PERFORCE change 22205 for review

Chris Vance cvance at freebsd.org
Thu Dec 12 16:35:25 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=22205

Change 22205 by cvance at cvance_laptop on 2002/12/12 08:34:56

	- Complete implementation of create_devfs_symlink
	- Add comment in create mount, we aren't currently don't label
	  mountpoints correctly
	- Use label parameters in check_vnode_delete, rather than extracting
	  them ourselves
	- Fix some style mistakes 
	- Implement check_vnode_link, was ommitted by mistake
	- Use 'task' instead of 'tsec' for consistency

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#63 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#63 (text+ko) ====

@@ -482,42 +482,41 @@
     struct label *delabel, const char *fullpath)
 {
 
-#ifdef FULLY
-	/* TBD: path info not available (and the code below is broken) */
 	char *path;
-#endif
 	int rc;
 	security_id_t newsid;
 	struct vnode_security_struct *lnksec;
 	struct vnode_security_struct *dirsec;
+	struct mount_security_struct *sbsec;
+
+	/* TBD: Should probably be checking MAY_LINK/MAY_CREATE perms here */
 
 	dirsec = SLOT(ddlabel);
 	lnksec = SLOT(delabel);
+	sbsec = SLOT(&mp->mnt_mntlabel);
 
 	/* Default to the filesystem SID. */
 	lnksec->sid = dirsec->sid;
 	lnksec->task_sid = SECINITSID_KERNEL;
 	lnksec->sclass = SECCLASS_LNK_FILE;
 
-#ifdef FLUFFY
 	/* Obtain a SID based on the fstype, path, and class. */
-	path = malloc(strlen(dd->si_name) + 2, M_SEBSD, M_ZERO | M_WAITOK);
+	path = malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
 	path[0] = '/';
-	strcpy(&path[1], dev->si_name);
-	rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, 
+	strcpy(&path[1], fullpath);
+	rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass, 
 	    &newsid);
 	if (rc == 0)
-		dirent->sid = newsid;
+		lnksec->sid = newsid;
 
 	/* TBD: debugging */
-	if (sebsd_verbose > 1) {
-		printf("sebsd_create_devfs_device(%s): sbsid=%d, "
-		    "mountpoint=%s, rc=%d, sclass=%d, computedsid=%d, "
-		    "dirent=%d\n", path, sbsec->sid, mp->mnt_stat.f_mntonname,
-		    rc, dirent->sclass, newsid, dirent->sid);
+	if (1 || sebsd_verbose > 1) {
+		printf("%s(%s): sbsid=%d, mountpoint=%s, rc=%d, sclass=%d, "
+		    "computedsid=%d, dirent=%d\n", __func__, path, 
+		    sbsec->sid, mp->mnt_stat.f_mntonname, rc, 
+		    lnksec->sclass, newsid, lnksec->sid);
 	}
 	free(path, M_SEBSD);
-#endif /* FLUFFY */
 }
 
 static void
@@ -568,6 +567,12 @@
 		/* PSIDs only work for persistent file systems with
 		   unique and persistent inode numbers. */
 		sbsec->uses_psids = 1;
+
+		/* 
+		 * TBD: need to correctly label mountpoint with persistent
+		 * label at this point (currently vnode is unavailable)
+		 */
+
 		break;
 	case SECURITY_FS_USE_TRANS:
 		/* Transition SIDs are used for pseudo filesystems like 
@@ -968,17 +973,17 @@
 	int rc;
 
 	task = SLOT(&cred->cr_label);
-	file = SLOT(&vp->v_label);
-	dir  = SLOT(&dvp->v_label);
+	file = SLOT(label);
+	dir  = SLOT(dlabel);
 
 	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.vp = vp;
 
-	av = DIR__SEARCH | DIR__REMOVE_NAME;
 	rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, 
-				    av, &dir->avcr, &ad);
+	    DIR__SEARCH | DIR__REMOVE_NAME, &dir->avcr, &ad);
+
 	if (rc)
-		return rc;
+		return (rc);
 
 	if (file->sclass == SECCLASS_DIR)
 		av = DIR__RMDIR;
@@ -986,15 +991,17 @@
 		av = FILE__UNLINK;
 
 	rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, 
-				    av, &file->avcr, &ad);
-	return rc;
+	    av, &file->avcr, &ad);
+
+	return (rc);
 }
 
 static int
 sebsd_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
     struct label *label, acl_type_t type)
 {
-	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
+
+	return (vnode_has_perm(cred, vp, FILE__SETATTR, NULL));
 }
 
 static int
@@ -1076,6 +1083,34 @@
 }
 
 static int
+sebsd_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+	struct task_security_struct *task;
+	struct vnode_security_struct *dir, *file;
+	avc_audit_data_t ad;
+	int rc;
+
+	task = SLOT(&cred->cr_label);
+	file = SLOT(label);
+	dir  = SLOT(dlabel);
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+
+	rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, 
+	    DIR__SEARCH | DIR__ADD_NAME, &dir->avcr, &ad);
+	if (rc)
+		return rc;
+
+	rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, 
+	    FILE__LINK, &file->avcr, &ad);
+
+	return (0);
+}
+
+static int
 sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 
     struct label *dlabel, struct componentname *cnp)
 {
@@ -1396,10 +1431,10 @@
 sebsd_externalize_cred_label(struct label *label, char *element_name,
     char *element_data, size_t size, size_t *len, int *claimed)
 {
-	struct task_security_struct *tsec;
+	struct task_security_struct *task;
 
-	tsec = SLOT(label);
-	return (sebsd_externalize_sid(tsec->sid, element_name, element_data,
+	task = SLOT(label);
+	return (sebsd_externalize_sid(task->sid, element_name, element_data,
 	    size, len, claimed));
 }
 
@@ -1475,6 +1510,7 @@
 	.mpo_check_vnode_exec = sebsd_check_vnode_exec,
 	.mpo_check_vnode_getacl = sebsd_check_vnode_getacl,
 	.mpo_check_vnode_getextattr = sebsd_check_vnode_getextattr,
+	.mpo_check_vnode_link = sebsd_check_vnode_link,
 	.mpo_check_vnode_lookup = sebsd_check_vnode_lookup,
 	.mpo_check_vnode_mmap = sebsd_check_vnode_mmap,
 	.mpo_check_vnode_mprotect = sebsd_check_vnode_mmap,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list