Date: Wed, 18 Sep 2002 15:05:59 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17672 for review Message-ID: <200209182205.g8IM5xCK087333@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17672 Change 17672 by rwatson@rwatson_paprika on 2002/09/18 15:05:53 Update policies for hard link MAC check: don't implement checks based on target vnode yet, as we don't have that locked in the MAC framework yet. Note that the semantics on bsdextended are interesting, since you can prevent users from hard linking files that are owned by specific other users... Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 (text+ko) ==== @@ -1710,6 +1710,32 @@ } static int +mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + struct mac_biba *subj, *obj; + + if (!mac_biba_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(dlabel); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + +#if 0 + obj = SLOT(label); + + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); +#endif + + return (0); +} + +static int mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -2325,6 +2351,8 @@ (macop_t)mac_biba_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_biba_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_biba_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_biba_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 (text+ko) ==== @@ -445,6 +445,35 @@ } static int +mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(dvp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); + +#if 0 + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); + if (error) + return (error); +#endif + return (0); +} + +static int mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -715,6 +744,8 @@ (macop_t)mac_bsdextended_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_bsdextended_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_bsdextended_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_bsdextended_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 (text+ko) ==== @@ -679,6 +679,15 @@ } static int +mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + + return (0); +} + +static int mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1044,6 +1053,8 @@ (macop_t)mac_none_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_none_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_none_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_none_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 (text+ko) ==== @@ -1143,6 +1143,31 @@ } static int +mac_te_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + int error; + + error = mac_te_check(&cred->cr_label, dlabel, MAC_TE_CLASS_DIR, + MAC_TE_OPERATION_DIR_WRITE); + if (error) + return (error); +#if 0 + switch (vp->v_type) { + case VLNK: + return (mac_te_check(&cred->cr_label, label, + MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_LINK)); + default: + return (mac_te_check(&cred->cr_labl, label, + MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_LINK)); + } +#endif + + return (error); +} + +static int mac_te_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1772,6 +1797,8 @@ (macop_t)mac_te_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_te_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_te_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_te_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 (text+ko) ==== @@ -75,6 +75,7 @@ #define MAC_TE_OPERATION_FILE_EXEC 4 #define MAC_TE_OPERATION_FILE_GETACL 5 #define MAC_TE_OPERATION_FILE_GETEXTATTR 6 +#define MAC_TE_OPERATION_FILE_LINK 6 #define MAC_TE_OPERATION_FILE_POLL 7 #define MAC_TE_OPERATION_FILE_READ 8 #define MAC_TE_OPERATION_FILE_SETACL 9 @@ -120,10 +121,11 @@ #define MAC_TE_OPERATION_SYMLINK_DELETEACL 3 #define MAC_TE_OPERATION_SYMLINK_GETACL 4 #define MAC_TE_OPERATION_SYMLINK_GETEXTATTR 5 -#define MAC_TE_OPERATION_SYMLINK_READLINK 6 -#define MAC_TE_OPERATION_SYMLINK_SETACL 7 -#define MAC_TE_OPERATION_SYMLINK_SETEXTATTR 8 -#define MAC_TE_OPERATION_SYMLINK_STAT 9 +#define MAC_TE_OPERATION_SYMLINK_LINK 6 +#define MAC_TE_OPERATION_SYMLINK_READLINK 7 +#define MAC_TE_OPERATION_SYMLINK_SETACL 8 +#define MAC_TE_OPERATION_SYMLINK_SETEXTATTR 9 +#define MAC_TE_OPERATION_SYMLINK_STAT 10 #if 0 /* XXXMAC: temporarily disabled because we still need struct oldmac */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 (text+ko) ==== @@ -1053,6 +1053,15 @@ } static int +mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, + struct label *dlabel, struct vnode *vp, struct label *label, + struct componentname *cnp) +{ + + return (0); +} + +static int mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1420,6 +1429,8 @@ (macop_t)mac_test_check_vnode_getacl }, { MAC_CHECK_VNODE_GETEXTATTR, (macop_t)mac_test_check_vnode_getextattr }, + { MAC_CHECK_VNODE_LINK, + (macop_t)mac_test_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_test_check_vnode_lookup }, { MAC_CHECK_VNODE_OPEN, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209182205.g8IM5xCK087333>