PERFORCE change 89531 for review
Todd Miller
millert at FreeBSD.org
Wed Jan 11 22:41:48 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=89531
Change 89531 by millert at millert_ibook on 2006/01/11 22:40:55
Fix the order of the message checks; we need to do the port
check before the rights check (it was the other way around).
To do this we must move mac_check_port_send() out of
ipc_kmsg_send() and into ipc_kmsg_copyin_header(). It is
too late to deny in ipc_kmsg_send() since the rights have
already have been copied into the kmsg at that point.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#6 (text+ko) ====
@@ -848,20 +848,11 @@
port = (ipc_port_t) kmsg->ikm_header.msgh_remote_port;
assert(IP_VALID(port));
+ if ((option & ~(MACH_SEND_TIMEOUT|MACH_SEND_ALWAYS)) != 0)
+ printf("ipc_kmsg_send: bad option 0x%x\n", option);
+
ip_lock(port);
-#ifdef MAC
- task_t self = current_task();
- tasklabel_lock(self);
-
- int rc = mac_check_port_send(&self->maclabel, &port->ip_label);
- tasklabel_unlock(self);
- if (rc) {
- ip_unlock (port);
- return KERN_NO_ACCESS;
- }
-#endif
-
if (port->ip_receiver == ipc_space_kernel) {
/*
@@ -1727,7 +1718,46 @@
mach_port_name_t notify)
{
mach_msg_return_t mr;
-
+#ifdef MAC
+ mach_port_name_t dest_name;
+ ipc_entry_t entry;
+ ipc_port_t port;
+ task_t self;
+ int error = 0;
+
+ /*
+ * We do the port send check here instead of in ipc_kmsg_send()
+ * because copying the header involves copying the port rights too
+ * and we need to do the send check before anything is actually copied.
+ * We don't currently try to mediate kernel-resident servers.
+ */
+ self = current_task();
+ if (self != kernel_task) {
+ is_read_lock(space);
+ if (space->is_active) {
+ dest_name = (mach_port_name_t) kmsg->ikm_header.msgh_remote_port;
+ if (MACH_PORT_VALID(dest_name)) {
+ entry = ipc_entry_lookup(space, dest_name);
+ if (entry != IE_NULL) {
+ port = (ipc_port_t) entry->ie_object;
+ assert(port != IP_NULL);
+ ip_lock(port);
+ if (ip_active(port)) {
+ tasklabel_lock(self);
+ error = mac_check_port_send(&self->maclabel,
+ &port->ip_label);
+ tasklabel_unlock(self);
+ }
+ ip_unlock(port);
+ }
+ }
+ }
+ is_read_unlock(space);
+ if (error != 0)
+ return MACH_SEND_INVALID_DEST;
+ }
+#endif
+
mr = ipc_kmsg_copyin_header(&kmsg->ikm_header, space, notify);
if (mr != MACH_MSG_SUCCESS)
return mr;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list