From owner-p4-projects Tue Aug 6 10:13:38 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 56A7B37B401; Tue, 6 Aug 2002 10:12:32 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09CA337B400 for ; Tue, 6 Aug 2002 10:12:32 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D9C343E3B for ; Tue, 6 Aug 2002 10:12:31 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g76HCVJU080904 for ; Tue, 6 Aug 2002 10:12:31 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g76HCU0G080900 for perforce@freebsd.org; Tue, 6 Aug 2002 10:12:30 -0700 (PDT) Date: Tue, 6 Aug 2002 10:12:30 -0700 (PDT) Message-Id: <200208061712.g76HCU0G080900@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15617 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15617 Change 15617 by rwatson@rwatson_tislabs on 2002/08/06 10:11:56 Break mac_check_vnode_op() out into mac_check_vnode_poll(), mac_check_vnode_read(), and mac_check_vnode_write(). While I'm doing this, break out the single cred argument into two credentials: active_cred, the credential requesting the operation, and saved_cred, and optional credential that has been saved as part of the object access path (usually struct file, but not always). This permits policies to make access control decisions based on either of the two, permitting policies to select a traditional "use the rights at open" model, or "use the rights at each operation" model. While here, convert mac_{biba,mls,te} to use the 'rights at each operation' model for vnode operations. Pipe operations remain to be addressed. Introduce a few XXXMAC's and XXX's where there are questionable credential choices. In particular, we need to modify the file_op array calls in the file descriptor handling code to select both an active and a saved credential, not just the saved credential. This is a first step towards cleaning up some nasty credential behavior in the VFS code. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#13 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#227 edit .. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#11 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#73 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#38 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#93 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#76 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#61 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#67 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#31 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#143 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#108 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#13 (text+ko) ==== @@ -771,7 +771,7 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); #ifdef MAC - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + error = mac_check_vnode_write(cred, NULL, vp); if (error == 0) #endif error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#227 (text+ko) ==== @@ -749,12 +749,16 @@ mpc->mpc_ops->mpo_check_vnode_mmap_perms = mpe->mpe_function; break; - case MAC_CHECK_VNODE_OP: - mpc->mpc_ops->mpo_check_vnode_op = + case MAC_CHECK_VNODE_OPEN: + mpc->mpc_ops->mpo_check_vnode_open = + mpe->mpe_function; + break; + case MAC_CHECK_VNODE_POLL: + mpc->mpc_ops->mpo_check_vnode_poll = mpe->mpe_function; break; - case MAC_CHECK_VNODE_OPEN: - mpc->mpc_ops->mpo_check_vnode_open = + case MAC_CHECK_VNODE_READ: + mpc->mpc_ops->mpo_check_vnode_read = mpe->mpe_function; break; case MAC_CHECK_VNODE_READDIR: @@ -809,6 +813,10 @@ mpc->mpc_ops->mpo_check_vnode_stat = mpe->mpe_function; break; + case MAC_CHECK_VNODE_WRITE: + mpc->mpc_ops->mpo_check_vnode_write = + mpe->mpe_function; + break; /* default: printf("MAC policy `%s': unknown operation %d\n", @@ -1708,39 +1716,60 @@ } int -mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open"); + + if (!mac_enforce_fs) + return (0); + + error = vn_refreshlabel(vp, cred); + if (error) + return (error); + + MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); + return (error); +} + +int +mac_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp) { int error; if (!mac_enforce_fs) return (0); - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_op"); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll"); error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(check_vnode_op, cred, vp, &vp->v_label, op); + MAC_CHECK(check_vnode_poll, active_cred, saved_cred, vp, &vp->v_label); return (error); } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open"); - if (!mac_enforce_fs) return (0); + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read"); + error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode); + MAC_CHECK(check_vnode_read, active_cred, saved_cred, vp, &vp->v_label); + return (error); } @@ -1996,6 +2025,26 @@ return (error); } +int +mac_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp) +{ + int error; + + if (!mac_enforce_fs) + return (0); + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write"); + + error = vn_refreshlabel(vp, cred); + if (error) + return (error); + + MAC_CHECK(check_vnode_write, active_cred, saved_cred, vp, &vp->v_label); + + return (error); +} + /* * When relabeling a process, call out to the policies for the maximum * permission allowed for each object type we know about in its ==== //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#11 (text+ko) ==== @@ -129,7 +129,12 @@ if (ttyvp == NULL) return (EIO); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_READ(ttyvp, uio, flag, NOCRED); +#ifdef MAC + error = mac_check_vnode_read(td->td_ucred, NOCRED, ttyvp); + if (error == 0) +#endif + /* XXX: Should this NOCRED be td->td_ucred? */ + error = VOP_READ(ttyvp, uio, flag, NOCRED); VOP_UNLOCK(ttyvp, 0, td); return (error); } @@ -160,10 +165,10 @@ return (error); vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - /* XXX: shouldn't the cred below be td->td_ucred not NOCRED? */ - error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_WRITE); + error = mac_check_vnode_write(td->td_ucred, NOCRED, ttyvp); if (error == 0) #endif + /* XXX: Should this NOCRED be td->td_ucred? */ error = VOP_WRITE(ttyvp, uio, flag, NOCRED); VOP_UNLOCK(ttyvp, 0, td); vn_finished_write(mp); @@ -232,7 +237,7 @@ return (seltrue(dev, events, td)); #ifdef MAC vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_POLL); + error = mac_check_vnode_poll(td->td_ucred, NOCRED, ttyvp); VOP_UNLOCK(ttyvp, 0, td); if (error) return (error); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#73 (text+ko) ==== @@ -734,8 +734,7 @@ vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_op(td->td_ucred, vp, - MAC_OP_VNODE_WRITE); + error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp); if (error == 0) #endif error = VOP_SETATTR(vp, &vat, td->td_ucred, td); @@ -2399,8 +2398,8 @@ if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_op(td->td_ucred, vp, - MAC_OP_VNODE_WRITE))) {} + else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp) { + } #endif else if ((error = vn_writechk(vp)) == 0 && (error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) { @@ -2457,8 +2456,8 @@ if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_op(td->td_ucred, vp, - MAC_OP_VNODE_WRITE))) {} + else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp) { + } #endif else if ((error = vn_writechk(vp)) == 0) { VATTR_NULL(&vattr); @@ -3424,8 +3423,11 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */ #ifdef MAC - error = mac_check_vnode_op(td->td_ucred, vp, - MAC_OP_VNODE_WRITE); + /* + * We don't yet have fp->f_cred, so use td->td_ucred, which + * should be right. + */ + error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp); if (error == 0) { #endif VATTR_NULL(vap); ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#38 (text+ko) ==== @@ -400,13 +400,15 @@ auio.uio_td = td; if (rw == UIO_READ) { #ifdef MAC - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ); + /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ + error = mac_check_vnode_read(td->td_ucred, cred, vp); if (error == 0) #endif error = VOP_READ(vp, &auio, ioflg, cred); } else { #ifdef MAC - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + /* XXXMAC: we should pass in active_cred to vn_rdwr(). */ + error = mac_check_vnode_write(td->td_ucred, cred, vp); if (error == 0) #endif error = VOP_WRITE(vp, &auio, ioflg, cred); @@ -497,7 +499,8 @@ ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ); + /* XXXMAC: We should pass active_cred into vn_read(). */ + error = mac_check_vnode_read(td->td_ucred, cred, vp); if (error == 0) #endif error = VOP_READ(vp, uio, ioflag, cred); @@ -552,7 +555,8 @@ uio->uio_offset = fp->f_offset; ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + /* XXXMAC: We should pass active_cred into vn_write(). + error = mac_check_vnode_write(td->td_ucred, cred, vp); if (error == 0) #endif error = VOP_WRITE(vp, uio, ioflag, cred); @@ -796,7 +800,8 @@ vp = (struct vnode *)fp->f_data; #ifdef MAC vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_POLL); + /* XXXMAC: We should pass active_cred into vn_poll(). */ + error = mac_check_vnode_poll(td->td_ucred, cred, vp); VOP_UNLOCK(vp, 0, td); if (error) return (error); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#93 (text+ko) ==== @@ -1847,6 +1847,40 @@ } static int +mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + return (0); +} + +static int +mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + return (0); +} + +static int mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -2131,6 +2165,23 @@ return (0); } +static int +mac_biba_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + return (0); +} + static vm_prot_t mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping) @@ -2151,36 +2202,6 @@ return (prot); } -static int -mac_biba_check_vnode_op(struct ucred *cred, struct vnode *vp, - struct label *label, int op) -{ - struct mac_biba *subj, *obj; - - if (!mac_biba_enabled || !mac_biba_revocation_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - switch (op) { - case MAC_OP_VNODE_POLL: - case MAC_OP_VNODE_READ: - if (!mac_biba_dominate_single(obj, subj)) - return (EACCES); - return (0); - - case MAC_OP_VNODE_WRITE: - if (!mac_biba_dominate_single(subj, obj)) - return (EACCES); - return (0); - - default: - printf("mac_biba_check_vnode_op: unknown operation %d\n", op); - return (EINVAL); - } -} - static struct mac_policy_op_entry mac_biba_ops[] = { { MAC_DESTROY, @@ -2365,6 +2386,10 @@ (macop_t)mac_biba_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_biba_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_biba_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_biba_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_biba_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -2391,10 +2416,10 @@ (macop_t)mac_biba_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_biba_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_biba_check_vnode_write }, { MAC_CHECK_VNODE_MMAP_PERMS, (macop_t)mac_biba_check_vnode_mmap_perms }, - { MAC_CHECK_VNODE_OP, - (macop_t)mac_biba_check_vnode_op }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#76 (text+ko) ==== @@ -1803,6 +1803,40 @@ } static int +mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + return (0); +} + +static int +mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_mls_dominate_single(subj, obj)) + return (EACCES); + return (0); +} + +static int mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -2087,6 +2121,23 @@ return (0); } +static int +mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled || !mac_mls_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + if (!mac_mls_dominate_single(obj, subj)) + return (EACCES); + return (0); +} + static vm_prot_t mac_mls_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping) @@ -2107,36 +2158,6 @@ return (prot); } -static int -mac_mls_check_vnode_op(struct ucred *cred, struct vnode *vp, - struct label *label, int op) -{ - struct mac_mls *subj, *obj; - - if (!mac_mls_enabled || !mac_mls_revocation_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - switch (op) { - case MAC_OP_VNODE_POLL: - case MAC_OP_VNODE_READ: - if (!mac_mls_dominate_single(subj, obj)) - return (EACCES); - return (0); - - case MAC_OP_VNODE_WRITE: - if (!mac_mls_dominate_single(obj, subj)) - return (EACCES); - return (0); - - default: - printf("mac_mls_check_vnode_op: unknown operation %d\n", op); - return (EINVAL); - } -} - static struct mac_policy_op_entry mac_mls_ops[] = { { MAC_DESTROY, @@ -2321,6 +2342,10 @@ (macop_t)mac_mls_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_mls_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_mls_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_mls_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_mls_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -2347,10 +2372,10 @@ (macop_t)mac_mls_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_mls_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_mls_check_vnode_write }, { MAC_CHECK_VNODE_MMAP_PERMS, (macop_t)mac_mls_check_vnode_mmap_perms }, - { MAC_CHECK_VNODE_OP, - (macop_t)mac_mls_check_vnode_op }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#61 (text+ko) ==== @@ -775,6 +775,22 @@ } static int +mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + +static int +mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + +static int mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, struct label *dlabel) { @@ -880,6 +896,14 @@ return (0); } +static int +mac_none_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + static struct mac_policy_op_entry mac_none_ops[] = { { MAC_DESTROY, @@ -1072,6 +1096,10 @@ (macop_t)mac_none_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_none_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_none_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_none_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_none_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -1098,6 +1126,8 @@ (macop_t)mac_none_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_none_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_none_check_vnode_write }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#67 (text+ko) ==== @@ -115,7 +115,7 @@ int tr_operation; }; -static int mac_te_check_open_vnode(struct ucred *cred, struct vnode *vp, +static int mac_te_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, mode_t acc_mode); /* @@ -1094,7 +1094,7 @@ struct label *label, mode_t flags) { - return (mac_te_check_open_vnode(cred, vp, label, flags)); + return (mac_te_check_vnode_open(cred, vp, label, flags)); } static int @@ -1246,45 +1246,7 @@ } static int -mac_te_check_vnode_op(struct ucred *cred, struct vnode *vp, - struct label *label, int op) -{ - struct mac_te *subj, *obj; - int error, te_class, te_op; - - if (!mac_te_revocation_enabled) - return (0); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - te_class = MAC_TE_CLASS_FILE; - switch (op) { - case MAC_OP_VNODE_POLL: - te_op = MAC_TE_OPERATION_FILE_POLL; - break; - - case MAC_OP_VNODE_READ: - te_op = MAC_TE_OPERATION_FILE_READ; - break; - - case MAC_OP_VNODE_WRITE: - te_op = MAC_TE_OPERATION_FILE_WRITE; - break; - - default: - printf("mac_te_check_vnode_op: unknown operation %d\n", - op); - return (EINVAL); - } - - error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE, te_op); - - return (error); -} - -static int -mac_te_check_open_vnode(struct ucred *cred, struct vnode *vp, +mac_te_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *filelabel, mode_t acc_mode) { struct mac_te *subj, *obj; @@ -1353,6 +1315,44 @@ } static int +mac_te_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_te *subj, *obj; + int error; + + if (!mac_te_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_FILE_POLL); + + return (error); +} + +static int +mac_te_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_te *subj, *obj; + int error; + + if (!mac_te_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_FILE_READ); + + return (error); +} + +static int mac_te_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1563,7 +1563,7 @@ } static int -mac_te_check_stat_vnode(struct ucred *cred, struct vnode *vp, +mac_te_check_vnode_stat(struct ucred *cred, struct vnode *vp, struct label *label) { @@ -1580,6 +1580,25 @@ } } +static int +mac_te_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + struct mac_te *subj, *obj; + int error; + + if (!mac_te_revocation_enabled) + return (0); + + subj = SLOT(&active_cred->cr_label); + obj = SLOT(label); + + error = mac_te_check(subj, obj, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_FILE_WRITE); + + return (error); +} + static void mac_te_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *filelabel) @@ -1801,7 +1820,12 @@ (macop_t)mac_te_check_vnode_getextattr }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_te_check_vnode_lookup }, - { MAC_CHECK_VNODE_OPEN, (macop_t)mac_te_check_open_vnode }, + { MAC_CHECK_VNODE_OPEN, + (macop_t)mac_te_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_te_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_te_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_te_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -1827,13 +1851,15 @@ { MAC_CHECK_VNODE_SETUTIMES, (macop_t)mac_te_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, - (macop_t)mac_te_check_stat_vnode }, + (macop_t)mac_te_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_te_check_vnode_write }, { MAC_CHECK_VNODE_MMAP_PERMS, (macop_t)mac_te_check_vnode_mmap_perms }, - { MAC_CHECK_VNODE_OP, - (macop_t)mac_te_check_vnode_op }, - { MAC_EXTERNALIZE, (macop_t)mac_te_externalize }, - { MAC_INTERNALIZE, (macop_t)mac_te_internalize }, + { MAC_EXTERNALIZE, + (macop_t)mac_te_externalize }, + { MAC_INTERNALIZE, + (macop_t)mac_te_internalize }, { MAC_UPDATE_DEVFSDIRENT, (macop_t)mac_te_update_devfsdirent }, { MAC_UPDATE_PROCFSVNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#31 (text+ko) ==== @@ -983,6 +983,22 @@ } static int +mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + +static int +mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + +static int mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -1088,6 +1104,14 @@ return (0); } +static int +mac_test_check_vnode_write(struct ucred *active_cred, struct ucred *saved_cred, + struct vnode *vp, struct label *label) +{ + + return (0); +} + static struct mac_policy_op_entry mac_test_ops[] = { { MAC_DESTROY, @@ -1278,6 +1302,10 @@ (macop_t)mac_test_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_test_check_vnode_open }, + { MAC_CHECK_VNODE_POLL, + (macop_t)mac_test_check_vnode_poll }, + { MAC_CHECK_VNODE_READ, + (macop_t)mac_test_check_vnode_read }, { MAC_CHECK_VNODE_READDIR, (macop_t)mac_test_check_vnode_readdir }, { MAC_CHECK_VNODE_READLINK, @@ -1304,6 +1332,8 @@ (macop_t)mac_test_check_vnode_setutimes }, { MAC_CHECK_VNODE_STAT, (macop_t)mac_test_check_vnode_stat }, + { MAC_CHECK_VNODE_WRITE, + (macop_t)mac_test_check_vnode_write }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#143 (text+ko) ==== @@ -357,9 +357,12 @@ /* XXX This u_char should be vm_prot_t! */ u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping); -int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op); int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode); +int mac_check_vnode_poll(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, struct label *label); +int mac_check_vnode_read(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, struct label *label); int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp); int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp); int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, @@ -392,6 +395,8 @@ struct mac *extmac); int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label); +int mac_check_vnode_write(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, struct label *label); /* * Calls to help various file systems implement labeling functionality ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#108 (text+ko) ==== @@ -291,10 +291,14 @@ struct componentname *cnp); vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, struct vnode *vp, struct label *label, int newmapping); - int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, - struct label *label, int op); int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, struct label *label, mode_t acc_mode); + int (*mpo_check_vnode_poll)(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, + struct label *label); + int (*mpo_check_vnode_read)(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, + struct label *label); int (*mpo_check_vnode_readdir)(struct ucred *cred, struct vnode *dvp, struct label *dlabel); int (*mpo_check_vnode_readlink)(struct ucred *cred, @@ -329,6 +333,9 @@ struct timespec atime, struct timespec mtime); int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, struct label *label); + int (*mpo_check_vnode_write)(struct ucred *active_cred, + struct ucred *saved_cred, struct vnode *vp, + struct label *label); }; typedef const void *macop_t; @@ -431,9 +438,10 @@ MAC_CHECK_VNODE_GETACL, MAC_CHECK_VNODE_GETEXTATTR, MAC_CHECK_VNODE_LOOKUP, - MAC_CHECK_VNODE_OP, + MAC_CHECK_VNODE_MMAP_PERMS, MAC_CHECK_VNODE_OPEN, - MAC_CHECK_VNODE_MMAP_PERMS, + MAC_CHECK_VNODE_POLL, + MAC_CHECK_VNODE_READ, MAC_CHECK_VNODE_READDIR, MAC_CHECK_VNODE_READLINK, MAC_CHECK_VNODE_RELABEL, @@ -447,6 +455,7 @@ MAC_CHECK_VNODE_SETOWNER, MAC_CHECK_VNODE_SETUTIMES, MAC_CHECK_VNODE_STAT, + MAC_CHECK_VNODE_WRITE, }; struct mac_policy_op_entry { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message