PERFORCE change 95630 for review
Todd Miller
millert at FreeBSD.org
Wed Apr 19 21:32:28 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=95630
Change 95630 by millert at millert_g5tower on 2006/04/19 21:32:10
Remove gratuitous diffs against SEBSD
Some style fixes
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#9 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#37 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.h#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#9 (text+ko) ====
@@ -35,6 +35,7 @@
#include <kern/lock.h>
#endif
+int selinux_auditing = 1;
int selinux_enforcing = 0;
#define AVC_CACHE_SLOTS 512
@@ -98,7 +99,7 @@
}
static inline void avc_cache_stats_add(int type, unsigned val)
-
+{
avc_cache_stats[type] += val;
}
#else
@@ -110,6 +111,7 @@
#endif
#if 0
+/* XXXMAC - moved to services.c */
/**
* avc_dump_av - Display an access vector in human-readable form.
* @tclass: target security class
@@ -189,7 +191,7 @@
printk(" tcontext=%s", scontext);
kfree(scontext);
}
- printk(" tclass=%s", security_class_to_string (tclass));
+ printk(" tclass=%s", security_class_to_string(tclass));
}
/**
@@ -200,6 +202,8 @@
void avc_init(void)
{
struct avc_node *new;
+ size_t evsize;
+ char *ev;
int i;
for (i = 0; i < AVC_NSTATS; i++)
@@ -237,11 +241,9 @@
mtx_init(&avc_log_lock, "SEBSD message lock", NULL, MTX_DEF);
#endif
- size_t evsize;
- char *ev;
if (preload_find_data ("sebsd_enforce", &evsize, &ev)) {
- if (evsize > 0 && ev[0] == '1')
- selinux_enforcing = 1;
+ if (evsize > 0 && ev[0] == '1')
+ selinux_enforcing = 1;
}
}
@@ -535,6 +537,17 @@
static inline int check_avc_ratelimit(void)
{
+
+ /*
+ * If auditing is not enabled, suppress all messages.
+ */
+ if (!selinux_auditing)
+ return 0;
+
+ /*
+ * Otherwise, rate limit messages in enforcing mode, or display all
+ * messages in permissive mode.
+ */
if (selinux_enforcing)
return avc_ratelimit();
else {
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#4 (text+ko) ====
@@ -20,11 +20,15 @@
#include <sys/capability.h>
#endif
+#include <netinet/in.h>
+
#include <sedarwin/flask.h>
#include <sedarwin/sebsd.h>
#include <sedarwin/avc/av_permissions.h>
#include <sedarwin/ss/security.h>
+extern int selinux_auditing;
+
#define CONFIG_SECURITY_SELINUX_DEVELOP
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
@@ -66,8 +70,20 @@
} fs;
struct {
char *netif;
+ struct sock *sk;
+ u16 family;
u16 port;
- u32 daddr;
+ u16 sport;
+ union {
+ struct {
+ u32 daddr;
+ u32 saddr;
+ } v4;
+ struct {
+ struct in6_addr daddr;
+ struct in6_addr saddr;
+ } v6;
+ } fam;
} net;
#ifdef CAPABILITIES
cap_value_t cap;
@@ -111,7 +127,6 @@
* AVC operations
*/
-/* Initialize the AVC */
void avc_init(void);
int avc_lookup(
@@ -163,5 +178,5 @@
u32 events, security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t perms);
-#endif /* _LINUX_AVC_H_ */
+#endif /* _SELINUX_AVC_H_ */
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#37 (text+ko) ====
@@ -8,6 +8,9 @@
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -126,7 +129,7 @@
extern int ss_initialized;
static __inline int ss_precondition(void)
{
- return ss_initialized;
+ return (ss_initialized);
}
static void
@@ -135,7 +138,6 @@
printf("sebsd:: init\n");
avc_init();
- //sebsd_register_sysctls();
if (security_init()) {
panic("SEBSD: couldn't read policy file");
}
