Date: Fri, 16 Jan 2004 06:56:11 -0800 (PST) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 45436 for review Message-ID: <200401161456.i0GEuBRT048294@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=45436 Change 45436 by areisse@areisse_ibook on 2004/01/16 06:55:57 check some permissions related to the bootstrap namespaces Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.defs#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#2 (text+ko) ==== @@ -523,6 +523,12 @@ if (result != KERN_SUCCESS) kern_fatal(result, "mach_port_insert_right"); + result = mach_set_port_label (bootstrap_self, + bootstraps.bootstrap_port, + "sebsd/system_u:system_r:boot_names_t"); + if (result != KERN_SUCCESS) + kern_fatal(result, "mach_set_port_label"); + /* keep the root bootstrap port "active" */ bootstraps.requestor_port = bootstraps.bootstrap_port; @@ -1211,7 +1217,7 @@ server_demux, bootstrapMaxRequestSize, bootstrap_port_set, - MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_SENDER)| + MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_LABELS)| MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0)); if (mresult != MACH_MSG_SUCCESS) kern_error(mresult, "mach_msg_server"); ==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.defs#2 (text+ko) ==== @@ -141,6 +141,7 @@ server_uid : integer_t; on_demand : boolean_t; ServerSecToken token : security_token_t; + servermsglabels labels : msg_labels_t; out server_port : mach_port_make_send_t); /* @@ -213,7 +214,8 @@ routine bootstrap_register( bootstrap_port : mach_port_t; service_name : name_t; - service_port : mach_port_t); + service_port : mach_port_t; + servermsglabels labels : msg_labels_t); /* * kern_return_t @@ -231,7 +233,8 @@ routine bootstrap_look_up( bootstrap_port : mach_port_t; service_name : name_t; - out service_port : mach_port_t); + out service_port : mach_port_t; + servermsglabels labels : msg_labels_t); /* * kern_return_t @@ -259,7 +262,8 @@ bootstrap_port : mach_port_t; service_names : name_array_t; out service_ports : mach_port_array_t; - out all_services_known: boolean_t); + out all_services_known: boolean_t; + servermsglabels labels : msg_labels_t); /* * kern_return_t @@ -338,7 +342,8 @@ routine bootstrap_subset( bootstrap_port : mach_port_t; requestor_port : mach_port_t; - out subset_port : mach_port_t); + out subset_port : mach_port_t; + ServerMsgLabels labels : msg_labels_t); /* * kern_return_t ==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#2 (text+ko) ==== @@ -75,6 +75,7 @@ int server_uid, boolean_t on_demand, security_token_t sectoken, + msg_labels_t labels, mach_port_t *server_portp) { server_t *serverp; @@ -97,6 +98,14 @@ server_cmd, sectoken.val[0], server_uid); return BOOTSTRAP_NOT_PRIVILEGED; } + + kern_return_t kr = mac_check_name_port_access + (mach_task_self(), + labels.slabel, bootstrap_port, + "mach_names", "create_server"); + if (kr) + return BOOTSTRAP_NOT_PRIVILEGED; + serverp = new_server( bootstrap, server_cmd, @@ -275,8 +284,9 @@ kern_return_t x_bootstrap_register( mach_port_t bootstrap_port, - name_t service_name, - mach_port_t service_port) + name_t service_name, + mach_port_t service_port, + msg_labels_t labels) { kern_return_t result; service_t *servicep; @@ -287,6 +297,12 @@ debug("Register attempt for service %s port %x", service_name, service_port); + result = mac_check_name_port_access (mach_task_self(), + labels.slabel, bootstrap_port, + "mach_names", "register"); + if (result) + return result; + /* * Validate the bootstrap. */ @@ -393,13 +409,26 @@ x_bootstrap_look_up( mach_port_t bootstrap_port, name_t service_name, - mach_port_t *service_portp) + mach_port_t *service_portp, + msg_labels_t labels) { service_t *servicep; bootstrap_info_t *bootstrap; bootstrap = lookup_bootstrap_by_port(bootstrap_port); servicep = lookup_service_by_name(bootstrap, service_name); + + mach_port_t sp = servicep ? servicep->port : MACH_PORT_NULL; + kern_return_t kr = mac_check_name_port_access + (mach_task_self(), + labels.slabel, sp == MACH_PORT_NULL ? bootstrap_port : sp, + "mach_names", "look_up"); + if (kr) + { + log("bootstrap denied %s :%d", labels.slabel, kr); + return KERN_NO_ACCESS; + } + if (servicep == NULL || servicep->port == MACH_PORT_NULL) { if (forward_ok) { debug("bootstrap_look_up service %s forwarding", @@ -450,19 +479,21 @@ unsigned int service_names_cnt, mach_port_array_t *service_portsp, unsigned int *service_ports_cnt, - boolean_t *all_services_known) + boolean_t *all_services_known, + msg_labels_t labels) { unsigned int i; static mach_port_t service_ports[BOOTSTRAP_MAX_LOOKUP_COUNT]; if (service_names_cnt > BOOTSTRAP_MAX_LOOKUP_COUNT) return BOOTSTRAP_BAD_COUNT; + *service_ports_cnt = service_names_cnt; *all_services_known = TRUE; for (i = 0; i < service_names_cnt; i++) { if ( x_bootstrap_look_up(bootstrap_port, service_names[i], - &service_ports[i]) + &service_ports[i], labels) != BOOTSTRAP_SUCCESS) { *all_services_known = FALSE; @@ -699,7 +730,8 @@ x_bootstrap_subset( mach_port_t bootstrap_port, mach_port_t requestor_port, - mach_port_t *subset_port) + mach_port_t *subset_port, + msg_labels_t labels) { kern_return_t result; bootstrap_info_t *bootstrap; @@ -714,6 +746,12 @@ if (!bootstrap || !active_bootstrap(bootstrap)) return BOOTSTRAP_NOT_PRIVILEGED; + kern_return_t kr = mac_check_name_port_access + (mach_task_self(), labels.slabel, bootstrap_port, + "mach_names", "makesubset"); + if (kr) + return BOOTSTRAP_NOT_PRIVILEGED; + result = mach_port_allocate( mach_task_self(), MACH_PORT_RIGHT_RECEIVE, @@ -736,6 +774,28 @@ if (result != KERN_SUCCESS) kern_fatal(result, "port_set_add"); + char *nslabel; + result = security_change_context2 (labels.slabel+6, labels.slabel+6, "mach_names", + &nslabel); + if (result) + { + log ("error changing context for %s", labels.slabel); + nslabel = labels.slabel; + } + else + { + char *n = malloc (strlen (nslabel) + 6); + strcpy (n, "sebsd/"); + strcat (n, nslabel); + free (nslabel); + nslabel = n; + } + + result = mach_set_port_label (mach_task_self(), new_bootstrap_port, + nslabel); + if (result != KERN_SUCCESS) + kern_fatal(result, "mach_set_port_label"); + subset = new_bootstrap(bootstrap, new_bootstrap_port, requestor_port); result = mach_port_request_notification(
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401161456.i0GEuBRT048294>