From owner-p4-projects@FreeBSD.ORG Fri Jan 30 10:21:58 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EA41316A4D0; Fri, 30 Jan 2004 10:21:57 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C40CD16A4CE for ; Fri, 30 Jan 2004 10:21:57 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78BAB43D48 for ; Fri, 30 Jan 2004 10:21:27 -0800 (PST) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0UILR0B028537 for ; Fri, 30 Jan 2004 10:21:27 -0800 (PST) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0UILQ9o028528 for perforce@freebsd.org; Fri, 30 Jan 2004 10:21:26 -0800 (PST) (envelope-from areisse@nailabs.com) Date: Fri, 30 Jan 2004 10:21:26 -0800 (PST) Message-Id: <200401301821.i0UILQ9o028528@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 46203 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 18:21:58 -0000 http://perforce.freebsd.org/chv.cgi?CH=46203 Change 46203 by areisse@areisse_ibook on 2004/01/30 10:20:50 Merged policy with mach IPC rules back to sedarwin testing policy. Affected files ... .. //depot/projects/trustedbsd/sedarwin/policy/Makefile#6 edit .. //depot/projects/trustedbsd/sedarwin/policy/bininclude.C#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/devfs#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/fc#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/flask/Makefile#1 branch .. //depot/projects/trustedbsd/sedarwin/policy/flask/access_vectors#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/flask/initial_sids#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/flask/security_classes#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/fs_use#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/initial_sid_contexts#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/initial_sids#1 branch .. //depot/projects/trustedbsd/sedarwin/policy/isiddefs#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/macros/global_macros.te#2 integrate .. //depot/projects/trustedbsd/sedarwin/policy/rules#5 integrate .. //depot/projects/trustedbsd/sedarwin/policy/users#4 integrate Differences ... ==== //depot/projects/trustedbsd/sedarwin/policy/Makefile#6 (text+ko) ==== @@ -1,8 +1,8 @@ include ../Makeconfig -default: policy.h +default: policy.16 -INPUTS = flask/security_classes flask/initial_sids \ +INPUTS = flask/security_classes initial_sids \ flask/access_vectors rules.m4 users initial_sid_contexts fs_use \ devfs @@ -12,9 +12,6 @@ policy.16: policy.conf checkpolicy -o $@ $< -policy.h: bininclude policy.16 - ./bininclude policy.16 policy.h binpolicy - rules.m4: rules m4 -Imacros -s $< > $@ @@ -24,13 +21,9 @@ genfs: fc.out cat $< | sed -ne 's/^\/[a-zA-Z0-9\/\.]* *[^ ]*$$/genfscon hfs &/p' > $@ -bininclude: bininclude.C - gcc -o $@ $< - -install: - cp policy.h ../apsl/xnu/security/sebsd/sebsd_policy.h - clean: rm -f bininclude policy.16 policy.conf policy.h rules.m4 fc.out \ genfs +relabel: fc + setfsmac -s $^ / ==== //depot/projects/trustedbsd/sedarwin/policy/bininclude.C#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin/policy/devfs#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin/policy/fc#2 (text+ko) ==== @@ -1,3 +1,15 @@ /.* system_u:object_r:file_t /bin/.* system_u:object_r:bin_t /bin/.*sh system_u:object_r:shell_exec_t +/usr/bin/.* system_u:object_r:bin_t +/usr/local/bin/.* system_u:object_r:bin_t +/sbin/.* system_u:object_r:bin_t +/usr/sbin/.* system_u:object_r:bin_t +/Applications/.