From owner-p4-projects@FreeBSD.ORG Thu Jun 30 14:55:40 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 993E416A420; Thu, 30 Jun 2005 14:55:39 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BF6016A41C for ; Thu, 30 Jun 2005 14:55:39 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BAE843D1D for ; Thu, 30 Jun 2005 14:55:39 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5UEtd4N037156 for ; Thu, 30 Jun 2005 14:55:39 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5UEtc0a037153 for perforce@freebsd.org; Thu, 30 Jun 2005 14:55:38 GMT (envelope-from areisse@nailabs.com) Date: Thu, 30 Jun 2005 14:55:38 GMT Message-Id: <200506301455.j5UEtc0a037153@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Cc: Subject: PERFORCE change 79305 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 14:55:40 -0000 http://perforce.freebsd.org/chv.cgi?CH=79305 Change 79305 by areisse@areisse_ibook on 2005/06/30 14:55:13 Convert check_ipc_methods to report a single decision rather than a vector. This simplifies the policy and allows the specific decision requested to be audited. Add a few missing bootstrap namespace rules to the sample policy. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 (text+ko) ==== @@ -188,8 +188,7 @@ mach_bootstrap(systemstarter_d,boot_names_t,securityserver_d); mach_bootstrap(systemstarter_d,boot_names_t,windowserver_d); mach_bootstrap(systemstarter_d,boot_names_t,boot_names_t); -allow systemstarter_d init_d:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array }; -allow systemstarter_d boot_names_t:mi_bootstrap { bootstrap_register bootstrap_create_server }; +mach_bootstrap_register(systemstarter_d,boot_names_t,boot_names_t); mach_bootstrap(coreservices_d,boot_names_t,boot_names_t); mach_bootstrap(coreservices_d,boot_names_t,init_d); @@ -243,6 +242,7 @@ allow_mach_ipc(pbs_d,init_d); allow_mach_ipc(pbs_d,lookupd_d); allow_mach_ipc(pbs_d,coreservices_d); +mach_bootstrap_register(pbs_d,boot_names_t,boot_names_t); allow_mach_ipc(kernel_d,unlabeled_t); allow_mach_ipc(cron_d,unlabeled_t); ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 (text+ko) ==== @@ -1272,20 +1272,16 @@ extern int selinux_enforcing; -static void -sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid, - msg_access_vector_t *av) +static int +sebsd_check_ipc_method(struct label *subj, struct label *obj, int msgid) { struct task_security_struct *tsec, *psec; - int i; + int rc; psec = SLOT(obj); tsec = SLOT(subj); - if (!selinux_enforcing) - return; - - sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av); + return sebsd_check_ipc_method1 (tsec->sid,psec->sid, msgid); } static int @@ -2714,7 +2710,7 @@ // .mpo_check_sysv_shmdt = sebsd_check_sysv_shmdt, .mpo_check_sysv_shmget = sebsd_check_sysv_shmget, - .mpo_check_ipc_methods = sebsd_check_ipc_methods, + .mpo_check_ipc_method = sebsd_check_ipc_method, .mpo_syscall = sebsd_syscall }; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 (text+ko) ==== @@ -20,6 +20,7 @@ struct msgid_classinfo { + int baseid; int nclasses; int classes[0]; }; @@ -52,6 +53,7 @@ struct msgid_classinfo *c = sebsd_ss_malloc (sizeof(int) * nclasses + sizeof(struct msgid_classinfo), M_WAITOK); + c->baseid = msgid; c->nclasses = nclasses; for (i = 0; i < nclasses; i++) c->classes[i] = *p++; @@ -60,27 +62,31 @@ *ip = i; hashtab_insert(msgid2class, ip, c); } - - printf ("migscs %d-%d: %d\n", msgid, msgid+size, c->classes[0]); } } -void -sebsd_check_ipc_methods1(int subj, int obj, int msgid, - msg_access_vector_t *av) +int +sebsd_check_ipc_method1(int subj, int obj, int msgid) { struct msgid_classinfo *mcl = hashtab_search(msgid2class, &msgid); int i; + + /* + * Return allowed for messages in an unknown subsystem. + * Instead, we probably should make a check against a + * new permission to be added to mach_port for this purpose. + */ if (!mcl) - return; + return 0; struct av_decision avd; - unsigned int perms = 0; + int cl = (msgid-mcl->baseid) / (8*sizeof(access_vector_t)); + access_vector_t perms; - for (i = 0; i < mcl->nclasses; i++) { - avc_has_perm_noaudit(subj, obj, mcl->classes[i], 0xffffffff, NULL, &avd); - perms |= avd.allowed; - } + if (cl >= mcl->nclasses) + return (1); /* bad message, access denied */ - av->av[0] &= perms; + perms = (access_vector_t)1 << + (msgid - mcl->baseid - cl * 8 * sizeof(access_vector_t)); + return avc_has_perm_audit(subj, obj, mcl->classes[cl], perms, &avd); }