PERFORCE change 75498 for review
Andrew Reisse
areisse at FreeBSD.org
Mon Apr 18 16:45:23 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=75498
Change 75498 by areisse at areisse_ibook on 2005/04/18 16:45:05
Initial support for access vectors in a mach message trailer. A new
entry point, mac_check_ipc_methods, returns an access vector
mapping routine numbers to permitted/denied bits. This vector is
then stored in the message trailer (if requested by the recipient).
Currently, any access decisions are made using the sender's task label
at the time of the sending, and the recipient port label at the
time of receive.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 (text+ko) ====
@@ -67,6 +67,7 @@
struct vnode;
struct devnode;
struct task;
+struct msg_access_vector;
struct mac_policy_ops {
/*
@@ -478,6 +479,9 @@
int (*mpo_audit_postselect)(struct ucred *cred,
unsigned short syscode, void *args, int error,
int retval);
+
+ void (*mpo_check_ipc_methods)(struct label *task,
+ struct label *port, struct msg_access_vector *av);
};
struct mac_policy_conf {
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 (text+ko) ====
@@ -274,6 +274,18 @@
trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
#if 1
+
+ if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_AV)) {
+ if (kmsg->ikm_sender != IO_NULL &&
+ IP_VALID(kmsg->ikm_header.msgh_remote_port)) {
+ mac_check_ipc_methods
+ (&kmsg->ikm_sender->lh_label,
+ &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av);
+ }
+ else
+ memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t));
+ }
+
if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_LABELS)) {
if (kmsg->ikm_sender != IO_NULL) {
ipc_object_t lh = &kmsg->ikm_sender->lh_object;
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 (text+ko) ====
@@ -25,6 +25,7 @@
* SUCH DAMAGE.
*/
+#include <mach/message.h>
#include <kern/task.h>
/* tasks */
@@ -58,3 +59,5 @@
int mac_check_port_hold_receive (struct label *task, struct label *port);
int mac_check_task_service_access (task_t self, task_t obj, const char *perm);
+
+void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av);
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 (text+ko) ====
@@ -331,6 +331,11 @@
mach_port_name_t sender;
} msg_labels_t;
+typedef struct msg_access_vector
+{
+ unsigned int av[4];
+} msg_access_vector_t;
+
typedef struct
{
mach_msg_trailer_type_t msgh_trailer_type;
@@ -339,6 +344,7 @@
security_token_t msgh_sender;
audit_token_t msgh_audit;
msg_labels_t msgh_labels;
+ msg_access_vector_t msgh_av;
} mach_msg_mac_trailer_t;
#define MACH_MSG_TRAILER_MINIMUM_SIZE sizeof(mach_msg_trailer_t)
@@ -513,6 +519,7 @@
#define MACH_RCV_TRAILER_SENDER 2
#define MACH_RCV_TRAILER_AUDIT 3
#define MACH_RCV_TRAILER_LABELS 4
+#define MACH_RCV_TRAILER_AV 8
#define MACH_RCV_TRAILER_TYPE(x) (((x) & 0xf) << 28)
#define MACH_RCV_TRAILER_ELEMENTS(x) (((x) & 0xf) << 24)
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 (text+ko) ====
@@ -32,6 +32,7 @@
*/
#include <security/mac_internal.h>
+#include <mach/message.h>
void
mac_init_port_label (struct label *l)
@@ -171,3 +172,27 @@
return (error);
}
+
+void
+mac_check_ipc_methods(struct label *task, struct label *port,
+ msg_access_vector_t *av)
+{
+ struct mac_policy_conf *mpc;
+ int entrycount;
+
+ memset(av, 0xff, sizeof(msg_access_vector_t));
+
+ LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
+ if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
+ mpc->mpc_ops->mpo_check_ipc_methods(
+ task, port, av);
+ }
+ if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
+ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+ if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
+ mpc->mpc_ops->mpo_check_ipc_methods(
+ task, port, av);
+ }
+ mac_policy_list_unbusy();
+ }
+}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list