From owner-p4-projects@FreeBSD.ORG Fri Jan 30 10:03:46 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0F1D216A4EA; Fri, 30 Jan 2004 10:03:46 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B946616A531 for ; Fri, 30 Jan 2004 10:03:45 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 362BB43D2D for ; Fri, 30 Jan 2004 10:03:03 -0800 (PST) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0UI330B024508 for ; Fri, 30 Jan 2004 10:03:03 -0800 (PST) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0UI32uM024375 for perforce@freebsd.org; Fri, 30 Jan 2004 10:03:02 -0800 (PST) (envelope-from areisse@nailabs.com) Date: Fri, 30 Jan 2004 10:03:02 -0800 (PST) Message-Id: <200401301803.i0UI32uM024375@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 46200 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 18:03:46 -0000 http://perforce.freebsd.org/chv.cgi?CH=46200 Change 46200 by areisse@areisse_ibook on 2004/01/30 10:02:08 Merge mach additions back to sedarwin development branch. Move mac initialization to mach startup, so that it is available for creation of mach tasks and ports. The policy (mac_late) initialization is also done here. (mac_late_init should be renamed mac_init_policy to better reflect its actual purpose) Add support for task and port labels to the mac framework and sebsd. A new lock was introduced to protect the task label. The lock order for two task labels is lower pointer first. Add object labelling events for mach tasks and ports. Tasks (and task ports) copy labels from the cred labels whenever the cred label is changed. (Currently, in fork, execve, bsd_init, and mac_relabel_cred) It is up to the policy to label newly created ports. Add access control checks for sending messages and port rights. Getting port rights from a message is not currently checked. Add a message trailer field for the sender's task label. Add a new mach kernel server, security. This server has calls for getting and setting labels on ports and tasks, and checking access. There are 3 generic access check calls so far: subject and object are tasks subject is task, object is port subject and object label strings are passed. The last check can be used by a userspace server, using the label from the message trailer, to use the client as subject. Add new access control check, mac_check_service_access. This uses an arbitrary subject, object, permission class, and permission name to check a permission. It can be called from userspace (currently only for tasks). sebsd: Add support for libsebsd security_change_context call. Support task and port labels. Both use the cred label structure (for now). Enable use of named permissions; implement mac_check_service_access (it assumes both labels are cred format). Print numbers in permission sets if there are no names. Add support for task and port labels and permission checks. Label new ports after the task. Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_space.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_msg.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/mach_port.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_kobject.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/ipc_tt.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/startup.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/kern/task.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/Makefile#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/_label.h#1 branch .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mac.h#1 branch .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_port.defs#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/mach_types.defs#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/message.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/mach/security.defs#1 branch .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ppc/ppc_init.c#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/pexpert/pexpert/ppc/boot.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_inherit.