From owner-p4-projects Thu May 30 19:51:52 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E4E1537B407; Thu, 30 May 2002 19:50:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A797A37B401 for ; Thu, 30 May 2002 19:50:10 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4V2o9n95854 for perforce@freebsd.org; Thu, 30 May 2002 19:50:09 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 30 May 2002 19:50:09 -0700 (PDT) Message-Id: <200205310250.g4V2o9n95854@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 12168 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=12168 Change 12168 by rwatson@rwatson_curry on 2002/05/30 19:49:24 Integrate support for dynamic labeling from the green_mac branch. Things might still work, mostly. HEADS UP: Currently MLS and TE are broken. Biba mostly works. We'll fix that in the next day or two, but caution is required if tracking trustedbsd_mac. Affected files ... ... //depot/projects/trustedbsd/mac/sys/Makefile#3 integrate ... //depot/projects/trustedbsd/mac/sys/conf/files#31 integrate ... //depot/projects/trustedbsd/mac/sys/fs/deadfs/dead_vnops.c#6 integrate ... //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#4 integrate ... //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#5 integrate ... //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#7 integrate ... //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#16 integrate ... //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs.c#6 integrate ... //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs.h#6 integrate ... //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#4 integrate ... //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs.h#8 integrate ... //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vnops.c#12 integrate ... //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#30 integrate ... //depot/projects/trustedbsd/mac/sys/kern/init_main.c#21 integrate ... //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#20 integrate ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#147 integrate ... //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#19 integrate ... //depot/projects/trustedbsd/mac/sys/kern/subr_mbuf.c#11 integrate ... //depot/projects/trustedbsd/mac/sys/kern/subr_witness.c#16 integrate ... //depot/projects/trustedbsd/mac/sys/kern/uipc_mbuf.c#6 integrate ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket.c#24 integrate ... //depot/projects/trustedbsd/mac/sys/kern/vfs_default.c#7 integrate ... //depot/projects/trustedbsd/mac/sys/kern/vfs_subr.c#23 integrate ... //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#19 integrate ... //depot/projects/trustedbsd/mac/sys/kern/vnode_if.src#7 integrate ... //depot/projects/trustedbsd/mac/sys/modules/Makefile#20 integrate ... //depot/projects/trustedbsd/mac/sys/modules/mac_test/Makefile#1 branch ... //depot/projects/trustedbsd/mac/sys/net/bpfdesc.h#4 integrate ... //depot/projects/trustedbsd/mac/sys/net/if_loop.c#9 integrate ... //depot/projects/trustedbsd/mac/sys/net/if_var.h#9 integrate ... //depot/projects/trustedbsd/mac/sys/netinet/ip_input.c#13 integrate ... //depot/projects/trustedbsd/mac/sys/netinet/ip_output.c#12 integrate ... //depot/projects/trustedbsd/mac/sys/netinet/ip_var.h#4 integrate ... //depot/projects/trustedbsd/mac/sys/netinet6/ip6_input.c#7 integrate ... //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#9 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#37 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#29 