PERFORCE change 41442 for review
Andrew Reisse
areisse at FreeBSD.org
Wed Nov 5 14:26:11 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41442
Change 41442 by areisse at areisse_ibook on 2003/11/05 06:25:20
devfs labelling support. Don't rely on 'mount *mp' being valid in
devfs labelling events.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#23 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/devfs_tree.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/devfsdefs.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#6 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#4 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#7 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#23 (text+ko) ====
@@ -75,6 +75,8 @@
#include <kern/wait_queue.h>
#include <kern/lock.h>
+#include <miscfs/devfs/devfsdefs.h>
+
#ifdef MAC
/*
@@ -855,11 +857,8 @@
static void
mac_init_cred_label(struct label *label)
{
- printf ("mac_init_cred_label %d\n", label);
mac_init_label(label);
- printf ("mpo_init_cred_label %d\n", label);
MAC_PERFORM(init_cred_label, label);
- printf ("mac_init_cred_label done %d\n", label);
MAC_DEBUG_COUNTER_INC(&nmaccreds);
}
@@ -870,16 +869,13 @@
mac_init_cred_label(&cred->cr_label);
}
-#if 0
void
-mac_init_devfsdirent(struct devfs_dirent *de)
+mac_init_devfsdirent(struct devnode *de)
{
-
- mac_init_label(&de->de_label);
- MAC_PERFORM(init_devfsdirent_label, &de->de_label);
+ mac_init_label(&de->dn_label);
+ MAC_PERFORM(init_devfsdirent_label, &de->dn_label);
MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
}
-#endif
static void
mac_init_ifnet_label(struct label *label)
@@ -1114,16 +1110,14 @@
mac_destroy_cred_label(&cred->cr_label);
}
-#if 0
void
-mac_destroy_devfsdirent(struct devfs_dirent *de)
+mac_destroy_devfsdirent(struct devnode *de)
{
- MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
- mac_destroy_label(&de->de_label);
+ MAC_PERFORM(destroy_devfsdirent_label, &de->dn_label);
+ mac_destroy_label(&de->dn_label);
MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
}
-#endif
static void
mac_destroy_ifnet_label(struct label *label)
@@ -1268,6 +1262,12 @@
MAC_PERFORM(copy_vnode_label, src, dest);
}
+void
+mac_copy_devfs_label(struct label *src, struct label *dest)
+{
+ MAC_PERFORM(copy_devfs_label, src, dest);
+}
+
static int
mac_check_structmac_consistent(struct mac *mac)
{
@@ -1442,9 +1442,7 @@
void
mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
{
- printf ("mpo_create_cred %d %d %d\n", parent_cred, child_cred, 0);
MAC_PERFORM(create_cred, parent_cred, child_cred);
- printf ("mpo_create_cred done\n");
}
#if 0
@@ -1456,16 +1454,16 @@
MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
&vp->v_label);
}
+#endif
void
-mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
+mac_associate_vnode_devfs(struct mount *mp, struct devnode *de,
struct vnode *vp)
{
MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de,
- &de->de_label, vp, &vp->v_label);
+ &de->dn_label, vp, &vp->v_label);
}
-#endif
int
mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp)
@@ -3216,16 +3214,16 @@
return (0);
}
-#if 0
void
-mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de,
+mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devnode *de,
const char *fullpath)
{
- MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label,
- fullpath);
+ MAC_PERFORM(create_devfs_device, cr, mp, dev, de, &de->dn_label,
+ fullpath);
}
+#if 0
void
mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
struct devfs_dirent *dd, struct devfs_dirent *de, const char *fullpath)
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/Makefile#2 (text+ko) ====
