Date: Wed, 2 Oct 2002 20:16:25 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18570 for review Message-ID: <200210030316.g933GPXn088913@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18570 Change 18570 by rwatson@rwatson_tislabs on 2002/10/02 20:16:02 Implement two new MAC framework and policy entry points: mac_check_socket_receive(cred, so) mpo_check_socket_receive(cred, so, solabel) Authorize reception of data from socket 'so' by cred 'cred'. mac_check_socket_send(cred, so) mpo_check_socket_send(cred, so, solabel) Authorize transmission of data over socket 'so' by cred 'cred' These entry points are implemented above the per-protocol pru_send(), pru_sosend(), pru_rcv*(), and pru_soreceive() calls. Currently we don't enforce these protections for sockets used in fifos, since we already provide above-VFS protection of fifo over fifofs. In the future, we may want to pass additional context information to these entry points. Affected files ... .. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_stream.c#9 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#289 edit .. //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#14 edit .. //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#24 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#169 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#130 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_stream.c#9 (text+ko) ==== @@ -39,6 +39,8 @@ #define COMPAT_43 1 +#include "opt_mac.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/fcntl.h> @@ -47,6 +49,7 @@ #include <sys/lock.h> #include <sys/malloc.h> #include <sys/file.h> /* Must come after sys/malloc.h */ +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/mutex.h> #include <sys/proc.h> @@ -165,6 +168,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -262,6 +272,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#289 (text+ko) ==== @@ -856,10 +856,18 @@ mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_RECEIVE: + mpc->mpc_ops->mpo_check_socket_receive = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_RELABEL: mpc->mpc_ops->mpo_check_socket_relabel = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_SEND: + mpc->mpc_ops->mpo_check_socket_send = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_VISIBLE: mpc->mpc_ops->mpo_check_socket_visible = mpe->mpe_function; @@ -3308,6 +3316,16 @@ return (error); } +int +mac_check_socket_receive(struct ucred *cred, struct socket *so) +{ + int error; + + MAC_CHECK(check_socket_receive, cred, so, &so->so_label); + + return (error); +} + static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) @@ -3320,6 +3338,20 @@ return (error); } +/* + * XXXMAC: It might eventually be desirable to pass in address information + * to the send and possibly receive calls. + */ +int +mac_check_socket_send(struct ucred *cred, struct socket *so) +{ + int error; + + MAC_CHECK(check_socket_send, cred, so, &so->so_label); + + return (error); +} + int mac_check_socket_visible(struct ucred *cred, struct socket *socket) { ==== //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#14 (text+ko) ==== @@ -68,6 +68,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_receive(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_soreceive(so, 0, uio, 0, 0, 0); mtx_unlock(&Giant); return (error); @@ -86,6 +93,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_send(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_sosend(so, 0, uio, 0, 0, 0, uio->uio_td); mtx_unlock(&Giant); ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#24 (text+ko) ==== @@ -605,6 +605,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto bad; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -882,6 +889,15 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) { + fputsock(so); + return (error); + } +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -1732,6 +1748,12 @@ goto done; } +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done; +#endif + /* * If specified, get the pointer to the sf_hdtr struct for * any headers/trailers. ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#169 (text+ko) ==== @@ -334,6 +334,8 @@ struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_receive(struct ucred *cred, struct socket *so); +int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#130 (text+ko) ==== @@ -308,9 +308,13 @@ struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_receive)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); + int (*mpo_check_socket_send)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_visible)(struct ucred *cred, struct socket *so, struct label *socketlabel); int (*mpo_check_vnode_access)(struct ucred *cred, @@ -503,7 +507,9 @@ MAC_CHECK_SOCKET_CONNECT, MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, + MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_RELABEL, + MAC_CHECK_SOCKET_SEND, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210030316.g933GPXn088913>