PERFORCE change 42242 for review
Andrew Reisse
areisse at FreeBSD.org
Thu Nov 13 15:35:29 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=42242
Change 42242 by areisse at areisse_ibook on 2003/11/13 07:35:09
added get_user_sids as a sebsd syscall (instead of sysctl)
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/init_sysent.c#7 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#27 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#11 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#4 edit
.. //depot/projects/trustedbsd/sedarwin/libsebsd/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin/libsebsd/sebsd.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/libsebsd/security_get_user_contexts.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/init_sysent.c#7 (text+ko) ====
@@ -334,6 +334,7 @@
int __mac_get_pid();
int __mac_set_proc();
int mac_execve();
+int mac_syscall();
#endif
/*
@@ -745,11 +746,11 @@
syss(__mac_get_link,2), /* 339 */
syss(__mac_get_proc,1), /* 340 */
syss(__mac_set_proc,1), /* 341 */
- /*syss(mac_execve,4), /* 342 */
- syss(nosys,0), /* 342 */
+ syss(mac_execve,4), /* 342 */
syss(__mac_get_pid,2), /* 343 */
syss(__mac_set_file,2), /* 344 */
syss(__mac_set_link,2), /* 345 */
+ syss(mac_syscall,3), /* 346 */
#else
syss(nosys,0), /* 338 */
syss(nosys,0), /* 339 */
@@ -759,8 +760,8 @@
syss(nosys,0), /* 343 */
syss(nosys,0), /* 344 */
syss(nosys,0), /* 345 */
+ syss(nosys,0), /* 346 */
#endif
- syss(nosys,0), /* 346 */
syss(nosys,0), /* 347 */
syss(nosys,0), /* 348 */
syss(nosys,0), /* 349 */
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#27 (text+ko) ====
@@ -1562,6 +1562,7 @@
struct mac mac;
char *buffer;
int error;
+ size_t dummy;
if (mac_p == NULL)
return (0);
@@ -1575,7 +1576,7 @@
return (error);
buffer = _MALLOC(mac.m_buflen, M_MACTEMP, M_WAITOK);
- error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, &dummy);
if (error) {
FREE(buffer, M_MACTEMP);
return (error);
@@ -4150,13 +4151,14 @@
struct mac_policy_conf *mpc;
char target[MAC_MAX_POLICY_NAME];
int entrycount, error;
+ size_t dummy;
- error = copyinstr(uap->policy, target, sizeof(target), NULL);
+ error = copyinstr(uap->policy, target, sizeof(target), &dummy);
if (error)
return (error);
error = ENOSYS;
- LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+ LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
if (strcmp(mpc->mpc_name, target) == 0 &&
mpc->mpc_ops->mpo_syscall != NULL) {
error = mpc->mpc_ops->mpo_syscall(td,
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#11 (text+ko) ====
@@ -106,6 +106,9 @@
void sebsd_ss_free (void *v)
{
+ if (v == NULL)
+ return;
+
size_t *vs = (size_t *) v;
sebsd_free (vs-1, vs[-1]);
}
@@ -196,7 +199,7 @@
SECCLASS_SYSTEM, perm, NULL, NULL));
}
-static int
+int
cred_has_security(struct ucred *cred, access_vector_t perm)
{
struct task_security_struct *task;
@@ -2099,6 +2102,8 @@
FD__USE, NULL));
}
+extern int sebsd_syscall(struct thread *td, int call, void *args);
+
static struct mac_policy_ops sebsd_ops = {
.mpo_init = sebsd_init,
@@ -2135,7 +2140,9 @@
/* Transition */
.mpo_execve_will_transition = sebsd_execve_will_transition,
- .mpo_execve_transition = sebsd_execve_transition
+ .mpo_execve_transition = sebsd_execve_transition,
+
+ .mpo_syscall = sebsd_syscall
};
#if 0
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#3 (text+ko) ====
@@ -34,7 +34,6 @@
* $FreeBSD$
*/
-#if 0
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kernel.h>
@@ -47,6 +46,8 @@
#include <security/sebsd/avc/avc.h>
#include <security/sebsd/ss/services.h>
+#define MAX_UC 510
+
struct lp_args
{
void *data;
@@ -54,11 +55,11 @@
};
static int
-sys_load_policy(struct thread *td, void *data, size_t len)
+sys_load_policy(struct proc *td, void *data, size_t len)
{
int rc;
- rc = thread_has_security(td, SECURITY__LOAD_POLICY);
+ rc = cred_has_security(td->p_ucred, SECURITY__LOAD_POLICY);
if (rc)
return (rc);
@@ -73,8 +74,70 @@
return (rc);
}
+/*
+ * Lists the SIDs currently available for transition to by a given
+ * "context\0username\0"
+ */
+
+static int
+sys_user_sids (char *context, char *username, char *out, int *outlen)
+{
+ u_int32_t n, nsids, scontext_len;
+ security_id_t *sids, sid;
+ security_context_t scontext;
+ int error;
+ int olen = 1;
+ int ubufsz;
+
+ if (copyin (outlen, &ubufsz, sizeof (int)))
+ {
+ error = EFAULT;
+ goto out;
+ }
+
+ /*
+ * XXX We need POLICY_RDLOCK here, but it's not exported!
