PERFORCE change 19359 for review
Brian Feldman
green at freebsd.org
Wed Oct 16 00:04:45 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=19359
Change 19359 by green at green_laptop_2 on 2002/10/15 17:04:08
Remove the new potential deadlock from exec and replace it with
a simple race :-) Cache the shell script's label for use by
execve(2) transitions. Note this pollutes execve(2) with a bit
more mac knowledge now...
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#37 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#311 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#133 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#113 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#84 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#86 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#57 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#41 edit
.. //depot/projects/trustedbsd/mac/sys/sys/imgact.h#11 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#179 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#140 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#37 (text+ko) ====
@@ -171,7 +171,8 @@
int credential_changing;
int textset;
#ifdef MAC
- int will_transition;
+ struct label interplabel; /* label of the interpreted file */
+ int will_transition, interplabelvalid = 0;
#endif
imgp = &image_params;
@@ -216,7 +217,6 @@
imgp->interpreter_name[0] = '\0';
imgp->auxargs = NULL;
imgp->vp = NULL;
- imgp->interpvp = NULL;
imgp->object = NULL;
imgp->firstpage = NULL;
imgp->ps_strings = 0;
@@ -331,14 +331,18 @@
imgp->vp->v_vflag &= ~VV_TEXT;
/* free name buffer and old vnode */
NDFREE(ndp, NDF_ONLY_PNBUF);
- VOP_UNLOCK(ndp->ni_vp, 0, td);
+#ifdef MAC
+ mac_init_vnode_label(&interplabel);
+ mac_copy_vnode_label(&ndp->ni_vp->v_label, &interplabel);
+ interplabelvalid = 1;
+#endif /* MAC */
+ vput(ndp->ni_vp);
vm_object_deallocate(imgp->object);
imgp->object = NULL;
vrele(ndp->ni_dvp);
/* set new name to that of the interpreter */
NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME | SAVESTART,
UIO_SYSSPACE, imgp->interpreter_name, td);
- imgp->interpvp = imgp->vp;
goto interpret;
}
@@ -453,12 +457,8 @@
attr.va_gid;
#ifdef MAC
- if (imgp->interpvp != NULL) /* XXX Could this ever deadlock? */
- vn_lock(imgp->interpvp, LK_EXCLUSIVE | LK_RETRY, td);
will_transition = mac_execve_will_transition(oldcred, imgp->vp,
- imgp->interpvp);
- if (imgp->interpvp != NULL)
- VOP_UNLOCK(imgp->interpvp, 0, td);
+ interplabelvalid ? &interplabel : NULL);
credential_changing |= will_transition;
#endif
@@ -505,13 +505,8 @@
change_egid(newcred, attr.va_gid);
#ifdef MAC
if (will_transition) {
- if (imgp->interpvp != NULL)
- vn_lock(imgp->interpvp, LK_EXCLUSIVE |
- LK_RETRY, td);
mac_execve_transition(oldcred, newcred, imgp->vp,
- imgp->interpvp);
- if (imgp->interpvp != NULL)
- VOP_UNLOCK(imgp->interpvp, 0, td);
+ interplabelvalid ? &interplabel : NULL);
}
#endif
/*
@@ -643,8 +638,6 @@
vput(imgp->vp);
vrele(ndp->ni_dvp);
}
- if (imgp->interpvp != NULL)
- vrele(imgp->interpvp);
if (imgp->object)
vm_object_deallocate(imgp->object);
@@ -665,6 +658,10 @@
error = 0;
}
done2:
+#ifdef MAC
+ if (interplabelvalid)
+ mac_destroy_vnode_label(&interplabel);
+#endif /* MAC */
mtx_unlock(&Giant);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#311 (text+ko) ====
@@ -1350,7 +1350,7 @@
return (error);
}
-static void
+void
mac_init_vnode_label(struct label *label)
{
@@ -1517,7 +1517,7 @@
mac_destroy_socket_peer_label(&socket->so_peerlabel);
}
-static void
+void
mac_destroy_vnode_label(struct label *label)
{
@@ -1542,7 +1542,7 @@
MAC_PERFORM(copy_pipe_label, src, dest);
}
-static void
+void
mac_copy_vnode_label(struct label *src, struct label *dest)
{
@@ -2058,7 +2058,7 @@
void
mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp,
- struct vnode *shellvp)
+ struct label *shelllabel)
{
int error;
@@ -2070,31 +2070,23 @@
error);
printf("mac_execve_transition: using old vnode label\n");
}
- if (shellvp != NULL)
- (void)vn_refreshlabel(shellvp, old);
- MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, shellvp,
- shellvp != NULL ? &shellvp->v_label : NULL);
+ MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, shelllabel);
}
int
mac_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct vnode *shellvp)
+ struct label *shelllabel)
{
int error, result;
error = vn_refreshlabel(vp, old);
if (error)
return (error);
- if (shellvp != NULL) {
- error = vn_refreshlabel(shellvp, old);
- if (error)
- return (error);
- }
result = 0;
MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
- shellvp, shellvp != NULL ? &shellvp->v_label : NULL);
+ shelllabel);
return (result);
}
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#133 (text+ko) ====
@@ -1236,8 +1236,7 @@
static void
mac_biba_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct mac *vnodelabel, struct vnode *shellvp,
- struct mac *shellvnodelabel)
+ struct vnode *vp, struct mac *vnodelabel, struct mac *shellvnodelabel)
{
struct mac_biba *source, *dest;
@@ -1250,8 +1249,7 @@
static int
mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct mac *vnodelabel, struct vnode *shellvp,
- struct vnode *shellvnodelabel)
+ struct mac *vnodelabel, struct vnode *shellvnodelabel)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#8 (text+ko) ====
@@ -1229,7 +1229,7 @@
static void
mac_biba_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct mac *vnodelabel)
+ struct vnode *vp, struct label *vnodelabel)
{
struct mac_biba *source, *dest;
@@ -1242,7 +1242,7 @@
static int
mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct mac *vnodelabel)
