PERFORCE change 107356 for review
Todd Miller
millert at FreeBSD.org
Fri Oct 6 06:22:22 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=107356
Change 107356 by millert at millert_g5tower on 2006/10/06 13:21:44
Some minor policy function name renaming.
Add vnode_label1(), a simplified version of vnode_label().
Add vnode_relabel() which clears the VL_LABELED flag causing
the vnode to be relabeled at next lookup/reference.
Perform vnode labeling in vnode_getiocount().
This routine is called by:
vget_internal()
vnode_getwithvid()
vnode_getwithref()
This closes a theoretical race, not actually reproduced.
Change mpo_vnode_label_update_extattr_t to return int, non-zero
indicating to the framework that the vnode label should be refreshed.
Call vnode_relabel() in mac_vnode_label_update_extattr() if
policies indicate that the vnode label should be refreshed.
This resolves the 'update' race.
Hold vnode lock across call to mpo_vnode_label_update().
This resolves the 'setlabel' race.
Update policies to conform to new semantics of
mpo_vnode_label_update_extattr. Generally this means that
the function is gutted and replaced with a strcmp().
Remove the LCTX label entrypoints from MLS.
Add sysctl to 'vanity' to enable iowait simulation.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.cpp#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.cpp#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#17 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#13 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#10 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#12 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#23 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#11 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/vanity/vanity.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/sefos-install.txt#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.cpp#2 (text+ko) ====
@@ -147,7 +147,7 @@
IOLog("%s/%s ", mdata->data[k].key, mdata->data[k].value);
IOLog("\n");
#endif
- error = mac_check_device_allowed(MAC_DEVICE_FIREWIRE, mdata);
+ error = mac_iokit_check_device(MAC_DEVICE_FIREWIRE, mdata);
kmem_free(kernel_map, (vm_offset_t)mdata, mdata->size);
if (error == 0) {
IOLog("%s: com_sparta_driver_DeviceAccessControlFireWire device allowed\n", getName());
==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlFireWire.h#2 (text+ko) ====
@@ -52,7 +52,7 @@
extern "C" vm_map_t kernel_map;
extern "C" void kmem_free(vm_map_t map, vm_offset_t addr, vm_size_t size);
-extern "C" int mac_check_device_allowed(int, struct mac_module_data *);
+extern "C" int mac_iokit_check_device(int, struct mac_module_data *);
// Uncomment to enable debug output
#define DEVICEACCESSCONTROL_DEBUG 1
==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.cpp#2 (text+ko) ====
@@ -83,7 +83,7 @@
#define NUM_DESCRIPTORS 10
/*
* Get the descriptor information from the device and pass it to
- * mac_check_device_allowed() to determine whether the device is allowed.
+ * mac_iokit_check_device() to determine whether the device is allowed.
*/
IOService *com_sparta_driver_DeviceAccessControlUSB::probe(IOService *provider, SInt32 *score)
{
@@ -154,7 +154,7 @@
mdata->data[k].value, mdata->data[k].value_size);
IOLog("\n");
#endif
- error = mac_check_device_allowed(MAC_DEVICE_USB, mdata);
+ error = mac_iokit_check_device(MAC_DEVICE_USB, mdata);
kmem_free(kernel_map, (vm_offset_t)mdata, mdata->size);
if (error == 0) {
IOLog("%s: com_sparta_driver_DeviceAccessControlUSB device allowed\n", getName());
==== //depot/projects/trustedbsd/sedarwin8/darwin/drivers/DeviceAccessControl/DeviceAccessControlUSB.h#2 (text+ko) ====
@@ -51,7 +51,7 @@
extern "C" vm_map_t kernel_map;
extern "C" void kmem_free(vm_map_t map, vm_offset_t addr, vm_size_t size);
-extern "C" int mac_check_device_allowed(int, struct mac_module_data *);
+extern "C" int mac_iokit_check_device(int, struct mac_module_data *);
// Uncomment to enable debug output
#define DEVICEACCESSCONTROL_DEBUG 1
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#5 (text+ko) ====
@@ -101,7 +101,7 @@
#ifdef MAC
if (error)
