PERFORCE change 46200 for review
Andrew Reisse
areisse at FreeBSD.org
Fri Jan 30 18:03:02 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=46200
Change 46200 by areisse at areisse_ibook on 2004/01/30 10:02:08
Merge mach additions back to sedarwin development branch.
Move mac initialization to mach startup, so that it is available for
creation of mach tasks and ports. The policy (mac_late) initialization is
also done here. (mac_late_init should be renamed mac_init_policy to better
reflect its actual purpose)
Add support for task and port labels to the mac framework and sebsd.
A new lock was introduced to protect the task label. The lock order for
two task labels is lower pointer first.
Add object labelling events for mach tasks and ports. Tasks (and task ports)
copy labels from the cred labels whenever the cred label is changed.
(Currently, in fork, execve, bsd_init, and mac_relabel_cred)
It is up to the policy to label newly created ports.
Add access control checks for sending messages and port rights. Getting
port rights from a message is not currently checked. Add a message
trailer field for the sender's task label.
Add a new mach kernel server, security. This server has calls for
getting and setting labels on ports and tasks, and checking access.
There are 3 generic access check calls so far:
subject and object are tasks
subject is task, object is port
subject and object label strings are passed.
The last check can be used by a userspace server, using the label from
the message trailer, to use the client as subject.
Add new access control check, mac_check_service_access. This uses an
arbitrary subject, object, permission class, and permission name to
check a permission. It can be called from userspace (currently only
for tasks).
sebsd:
Add support for libsebsd security_change_context call.
Support task and port labels. Both use the cred label structure (for now).
Enable use of named permissions; implement mac_check_service_access
(it assumes both labels are cred format).
Print numbers in permission sets if there are no names.
Add support for task and port labels and permission checks.
Label new ports after the task.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_msg.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_port.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_kobject.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_tt.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/startup.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/Makefile#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/_label.h#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mac.h#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_port.defs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_types.defs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/message.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/security.defs#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ppc/ppc_init.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/pexpert/pexpert/ppc/boot.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_inherit.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_permissions.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#6 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#4 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc_ss.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/class_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/common_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/initial_sid_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/access_vectors#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/security_classes#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#20 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#4 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/services.c#5 integrate
Differences ...
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 (text+ko) ====
@@ -117,6 +117,8 @@
#include <mach/shared_memory_server.h>
#include <vm/vm_shared_memory_server.h>
+#include <sys/mac.h>
+
extern shared_region_mapping_t system_shared_region;
extern int app_profile; /* on/off switch for pre-heat cache */
@@ -290,11 +292,9 @@
* Initialize the MAC Framework
*/
{
- extern mac_init(void);
- extern mac_late_init(void);
+ extern mac_init_bsd(void);
- mac_init();
- mac_late_init();
+ mac_init_bsd();
}
#endif /* MAC */
@@ -352,6 +352,7 @@
#ifdef MAC
mac_create_proc0(p->p_ucred);
+ mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
#endif
/* Create the file descriptor table. */
@@ -577,6 +578,7 @@
vm_set_shared_region(get_threadtask(th_act), system_shared_region);
#ifdef MAC
mac_create_proc1(p->p_ucred);
+ mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
#endif
load_init_program(p);
/* turn on app-profiling i.e. pre-heating */
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 (text+ko) ====
@@ -89,6 +89,7 @@
#include <sys/exec.h>
#include <sys/kdebug.h>
#include <sys/signal.h>
+#include <sys/mac.h>
#include <mach/vm_param.h>
@@ -657,8 +658,10 @@
}
#ifdef MAC
- if (will_transition && !no_trans)
+ if (will_transition && !no_trans) {
mac_execve_transition (cred, p->p_ucred, vp, scriptlabelp, execlabelp);
+ mac_update_task_from_cred (p->p_ucred, p->task);
+ }
#endif
crfree (cred);
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 (text+ko) ====
@@ -71,6 +71,7 @@
#include <sys/vnode.h>
#include <sys/file.h>
#include <sys/acct.h>
+#include <sys/mac.h>
#if KTRACE
#include <sys/ktrace.h>
#endif
@@ -253,6 +254,7 @@
child->task = task;
/* task->proc = child; */
set_bsdtask_info(task, child);
+ mac_update_task_from_cred (child->p_ucred, task);
if (child->p_nice != 0)
resetpriority(child);
result = thread_create(task, &thread);
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 (text+ko) ====
@@ -524,13 +524,17 @@
* Initialize the MAC subsystem, including appropriate SMP locks.
