PERFORCE change 18659 for review

Fri Oct 4 13:45:18 GMT 2002

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18659

Change 18659 by cvance at cvance_laptop on 2002/10/04 06:44:52

	Finally moving forward again.
	Add audit data to many permission checks.
	Implement permission checks for many more vnode operations.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#28 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#28 (text+ko) ====

@@ -120,21 +120,28 @@
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *file;
+	avc_audit_data_t ad;
 
 	task = SLOT(&cred->cr_label);
 	file = SLOT(&vp->v_label);
 
-	/* TBD: audit? */
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+
 	if (file->sclass == 0) {
 		struct vattr va;
 		VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
 		printf("vnode_has_perm:: ERROR, sid=%d, sclass=0, v_type=%d"
-		       " inode=%d, fsid=%d\n",
+		       " inode=%ld, fsid=%d\n",
 		       file->sid, vp->v_type, va.va_fileid, va.va_fsid);
-		return 0; /* TBD: debugging */
+		file->sclass = vnode_type_to_security_class(vp->v_type);
+		if (file->sclass == 0) {
+			printf("vnode_has_perm:: Giving up\n");
+			return 0; /* TBD: debugging */
+		}
 	}
-	return avc_has_perm_ref(task->sid, file->sid, file->sclass, 
-				perm, aeref ? aeref : &file->avcr);
+	return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, 
+				      perm, aeref ? aeref : &file->avcr, &ad);
 }
 
 static void
@@ -409,7 +416,7 @@
 		struct vattr va;
 
 		VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
-		printf("sebsd_update_vnode_from_extattr: no label for inode=%d, fsid=%d\n", va.va_fileid, va.va_fsid);
+		printf("sebsd_update_vnode_from_extattr: no label for inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid);
 
 		return (0);
 	}
@@ -421,7 +428,7 @@
 		struct vattr va;
 
 		VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
-		printf("sebsd_vnode_from_extattr: len=%d: context=%s inode=%d, fsid=%d\n", context_len, context, va.va_fileid, va.va_fsid);
+		printf("sebsd_vnode_from_extattr: len=%d: context=%s inode=%ld, fsid=%d\n", context_len, context, va.va_fileid, va.va_fsid);
 	}
 
 	error = security_context_to_sid(context, context_len, &vsec->sid);
@@ -499,16 +506,17 @@
 sebsd_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
 			struct label *dlabel)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	/* MAY_EXEC ~= DIR__SEARCH */
+	return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL);
 }
 
 static int
 sebsd_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
 			 struct label *dlabel)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
+	/* MAY_EXEC ~= DIR__SEARCH */
+	return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL);
 }
 
 static int
@@ -519,6 +527,7 @@
 	struct vnode_security_struct *dir;
 	security_class_t tclass;
 	security_id_t newsid;
+	avc_audit_data_t ad;
 	int rc;
 
 	task = SLOT(&cred->cr_label);
@@ -526,9 +535,12 @@
 
 	tclass = vnode_type_to_security_class(vap->va_type);
 
-	/* TBD: audit? */
-	rc = avc_has_perm_ref(task->sid, dir->sid, SECCLASS_DIR, 
-			      DIR__ADD_NAME | DIR__SEARCH, &dir->avcr);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = dvp;
+
+	rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, 
+				    DIR__ADD_NAME | DIR__SEARCH, 
+				    &dir->avcr, &ad);
 	if (rc)
 		return rc;
 
@@ -536,7 +548,7 @@
 	if (rc)
 		return rc;
 
-	rc = avc_has_perm(task->sid, newsid, tclass, FILE__CREATE);
+	rc = avc_has_perm_audit(task->sid, newsid, tclass, FILE__CREATE, &ad);
 	if (rc)
 		return rc;
 
@@ -559,16 +571,40 @@
 			 struct label *dlabel, struct vnode *vp, 
 			 struct label *label)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	struct task_security_struct *task;
+	struct vnode_security_struct *dir, *file;
+	avc_audit_data_t ad;
+	access_vector_t av;
+	int rc;
+
+	task = SLOT(&cred->cr_label);
+	file = SLOT(&vp->v_label);
+	dir  = SLOT(&dvp->v_label);
+
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+
+	av = DIR__SEARCH | DIR__REMOVE_NAME;
+	rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, 
+				    av, &dir->avcr, &ad);
+	if (rc)
+		return rc;
+
+	if (file->sclass == SECCLASS_DIR)
+		av = DIR__RMDIR;
+	else
+		av = FILE__UNLINK;
+
+	rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, 
+				    av, &file->avcr, &ad);
+	return rc;
 }
 
 static int
 sebsd_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
 			    struct label *label, acl_type_t type)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
@@ -624,8 +660,7 @@
 sebsd_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
 			 struct label *label, acl_type_t type)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__GETATTR, NULL);
 }
 