@@ -20,11 +20,8 @@
EXPINC_SUBDIRS_I386 = \
DATAFILES = \
- devfs.h
+ devfs.h devfs_proto.h devfsdefs.h
-PRIVATE_DATAFILES = \
- devfs_proto.h devfsdefs.h
-
INSTALL_MI_LIST = ${DATAFILES}
INSTALL_MI_DIR = miscfs/devfs
@@ -33,7 +30,7 @@
EXPORT_MI_DIR = miscfs/devfs
-INSTALL_MI_LIST = ${DATAFILES} ${PRIVATE_DATAFILES}
+INSTALL_MI_LIST = ${DATAFILES}
include $(MakeInc_rule)
include $(MakeInc_dir)
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/devfs_tree.c#2 (text+ko) ====
@@ -555,6 +555,11 @@
*(dnp->dn_prevsiblingp) = dnp;
dnp->dn_nextsibling = proto;
proto->dn_prevsiblingp = &(dnp->dn_nextsibling);
+
+#ifdef MAC
+ mac_init_devfsdirent (dnp);
+ mac_copy_devfs_label (&proto->dn_label, &dnp->dn_label);
+#endif
} else {
struct timeval tv;
@@ -569,6 +574,10 @@
dnp->dn_atime.tv_sec = tv.tv_sec;
dnp->dn_mtime.tv_sec = tv.tv_sec;
dnp->dn_ctime.tv_sec = tv.tv_sec;
+
+#ifdef MAC
+ mac_init_devfsdirent (dnp);
+#endif
}
dnp->dn_dvm = dvm;
@@ -677,6 +686,10 @@
#endif 0
dnp->dn_delete = TRUE;
}
+
+#ifdef MAC
+ mac_destroy_devfsdirent (dnp);
+#endif
}
}
@@ -1018,6 +1031,10 @@
vn_p->v_data = (void *)dnp;
dnp->dn_vn = vn_p;
error = vn_lock(vn_p, LK_EXCLUSIVE | LK_RETRY, p);
+#ifdef MAC
+ if (!error)
+ mac_associate_vnode_devfs (NULL, dnp, vn_p);
+#endif
}
return error;
}
@@ -1074,7 +1091,7 @@
devnode_t * dnp; /* devnode for parent directory */
devnode_type_t typeinfo;
- char *name, *path, buf[256]; /* XXX */
+ char *name, *path, buf[256], buff[256]; /* XXX */
boolean_t funnel_state;
int i;
va_list ap;
@@ -1093,6 +1110,10 @@
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
+#ifdef MAC
+ bcopy (buf, buff, 256);
+ buff[255] = 0;
+#endif
name = NULL;
for(i=strlen(buf); i>0; i--)
@@ -1120,6 +1141,10 @@
new_dev->de_dnp->dn_gid = gid;
new_dev->de_dnp->dn_uid = uid;
new_dev->de_dnp->dn_mode |= perms;
+#ifdef MAC
+ mac_create_devfs_device (NULL, NULL,
+ dev, new_dev->de_dnp, buff);
+#endif
devfs_propogate(dnp->dn_typeinfo.Dir.myname, new_dev);
}
}
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/miscfs/devfs/devfsdefs.h#2 (text+ko) ====
@@ -60,6 +60,8 @@
#include <sys/appleapiopts.h>
+#include <sys/mac.h>
+
#ifdef __APPLE_API_PRIVATE
#define DEVMAXNAMESIZE 32 /* XXX */
#define DEVMAXPATHSIZE 128 /* XXX */
@@ -128,6 +130,7 @@
devnode_t * * dn_prevsiblingp;/* backpointer for the above */
devnode_type_t dn_typeinfo;
int dn_delete; /* mark for deletion */
+ struct label dn_label;
};
struct devdirent
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#6 (text+ko) ====
@@ -104,7 +104,7 @@
*/
struct bpf_d;
struct componentname;
-struct devfs_dirent;
+struct devnode;
struct ifnet;
struct ifreq;
struct image_params;
@@ -134,7 +134,7 @@
*/
void mac_init_bpfdesc(struct bpf_d *);
void mac_init_cred(struct ucred *);
-void mac_init_devfsdirent(struct devfs_dirent *);
+void mac_init_devfsdirent(struct devnode *);
void mac_init_ifnet(struct ifnet *);
int mac_init_ipq(struct ipq *, int flag);
int mac_init_socket(struct socket *, int flag);
@@ -147,9 +147,10 @@
void mac_init_vnode_label(struct label *);
void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
void mac_copy_vnode_label(struct label *, struct label *label);
+void mac_copy_devfs_label(struct label *, struct label *label);
void mac_destroy_bpfdesc(struct bpf_d *);
void mac_destroy_cred(struct ucred *);
-void mac_destroy_devfsdirent(struct devfs_dirent *);
+void mac_destroy_devfsdirent(struct devnode *);
void mac_destroy_ifnet(struct ifnet *);
void mac_destroy_ipq(struct ipq *);
void mac_destroy_socket(struct socket *);
@@ -164,16 +165,16 @@
* Labeling event operations: file system objects, and things that
* look a lot like file system objects.