+ */
+ error = security_context_to_sid(context, strlen (context), &sid);
+ if (error)
+ goto out;
+ error = security_get_user_sids(sid, username, &sids, &nsids);
+ if (error)
+ goto out;
+ for (n = 0; n < nsids; n++) {
+ error = security_sid_to_context(sids[n], &scontext,
+ &scontext_len);
+ if (error)
+ goto out2;
+ if (out && olen + scontext_len <= ubufsz)
+ {
+ error = copyout (scontext, out, scontext_len);
+ out += scontext_len;
+ }
+ else if (out)
+ error = ENOMEM;
+ olen += scontext_len;
+ security_free_context(scontext);
+ if (error)
+ goto out2;
+ }
+ error = copyout (&olen, outlen, sizeof(int));
+out2:
+ sebsd_ss_free(sids);
+out:
+ return (error);
+}
+
+struct getsid_args
+{
+ char *ctx;
+ char *usr;
+ char *out;
+ int *outlen;
+};
+
int
-sebsd_syscall(struct thread *td, int call, void *args)
+sebsd_syscall(struct proc *td, int call, void *args)
{
int err = EINVAL;
struct lp_args p;
@@ -85,6 +148,35 @@
return (EFAULT);
err = sys_load_policy (td, p.data, p.len);
break;
+
+ case SEBSDCALL_GETUSERSIDS:
+ {
+ struct getsid_args uap;
+ err = copyin (args, &uap, sizeof (struct getsid_args));
+ if (err)
+ return err;
+ size_t dummy;
+ char *ctx = sebsd_ss_malloc (MAX_UC, M_WAITOK);
+ err = copyinstr(uap.ctx, ctx, MAX_UC, &dummy);
+ if (err) {
+ sebsd_ss_free (ctx);
+ return err;
+ }
+ char *usr = sebsd_ss_malloc (MAX_UC, M_WAITOK);
+ err = copyinstr(uap.usr, usr, MAX_UC, &dummy);
+ if (err) {
+ sebsd_ss_free (ctx);
+ sebsd_ss_free (usr);
+ return err;
+ }
+ ctx[MAX_UC-1] = 0;
+ usr[MAX_UC-1] = 0;
+ err = sys_user_sids (ctx, usr, uap.out, uap.outlen);
+ sebsd_ss_free (ctx);
+ sebsd_ss_free (usr);
+ }
+ break;
+
default:
err = EINVAL;
break;
@@ -92,4 +184,3 @@
return err;
}
-#endif /* 0 */
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#2 (text+ko) ====
@@ -5,6 +5,7 @@
* TBD: Should we really try to line up with SELinux?
*/
#define SEBSDCALL_LOAD_POLICY 7
+#define SEBSDCALL_GETUSERSIDS 6
#define SEBSDCALL_NUM 7
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#4 (text+ko) ====
@@ -139,64 +139,6 @@
}
#if 0
-/*
- * Sysctl handler for security.mac.sebsd.user_sids
- * Lists the SIDs currently available for transition to by a given
- * "context\0username\0"
- */
-static int
-sysctl_user_sids(SYSCTL_HANDLER_ARGS)
-{
- u_int32_t n, nsids, scontext_len;
- security_id_t *sids, sid;
- security_context_t scontext;
- char *context, *username;
- int error, len;
-
- if (req->newlen == 0)
- return (EINVAL);
- if (req->newlen > 512) /* arbitrary */
- return (ENAMETOOLONG);
- context = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK);
- error = SYSCTL_IN(req, context, req->newlen);
- if (error)
- goto out;
- if (context[req->newlen - 1] != '\0') {
- error = EINVAL;
- goto out;
- }
- len = strlen(context);
- if (len + 1 >= req->newlen) {
- error = EINVAL;
- goto out;
- }
- username = context + len + 1;
- /*
- * XXX We need POLICY_RDLOCK here, but it's not exported!
