From owner-p4-projects@FreeBSD.ORG Tue Sep 9 13:26:30 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 68D6716A4C1; Tue, 9 Sep 2003 13:26:30 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FA7A16A4BF for ; Tue, 9 Sep 2003 13:26:30 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62EA243FE9 for ; Tue, 9 Sep 2003 13:26:28 -0700 (PDT) (envelope-from Hrishikesh_Dandekar@NAI.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h89KQS0U012405 for ; Tue, 9 Sep 2003 13:26:28 -0700 (PDT) (envelope-from Hrishikesh_Dandekar@NAI.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h89KQRbF012402 for perforce@freebsd.org; Tue, 9 Sep 2003 13:26:27 -0700 (PDT) Date: Tue, 9 Sep 2003 13:26:27 -0700 (PDT) Message-Id: <200309092026.h89KQRbF012402@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to Hrishikesh_Dandekar@NAI.com using -f From: Hrishikesh Dandekar To: Perforce Change Reviews Subject: PERFORCE change 37827 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2003 20:26:30 -0000 http://perforce.freebsd.org/chv.cgi?CH=37827 Change 37827 by hdandeka@hdandeka_yash on 2003/09/09 13:25:38 Integrate POSIX semaphore related changes into the parent branch. Affected files ... .. //depot/projects/trustedbsd/mac/include/Makefile#34 integrate .. //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#48 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#409 integrate .. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#9 integrate .. //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#1 branch .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#221 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#68 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#179 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#7 integrate .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#112 integrate .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#244 integrate .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#197 integrate Differences ... ==== //depot/projects/trustedbsd/mac/include/Makefile#34 (text+ko) ==== @@ -22,7 +22,7 @@ MHDRS= float.h floatingpoint.h stdarg.h varargs.h # posix4/mqueue.h is useless without an implementation and isn't installed: -PHDRS= sched.h semaphore.h _semaphore.h # mqueue.h +PHDRS= sched.h semaphore.h _semaphore.h ksem.h# mqueue.h LHDRS= aio.h errno.h fcntl.h linker_set.h poll.h stdint.h syslog.h \ termios.h ucontext.h ==== //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#48 (text+ko) ==== @@ -59,6 +59,7 @@ options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions +#options P1003_1B_SEMAPHORES #POSIX P1003_1B semaphores options KBD_INSTALL_CDEV # install a CDEV entry in /dev options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # output. Adds ~128k to driver. ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#409 (text+ko) ==== @@ -44,6 +44,7 @@ #include "opt_mac.h" #include "opt_devfs.h" +#include "opt_posix.h" #include #include @@ -73,6 +74,8 @@ #include #include +#include + #include #include #include @@ -160,6 +163,11 @@ &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe); +static int mac_enforce_posix_sem = 1; +SYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW, + &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores"); +TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem); + static int mac_enforce_process = 1; SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); @@ -212,7 +220,7 @@ static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes, nmacprocs, nmacipcmsgs, nmacipcmsqs, - nmacipcsemas, nmacipcshms; + nmacipcsemas, nmacipcshms, nmacposixksems; #define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1); #define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1); @@ -249,6 +257,8 @@ &nmacipcsemas, 0, "number of sysv ipc semaphore identifiers inuse"); SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_shms, CTLFLAG_RD, &nmacipcshms, 0, "number of sysv ipc shm identifiers inuse"); +SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD, + &nmacposixksems, 0, "number of posix global semaphores inuse"); #else #define MAC_DEBUG_COUNTER_INC(x) #define