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/av_permissions.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#6 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#4 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc_ss.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/class_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/common_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/initial_sid_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask.h#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/access_vectors#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/flask/security_classes#2 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#20 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#5 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#4 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#5 integrate .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/services.c#5 integrate Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/bsd_init.c#5 (text+ko) ==== @@ -117,6 +117,8 @@ #include #include +#include + extern shared_region_mapping_t system_shared_region; extern int app_profile; /* on/off switch for pre-heat cache */ @@ -290,11 +292,9 @@ * Initialize the MAC Framework */ { - extern mac_init(void); - extern mac_late_init(void); + extern mac_init_bsd(void); - mac_init(); - mac_late_init(); + mac_init_bsd(); } #endif /* MAC */ @@ -352,6 +352,7 @@ #ifdef MAC mac_create_proc0(p->p_ucred); + mac_update_task_from_cred (p->p_ucred, (struct task *) p->task); #endif /* Create the file descriptor table. */ @@ -577,6 +578,7 @@ vm_set_shared_region(get_threadtask(th_act), system_shared_region); #ifdef MAC mac_create_proc1(p->p_ucred); + mac_update_task_from_cred (p->p_ucred, (struct task *) p->task); #endif load_init_program(p); /* turn on app-profiling i.e. pre-heating */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_exec.c#5 (text+ko) ==== @@ -89,6 +89,7 @@ #include #include #include +#include #include @@ -657,8 +658,10 @@ } #ifdef MAC - if (will_transition && !no_trans) + if (will_transition && !no_trans) { mac_execve_transition (cred, p->p_ucred, vp, scriptlabelp, execlabelp); + mac_update_task_from_cred (p->p_ucred, p->task); + } #endif crfree (cred); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_fork.c#3 (text+ko) ==== @@ -71,6 +71,7 @@ #include #include #include +#include #if KTRACE #include #endif @@ -253,6 +254,7 @@ child->task = task; /* task->proc = child; */ set_bsdtask_info(task, child); + mac_update_task_from_cred (child->p_ucred, task); if (child->p_nice != 0) resetpriority(child); result = thread_create(task, &thread); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#34 (text+ko) ==== @@ -524,13 +524,17 @@ * Initialize the MAC subsystem, including appropriate SMP locks. */ void -mac_init(void) +mac_init_mach () { - LIST_INIT(&mac_static_policy_list); LIST_INIT(&mac_policy_list); mac_policy_mtx = mutex_alloc(ETAP_NO_TRACE); +} + +void +mac_init_bsd(void) +{ cv_init(&mac_policy_cv, "mac_policy_cv"); sysctl_register_oid(&sysctl__security); @@ -664,7 +668,8 @@ * We don't technically need exclusive access while !mac_late, * but hold it for assertion consistency. */ - mac_policy_grab_exclusive(); + if (mac_late) + mac_policy_grab_exclusive(); /* * If the module can potentially be unloaded, or we're loading @@ -724,7 +729,8 @@ mpc->mpc_name); out: - mac_policy_release_exclusive(); + if (mac_late) + mac_policy_release_exclusive(); return (error); } @@ -855,7 +861,7 @@ MAC_DEBUG_COUNTER_INC(&nmacbpfdescs); } -static void +void mac_init_cred_label(struct label *label) { mac_init_label(label); @@ -864,6 +870,19 @@ } void +mac_init_task_label(struct label *label) +{ + mac_init_label(label); + MAC_PERFORM(init_task_label, label); +} + +void +mac_copy_cred_to_task (struct label *cred, struct label *task) +{ + MAC_PERFORM (copy_cred_to_task, cred, task); +} + +void mac_init_cred(struct ucred *cred) { @@ -871,6 +890,18 @@ } void +mac_init_port_label (struct label *l) +{ + MAC_PERFORM (init_port_label, l); +} + +void +mac_destroy_port_label (struct label *l) +{ + MAC_PERFORM (destroy_port_label, l); +} + +void mac_init_devfsdirent(struct devnode *de) { mac_init_label(&de->dn_label); @@ -1105,6 +1136,13 @@ } void +mac_destroy_task_label(struct label *label) +{ + MAC_PERFORM(destroy_task_label, label); + mac_destroy_label(label); +} + +void mac_destroy_cred(struct ucred *cred) { @@ -1264,6 +1302,20 @@ } void +mac_copy_port_label(struct label *src, struct label *dest) +{ + + MAC_PERFORM(copy_port_label, src, dest); +} + +void +mac_update_port_from_cred_label (struct label *src, struct label *dest) +{ + + MAC_PERFORM(update_port_from_cred_label, src, dest); +} + +void mac_copy_devfs_label(struct label *src, struct label *dest) { MAC_PERFORM(copy_devfs_label, src, dest); @@ -1290,6 +1342,28 @@ return (error); } +int +mac_externalize_task_label(struct label *label, char *elements, + char *outbuf, size_t outbuflen, int flags) +{ + int error; + + MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen); + + return (error); +} + +int +mac_externalize_port_label(struct label *label, char *elements, + char *outbuf, size_t outbuflen, int flags) +{ + int error; + + MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen); + + return (error); +} + static int mac_externalize_ifnet_label(struct label *label, char *elements, char *outbuf, size_t outbuflen, int flags) @@ -1357,6 +1431,16 @@ return (error); } +int +mac_internalize_port_label(struct label *label, char *string) +{ + int error; + + MAC_INTERNALIZE(cred_label, label, string); + + return (error); +} + static int mac_internalize_ifnet_label(struct label *label, char *string) { @@ -1447,6 +1531,19 @@ } void +mac_create_task (struct task *parent, struct task *child, struct label *pl, + struct label *chl) +{ + MAC_PERFORM(create_task, parent, child, pl, chl); +} + +void +mac_create_port(struct label *it, struct label *st, struct label *port) +{ + MAC_PERFORM(create_port, it, st, port); +} + +void mac_update_devfsdirent(struct mount *mp, struct devnode *de, struct vnode *vp) { @@ -2642,6 +2739,66 @@ } int +mac_check_port_relabel (struct label *task, struct label *old, struct label *newlabel) +{ + int error; + + MAC_CHECK(check_port_relabel, task, old, newlabel); + + return (error); +} + +int +mac_check_port_send (struct label *task, struct label *port) +{ + int error; + + MAC_CHECK(check_port_send, task, port); + + return (error); +} + +int +mac_check_port_make_send (struct label *task, struct label *port) +{ + int error; + + MAC_CHECK(check_port_make_send, task, port); + + return (error); +} + +int +mac_check_port_copy_send (struct label *task, struct label *port) +{ + int error; + + MAC_CHECK(check_port_copy_send, task, port); + + return (error); +} + +int +mac_check_port_move_receive (struct label *task, struct label *port) +{ + int error; + + MAC_CHECK(check_port_move_receive, task, port); + + return (error); +} + +int +mac_check_service_access (struct label *subj, struct label *obj, + const char *s, const char *p) +{ + int error; + + MAC_CHECK (check_service_access, subj, obj, s, p); + return error; +} + +int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf) { struct label *label; @@ -3630,6 +3787,7 @@ newcred = crdup(oldcred); mac_relabel_cred(newcred, &intlabel); p->p_ucred = newcred; + mac_update_task_from_cred (newcred, p->task); /* * Grab additional reference for use while revoking mmaps, prior ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_prot.c#8 (text+ko) ==== @@ -803,4 +803,6 @@ (sec_token.val[0]) ? HOST_PRIV_NULL : host_priv_self()); + + mac_update_task_from_cred (p->p_ucred, p->task); } ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac.h#9 (text+ko) ==== @@ -147,6 +147,8 @@ void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *); void mac_copy_vnode_label(struct label *, struct label *label); void mac_copy_devfs_label(struct label *, struct label *label); +void mac_copy_cred_to_task (struct label *cred, struct label *task); +void mac_update_task_label (struct label *plabel, void *task); void mac_destroy_bpfdesc(struct bpf_d *); void mac_destroy_cred(struct ucred *); void mac_destroy_devfsdirent(struct devnode *); @@ -160,6 +162,9 @@ void mac_destroy_vnode(struct vnode *); void mac_destroy_vnode_label(struct label *); +#define mac_update_task_from_cred(cred,task) \ + mac_update_task_label (&((cred)->cr_label),task) + /* * Labeling event operations: file system objects, and things that * look a lot like file system objects. @@ -237,6 +242,8 @@ #endif /* Access control checks. */ +int mac_check_service_access (struct label *subj, struct label *obj, + const char *serv, const char *perm); int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/sys/mac_policy.h#8 (text+ko) ==== @@ -63,6 +63,7 @@ struct ucred; struct vnode; struct devnode; +struct task; struct mac_policy_ops { /* @@ -95,6 +96,8 @@ void (*mpo_init_pipe_label)(struct label *label); #endif void (*mpo_init_proc_label)(struct label *label); + void (*mpo_init_task_label)(struct label *label); + void (*mpo_init_port_label)(struct label *label); void (*mpo_init_vnode_label)(struct label *label); void (*mpo_destroy_bpfdesc_label)(struct label *label); void (*mpo_destroy_cred_label)(struct label *label); @@ -110,9 +113,15 @@ void (*mpo_destroy_pipe_label)(struct label *label); #endif void (*mpo_destroy_proc_label)(struct label *label); + void (*mpo_destroy_task_label)(struct label *label); + void (*mpo_destroy_port_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); + void (*mpo_copy_cred_to_task) (struct label *cred, struct label *task); void (*mpo_copy_mbuf_label)(struct label *src, struct label *dest); + + void (*mpo_update_port_from_cred_label) (struct label *cred, + struct label *task); #if 0 void (*mpo_copy_pipe_label)(struct label *src, struct label *dest); @@ -121,6 +130,8 @@ struct label *dest); void (*mpo_copy_devfs_label)(struct label *src, struct label *dest); + void (*mpo_copy_port_label)(struct label *src, + struct label *dest); int (*mpo_externalize_cred_label)(struct label *label, char *element_name, struct sbuf *sb, int *claimed); int (*mpo_externalize_ifnet_label)(struct label *label, @@ -223,6 +234,9 @@ struct label *pipelabel); #endif + void (*mpo_create_port)(struct label *it, struct label *st, + struct label *portlabel); + /* * Labeling event operations: network objects. */ @@ -279,6 +293,9 @@ void (*mpo_create_cred)(struct ucred *parent_cred, struct ucred *child_cred); + void (*mpo_create_task)(struct task *parent, struct task *child, struct label *pl, + struct label *cl); + void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, @@ -290,7 +307,7 @@ struct label *interpvnodelabel, struct label *execlabel); - void (*mpo_create_proc0)(struct ucred *cred); + void (*mpo_create_proc0)(struct ucred *cred); void (*mpo_create_proc1)(struct ucred *cred); void (*mpo_relabel_cred)(struct ucred *cred, struct label *newlabel); @@ -301,11 +318,18 @@ /* * Access control checks. */ + int (*mpo_check_service_access)(struct label *subj, struct label *obj, const char *serv, const char *perm); int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d, struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel); int (*mpo_check_cred_relabel)(struct ucred *cred, struct label *newlabel); + int (*mpo_check_port_relabel)(struct label *task, struct label *old, + struct label *newlabel); + int (*mpo_check_port_send)(struct label *task, struct label *port); + int (*mpo_check_port_make_send)(struct label *task, struct label *port); + int (*mpo_check_port_copy_send)(struct label *task, struct label *port); + int (*mpo_check_port_move_receive)(struct label *task, struct label *port); int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); int (*mpo_check_ifnet_relabel)(struct ucred *cred, struct ifnet *ifnet, struct label *ifnetlabel, ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/MASTER#2 (text+ko) ==== @@ -196,3 +196,5 @@ # options