PERFORCE change 46200 for review

Andrew Reisse areisse at FreeBSD.org
Fri Jan 30 18:03:02 GMT 2004


http://perforce.freebsd.org/chv.cgi?CH=46200

Change 46200 by areisse at areisse_ibook on 2004/01/30 10:02:08

	Merge mach additions back to sedarwin development branch.
	
	Move mac initialization to mach startup, so that it is available for
	creation of mach tasks and ports. The policy (mac_late) initialization is
	also done here. (mac_late_init should be renamed mac_init_policy to better
	reflect its actual purpose)
	
	Add support for task and port labels to the mac framework and sebsd.
	A new lock was introduced to protect the task label. The lock order for
	two task labels is lower pointer first.
	
	Add object labelling events for mach tasks and ports. Tasks (and task ports)
	copy labels from the cred labels whenever the cred label is changed.
	(Currently, in fork, execve, bsd_init, and mac_relabel_cred)
	It is up to the policy to label newly created ports.
	
	Add access control checks for sending messages and port rights. Getting
	port rights from a message is not currently checked. Add a message
	trailer field for the sender's task label.
	
	Add a new mach kernel server, security. This server has calls for
	getting and setting labels on ports and tasks, and checking access.
	There are 3 generic access check calls so far: 
	subject and object are tasks
	subject is task, object is port
	subject and object label strings are passed.
	The last check can be used by a userspace server, using the label from
	the message trailer, to use the client as subject.
	
	Add new access control check, mac_check_service_access. This uses an
	arbitrary subject, object, permission class, and permission name to 
	check a permission. It can be called from userspace (currently only 
	for tasks).
	
	sebsd:
	Add support for libsebsd security_change_context call.
	Support task and port labels. Both use the cred label structure (for now).
	Enable use of named permissions; implement mac_check_service_access
	(it assumes both labels are cred format).
	Print numbers in permission sets if there are no names.
	Add support for task and port labels and permission checks.
	Label new ports after the task.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_msg.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_port.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_kobject.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_tt.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/startup.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/Makefile#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/_label.h#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mac.h#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_port.defs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_types.defs#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/message.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/security.defs#1 branch
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ppc/ppc_init.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/pexpert/pexpert/ppc/boot.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_inherit.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_permissions.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#6 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#4 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc_ss.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/class_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/common_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/initial_sid_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/access_vectors#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/security_classes#2 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#20 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#4 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#5 integrate
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/services.c#5 integrate

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 (text+ko) ====

@@ -117,6 +117,8 @@
 #include <mach/shared_memory_server.h>
 #include <vm/vm_shared_memory_server.h>
 
+#include <sys/mac.h>
+
 extern shared_region_mapping_t       system_shared_region;
 extern int app_profile;		/* on/off switch for pre-heat cache */
 
@@ -290,11 +292,9 @@
 	 * Initialize the MAC Framework
 	 */
 	{
-	    extern mac_init(void);
-	    extern mac_late_init(void);
+	    extern mac_init_bsd(void);
 
-	    mac_init();
-	    mac_late_init();
+	    mac_init_bsd();
 	}
 #endif /* MAC */
 
@@ -352,6 +352,7 @@
 
 #ifdef MAC
 	mac_create_proc0(p->p_ucred);
+	mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
 #endif
 
 	/* Create the file descriptor table. */
@@ -577,6 +578,7 @@
 	vm_set_shared_region(get_threadtask(th_act), system_shared_region);
 #ifdef MAC
 	mac_create_proc1(p->p_ucred);
+	mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
 #endif
 	load_init_program(p);
 	/* turn on app-profiling i.e. pre-heating */

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 (text+ko) ====

@@ -89,6 +89,7 @@
 #include <sys/exec.h>
 #include <sys/kdebug.h>
 #include <sys/signal.h>
+#include <sys/mac.h>
 
 #include <mach/vm_param.h>
 
@@ -657,8 +658,10 @@
 		}
 
 #ifdef MAC
-		if (will_transition && !no_trans)
+		if (will_transition && !no_trans) {
 		  mac_execve_transition (cred, p->p_ucred, vp, scriptlabelp, execlabelp);
+		  mac_update_task_from_cred (p->p_ucred, p->task);
+		}
 #endif
 
 		crfree (cred);