return (error);
- error = mac_system_check_reboot(kauth_cred_get(), uap->opt);
+ error = mac_system_check_reboot(proc_ucred(p), uap->opt);
#endif
if (!error) {
SET(p->p_flag, P_REBOOT); /* No more signals for this proc */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#5 (text+ko) ====
@@ -3400,6 +3400,19 @@
vnode_unlock(vp);
return(ENOENT);
}
+#ifdef MAC
+ if (vnode_mount(vp) != NULL &&
+ vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL) {
+ int error;
+
+ error = vnode_label1(vp);
+ if (error) {
+ if (!locked)
+ vnode_unlock(vp);
+ return (error);
+ }
+ }
+#endif
/*
* will return VL_DEAD ones
*/
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#17 (text+ko) ====
@@ -927,7 +927,6 @@
mac_policy_release_exclusive();
mac_policy_removefrom_labellist(handle);
-
if (mpc->mpc_data) {
struct mac_module_data *mmd = mpc->mpc_data;
kfree(mmd, mmd->size);
@@ -1875,7 +1874,7 @@
error = mpc->mpc_ops->mpo_policy_syscall(p,
uap->call, uap->arg);
break;
- }
+ }
}
if (mac_policy_list_conditional_busy() != 0) {
for (; i <= mac_policy_list.maxindex; i++) {
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#7 (text+ko) ====
@@ -127,7 +127,7 @@
void mac_vnode_label_destroy(struct vnode *);
int mac_mount_label_internalize(struct label *, char *string);
int mac_mount_label_externalize(struct label *label, char *elements,
- char *outbuf, size_t outbuflen);
+ char *outbuf, size_t outbuflen);
int mac_mount_label_get(struct mount *mp, user_addr_t mac_p);
struct label *mac_cred_label_alloc(void);
@@ -170,6 +170,8 @@
#define VNODE_LABEL_NEEDREF 2
int vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
struct componentname *cnp, int flags, vfs_context_t ctx);
+int vnode_label1(struct vnode *vp);
+void vnode_relabel(struct vnode *vp);
/*
* Labeling event operations: Posix IPC primitives
@@ -218,7 +220,7 @@
void mac_cred_label_associate(struct ucred *cred_parent, struct ucred *cred_child);
int mac_execve_enter(user_addr_t mac_p, struct label *execlabel);
#if 0
-void mac_execve_exit(struct image_params *imgp);
+void mac_execve_exit(struct image_params *imgp);
#endif
void mac_cred_label_update_execve(struct ucred *old, struct ucred *newcred,
struct vnode *vp, struct label *scriptvnodelabel,
@@ -242,7 +244,7 @@
void mac_pipe_label_copy(struct label *src, struct label *dest);
void mac_pipe_label_associate(struct ucred *cred, struct pipe *cpipe);
int mac_pipe_label_update(struct ucred *cred, struct pipe *cpipe,
- struct label *label);
+ struct label *label);
/*
* Label cleanup operation: This is the inverse complement for the mac_create
@@ -337,7 +339,7 @@
int mac_pipe_check_kqfilter(struct ucred *cred, struct knote *kn,
struct pipe *cpipe);
int mac_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe,
- u_long com, void *data);
+ unsigned long cmd, void *data);
int mac_pipe_check_read(struct ucred *cred, struct pipe *cpipe);
int mac_pipe_check_select(struct ucred *cred, struct pipe *cpipe,
int which);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#7 (text+ko) ====
@@ -31,8 +31,7 @@
void mac_task_label_update_internal(struct label *pl, struct task *t);
int mac_port_label_compute(struct label *subj, struct label *obj,
const char *serv, struct label *out);
-int mac_port_check_method(struct label *task, struct label *port,
- int msgid);
+int mac_port_check_method(struct label *task, struct label *port, int msgid);
#ifdef MAC
void mac_policy_init(void);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#6 (text+ko) ====
@@ -71,7 +71,7 @@
* On failure, caller should cleanup with m_tag_free().
*/
int
-mac_mbuf_tag_init (struct m_tag *tag, int flag)
+mac_mbuf_tag_init(struct m_tag *tag, int flag)
{
struct label *label;
int error;
@@ -87,7 +87,7 @@
}
void
-mac_mbuf_tag_destroy (struct m_tag *tag)
+mac_mbuf_tag_destroy(struct m_tag *tag)
{
struct label *label;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#13 (text+ko) ====
@@ -855,8 +855,12 @@
This entry point is called after the label update has occurred, so
it cannot return a failure. However, the operation is preceded by
the mpo_vnode_check_setextattr() access control check.