*/
-void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
+void mac_associate_vnode_devfs(struct mount *mp, struct devnode *de,
struct vnode *vp);
int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void mac_create_devfs_device(struct mount *mp, dev_t dev,
- struct devfs_dirent *de, const char *fullpath);
+void mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev,
+ struct devnode *de, const char *fullpath);
void mac_create_devfs_directory(struct mount *mp, char *dirname,
- int dirnamelen, struct devfs_dirent *de, const char *fullpath);
+ int dirnamelen, struct devnode *de, const char *fullpath);
void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
- struct devfs_dirent *dd, struct devfs_dirent *de,
+ struct devnode *dd, struct devnode *de,
const char *fullpath);
int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
@@ -181,7 +182,7 @@
void mac_create_root_mount(struct ucred *cred, struct mount *mp);
void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
struct label *newlabel);
-void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+void mac_update_devfsdirent(struct mount *mp, struct devnode *de,
struct vnode *vp);
/*
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#4 (text+ko) ====
@@ -62,6 +62,8 @@
struct socket;
struct ucred;
struct vnode;
+struct devnode;
+
struct mac_policy_ops {
/*
* Policy module operations.
@@ -81,9 +83,7 @@
*/
void (*mpo_init_bpfdesc_label)(struct label *label);
void (*mpo_init_cred_label)(struct label *label);
-#if 0
void (*mpo_init_devfsdirent_label)(struct label *label);
-#endif
void (*mpo_init_ifnet_label)(struct label *label);
int (*mpo_init_ipq_label)(struct label *label, int flag);
int (*mpo_init_mbuf_label)(struct label *label, int flag);
@@ -98,9 +98,7 @@
void (*mpo_init_vnode_label)(struct label *label);
void (*mpo_destroy_bpfdesc_label)(struct label *label);
void (*mpo_destroy_cred_label)(struct label *label);
-#if 0
void (*mpo_destroy_devfsdirent_label)(struct label *label);
-#endif
void (*mpo_destroy_ifnet_label)(struct label *label);
void (*mpo_destroy_ipq_label)(struct label *label);
void (*mpo_destroy_mbuf_label)(struct label *label);
@@ -121,6 +119,8 @@
#endif
void (*mpo_copy_vnode_label)(struct label *src,
struct label *dest);
+ void (*mpo_copy_devfs_label)(struct label *src,
+ struct label *dest);
int (*mpo_externalize_cred_label)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
int (*mpo_externalize_ifnet_label)(struct label *label,
@@ -152,30 +152,29 @@
* Labeling event operations: file system objects, and things that
* look a lot like file system objects.
*/
-#if 0
void (*mpo_associate_vnode_devfs)(struct mount *mp,
- struct label *fslabel, struct devfs_dirent *de,
+ struct label *fslabel, struct devnode *de,
struct label *delabel, struct vnode *vp,
struct label *vlabel);
-#endif
+
int (*mpo_associate_vnode_extattr)(struct mount *mp,
struct label *fslabel, struct vnode *vp,
struct label *vlabel);
void (*mpo_associate_vnode_singlelabel)(struct mount *mp,
struct label *fslabel, struct vnode *vp,
struct label *vlabel);
-#if 0
- void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev,
