Date: Wed, 19 Apr 2006 21:32:23 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 95630 for review Message-ID: <200604192132.k3JLWNP3056919@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=95630 Change 95630 by millert@millert_g5tower on 2006/04/19 21:32:10 Remove gratuitous diffs against SEBSD Some style fixes Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#37 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#8 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.h#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.h#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#9 (text+ko) ==== @@ -35,6 +35,7 @@ #include <kern/lock.h> #endif +int selinux_auditing = 1; int selinux_enforcing = 0; #define AVC_CACHE_SLOTS 512 @@ -98,7 +99,7 @@ } static inline void avc_cache_stats_add(int type, unsigned val) - +{ avc_cache_stats[type] += val; } #else @@ -110,6 +111,7 @@ #endif #if 0 +/* XXXMAC - moved to services.c */ /** * avc_dump_av - Display an access vector in human-readable form. * @tclass: target security class @@ -189,7 +191,7 @@ printk(" tcontext=%s", scontext); kfree(scontext); } - printk(" tclass=%s", security_class_to_string (tclass)); + printk(" tclass=%s", security_class_to_string(tclass)); } /** @@ -200,6 +202,8 @@ void avc_init(void) { struct avc_node *new; + size_t evsize; + char *ev; int i; for (i = 0; i < AVC_NSTATS; i++) @@ -237,11 +241,9 @@ mtx_init(&avc_log_lock, "SEBSD message lock", NULL, MTX_DEF); #endif - size_t evsize; - char *ev; if (preload_find_data ("sebsd_enforce", &evsize, &ev)) { - if (evsize > 0 && ev[0] == '1') - selinux_enforcing = 1; + if (evsize > 0 && ev[0] == '1') + selinux_enforcing = 1; } } @@ -535,6 +537,17 @@ static inline int check_avc_ratelimit(void) { + + /* + * If auditing is not enabled, suppress all messages. + */ + if (!selinux_auditing) + return 0; + + /* + * Otherwise, rate limit messages in enforcing mode, or display all + * messages in permissive mode. + */ if (selinux_enforcing) return avc_ratelimit(); else { ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#4 (text+ko) ==== @@ -20,11 +20,15 @@ #include <sys/capability.h> #endif +#include <netinet/in.h> + #include <sedarwin/flask.h> #include <sedarwin/sebsd.h> #include <sedarwin/avc/av_permissions.h> #include <sedarwin/ss/security.h> +extern int selinux_auditing; + #define CONFIG_SECURITY_SELINUX_DEVELOP #ifdef CONFIG_SECURITY_SELINUX_DEVELOP @@ -66,8 +70,20 @@ } fs; struct { char *netif; + struct sock *sk; + u16 family; u16 port; - u32 daddr; + u16 sport; + union { + struct { + u32 daddr; + u32 saddr; + } v4; + struct { + struct in6_addr daddr; + struct in6_addr saddr; + } v6; + } fam; } net; #ifdef CAPABILITIES cap_value_t cap; @@ -111,7 +127,6 @@ * AVC operations */ -/* Initialize the AVC */ void avc_init(void); int avc_lookup( @@ -163,5 +178,5 @@ u32 events, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms); -#endif /* _LINUX_AVC_H_ */ +#endif /* _SELINUX_AVC_H_ */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#37 (text+ko) ==== @@ -8,6 +8,9 @@ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA * CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -126,7 +129,7 @@ extern int ss_initialized; static __inline int ss_precondition(void) { - return ss_initialized; + return (ss_initialized); } static