PERFORCE change 41838 for review
Robert Watson
rwatson at FreeBSD.org
Mon Nov 10 00:03:16 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41838
Change 41838 by rwatson at rwatson_paprika on 2003/11/09 16:02:36
Update for recent changes in the MAC Framework: labels pointers
are now passed in for a various of System V and Posix IPC
primitives, rather than requiring the policy to dereference
the passed in IPC structures. Credentials now contain a label
pointer.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#25 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#25 (text+ko) ====
@@ -107,7 +107,7 @@
struct task_security_struct *task;
struct avc_audit_data ad;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
AVC_AUDIT_DATA_INIT(&ad, CAP);
ad.u.cap = cap;
@@ -121,8 +121,8 @@
{
struct task_security_struct *task, *target;
- task = SLOT(&cred->cr_label);
- target = SLOT(&proc->p_ucred->cr_label);
+ task = SLOT(cred->cr_label);
+ target = SLOT(proc->p_ucred->cr_label);
return (avc_has_perm_ref(task->sid, target->sid, SECCLASS_PROCESS,
perm, &target->avcr));
@@ -135,8 +135,8 @@
struct mount_security_struct *sbsec;
struct task_security_struct *task;
- task = SLOT(&cred->cr_label);
- sbsec = SLOT(&mp->mnt_mntlabel);
+ task = SLOT(cred->cr_label);
+ sbsec = SLOT(mp->mnt_mntlabel);
return (avc_has_perm_audit(task->sid, sbsec->sid, SECCLASS_FILESYSTEM,
perm, ad));
@@ -147,7 +147,7 @@
{
struct task_security_struct *task;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
return (avc_has_perm(task->sid, SECINITSID_KERNEL,
SECCLASS_SYSTEM, perm, NULL, NULL));
@@ -158,7 +158,7 @@
{
struct task_security_struct *task;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
return (avc_has_perm(task->sid, SECINITSID_SECURITY,
SECCLASS_SECURITY, perm, NULL, NULL));
@@ -266,8 +266,8 @@
struct vnode_security_struct *file;
struct avc_audit_data ad;
- task = SLOT(&cred->cr_label);
- file = SLOT(&vp->v_label);
+ task = SLOT(cred->cr_label);
+ file = SLOT(vp->v_label);
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
@@ -294,7 +294,7 @@
struct task_security_struct *task;
struct vnode_security_struct *file;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
file = SLOT(pipe->pipe_label);
/*
@@ -524,8 +524,8 @@
if (rc <= 0)
return;
- parent = SLOT(&cred_parent->cr_label);
- task = SLOT(&cred_child->cr_label);
+ parent = SLOT(cred_parent->cr_label);
+ task = SLOT(cred_child->cr_label);
/* Default to using the attributes from the parent process */
task->osid = parent->osid;
@@ -540,7 +540,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(label);
fsec->sid = tsec->sid;
@@ -554,7 +554,7 @@
struct ipc_security_struct *msqsec;
struct ipc_security_struct *msgsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
msqsec = SLOT(msqlabel);
msgsec = SLOT(msglabel);
@@ -580,7 +580,7 @@
struct task_security_struct *tsec;
struct ipc_security_struct *ipcsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
ipcsec = SLOT(msqlabel);
ipcsec->sid = tsec->sid;
@@ -594,7 +594,7 @@
struct task_security_struct *tsec;
struct ipc_security_struct *ipcsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
ipcsec = SLOT(semalabel);
ipcsec->sid = tsec->sid;
@@ -608,7 +608,7 @@
struct task_security_struct *tsec;
struct ipc_security_struct *ipcsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
ipcsec = SLOT(shmlabel);
ipcsec->sid = tsec->sid;
@@ -622,7 +622,7 @@
struct task_security_struct *tsec;
struct ipc_security_struct *ipcsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
ipcsec = SLOT(ks_label);
ipcsec->sid = tsec->sid;
@@ -642,7 +642,7 @@
struct vnode_security_struct *dirent;
dirent = SLOT(label);
