PERFORCE change 14853 for review
Adam Migus
amigus at freebsd.org
Wed Jul 24 18:41:06 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14853
Change 14853 by amigus at amigus_ganymede on 2002/07/24 11:41:05
Integ from my pipe's branch. Appears to work. Comments welcome.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#194 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#12 integrate
.. //depot/projects/trustedbsd/mac/sys/modules/Makefile#26 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#69 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#57 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#46 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#51 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#16 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#122 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#87 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/pipe.h#3 integrate
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#194 (text+ko) ====
@@ -60,6 +60,7 @@
#include <sys/file.h>
#include <sys/namei.h>
#include <sys/socket.h>
+#include <sys/pipe.h>
#include <sys/socketvar.h>
#include <sys/sx.h>
#include <sys/sysctl.h>
@@ -130,6 +131,10 @@
&mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket);
+static int mac_enforce_pipe = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW,
+ &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
+
static int mac_label_size = sizeof(struct mac);
SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD,
&mac_label_size, 0, "Pre-compiled MAC label size");
@@ -249,6 +254,7 @@
MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector");
MALLOC_DEFINE(M_TMPLABEL, "tmplabel", "temporary user-label copied storage");
+MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
const size_t maxlabelsize = 65536;
/*
@@ -545,6 +551,9 @@
mpc->mpc_ops->mpo_create_mbuf_from_socket =
mpe->mpe_function;
break;
+ case MAC_CREATE_PIPE:
+ mpc->mpc_ops->mpo_create_pipe = mpe->mpe_function;
+ break;
case MAC_CREATE_SOCKET:
mpc->mpc_ops->mpo_create_socket = mpe->mpe_function;
break;
@@ -552,6 +561,9 @@
mpc->mpc_ops->mpo_create_socket_from_socket =
mpe->mpe_function;
break;
+ case MAC_RELABEL_PIPE:
+ mpc->mpc_ops->mpo_relabel_pipe = mpe->mpe_function;
+ break;
case MAC_RELABEL_SOCKET:
mpc->mpc_ops->mpo_relabel_socket = mpe->mpe_function;
break;
@@ -662,6 +674,10 @@
mpc->mpc_ops->mpo_cred_check_relabel_ifnet =
mpe->mpe_function;
break;
+ case MAC_CRED_CHECK_RELABEL_PIPE:
+ mpc->mpc_ops->mpo_cred_check_relabel_pipe =
+ mpe->mpe_function;
+ break;
case MAC_CRED_CHECK_RELABEL_SOCKET:
mpc->mpc_ops->mpo_cred_check_relabel_socket =
mpe->mpe_function;
@@ -793,6 +809,14 @@
mpc->mpc_ops->mpo_cred_check_vnode_op =
mpe->mpe_function;
break;
+ case MAC_CRED_CHECK_PIPE_IOCTL:
+ mpc->mpc_ops->mpo_cred_check_pipe_ioctl =
+ mpe->mpe_function;
+ break;
+ case MAC_CRED_CHECK_PIPE_OP:
+ mpc->mpc_ops->mpo_cred_check_pipe_op =
+ mpe->mpe_function;
+ break;
case MAC_IFNET_CHECK_SEND_MBUF:
mpc->mpc_ops->mpo_ifnet_check_send_mbuf =
mpe->mpe_function;
@@ -825,6 +849,10 @@
mpc->mpc_ops->mpo_init_mount =
mpe->mpe_function;
break;
+ case MAC_INIT_PIPE:
+ mpc->mpc_ops->mpo_init_pipe =
+ mpe->mpe_function;
+ break;
case MAC_INIT_SOCKET:
mpc->mpc_ops->mpo_init_socket =
mpe->mpe_function;
@@ -865,6 +893,10 @@
mpc->mpc_ops->mpo_destroy_mount =
mpe->mpe_function;
break;
+ case MAC_DESTROY_PIPE:
+ mpc->mpc_ops->mpo_destroy_pipe =
+ mpe->mpe_function;
+ break;
case MAC_DESTROY_SOCKET:
mpc->mpc_ops->mpo_destroy_socket =
mpe->mpe_function;
@@ -1399,7 +1431,7 @@
static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs,
nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
- nmacipqs;
+ nmacipqs, nmacpipes;
SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD,