@@ -153,7 +155,7 @@
sebsd_destroy(struct mac_policy_conf *mpc)
{
- printf("sebsd:: destroy\n");
+ panic("sebsd_destroy");
}
#ifdef CAPABILITIES
@@ -171,8 +173,8 @@
AVC_AUDIT_DATA_INIT(&ad, CAP);
ad.u.cap = cap;
- return avc_has_perm_audit(task->sid, task->sid,
- SECCLASS_CAPABILITY, cap, &ad);
+ return (avc_has_perm_audit(task->sid, task->sid,
+ SECCLASS_CAPABILITY, cap, &ad));
}
#endif
@@ -257,48 +259,50 @@
static __inline security_class_t
vnode_type_to_security_class(enum vtype vt)
{
+
switch (vt) {
case VREG:
- return SECCLASS_FILE;
+ return (SECCLASS_FILE);
case VDIR:
- return SECCLASS_DIR;
+ return (SECCLASS_DIR);
case VBLK:
- return SECCLASS_BLK_FILE;
+ return (SECCLASS_BLK_FILE);
case VCHR:
- return SECCLASS_CHR_FILE;
+ return (SECCLASS_CHR_FILE);
case VLNK:
- return SECCLASS_LNK_FILE;
+ return (SECCLASS_LNK_FILE);
case VSOCK:
- return SECCLASS_SOCK_FILE;
+ return (SECCLASS_SOCK_FILE);
case VFIFO:
- return SECCLASS_FIFO_FILE;
+ return (SECCLASS_FIFO_FILE);
case VNON:
case VBAD:
#ifdef __APPLE__
case VSTR:
case VCPLX:
#endif
- return SECCLASS_FILE;
+ return (SECCLASS_FILE);
}
- return SECCLASS_FILE;
+ return (SECCLASS_FILE);
}
static __inline security_class_t
devfs_type_to_security_class(int type)
{
+
switch (type) {
case DEV_DIR:
- return SECCLASS_DIR;
+ return (SECCLASS_DIR);
case DEV_BDEV:
- return SECCLASS_BLK_FILE;
+ return (SECCLASS_BLK_FILE);
case DEV_CDEV:
- return SECCLASS_CHR_FILE;
+ return (SECCLASS_CHR_FILE);
case DEV_SLNK:
- return SECCLASS_LNK_FILE;
+ return (SECCLASS_LNK_FILE);
}
- return SECCLASS_FILE;
+ return (SECCLASS_FILE);
}
static __inline access_vector_t
@@ -329,7 +333,7 @@
av |= DIR__READ;
}
- return av;
+ return (av);
}
static int
@@ -346,24 +350,30 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
+#if 0
if (file->sclass == 0) {
struct vattr va;
struct proc *p = current_proc();
- VOP_GETATTR (vp, &va, p->p_ucred, p);
+ VOP_GETATTR(vp, &va, p->p_ucred, p);
printf("vnode_has_perm:: ERROR, sid=%d, sclass=0, v_type=%d,"
" inode=%ld, fsid=%d, fstype=%s, mnt=%s\n",
- file->sid, vp->v_type, va.va_fileid, va.va_fsid, vp->v_mount->mnt_vfc->vfc_name, vp->v_mount->mnt_stat.f_mntonname);
+ file->sid, vp->v_type, va.va_fileid, va.va_fsid,
+ vp->v_mount->mnt_vfc->vfc_name,
+ vp->v_mount->mnt_stat.f_mntonname);
file->sclass = vnode_type_to_security_class(vp->v_type);
if (file->sclass == 0) {
printf("vnode_has_perm:: Giving up\n");
- return 1; /* TBD: debugging */
+ return (1); /* TBD: debugging */
}
}
- file->sclass = vnode_type_to_security_class (vp->v_type);
+#else
+ /* XXX - why must we reset sclass this every time? */
+ file->sclass = vnode_type_to_security_class(vp->v_type);
+#endif
- return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass,
- perm, aeref ? aeref : &file->avcr, &ad);
+ return (avc_has_perm_ref_audit(task->sid, file->sid, file->sclass,
+ perm, aeref ? aeref : &file->avcr, &ad));
}
#ifdef HAS_PIPES
@@ -380,7 +390,7 @@
* TBD: No audit information yet
*/
- return(avc_has_perm_ref(task->sid, file->sid, file->sclass,
+ return (avc_has_perm_ref(task->sid, file->sid, file->sclass,
perm, &file->avcr));
}
#endif
@@ -396,21 +406,11 @@
}
static void
-sebsd_init_port_label(struct label *label)
-{
- struct task_security_struct *new_tsec;
-
- new_tsec = sebsd_malloc(sizeof(*new_tsec), M_ZERO | M_WAITOK);
