PERFORCE change 39326 for review
Andrew Reisse
areisse at FreeBSD.org
Tue Oct 7 19:15:21 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=39326
Change 39326 by areisse at areisse_tislabs on 2003/10/07 12:15:06
Initial support for mountpoint labelling.
New MAC checks: mount,umount,remount.
New MAC syscall mac_get_fs() returns mount label.
sebsd checks mount and associate permissions.
temporary lmount() syscall allows specifing the mount label.
mount updated to use lmount() for ufs.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sbin/mount/extern.h#2 edit
.. //depot/projects/trustedbsd/sebsd/sbin/mount/mount.c#4 edit
.. //depot/projects/trustedbsd/sebsd/sbin/mount/mount_ufs.c#2 edit
.. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/syscalls.master#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#22 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#5 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#6 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/user_macros.te#3 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/types/file.te#3 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sbin/mount/extern.h#2 (text+ko) ====
@@ -31,4 +31,4 @@
const char **makevfslist(char *);
/* mount_ufs.c */
-int mount_ufs(int, char *const *);
+int mount_ufs(int, char *const *, const char *);
==== //depot/projects/trustedbsd/sebsd/sbin/mount/mount.c#4 (text+ko) ====
@@ -80,7 +80,7 @@
void mangle(char *, int *, const char **);
char *update_options(char *, char *, int);
int mountfs(const char *, const char *, const char *,
- int, const char *, const char *);
+ int, const char *, const char *, const char *);
void remopt(char *, const char *);
void prmount(struct statfs *);
void putfsent(const struct statfs *);
@@ -136,12 +136,13 @@
pid_t pid;
int all, ch, i, init_flags, mntsize, rval, have_fstab;
char *cp, *ep, *options;
+ char *ltext = NULL;
all = init_flags = 0;
options = NULL;
vfslist = NULL;
vfstype = "ufs";
- while ((ch = getopt(argc, argv, "adF:fo:prwt:uv")) != -1)
+ while ((ch = getopt(argc, argv, "adF:fo:prwt:uvl:")) != -1)
switch (ch) {
case 'a':
all = 1;
@@ -181,6 +182,9 @@
case 'w':
options = catopt(options, "noro");
break;
+ case 'l':
+ ltext = strdup (optarg);
+ break;
case '?':
default:
usage();
@@ -211,7 +215,7 @@
continue;
if (mountfs(fs->fs_vfstype, fs->fs_spec,
fs->fs_file, init_flags, options,
- fs->fs_mntops))
+ fs->fs_mntops, NULL))
rval = 1;
}
} else if (fstab_style) {
@@ -268,7 +272,7 @@
mntbuf->f_flags);
}
rval = mountfs(mntbuf->f_fstypename, mntfromname,
- mntbuf->f_mntonname, init_flags, options, 0);
+ mntbuf->f_mntonname, init_flags, options, 0, NULL);
break;
}
rmslashes(*argv, *argv);
@@ -280,7 +284,7 @@
errx(1, "%s has unknown file system type",
*argv);
rval = mountfs(fs->fs_vfstype, fs->fs_spec, fs->fs_file,
- init_flags, options, fs->fs_mntops);
+ init_flags, options, fs->fs_mntops, ltext);
break;
case 2:
/*
@@ -309,7 +313,7 @@
vfstype = "nfs";
}
rval = mountfs(vfstype,
- argv[0], argv[1], init_flags, options, NULL);
+ argv[0], argv[1], init_flags, options, NULL, ltext);
break;
default:
usage();
@@ -389,8 +393,8 @@
}
int