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#8 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#31 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#27 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#9 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#31 integrate ... //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#1 branch ... //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#7 integrate ... //depot/projects/trustedbsd/mac/sys/sys/imgact.h#5 integrate ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#102 integrate ... //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#63 integrate ... //depot/projects/trustedbsd/mac/sys/sys/mbuf.h#6 integrate ... //depot/projects/trustedbsd/mac/sys/sys/mount.h#12 integrate ... //depot/projects/trustedbsd/mac/sys/sys/socketvar.h#15 integrate ... //depot/projects/trustedbsd/mac/sys/sys/ucred.h#10 integrate ... //depot/projects/trustedbsd/mac/sys/sys/vnode.h#25 integrate ... //depot/projects/trustedbsd/mac/sys/ufs/ufs/inode.h#6 integrate ... //depot/projects/trustedbsd/mac/sys/ufs/ufs/mac.h#3 delete ... //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_mac.c#7 delete ... //depot/projects/trustedbsd/mac/sys/ufs/ufs/ufs_vnops.c#34 integrate Differences ... ==== //depot/projects/trustedbsd/mac/sys/Makefile#3 (text+ko) ==== @@ -8,6 +8,31 @@ SUBDIR+=modules .endif +.for arch in alpha ia64 powerpc sparc64 +.if ${MACHINE_ARCH} != "${arch}" +SKIPARCHS+= ${arch} +.endif +.endfor +.if ${MACHINE_ARCH} == "i386" +SKIPARCHS+= pc98 +.elif ${MACHINE_ARCH} == "pc98" +.else +SKIPARCHS+= i386 +SKIPARCHS+= pc98 +.endif +SKIPPATTERN:=\./boot +.for arch in ${SKIPARCHS} +SKIPPATTERN:=${SKIPPATTERN}|\./${arch} +.endfor +ctags: + rm -f ${.CURDIR}/tags + touch ${.CURDIR}/tags + cd ${.CURDIR}; \ + find -E . -type d -mindepth 1 -maxdepth 1 \ + ! -regex "${SKIPPATTERN}" | \ + xargs -J {} find {} -name "*.[lych]" | \ + xargs ctags -a -f ${.CURDIR}/tags + HTAGSFLAGS+= -at `awk -F= '/^RELEASE *=/{release=$2}; END {print "FreeBSD", release, "kernel"}' < conf/newvers.sh` .include ==== //depot/projects/trustedbsd/mac/sys/conf/files#31 (text+ko) ==== @@ -1341,7 +1341,6 @@ ufs/ufs/ufs_lookup.c optional ext2fs ufs/ufs/ufs_lookup.c optional ffs ufs/ufs/ufs_lookup.c optional ifs -ufs/ufs/ufs_mac.c optional ffs ufs/ufs/ufs_quota.c optional ext2fs ufs/ufs/ufs_quota.c optional ffs ufs/ufs/ufs_quota.c optional ifs ==== //depot/projects/trustedbsd/mac/sys/fs/deadfs/dead_vnops.c#6 (text+ko) ==== @@ -58,9 +58,6 @@ static int dead_print(struct vop_print_args *); static int dead_read(struct vop_read_args *); static int dead_write(struct vop_write_args *); -#ifdef MAC -static int dead_getlabel(struct vop_getlabel_args *); -#endif /* MAC */ vop_t **dead_vnodeop_p; static struct vnodeopv_entry_desc dead_vnodeop_entries[] = { @@ -70,9 +67,6 @@ { &vop_bmap_desc, (vop_t *) dead_bmap }, { &vop_create_desc, (vop_t *) vop_panic }, { &vop_getattr_desc, (vop_t *) vop_ebadf }, -#ifdef MAC - { &vop_getlabel_desc, (vop_t *) dead_getlabel }, -#endif /* MAC */ { &vop_inactive_desc, (vop_t *) vop_null }, { &vop_ioctl_desc, (vop_t *) dead_ioctl }, { &vop_link_desc, (vop_t *) vop_panic }, @@ -290,25 +284,3 @@ { return (POLLHUP); } - -#ifdef MAC -/* - * We'll always need to fall back to some kind of default MAC label for - * some things even if an object gets revoked, so return an empty one - * if so. - */ -static int -dead_getlabel(ap) - struct vop_getlabel_args *ap; -{ - - /* - * Using rootvnode here to inherit a label from is probably totally - * bogus. Since