PERFORCE change 15617 for review
Robert Watson
rwatson at freebsd.org
Tue Aug 6 17:12:30 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15617
Change 15617 by rwatson at rwatson_tislabs on 2002/08/06 10:11:56
Break mac_check_vnode_op() out into mac_check_vnode_poll(),
mac_check_vnode_read(), and mac_check_vnode_write().
While I'm doing this, break out the single cred argument into
two credentials: active_cred, the credential requesting the
operation, and saved_cred, and optional credential that has
been saved as part of the object access path (usually
struct file, but not always). This permits policies to
make access control decisions based on either of the two,
permitting policies to select a traditional "use the rights
at open" model, or "use the rights at each operation" model.
While here, convert mac_{biba,mls,te} to use the 'rights
at each operation' model for vnode operations. Pipe
operations remain to be addressed.
Introduce a few XXXMAC's and XXX's where there are questionable
credential choices. In particular, we need to modify the
file_op array calls in the file descriptor handling code to
select both an active and a saved credential, not just the
saved credential. This is a first step towards cleaning up
some nasty credential behavior in the VFS code.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#227 edit
.. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#73 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#38 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#93 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#76 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#61 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#67 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#31 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#143 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#108 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#13 (text+ko) ====
@@ -771,7 +771,7 @@
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(cred, NULL, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#227 (text+ko) ====
@@ -749,12 +749,16 @@
mpc->mpc_ops->mpo_check_vnode_mmap_perms =
mpe->mpe_function;
break;
- case MAC_CHECK_VNODE_OP:
- mpc->mpc_ops->mpo_check_vnode_op =
+ case MAC_CHECK_VNODE_OPEN:
+ mpc->mpc_ops->mpo_check_vnode_open =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_VNODE_POLL:
+ mpc->mpc_ops->mpo_check_vnode_poll =
mpe->mpe_function;
break;
- case MAC_CHECK_VNODE_OPEN:
- mpc->mpc_ops->mpo_check_vnode_open =
+ case MAC_CHECK_VNODE_READ:
+ mpc->mpc_ops->mpo_check_vnode_read =
mpe->mpe_function;
break;
case MAC_CHECK_VNODE_READDIR:
@@ -809,6 +813,10 @@
mpc->mpc_ops->mpo_check_vnode_stat =
mpe->mpe_function;
break;
+ case MAC_CHECK_VNODE_WRITE:
+ mpc->mpc_ops->mpo_check_vnode_write =
+ mpe->mpe_function;
+ break;
/*
default:
printf("MAC policy `%s': unknown operation %d\n",
@@ -1708,39 +1716,60 @@
}
int
-mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+ return (error);
+}
+
+int
+mac_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp)
{
int error;
if (!mac_enforce_fs)
return (0);
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_op");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll");
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_op, cred, vp, &vp->v_label, op);
+ MAC_CHECK(check_vnode_poll, active_cred, saved_cred, vp, &vp->v_label);
return (error);
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
-
if (!mac_enforce_fs)
return (0);
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read");
+
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
+ MAC_CHECK(check_vnode_read, active_cred, saved_cred, vp, &vp->v_label);
+
return (error);
}
@@ -1996,6 +2025,26 @@
return (error);
}
+int
+mac_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp)
+{
+ int error;
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write");
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_write, active_cred, saved_cred, vp, &vp->v_label);
+
+ return (error);
+}
+
/*
* When relabeling a process, call out to the policies for the maximum
* permission allowed for each object type we know about in its
