PERFORCE change 39084 for review

Andrew Reisse areisse at FreeBSD.org
Fri Oct 3 13:04:08 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=39084

Change 39084 by areisse at areisse_tislabs on 2003/10/03 06:04:05

	Initial support for automatic pty labelling, using the new
	make_dev_cred and dev_clone_cred support. 
	ptys are created with the user that caused the cloning.
	mpo_create_devfs_device takes optional cred. 
	sebsd policy updated.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_devs.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/tty_pty.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#20 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#7 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#6 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#5 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_devs.c#5 (text+ko) ====

@@ -363,7 +363,7 @@
 				de->de_dirent->d_type = DT_CHR;
 			}
 #ifdef MAC
-			mac_create_devfs_device(dm->dm_mount, dev, de,
+			mac_create_devfs_device(dev->si_cred, dm->dm_mount, dev, de,
 			    dev->si_name);
 #endif
 			*dep = de;

==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#5 (text+ko) ====

@@ -376,6 +376,7 @@
 		goto notfound;
 
 	cdev = NODEV;
+	EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, strlen(pname), &cdev);
 	EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev);
 	if (cdev == NODEV)
 		goto notfound;

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#5 (text+ko) ====

@@ -41,6 +41,7 @@
 #include <sys/queue.h>
 #include <sys/ctype.h>
 #include <machine/stdarg.h>
+#include <sys/ucred.h>
 
 static MALLOC_DEFINE(M_DEVT, "dev_t", "dev_t storage");
 
@@ -214,6 +215,8 @@
 	if (dev->si_devsw || dev->si_drv1 || dev->si_drv2)
 		return;
 	LIST_REMOVE(dev, si_hash);
+	if (dev->si_cred)
+		crfree (dev->si_cred);
 	if (dev->si_flags & SI_STASHED) {
 		bzero(dev, sizeof(*dev));
 		dev->si_flags |= SI_STASHED;
@@ -266,11 +269,11 @@
         return ((x << 8) | y);
 }
 
-dev_t
-make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...)
+static dev_t
+make_dev_credv(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, struct ucred *cr,
+    int perms, const char *fmt, va_list ap)
 {
 	dev_t	dev;
-	va_list ap;
 	int i;
 
 	KASSERT((minor & ~0xffff00ff) == 0,
@@ -319,16 +322,15 @@
 		    dev->si_name);
 		panic("don't do that");
 	}
-	va_start(ap, fmt);
 	i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap);
 	if (i > (sizeof dev->__si_namebuf - 1)) {
 		printf("WARNING: Device name truncated! (%s)", 
 		    dev->__si_namebuf);
 	}
-	va_end(ap);
 	dev->si_devsw = devsw;
-	dev->si_uid = uid;
-	dev->si_gid = gid;
+	dev->si_uid = cr ? cr->cr_uid : uid;
+	dev->si_gid = cr ? cr->cr_gid : gid;
+	dev->si_cred = cr ? crhold (cr) : NULL;
 	dev->si_mode = perms;
 	dev->si_flags |= SI_NAMED;
 
@@ -336,6 +338,26 @@
 	return (dev);
 }
 
+dev_t
+make_dev_cred(struct cdevsw *devsw, int minor, struct ucred *cr, int perms, const char *fmt, ...)
+{
+	va_list ap;
+	va_start (ap, fmt);
+	dev_t ret = make_dev_credv (devsw, minor, 0, 0, cr, perms, fmt, ap);
+	va_end (ap);
+	return (ret);
+}
+
+dev_t
+make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...)
+{
+	va_list ap;
+	va_start (ap, fmt);
+	dev_t ret = make_dev_credv (devsw, minor, uid, gid, NULL, perms, fmt, ap);
+	va_end (ap);
+	return (ret);
+}
+
 int
 dev_named(dev_t pdev, const char *name)
 {

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#10 (text+ko) ====

@@ -3785,11 +3785,11 @@
 }
 
 void
-mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de,
+mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *de,
     const char *fullpath)
 {
 
-	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label,
+	MAC_PERFORM(create_devfs_device, cr, mp, dev, de, &de->de_label,
 	    fullpath);
 }
 

