From owner-p4-projects Wed Sep 18 15: 6:10 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D577737B408; Wed, 18 Sep 2002 15:06:00 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48F2937B404 for ; Wed, 18 Sep 2002 15:06:00 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC66843E4A for ; Wed, 18 Sep 2002 15:05:59 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8IM5xCo087336 for ; Wed, 18 Sep 2002 15:05:59 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8IM5xCK087333 for perforce@freebsd.org; Wed, 18 Sep 2002 15:05:59 -0700 (PDT) Date: Wed, 18 Sep 2002 15:05:59 -0700 (PDT) Message-Id: <200209182205.g8IM5xCK087333@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 17672 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17672 Change 17672 by rwatson@rwatson_paprika on 2002/09/18 15:05:53 Update policies for hard link MAC check: don't implement checks based on target vnode yet, as we don't have that locked in the MAC framework yet. Note that the semantics on bsdextended are interesting, since you can prevent users from hard linking files that are owned by specific other users... Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 (text+ko) ==== @@ -1710,6 +1710,32 @@ } static int +mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(dlabel); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + +#if 0 + obj = SLOT(label); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); +#endif + + return (0); +} + +static int mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -2325,6 +2351,8 @@ (macop_t)mac_biba_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_biba_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_biba_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_biba_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 (text+ko) ==== @@ -445,6 +445,35 @@ } static int +mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(dvp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); + +#if 0 + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); +#endif + return (0); +} + +static int mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -715,6 +744,8 @@ (macop_t)mac_bsdextended_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_bsdextended_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_bsdextended_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_bsdextended_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 (text+ko) ==== @@ -679,6 +679,15 @@ } static int +mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + + return (0); +} + +static int mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1044,6 +1053,8 @@ (macop_t)mac_none_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_none_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_none_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_none_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 (text+ko) ==== @@ -1143,6 +1143,31 @@ } static int +mac_te_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + int error; + + error = mac_te_check(&cred->cr_label, dlabel, MAC_TE_CLASS_DIR, + MAC_TE_OPERATION_DIR_WRITE); + if (error) + return (error); +#if 0 + switch (vp->v_type) { + case VLNK: + return (mac_te_check(&cred->cr_label, label, + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_LINK)); + default: + return (mac_te_check(&cred->cr_labl, label, + MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_LINK)); + } +#endif + + return (error); +} + +static int mac_te_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1772,6 +1797,8 @@ (macop_t)mac_te_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_te_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_te_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_te_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 (text+ko) ==== @@ -75,6 +75,7 @@ #define MAC_TE_OPERATION_FILE_EXEC 4 #define MAC_TE_OPERATION_FILE_GETACL 5 #define MAC_TE_OPERATION_FILE_GETEXTATTR 6 +#define MAC_TE_OPERATION_FILE_LINK 6 #define MAC_TE_OPERATION_FILE_POLL 7 #define MAC_TE_OPERATION_FILE_READ 8 #define MAC_TE_OPERATION_FILE_SETACL 9 @@ -120,10 +121,11 @@ #define MAC_TE_OPERATION_SYMLINK_DELETEACL 3 #define MAC_TE_OPERATION_SYMLINK_GETACL 4 #define MAC_TE_OPERATION_SYMLINK_GETEXTATTR 5 -#define MAC_TE_OPERATION_SYMLINK_READLINK 6 -#define MAC_TE_OPERATION_SYMLINK_SETACL 7 -#define MAC_TE_OPERATION_SYMLINK_SETEXTATTR 8 -#define MAC_TE_OPERATION_SYMLINK_STAT 9 +#define MAC_TE_OPERATION_SYMLINK_LINK 6 +#define MAC_TE_OPERATION_SYMLINK_READLINK 7 +#define MAC_TE_OPERATION_SYMLINK_SETACL 8 +#define MAC_TE_OPERATION_SYMLINK_SETEXTATTR 9 +#define MAC_TE_OPERATION_SYMLINK_STAT 10 #if 0 /* XXXMAC: temporarily disabled because we still need struct oldmac */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 (text+ko) ==== @@ -1053,6 +1053,15 @@ } static int +mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + + return (0); +} + +static int mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1420,6 +1429,8 @@ (macop_t)mac_test_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_test_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_test_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_test_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message