PERFORCE change 32472 for review
Chris Vance
cvance at FreeBSD.org
Tue Jun 3 13:46:17 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=32472
Change 32472 by cvance at cvance_korben on 2003/06/03 06:46:02
- Fix many style issues
- Add cred_has_capability() and add some capability-like checks
- Add the remaining {process,sysarch,system} access control checks
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#5 (text+ko) ====
@@ -75,15 +75,35 @@
static void
sebsd_init(struct mac_policy_conf *mpc)
{
+
printf("sebsd:: init\n");
}
static void
sebsd_destroy(struct mac_policy_conf *mpc)
{
+
printf("sebsd:: destroy\n");
}
+/*
+ * Check whether a task is allowed to use a capability.
+ */
+static int
+cred_has_capability(struct ucred *cred, int cap)
+{
+ struct task_security_struct *task;
+ avc_audit_data_t ad;
+
+ task = SLOT(&cred->cr_label);
+
+ AVC_AUDIT_DATA_INIT(&ad, CAP);
+ ad.u.cap = cap;
+
+ return avc_has_perm_audit(task->sid, task->sid,
+ SECCLASS_CAPABILITY, cap, &ad);
+}
+
static int
cred_has_perm(struct ucred *cred, struct proc *proc, access_vector_t perm)
{
@@ -310,6 +330,7 @@
static void
sebsd_destroy_label(struct label *label)
{
+
free(SLOT(label), M_SEBSD);
SLOT(label) = NULL;
}
@@ -317,6 +338,7 @@
static void
sebsd_relabel_cred(struct ucred *cred, struct label *newlabel)
{
+
printf("sebsd_relabel_cred:: This does nothing\n");
}
@@ -556,8 +578,7 @@
if (rc == 0)
lnksec->sid = newsid;
- /* TBD: debugging */
- if (1 || sebsd_verbose > 1) {
+ if (sebsd_verbose > 1) {
printf("%s(%s): sbsid=%d, mountpoint=%s, rc=%d, sclass=%d, "
"computedsid=%d, dirent=%d\n", __func__, path,
sbsec->sid, mp->mnt_stat.f_mntonname, rc,
@@ -758,6 +779,20 @@
}
static int
+sebsd_check_proc_debug(struct ucred *cred, struct proc *proc)
+{
+
+ return(cred_has_perm(cred, proc, PROCESS__PTRACE));
+}
+
+static int
+sebsd_check_proc_sched(struct ucred *cred, struct proc *proc)
+{
+
+ return(cred_has_perm(cred, proc, PROCESS__SETSCHED));
+}
+
+static int
sebsd_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
{
access_vector_t perm;
@@ -782,9 +817,8 @@
static void
sebsd_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vnodelabel,
- struct label *interpvnodelabel,
- struct image_params *imgp, struct label *execlabel)
+ struct vnode *vp, struct label *vnodelabel, struct label *interpvnodelabel,
+ struct image_params *imgp, struct label *execlabel)
{
struct task_security_struct *otask, *ntask;
struct vnode_security_struct *file;
@@ -1187,35 +1221,39 @@
static int
sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+ struct vnode *vp, struct label *label)
{
+
return vnode_has_perm(cred, vp, FILE__POLL, NULL);
}
static int
sebsd_check_vnode_read(struct ucred *cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+ struct vnode *vp, struct label *label)
{
+
return vnode_has_perm(cred, vp, FILE__READ, NULL);
}
static int
sebsd_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
+ struct label *dlabel)
{
+
return vnode_has_perm(cred, dvp, DIR__READ, NULL);
}
static int
sebsd_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label)
{
+
return vnode_has_perm(cred, vp, FILE__READ, NULL);
}
static int
sebsd_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *oldlabel, struct label *newlabel)
+ struct label *oldlabel, struct label *newlabel)
{
struct task_security_struct *task;
struct vnode_security_struct *old, *new;
@@ -1255,8 +1293,8 @@
static int
sebsd_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp,
- struct label *label, struct componentname *cnp)
+ struct label *dlabel, struct vnode *vp, struct label *label,
+ struct componentname *cnp)
{
struct task_security_struct *task;
struct vnode_security_struct *old_dir, *old_file;
@@ -1291,9 +1329,8 @@
static int
sebsd_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp,
- struct label *label, int samedir,
- struct componentname *cnp)
+ struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
+ struct componentname *cnp)
{
struct task_security_struct *task;
struct vnode_security_struct *new_dir, *new_file;
@@ -1355,74 +1392,142 @@
static int
sebsd_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *label)
{
+
/* TBD: Not Implemented */
return 0;
}
static int
sebsd_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
- struct label *label, acl_type_t type, struct acl *acl)
+ struct label *label, acl_type_t type, struct acl *acl)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *label, int attrnamespace,
- const char *name, struct uio *uio)
+ struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
- struct label *label, u_long flags)
+ struct label *label, u_long flags)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
