PERFORCE change 16433 for review
Brian Feldman
green at freebsd.org
Thu Aug 22 20:24:10 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16433
Change 16433 by green at green_laptop_2 on 2002/08/22 13:23:29
Here's a first pass at implementing Lomac in the TrustedBSD
framework. Well, it does some things, and doesn't crash... ;)
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#18 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_fork.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#256 edit
.. //depot/projects/trustedbsd/mac/sys/kern/subr_trap.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/modules/Makefile#30 edit
.. //depot/projects/trustedbsd/mac/sys/modules/mac_lomac/Makefile#1 add
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#1 add
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#1 add
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#40 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#157 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#121 edit
.. //depot/projects/trustedbsd/mac/sys/sys/proc.h#20 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c#18 (text+ko) ====
@@ -41,6 +41,7 @@
#include "opt_compat.h"
#include "opt_ktrace.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -61,6 +62,7 @@
#include <sys/ptrace.h>
#include <sys/acct.h> /* for acct_process() function prototype */
#include <sys/filedesc.h>
+#include <sys/mac.h>
#include <sys/shm.h>
#include <sys/sem.h>
#include <sys/jail.h>
@@ -745,6 +747,9 @@
*/
vm_waitproc(p);
mtx_destroy(&p->p_mtx);
+#ifdef MAC
+ mac_destroy_proc(p);
+#endif
uma_zfree(proc_zone, p);
sx_xlock(&allproc_lock);
nprocs--;
==== //depot/projects/trustedbsd/mac/sys/kern/kern_fork.c#17 (text+ko) ====
@@ -40,6 +40,7 @@
*/
#include "opt_ktrace.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -56,6 +57,7 @@
#include <sys/syscall.h>
#include <sys/vnode.h>
#include <sys/acct.h>
+#include <sys/mac.h>
#include <sys/ktr.h>
#include <sys/ktrace.h>
#include <sys/kthread.h>
@@ -306,6 +308,9 @@
/* Allocate new proc. */
newproc = uma_zalloc(proc_zone, M_WAITOK);
+#ifdef MAC
+ mac_init_proc(newproc);
+#endif
/*
* Although process entries are dynamically created, we still keep
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#256 (text+ko) ====
@@ -185,6 +185,8 @@
&nmacsockets, 0, "number of sockets in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, pipes, CTLFLAG_RD,
&nmacpipes, 0, "number of pipes in use");
+SYSCTL_UINT(_security_mac_debug, OID_AUTO, procs, CTLFLAG_RD,
+ &nmacprocs, 0, "number of procs in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD,
&nmacmounts, 0, "number of mounts in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD,
@@ -200,7 +202,7 @@
static int mac_policy_unregister(struct mac_policy_conf *mpc);
static int mac_stdcreatevnode_ea(struct vnode *vp);
-static void mac_cred_mmapped_drop_perms(struct thread *td,
+void mac_cred_mmapped_drop_perms(struct thread *td,
struct ucred *cred);
static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
struct ucred *cred, struct vm_map *map);
@@ -416,6 +418,10 @@
mpc->mpc_ops->mpo_init_pipe =
mpe->mpe_function;
break;
+ case MAC_INIT_PROC:
+ mpc->mpc_ops->mpo_init_proc =
+ mpe->mpe_function;
+ break;
case MAC_INIT_SOCKET:
mpc->mpc_ops->mpo_init_socket =
mpe->mpe_function;
@@ -460,6 +466,10 @@
mpc->mpc_ops->mpo_destroy_pipe =
mpe->mpe_function;
break;
+ case MAC_DESTROY_PROC:
+ mpc->mpc_ops->mpo_destroy_proc =
+ mpe->mpe_function;
+ break;
case MAC_DESTROY_SOCKET:
mpc->mpc_ops->mpo_destroy_socket =
mpe->mpe_function;
@@ -842,6 +852,10 @@
mpc->mpc_ops->mpo_check_vnode_write =
mpe->mpe_function;
break;
+ case MAC_PRE_SYSCALL_RETURN:
+ mpc->mpc_ops->mpo_pre_syscall_return =
+ mpe->mpe_function;
+ break;
/*
default:
printf("MAC policy `%s': unknown operation %d\n",
@@ -1133,6 +1147,28 @@
}
void
+mac_init_proc(struct proc *p)
+{
+
+ mac_init_label(&p->p_label);
+ MAC_PERFORM(init_proc, p, &p->p_label);
+#ifdef MAC_DEBUG
+ atomic_add_int(&nmacprocs, 1);
+#endif
+}
+
+void
+mac_destroy_proc(struct proc *p)
+{
+
+ MAC_PERFORM(destroy_proc, p, &p->p_label);
+ mac_destroy_label(&p->p_label);
+#ifdef MAC_DEBUG
+ atomic_subtract_int(&nmacprocs, 1);
+#endif
+}
+
+void
mac_init_bpfdesc(struct bpf_d *bpf_d)
{
@@ -2129,7 +2165,7 @@
* memory space, and revoke access (in the least surprising ways we
* know) when necessary. The process lock is not held here.
