PERFORCE change 37827 for review
Hrishikesh Dandekar
hdandeka at FreeBSD.org
Tue Sep 9 20:26:27 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=37827
Change 37827 by hdandeka at hdandeka_yash on 2003/09/09 13:25:38
Integrate POSIX semaphore related changes into the parent branch.
Affected files ...
.. //depot/projects/trustedbsd/mac/include/Makefile#34 integrate
.. //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#48 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#409 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#9 integrate
.. //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#1 branch
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#221 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#68 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#179 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#7 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#112 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#244 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#197 integrate
Differences ...
==== //depot/projects/trustedbsd/mac/include/Makefile#34 (text+ko) ====
@@ -22,7 +22,7 @@
MHDRS= float.h floatingpoint.h stdarg.h varargs.h
# posix4/mqueue.h is useless without an implementation and isn't installed:
-PHDRS= sched.h semaphore.h _semaphore.h # mqueue.h
+PHDRS= sched.h semaphore.h _semaphore.h ksem.h# mqueue.h
LHDRS= aio.h errno.h fcntl.h linker_set.h poll.h stdint.h syslog.h \
termios.h ucontext.h
==== //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#48 (text+ko) ====
@@ -59,6 +59,7 @@
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
+#options P1003_1B_SEMAPHORES #POSIX P1003_1B semaphores
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#409 (text+ko) ====
@@ -44,6 +44,7 @@
#include "opt_mac.h"
#include "opt_devfs.h"
+#include "opt_posix.h"
#include <sys/param.h>
#include <sys/condvar.h>
@@ -73,6 +74,8 @@
#include <sys/sem.h>
#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_map.h>
@@ -160,6 +163,11 @@
&mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe);
+static int mac_enforce_posix_sem = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW,
+ &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores");
+TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem);
+
static int mac_enforce_process = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
&mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
@@ -212,7 +220,7 @@
static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
nmacipqs, nmacpipes, nmacprocs, nmacipcmsgs, nmacipcmsqs,
- nmacipcsemas, nmacipcshms;
+ nmacipcsemas, nmacipcshms, nmacposixksems;
#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1);
#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1);
@@ -249,6 +257,8 @@
&nmacipcsemas, 0, "number of sysv ipc semaphore identifiers inuse");
SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_shms, CTLFLAG_RD,
&nmacipcshms, 0, "number of sysv ipc shm identifiers inuse");
+SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD,
+ &nmacposixksems, 0, "number of posix global semaphores inuse");
#else
#define MAC_DEBUG_COUNTER_INC(x)
#define MAC_DEBUG_COUNTER_DEC(x)
@@ -1004,6 +1014,15 @@
mac_init_pipe_label(label);
}
+void
+mac_init_posix_ksem(struct ksem *ksemptr)
+{
+
+ mac_init_label(&ksemptr->ks_label);
+ MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label);
+ MAC_DEBUG_COUNTER_INC(&nmacposixksems);
+}
+
void
mac_init_proc(struct proc *p)
{
@@ -1215,6 +1234,15 @@
}
void
+mac_destroy_posix_ksem(struct ksem *ksemptr)
+{
+
+ MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label);
+ mac_destroy_label(&ksemptr->ks_label);
+ MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
+}
+
+void
mac_destroy_proc(struct proc *p)
{
@@ -2370,6 +2398,13 @@
MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label);
}
+void
+mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label);
+}
+
void
mac_create_socket(struct ucred *cred, struct socket *socket)
{
@@ -3107,6 +3142,105 @@
}
int
+mac_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_close, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_destroy, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_post, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_unlink, cred, ksemptr);
+
+ return(error);
+}
+
+int
+mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr)
+{
+ int error;
+
+ if (!mac_enforce_posix_sem)
+ return (0);
+
+ //XXX: Should we also pass &ksemptr->ks_label ??