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 (text+ko) ====

@@ -71,6 +71,7 @@
 #include <sys/vnode.h>
 #include <sys/file.h>
 #include <sys/acct.h>
+#include <sys/mac.h>
 #if KTRACE
 #include <sys/ktrace.h>
 #endif
@@ -253,6 +254,7 @@
 	child->task = task;
 	/* task->proc = child; */
 	set_bsdtask_info(task, child);
+	mac_update_task_from_cred (child->p_ucred, task);
 	if (child->p_nice != 0)
 		resetpriority(child);
 	result = thread_create(task, &thread);

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 (text+ko) ====

@@ -524,13 +524,17 @@
  * Initialize the MAC subsystem, including appropriate SMP locks.
  */
 void
-mac_init(void)
+mac_init_mach ()
 {
-
 	LIST_INIT(&mac_static_policy_list);
 	LIST_INIT(&mac_policy_list);
 
 	mac_policy_mtx = mutex_alloc(ETAP_NO_TRACE);
+}
+
+void
+mac_init_bsd(void)
+{
 	cv_init(&mac_policy_cv, "mac_policy_cv");
 
 	sysctl_register_oid(&sysctl__security);
@@ -664,7 +668,8 @@
 	 * We don't technically need exclusive access while !mac_late,
 	 * but hold it for assertion consistency.
 	 */
-	mac_policy_grab_exclusive();
+	if (mac_late)
+	  mac_policy_grab_exclusive();
 
 	/*
 	 * If the module can potentially be unloaded, or we're loading
@@ -724,7 +729,8 @@
 	    mpc->mpc_name);
 
 out:
-	mac_policy_release_exclusive();
+	if (mac_late)
+	  mac_policy_release_exclusive();
 	return (error);
 }
 
@@ -855,7 +861,7 @@
 	MAC_DEBUG_COUNTER_INC(&nmacbpfdescs);
 }
 
-static void
+void
 mac_init_cred_label(struct label *label)
 {
 	mac_init_label(label);
@@ -864,6 +870,19 @@
 }
 
 void
+mac_init_task_label(struct label *label)
+{
+	mac_init_label(label);
+	MAC_PERFORM(init_task_label, label);
+}
+
+void
+mac_copy_cred_to_task (struct label *cred, struct label *task)
+{
+  MAC_PERFORM (copy_cred_to_task, cred, task);
+}
+
+void
 mac_init_cred(struct ucred *cred)
 {
 
@@ -871,6 +890,18 @@
 }
 
 void
+mac_init_port_label (struct label *l)
+{
+  MAC_PERFORM (init_port_label, l);
+}
+
+void
+mac_destroy_port_label (struct label *l)
+{
+  MAC_PERFORM (destroy_port_label, l);
+}
+
+void
 mac_init_devfsdirent(struct devnode *de)
 {
 	mac_init_label(&de->dn_label);
@@ -1105,6 +1136,13 @@
 }
 
 void
+mac_destroy_task_label(struct label *label)
+{
+	MAC_PERFORM(destroy_task_label, label);
+	mac_destroy_label(label);
+}
+
+void
 mac_destroy_cred(struct ucred *cred)
 {
 
@@ -1264,6 +1302,20 @@
 }
 
 void
+mac_copy_port_label(struct label *src, struct label *dest)
+{
+
+	MAC_PERFORM(copy_port_label, src, dest);
+}
+
+void
+mac_update_port_from_cred_label (struct label *src, struct label *dest)
+{
+
+	MAC_PERFORM(update_port_from_cred_label, src, dest);
+}
+
+void
 mac_copy_devfs_label(struct label *src, struct label *dest)
 {
 	MAC_PERFORM(copy_devfs_label, src, dest);
@@ -1290,6 +1342,28 @@
 	return (error);
 }
 
+int
+mac_externalize_task_label(struct label *label, char *elements,
+    char *outbuf, size_t outbuflen, int flags)
+{
+	int error;
+
+	MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
+
+	return (error);
+}
+
+int
+mac_externalize_port_label(struct label *label, char *elements,
+    char *outbuf, size_t outbuflen, int flags)
+{
+	int error;
+
+	MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
+
+	return (error);
+}
+
 static int
 mac_externalize_ifnet_label(struct label *label, char *elements,
     char *outbuf, size_t outbuflen, int flags)
@@ -1357,6 +1431,16 @@
 	return (error);
 }
 