- */
- error = security_context_to_sid(context, len + 1, &sid);
- if (error)
- goto out;
- error = security_get_user_sids(sid, username, &sids, &nsids);
- if (error)
- goto out;
- for (n = 0; n < nsids; n++) {
- error = security_sid_to_context(sids[n], &scontext,
- &scontext_len);
- if (error)
- goto out2;
- error = SYSCTL_OUT(req, scontext, scontext_len);
- security_free_context(scontext);
- if (error)
- goto out2;
- }
- error = SYSCTL_OUT(req, "", 1);
-out2:
- sebsd_free(sids, M_SEBSD);
-out:
- sebsd_free(context, M_SEBSD);
- return (error);
-}
/*
* Sysctl handler for security.mac.sebsd.change_sid
==== //depot/projects/trustedbsd/sedarwin/libsebsd/Makefile#2 (text+ko) ====
@@ -1,13 +1,30 @@
include ../Makeconfig
+all: libsebsd.a
+
OBJS= system.o security_get_user_contexts.o get_ordered_context_list.o \
getseccontext.o query_user_context.o security_change_context.o \
string_to_security_class.o security_compute_av.o context.o \
get_default_type.o
-CFLAGS+= -I$(EXPORT_HDRS)/security/sebsd
+CFLAGS+= -g -I$(EXPORT_HDRS)/security/sebsd
libsebsd.a: $(OBJS)
ar cr $@ $(OBJS)
ranlib $@
+
+HDIR = /usr/include/security/sebsd
+HEADERS = $(HDIR)/sebsd.h $(HDIR)/sebsd_ss.h $(HDIR)/flask_types.h $(HDIR)/linux-compat.h $(HDIR)/sebsd_context.h $(HDIR)/sebsd_proc.h $(HDIR)/sebsd_fs.h $(HDIR)/flask.h $(HDIR)/sebsd_syscalls.h
+
+install: $(HDIR) $(HEADERS)
+
+$(HDIR):
+ mkdir -p $(HDIR)
+
+$(HDIR)/%.h: %.h
+ cp $< $@
+
+$(HDIR)/%.h: $(EXPORT_HDRS)/security/sebsd/%.h
+ cp $< $@
+
==== //depot/projects/trustedbsd/sedarwin/libsebsd/sebsd.h#3 (text+ko) ====
@@ -40,7 +40,7 @@
#include <sys/types.h>
#ifdef USE_PAM
-#include <security/pam_types.h>
+#include <pam/_pam_types.h>
#endif
#include "flask_types.h"
@@ -73,8 +73,8 @@
char ***retcontexts, size_t *ncontexts);
int security_change_context(const char *domain, const char *ocontext,
security_class_t oclass, char **newcontext);
-int security_compute_av(struct security_query *query,
- struct security_response *response);
+extern int security_compute_av(struct security_query *query,
+ struct security_response *response);
==== //depot/projects/trustedbsd/sedarwin/libsebsd/security_get_user_contexts.c#2 (text+ko) ====
@@ -43,6 +43,14 @@
#include <string.h>
#include <unistd.h>
+struct getsid_args
+{
+ char *ctx;
+ char *usr;
+ char *out;
+ int *outlen;
+};
+
/*
* Get a malloc()ed array of malloc()ed strings which indicate the
* allowed SEBSD transitions to be made by a given user in a given
@@ -52,29 +60,26 @@
security_get_user_contexts(const char *fromcontext, const char *username,
char ***retcontexts, size_t *ncontexts)
{
- char *arguments, *contexts, *s, **contextarray;
- ssize_t arguments_len;
+ char *contexts, *s, **contextarray;
size_t contexts_len, n;
int error;
+ struct getsid_args uap;
- arguments_len = asprintf(&arguments, "%s%c%s%c", fromcontext, 0,
- username, 0);
- if (arguments_len == -1)
- return (-1);
bigger:
- contexts_len = 0;
- if (sysctlbyname("security.mac.sebsd.user_sids", NULL, &contexts_len,
- arguments, arguments_len) == -1) {
- free(arguments);
- return (-1);
- }
+ uap.outlen = &contexts_len;
+ uap.ctx = fromcontext;
+ uap.usr = username;
+ uap.out = NULL;
+ if (mac_syscall ("sebsd", 6, &uap))
+ {
+ return (-1);
+ }
contexts = malloc(contexts_len);
if (contexts == NULL) {
- free(arguments);
return (-1);
}
- error = sysctlbyname("security.mac.sebsd.user_sids", contexts,
- &contexts_len, arguments, arguments_len);
+ uap.out = contexts;
+ error = mac_syscall ("sebsd", 6, &uap);
/*
* We could possibly race and not have a large enough space
* for the current set of contexts.
@@ -83,7 +88,6 @@
free(contexts);
goto bigger;
}
- free(arguments);
if (error == -1) {
free(contexts);
return (-1);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list