+ MAC_CHECK(check_posix_sem_wait, cred, ksemptr);
+
+ return(error);
+}
+
+
+int
mac_check_proc_debug(struct ucred *cred, struct proc *proc)
{
int error;
==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#9 (text+ko) ====
@@ -28,6 +28,7 @@
__FBSDID("$FreeBSD: src/sys/kern/uipc_sem.c,v 1.9 2003/06/11 00:56:58 obrien Exp $");
#include "opt_posix.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -47,6 +48,11 @@
#include <sys/malloc.h>
#include <sys/jail.h>
#include <sys/fcntl.h>
+#ifdef MAC
+#include <sys/_label.h>
+#include <sys/mac.h>
+#include <posix4/ksem.h>
+#endif
#include <posix4/posix4.h>
#include <posix4/semaphore.h>
@@ -54,7 +60,7 @@
static struct ksem *sem_lookup_byname(const char *name);
static int sem_create(struct thread *td, const char *name,
- struct ksem **ksret, mode_t mode, unsigned int value);
+struct ksem **ksret, mode_t mode, unsigned int value);
static void sem_free(struct ksem *ksnew);
static int sem_perm(struct thread *td, struct ksem *ks);
static void sem_enter(struct proc *p, struct ksem *ks);
@@ -80,6 +86,7 @@
#define SEM_TO_ID(x) ((intptr_t)(x))
#define ID_TO_SEM(x) id_to_sem(x)
+#ifndef MAC
struct kuser {
pid_t ku_pid;
LIST_ENTRY(kuser) ku_next;
@@ -98,6 +105,10 @@
int ks_waiters; /* number of waiters */
LIST_HEAD(, kuser) ks_users; /* pids using this sem */
};
+#else
+struct kuser;
+struct ksem;
+#endif
/*
* available semaphores go here, this includes sem_init and any semaphores
@@ -220,9 +231,14 @@
LIST_INIT(&ret->ks_users);
if (name != NULL)
sem_enter(td->td_proc, ret);
+#ifdef MAC
+ mac_init_posix_ksem(ret);
+ mac_create_posix_ksem(uc, ret);
+#endif
*ksret = ret;
mtx_lock(&sem_lock);
if (nsems >= p31b_getcfg(CTL_P1003_1B_SEM_NSEMS_MAX)) {
+ /*XXX Should sem_leave be here at all ? */
sem_leave(td->td_proc, ret);
sem_free(ret);
error = ENFILE;
@@ -398,9 +414,16 @@
/*
* if we aren't the creator, then enforce permissions.
*/
- error = sem_perm(td, ks);
- if (!error)
- sem_ref(ks);
+ if((error = sem_perm(td, ks)))
+ goto err;
+#ifdef MAC
+ if((error = mac_check_posix_sem_openexisting(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_openexisting access denied\n"));
+ goto err;
+ }
+#endif
+ sem_ref(ks);
+err:
mtx_unlock(&sem_lock);
if (error)
return (error);
@@ -452,6 +475,9 @@
if (ks->ks_name != NULL)
free(ks->ks_name, M_SEM);
cv_destroy(&ks->ks_cv);
+#ifdef MAC
+ mac_destroy_posix_ksem(ks);
+#endif
free(ks, M_SEM);
}
@@ -508,7 +534,7 @@
{
struct kuser *ku, *k;
- ku = malloc(sizeof(*ku), M_SEM, M_WAITOK);
+ ku = malloc(sizeof(*ku), M_SEM, M_WAITOK | M_ZERO);
ku->ku_pid = p->p_pid;
mtx_lock(&sem_lock);
k = sem_getuser(p, ks);
@@ -555,14 +581,24 @@
ks = sem_lookup_byname(name);
if (ks == NULL)
error = ENOENT;
- else
- error = sem_perm(td, ks);
+ else {
+ if ((error = sem_perm(td, ks)))
+ goto err;
+#ifdef MAC
+ if((error = mac_check_posix_sem_unlink(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_unlink access \
+ denied\n"));
+ goto err;
+ }
+#endif
+ }
DP(("sem_unlink: '%s' ks = %p, error = %d\n", name, ks, error));
if (error == 0) {
LIST_REMOVE(ks, ks_entry);
LIST_INSERT_HEAD(&ksem_deadhead, ks, ks_entry);
sem_rel(ks);
}
+err:
mtx_unlock(&sem_lock);
return (error);
}
@@ -593,8 +629,17 @@
mtx_lock(&sem_lock);
ks = ID_TO_SEM(id);
/* this is not a valid operation for unnamed sems */
- if (ks != NULL && ks->ks_name != NULL)
+ if (ks != NULL && ks->ks_name != NULL) {
+#ifdef MAC
+ if((error = mac_check_posix_sem_close(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_close access \
+ denied\n"));
+ goto err;
+ }
+#endif
error = sem_leave(td->td_proc, ks);
+ }
+err:
mtx_unlock(&sem_lock);
return (error);
}
@@ -632,6 +677,12 @@
error = EOVERFLOW;
goto err;
}
+#ifdef MAC
+ if((error = mac_check_posix_sem_post(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_post access denied\n"));
+ goto err;
+ }
+#endif
++ks->ks_value;
if (ks->ks_waiters > 0)
cv_signal(&ks->ks_cv);
@@ -695,6 +746,12 @@
error = EINVAL;
