From owner-p4-projects@FreeBSD.ORG Tue Oct 31 22:23:17 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A229816A7DE; Tue, 31 Oct 2006 22:23:17 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6814616A7DC for ; Tue, 31 Oct 2006 22:23:17 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 134D443D81 for ; Tue, 31 Oct 2006 22:23:17 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9VMNG8c027245 for ; Tue, 31 Oct 2006 22:23:16 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9VMNG3o027241 for perforce@freebsd.org; Tue, 31 Oct 2006 22:23:16 GMT (envelope-from millert@freebsd.org) Date: Tue, 31 Oct 2006 22:23:16 GMT Message-Id: <200610312223.k9VMNG3o027241@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 108869 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2006 22:23:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=108869 Change 108869 by millert@millert_macbook on 2006/10/31 22:23:12 Change ikm_sender from struct ipc_labelh * to task_t. This allows us to report the correct sender in the avc audit logs for MiG-based permissions. To do this, we now pass a struct proc * to mpo_port_check_method. This time we don't need to hold a reference to the label handle, keeping a reference to the task_t is sufficient as that has its own label handle reference. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 (text+ko) ==== @@ -295,7 +295,6 @@ #ifdef MAC if (kmsg->ikm_sender != NULL) { - labelh_release(kmsg->ikm_sender->label); task_deallocate(kmsg->ikm_sender); kmsg->ikm_sender = NULL; } @@ -664,7 +663,6 @@ #ifdef MAC if (kmsg->ikm_sender != NULL) { - labelh_release(kmsg->ikm_sender->label); task_deallocate(kmsg->ikm_sender); kmsg->ikm_sender = NULL; } @@ -775,7 +773,6 @@ task_t cur = current_task(); if (cur) { task_reference(cur); - labelh_reference(cur->label); kmsg->ikm_sender = cur; } else trailer->msgh_labels.sender = 0; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 (text+ko) ==== @@ -706,6 +706,8 @@ #endif case AVC_AUDIT_DATA_FS: if (a->u.fs.vp && tsk) { + char *pbuf = NULL; + char *path = a->u.fs.path; struct vnode *vp = a->u.fs.vp; struct vnode_attr va; struct vfs_context vfs_ctx = @@ -713,10 +715,22 @@ VATTR_INIT(&va); VATTR_WANTED(&va, va_fileid); if (vnode_getattr(vp, &va, &vfs_ctx) == 0) { - audit_log_format(ab, - " inode=%llu, mountpoint=%s,", - va.va_fileid, + audit_log_format(ab, " inode=%llu, " + "mountpoint=%s,", va.va_fileid, vp->v_mount->mnt_vfsstat.f_mntonname); + if (path == NULL) { + int len = MAXPATHLEN; + pbuf = sebsd_malloc(MAXPATHLEN, + M_SEBSD, M_NOWAIT); + if (pbuf != NULL && + !vn_getpath(vp, pbuf, &len)) + path = pbuf; + } + if (path != NULL) + audit_log_format(ab, + " path=%s,", path); + if (pbuf != NULL) + sebsd_free(pbuf, M_SEBSD); break; } audit_log_format(ab, ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 (text+ko) ==== @@ -49,6 +49,7 @@ union { struct { struct vnode *vp; + char *path; } fs; struct { char *netif; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 (text+ko) ==== @@ -440,7 +440,7 @@ } static int -vnode_has_perm(struct ucred *cred, struct vnode *vp, u_int32_t perm) +vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -451,6 +451,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = path; /* Update security class if not set or vnode was recycled. */ if (file->sclass == 0 || vp->v_type == VBAD) @@ -1482,7 +1483,7 @@ vsec = SLOT(vl); task = SLOT(cred->cr_label); - rc = vnode_has_perm(cred, vp, FILE__MOUNTON); + rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON); if (rc) goto done; @@ -1950,7 +1951,7 @@ if (mask == 0) return (0); - return (vnode_has_perm(cred, vp, + return (vnode_has_perm(cred, vp, NULL, file_mask_to_av(vp->v_type, mask))); } @@ -1960,7 +1961,7 @@ { /* MAY_EXEC ~= DIR__SEARCH */ - return (vnode_has_perm(cred, dvp, DIR__SEARCH)); + return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH)); } static int @@ -1970,7 +1971,7 @@ /* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */ /* MAY_EXEC ~= DIR__SEARCH */ - return (vnode_has_perm(cred, dvp, DIR__SEARCH)); + return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH)); } static int @@ -1995,6 +1996,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = dvp; + ad.u.fs.path = cnp->cn_pnbuf; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__ADD_NAME | DIR__SEARCH, &ad); @@ -2051,6 +2053,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__REMOVE_NAME, &ad); @@ -2073,7 +2076,7 @@ struct label *label, acl_type_t type) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } #endif @@ -2083,10 +2086,10 @@ { int error; - error = vnode_has_perm(cred, v1, FILE__READ | FILE__WRITE); + error = vnode_has_perm(cred, v1, NULL, FILE__READ | FILE__WRITE); if (error) return (error); - return (vnode_has_perm(cred, v2, FILE__READ | FILE__WRITE)); + return (vnode_has_perm(cred, v2, NULL, FILE__READ | FILE__WRITE)); } static int @@ -2151,7 +2154,7 @@ struct label *label, acl_type_t type) { - return (vnode_has_perm(cred, vp, FILE__GETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); } #endif @@ -2160,7 +2163,7 @@ struct label *vlabel, struct attrlist *alist) { - return (vnode_has_perm(cred, vp, FILE__GETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); } static int @@ -2168,7 +2171,7 @@ struct label *label, const char *name, struct uio *uio) { - return (vnode_has_perm(cred, vp, FILE__GETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); } #if defined(FILE__POLL) && defined(FILE__GETATTR) @@ -2180,9 +2183,9 @@ switch (kn->kn_filter) { case EVFILT_READ: case EVFILT_WRITE: - return (vnode_has_perm(cred, vp, FILE__POLL)); + return (vnode_has_perm(cred, vp, NULL, FILE__POLL)); case EVFILT_VNODE: - return (vnode_has_perm(cred, vp, FILE__GETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); default: return (0); } @@ -2208,6 +2211,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__ADD_NAME, &ad); @@ -2228,7 +2232,7 @@ return (ENOTDIR); /* TBD: DIR__READ as well? */ - return (vnode_has_perm(cred, dvp, DIR__SEARCH)); + return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH)); } static int @@ -2247,7 +2251,7 @@ if (!mask) return (0); - return (vnode_has_perm(cred, vp, + return (vnode_has_perm(cred, vp, NULL, file_mask_to_av(vp->v_type, mask))); } @@ -2256,7 +2260,7 @@ struct vnode *vp, struct label *label) { - return (vnode_has_perm(cred, vp, FILE__READ)); + return (vnode_has_perm(cred, vp, NULL, FILE__READ)); } static int @@ -2264,7 +2268,7 @@ struct label *dlabel) { - return (vnode_has_perm(cred, dvp, DIR__READ)); + return (vnode_has_perm(cred, dvp, NULL, DIR__READ)); } static int @@ -2272,7 +2276,7 @@ struct label *label) { - return (vnode_has_perm(cred, vp, FILE__READ)); + return (vnode_has_perm(cred, vp, NULL, FILE__READ)); } static int @@ -2342,6 +2346,8 @@ sebsd_audit_sid("source directory", old_dir->sid); AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR, DIR__REMOVE_NAME | DIR__SEARCH, &ad); @@ -2400,6 +2406,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL); if (rc) @@ -2439,7 +2446,7 @@ struct label *label, int which) { - return (vnode_has_perm(cred, vp, FILE__POLL)); + return (vnode_has_perm(cred, vp, NULL, FILE__POLL)); } #endif @@ -2449,7 +2456,7 @@ struct label *label, acl_type_t type, struct acl *acl) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } #endif @@ -2459,7 +2466,7 @@ struct label *vlabel, struct attrlist *alist) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } #endif @@ -2468,7 +2475,7 @@ struct label *label, const char *name, struct uio *uio) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } static int @@ -2476,7 +2483,7 @@ struct label *label, u_long flags) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } static int @@ -2484,7 +2491,7 @@ struct label *label, mode_t mode) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } static int @@ -2492,7 +2499,7 @@ struct label *label, uid_t uid, gid_t gid) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } static int @@ -2500,7 +2507,7 @@ struct label *label, struct timespec atime, struct timespec mtime) { - return (vnode_has_perm(cred, vp, FILE__SETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR)); } static int @@ -2508,7 +2515,7 @@ struct vnode *vp, struct label *vnodelabel) { - return (vnode_has_perm(cred, vp, FILE__GETATTR)); + return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR)); } static int @@ -2831,7 +2838,7 @@ struct label *vnodelabel) { - return (vnode_has_perm(cred, vp, FILE__SWAPON)); + return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON)); } #if 0 @@ -2840,7 +2847,7 @@ struct label *vnodelabel) { - return (vnode_has_perm(cred, vp, FILE__SWAPON)); + return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON)); } #endif @@ -2863,7 +2870,7 @@ struct vnode *vp, struct label *label) { - return (vnode_has_perm(cred, vp, FILE__WRITE)); + return (vnode_has_perm(cred, vp, NULL, FILE__WRITE)); } static int @@ -2885,7 +2892,7 @@ if (prot & PROT_EXEC) av |= FILE__EXECUTE; - return (vnode_has_perm(cred, vp, av)); + return (vnode_has_perm(cred, vp, NULL, av)); } return (0); } @@ -2908,7 +2915,7 @@ if (prot & PROT_EXEC) av |= FILE__EXECUTE; - return (vnode_has_perm(cred, vp, av)); + return (vnode_has_perm(cred, vp, NULL, av)); } return (0); } @@ -3026,7 +3033,7 @@ return (0); return (vnode_has_perm(cred, (struct vnode *)fg->fg_data, - FILE__IOCTL)); + NULL, FILE__IOCTL)); } /*