Date: Thu, 13 Nov 2003 07:35:29 -0800 (PST) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 42242 for review Message-ID: <200311131535.hADFZTWV023867@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=42242 Change 42242 by areisse@areisse_ibook on 2003/11/13 07:35:09 added get_user_sids as a sebsd syscall (instead of sysctl) Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/init_sysent.c#7 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#27 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#11 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#4 edit .. //depot/projects/trustedbsd/sedarwin/libsebsd/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin/libsebsd/sebsd.h#3 edit .. //depot/projects/trustedbsd/sedarwin/libsebsd/security_get_user_contexts.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/init_sysent.c#7 (text+ko) ==== @@ -334,6 +334,7 @@ int __mac_get_pid(); int __mac_set_proc(); int mac_execve(); +int mac_syscall(); #endif /* @@ -745,11 +746,11 @@ syss(__mac_get_link,2), /* 339 */ syss(__mac_get_proc,1), /* 340 */ syss(__mac_set_proc,1), /* 341 */ - /*syss(mac_execve,4), /* 342 */ - syss(nosys,0), /* 342 */ + syss(mac_execve,4), /* 342 */ syss(__mac_get_pid,2), /* 343 */ syss(__mac_set_file,2), /* 344 */ syss(__mac_set_link,2), /* 345 */ + syss(mac_syscall,3), /* 346 */ #else syss(nosys,0), /* 338 */ syss(nosys,0), /* 339 */ @@ -759,8 +760,8 @@ syss(nosys,0), /* 343 */ syss(nosys,0), /* 344 */ syss(nosys,0), /* 345 */ + syss(nosys,0), /* 346 */ #endif - syss(nosys,0), /* 346 */ syss(nosys,0), /* 347 */ syss(nosys,0), /* 348 */ syss(nosys,0), /* 349 */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#27 (text+ko) ==== @@ -1562,6 +1562,7 @@ struct mac mac; char *buffer; int error; + size_t dummy; if (mac_p == NULL) return (0); @@ -1575,7 +1576,7 @@ return (error); buffer = _MALLOC(mac.m_buflen, M_MACTEMP, M_WAITOK); - error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); + error = copyinstr(mac.m_string, buffer, mac.m_buflen, &dummy); if (error) { FREE(buffer, M_MACTEMP); return (error); @@ -4150,13 +4151,14 @@ struct mac_policy_conf *mpc; char target[MAC_MAX_POLICY_NAME]; int entrycount, error; + size_t dummy; - error = copyinstr(uap->policy, target, sizeof(target), NULL); + error = copyinstr(uap->policy, target, sizeof(target), &dummy); if (error) return (error); error = ENOSYS; - LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { + LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { if (strcmp(mpc->mpc_name, target) == 0 && mpc->mpc_ops->mpo_syscall != NULL) { error = mpc->mpc_ops->mpo_syscall(td, ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#11 (text+ko) ==== @@ -106,6 +106,9 @@ void sebsd_ss_free (void *v) { + if (v == NULL) + return; + size_t *vs = (size_t *) v; sebsd_free (vs-1, vs[-1]); } @@ -196,7 +199,7 @@ SECCLASS_SYSTEM, perm, NULL, NULL)); } -static int +int cred_has_security(struct ucred *cred, access_vector_t perm) { struct task_security_struct *task; @@ -2099,6 +2102,8 @@ FD__USE, NULL)); } +extern int sebsd_syscall(struct thread *td, int call, void *args); + static struct mac_policy_ops sebsd_ops = { .mpo_init = sebsd_init, @@ -2135,7 +2140,9 @@ /* Transition */ .mpo_execve_will_transition = sebsd_execve_will_transition, - .mpo_execve_transition = sebsd_execve_transition + .mpo_execve_transition = sebsd_execve_transition, + + .mpo_syscall = sebsd_syscall }; #if 0 ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscall.c#3 (text+ko) ==== @@ -34,7 +34,6 @@ * $FreeBSD$ */ -#if 0 #include <sys/types.h> #include <sys/param.h> #include <sys/kernel.h> @@ -47,6 +46,8 @@ #include <security/sebsd/avc/avc.h> #include <security/sebsd/ss/services.h> +#define MAX_UC 510 + struct lp_args { void *data; @@ -54,11 +55,11 @@ }; static int -sys_load_policy(struct thread *td, void *data, size_t len) +sys_load_policy(struct proc *td, void *data, size_t len) { int rc; - rc = thread_has_security(td, SECURITY__LOAD_POLICY); + rc = cred_has_security(td->p_ucred, SECURITY__LOAD_POLICY); if (rc) return (rc); @@ -73,8 +74,70 @@ return (rc); } +/* + * Lists the SIDs currently available for transition to by a given + * "context\0username\0" + */ + +static int +sys_user_sids (char *context, char *username, char *out, int *outlen) +{ + u_int32_t n, nsids, scontext_len; + security_id_t *sids, sid; + security_context_t scontext; + int error; + int olen = 1; + int ubufsz; + + if (copyin (outlen, &ubufsz, sizeof (int))) + { + error = EFAULT; + goto out; + } + + /* + * XXX We need POLICY_RDLOCK here, but it's not exported! + */ + error = security_context_to_sid(context, strlen (context), &sid); + if (error) + goto out; + error = security_get_user_sids(sid, username, &sids, &nsids); + if (error) + goto out; + for (n = 0; n < nsids; n++) { + error = security_sid_to_context(sids[n], &scontext, + &scontext_len); + if (error) + goto out2; + if (out && olen + scontext_len <= ubufsz) + { + error = copyout (scontext, out, scontext_len); + out += scontext_len; + } + else if (out) + error = ENOMEM; + olen += scontext_len; + security_free_context(scontext); + if (error) + goto out2; + } + error = copyout (&olen, outlen, sizeof(int)); +out2: + sebsd_ss_free(sids); +out: + return (error); +} + +struct getsid_args +{ + char *ctx; + char *usr; + char *out; + int *outlen; +}; + int -sebsd_syscall(struct thread *td, int call, void *args) +sebsd_syscall(struct proc *td, int call, void *args) { int err = EINVAL; struct lp_args p; @@ -85,6 +148,35 @@ return (EFAULT); err = sys_load_policy (td, p.data, p.len); break; + + case SEBSDCALL_GETUSERSIDS: + { + struct getsid_args uap; + err = copyin (args, &uap, sizeof (struct getsid_args)); + if (err) + return err; + size_t dummy; + char *ctx = sebsd_ss_malloc (MAX_UC, M_WAITOK); + err = copyinstr(uap.ctx, ctx, MAX_UC, &dummy); + if (err) { + sebsd_ss_free (ctx); + return err; + } + char *usr = sebsd_ss_malloc (MAX_UC, M_WAITOK); + err = copyinstr(uap.usr, usr, MAX_UC, &dummy); + if (err) { + sebsd_ss_free (ctx); + sebsd_ss_free (usr); + return err; + } + ctx[MAX_UC-1] = 0; + usr[MAX_UC-1] = 0; + err = sys_user_sids (ctx, usr, uap.out, uap.outlen); + sebsd_ss_free (ctx); + sebsd_ss_free (usr); + } + break; + default: err = EINVAL; break; @@ -92,4 +184,3 @@ return err; } -#endif /* 0 */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_syscalls.h#2 (text+ko) ==== @@ -5,6 +5,7 @@ * TBD: Should we really try to line up with SELinux? */ #define SEBSDCALL_LOAD_POLICY 7 +#define SEBSDCALL_GETUSERSIDS 6 #define SEBSDCALL_NUM 7 ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#4 (text+ko) ==== @@ -139,64 +139,6 @@ } #if 0 -/* - * Sysctl handler for security.mac.sebsd.user_sids - * Lists the SIDs currently available for transition to by a given - * "context\0username\0" - */ -static int -sysctl_user_sids(SYSCTL_HANDLER_ARGS) -{ - u_int32_t n, nsids, scontext_len; - security_id_t *sids, sid; - security_context_t scontext; - char *context, *username; - int error, len; - - if (req->newlen == 0) - return (EINVAL); - if (req->newlen > 512) /* arbitrary */ - return (ENAMETOOLONG); - context = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); - error = SYSCTL_IN(req, context, req->newlen); - if (error) - goto out; - if (context[req->newlen - 1] != '\0') { - error = EINVAL; - goto out; - } - len = strlen(context); - if (len + 1 >= req->newlen) { - error = EINVAL; - goto out; - } - username = context + len + 1; - /* - * XXX We need POLICY_RDLOCK here, but it's not exported! - */ - error = security_context_to_sid(context, len + 1, &sid); - if (error) - goto out; - error = security_get_user_sids(sid, username, &sids, &nsids); - if (error) - goto out; - for (n = 0; n < nsids; n++) { - error = security_sid_to_context(sids[n], &scontext, - &scontext_len); - if (error) - goto out2; - error = SYSCTL_OUT(req, scontext, scontext_len); - security_free_context(scontext); - if (error) - goto out2; - } - error = SYSCTL_OUT(req, "", 1); -out2: - sebsd_free(sids, M_SEBSD); -out: - sebsd_free(context, M_SEBSD); - return (error); -} /* * Sysctl handler for security.mac.sebsd.change_sid ==== //depot/projects/trustedbsd/sedarwin/libsebsd/Makefile#2 (text+ko) ==== @@ -1,13 +1,30 @@ include ../Makeconfig +all: libsebsd.a + OBJS= system.o security_get_user_contexts.o get_ordered_context_list.o \ getseccontext.o query_user_context.o security_change_context.o \ string_to_security_class.o security_compute_av.o context.o \ get_default_type.o -CFLAGS+= -I$(EXPORT_HDRS)/security/sebsd +CFLAGS+= -g -I$(EXPORT_HDRS)/security/sebsd libsebsd.a: $(OBJS) ar cr $@ $(OBJS) ranlib $@ + +HDIR = /usr/include/security/sebsd +HEADERS = $(HDIR)/sebsd.h $(HDIR)/sebsd_ss.h $(HDIR)/flask_types.h $(HDIR)/linux-compat.h $(HDIR)/sebsd_context.h $(HDIR)/sebsd_proc.h $(HDIR)/sebsd_fs.h $(HDIR)/flask.h $(HDIR)/sebsd_syscalls.h + +install: $(HDIR) $(HEADERS) + +$(HDIR): + mkdir -p $(HDIR) + +$(HDIR)/%.h: %.h + cp $< $@ + +$(HDIR)/%.h: $(EXPORT_HDRS)/security/sebsd/%.h + cp $< $@ + ==== //depot/projects/trustedbsd/sedarwin/libsebsd/sebsd.h#3 (text+ko) ==== @@ -40,7 +40,7 @@ #include <sys/types.h> #ifdef USE_PAM -#include <security/pam_types.h> +#include <pam/_pam_types.h> #endif #include "flask_types.h" @@ -73,8 +73,8 @@ char ***retcontexts, size_t *ncontexts); int security_change_context(const char *domain, const char *ocontext, security_class_t oclass, char **newcontext); -int security_compute_av(struct security_query *query, - struct security_response *response); +extern int security_compute_av(struct security_query *query, + struct security_response *response); ==== //depot/projects/trustedbsd/sedarwin/libsebsd/security_get_user_contexts.c#2 (text+ko) ==== @@ -43,6 +43,14 @@ #include <string.h> #include <unistd.h> +struct getsid_args +{ + char *ctx; + char *usr; + char *out; + int *outlen; +}; + /* * Get a malloc()ed array of malloc()ed strings which indicate the * allowed SEBSD transitions to be made by a given user in a given @@ -52,29 +60,26 @@ security_get_user_contexts(const char *fromcontext, const char *username, char ***retcontexts, size_t *ncontexts) { - char *arguments, *contexts, *s, **contextarray; - ssize_t arguments_len; + char *contexts, *s, **contextarray; size_t contexts_len, n; int error; + struct getsid_args uap; - arguments_len = asprintf(&arguments, "%s%c%s%c", fromcontext, 0, - username, 0); - if (arguments_len == -1) - return (-1); bigger: - contexts_len = 0; - if (sysctlbyname("security.mac.sebsd.user_sids", NULL, &contexts_len, - arguments, arguments_len) == -1) { - free(arguments); - return (-1); - } + uap.outlen = &contexts_len; + uap.ctx = fromcontext; + uap.usr = username; + uap.out = NULL; + if (mac_syscall ("sebsd", 6, &uap)) + { + return (-1); + } contexts = malloc(contexts_len); if (contexts == NULL) { - free(arguments); return (-1); } - error = sysctlbyname("security.mac.sebsd.user_sids", contexts, - &contexts_len, arguments, arguments_len); + uap.out = contexts; + error = mac_syscall ("sebsd", 6, &uap); /* * We could possibly race and not have a large enough space * for the current set of contexts. @@ -83,7 +88,6 @@ free(contexts); goto bigger; } - free(arguments); if (error == -1) { free(contexts); return (-1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311131535.hADFZTWV023867>