goto err;
}
+#ifdef MAC
+ if((error = mac_check_posix_sem_wait(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_wait access denied\n"));
+ goto err;
+ }
+#endif
DP(("kern_sem_wait value = %d, tryflag %d\n", ks->ks_value, tryflag));
if (ks->ks_value == 0) {
ks->ks_waiters++;
@@ -734,6 +791,13 @@
mtx_unlock(&sem_lock);
return (EINVAL);
}
+#ifdef MAC
+ if((error = mac_check_posix_sem_getvalue(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_getvalue access denied\n"));
+ mtx_unlock(&sem_lock);
+ return (error);
+ }
+#endif
val = ks->ks_value;
mtx_unlock(&sem_lock);
error = copyout(&val, uap->val, sizeof(val));
@@ -765,6 +829,12 @@
error = EBUSY;
goto err;
}
+#ifdef MAC
+ if((error = mac_check_posix_sem_destroy(td->td_ucred, ks))) {
+ DP(("MAC Framework: mac_check_posix_sem_destroy access denied\n"));
+ goto err;
+ }
+#endif
sem_rel(ks);
error = 0;
err:
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#221 (text+ko) ====
@@ -65,6 +65,8 @@
#include <sys/sem.h>
#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -1105,6 +1107,18 @@
}
static void
+mac_biba_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(ks_label);
+
+ mac_biba_copy_single(source, dest);
+}
+
+static void
mac_biba_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -2140,6 +2154,40 @@
}
static int
+mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_biba_dominate_single(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
{
struct mac_biba *subj, *obj;
@@ -3072,6 +3120,7 @@
.mpo_init_mount_label = mac_biba_init_label,
.mpo_init_mount_fs_label = mac_biba_init_label,
.mpo_init_pipe_label = mac_biba_init_label,
+ .mpo_init_posix_ksem_label = mac_biba_init_label,
.mpo_init_socket_label = mac_biba_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_biba_init_label_waitcheck,
.mpo_init_vnode_label = mac_biba_init_label,
@@ -3088,6 +3137,7 @@
.mpo_destroy_mount_label = mac_biba_destroy_label,
.mpo_destroy_mount_fs_label = mac_biba_destroy_label,
.mpo_destroy_pipe_label = mac_biba_destroy_label,
+ .mpo_destroy_posix_ksem_label = mac_biba_destroy_label,
.mpo_destroy_socket_label = mac_biba_destroy_label,
.mpo_destroy_socket_peer_label = mac_biba_destroy_label,
.mpo_destroy_vnode_label = mac_biba_destroy_label,
@@ -3119,6 +3169,7 @@
.mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket,
.mpo_create_pipe = mac_biba_create_pipe,
+ .mpo_create_posix_ksem = mac_biba_create_posix_ksem,
.mpo_create_socket = mac_biba_create_socket,
.mpo_create_socket_from_socket = mac_biba_create_socket_from_socket,
.mpo_relabel_pipe = mac_biba_relabel_pipe,
@@ -3178,6 +3229,13 @@
.mpo_check_pipe_relabel = mac_biba_check_pipe_relabel,
.mpo_check_pipe_stat = mac_biba_check_pipe_stat,
.mpo_check_pipe_write = mac_biba_check_pipe_write,
+ .mpo_check_posix_sem_close = mac_biba_check_posix_sem_write,
+ .mpo_check_posix_sem_destroy = mac_biba_check_posix_sem_write,
+ .mpo_check_posix_sem_getvalue = mac_biba_check_posix_sem_rdonly,
+ .mpo_check_posix_sem_openexisting = mac_biba_check_posix_sem_write,
+ .mpo_check_posix_sem_post = mac_biba_check_posix_sem_write,
+ .mpo_check_posix_sem_unlink = mac_biba_check_posix_sem_write,
+ .mpo_check_posix_sem_wait = mac_biba_check_posix_sem_write,
.mpo_check_proc_debug = mac_biba_check_proc_debug,
.mpo_check_proc_sched = mac_biba_check_proc_sched,
.mpo_check_proc_signal = mac_biba_check_proc_signal,
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#68 (text+ko) ====
@@ -65,6 +65,8 @@
#include <sys/sem.h>
#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -1178,6 +1180,18 @@
}
static void
+mac_lomac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(ks_label);
+
+ mac_lomac_copy_single(source, dest);
+}
+
+static void
mac_lomac_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -2262,6 +2276,40 @@
}
static int
