Date: Mon, 6 Oct 2003 17:13:26 -0700 (PDT) From: Hrishikesh Dandekar <hdandeka@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 39277 for review Message-ID: <200310070013.h970DQ2u083430@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=39277 Change 39277 by hdandeka@hdandeka_yash on 2003/10/06 17:12:31 Add the message queue label as an additional parameter to the mac_create_ipc_msgmsg hook. This label is used along with the label of the requesting thread by the SEBSD module to calculate the label of the new ipc message object. All the other MAC policies disregard this label. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 (text+ko) ==== @@ -2372,10 +2372,12 @@ } void -mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr) +mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct msg *msgptr) { - MAC_PERFORM(create_ipc_msgmsg, cred, msgptr, &msgptr->label); + MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, &msqkptr->label, + msgptr, &msgptr->label); } void ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 (text+ko) ==== @@ -890,7 +890,7 @@ msghdr->msg_spot = -1; msghdr->msg_ts = msgsz; #ifdef MAC - mac_create_ipc_msgmsg(td->td_ucred,msghdr); + mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr); /* * XXX: Should the mac_check_ipc_msgmsq check follow here immediately ? * Or, should it be checked just before the msg is enqueued in the msgq ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 (text+ko) ==== @@ -1172,11 +1172,12 @@ */ static void -mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_biba *source, *dest; + /* Ignore the msgq label */ source = SLOT(&cred->cr_label); dest = SLOT(msglabel); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 (text+ko) ==== @@ -1244,11 +1244,12 @@ * Labeling event operations: System V IPC objects. */ static void -mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_lomac *source, *dest; + /* Ignore the msgq label */ source = SLOT(&cred->cr_label); dest = SLOT(msglabel); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 (text+ko) ==== @@ -1140,11 +1140,12 @@ */ static void -mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_mls *source, *dest; + /* Ignore the msgq label */ source = SLOT(&cred->cr_label); dest = SLOT(msglabel); ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 (text+ko) ==== @@ -344,8 +344,8 @@ } static void -stub_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { } ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 (text+ko) ==== @@ -988,11 +988,12 @@ } static void -mac_test_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +mac_test_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { ASSERT_SYSVIPCMSG_LABEL(msglabel); + ASSERT_SYSVIPCMSQ_LABEL(msqlabel); } static void ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 (text+ko) ==== @@ -214,7 +214,8 @@ /* * Labeling event operations: System V IPC primitives */ -void mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr); +void mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, + struct msg *msgptr); void mac_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr); void mac_create_ipc_sema(struct ucred *cred, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 (text+ko) ==== @@ -217,7 +217,10 @@ /* * Labeling event operations: System V IPC primitives */ - void (*mpo_create_ipc_msgmsg)(struct ucred *cred, struct msg *msgptr, + void (*mpo_create_ipc_msgmsg)(struct ucred *cred, + struct msqid_kernel *msqkptr, + struct label *msqlabel, + struct msg *msgptr, struct label *msglabel); void (*mpo_create_ipc_msgqueue)(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310070013.h970DQ2u083430>