- struct label *label, mode_t mode)
+ struct label *label, mode_t mode)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
- struct label *label, uid_t uid, gid_t gid)
+ struct label *label, uid_t uid, gid_t gid)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
- struct label *label, struct timespec atime,
- struct timespec mtime)
+ struct label *label, struct timespec atime, struct timespec mtime)
{
+
return vnode_has_perm(cred, vp, FILE__SETATTR, NULL);
}
static int
sebsd_check_vnode_stat(struct ucred *cred, struct ucred *file_cred,
- struct vnode *vp, struct label *vnodelabel)
+ struct vnode *vp, struct label *vnodelabel)
{
+
return vnode_has_perm(cred, vp, FILE__GETATTR, NULL);
}
static int
+sebsd_check_sysarch_ioperm(struct ucred *cred)
+{
+
+ return(cred_has_capability(cred, CAPABILITY__SYS_RAWIO));
+}
+
+static int
+sebsd_check_system_acct(struct ucred *cred, struct vnode *vp,
+ struct label *vlabel)
+{
+
+ return(cred_has_capability(cred, CAPABILITY__SYS_PACCT));
+}
+
+/*
+ * TBD: LSM/SELinux doesn't have a nfsd hook
+ */
+static int
+sebsd_check_system_nfsd(struct ucred *cred)
+{
+
+ return (0);
+}
+
+
+static int
+sebsd_check_system_reboot(struct ucred *cred, int howto)
+{
+
+ return(cred_has_capability(cred, CAPABILITY__SYS_BOOT));
+}
+
+static int
+sebsd_check_system_settime(struct ucred *cred)
+{
+
+ return (0);
+}
+
+static int
sebsd_check_system_swapon(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel)
+ struct label *vnodelabel)
+{
+
+ return vnode_has_perm(cred, vp, FILE__SWAPON, NULL);
+}
+
+static int
+sebsd_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+ struct label *vnodelabel)
{
+
return vnode_has_perm(cred, vp, FILE__SWAPON, NULL);
}
+/*
+ * TBD: Sysctl access control is not currently implemented
+ */
static int
+sebsd_check_system_sysctl(struct ucred *cred, int *name,
+ u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new,
+ size_t newlen)
+{
+
+ return (0);
+}
+
+static int
sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+ struct vnode *vp, struct label *label)
{
+
return vnode_has_perm(cred, vp, FILE__WRITE, NULL);
}
@@ -1431,9 +1536,8 @@
*/
static int
sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
- struct label *label, int newmapping)
+ struct label *label, int newmapping)
{
-
access_vector_t av;
/*
@@ -1506,6 +1610,7 @@
static void
sebsd_copy_vnode_label(struct label *src, struct label *dest)
{
+
*(struct vnode_security_struct *)SLOT(dest) =
*(struct vnode_security_struct *)SLOT(src);
}
@@ -1518,16 +1623,13 @@
sebsd_check_kld_load(struct ucred *cred, struct vnode *vp,
struct label *vlabel)
{
- struct task_security_struct *tsec;
- tsec = SLOT(&cred->cr_label);
/*
* The vnode doesn't need to be checked here, since the read
* operations inside the kldload(2) implementation are
* individually checked against the same thread credentials.
*/
- return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY,
- CAPABILITY__SYS_MODULE, NULL));
+ return (cred_has_capability(cred, CAPABILITY__SYS_MODULE));
}
/*
@@ -1537,11 +1639,8 @@
static int
sebsd_check_kld_stat(struct ucred *cred)
{
- struct task_security_struct *tsec;
- tsec = SLOT(&cred->cr_label);
- return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY,
- CAPABILITY__SYS_MODULE, NULL));
+ return (cred_has_capability(cred, CAPABILITY__SYS_MODULE));
}
/*
@@ -1551,11 +1650,8 @@
static int
sebsd_check_kld_unload(struct ucred *cred)
{
- struct task_security_struct *tsec;
- tsec = SLOT(&cred->cr_label);
- return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_CAPABILITY,
- CAPABILITY__SYS_MODULE, NULL));
+ return (cred_has_capability(cred, CAPABILITY__SYS_MODULE));
}
static int
@@ -1707,8 +1803,17 @@
.mpo_check_kld_load = sebsd_check_kld_load,
.mpo_check_kld_unload = sebsd_check_kld_unload,
.mpo_check_mount_stat = sebsd_check_mount_stat,
+ .mpo_check_proc_debug = sebsd_check_proc_debug,
+ .mpo_check_proc_sched = sebsd_check_proc_sched,
.mpo_check_proc_signal = sebsd_check_proc_signal,
+ .mpo_check_sysarch_ioperm = sebsd_check_sysarch_ioperm,
+ .mpo_check_system_acct = sebsd_check_system_acct,
+ .mpo_check_system_nfsd = sebsd_check_system_nfsd,
+ .mpo_check_system_reboot = sebsd_check_system_reboot,
+ .mpo_check_system_settime = sebsd_check_system_settime,
.mpo_check_system_swapon = sebsd_check_system_swapon,
+ .mpo_check_system_swapoff = sebsd_check_system_swapoff,
+ .mpo_check_system_sysctl = sebsd_check_system_sysctl,
.mpo_check_vnode_access = sebsd_check_vnode_access,
.mpo_check_vnode_chdir = sebsd_check_vnode_chdir,
.mpo_check_vnode_chroot = sebsd_check_vnode_chroot,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list