&nmacmbufs, 0, "number of mbufs in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD,
@@ -1412,6 +1444,8 @@
&nmacbpfdescs, 0, "number of bpfdescs in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, sockets, CTLFLAG_RD,
&nmacsockets, 0, "number of sockets in use");
+SYSCTL_UINT(_security_mac_debug, OID_AUTO, pipes, CTLFLAG_RD,
+ &nmacpipes, 0, "number of pipes in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD,
&nmacmounts, 0, "number of mounts in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD,
@@ -1519,6 +1553,29 @@
}
void
+mac_init_pipe(struct pipe *pipe)
+{
+ struct label *label;
+
+ label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
+ mac_init_label(label);
+ pipe->pipe_label = label;
+ pipe->pipe_peer->pipe_label = label;
+ MAC_PERFORM(init_pipe, pipe, pipe->pipe_label);
+ atomic_add_int(&nmacpipes, 1);
+}
+
+void
+mac_destroy_pipe(struct pipe *pipe)
+{
+
+ MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label);
+ mac_destroy_label(pipe->pipe_label);
+ free(pipe->pipe_label, M_MACPIPELABEL);
+ atomic_subtract_int(&nmacpipes, 1);
+}
+
+void
mac_init_bpfdesc(struct bpf_d *bpf_d)
{
@@ -2223,6 +2280,13 @@
}
void
+mac_create_pipe(struct ucred *cred, struct pipe *pipe)
+{
+
+ MAC_PERFORM(create_pipe, cred, pipe, pipe->pipe_label);
+}
+
+void
mac_create_socket_from_socket(struct socket *oldsocket,
struct socket *newsocket)
{
@@ -2239,6 +2303,13 @@
MAC_PERFORM(relabel_socket, cred, socket, &socket->so_label, newlabel);
}
+static void
+mac_relabel_pipe(struct ucred *cred, struct pipe *pipe, struct label *newlabel)
+{
+
+ MAC_PERFORM(relabel_pipe, cred, pipe, pipe->pipe_label, newlabel);
+}
+
void
mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
{
@@ -2370,6 +2441,40 @@
return (error);
}
+static int
+mac_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *newlabel)
+{
+ int error;
+
+ MAC_CHECK(cred_check_relabel_pipe, cred, pipe, pipe->pipe_label,
+ newlabel);
+
+ return (error);
+}
+
+int
+mac_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op)
+{
+ int error;
+
+ MAC_CHECK(cred_check_pipe_op, cred, pipe, pipe->pipe_label, op);
+
+ return (error);
+}
+
+int
+mac_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ unsigned long cmd, void *data)
+{
+ int error;
+
+ MAC_CHECK(cred_check_pipe_ioctl, cred, pipe, pipe->pipe_label,
+ cmd, data);
+
+ return (error);
+}
+
void
mac_create_mount(struct ucred *cred, struct mount *mp)
{
@@ -2637,6 +2742,20 @@
}
int
+mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
+{
+ int error;
+
+ error = mac_cred_check_relabel_pipe(cred, pipe, label);
+ if (error)
+ return (error);
+
+ mac_relabel_pipe(cred, pipe, label);
+
+ return (0);
+}
+
+int
mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
struct mac *extmac)
{
@@ -2808,6 +2927,7 @@
struct file *fp;
struct mac extmac;
struct vnode *vp;
+ struct pipe *pipe;
int error;
mtx_lock(&Giant);
@@ -2827,7 +2947,10 @@
error = mac_externalize(&vp->v_label, &extmac);
VOP_UNLOCK(vp, 0, td);
break;
-
+ case DTYPE_PIPE:
+ pipe = (struct pipe *)fp->f_data;
+ error = mac_externalize(pipe->pipe_label, &extmac);
+ break;
default:
error = EINVAL;
}
@@ -2884,6 +3007,7 @@
struct label intlabel;
struct mount *mp;
struct vnode *vp;
+ struct pipe *pipe;
int error;
mtx_lock(&Giant);
@@ -2911,13 +3035,16 @@
error = vn_setlabel(vp, &intlabel, td->td_ucred);
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
+ mac_destroy_temp(&intlabel);
+ break;
+ case DTYPE_PIPE:
+ pipe = (struct pipe *)fp->f_data;
+ error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
break;
-
default:
error = EINVAL;
}
- mac_destroy_temp(&intlabel);
out2:
fdrop(fp, td);
out1:
==== //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#12 (text+ko) ====
@@ -49,9 +49,12 @@
* amount of kernel virtual memory.