*/
void
-mac_init(void)
+mac_init_mach ()
{
-
LIST_INIT(&mac_static_policy_list);
LIST_INIT(&mac_policy_list);
mac_policy_mtx = mutex_alloc(ETAP_NO_TRACE);
+}
+
+void
+mac_init_bsd(void)
+{
cv_init(&mac_policy_cv, "mac_policy_cv");
sysctl_register_oid(&sysctl__security);
@@ -664,7 +668,8 @@
* We don't technically need exclusive access while !mac_late,
* but hold it for assertion consistency.
*/
- mac_policy_grab_exclusive();
+ if (mac_late)
+ mac_policy_grab_exclusive();
/*
* If the module can potentially be unloaded, or we're loading
@@ -724,7 +729,8 @@
mpc->mpc_name);
out:
- mac_policy_release_exclusive();
+ if (mac_late)
+ mac_policy_release_exclusive();
return (error);
}
@@ -855,7 +861,7 @@
MAC_DEBUG_COUNTER_INC(&nmacbpfdescs);
}
-static void
+void
mac_init_cred_label(struct label *label)
{
mac_init_label(label);
@@ -864,6 +870,19 @@
}
void
+mac_init_task_label(struct label *label)
+{
+ mac_init_label(label);
+ MAC_PERFORM(init_task_label, label);
+}
+
+void
+mac_copy_cred_to_task (struct label *cred, struct label *task)
+{
+ MAC_PERFORM (copy_cred_to_task, cred, task);
+}
+
+void
mac_init_cred(struct ucred *cred)
{
@@ -871,6 +890,18 @@
}
void
+mac_init_port_label (struct label *l)
+{
+ MAC_PERFORM (init_port_label, l);
+}
+
+void
+mac_destroy_port_label (struct label *l)
+{
+ MAC_PERFORM (destroy_port_label, l);
+}
+
+void
mac_init_devfsdirent(struct devnode *de)
{
mac_init_label(&de->dn_label);
@@ -1105,6 +1136,13 @@
}
void
+mac_destroy_task_label(struct label *label)
+{
+ MAC_PERFORM(destroy_task_label, label);
+ mac_destroy_label(label);
+}
+
+void
mac_destroy_cred(struct ucred *cred)
{
@@ -1264,6 +1302,20 @@
}
void
+mac_copy_port_label(struct label *src, struct label *dest)
+{
+
+ MAC_PERFORM(copy_port_label, src, dest);
+}
+
+void
+mac_update_port_from_cred_label (struct label *src, struct label *dest)
+{
+
+ MAC_PERFORM(update_port_from_cred_label, src, dest);
+}
+
+void
mac_copy_devfs_label(struct label *src, struct label *dest)
{
MAC_PERFORM(copy_devfs_label, src, dest);
@@ -1290,6 +1342,28 @@
return (error);
}
+int
+mac_externalize_task_label(struct label *label, char *elements,
+ char *outbuf, size_t outbuflen, int flags)
+{
+ int error;
+
+ MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
+
+ return (error);
+}
+
+int
+mac_externalize_port_label(struct label *label, char *elements,
+ char *outbuf, size_t outbuflen, int flags)
+{
+ int error;
+
+ MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
+
+ return (error);
+}
+
static int
mac_externalize_ifnet_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen, int flags)
@@ -1357,6 +1431,16 @@
return (error);
}
+int
+mac_internalize_port_label(struct label *label, char *string)
+{
+ int error;
+
+ MAC_INTERNALIZE(cred_label, label, string);
+
+ return (error);
+}
+
static int
mac_internalize_ifnet_label(struct label *label, char *string)