+int
+mac_internalize_port_label(struct label *label, char *string)
+{
+	int error;
+
+	MAC_INTERNALIZE(cred_label, label, string);
+
+	return (error);
+}
+
 static int
 mac_internalize_ifnet_label(struct label *label, char *string)
 {
@@ -1447,6 +1531,19 @@
 }
 
 void
+mac_create_task (struct task *parent, struct task *child, struct label *pl,
+		 struct label *chl)
+{
+  MAC_PERFORM(create_task, parent, child, pl, chl);
+}
+
+void
+mac_create_port(struct label *it, struct label *st, struct label *port)
+{
+  MAC_PERFORM(create_port, it, st, port);
+}
+
+void
 mac_update_devfsdirent(struct mount *mp, struct devnode *de,
     struct vnode *vp)
 {
@@ -2642,6 +2739,66 @@
 }
 
 int
+mac_check_port_relabel (struct label *task, struct label *old, struct label *newlabel)
+{
+	int error;
+
+	MAC_CHECK(check_port_relabel, task, old, newlabel);
+
+	return (error);
+}
+
+int
+mac_check_port_send (struct label *task, struct label *port)
+{
+	int error;
+
+	MAC_CHECK(check_port_send, task, port);
+
+	return (error);
+}
+
+int
+mac_check_port_make_send (struct label *task, struct label *port)
+{
+	int error;
+
+	MAC_CHECK(check_port_make_send, task, port);
+
+	return (error);
+}
+
+int
+mac_check_port_copy_send (struct label *task, struct label *port)
+{
+	int error;
+
+	MAC_CHECK(check_port_copy_send, task, port);
+
+	return (error);
+}
+
+int
+mac_check_port_move_receive (struct label *task, struct label *port)
+{
+	int error;
+
+	MAC_CHECK(check_port_move_receive, task, port);
+
+	return (error);
+}
+
+int
+mac_check_service_access (struct label *subj, struct label *obj,
+			  const char *s, const char *p)
+{
+  int error;
+
+  MAC_CHECK (check_service_access, subj, obj, s, p);
+  return error;
+}
+
+int
 mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
 {
 	struct label *label;
@@ -3630,6 +3787,7 @@
 	newcred = crdup(oldcred);
 	mac_relabel_cred(newcred, &intlabel);
 	p->p_ucred = newcred;
+	mac_update_task_from_cred (newcred, p->task);
 
 	/*
 	 * Grab additional reference for use while revoking mmaps, prior

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 (text+ko) ====

@@ -803,4 +803,6 @@
 					   (sec_token.val[0]) ?
 					        HOST_PRIV_NULL :
 						host_priv_self());
+
+	mac_update_task_from_cred (p->p_ucred, p->task);
 }

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 (text+ko) ====

@@ -147,6 +147,8 @@
 void	mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
 void	mac_copy_vnode_label(struct label *, struct label *label);
 void	mac_copy_devfs_label(struct label *, struct label *label);
+void    mac_copy_cred_to_task (struct label *cred, struct label *task);
+void    mac_update_task_label (struct label *plabel, void *task);
 void	mac_destroy_bpfdesc(struct bpf_d *);
 void	mac_destroy_cred(struct ucred *);
 void	mac_destroy_devfsdirent(struct devnode *);
@@ -160,6 +162,9 @@
 void	mac_destroy_vnode(struct vnode *);
 void	mac_destroy_vnode_label(struct label *);
 
+#define mac_update_task_from_cred(cred,task) \
+     mac_update_task_label (&((cred)->cr_label),task)
+
 /*
  * Labeling event operations: file system objects, and things that
  * look a lot like file system objects.
@@ -237,6 +242,8 @@
 #endif
 
 /* Access control checks. */
+int     mac_check_service_access (struct label *subj, struct label *obj,
+				  const char *serv, const char *perm);
 int	mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
 int	mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
 int	mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 (text+ko) ====

@@ -63,6 +63,7 @@
 struct ucred;
 struct vnode;
 struct devnode;
+struct task;
 
