From owner-p4-projects@FreeBSD.ORG Fri Oct 3 10:18:35 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 866CE16A4C2; Fri, 3 Oct 2003 10:18:35 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A9B116A4C0 for ; Fri, 3 Oct 2003 10:18:35 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E05743FE3 for ; Fri, 3 Oct 2003 10:18:34 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h93HIYXJ091929 for ; Fri, 3 Oct 2003 10:18:34 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h93HIXw8091926 for perforce@freebsd.org; Fri, 3 Oct 2003 10:18:33 -0700 (PDT) (envelope-from areisse@nailabs.com) Date: Fri, 3 Oct 2003 10:18:33 -0700 (PDT) Message-Id: <200310031718.h93HIXw8091926@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 39097 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2003 17:18:35 -0000 http://perforce.freebsd.org/chv.cgi?CH=39097 Change 39097 by areisse@areisse_tislabs on 2003/10/03 10:18:28 SEBSD gets the policy from the bootloader or user memory instead of reading files in the kernel. Affected files ... .. //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#21 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#3 (text+ko) ==== @@ -34,7 +34,9 @@ * $FreeBSD$ */ #include - +#include +#include +#include #include "sebsd.h" @@ -57,8 +59,28 @@ return i; } +struct lp_args +{ + void *data; + size_t len; +}; + int sebsd_load_policy(const char *path) { - return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path); + FILE *fp; + struct lp_args la; + + fp = fopen (path, "rb"); + if (fp == NULL) + return errno; + + fseek (fp, 0, SEEK_END); + la.len = ftell (fp); + fseek (fp, 0, SEEK_SET); + la.data = malloc (la.len); + if (1 != fread (la.data, la.len, 1, fp)) + return EIO; + + return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, &la); } ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#21 (text+ko) ==== @@ -78,8 +78,11 @@ static void sebsd_init(struct mac_policy_conf *mpc) { - printf("sebsd:: init\n"); + avc_init(); + if (security_init()) { + panic("SEBSD: couldn't read policy file"); + } } static void @@ -772,10 +775,6 @@ { struct vnode *vp, *nvp; - avc_init(); - if (security_init()) { - panic("SEBSD: couldn't read policy file"); - } /* * Go through all open vnodes and reload their labels. */ ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#4 (text+ko) ==== @@ -44,27 +44,30 @@ #include #include #include -#include #include +struct lp_args +{ + void *data; + size_t len; +}; + static int -sys_load_policy(struct thread *td, char *path) +sys_load_policy(struct thread *td, void *data, size_t len) { - FILE *fp; int rc; rc = thread_has_security(td, SECURITY__LOAD_POLICY); if (rc) return (rc); - fp = sebsd_fopen(path, "r", UIO_USERSPACE); - if (!fp) { - printf("ss: unable to open policy file\n"); - return (EINVAL); - } + void *kdata = malloc (len, M_SEBSD, M_WAITOK); + rc = copyin (data, kdata, len); + if (rc) + return (rc); - rc = security_load_policy(fp); - (void)fclose(fp); + rc = security_load_policy (kdata, len); + free (kdata, M_SEBSD); return (rc); } @@ -73,10 +76,13 @@ sebsd_syscall(struct thread *td, int call, void *args) { int err = EINVAL; + struct lp_args p; switch(call) { case SEBSDCALL_LOAD_POLICY: - err = sys_load_policy(td, (char *)args); + if (copyin (args, &p, sizeof (struct lp_args))) + return (EFAULT); + err = sys_load_policy (td, p.data, p.len); break; default: err = EINVAL; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#4 (text+ko) ==== @@ -13,10 +13,11 @@ #include #include #include +#include +#include #include #include -#include #include #include #include @@ -28,31 +29,39 @@ int security_init(void) { - FILE *fp; int rc; + caddr_t lh, tmp; + void *policy_data; + size_t policy_len; + + printf("security: starting up (compiled " __DATE__ ")\n"); + + lh = preload_search_by_type ("sebsd_policy"); + if (lh == NULL) + goto loaderr; - snprintf(policyfile, MAXPATHLEN, "%s.%d", POLICYDB_PATHPREFIX, - POLICYDB_VERSION); + tmp = preload_search_info (lh, MODINFO_ADDR); + if (tmp == NULL) + goto loaderr; + policy_data = *(void **) tmp; + tmp = preload_search_info (lh, MODINFO_SIZE); + if (tmp == NULL) + goto loaderr; + policy_len = *(size_t *) tmp; - printf("security: starting up (compiled " __DATE__ ")\n"); - printf("security: loading policy configuration from %s\n", policyfile); + printf("security: reading policy configuration\n"); - fp = fopen(policyfile, "r"); - if (!fp) { - printf("security: unable to open %s, cannot initialize.\n", policyfile); - return EINVAL; - } - - rc = security_load_policy(fp); + rc = security_load_policy (policy_data, policy_len); if (rc) { - printf("security: error while loading %s, cannot initialize.\n", policyfile); - fclose(fp); + printf("security: error while reading policy, cannot initialize.\n"); return EINVAL; } - fclose(fp); + return 0; - return 0; +loaderr: + printf("security: policy not supplied by bootloader\n"); + return EINVAL; } /* FLASK */ ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#5 (text+ko) ==== @@ -8,7 +8,6 @@ #include #include -#include #define SECSID_NULL 0x00000000 /* unspecified SID */ #define SECSID_WILD 0xffffffff /* wildcard SID */ @@ -16,7 +15,7 @@ #define SELINUX_MAGIC 0xf97cff8c -int security_load_policy(FILE * data); +int security_load_policy(void *kdata, size_t len); struct av_decision { access_vector_t allowed; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#6 (text+ko) ==== @@ -17,7 +17,6 @@ #include #include #include -#include #include #include #include @@ -984,10 +983,8 @@ * This function will flush the access vector cache after * loading the new policy. */ -int security_load_policy(FILE *infile) +int security_load_policy(void *data, size_t len) { - void *data; - size_t len; struct policydb oldpolicydb, newpolicydb; struct sidtab oldsidtab, newsidtab; struct convert_context_args args; @@ -995,28 +992,6 @@ int rc = 0; struct policy_file file, *fp = &file; -#ifdef _KERNEL - struct vattr vat; - - vn_lock (infile->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, curthread); - rc = VOP_GETATTR (infile->FILE_vp, &vat, curthread->td_ucred, curthread); - VOP_UNLOCK(infile->FILE_vp, 0, curthread); - if (rc) - return rc; - - len = vat.va_size; - data = malloc (len, M_SEBSD, M_WAITOK); - -#else - fseek (infile, 0, SEEK_END); - len = ftell (infile); - fseek (infile, 0, SEEK_SET); - data = malloc (len); -#endif - - if (1 != fread (data, len, 1, infile)) - return EIO; - file.data = data; file.len = len;