Date: Mon, 22 Apr 2002 18:32:13 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10157 for review Message-ID: <200204230132.g3N1WD306427@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10157 Change 10157 by rwatson@rwatson_curry on 2002/04/22 18:31:20 Add two more MAC policy entry points: mac_cred_check_getextattr_vnode() mac_cred_check_setextattr_vnode() These permit policies to limit access to extended attribute operations. Policies are provided with access to the operation type, attribute namespace, and attribute name. In addition, a reference to the 'struct uio' for the operation is provided: however, it is intended that policies use this only to determine whether or not this is a delete/size query, rather than that policies attempt to use the 'struct uio' themselves, as pointers to kernel/userspace may be subject to time of check/time of use races if used. No policies currently implement these checks. Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#126 edit ... //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#40 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#92 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#57 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#126 (text+ko) ==== @@ -437,6 +437,10 @@ mpc->mpc_ops.mpo_cred_check_exec_vnode = mpe->mpe_function; break; + case MAC_CRED_CHECK_GETEXTATTR_VNODE: + mpc->mpc_ops.mpo_cred_check_getextattr_vnode = + mpe->mpe_function; + break; case MAC_CRED_CHECK_OPEN_VNODE: mpc->mpc_ops.mpo_cred_check_open_vnode = mpe->mpe_function; @@ -457,6 +461,10 @@ mpc->mpc_ops.mpo_cred_check_search_vnode = mpe->mpe_function; break; + case MAC_CRED_CHECK_SETEXTATTR_VNODE: + mpc->mpc_ops.mpo_cred_check_setextattr_vnode = + mpe->mpe_function; + break; case MAC_CRED_CHECK_SETFLAGS_VNODE: mpc->mpc_ops.mpo_cred_check_setflags_vnode = mpe->mpe_function; @@ -993,6 +1001,21 @@ } int +mac_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio) +{ + struct mac label; + int error; + + error = VOP_GETLABEL(vp, &label, cred, curthread); + if (error) + return (error); + MAC_CHECK(cred_check_getextattr_vnode, cred, vp, &label, attrnamespace, + name, uio); + return (error); +} + +int mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode) { struct mac label; @@ -1032,6 +1055,21 @@ } int +mac_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio) +{ + struct mac label; + int error; + + error = VOP_GETLABEL(vp, &label, cred, curthread); + if (error) + return (error); + MAC_CHECK(cred_check_setextattr_vnode, cred, vp, &label, attrnamespace, + name, uio); + return (error); +} + +int mac_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, u_long flags) { ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#40 (text+ko) ==== @@ -4768,6 +4768,13 @@ auio.uio_td = td; cnt = nbytes; +#ifdef MAC + error = mac_cred_check_setextattr_vnode(td->td_ucred, vp, + attrnamespace, attrname, &auio); + if (error) + goto done; +#endif + error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, td->td_ucred, td); cnt -= auio.uio_resid; @@ -4881,11 +4888,23 @@ auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; cnt = nbytes; +#ifdef MAC + error = mac_cred_check_getextattr_vnode(td->td_ucred, vp, + attrnamespace, attrname, &auio); + if (error) + goto done; +#endif error = VOP_GETEXTATTR(vp, attrnamespace, attrname, &auio, NULL, td->td_ucred, td); cnt -= auio.uio_resid; td->td_retval[0] = cnt; } else { +#ifdef MAC + error = mac_cred_check_getextattr_vnode(td->td_ucred, vp, + attrnamespace, attrname, NULL); + if (error) + goto done; +#endif error = VOP_GETEXTATTR(vp, attrnamespace, attrname, NULL, &size, td->td_ucred, td); td->td_retval[0] = size; @@ -4977,6 +4996,11 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + error = mac_cred_check_setextattr_vnode(td->td_ucred, vp, + attrnamespace, attrname, NULL); +#endif + error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL, td->td_ucred, td); ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#92 (text+ko) ==== @@ -275,6 +275,7 @@ struct socket; struct timespec; struct ucred; +struct uio; struct vattr; struct vnode; @@ -309,7 +310,11 @@ int mac_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp); int mac_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, struct vattr *vap); +int mac_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); int mac_cred_check_search_vnode(struct ucred *cred, struct vnode *dvp); +int mac_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); int mac_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, u_long flags); int mac_cred_check_setmode_vnode(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#57 (text+ko) ==== @@ -170,6 +170,9 @@ struct mac *label); int (*mpo_cred_check_exec_vnode)(struct ucred *cred, struct vnode *vp, struct mac *label); + int (*mpo_cred_check_getextattr_vnode)(struct ucred *cred, + struct vnode *vp, struct mac *label, int attrnamespace, + const char *name, struct uio *uio); int (*mpo_cred_check_open_vnode)(struct ucred *cred, struct vnode *vp, struct mac *label, mode_t acc_mode); int (*mpo_cred_check_rename_from_vnode)(struct ucred *cred, @@ -182,6 +185,9 @@ struct vnode *vp, struct mac *label); int (*mpo_cred_check_search_vnode)(struct ucred *cred, struct vnode *dvp, struct mac *dlabel); + int (*mpo_cred_check_setextattr_vnode)(struct ucred *cred, + struct vnode *vp, struct mac *label, int attrnamespace, + const char *name, struct uio *uio); int (*mpo_cred_check_setflags_vnode)(struct ucred *cred, struct vnode *vp, struct mac *label, u_long flags); int (*mpo_cred_check_setmode_vnode)(struct ucred *cred, @@ -256,11 +262,13 @@ MAC_CRED_CHECK_CREATE_VNODE, MAC_CRED_CHECK_DELETE_VNODE, MAC_CRED_CHECK_EXEC_VNODE, + MAC_CRED_CHECK_GETEXTATTR_VNODE, MAC_CRED_CHECK_OPEN_VNODE, MAC_CRED_CHECK_RENAME_FROM_VNODE, MAC_CRED_CHECK_RENAME_TO_VNODE, MAC_CRED_CHECK_REVOKE_VNODE, MAC_CRED_CHECK_SEARCH_VNODE, + MAC_CRED_CHECK_SETEXTATTR_VNODE, MAC_CRED_CHECK_SETFLAGS_VNODE, MAC_CRED_CHECK_SETMODE_VNODE, MAC_CRED_CHECK_SETOWNER_VNODE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204230132.g3N1WD306427>