PERFORCE change 79305 for review

[Andrew Reisse]

http://perforce.freebsd.org/chv.cgi?CH=79305

Change 79305 by areisse at areisse_ibook on 2005/06/30 14:55:13

	Convert check_ipc_methods to report a single decision rather than
	a vector. This simplifies the policy and allows the specific
	decision requested to be audited.
	
	Add a few missing bootstrap namespace rules to the sample policy.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 (text+ko) ====

@@ -188,8 +188,7 @@
 mach_bootstrap(systemstarter_d,boot_names_t,securityserver_d);
 mach_bootstrap(systemstarter_d,boot_names_t,windowserver_d);
 mach_bootstrap(systemstarter_d,boot_names_t,boot_names_t);
-allow systemstarter_d init_d:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array };
-allow systemstarter_d boot_names_t:mi_bootstrap { bootstrap_register bootstrap_create_server };
+mach_bootstrap_register(systemstarter_d,boot_names_t,boot_names_t);
 
 mach_bootstrap(coreservices_d,boot_names_t,boot_names_t);
 mach_bootstrap(coreservices_d,boot_names_t,init_d);
@@ -243,6 +242,7 @@
 allow_mach_ipc(pbs_d,init_d);
 allow_mach_ipc(pbs_d,lookupd_d);
 allow_mach_ipc(pbs_d,coreservices_d);
+mach_bootstrap_register(pbs_d,boot_names_t,boot_names_t);
 
 allow_mach_ipc(kernel_d,unlabeled_t);
 allow_mach_ipc(cron_d,unlabeled_t);

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 (text+ko) ====

@@ -1272,20 +1272,16 @@
 
 extern int selinux_enforcing;
 
-static void
-sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid,
-    msg_access_vector_t *av)
+static int
+sebsd_check_ipc_method(struct label *subj, struct label *obj, int msgid)
 {
 	struct task_security_struct *tsec, *psec;
-	int i;
+	int rc;
 
 	psec = SLOT(obj);
 	tsec = SLOT(subj);
 
-	if (!selinux_enforcing)
-		return;
-
-	sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av);
+	return sebsd_check_ipc_method1 (tsec->sid,psec->sid, msgid);
 }
 
 static int
@@ -2714,7 +2710,7 @@
 //	.mpo_check_sysv_shmdt = sebsd_check_sysv_shmdt,
 	.mpo_check_sysv_shmget = sebsd_check_sysv_shmget,
 
-  .mpo_check_ipc_methods = sebsd_check_ipc_methods,
+  .mpo_check_ipc_method = sebsd_check_ipc_method,
 
   .mpo_syscall = sebsd_syscall
 };

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 (text+ko) ====

@@ -20,6 +20,7 @@
 
 struct msgid_classinfo
 {
+	int baseid;
 	int nclasses;
 	int classes[0];
 };
@@ -52,6 +53,7 @@
 
 		struct msgid_classinfo *c = sebsd_ss_malloc
 			(sizeof(int) * nclasses + sizeof(struct msgid_classinfo), M_WAITOK);
+		c->baseid = msgid;
 		c->nclasses = nclasses;
 		for (i = 0; i < nclasses; i++)
 			c->classes[i] = *p++;
@@ -60,27 +62,31 @@
 			*ip = i;
 			hashtab_insert(msgid2class, ip, c);
 		}
-
-		printf ("migscs %d-%d: %d\n", msgid, msgid+size, c->classes[0]);
 	}
 }
 
-void
-sebsd_check_ipc_methods1(int subj, int obj, int msgid,
-    msg_access_vector_t *av)
+int
+sebsd_check_ipc_method1(int subj, int obj, int msgid)
 {
 	struct msgid_classinfo *mcl = hashtab_search(msgid2class, &msgid);
 	int i;
+
+	/*
+	 * Return allowed for messages in an unknown subsystem.
+	 * Instead, we probably should make a check against a
+	 * new permission to be added to mach_port for this purpose.
+	 */
 	if (!mcl)
-		return;
+		return 0;
 
 	struct av_decision avd;
-	unsigned int       perms = 0;
+	int                cl = (msgid-mcl->baseid) / (8*sizeof(access_vector_t));
+	access_vector_t    perms;
 
-	for (i = 0; i < mcl->nclasses; i++) {
-		avc_has_perm_noaudit(subj, obj, mcl->classes[i], 0xffffffff, NULL, &avd);
-		perms |= avd.allowed;
-	}
+	if (cl >= mcl->nclasses)
+		return (1); /* bad message, access denied */
 
-	av->av[0] &= perms;
+	perms = (access_vector_t)1 <<
+	    (msgid - mcl->baseid - cl * 8 * sizeof(access_vector_t));
+	return avc_has_perm_audit(subj, obj, mcl->classes[cl], perms, &avd);
 }
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message