void @@ -135,7 +138,6 @@ printf("sebsd:: init\n"); avc_init(); - //sebsd_register_sysctls(); if (security_init()) { panic("SEBSD: couldn't read policy file"); } @@ -153,7 +155,7 @@ sebsd_destroy(struct mac_policy_conf *mpc) { - printf("sebsd:: destroy\n"); + panic("sebsd_destroy"); } #ifdef CAPABILITIES @@ -171,8 +173,8 @@ AVC_AUDIT_DATA_INIT(&ad, CAP); ad.u.cap = cap; - return avc_has_perm_audit(task->sid, task->sid, - SECCLASS_CAPABILITY, cap, &ad); + return (avc_has_perm_audit(task->sid, task->sid, + SECCLASS_CAPABILITY, cap, &ad)); } #endif @@ -257,48 +259,50 @@ static __inline security_class_t vnode_type_to_security_class(enum vtype vt) { + switch (vt) { case VREG: - return SECCLASS_FILE; + return (SECCLASS_FILE); case VDIR: - return SECCLASS_DIR; + return (SECCLASS_DIR); case VBLK: - return SECCLASS_BLK_FILE; + return (SECCLASS_BLK_FILE); case VCHR: - return SECCLASS_CHR_FILE; + return (SECCLASS_CHR_FILE); case VLNK: - return SECCLASS_LNK_FILE; + return (SECCLASS_LNK_FILE); case VSOCK: - return SECCLASS_SOCK_FILE; + return (SECCLASS_SOCK_FILE); case VFIFO: - return SECCLASS_FIFO_FILE; + return (SECCLASS_FIFO_FILE); case VNON: case VBAD: #ifdef __APPLE__ case VSTR: case VCPLX: #endif - return SECCLASS_FILE; + return (SECCLASS_FILE); } - return SECCLASS_FILE; + return (SECCLASS_FILE); } static __inline security_class_t devfs_type_to_security_class(int type) { + switch (type) { case DEV_DIR: - return SECCLASS_DIR; + return (SECCLASS_DIR); case DEV_BDEV: - return SECCLASS_BLK_FILE; + return (SECCLASS_BLK_FILE); case DEV_CDEV: - return SECCLASS_CHR_FILE; + return (SECCLASS_CHR_FILE); case DEV_SLNK: - return SECCLASS_LNK_FILE; + return (SECCLASS_LNK_FILE); } - return SECCLASS_FILE; + return (SECCLASS_FILE); } static __inline access_vector_t @@ -329,7 +333,7 @@ av |= DIR__READ; } - return av; + return (av); } static int @@ -346,24 +350,30 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; +#if 0 if (file->sclass == 0) { struct vattr va; struct proc *p = current_proc(); - VOP_GETATTR (vp, &va, p->p_ucred, p); + VOP_GETATTR(vp, &va, p->p_ucred, p); printf("vnode_has_perm:: ERROR, sid=%d, sclass=0, v_type=%d," " inode=%ld, fsid=%d, fstype=%s, mnt=%s\n", - file->sid, vp->v_type, va.va_fileid, va.va_fsid, vp->v_mount->mnt_vfc->vfc_name, vp->v_mount->mnt_stat.f_mntonname); + file->sid, vp->v_type, va.va_fileid, va.va_fsid, + vp->v_mount->mnt_vfc->vfc_name, + vp->v_mount->mnt_stat.f_mntonname); file->sclass = vnode_type_to_security_class(vp->v_type); if (file->sclass == 0) { printf("vnode_has_perm:: Giving up\n"); - return 1; /* TBD: debugging */ + return (1); /* TBD: debugging */ } } - file->sclass = vnode_type_to_security_class (vp->v_type); +#else + /* XXX - why must we reset sclass this every time? */ + file->sclass = vnode_type_to_security_class(vp->v_type); +#endif - return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, - perm, aeref ? aeref : &file->avcr, &ad); + return (avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + perm, aeref ? aeref : &file->avcr, &ad)); } #ifdef HAS_PIPES @@ -380,7 +390,7 @@ * TBD: No audit information yet */ - return(avc_has_perm_ref(task->sid, file->sid, file->sclass, + return (avc_has_perm_ref(task->sid, file->sid, file->sclass, perm, &file->avcr)); } #endif @@ -396,21 +406,11 @@ } static void -sebsd_init_port_label(struct label *label) -{ - struct task_security_struct *new_tsec; - - new_tsec = sebsd_malloc(sizeof(*new_tsec), M_ZERO | M_WAITOK); - new_tsec->osid = new_tsec->sid = SECINITSID_UNLABELED; - SLOT(label) = new_tsec; -} - -static void sebsd_init_file_label(struct label *label) { struct file_security_struct *new_fsec; - new_fsec = sebsd_malloc (sizeof(*new_fsec), M_ZERO | M_WAITOK); + new_fsec = sebsd_malloc(sizeof(*new_fsec), M_ZERO | M_WAITOK); new_fsec->sid = new_fsec->sid = SECINITSID_UNLABELED; SLOT(label) = new_fsec; } @@ -495,37 +495,8 @@ } static void -sebsd_destroy_cred_label(struct label *label) -{ - sebsd_free (SLOT(label)); - SLOT(label) = NULL; -} - -static void -sebsd_destroy_vnode_label(struct label *label) -{ - sebsd_free (SLOT(label)); - SLOT(label) = NULL; -} - -static void -sebsd_destroy_mount_label(struct label *label) -{ - sebsd_free (SLOT(label)); - SLOT(label) = NULL; -} - -static void -sebsd_destroy_mount_fs_label(struct label *label) -{ - sebsd_free (SLOT(label)); - SLOT(label) = NULL; -} - -static void -sebsd_destroy_sysv_label(struct label *label) +sebsd_destroy_label(struct label *label) { - sebsd_free(SLOT(label)); SLOT(label) = NULL; } @@ -533,13 +504,13 @@ static void sebsd_relabel_cred(struct ucred *cred, struct label *newlabel) { - /* - * XXX/TBD: normally, SEBSD doesn't permit process labels to change - * other than at exec time... - */ - struct task_security_struct *task = SLOT(cred->cr_label); - struct task_security_struct *nsec = SLOT(newlabel); - task->sid = nsec->sid; + /* + * XXX/TBD: normally, SEBSD doesn't permit process labels to change + * other than at exec time... + */ + struct task_security_struct *task = SLOT(cred->cr_label); + struct task_security_struct *nsec = SLOT(newlabel); + task->sid = nsec->sid; } static void @@ -589,20 +560,18 @@ vsec = SLOT(vlabel); context_len = sizeof(context); /* TBD: bad fixed length */ - error = vn_extattr_get(vp, IO_NODELOCKED, - SEBSD_MAC_EXTATTR_NAMESPACE, - SEBSD_MAC_EXTATTR_NAME, - &context_len, context, p); + error = vn_extattr_get(vp, IO_NODELOCKED, SEBSD_MAC_EXTATTR_NAMESPACE, + SEBSD_MAC_EXTATTR_NAME, &context_len, context, p); if (error == ENOATTR || error == EOPNOTSUPP) { vsec->sid = SECINITSID_UNLABELED; /* Use the default label */ - /* +#if 0 struct vattr va; (void)VOP_GETATTR(vp, &va, p->p_ucred, p); printf("sebsd_update_vnode_from_extattr: no label for " "inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid); - */ +#endif goto dosclass; } if (error) { @@ -630,11 +599,11 @@ if (error) goto dosclass; - error = security_context_to_sid(context, strlen(context), &vsec->sid); + error = security_context_to_sid(context, context_len, &vsec->sid); if (error) { printf("sebsd_update_vnode_from_extattr: ERROR mapping " "context to sid: %.