- struct devfs_dirent *de, struct label *label,
+
+ void (*mpo_create_devfs_device)(struct ucred *cr, struct mount *mp, dev_t dev,
+ struct devnode *de, struct label *label,
const char *fullpath);
void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname,
- int dirnamelen, struct devfs_dirent *de,
+ int dirnamelen, struct devnode *de,
struct label *label, const char *fullpath);
void (*mpo_create_devfs_symlink)(struct ucred *cred,
- struct mount *mp, struct devfs_dirent *dd,
- struct label *ddlabel, struct devfs_dirent *de,
+ struct mount *mp, struct devnode *dd,
+ struct label *ddlabel, struct devnode *de,
struct label *delabel, const char *fullpath);
-#endif
+
int (*mpo_create_vnode_extattr)(struct ucred *cred,
struct mount *mp, struct label *fslabel,
struct vnode *dvp, struct label *dlabel,
@@ -192,7 +191,7 @@
struct label *intlabel);
#if 0
void (*mpo_update_devfsdirent)(struct mount *mp,
- struct devfs_dirent *devfs_dirent,
+ struct devnode *devfs_dirent,
struct label *direntlabel, struct vnode *vp,
struct label *vnodelabel);
#endif
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#7 (text+ko) ====
@@ -68,6 +68,7 @@
#include <sys/ucred.h>
#include <vm/vm_kern.h>
+#include <miscfs/devfs/devfsdefs.h>
#endif
#include <sys/mac_policy.h>
@@ -239,33 +240,22 @@
return SECCLASS_FILE;
}
-#ifdef HAS_DEVFS_DIRENT
static __inline security_class_t
-dirent_type_to_security_class(__uint8_t type)
+devfs_type_to_security_class(int type)
{
switch (type) {
- case DT_REG:
- return SECCLASS_FILE;
- case DT_DIR:
+ case DEV_DIR:
return SECCLASS_DIR;
- case DT_BLK:
+ case DEV_BDEV:
return SECCLASS_BLK_FILE;
- case DT_CHR:
+ case DEV_CDEV:
return SECCLASS_CHR_FILE;
- case DT_LNK:
+ case DEV_SLNK:
return SECCLASS_LNK_FILE;
- case DT_SOCK:
- return SECCLASS_SOCK_FILE;
- case DT_FIFO:
- return SECCLASS_FIFO_FILE;
- case DT_UNKNOWN:
- case DT_WHT:
- return SECCLASS_FILE;
}
return SECCLASS_FILE;
}
-#endif
static __inline access_vector_t
file_mask_to_av(enum vtype vt, int mask)
@@ -428,6 +418,17 @@
}
static void
+sebsd_init_devfs_label(struct label *label)
+{
+ struct vnode_security_struct *vsec;
+
+ vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK);
+ vsec->sid = SECINITSID_UNLABELED;
+ vsec->task_sid = SECINITSID_UNLABELED;
+ SLOT(label) = vsec;
+}
+
+static void
sebsd_destroy_cred_label(struct label *label)
{
sebsd_free (SLOT(label), sizeof (struct task_security_struct));
@@ -447,10 +448,9 @@
printf("sebsd_relabel_cred:: This does nothing\n");
}
-#ifdef HAS_DEVFS_DIRENT
static void
sebsd_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
- struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct devnode *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
struct vnode_security_struct *vsec, *dsec;
@@ -461,30 +461,23 @@
vsec->sid = dsec->sid;
vsec->task_sid = dsec->task_sid;
vsec->sclass = dsec->sclass;
-
- /*
- * This is a no-op for now, but when devfs_dirents do contain
- * labels, they should be copied to the vp here as per how
- * sebsd_update_vnode_from_extattr() functions. They will be
- * kept synchronized from here on automatically with the vnode
- * relabel calls.
