Date: Sat, 20 Jul 2002 13:07:11 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14545 for review Message-ID: <200207202007.g6KK7BeX006144@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14545 Change 14545 by rwatson@rwatson_curry on 2002/07/20 13:06:37 Differentiate "search" and "readdir" MAC checks, since lookup may be seperately authorized from the ability to read the object. While I'm there, implement the mac_bsdextended_readlink check, since it was missed in a prior pass. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#180 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#56 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#34 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#44 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#38 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#40 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#8 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#8 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#114 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#77 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#180 (text+ko) ==== @@ -554,7 +554,11 @@ mpc->mpc_ops->mpo_cred_check_open_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_READLINK: + case MAC_CRED_CHECK_READDIR_VNODE: + mpc->mpc_ops->mpo_cred_check_readdir_vnode = + mpe->mpe_function; + break; + case MAC_CRED_CHECK_READLINK_VNODE: mpc->mpc_ops->mpo_cred_check_readlink_vnode = mpe->mpe_function; break; @@ -1683,6 +1687,24 @@ } int +mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp) +{ + int error; + + ASSERT_VOP_LOCKED(dvp, "mac_cred_check_readdir_vnode"); + + if (!mac_enforce_fs) + return (0); + + error = vn_refreshlabel(dvp, cred); + if (error) + return (error); + + MAC_CHECK(cred_check_readdir_vnode, cred, dvp, &dvp->v_label); + return (error); +} + +int mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp) { int error; ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#53 (text+ko) ==== @@ -4004,7 +4004,7 @@ * Using the process credentials, not the cached ones owned by the fd, * check for ability to search in a directory before reading from it. */ - error = mac_cred_check_search_vnode(td->td_ucred, vp); + error = mac_cred_check_readdir_vnode(td->td_ucred, vp); if (error) { VOP_UNLOCK(vp, 0, td); fdrop(fp, td); @@ -4152,7 +4152,7 @@ * Here also, don't use cached credentials for checking directory * search MAC. */ - error = mac_cred_check_search_vnode(td->td_ucred, vp); + error = mac_cred_check_readdir_vnode(td->td_ucred, vp); if (error == 0) #endif /* MAC */ error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#56 (text+ko) ==== @@ -1494,6 +1494,24 @@ } static int +mac_bibe_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + + return (0); +} + +static int mac_biba_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *label) { @@ -1955,6 +1973,8 @@ (macop_t)mac_biba_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_biba_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_biba_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_biba_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#34 (text+ko) ==== @@ -458,6 +458,38 @@ } static int +mac_bsdextended_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int +mac_bsdextended_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int mac_bsdextended_cred_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp, struct mac *dlabel, struct vnode *vp, struct mac *label) { @@ -741,6 +773,10 @@ (macop_t)mac_bsdextended_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_bsdextended_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_bsdextended_cred_check_readdir_vnode }, + { MAC_CRED_CHECK_READLINK_VNODE, + (macop_t)mac_bsdextended_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, (macop_t)mac_bsdextended_cred_check_rename_from_vnode }, { MAC_CRED_CHECK_RENAME_TO_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#44 (text+ko) ==== @@ -1437,11 +1437,32 @@ } static int +mac_mls_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(vnodelabel); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { struct mac_mls *subj, *obj; + if (!mac_mls_enabled) + return (0); + subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); @@ -1895,6 +1916,8 @@ (macop_t)mac_mls_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_mls_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_mls_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_mls_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#38 (text+ko) ==== @@ -684,6 +684,14 @@ } static int +mac_none_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp, + struct label *dlabel) +{ + + return (0); +} + +static int mac_none_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -978,6 +986,8 @@ (macop_t)mac_none_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_none_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_none_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_none_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#40 (text+ko) ==== @@ -1052,6 +1052,19 @@ } static int +mac_te_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + struct mac_te *subj, *obj; + + subj = SLOT(&cred->cr_label); + obj = SLOT(dlabel); + + return (mac_te_check(subj, obj, MAC_TE_CLASS_DIR, + MAC_TE_OPERATION_DIR_READDIR)); +} + +static int mac_te_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -1617,6 +1630,8 @@ { MAC_CRED_CHECK_GETEXTATTR_VNODE, (macop_t)mac_te_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_te_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_te_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_te_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#8 (text+ko) ==== @@ -93,10 +93,11 @@ #define MAC_TE_OPERATION_DIR_GETEXTATTR 7 #define MAC_TE_OPERATION_DIR_LOOKUP 8 #define MAC_TE_OPERATION_DIR_READ 9 -#define MAC_TE_OPERATION_DIR_SETACL 10 -#define MAC_TE_OPERATION_DIR_SETEXTATTR 11 -#define MAC_TE_OPERATION_DIR_STAT 12 -#define MAC_TE_OPERATION_DIR_WRITE 13 +#define MAC_TE_OPERATION_DIR_READDIR 10 +#define MAC_TE_OPERATION_DIR_SETACL 11 +#define MAC_TE_OPERATION_DIR_SETEXTATTR 12 +#define MAC_TE_OPERATION_DIR_STAT 13 +#define MAC_TE_OPERATION_DIR_WRITE 14 #define MAC_TE_CLASS_FS 5 #define MAC_TE_OPERATION_FS_STATFS 1 ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#8 (text+ko) ==== @@ -877,6 +877,14 @@ } static int +mac_test_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp, + struct label *dlabel) +{ + + return (0); +} + +static int mac_test_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) { @@ -1169,6 +1177,8 @@ (macop_t)mac_test_cred_check_listen_socket }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_test_cred_check_open_vnode }, + { MAC_CRED_CHECK_READDIR_VNODE, + (macop_t)mac_test_cred_check_readdir_vnode }, { MAC_CRED_CHECK_READLINK_VNODE, (macop_t)mac_test_cred_check_readlink_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#114 (text+ko) ==== @@ -282,6 +282,7 @@ struct vnode *vp, int samedir); int mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode); +int mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp); int mac_cred_check_statfs(struct ucred *cred, struct mount *mp); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#77 (text+ko) ==== @@ -274,6 +274,8 @@ int (*mpo_cred_check_open_vnode)(struct ucred *cred, struct vnode *vp, struct label *label, mode_t acc_mode); + int (*mpo_cred_check_readdir_vnode)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); int (*mpo_cred_check_readlink_vnode)(struct ucred *cred, struct vnode *vp, struct label *label); int (*mpo_cred_check_rename_from_vnode)(struct ucred *cred, @@ -405,6 +407,7 @@ MAC_CRED_CHECK_GETEXTATTR_VNODE, MAC_CRED_CHECK_LISTEN_SOCKET, MAC_CRED_CHECK_OPEN_VNODE, + MAC_CRED_CHECK_READDIR_VNODE, MAC_CRED_CHECK_READLINK_VNODE, MAC_CRED_CHECK_RENAME_FROM_VNODE, MAC_CRED_CHECK_RENAME_TO_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207202007.g6KK7BeX006144>