 static int
@@ -640,8 +675,8 @@
 sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 
 			 struct label *dlabel, struct componentname *cnp)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	/* TBD: DIR__READ as well? */
+	return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL);
 }
 
 static int
@@ -653,7 +688,7 @@
 }
 
 static int
-sebsd_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
+sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred,
 		       struct vnode *vp, struct label *label)
 {
 	/* TBD: Not Implemented */
@@ -661,19 +696,17 @@
 }
 
 static int
-sebsd_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
+sebsd_check_vnode_read(struct ucred *cred, struct ucred *file_cred,
 		       struct vnode *vp, struct label *label)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__READ, NULL);
 }
 
 static int
 sebsd_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
 			  struct label *dlabel)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, dvp, DIR__READ, NULL);
 }
 
 static int
@@ -689,24 +722,28 @@
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *old, *new;
+	avc_audit_data_t ad;
 	int rc;
 
 	task = SLOT(&cred->cr_label);
 	old = SLOT(oldlabel);
 	new = SLOT(oldlabel);
 
-	/* TBD: audit? */
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+
 	if (old->sclass == 0) {
 		printf("vnode_relabel:: ERROR, sid=%d, sclass=0, v_type=%d\n",
 		       old->sid, vp->v_type);
 		return 0; /* TBD: debugging */
 	}
-	rc = avc_has_perm_ref(task->sid, old->sid, old->sclass, 
-			      FILE__RELABELFROM, &old->avcr);
+	rc = avc_has_perm_ref_audit(task->sid, old->sid, old->sclass, 
+				    FILE__RELABELFROM, &old->avcr, &ad);
 	if (rc)
 		return (rc);
 
-	rc = avc_has_perm(task->sid, new->sid, old->sclass, FILE__RELABELTO);
+	rc = avc_has_perm_audit(task->sid, new->sid, old->sclass, 
+				FILE__RELABELTO, &ad);
 
 	if (rc)
 		return (rc);
@@ -733,11 +770,8 @@
 	old_dir = SLOT(dlabel);
 	old_file = SLOT(label);
 
-	printf("check_vnode_rename:: entrypoint\n");
 	AVC_AUDIT_DATA_INIT(&ad, FS);
-	printf("check_vnode_rename:: done audit data init\n");
 
-	/* TBD: audit data? */
 	rc = avc_has_perm_ref_audit(task->sid, old_dir->sid, SECCLASS_DIR,
 				    DIR__REMOVE_NAME | DIR__SEARCH,
 				    &old_dir->avcr, &ad);
@@ -748,8 +782,10 @@
 		       old_file->sid, vp->v_type);
 		return 0; /* TBD: debugging */
 	}
-	rc = avc_has_perm_ref(task->sid, old_file->sid, old_file->sclass, 
-			      FILE__RENAME, &old_file->avcr);
+
+	rc = avc_has_perm_ref_audit(task->sid, old_file->sid, 
+				    old_file->sclass, FILE__RENAME, 
+				    &old_file->avcr, &ad);
 	if (rc)
 		return (rc);
 
@@ -763,6 +799,7 @@
 {
 	struct task_security_struct *task;
 	struct vnode_security_struct *new_dir, *new_file;
+	avc_audit_data_t ad;
 	access_vector_t av;
 	int rc;
 
@@ -787,7 +824,9 @@
 	if (vp)
 		av |= DIR__REMOVE_NAME;
 
-	/* TBD: audit */
+	AVC_AUDIT_DATA_INIT(&ad, FS);
+	ad.u.fs.vp = vp;
+
 	rc = avc_has_perm_ref(task->sid, new_dir->sid, SECCLASS_DIR, 
 			      av, &new_dir->avcr);
 	if (rc)
@@ -828,8 +867,7 @@
 sebsd_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
 			 struct label *label, acl_type_t type, struct acl *acl)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
@@ -844,24 +882,21 @@
 sebsd_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
 			   struct label *label, u_long flags)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
 sebsd_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
 			  struct label *label, mode_t mode)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
 sebsd_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
 			   struct label *label, uid_t uid, gid_t gid)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
@@ -869,24 +904,21 @@
 			    struct label *label, struct timespec atime, 
 			    struct timespec mtime)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
 }
 
 static int
-sebsd_check_vnode_stat(struct ucred *cred, struct vnode *vp,
-		       struct label *label)
+sebsd_check_vnode_stat(struct ucred *cred, struct ucred *file_cred,
+		       struct vnode *vp, struct label *vnodelabel)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__GETATTR, NULL);
 }
 
 static int
-sebsd_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 
+sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred, 
 			struct vnode *vp, struct label *label)
 {
-	/* TBD: Not Implemented */
-	return 0;
+	return vnode_has_perm(cred, vp, FILE__WRITE, NULL);
 }
 
 static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