-mountfs(vfstype, spec, name, flags, options, mntopts)
- const char *vfstype, *spec, *name, *options, *mntopts;
+mountfs(vfstype, spec, name, flags, options, mntopts, ltext)
+ const char *vfstype, *spec, *name, *options, *mntopts, *ltext;
int flags;
{
const char *argv[100], **edir;
@@ -462,7 +466,7 @@
return (1);
case 0: /* Child. */
if (strcmp(vfstype, "ufs") == 0)
- exit(mount_ufs(argc, (char * const *) argv));
+ exit(mount_ufs(argc, (char * const *) argv, ltext));
/* Go find an executable. */
(void)snprintf(execname, sizeof(execname), "mount_%s", vfstype);
==== //depot/projects/trustedbsd/sebsd/sbin/mount/mount_ufs.c#2 (text+ko) ====
@@ -55,6 +55,7 @@
#include <unistd.h>
#include <ufs/ufs/ufsmount.h>
+#include <sys/mac.h>
#include "extern.h"
#include "mntopts.h"
@@ -72,13 +73,15 @@
};
int
-mount_ufs(argc, argv)
+mount_ufs(argc, argv, ltext)
int argc;
char * const argv[];
+ const char *ltext;
{
struct ufs_args args;
int ch, mntflags;
char *fs_name;
+ int rc;
mntflags = 0;
optind = optreset = 1; /* Reset for parse of new argv. */
@@ -107,7 +110,20 @@
else
args.export.ex_flags = 0;
- if (mount("ufs", fs_name, mntflags, &args) < 0) {
+ if (ltext) {
+ mac_t mac;
+ rc = mac_from_text (&mac, ltext);
+ if (rc) {
+ warn("%s", ltext);
+ return 1;
+ }
+
+ rc = syscall(396, "ufs", fs_name, mntflags, &args, mac);
+ }
+ else
+ rc = mount("ufs", fs_name, mntflags, &args);
+
+ if (rc < 0) {
switch (errno) {
case EMFILE:
warnx("%s on %s: mount table full",
==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_file.c#6 (text+ko) ====
@@ -801,7 +801,7 @@
fsflags |= MNT_UPDATE;
}
- return (vfs_mount(td, fstype, mntonname, fsflags, fsdata));
+ return (vfs_mount(td, fstype, mntonname, fsflags, fsdata, NULL));
}
int
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#12 (text+ko) ====
@@ -1108,6 +1108,14 @@
}
void
+mac_init_mount_label(struct label *label)
+{
+
+ mac_init_label(label);
+ MAC_PERFORM(init_mount_label, label);
+}
+
+void
mac_init_vnode(struct vnode *vp)
{
@@ -1318,6 +1326,14 @@
}
void
+mac_destroy_mount_label(struct label *label)
+{
+
+ MAC_PERFORM(destroy_mount_label, label);
+ mac_destroy_label(label);
+}
+
+void
mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
{
struct label *src_label, *dest_label;
@@ -1346,6 +1362,12 @@
MAC_PERFORM(copy_vnode_label, src, dest);
}
+void
+mac_copy_mount_label(struct label *src, struct label *dest)
+{
+ MAC_PERFORM(copy_mount_label, src, dest);
+}
+
static int
mac_check_structmac_consistent(struct mac *mac)
{
@@ -1424,6 +1446,17 @@
}
static int
+mac_externalize_mount_label(struct label *label, char *elements,
+ char *outbuf, size_t outbuflen, int flags)
+{
+ int error;
+
+ MAC_EXTERNALIZE(mount_label, label, elements, outbuf, outbuflen);
+
+ return (error);
+}
+
+static int
mac_internalize_cred_label(struct label *label, char *string)
{
int error;
@@ -1473,6 +1506,16 @@
return (error);
}
+static int
+mac_internalize_mount_label(struct label *label, char *string)
+{
+ int error;
+
+ MAC_INTERNALIZE(mount_label, label, string);
+
+ return (error);
+}
+
/*
* Initialize MAC label for the first kernel process, from which other
* kernel processes and threads are spawned.
