cvs commit: src/sys/sys conf.h mac.h mac_policy.h src/sys/kern
kern_conf.c tty_pty.c src/sys/security/mac mac_vfs.c
src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac
mac_lomac.c src/sys/security/mac_mls mac_mls.c ...
Robert Watson
rwatson at FreeBSD.org
Thu Jul 14 10:22:10 GMT 2005
rwatson 2005-07-14 10:22:09 UTC
FreeBSD src repository
Modified files:
sys/sys conf.h mac.h mac_policy.h
sys/kern kern_conf.c tty_pty.c
sys/security/mac mac_vfs.c
sys/security/mac_biba mac_biba.c
sys/security/mac_lomac mac_lomac.c
sys/security/mac_mls mac_mls.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/fs/devfs devfs_devs.c devfs_vnops.c
Log:
When devfs cloning takes place, provide access to the credential of the
process that caused the clone event to take place for the device driver
creating the device. This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.
- Add a cred reference to struct cdev, so that when a device node is
instantiated as a vnode, the cloning credential can be exposed to
MAC.
- Add make_dev_cred(), a version of make_dev() that additionally
accepts the credential to stick in the struct cdev. Implement it and
make_dev() in terms of a back-end make_dev_credv().
- Add a new event handler, dev_clone_cred, which can be registered to
receive the credential instead of dev_clone, if desired.
- Modify the MAC entry point mac_create_devfs_device() to accept an
optional credential pointer (may be NULL), so that MAC policies can
inspect and act on the label or other elements of the credential
when initializing the skeleton device protections.
- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
so that the pty clone credential is exposed to the MAC Framework.
While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty. This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.
Submitted by: Andrew Reisse <andrew.reisse at sparta.com>
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
MFC after: 1 week
MFC note: Merge to 6.x, but not 5.x for ABI reasons
Revision Changes Path
1.37 +2 -1 src/sys/fs/devfs/devfs_devs.c
1.115 +7 -3 src/sys/fs/devfs/devfs_vnops.c
1.187 +40 -5 src/sys/kern/kern_conf.c
1.138 +8 -7 src/sys/kern/tty_pty.c
1.109 +7 -2 src/sys/security/mac/mac_vfs.c
1.88 +2 -2 src/sys/security/mac_biba/mac_biba.c
1.36 +2 -2 src/sys/security/mac_lomac/mac_lomac.c
1.73 +2 -2 src/sys/security/mac_mls/mac_mls.c
1.53 +2 -2 src/sys/security/mac_stub/mac_stub.c
1.61 +5 -2 src/sys/security/mac_test/mac_test.c
1.223 +8 -0 src/sys/sys/conf.h
1.68 +2 -2 src/sys/sys/mac.h
1.67 +5 -1 src/sys/sys/mac_policy.h
More information about the cvs-src
mailing list