+
+ If the vnode label needs to be updated the policy should return
+ a non-zero value. The vnode label will be marked for re-association
+ by the framework.
*/
-typedef void mpo_vnode_label_update_extattr_t(
+typedef int mpo_vnode_label_update_extattr_t(
struct mount *mp,
struct label *mntlabel,
struct vnode *vp,
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#10 (text+ko) ====
@@ -48,7 +48,7 @@
#include <security/mac_internal.h>
/* convert {R,W,X}_OK values to V{READ,WRITE,EXEC} */
-#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6)
+#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6)
static struct label *
mac_devfsdirent_label_alloc(void)
@@ -286,14 +286,28 @@
return (error);
}
+/*
+ * Extended attribute 'name' was updated via
+ * vn_setxattr() or vn_removexattr(). Allow the
+ * policy to update the vnode label.
+ */
void
mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp,
const char *name)
{
+ int error;
- ASSERT_VOP_LOCKED(vp, __func__);
- MAC_PERFORM(vnode_label_update_extattr, mp, mp->mnt_mntlabel, vp,
+ error = 0;
+
+ MAC_CHECK(vnode_label_update_extattr, mp, mp->mnt_mntlabel, vp,
vp->v_label, name);
+ if (error == 0)
+ return;
+
+ vnode_lock(vp);
+ vnode_relabel(vp);
+ vnode_unlock(vp);
+ return;
}
static int
@@ -931,7 +945,9 @@
mac_vnode_label_update(struct ucred *cred, struct vnode *vp, struct label *newlabel)
{
+ vnode_lock(vp);
MAC_PERFORM(vnode_label_update, cred, vp, vp->v_label, newlabel);
+ vnode_unlock(vp);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#5 (text+ko) ====
@@ -65,7 +65,7 @@
vp->v_lflag |= VL_LABELWAIT;
error = msleep(vp->v_label, &vp->v_lock, PVFS|PDROP,
- "vnode label", &ts);
+ "vnode_label", &ts);
if (error == EWOULDBLOCK)
vprint("vnode label timeout", vp);
vnode_put(vp);
@@ -78,6 +78,68 @@
}
/*
+ * Perform label association.
+ *
+ * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL
+ * Caller holds vnode lock.
+ */
+int
+vnode_label1(struct vnode *vp)
+{
+ int error;
+
+ error = 0;
+
+ if ((vp->v_lflag & (VL_LABEL|VL_LABELED)) == 0) {
+ vp->v_lflag |= VL_LABEL;
+
+ /* Could sleep on disk I/O, drop lock. */
+ vnode_unlock(vp);
+ error = mac_vnode_label_associate_extattr(vnode_mount(vp), vp);
+ vnode_lock(vp);
+
+ vp->v_lflag |= VL_LABELED;
+ vp->v_lflag &= ~VL_LABEL;
+ if (vp->v_lflag & VL_LABELWAIT) {
+ vp->v_lflag &= ~VL_LABELWAIT;
+ wakeup(vp->v_label);
+ }
+ } else
+ /* Wait for other labeling to complete. */
+ if (vp->v_lflag & VL_LABEL) {
+ vp->v_lflag |= VL_LABELWAIT;
+ (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_label", 0);
+
+ }
+
+ return (error);
+}
+
+/*
+ * Clear the "labeled" flag on a VNODE.
+ * VNODE will have label re-associated upon
+ * next call to lookup()/vnode_getiocount().
+ *
+ * Caller verifies vfs_flags(vnode_mount(vp)) & MNT_MULTILABEL
+ * Caller holds vnode lock.
+ */
+void
+vnode_relabel(struct vnode *vp)
+{
+
+ /* Wait for other labeling to complete. */
+ while (vp->v_lflag & VL_LABEL) {
+ vp->v_lflag |= VL_LABELWAIT;
+ (void)msleep(vp->v_label, &vp->v_lock, PVFS, "vnode_relabel", 0);
+ }
+
+ /* Clear labeled flag */
+ vp->v_lflag &= ~VL_LABELED;
+
+ return;
+}
+
+/*
* VFS XATTR helpers.