{
@@ -1447,6 +1531,19 @@
}
void
+mac_create_task (struct task *parent, struct task *child, struct label *pl,
+ struct label *chl)
+{
+ MAC_PERFORM(create_task, parent, child, pl, chl);
+}
+
+void
+mac_create_port(struct label *it, struct label *st, struct label *port)
+{
+ MAC_PERFORM(create_port, it, st, port);
+}
+
+void
mac_update_devfsdirent(struct mount *mp, struct devnode *de,
struct vnode *vp)
{
@@ -2642,6 +2739,66 @@
}
int
+mac_check_port_relabel (struct label *task, struct label *old, struct label *newlabel)
+{
+ int error;
+
+ MAC_CHECK(check_port_relabel, task, old, newlabel);
+
+ return (error);
+}
+
+int
+mac_check_port_send (struct label *task, struct label *port)
+{
+ int error;
+
+ MAC_CHECK(check_port_send, task, port);
+
+ return (error);
+}
+
+int
+mac_check_port_make_send (struct label *task, struct label *port)
+{
+ int error;
+
+ MAC_CHECK(check_port_make_send, task, port);
+
+ return (error);
+}
+
+int
+mac_check_port_copy_send (struct label *task, struct label *port)
+{
+ int error;
+
+ MAC_CHECK(check_port_copy_send, task, port);
+
+ return (error);
+}
+
+int
+mac_check_port_move_receive (struct label *task, struct label *port)
+{
+ int error;
+
+ MAC_CHECK(check_port_move_receive, task, port);
+
+ return (error);
+}
+
+int
+mac_check_service_access (struct label *subj, struct label *obj,
+ const char *s, const char *p)
+{
+ int error;
+
+ MAC_CHECK (check_service_access, subj, obj, s, p);
+ return error;
+}
+
+int
mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
{
struct label *label;
@@ -3630,6 +3787,7 @@
newcred = crdup(oldcred);
mac_relabel_cred(newcred, &intlabel);
p->p_ucred = newcred;
+ mac_update_task_from_cred (newcred, p->task);
/*
* Grab additional reference for use while revoking mmaps, prior
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 (text+ko) ====
@@ -803,4 +803,6 @@
(sec_token.val[0]) ?
HOST_PRIV_NULL :
host_priv_self());
+
+ mac_update_task_from_cred (p->p_ucred, p->task);
}
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 (text+ko) ====
@@ -147,6 +147,8 @@
void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
void mac_copy_vnode_label(struct label *, struct label *label);
void mac_copy_devfs_label(struct label *, struct label *label);
+void mac_copy_cred_to_task (struct label *cred, struct label *task);
+void mac_update_task_label (struct label *plabel, void *task);
void mac_destroy_bpfdesc(struct bpf_d *);
void mac_destroy_cred(struct ucred *);
void mac_destroy_devfsdirent(struct devnode *);
@@ -160,6 +162,9 @@
void mac_destroy_vnode(struct vnode *);
void mac_destroy_vnode_label(struct label *);
+#define mac_update_task_from_cred(cred,task) \
+ mac_update_task_label (&((cred)->cr_label),task)
+
/*
* Labeling event operations: file system objects, and things that
* look a lot like file system objects.
