/** @brief Externalize a user credential label @param label Label to be externalized @param element_name Name of the label namespace for which labels should be @@ -1377,21 +1355,101 @@ ); /** + @brief Associate a socket label with a vnode + @param cred User credential for the process that opened the socket + @param xso Socket structure + @param solabel Label associated with xso + @param vp Vnode to label + @param vlabel Label associated with vp + + Associate label information for the vnode, vp, with the label of + the open socket described by the socket structure so. + The label should be stored in the supplied vlabel parameter. +*/ +typedef void mpo_vnode_label_associate_socket_t( + struct ucred *cred, + struct xsocket *xso, + struct label *solabel, + struct vnode *vp, + struct label *vlabel +); + +/** + @brief Associate a POSIX shared memory label with a vnode + @param cred User credential for the process that created pshm + @param pshm POSIX shared memory structure + @param pshmlabel Label associated with pshm + @param vp Vnode to label + @param vlabel Label associated with vp + + Associate label information for the vnode, vp, with the label of + the POSIX shared memory region described by pshm. + The label should be stored in the supplied vlabel parameter. +*/ +typedef void mpo_vnode_label_associate_posixshm_t( + struct ucred *cred, + struct pshminfo *pshm, + struct label *pshmlabel, + struct vnode *vp, + struct label *vlabel +); + +/** + @brief Associate a POSIX semaphore label with a vnode + @param cred User credential for the process that create psem + @param psem POSIX semaphore structure + @param psemlabel Label associated with psem + @param vp Vnode to label + @param vlabel Label associated with vp + + Associate label information for the vnode, vp, with the label of + the POSIX semaphore described by psem. + The label should be stored in the supplied vlabel parameter. +*/ +typedef void mpo_vnode_label_associate_posixsem_t( + struct ucred *cred, + struct pseminfo *psem, + struct label *psemlabel, + struct vnode *vp, >>> TRUNCATED FOR MAIL (1000 lines) <<<