==== //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#11 (text+ko) ====
@@ -129,7 +129,12 @@
if (ttyvp == NULL)
return (EIO);
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
- error = VOP_READ(ttyvp, uio, flag, NOCRED);
+#ifdef MAC
+ error = mac_check_vnode_read(td->td_ucred, NOCRED, ttyvp);
+ if (error == 0)
+#endif
+ /* XXX: Should this NOCRED be td->td_ucred? */
+ error = VOP_READ(ttyvp, uio, flag, NOCRED);
VOP_UNLOCK(ttyvp, 0, td);
return (error);
}
@@ -160,10 +165,10 @@
return (error);
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- /* XXX: shouldn't the cred below be td->td_ucred not NOCRED? */
- error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, NOCRED, ttyvp);
if (error == 0)
#endif
+ /* XXX: Should this NOCRED be td->td_ucred? */
error = VOP_WRITE(ttyvp, uio, flag, NOCRED);
VOP_UNLOCK(ttyvp, 0, td);
vn_finished_write(mp);
@@ -232,7 +237,7 @@
return (seltrue(dev, events, td));
#ifdef MAC
vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_POLL);
+ error = mac_check_vnode_poll(td->td_ucred, NOCRED, ttyvp);
VOP_UNLOCK(ttyvp, 0, td);
if (error)
return (error);
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#73 (text+ko) ====
@@ -734,8 +734,7 @@
vat.va_size = 0;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp);
if (error == 0)
#endif
error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
@@ -2399,8 +2398,8 @@
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp) {
+ }
#endif
else if ((error = vn_writechk(vp)) == 0 &&
(error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
@@ -2457,8 +2456,8 @@
if (vp->v_type == VDIR)
error = EISDIR;
#ifdef MAC
- else if ((error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE))) {}
+ else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp) {
+ }
#endif
else if ((error = vn_writechk(vp)) == 0) {
VATTR_NULL(&vattr);
@@ -3424,8 +3423,11 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */
#ifdef MAC
- error = mac_check_vnode_op(td->td_ucred, vp,
- MAC_OP_VNODE_WRITE);
+ /*
+ * We don't yet have fp->f_cred, so use td->td_ucred, which
+ * should be right.
+ */
+ error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp);
if (error == 0) {
#endif
VATTR_NULL(vap);
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#38 (text+ko) ====
@@ -400,13 +400,15 @@
auio.uio_td = td;
if (rw == UIO_READ) {
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
+ /* XXXMAC: we should pass in active_cred to vn_rdwr(). */
+ error = mac_check_vnode_read(td->td_ucred, cred, vp);
if (error == 0)
#endif
error = VOP_READ(vp, &auio, ioflg, cred);
} else {
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ /* XXXMAC: we should pass in active_cred to vn_rdwr(). */
+ error = mac_check_vnode_write(td->td_ucred, cred, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, &auio, ioflg, cred);
@@ -497,7 +499,8 @@
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
+ /* XXXMAC: We should pass active_cred into vn_read(). */
+ error = mac_check_vnode_read(td->td_ucred, cred, vp);
if (error == 0)
#endif
error = VOP_READ(vp, uio, ioflag, cred);
@@ -552,7 +555,8 @@
uio->uio_offset = fp->f_offset;
ioflag |= sequential_heuristic(uio, fp);
#ifdef MAC
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ /* XXXMAC: We should pass active_cred into vn_write().
+ error = mac_check_vnode_write(td->td_ucred, cred, vp);
if (error == 0)
#endif
error = VOP_WRITE(vp, uio, ioflag, cred);
@@ -796,7 +800,8 @@
vp = (struct vnode *)fp->f_data;
#ifdef MAC
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_POLL);
+ /* XXXMAC: We should pass active_cred into vn_poll(). */
+ error = mac_check_vnode_poll(td->td_ucred, cred, vp);
VOP_UNLOCK(vp, 0, td);
if (error)
return (error);
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#93 (text+ko) ====
@@ -1847,6 +1847,40 @@
}
static int
+mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled || !mac_biba_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+ return (0);
+}
+
+static int
+mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled || !mac_biba_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+ return (0);
+}
+
+static int
mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -2131,6 +2165,23 @@