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/fcntl.h>
+#include <sys/mac.h>
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/filio.h>
@@ -266,6 +269,16 @@
td->td_retval[1] = fd;
rpipe->pipe_peer = wpipe;
wpipe->pipe_peer = rpipe;
+#ifdef MAC
+ /*
+ * struct pipe represents a pipe endpoint. The MAC label is shared
+ * between connected endpoints. As a result mac_init_pipe() and
+ * mac_create_pipe() should only be called on one of the endpoints
+ * after they have been connected.
+ */
+ mac_init_pipe(rpipe);
+ mac_create_pipe(td->td_ucred, rpipe);
+#endif /* MAC */
mtx_init(pmtx, "pipe mutex", NULL, MTX_DEF | MTX_RECURSE);
rpipe->pipe_mtxp = wpipe->pipe_mtxp = pmtx;
fdrop(rf, td);
@@ -454,6 +467,12 @@
if (error)
goto unlocked_error;
+#ifdef MAC
+ error = mac_cred_check_pipe_op(cred, rpipe, MAC_OP_PIPE_READ);
+ if (error)
+ goto locked_error;
+#endif /* MAC */
+
while (uio->uio_resid) {
/*
* normal pipe buffer receive
@@ -559,6 +578,9 @@
goto unlocked_error;
}
}
+#ifdef MAC /* XXX: suppress compiler warning. */
+locked_error:
+#endif /* MAC */
pipeunlock(rpipe);
/* XXX: should probably do this before getting any locks. */
@@ -850,6 +872,13 @@
PIPE_UNLOCK(rpipe);
return (EPIPE);
}
+#ifdef MAC
+ error = mac_cred_check_pipe_op(cred, wpipe, MAC_OP_PIPE_WRITE);
+ if (error) {
+ PIPE_UNLOCK(rpipe);
+ return (error);
+ }
+#endif /* MAC */
++wpipe->pipe_busy;
/*
@@ -1121,7 +1150,13 @@
struct thread *td;
{
struct pipe *mpipe = (struct pipe *)fp->f_data;
+#ifdef MAC
+ int error;
+ error = mac_cred_check_pipe_ioctl(td->td_ucred, mpipe, cmd, data);
+ if (error)
+ return (error);
+#endif /* MAC */
switch (cmd) {
case FIONBIO:
@@ -1176,7 +1211,13 @@
struct pipe *rpipe = (struct pipe *)fp->f_data;
struct pipe *wpipe;
int revents = 0;
+#ifdef MAC
+ int error;
+ error = mac_cred_check_pipe_op(td->td_ucred, rpipe, MAC_OP_PIPE_POLL);
+ if (error)
+ return (error);
+#endif /* MAC */
wpipe = rpipe->pipe_peer;
PIPE_LOCK(rpipe);
if (events & (POLLIN | POLLRDNORM))
@@ -1223,7 +1264,13 @@
struct thread *td;
{
struct pipe *pipe = (struct pipe *)fp->f_data;
+#ifdef MAC
+ int error;
+ error = mac_cred_check_pipe_op(td->td_ucred, pipe, MAC_OP_PIPE_STAT);
+ if (error)
+ return (error);
+#endif /* MAC */
bzero((caddr_t)ub, sizeof(*ub));
ub->st_mode = S_IFIFO;
ub->st_blksize = pipe->pipe_buffer.size;
@@ -1318,6 +1365,13 @@
cpipe->pipe_state |= PIPE_WANT | PIPE_EOF;
msleep(cpipe, PIPE_MTX(cpipe), PRIBIO, "pipecl", 0);
}
+#ifdef MAC
+ /*
+ * Destroy MAC data
+ */
+ if (cpipe->pipe_peer)
+ mac_destroy_pipe(cpipe);
+#endif /* MAC */
/*
* Disconnect from peer
==== //depot/projects/trustedbsd/mac/sys/modules/Makefile#26 (text+ko) ====
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#69 (text+ko) ====
@@ -57,6 +57,7 @@
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
+#include <sys/pipe.h>
#include <sys/sysctl.h>
#include <fs/devfs/devfs.h>
@@ -455,6 +456,13 @@
}
static void
+mac_biba_init_pipe(struct pipe *pipe, struct label *label)
+{
+
+ SLOT(label) = biba_alloc(M_WAITOK);
+}
+
+static void
mac_biba_init_subject(struct ucred *ucred, struct label *label)
{
@@ -539,6 +547,14 @@
}
static void
+mac_biba_destroy_pipe(struct pipe *pipe, struct label *label)
+{
+
+ biba_free(SLOT(label));
+ SLOT(label) = NULL;
+}
+
+static void
mac_biba_destroy_subject(struct ucred *ucred, struct label *label)
{
@@ -781,6 +797,18 @@
}
static void
+mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(pipelabel);
+
+ mac_biba_copy_single(source, dest);
+}
+
+static void
mac_biba_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -808,6 +836,18 @@
}
static void
+mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(pipelabel);
+
+ mac_biba_copy_single(source, dest);
+}
+
+static void
mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
struct socket *socket, struct label *socketpeerlabel)
{
@@ -1223,6 +1263,40 @@
}
static int
+mac_biba_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+ struct mac_biba *subj, *obj, *new;
+
+ new = SLOT(newlabel);
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT(pipelabel);
+
+ if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
+ return (EINVAL);
+
+ /*
+ * To relabel a pipe, the old pipe label must be in the subject
+ * range.