- sbsec = SLOT(&mp->mnt_mntlabel);
+ sbsec = SLOT(mp->mnt_mntlabel);
/* Default to the filesystem SID. */
dirent->sid = sbsec->sid;
@@ -663,7 +663,7 @@
/* If there was a creating process (currently only for /dev/pty*),
try a type_transition rule. */
if (cr != NULL) {
- struct task_security_struct *task = SLOT(&cr->cr_label);
+ struct task_security_struct *task = SLOT(cr->cr_label);
/* XXX: uses the type specified by genfs instead of the parent directory
like it should! */
@@ -695,7 +695,7 @@
struct vnode_security_struct *dirent;
dirent = SLOT(label);
- sbsec = SLOT(&mp->mnt_mntlabel);
+ sbsec = SLOT(mp->mnt_mntlabel);
/* Default to the filesystem SID. */
dirent->sid = sbsec->sid;
@@ -738,7 +738,7 @@
dirsec = SLOT(ddlabel);
lnksec = SLOT(delabel);
- sbsec = SLOT(&mp->mnt_mntlabel);
+ sbsec = SLOT(mp->mnt_mntlabel);
/* Default to the filesystem SID. */
lnksec->sid = dirsec->sid;
@@ -774,7 +774,7 @@
struct task_security_struct *tsec;
struct vnode_security_struct *vsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
vsec = SLOT(pipelabel);
vsec->sid = vsec->task_sid = tsec->sid;
@@ -786,7 +786,7 @@
{
struct task_security_struct *task;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
task->osid = task->sid = SECINITSID_KERNEL;
printf("sebsd_create_proc0:: using SECINITSID_KERNEL = %d\n",
SECINITSID_KERNEL);
@@ -797,7 +797,7 @@
{
struct task_security_struct *task;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
task->osid = SECINITSID_KERNEL;
task->sid = SECINITSID_INIT;
printf("sebsd_create_proc1:: using SICINITSID_INIT = %d\n",
@@ -901,7 +901,7 @@
mtx_unlock(&mntvnode_mtx);
vn_lock(vp, LK_INTERLOCK | LK_EXCLUSIVE | LK_RETRY, curthread);
(void)sebsd_associate_vnode_extattr(mp, fslabel, vp,
- &vp->v_label);
+ vp->v_label);
VOP_UNLOCK(vp, 0, curthread);
mtx_lock(&mntvnode_mtx);
vp = nvp;
@@ -922,7 +922,7 @@
int error;
int tclass;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
dir = SLOT(parentlabel);
vsec = SLOT(childlabel);
tclass = vnode_type_to_security_class (child->v_type);
@@ -967,7 +967,7 @@
struct task_security_struct *nsec, *tsec;
nsec = SLOT(newlabel);
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
if (nsec != NULL && nsec->sid != tsec->sid)
return EPERM;
return 0;
@@ -985,7 +985,7 @@
struct mount_security_struct *sbsec;
vsec = SLOT(vl);
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
rc = vnode_has_perm (cred, vp, FILE__MOUNTON, NULL);
if (rc)
@@ -1075,7 +1075,7 @@
struct vnode_security_struct *newfile;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
file = SLOT(pipelabel);
newfile = SLOT(newlabel);
@@ -1160,8 +1160,8 @@
struct task_security_struct *otask, *ntask;
struct vnode_security_struct *file;
- otask = SLOT(&old->cr_label);
- ntask = SLOT(&new->cr_label);
+ otask = SLOT(old->cr_label);
+ ntask = SLOT(new->cr_label);
if (interpvnodelabel != NULL)
file = SLOT(interpvnodelabel);
else
@@ -1201,7 +1201,7 @@
struct vnode_security_struct *file;
security_id_t newsid;
- task = SLOT(&old->cr_label);
+ task = SLOT(old->cr_label);
if (interpvnodelabel != NULL)
file = SLOT(interpvnodelabel);
else
@@ -1394,7 +1394,7 @@
struct avc_audit_data ad;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
dir = SLOT(dlabel);
tclass = vnode_type_to_security_class(vap->va_type);
@@ -1418,7 +1418,7 @@
if (dvp->v_mount) {
/* XXX: mpo_check_vnode_create should probably pass the mntlabel */
- sbsec = SLOT (&dvp->v_mount->mnt_mntlabel);
+ sbsec = SLOT (dvp->v_mount->mnt_mntlabel);
rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM,
FILESYSTEM__ASSOCIATE, &ad);
if (rc)
@@ -1439,7 +1439,7 @@
access_vector_t av;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