- new_tsec->osid = new_tsec->sid = SECINITSID_UNLABELED;
- SLOT(label) = new_tsec;
-}
-
-static void
sebsd_init_file_label(struct label *label)
{
struct file_security_struct *new_fsec;
- new_fsec = sebsd_malloc (sizeof(*new_fsec), M_ZERO | M_WAITOK);
+ new_fsec = sebsd_malloc(sizeof(*new_fsec), M_ZERO | M_WAITOK);
new_fsec->sid = new_fsec->sid = SECINITSID_UNLABELED;
SLOT(label) = new_fsec;
}
@@ -495,37 +495,8 @@
}
static void
-sebsd_destroy_cred_label(struct label *label)
-{
- sebsd_free (SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
-sebsd_destroy_vnode_label(struct label *label)
-{
- sebsd_free (SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
-sebsd_destroy_mount_label(struct label *label)
-{
- sebsd_free (SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
-sebsd_destroy_mount_fs_label(struct label *label)
-{
- sebsd_free (SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
-sebsd_destroy_sysv_label(struct label *label)
+sebsd_destroy_label(struct label *label)
{
-
sebsd_free(SLOT(label));
SLOT(label) = NULL;
}
@@ -533,13 +504,13 @@
static void
sebsd_relabel_cred(struct ucred *cred, struct label *newlabel)
{
- /*
- * XXX/TBD: normally, SEBSD doesn't permit process labels to change
- * other than at exec time...
- */
- struct task_security_struct *task = SLOT(cred->cr_label);
- struct task_security_struct *nsec = SLOT(newlabel);
- task->sid = nsec->sid;
+ /*
+ * XXX/TBD: normally, SEBSD doesn't permit process labels to change
+ * other than at exec time...
+ */
+ struct task_security_struct *task = SLOT(cred->cr_label);
+ struct task_security_struct *nsec = SLOT(newlabel);
+ task->sid = nsec->sid;
}
static void
@@ -589,20 +560,18 @@
vsec = SLOT(vlabel);
context_len = sizeof(context); /* TBD: bad fixed length */
- error = vn_extattr_get(vp, IO_NODELOCKED,
- SEBSD_MAC_EXTATTR_NAMESPACE,
- SEBSD_MAC_EXTATTR_NAME,
- &context_len, context, p);
+ error = vn_extattr_get(vp, IO_NODELOCKED, SEBSD_MAC_EXTATTR_NAMESPACE,
+ SEBSD_MAC_EXTATTR_NAME, &context_len, context, p);
if (error == ENOATTR || error == EOPNOTSUPP) {
vsec->sid = SECINITSID_UNLABELED; /* Use the default label */
- /*
+#if 0
struct vattr va;
(void)VOP_GETATTR(vp, &va, p->p_ucred, p);
printf("sebsd_update_vnode_from_extattr: no label for "
"inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid);
- */
+#endif
goto dosclass;
}
if (error) {
@@ -630,11 +599,11 @@
if (error)
goto dosclass;
- error = security_context_to_sid(context, strlen(context), &vsec->sid);
+ error = security_context_to_sid(context, context_len, &vsec->sid);
if (error) {
printf("sebsd_update_vnode_from_extattr: ERROR mapping "
"context to sid: %.*s\n", context_len, context);
- return (0); /* TBD bad, bad, bad */
+ return (0); /* TBD bad, bad, bad */
}
dosclass:
@@ -751,7 +720,7 @@
}
static void
-sebsd_create_port (struct label *it, struct label *st, struct label *port)
+sebsd_create_port(struct label *it, struct label *st, struct label *port)
{
struct task_security_struct *its, *sts, *psec;
int error;
@@ -839,11 +808,13 @@
if (cr != NULL) {
struct task_security_struct *task = SLOT(cr->cr_label);
- /* XXX: uses the type specified by genfs instead of the parent
- directory like it should! */
- rc = security_transition_sid(task->sid, dirent->sid,
+ /*
+ * XXX: uses the type specified by genfs instead of the
+ * parent directory like it should!
