PERFORCE change 109957 for review
Todd Miller
millert at FreeBSD.org
Tue Nov 14 18:50:20 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=109957
Change 109957 by millert at millert_g5tower on 2006/11/14 18:49:39
- Add accessor function to get p{sem,shm}info from p{sem,shm}node.
- Move filesystem specific labeling out of devfs/fdesc.
- Provide protoypes in devfsdefs.h to quiet warnings.
- Export fdesc.h to kernel build.
- Add mac_vnode_label_associate().
- Change mac_vnode_label_associate_file() to return int.
- Shuffle and update includes for mac_vfs.c
- Default to MULTILABEL for fdesc.
- Handle labeling of non FD vnodes in mac_vnode_label_associate_file()
- Remove vnode locking from mac_vnode_label_associate_file().
- Add comments about possible locking needs in
mac_vnode_label_associate_file().
- Get Posix SEM/SHM info struct from fileglob data via accessor.
- Don't mark vnodes as 'LABELED' if vnode is not cachable.
This will cause label association each time the vnode is requested.
- Don't try default xattr implementation on EPERM from VNOP.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfsdefs.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_sem.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_shm.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#14 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#22 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#17 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#36 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#16 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#4 (text+ko) ====
@@ -1083,3 +1083,11 @@
{
return (ENOTSUP);
}
+
+struct pseminfo *
+psemnodeinfo (struct psemnode *node)
+{
+ if (node == NULL)
+ return (NULL);
+ return (node->pinfo);
+}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#4 (text+ko) ====
@@ -1084,3 +1084,11 @@
{
return(ENOTSUP);
}
+
+struct pshminfo *
+pshmnodeinfo (struct pshmnode *node)
+{
+ if (node == NULL)
+ return (NULL);
+ return (node->pinfo);
+}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#6 (text+ko) ====
@@ -1076,22 +1076,6 @@
}
}
-#ifdef MAC
- vnode_lock(vn_p);
- if ((vn_p->v_lflag & VL_LABELED) == 0) {
- vn_p->v_lflag |= VL_LABEL;
- mac_vnode_label_associate_devfs(dnp->dn_dvm->mount, dnp, vn_p);
-
- vn_p->v_lflag |= VL_LABELED;
- vn_p->v_lflag &= ~VL_LABEL;
- if (vn_p->v_lflag & VL_LABELWAIT) {
- vn_p->v_lflag &= ~VL_LABELWAIT;
- wakeup(vn_p->v_label);
- }
- }
- vnode_unlock(vn_p);
-#endif
-
dnp->dn_lflags &= ~DN_CREATE;
if (dnp->dn_lflags & DN_CREATEWAIT) {
dnp->dn_lflags &= ~DN_CREATEWAIT;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfsdefs.h#3 (text+ko) ====
@@ -196,6 +196,14 @@
#define DEVFS_UNLOCK() lck_mtx_unlock(&devfs_mutex)
+static __inline__ void DEVFS_INCR_ENTRIES(void);
+static __inline__ void DEVFS_DECR_ENTRIES(void);
+static __inline__ void DEVFS_INCR_NODES(void);
+static __inline__ void DEVFS_DECR_NODES(void);
+static __inline__ void DEVFS_INCR_MOUNTS(void);
+static __inline__ void DEVFS_DECR_MOUNTS(void);
+static __inline__ void DEVFS_INCR_STRINGSPACE(int);
+static __inline__ void DEVFS_DECR_STRINGSPACE(int);
static __inline__ void
DEVFS_INCR_ENTRIES()
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/Makefile#2 (text+ko) ====
@@ -19,10 +19,10 @@
EXPINC_SUBDIRS_I386 = \
-DATAFILES =
+DATAFILES = \
+ fdesc.h
-PRIVATE_DATAFILES = \
- fdesc.h
+PRIVATE_DATAFILES =
INSTALL_MI_LIST = ${DATAFILES}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/fdesc/fdesc_vnops.c#5 (text+ko) ====
@@ -328,10 +328,6 @@
if (error)
goto bad;
VTOFDESC(fvp)->fd_fd = fd;
-#ifdef MAC
- mac_vnode_label_associate_file(proc_ucred(p),
- p->p_fd->fd_ofiles[fd]->f_fglob, fvp);
-#endif
*vpp = fvp;
return (0);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_sem.h#2 (text+ko) ====
@@ -62,6 +62,8 @@
struct label * psem_label;
};
+struct pseminfo * psemnodeinfo (struct psemnode *);
+
#define PSEMINFO_NULL (struct pseminfo *)0
#define PSEM_NONE 1
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/posix_shm.h#2 (text+ko) ====
@@ -65,6 +65,9 @@
#endif /* DIAGNOSTIC */
struct label * pshm_label;
};
+
+struct pshminfo * pshmnodeinfo (struct pshmnode *node);
+
#define PSHMINFO_NULL (struct pshminfo *)0
#define PSHM_NONE 1
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#14 (text+ko) ====
@@ -144,11 +144,12 @@
* Labeling event operations: file system objects, and things that
* look a lot like file system objects.