*/
==== //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#7 (text+ko) ====
@@ -353,25 +353,14 @@
return (error);
}
-static void
+static int
color_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
- int error;
- size_t buflen = 16;
- char buf[buflen];
- co_setlabel(vlabel, NULL);
- error = mac_vnop_getxattr(vp, MAC_COLOR_XATTR_NAME, buf,
- sizeof(buf), &buflen);
-
- /* It's ok to have a NULL file label */
- if (error)
- return;
-
- co_setlabelstring(vlabel, buf);
-
- return;
+ if (bcmp(name, MAC_COLOR_XATTR_NAME, sizeof(MAC_COLOR_XATTR_NAME)) != 0)
+ return (0);
+ return (1);
}
@@ -381,7 +370,6 @@
{
int error;
struct color *color;
- struct vfs_context context;
color = co_getlabel(intlabel);
if (color == NULL)
==== //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#6 (text+ko) ====
@@ -320,7 +320,7 @@
* Add a reference to 'src' to 'dst'.
*/
static void
-mac_console_reference_label (struct label *src, struct label *dest)
+mac_console_label_reference (struct label *src, struct label *dest)
{
struct mac_console *mc;
@@ -349,12 +349,12 @@
#ifdef APPLE
static void
-mac_console_cred_create (struct ucred *parent_cred, struct ucred *child_cred)
+mac_console_cred_label_associate (struct ucred *parent_cred, struct ucred *child_cred)
{
if (parent_cred == NULL || child_cred == NULL)
return;
- mac_console_reference_label(parent_cred->cr_label, child_cred->cr_label);
+ mac_console_label_reference(parent_cred->cr_label, child_cred->cr_label);
}
#endif
@@ -505,7 +505,7 @@
kauth_cred_rele(oldcred);
#endif
- mac_console_reference_label(l->lc_label, p->p_ucred->cr_label);
+ mac_console_label_reference(l->lc_label, p->p_ucred->cr_label);
return;
}
@@ -513,7 +513,7 @@
mac_console_lctx_notify_join (struct proc *p, struct lctx *l)
{
- mac_console_reference_label(l->lc_label, p->p_ucred->cr_label);
+ mac_console_label_reference(l->lc_label, p->p_ucred->cr_label);
return;
}
@@ -629,7 +629,7 @@
#endif
if (error) {
sbuf_delete(sb);
- return (error);
+ return (0);
}
sbuf_finish(sb);
@@ -749,9 +749,9 @@
.mpo_cred_label_destroy = mac_console_label_destroy,
#if defined(__FreeBSD__)
- .mpo_cred_label_copy = mac_console_reference_label,
+ .mpo_copy_cred_label = mac_console_label_reference,
#elif defined(__APPLE__)
- .mpo_cred_label_associate = mac_console_cred_create,
+ .mpo_cred_label_associate = mac_console_cred_label_associate,
#endif
.mpo_cred_label_externalize = mac_console_label_externalize,
.mpo_cred_label_internalize = mac_console_label_internalize,
@@ -773,7 +773,7 @@
.mpo_vnode_label_internalize = mac_console_label_internalize,
.mpo_vnode_label_update = mac_console_vnode_label_update,
- .mpo_vnode_label_associate_extattr = mac_console_vnode_label_associate_extattr,
+ .mpo_vnode_label_associate_extattr= mac_console_vnode_label_associate_extattr,
.mpo_vnode_label_store = mac_console_vnode_label_store,
.mpo_vnode_check_access = mac_console_vnode_check_open,
==== //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#3 (text+ko) ====
@@ -30,6 +30,8 @@
#include <string.h>
+static mac_policy_handle_t mac_device_access_handle;
+
/*
* define DA_DEBUG to display run-time debugging information
* #define DA_DEBUG 1
@@ -126,8 +128,6 @@
};
static unsigned int devlist_ents = sizeof(devlist) / sizeof(struct allowed_devs);
-static mac_policy_handle_t device_access_handle;
-
/*
* SYSCTL entry points
*/
@@ -181,7 +181,7 @@
}
static int
-device_access_check_device(int devtype, struct mac_module_data *mdata)
+device_access_iokit_check_device(int devtype, struct mac_module_data *mdata)
{
unsigned int matches;
unsigned int i, j;
@@ -212,8 +212,8 @@
