From owner-p4-projects@FreeBSD.ORG Thu Jan 25 15:04:30 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 407B416A403; Thu, 25 Jan 2007 15:04:30 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1215816A401 for ; Thu, 25 Jan 2007 15:04:30 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id EAEA113C43E for ; Thu, 25 Jan 2007 15:04:29 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PF4Tf0052425 for ; Thu, 25 Jan 2007 15:04:29 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PF4TNd052419 for perforce@freebsd.org; Thu, 25 Jan 2007 15:04:29 GMT (envelope-from millert@freebsd.org) Date: Thu, 25 Jan 2007 15:04:29 GMT Message-Id: <200701251504.l0PF4TNd052419@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113505 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2007 15:04:30 -0000 http://perforce.freebsd.org/chv.cgi?CH=113505 Change 113505 by millert@millert_macbook on 2007/01/25 15:03:29 Pass in a struct componentname * to some more vfs entrypoints where it is available. We could add more if we are willing to move some nameidone() calls in the vendor sources. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#22 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#39 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#47 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#26 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#78 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#6 (text+ko) ==== @@ -697,15 +697,15 @@ */ if (perms & W_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, W_OK) != 0) + vp, cnp, W_OK) != 0) perms &= ~W_OK; if (perms & R_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, R_OK) != 0) + vp, cnp, R_OK) != 0) perms &= ~R_OK; if (perms & X_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, X_OK) != 0) + vp, cnp, X_OK) != 0) perms &= ~X_OK; #endif /* MAC */ KAUTH_DEBUG("ATTRLIST - returning user access %x", perms); @@ -1195,15 +1195,15 @@ */ if (perms & W_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, W_OK) != 0) + vp, cnp, W_OK) != 0) perms &= ~W_OK; if (perms & R_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, R_OK) != 0) + vp, cnp, R_OK) != 0) perms &= ~R_OK; if (perms & X_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, X_OK) != 0) + vp, cnp, X_OK) != 0) perms &= ~X_OK; #endif /* MAC */ VFS_DEBUG(ctx, vp, "ATTRLIST - granting perms %d", perms); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#22 (text+ko) ==== @@ -376,7 +376,7 @@ } #ifdef MAC error = mac_mount_check_mount(vfs_context_ucred(&context), vp, - vfsp->vfc_name); + &nd.ni_cnd, vfsp->vfc_name); if (error != 0) goto out1; #endif @@ -1608,7 +1608,8 @@ return (error); #ifdef MAC - error = mac_vnode_check_chroot(vfs_context_ucred(&context), nd.ni_vp); + error = mac_vnode_check_chroot(vfs_context_ucred(&context), nd.ni_vp, + &nd.ni_cnd); if (error) { vnode_put(nd.ni_vp); return (error); @@ -2540,7 +2541,8 @@ * Check access permissions. */ static int -access1(vnode_t vp, vnode_t dvp, int uflags, vfs_context_t ctx) +access1(vnode_t vp, vnode_t dvp, struct component *cnp, int uflags, + vfs_context_t ctx) { kauth_action_t action; int error; @@ -2575,7 +2577,7 @@ } #ifdef MAC - error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags); + error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, cnp, uflags); if (error) return (error); #endif /* MAC */ @@ -2727,7 +2729,8 @@ break; case 0: /* run this access check */ - result[i] = access1(vp, dvp, input[i].ad_flags, &context); + result[i] = access1(vp, dvp, NULL, input[i].ad_flags, + &context); break; default: /* fatal lookup error */ @@ -2779,7 +2782,7 @@ if (error) goto out; - error = access1(nd.ni_vp, nd.ni_dvp, uap->flags, &context); + error = access1(nd.ni_vp, nd.ni_dvp, &nd.ni_cnd, uap->flags, &context); vnode_put(nd.ni_vp); if (uap->flags & _DELETE_OK) ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#39 (text+ko) ==== @@ -204,7 +204,7 @@ struct vfs_attr *vfa); int mac_mount_check_label_update(struct ucred *cred, struct mount *mp); int mac_mount_check_mount(struct ucred *cred, struct vnode *vp, - const char *vfc_name); + struct componentname *cnp, const char *vfc_name); int mac_mount_check_remount(struct ucred *cred, struct mount *mp); int mac_mount_check_setattr(struct ucred *cred, struct mount *mp, struct vfs_attr *vfa); @@ -368,9 +368,10 @@ int mac_task_check_get_port(struct