PERFORCE change 39097 for review

Fri Oct 3 17:18:33 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=39097

Change 39097 by areisse at areisse_tislabs on 2003/10/03 10:18:28

	SEBSD gets the policy from the bootloader or user
	memory instead of reading files in the kernel.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#21 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#4 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#4 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#3 (text+ko) ====

@@ -34,7 +34,9 @@
  * $FreeBSD$
  */
 #include <errno.h>
-
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <stdlib.h>
 #include "sebsd.h"
 
 
@@ -57,8 +59,28 @@
 	return i;
 }
 
+struct lp_args
+{
+	void  *data;
+	size_t len;
+};
+
 int
 sebsd_load_policy(const char *path)
 {
-	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path);
+	FILE           *fp;
+	struct lp_args  la;
+
+	fp = fopen (path, "rb");
+	if (fp == NULL)
+		return errno;
+
+	fseek (fp, 0, SEEK_END);
+	la.len = ftell (fp);
+	fseek (fp, 0, SEEK_SET);
+	la.data = malloc (la.len);
+	if (1 != fread (la.data, la.len, 1, fp))
+		return EIO;
+
+	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, &la);
 }

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#21 (text+ko) ====

@@ -78,8 +78,11 @@
 static void
 sebsd_init(struct mac_policy_conf *mpc)
 {
-
 	printf("sebsd:: init\n");
+	avc_init();
+	if (security_init()) {
+		panic("SEBSD: couldn't read policy file");
+	}
 }
 
 static void
@@ -772,10 +775,6 @@
 {
 	struct vnode *vp, *nvp;
 
-	avc_init();
-	if (security_init()) {
-		panic("SEBSD: couldn't read policy file");
-	}
 	/*
 	 * Go through all open vnodes and reload their labels.
 	 */

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#4 (text+ko) ====

@@ -44,27 +44,30 @@
 #include <security/sebsd/sebsd_syscalls.h>
 #include <security/sebsd/linux-compat.h>
 #include <security/sebsd/avc/avc.h>
-#include <security/sebsd/ss/fileutils.h>
 #include <security/sebsd/ss/services.h>
 
+struct lp_args
+{
+	void  *data;
+	size_t len;
+};
+
 static int
-sys_load_policy(struct thread *td, char *path)
+sys_load_policy(struct thread *td, void *data, size_t len)
 {
-	FILE *fp;
 	int rc;
 	
 	rc = thread_has_security(td, SECURITY__LOAD_POLICY);
 	if (rc)
 		return (rc);
 
-	fp = sebsd_fopen(path, "r", UIO_USERSPACE);
-	if (!fp) {
-		printf("ss:  unable to open policy file\n");
-		return (EINVAL);
-	}
+	void *kdata = malloc (len, M_SEBSD, M_WAITOK);
+	rc = copyin (data, kdata, len);
+	if (rc)
+		return (rc);
 
-	rc = security_load_policy(fp);
-	(void)fclose(fp);
+	rc = security_load_policy (kdata, len);
+	free (kdata, M_SEBSD);
 
 	return (rc);
 }
@@ -73,10 +76,13 @@
 sebsd_syscall(struct thread *td, int call, void *args)
 {
 	int err = EINVAL;
+	struct lp_args p;
 
 	switch(call) {
 	case SEBSDCALL_LOAD_POLICY:
-		err = sys_load_policy(td, (char *)args);
+		if (copyin (args, &p, sizeof (struct lp_args)))
+			return (EFAULT);
+		err = sys_load_policy (td, p.data, p.len);
 		break;
 	default:
 		err = EINVAL;

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#4 (text+ko) ====

@@ -13,10 +13,11 @@
 #include <sys/conf.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
+#include <sys/systm.h>
+#include <sys/linker.h>
 