file = SLOT(label);
dir = SLOT(dlabel);
@@ -1481,7 +1481,7 @@
struct avc_audit_data ad;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
file = SLOT(label);
if (execlabel == NULL) {
rc = security_transition_sid(task->sid, file->sid,
@@ -1559,7 +1559,7 @@
struct avc_audit_data ad;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
file = SLOT(label);
dir = SLOT(dlabel);
@@ -1640,7 +1640,7 @@
struct avc_audit_data ad;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
old = SLOT(oldlabel);
new = SLOT(oldlabel);
@@ -1665,7 +1665,7 @@
if (vp->v_mount) {
/* XXX: mpo_check_vnode_relabel should probably pass the mntlabel */
- sbsec = SLOT (&vp->v_mount->mnt_mntlabel);
+ sbsec = SLOT (vp->v_mount->mnt_mntlabel);
rc = avc_has_perm_audit (new->sid, sbsec->sid, SECCLASS_FILESYSTEM,
FILESYSTEM__ASSOCIATE, &ad);
if (rc)
@@ -1685,7 +1685,7 @@
struct avc_audit_data ad;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
old_dir = SLOT(dlabel);
old_file = SLOT(label);
@@ -1722,7 +1722,7 @@
access_vector_t av;
int rc;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
new_dir = SLOT(dlabel);
#ifdef notdef
@@ -1998,7 +1998,7 @@
{
struct task_security_struct *tsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
return (avc_has_perm_audit(tsec->sid, tsec->sid, SECCLASS_FD,
FD__CREATE, NULL));
}
@@ -2015,7 +2015,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2028,7 +2028,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2041,7 +2041,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2054,7 +2054,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2067,7 +2067,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2080,7 +2080,7 @@
struct task_security_struct *tsec;
struct file_security_struct *fsec;
- tsec = SLOT(&cred->cr_label);
+ tsec = SLOT(cred->cr_label);
fsec = SLOT(fplabel);
return (avc_has_perm_audit(tsec->sid, fsec->sid, SECCLASS_FD,
FD__USE, NULL));
@@ -2092,7 +2092,7 @@
struct task_security_struct *task;
struct ipc_security_struct *ipcsec;
- task = SLOT(&cred->cr_label);
+ task = SLOT(cred->cr_label);
ipcsec = SLOT(label);
/*
@@ -2104,46 +2104,51 @@
}
static int
-sebsd_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr)
+sebsd_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
- return(ipc_has_perm(cred, &msgptr->label, MSG__RECEIVE));
+ return(ipc_has_perm(cred, msglabel, MSG__RECEIVE));
}
static int
-sebsd_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr)
+sebsd_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
- return(ipc_has_perm(cred, &msgptr->label, MSG__DESTROY));
+ return(ipc_has_perm(cred, msglabel, MSG__DESTROY));
}
static int
-sebsd_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
+sebsd_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
- return(ipc_has_perm(cred, &msqkptr->label, MSGQ__ASSOCIATE));
+ return(ipc_has_perm(cred, msqklabel, MSGQ__ASSOCIATE));
}
static int
-sebsd_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
+sebsd_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
/* Can this process write to the queue? */
- return(ipc_has_perm(cred, &msqkptr->label, MSGQ__WRITE));
+ return(ipc_has_perm(cred, msqklabel, MSGQ__WRITE));
}
static int
sebsd_check_ipc_msgmsq(struct ucred *cred, struct msg *msgptr,
- struct msqid_kernel *msqkptr)
+ struct label *msglabel, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
int rc;
struct task_security_struct *task;
struct ipc_security_struct *msgsec;
struct ipc_security_struct *msqsec;
- task = SLOT(&cred->cr_label);
- msgsec = SLOT(&msgptr->label);
- msqsec = SLOT(&msqkptr->label);
+ task = SLOT(cred->cr_label);
+ msgsec = SLOT(msglabel);