+ */
+ int error = security_transition_sid(task->sid, dirent->sid,
dirent->sclass, &newsid);
- if (rc == 0)
+ if (error == 0)
dirent->sid = newsid;
}
@@ -901,7 +872,6 @@
struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
struct label *delabel, const char *fullpath)
{
-
char *path;
int rc;
security_id_t newsid;
@@ -967,7 +937,7 @@
task = SLOT(cred->cr_label);
task->osid = task->sid = SECINITSID_KERNEL;
printf("sebsd_create_proc0:: using SECINITSID_KERNEL = %d\n",
- SECINITSID_KERNEL);
+ SECINITSID_KERNEL);
}
static void
@@ -998,21 +968,24 @@
* which the filesystem will use if not a "multilabel" type.
*/
rc = security_fs_use(mp->mnt_vfc->vfc_name, &behavior, &sbsec->sid);
- if (rc != 0) {
+ if (rc) {
printf("sebsd_create_mount: security_fs_use(%s) returned %d\n",
mp->mnt_vfc->vfc_name, rc);
behavior = SECURITY_FS_USE_NONE;
} else {
sbfssec->sid = sbsec->sid;
/* TBD: debugging only */
- printf("sebsd_create_mount: security_fs_use(%s) behavior %d, sid %d\n",
- mp->mnt_vfc->vfc_name, behavior, sbsec->sid);
+ printf("sebsd_create_mount: security_fs_use(%s) behavior "
+ "%d, sid %d\n", mp->mnt_vfc->vfc_name, behavior,
+ sbsec->sid);
}
switch (behavior) {
case SECURITY_FS_USE_XATTR:
- /* PSIDs only work for persistent file systems with
- unique and persistent inode numbers. */
+ /*
+ * PSIDs only work for persistent file systems with unique
+ * and persistent inode numbers.
+ */
sbsec->uses_psids = 1;
/*
@@ -1022,27 +995,35 @@
break;
case SECURITY_FS_USE_TRANS:
- /* Transition SIDs are used for pseudo filesystems like
- devpts and tmpfs where you want the SID to be derived
- from the SID of the creating process and the SID of
- the filesystem. */
+ /*
+ * Transition SIDs are used for pseudo filesystems like
+ * devpts and tmpfs where you want the SID to be derived
+ * from the SID of the creating process and the SID of the
+ * filesystem.
+ */
sbsec->uses_trans = 1;
break;
case SECURITY_FS_USE_TASK:
- /* Task SIDs are used for pseudo filesystems like pipefs
- and sockfs where you want the objects to be labeled
- with the SID of the creating process. */
+ /*
+ * Task SIDs are used for pseudo filesystems like pipefs and
+ * sockfs where you want the objects to be labeled with the
+ * SID of the creating process.
+ */
sbsec->uses_task = 1;
break;
case SECURITY_FS_USE_GENFS:
- /* genfs_contexts handles everything else, like devfs,
- usbdevfs, driverfs, and portions of proc. */
+ /*
+ * genfs_contexts handles everything else, like devfs,
+ * usbdevfs, driverfs, and portions of proc.
+ */
sbsec->uses_genfs = 1;
break;
case SECURITY_FS_USE_NONE:
- /* No labeling support configured for this filesystem type.
- Don't appear to require labeling for binfmt_misc, bdev,
- or rootfs. */
+ /*
+ * No labeling support configured for this filesystem type.
+ * Don't appear to require labeling for binfmt_misc, bdev,
+ * or rootfs.
+ */
break;
default:
printf("%s: security_fs_use(%s) returned unrecognized "
@@ -1079,10 +1060,9 @@
task = SLOT(cred->cr_label);
dir = SLOT(parentlabel);
vsec = SLOT(childlabel);
- tclass = vnode_type_to_security_class (child->v_type);
+ tclass = vnode_type_to_security_class(child->v_type);
- error = security_transition_sid(task->sid, dir->sid, tclass,
- &newsid);
+ error = security_transition_sid(task->sid, dir->sid, tclass, &newsid);
if (error)
return (error);
@@ -1109,14 +1089,10 @@
sebsd_check_cap(struct ucred *cred, cap_value_t capv)
{
- return cred_has_capability(cred, capv);
+ return (cred_has_capability(cred, capv));
}
#endif
-/*
- * SEBSD does not support the relabeling of processes without
- * transitioning.