@@ -2801,11 +2844,11 @@
}
void
-mac_create_mount(struct ucred *cred, struct mount *mp)
+mac_create_mount(struct ucred *cred, struct mount *mp, struct label *mount_arg_label)
{
MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel,
- &mp->mnt_fslabel);
+ &mp->mnt_fslabel, mount_arg_label);
}
void
@@ -3207,6 +3250,45 @@
}
int
+mac_check_mount(struct ucred *cred, struct vnode *vp, const char *vfc_name, struct label *mntlabel)
+{
+ int error;
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ MAC_CHECK(check_mount, cred, vp, &vp->v_label, vfc_name, mntlabel);
+
+ return (error);
+}
+
+int
+mac_check_umount(struct ucred *cred, struct mount *mp)
+{
+ int error;
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ MAC_CHECK(check_umount, cred, mp, &mp->mnt_mntlabel);
+
+ return (error);
+}
+
+int
+mac_check_remount(struct ucred *cred, struct mount *mp, struct label *mount_arg_label)
+{
+ int error;
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ MAC_CHECK(check_remount, cred, mp, &mp->mnt_mntlabel, mount_arg_label);
+
+ return (error);
+}
+
+int
mac_check_mount_stat(struct ucred *cred, struct mount *mount)
{
int error;
@@ -4360,6 +4442,61 @@
return (error);
}
+int
+__mac_get_fs(struct thread *td, struct __mac_get_fs_args *uap)
+{
+ char *elements, *buffer;
+ struct nameidata nd;
+ struct label intlabel;
+ struct mac mac;
+ int error;
+ struct mount *mp;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ mtx_lock(&Giant); /* VFS */
+ NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p,
+ td);
+ error = namei(&nd);
+ if (error)
+ goto out;
+
+ mp = nd.ni_vp->v_mount;
+
+ mac_init_mount_label(&intlabel);
+ mac_copy_mount_label(&mp->mnt_mntlabel, &intlabel);
+ error = mac_externalize_mount_label(&intlabel, elements, buffer,
+ mac.m_buflen, M_WAITOK);
+
+ NDFREE(&nd, 0);
+ mac_destroy_mount_label(&intlabel);
+
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+out:
+ mtx_unlock(&Giant); /* VFS */
+
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+
+ return (error);
+}
+
/*
* MPSAFE
*/
@@ -4599,6 +4736,63 @@
return (error);
}
+int
+lmount(td, uap)
+ struct thread *td;
+ struct lmount_args /* {
+ char *type;
+ char *path;
+ int flags;
+ caddr_t data;
+ } */ *uap;
+{
+ char *fstype;
+ char *fspath;
+ char *buffer;
+ int error;
+ struct mac mac;
+ struct label intlabel;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ mac_init_mount_label(&intlabel);
+ error = mac_internalize_mount_label(&intlabel, buffer);
+ free(buffer, M_MACTEMP);
+ if (error) {
+ mac_destroy_mount_label(&intlabel);
+ return (error);
+ }
+
+ fstype = malloc(MFSNAMELEN, M_TEMP, M_WAITOK);
+ fspath = malloc(MNAMELEN, M_TEMP, M_WAITOK);
+
+ /*
+ * vfs_mount() actually takes a kernel string for `type' and
+ * `path' now, so extract them.
+ */
+ error = copyinstr(uap->type, fstype, MFSNAMELEN, NULL);
+ if (error == 0)
+ error = copyinstr(uap->path, fspath, MNAMELEN, NULL);
+ if (error == 0)
+ error = vfs_mount(td, fstype, fspath, uap->flags, uap->data, &intlabel);
+ free(fstype, M_TEMP);
+ free(fspath, M_TEMP);
+ return (error);
+}
+
SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
@@ -4674,4 +4868,12 @@
return (ENOSYS);
}
+int
+lmount(td, uap)
+ struct thread *td;
+ struct lmount_args *uap;
+{
+ return EINVAL;
+}
+
#endif /* !MAC */
==== //depot/projects/trustedbsd/sebsd/sys/kern/syscalls.master#5 (text+ko) ====
@@ -574,8 +574,9 @@
struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
394 MSTD BSD { int mac_syscall(const char *policy, int call, \
void *arg); }
-395 UNIMPL NOHIDE nosys
-396 UNIMPL NOHIDE nosys
+395 MSTD BSD { int __mac_get_fs(const char *path_p, struct mac *mac_p); }
+396 STD BSD { int lmount(char *type, char *path, int flags, \
+ caddr_t data, struct mac *mac_p); }
397 UNIMPL NOHIDE nosys
398 UNIMPL NOHIDE nosys
399 UNIMPL NOHIDE nosys
==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#5 (text+ko) ====
@@ -682,7 +682,7 @@
mp->mnt_iosize_max = DFLTPHYS;
#ifdef MAC
mac_init_mount(mp);
- mac_create_mount(td->td_ucred, mp);
+ mac_create_mount(td->td_ucred, mp, NULL);
#endif
VOP_UNLOCK(vp, 0, td);
mp->mnt_optnew = optlist; /* XXXMAC: should this be above? */
@@ -848,7 +848,7 @@
if (error == 0)
error = copyinstr(uap->path, fspath, MNAMELEN, NULL);
if (error == 0)
- error = vfs_mount(td, fstype, fspath, uap->flags, uap->data);
+ error = vfs_mount(td, fstype, fspath, uap->flags, uap->data, NULL);
free(fstype, M_TEMP);
free(fspath, M_TEMP);
return (error);
@@ -863,12 +863,13 @@
* into userspace.
