PERFORCE change 89531 for review

Todd Miller millert at FreeBSD.org
Wed Jan 11 22:41:48 GMT 2006


http://perforce.freebsd.org/chv.cgi?CH=89531

Change 89531 by millert at millert_ibook on 2006/01/11 22:40:55

	Fix the order of the message checks; we need to do the port
	check before the rights check (it was the other way around).
	To do this we must move mac_check_port_send() out of
	ipc_kmsg_send() and into ipc_kmsg_copyin_header().  It is
	too late to deny in ipc_kmsg_send() since the rights have
	already have been copied into the kmsg at that point.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#6 (text+ko) ====

@@ -848,20 +848,11 @@
 	port = (ipc_port_t) kmsg->ikm_header.msgh_remote_port;
 	assert(IP_VALID(port));
 
+	if ((option & ~(MACH_SEND_TIMEOUT|MACH_SEND_ALWAYS)) != 0)
+		printf("ipc_kmsg_send: bad option 0x%x\n", option);
+
 	ip_lock(port);
 
-#ifdef MAC
-	task_t self = current_task();
-	tasklabel_lock(self);
-
-	int rc = mac_check_port_send(&self->maclabel, &port->ip_label);
-	tasklabel_unlock(self);
-	if (rc) {
-		ip_unlock (port);
-		return KERN_NO_ACCESS;
-	}
-#endif	
-
 	if (port->ip_receiver == ipc_space_kernel) {
 
 		/*
@@ -1727,7 +1718,46 @@
 	mach_port_name_t	notify)
 {
     mach_msg_return_t 		mr;
-    
+#ifdef MAC
+    mach_port_name_t dest_name;
+    ipc_entry_t entry;
+    ipc_port_t port;
+    task_t self;
+    int error = 0;
+
+    /*
+     * We do the port send check here instead of in ipc_kmsg_send()
+     * because copying the header involves copying the port rights too
+     * and we need to do the send check before anything is actually copied.
+     * We don't currently try to mediate kernel-resident servers.
+     */
+    self = current_task();
+    if (self != kernel_task) {
+	is_read_lock(space);
+	if (space->is_active) {
+	    dest_name = (mach_port_name_t) kmsg->ikm_header.msgh_remote_port;
+	    if (MACH_PORT_VALID(dest_name)) {
+		entry = ipc_entry_lookup(space, dest_name);
+		if (entry != IE_NULL) {
+		    port = (ipc_port_t) entry->ie_object;
+		    assert(port != IP_NULL);
+		    ip_lock(port);
+		    if (ip_active(port)) {
+			tasklabel_lock(self);
+			error = mac_check_port_send(&self->maclabel,
+			    &port->ip_label);
+			tasklabel_unlock(self);
+		    }
+		    ip_unlock(port);
+		}
+	    }
+	}
+	is_read_unlock(space);
+	if (error != 0)
+	    return MACH_SEND_INVALID_DEST;
+    }
+#endif
+
     mr = ipc_kmsg_copyin_header(&kmsg->ikm_header, space, notify);
     if (mr != MACH_MSG_SUCCESS)
 	return mr;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list