+ */
+ if (!mac_biba_single_in_range(obj, subj))
+ return (EPERM);
+
+ /*
+ * To relabel a pipe, the new pipe label must be in the subject
+ * range.
+ */
+ if (!mac_biba_single_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
+ */
+
+ return (0);
+}
+
+static int
mac_biba_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel)
{
struct mac_biba *subj, *new;
@@ -1888,6 +1962,49 @@
}
}
+static int
+mac_biba_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((pipelabel));
+
+ switch(op) {
+ case MAC_OP_PIPE_READ:
+ case MAC_OP_PIPE_STAT:
+ case MAC_OP_PIPE_POLL:
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+ break;
+ case MAC_OP_PIPE_WRITE:
+ if (!mac_biba_dominate_single(subj, obj))
+ return (EACCES);
+ break;
+ default:
+ panic("mac_biba_cred_check_pipe_op: invalid pipe operation");
+ }
+
+ return (0);
+}
+
+static int
+mac_biba_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ if(!mac_biba_enabled)
+ return (0);
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
static struct mac_policy_op_entry mac_biba_ops[] =
{
{ MAC_DESTROY,
@@ -1906,6 +2023,8 @@
(macop_t)mac_biba_init_mbuf },
{ MAC_INIT_MOUNT,
(macop_t)mac_biba_init_mount },
+ { MAC_INIT_PIPE,
+ (macop_t)mac_biba_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_biba_init_socket },
{ MAC_INIT_SUBJECT,
@@ -1926,6 +2045,8 @@
(macop_t)mac_biba_destroy_mbuf },
{ MAC_DESTROY_MOUNT,
(macop_t)mac_biba_destroy_mount },
+ { MAC_DESTROY_PIPE,
+ (macop_t)mac_biba_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_biba_destroy_socket },
{ MAC_DESTROY_SUBJECT,
@@ -1962,10 +2083,14 @@
(macop_t)mac_biba_update_vnode_from_mount },
{ MAC_CREATE_MBUF_FROM_SOCKET,
(macop_t)mac_biba_create_mbuf_from_socket },
+ { MAC_CREATE_PIPE,
+ (macop_t)mac_biba_create_pipe },
{ MAC_CREATE_SOCKET,
(macop_t)mac_biba_create_socket },
{ MAC_CREATE_SOCKET_FROM_SOCKET,
(macop_t)mac_biba_create_socket_from_socket },
+ { MAC_RELABEL_PIPE,
+ (macop_t)mac_biba_relabel_pipe },
{ MAC_RELABEL_SOCKET,
(macop_t)mac_biba_relabel_socket },
{ MAC_SET_SOCKET_PEER_FROM_MBUF,
@@ -2020,6 +2145,8 @@
(macop_t)mac_biba_cred_check_see_socket },
{ MAC_CRED_CHECK_RELABEL_IFNET,
(macop_t)mac_biba_cred_check_relabel_ifnet },
+ { MAC_CRED_CHECK_RELABEL_PIPE,
+ (macop_t)mac_biba_cred_check_relabel_pipe },
{ MAC_CRED_CHECK_RELABEL_SOCKET,
(macop_t)mac_biba_cred_check_relabel_socket },
{ MAC_CRED_CHECK_RELABEL_SUBJECT,
@@ -2052,6 +2179,10 @@
(macop_t)mac_biba_cred_check_lookup_vnode },
{ MAC_CRED_CHECK_OPEN_VNODE,
(macop_t)mac_biba_cred_check_open_vnode },
+ { MAC_CRED_CHECK_PIPE_IOCTL,
+ (macop_t)mac_biba_cred_check_pipe_ioctl },
+ { MAC_CRED_CHECK_PIPE_OP,
+ (macop_t)mac_biba_cred_check_pipe_op },
{ MAC_CRED_CHECK_READDIR_VNODE,
(macop_t)mac_biba_cred_check_readdir_vnode },
{ MAC_CRED_CHECK_READLINK_VNODE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#57 (text+ko) ====
@@ -57,6 +57,7 @@
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
+#include <sys/pipe.h>
#include <sys/sysctl.h>
#include <fs/devfs/devfs.h>
@@ -433,6 +434,13 @@
}
static void
+mac_mls_init_pipe(struct pipe *pipe, struct label *label)
+{
+