*s\n", context_len, context); - return (0); /* TBD bad, bad, bad */ + return (0); /* TBD bad, bad, bad */ } dosclass: @@ -751,7 +720,7 @@ } static void -sebsd_create_port (struct label *it, struct label *st, struct label *port) +sebsd_create_port(struct label *it, struct label *st, struct label *port) { struct task_security_struct *its, *sts, *psec; int error; @@ -839,11 +808,13 @@ if (cr != NULL) { struct task_security_struct *task = SLOT(cr->cr_label); - /* XXX: uses the type specified by genfs instead of the parent - directory like it should! */ - rc = security_transition_sid(task->sid, dirent->sid, + /* + * XXX: uses the type specified by genfs instead of the + * parent directory like it should! + */ + int error = security_transition_sid(task->sid, dirent->sid, dirent->sclass, &newsid); - if (rc == 0) + if (error == 0) dirent->sid = newsid; } @@ -901,7 +872,6 @@ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, struct label *delabel, const char *fullpath) { - char *path; int rc; security_id_t newsid; @@ -967,7 +937,7 @@ task = SLOT(cred->cr_label); task->osid = task->sid = SECINITSID_KERNEL; printf("sebsd_create_proc0:: using SECINITSID_KERNEL = %d\n", - SECINITSID_KERNEL); + SECINITSID_KERNEL); } static void @@ -998,21 +968,24 @@ * which the filesystem will use if not a "multilabel" type. */ rc = security_fs_use(mp->mnt_vfc->vfc_name, &behavior, &sbsec->sid); - if (rc != 0) { + if (rc) { printf("sebsd_create_mount: security_fs_use(%s) returned %d\n", mp->mnt_vfc->vfc_name, rc); behavior = SECURITY_FS_USE_NONE; } else { sbfssec->sid = sbsec->sid; /* TBD: debugging only */ - printf("sebsd_create_mount: security_fs_use(%s) behavior %d, sid %d\n", - mp->mnt_vfc->vfc_name, behavior, sbsec->sid); + printf("sebsd_create_mount: security_fs_use(%s) behavior " + "%d, sid %d\n", mp->mnt_vfc->vfc_name, behavior, + sbsec->sid); } switch (behavior) { case SECURITY_FS_USE_XATTR: - /* PSIDs only work for persistent file systems with - unique and persistent inode numbers. */ + /* + * PSIDs only work for persistent file systems with unique + * and persistent inode numbers. + */ sbsec->uses_psids = 1; /* @@ -1022,27 +995,35 @@ break; case SECURITY_FS_USE_TRANS: - /* Transition SIDs are used for pseudo filesystems like - devpts and tmpfs where you want the SID to be derived - from the SID of the creating process and the SID of - the filesystem. */ + /* + * Transition SIDs are used for pseudo filesystems like + * devpts and tmpfs where you want the SID to be derived + * from the SID of the creating process and the SID of the + * filesystem. + */ sbsec->uses_trans = 1; break; case SECURITY_FS_USE_TASK: - /* Task SIDs are used for pseudo filesystems like pipefs - and sockfs where you want the objects to be labeled - with the SID of the creating process. */ + /* + * Task SIDs are used for pseudo filesystems like pipefs and + * sockfs where you want the objects to be labeled with the + * SID of the creating process. + */ sbsec->uses_task = 1; break; case SECURITY_FS_USE_GENFS: - /* genfs_contexts handles everything else, like devfs, - usbdevfs, driverfs, and portions of proc. */ + /* + * genfs_contexts handles everything else, like devfs, + * usbdevfs, driverfs, and portions of proc. + */ sbsec->uses_genfs = 1; break; case SECURITY_FS_USE_NONE: - /* No labeling support configured for this filesystem type. - Don't appear to require labeling for binfmt_misc, bdev, - or rootfs. */ + /* + * No labeling support configured for this filesystem type. + * Don't appear to require labeling for binfmt_misc, bdev, + * or rootfs. + */ break; default: printf("%s: security_fs_use(%s) returned unrecognized " @@ -1079,10 +1060,9 @@ task = SLOT(cred->cr_label); dir = SLOT(parentlabel); vsec = SLOT(childlabel); - tclass = vnode_type_to_security_class (child->v_type); + tclass = vnode_type_to_security_class(child->v_type); - error = security_transition_sid(task->sid, dir->sid, tclass, - &newsid); + error = security_transition_sid(task->sid, dir->sid, tclass, &newsid); if (error) return (error); @@ -1109,14 +1089,10 @@ sebsd_check_cap(struct ucred *cred, cap_value_t capv) { - return cred_has_capability(cred, capv); + return (cred_has_capability(cred, capv)); } #endif -/* - * SEBSD does not support the relabeling of processes without - * transitioning. - */ static int sebsd_check_cred_relabel(struct ucred *cred, struct label *newlabel) { @@ -1127,23 +1103,19 @@ tsec = SLOT(cred->cr_label); if (nsec == NULL) - return 0; + return (0); rc = avc_has_perm_ref_audit(tsec->sid, tsec->sid, SECCLASS_PROCESS, - FILE__RELABELFROM, NULL, NULL); + FILE__RELABELFROM, NULL, NULL); if (rc) return (rc); rc = avc_has_perm_audit(tsec->sid, nsec->sid, SECCLASS_PROCESS, - FILE__RELABELTO, NULL); + FILE__RELABELTO, NULL); if (rc) return (rc); - /* - if (nsec != NULL && nsec->sid != tsec->sid) - return EPERM; - */ - return 0; + return (0); } static int @@ -1167,7 +1139,7 @@ if (rc) return (rc); - return 0; + return (0); } #define CHECK_SIMPLE_PERM(func,class,perm) \ @@ -1176,8 +1148,8 @@ struct task_security_struct *tsec, *psec; \ psec = SLOT(port); \ tsec = SLOT(task); \ - return avc_has_perm_ref_audit (tsec->sid, psec->sid, \ - SECCLASS_ ## class, class ## __ ## perm, NULL, NULL); \ + return (avc_has_perm_ref_audit (tsec->sid, psec->sid, \ + SECCLASS_ ## class, class ## __ ## perm, NULL, NULL)); \ } CHECK_SIMPLE_PERM(msg_send, MACH_PORT, SEND); @@ -1199,33 +1171,33 @@ const char *s, const char * pn) { struct task_security_struct *tsec, *psec; - struct class_datum *cld; - struct perm_datum *p; + struct class_datum *cld; + struct perm_datum *p; psec = SLOT(obj); tsec = SLOT(subj); cld = hashtab_search(policydb.p_classes.table, (void *)s); if (cld == NULL) - return EINVAL; + return (EINVAL); p = hashtab_search(cld->permissions.table, (void *)pn); if (p == NULL && cld->comdatum) p = hashtab_search(cld->comdatum->permissions.table, (void *)pn); if (p == NULL) - return EINVAL; + return (EINVAL); - return avc_has_perm_ref_audit(tsec->sid, psec->sid, cld->value, - 1 << (p->value-1), NULL, NULL); + return (avc_has_perm_ref_audit(tsec->sid, psec->sid, cld->value, + 1 << (p->value-1), NULL, NULL)); } static int -sebsd_request_label (struct label *subj, struct label *obj, const char *s, +sebsd_request_label(struct label *subj, struct label *obj, const char *s, struct label *out) { struct task_security_struct *tsec, *psec, *osec; - struct class_datum *cld; - struct perm_datum *p; + struct class_datum *cld; + struct perm_datum *p; psec = SLOT(obj); tsec = SLOT(subj); @@ -1233,10 +1205,10 @@ cld = hashtab_search(policydb.p_classes.table, (void *)s); if (cld == NULL) - return EINVAL; + return (EINVAL); - return security_change_sid(tsec->sid, psec->sid, cld->value, - &osec->sid); + return (security_change_sid(tsec->sid, psec->sid, cld->value, + &osec->sid)); } static int @@ -1248,11 +1220,11 @@ psec = SLOT(obj); tsec = SLOT(subj); - return sebsd_check_ipc_method1(tsec->sid,psec->sid, msgid); + return (sebsd_check_ipc_method1(tsec->sid,psec->sid, msgid)); } static int -sebsd_check_mount (struct ucred *cred, struct