PERFORCE change 76154 for review

Andrew Reisse areisse at FreeBSD.org
Thu Apr 28 20:14:44 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=76154

Change 76154 by areisse at areisse_ibook on 2005/04/28 20:13:47

	More progress on exposing and automating mach ipc security checks:
	-Pass the actual message id in the entry point (although it still
	 produces a vector)
	-The sebsd policy reads a file mapping message id ranges to 
	 flask security classes, permitting automated generation of 
	 security class and permission specifications with Mig. Any number
	 of mach interfaces may use the same TE types, as long as the
	 message ids involved are all different.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#1 add

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#4 (text+ko) ====

@@ -481,7 +481,7 @@
 		    int retval);
 
 	void	(*mpo_check_ipc_methods)(struct label *task,
-		    struct label *port, struct msg_access_vector *av);
+		    struct label *port, int msgid, struct msg_access_vector *av);
 };
 
 struct mac_policy_conf {

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#3 (text+ko) ====

@@ -280,7 +280,9 @@
 		      IP_VALID(kmsg->ikm_header.msgh_remote_port)) {
 		    mac_check_ipc_methods
 		      (&kmsg->ikm_sender->lh_label,
-		       &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av);
+		       &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label,
+		       kmsg->ikm_header.msgh_id,
+		       &trailer->msgh_av);
 		  }
 		  else
 			  memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t));

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#4 (text+ko) ====

@@ -60,4 +60,4 @@
 
 int mac_check_task_service_access (task_t self, task_t obj, const char *perm);
 
-void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av);
+void mac_check_ipc_methods (struct label *task, struct label *port, int msgid, msg_access_vector_t *av);

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#4 (text+ko) ====

@@ -174,7 +174,7 @@
 }
 
 void
-mac_check_ipc_methods(struct label *task, struct label *port,
+mac_check_ipc_methods(struct label *task, struct label *port, int msgid,
     msg_access_vector_t *av)
 {
 	struct mac_policy_conf *mpc;
@@ -185,13 +185,13 @@
 	LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
 		if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
 			mpc->mpc_ops->mpo_check_ipc_methods(
-			    task, port, av);
+			    task, port, msgid, av);
 	}
 	if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
 		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
 			if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
 				mpc->mpc_ops->mpo_check_ipc_methods(
-				    task, port, av);
+				    task, port, msgid, av);
 		}
 		mac_policy_list_unbusy();
 	}

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#2 (text+ko) ====

@@ -5,7 +5,7 @@
 
 OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \
        ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \
-       ss/sidtab.o ss/symtab.o avc/avc.o
+       ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o
 
 sedarwin.kext.tar: sedarwin.o
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#3 (text+ko) ====

@@ -148,6 +148,8 @@
 	if (security_init()) {
 		panic("SEBSD: couldn't read policy file");
 	}
+
+	sebsd_mach_av_init();
 }
 
 static void
@@ -1252,7 +1254,7 @@
 extern int selinux_enforcing;
 
 static void
-sebsd_check_ipc_methods(struct label *subj, struct label *obj,
+sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid,
     msg_access_vector_t *av)
 {
 	struct task_security_struct *tsec, *psec;
@@ -1264,15 +1266,7 @@
 	if (!selinux_enforcing)
 		return;
 
-	for (i = 0; i < 4; i++)
-	{
-		struct av_decision avd;
-		security_class_t   tclass = SECCLASS_PORT_METHODS1 + i;
-
-		avc_has_perm_noaudit (tsec->sid, psec->sid, tclass, 0xffffffff, NULL, &avd);
-
-		av->av[i] &= avd.allowed;
-	}
+	sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av);
 }
 
 static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list