From owner-p4-projects Tue Oct 8 5: 3:40 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AB70B37B404; Tue, 8 Oct 2002 05:03:34 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4035437B401; Tue, 8 Oct 2002 05:03:34 -0700 (PDT) Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BCD343E6E; Tue, 8 Oct 2002 05:03:33 -0700 (PDT) (envelope-from cvance@tislabs.com) Received: by sentry.gw.tislabs.com; id IAA11335; Tue, 8 Oct 2002 08:03:26 -0400 (EDT) Received: from zorg.gw.tislabs.com(10.33.60.104) by sentry.gw.tislabs.com via smap (V5.5) id xma011324; Tue, 8 Oct 02 12:02:55 GMT Received: from localhost (cvance@localhost) by zorg.gw.tislabs.com (8.11.2/8.11.2) with ESMTP id g98C0lG09815; Tue, 8 Oct 2002 08:00:47 -0400 X-Authentication-Warning: zorg.gw.tislabs.com: cvance owned process doing -bs Date: Tue, 8 Oct 2002 08:00:47 -0400 (EDT) From: Chris Vance X-X-Sender: To: Chris Vance Cc: Perforce Change Reviews Subject: Re: PERFORCE change 18927 for review In-Reply-To: <200210081159.g98BxYOM052945@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ooops, I hadn't intended to submit sebsd.c. The comment pertains to setfiles.c For the rest (how do I go back and fix the p4 log message?): Add permission checks for vnode_open/vnode_access and vnode_poll Also began to work on mmap permissions (though ifdef'd out) chris. On Tue, 8 Oct 2002, Chris Vance wrote: > http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18927 > > Change 18927 by cvance@cvance_laptop on 2002/10/08 04:58:50 > > Remove debugging statement that somehow survived until now > > Affected files ... > > .. //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 edit > .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 edit > > Differences ... > > ==== //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#7 (text+ko) ==== > > @@ -220,7 +220,6 @@ > } > argc -= optind; > argv += optind; > - printf("optind = %d, argc now %d\n", optind, argc); > > if (argc < 2) { > printUsage(); > > ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#32 (text+ko) ==== > > @@ -114,6 +114,60 @@ > return (cred_has_system(td->td_proc->p_ucred, perm)); > } > > +static __inline security_class_t > +vnode_type_to_security_class(enum vtype vt) > +{ > + switch (vt) { > + case VREG: > + return SECCLASS_FILE; > + case VDIR: > + return SECCLASS_DIR; > + case VBLK: > + return SECCLASS_BLK_FILE; > + case VCHR: > + return SECCLASS_CHR_FILE; > + case VLNK: > + return SECCLASS_LNK_FILE; > + case VSOCK: > + return SECCLASS_SOCK_FILE; > + case VFIFO: > + return SECCLASS_FIFO_FILE; > + case VNON: > + case VBAD: > + return SECCLASS_FILE; > + } > + > + return SECCLASS_FILE; > +} > + > +static __inline access_vector_t > +file_mask_to_av(enum vtype vt, int mask) > +{ > + access_vector_t av = 0; > + > + if (vt != VDIR) { > + if (mask & VEXEC) > + av |= FILE__EXECUTE; > + if (mask & VREAD) > + av |= FILE__READ; > + > + if (mask & VAPPEND) > + av |= FILE__APPEND; > + else if (mask & VWRITE) > + av |= FILE__WRITE; > + > + } else { > + if (mask & VEXEC) > + av |= DIR__SEARCH; > + if (mask & VWRITE) > + av |= DIR__WRITE; > + if (mask & VREAD) > + av |= DIR__READ; > + } > + > + return av; > +} > + > static int > vnode_has_perm(struct ucred *cred, struct vnode *vp, access_vector_t perm, > avc_entry_ref_t *aeref) > @@ -298,32 +352,6 @@ > return (newsid != task->sid); > } > > -static __inline security_class_t > -vnode_type_to_security_class(enum vtype vt) > -{ > - switch (vt) { > - case VREG: > - return SECCLASS_FILE; > - case VDIR: > - return SECCLASS_DIR; > - case VBLK: > - return SECCLASS_BLK_FILE; > - case VCHR: > - return SECCLASS_CHR_FILE; > - case VLNK: > - return SECCLASS_LNK_FILE; > - case VSOCK: > - return SECCLASS_SOCK_FILE; > - case VFIFO: > - return SECCLASS_FIFO_FILE; > - case VNON: > - case VBAD: > - return SECCLASS_FILE; > - } > - > - return SECCLASS_FILE; > -} > - > static void > sebsd_init_vnode_label(struct label *label) > { > @@ -500,9 +528,11 @@ > sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp, > struct label *label, mode_t flags) > { > + if (!flags) > + return 0; > > - /* TBD: Not Implemented */ > - return (0); > + return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, flags), > + NULL); > } > > static int > @@ -686,16 +716,18 @@ > sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp, > struct label *filelabel, mode_t acc_mode) > { > - /* TBD: Not Implemented */ > - return 0; > + if (!acc_mode) > + return 0; > + > + return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), > + NULL); > } > > static int > sebsd_check_vnode_poll(struct ucred *cred, struct ucred *file_cred, > struct vnode *vp, struct label *label) > { > - /* TBD: Not Implemented */ > - return 0; > + return vnode_has_perm(cred, vp, FILE__POLL, NULL); > } > > static int > @@ -928,8 +960,26 @@ > sebsd_check_vnode_mmap(struct ucred *cred, struct vnode *vp, > struct label *label, int newmapping) > { > - /* TBD: Not Implemented */ > - return 0; > +#ifdef TBD > + access_vector_t av; > + > + /* TBD: Incomplete */ > + if (vp) { > + /* read access is always possible with a mapping */ > + av = FILE__READ; > + > + /* write access only matters if the mapping is shared */ > + if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE)) > + av |= FILE__WRITE; > + > + if (prot & PROT_EXEC) > + av |= FILE__EXECUTE; > + > + return vnode_has_perm(cred, vp, av, NULL); > + } > +#endif > + > + return (0); > } > > static int > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message