From owner-p4-projects@FreeBSD.ORG  Mon Oct  6 17:13:30 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id DA7C716A4C1; Mon,  6 Oct 2003 17:13:29 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AFEE816A4BF
	for <perforce@freebsd.org>; Mon,  6 Oct 2003 17:13:29 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F93443FBD
	for <perforce@freebsd.org>; Mon,  6 Oct 2003 17:13:27 -0700 (PDT)
	(envelope-from Hrishikesh_Dandekar@NAI.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h970DRXJ083433
	for <perforce@freebsd.org>; Mon, 6 Oct 2003 17:13:27 -0700 (PDT)
	(envelope-from Hrishikesh_Dandekar@NAI.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h970DQ2u083430
	for perforce@freebsd.org; Mon, 6 Oct 2003 17:13:26 -0700 (PDT)
	(envelope-from Hrishikesh_Dandekar@NAI.com)
Date: Mon, 6 Oct 2003 17:13:26 -0700 (PDT)
Message-Id: <200310070013.h970DQ2u083430@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	Hrishikesh_Dandekar@NAI.com using -f
From: Hrishikesh Dandekar <hdandeka@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 39277 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2003 00:13:30 -0000

http://perforce.freebsd.org/chv.cgi?CH=39277

Change 39277 by hdandeka@hdandeka_yash on 2003/10/06 17:12:31

	Add the message queue label as an additional parameter to the
	mac_create_ipc_msgmsg hook.  This label is used along with the label of
	the requesting thread by the SEBSD module to calculate the label of 
	the new ipc message object. All the other MAC policies disregard
	this label.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#411 (text+ko) ====

@@ -2372,10 +2372,12 @@
 }
 
 void
-mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr)
+mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 
+    struct msg *msgptr)
 {
 				
-	MAC_PERFORM(create_ipc_msgmsg, cred, msgptr, &msgptr->label);
+	MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, &msqkptr->label, 
+		msgptr, &msgptr->label);
 }
 
 void

==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#13 (text+ko) ====

@@ -890,7 +890,7 @@
 	msghdr->msg_spot = -1;
 	msghdr->msg_ts = msgsz;
 #ifdef MAC
-	mac_create_ipc_msgmsg(td->td_ucred,msghdr);
+	mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr);
 	/* 
 	 * XXX: Should the mac_check_ipc_msgmsq check follow here immediately ? 
 	 * Or, should it be checked just before the msg is enqueued in the msgq 

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#222 (text+ko) ====

@@ -1172,11 +1172,12 @@
  */
 
 static void
-mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
-    struct label *msglabel)
+mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
 	struct mac_biba *source, *dest;
 
+	/* Ignore the msgq label */
 	source = SLOT(&cred->cr_label);
 	dest = SLOT(msglabel);
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#69 (text+ko) ====

@@ -1244,11 +1244,12 @@
  * Labeling event operations: System V IPC objects.
  */
 static void
-mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
-    struct label *msglabel)
+mac_lomac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
 	struct mac_lomac *source, *dest;
 
+	/* Ignore the msgq label */
 	source = SLOT(&cred->cr_label);
 	dest = SLOT(msglabel);
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#180 (text+ko) ====

@@ -1140,11 +1140,12 @@
  */
 
 static void
-mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
-    struct label *msglabel)
+mac_mls_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
 	struct mac_mls *source, *dest;
 
+	/* Ignore the msgq label */
 	source = SLOT(&cred->cr_label);
 	dest = SLOT(msglabel);
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#8 (text+ko) ====

@@ -344,8 +344,8 @@
 }
 
 static void
-stub_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
-    struct label *msglabel)
+stub_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
 
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#114 (text+ko) ====

@@ -988,11 +988,12 @@
 }
 
 static void
-mac_test_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr,
-    struct label *msglabel)
+mac_test_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
 
 	ASSERT_SYSVIPCMSG_LABEL(msglabel);
+	ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
 }
 
 static void

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#247 (text+ko) ====

@@ -214,7 +214,8 @@
 /*
  * Labeling event operations: System V IPC primitives
  */
-void	mac_create_ipc_msgmsg(struct ucred *cred, struct msg *msgptr);
+void	mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+	    struct msg *msgptr);
 void	mac_create_ipc_msgqueue(struct ucred *cred,
 	    struct msqid_kernel *msqkptr);
 void	mac_create_ipc_sema(struct ucred *cred,

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#199 (text+ko) ====

@@ -217,7 +217,10 @@
 	/*    
 	 * Labeling event operations: System V IPC primitives
 	 */
-	void (*mpo_create_ipc_msgmsg)(struct ucred *cred, struct msg *msgptr,
+	void (*mpo_create_ipc_msgmsg)(struct ucred *cred, 
+		    struct msqid_kernel *msqkptr, 
+		    struct label *msqlabel,
+		    struct msg *msgptr,
 		    struct label *msglabel);
 	void (*mpo_create_ipc_msgqueue)(struct ucred *cred, 
 		    struct msqid_kernel *msqkptr, struct label *msqlabel);