- */
static int
sebsd_check_cred_relabel(struct ucred *cred, struct label *newlabel)
{
@@ -1127,23 +1103,19 @@
tsec = SLOT(cred->cr_label);
if (nsec == NULL)
- return 0;
+ return (0);
rc = avc_has_perm_ref_audit(tsec->sid, tsec->sid, SECCLASS_PROCESS,
- FILE__RELABELFROM, NULL, NULL);
+ FILE__RELABELFROM, NULL, NULL);
if (rc)
return (rc);
rc = avc_has_perm_audit(tsec->sid, nsec->sid, SECCLASS_PROCESS,
- FILE__RELABELTO, NULL);
+ FILE__RELABELTO, NULL);
if (rc)
return (rc);
- /*
- if (nsec != NULL && nsec->sid != tsec->sid)
- return EPERM;
- */
- return 0;
+ return (0);
}
static int
@@ -1167,7 +1139,7 @@
if (rc)
return (rc);
- return 0;
+ return (0);
}
#define CHECK_SIMPLE_PERM(func,class,perm) \
@@ -1176,8 +1148,8 @@
struct task_security_struct *tsec, *psec; \
psec = SLOT(port); \
tsec = SLOT(task); \
- return avc_has_perm_ref_audit (tsec->sid, psec->sid, \
- SECCLASS_ ## class, class ## __ ## perm, NULL, NULL); \
+ return (avc_has_perm_ref_audit (tsec->sid, psec->sid, \
+ SECCLASS_ ## class, class ## __ ## perm, NULL, NULL)); \
}
CHECK_SIMPLE_PERM(msg_send, MACH_PORT, SEND);
@@ -1199,33 +1171,33 @@
const char *s, const char * pn)
{
struct task_security_struct *tsec, *psec;
- struct class_datum *cld;
- struct perm_datum *p;
+ struct class_datum *cld;
+ struct perm_datum *p;
psec = SLOT(obj);
tsec = SLOT(subj);
cld = hashtab_search(policydb.p_classes.table, (void *)s);
if (cld == NULL)
- return EINVAL;
+ return (EINVAL);
p = hashtab_search(cld->permissions.table, (void *)pn);
if (p == NULL && cld->comdatum)
p = hashtab_search(cld->comdatum->permissions.table, (void *)pn);
if (p == NULL)
- return EINVAL;
+ return (EINVAL);
- return avc_has_perm_ref_audit(tsec->sid, psec->sid, cld->value,
- 1 << (p->value-1), NULL, NULL);
+ return (avc_has_perm_ref_audit(tsec->sid, psec->sid, cld->value,
+ 1 << (p->value-1), NULL, NULL));
}
static int
-sebsd_request_label (struct label *subj, struct label *obj, const char *s,
+sebsd_request_label(struct label *subj, struct label *obj, const char *s,
struct label *out)
{
struct task_security_struct *tsec, *psec, *osec;
- struct class_datum *cld;
- struct perm_datum *p;
+ struct class_datum *cld;
+ struct perm_datum *p;
psec = SLOT(obj);
tsec = SLOT(subj);
@@ -1233,10 +1205,10 @@
cld = hashtab_search(policydb.p_classes.table, (void *)s);
if (cld == NULL)
- return EINVAL;
+ return (EINVAL);
- return security_change_sid(tsec->sid, psec->sid, cld->value,
- &osec->sid);
+ return (security_change_sid(tsec->sid, psec->sid, cld->value,
+ &osec->sid));
}
static int
@@ -1248,11 +1220,11 @@
psec = SLOT(obj);
tsec = SLOT(subj);
- return sebsd_check_ipc_method1(tsec->sid,psec->sid, msgid);
+ return (sebsd_check_ipc_method1(tsec->sid,psec->sid, msgid));