*/
+int mac_vnode_label_associate(struct mount *mp, struct vnode *vp, vfs_context_t ctx);
void mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
struct vnode *vp);
int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
void mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp);
-void mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
+int mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
struct vnode *vp);
void mac_devfs_label_associate_device(dev_t dev, struct devnode *de,
const char *fullpath);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#22 (text+ko) ====
@@ -1444,6 +1444,22 @@
);
/**
+ @brief Associate a user credential with a vnode
+ @param cred User credential
+ @param vp Vnode to label
+ @param vlabel Label associated with vp
+
+ Associate label information for the vnode, vp, with a
+ user credential.
+ The label should be stored in the supplied vlabel parameter.
+*/
+typedef void mpo_vnode_label_associate_cred_t(
+ struct ucred *cred,
+ struct vnode *vp,
+ struct label *vlabel
+);
+
+/**
@brief Associate a file label with a vnode
@param cred User credential
@param fg Fileglob structure
@@ -5426,6 +5442,7 @@
mpo_vnode_label_associate_posixsem_t *mpo_vnode_label_associate_posixsem;
mpo_vnode_label_associate_posixshm_t *mpo_vnode_label_associate_posixshm;
mpo_vnode_label_associate_pipe_t *mpo_vnode_label_associate_pipe;
+ mpo_vnode_label_associate_cred_t *mpo_vnode_label_associate_cred;
mpo_vnode_label_associate_file_t *mpo_vnode_label_associate_file;
mpo_devfs_label_associate_device_t *mpo_devfs_label_associate_device;
mpo_devfs_label_associate_directory_t *mpo_devfs_label_associate_directory;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#17 (text+ko) ====
@@ -36,19 +36,22 @@
*/
#include <sys/param.h>
-#include <sys/vnode.h>
-#include <sys/vnode_internal.h>
-#include <miscfs/devfs/devfsdefs.h>
+#include <sys/systm.h>
+#include <sys/kernel.h>
+#include <sys/proc.h>
#include <sys/kauth.h>
+
+#include <sys/file_internal.h>
#include <sys/namei.h>
-#include <sys/mount.h>
#include <sys/mount_internal.h>
-#include <sys/file.h>
-#include <sys/file_internal.h>
-#include <sys/uio_internal.h>
#include <sys/pipe.h>
#include <sys/posix_sem.h>
#include <sys/posix_shm.h>
+#include <sys/uio_internal.h>
+#include <sys/vnode_internal.h>
+
+#include <miscfs/devfs/devfsdefs.h>
+#include <miscfs/fdesc/fdesc.h>
#include <security/mac_internal.h>
@@ -246,13 +249,49 @@
vp->v_label);
}
+int
+mac_vnode_label_associate(struct mount *mp, struct vnode *vp, vfs_context_t ctx)
+{
+ struct devnode *dnp;
+ struct fdescnode *fnp;
+ struct fileglob *fg;
+ struct proc *p;
+ int error;
+ int fd;
+
+ error = 0;
+
+ /* XXX: should not inspect v_tag in kernel! */
+ switch (vp->v_tag) {
+ case VT_DEVFS:
+ dnp = VTODN(vp);
+ mac_vnode_label_associate_devfs(mp, dnp, vp);
+ break;
+ case VT_FDESC:
+ fnp = VTOFDESC(vp);
+ p = vfs_context_proc(ctx);
+ fd = fnp->fd_fd;
+ fg = fd != -1 ? p->p_fd->fd_ofiles[fd]->f_fglob : NULL;
+ error = mac_vnode_label_associate_file(vfs_context_ucred(ctx),
+ fg, vp);
+ break;
+ default:
+ error = mac_vnode_label_associate_extattr(mp, vp);
+ break;
+ }
+
+ return (error);
+}
+
void
mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
struct vnode *vp)
{
- MAC_PERFORM(vnode_label_associate_devfs, mp, mp ? mp->mnt_mntlabel : NULL, de,
- de->dn_label, vp, vp->v_label);
+ MAC_PERFORM(vnode_label_associate_devfs,
+ mp, mp ? mp->mnt_mntlabel : NULL,
+ de, de->dn_label,
+ vp, vp->v_label);
}
int
@@ -739,6 +778,10 @@
if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0)
mp->mnt_flag |= MNT_MULTILABEL;
+ /* MULTILABEL on FDESC. */
+ if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0)
+ mp->mnt_flag |= MNT_MULTILABEL;
+
/* MULTILABEL on all NFS filesystems. */
if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0)
mp->mnt_flag |= MNT_MULTILABEL;
@@ -895,7 +938,7 @@
return (0);
}
-void
+int
mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
struct vnode *vp)
{
@@ -904,50 +947,61 @@
struct xsocket xso;
struct socket *so;
struct pipe *cpipe;
+ struct vnode *fvp;
+ int error;
+ /*
+ * If no backing file, use the cred label.
