PERFORCE change 40993 for review

Fri Oct 31 19:01:26 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=40993

Change 40993 by areisse at areisse_ibook on 2003/10/31 11:01:09

	initial support for exec transitions
	leak some memory because mach free needs size
	hfs associate_extattr hook

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/hfs/hfs_cnode.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/linux-compat.h#4 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/security.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/hfs/hfs_cnode.c#2 (text+ko) ====

@@ -28,6 +28,7 @@
 #include <sys/malloc.h>
 #include <sys/ubc.h>
 #include <sys/quota.h>
+#include <sys/mac.h>
 
 #include <miscfs/specfs/specdev.h>
 #include <miscfs/fifofs/fifo.h>
@@ -443,6 +444,10 @@
 		panic("hfs_getcnode: missing vp!");
 
 	UBCINFOCHECK("hfs_getcnode", vp);
+
+#ifdef MAC
+	mac_associate_vnode_extattr (hfsmp->hfs_mp, vp);
+#endif
 	*vpp = vp;
 	return (0);
 }

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#3 (text+ko) ====

@@ -116,8 +116,16 @@
 	(type *)( ( (unsigned)(addr) + 16 - 1) \
 		  & ~(16 - 1) )
 
+struct mac_execve_args {
+  char	      *fname;
+  char	     **argp;
+  char	     **envp;
+  struct mac  *mac_p;
+};
+
 static int load_return_to_errno(load_return_t lrtn);
 int execve(struct proc *p, struct execve_args *uap, register_t *retval);
+int mac_execve(struct proc *p, struct mac_execve_args *uap, register_t *retval);
 static int execargs_alloc(vm_offset_t *addrp);
 static int execargs_free(vm_offset_t addr);
 
@@ -131,11 +139,24 @@
 	return (execve(p, args, retval));
 }
 
-/* ARGSUSED */
+int
+execve(p, args, retval)
+	struct proc *p;
+	struct execve_args *args;
+	int *retval;
+{
+  struct mac_execve_args margs;
+  margs.fname = args->fname;
+  margs.argp = args->argp;
+  margs.envp = args->envp;
+  margs.mac_p = NULL;
+  return (mac_execve(p, &margs, retval));
+}
+
 int
-execve(p, uap, retval)
-	register struct proc *p;
-	register struct execve_args *uap;
+mac_execve(p, uap, retval)
+        register struct proc *p;
+	register struct mac_execve_args *uap;
 	register_t *retval;
 {
 	register struct ucred *cred = p->p_ucred;
@@ -189,6 +210,13 @@
 	unsigned long arch_offset =0;
 	unsigned long arch_size = 0;
         char		*ws_cache_name = NULL;	/* used for pre-heat */
+	int          cred_change = 0;
+#ifdef MAC
+	struct label  execlabel;
+	struct label *execlabelp;
+	int           no_trans = 0;
+	int           will_transition = 0;
+#endif
 
 	task = current_task();
 	thr_act = current_act();
@@ -207,10 +235,14 @@
 		}
 	}
 
-#ifdef MAC_TBD
-	error = mac_execve_enter(NULL, NULL);
-	if (error)
-		return(error);
+#ifdef MAC
+	if (uap->mac_p) {
+	  error = mac_execve_enter (uap->mac_p, &execlabel);
+	  if (error)
+	    return(error);
+	  execlabelp = &execlabel;
+	} else
+	  execlabelp = NULL;
 #endif
 
 	error = execargs_alloc(&execargs);
@@ -277,8 +309,12 @@
 	}
 
 	indir = 0;
-	if ((vp->v_mount->mnt_flag & MNT_NOSUID) || (p->p_flag & P_TRACED))
+	if ((vp->v_mount->mnt_flag & MNT_NOSUID) || (p->p_flag & P_TRACED)) {
 		origvattr.va_mode &= ~(VSUID | VSGID);
+#ifdef MAC
+		no_trans = 1;
+#endif
+	}
 		
 	*(&vattr) = *(&origvattr);
 
@@ -564,6 +600,13 @@
 	/* load_machfile() maps the vnode */
 	ubc_map(vp);
 
+	/* Transitions */
+#ifdef MAC
+	will_transition = mac_execve_will_transition (p->p_ucred, vp, NULL,
+						      execlabelp);
+	cred_change |= will_transition;
+#endif
+
 	/*
 	 * deal with set[ug]id.
 	 */
@@ -571,8 +614,10 @@
 	if (((origvattr.va_mode & VSUID) != 0 &&
 	    p->p_ucred->cr_uid != origvattr.va_uid)
 	    || (origvattr.va_mode & VSGID) != 0 &&
-	    p->p_ucred->cr_gid != origvattr.va_gid) {
-		p->p_ucred = crcopy(cred);
+	    p->p_ucred->cr_gid != origvattr.va_gid)
+	  cred_change = 1;
+
+	if (cred_change) {
 #if KTRACE
 		/*
 		 * If process is being ktraced, turn off - unless
@@ -585,13 +630,25 @@
 			vrele(tvp);
 		}
 #endif
-		if (origvattr.va_mode & VSUID)
-			p->p_ucred->cr_uid = origvattr.va_uid;
-		if (origvattr.va_mode & VSGID)
-			p->p_ucred->cr_gid = origvattr.va_gid;
+
+		p->p_ucred = crdup(cred);
+
+		if (origvattr.va_mode & (VSUID || VSGID)) {
+		  if (origvattr.va_mode & VSUID)
+		    p->p_ucred->cr_uid = origvattr.va_uid;
+		  if (origvattr.va_mode & VSGID)
+		    p->p_ucred->cr_gid = origvattr.va_gid;
+
+		  set_security_token(p);
+		  p->p_flag |= P_SUGID;
+		}
+
+#ifdef MAC
+		if (will_transition && !no_trans)
+		  mac_execve_transition (cred, p->p_ucred, vp, NULL, execlabelp);
+#endif
 
-		set_security_token(p);
-		p->p_flag |= P_SUGID;
+		crfree (cred);
 
 		/* Radar 2261856; setuid security hole fix */
 		/* Patch from OpenBSD: A. Ramesh */

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/linux-compat.h#4 (text+ko) ====

@@ -133,7 +133,7 @@
 #endif /* __APPLE__ */
 
 #define kmalloc(size,flags) sebsd_malloc(size, flags)
-#define kfree(v) free(v, M_SEBSD)
+#define kfree(v) /*free(v, M_SEBSD)*/
 /* XXX need page size */
 #define __get_free_page(flags) sebsd_malloc(4096, flags) 
 #define GFP_ATOMIC  M_NOWAIT

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/security.h#2 (text+ko) ====

@@ -67,7 +67,7 @@
 int security_genfs_sid(const char *fstype, char *name, security_class_t sclass,
 	security_id_t *sid);
 
-#define security_free_context(ctx) ({ if (ctx) free(ctx, M_SEBSD); })
+#define security_free_context(ctx) /*({ if (ctx) free(ctx, M_SEBSD); })*/
 
 #endif /* _SELINUX_SECURITY_H_ */
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

