PERFORCE change 108869 for review
Todd Miller
millert at FreeBSD.org
Tue Oct 31 22:48:26 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=108869
Change 108869 by millert at millert_macbook on 2006/10/31 22:23:12
Change ikm_sender from struct ipc_labelh * to task_t. This
allows us to report the correct sender in the avc audit
logs for MiG-based permissions. To do this, we now pass a
struct proc * to mpo_port_check_method.
This time we don't need to hold a reference to the label handle,
keeping a reference to the task_t is sufficient as that has
its own label handle reference.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 (text+ko) ====
@@ -295,7 +295,6 @@
#ifdef MAC
if (kmsg->ikm_sender != NULL) {
- labelh_release(kmsg->ikm_sender->label);
task_deallocate(kmsg->ikm_sender);
kmsg->ikm_sender = NULL;
}
@@ -664,7 +663,6 @@
#ifdef MAC
if (kmsg->ikm_sender != NULL) {
- labelh_release(kmsg->ikm_sender->label);
task_deallocate(kmsg->ikm_sender);
kmsg->ikm_sender = NULL;
}
@@ -775,7 +773,6 @@
task_t cur = current_task();
if (cur) {
task_reference(cur);
- labelh_reference(cur->label);
kmsg->ikm_sender = cur;
} else
trailer->msgh_labels.sender = 0;
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#7 (text+ko) ====
@@ -706,6 +706,8 @@
#endif
case AVC_AUDIT_DATA_FS:
if (a->u.fs.vp && tsk) {
+ char *pbuf = NULL;
+ char *path = a->u.fs.path;
struct vnode *vp = a->u.fs.vp;
struct vnode_attr va;
struct vfs_context vfs_ctx =
@@ -713,10 +715,22 @@
VATTR_INIT(&va);
VATTR_WANTED(&va, va_fileid);
if (vnode_getattr(vp, &va, &vfs_ctx) == 0) {
- audit_log_format(ab,
- " inode=%llu, mountpoint=%s,",
- va.va_fileid,
+ audit_log_format(ab, " inode=%llu, "
+ "mountpoint=%s,", va.va_fileid,
vp->v_mount->mnt_vfsstat.f_mntonname);
+ if (path == NULL) {
+ int len = MAXPATHLEN;
+ pbuf = sebsd_malloc(MAXPATHLEN,
+ M_SEBSD, M_NOWAIT);
+ if (pbuf != NULL &&
+ !vn_getpath(vp, pbuf, &len))
+ path = pbuf;
+ }
+ if (path != NULL)
+ audit_log_format(ab,
+ " path=%s,", path);
+ if (pbuf != NULL)
+ sebsd_free(pbuf, M_SEBSD);
break;
}
audit_log_format(ab,
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.h#5 (text+ko) ====
@@ -49,6 +49,7 @@
union {
struct {
struct vnode *vp;
+ char *path;
} fs;
struct {
char *netif;
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#30 (text+ko) ====
@@ -440,7 +440,7 @@
}
static int
-vnode_has_perm(struct ucred *cred, struct vnode *vp, u_int32_t perm)
+vnode_has_perm(struct ucred *cred, struct vnode *vp, char *path, u_int32_t perm)
{
struct task_security_struct *task;
struct vnode_security_struct *file;
@@ -451,6 +451,7 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
+ ad.u.fs.path = path;
/* Update security class if not set or vnode was recycled. */
if (file->sclass == 0 || vp->v_type == VBAD)
@@ -1482,7 +1483,7 @@
vsec = SLOT(vl);
task = SLOT(cred->cr_label);
- rc = vnode_has_perm(cred, vp, FILE__MOUNTON);
+ rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON);
if (rc)
goto done;
@@ -1950,7 +1951,7 @@
if (mask == 0)
return (0);
- return (vnode_has_perm(cred, vp,
+ return (vnode_has_perm(cred, vp, NULL,
file_mask_to_av(vp->v_type, mask)));
}
@@ -1960,7 +1961,7 @@
{
/* MAY_EXEC ~= DIR__SEARCH */
- return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
}
static int
@@ -1970,7 +1971,7 @@
/* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */
/* MAY_EXEC ~= DIR__SEARCH */
- return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH));
}
static int
@@ -1995,6 +1996,7 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = dvp;
+ ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__ADD_NAME | DIR__SEARCH, &ad);
@@ -2051,6 +2053,7 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
+ ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__SEARCH | DIR__REMOVE_NAME, &ad);
@@ -2073,7 +2076,7 @@
struct label *label, acl_type_t type)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
#endif
@@ -2083,10 +2086,10 @@
{
int error;
- error = vnode_has_perm(cred, v1, FILE__READ | FILE__WRITE);
+ error = vnode_has_perm(cred, v1, NULL, FILE__READ | FILE__WRITE);
if (error)
return (error);
- return (vnode_has_perm(cred, v2, FILE__READ | FILE__WRITE));
+ return (vnode_has_perm(cred, v2, NULL, FILE__READ | FILE__WRITE));
}
static int
@@ -2151,7 +2154,7 @@
struct label *label, acl_type_t type)
{
- return (vnode_has_perm(cred, vp, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
}
#endif
@@ -2160,7 +2163,7 @@
struct label *vlabel, struct attrlist *alist)
{