*/
int
-vfs_mount(td, fstype, fspath, fsflags, fsdata)
+vfs_mount(td, fstype, fspath, fsflags, fsdata, mntlabel)
struct thread *td;
const char *fstype;
char *fspath;
int fsflags;
void *fsdata;
+ struct label *mntlabel;
{
linker_file_t lf;
struct vnode *vp;
@@ -940,6 +941,13 @@
return (error);
}
}
+#ifdef MAC
+ error = mac_check_remount (td->td_ucred, mp, mntlabel);
+ if (error) {
+ vput(vp);
+ return (error);
+ }
+#endif
if (vfs_busy(mp, LK_NOWAIT, 0, td)) {
vput(vp);
return (EBUSY);
@@ -1017,6 +1025,13 @@
return (ENODEV);
}
}
+#ifdef MAC
+ error = mac_check_mount (td->td_ucred, vp, vfsp->vfc_name, mntlabel);
+ if (error) {
+ vput(vp);
+ return (error);
+ }
+#endif
VI_LOCK(vp);
if ((vp->v_iflag & VI_MOUNT) != 0 ||
vp->v_mountedhere != NULL) {
@@ -1049,7 +1064,7 @@
mp->mnt_iosize_max = DFLTPHYS;
#ifdef MAC
mac_init_mount(mp);
- mac_create_mount(td->td_ucred, mp);
+ mac_create_mount(td->td_ucred, mp, mntlabel);
#endif
VOP_UNLOCK(vp, 0, td);
update:
@@ -1272,6 +1287,12 @@
return (error);
}
+#ifdef MAC
+ error = mac_check_umount (td->td_ucred, mp);
+ if (error)
+ return (error);
+#endif
+
/*
* Don't allow unmounting the root filesystem.
*/
@@ -1426,7 +1447,7 @@
strlcpy(mp->mnt_stat.f_mntfromname, devname, MNAMELEN);
#ifdef MAC
mac_init_mount(mp);
- mac_create_mount(td->td_ucred, mp);
+ mac_create_mount(td->td_ucred, mp, NULL);
#endif
*mpp = mp;
return (0);
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#22 (text+ko) ====
@@ -696,9 +696,9 @@
static void
sebsd_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel, struct label *fslabel, struct label *mount_arg_label)
{
- struct mount_security_struct *sbsec;
+ struct mount_security_struct *sbsec, *mntsec;
struct mount_fs_security_struct *sbfssec;
int behavior, rc;
@@ -763,6 +763,11 @@
behavior = SECURITY_FS_USE_NONE;
break;
}
+
+ if (mount_arg_label) {
+ mntsec = SLOT(mount_arg_label);
+ sbsec->sid = mntsec->sid;
+ }
}
/*
@@ -859,6 +864,45 @@
}
static int
+sebsd_check_mount (struct ucred *cred, struct vnode *vp, struct label *vl,
+ const char *vfc_name, struct label *mntlabel)
+{
+ int rc;
+ security_id_t sid;
+ int behavior;
+ struct vnode_security_struct *vsec;
+ struct task_security_struct *task;
+ struct mount_security_struct *sbsec;
+
+ vsec = SLOT(vl);
+ task = SLOT(&cred->cr_label);
+
+ rc = vnode_has_perm (cred, vp, FILE__MOUNTON, NULL);
+ if (rc)
+ return rc;
+
+ if (mntlabel) {
+ sbsec = SLOT(mntlabel);
+ sid = sbsec->sid;
+
+ rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILE,
+ COMMON_FILE__RELABELTO, NULL, NULL);
+ if (rc)
+ return rc;
+ }
+ else {
+ rc = security_fs_use (vfc_name, &behavior, &sid);
+ if (rc)
+ return rc;
+ }
+
+ rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__MOUNT, NULL, NULL);
+
+ return rc;
+}
+
+static int
sebsd_check_mount_stat(struct ucred *cred, struct mount *mp,
struct label *mntlabel)
{
@@ -867,6 +911,28 @@
}
static int
+sebsd_check_remount(struct ucred *cred, struct mount *mp, struct label *mntlabel,
+ struct label *mount_arg_label)
+{
+
+ /* cannot change labels on filesystems */
+ if (mount_arg_label) {
+ struct mount_security_struct *mla = SLOT(mntlabel);
+ struct mount_security_struct *mlb = SLOT(mount_arg_label);
+ if (mla->sid != mlb->sid)
+ return EINVAL;
+ }
+ return (mount_has_perm(cred, mp, FILESYSTEM__REMOUNT, NULL));
+}
+
+static int
+sebsd_check_umount(struct ucred *cred, struct mount *mp, struct label *mntlabel)
+{
+
+ return (mount_has_perm(cred, mp, FILESYSTEM__UNMOUNT, NULL));