vnode *vp, struct label *vl, +sebsd_check_mount(struct ucred *cred, struct vnode *vp, struct label *vl, const char *vfc_name, struct label *mntlabel) { int rc; @@ -1265,29 +1237,28 @@ vsec = SLOT(vl); task = SLOT(cred->cr_label); - rc = vnode_has_perm (cred, vp, FILE__MOUNTON, NULL); + rc = vnode_has_perm(cred, vp, FILE__MOUNTON, NULL); if (rc) - return rc; + return (rc); if (mntlabel) { sbsec = SLOT(mntlabel); sid = sbsec->sid; - rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILE, + rc = avc_has_perm_ref_audit(task->sid, sid, SECCLASS_FILE, COMMON_FILE__RELABELTO, NULL, NULL); if (rc) - return rc; - } - else { - rc = security_fs_use (vfc_name, &behavior, &sid); + return (rc); + } else { + rc = security_fs_use(vfc_name, &behavior, &sid); if (rc) - return rc; + return (rc); } - rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILESYSTEM, + rc = avc_has_perm_ref_audit(task->sid, sid, SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, NULL, NULL); - return rc; + return (rc); } static int @@ -1303,12 +1274,12 @@ struct label *mntlabel, struct label *mount_arg_label) { - /* cannot change labels on filesystems */ + /* Cannot change labels on filesystems. */ if (mount_arg_label) { struct mount_security_struct *mla = SLOT(mntlabel); struct mount_security_struct *mlb = SLOT(mount_arg_label); if (mla->sid != mlb->sid) - return EINVAL; + return (EINVAL); } return (mount_has_perm(cred, mp, FILESYSTEM__REMOUNT, NULL)); } @@ -1360,22 +1331,21 @@ rc = avc_has_perm_ref(task->sid, file->sid, file->sclass, FIFO_FILE__RELABELFROM, &file->avcr); - if (rc) return (rc); rc = avc_has_perm(task->sid, newfile->sid, file->sclass, FIFO_FILE__RELABELTO, NULL, NULL); - /* - * TBD: SELinux also checks filesystem associate permission: - return avc_has_perm_audit(newsid, +#if 0 + /* TBD: SELinux also checks filesystem associate permission: */ + return (avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, - &ad); - */ - return(rc); + &ad)); +#endif + return (rc); } static int @@ -1512,13 +1482,12 @@ * So just make the transition. */ ntask->osid = otask->sid; - if (execlabel == NULL) { + if (execlabel == NULL) (void)security_transition_sid(otask->sid, file->sid, - SECCLASS_PROCESS, &ntask->sid); - } else { + SECCLASS_PROCESS, &ntask->sid); + else ntask->sid = ((struct task_security_struct *) SLOT(execlabel))->sid; - } if (otask->sid != ntask->sid) { /* @@ -1527,8 +1496,6 @@ * permission check if the parent was waiting. */ } - - return; } static int @@ -1550,24 +1517,12 @@ * Should have already checked all the permissions, so just see if * the SIDS are going to match. */ - if (execlabel == NULL) { + if (execlabel == NULL) (void)security_transition_sid(task->sid, file->sid, - SECCLASS_PROCESS, &newsid); -#if 0 - int len; - char *ts, *ns, *fs; - security_sid_to_context (task->sid, &ts, &len); - security_sid_to_context (file->sid, &fs, &len); - security_sid_to_context (newsid, &ns, &len); - printf ("transition: %s %s -> %s\n", ts, fs, ns); - security_free_context (ts); - security_free_context (fs); - security_free_context (ns); -#endif - } else { + SECCLASS_PROCESS, &newsid); + else newsid = ((struct task_security_struct *) SLOT(execlabel))->sid; - } return (newsid != task->sid); } @@ -1639,6 +1594,7 @@ source = SLOT(newlabel); dest = SLOT(pipelabel); + /* XXXRW: Should be KASSERT's? */ if (!source) { printf("sebsd_relabel_pipe:: source is NULL!