- */
}
-#endif
-#ifdef HAS_EXTATTRS
static int
sebsd_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
struct vnode *vp, struct label *vlabel)
{
struct vnode_security_struct *vsec;
/* TBD: Need to limit size of contexts used in extattr labels */
- char context[128];
+ /*char context[128];*/
u_int32_t context_len;
+ const char *context = NULL;
int error;
vsec = SLOT(vlabel);
+#ifdef HAS_EXTATTRS
+
context_len = sizeof(context); /* TBD: bad fixed length */
error = vn_extattr_get(vp, IO_NODELOCKED,
SEBSD_MAC_EXTATTR_NAMESPACE,
@@ -515,8 +508,22 @@
"inode=%ld, fsid=%d\n", context_len, context_len,
context, va.va_fileid, va.va_fsid);
}
+#endif
- error = security_context_to_sid(context, context_len, &vsec->sid);
+ struct proc *p = current_proc();
+ if (p == NULL || vp == NULL || vp->v_op == NULL || vp->v_tag != VT_HFS || vp->v_data == NULL)
+ goto dosclass;
+
+ struct vattr va;
+ error = VOP_GETATTR (vp, &va, p->p_ucred, p);
+ if (error)
+ goto dosclass;
+ if (va.va_fileid == 28308)
+ context = "system_u:object_r:shell_exec_t";
+ else
+ goto dosclass;
+
+ error = security_context_to_sid(context, strlen(context), &vsec->sid);
if (error) {
printf("sebsd_update_vnode_from_extattr: ERROR mapping "
"context to sid: %.*s\n", context_len, context);
@@ -532,7 +539,6 @@
return (0);
}
-#endif
static void
sebsd_associate_vnode_singlelabel(struct mount *mp, struct label *fslabel,
@@ -560,6 +566,9 @@
parent = SLOT(&cred_parent->cr_label);
task = SLOT(&cred_child->cr_label);
+ if (parent == task)
+ panic ("parent child equal");
+
/* Default to using the attributes from the parent process */
task->osid = parent->osid;
task->sid = parent->sid;
@@ -579,32 +588,29 @@
fsec->sid = tsec->sid;
}
-#ifdef HAS_DEVFS_DIRENT
static void
sebsd_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev,
- struct devfs_dirent *devfs_dirent, struct label *label,
+ struct devnode *devfs_dirent, struct label *label,
const char *fullpath)
{
char *path;
int rc;
security_id_t newsid;
- struct mount_security_struct *sbsec;
struct vnode_security_struct *dirent;
dirent = SLOT(label);
- sbsec = SLOT(&mp->mnt_mntlabel);
/* Default to the filesystem SID. */
- dirent->sid = sbsec->sid;
+ dirent->sid = SECINITSID_DEVFS;
dirent->task_sid = SECINITSID_KERNEL;
dirent->sclass =
- dirent_type_to_security_class(devfs_dirent->de_dirent->d_type);
+ devfs_type_to_security_class(devfs_dirent->dn_type);
/* Obtain a SID based on the fstype, path, and class. */
path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
path[0] = '/';
strcpy(&path[1], fullpath);
- rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
+ rc = security_genfs_sid("devfs", path, dirent->sclass,
&newsid);
if (rc == 0)
@@ -625,14 +631,15 @@
/* TBD: debugging */
if (sebsd_verbose > 1) {
- printf("sebsd_create_devfs_device(%s): sbsid=%d, "
- "mountpoint=%s, rc=%d, sclass=%d, computedsid=%d, "
- "dirent=%d\n", path, sbsec->sid, mp->mnt_stat.f_mntonname,
+ printf("sebsd_create_devfs_device(%s): "
+ "rc=%d, sclass=%d, computedsid=%d, "
+ "dirent=%d\n", path,
rc, dirent->sclass, newsid, dirent->sid);
}
sebsd_free (path, 2 + strlen(fullpath));
}
+#if 0
static void
sebsd_create_devfs_directory(struct mount *mp, char *dirname,
int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label,
@@ -2082,10 +2089,15 @@
.mpo_init_cred_label = sebsd_init_cred_label,
.mpo_init_vnode_label = sebsd_init_vnode_label,
+ .mpo_init_devfsdirent_label = sebsd_init_devfs_label,
.mpo_destroy = sebsd_destroy,
.mpo_destroy_cred_label = sebsd_destroy_cred_label,
.mpo_destroy_vnode_label = sebsd_destroy_vnode_label,
+ .mpo_destroy_devfsdirent_label = sebsd_destroy_vnode_label,
+
+ .mpo_copy_vnode_label = sebsd_copy_vnode_label,
+ .mpo_copy_devfs_label = sebsd_copy_vnode_label,
.mpo_internalize_cred_label = sebsd_internalize_cred_label,
.mpo_externalize_cred_label = sebsd_externalize_cred_label,
@@ -2099,6 +2111,11 @@
.mpo_create_proc0 = sebsd_create_proc0,
.mpo_create_proc1 = sebsd_create_proc1,
+ .mpo_create_devfs_device = sebsd_create_devfs_device,
+
+ .mpo_associate_vnode_extattr = sebsd_associate_vnode_extattr,
+ .mpo_associate_vnode_devfs = sebsd_associate_vnode_devfs,
+
/* Transition */
.mpo_execve_will_transition = sebsd_execve_will_transition,
.mpo_execve_transition = sebsd_execve_transition
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list