 struct mac_policy_ops {
 	/*
@@ -95,6 +96,8 @@
 	void	(*mpo_init_pipe_label)(struct label *label);
 #endif
 	void	(*mpo_init_proc_label)(struct label *label);
+        void    (*mpo_init_task_label)(struct label *label);
+        void    (*mpo_init_port_label)(struct label *label);
 	void	(*mpo_init_vnode_label)(struct label *label);
 	void	(*mpo_destroy_bpfdesc_label)(struct label *label);
 	void	(*mpo_destroy_cred_label)(struct label *label);
@@ -110,9 +113,15 @@
 	void	(*mpo_destroy_pipe_label)(struct label *label);
 #endif
 	void	(*mpo_destroy_proc_label)(struct label *label);
+	void	(*mpo_destroy_task_label)(struct label *label);
+        void    (*mpo_destroy_port_label)(struct label *label);
 	void	(*mpo_destroy_vnode_label)(struct label *label);
+        void    (*mpo_copy_cred_to_task) (struct label *cred, struct label *task);
 	void	(*mpo_copy_mbuf_label)(struct label *src,
 		    struct label *dest);
+
+        void    (*mpo_update_port_from_cred_label) (struct label *cred,
+						    struct label *task);
 #if 0
 	void	(*mpo_copy_pipe_label)(struct label *src,
 		    struct label *dest);
@@ -121,6 +130,8 @@
 		    struct label *dest);
 	void	(*mpo_copy_devfs_label)(struct label *src,
 		    struct label *dest);
+	void	(*mpo_copy_port_label)(struct label *src,
+		    struct label *dest);
 	int	(*mpo_externalize_cred_label)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
 	int	(*mpo_externalize_ifnet_label)(struct label *label,
@@ -223,6 +234,9 @@
 		    struct label *pipelabel);
 #endif
 
+	void	(*mpo_create_port)(struct label *it, struct label *st,
+		    struct label *portlabel);
+
 	/*
 	 * Labeling event operations: network objects.
 	 */
@@ -279,6 +293,9 @@
 	void	(*mpo_create_cred)(struct ucred *parent_cred,
 		    struct ucred *child_cred);
 
+        void	(*mpo_create_task)(struct task *parent, struct task *child, struct label *pl, 
+				   struct label *cl);
+
 	void	(*mpo_execve_transition)(struct ucred *old, struct ucred *new,
 		    struct vnode *vp,
                     struct label *vnodelabel,
@@ -290,7 +307,7 @@
 		    struct label *interpvnodelabel,
 		    struct label *execlabel);
 
-	void	(*mpo_create_proc0)(struct ucred *cred);
+        void	(*mpo_create_proc0)(struct ucred *cred);
 	void	(*mpo_create_proc1)(struct ucred *cred);
 	void	(*mpo_relabel_cred)(struct ucred *cred,
 		    struct label *newlabel);
@@ -301,11 +318,18 @@
 	/*
 	 * Access control checks.
 	 */
+        int     (*mpo_check_service_access)(struct label *subj, struct label *obj, const char *serv, const char *perm);
 	int	(*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d,
 		    struct label *bpflabel, struct ifnet *ifnet,
 		    struct label *ifnetlabel);
 	int	(*mpo_check_cred_relabel)(struct ucred *cred,
 		    struct label *newlabel);
+        int	(*mpo_check_port_relabel)(struct label *task, struct label *old,
+		    struct label *newlabel);
+        int     (*mpo_check_port_send)(struct label *task, struct label *port);
+        int     (*mpo_check_port_make_send)(struct label *task, struct label *port);
+        int     (*mpo_check_port_copy_send)(struct label *task, struct label *port);
+        int     (*mpo_check_port_move_receive)(struct label *task, struct label *port);
 	int	(*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
 	int	(*mpo_check_ifnet_relabel)(struct ucred *cred,
 		    struct ifnet *ifnet, struct label *ifnetlabel,

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 (text+ko) ====

@@ -196,3 +196,5 @@
 #
 options		MACH_COUNTERS		#		# <stats>
 
+
+options		MAC

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 (text+ko) ====

@@ -221,6 +221,7 @@
 ./mach/task_server.c			standard
 ./mach/thread_act_server.c		standard
 ./mach/vm_map_server.c			standard
+./mach/security_server.c		standard
 osfmk/mach-o/mach_header.c		standard
 osfmk/vm/device_vm.c			standard
 osfmk/vm/memory_object.c		standard

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 (text+ko) ====

@@ -647,7 +647,7 @@
 {
 	mach_msg_size_t			msg_and_trailer_size;
 	ipc_kmsg_t 			kmsg;
-	mach_msg_format_0_trailer_t 	*trailer;
+	mach_msg_mac_trailer_t   	*trailer;
 	mach_port_name_t		dest_name;
 	ipc_entry_t			dest_entry;
 	ipc_port_t			dest_port;
@@ -675,11 +675,23 @@
 	 * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize
 	 * the cases where no implicit data is requested.
 	 */
-	trailer = (mach_msg_format_0_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size);
+	trailer = (mach_msg_mac_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size);
 	trailer->msgh_sender = current_thread()->top_act->task->sec_token;
 	trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0;
 	trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE;
 