+ */
+ if (fg == NULL) {
+ MAC_PERFORM(vnode_label_associate_cred, cred,
+ vp, vp->v_label);
+ return (0);
+ }
+
switch (fg->fg_type) {
case DTYPE_VNODE:
- vnode_lock(vp);
- MAC_PERFORM(vnode_label_copy,
- ((struct vnode *)fg->fg_data)->v_label, vp->v_label);
- vnode_unlock(vp);
+ fvp = (struct vnode *)fg->fg_data;
+ if ((error = vnode_getwithref(fvp)))
+ return (error);
+ MAC_PERFORM(vnode_label_copy, fvp->v_label, vp->v_label);
+ (void)vnode_put(fvp);
break;
case DTYPE_SOCKET:
so = (struct socket *)fg->fg_data;
sotoxsocket(so, &xso);
- vnode_lock(vp);
MAC_PERFORM(vnode_label_associate_socket, cred, &xso,
so->so_label, vp, vp->v_label);
- vnode_unlock(vp);
break;
case DTYPE_PSXSHM:
- pshm = (struct pshminfo *)fg->fg_data;
- vnode_lock(vp);
+ /* XXX: should hold the PSHM_SUBSYS lock. */
+ pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data);
+ if (pshm == NULL)
+ return (EINVAL);
MAC_PERFORM(vnode_label_associate_posixshm, cred, pshm,
pshm->pshm_label, vp, vp->v_label);
- vnode_unlock(vp);
break;
case DTYPE_PSXSEM:
- psem = (struct pseminfo *)fg->fg_data;
- vnode_lock(vp);
+ /* XXX: should hold the PSEM_SUBSYS lock. */
+ psem = psemnodeinfo((struct psemnode *)fg->fg_data);
+ if (psem == NULL)
+ return (EINVAL);
MAC_PERFORM(vnode_label_associate_posixsem, cred, psem,
psem->psem_label, vp, vp->v_label);
vnode_unlock(vp);
break;
case DTYPE_PIPE:
+ /* XXX: should PIPE_LOCK */
cpipe = (struct pipe *)fg->fg_data;
- vnode_lock(vp);
MAC_PERFORM(vnode_label_associate_pipe, cred, cpipe,
cpipe->pipe_label, vp, vp->v_label);
- vnode_unlock(vp);
break;
case DTYPE_KQUEUE:
case DTYPE_FSEVENTS:
default:
- vnode_lock(vp);
MAC_PERFORM(vnode_label_associate_file, cred, fg, fg->fg_label,
vp, vp->v_label);
- vnode_unlock(vp);
break;
}
+ return (0);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#7 (text+ko) ====
@@ -1,7 +1,6 @@
#include <sys/param.h>
#include <sys/vnode.h>
#include <sys/vnode_internal.h>
-#include <miscfs/devfs/devfsdefs.h>
#include <sys/kauth.h>
#include <sys/namei.h>
#include <sys/mount.h>
@@ -46,10 +45,10 @@
error = mac_vnode_notify_create(vfs_context_ucred(ctx),
mp, dvp, vp, cnp);
else
- error = mac_vnode_label_associate_extattr(mp, vp);
+ error = mac_vnode_label_associate(mp, vp, ctx);
vnode_lock(vp);
- if (error == 0)
+ if ((error == 0) && (vp->v_flag & VNCACHEABLE))
vp->v_lflag |= VL_LABELED;
vp->v_lflag &= ~VL_LABEL;
if (vp->v_lflag & VL_LABELWAIT) {
@@ -88,19 +87,22 @@
int
vnode_label1(struct vnode *vp)
{
+ struct vfs_context ctx;
int error;
error = 0;
+ ctx.vc_proc = current_proc();
+ ctx.vc_ucred = kauth_cred_get();
if ((vp->v_lflag & (VL_LABEL|VL_LABELED)) == 0) {
vp->v_lflag |= VL_LABEL;
/* Could sleep on disk I/O, drop lock. */
vnode_unlock(vp);
- error = mac_vnode_label_associate_extattr(vnode_mount(vp), vp);