- return (vnode_has_perm(cred, vp, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
}
static int
@@ -2168,7 +2171,7 @@
struct label *label, const char *name, struct uio *uio)
{
- return (vnode_has_perm(cred, vp, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
}
#if defined(FILE__POLL) && defined(FILE__GETATTR)
@@ -2180,9 +2183,9 @@
switch (kn->kn_filter) {
case EVFILT_READ:
case EVFILT_WRITE:
- return (vnode_has_perm(cred, vp, FILE__POLL));
+ return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
case EVFILT_VNODE:
- return (vnode_has_perm(cred, vp, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
default:
return (0);
}
@@ -2208,6 +2211,7 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
+ ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, dir->sid, SECCLASS_DIR,
DIR__SEARCH | DIR__ADD_NAME, &ad);
@@ -2228,7 +2232,7 @@
return (ENOTDIR);
/* TBD: DIR__READ as well? */
- return (vnode_has_perm(cred, dvp, DIR__SEARCH));
+ return (vnode_has_perm(cred, dvp, cnp->cn_pnbuf, DIR__SEARCH));
}
static int
@@ -2247,7 +2251,7 @@
if (!mask)
return (0);
- return (vnode_has_perm(cred, vp,
+ return (vnode_has_perm(cred, vp, NULL,
file_mask_to_av(vp->v_type, mask)));
}
@@ -2256,7 +2260,7 @@
struct vnode *vp, struct label *label)
{
- return (vnode_has_perm(cred, vp, FILE__READ));
+ return (vnode_has_perm(cred, vp, NULL, FILE__READ));
}
static int
@@ -2264,7 +2268,7 @@
struct label *dlabel)
{
- return (vnode_has_perm(cred, dvp, DIR__READ));
+ return (vnode_has_perm(cred, dvp, NULL, DIR__READ));
}
static int
@@ -2272,7 +2276,7 @@
struct label *label)
{
- return (vnode_has_perm(cred, vp, FILE__READ));
+ return (vnode_has_perm(cred, vp, NULL, FILE__READ));
}
static int
@@ -2342,6 +2346,8 @@
sebsd_audit_sid("source directory", old_dir->sid);
AVC_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.vp = vp;
+ ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, old_dir->sid, SECCLASS_DIR,
DIR__REMOVE_NAME | DIR__SEARCH, &ad);
@@ -2400,6 +2406,7 @@
AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.vp = vp;
+ ad.u.fs.path = cnp->cn_pnbuf;
rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, NULL);
if (rc)
@@ -2439,7 +2446,7 @@
struct label *label, int which)
{
- return (vnode_has_perm(cred, vp, FILE__POLL));
+ return (vnode_has_perm(cred, vp, NULL, FILE__POLL));
}
#endif
@@ -2449,7 +2456,7 @@
struct label *label, acl_type_t type, struct acl *acl)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
#endif
@@ -2459,7 +2466,7 @@
struct label *vlabel, struct attrlist *alist)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
#endif
@@ -2468,7 +2475,7 @@
struct label *label, const char *name, struct uio *uio)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
static int
@@ -2476,7 +2483,7 @@
struct label *label, u_long flags)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
static int
@@ -2484,7 +2491,7 @@
struct label *label, mode_t mode)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
static int
@@ -2492,7 +2499,7 @@
struct label *label, uid_t uid, gid_t gid)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
static int
@@ -2500,7 +2507,7 @@
struct label *label, struct timespec atime, struct timespec mtime)
{
- return (vnode_has_perm(cred, vp, FILE__SETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SETATTR));
}
static int
@@ -2508,7 +2515,7 @@
struct vnode *vp, struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, FILE__GETATTR));
+ return (vnode_has_perm(cred, vp, NULL, FILE__GETATTR));
}
static int
@@ -2831,7 +2838,7 @@
struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, FILE__SWAPON));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
}
#if 0
@@ -2840,7 +2847,7 @@
struct label *vnodelabel)
{
- return (vnode_has_perm(cred, vp, FILE__SWAPON));
+ return (vnode_has_perm(cred, vp, NULL, FILE__SWAPON));
}
#endif
@@ -2863,7 +2870,7 @@
struct vnode *vp, struct label *label)
{
- return (vnode_has_perm(cred, vp, FILE__WRITE));
+ return (vnode_has_perm(cred, vp, NULL, FILE__WRITE));
}
static int
@@ -2885,7 +2892,7 @@
if (prot & PROT_EXEC)
av |= FILE__EXECUTE;
- return (vnode_has_perm(cred, vp, av));
+ return (vnode_has_perm(cred, vp, NULL, av));
}
return (0);
}
@@ -2908,7 +2915,7 @@
if (prot & PROT_EXEC)
av |= FILE__EXECUTE;
- return (vnode_has_perm(cred, vp, av));
+ return (vnode_has_perm(cred, vp, NULL, av));
}
return (0);
}
@@ -3026,7 +3033,7 @@
return (0);
return (vnode_has_perm(cred, (struct vnode *)fg->fg_data,
- FILE__IOCTL));
+ NULL, FILE__IOCTL));
}
/*
More information about the trustedbsd-cvs
mailing list