+	task_t cur = current_thread()->top_act->task;
+	if (cur)
+	  {
+	    tasklabel_lock (cur);
+	    mac_externalize_task_label (&cur->maclabel,
+					"sebsd", trailer->msgh_labels.slabel,
+					64, 0);
+	    tasklabel_unlock (cur);
+	  }
+	else
+	  strcpy (trailer->msgh_labels.slabel, "system_u:system_r:kernel_t");
+
 	*kmsgp = kmsg;
 	return MACH_MSG_SUCCESS;
 }
@@ -797,6 +809,19 @@
 
 	ip_lock(port);
 
+#ifdef MAC
+	task_t self = current_task();
+	tasklabel_lock (self);
+
+	int rc = mac_check_port_send (&self->maclabel, &port->ip_label);
+	tasklabel_unlock (self);
+	if (rc)
+	  {
+	    ip_unlock (port);
+	    return KERN_NO_ACCESS;
+	  }
+#endif	
+
 	if (port->ip_receiver == ipc_space_kernel) {
 
 		/*
@@ -839,6 +864,7 @@
 
 		ip_release(port);
 		ip_check_unlock(port);
+
 		kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL;
 		ipc_kmsg_destroy(kmsg);
 		return MACH_MSG_SUCCESS;

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 (text+ko) ====

@@ -989,6 +989,10 @@
 #if	MACH_ASSERT
 		ipc_port_track_dealloc(port);
 #endif	/* MACH_ASSERT */
+
+#ifdef MAC
+		mac_destroy_port_label (&port->ip_label);
+#endif
 	}
 	zfree(ipc_object_zones[otype], (vm_offset_t) object);
 }

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 (text+ko) ====

@@ -462,6 +462,10 @@
 #endif	/* MACH_ASSERT */
 
 	ipc_mqueue_init(&port->ip_messages, FALSE /* set */);
+
+#ifdef MAC
+	mac_init_port_label (&port->ip_label);
+#endif
 }
 
 /*
@@ -498,6 +502,14 @@
 
 	ipc_port_init(port, space, name);
 
+#ifdef MAC
+	task_t issuer = current_task();
+	tasklabel_lock2 (issuer, space->is_task);
+	mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+			 &port->ip_label);
+	tasklabel_unlock2 (issuer, space->is_task);
+#endif
+
 	*namep = name;
 	*portp = port;
 
@@ -537,6 +549,14 @@
 
 	ipc_port_init(port, space, name);
 
+#ifdef MAC
+	task_t issuer = current_task();
+	tasklabel_lock2 (issuer, space->is_task);
+	mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+			 &port->ip_label);
+	tasklabel_unlock2 (issuer, space->is_task);
+#endif
+
 	*portp = port;
 
 	return KERN_SUCCESS;
@@ -1137,6 +1157,16 @@
 
 	ipc_port_init(port, space, 1);
 
+#ifdef MACXXX
+	task_t issuer = current_task();
+	if (issuer && space->is_task) {
+	  tasklabel_lock2 (issuer, space->is_task);
+	  mac_create_port (&issuer->maclabel, &space->is_task->maclabel,
+			   &port->ip_label);
+	  tasklabel_unlock2 (issuer, space->is_task);
+	}
+#endif
+
 	return port;
 }
 

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 (text+ko) ====

@@ -80,6 +80,8 @@
 #include <ipc/ipc_entry.h>
 #include <ipc/ipc_space.h>
 
+#include <mach/_label.h>
+
 /*
  *  A receive right (port) can be in four states:
  *	1) dead (not active, ip_timestamp has death time)
@@ -146,6 +148,10 @@
 	unsigned long	ip_spares[IP_NSPARES]; /* for debugging */
 #endif	/* MACH_ASSERT */
 	int		alias;
+
+#ifdef MAC
+        struct label    ip_label;
+#endif
 };
 
 

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 (text+ko) ====

@@ -1316,6 +1316,9 @@
 	mach_msg_type_name_t	msgt_name)
 {
 	ipc_entry_bits_t bits;
+#ifdef MAC
+	task_t self = current_task();
+#endif
 
 	bits= entry->ie_bits;
 	assert(space->is_active);
@@ -1323,10 +1326,37 @@
 	switch (msgt_name) {
 	    case MACH_MSG_TYPE_MAKE_SEND:
 	    case MACH_MSG_TYPE_MAKE_SEND_ONCE:
+		if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
+			return FALSE;
+
+#ifdef MAC
+		ipc_port_t port;
+
+		port = (ipc_port_t) entry->ie_object;
+		ip_lock (port);
+		tasklabel_lock (self);
+		int rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		ip_unlock (port);
+		if (rc)
+		  return FALSE;
+#endif
+		break;
+
 	    case MACH_MSG_TYPE_MOVE_RECEIVE:
 		if ((bits & MACH_PORT_TYPE_RECEIVE) == 0)
 			return FALSE;
 
