PERFORCE change 39277 for review
Hrishikesh Dandekar
hdandeka at FreeBSD.org
Tue Oct 7 00:13:26 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=39277
Change 39277 by hdandeka at hdandeka_yash on 2003/10/06 17:12:31
Add the message queue label as an additional parameter to the
mac_create_ipc_msgmsg hook. This label is used along with the label of
the requesting thread by the SEBSD module to calculate the label of
the new ipc message object. All the other MAC policies disregard
this label.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 (text+ko) ====
@@ -2372,10 +2372,12 @@
}
void
-mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr)
+mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct msg *msgptr)
{
- MAC_PERFORM(create_ipc_msgmsg, cred, msgptr, &msgptr->label);
+ MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, &msqkptr->label,
+ msgptr, &msgptr->label);
}
void
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 (text+ko) ====
@@ -890,7 +890,7 @@
msghdr->msg_spot = -1;
msghdr->msg_ts = msgsz;
#ifdef MAC
- mac_create_ipc_msgmsg(td->td_ucred,msghdr);
+ mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr);
/*
* XXX: Should the mac_check_ipc_msgmsq check follow here immediately ?
* Or, should it be checked just before the msg is enqueued in the msgq
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 (text+ko) ====
@@ -1172,11 +1172,12 @@
*/
static void
-mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
struct mac_biba *source, *dest;
+ /* Ignore the msgq label */
source = SLOT(&cred->cr_label);
dest = SLOT(msglabel);
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 (text+ko) ====
@@ -1244,11 +1244,12 @@
* Labeling event operations: System V IPC objects.
*/
static void
-mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
struct mac_lomac *source, *dest;
+ /* Ignore the msgq label */
source = SLOT(&cred->cr_label);
dest = SLOT(msglabel);
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 (text+ko) ====
@@ -1140,11 +1140,12 @@
*/
static void
-mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
struct mac_mls *source, *dest;
+ /* Ignore the msgq label */
source = SLOT(&cred->cr_label);
dest = SLOT(msglabel);
==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 (text+ko) ====
@@ -344,8 +344,8 @@
}
static void
-stub_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+stub_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
}
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 (text+ko) ====
@@ -988,11 +988,12 @@
}
static void
-mac_test_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+mac_test_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
ASSERT_SYSVIPCMSG_LABEL(msglabel);
+ ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
}
static void
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 (text+ko) ====
@@ -214,7 +214,8 @@
/*
* Labeling event operations: System V IPC primitives
*/
-void mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr);
+void mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct msg *msgptr);
void mac_create_ipc_msgqueue(struct ucred *cred,
struct msqid_kernel *msqkptr);
void mac_create_ipc_sema(struct ucred *cred,
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 (text+ko) ====
@@ -217,7 +217,10 @@
/*
* Labeling event operations: System V IPC primitives
*/
- void (*mpo_create_ipc_msgmsg)(struct ucred *cred, struct msg *msgptr,
+ void (*mpo_create_ipc_msgmsg)(struct ucred *cred,
+ struct msqid_kernel *msqkptr,
+ struct label *msqlabel,
+ struct msg *msgptr,
struct label *msglabel);
void (*mpo_create_ipc_msgqueue)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqlabel);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list