Date: Mon, 22 Apr 2002 19:30:25 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10160 for review Message-ID: <200204230230.g3N2UP817375@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10160 Change 10160 by rwatson@rwatson_curry on 2002/04/22 19:30:00 Teach various policies about getextattr/setextattr entry points: babyaudit: audit getextattr/setextattr events without much detail mac_biba: treat getextattr as a read, setextattr as a write for integrity purposes mac_bsdextended: treat getextattr as a read, setextattr as a write mac_mls: treat getextattr as a read, setextattr as a write for confidentiality purposes mac_none: the usual mac_te: introduce two new operations for file/dir: getextattr and setextattr; authorize as appropriate SEBSD and mac_seeotheruids were not updated, as they are not [currently] relevant to those policies. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#7 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#30 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#27 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#24 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#21 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#22 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#93 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#7 (text+ko) ==== @@ -124,6 +124,15 @@ } static int +babyaudit_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + babyaudit_print("babyaudit_cred_check_getextattr_vnode", vp, NULL); + return (0); +} + +static int babyaudit_cred_check_search_vnode(struct ucred *cred, struct vnode *dvp, struct mac *dlabel) { @@ -133,6 +142,15 @@ } static int +babyaudit_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + babyaudit_print("babyaudit_cred_check_setextattr_vnode", vp, NULL); + return (0); +} + +static int babyaudit_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -232,6 +250,8 @@ (macop_t)babyaudit_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)babyaudit_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)babyaudit_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)babyaudit_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -242,6 +262,8 @@ (macop_t)babyaudit_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)babyaudit_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)babyaudit_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)babyaudit_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#30 (text+ko) ==== @@ -862,6 +862,18 @@ } static int +mac_biba_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + if (!mac_biba_enabled) + return (0); + if (!mac_biba_single_dominate(label, &cred->cr_label)) + return (EACCES); + return (0); +} + +static int mac_biba_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp, struct mac *label) { @@ -886,6 +898,18 @@ } static int +mac_biba_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + if (!mac_biba_enabled) + return (0); + if (!mac_biba_single_dominate(&cred->cr_label, label)) + return (EACCES); + return (0); +} + +static int mac_biba_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -1128,6 +1152,8 @@ (macop_t)mac_biba_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)mac_biba_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)mac_biba_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_biba_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -1138,6 +1164,8 @@ (macop_t)mac_biba_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)mac_biba_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)mac_biba_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)mac_biba_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#27 (text+ko) ==== @@ -351,6 +351,23 @@ } static int +mac_bsdextended_cred_check_getextattr_vnode(struct ucred *cred, + struct vnode *vp, struct mac *label, int attrnamespace, + const char *name, struct uio *uio) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); +} + +static int mac_bsdextended_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, struct mac *filelabel, mode_t acc_mode) { @@ -452,6 +469,23 @@ } static int +mac_bsdextended_cred_check_setextattr_vnode(struct ucred *cred, + struct vnode *vp, struct mac *label, int attrnamespace, const char *name, + struct uio *uio) +{ + struct vattr vap; + int error; + + if (!mac_bsdextended_enabled) + return (0); + + error = VOP_GETATTR(vp, &vap, cred, curthread); + if (error) + return (error); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); +} + +static int mac_bsdextended_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -605,6 +639,8 @@ (macop_t)mac_bsdextended_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)mac_bsdextended_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)mac_bsdextended_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_bsdextended_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -615,6 +651,8 @@ (macop_t)mac_bsdextended_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)mac_bsdextended_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)mac_bsdextended_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)mac_bsdextended_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#24 (text+ko) ==== @@ -795,6 +795,18 @@ } static int +mac_mls_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label) +{ + + if (mac_mls_enabled) + return (0); + if (!mac_mls_single_dominate(&cred->cr_label, label)) + return (EACCES); + return (0); +} + +static int mac_mls_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp, struct mac *label) { @@ -819,6 +831,18 @@ } static int +mac_mls_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + if (!mac_mls_enabled) + return (0); + if (!mac_mls_single_dominate(label, &cred->cr_label)) + return (EACCES); + return (0); +} + +static int mac_mls_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -1061,6 +1085,8 @@ (macop_t)mac_mls_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)mac_mls_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)mac_mls_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_mls_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -1071,6 +1097,8 @@ (macop_t)mac_mls_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)mac_mls_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)mac_mls_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)mac_mls_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#21 (text+ko) ==== @@ -455,6 +455,15 @@ } static int +mac_none_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + /* Perform access control check here. */ + return (0); +} + +static int mac_none_cred_check_search_vnode(struct ucred *cred, struct vnode *dvp, struct mac *dlabel) { @@ -464,6 +473,15 @@ } static int +mac_none_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + /* Perform access control check here. */ + return (0); +} + +static int mac_none_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -686,6 +704,8 @@ (macop_t)mac_none_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)mac_none_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)mac_none_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_none_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -696,6 +716,8 @@ (macop_t)mac_none_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)mac_none_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)mac_none_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)mac_none_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#22 (text+ko) ==== @@ -816,6 +816,21 @@ } static int +mac_te_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + switch (vp->v_type) { + case VDIR: + return (mac_te_check(&cred->cr_label, label, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_DIR_GETEXTATTR)); + default: + return (mac_te_check(&cred->cr_label, label, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_FILE_GETEXTATTR)); + } +} + +static int mac_te_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp, struct mac *label) { @@ -834,6 +849,21 @@ } static int +mac_te_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + struct mac *label, int attrnamespace, const char *name, struct uio *uio) +{ + + switch (vp->v_type) { + case VDIR: + return (mac_te_check(&cred->cr_label, label, MAC_TE_CLASS_DIR, + MAC_TE_OPERATION_DIR_SETEXTATTR)); + default: + return (mac_te_check(&cred->cr_label, label, MAC_TE_CLASS_FILE, + MAC_TE_OPERATION_FILE_SETEXTATTR)); + } +} + +static int mac_te_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags) { @@ -1131,6 +1161,8 @@ (macop_t)mac_te_cred_check_delete_vnode }, { MAC_CRED_CHECK_EXEC_VNODE, (macop_t)mac_te_cred_check_exec_vnode }, + { MAC_CRED_CHECK_GETEXTATTR_VNODE, + (macop_t)mac_te_cred_check_getextattr_vnode }, { MAC_CRED_CHECK_OPEN_VNODE, (macop_t)mac_te_cred_check_open_vnode }, { MAC_CRED_CHECK_RENAME_FROM_VNODE, @@ -1141,6 +1173,8 @@ (macop_t)mac_te_cred_check_revoke_vnode }, { MAC_CRED_CHECK_SEARCH_VNODE, (macop_t)mac_te_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETEXTATTR_VNODE, + (macop_t)mac_te_cred_check_setextattr_vnode }, { MAC_CRED_CHECK_SETFLAGS_VNODE, (macop_t)mac_te_cred_check_setflags_vnode }, { MAC_CRED_CHECK_SETMODE_VNODE, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#93 (text+ko) ==== @@ -157,9 +157,11 @@ #define MAC_TE_OPERATION_FILE_ADMIN 1 #define MAC_TE_OPERATION_FILE_DELETE 2 #define MAC_TE_OPERATION_FILE_EXEC 3 -#define MAC_TE_OPERATION_FILE_READ 4 -#define MAC_TE_OPERATION_FILE_STAT 5 -#define MAC_TE_OPERATION_FILE_WRITE 6 +#define MAC_TE_OPERATION_FILE_GETEXTATTR 4 +#define MAC_TE_OPERATION_FILE_READ 5 +#define MAC_TE_OPERATION_FILE_SETEXTATTR 6 +#define MAC_TE_OPERATION_FILE_STAT 7 +#define MAC_TE_OPERATION_FILE_WRITE 8 #define MAC_TE_CLASS_MBUF 3 #define MAC_TE_OPERATION_MBUF_RECEIVE 1 @@ -169,10 +171,12 @@ #define MAC_TE_OPERATION_DIR_ADMIN 1 #define MAC_TE_OPERATION_DIR_CHDIR 2 #define MAC_TE_OPERATION_DIR_DELETE 3 -#define MAC_TE_OPERATION_DIR_LOOKUP 4 -#define MAC_TE_OPERATION_DIR_READ 5 -#define MAC_TE_OPERATION_DIR_STAT 6 -#define MAC_TE_OPERATION_DIR_WRITE 7 +#define MAC_TE_OPERATION_DIR_GETEXTATTR 4 +#define MAC_TE_OPERATION_DIR_LOOKUP 5 +#define MAC_TE_OPERATION_DIR_READ 6 +#define MAC_TE_OPERATION_DIR_SETEXTATTR 7 +#define MAC_TE_OPERATION_DIR_STAT 8 +#define MAC_TE_OPERATION_DIR_WRITE 9 #define MAC_TE_CLASS_FS 5 #define MAC_TE_OPERATION_FS_STATFS 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204230230.g3N2UP817375>