+#ifdef MAC
+		port = (ipc_port_t) entry->ie_object;
+		ip_lock (port);
+		tasklabel_lock (self);
+		rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		ip_unlock (port);
+		if (rc)
+		  return FALSE;
+#endif
 		break;
 
 	    case MACH_MSG_TYPE_COPY_SEND:
@@ -1346,6 +1376,16 @@
 
 		ip_lock(port);
 		active = ip_active(port);
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return FALSE;
+		  }
+#endif
 		ip_unlock(port);
 
 		if (!active) {
@@ -1404,6 +1444,11 @@
 	ipc_port_t		*sorightp)
 {
 	ipc_entry_bits_t bits;
+#ifdef MAC
+	task_t self = current_task();
+	int    rc;
+#endif
+	int    dead;
 	
 	bits = entry->ie_bits;
 
@@ -1424,6 +1469,17 @@
 		assert(port->ip_receiver_name == name);
 		assert(port->ip_receiver == space);
 
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
 		port->ip_mscount++;
 		port->ip_srights++;
 		ip_reference(port);
@@ -1448,6 +1504,17 @@
 		assert(port->ip_receiver_name == name);
 		assert(port->ip_receiver == space);
 
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_make_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
 		port->ip_sorights++;
 		ip_reference(port);
 		ip_unlock(port);
@@ -1472,6 +1539,17 @@
 		assert(port->ip_receiver_name == name);
 		assert(port->ip_receiver == space);
 
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
 		if (bits & MACH_PORT_TYPE_SEND) {
 			assert(IE_BITS_TYPE(bits) ==
 					MACH_PORT_TYPE_SEND_RECEIVE);
@@ -1518,12 +1596,26 @@
 		port = (ipc_port_t) entry->ie_object;
 		assert(port != IP_NULL);
 
-		if (ipc_right_check(space, port, name, entry)) {
-			bits = entry->ie_bits;
-			goto copy_dead;
-		}
+		dead = ipc_right_check(space, port, name, entry);
 		/* port is locked and active */
 
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
+		if (dead)
+		  {
+		    bits = entry->ie_bits;
+		    goto copy_dead;
+		  }
+
 		if ((bits & MACH_PORT_TYPE_SEND) == 0) {
 			assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
 			assert(port->ip_sorights > 0);
@@ -1560,11 +1652,24 @@
 		port = (ipc_port_t) entry->ie_object;
 		assert(port != IP_NULL);
 
-		if (ipc_right_check(space, port, name, entry)) {
-			bits = entry->ie_bits;
-			goto move_dead;
+		dead = ipc_right_check(space, port, name, entry);
+		/* port is locked and active */
+
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
+		if (dead) {
+		  bits = entry->ie_bits;
+		  goto move_dead;
 		}
-		/* port is locked and active */
 
 		if ((bits & MACH_PORT_TYPE_SEND) == 0) {
 			assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE);
@@ -1626,11 +1731,24 @@
 		port = (ipc_port_t) entry->ie_object;
 		assert(port != IP_NULL);
 
-		if (ipc_right_check(space, port, name, entry)) {
-			bits = entry->ie_bits;
-			goto move_dead;
+		dead = ipc_right_check(space, port, name, entry);
+		/* port is locked and active */
+
+#ifdef MAC
+		tasklabel_lock (self);
+		rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label);
+		tasklabel_unlock (self);
+		if (rc)
+		  {
+		    ip_unlock (port);
+		    return KERN_NO_ACCESS;
+		  }
+#endif
+
+		if (dead) {
+		  bits = entry->ie_bits;
+		  goto move_dead;
 		}
-		/* port is locked and active */
 
 		if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0) {
 			assert(bits & MACH_PORT_TYPE_SEND);
@@ -1803,6 +1921,10 @@
 	mach_port_urefs_t urefs;
 	ipc_port_t port;
 	ipc_port_t dnrequest = IP_NULL;
+#ifdef MAC
+	task_t self = current_task();
+	int    rc;
+#endif
 
 	assert(space->is_active);
 

>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list