return (0);
}
+static int
+mac_biba_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled || !mac_biba_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_biba_dominate_single(subj, obj))
+ return (EACCES);
+ return (0);
+}
+
static vm_prot_t
mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
struct label *label, int newmapping)
@@ -2151,36 +2202,6 @@
return (prot);
}
-static int
-mac_biba_check_vnode_op(struct ucred *cred, struct vnode *vp,
- struct label *label, int op)
-{
- struct mac_biba *subj, *obj;
-
- if (!mac_biba_enabled || !mac_biba_revocation_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- switch (op) {
- case MAC_OP_VNODE_POLL:
- case MAC_OP_VNODE_READ:
- if (!mac_biba_dominate_single(obj, subj))
- return (EACCES);
- return (0);
-
- case MAC_OP_VNODE_WRITE:
- if (!mac_biba_dominate_single(subj, obj))
- return (EACCES);
- return (0);
-
- default:
- printf("mac_biba_check_vnode_op: unknown operation %d\n", op);
- return (EINVAL);
- }
-}
-
static struct mac_policy_op_entry mac_biba_ops[] =
{
{ MAC_DESTROY,
@@ -2365,6 +2386,10 @@
(macop_t)mac_biba_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_biba_check_vnode_open },
+ { MAC_CHECK_VNODE_POLL,
+ (macop_t)mac_biba_check_vnode_poll },
+ { MAC_CHECK_VNODE_READ,
+ (macop_t)mac_biba_check_vnode_read },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_biba_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
@@ -2391,10 +2416,10 @@
(macop_t)mac_biba_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_biba_check_vnode_stat },
+ { MAC_CHECK_VNODE_WRITE,
+ (macop_t)mac_biba_check_vnode_write },
{ MAC_CHECK_VNODE_MMAP_PERMS,
(macop_t)mac_biba_check_vnode_mmap_perms },
- { MAC_CHECK_VNODE_OP,
- (macop_t)mac_biba_check_vnode_op },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#76 (text+ko) ====
@@ -1803,6 +1803,40 @@
}
static int
+mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled || !mac_mls_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+ return (0);
+}
+
+static int
+mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled || !mac_mls_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+ return (0);
+}
+
+static int
mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -2087,6 +2121,23 @@
return (0);
}
+static int
+mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled || !mac_mls_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ if (!mac_mls_dominate_single(obj, subj))
+ return (EACCES);
+ return (0);
+}
+
static vm_prot_t
mac_mls_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
struct label *label, int newmapping)
@@ -2107,36 +2158,6 @@
return (prot);
}
-static int
-mac_mls_check_vnode_op(struct ucred *cred, struct vnode *vp,
- struct label *label, int op)
-{
- struct mac_mls *subj, *obj;
-
- if (!mac_mls_enabled || !mac_mls_revocation_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- switch (op) {
- case MAC_OP_VNODE_POLL:
- case MAC_OP_VNODE_READ:
- if (!mac_mls_dominate_single(subj, obj))
- return (EACCES);
- return (0);
-
- case MAC_OP_VNODE_WRITE:
- if (!mac_mls_dominate_single(obj, subj))
- return (EACCES);
- return (0);
-
- default:
- printf("mac_mls_check_vnode_op: unknown operation %d\n", op);
- return (EINVAL);
- }
-}
-
static struct mac_policy_op_entry mac_mls_ops[] =
{
{ MAC_DESTROY,
@@ -2321,6 +2342,10 @@
(macop_t)mac_mls_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_mls_check_vnode_open },
+ { MAC_CHECK_VNODE_POLL,
+ (macop_t)mac_mls_check_vnode_poll },
+ { MAC_CHECK_VNODE_READ,
+ (macop_t)mac_mls_check_vnode_read },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_mls_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
@@ -2347,10 +2372,10 @@
(macop_t)mac_mls_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_mls_check_vnode_stat },
+ { MAC_CHECK_VNODE_WRITE,
+ (macop_t)mac_mls_check_vnode_write },
{ MAC_CHECK_VNODE_MMAP_PERMS,
(macop_t)mac_mls_check_vnode_mmap_perms },
- { MAC_CHECK_VNODE_OP,
- (macop_t)mac_mls_check_vnode_op },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#61 (text+ko) ====
@@ -775,6 +775,22 @@
}
static int
+mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
+static int
+mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
+static int
mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
struct label *dlabel)
{
@@ -880,6 +896,14 @@
return (0);
}
+static int
+mac_none_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
static struct mac_policy_op_entry mac_none_ops[] =
{
{ MAC_DESTROY,
@@ -1072,6 +1096,10 @@
(macop_t)mac_none_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_none_check_vnode_open },
+ { MAC_CHECK_VNODE_POLL,
+ (macop_t)mac_none_check_vnode_poll },
+ { MAC_CHECK_VNODE_READ,
+ (macop_t)mac_none_check_vnode_read },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_none_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
@@ -1098,6 +1126,8 @@
(macop_t)mac_none_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_none_check_vnode_stat },
+ { MAC_CHECK_VNODE_WRITE,
+ (macop_t)mac_none_check_vnode_write },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#67 (text+ko) ====
@@ -115,7 +115,7 @@
int tr_operation;
};
-static int mac_te_check_open_vnode(struct ucred *cred, struct vnode *vp,
+static int mac_te_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, mode_t acc_mode);
/*
@@ -1094,7 +1094,7 @@
struct label *label, mode_t flags)
{
- return (mac_te_check_open_vnode(cred, vp, label, flags));
+ return (mac_te_check_vnode_open(cred, vp, label, flags));
}
static int
@@ -1246,45 +1246,7 @@
}
static int
-mac_te_check_vnode_op(struct ucred *cred, struct vnode *vp,
- struct label *label, int op)
-{
- struct mac_te *subj, *obj;
- int error, te_class, te_op;
-
- if (!mac_te_revocation_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- te_class = MAC_TE_CLASS_FILE;
- switch (op) {
- case MAC_OP_VNODE_POLL:
- te_op = MAC_TE_OPERATION_FILE_POLL;
- break;
-
- case MAC_OP_VNODE_READ:
- te_op = MAC_TE_OPERATION_FILE_READ;
- break;
-
- case MAC_OP_VNODE_WRITE:
- te_op = MAC_TE_OPERATION_FILE_WRITE;
- break;
-
- default:
- printf("mac_te_check_vnode_op: unknown operation %d\n",
- op);
- return (EINVAL);
- }
-
- error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE, te_op);
-
- return (error);
-}
-
-static int
-mac_te_check_open_vnode(struct ucred *cred, struct vnode *vp,
+mac_te_check_vnode_open(struct ucred *cred, struct vnode *vp,
struct label *filelabel, mode_t acc_mode)
{
struct mac_te *subj, *obj;
@@ -1353,6 +1315,44 @@
}
static int
+mac_te_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_te *subj, *obj;
+ int error;
+
+ if (!mac_te_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE,
+ MAC_TE_OPERATION_FILE_POLL);
+
+ return (error);
+}
+
+static int
+mac_te_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_te *subj, *obj;
+ int error;
+
+ if (!mac_te_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE,
+ MAC_TE_OPERATION_FILE_READ);
+
+ return (error);
+}
+
+static int
mac_te_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -1563,7 +1563,7 @@
}
static int
-mac_te_check_stat_vnode(struct ucred *cred, struct vnode *vp,
+mac_te_check_vnode_stat(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -1580,6 +1580,25 @@
}
}
+static int
+mac_te_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+ struct mac_te *subj, *obj;
+ int error;
+
+ if (!mac_te_revocation_enabled)
+ return (0);
+
+ subj = SLOT(&active_cred->cr_label);
+ obj = SLOT(label);
+
+ error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE,
+ MAC_TE_OPERATION_FILE_WRITE);
+
+ return (error);
+}
+
static void
mac_te_execve_transition(struct ucred *old, struct ucred *new,
struct vnode *vp, struct label *filelabel)
@@ -1801,7 +1820,12 @@
(macop_t)mac_te_check_vnode_getextattr },
{ MAC_CHECK_VNODE_LOOKUP,
(macop_t)mac_te_check_vnode_lookup },
- { MAC_CHECK_VNODE_OPEN, (macop_t)mac_te_check_open_vnode },
+ { MAC_CHECK_VNODE_OPEN,
+ (macop_t)mac_te_check_vnode_open },
+ { MAC_CHECK_VNODE_POLL,
+ (macop_t)mac_te_check_vnode_poll },
+ { MAC_CHECK_VNODE_READ,
+ (macop_t)mac_te_check_vnode_read },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_te_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
@@ -1827,13 +1851,15 @@
{ MAC_CHECK_VNODE_SETUTIMES,
(macop_t)mac_te_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
- (macop_t)mac_te_check_stat_vnode },