.mpo_policy_destroy = device_access_policy_destroy,
.mpo_policy_init = device_access_policy_init,
.mpo_policy_initbsd = device_access_policy_initbsd,
- .mpo_iokit_check_device = device_access_check_device,
+ .mpo_iokit_check_device = device_access_iokit_check_device,
};
-MAC_POLICY_SET(device_access_handle, &mac_device_access_ops, device_access,
+MAC_POLICY_SET(mac_device_access_handle, &mac_device_access_ops, device_access,
POLICY_DESC, NULL, 0, NULL, 0, 0);
==== //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#6 (text+ko) ====
@@ -217,14 +217,14 @@
return (0);
}
-static void
+static int
extattr_test_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
XA_TRACE;
XA_VALID(vlabel, "update");
DPRINTF(("%s called for %s!\n", __FUNCTION__, name));
- return;
+ return (0);
}
/*
@@ -300,7 +300,7 @@
XA_TRACE;
if (!mac_extattr_test_enabled)
return(0);
- XA_VALID(vlabel, "vnode_create");
+ XA_VALID(vlabel, "vnode_label_associate");
xa_filllabel(SLOT(vlabel));
error = mac_vnop_setxattr(vp, MAC_EXTATTR_XATTR_NAME,
(char *)SLOT(vlabel), XA_SIZE);
==== //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#6 (text+ko) ====
@@ -120,7 +120,7 @@
}
static void
-mac_fwinteg_finalize(void)
+mac_fwinteg_notify_finalize(void)
{
struct policy_entry *pe;
@@ -138,7 +138,7 @@
.mpo_policy_init = mac_fwinteg_policy_init,
.mpo_base_check_module_load = mac_fwinteg_base_check_module_load,
.mpo_base_check_module_unload = mac_fwinteg_base_check_module_unload,
- .mpo_base_notify_finalize = mac_fwinteg_finalize
+ .mpo_base_notify_finalize = mac_fwinteg_notify_finalize
};
MAC_POLICY_SET(mac_fwinteg_handle, &mac_fwinteg_ops, fwinteg, POLICY_DESC,
==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#12 (text+ko) ====
@@ -627,7 +627,7 @@
static void
-mac_mls_cleanup_label(struct label *label)
+mac_mls_recycle_label(struct label *label)
{
bzero(SLOT(label), sizeof(struct mac_mls));
@@ -924,7 +924,7 @@
(rangelow == NULL && rangehigh == NULL),
("mac_mls_parse: range mismatch"));
- bzero(mac_mls, sizeof(*mac_mls));
+ bzero(mac_mls, sizeof(struct mac_mls));
if (effective != NULL) {
error = mac_mls_parse_element(&mac_mls->mm_effective, effective);
if (error)
@@ -1200,7 +1200,7 @@
dest = SLOT(vlabel);
buflen = 0;
- bzero(&temp, sizeof(temp));
+ bzero(&temp, sizeof(struct mac_mls));
error = mac_vnop_getxattr(vp, MAC_MLS_EXTATTR_NAME,
(char *)&temp, sizeof(temp), &buflen);
@@ -1231,58 +1231,14 @@
return (0);
}
-static void
+static int
mac_mls_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
- struct mac_mls temp, *source, *dest;
- size_t buflen;
- int error;
if (bcmp(name, MAC_MLS_EXTATTR_NAME, sizeof(MAC_MLS_EXTATTR_NAME)) != 0)
- return;
-
- source = SLOT(mntlabel);
- dest = SLOT(vlabel);
-
- /* The vnode label had a previous value */
- /* XXX: bzero(dest, sizeof(dest)); */
-
- buflen = 0;
- bzero(&temp, sizeof(temp));
-
- error = mac_vnop_getxattr(vp, MAC_MLS_EXTATTR_NAME,
- (char *)&temp, sizeof(temp), &buflen);
- if (error)
- goto out;
-
- if (buflen != sizeof(temp)) {
- printf("mac_mls_vnode_label_update_extattr: bad size %d\n",
- buflen);
- MLS_MESSAGE("mac_mls_vnode_label_update_extattr : EPERM\n");
- goto out;
- }
- if (mac_mls_valid(&temp) != 0) {
- printf("mac_mls_vnode_label_update_extattr: invalid\n");
- MLS_MESSAGE("mac_mls_vnode_label_update_extattr : EPERM\n");
- goto out;
- }
- if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) {
- printf("mac_mls_vnode_label_update_extattr: not effective\n");
- goto out;
- }
-
- mac_mls_copy_effective(&temp, dest);
- return;
-
-out:
- /*
- * The operation has already been permitted via
- * mac_mls_vnode_check_setextattr, we cannot fail here.
