Date: Mon, 22 Jan 2007 16:09:55 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113351 for review Message-ID: <200701221609.l0MG9t7N028000@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113351 Change 113351 by millert@millert_macbook on 2007/01/22 16:08:54 Modify the mac_vnode_check_exec() API to take struct image_params instead of the label. The Framework should pull the label out of the object itself. Also add a struct componentname pointer to mpo_vnode_check_exec to avoid a call to vn_getpath(). Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#35 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#44 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#25 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#71 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#7 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/Makefile#2 (text+ko) ==== @@ -56,7 +56,7 @@ errno.h ev.h event.h fcntl.h file.h filedesc.h filio.h \ ioccom.h ioctl.h ipc.h \ ioctl_compat.h kernel.h kernel_types.h kern_event.h lctx.h lock.h lockf.h \ - kauth.h kdebug.h md5.h kern_control.h malloc.h namei.h \ + kauth.h kdebug.h md5.h kern_control.h imgact.h malloc.h namei.h \ mman.h mbuf.h mount.h mtio.h netport.h param.h paths.h \ proc.h queue.h quota.h random.h resource.h resourcevar.h \ sbuf.h posix_sem.h posix_shm.h sem.h shm.h \ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#35 (text+ko) ==== @@ -61,6 +61,7 @@ struct fileglob; struct ifnet; struct ifreq; +struct image_params; struct inpcb; struct ipq; struct lctx; @@ -373,7 +374,7 @@ int mac_vnode_check_exchangedata(struct ucred *cred, struct vnode *v1, struct vnode *v2); int mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, - struct label *execlabel); + struct image_params *imgp); int mac_vnode_check_getattrlist(struct ucred *cred, struct vnode *vp, struct attrlist *alist); int mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#44 (text+ko) ==== @@ -4487,6 +4487,7 @@ @param vp Object vnode to execute @param label Policy label for vp @param execlabel Userspace provided execution label + @param cnp Component name for file being executed Determine whether the subject identified by the credential can execute the passed vnode. Determination of execute privilege is made separately @@ -4505,7 +4506,8 @@ struct ucred *cred, struct vnode *vp, struct label *label, - struct label *execlabel /* NULLOK */ + struct label *execlabel, /* NULLOK */ + struct componentname *cnp ); /** @brief Access control check for retrieving file attributes ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#25 (text+ko) ==== @@ -42,6 +42,7 @@ #include <sys/kauth.h> #include <sys/file_internal.h> +#include <sys/imgact.h> #include <sys/namei.h> #include <sys/mount_internal.h> #include <sys/pipe.h> @@ -462,11 +463,13 @@ } int -mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, struct label *execl) +mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, + struct image_params *imgp) { int error; - MAC_CHECK(vnode_check_exec, cred, vp, vp->v_label, execl); + MAC_CHECK(vnode_check_exec, cred, vp, vp->v_label, + imgp->ip_execlabelp, &imgp->ip_ndp->ni_cnd); return (error); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#71 (text+ko) ==== @@ -2046,7 +2046,7 @@ static int sebsd_vnode_check_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct label *execlabel) + struct label *label, struct label *execlabel, struct componentname *cnp) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -2067,6 +2067,8 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf + cnp->cn_namelen; if (newsid == task->sid) { rc = avc_has_perm(task->sid, file->sid, SECCLASS_FILE,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221609.l0MG9t7N028000>