ucred *cred, struct task *task); void mac_thread_userret(int code, int error, struct thread *thread); int mac_vnode_check_access(struct ucred *cred, struct vnode *vp, - int acc_mode); + struct componentname *cnp, int acc_mode); int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp); -int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp); +int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp); int mac_vnode_check_create(struct ucred *cred, struct vnode *dvp, struct componentname *cnp, struct vnode_attr *vap); int mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#47 (text+ko) ==== @@ -1619,6 +1619,7 @@ @param cred Subject credential @param vp Vnode that is to be the mount point @param vlabel Label associated with the vnode + @param cnp Component name for vp @param vfc_name Filesystem type name Determine whether the subject identified by the credential can perform @@ -1631,6 +1632,7 @@ struct ucred *cred, struct vnode *vp, struct label *vlabel, + struct componentname *cnp, const char *vfc_name ); /** @@ -4391,6 +4393,7 @@ @param cred Subject credential @param vp Object vnode @param label Label for vp + @param cnp Component name for vp @param acc_mode access(2) flags Determine how invocations of access(2) and related calls by the @@ -4407,6 +4410,7 @@ struct ucred *cred, struct vnode *vp, struct label *label, + struct componentname *cnp, int acc_mode ); /** @@ -4432,6 +4436,7 @@ @param cred Subject credential @param dvp Directory vnode @param dlabel Policy label associated with dvp + @param cnp Component name for dvp Determine whether the subject identified by the credential should be allowed to chroot(2) into the specified directory (dvp). @@ -4442,7 +4447,8 @@ typedef int mpo_vnode_check_chroot_t( struct ucred *cred, struct vnode *dvp, - struct label *dlabel + struct label *dlabel, + struct componentname *cnp ); /** @brief Access control check for creating vnode ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#26 (text+ko) ==== @@ -379,13 +379,14 @@ } int -mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode) +mac_vnode_check_access(struct ucred *cred, struct vnode *vp, + struct componentname *cnp, int acc_mode) { int error, mask; /* Convert {R,W,X}_OK values to V{READ,WRITE,EXEC} for entry points */ mask = ACCESS_MODE_TO_VNODE_MASK(acc_mode); - MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, mask); + MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, cnp, mask); return (error); } @@ -399,11 +400,12 @@ } int -mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp) +mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp) { int error; - MAC_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label); + MAC_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label, cnp); return (error); } @@ -810,11 +812,12 @@ } int -mac_mount_check_mount(struct ucred *cred, struct vnode *vp, const char *vfc_name) +mac_mount_check_mount(struct ucred *cred, struct vnode *vp, + struct componentname *cnp, const char *vfc_name) { int error; - MAC_CHECK(mount_check_mount, cred, vp, vp->v_label, vfc_name); + MAC_CHECK(mount_check_mount, cred, vp, vp->v_label, cnp, vfc_name); return (error); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#78 (text+ko) ==== @@ -1454,7 +1454,7 @@ static int sebsd_mount_check_mount(struct ucred *cred, struct vnode *vp, struct label *vl, - const char *vfc_name) + struct componentname *cnp, const char *vfc_name) { int rc; u_int32_t sid; @@ -1465,7 +1465,7 @@ vsec = SLOT(vl); task = SLOT(cred->cr_label); - rc = vnode_has_perm(cred, vp, NULL, FILE__MOUNTON); + rc = vnode_has_perm(cred, vp, cnp, FILE__MOUNTON); if (rc) goto done; @@ -1906,14 +1906,14 @@ static int sebsd_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *filelabel, int mask) + struct label *filelabel, struct componentname *cnp, int mask) { /* existence check (F_OK) */ if (mask == 0) return (0); - return (vnode_has_perm(cred, vp, NULL, + return (vnode_has_perm(cred, vp, cnp, file_mask_to_av(vp->v_type, mask))); } @@ -1928,12 +1928,12 @@ static int sebsd_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dlabel, struct componentname *cnp) { /* TBD: Incomplete, SELinux also check capability(CAP_SYS_CHROOT)) */ /* MAY_EXEC ~= DIR__SEARCH */ - return (vnode_has_perm(cred, dvp, NULL, DIR__SEARCH)); + return (vnode_has_perm(cred, dvp, cnp, DIR__SEARCH)); } static int