+ msqsec = SLOT(msqklabel);
/*
* TBD: No audit information yet
@@ -2161,15 +2166,16 @@
}
static int
-sebsd_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
+sebsd_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
- return(ipc_has_perm(cred, &msqkptr->label, MSGQ__READ));
+ return(ipc_has_perm(cred, msqklabel, MSGQ__READ));
}
static int
sebsd_check_ipc_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
- int cmd)
+ struct label *msqklabel, int cmd)
{
access_vector_t perm;
@@ -2190,12 +2196,12 @@
/*
* TBD: No audit information yet
*/
- return(ipc_has_perm(cred, &msqkptr->label, perm));
+ return(ipc_has_perm(cred, msqklabel, perm));
}
static int
sebsd_check_ipc_semctl(struct ucred *cred, struct semid_kernel *semakptr,
- int cmd)
+ struct label *semaklabel, int cmd)
{
access_vector_t perm;
@@ -2229,19 +2235,20 @@
/*
* TBD: No audit information yet
*/
- return(ipc_has_perm(cred, &semakptr->label, perm));
+ return(ipc_has_perm(cred, semaklabel, perm));
}
static int
-sebsd_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr)
+sebsd_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel)
{
- return(ipc_has_perm(cred, &semakptr->label, SEM__ASSOCIATE));
+ return(ipc_has_perm(cred, semaklabel, SEM__ASSOCIATE));
}
static int
sebsd_check_ipc_semop(struct ucred *cred, struct semid_kernel *semakptr,
- size_t accesstype)
+ struct label *semaklabel, size_t accesstype)
{
access_vector_t perm;
perm = 0UL;
@@ -2251,12 +2258,12 @@
if( accesstype & SEM_A )
perm = SEM__READ | SEM__WRITE;
- return(ipc_has_perm(cred, &semakptr->label, perm));
+ return(ipc_has_perm(cred, semaklabel, perm));
}
static int
sebsd_check_ipc_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
- int shmflg)
+ struct label *shmseglabel, int shmflg)
{
access_vector_t perm;
@@ -2265,12 +2272,12 @@
else
perm = SHM__READ | SHM__WRITE;
- return(ipc_has_perm(cred, &shmsegptr->label, perm));
+ return(ipc_has_perm(cred, shmseglabel, perm));
}
static int
sebsd_check_ipc_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
- int cmd)
+ struct label *shmseglabel, int cmd)
{
access_vector_t perm;
@@ -2289,65 +2296,72 @@
return (EACCES);
}
- return(ipc_has_perm(cred, &shmsegptr->label, perm));
+ return(ipc_has_perm(cred, shmseglabel, perm));
}
static int
sebsd_check_ipc_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
- int shmflg)
+ struct label *shmseglabel, int shmflg)
{
- return(ipc_has_perm(cred, &shmsegptr->label, SHM__ASSOCIATE));
+ return(ipc_has_perm(cred, shmseglabel, SHM__ASSOCIATE));
}
static int
-sebsd_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DISASSOCIATE));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__DISASSOCIATE));
}
static int
-sebsd_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__DESTROY));
}
static int
-sebsd_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__READ));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__READ));
}
static int
-sebsd_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__ASSOCIATE));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__ASSOCIATE));
}
static int
-sebsd_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__WRITE));
}
static int
-sebsd_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__DESTROY));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__DESTROY));
}
static int
-sebsd_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr)
+sebsd_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
{
- return(ipc_has_perm(cred, &ksemptr->ks_label, POSIX_SEM__WRITE));
+ return(ipc_has_perm(cred, ks_label, POSIX_SEM__WRITE));
}
static struct mac_policy_ops sebsd_ops = {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list