- * Instead, fall back to the mntlabel.
- */
- mac_mls_copy_effective(source, dest);
- return;
+ return (0);
+ return (1);
}
static void
@@ -1305,7 +1261,7 @@
struct mac_mls *source, *dest, temp;
int error;
- bzero(&temp, sizeof(temp));
+ bzero(&temp, sizeof(struct mac_mls));
source = SLOT(cred->cr_label);
dest = SLOT(vlabel);
@@ -1330,7 +1286,7 @@
struct mac_mls *source, temp;
int error;
- bzero(&temp, sizeof(temp));
+ bzero(&temp, sizeof(struct mac_mls));
source = SLOT(intlabel);
if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0)
@@ -1647,24 +1603,9 @@
}
/*
- * Labeling event operations: Login Context
+ * Label recycle/flush operations.
*/
-
static void
-mac_mls_lctx_label_update (struct lctx *l, struct label *newlabel)
-{
- struct mac_mls *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(l->lc_label);
-
- mac_mls_copy(source, dest);
-}
-
-/*
- * Label cleanup/flush operations.
- */
-static void
mac_mls_sysvsem_label_recycle(struct label *semalabel)
{
@@ -4027,15 +3968,17 @@
static struct mac_policy_ops mac_mls_ops =
{
- .mpo_policy_destroy = mac_mls_policy_destroy,
- .mpo_policy_init = mac_mls_policy_init,
- .mpo_policy_initbsd = mac_mls_policy_initbsd,
+ .mpo_policy_destroy = mac_mls_policy_destroy,
+ .mpo_policy_init = mac_mls_policy_init,
+ .mpo_policy_initbsd = mac_mls_policy_initbsd,
.mpo_policy_syscall = mac_mls_syscall,
.mpo_port_label_compute = mac_mls_port_label_compute,
.mpo_port_check_service = mac_mls_port_check_service,
.mpo_cred_check_label_update = mac_mls_cred_check_label_update,
.mpo_cred_check_visible = mac_mls_cred_check_visible,
+ .mpo_file_check_fcntl = mac_mls_file_check_fcntl,
+ .mpo_file_check_ioctl = mac_mls_file_check_ioctl,
.mpo_file_check_get = mac_mls_file_check_get,
.mpo_file_check_set = mac_mls_file_check_set,
.mpo_cred_label_destroy = mac_mls_label_destroy,
@@ -4045,19 +3988,12 @@
.mpo_cred_label_internalize = mac_mls_label_internalize,
.mpo_cred_label_associate = mac_mls_cred_label_associate,
.mpo_cred_label_update = mac_mls_cred_label_update,
- .mpo_file_check_fcntl = mac_mls_file_check_fcntl,
- .mpo_file_check_ioctl = mac_mls_file_check_ioctl,
- .mpo_lctx_label_destroy = mac_mls_label_destroy,
- .mpo_lctx_label_init = mac_mls_label_init,
- .mpo_lctx_label_externalize = mac_mls_label_externalize,
- .mpo_lctx_label_internalize = mac_mls_label_internalize,
- .mpo_lctx_label_update = mac_mls_lctx_label_update,
.mpo_devfs_label_copy = mac_mls_label_copy,
.mpo_devfs_label_associate_device = mac_mls_devfs_label_associate_device,
.mpo_devfs_label_associate_directory= mac_mls_devfs_label_associate_directory,
.mpo_devfs_label_destroy = mac_mls_label_destroy,
.mpo_devfs_label_init = mac_mls_label_init,
- .mpo_devfs_label_update = mac_mls_devfs_label_update,
+ .mpo_devfs_label_update = mac_mls_devfs_label_update,
.mpo_mount_check_stat = mac_mls_mount_check_stat,
.mpo_mount_check_getattr = mac_mls_mount_check_getattr,
.mpo_mount_check_setattr = mac_mls_mount_check_setattr,
@@ -4071,8 +4007,8 @@
.mpo_task_label_init = mac_mls_label_init,
.mpo_port_label_destroy = mac_mls_label_destroy,
.mpo_task_label_destroy = mac_mls_label_destroy,
+ .mpo_port_label_copy = mac_mls_label_copy,
.mpo_task_label_copy = mac_mls_label_copy,