+ SLOT(label) = mls_alloc(M_WAITOK);
+}
+
+static void
mac_mls_init_subject(struct ucred *ucred, struct label *label)
{
@@ -517,6 +525,14 @@
}
static void
+mac_mls_destroy_pipe(struct pipe *pipe, struct label *label)
+{
+
+ mls_free(SLOT(label));
+ SLOT(label) = NULL;
+}
+
+static void
mac_mls_destroy_subject(struct ucred *ucred, struct label *label)
{
@@ -762,6 +778,18 @@
}
static void
+mac_mls_create_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(pipelabel);
+
+ mac_mls_copy_single(source, dest);
+}
+
+static void
mac_mls_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -789,6 +817,18 @@
}
static void
+mac_mls_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(pipelabel);
+
+ mac_mls_copy_single(source, dest);
+}
+
+static void
mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
struct socket *socket, struct label *socketpeerlabel)
{
@@ -1162,6 +1202,40 @@
}
static int
+mac_mls_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+ struct mac_mls *subj, *obj, *new;
+
+ new = SLOT(newlabel);
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT(pipelabel);
+
+ if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE)
+ return (EINVAL);
+
+ /*
+ * To relabel a pipe, the old pipe label must be in the subject
+ * range.
+ */
+ if (!mac_mls_single_in_range(obj, subj))
+ return (EPERM);
+
+ /*
+ * To relabel a pipe, the new pipe label must be in the subject
+ * range.
+ */
+ if (!mac_mls_single_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
+ */
+
+ return (0);
+}
+
+static int
mac_mls_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel)
{
struct mac_mls *subj, *new;
@@ -1827,6 +1901,49 @@
}
}
+static int
+mac_mls_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((pipelabel));
+
+ switch(op) {
+ case MAC_OP_PIPE_READ:
+ case MAC_OP_PIPE_STAT:
+ case MAC_OP_PIPE_POLL:
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+ break;
+ case MAC_OP_PIPE_WRITE:
+ if (!mac_mls_dominate_single(obj, subj))
+ return (EACCES);
+ break;
+ default:
+ panic("mac_mls_cred_check_pipe_op: invalid pipe operation");
+ }
+
+ return (0);
+}
+
+static int
+mac_mls_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ if(!mac_mls_enabled)
+ return (0);
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
static struct mac_policy_op_entry mac_mls_ops[] =
{
{ MAC_DESTROY,
@@ -1845,6 +1962,8 @@
(macop_t)mac_mls_init_mbuf },
{ MAC_INIT_MOUNT,
(macop_t)mac_mls_init_mount },
+ { MAC_INIT_PIPE,
+ (macop_t)mac_mls_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_mls_init_socket },
{ MAC_INIT_SUBJECT,
@@ -1865,6 +1984,8 @@
(macop_t)mac_mls_destroy_mbuf },
{ MAC_DESTROY_MOUNT,
(macop_t)mac_mls_destroy_mount },
+ { MAC_DESTROY_PIPE,
+ (macop_t)mac_mls_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_mls_destroy_socket },
{ MAC_DESTROY_SUBJECT,
@@ -1901,10 +2022,14 @@
(macop_t)mac_mls_update_vnode_from_mount },
{ MAC_CREATE_MBUF_FROM_SOCKET,
(macop_t)mac_mls_create_mbuf_from_socket },
+ { MAC_CREATE_PIPE,
+ (macop_t)mac_mls_create_pipe },
{ MAC_CREATE_SOCKET,
(macop_t)mac_mls_create_socket },
{ MAC_CREATE_SOCKET_FROM_SOCKET,
(macop_t)mac_mls_create_socket_from_socket },