this vnode is dead, I suppose we can choose to not - * care. - */ - mac_create_vnode_from_vnode(ap->a_cred, rootvnode, ap->a_vp, - ap->a_label); - return (0); -} -#endif /* MAC */ ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#4 (text+ko) ==== @@ -78,7 +78,7 @@ mode_t de_mode; uid_t de_uid; gid_t de_gid; - struct mac de_label; + struct label de_label; struct timespec de_atime; struct timespec de_mtime; struct timespec de_ctime; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#5 (text+ko) ==== @@ -209,6 +209,9 @@ vfs_timestamp(&de->de_ctime); de->de_mtime = de->de_atime = de->de_ctime; de->de_links = 1; +#ifdef MAC + mac_init_devfsdirent(de); +#endif return (de); } @@ -256,6 +259,9 @@ if (de->de_vnode) de->de_vnode->v_data = NULL; TAILQ_REMOVE(&dd->de_dlist, de, de_list); +#ifdef MAC + mac_destroy_devfsdirent(de); +#endif FREE(de, M_DEVFS); } @@ -329,7 +335,7 @@ de = devfs_vmkdir(s, q - s, dd); #ifdef MAC mac_create_devfs_directory(s, q - s, - &de->de_label); + de); #endif de->de_inode = dm->dm_inode++; TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); @@ -357,7 +363,7 @@ de->de_dirent->d_type = DT_CHR; } #ifdef MAC - mac_create_devfs_device(dev, &de->de_label); + mac_create_devfs_device(dev, de); #endif *dep = de; de->de_dir = dd; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#7 (text+ko) ==== @@ -96,7 +96,7 @@ fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL); fmp->dm_rootdir->de_inode = 2; #ifdef MAC - mac_create_devfs_directory("", 0, &fmp->dm_rootdir->de_label); + mac_create_devfs_directory("", 0, fmp->dm_rootdir); #endif fmp->dm_basedir = fmp->dm_rootdir; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#16 (text+ko) ==== @@ -64,9 +64,6 @@ static int devfs_access(struct vop_access_args *ap); static int devfs_getattr(struct vop_getattr_args *ap); -#ifdef MAC -static int devfs_getlabel(struct vop_getlabel_args *ap); -#endif static int devfs_lookupx(struct vop_lookup_args *ap); static int devfs_mknod(struct vop_mknod_args *ap); static int devfs_pathconf(struct vop_pathconf_args *ap); @@ -75,6 +72,9 @@ static int devfs_readdir(struct vop_readdir_args *ap); static int devfs_readlink(struct vop_readlink_args *ap); static int devfs_reclaim(struct vop_reclaim_args *ap); +#ifdef MAC +static int devfs_refreshlabel(struct vop_refreshlabel_args *ap); +#endif static int devfs_remove(struct vop_remove_args *ap); static int devfs_revoke(struct vop_revoke_args *ap); static int devfs_setattr(struct vop_setattr_args *ap); @@ -163,6 +163,9 @@ vp->v_data = de; de->de_vnode = vp; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + mac_create_devfs_vnode(de, vp); +#endif *vpp = vp; return (0); } @@ -254,26 +257,7 @@ return (error); } -#ifdef MAC static int -devfs_getlabel(ap) - struct vop_getlabel_args /* { - struct vnode *a_vp; - struct mac *a_label; - struct ucred *a_cred; - struct thread *a_td; - } */ *ap; -{ - - bzero(ap->a_label, sizeof(*ap->a_label)); - mac_copy_label(&((struct devfs_dirent *) ap->a_vp->v_data)->de_label, - ap->a_label); - - return (0); -} -#endif - -static int devfs_lookupx(ap) struct vop_lookup_args /* { struct vnode * a_dvp; @@ -661,7 +645,21 @@ return (0); } +#ifdef MAC static int +devfs_refreshlabel(ap) + struct vop_refreshlabel_args /* { + struct vnode *a_vp; + struct ucred *a_cred; + } */ *ap; +{ + + /* Labels are always in sync. */ + return (0); +} +#endif + +static int devfs_remove(ap) struct vop_remove_args /* { struct vnode *a_dvp; @@ -681,6 +679,9 @@ TAILQ_REMOVE(&dd->de_dlist, de, de_list); if (de->de_vnode) de->de_vnode->v_data = NULL; +#ifdef MAC + mac_destroy_devfsdirent(de); +#endif FREE(de, M_DEVFS); } else { de->de_flags |= DE_WHITEOUT; @@ -811,17 +812,15 @@ struct thread *a_td; } */ *ap; { + struct vnode *vp; struct devfs_dirent *de; - int error; - de = ap->a_vp->v_data; + vp = ap->a_vp; + de = vp->v_data; - error = VOP_ACCESS(ap->a_vp, VADMIN, ap->a_cred, ap->a_td); - if (error) - return (error); + mac_relabel_vnode(ap->a_cred, vp, ap->a_label); + mac_update_devfsdirent_from_vnode(de, vp); - mac_copy_label(ap->a_label, &de->de_label); - return (0); } #endif @@ -859,8 +858,8 @@ TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0); #ifdef MAC - mac_create_vnode_from_vnode(ap->a_cnp->cn_cred, ap->a_dvp, *ap->a_vpp, - &de->de_label); + mac_create_vnode_from_vnode(ap->a_cnp->cn_cred, ap->a_dvp, *ap->a_vpp); + mac_update_devfsdirent_from_vnode(de, *ap->a_vpp); #endif /* MAC */ lockmgr(&dmp->dm_lock, LK_RELEASE, 0, curthread); return (0); @@ -871,9 +870,6 @@ { &vop_default_desc, (vop_t *) vop_defaultop }, { &vop_access_desc, (vop_t *) devfs_access }, { &vop_getattr_desc, (vop_t *) devfs_getattr }, -#ifdef MAC - { &vop_getlabel_desc, (vop_t *) devfs_getlabel }, -#endif { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, { &vop_lookup_desc, (vop_t *) devfs_lookup }, @@ -885,6 +881,9 @@ { &vop_readlink_desc, (vop_t *) devfs_readlink }, { &vop_reclaim_desc, (vop_t *) devfs_reclaim }, { &vop_remove_desc, (vop_t *) devfs_remove }, +#ifdef MAC + { &vop_refreshlabel_desc, (vop_t *) devfs_refreshlabel }, +#endif { &vop_revoke_desc, (vop_t *) devfs_revoke }, { &vop_setattr_desc, (vop_t *) devfs_setattr }, #ifdef MAC @@ -904,14 +903,14 @@ { &vop_default_desc, (vop_t *) spec_vnoperate }, { &vop_access_desc, (vop_t *) devfs_access }, { &vop_getattr_desc, (vop_t *) devfs_getattr }, -#ifdef MAC - { &vop_getlabel_desc, (vop_t *) devfs_getlabel }, -#endif { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, { &vop_pathconf_desc, (vop_t *) devfs_pathconf }, { &vop_print_desc, (vop_t *) devfs_print }, { &vop_reclaim_desc, (vop_t *) devfs_reclaim }, +#ifdef MAC + { &vop_refreshlabel_desc, (vop_t *) devfs_refreshlabel }, +#endif { &vop_remove_desc, (vop_t *) devfs_remove }, { &vop_revoke_desc, (vop_t *) devfs_revoke }, { &vop_setattr_desc, (vop_t *) devfs_setattr }, ==== //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs.c#6 (text+ko) ==== @@ -151,7 +151,7 @@ dir = pfs_create_dir(root, "pid", &procfs_attr, NULL, PFS_PROCDEP); - dir->pn_getlabel = &procfs_piddir_getlabel; + dir->pn_refreshlabel = &procfs_piddir_refreshlabel; pfs_create_file(dir, "cmdline", &procfs_doproccmdline, NULL, NULL, PFS_RD); pfs_create_file(dir, "ctl", &procfs_doprocctl, ==== //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs.h#6 (text+ko) ==== @@ -62,7 +62,7 @@ int procfs_attr(PFS_ATTR_ARGS); /* MAC */ -int procfs_piddir_getlabel(PFS_GETLABEL_ARGS); +int procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS); /* Visibility */ int procfs_notsystem(PFS_VIS_ARGS); ==== //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#4 (text+ko) ==== @@ -52,18 +52,17 @@ #include int -procfs_piddir_getlabel(PFS_GETLABEL_ARGS) +procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS) { #ifdef MAC - bzero(label, sizeof(*label)); - if (p == NULL) { - *label = vp->v_mount->mnt_label; - return (0); + if (p == NULL) + mac_update_vnode_from_mount(vp, vp->v_mount); + else { + PROC_LOCK(p); + mac_update_procfsvnode_from_subject(vp, p->p_ucred); + PROC_UNLOCK(p); } - PROC_LOCK(p); - *label = p->p_ucred->cr_label; - PROC_UNLOCK(p); return (0); #else ==== //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs.h#8 (text+ko) ==== @@ -147,11 +147,11 @@ /* * Getlabel callback */ -#define PFS_GETLABEL_ARGS \ +#define PFS_REFRESHLABEL_ARGS \ struct thread *td, struct proc *p, struct vnode *vp, \ - struct pfs_node *pn, struct mac *label, struct ucred *cred + struct pfs_node *pn, struct ucred *cred struct mac; -typedef int (*pfs_getlabel_t)(PFS_GETLABEL_ARGS); +typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS); /* * Last-close callback @@ -194,7 +194,7 @@ pfs_attr_t pn_attr; pfs_vis_t pn_vis; pfs_getextattr_t pn_getextattr; - pfs_getlabel_t pn_getlabel; + pfs_refreshlabel_t pn_refreshlabel; void *pn_data; int pn_flags; ==== //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vnops.c#12 (text+ko) ==== @@ -293,50 +293,7 @@ PFS_RETURN (error); } -#ifdef MAC /* - * Perform getlabel - */ -static int -pfs_getlabel(struct vop_getlabel_args *va) -{ - struct vnode *vn = va->a_vp; - struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data; - struct pfs_node *pn = pvd->pvd_pn; - struct proc *proc = NULL; - int error; - - PFS_TRACE((pd->pn_name)); - - if (pn->pn_getlabel == NULL) - PFS_RETURN (vop_stdgetlabel(va)); - - /* - * This is necessary because either process' privileges may - * have changed since the last open() call. - */ - if (!pfs_visible(curthread, pn, pvd->pvd_pid)) - PFS_RETURN (EIO); - - /* XXX duplicate bits of pfs_visible() */ - if (pvd->pvd_pid != NO_PID) { - if ((proc = pfind(pvd->pvd_pid)) == NULL) - PFS_RETURN (EIO); - _PHOLD(proc); - PROC_UNLOCK(proc); - } - - error = (pn->pn_getlabel)(curthread, proc, vn, pn, va->a_label, - va->a_cred); - - if (proc != NULL) - PRELE(proc); - - PFS_RETURN (error); -} -#endif - -/* * Look up a file or directory * * XXX NOTE! pfs_lookup() has been hooked into vop_lookup_desc! This @@ -754,7 +711,51 @@ return (pfs_vncache_free(va->a_vp)); } +#ifdef MAC /* + * Refresh the vnode label as appropriate for the pseudo-file system. + */ +static int +pfs_refreshlabel(struct vop_refreshlabel_args *va) +{ + struct vnode *vn = va->a_vp; + struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data; + struct pfs_node *pn = pvd->pvd_pn; + struct proc *proc = NULL; + int error; + + PFS_TRACE((pd->pn_name)); + + if (pn->pn_refreshlabel == NULL) { + mac_update_vnode_from_mount(vn, vn->v_mount); + return (0); + } + + /* + * This is necessary because either process' privileges may + * have changed since the last open() call. + */ + if (!pfs_visible(curthread, pn, pvd->pvd_pid)) + PFS_RETURN (EIO); + + /* XXX duplicate bits of pfs_visible() */ + if (pvd->pvd_pid != NO_PID) { + if ((proc = pfind(pvd->pvd_pid)) == NULL) + PFS_RETURN (EIO); + _PHOLD(proc); + PROC_UNLOCK(proc); + } + + error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred); + + if (proc != NULL) + PRELE(proc); + + PFS_RETURN (error); +} +#endif + +/* * Set attributes */ static int @@ -836,9 +837,6 @@ { &vop_create_desc, (vop_t *)vop_eopnotsupp }, { &vop_getattr_desc, (vop_t *)pfs_getattr }, { &vop_getextattr_desc, (vop_t *)pfs_getextattr }, -#ifdef MAC - { &vop_getlabel_desc, (vop_t *)pfs_getlabel }, -#endif { &vop_ioctl_desc, (vop_t *)pfs_ioctl }, { &vop_link_desc, (vop_t *)vop_eopnotsupp }, { &vop_lookup_desc, (vop_t *)pfs_lookup }, @@ -849,6 +847,9 @@ { &vop_readdir_desc, (vop_t *)pfs_readdir }, { &vop_readlink_desc, (vop_t *)pfs_readlink }, { &vop_reclaim_desc, (vop_t *)pfs_reclaim }, +#ifdef MAC + { &vop_refreshlabel_desc, (vop_t *)pfs_refreshlabel }, +#endif { &vop_remove_desc, (vop_t *)vop_eopnotsupp }, { &vop_rename_desc, (vop_t *)vop_eopnotsupp }, { &vop_rmdir_desc, (vop_t *)vop_eopnotsupp }, ==== //depot/projects/trustedbsd/mac/sys/i386/conf/MAC#30 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/kern/init_main.c#21 (text+ko) ==== @@ -507,7 +507,6 @@ FILEDESC_UNLOCK(p->p_fd); VOP_UNLOCK(rootvnode, 0, td); #ifdef MAC - mac_create_mount(td->td_ucred, TAILQ_FIRST(&mountlist)); mac_create_root_mount(td->td_ucred, TAILQ_FIRST(&mountlist)); #endif /* MAC */ ==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#20 (text+ko) ==== @@ -216,7 +216,7 @@ * Check file permissions (also 'opens' file, caches various * relevant file attributes (et al) in imgp "atomically" with * the open() with respects to the local system.) - * XXX: Pass back MAC label here? + * XXX: Hold the MAC label by not unlocking so it can't change? */ error = exec_check_permissions(imgp); if (error) { @@ -374,8 +374,9 @@ credential_changing |= ((attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid); #ifdef MAC - credential_changing |= mac_execve_will_transition(oldcred, - &imgp->label); + vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); + credential_changing |= mac_execve_will_transition(oldcred, imgp->vp); + VOP_UNLOCK(imgp->vp, 0, td); #endif /* @@ -409,7 +410,9 @@ if (attr.va_mode & VSGID) change_egid(newcred, attr.va_gid); #ifdef MAC - mac_execve_transition(oldcred, newcred, &imgp->label); + vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY, td); + mac_execve_transition(oldcred, newcred, imgp->vp); + VOP_UNLOCK(imgp->vp, 0, td); #endif setugidsafety(td); /* @@ -513,6 +516,25 @@ vrele(tracevp); pargs_drop(oldargs); + /* + * Free any resources malloc'd earlier that we didn't use. + */ + if (newcred == NULL) + crfree(oldcred); + else + crfree(newcred); + KASSERT(newargs == NULL, ("leaking p_args")); + /* + * Handle deferred decrement of ref counts. + */ + if (textvp != NULL) + vrele(textvp); + if (textdvp != NULL) + vrele(textdvp); + if (tracevp != NULL) + vrele(tracevp); + pargs_drop(oldargs); + exec_fail_dealloc: /* @@ -889,9 +911,6 @@ struct vnode *vp = imgp->vp; struct vattr *attr = imgp->attr; struct thread *td; -#ifdef MAC - struct mac *label = &imgp->label; -#endif int error; td = curthread; /* XXXKSE */ @@ -928,14 +947,11 @@ #ifdef MAC /* - * Retrieve the MAC label on the file to be executed, check that - * we can execute it, and hold onto the label for use later for - * MAC models support subject domain transitions at execve()-time. + * Check that we can execute the file, and hold onto the lock so + * that the label is retained for use later for MAC models that + * support subject domain transitions at execve()-time. */ - error = VOP_GETLABEL(vp, label, curthread->td_ucred, curthread); - if (error) - return (error); - error = mac_cred_canexec(curthread->td_ucred, label); + error = mac_cred_canexec(curthread->td_ucred, imgp->vp); if (error) return (error); #endif ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#147 (text+ko) ==== @@ -45,6 +45,7 @@ #include "opt_mac.h" #include +#include #include #include #include @@ -64,11 +65,16 @@ #include #include +#include + #include #include #include #include +#include +#include + #ifdef MAC SYSCTL_DECL(_security); @@ -90,12 +96,11 @@ #error "MAC_MAX_POLICIES too large" #endif static unsigned int mac_max_policies = MAC_MAX_POLICIES; -static unsigned int mac_policies_free = (1 << MAC_MAX_POLICIES) - 1; +static unsigned int mac_policy_offsets_free = (1 << MAC_MAX_POLICIES) - 