From owner-p4-projects Wed Jul 24 7:27:24 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 99B5637B401; Wed, 24 Jul 2002 07:27:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38B7837B400 for ; Wed, 24 Jul 2002 07:27:12 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE20343E6E for ; Wed, 24 Jul 2002 07:27:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6OERBJU027908 for ; Wed, 24 Jul 2002 07:27:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6OERBn7027905 for perforce@freebsd.org; Wed, 24 Jul 2002 07:27:11 -0700 (PDT) Date: Wed, 24 Jul 2002 07:27:11 -0700 (PDT) Message-Id: <200207241427.g6OERBn7027905@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 14834 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14834 Change 14834 by rwatson@rwatson_paprika on 2002/07/24 07:26:41 Implement mac_cred_check_vnode_op() for mls and biba, as well as correct bugs in the not enabled cases for these policies relating to bfeldman's mmap check (disabling the policy broke all mmaps for processes that changed their label, like login). Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#67 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#54 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#67 (text+ko) ==== @@ -98,6 +98,12 @@ TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, sizeof(trusted_interfaces)); +static int mac_biba_revocation_enabled = 0; +SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, + &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); +TUNABLE_INT("security.mac.biba.revocation_enabled", + &mac_biba_revocation_enabled); + static int mac_biba_slot; #define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) @@ -1837,8 +1843,8 @@ struct mac_biba *subj, *obj; vm_prot_t prot = 0; - if (!mac_biba_enabled) - return (0); + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (VM_PROT_ALL); subj = SLOT(&cred->cr_label); obj = SLOT(label); @@ -1850,6 +1856,37 @@ return (prot); } +static int +mac_biba_cred_check_vnode_op(struct ucred *cred, struct vnode *vp, + struct label *label, int op) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + switch (op) { + case MAC_OP_VNODE_POLL: + case MAC_OP_VNODE_READ: + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + return (0); + + case MAC_OP_VNODE_WRITE: + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + return (0); + + default: + printf("mac_biba_cred_check_vnode_op: unknown operation %d\n", + op); + return (EINVAL); + } +} + static struct mac_policy_op_entry mac_biba_ops[] = { { MAC_DESTROY, @@ -2048,6 +2085,8 @@ (macop_t)mac_biba_socket_check_receive_mbuf }, { MAC_CRED_CHECK_VNODE_MMAP_PERMS, (macop_t)mac_biba_cred_check_vnode_mmap_perms }, + { MAC_CRED_CHECK_VNODE_OP, + (macop_t)mac_biba_cred_check_vnode_op }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#54 (text+ko) ==== @@ -87,6 +87,12 @@ SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); +static int mac_mls_revocation_enabled = 0; +SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, + &revocation_enabled, 0, "Revoke access to objects on relabel"); +TUNABLE_INT("security.mac.mls.revocation_enabled", + &mac_mls_revocation_enabled); + static int mac_mls_slot; #define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr) @@ -1776,8 +1782,8 @@ struct mac_mls *subj, *obj; vm_prot_t prot = 0; - if (!mac_mls_enabled) - return (0); + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (VM_PROT_ALL); subj = SLOT(&cred->cr_label); obj = SLOT(label); @@ -1789,6 +1795,37 @@ return (prot); } +static int +mac_mls_cred_check_vnode_op(struct ucred *cred, struct vnode *vp, + struct label *label, int op) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + switch (op) { + case MAC_OP_VNODE_POLL: + case MAC_OP_VNODE_READ: + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + return (0); + + case MAC_OP_VNODE_WRITE: + if (!mac_mls_dominate_single(obj, subj)) + return (EACCES); + return (0); + + default: + printf("mac_mls_cred_check_vnode_op: unknown operation %d\n", + op); + return (EINVAL); + } +} + static struct mac_policy_op_entry mac_mls_ops[] = { { MAC_DESTROY, @@ -1987,6 +2024,8 @@ (macop_t)mac_mls_socket_check_receive_mbuf }, { MAC_CRED_CHECK_VNODE_MMAP_PERMS, (macop_t)mac_mls_cred_check_vnode_mmap_perms }, + { MAC_CRED_CHECK_VNODE_OP, + (macop_t)mac_mls_cred_check_vnode_op }, { MAC_OP_LAST, NULL } }; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message