==== //depot/projects/trustedbsd/sebsd/sys/kern/tty_pty.c#5 (text+ko) ====

@@ -66,7 +66,7 @@
 static void ptsstart(struct tty *tp);
 static void ptsstop(struct tty *tp, int rw);
 static void ptcwakeup(struct tty *tp, int flag);
-static dev_t ptyinit(dev_t cdev);
+static dev_t ptyinit(dev_t cdev, struct thread *td);
 
 static	d_open_t	ptsopen;
 static	d_close_t	ptsclose;
@@ -136,7 +136,7 @@
  *      than 256 ptys.
  */
 static dev_t
-ptyinit(dev_t devc)
+ptyinit(dev_t devc, struct thread *td)
 {
 	dev_t devs;
 	struct pt_ioctl *pt;
@@ -150,8 +150,8 @@
 	devc->si_flags &= ~SI_CHEAPCLONE;
 
 	pt = malloc(sizeof(*pt), M_PTY, M_WAITOK | M_ZERO);
-	pt->devs = devs = make_dev(&pts_cdevsw, n,
-	    UID_ROOT, GID_WHEEL, 0666, "tty%c%r", names[n / 32], n % 32);
+	pt->devs = devs = make_dev_cred(&pts_cdevsw, n,
+	    td->td_ucred, 0666, "tty%c%r", names[n / 32], n % 32);
 	pt->devc = devc;
 
 	devs->si_drv1 = devc->si_drv1 = pt;
@@ -346,7 +346,7 @@
 	struct pt_ioctl *pti;
 
 	if (!dev->si_drv1)
-		ptyinit(dev);
+		ptyinit(dev, td);
 	if (!dev->si_drv1)
 		return(ENXIO);
 	tp = dev->si_tty;
@@ -818,10 +818,11 @@
 
 static void ptc_drvinit(void *unused);
 
-static void pty_clone(void *arg, char *name, int namelen, dev_t *dev);
+static void pty_clone(void *arg, struct ucred *cr, char *name, int namelen, dev_t *dev);
 
 static void
-pty_clone(arg, name, namelen, dev)
+pty_clone(arg, cr, name, namelen, dev)
+	struct ucred *cr;
 	void *arg;
 	char *name;
 	int namelen;
@@ -852,8 +853,8 @@
 		u += name[4] - 'a' + 10;
 	else
 		return;
-	*dev = make_dev(&ptc_cdevsw, u,
-	    UID_ROOT, GID_WHEEL, 0666, "pty%c%r", names[u / 32], u % 32);
+	*dev = make_dev_cred (&ptc_cdevsw, u,
+	    cr, 0666, "pty%c%r", names[u / 32], u % 32);
 	(*dev)->si_flags |= SI_CHEAPCLONE;
 	return;
 }
@@ -863,7 +864,7 @@
 	void *unused;
 {
 
-	EVENTHANDLER_REGISTER(dev_clone, pty_clone, 0, 1000);
+	EVENTHANDLER_REGISTER(dev_clone_cred, pty_clone, 0, 1000);
 }
 
 SYSINIT(ptcdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR_C,ptc_drvinit,NULL)

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#20 (text+ko) ====

@@ -518,7 +518,7 @@
 }
 
 static void
-sebsd_create_devfs_device(struct mount *mp, dev_t dev,
+sebsd_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev,
     struct devfs_dirent *devfs_dirent, struct label *label,
     const char *fullpath)
 {
@@ -543,9 +543,23 @@
 	strcpy(&path[1], fullpath);
 	rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
 	    &newsid);
+
 	if (rc == 0)
 		dirent->sid = newsid;
 
+	/* If there was a creating process (currently only for /dev/pty*),
+	   try a type_transition rule. */
+	if (cr != NULL) {
+		struct task_security_struct *task = SLOT(&cr->cr_label);
+
+		/* XXX: uses the type specified by genfs instead of the parent directory
+		   like it should! */
+		int error = security_transition_sid(task->sid, dirent->sid, dirent->sclass,
+		    &newsid);
+		if (error == 0)
+			dirent->sid = newsid;
+	}
+
 	/* TBD: debugging */
 	if (sebsd_verbose > 1) {
 		printf("sebsd_create_devfs_device(%s): sbsid=%d, "
@@ -794,7 +808,7 @@
 	int error;
 	int tclass;
 