* system_u:object_r:appl_t +/sbin/SystemStarter system_u:object_r:systemstarter_exec_t +/System/Library/CoreServices/coreservicesd system_u:object_r:coreservices_exec_t +/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow.real system_u:object_r:loginwindow_exec_t +/System/Library/CoreServices/pbs system_u:object_r:pbs_exec_t +/System/Library/CoreServices/RealWindowServer system_u:object_r:windowserver_exec_t +/System/Library/CoreServices/SecurityServer system_u:object_r:securityserver_exec_t +/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/Support/coreservicesd system_u:object_r:coreservices_exec_t ==== //depot/projects/trustedbsd/sedarwin/policy/flask/access_vectors#2 (text+ko) ==== @@ -233,10 +233,6 @@ getcap setcap share - signull - getattr - setexec - setfscreate noatsecure } @@ -261,21 +257,15 @@ { send receive - destroy } class shm inherits ipc - -class posix_sem { - associate - disassociate - destroy - write - read + lock } + # # Define the access vector interpretation for the security server. # @@ -283,12 +273,16 @@ class security { compute_av - compute_create - compute_member - check_context + notify_perm + transition_sid + member_sid + sid_to_context + context_to_sid load_policy - compute_relabel - compute_user + get_sids + register_avc + change_sid + get_user_sids } @@ -367,9 +361,28 @@ lease } -class passwd +class mach_port +{ + relabelfrom + relabelto + send + recv + make_send + copy_send + move_recv +} + +class mach_task { - passwd - chfn - chsh + terminate + set_special_port } + +class mach_names +{ + register + look_up + getparent + makesubset + create_server +}; ==== //depot/projects/trustedbsd/sedarwin/policy/flask/initial_sids#2 (text+ko) ==== @@ -28,7 +28,10 @@ sid sysctl_vm sid sysctl_dev sid kmod +sid devfs +sid devpts +sid nfs sid policy -sid scmp_packet +sid tmpfs # FLASK ==== //depot/projects/trustedbsd/sedarwin/policy/flask/security_classes#2 (text+ko) ==== @@ -40,14 +40,11 @@ class shm class ipc -#Posix.1b-related classes -class posix_sem +class mach_port -# -# userspace object manager classes -# +#classes only used by name -# passwd/chfn/chsh -class passwd +class mach_task +class mach_names # FLASK ==== //depot/projects/trustedbsd/sedarwin/policy/fs_use#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin/policy/initial_sid_contexts#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin/policy/isiddefs#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin/policy/macros/global_macros.te#2 (text+ko) ==== @@ -1158,3 +1158,23 @@ allow $1_t etc_t:dir r_dir_perms; ') + +##### + +define(`allow_mach_ipc', ` +allow $1 $2:mach_port { send copy_send make_send }; +allow $2 $1:mach_port { send copy_send make_send }; +') + +define(`mach_bootstrap', ` +allow $1 $2:mach_port { send copy_send make_send }; +allow $1 $3:mach_names look_up; +allow init_d $1:mach_port { send copy_send }; +') + +define(`mach_bootstrap_register', ` +allow $1 $2:mach_names register; +allow $1 $2:mach_port { send copy_send }; +allow init_d $1:mach_port { send copy_send }; +') + ==== //depot/projects/trustedbsd/sedarwin/policy/rules#5 (text+ko) ==== @@ -1,4 +1,5 @@ attribute domain; +attribute domain2; attribute file; attribute fs; @@ -9,12 +10,12 @@ type bin_t, file; type shell_exec_t, file; type login_exec_t, file; -type init_d, domain; -type login_d, domain; -type user_d, domain; -type user_secret_d, domain; -type sysadm_d, domain; -type kernel_d, domain; +type init_d, domain, domain2; +type login_d, domain, domain2; +type user_d, domain, domain2; +type user_secret_d, domain, domain2; +type sysadm_d, domain, domain2; +type kernel_d, domain, domain2; type security_t; type fs_t, fs; type devpts_t; @@ -28,14 +29,53 @@ type console_device_t; type random_device_t; type secret_t; +type user_port_t; +type time_port_t; + +type boot_names_t; +type user_names_t; + +type root_t, file; +type appl_t, file; +type lib_t, file; + +type pbs_d, domain, domain2; +type cron_d, domain, domain2; +type loginwindow_d, domain, domain2; +type