+}
+
+static int
sebsd_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
{
@@ -1098,6 +1164,17 @@
claimed));
}
+static int
+sebsd_internalize_mount_label(struct label *label, char *element_name,
+ char *element_data, int *claimed)
+{
+ struct mount_security_struct *vsec;
+
+ vsec = SLOT(label);
+ return (sebsd_internalize_sid(&vsec->sid, element_name, element_data,
+ claimed));
+}
+
static void
sebsd_relabel_pipe(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
@@ -1201,6 +1278,7 @@
{
struct task_security_struct *task;
struct vnode_security_struct *dir;
+ struct mount_security_struct *sbsec;
security_class_t tclass;
security_id_t newsid;
struct avc_audit_data ad;
@@ -1228,16 +1306,14 @@
if (rc)
return rc;
-#ifdef notdef
- /*
- * TBD:
- * No support yet.
- */
- if (dir->i_sb) {
- sbsec = dir->i_sb->s_security;
- rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__ASSOCIATE, &ad);
-#endif
+ if (dvp->v_mount) {
+ /* XXX: mpo_check_vnode_create should probably pass the mntlabel */
+ sbsec = SLOT (&dvp->v_mount->mnt_mntlabel);
+ rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__ASSOCIATE, &ad);
+ if (rc)
+ return rc;
+ }
return 0;
}
@@ -1449,6 +1525,7 @@
struct label *oldlabel, struct label *newlabel)
{
struct task_security_struct *task;
+ struct mount_security_struct *sbsec;
struct vnode_security_struct *old, *new;
struct avc_audit_data ad;
int rc;
@@ -1475,11 +1552,15 @@
if (rc)
return (rc);
- /*
- * TBD:
- * SELinux also checks the superblock for class SECCLASS_FILESYSTEM
- * and permission FILESYSTEM__ASSOCIATE
- */
+
+ if (vp->v_mount) {
+ /* XXX: mpo_check_vnode_relabel should probably pass the mntlabel */
+ sbsec = SLOT (&vp->v_mount->mnt_mntlabel);
+ rc = avc_has_perm_audit (new->sid, sbsec->sid, SECCLASS_FILESYSTEM,
+ FILESYSTEM__ASSOCIATE, &ad);
+ if (rc)
+ return rc;
+ }
return 0;
}
@@ -1767,6 +1848,16 @@
}
static int
+sebsd_externalize_mount_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
+{
+ struct mount_security_struct *vsec;
+
+ vsec = SLOT(label);
+ return (sebsd_externalize_sid(vsec->sid, element_name, sb, claimed));
+}
+
+static int
sebsd_externalize_network_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
@@ -1784,6 +1875,14 @@
*(struct vnode_security_struct *)SLOT(src);
}
+static void
+sebsd_copy_mount_label(struct label *src, struct label *dest)
+{
+
+ *(struct mount_security_struct *)SLOT(dest) =
+ *(struct mount_security_struct *)SLOT(src);
+}
+
static int
sebsd_check_file_create(struct ucred *cred)
{
@@ -1913,6 +2012,7 @@
/* Copy labels */
.mpo_copy_pipe_label = sebsd_copy_vnode_label,
.mpo_copy_vnode_label = sebsd_copy_vnode_label,
+ .mpo_copy_mount_label = sebsd_copy_mount_label,
/* In/Out */
.mpo_externalize_cred_label = sebsd_externalize_cred_label,
@@ -1921,11 +2021,13 @@
.mpo_externalize_socket_label = sebsd_externalize_network_label,
.mpo_externalize_socket_peer_label = sebsd_externalize_network_label,
.mpo_externalize_vnode_label = sebsd_externalize_vnode_label,
+ .mpo_externalize_mount_label = sebsd_externalize_mount_label,
.mpo_internalize_cred_label = sebsd_internalize_cred_label,
.mpo_internalize_ifnet_label = sebsd_internalize_network_label,
.mpo_internalize_pipe_label = sebsd_internalize_vnode_label,
.mpo_internalize_socket_label = sebsd_internalize_network_label,
.mpo_internalize_vnode_label = sebsd_internalize_vnode_label,
+ .mpo_internalize_mount_label = sebsd_internalize_mount_label,
#ifdef notdef
