PERFORCE change 45436 for review

Andrew Reisse areisse at FreeBSD.org
Fri Jan 16 14:56:11 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=45436

Change 45436 by areisse at areisse_ibook on 2004/01/16 06:55:57

	check some permissions related to the bootstrap namespaces

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.defs#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.c#2 (text+ko) ====

@@ -523,6 +523,12 @@
 	if (result != KERN_SUCCESS)
 		kern_fatal(result, "mach_port_insert_right");
 
+	result = mach_set_port_label (bootstrap_self,
+				      bootstraps.bootstrap_port,
+				      "sebsd/system_u:system_r:boot_names_t");
+	if (result != KERN_SUCCESS)
+		kern_fatal(result, "mach_set_port_label");
+
 	/* keep the root bootstrap port "active" */
 	bootstraps.requestor_port = bootstraps.bootstrap_port;
 
@@ -1211,7 +1217,7 @@
 						server_demux,
 						bootstrapMaxRequestSize,
 						bootstrap_port_set,
-                        MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_SENDER)|
+                        MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_LABELS)|
                         MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0));
 		if (mresult != MACH_MSG_SUCCESS)
 				kern_error(mresult, "mach_msg_server");

==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/bootstrap.defs#2 (text+ko) ====

@@ -141,6 +141,7 @@
 		server_uid	: integer_t;
 		on_demand	: boolean_t;
  ServerSecToken	token		: security_token_t;
+ servermsglabels labels         : msg_labels_t;
 	out	server_port	: mach_port_make_send_t);
 
 /*
@@ -213,7 +214,8 @@
 routine bootstrap_register(
 		bootstrap_port	: mach_port_t;
 		service_name	: name_t;
-		service_port	: mach_port_t);
+		service_port	: mach_port_t;
+		servermsglabels labels     : msg_labels_t);
 
 /*
  * kern_return_t
@@ -231,7 +233,8 @@
 routine bootstrap_look_up(
 		bootstrap_port	: mach_port_t;
 		service_name	: name_t;
-	out	service_port	: mach_port_t);
+	out	service_port	: mach_port_t;
+	servermsglabels labels  : msg_labels_t);
 
 /*
  * kern_return_t
@@ -259,7 +262,8 @@
 		bootstrap_port	: mach_port_t;
 		service_names	: name_array_t;
 	out	service_ports	: mach_port_array_t;
-	out	all_services_known: boolean_t);
+	out	all_services_known: boolean_t;
+	servermsglabels labels    : msg_labels_t);
 
 /*
  * kern_return_t
@@ -338,7 +342,8 @@
 routine bootstrap_subset(
 		bootstrap_port	: mach_port_t;
 		requestor_port	: mach_port_t;
-	out	subset_port	: mach_port_t);
+	out	subset_port	: mach_port_t;
+	ServerMsgLabels labels  : msg_labels_t);
 
 /*
  * kern_return_t

==== //depot/projects/trustedbsd/sedarwin/apsl/system_cmds/mach_init.tproj/rpc_services.c#2 (text+ko) ====

@@ -75,6 +75,7 @@
 	int server_uid,
 	boolean_t on_demand,
 	security_token_t sectoken,
+	msg_labels_t labels,
 	mach_port_t *server_portp)
 {
 	server_t *serverp;
@@ -97,6 +98,14 @@
 			server_cmd, sectoken.val[0], server_uid);
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
+
+	kern_return_t kr = mac_check_name_port_access
+	  (mach_task_self(), 
+	   labels.slabel, bootstrap_port,
+	   "mach_names", "create_server");
+	if (kr)
+	  return BOOTSTRAP_NOT_PRIVILEGED;
+
 	serverp = new_server(
 					bootstrap,
 					server_cmd,
@@ -275,8 +284,9 @@
 kern_return_t
 x_bootstrap_register(
 	mach_port_t	bootstrap_port,
-	name_t	service_name,
-	mach_port_t	service_port)
+	name_t	        service_name,
+	mach_port_t	service_port,
+	msg_labels_t    labels)
 {
 	kern_return_t result;
 	service_t *servicep;
@@ -287,6 +297,12 @@
 	debug("Register attempt for service %s port %x",
 	      service_name, service_port);
 