+mac_lomac_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!mac_lomac_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_lomac_dominate_single(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+mac_lomac_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!mac_lomac_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_lomac_dominate_single(obj, subj))
+ return (maybe_demote(subj, obj, "sem_getvalue", "posix_sem", NULL));
+
+ return (0);
+}
+
+static int
mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc)
{
struct mac_lomac *subj, *obj;
@@ -2998,6 +3046,7 @@
.mpo_init_mount_label = mac_lomac_init_label,
.mpo_init_mount_fs_label = mac_lomac_init_label,
.mpo_init_pipe_label = mac_lomac_init_label,
+ .mpo_init_posix_ksem_label = mac_lomac_init_label,
.mpo_init_proc_label = mac_lomac_init_proc_label,
.mpo_init_socket_label = mac_lomac_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck,
@@ -3015,6 +3064,7 @@
.mpo_destroy_mount_label = mac_lomac_destroy_label,
.mpo_destroy_mount_fs_label = mac_lomac_destroy_label,
.mpo_destroy_pipe_label = mac_lomac_destroy_label,
+ .mpo_destroy_posix_ksem_label = mac_lomac_destroy_label,
.mpo_destroy_proc_label = mac_lomac_destroy_proc_label,
.mpo_destroy_socket_label = mac_lomac_destroy_label,
.mpo_destroy_socket_peer_label = mac_lomac_destroy_label,
@@ -3048,6 +3098,7 @@
.mpo_setlabel_vnode_extattr = mac_lomac_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_lomac_create_mbuf_from_socket,
.mpo_create_pipe = mac_lomac_create_pipe,
+ .mpo_create_posix_ksem = mac_lomac_create_posix_ksem,
.mpo_create_socket = mac_lomac_create_socket,
.mpo_create_socket_from_socket = mac_lomac_create_socket_from_socket,
.mpo_relabel_pipe = mac_lomac_relabel_pipe,
@@ -3109,6 +3160,13 @@
.mpo_check_pipe_read = mac_lomac_check_pipe_read,
.mpo_check_pipe_relabel = mac_lomac_check_pipe_relabel,
.mpo_check_pipe_write = mac_lomac_check_pipe_write,
+ .mpo_check_posix_sem_close = mac_lomac_check_posix_sem_write,
+ .mpo_check_posix_sem_destroy = mac_lomac_check_posix_sem_write,
+ .mpo_check_posix_sem_getvalue = mac_lomac_check_posix_sem_rdonly,
+ .mpo_check_posix_sem_openexisting = mac_lomac_check_posix_sem_write,
+ .mpo_check_posix_sem_post = mac_lomac_check_posix_sem_write,
+ .mpo_check_posix_sem_unlink = mac_lomac_check_posix_sem_write,
+ .mpo_check_posix_sem_wait = mac_lomac_check_posix_sem_write,
.mpo_check_proc_debug = mac_lomac_check_proc_debug,
.mpo_check_proc_sched = mac_lomac_check_proc_sched,
.mpo_check_proc_signal = mac_lomac_check_proc_signal,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#179 (text+ko) ====
@@ -65,6 +65,8 @@
#include <sys/sem.h>
#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -1073,6 +1075,18 @@
}
static void
+mac_mls_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+ struct label *ks_label)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(ks_label);
+
+ mac_mls_copy_single(source, dest);
+}
+
+static void
mac_mls_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -2034,6 +2048,40 @@
}
static int
+mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_mls_dominate_single(obj, subj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((&ksemptr->ks_label));
+
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc)
{
struct mac_mls *subj, *obj;
@@ -2847,6 +2895,7 @@
.mpo_init_mount_label = mac_mls_init_label,
.mpo_init_mount_fs_label = mac_mls_init_label,
.mpo_init_pipe_label = mac_mls_init_label,
+ .mpo_init_posix_ksem_label = mac_mls_init_label,
.mpo_init_socket_label = mac_mls_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_mls_init_label_waitcheck,
.mpo_init_vnode_label = mac_mls_init_label,
@@ -2863,6 +2912,7 @@
.mpo_destroy_mount_label = mac_mls_destroy_label,
.mpo_destroy_mount_fs_label = mac_mls_destroy_label,
.mpo_destroy_pipe_label = mac_mls_destroy_label,
+ .mpo_destroy_posix_ksem_label = mac_mls_destroy_label,
.mpo_destroy_socket_label = mac_mls_destroy_label,
.mpo_destroy_socket_peer_label = mac_mls_destroy_label,
.mpo_destroy_vnode_label = mac_mls_destroy_label,
@@ -2894,6 +2944,7 @@
.mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket,
.mpo_create_pipe = mac_mls_create_pipe,
+ .mpo_create_posix_ksem = mac_mls_create_posix_ksem,
.mpo_create_socket = mac_mls_create_socket,
.mpo_create_socket_from_socket = mac_mls_create_socket_from_socket,
.mpo_relabel_pipe = mac_mls_relabel_pipe,
@@ -2951,6 +3002,13 @@
.mpo_check_pipe_relabel = mac_mls_check_pipe_relabel,
.mpo_check_pipe_stat = mac_mls_check_pipe_stat,
.mpo_check_pipe_write = mac_mls_check_pipe_write,
+ .mpo_check_posix_sem_close = mac_mls_check_posix_sem_write,
+ .mpo_check_posix_sem_destroy = mac_mls_check_posix_sem_write,
+ .mpo_check_posix_sem_getvalue = mac_mls_check_posix_sem_rdonly,
+ .mpo_check_posix_sem_openexisting = mac_mls_check_posix_sem_write,
+ .mpo_check_posix_sem_post = mac_mls_check_posix_sem_write,
+ .mpo_check_posix_sem_unlink = mac_mls_check_posix_sem_write,
+ .mpo_check_posix_sem_wait = mac_mls_check_posix_sem_write,
.mpo_check_proc_debug = mac_mls_check_proc_debug,
.mpo_check_proc_sched = mac_mls_check_proc_sched,
.mpo_check_proc_signal = mac_mls_check_proc_signal,
==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#7 (text+ko) ====
@@ -64,6 +64,8 @@
#include <sys/sem.h>
#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -269,6 +271,12 @@
}
static void
+stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
+{
+
+}
+
+static void
stub_create_socket_from_socket(struct socket *oldsocket,
struct label *oldsocketlabel, struct socket *newsocket,
struct label *newsocketlabel)
@@ -794,6 +802,55 @@
}
static int
+stub_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
+stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr)
+{
+
+ return (0);
+}
+
+static int
stub_check_proc_debug(struct ucred *cred, struct proc *proc)
{
@@ -1201,6 +1258,7 @@
.mpo_init_mount_label = stub_init_label,
.mpo_init_mount_fs_label = stub_init_label,
.mpo_init_pipe_label = stub_init_label,
+ .mpo_init_posix_ksem_label = stub_init_label,
.mpo_init_socket_label = stub_init_label_waitcheck,
.mpo_init_socket_peer_label = stub_init_label_waitcheck,
.mpo_init_vnode_label = stub_init_label,
@@ -1217,6 +1275,7 @@
.mpo_destroy_mount_label = stub_destroy_label,
.mpo_destroy_mount_fs_label = stub_destroy_label,
.mpo_destroy_pipe_label = stub_destroy_label,
+ .mpo_destroy_posix_ksem_label = stub_destroy_label,
.mpo_destroy_socket_label = stub_destroy_label,
.mpo_destroy_socket_peer_label = stub_destroy_label,
.mpo_destroy_vnode_label = stub_destroy_label,
@@ -1249,6 +1308,7 @@
.mpo_update_devfsdirent = stub_update_devfsdirent,
.mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket,
.mpo_create_pipe = stub_create_pipe,
+ .mpo_create_posix_ksem = stub_create_posix_ksem,
.mpo_create_socket = stub_create_socket,
.mpo_create_socket_from_socket = stub_create_socket_from_socket,
.mpo_relabel_pipe = stub_relabel_pipe,
@@ -1317,6 +1377,13 @@
.mpo_check_pipe_relabel = stub_check_pipe_relabel,
.mpo_check_pipe_stat = stub_check_pipe_stat,
.mpo_check_pipe_write = stub_check_pipe_write,
+ .mpo_check_posix_sem_close = stub_check_posix_sem_close,
+ .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy,
+ .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue,
+ .mpo_check_posix_sem_openexisting = stub_check_posix_sem_openexisting,
+ .mpo_check_posix_sem_post = stub_check_posix_sem_post,
+ .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink,
+ .mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
.mpo_check_proc_debug = stub_check_proc_debug,
.mpo_check_proc_sched = stub_check_proc_sched,
.mpo_check_proc_signal = stub_check_proc_signal,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#112 (text+ko) ====
@@ -57,7 +57,13 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
+#include <sys/msg.h>
+#include <sys/msg_msg.h>
+#include <sys/sem.h>
+#include <sys/shm.h>
+#include <posix4/ksem.h>
+
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -85,7 +91,12 @@
#define MBUFMAGIC 0xbbefa5bb