MACH_COUNTERS # # + +options MAC ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/conf/files#2 (text+ko) ==== @@ -221,6 +221,7 @@ ./mach/task_server.c standard ./mach/thread_act_server.c standard ./mach/vm_map_server.c standard +./mach/security_server.c standard osfmk/mach-o/mach_header.c standard osfmk/vm/device_vm.c standard osfmk/vm/memory_object.c standard ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_kmsg.c#2 (text+ko) ==== @@ -647,7 +647,7 @@ { mach_msg_size_t msg_and_trailer_size; ipc_kmsg_t kmsg; - mach_msg_format_0_trailer_t *trailer; + mach_msg_mac_trailer_t *trailer; mach_port_name_t dest_name; ipc_entry_t dest_entry; ipc_port_t dest_port; @@ -675,11 +675,23 @@ * is initialized to the minimum (sizeof(mach_msg_trailer_t)), to optimize * the cases where no implicit data is requested. */ - trailer = (mach_msg_format_0_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size); + trailer = (mach_msg_mac_trailer_t *) ((vm_offset_t)&kmsg->ikm_header + size); trailer->msgh_sender = current_thread()->top_act->task->sec_token; trailer->msgh_trailer_type = MACH_MSG_TRAILER_FORMAT_0; trailer->msgh_trailer_size = MACH_MSG_TRAILER_MINIMUM_SIZE; + task_t cur = current_thread()->top_act->task; + if (cur) + { + tasklabel_lock (cur); + mac_externalize_task_label (&cur->maclabel, + "sebsd", trailer->msgh_labels.slabel, + 64, 0); + tasklabel_unlock (cur); + } + else + strcpy (trailer->msgh_labels.slabel, "system_u:system_r:kernel_t"); + *kmsgp = kmsg; return MACH_MSG_SUCCESS; } @@ -797,6 +809,19 @@ ip_lock(port); +#ifdef MAC + task_t self = current_task(); + tasklabel_lock (self); + + int rc = mac_check_port_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + if (port->ip_receiver == ipc_space_kernel) { /* @@ -839,6 +864,7 @@ ip_release(port); ip_check_unlock(port); + kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL; ipc_kmsg_destroy(kmsg); return MACH_MSG_SUCCESS; ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_object.c#2 (text+ko) ==== @@ -989,6 +989,10 @@ #if MACH_ASSERT ipc_port_track_dealloc(port); #endif /* MACH_ASSERT */ + +#ifdef MAC + mac_destroy_port_label (&port->ip_label); +#endif } zfree(ipc_object_zones[otype], (vm_offset_t) object); } ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.c#2 (text+ko) ==== @@ -462,6 +462,10 @@ #endif /* MACH_ASSERT */ ipc_mqueue_init(&port->ip_messages, FALSE /* set */); + +#ifdef MAC + mac_init_port_label (&port->ip_label); +#endif } /* @@ -498,6 +502,14 @@ ipc_port_init(port, space, name); +#ifdef MAC + task_t issuer = current_task(); + tasklabel_lock2 (issuer, space->is_task); + mac_create_port (&issuer->maclabel, &space->is_task->maclabel, + &port->ip_label); + tasklabel_unlock2 (issuer, space->is_task); +#endif + *namep = name; *portp = port; @@ -537,6 +549,14 @@ ipc_port_init(port, space, name); +#ifdef MAC + task_t issuer = current_task(); + tasklabel_lock2 (issuer, space->is_task); + mac_create_port (&issuer->maclabel, &space->is_task->maclabel, + &port->ip_label); + tasklabel_unlock2 (issuer, space->is_task); +#endif + *portp = port; return KERN_SUCCESS; @@ -1137,6 +1157,16 @@ ipc_port_init(port, space, 1); +#ifdef MACXXX + task_t issuer = current_task(); + if (issuer && space->is_task) { + tasklabel_lock2 (issuer, space->is_task); + mac_create_port (&issuer->maclabel, &space->is_task->maclabel, + &port->ip_label); + tasklabel_unlock2 (issuer, space->is_task); + } +#endif + return port; } ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_port.h#2 (text+ko) ==== @@ -80,6 +80,8 @@ #include #include +#include + /* * A receive right (port) can be in four states: * 1) dead (not active, ip_timestamp has death time) @@ -146,6 +148,10 @@ unsigned long ip_spares[IP_NSPARES]; /* for debugging */ #endif /* MACH_ASSERT */ int alias; + +#ifdef MAC + struct label ip_label; +#endif }; ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/osfmk/ipc/ipc_right.c#2 (text+ko) ==== @@ -1316,6 +1316,9 @@ mach_msg_type_name_t msgt_name) { ipc_entry_bits_t