From owner-trustedbsd-cvs@FreeBSD.ORG Tue Nov 14 18:54:09 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED09616A51A for ; Tue, 14 Nov 2006 18:54:09 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FA7543D45 for ; Tue, 14 Nov 2006 18:54:08 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 3962C46DEB for ; Tue, 14 Nov 2006 13:54:06 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id D40985B7E7; Tue, 14 Nov 2006 18:51:22 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 4639B16A565; Tue, 14 Nov 2006 18:51:18 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2410216A562 for ; Tue, 14 Nov 2006 18:51:18 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3E6143D49 for ; Tue, 14 Nov 2006 18:51:17 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kAEIpH2e012001 for ; Tue, 14 Nov 2006 18:51:17 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kAEIpHL4011995 for perforce@freebsd.org; Tue, 14 Nov 2006 18:51:17 GMT (envelope-from millert@freebsd.org) Date: Tue, 14 Nov 2006 18:51:17 GMT Message-Id: <200611141851.kAEIpHL4011995@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 109960 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2006 18:54:10 -0000 http://perforce.freebsd.org/chv.cgi?CH=109960 Change 109960 by millert@millert_g5tower on 2006/11/14 18:51:12 Rename mac_vnode_label_associate_file() to mac_vnode_label_associate_fdesc() and pass in a richer set of args. With this we no longer need a vnode_label_associate_cred entry point. The policy itself can decide whether to fall back to the cred or mount label in the abscence of a file label. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#15 (text+ko) ==== @@ -56,6 +56,7 @@ struct bpf_d; struct componentname; struct devnode; +struct fdescnode; struct fileglob; struct ifnet; struct lctx; @@ -149,8 +150,8 @@ struct vnode *vp); int mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp); void mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp); -int mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, - struct vnode *vp); +int mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, + struct vnode *vp, vfs_context_t ctx); void mac_devfs_label_associate_device(dev_t dev, struct devnode *de, const char *fullpath); void mac_devfs_label_associate_directory(char *dirname, int dirnamelen, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#23 (text+ko) ==== @@ -1462,6 +1462,8 @@ /** @brief Associate a file label with a vnode @param cred User credential + @param mp Fdesc mount point + @param mntlabel Fdesc mount point label @param fg Fileglob structure @param label Policy label for fg @param vp Vnode to label @@ -1473,6 +1475,8 @@ */ typedef void mpo_vnode_label_associate_file_t( struct ucred *cred, + struct mount *mp, + struct label *mntlabel, struct fileglob *fg, struct label *label, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#18 (text+ko) ==== @@ -256,8 +256,7 @@ struct fdescnode *fnp; struct fileglob *fg; struct proc *p; - int error; - int fd; + int error, fd; error = 0; @@ -269,11 +268,7 @@ break; case VT_FDESC: fnp = VTOFDESC(vp); - p = vfs_context_proc(ctx); - fd = fnp->fd_fd; - fg = fd != -1 ? p->p_fd->fd_ofiles[fd]->f_fglob : NULL; - error = mac_vnode_label_associate_file(vfs_context_ucred(ctx), - fg, vp); + error = mac_vnode_label_associate_fdesc(mp, fnp, vp, ctx); break; default: error = mac_vnode_label_associate_extattr(mp, vp); @@ -778,10 +773,6 @@ if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) mp->mnt_flag |= MNT_MULTILABEL; - /* MULTILABEL on FDESC. */ - if (strcmp(mp->mnt_vfsstat.f_fstypename, "fdesc") == 0) - mp->mnt_flag |= MNT_MULTILABEL; - /* MULTILABEL on all NFS filesystems. */ if (strcmp(mp->mnt_vfsstat.f_fstypename, "nfs") == 0) mp->mnt_flag |= MNT_MULTILABEL; @@ -939,9 +930,10 @@ } int -mac_vnode_label_associate_file(struct ucred *cred, struct fileglob *fg, - struct vnode *vp) +mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp, + struct vnode *vp, vfs_context_t ctx) { + struct fileglob *fg; struct pseminfo *psem; struct pshminfo *pshm; struct xsocket xso; @@ -951,14 +943,15 @@ int error; /* - * If no backing file, use the cred label. + * If no backing file, let the policy choose which label to use. */ - if (fg == NULL) { - MAC_PERFORM(vnode_label_associate_cred, cred, - vp, vp->v_label); + if (fnp->fd_fd == -1) { + MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx), + mp, mp->mnt_mntlabel, NULL, NULL, vp, vp->v_label); return (0); } + fg = (*fdfile(vfs_context_proc(ctx), fnp->fd_fd))->f_fglob; switch (fg->fg_type) { case DTYPE_VNODE: fvp = (struct vnode *)fg->fg_data; @@ -970,37 +963,40 @@ case DTYPE_SOCKET: so = (struct socket *)fg->fg_data; sotoxsocket(so, &xso); - MAC_PERFORM(vnode_label_associate_socket, cred, &xso, - so->so_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_socket, + vfs_context_ucred(ctx), &xso, so->so_label, + vp, vp->v_label); break; case DTYPE_PSXSHM: /* XXX: should hold the PSHM_SUBSYS lock. */ pshm = pshmnodeinfo((struct pshmnode *)fg->fg_data); if (pshm == NULL) return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixshm, cred, pshm, - pshm->pshm_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_posixshm, + vfs_context_ucred(ctx), pshm, pshm->pshm_label, + vp, vp->v_label); break; case DTYPE_PSXSEM: /* XXX: should hold the PSEM_SUBSYS lock. */ psem = psemnodeinfo((struct psemnode *)fg->fg_data); if (psem == NULL) return (EINVAL); - MAC_PERFORM(vnode_label_associate_posixsem, cred, psem, - psem->psem_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_posixsem, + vfs_context_ucred(ctx), psem, psem->psem_label, + vp, vp->v_label); vnode_unlock(vp); break; case DTYPE_PIPE: /* XXX: should PIPE_LOCK */ cpipe = (struct pipe *)fg->fg_data; - MAC_PERFORM(vnode_label_associate_pipe, cred, cpipe, - cpipe->pipe_label, vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_pipe, vfs_context_ucred(ctx), + cpipe, cpipe->pipe_label, vp, vp->v_label); break; case DTYPE_KQUEUE: case DTYPE_FSEVENTS: default: - MAC_PERFORM(vnode_label_associate_file, cred, fg, fg->fg_label, - vp, vp->v_label); + MAC_PERFORM(vnode_label_associate_file, vfs_context_ucred(ctx), + mp, mp->mnt_mntlabel, fg, fg->fg_label, vp, vp->v_label); break; } return (0);