+ error = mac_vnode_label_associate(vnode_mount(vp), vp, &ctx);
vnode_lock(vp);
- if (error == 0)
+ if ((error == 0) && (vp->v_flag & VNCACHEABLE))
vp->v_lflag |= VL_LABELED;
vp->v_lflag &= ~VL_LABEL;
if (vp->v_lflag & VL_LABELWAIT) {
@@ -183,7 +185,7 @@
uio_addiov(auio, CAST_USER_ADDR_T(buf), len);
error = VNOP_GETXATTR(vp, name, auio, attrlen, 0, &context);
- if (error == ENOTSUP || error == EPERM)
+ if (error == ENOTSUP)
error = default_getxattr(vp, name, auio, attrlen, 0, &context);
*attrlen = len - uio_resid(auio);
@@ -200,7 +202,7 @@
context.vc_ucred = kauth_cred_get();
error = VNOP_REMOVEXATTR(vp, name, 0, &context);
- if (error == ENOTSUP || error == EPERM)
+ if (error == ENOTSUP)
error = default_removexattr(vp, name, 0, &context);
return (error);
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#36 (text+ko) ====
@@ -753,6 +753,20 @@
}
static void
+sebsd_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp,
+ struct label *vlabel)
+{
+ struct task_security_struct *tsec;
+ struct vnode_security_struct *vsec;
+
+ tsec = SLOT(cred->cr_label);
+ vsec = SLOT(vlabel);
+
+ vsec->sid = vsec->task_sid = tsec->sid;
+ vsec->sclass = SECCLASS_FILE; /* XXX */
+}
+
+static void
sebsd_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg,
struct label *fglabel, struct vnode *vp, struct label *vlabel)
{
@@ -766,7 +780,7 @@
vsec->sid = fsec->sid;
vsec->task_sid = tsec->sid;
- vsec->sclass = SECCLASS_FILE;
+ vsec->sclass = SECCLASS_FILE; /* XXX */
}
static void
@@ -3611,6 +3625,7 @@
.mpo_vnode_label_associate_posixsem = sebsd_vnode_label_associate_posixsem,
.mpo_vnode_label_associate_posixshm = sebsd_vnode_label_associate_posixshm,
.mpo_vnode_label_associate_pipe = sebsd_vnode_label_associate_pipe,
+ .mpo_vnode_label_associate_cred = sebsd_vnode_label_associate_cred,
.mpo_vnode_label_associate_file = sebsd_vnode_label_associate_file,
.mpo_devfs_label_update = sebsd_devfs_update,
==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#16 (text+ko) ====
@@ -1183,6 +1183,17 @@
}
static void
+mac_test_vnode_label_associate_cred(struct ucred *cred, struct vnode *vp,
+ struct label *vlabel)
+{
+ CHECKNULL(cred);
+ CHECKNULL(vp);
+
+ INIT_LABEL(vlabel, VNODETYPE);
+ USE_LABEL(cred->cr_label, CREDTYPE);
+}
+
+static void
mac_test_devfs_label_associate_device(dev_t dev, struct devnode *de,
struct label *label, const char *fullpath)
{
@@ -1911,6 +1922,7 @@
mac_test_vnode_label_associate_posixshm,
.mpo_vnode_label_associate_pipe = mac_test_vnode_label_associate_pipe,
.mpo_vnode_label_associate_file = mac_test_vnode_label_associate_file,
+ .mpo_vnode_label_associate_cred = mac_test_vnode_label_associate_cred,
.mpo_devfs_label_associate_device=
mac_test_devfs_label_associate_device,
.mpo_devfs_label_associate_directory=
More information about the trustedbsd-cvs
mailing list