MAC_DEBUG_COUNTER_DEC(x) @@ -1004,6 +1014,15 @@ mac_init_pipe_label(label); } +void +mac_init_posix_ksem(struct ksem *ksemptr) +{ + + mac_init_label(&ksemptr->ks_label); + MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label); + MAC_DEBUG_COUNTER_INC(&nmacposixksems); +} + void mac_init_proc(struct proc *p) { @@ -1215,6 +1234,15 @@ } void +mac_destroy_posix_ksem(struct ksem *ksemptr) +{ + + MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label); + mac_destroy_label(&ksemptr->ks_label); + MAC_DEBUG_COUNTER_DEC(&nmacposixksems); +} + +void mac_destroy_proc(struct proc *p) { @@ -2370,6 +2398,13 @@ MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label); } +void +mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) +{ + + MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label); +} + void mac_create_socket(struct ucred *cred, struct socket *socket) { @@ -3107,6 +3142,105 @@ } int +mac_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_close, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_destroy, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_post, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_unlink, cred, ksemptr); + + return(error); +} + +int +mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +{ + int error; + + if (!mac_enforce_posix_sem) + return (0); + + //XXX: Should we also pass &ksemptr->ks_label ?? + MAC_CHECK(check_posix_sem_wait, cred, ksemptr); + + return(error); +} + + +int mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#9 (text+ko) ==== @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD: src/sys/kern/uipc_sem.c,v 1.9 2003/06/11 00:56:58 obrien Exp $"); #include "opt_posix.h" +#include "opt_mac.h" #include #include @@ -47,6 +48,11 @@ #include #include #include +#ifdef MAC +#include +#include +#include +#endif #include #include @@ -54,7 +60,7 @@ static struct ksem *sem_lookup_byname(const char *name); static int sem_create(struct thread *td, const char *name, - struct ksem **ksret, mode_t mode, unsigned int value); +struct ksem **ksret, mode_t mode, unsigned int value); static void sem_free(struct ksem *ksnew); static int sem_perm(struct thread *td, struct ksem *ks); static void sem_enter(struct proc *p, struct ksem *ks); @@ -80,6 +86,7 @@ #define SEM_TO_ID(x) ((intptr_t)(x)) #define ID_TO_SEM(x) id_to_sem(x) +#ifndef MAC struct kuser { pid_t ku_pid; LIST_ENTRY(kuser) ku_next; @@ -98,6 +105,10 @@ int ks_waiters; /* number of waiters */ LIST_HEAD(, kuser) ks_users; /* pids using this sem */ }; +#else +struct kuser; +struct ksem; +#endif /* * available semaphores go here, this includes sem_init and any semaphores @@ -220,9 +231,14 @@ LIST_INIT(&ret->ks_users); if (name != NULL) sem_enter(td->td_proc, ret); +#ifdef MAC + mac_init_posix_ksem(ret); + mac_create_posix_ksem(uc, ret); +#endif *ksret = ret; mtx_lock(&sem_lock); if (nsems >= p31b_getcfg(CTL_P1003_1B_SEM_NSEMS_MAX)) { + /*XXX Should sem_leave be here at all ? */ sem_leave(td->td_proc, ret); sem_free(ret); error = ENFILE; @@ -398,9 +414,16 @@ /* * if we aren't the creator, then enforce permissions. */ - error = sem_perm(td, ks); - if (!error) - sem_ref(ks); + if((error = sem_perm(td, ks))) + goto err; +#ifdef MAC + if((error = mac_check_posix_sem_openexisting(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_openexisting access denied\n")); + goto err; + } +#endif + sem_ref(ks); +err: mtx_unlock(&sem_lock); if (error) return (error); @@ -452,6 +475,9 @@ if (ks->ks_name != NULL) free(ks->ks_name, M_SEM); cv_destroy(&ks->ks_cv); +#ifdef MAC + mac_destroy_posix_ksem(ks); +#endif free(ks, M_SEM); } @@ -508,7 +534,7 @@ { struct kuser *ku, *k; - ku = malloc(sizeof(*ku), M_SEM, M_WAITOK); + ku = malloc(sizeof(*ku), M_SEM, M_WAITOK | M_ZERO); ku->ku_pid = p->p_pid; mtx_lock(&sem_lock); k = sem_getuser(p, ks); @@ -555,14 +581,24 @@ ks = sem_lookup_byname(name); if (ks == NULL) error = ENOENT; - else - error = sem_perm(td, ks); + else { + if ((error = sem_perm(td, ks))) + goto err; +#ifdef MAC + if((error = mac_check_posix_sem_unlink(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_unlink access \ + denied\n")); + goto