\n"); return; @@ -1661,6 +1617,7 @@ source = SLOT(label); dest = SLOT(vnodelabel); + /* XXXRW: Should be KASSERT's? */ if (!source) { printf("sebsd_relabel_vnode:: source is NULL!\n"); return; @@ -1684,15 +1641,12 @@ newlabel = SLOT(intlabel); - error = security_sid_to_context(newlabel->sid, &context, - &context_len); + error = security_sid_to_context(newlabel->sid, &context, &context_len); if (error) return (error); - error = vn_extattr_set(vp, IO_NODELOCKED, - SEBSD_MAC_EXTATTR_NAMESPACE, - SEBSD_MAC_EXTATTR_NAME, - context_len, context, current_proc()); + error = vn_extattr_set(vp, IO_NODELOCKED, SEBSD_MAC_EXTATTR_NAMESPACE, + SEBSD_MAC_EXTATTR_NAME, context_len, context, current_proc()); security_free_context(context); return (error); } @@ -1704,10 +1658,10 @@ /* existence check (F_OK) */ if (acc_mode == 0) - return 0; + return (0); - return (vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), - NULL)); + return (vnode_has_perm(cred, vp, + file_mask_to_av(vp->v_type, acc_mode), NULL)); } static int @@ -1716,7 +1670,7 @@ { /* MAY_EXEC ~= DIR__SEARCH */ - return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL); + return (vnode_has_perm(cred, dvp, DIR__SEARCH, NULL)); } static int @@ -1726,7 +1680,7 @@ /* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */ /* MAY_EXEC ~= DIR__SEARCH */ - return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL); + return (vnode_has_perm(cred, dvp, DIR__SEARCH, NULL)); } static int @@ -1750,34 +1704,36 @@ ad.u.fs.vp = dvp; rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, - DIR__ADD_NAME | DIR__SEARCH, - &dir->avcr, &ad); + DIR__ADD_NAME | DIR__SEARCH, &dir->avcr, &ad); if (rc) - return rc; + return (rc); rc = security_transition_sid(task->sid, dir->sid, tclass, &newsid); if (rc) - return rc; + return (rc); rc = avc_has_perm_audit(task->sid, newsid, tclass, FILE__CREATE, &ad); if (rc) - return rc; + return (rc); if (dvp->v_mount) { - /* XXX: mpo_check_vnode_create should probably pass the mntlabel */ + /* + * XXX: mpo_check_vnode_create should probably pass the + * mntlabel + */ sbsec = SLOT(dvp->v_mount->mnt_mntlabel); if (sbsec == NULL) { printf ("create_vnode: no mount label for mnt=%s\n", dvp->v_mount->mnt_stat.f_mntonname); - return 0; + return (0); } - rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, - FILESYSTEM__ASSOCIATE, &ad); + rc = avc_has_perm_audit(newsid, sbsec->sid, + SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); if (rc) - return rc; + return (rc); } - return 0; + return (0); } static int @@ -1800,7 +1756,6 @@ rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, DIR__SEARCH | DIR__REMOVE_NAME, &dir->avcr, &ad); - if (rc) return (rc); @@ -1853,11 +1808,10 @@ rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS, &newsid); if (rc) - return EACCES; - } else { + return (EACCES); + } else newsid = ((struct task_security_struct *) SLOT(execlabel))->sid; - } AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; @@ -1865,23 +1819,20 @@ if (newsid == task->sid) { rc = avc_has_perm_audit(task->sid, file->sid, SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); - >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604192132.k3JLWNP3056919>