Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 31 Oct 2006 22:23:16 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 108869 for review
Message-ID:  <200610312223.k9VMNG3o027241@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108869

Change 108869 by millert@millert_macbook on 2006/10/31 22:23:12

	Change ikm_sender from struct ipc_labelh * to task_t.  This
	allows us to report the correct sender in the avc audit
	logs for MiG-based permissions.  To do this, we now pass a
	struct proc * to mpo_port_check_method.
	
	This time we don't need to hold a reference to the label handle,
	keeping a reference to the task_t is sufficient as that has
	its own label handle reference.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 (text+ko) ====

@@ -295,7 +295,6 @@
 
 #ifdef MAC
 	if (kmsg->ikm_sender != NULL) {
-		labelh_release(kmsg->ikm_sender->label);
 		task_deallocate(kmsg->ikm_sender);
 		kmsg->ikm_sender = NULL;
 	}
@@ -664,7 +663,6 @@
 
 #ifdef MAC
 	if (kmsg->ikm_sender != NULL) {
-		labelh_release(kmsg->ikm_sender->label);
 		task_deallocate(kmsg->ikm_sender);
 		kmsg->ikm_sender = NULL;
 	}
@@ -775,7 +773,6 @@
 	task_t cur = current_task();
 	if (cur) {
 		task_reference(cur);
-		labelh_reference(cur->label);
 		kmsg->ikm_sender = cur;
 	} else
 		trailer->msgh_labels.sender = 0;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 (text+ko) ====

@@ -706,6 +706,8 @@
 #endif
 		case AVC_AUDIT_DATA_FS:
 			if (a->u.fs.vp && tsk) {
+				char *pbuf = NULL;
+				char *path = a->u.fs.path;
 				struct vnode *vp = a->u.fs.vp;
 				struct vnode_attr va;
 				struct vfs_context vfs_ctx =
@@ -713,10 +715,22 @@
 				VATTR_INIT(&va);
 				VATTR_WANTED(&va, va_fileid);
 				if (vnode_getattr(vp, &va, &vfs_ctx) == 0) {
-					audit_log_format(ab,
-					    " inode=%llu, mountpoint=%s,",
-					    va.va_fileid, 
+					audit_log_format(ab, " inode=%llu, "
+					    "mountpoint=%s,", va.va_fileid, 
 					    vp->v_mount->mnt_vfsstat.f_mntonname);
+					if (path == NULL) {
+						int len = MAXPATHLEN;
+						pbuf = sebsd_malloc(MAXPATHLEN,
+						    M_SEBSD, M_NOWAIT);
+						if (pbuf != NULL &&
+						    !vn_getpath(vp, pbuf, &len))
+							path = pbuf;
+					}
+					if (path != NULL)
+						audit_log_format(ab,
+						    " path=%s,", path);
+					if (pbuf != NULL)
+						sebsd_free(pbuf, M_SEBSD);
 					break;
 				}
 				audit_log_format(ab,

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 (text+ko) ====

@@ -49,6 +49,7 @@
 	union 	{
 		struct {
 			struct vnode *vp;
+			char *path;
 		} fs;
 		struct {
 			char *netif;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 (text+ko) ====

@@ -440,7 +440,7 @@
 }
 
 static int
-vnode_has_perm(struct ucred *cred, struct vnode *vp, u_int32_t perm)
+vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm)
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
@@ -451,6 +451,7 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
+	ad.u.fs.path = path;
 
 	/* Update security class if not set or vnode was recycled. */
 	if (file->sclass == 0 || vp->v_type == VBAD)
@@ -1482,7 +1483,7 @@
 	vsec = SLOT(vl);
 	task = SLOT(cred->cr_label);
 
-	rc = vnode_has_perm(cred, vp, FILE__MOUNTON);
+	rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON);
 	if (rc)
 		goto done;
 
@@ -1950,7 +1951,7 @@
 	if (mask == 0)
 		return (0);
 
-	return (vnode_has_perm(cred, vp,
+	return (vnode_has_perm(cred, vp, NULL,
 	    file_mask_to_av(vp->v_type, mask)));
 }
 
@@ -1960,7 +1961,7 @@
 {
 
 	/* MAY_EXEC ~= DIR__SEARCH */
-	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
 }
 
 static int
@@ -1970,7 +1971,7 @@
 
 	/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
 	/* MAY_EXEC ~= DIR__SEARCH */
-	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
 }
 
 static int
@@ -1995,6 +1996,7 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = dvp;
+	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__ADD_NAME | DIR__SEARCH, &ad);
@@ -2051,6 +2053,7 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
+	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__SEARCH | DIR__REMOVE_NAME, &ad);
@@ -2073,7 +2076,7 @@
     struct label *label, acl_type_t type)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 #endif
 
@@ -2083,10 +2086,10 @@
 {
 	int error;
 