err; + } +#endif + } DP(("sem_unlink: '%s' ks = %p, error = %d\n", name, ks, error)); if (error == 0) { LIST_REMOVE(ks, ks_entry); LIST_INSERT_HEAD(&ksem_deadhead, ks, ks_entry); sem_rel(ks); } +err: mtx_unlock(&sem_lock); return (error); } @@ -593,8 +629,17 @@ mtx_lock(&sem_lock); ks = ID_TO_SEM(id); /* this is not a valid operation for unnamed sems */ - if (ks != NULL && ks->ks_name != NULL) + if (ks != NULL && ks->ks_name != NULL) { +#ifdef MAC + if((error = mac_check_posix_sem_close(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_close access \ + denied\n")); + goto err; + } +#endif error = sem_leave(td->td_proc, ks); + } +err: mtx_unlock(&sem_lock); return (error); } @@ -632,6 +677,12 @@ error = EOVERFLOW; goto err; } +#ifdef MAC + if((error = mac_check_posix_sem_post(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_post access denied\n")); + goto err; + } +#endif ++ks->ks_value; if (ks->ks_waiters > 0) cv_signal(&ks->ks_cv); @@ -695,6 +746,12 @@ error = EINVAL; goto err; } +#ifdef MAC + if((error = mac_check_posix_sem_wait(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_wait access denied\n")); + goto err; + } +#endif DP(("kern_sem_wait value = %d, tryflag %d\n", ks->ks_value, tryflag)); if (ks->ks_value == 0) { ks->ks_waiters++; @@ -734,6 +791,13 @@ mtx_unlock(&sem_lock); return (EINVAL); } +#ifdef MAC + if((error = mac_check_posix_sem_getvalue(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_getvalue access denied\n")); + mtx_unlock(&sem_lock); + return (error); + } +#endif val = ks->ks_value; mtx_unlock(&sem_lock); error = copyout(&val, uap->val, sizeof(val)); @@ -765,6 +829,12 @@ error = EBUSY; goto err; } +#ifdef MAC + if((error = mac_check_posix_sem_destroy(td->td_ucred, ks))) { + DP(("MAC Framework: mac_check_posix_sem_destroy access denied\n")); + goto err; + } +#endif sem_rel(ks); error = 0; err: ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#221 (text+ko) ==== @@ -65,6 +65,8 @@ #include #include +#include + #include #include @@ -1105,6 +1107,18 @@ } static void +mac_biba_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_biba *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(ks_label); + + mac_biba_copy_single(source, dest); +} + +static void mac_biba_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -2140,6 +2154,40 @@ } static int +mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) { struct mac_biba *subj, *obj; @@ -3072,6 +3120,7 @@ .mpo_init_mount_label = mac_biba_init_label, .mpo_init_mount_fs_label = mac_biba_init_label, .mpo_init_pipe_label = mac_biba_init_label, + .mpo_init_posix_ksem_label = mac_biba_init_label, .mpo_init_socket_label = mac_biba_init_label_waitcheck, .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, .mpo_init_vnode_label = mac_biba_init_label, @@ -3088,6 +3137,7 @@ .mpo_destroy_mount_label = mac_biba_destroy_label, .mpo_destroy_mount_fs_label = mac_biba_destroy_label, .mpo_destroy_pipe_label = mac_biba_destroy_label, + .mpo_destroy_posix_ksem_label = mac_biba_destroy_label, .mpo_destroy_socket_label = mac_biba_destroy_label, .mpo_destroy_socket_peer_label = mac_biba_destroy_label, .mpo_destroy_vnode_label = mac_biba_destroy_label, @@ -3119,6 +3169,7 @@ .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, .mpo_create_pipe = mac_biba_create_pipe, + .mpo_create_posix_ksem = mac_biba_create_posix_ksem, .mpo_create_socket = mac_biba_create_socket, .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, .mpo_relabel_pipe = mac_biba_relabel_pipe, @@ -3178,6 +3229,13 @@ .