1; SYSCTL_UINT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD, &mac_max_policies, 0, ""); -struct maclabels { - void *labels[MAC_MAX_POLICIES]; -}; + +static int mac_late = 0; static int mac_late = 0; @@ -124,6 +129,7 @@ &mac_label_size, 0, "Pre-compiled MAC label size"); static int error_select(int error1, int error2); +static int mac_externalize(struct label *label, struct mac *mac); static int mac_policy_register(struct mac_policy_conf *mpc); static int mac_policy_unregister(struct mac_policy_conf *mpc); @@ -212,6 +218,9 @@ MAC_POLICY_LIST_UNBUSY(); \ } while (0) +MALLOC_DEFINE(M_TMPLABEL, "tmplabel", "temporary user-label copied storage"); +const size_t maxlabelsize = 65536; + /* * Initialize the MAC subsystem, including appropriate SMP locks. */ @@ -281,27 +290,20 @@ for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) { switch (mpe->mpe_constant) { + case MAC_OP_LAST: + /* + * Doesn't actually happen, but this allows checking + * that all enumerated values are handled. + */ + break; case MAC_DESTROY: - mpc->mpc_ops.mpo_destroy = mpe->mpe_function; + mpc->mpc_ops.mpo_destroy = + mpe->mpe_function; break; case MAC_INIT: - mpc->mpc_ops.mpo_init = mpe->mpe_function; - break; - case MAC_COPY_LABEL: - mpc->mpc_ops.mpo_copy_label = mpe->mpe_function; - break; - case MAC_DOMINATE: - mpc->mpc_ops.mpo_dominate = mpe->mpe_function; - break; - case MAC_EQUAL: - mpc->mpc_ops.mpo_equal = mpe->mpe_function; - break; - case MAC_PRINT_LABEL: - mpc->mpc_ops.mpo_print_label = mpe->mpe_function; + mpc->mpc_ops.mpo_init = + mpe->mpe_function; break; - case MAC_VALIDATE_LABEL: - mpc->mpc_ops.mpo_validate_label = mpe->mpe_function; - break; case MAC_CREATE_DEVFS_DEVICE: mpc->mpc_ops.mpo_create_devfs_device = mpe->mpe_function; @@ -310,16 +312,43 @@ mpc->mpc_ops.mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_VNODE: + mpc->mpc_ops.mpo_create_devfs_vnode = + mpe->mpe_function; + break; case MAC_CREATE_VNODE_FROM_VNODE: mpc->mpc_ops.mpo_create_vnode_from_vnode = mpe->mpe_function; break; + case MAC_CREATE_VNODE_FROM_EXPORTED: + mpc->mpc_ops.mpo_create_vnode_from_exported = + mpe->mpe_function; + break; case MAC_CREATE_MOUNT: mpc->mpc_ops.mpo_create_mount = mpe->mpe_function; break; case MAC_CREATE_ROOT_MOUNT: mpc->mpc_ops.mpo_create_root_mount = mpe->mpe_function; break; + case MAC_RELABEL_VNODE: + mpc->mpc_ops.mpo_relabel_vnode = mpe->mpe_function; + break; + case MAC_UPDATE_DEVFSDIRENT_FROM_VNODE: + mpc->mpc_ops.mpo_update_devfsdirent_from_vnode = + mpe->mpe_function; + break; + case MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT: + mpc->mpc_ops.mpo_update_procfsvnode_from_subject = + mpe->mpe_function; + break; + case MAC_UPDATE_VNODE_FROM_EXTERNALIZED: + mpc->mpc_ops.mpo_update_vnode_from_externalized = + mpe->mpe_function; + break; + case MAC_UPDATE_VNODE_FROM_MOUNT: + mpc->mpc_ops.mpo_update_vnode_from_mount = + mpe->mpe_function; + break; case MAC_CREATE_MBUF_FROM_SOCKET: mpc->mpc_ops.mpo_create_mbuf_from_socket = mpe->mpe_function; @@ -343,21 +372,23 @@ mpe->mpe_function; break; case MAC_CREATE_BPFDESC: - mpc->mpc_ops.mpo_create_bpfdesc = mpe->mpe_function; + mpc->mpc_ops.mpo_create_bpfdesc = + mpe->mpe_function; break; - case MAC_CREATE_IFNET: - mpc->mpc_ops.mpo_create_ifnet = mpe->mpe_function; + case MAC_CREATE_DATAGRAM_FROM_IPQ: + mpc->mpc_ops.mpo_create_datagram_from_ipq = + mpe->mpe_function; break; - case MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE: - mpc->mpc_ops.mpo_create_mbuf_datagram_from_mbuf_fragmentqueue = + case MAC_CREATE_FRAGMENT_FROM_DATAGRAM: + mpc->mpc_ops.mpo_create_fragment_from_datagram = mpe->mpe_function; break; - case MAC_CREATE_MBUF_FRAGMENT_FROM_MBUF: - mpc->mpc_ops.mpo_create_mbuf_fragment_from_mbuf = + case MAC_CREATE_IFNET: + mpc->mpc_ops.mpo_create_ifnet = mpe->mpe_function; break; - case MAC_CREATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT: - mpc->mpc_ops.mpo_create_mbuf_fragmentqueue_from_mbuf_fragment = + case MAC_CREATE_IPQ_FROM_FRAGMENT: + mpc->mpc_ops.mpo_create_ipq_from_fragment = mpe->mpe_function; break; case MAC_CREATE_MBUF_FROM_MBUF: @@ -384,15 +415,15 @@ mpc->mpc_ops.mpo_create_mbuf_netlayer_from_mbuf = mpe->mpe_function; break; - case MAC_MBUF_FRAGMENT_MATCHES_MBUF_FRAGMENTQUEUE: - mpc->mpc_ops.mpo_mbuf_fragment_matches_mbuf_fragmentqueue = + case MAC_FRAGMENT_MATCHES_IPQ: + mpc->mpc_ops.mpo_fragment_matches_ipq = mpe->mpe_function; break; case MAC_RELABEL_IFNET: mpc->mpc_ops.mpo_relabel_ifnet = mpe->mpe_function; break; - case MAC_UPDATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT: - mpc->mpc_ops.mpo_update_mbuf_fragmentqueue_from_mbuf_fragment = + case MAC_UPDATE_IPQ_FROM_FRAGMENT: + mpc->mpc_ops.mpo_update_ipq_from_fragment = mpe->mpe_function; break; case MAC_CREATE_SUBJECT: @@ -450,10 +481,6 @@ mpc->mpc_ops.mpo_cred_check_debug_proc = mpe->mpe_function; break; - case MAC_CRED_CHECK_EXEC_FILE: - mpc->mpc_ops.mpo_cred_check_exec_file = - mpe->mpe_function; - break; case MAC_CRED_CHECK_CHDIR_VNODE: mpc->mpc_ops.mpo_cred_check_chdir_vnode = mpe->mpe_function; @@ -534,10 +561,100 @@ mpc->mpc_ops.mpo_socket_check_receive_mbuf = mpe->mpe_function; break; + case MAC_INIT_BPFDESC: + mpc->mpc_ops.mpo_init_bpfdesc = + mpe->mpe_function; + break; + case MAC_INIT_DEVFSDIRENT: + mpc->mpc_ops.mpo_init_devfsdirent = + mpe->mpe_function; + break; + case MAC_INIT_IFNET: + mpc->mpc_ops.mpo_init_ifnet = + mpe->mpe_function; + break; + case MAC_INIT_IPQ: + mpc->mpc_ops.mpo_init_ipq = + mpe->mpe_function; + break; + case MAC_INIT_MBUF: + mpc->mpc_ops.mpo_init_mbuf = + mpe->mpe_function; + break; + case MAC_INIT_MOUNT: + mpc->mpc_ops.mpo_init_mount = + mpe->mpe_function; + break; + case MAC_INIT_SOCKET: + mpc->mpc_ops.mpo_init_socket = + mpe->mpe_function; + break; + case MAC_INIT_SUBJECT: + mpc->mpc_ops.mpo_init_subject = + mpe->mpe_function; + break; + case MAC_INIT_TEMP: + mpc->mpc_ops.mpo_init_temp = + mpe->mpe_function; + break; + case MAC_INIT_VNODE: + mpc->mpc_ops.mpo_init_vnode = + mpe->mpe_function; + break; + case MAC_DESTROY_BPFDESC: + mpc->mpc_ops.mpo_destroy_bpfdesc = + mpe->mpe_function; + break; + case MAC_DESTROY_DEVFSDIRENT: + mpc->mpc_ops.mpo_destroy_devfsdirent = + mpe->mpe_function; + break; + case MAC_DESTROY_IFNET: + mpc->mpc_ops.mpo_destroy_ifnet = + mpe->mpe_function; + break; + case MAC_DESTROY_IPQ: + mpc->mpc_ops.mpo_destroy_ipq = + mpe->mpe_function; + break; + case MAC_DESTROY_MBUF: + mpc->mpc_ops.mpo_destroy_mbuf = + mpe->mpe_function; + break; + case MAC_DESTROY_MOUNT: + mpc->mpc_ops.mpo_destroy_mount = + mpe->mpe_function; + break; + case MAC_DESTROY_SOCKET: + mpc->mpc_ops.mpo_destroy_socket = + mpe->mpe_function; + break; + case MAC_DESTROY_SUBJECT: + mpc->mpc_ops.mpo_destroy_subject = + mpe->mpe_function; + break; + case MAC_DESTROY_TEMP: + mpc->mpc_ops.mpo_destroy_temp = + mpe->mpe_function; + break; + case MAC_DESTROY_VNODE: + mpc->mpc_ops.mpo_destroy_vnode = + mpe->mpe_function; + break; + case MAC_EXTERNALIZE: + mpc->mpc_ops.mpo_externalize = + mpe->mpe_function; + break; + case MAC_INTERNALIZE: >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message