}
static int
-sebsd_check_mount (struct ucred *cred, struct vnode *vp, struct label *vl,
+sebsd_check_mount(struct ucred *cred, struct vnode *vp, struct label *vl,
const char *vfc_name, struct label *mntlabel)
{
int rc;
@@ -1265,29 +1237,28 @@
vsec = SLOT(vl);
task = SLOT(cred->cr_label);
- rc = vnode_has_perm (cred, vp, FILE__MOUNTON, NULL);
+ rc = vnode_has_perm(cred, vp, FILE__MOUNTON, NULL);
if (rc)
- return rc;
+ return (rc);
if (mntlabel) {
sbsec = SLOT(mntlabel);
sid = sbsec->sid;
- rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILE,
+ rc = avc_has_perm_ref_audit(task->sid, sid, SECCLASS_FILE,
COMMON_FILE__RELABELTO, NULL, NULL);
if (rc)
- return rc;
- }
- else {
- rc = security_fs_use (vfc_name, &behavior, &sid);
+ return (rc);
+ } else {
+ rc = security_fs_use(vfc_name, &behavior, &sid);
if (rc)
- return rc;
+ return (rc);
}
- rc = avc_has_perm_ref_audit (task->sid, sid, SECCLASS_FILESYSTEM,
+ rc = avc_has_perm_ref_audit(task->sid, sid, SECCLASS_FILESYSTEM,
FILESYSTEM__MOUNT, NULL, NULL);
- return rc;
+ return (rc);
}
static int
@@ -1303,12 +1274,12 @@
struct label *mntlabel, struct label *mount_arg_label)
{
- /* cannot change labels on filesystems */
+ /* Cannot change labels on filesystems. */
if (mount_arg_label) {
struct mount_security_struct *mla = SLOT(mntlabel);
struct mount_security_struct *mlb = SLOT(mount_arg_label);
if (mla->sid != mlb->sid)
- return EINVAL;
+ return (EINVAL);
}
return (mount_has_perm(cred, mp, FILESYSTEM__REMOUNT, NULL));
}
@@ -1360,22 +1331,21 @@
rc = avc_has_perm_ref(task->sid, file->sid, file->sclass,
FIFO_FILE__RELABELFROM, &file->avcr);
-
if (rc)
return (rc);
rc = avc_has_perm(task->sid, newfile->sid, file->sclass,
FIFO_FILE__RELABELTO, NULL, NULL);
- /*
- * TBD: SELinux also checks filesystem associate permission:
- return avc_has_perm_audit(newsid,
+#if 0
+ /* TBD: SELinux also checks filesystem associate permission: */
+ return (avc_has_perm_audit(newsid,
sbsec->sid,
SECCLASS_FILESYSTEM,
FILESYSTEM__ASSOCIATE,
- &ad);
- */
- return(rc);
+ &ad));
+#endif
+ return (rc);
}
static int
@@ -1512,13 +1482,12 @@
* So just make the transition.
*/
ntask->osid = otask->sid;
- if (execlabel == NULL) {
+ if (execlabel == NULL)
(void)security_transition_sid(otask->sid, file->sid,
- SECCLASS_PROCESS, &ntask->sid);
- } else {
+ SECCLASS_PROCESS, &ntask->sid);
+ else
ntask->sid = ((struct task_security_struct *)
SLOT(execlabel))->sid;
- }
if (otask->sid != ntask->sid) {
/*
@@ -1527,8 +1496,6 @@
* permission check if the parent was waiting.
*/
}
-
- return;
}
static int
@@ -1550,24 +1517,12 @@
* Should have already checked all the permissions, so just see if
* the SIDS are going to match.
