PERFORCE change 109964 for review
Todd Miller
millert at FreeBSD.org
Tue Nov 14 19:04:25 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=109964
Change 109964 by millert at millert_g5tower on 2006/11/14 18:53:49
Add mac_task_check_get_port() to mediate task_for_pid().
We pass in both the task and the task label to the entrypoint,
though since the task is opaque it is not good for much
other than getting the associated BSD process.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#16 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#25 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#38 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#16 (text+ko) ====
@@ -79,6 +79,7 @@
struct m_tag;
struct vop_setlabel_args;
struct pipe;
+struct task;
/*
* Framework initialization.
@@ -388,6 +389,7 @@
int mac_system_check_sysctl(struct ucred *cred, int *name,
u_int namelen, void *oldctl, size_t *oldlenp, int inkernel,
void *newctl, size_t newlen);
+int mac_task_check_get_port(struct ucred *cred, struct task *task);
int mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
int acc_mode);
int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#25 (text+ko) ====
@@ -2150,6 +2150,26 @@
);
/**
+ @brief Access control check for getting a task's port
+ @param cred Subject credential
+ @param task Object task
+ @param tasklabel Object task's label
+
+ Determine whether the subject identified by the credential can get
+ the passed task's control port.
+ This call is used by the task_for_pid(2) API.
+
+ @return Return 0 if access is granted, otherwise an appropriate value for
+ errno should be returned. Suggested failure: EACCES for label mismatch,
+ EPERM for lack of privilege, or ESRCH to hide visibility of the target.
+*/
+typedef int mpo_task_check_get_port_t(
+ struct ucred *cred,
+ struct task *task,
+ struct label *tasklabel
+);
+
+/**
@brief Update credential at exec time
@param old Existing subject credential
@param new New subject credential to be labeled
@@ -5608,6 +5628,7 @@
mpo_system_check_swapon_t *mpo_system_check_swapon;
mpo_system_check_swapoff_t *mpo_system_check_swapoff;
mpo_system_check_sysctl_t *mpo_system_check_sysctl;
+ mpo_task_check_get_port_t *mpo_task_check_get_port;
mpo_vnode_check_access_t *mpo_vnode_check_access;
mpo_vnode_check_chdir_t *mpo_vnode_check_chdir;
mpo_vnode_check_chroot_t *mpo_vnode_check_chroot;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#6 (text+ko) ====
@@ -107,3 +107,13 @@
return (error);
}
+
+int
+mac_task_check_get_port(struct ucred *cred, struct task *task)
+{
+ int error;
+
+ MAC_CHECK(task_check_get_port, cred, task, mac_task_get_label(task));
+
+ return (error);
+}
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#38 (text+ko) ====
@@ -1672,6 +1672,20 @@
}
static int
+sebsd_task_check_get_port(struct ucred *cred, struct task *task,
+ struct label *tasklabel)
+{
+ struct task_security_struct *subj, *obj;
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(tasklabel);
+
+ /* XXX - need new perm, not PROCESS__PTRACE */
+ return (avc_has_perm(subj->sid, obj->sid,
+ SECCLASS_PROCESS, PROCESS__PTRACE, NULL));
+}
+
+static int
sebsd_proc_check_debug(struct ucred *cred, struct proc *proc)
{
@@ -3649,6 +3663,7 @@
.mpo_port_check_hold_send_once = sebsd_port_check_hold_send_once,
.mpo_port_check_hold_receive = sebsd_port_check_hold_recv,
.mpo_proc_check_debug = sebsd_proc_check_debug,
+ .mpo_task_check_get_port = sebsd_task_check_get_port,
.mpo_proc_check_getaudit = sebsd_proc_check_getaudit,
.mpo_proc_check_mprotect = sebsd_proc_check_mprotect,
.mpo_proc_check_sched = sebsd_proc_check_sched,
More information about the trustedbsd-cvs
mailing list