void (*mpo_create_mbuf_from_socket)(struct socket *so,
@@ -1981,6 +2083,9 @@
.mpo_check_file_change_flags = sebsd_check_file_change_flags,
.mpo_check_file_change_ofileflags = sebsd_check_file_change_ofileflags,
.mpo_check_file_change_offset = sebsd_check_file_change_offset,
+ .mpo_check_mount = sebsd_check_mount,
+ .mpo_check_umount = sebsd_check_umount,
+ .mpo_check_remount = sebsd_check_remount,
.mpo_check_mount_stat = sebsd_check_mount_stat,
.mpo_check_pipe_ioctl = sebsd_check_pipe_ioctl,
==== //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#9 (text+ko) ====
@@ -157,8 +157,10 @@
void mac_init_proc(struct proc *);
void mac_init_vnode(struct vnode *);
void mac_init_vnode_label(struct label *);
+void mac_init_mount_label(struct label *);
void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
void mac_copy_vnode_label(struct label *, struct label *label);
+void mac_copy_mount_label(struct label *, struct label *label);
void mac_destroy_bpfdesc(struct bpf_d *);
void mac_destroy_cred(struct ucred *);
void mac_destroy_devfsdirent(struct devfs_dirent *);
@@ -177,6 +179,7 @@
void mac_destroy_mount(struct mount *);
void mac_destroy_vnode(struct vnode *);
void mac_destroy_vnode_label(struct label *);
+void mac_destroy_mount_label(struct label *);
/*
* Labeling event operations: file system objects, and things that
@@ -196,7 +199,7 @@
void mac_create_file(struct ucred *cred, struct file *fp);
int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
-void mac_create_mount(struct ucred *cred, struct mount *mp);
+void mac_create_mount(struct ucred *cred, struct mount *mp, struct label *mount_arg_label);
void mac_create_root_mount(struct ucred *cred, struct mount *mp);
void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
struct label *newlabel);
@@ -338,6 +341,11 @@
int mac_check_kld_load(struct ucred *cred, struct vnode *vp);
int mac_check_kld_stat(struct ucred *cred);
int mac_check_kld_unload(struct ucred *cred);
+int mac_check_mount(struct ucred *cred, struct vnode *dir, const char *vfc_name,
+ struct label *mount_arg_label);
+int mac_check_remount(struct ucred *cred, struct mount *mp,
+ struct label *mount_arg_label);
+int mac_check_umount(struct ucred *cred, struct mount *mp);
int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
unsigned long cmd, void *data);
==== //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#9 (text+ko) ====
@@ -130,6 +130,8 @@
struct label *dest);
void (*mpo_copy_vnode_label)(struct label *src,
struct label *dest);
+ void (*mpo_copy_mount_label)(struct label *src,
+ struct label *dest);
int (*mpo_externalize_cred_label)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
int (*mpo_externalize_ifnet_label)(struct label *label,
@@ -142,6 +144,8 @@
char *element_name, struct sbuf *sb, int *claimed);
int (*mpo_externalize_vnode_label)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
+ int (*mpo_externalize_mount_label)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
int (*mpo_internalize_cred_label)(struct label *label,
char *element_name, char *element_data, int *claimed);
int (*mpo_internalize_ifnet_label)(struct label *label,
@@ -152,6 +156,8 @@
char *element_name, char *element_data, int *claimed);
int (*mpo_internalize_vnode_label)(struct label *label,
char *element_name, char *element_data, int *claimed);
+ int (*mpo_internalize_mount_label)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
/*
* Labeling event operations: file system objects, and things that