windowserver_d, domain, domain2; +type securityserver_d, domain, domain2; +type coreservices_d, domain, domain2; +type systemstarter_d, domain, domain2; +type lookupd_d, domain, domain2; +type directoryservice_d, domain, domain2; +type pbs_exec_t, file; +type cron_exec_t, file; +type loginwindow_exec_t, file; +type windowserver_exec_t, file; +type securityserver_exec_t, file; +type coreservices_exec_t, file; +type systemstarter_exec_t, file; +type lookupd_exec_t, file; +type directoryservice_exec_t, file; + role system_r types init_d; role system_r types login_d; role system_r types user_d; role system_r types sysadm_d; +role system_r types pbs_d; +role system_r types cron_d; +role system_r types loginwindow_d; +role system_r types windowserver_d; +role system_r types securityserver_d; +role system_r types coreservices_d; +role system_r types systemstarter_d; +role system_r types directoryservice_d; +role system_r types lookupd_d; role system_r types security_t; role system_r types unlabeled_t; role system_r types kernel_d; +role system_r types boot_names_t; #role object_r types file_t; #role object_r types bin_t; role object_r types shell_exec_t; @@ -45,6 +85,7 @@ role object_r types sysadm_devpts_t; role object_r types secret_t; role user_r types user_d; +role user_r types user_port_t; role user_secret_r types user_secret_d; role sysadm_r types sysadm_d; @@ -61,19 +102,182 @@ domain_trans(login_d,shell_exec_t,user_d); domain_trans(login_d,shell_exec_t,user_secret_d); domain_trans(login_d,shell_exec_t,sysadm_d); + +domain_trans(windowserver_d,shell_exec_t,user_d); +domain_trans(windowserver_d,shell_exec_t,user_secret_d); +domain_trans(windowserver_d,shell_exec_t,sysadm_d); + type_change user_d devpts_t:chr_file user_devpts_t; -allow domain file:{file lnk_file sock_file} {create_file_perms execute }; -allow domain file:file execute_no_trans; -allow domain file:dir { create_dir_perms }; -allow domain {null_device_t console_device_t memory_device_t random_device_t zero_device_t device_t}:{file chr_file} create_file_perms; -allow domain device_t:blk_file create_file_perms; -allow domain {devpts_t user_devpts_t sysadm_devpts_t}:chr_file create_file_perms; -allow domain domain:process { signal sigkill setsched getsession }; -allow domain file:{dir file lnk_file sock_file} { relabelfrom relabelto }; +allow domain self:mach_port { send make_send copy_send move_recv }; +allow domain kernel_d:mach_port { send make_send copy_send }; +allow domain self:mach_task set_special_port; +allow domain self:mach_names { look_up }; +allow domain root_t:dir { search getattr read }; +allow kernel_d domain:mach_port { send make_send copy_send }; + +allow domain2 file:{file lnk_file sock_file} {create_file_perms execute }; +allow domain2 file:file execute_no_trans; +allow domain2 file:dir { create_dir_perms }; +allow domain2 {null_device_t console_device_t memory_device_t random_device_t zero_device_t device_t}:{file chr_file} create_file_perms; +allow domain2 device_t:blk_file create_file_perms; +allow domain2 {devpts_t user_devpts_t sysadm_devpts_t}:chr_file create_file_perms; +allow domain2 domain:process { signal sigkill setsched getsession }; +allow domain2 file:{dir file lnk_file sock_file} { relabelfrom relabelto }; + +domain_auto_trans(init_d,windowserver_exec_t,windowserver_d); +domain_auto_trans(systemstarter_d,windowserver_exec_t,windowserver_d); +domain_auto_trans(init_d,loginwindow_exec_t,loginwindow_d); +domain_auto_trans(init_d,systemstarter_exec_t,systemstarter_d); +domain_auto_trans(systemstarter_d,securityserver_exec_t,securityserver_d); +domain_auto_trans(systemstarter_d,coreservices_exec_t,coreservices_d); +domain_auto_trans(systemstarter_d,cron_exec_t,cron_d); +domain_auto_trans(systemstarter_d,lookupd_exec_t,lookupd_d); +domain_auto_trans(loginwindow_d,pbs_exec_t,pbs_d); allow