- .mpo_port_label_copy = mac_mls_label_copy,
.mpo_port_label_update_cred = mac_mls_port_label_update_cred,
.mpo_task_label_update = mac_mls_task_label_update,
.mpo_port_label_associate = mac_mls_port_label_associate,
@@ -4102,8 +4038,8 @@
.mpo_vnode_label_associate_devfs = mac_mls_vnode_label_associate_devfs,
.mpo_vnode_label_associate_extattr = mac_mls_vnode_label_associate_extattr,
.mpo_vnode_label_associate_singlelabel= mac_mls_vnode_label_associate_singlelabel,
- .mpo_vnode_label_recycle = mac_mls_cleanup_label,
- .mpo_vnode_label_copy = mac_mls_label_copy,
+ .mpo_vnode_label_recycle = mac_mls_recycle_label,
+ .mpo_vnode_label_copy = mac_mls_label_copy,
.mpo_vnode_notify_create = mac_mls_vnode_notify_create,
.mpo_vnode_label_update_extattr = mac_mls_vnode_label_update_extattr,
.mpo_vnode_label_destroy = mac_mls_label_destroy,
@@ -4207,8 +4143,8 @@
.mpo_mbuf_label_destroy = mac_mls_mbuf_label_destroy,
.mpo_socket_label_destroy = mac_mls_label_destroy,
.mpo_socketpeer_label_destroy = mac_mls_label_destroy,
- .mpo_socket_label_internalize = mac_mls_label_internalize,
- .mpo_socket_label_externalize = mac_mls_label_externalize,
+ .mpo_socket_label_internalize = mac_mls_label_internalize,
+ .mpo_socket_label_externalize = mac_mls_label_externalize,
.mpo_socketpeer_label_externalize = mac_mls_label_externalize,
.mpo_mbuf_label_associate_bpfdesc = mac_mls_mbuf_label_associate_bpfdesc,
.mpo_mbuf_label_associate_ifnet = mac_mls_mbuf_label_associate_ifnet,
@@ -4218,7 +4154,7 @@
.mpo_socket_label_update = mac_mls_socket_label_update,
.mpo_socketpeer_label_associate_mbuf= mac_mls_socketpeer_label_associate_mbuf,
.mpo_socketpeer_label_associate_socket= mac_mls_socketpeer_label_associate_socket,
- .mpo_socket_check_accept = mac_mls_socket_check_accept,
+ .mpo_socket_check_accept = mac_mls_socket_check_accept,
.mpo_socket_check_bind = mac_mls_socket_check_bind,
.mpo_socket_check_connect = mac_mls_socket_check_connect,
.mpo_socket_check_create = mac_mls_socket_check_create,
==== //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#5 (text+ko) ====
@@ -21,6 +21,10 @@
(strcmp(mp->mnt_vfsstat.f_fstypename, "hfs") == 0))
mp->mnt_flag |= MNT_MULTILABEL;
+ /* MULTILABEL on DEVFS. */
+ if (strcmp(mp->mnt_vfsstat.f_fstypename, "devfs") == 0)
+ mp->mnt_flag |= MNT_MULTILABEL;
+
/* MULTILABEL on all NFS filesystems. */
if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0)
mp->mnt_flag |= MNT_MULTILABEL;
==== //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#5 (text+ko) ====
@@ -118,7 +118,7 @@
static void
-readonly_cleanup_label(struct label *label)
+readonly_label_recycle(struct label *label)
{
RO_VALID(label, "cleanup");
@@ -239,38 +239,14 @@
sysctl_register_oid(&sysctl__security_mac_readonly_enabled);
}
-static void
+static int
readonly_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
- int error;
- size_t buflen;
- struct ro_label ro;
- bzero(&ro, sizeof(struct ro_label));
- ro_setflags(vlabel, RO_FLAG_CLEAN);
- error = mac_vnop_getxattr(vp, MAC_READONLY_XATTR_NAME, (char *)&ro,
- sizeof(struct ro_label), &buflen);
-
- if (error == ENOATTR)
- return;
- if (error == EOPNOTSUPP) {
- ro_setflags(vlabel, RO_FLAG_READONLY | RO_FLAG_NOTSUPP);
- return;