@@ -237,6 +242,8 @@
#endif
/* Access control checks. */
+int mac_check_service_access (struct label *subj, struct label *obj,
+ const char *serv, const char *perm);
int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
int mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 (text+ko) ====
@@ -63,6 +63,7 @@
struct ucred;
struct vnode;
struct devnode;
+struct task;
struct mac_policy_ops {
/*
@@ -95,6 +96,8 @@
void (*mpo_init_pipe_label)(struct label *label);
#endif
void (*mpo_init_proc_label)(struct label *label);
+ void (*mpo_init_task_label)(struct label *label);
+ void (*mpo_init_port_label)(struct label *label);
void (*mpo_init_vnode_label)(struct label *label);
void (*mpo_destroy_bpfdesc_label)(struct label *label);
void (*mpo_destroy_cred_label)(struct label *label);
@@ -110,9 +113,15 @@
void (*mpo_destroy_pipe_label)(struct label *label);
#endif
void (*mpo_destroy_proc_label)(struct label *label);
+ void (*mpo_destroy_task_label)(struct label *label);
+ void (*mpo_destroy_port_label)(struct label *label);
void (*mpo_destroy_vnode_label)(struct label *label);
+ void (*mpo_copy_cred_to_task) (struct label *cred, struct label *task);
void (*mpo_copy_mbuf_label)(struct label *src,
struct label *dest);
+
+ void (*mpo_update_port_from_cred_label) (struct label *cred,
+ struct label *task);
#if 0
void (*mpo_copy_pipe_label)(struct label *src,
struct label *dest);
@@ -121,6 +130,8 @@
struct label *dest);
void (*mpo_copy_devfs_label)(struct label *src,
struct label *dest);
+ void (*mpo_copy_port_label)(struct label *src,
+ struct label *dest);
int (*mpo_externalize_cred_label)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
int (*mpo_externalize_ifnet_label)(struct label *label,
@@ -223,6 +234,9 @@
struct label *pipelabel);
#endif
+ void (*mpo_create_port)(struct label *it, struct label *st,
+ struct label *portlabel);
+
/*
* Labeling event operations: network objects.
*/
@@ -279,6 +293,9 @@
void (*mpo_create_cred)(struct ucred *parent_cred,
struct ucred *child_cred);
+ void (*mpo_create_task)(struct task *parent, struct task *child, struct label *pl,
+ struct label *cl);
+
void (*mpo_execve_transition)(struct ucred *old, struct ucred *new,
struct vnode *vp,
struct label *vnodelabel,
@@ -290,7 +307,7 @@
struct label *interpvnodelabel,
struct label *execlabel);
- void (*mpo_create_proc0)(struct ucred *cred);
+ void (*mpo_create_proc0)(struct ucred *cred);
void (*mpo_create_proc1)(struct ucred *cred);
void (*mpo_relabel_cred)(struct ucred *cred,
struct label *newlabel);
@@ -301,11 +318,18 @@
/*
* Access control checks.
*/
+ int (*mpo_check_service_access)(struct label *subj, struct label *obj, const char *serv, const char *perm);
int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d,
struct label *bpflabel, struct ifnet *ifnet,
struct label *ifnetlabel);
int (*mpo_check_cred_relabel)(struct ucred *cred,
struct label *newlabel);
+ int (*mpo_check_port_relabel)(struct label *task, struct label *old,
+ struct label *newlabel);
+ int (*mpo_check_port_send)(struct label *task, struct label *port);
+ int (*mpo_check_port_make_send)(struct label *task, struct label *port);
+ int (*mpo_check_port_copy_send)(struct label *task, struct label *port);
+ int (*mpo_check_port_move_receive)(struct label *task, struct label *port);
int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
int (*mpo_check_ifnet_relabel)(struct ucred *cred,
struct ifnet *ifnet, struct label *ifnetlabel,
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 (text+ko) ====
@@ -196,3 +196,5 @@
#
options MACH_COUNTERS # # <stats>
+
+options MAC
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 (text+ko) ====
@@ -221,6 +221,7 @@
./mach/task_server.c standard
./mach/thread_act_server.c standard
./mach/vm_map_server.c standard
+./mach/security_server.c standard
osfmk/mach-o/mach_header.c standard
osfmk/vm/device_vm.c standard
osfmk/vm/memory_object.c standard
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 (text+ko) ====
@@ -647,7 +647,7 @@
{
mach_msg_size_t msg_and_trailer_size;
ipc_kmsg_t kmsg;
- mach_msg_format_0_trailer_t *trailer;
+ mach_msg_mac_trailer_t *trailer;
mach_port_name_t dest_name;
ipc_entry_t dest_entry;
ipc_port_t dest_port;
@@ -675,11 +675,23 @@
* is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
* the cases where no implicit data is requested.