user_secret_d secret_t:{file lnk_file} create_file_perms; allow user_secret_d secret_t:dir { create_file_perms rw_dir_perms }; allow user_secret_d { secret_t unlabeled_t file_t }:{file dir} { relabelfrom relabelto }; allow secret_t fs:filesystem associate; +#type_change user_d user_d:mach_port user_port_t; + +allow_mach_ipc(securityserver_d,coreservices_d); +allow_mach_ipc(securityserver_d,loginwindow_d); +allow_mach_ipc(securityserver_d,windowserver_d); + +allow_mach_ipc(loginwindow_d,windowserver_d); +allow_mach_ipc(loginwindow_d,unlabeled_t); +allow_mach_ipc(loginwindow_d,user_d); + +#allow init_d { unlabeled_t init_d login_d kernel_d user_d windowserver_d }:mach_port { send make_send copy_send move_recv }; +#allow kernel_d { unlabeled_t windowserver_d init_d kernel_d user_d }:mach_port { send make_send copy_send }; +#allow login_d { init_d windowserver_d unlabeled_t user_d }:mach_port { send make_send copy_send }; +#allow user_d { user_d init_d windowserver_d user_port_t unlabeled_t coreservices_d }:mach_port { send make_send copy_send }; +allow loginwindow_d { unlabeled_t windowserver_d }:mach_port { send make_send copy_send }; +#allow windowserver_d { init_d loginwindow_d coreservices_d unlabeled_t user_d securityserver_d }:mach_port { send make_send copy_send }; +#allow coreservices_d { user_d securityserver_d }:mach_port { send make_send copy_send }; +#allow securityserver_d { windowserver_d coreservices_d }:mach_port { send make_send copy_send }; +allow init_d self:mach_names { register look_up }; +allow user_d { user_d init_d }:mach_names { register look_up }; + +allow kernel_d {user_names_t boot_names_t}:mach_port send; + +allow_mach_ipc(init_d,coreservices_d); #??? +mach_bootstrap(init_d,boot_names_t,boot_names_t); #??? +type_change loginwindow_d loginwindow_d:mach_names user_names_t; +allow init_d init_d:mach_port relabelfrom; +allow init_d boot_names_t:mach_port relabelto; +allow init_d user_names_t:mach_port { copy_send relabelto }; +allow init_d boot_names_t:mach_names { register create_server }; #??? +mach_bootstrap(init_d,user_names_t,securityserver_d); #??? + +allow_mach_ipc(systemstarter_d,unlabeled_t); +allow_mach_ipc(systemstarter_d,boot_names_t); +allow_mach_ipc(systemstarter_d,init_d); +allow_mach_ipc(systemstarter_d,lookupd_d); +allow_mach_ipc(systemstarter_d,coreservices_d); +mach_bootstrap(systemstarter_d,boot_names_t,coreservices_d); +mach_bootstrap(systemstarter_d,boot_names_t,securityserver_d); +mach_bootstrap(systemstarter_d,boot_names_t,windowserver_d); +mach_bootstrap(systemstarter_d,boot_names_t,boot_names_t); +allow systemstarter_d init_d:mach_names look_up; +allow systemstarter_d boot_names_t:mach_names { register create_server }; + +mach_bootstrap(coreservices_d,boot_names_t,boot_names_t); +mach_bootstrap(coreservices_d,boot_names_t,init_d); +mach_bootstrap(coreservices_d,boot_names_t,systemstarter_d); #??? +mach_bootstrap_register(coreservices_d,boot_names_t); + +mach_bootstrap_register(windowserver_d,user_names_t); +allow_mach_ipc(windowserver_d,user_d); +mach_bootstrap(windowserver_d,user_names_t,systemstarter_d); +mach_bootstrap(windowserver_d,user_names_t,pbs_d); +mach_bootstrap(windowserver_d,user_names_t,coreservices_d); +mach_bootstrap(windowserver_d,user_names_t,user_names_t); +mach_bootstrap(windowserver_d,user_names_t,init_d); +mach_bootstrap(windowserver_d,boot_names_t,boot_names_t); +mach_bootstrap(windowserver_d,boot_names_t,coreservices_d); +mach_bootstrap(windowserver_d,boot_names_t,windowserver_d); +allow_mach_ipc(windowserver_d,systemstarter_d); +allow_mach_ipc(windowserver_d,pbs_d); +allow_mach_ipc(windowserver_d,lookupd_d); +allow_mach_ipc(windowserver_d,init_d); # for