#define MOUNTMAGIC 0xc7c46e47
#define SOCKETMAGIC 0x9199c6cd
+#define SYSVIPCMSQMAGIC 0xea672391
+#define SYSVIPCMSGMAGIC 0x8bbba61e
+#define SYSVIPCSEMMAGIC 0x896e8a0b
+#define SYSVIPCSHMMAGIC 0x76119ab0
#define PIPEMAGIC 0xdc6c9919
+#define POSIXSEMMAGIC 0x78ae980c
#define PROCMAGIC 0x3b4be98f
#define CREDMAGIC 0x9a5a4987
#define VNODEMAGIC 0x1a67a45c
@@ -107,8 +118,18 @@
SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \
SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
+#define ASSERT_SYSVIPCMSQ_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSQMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SYSVIPCMSQ label", __func__ ))
+#define ASSERT_SYSVIPCMSG_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSGMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SYSVIPCMSG label", __func__ ))
+#define ASSERT_SYSVIPCSEM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSEMMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SYSVIPCSEM label", __func__ ))
+#define ASSERT_SYSVIPCSHM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSHMMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ ))
#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \
SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
+#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \
+ SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ ))
#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \
SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \
@@ -132,6 +153,18 @@
static int init_count_ifnet;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD,
&init_count_ifnet, 0, "ifnet init calls");
+static int init_count_ipc_msg;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_msg, CTLFLAG_RD,
+ &init_count_ipc_msg, 0, "ipc_msg init calls");
+static int init_count_ipc_msq;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_msq, CTLFLAG_RD,
+ &init_count_ipc_msq, 0, "ipc_msq init calls");
+static int init_count_ipc_sema;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_sema, CTLFLAG_RD,
+ &init_count_ipc_sema, 0, "ipc_sema init calls");
+static int init_count_ipc_shm;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipc_shm, CTLFLAG_RD,
+ &init_count_ipc_shm, 0, "ipc_shm init calls");
static int init_count_ipq;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD,
&init_count_ipq, 0, "ipq init calls");
@@ -154,6 +187,9 @@
static int init_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
&init_count_pipe, 0, "pipe init calls");
+static int init_count_posixsems;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD,
+ &init_count_posixsems, 0, "posix sems init calls");
static int init_count_proc;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD,
&init_count_proc, 0, "proc init calls");
@@ -173,6 +209,18 @@
static int destroy_count_ifnet;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD,
&destroy_count_ifnet, 0, "ifnet destroy calls");
+static int destroy_count_ipc_msg;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_msg, CTLFLAG_RD,
+ &destroy_count_ipc_msg, 0, "ipc_msg destroy calls");
+static int destroy_count_ipc_msq;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_msq, CTLFLAG_RD,
+ &destroy_count_ipc_msq, 0, "ipc_msq destroy calls");
+static int destroy_count_ipc_sema;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_sema, CTLFLAG_RD,
+ &destroy_count_ipc_sema, 0, "ipc_sema destroy calls");
+static int destroy_count_ipc_shm;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipc_shm, CTLFLAG_RD,
+ &destroy_count_ipc_shm, 0, "ipc_shm destroy calls");
static int destroy_count_ipq;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD,
&destroy_count_ipq, 0, "ipq destroy calls");
@@ -196,6 +244,9 @@
static int destroy_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
&destroy_count_pipe, 0, "pipe destroy calls");
+static int destroy_count_posixsems;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list