*/
- trailer = (mach_msg_format_0_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size);
+ trailer = (mach_msg_mac_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size);
trailer->msgh_sender = current_thread()->top_act->task->sec_token;
trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
+ task_t cur = current_thread()->top_act->task;
+ if (cur)
+ {
+ tasklabel_lock (cur);
+ mac_externalize_task_label (&cur->maclabel,
+ "sebsd", trailer->msgh_labels.slabel,
+ 64, 0);
+ tasklabel_unlock (cur);
+ }
+ else
+ strcpy (trailer->msgh_labels.slabel, "system_u:system_r:kernel_t");
+
*kmsgp = kmsg;
return MACH_MSG_SUCCESS;
}
@@ -797,6 +809,19 @@
ip_lock(port);
+#ifdef MAC
+ task_t self = current_task();
+ tasklabel_lock (self);
+
+ int rc = mac_check_port_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
if (port->ip_receiver == ipc_space_kernel) {
/*
@@ -839,6 +864,7 @@
ip_release(port);
ip_check_unlock(port);
+
kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL;
ipc_kmsg_destroy(kmsg);
return MACH_MSG_SUCCESS;
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 (text+ko) ====
@@ -989,6 +989,10 @@
#if MACH_ASSERT
ipc_port_track_dealloc(port);
#endif /* MACH_ASSERT */
+
+#ifdef MAC
+ mac_destroy_port_label (&port->ip_label);
+#endif
}
zfree(ipc_object_zones[otype], (vm_offset_t) object);
}
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 (text+ko) ====
@@ -462,6 +462,10 @@
#endif /* MACH_ASSERT */
ipc_mqueue_init(&port->ip_messages, FALSE /* set */);
+
+#ifdef MAC
+ mac_init_port_label (&port->ip_label);
+#endif
}
/*
@@ -498,6 +502,14 @@
ipc_port_init(port, space, name);
+#ifdef MAC
+ task_t issuer = current_task();
+ tasklabel_lock2 (issuer, space->is_task);
+ mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+ &port->ip_label);
+ tasklabel_unlock2 (issuer, space->is_task);
+#endif
+
*namep = name;
*portp = port;
@@ -537,6 +549,14 @@
ipc_port_init(port, space, name);
+#ifdef MAC
+ task_t issuer = current_task();
+ tasklabel_lock2 (issuer, space->is_task);
+ mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+ &port->ip_label);
+ tasklabel_unlock2 (issuer, space->is_task);
+#endif
+
*portp = port;
return KERN_SUCCESS;
@@ -1137,6 +1157,16 @@
ipc_port_init(port, space, 1);
+#ifdef MACXXX
+ task_t issuer = current_task();
+ if (issuer && space->is_task) {
+ tasklabel_lock2 (issuer, space->is_task);
+ mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+ &port->ip_label);
+ tasklabel_unlock2 (issuer, space->is_task);
+ }
+#endif
+
return port;
}
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 (text+ko) ====
@@ -80,6 +80,8 @@
#include <ipc/ipc_entry.h>
#include <ipc/ipc_space.h>
+#include <mach/_label.h>
+
/*
* A receive right (port) can be in four states:
* 1) dead (not active, ip_timestamp has death time)
@@ -146,6 +148,10 @@
unsigned long ip_spares[IP_NSPARES]; /* for debugging */
#endif /* MACH_ASSERT */
int alias;
+
+#ifdef MAC
+ struct label ip_label;
+#endif
};
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 (text+ko) ====
@@ -1316,6 +1316,9 @@
mach_msg_type_name_t msgt_name)
{
ipc_entry_bits_t bits;
+#ifdef MAC
+ task_t self = current_task();
+#endif
bits= entry->ie_bits;
assert(space->is_active);
@@ -1323,10 +1326,37 @@
switch (msgt_name) {
case MACH_MSG_TYPE_MAKE_SEND:
case MACH_MSG_TYPE_MAKE_SEND_ONCE:
+ if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
+ return FALSE;
+
+#ifdef MAC
+ ipc_port_t port;
+
+ port = (ipc_port_t) entry->ie_object;