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, .mpo_check_pipe_stat = mac_biba_check_pipe_stat, .mpo_check_pipe_write = mac_biba_check_pipe_write, + .mpo_check_posix_sem_close = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_destroy = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_getvalue = mac_biba_check_posix_sem_rdonly, + .mpo_check_posix_sem_openexisting = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_post = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_unlink = mac_biba_check_posix_sem_write, + .mpo_check_posix_sem_wait = mac_biba_check_posix_sem_write, .mpo_check_proc_debug = mac_biba_check_proc_debug, .mpo_check_proc_sched = mac_biba_check_proc_sched, .mpo_check_proc_signal = mac_biba_check_proc_signal, ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#68 (text+ko) ==== @@ -65,6 +65,8 @@ #include #include +#include + #include #include @@ -1178,6 +1180,18 @@ } static void +mac_lomac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_lomac *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(ks_label); + + mac_lomac_copy_single(source, dest); +} + +static void mac_lomac_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -2262,6 +2276,40 @@ } static int +mac_lomac_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_lomac *subj, *obj; + + if (!mac_lomac_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_lomac_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mac_lomac_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_lomac *subj, *obj; + + if (!mac_lomac_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_lomac_dominate_single(obj, subj)) + return (maybe_demote(subj, obj, "sem_getvalue", "posix_sem", NULL)); + + return (0); +} + +static int mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc) { struct mac_lomac *subj, *obj; @@ -2998,6 +3046,7 @@ .mpo_init_mount_label = mac_lomac_init_label, .mpo_init_mount_fs_label = mac_lomac_init_label, .mpo_init_pipe_label = mac_lomac_init_label, + .mpo_init_posix_ksem_label = mac_lomac_init_label, .mpo_init_proc_label = mac_lomac_init_proc_label, .mpo_init_socket_label = mac_lomac_init_label_waitcheck, .mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck, @@ -3015,6 +3064,7 @@ .mpo_destroy_mount_label = mac_lomac_destroy_label, .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, .mpo_destroy_pipe_label = mac_lomac_destroy_label, + .mpo_destroy_posix_ksem_label = mac_lomac_destroy_label, .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, .mpo_destroy_socket_label = mac_lomac_destroy_label, .mpo_destroy_socket_peer_label = mac_lomac_destroy_label, @@ -3048,6 +3098,7 @@ .mpo_setlabel_vnode_extattr = mac_lomac_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_lomac_create_mbuf_from_socket, .mpo_create_pipe = mac_lomac_create_pipe, + .mpo_create_posix_ksem = mac_lomac_create_posix_ksem, .mpo_create_socket = mac_lomac_create_socket, .mpo_create_socket_from_socket = mac_lomac_create_socket_from_socket, .mpo_relabel_pipe = mac_lomac_relabel_pipe, @@ -3109,6 +3160,13 @@ .mpo_check_pipe_read = mac_lomac_check_pipe_read, .mpo_check_pipe_relabel = mac_lomac_check_pipe_relabel, .mpo_check_pipe_write = mac_lomac_check_pipe_write, + .mpo_check_posix_sem_close = mac_lomac_check_posix_sem_write, + .mpo_check_posix_sem_destroy = mac_lomac_check_posix_sem_write, + .mpo_check_posix_sem_getvalue = mac_lomac_check_posix_sem_rdonly, + .mpo_check_posix_sem_openexisting = mac_lomac_check_posix_sem_write, + .mpo_check_posix_sem_post = mac_lomac_check_posix_sem_write, + .mpo_check_posix_sem_unlink = mac_lomac_check_posix_sem_write, + .mpo_check_posix_sem_wait = mac_lomac_check_posix_sem_write, .mpo_check_proc_debug = mac_lomac_check_proc_debug, .mpo_check_proc_sched = mac_lomac_check_proc_sched, .mpo_check_proc_signal = mac_lomac_check_proc_signal, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#179 (text+ko) ==== @@ -65,6 +65,8 @@ #include #include +#include + #include #include @@ -1073,6 +1075,18 @@ } static void +mac_mls_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + struct mac_mls *source, *dest; + + source = SLOT(&cred->cr_label); + dest = SLOT(ks_label); + + mac_mls_copy_single(source, dest); +} + +static void mac_mls_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -2034,6 +2048,40 @@ } static int +mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_mls_dominate_single(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT((&ksemptr->ks_label)); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) { struct mac_mls *subj, *obj; @@ -2847,6 +2895,7 @@ .mpo_init_mount_label = mac_mls_init_label, .mpo_init_mount_fs_label = mac_mls_init_label, .mpo_init_pipe_label = mac_mls_init_label, + .mpo_init_posix_ksem_label = mac_mls_init_label, .mpo_init_socket_label = mac_mls_init_label_waitcheck, .mpo_init_socket_peer_label = mac_mls_init_label_waitcheck, .mpo_init_vnode_label = mac_mls_init_label, @@ -2863,6 +2912,7 @@ .mpo_destroy_mount_label = mac_mls_destroy_label, .mpo_destroy_mount_fs_label = mac_mls_destroy_label, .mpo_destroy_pipe_label = mac_mls_destroy_label, + .mpo_destroy_posix_ksem_label = mac_mls_destroy_label, .mpo_destroy_socket_label = mac_mls_destroy_label, .mpo_destroy_socket_peer_label = mac_mls_destroy_label, .mpo_destroy_vnode_label = mac_mls_destroy_label, @@ -2894,6 +2944,7 @@ .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, .mpo_create_pipe = mac_mls_create_pipe, + .mpo_create_posix_ksem = mac_mls_create_posix_ksem, .mpo_create_socket = mac_mls_create_socket, .mpo_create_socket_from_socket = mac_mls_create_socket_from_socket, .mpo_relabel_pipe = mac_mls_relabel_pipe, @@ -2951,6 +3002,13 @@ .mpo_check_pipe_relabel = mac_mls_check_pipe_relabel, .mpo_check_pipe_stat = mac_mls_check_pipe_stat, .mpo_check_pipe_write = mac_mls_check_pipe_write, + .mpo_check_posix_sem_close = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_destroy = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_getvalue = mac_mls_check_posix_sem_rdonly, + .mpo_check_posix_sem_openexisting = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_post = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_unlink = mac_mls_check_posix_sem_write, + .mpo_check_posix_sem_wait = mac_mls_check_posix_sem_write, .mpo_check_proc_debug = mac_mls_check_proc_debug, .mpo_check_proc_sched = mac_mls_check_proc_sched, .mpo_check_proc_signal = mac_mls_check_proc_signal, ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#7 (text+ko) ==== @@ -64,6 +64,8 @@ #include #include +#include + #include #include @@ -269,6 +271,12 @@ } static void +stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) +{ + +} + +static void stub_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -794,6 +802,55 @@ } static int +stub_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int +stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +{ + + return (0); +} + +static int stub_check_proc_debug(struct ucred *cred, struct proc *proc) { @@ -1201,6 +1258,7 @@ .mpo_init_mount_label = stub_init_label, .mpo_init_mount_fs_label = stub_init_label, .mpo_init_pipe_label = stub_init_label, + .mpo_init_posix_ksem_label = stub_init_label, .mpo_init_socket_label = stub_init_label_waitcheck, .mpo_init_socket_peer_label = stub_init_label_waitcheck, .mpo_init_vnode_label = stub_init_label, @@ -1217,6 +1275,7 @@ .mpo_destroy_mount_label = stub_destroy_label, .mpo_destroy_mount_fs_label = stub_destroy_label, .mpo_destroy_pipe_label = stub_destroy_label, + .mpo_destroy_posix_ksem_label = stub_destroy_label, .mpo_destroy_socket_label = stub_destroy_label, .mpo_destroy_socket_peer_label = stub_destroy_label, .mpo_destroy_vnode_label = stub_destroy_label, @@ -1249,6 +1308,7 @@ .mpo_update_devfsdirent = stub_update_devfsdirent, .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, .mpo_create_pipe = stub_create_pipe, + .mpo_create_posix_ksem = stub_create_posix_ksem, .mpo_create_socket = stub_create_socket, .mpo_create_socket_from_socket = stub_create_socket_from_socket, .mpo_relabel_pipe = stub_relabel_pipe, @@ -1317,6 +1377,13 @@ .mpo_check_pipe_relabel = stub_check_pipe_relabel, .mpo_check_pipe_stat = stub_check_pipe_stat, .mpo_check_pipe_write = stub_check_pipe_write, + .mpo_check_posix_sem_close = stub_check_posix_sem_close, + .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy, + .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue, + .mpo_check_posix_sem_openexisting = stub_check_posix_sem_openexisting, + .mpo_check_posix_sem_post = stub_check_posix_sem_post, + .