PERFORCE change 110118 for review

Thu Nov 16 19:12:25 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=110118

Change 110118 by millert at millert_macbook on 2006/11/16 19:10:59

	Add mac_file_check_lock()

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#15 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#18 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#27 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#43 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#6 (text+ko) ====

@@ -523,6 +523,14 @@
 		if (fl.l_whence == SEEK_CUR)
 			fl.l_start += offset;
 
+#ifdef MAC
+		error = mac_file_check_lock(proc_ucred(p), fp->f_fglob,
+		    F_SETLK, &fl);
+		if (error) {
+			(void)vnode_put(vp);
+			goto outdrop;
+		}
+#endif
 		switch (fl.l_type) {
 
 		case F_RDLCK:
@@ -578,6 +586,11 @@
 			if (fl.l_whence == SEEK_CUR)
 			        fl.l_start += offset;
 
+#ifdef MAC
+			error = mac_file_check_lock(proc_ucred(p), fp->f_fglob,
+			    F_GETLK, &fl);
+			if (error == 0)
+#endif
 			error = VNOP_ADVLOCK(vp, (caddr_t)p, F_GETLK, &fl, F_POSIX, &context);
 
 			(void)vnode_put(vp);
@@ -2495,6 +2508,11 @@
 	if (error)
 		goto out;
 #endif
+#ifdef MAC
+	error = mac_file_check_lock(proc_ucred(p), fp->f_fglob, F_SETLK, &lf);
+	if (error)
+		goto out;
+#endif
 	fp->f_flag |= FHASLOCK;
 	if (how & LOCK_NB) {
 		error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, F_FLOCK, &context);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#15 (text+ko) ====

@@ -1752,6 +1752,12 @@
 		if (error)
 			goto bad;
 #endif
+#ifdef MAC
+		error = mac_file_check_lock(vfs_context_ucred(ctx), fp->f_fglob,
+		    F_SETLK, &lf);
+		if (error)
+			goto bad;
+#endif
 		if ((error = VNOP_ADVLOCK(vp, (caddr_t)fp->f_fglob, F_SETLK, &lf, type, ctx)))
 			goto bad;
 		fp->f_fglob->fg_flag |= FHASLOCK;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#6 (text+ko) ====

@@ -222,6 +222,16 @@
 	return (error);
 }
 
+int
+mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op,
+    struct flock *fl)
+{
+	int error;
+	
+	MAC_CHECK(file_check_lock, cred, fg, fg->fg_label, op, fl);
+	return (error);
+}
+
 /*
  * On some platforms, VM_PROT_READ implies VM_PROT_EXECUTE. If that is true,
  * both prot and maxprot will have VM_PROT_EXECUTE set after file_check_mmap

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#18 (text+ko) ====

@@ -141,6 +141,8 @@
 int	mac_file_check_inherit(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
 	    u_long com, void *data);
+int	mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op,
+	    struct flock *fl);
 int	mac_file_check_mmap(struct ucred *cred, struct fileglob *fg,
 	    int prot, int flags, int *maxprot);
 void	mac_file_check_mmap_downgrade(struct ucred *cred, struct fileglob *fg,

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#27 (text+ko) ====

@@ -807,6 +807,28 @@
 	void *data
 );
 /**
+  @brief Access control check for file locking
+  @param cred Subject credential
+  @param fg Fileglob structure
+  @param label Policy label for fg
+  @param op The lock operation (F_GETLK, F_SETLK, F_UNLK)
+  @param fl The flock structure
+
+  Determine whether the subject identified by the credential can perform
+  the lock operation indicated by op and fl on the file represented by fg.
+
+  @return Return 0 if access is granted, otherwise an appropriate value for
+  errno should be returned.
+
+*/
+typedef int mpo_file_check_lock_t(
+	struct ucred *cred,
+	struct fileglob *fg,
+	struct label *label,
+	int op,
+	struct flock *fl
+);
+/**
   @brief Access control check for mapping a file
   @param cred Subject credential
   @param fg fileglob representing file to map
@@ -5113,6 +5135,7 @@
 	mpo_file_check_get_t			*mpo_file_check_get;
 	mpo_file_check_inherit_t		*mpo_file_check_inherit;
 	mpo_file_check_ioctl_t			*mpo_file_check_ioctl;
+	mpo_file_check_lock_t			*mpo_file_check_lock;
 	mpo_file_check_mmap_downgrade_t		*mpo_file_check_mmap_downgrade;
 	mpo_file_check_mmap_t			*mpo_file_check_mmap;
 	mpo_file_check_receive_t		*mpo_file_check_receive;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#43 (text+ko) ====

@@ -3120,6 +3120,16 @@
 }
 
 static int
+sebsd_file_check_lock(struct ucred *cred, struct fileglob *fg,
+    struct label *fglabel, int op, struct flock *fl)
+{
+
+	/* SELinux doesn't use the lock operation. */
+	return (file_has_perm(cred, fg, fglabel, FILE__LOCK));
+}
+
+
+static int
 sebsd_file_check_receive(struct ucred *cred, struct fileglob *fg,
     struct label *fglabel)
 {
@@ -3551,6 +3561,7 @@
 	.mpo_file_check_get_ofileflags = sebsd_file_check_get_ofileflags,
 	.mpo_file_check_inherit = sebsd_file_check_receive,
 	.mpo_file_check_ioctl = sebsd_file_check_ioctl,
+	.mpo_file_check_lock = sebsd_file_check_lock,
 	.mpo_file_check_mmap = sebsd_file_check_mmap,
 	.mpo_file_check_receive = sebsd_file_check_receive,
 	.mpo_file_label_associate = sebsd_file_label_associate,