+ ip_lock (port);
+ tasklabel_lock (self);
+ int rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ ip_unlock (port);
+ if (rc)
+ return FALSE;
+#endif
+ break;
+
case MACH_MSG_TYPE_MOVE_RECEIVE:
if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
return FALSE;
+#ifdef MAC
+ port = (ipc_port_t) entry->ie_object;
+ ip_lock (port);
+ tasklabel_lock (self);
+ rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ ip_unlock (port);
+ if (rc)
+ return FALSE;
+#endif
break;
case MACH_MSG_TYPE_COPY_SEND:
@@ -1346,6 +1376,16 @@
ip_lock(port);
active = ip_active(port);
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return FALSE;
+ }
+#endif
ip_unlock(port);
if (!active) {
@@ -1404,6 +1444,11 @@
ipc_port_t *sorightp)
{
ipc_entry_bits_t bits;
+#ifdef MAC
+ task_t self = current_task();
+ int rc;
+#endif
+ int dead;
bits = entry->ie_bits;
@@ -1424,6 +1469,17 @@
assert(port->ip_receiver_name == name);
assert(port->ip_receiver == space);
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
port->ip_mscount++;
port->ip_srights++;
ip_reference(port);
@@ -1448,6 +1504,17 @@
assert(port->ip_receiver_name == name);
assert(port->ip_receiver == space);
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
port->ip_sorights++;
ip_reference(port);
ip_unlock(port);
@@ -1472,6 +1539,17 @@
assert(port->ip_receiver_name == name);
assert(port->ip_receiver == space);
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
if (bits & MACH_PORT_TYPE_SEND) {
assert(IE_BITS_TYPE(bits) ==
MACH_PORT_TYPE_SEND_RECEIVE);
@@ -1518,12 +1596,26 @@
port = (ipc_port_t) entry->ie_object;
assert(port != IP_NULL);
- if (ipc_right_check(space, port, name, entry)) {
- bits = entry->ie_bits;
- goto copy_dead;
- }
+ dead = ipc_right_check(space, port, name, entry);
/* port is locked and active */
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
+ if (dead)
+ {
+ bits = entry->ie_bits;
+ goto copy_dead;
+ }
+
if ((bits & MACH_PORT_TYPE_SEND) == 0) {
assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
assert(port->ip_sorights > 0);
@@ -1560,11 +1652,24 @@
port = (ipc_port_t) entry->ie_object;
assert(port != IP_NULL);
- if (ipc_right_check(space, port, name, entry)) {
- bits = entry->ie_bits;
- goto move_dead;
+ dead = ipc_right_check(space, port, name, entry);
+ /* port is locked and active */
+
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
+ if (dead) {
+ bits = entry->ie_bits;
+ goto move_dead;
}
- /* port is locked and active */
if ((bits & MACH_PORT_TYPE_SEND) == 0) {
assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
@@ -1626,11 +1731,24 @@
port = (ipc_port_t) entry->ie_object;
assert(port != IP_NULL);
- if (ipc_right_check(space, port, name, entry)) {
- bits = entry->ie_bits;
- goto move_dead;
+ dead = ipc_right_check(space, port, name, entry);
+ /* port is locked and active */
+
+#ifdef MAC
+ tasklabel_lock (self);
+ rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+ tasklabel_unlock (self);
+ if (rc)
+ {
+ ip_unlock (port);
+ return KERN_NO_ACCESS;
+ }
+#endif
+
+ if (dead) {
+ bits = entry->ie_bits;
+ goto move_dead;
}
- /* port is locked and active */
if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0) {
assert(bits & MACH_PORT_TYPE_SEND);
@@ -1803,6 +1921,10 @@
mach_port_urefs_t urefs;
ipc_port_t port;
ipc_port_t dnrequest = IP_NULL;
+#ifdef MAC
+ task_t self = current_task();
+ int rc;
+#endif
assert(space->is_active);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list