-	task = SLOT(&cred->cr_label);
+ 	task = SLOT(&cred->cr_label);
 	dir = SLOT(parentlabel);
 	vsec = SLOT(childlabel);
 	tclass = vnode_type_to_security_class (child->v_type);

==== //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#5 (text+ko) ====

@@ -83,6 +83,7 @@
 	uid_t		si_uid;
 	gid_t		si_gid;
 	mode_t		si_mode;
+	struct ucred   *si_cred; /* optional cred of creating process (e.g. pty) */
 	u_long		si_usecount;
 	union {
 		struct {
@@ -314,6 +315,8 @@
 dev_t	makebdev(int _maj, int _min);
 dev_t	make_dev(struct cdevsw *_devsw, int _minor, uid_t _uid, gid_t _gid,
 		int _perms, const char *_fmt, ...) __printflike(6, 7);
+dev_t	make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr,
+                      int _perms, const char *_fmt, ...) __printflike(5, 6);
 dev_t	make_dev_alias(dev_t _pdev, const char *_fmt, ...) __printflike(2, 3);
 int	dev2unit(dev_t _dev);
 int	unit2minor(int _unit);
@@ -339,6 +342,9 @@
 int dev_stdclone(char *_name, char **_namep, const char *_stem, int *_unit);
 EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn);
 
+typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cr, char *name, int namelen, dev_t *result);
+EVENTHANDLER_DECLARE(dev_clone_cred, dev_clone_cred_fn);
+
 /* Stuff relating to kernel-dump */
 
 struct dumperinfo {

==== //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#7 (text+ko) ====

@@ -186,7 +186,7 @@
 	    struct vnode *vp);
 int	mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
 void	mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void	mac_create_devfs_device(struct mount *mp, dev_t dev,
+void	mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev,
 	    struct devfs_dirent *de, const char *fullpath);
 void	mac_create_devfs_directory(struct mount *mp, char *dirname,
 	    int dirnamelen, struct devfs_dirent *de, const char *fullpath);

==== //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#7 (text+ko) ====

@@ -167,7 +167,8 @@
 	void	(*mpo_associate_vnode_singlelabel)(struct mount *mp,
 		    struct label *fslabel, struct vnode *vp,
 		    struct label *vlabel);
-	void	(*mpo_create_devfs_device)(struct mount *mp, dev_t dev,
+	/* cr is optional in create_devfs_device. */
+	void	(*mpo_create_devfs_device)(struct ucred *cr, struct mount *mp, dev_t dev,
 		    struct devfs_dirent *de, struct label *label,
 		    const char *fullpath);
 	void	(*mpo_create_devfs_directory)(struct mount *mp, char *dirname,

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#6 (text+ko) ====

@@ -167,7 +167,7 @@
 # spawned by sshd
 
 # Use the pty created by sshd
-allow sshd_login_t sshd_devpts_t:chr_file { setattr rw_file_perms };
+allow sshd_login_t sshd_devpts_t:chr_file { setattr rw_file_perms poll };
 
 # Write to /var/log/lastlog
 allow sshd_login_t lastlog_t:file rw_file_perms;
@@ -177,7 +177,7 @@
 allow sshd_login_t userpty_type:chr_file { getattr relabelfrom relabelto };
 
 # open old-style ptys
-allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr };
+#allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr };
 
 allow sshd_login_t self:capability { linux_immutable sys_resource };
 
@@ -212,6 +212,8 @@
 role system_r types sshd_user_shell_t;
 role system_r types user_cvs_rw_t;
 
+allow sshd_user_shell_t sshd_devpts_t:chr_file { getattr setattr rw_file_perms poll };
+
 allow sshd_user_shell_t { self sshd_t }:fd { create use };
 allow sshd_user_shell_t { sbin_t bin_t home_root_t user_home_dir_t usr_t etc_t }:dir search;
 allow sshd_user_shell_t etc_t:file r_file_perms;

==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#5 (text+ko) ====

@@ -625,8 +625,8 @@
 allow $1_t devpts_t:dir { getattr read search };
 
 # For systems without /dev/ptmx
-allow $1_t devpts_t:chr_file { poll getattr setattr read write };
-type_change $1_t devpts_t:chr_file $1_devpts_t;
+#allow $1_t devpts_t:chr_file { poll getattr setattr read write };
+#type_change $1_t devpts_t:chr_file $1_devpts_t;
 ')
 
 ##################################
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list