wsloginui +allow_mach_ipc(windowserver_d,coreservices_d); # for wsloginui +mach_bootstrap_register(windowserver_d,boot_names_t); + +allow_mach_ipc(loginwindow_d,coreservices_d); +allow_mach_ipc(loginwindow_d,init_d); +allow_mach_ipc(loginwindow_d,lookupd_d); +allow_mach_ipc(loginwindow_d,systemstarter_d); +mach_bootstrap(loginwindow_d,user_names_t,user_names_t); +mach_bootstrap(loginwindow_d,user_names_t,coreservices_d); +mach_bootstrap(loginwindow_d,boot_names_t,init_d); +mach_bootstrap(loginwindow_d,boot_names_t,boot_names_t); +mach_bootstrap(loginwindow_d,boot_names_t,windowserver_d); +mach_bootstrap(loginwindow_d,boot_names_t,securityserver_d); +mach_bootstrap(loginwindow_d,user_names_t,systemstarter_d); #??? +mach_bootstrap(loginwindow_d,user_names_t,user_d); #??? +mach_bootstrap_register(loginwindow_d,user_names_t); +mach_bootstrap_register(loginwindow_d,boot_names_t); +allow loginwindow_d boot_names_t:mach_names makesubset; +allow loginwindow_d user_names_t:mach_names create_server; + +mach_bootstrap(securityserver_d,user_names_t,user_names_t); +mach_bootstrap(securityserver_d,user_names_t,user_d); +mach_bootstrap_register(securityserver_d,user_names_t); +mach_bootstrap_register(securityserver_d,boot_names_t); +mach_bootstrap(securityserver_d,boot_names_t,init_d); +mach_bootstrap(securityserver_d,boot_names_t,boot_names_t); +mach_bootstrap(securityserver_d,boot_names_t,coreservices_d); +mach_bootstrap(securityserver_d,boot_names_t,windowserver_d); +mach_bootstrap(securityserver_d,boot_names_t,systemstarter_d); #??? +allow_mach_ipc(securityserver_d,init_d); #??? +allow_mach_ipc(securityserver_d,systemstarter_d); #??? +allow_mach_ipc(securityserver_d,lookupd_d); + +allow_mach_ipc(lookupd_d,coreservices_d); +allow_mach_ipc(lookupd_d,init_d); #DirectoryService? +allow_mach_ipc(lookupd_d,cron_d); +mach_bootstrap(lookupd_d,boot_names_t,boot_names_t); +allow lookupd_d boot_names_t:mach_names create_server; + +mach_bootstrap(cron_d,boot_names_t,init_d); +allow_mach_ipc(cron_d,init_d); + +allow_mach_ipc(user_d,systemstarter_d); +allow_mach_ipc(user_d,init_d); +allow_mach_ipc(user_d,coreservices_d); #SystemUIServer +mach_bootstrap(user_d,user_names_t,coreservices_d); +mach_bootstrap(user_d,user_names_t,pbs_d); +mach_bootstrap(user_d,user_names_t,loginwindow_d); +mach_bootstrap(user_d,user_names_t,securityserver_d); +mach_bootstrap(user_d,user_names_t,windowserver_d); +mach_bootstrap(user_d,user_names_t,systemstarter_d); #??? +mach_bootstrap_register(user_d,user_names_t); +mach_bootstrap(user_d,user_names_t,user_names_t); +allow_mach_ipc(user_d,securityserver_d); +allow_mach_ipc(user_d,lookupd_d); +allow_mach_ipc(pbs_d,user_d); + +allow pbs_d appl_t:dir { search getattr read }; +allow pbs_d appl_t:file { read getattr }; +allow pbs_d user_d:mach_port { send copy_send }; +allow pbs_d lib_t:dir { search getattr }; +allow pbs_d lib_t:file { read getattr }; +mach_bootstrap_register(pbs_d,user_names_t); +mach_bootstrap(pbs_d,user_names_t,coreservices_d); +allow_mach_ipc(pbs_d,init_d); +mach_bootstrap(pbs_d,user_names_t,init_d) #??? +allow_mach_ipc(pbs_d,lookupd_d); +allow_mach_ipc(pbs_d,coreservices_d); + +allow_mach_ipc(kernel_d,unlabeled_t); +allow_mach_ipc(cron_d,unlabeled_t); +allow_mach_ipc(init_d,unlabeled_t); +allow_mach_ipc(pbs_d,unlabeled_t); +allow_mach_ipc(user_d,unlabeled_t); +allow_mach_ipc(lookupd_d,unlabeled_t); +allow_mach_ipc(coreservices_d,unlabeled_t); +allow_mach_ipc(windowserver_d,unlabeled_t); +allow_mach_ipc(securityserver_d,unlabeled_t); ==== //depot/projects/trustedbsd/sedarwin/policy/users#4 (text+ko) ====