+	result = mac_check_name_port_access (mach_task_self(),
+					     labels.slabel, bootstrap_port,
+					     "mach_names", "register");
+	if (result)
+	  return result;
+
 	/*
 	 * Validate the bootstrap.
 	 */
@@ -393,13 +409,26 @@
 x_bootstrap_look_up(
 	mach_port_t	bootstrap_port,
 	name_t	service_name,
-	mach_port_t	*service_portp)
+	mach_port_t	*service_portp,
+	msg_labels_t     labels)
 {
 	service_t *servicep;
 	bootstrap_info_t *bootstrap;
 
 	bootstrap = lookup_bootstrap_by_port(bootstrap_port);
 	servicep = lookup_service_by_name(bootstrap, service_name);
+
+	mach_port_t sp = servicep ? servicep->port : MACH_PORT_NULL;
+	kern_return_t kr = mac_check_name_port_access
+	  (mach_task_self(),
+	   labels.slabel, sp == MACH_PORT_NULL ? bootstrap_port : sp,
+	   "mach_names", "look_up");
+	if (kr)
+	  {
+	    log("bootstrap denied %s :%d", labels.slabel, kr);
+	    return KERN_NO_ACCESS;
+	  }
+
 	if (servicep == NULL || servicep->port == MACH_PORT_NULL) {
 		if (forward_ok) {
 			debug("bootstrap_look_up service %s forwarding",
@@ -450,19 +479,21 @@
 	unsigned int	service_names_cnt,
 	mach_port_array_t	*service_portsp,
 	unsigned int	*service_ports_cnt,
-	boolean_t	*all_services_known)
+	boolean_t	*all_services_known,
+	msg_labels_t     labels)
 {
 	unsigned int i;
 	static mach_port_t service_ports[BOOTSTRAP_MAX_LOOKUP_COUNT];
 	
 	if (service_names_cnt > BOOTSTRAP_MAX_LOOKUP_COUNT)
 		return BOOTSTRAP_BAD_COUNT;
+
 	*service_ports_cnt = service_names_cnt;
 	*all_services_known = TRUE;
 	for (i = 0; i < service_names_cnt; i++) {
 		if (   x_bootstrap_look_up(bootstrap_port,
 					  service_names[i],
-					  &service_ports[i])
+					   &service_ports[i], labels)
 		    != BOOTSTRAP_SUCCESS)
 		{
 			*all_services_known = FALSE;
@@ -699,7 +730,8 @@
 x_bootstrap_subset(
 	mach_port_t	bootstrap_port,
 	mach_port_t	requestor_port,
-	mach_port_t	*subset_port)
+	mach_port_t	*subset_port,
+	msg_labels_t    labels)
 {
 	kern_return_t result;
 	bootstrap_info_t *bootstrap;
@@ -714,6 +746,12 @@
 	if (!bootstrap || !active_bootstrap(bootstrap))
 		return BOOTSTRAP_NOT_PRIVILEGED;
 
+	kern_return_t kr = mac_check_name_port_access
+	  (mach_task_self(), labels.slabel, bootstrap_port,
+	   "mach_names", "makesubset");
+	if (kr)
+	  return BOOTSTRAP_NOT_PRIVILEGED;
+
 	result = mach_port_allocate(
 				mach_task_self(), 
 				MACH_PORT_RIGHT_RECEIVE,
@@ -736,6 +774,28 @@
 	if (result != KERN_SUCCESS)
 		kern_fatal(result, "port_set_add");
 
+	char *nslabel;
+	result = security_change_context2 (labels.slabel+6, labels.slabel+6, "mach_names",
+					   &nslabel);
+	if (result)
+	  {
+	    log ("error changing context for %s", labels.slabel);
+	    nslabel = labels.slabel;
+	  }
+	else
+	  {
+	    char *n = malloc (strlen (nslabel) + 6);
+	    strcpy (n, "sebsd/");
+	    strcat (n, nslabel);
+	    free (nslabel);
+	    nslabel = n;
+	  }
+
+	result = mach_set_port_label (mach_task_self(), new_bootstrap_port,
+				      nslabel);
+	if (result != KERN_SUCCESS)
+	  kern_fatal(result, "mach_set_port_label");
+
 	subset = new_bootstrap(bootstrap, new_bootstrap_port, requestor_port);
 
 	result = mach_port_request_notification(
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list