- }
- if (error)
- return; /* too bad */
-
- if (buflen != sizeof(struct ro_label)) {
- /* vnode label is read only, not failure */
- printf("MAC readonly bad size(%d) on read xattr\n", buflen);
- ro_setflags(vlabel, RO_FLAG_NOTSUPP);
- return;
- }
-
- ro_setflags(vlabel, ro.flags);
-
- return;
+ if (bcmp(name, MAC_READONLY_XATTR_NAME, sizeof(MAC_READONLY_XATTR_NAME)) != 0)
+ return (0);
+ return (1);
}
static int
@@ -528,7 +504,7 @@
.mpo_policy_initbsd = readonly_policy_initbsd,
.mpo_vnode_label_init = readonly_label_init,
.mpo_vnode_label_destroy = readonly_label_destroy,
- .mpo_vnode_label_recycle = readonly_cleanup_label,
+ .mpo_vnode_label_recycle = readonly_label_recycle,
.mpo_vnode_label_update_extattr = readonly_vnode_label_update_extattr,
.mpo_vnode_label_copy = readonly_label_copy,
.mpo_vnode_label_externalize = readonly_label_externalize,
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#23 (text+ko) ====
@@ -756,47 +756,16 @@
}
/*
- * Update the label on a vnode after its extattr has been modified
- * by Vendor functions. Note that we don't reset the security class
- * since the underlying vnode type should not have changed.
+ * We want to update the label on a vnode if its extattr has been modified
+ * by Vendor functions.
*/
-static void
+static int
sebsd_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
- struct mount_security_struct *sbsec;
- struct vnode_security_struct *vsec;
- /*
- * TBD: static buffers aren't a good idea, and SELinux contexts
- * aren't restricted in length.
- */
- char context[256];
- size_t context_len = sizeof(context);
- int error;
- if (strcmp(name, SEBSD_MAC_EXTATTR_NAME) != 0)
- return;
-
- vsec = SLOT(vlabel);
-
- error = mac_vnop_getxattr(vp, SEBSD_MAC_EXTATTR_NAME,
- context, sizeof(context), &context_len);
- if (!error) {
- error = security_context_to_sid(context, context_len,
- &vsec->sid);
- if (error)
- printf("%s: ERROR mapping context to sid: %.*s\n",
- __func__, context_len, context);
- }
-
- /* Fall back to the mount label on error */
- if (error) {
- if (mntlabel) {
- sbsec = SLOT(mntlabel);
- vsec->sid = sbsec->sid;
- } else
- vsec->sid = SECINITSID_UNLABELED;
- }
+ return (bcmp(name, SEBSD_MAC_EXTATTR_NAME,
+ sizeof(SEBSD_MAC_EXTATTR_NAME)) == 0);
}
static void
==== //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#5 (text+ko) ====
@@ -105,7 +105,7 @@
static int global_naxdepth = 0; // highest recursion level
// TODO add a timestamp for time of last call
// TODO add a timestamp for time of last reset
-static short global_enable = STACKTRACE_OFF; // STACKTRACE_ON, STACKTRACE_OFF or STACKTRACE_FULL; starts OFF till initbsd
+static short global_enable = STACKTRACE_OFF; // STACKTRACE_ON, STACKTRACE_OFF or STACKTRACE_FULL; starts OFF till policy_initbsd
/*
* Initialize buffer pointers.
==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#11 (text+ko) ====
@@ -843,7 +843,7 @@
CLEANUP_LABEL(label, VNODETYPE);
}
-static void
+static int
mac_test_vnode_label_update_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel, char *name)
{
@@ -853,6 +853,8 @@
USE_LABEL(mntlabel, MOUNTTYPE);
USE_LABEL(vlabel, VNODETYPE);
+
+ return (0);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list