+ struct label *vnodelabel)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#113 (text+ko) ====
@@ -1278,8 +1278,7 @@
static void
mac_mls_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct mac *vnodelabel, struct vnode *shellvp,
- struct vnode *shellvnodelabel)
+ struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel)
{
struct mac_mls *source, *dest;
@@ -1292,8 +1291,7 @@
static int
mac_mls_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct mac *vnodelabel, struct vnode *shellvp,
- struct vnode *shellvnodelabel)
+ struct label *vnodelabel, struct label *shellvnodelabel)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#84 (text+ko) ====
@@ -415,16 +415,14 @@
static void
mac_none_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vnodelabel, struct vnode *shellvp,
- struct vnode *shellvnodelabel)
+ struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel)
{
}
static int
mac_none_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *vnodelabel, struct vnode *shellvp,
- struct vnode *shellvnodelabel)
+ struct label *vnodelabel, struct label *shellvnodelabel)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#86 (text+ko) ====
@@ -1534,8 +1534,7 @@
static void
mac_te_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *filelabel, struct vp *shellvp,
- struct label *shellfilelabel)
+ struct vnode *vp, struct label *filelabel, struct label *shellfilelabel)
{
int rule;
@@ -1567,8 +1566,7 @@
static int
mac_te_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *filelabel, struct vnode *shellvp,
- struct label *shellfilelabel)
+ struct label *filelabel, struct label *shellfilelabel)
{
int rule;
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#57 (text+ko) ====
@@ -794,16 +794,14 @@
static void
mac_test_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *filelabel,
- struct vnode *shellvp, struct vnode *shellfilelabel)
+ struct vnode *vp, struct label *filelabel, struct label *shellfilelabel)
{
}
static int
mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *filelabel, struct vnode *shellvp,
- struct vnode *shellfilelabel)
+ struct label *filelabel, struct label *shellfilelabel)
{
return (0);
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#41 (text+ko) ====
@@ -297,8 +297,8 @@
static void
sebsd_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct mac *vnodelabel,
- struct vnode *shellvp, struct mac *shellvnodelabel)
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *shellvnodelabel)
{
struct task_security_struct *otask, *ntask;
struct vnode_security_struct *file;
@@ -306,10 +306,10 @@
otask = SLOT(&old->cr_label);
ntask = SLOT(&new->cr_label);
- if (shellvp != NULL)
- file = SLOT(&shellvp->v_label);
+ if (shellvnodelabel != NULL)
+ file = SLOT(shellvnodelabel);
else
- file = SLOT(&vp->v_label);
+ file = SLOT(vnodelabel);
/*
* Should have already checked all the permissions
@@ -335,8 +335,8 @@
static int
sebsd_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct mac *vnodelabel, struct vnode *shellvp,
- struct mac *shellvnodelabel)
+ struct label *vnodelabel,
+ struct label *shellvnodelabel)
{
struct task_security_struct *task;
struct vnode_security_struct *file;
@@ -344,10 +344,10 @@
int rc;
task = SLOT(&old->cr_label);
- if (shellvp != NULL)
- file = SLOT(&shellvp->v_label);
+ if (shellvnodelabel != NULL)
+ file = SLOT(shellvnodelabel);
else
- file = SLOT(&vp->v_label);
+ file = SLOT(vnodelabel);
/*
* Should have already checked all the permissions, so just see if
==== //depot/projects/trustedbsd/mac/sys/sys/imgact.h#11 (text+ko) ====
@@ -46,7 +46,6 @@
struct proc *proc; /* our process struct */
struct execve_args *uap; /* syscall arguments */
struct vnode *vp; /* pointer to vnode of file to exec */
- struct vnode *interpvp; /* vnode of the shell script, if interpreted */
struct vm_object *object; /* The vm object for this vp */
struct vattr *attr; /* attributes of file */
const char *image_header; /* head of file to exec */
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#179 (text+ko) ====
@@ -250,6 +250,10 @@
void mac_destroy_mbuf(struct mbuf *);
void mac_destroy_mount(struct mount *);
void mac_destroy_vnode(struct vnode *);
+/* XXXMAC: shouldn't be exported? */
+void mac_init_vnode_label(struct label *);
+void mac_copy_vnode_label(struct label *, struct label *label);
+void mac_destroy_vnode_label(struct label *);
/*
* Labeling event operations: file system objects, and things that
@@ -307,9 +311,9 @@
*/
void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
void mac_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct vnode *shellvp);
+ struct vnode *vp, struct label *shelllabel);
int mac_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct vnode *shellvp);
+ struct label *shelllabel);
void mac_create_proc0(struct ucred *cred);
void mac_create_proc1(struct ucred *cred);
void mac_thread_userret(struct thread *td);
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#140 (text+ko) ====
@@ -252,10 +252,10 @@
struct ucred *child_cred);
void (*mpo_execve_transition)(struct ucred *old, struct ucred *new,
struct vnode *vp, struct label *vnodelabel,
- struct vnode *shellvp, struct label *shellvnodelabel);
+ struct label *shellvnodelabel);
int (*mpo_execve_will_transition)(struct ucred *old,
struct vnode *vp, struct label *vnodelabel,
- struct vnode *shellvp, struct label *shellvnodelabel);
+ struct label *shellvnodelabel);
void (*mpo_create_proc0)(struct ucred *cred);
void (*mpo_create_proc1)(struct ucred *cred);
void (*mpo_relabel_cred)(struct ucred *cred,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list