From owner-p4-projects@FreeBSD.ORG Mon Jan 22 16:09:55 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A0AC916A404; Mon, 22 Jan 2007 16:09:55 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7CFEA16A402 for ; Mon, 22 Jan 2007 16:09:55 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 6BE1E13C4A6 for ; Mon, 22 Jan 2007 16:09:55 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0MG9tx1028003 for ; Mon, 22 Jan 2007 16:09:55 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0MG9t7N028000 for perforce@freebsd.org; Mon, 22 Jan 2007 16:09:55 GMT (envelope-from millert@freebsd.org) Date: Mon, 22 Jan 2007 16:09:55 GMT Message-Id: <200701221609.l0MG9t7N028000@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113351 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2007 16:09:55 -0000 http://perforce.freebsd.org/chv.cgi?CH=113351 Change 113351 by millert@millert_macbook on 2007/01/22 16:08:54 Modify the mac_vnode_check_exec() API to take struct image_params instead of the label. The Framework should pull the label out of the object itself. Also add a struct componentname pointer to mpo_vnode_check_exec to avoid a call to vn_getpath(). Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#35 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#44 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#25 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#71 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#7 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/Makefile#2 (text+ko) ==== @@ -56,7 +56,7 @@ errno.h ev.h event.h fcntl.h file.h filedesc.h filio.h \ ioccom.h ioctl.h ipc.h \ ioctl_compat.h kernel.h kernel_types.h kern_event.h lctx.h lock.h lockf.h \ - kauth.h kdebug.h md5.h kern_control.h malloc.h namei.h \ + kauth.h kdebug.h md5.h kern_control.h imgact.h malloc.h namei.h \ mman.h mbuf.h mount.h mtio.h netport.h param.h paths.h \ proc.h queue.h quota.h random.h resource.h resourcevar.h \ sbuf.h posix_sem.h posix_shm.h sem.h shm.h \ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#35 (text+ko) ==== @@ -61,6 +61,7 @@ struct fileglob; struct ifnet; struct ifreq; +struct image_params; struct inpcb; struct ipq; struct lctx; @@ -373,7 +374,7 @@ int mac_vnode_check_exchangedata(struct ucred *cred, struct vnode *v1, struct vnode *v2); int mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, - struct label *execlabel); + struct image_params *imgp); int mac_vnode_check_getattrlist(struct ucred *cred, struct vnode *vp, struct attrlist *alist); int mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#44 (text+ko) ==== @@ -4487,6 +4487,7 @@ @param vp Object vnode to execute @param label Policy label for vp @param execlabel Userspace provided execution label + @param cnp Component name for file being executed Determine whether the subject identified by the credential can execute the passed vnode. Determination of execute privilege is made separately @@ -4505,7 +4506,8 @@ struct ucred *cred, struct vnode *vp, struct label *label, - struct label *execlabel /* NULLOK */ + struct label *execlabel, /* NULLOK */ + struct componentname *cnp ); /** @brief Access control check for retrieving file attributes ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#25 (text+ko) ==== @@ -42,6 +42,7 @@ #include #include +#include #include #include #include @@ -462,11 +463,13 @@ } int -mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, struct label *execl) +mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, + struct image_params *imgp) { int error; - MAC_CHECK(vnode_check_exec, cred, vp, vp->v_label, execl); + MAC_CHECK(vnode_check_exec, cred, vp, vp->v_label, + imgp->ip_execlabelp, &imgp->ip_ndp->ni_cnd); return (error); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#71 (text+ko) ==== @@ -2046,7 +2046,7 @@ static int sebsd_vnode_check_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct label *execlabel) + struct label *label, struct label *execlabel, struct componentname *cnp) { struct task_security_struct *task; struct vnode_security_struct *file; @@ -2067,6 +2067,8 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; + ad.u.fs.path = cnp->cn_pnbuf; + ad.u.fs.pathlen = cnp->cn_nameptr - cnp->cn_pnbuf + cnp->cn_namelen; if (newsid == task->sid) { rc = avc_has_perm(task->sid, file->sid, SECCLASS_FILE,