*/
-static void
+void
mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
{
@@ -2892,6 +2928,13 @@
return (mac_externalize(&so->so_label, extmac));
}
+void
+mac_pre_syscall_return(void)
+{
+
+ MAC_PERFORM(pre_syscall_return);
+}
+
int
mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
struct mac *extmac)
==== //depot/projects/trustedbsd/mac/sys/kern/subr_trap.c#11 (text+ko) ====
@@ -38,6 +38,7 @@
* $FreeBSD: src/sys/kern/subr_trap.c,v 1.221 2002/07/11 02:18:33 mini Exp $
*/
+#include "opt_mac.h"
#ifdef __i386__
#include "opt_npx.h"
#endif
@@ -48,6 +49,7 @@
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/proc.h>
+#include <sys/mac.h>
#include <sys/kse.h>
#include <sys/ktr.h>
#include <sys/resourcevar.h>
@@ -88,6 +90,9 @@
mtx_unlock(&Giant);
#endif
+#ifdef MAC
+ mac_pre_syscall_return();
+#endif
/*
* XXX we cheat slightly on the locking here to avoid locking in
* the usual case. Setting td_priority here is essentially an
==== //depot/projects/trustedbsd/mac/sys/modules/Makefile#30 (text+ko) ====
@@ -51,6 +51,7 @@
mac_biba \
mac_bsdextended \
mac_ifoff \
+ mac_lomac \
mac_mls \
mac_none \
mac_partition \
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#40 (text+ko) ====
@@ -87,6 +87,7 @@
#define MOUNTMAGIC 0xc7c46e47
#define SOCKETMAGIC 0x9199c6cd
#define PIPEMAGIC 0xdc6c9919
+#define PROCMAGIC 0x3b4be98f
#define CREDMAGIC 0x9a5a4987
#define TEMPMAGIC 0x70336678
#define VNODEMAGIC 0x1a67a45c
@@ -124,6 +125,9 @@
static int init_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
&init_count_pipe, 0, "pipe init calls");
+static int init_count_proc;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD,
+ &init_count_proc, 0, "pipe init calls");
static int init_count_temp;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD,
&init_count_temp, 0, "temp init calls");
@@ -158,6 +162,9 @@
static int destroy_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
&destroy_count_pipe, 0, "pipe destroy calls");
+static int destroy_count_proc;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD,
+ &destroy_count_proc, 0, "pipe destroy calls");
static int destroy_count_temp;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_temp, CTLFLAG_RD,
&destroy_count_temp, 0, "temp destroy calls");
@@ -276,6 +283,14 @@
}
static void
+mac_test_init_proc(struct proc *p, struct label *label)
+{
+
+ SLOT(label) = PROCMAGIC;
+ atomic_add_int(&init_count_proc, 1);
+}
+
+static void
mac_test_init_temp(struct label *label)
{
@@ -424,6 +439,20 @@
}
static void
+mac_test_destroy_proc(struct proc *p, struct label *label)
+{
+
+ if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) {
+ atomic_add_int(&destroy_count_proc, 1);
+ SLOT(label) = EXMAGIC;
+ } else if (SLOT(label) == EXMAGIC) {
+ Debugger("mac_test_destroy_proc: dup destroy");
+ } else {
+ Debugger("mac_test_destroy_proc: corrupted label");
+ }
+}
+
+static void
mac_test_destroy_temp(struct label *label)
{
@@ -1167,6 +1196,8 @@
(macop_t)mac_test_init_mount },
{ MAC_INIT_PIPE,
(macop_t)mac_test_init_pipe },
+ { MAC_INIT_PROC,
+ (macop_t)mac_test_init_proc },
{ MAC_INIT_SOCKET,
(macop_t)mac_test_init_socket },
{ MAC_INIT_TEMP,
@@ -1189,6 +1220,8 @@
(macop_t)mac_test_destroy_mount },
{ MAC_DESTROY_PIPE,
(macop_t)mac_test_destroy_pipe },
+ { MAC_DESTROY_PROC,