bits; +#ifdef MAC + task_t self = current_task(); +#endif bits= entry->ie_bits; assert(space->is_active); @@ -1323,10 +1326,37 @@ switch (msgt_name) { case MACH_MSG_TYPE_MAKE_SEND: case MACH_MSG_TYPE_MAKE_SEND_ONCE: + if ((bits & MACH_PORT_TYPE_RECEIVE) == 0) + return FALSE; + +#ifdef MAC + ipc_port_t port; + + port = (ipc_port_t) entry->ie_object; + ip_lock (port); + tasklabel_lock (self); + int rc = mac_check_port_make_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + ip_unlock (port); + if (rc) + return FALSE; +#endif + break; + case MACH_MSG_TYPE_MOVE_RECEIVE: if ((bits & MACH_PORT_TYPE_RECEIVE) == 0) return FALSE; +#ifdef MAC + port = (ipc_port_t) entry->ie_object; + ip_lock (port); + tasklabel_lock (self); + rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + ip_unlock (port); + if (rc) + return FALSE; +#endif break; case MACH_MSG_TYPE_COPY_SEND: @@ -1346,6 +1376,16 @@ ip_lock(port); active = ip_active(port); +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return FALSE; + } +#endif ip_unlock(port); if (!active) { @@ -1404,6 +1444,11 @@ ipc_port_t *sorightp) { ipc_entry_bits_t bits; +#ifdef MAC + task_t self = current_task(); + int rc; +#endif + int dead; bits = entry->ie_bits; @@ -1424,6 +1469,17 @@ assert(port->ip_receiver_name == name); assert(port->ip_receiver == space); +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_make_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + port->ip_mscount++; port->ip_srights++; ip_reference(port); @@ -1448,6 +1504,17 @@ assert(port->ip_receiver_name == name); assert(port->ip_receiver == space); +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_make_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + port->ip_sorights++; ip_reference(port); ip_unlock(port); @@ -1472,6 +1539,17 @@ assert(port->ip_receiver_name == name); assert(port->ip_receiver == space); +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_move_receive (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + if (bits & MACH_PORT_TYPE_SEND) { assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_RECEIVE); @@ -1518,12 +1596,26 @@ port = (ipc_port_t) entry->ie_object; assert(port != IP_NULL); - if (ipc_right_check(space, port, name, entry)) { - bits = entry->ie_bits; - goto copy_dead; - } + dead = ipc_right_check(space, port, name, entry); /* port is locked and active */ +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + + if (dead) + { + bits = entry->ie_bits; + goto copy_dead; + } + if ((bits & MACH_PORT_TYPE_SEND) == 0) { assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE); assert(port->ip_sorights > 0); @@ -1560,11 +1652,24 @@ port = (ipc_port_t) entry->ie_object; assert(port != IP_NULL); - if (ipc_right_check(space, port, name, entry)) { - bits = entry->ie_bits; - goto move_dead; + dead = ipc_right_check(space, port, name, entry); + /* port is locked and active */ + +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + + if (dead) { + bits = entry->ie_bits; + goto move_dead; } - /* port is locked and active */ if ((bits & MACH_PORT_TYPE_SEND) == 0) { assert(IE_BITS_TYPE(bits) == MACH_PORT_TYPE_SEND_ONCE); @@ -1626,11 +1731,24 @@ port = (ipc_port_t) entry->ie_object; assert(port != IP_NULL); - if (ipc_right_check(space, port, name, entry)) { - bits = entry->ie_bits; - goto move_dead; + dead = ipc_right_check(space, port, name, entry); + /* port is locked and active */ + +#ifdef MAC + tasklabel_lock (self); + rc = mac_check_port_copy_send (&self->maclabel, &port->ip_label); + tasklabel_unlock (self); + if (rc) + { + ip_unlock (port); + return KERN_NO_ACCESS; + } +#endif + + if (dead) { + bits = entry->ie_bits; + goto move_dead; } - /* port is locked and active */ if ((bits & MACH_PORT_TYPE_SEND_ONCE) == 0) { assert(bits & MACH_PORT_TYPE_SEND); @@ -1803,6 +1921,10 @@ mach_port_urefs_t urefs; ipc_port_t port; ipc_port_t dnrequest = IP_NULL; +#ifdef MAC + task_t self = current_task(); + int rc; +#endif assert(space->is_active); >>> TRUNCATED FOR MAIL (1000 lines) <<<