Date: Fri, 18 Oct 2002 10:19:29 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19553 for review Message-ID: <200210181719.g9IHJTdI064311@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19553 Change 19553 by cvance@cvance_laptop on 2002/10/18 10:18:55 Add audit data for avc calls in sebsd_check_vnode_exec Comment out currently unused thread_has_perm helper function Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#45 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#45 (text+ko) ==== @@ -93,11 +93,13 @@ perm, &target->avcr); } +#if 0 static int thread_has_perm(struct thread *td, struct proc *proc, access_vector_t perm) { return (cred_has_perm(td->td_proc->p_ucred, proc, perm)); } +#endif static int cred_has_system(struct ucred *cred, access_vector_t perm) @@ -706,6 +708,7 @@ struct task_security_struct *task; struct vnode_security_struct *file; security_id_t newsid; + avc_audit_data_t ad; int rc; task = SLOT(&cred->cr_label); @@ -720,20 +723,27 @@ SLOT(imgp->execlabel))->sid; } + AVC_AUDIT_DATA_INIT(&ad, FS); + ad.u.fs.vp = vp; + if (newsid == task->sid) { - rc = avc_has_perm(task->sid, file->sid, - SECCLASS_FILE, FILE__EXECUTE_NO_TRANS); + rc = avc_has_perm_audit(task->sid, file->sid, SECCLASS_FILE, + FILE__EXECUTE_NO_TRANS, &ad); + if (rc) return EACCES; + } else { /* Check permissions for the transition. */ - rc = avc_has_perm(task->sid, newsid, SECCLASS_PROCESS, - PROCESS__TRANSITION); + rc = avc_has_perm_audit(task->sid, newsid, SECCLASS_PROCESS, + PROCESS__TRANSITION, &ad); + if (rc) return EACCES; - rc = avc_has_perm(newsid, file->sid, - SECCLASS_FILE, FILE__ENTRYPOINT); + rc = avc_has_perm_audit(newsid, file->sid, SECCLASS_FILE, + FILE__ENTRYPOINT, &ad); + if (rc) return EACCES; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210181719.g9IHJTdI064311>