From owner-p4-projects Fri Oct 4 6:45:30 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1353237B404; Fri, 4 Oct 2002 06:45:20 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFACE37B401 for ; Fri, 4 Oct 2002 06:45:19 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F1E543E3B for ; Fri, 4 Oct 2002 06:45:19 -0700 (PDT) (envelope-from cvance@tislabs.com) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g94DjJCo056975 for ; Fri, 4 Oct 2002 06:45:19 -0700 (PDT) (envelope-from cvance@tislabs.com) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g94DjIq5056972 for perforce@freebsd.org; Fri, 4 Oct 2002 06:45:18 -0700 (PDT) Date: Fri, 4 Oct 2002 06:45:18 -0700 (PDT) Message-Id: <200210041345.g94DjIq5056972@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to cvance@tislabs.com using -f From: Chris Vance Subject: PERFORCE change 18659 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18659 Change 18659 by cvance@cvance_laptop on 2002/10/04 06:44:52 Finally moving forward again. Add audit data to many permission checks. Implement permission checks for many more vnode operations. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#28 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#28 (text+ko) ==== @@ -120,21 +120,28 @@ { struct task_security_struct *task; struct vnode_security_struct *file; + avc_audit_data_t ad; task = SLOT(&cred->cr_label); file = SLOT(&vp->v_label); - /* TBD: audit? */ + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + if (file->sclass == 0) { struct vattr va; VOP_GETATTR(vp, &va, curthread->td_ucred, curthread); printf("vnode_has_perm:: ERROR, sid=%d, sclass=0, v_type=%d" - " inode=%d, fsid=%d\n", + " inode=%ld, fsid=%d\n", file->sid, vp->v_type, va.va_fileid, va.va_fsid); - return 0; /* TBD: debugging */ + file->sclass = vnode_type_to_security_class(vp->v_type); + if (file->sclass == 0) { + printf("vnode_has_perm:: Giving up\n"); + return 0; /* TBD: debugging */ + } } - return avc_has_perm_ref(task->sid, file->sid, file->sclass, - perm, aeref ? aeref : &file->avcr); + return avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + perm, aeref ? aeref : &file->avcr, &ad); } static void @@ -409,7 +416,7 @@ struct vattr va; VOP_GETATTR(vp, &va, curthread->td_ucred, curthread); - printf("sebsd_update_vnode_from_extattr: no label for inode=%d, fsid=%d\n", va.va_fileid, va.va_fsid); + printf("sebsd_update_vnode_from_extattr: no label for inode=%ld, fsid=%d\n", va.va_fileid, va.va_fsid); return (0); } @@ -421,7 +428,7 @@ struct vattr va; VOP_GETATTR(vp, &va, curthread->td_ucred, curthread); - printf("sebsd_vnode_from_extattr: len=%d: context=%s inode=%d, fsid=%d\n", context_len, context, va.va_fileid, va.va_fsid); + printf("sebsd_vnode_from_extattr: len=%d: context=%s inode=%ld, fsid=%d\n", context_len, context, va.va_fileid, va.va_fsid); } error = security_context_to_sid(context, context_len, &vsec->sid); @@ -499,16 +506,17 @@ sebsd_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { - /* TBD: Not Implemented */ - return 0; + /* MAY_EXEC ~= DIR__SEARCH */ + return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL); } static int sebsd_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { - /* TBD: Not Implemented */ - return 0; + /* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */ + /* MAY_EXEC ~= DIR__SEARCH */ + return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL); } static int @@ -519,6 +527,7 @@ struct vnode_security_struct *dir; security_class_t tclass; security_id_t newsid; + avc_audit_data_t ad; int rc; task = SLOT(&cred->cr_label); @@ -526,9 +535,12 @@ tclass = vnode_type_to_security_class(vap->va_type); - /* TBD: audit? */ - rc = avc_has_perm_ref(task->sid, dir->sid, SECCLASS_DIR, - DIR__ADD_NAME | DIR__SEARCH, &dir->avcr); + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = dvp; + + rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, + DIR__ADD_NAME | DIR__SEARCH, + &dir->avcr, &ad); if (rc) return rc; @@ -536,7 +548,7 @@ if (rc) return rc; - rc = avc_has_perm(task->sid, newsid, tclass, FILE__CREATE); + rc = avc_has_perm_audit(task->sid, newsid, tclass, FILE__CREATE, &ad); if (rc) return rc; @@ -559,16 +571,40 @@ struct label *dlabel, struct vnode *vp, struct label *label) { - /* TBD: Not Implemented */ - return 0; + struct task_security_struct *task; + struct vnode_security_struct *dir, *file; + avc_audit_data_t ad; + access_vector_t av; + int rc; + + task = SLOT(&cred->cr_label); + file = SLOT(&vp->v_label); + dir = SLOT(&dvp->v_label); + + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + + av = DIR__SEARCH | DIR__REMOVE_NAME; + rc = avc_has_perm_ref_audit(task->sid, dir->sid, SECCLASS_DIR, + av, &dir->avcr, &ad); + if (rc) + return rc; + + if (file->sclass == SECCLASS_DIR) + av = DIR__RMDIR; + else + av = FILE__UNLINK; + + rc = avc_has_perm_ref_audit(task->sid, file->sid, file->sclass, + av, &file->avcr, &ad); + return rc; } static int sebsd_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int @@ -624,8 +660,7 @@ sebsd_check_vnode_getacl(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__GETATTR, NULL); } static int @@ -640,8 +675,8 @@ sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { - /* TBD: Not Implemented */ - return 0; + /* TBD: DIR__READ as well? */ + return vnode_has_perm(cred, dvp, DIR__SEARCH, NULL); } static int @@ -653,7 +688,7 @@ } static int -sebsd_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, +sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { /* TBD: Not Implemented */ @@ -661,19 +696,17 @@ } static int -sebsd_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, +sebsd_check_vnode_read(struct ucred *cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__READ, NULL); } static int sebsd_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, dvp, DIR__READ, NULL); } static int @@ -689,24 +722,28 @@ { struct task_security_struct *task; struct vnode_security_struct *old, *new; + avc_audit_data_t ad; int rc; task = SLOT(&cred->cr_label); old = SLOT(oldlabel); new = SLOT(oldlabel); - /* TBD: audit? */ + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + if (old->sclass == 0) { printf("vnode_relabel:: ERROR, sid=%d, sclass=0, v_type=%d\n", old->sid, vp->v_type); return 0; /* TBD: debugging */ } - rc = avc_has_perm_ref(task->sid, old->sid, old->sclass, - FILE__RELABELFROM, &old->avcr); + rc = avc_has_perm_ref_audit(task->sid, old->sid, old->sclass, + FILE__RELABELFROM, &old->avcr, &ad); if (rc) return (rc); - rc = avc_has_perm(task->sid, new->sid, old->sclass, FILE__RELABELTO); + rc = avc_has_perm_audit(task->sid, new->sid, old->sclass, + FILE__RELABELTO, &ad); if (rc) return (rc); @@ -733,11 +770,8 @@ old_dir = SLOT(dlabel); old_file = SLOT(label); - printf("check_vnode_rename:: entrypoint\n"); AVC_AUDIT_DATA_INIT(&ad, FS); - printf("check_vnode_rename:: done audit data init\n"); - /* TBD: audit data? */ rc = avc_has_perm_ref_audit(task->sid, old_dir->sid, SECCLASS_DIR, DIR__REMOVE_NAME | DIR__SEARCH, &old_dir->avcr, &ad); @@ -748,8 +782,10 @@ old_file->sid, vp->v_type); return 0; /* TBD: debugging */ } - rc = avc_has_perm_ref(task->sid, old_file->sid, old_file->sclass, - FILE__RENAME, &old_file->avcr); + + rc = avc_has_perm_ref_audit(task->sid, old_file->sid, + old_file->sclass, FILE__RENAME, + &old_file->avcr, &ad); if (rc) return (rc); @@ -763,6 +799,7 @@ { struct task_security_struct *task; struct vnode_security_struct *new_dir, *new_file; + avc_audit_data_t ad; access_vector_t av; int rc; @@ -787,7 +824,9 @@ if (vp) av |= DIR__REMOVE_NAME; - /* TBD: audit */ + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + rc = avc_has_perm_ref(task->sid, new_dir->sid, SECCLASS_DIR, av, &new_dir->avcr); if (rc) @@ -828,8 +867,7 @@ sebsd_check_vnode_setacl(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type, struct acl *acl) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int @@ -844,24 +882,21 @@ sebsd_check_vnode_setflags(struct ucred *cred, struct vnode *vp, struct label *label, u_long flags) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setmode(struct ucred *cred, struct vnode *vp, struct label *label, mode_t mode) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int sebsd_check_vnode_setowner(struct ucred *cred, struct vnode *vp, struct label *label, uid_t uid, gid_t gid) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int @@ -869,24 +904,21 @@ struct label *label, struct timespec atime, struct timespec mtime) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__SETATTR, NULL); } static int -sebsd_check_vnode_stat(struct ucred *cred, struct vnode *vp, - struct label *label) +sebsd_check_vnode_stat(struct ucred *cred, struct ucred *file_cred, + struct vnode *vp, struct label *vnodelabel) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__GETATTR, NULL); } static int -sebsd_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, +sebsd_check_vnode_write(struct ucred *cred, struct ucred *file_cred, struct vnode *vp, struct label *label) { - /* TBD: Not Implemented */ - return 0; + return vnode_has_perm(cred, vp, FILE__WRITE, NULL); } static int To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message