*/
- if (execlabel == NULL) {
+ if (execlabel == NULL)
(void)security_transition_sid(task->sid, file->sid,
- SECCLASS_PROCESS, &newsid);
-#if 0
- int len;
- char *ts, *ns, *fs;
- security_sid_to_context (task->sid, &ts, &len);
- security_sid_to_context (file->sid, &fs, &len);
- security_sid_to_context (newsid, &ns, &len);
- printf ("transition: %s %s -> %s\n", ts, fs, ns);
- security_free_context (ts);
- security_free_context (fs);
- security_free_context (ns);
-#endif
- } else {
+ SECCLASS_PROCESS, &newsid);
+ else
newsid = ((struct task_security_struct *)
SLOT(execlabel))->sid;
- }
return (newsid != task->sid);
}
@@ -1639,6 +1594,7 @@
source = SLOT(newlabel);
dest = SLOT(pipelabel);
+ /* XXXRW: Should be KASSERT's? */
if (!source) {
printf("sebsd_relabel_pipe:: source is NULL!\n");
return;
@@ -1661,6 +1617,7 @@
source = SLOT(label);
dest = SLOT(vnodelabel);
+ /* XXXRW: Should be KASSERT's? */
if (!source) {
printf("sebsd_relabel_vnode:: source is NULL!\n");
return;
@@ -1684,15 +1641,12 @@
newlabel = SLOT(intlabel);
- error = security_sid_to_context(newlabel->sid, &context,
- &context_len);
+ error = security_sid_to_context(newlabel->sid, &context, &context_len);
if (error)
return (error);
- error = vn_extattr_set(vp, IO_NODELOCKED,
- SEBSD_MAC_EXTATTR_NAMESPACE,
- SEBSD_MAC_EXTATTR_NAME,
- context_len, context, current_proc());
+ error = vn_extattr_set(vp, IO_NODELOCKED, SEBSD_MAC_EXTATTR_NAMESPACE,
+ SEBSD_MAC_EXTATTR_NAME, context_len, context, current_proc());
security_free_context(context);
return (error);
}
@@ -1704,10 +1658,10 @@
/* existence check (F_OK) */
if (acc_mode == 0)
- return 0;
+ return (0);
- return (vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode),
- NULL));
+ return (vnode_has_perm(cred, vp,
+ file_mask_to_av(vp->v_type, acc_mode), NULL));
}
static int
@@ -1716,7 +1670,7 @@
{
/* MAY_EXEC ~= DIR__SEARCH */
- return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL);
+ return (vnode_has_perm(cred, dvp, DIR__SEARCH, NULL));
}
static int
@@ -1726,7 +1680,7 @@
/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
/* MAY_EXEC ~= DIR__SEARCH */
- return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL);
+ return (vnode_has_perm(cred, dvp, DIR__SEARCH, NULL));
}
static int
@@ -1750,34 +1704,36 @@
ad.u.fs.vp = dvp;
rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR,
- DIR__ADD_NAME | DIR__SEARCH,
- &dir->avcr, &ad);
+ DIR__ADD_NAME | DIR__SEARCH, &dir->avcr, &ad);
if (rc)
- return rc;
+ return (rc);
rc = security_transition_sid(task->sid, dir->sid, tclass, &newsid);
if (rc)
- return rc;
+ return (rc);
rc = avc_has_perm_audit(task->sid, newsid, tclass, FILE__CREATE, &ad);
if (rc)
- return rc;
+ return (rc);
if (dvp->v_mount) {
- /* XXX: mpo_check_vnode_create should probably pass the mntlabel */
+ /*
+ * XXX: mpo_check_vnode_create should probably pass the
+ * mntlabel
+ */
sbsec = SLOT(dvp->v_mount->mnt_mntlabel);
if (sbsec == NULL) {
printf ("create_vnode: no mount label for mnt=%s\n",
dvp->v_mount->mnt_stat.f_mntonname);
- return 0;
+ return (0);
}
- rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__ASSOCIATE, &ad);
+ rc = avc_has_perm_audit(newsid, sbsec->sid,
+ SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad);
if (rc)
- return rc;
+ return (rc);
}
- return 0;
+ return (0);
}
static int
@@ -1800,7 +1756,6 @@
rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR,
DIR__SEARCH | DIR__REMOVE_NAME, &dir->avcr, &ad);
-
if (rc)
return (rc);
@@ -1853,11 +1808,10 @@
rc = security_transition_sid(task->sid, file->sid,
SECCLASS_PROCESS, &newsid);
if (rc)
- return EACCES;
- } else {
+ return (EACCES);
+ } else
newsid = ((struct task_security_struct *)
SLOT(execlabel))->sid;
- }
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
@@ -1865,23 +1819,20 @@
if (newsid == task->sid) {
rc = avc_has_perm_audit(task->sid, file->sid, SECCLASS_FILE,
FILE__EXECUTE_NO_TRANS, &ad);
-
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list