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink, + .mpo_check_posix_sem_wait = stub_check_posix_sem_wait, .mpo_check_proc_debug = stub_check_proc_debug, .mpo_check_proc_sched = stub_check_proc_sched, .mpo_check_proc_signal = stub_check_proc_signal, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#112 (text+ko) ==== @@ -57,7 +57,13 @@ #include #include #include +#include +#include +#include +#include +#include + #include #include @@ -85,7 +91,12 @@ #define MBUFMAGIC 0xbbefa5bb #define MOUNTMAGIC 0xc7c46e47 #define SOCKETMAGIC 0x9199c6cd +#define SYSVIPCMSQMAGIC 0xea672391 +#define SYSVIPCMSGMAGIC 0x8bbba61e +#define SYSVIPCSEMMAGIC 0x896e8a0b +#define SYSVIPCSHMMAGIC 0x76119ab0 #define PIPEMAGIC 0xdc6c9919 +#define POSIXSEMMAGIC 0x78ae980c #define PROCMAGIC 0x3b4be98f #define CREDMAGIC 0x9a5a4987 #define VNODEMAGIC 0x1a67a45c @@ -107,8 +118,18 @@ SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ )) #define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \ SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ )) +#define ASSERT_SYSVIPCMSQ_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSQMAGIC || \ + SLOT(x) == 0, ("%s: Bad SYSVIPCMSQ label", __func__ )) +#define ASSERT_SYSVIPCMSG_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSGMAGIC || \ + SLOT(x) == 0, ("%s: Bad SYSVIPCMSG label", __func__ )) +#define ASSERT_SYSVIPCSEM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSEMMAGIC || \ + SLOT(x) == 0, ("%s: Bad SYSVIPCSEM label", __func__ )) +#define ASSERT_SYSVIPCSHM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSHMMAGIC || \ + SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ )) #define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \ SLOT(x) == 0, ("%s: Bad PIPE label", __func__ )) +#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \ + SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ )) #define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \ SLOT(x) == 0, ("%s: Bad PROC label", __func__ )) #define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \ @@ -132,6 +153,18 @@ static int init_count_ifnet; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD, &init_count_ifnet, 0, "ifnet init calls"); +static int init_count_ipc_msg; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_msg, CTLFLAG_RD, + &init_count_ipc_msg, 0, "ipc_msg init calls"); +static int init_count_ipc_msq; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_msq, CTLFLAG_RD, + &init_count_ipc_msq, 0, "ipc_msq init calls"); +static int init_count_ipc_sema; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_sema, CTLFLAG_RD, + &init_count_ipc_sema, 0, "ipc_sema init calls"); +static int init_count_ipc_shm; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_shm, CTLFLAG_RD, + &init_count_ipc_shm, 0, "ipc_shm init calls"); static int init_count_ipq; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD, &init_count_ipq, 0, "ipq init calls"); @@ -154,6 +187,9 @@ static int init_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, &init_count_pipe, 0, "pipe init calls"); +static int init_count_posixsems; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD, + &init_count_posixsems, 0, "posix sems init calls"); static int init_count_proc; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD, &init_count_proc, 0, "proc init calls"); @@ -173,6 +209,18 @@ static int destroy_count_ifnet; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD, &destroy_count_ifnet, 0, "ifnet destroy calls"); +static int destroy_count_ipc_msg; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_msg, CTLFLAG_RD, + &destroy_count_ipc_msg, 0, "ipc_msg destroy calls"); +static int destroy_count_ipc_msq; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_msq, CTLFLAG_RD, + &destroy_count_ipc_msq, 0, "ipc_msq destroy calls"); +static int destroy_count_ipc_sema; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_sema, CTLFLAG_RD, + &destroy_count_ipc_sema, 0, "ipc_sema destroy calls"); +static int destroy_count_ipc_shm; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_shm, CTLFLAG_RD, + &destroy_count_ipc_shm, 0, "ipc_shm destroy calls"); static int destroy_count_ipq; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD, &destroy_count_ipq, 0, "ipq destroy calls"); @@ -196,6 +244,9 @@ static int destroy_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, &destroy_count_pipe, 0, "pipe destroy calls"); +static int destroy_count_posixsems; >>> TRUNCATED FOR MAIL (1000 lines) <<<