@@ -186,7 +192,7 @@
struct vnode *vp, struct label *vlabel,
struct componentname *cnp);
void (*mpo_create_mount)(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel);
+ struct label *mntlabel, struct label *fslabel, struct label *mount_arg_label);
void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp,
struct label *mountlabel, struct label *fslabel);
void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp,
@@ -335,7 +341,7 @@
struct label *ifnetlabel);
int (*mpo_check_cap) (struct ucred *ucred, cap_value_t capv);
int (*mpo_check_cred_relabel)(struct ucred *cred,
- struct label *newlabel);
+ struct label *newlabel);
int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
int (*mpo_check_file_create)(struct ucred *cred);
int (*mpo_check_file_dup)(struct ucred *cred, struct file *fp,
@@ -403,6 +409,11 @@
struct label *vlabel);
int (*mpo_check_kld_stat)(struct ucred *cred);
int (*mpo_check_kld_unload)(struct ucred *cred);
+ int (*mpo_check_mount)(struct ucred *cred, struct vnode *dir,
+ struct label *dirlabel, const char *vfc_name, struct label *mount_arg_label);
+ int (*mpo_check_remount)(struct ucred *cred, struct mount *mp, struct label *ml,
+ struct label *mount_arg_label);
+ int (*mpo_check_umount)(struct ucred *cred, struct mount *mp, struct label *ml);
int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp,
struct label *mntlabel);
int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe,
==== //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#5 (text+ko) ====
@@ -368,6 +368,7 @@
*/
struct mount_args;
struct nameidata;
+struct label;
typedef int vfs_mount_t(struct mount *mp, char *path, caddr_t data,
struct nameidata *ndp, struct thread *td);
@@ -460,7 +461,7 @@
int vfs_getopt(struct vfsoptlist *, const char *, void **, int *);
int vfs_copyopt(struct vfsoptlist *, const char *, void *, int);
int vfs_mount(struct thread *td, const char *type, char *path,
- int flags, void *data);
+ int flags, void *data, struct label *mntlabel);
int vfs_setpublicfs /* set publicly exported fs */
(struct mount *, struct netexport *, struct export_args *);
int vfs_lock(struct mount *); /* lock a vfs */
==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#6 (text+ko) ====
@@ -640,7 +640,10 @@
type $1_devpts_t, file_type, sysadmfile, ptyfile $2;
# Allow the pty to be associated with the file system.
-allow $1_devpts_t devpts_t:filesystem associate;
+#allow $1_devpts_t devpts_t:filesystem associate;
+
+# FreeBSD doesn't use /dev/pts.
+allow $1_devpts_t device_t:filesystem associate;
# Label pty files with a derived type.
type_transition $1_t devpts_t:chr_file $1_devpts_t;
==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/user_macros.te#3 (text+ko) ====
@@ -45,6 +45,8 @@
# Access ttys.
allow $1_t privfd:fd use;
allow $1_t $1_tty_device_t:chr_file { poll setattr rw_file_perms };
+allow $1_tty_device_t device_t:filesystem associate;
+
# Use the type when relabeling terminal devices.
type_change $1_t tty_device_t:chr_file $1_tty_device_t;
ifdef(`dpkg.te', `
==== //depot/projects/trustedbsd/sebsd_policy/policy/types/file.te#3 (text+ko) ====
@@ -255,6 +255,7 @@
# Allow the pty to be associated with the file system.
allow devpts_t devpts_t:filesystem associate;
+allow tty_device_t device_t:filesystem associate;
type tmpfs_t, file_type, sysadmfile, fs_type, root_dir_type;
allow { tmpfs_t tmp_t } tmpfs_t:filesystem associate;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list