+ (macop_t)mac_test_destroy_proc },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_test_destroy_socket },
{ MAC_DESTROY_TEMP,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#157 (text+ko) ====
@@ -230,6 +230,7 @@
void mac_init_pipe(struct pipe *);
int mac_init_mbuf(struct mbuf *m, int how);
void mac_init_mount(struct mount *);
+void mac_init_proc(struct proc *);
void mac_init_vnode(struct vnode *);
void mac_destroy_bpfdesc(struct bpf_d *);
void mac_destroy_cred(struct ucred *);
@@ -238,6 +239,7 @@
void mac_destroy_ipq(struct ipq *);
void mac_destroy_socket(struct socket *);
void mac_destroy_pipe(struct pipe *);
+void mac_destroy_proc(struct proc *);
void mac_destroy_mbuf(struct mbuf *);
void mac_destroy_mount(struct mount *);
void mac_destroy_vnode(struct vnode *);
@@ -300,6 +302,7 @@
int mac_execve_will_transition(struct ucred *old, struct vnode *vp);
void mac_create_proc0(struct ucred *cred);
void mac_create_proc1(struct ucred *cred);
+void mac_pre_syscall_return(void);
/* Access control checks. */
int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
@@ -384,6 +387,7 @@
struct mac *extmac);
int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
struct label *label);
+void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
/*
* Calls to help various file systems implement labeling functionality
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#121 (text+ko) ====
@@ -81,6 +81,7 @@
int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label);
void (*mpo_init_mount)(struct mount *, struct label *mntlabel,
struct label *fslabel);
+ void (*mpo_init_proc)(struct proc *p, struct label *label);
void (*mpo_init_socket)(struct socket *so, struct label *label,
struct label *peerlabel);
void (*mpo_init_pipe)(struct pipe *pipe, struct label *label);
@@ -95,6 +96,7 @@
void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label);
void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel,
struct label *fslabel);
+ void (*mpo_destroy_proc)(struct proc *p, struct label *label);
void (*mpo_destroy_socket)(struct socket *so, struct label *label,
struct label *peerlabel);
void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label);
@@ -347,6 +349,7 @@
int (*mpo_check_vnode_write)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *label);
+ void (*mpo_pre_syscall_return)(void);
};
typedef const void *macop_t;
@@ -364,6 +367,7 @@
MAC_INIT_MBUF,
MAC_INIT_MOUNT,
MAC_INIT_PIPE,
+ MAC_INIT_PROC,
MAC_INIT_SOCKET,
MAC_INIT_TEMP,
MAC_INIT_VNODE,
@@ -375,6 +379,7 @@
MAC_DESTROY_MBUF,
MAC_DESTROY_MOUNT,
MAC_DESTROY_PIPE,
+ MAC_DESTROY_PROC,
MAC_DESTROY_SOCKET,
MAC_DESTROY_TEMP,
MAC_DESTROY_VNODE,
@@ -471,6 +476,7 @@
MAC_CHECK_VNODE_SETUTIMES,
MAC_CHECK_VNODE_STAT,
MAC_CHECK_VNODE_WRITE,
+ MAC_PRE_SYSCALL_RETURN,
};
struct mac_policy_op_entry {
==== //depot/projects/trustedbsd/mac/sys/sys/proc.h#20 (text+ko) ====
@@ -50,6 +50,7 @@
#include <sys/rtprio.h> /* XXX */
#include <sys/runq.h>
#include <sys/signal.h>
+#include <sys/_label.h>
#ifndef _KERNEL
#include <sys/time.h> /* For structs itimerval, timeval. */
#else
@@ -537,6 +538,7 @@
struct proc *p_peers; /* (c) */
struct proc *p_leader; /* (b) */
void *p_emuldata; /* (c) Emulator state data. */
+ struct label p_label; /* process (not subject) MAC label */
};
#define p_rlimit p_limit->pl_rlimit
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list