PERFORCE change 22551 for review
Chris Vance
cvance at freebsd.org
Fri Dec 20 14:12:33 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22551
Change 22551 by cvance at cvance_laptop on 2002/12/20 06:11:57
Implement the sebsd_load_policy system call for SEBSD so that
the policy may be updated at run time. This will NOT revoke
existing permissions, it just permits a new policy to be
loaded into the security server. It's primary use is in
developing policy configuration for test machines. This
functionality required some pretty stiff locking (effectively
bringing the system to a halt), but loading a policy is not
expected to occur very frequently.
To support the above changes, the file open/read/close
operations now grab Giant. Additionally, the open operation
can now take a pathname from a userspace string.
Affected files ...
.. //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 edit
Differences ...
==== //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 (text+ko) ====
@@ -56,3 +56,9 @@
{
return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_TOGGLE , NULL);
}
+
+int
+sebsd_load_policy(const char *path)
+{
+ return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path);
+}
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 (text+ko) ====
@@ -117,16 +117,35 @@
task = SLOT(&cred->cr_label);
- return avc_has_perm(task->sid, SECINITSID_KERNEL,
- SECCLASS_SYSTEM, perm);
+ return (avc_has_perm(task->sid, SECINITSID_KERNEL,
+ SECCLASS_SYSTEM, perm));
+}
+
+static int
+cred_has_security(struct ucred *cred, access_vector_t perm)
+{
+ struct task_security_struct *task;
+
+ task = SLOT(&cred->cr_label);
+
+ return (avc_has_perm(task->sid, SECINITSID_SECURITY,
+ SECCLASS_SECURITY, perm));
}
int
thread_has_system(struct thread *td, access_vector_t perm)
{
+
return (cred_has_system(td->td_proc->p_ucred, perm));
}
+int
+thread_has_security(struct thread *td, access_vector_t perm)
+{
+
+ return (cred_has_security(td->td_proc->p_ucred, perm));
+}
+
static __inline security_class_t
vnode_type_to_security_class(enum vtype vt)
{
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 (text+ko) ====
@@ -53,6 +53,7 @@
extern int security_init(void);
extern int sebsd_syscall(struct thread *td, int call, void *args);
extern int thread_has_system(struct thread *td, access_vector_t perm);
+extern int thread_has_security(struct thread *td, access_vector_t perm);
#endif /* _KERNEL */
#endif /* _SYS_SECURITY_SEBSD_H */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 (text+ko) ====
@@ -42,7 +42,32 @@
#include <security/sebsd/sebsd.h>
#include <security/sebsd/sebsd_syscalls.h>
+#include <security/sebsd/linux-compat.h>
#include <security/sebsd/avc/avc.h>
+#include <security/sebsd/ss/fileutils.h>
+#include <security/sebsd/ss/services.h>
+
+static int
+sys_load_policy(struct thread *td, char *path)
+{
+ FILE *fp;
+ int rc;
+
+ rc = thread_has_security(td, SECURITY__LOAD_POLICY);
+ if (rc)
+ return (rc);
+
+ fp = sebsd_fopen(path, "r", UIO_USERSPACE);
+ if (!fp) {
+ printf("ss: unable to open policy file\n");
+ return (EINVAL);
+ }
+
+ rc = security_load_policy(fp);
+ (void)fclose(fp);
+
+ return (rc);
+}
int
sebsd_syscall(struct thread *td, int call, void *args)
@@ -56,6 +81,9 @@
case SEBSDCALL_AVC_ENFORCING:
err = sys_avc_enforcing(td);
break;
+ case SEBSDCALL_LOAD_POLICY:
+ err = sys_load_policy(td, (char *)args);
+ break;
default:
err = EINVAL;
break;
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 (text+ko) ====
@@ -4,10 +4,11 @@
/*
* TBD: Should we really try to line up with SELinux?
*/
-#define SEBSDCALL_AVC_TOGGLE 11
-#define SEBSDCALL_AVC_ENFORCING 40
+#define SEBSDCALL_LOAD_POLICY 7
+#define SEBSDCALL_AVC_TOGGLE 11
+#define SEBSDCALL_AVC_ENFORCING 40
-#define SEBSDCALL_NUM 40
+#define SEBSDCALL_NUM 40
/* Structure definitions for compute_av call */
struct security_query {
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 (text+ko) ====
@@ -130,7 +130,10 @@
}
h->htable[i] = NULL;
}
+ /* XXX TBD: Shouldn't need giant for deallocation */
+ mtx_lock(&Giant);
sebsd_free(h->htable, M_SEBSD_SS);
+ mtx_unlock(&Giant);
}
@@ -164,8 +167,12 @@
{
int i;
+ /* XXX TBD: Shouldn't need giant for allocation */
+ mtx_lock(&Giant);
h->htable = sebsd_malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE,
- M_SEBSD_SS, M_WAITOK | M_ZERO);
+ M_SEBSD_SS, M_WAITOK | M_ZERO);
+ mtx_unlock(&Giant);
+
if (!h->htable)
return -1;
for (i = 0; i < AVTAB_SIZE; i++)
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 (text+ko) ====
@@ -53,14 +53,16 @@
{
int error;
+ mtx_lock(&Giant);
error = vn_close(fp->FILE_vp, fp->FILE_saved_open_flags,
curthread->td_ucred, curthread);
+ mtx_unlock(&Giant);
sebsd_free(fp, M_TEMP);
return (error);
}
FILE *
-fopen(const char *path, const char *type)
+sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg)
{
struct nameidata nd;
struct thread *td = curthread;
@@ -71,12 +73,15 @@
return (NULL);
fp = sebsd_malloc(sizeof(*fp), M_TEMP, M_WAITOK | M_ZERO);
fp->FILE_saved_open_flags = FREAD;
- NDINIT(&nd, LOOKUP, LOCKLEAF, UIO_SYSSPACE, path, td);
+ mtx_lock(&Giant);
+ NDINIT(&nd, LOOKUP, LOCKLEAF, pathseg, path, td);
error = vn_open(&nd, &fp->FILE_saved_open_flags, 0);
if (error)
return (NULL);
NDFREE(&nd, NDF_ONLY_PNBUF);
VOP_UNLOCK(nd.ni_vp, 0, td);
+ mtx_unlock(&Giant);
+
fp->FILE_vp = nd.ni_vp;
fp->FILE_uio.uio_iov = &fp->FILE_iov;
fp->FILE_uio.uio_iovcnt = 1;
@@ -89,6 +94,13 @@
return (fp);
}
+FILE *
+fopen(const char *path, const char *type)
+{
+
+ return (sebsd_fopen(path, type, UIO_SYSSPACE));
+}
+
size_t
fread(void *ptr, size_t size, size_t nmemb, FILE *fp)
{
@@ -97,9 +109,11 @@
fp->FILE_uio.uio_iov->iov_base = ptr;
fp->FILE_uio.uio_resid = fp->FILE_uio.uio_iov->iov_len = size * nmemb;
fp->FILE_uio.uio_td = td;
+ mtx_lock(&Giant);
vn_lock(fp->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, td);
(void)VOP_READ(fp->FILE_vp, &fp->FILE_uio, 0, td->td_ucred);
VOP_UNLOCK(fp->FILE_vp, 0, td);
+ mtx_unlock(&Giant);
return (((size * nmemb) - fp->FILE_uio.uio_resid) / size);
}
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 (text+ko) ====
@@ -54,6 +54,7 @@
int fclose(FILE *fp);
FILE *fopen(const char *path, const char *type);
+FILE *sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg);
size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp);
#else /* _KERNEL */
#include <stdio.h>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list