 #include <security/sebsd/linux-compat.h>
 #include <security/sebsd/sebsd.h>
-#include <security/sebsd/ss/fileutils.h>
 #include <security/sebsd/ss/global.h>
 #include <security/sebsd/ss/policydb.h>
 #include <security/sebsd/ss/services.h>
@@ -28,31 +29,39 @@
 
 int security_init(void)
 {
-	FILE *fp;
 	int rc;
+	caddr_t  lh, tmp;
+	void    *policy_data;
+	size_t   policy_len;
+
+	printf("security:  starting up (compiled " __DATE__ ")\n");
+
+	lh = preload_search_by_type ("sebsd_policy");
+	if (lh == NULL)
+		goto loaderr;
 
-	snprintf(policyfile, MAXPATHLEN, "%s.%d", POLICYDB_PATHPREFIX,
-		 POLICYDB_VERSION);
+	tmp = preload_search_info (lh, MODINFO_ADDR);
+	if (tmp == NULL)
+		goto loaderr;
+	policy_data = *(void **) tmp;
+	tmp = preload_search_info (lh, MODINFO_SIZE);
+	if (tmp == NULL)
+		goto loaderr;
+	policy_len = *(size_t *) tmp;
 
-	printf("security:  starting up (compiled " __DATE__ ")\n");
-	printf("security:  loading policy configuration from %s\n", policyfile);
+	printf("security:  reading policy configuration\n");
 
-	fp = fopen(policyfile, "r");
-	if (!fp) {
-		printf("security:  unable to open %s, cannot initialize.\n", policyfile);
-		return EINVAL;
-	}
-	
-	rc = security_load_policy(fp);
+	rc = security_load_policy (policy_data, policy_len);
 	if (rc) {
-		printf("security:  error while loading %s, cannot initialize.\n", policyfile);
-		fclose(fp);
+		printf("security:  error while reading policy, cannot initialize.\n");
 		return EINVAL;
 	}
 
-	fclose(fp);
+	return 0;
 
-	return 0;
+loaderr:
+	printf("security:  policy not supplied by bootloader\n");
+	return EINVAL;
 }
 
 /* FLASK */

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#5 (text+ko) ====

@@ -8,7 +8,6 @@
 
 #include <security/sebsd/flask_types.h>
 #include <security/sebsd/flask.h>
-#include <security/sebsd/ss/fileutils.h>
 
 #define SECSID_NULL			0x00000000 /* unspecified SID */
 #define SECSID_WILD			0xffffffff /* wildcard SID */
@@ -16,7 +15,7 @@
 
 #define SELINUX_MAGIC 0xf97cff8c
 
-int security_load_policy(FILE * data);
+int security_load_policy(void *kdata, size_t len);
 
 struct av_decision {
 	access_vector_t allowed;

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#6 (text+ko) ====

@@ -17,7 +17,6 @@
 #include <security/sebsd/ss/services.h>
 #include <security/sebsd/ss/security.h>
 #include <security/sebsd/ss/mls.h>
-#include <security/sebsd/ss/fileutils.h>
 #include <security/sebsd/avc/avc.h>
 #include <security/sebsd/avc/avc_ss.h>
 #include <sys/socket.h>
@@ -984,10 +983,8 @@
  * This function will flush the access vector cache after
  * loading the new policy.
  */
-int security_load_policy(FILE *infile)
+int security_load_policy(void *data, size_t len)
 {
-	void *data;
-	size_t len;
 	struct policydb oldpolicydb, newpolicydb;
 	struct sidtab oldsidtab, newsidtab;
 	struct convert_context_args args;
@@ -995,28 +992,6 @@
 	int rc = 0;
 	struct policy_file file, *fp = &file;
 
-#ifdef _KERNEL
-	struct vattr vat;
-
-	vn_lock (infile->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, curthread);
-	rc = VOP_GETATTR (infile->FILE_vp, &vat, curthread->td_ucred, curthread);
-	VOP_UNLOCK(infile->FILE_vp, 0, curthread);
-	if (rc)
-		return rc;
-
-	len = vat.va_size;
-	data = malloc (len, M_SEBSD, M_WAITOK);
-
-#else
-	fseek (infile, 0, SEEK_END);
-	len = ftell (infile);
-	fseek (infile, 0, SEEK_SET);
-	data = malloc (len);
-#endif
-
-	if (1 != fread (data, len, 1, infile))
-		return EIO;
-
 	file.data = data;
 	file.len = len;
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