-	error = vnode_has_perm(cred, v1, FILE__READ | FILE__WRITE);
+	error = vnode_has_perm(cred, v1, NULL, FILE__READ | FILE__WRITE);
 	if (error)
 		return (error);
-	return (vnode_has_perm(cred, v2, FILE__READ | FILE__WRITE));
+	return (vnode_has_perm(cred, v2, NULL, FILE__READ | FILE__WRITE));
 }
 
 static int
@@ -2151,7 +2154,7 @@
     struct label *label, acl_type_t type)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
 }
 #endif
 
@@ -2160,7 +2163,7 @@
     struct label *vlabel, struct attrlist *alist)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
 }
 
 static int
@@ -2168,7 +2171,7 @@
     struct label *label, const char *name, struct uio *uio)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
 }
 
 #if defined(FILE__POLL) && defined(FILE__GETATTR)
@@ -2180,9 +2183,9 @@
 	switch (kn->kn_filter) {
 	case EVFILT_READ:
 	case EVFILT_WRITE:
-		return (vnode_has_perm(cred, vp, FILE__POLL));
+		return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
 	case EVFILT_VNODE:
-		return (vnode_has_perm(cred, vp, FILE__GETATTR));
+		return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
 	default:
 		return (0);
 	}
@@ -2208,6 +2211,7 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
+	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
 	    DIR__SEARCH | DIR__ADD_NAME, &ad);
@@ -2228,7 +2232,7 @@
 		return (ENOTDIR);
 
 	/* TBD: DIR__READ as well? */
-	return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+	return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH));
 }
 
 static int
@@ -2247,7 +2251,7 @@
 	if (!mask)
 		return (0);
 
-	return (vnode_has_perm(cred, vp,
+	return (vnode_has_perm(cred, vp, NULL,
 	    file_mask_to_av(vp->v_type, mask)));
 }
 
@@ -2256,7 +2260,7 @@
     struct vnode *vp, struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__READ));
+	return (vnode_has_perm(cred, vp, NULL, FILE__READ));
 }
 
 static int
@@ -2264,7 +2268,7 @@
     struct label *dlabel)
 {
 
-	return (vnode_has_perm(cred, dvp, DIR__READ));
+	return (vnode_has_perm(cred, dvp, NULL, DIR__READ));
 }
 
 static int
@@ -2272,7 +2276,7 @@
     struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__READ));
+	return (vnode_has_perm(cred, vp, NULL, FILE__READ));
 }
 
 static int
@@ -2342,6 +2346,8 @@
 	sebsd_audit_sid("source directory", old_dir->sid);
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR,
 	    DIR__REMOVE_NAME | DIR__SEARCH, &ad);
@@ -2400,6 +2406,7 @@
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
+	ad.u.fs.path = cnp->cn_pnbuf;
 
 	rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL);
 	if (rc)
@@ -2439,7 +2446,7 @@
     struct label *label, int which)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__POLL));
+	return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
 }
 #endif
 
@@ -2449,7 +2456,7 @@
     struct label *label, acl_type_t type, struct acl *acl)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 #endif
 
@@ -2459,7 +2466,7 @@
     struct label *vlabel, struct attrlist *alist)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 #endif
 
@@ -2468,7 +2475,7 @@
     struct label *label, const char *name, struct uio *uio)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 
 static int
@@ -2476,7 +2483,7 @@
     struct label *label, u_long flags)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 
 static int
@@ -2484,7 +2491,7 @@
     struct label *label, mode_t mode)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 
 static int
@@ -2492,7 +2499,7 @@
     struct label *label, uid_t uid, gid_t gid)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 
 static int
@@ -2500,7 +2507,7 @@
     struct label *label, struct timespec atime, struct timespec mtime)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
 }
 
 static int
@@ -2508,7 +2515,7 @@
     struct vnode *vp, struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__GETATTR));
+	return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
 }
 
 static int
@@ -2831,7 +2838,7 @@
     struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SWAPON));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
 }
 
 #if 0
@@ -2840,7 +2847,7 @@
     struct label *vnodelabel)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__SWAPON));
+	return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
 }
 #endif
 
@@ -2863,7 +2870,7 @@
     struct vnode *vp, struct label *label)
 {
 
-	return (vnode_has_perm(cred, vp, FILE__WRITE));
+	return (vnode_has_perm(cred, vp, NULL, FILE__WRITE));
 }
 
 static int
@@ -2885,7 +2892,7 @@
 		if (prot & PROT_EXEC)
 			av |= FILE__EXECUTE;
 
-		return (vnode_has_perm(cred, vp, av));
+		return (vnode_has_perm(cred, vp, NULL, av));
 	}
 	return (0);
 }
@@ -2908,7 +2915,7 @@
 		if (prot & PROT_EXEC)
 			av |= FILE__EXECUTE;
 
-		return (vnode_has_perm(cred, vp, av));
+		return (vnode_has_perm(cred, vp, NULL, av));
 	}
 	return (0);
 }
@@ -3026,7 +3033,7 @@
 		return (0);
 
 	return (vnode_has_perm(cred, (struct vnode *)fg->fg_data,
-	    FILE__IOCTL));
+	    NULL, FILE__IOCTL));
 }
 
 /*



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610312223.k9VMNG3o027241>