+ { MAC_RELABEL_PIPE,
+ (macop_t)mac_mls_relabel_pipe },
{ MAC_RELABEL_SOCKET,
(macop_t)mac_mls_relabel_socket },
{ MAC_SET_SOCKET_PEER_FROM_MBUF,
@@ -1959,6 +2084,8 @@
(macop_t)mac_mls_cred_check_see_socket },
{ MAC_CRED_CHECK_RELABEL_IFNET,
(macop_t)mac_mls_cred_check_relabel_ifnet },
+ { MAC_CRED_CHECK_RELABEL_PIPE,
+ (macop_t)mac_mls_cred_check_relabel_pipe },
{ MAC_CRED_CHECK_RELABEL_SOCKET,
(macop_t)mac_mls_cred_check_relabel_socket },
{ MAC_CRED_CHECK_RELABEL_SUBJECT,
@@ -1991,6 +2118,10 @@
(macop_t)mac_mls_cred_check_lookup_vnode },
{ MAC_CRED_CHECK_OPEN_VNODE,
(macop_t)mac_mls_cred_check_open_vnode },
+ { MAC_CRED_CHECK_PIPE_IOCTL,
+ (macop_t)mac_mls_cred_check_pipe_ioctl },
+ { MAC_CRED_CHECK_PIPE_OP,
+ (macop_t)mac_mls_cred_check_pipe_op },
{ MAC_CRED_CHECK_READDIR_VNODE,
(macop_t)mac_mls_cred_check_readdir_vnode },
{ MAC_CRED_CHECK_READLINK_VNODE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#46 (text+ko) ====
@@ -57,6 +57,7 @@
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
+#include <sys/pipe.h>
#include <sys/sysctl.h>
#include <fs/devfs/devfs.h>
@@ -147,6 +148,12 @@
}
static void
+mac_none_init_pipe(struct pipe *pipe, struct label *label)
+{
+
+}
+
+static void
mac_none_init_subject(struct ucred *ucred, struct label *label)
{
@@ -210,6 +217,12 @@
}
static void
+mac_none_destroy_pipe(struct pipe *pipe, struct label *label)
+{
+
+}
+
+static void
mac_none_destroy_subject(struct ucred *ucred, struct label *label)
{
@@ -342,6 +355,13 @@
}
static void
+mac_none_create_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel)
+{
+
+}
+
+static void
mac_none_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -357,6 +377,13 @@
}
static void
+mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+
+}
+
+static void
mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
struct socket *socket, struct label *socketpeerlabel)
{
@@ -577,6 +604,14 @@
}
static int
+mac_none_cred_check_relabel_pipe(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, struct label *newlabel)
+{
+
+ return (0);
+}
+
+static int
mac_none_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel)
{
@@ -832,6 +867,22 @@
return (0);
}
+static int
+mac_none_cred_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+
+ return (0);
+}
+
+static int
+mac_none_cred_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ return (0);
+}
+
static struct mac_policy_op_entry mac_none_ops[] =
{
{ MAC_DESTROY,
@@ -850,6 +901,8 @@
(macop_t)mac_none_init_mbuf },
{ MAC_INIT_MOUNT,
(macop_t)mac_none_init_mount },
+ { MAC_INIT_PIPE,
+ (macop_t)mac_none_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_none_init_socket },
{ MAC_INIT_SUBJECT,
@@ -870,6 +923,8 @@
(macop_t)mac_none_destroy_mbuf },
{ MAC_DESTROY_MOUNT,
(macop_t)mac_none_destroy_mount },
+ { MAC_DESTROY_PIPE,
+ (macop_t)mac_none_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_none_destroy_socket },
{ MAC_DESTROY_SUBJECT,
@@ -906,10 +961,14 @@
(macop_t)mac_none_update_vnode_from_mount },
{ MAC_CREATE_MBUF_FROM_SOCKET,
(macop_t)mac_none_create_mbuf_from_socket },
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list