Date: Thu, 30 Jun 2005 14:55:38 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 79305 for review Message-ID: <200506301455.j5UEtc0a037153@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=79305 Change 79305 by areisse@areisse_ibook on 2005/06/30 14:55:13 Convert check_ipc_methods to report a single decision rather than a vector. This simplifies the policy and allows the specific decision requested to be audited. Add a few missing bootstrap namespace rules to the sample policy. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#4 (text+ko) ==== @@ -188,8 +188,7 @@ mach_bootstrap(systemstarter_d,boot_names_t,securityserver_d); mach_bootstrap(systemstarter_d,boot_names_t,windowserver_d); mach_bootstrap(systemstarter_d,boot_names_t,boot_names_t); -allow systemstarter_d init_d:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array }; -allow systemstarter_d boot_names_t:mi_bootstrap { bootstrap_register bootstrap_create_server }; +mach_bootstrap_register(systemstarter_d,boot_names_t,boot_names_t); mach_bootstrap(coreservices_d,boot_names_t,boot_names_t); mach_bootstrap(coreservices_d,boot_names_t,init_d); @@ -243,6 +242,7 @@ allow_mach_ipc(pbs_d,init_d); allow_mach_ipc(pbs_d,lookupd_d); allow_mach_ipc(pbs_d,coreservices_d); +mach_bootstrap_register(pbs_d,boot_names_t,boot_names_t); allow_mach_ipc(kernel_d,unlabeled_t); allow_mach_ipc(cron_d,unlabeled_t); ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#6 (text+ko) ==== @@ -1272,20 +1272,16 @@ extern int selinux_enforcing; -static void -sebsd_check_ipc_methods(struct label *subj, struct label *obj, int msgid, - msg_access_vector_t *av) +static int +sebsd_check_ipc_method(struct label *subj, struct label *obj, int msgid) { struct task_security_struct *tsec, *psec; - int i; + int rc; psec = SLOT(obj); tsec = SLOT(subj); - if (!selinux_enforcing) - return; - - sebsd_check_ipc_methods1 (tsec->sid,psec->sid, msgid, av); + return sebsd_check_ipc_method1 (tsec->sid,psec->sid, msgid); } static int @@ -2714,7 +2710,7 @@ // .mpo_check_sysv_shmdt = sebsd_check_sysv_shmdt, .mpo_check_sysv_shmget = sebsd_check_sysv_shmget, - .mpo_check_ipc_methods = sebsd_check_ipc_methods, + .mpo_check_ipc_method = sebsd_check_ipc_method, .mpo_syscall = sebsd_syscall }; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#3 (text+ko) ==== @@ -20,6 +20,7 @@ struct msgid_classinfo { + int baseid; int nclasses; int classes[0]; }; @@ -52,6 +53,7 @@ struct msgid_classinfo *c = sebsd_ss_malloc (sizeof(int) * nclasses + sizeof(struct msgid_classinfo), M_WAITOK); + c->baseid = msgid; c->nclasses = nclasses; for (i = 0; i < nclasses; i++) c->classes[i] = *p++; @@ -60,27 +62,31 @@ *ip = i; hashtab_insert(msgid2class, ip, c); } - - printf ("migscs %d-%d: %d\n", msgid, msgid+size, c->classes[0]); } } -void -sebsd_check_ipc_methods1(int subj, int obj, int msgid, - msg_access_vector_t *av) +int +sebsd_check_ipc_method1(int subj, int obj, int msgid) { struct msgid_classinfo *mcl = hashtab_search(msgid2class, &msgid); int i; + + /* + * Return allowed for messages in an unknown subsystem. + * Instead, we probably should make a check against a + * new permission to be added to mach_port for this purpose. + */ if (!mcl) - return; + return 0; struct av_decision avd; - unsigned int perms = 0; + int cl = (msgid-mcl->baseid) / (8*sizeof(access_vector_t)); + access_vector_t perms; - for (i = 0; i < mcl->nclasses; i++) { - avc_has_perm_noaudit(subj, obj, mcl->classes[i], 0xffffffff, NULL, &avd); - perms |= avd.allowed; - } + if (cl >= mcl->nclasses) + return (1); /* bad message, access denied */ - av->av[0] &= perms; + perms = (access_vector_t)1 << + (msgid - mcl->baseid - cl * 8 * sizeof(access_vector_t)); + return avc_has_perm_audit(subj, obj, mcl->classes[cl], perms, &avd); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506301455.j5UEtc0a037153>