+ (macop_t)mac_te_check_vnode_stat },
+ { MAC_CHECK_VNODE_WRITE,
+ (macop_t)mac_te_check_vnode_write },
{ MAC_CHECK_VNODE_MMAP_PERMS,
(macop_t)mac_te_check_vnode_mmap_perms },
- { MAC_CHECK_VNODE_OP,
- (macop_t)mac_te_check_vnode_op },
- { MAC_EXTERNALIZE, (macop_t)mac_te_externalize },
- { MAC_INTERNALIZE, (macop_t)mac_te_internalize },
+ { MAC_EXTERNALIZE,
+ (macop_t)mac_te_externalize },
+ { MAC_INTERNALIZE,
+ (macop_t)mac_te_internalize },
{ MAC_UPDATE_DEVFSDIRENT,
(macop_t)mac_te_update_devfsdirent },
{ MAC_UPDATE_PROCFSVNODE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#31 (text+ko) ====
@@ -983,6 +983,22 @@
}
static int
+mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
+static int
+mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
+static int
mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dlabel)
{
@@ -1088,6 +1104,14 @@
return (0);
}
+static int
+mac_test_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred,
+ struct vnode *vp, struct label *label)
+{
+
+ return (0);
+}
+
static struct mac_policy_op_entry mac_test_ops[] =
{
{ MAC_DESTROY,
@@ -1278,6 +1302,10 @@
(macop_t)mac_test_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_test_check_vnode_open },
+ { MAC_CHECK_VNODE_POLL,
+ (macop_t)mac_test_check_vnode_poll },
+ { MAC_CHECK_VNODE_READ,
+ (macop_t)mac_test_check_vnode_read },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_test_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
@@ -1304,6 +1332,8 @@
(macop_t)mac_test_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_test_check_vnode_stat },
+ { MAC_CHECK_VNODE_WRITE,
+ (macop_t)mac_test_check_vnode_write },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#143 (text+ko) ====
@@ -357,9 +357,12 @@
/* XXX This u_char should be vm_prot_t! */
u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp,
int newmapping);
-int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op);
int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
mode_t acc_mode);
+int mac_check_vnode_poll(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp, struct label *label);
+int mac_check_vnode_read(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp, struct label *label);
int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
@@ -392,6 +395,8 @@
struct mac *extmac);
int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
struct label *label);
+int mac_check_vnode_write(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp, struct label *label);
/*
* Calls to help various file systems implement labeling functionality
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#108 (text+ko) ====
@@ -291,10 +291,14 @@
struct componentname *cnp);
vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred,
struct vnode *vp, struct label *label, int newmapping);
- int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp,
- struct label *label, int op);
int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t acc_mode);
+ int (*mpo_check_vnode_poll)(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp,
+ struct label *label);
+ int (*mpo_check_vnode_read)(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp,
+ struct label *label);
int (*mpo_check_vnode_readdir)(struct ucred *cred,
struct vnode *dvp, struct label *dlabel);
int (*mpo_check_vnode_readlink)(struct ucred *cred,
@@ -329,6 +333,9 @@
struct timespec atime, struct timespec mtime);
int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp,
struct label *label);
+ int (*mpo_check_vnode_write)(struct ucred *active_cred,
+ struct ucred *saved_cred, struct vnode *vp,
+ struct label *label);
};
typedef const void *macop_t;
@@ -431,9 +438,10 @@
MAC_CHECK_VNODE_GETACL,
MAC_CHECK_VNODE_GETEXTATTR,
MAC_CHECK_VNODE_LOOKUP,
- MAC_CHECK_VNODE_OP,
+ MAC_CHECK_VNODE_MMAP_PERMS,
MAC_CHECK_VNODE_OPEN,
- MAC_CHECK_VNODE_MMAP_PERMS,
+ MAC_CHECK_VNODE_POLL,
+ MAC_CHECK_VNODE_READ,
MAC_CHECK_VNODE_READDIR,
MAC_CHECK_VNODE_READLINK,
MAC_CHECK_VNODE_RELABEL,
@@ -447,6 +455,7 @@
MAC_CHECK_VNODE_SETOWNER,
MAC_CHECK_VNODE_SETUTIMES,
MAC_CHECK_VNODE_STAT,
+ MAC_CHECK_VNODE_WRITE,
};
struct mac_policy_op_entry {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list