From owner-p4-projects@FreeBSD.ORG Thu May 5 14:33:46 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E97A416A4D0; Thu, 5 May 2005 14:33:45 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EC6A16A4CE for ; Thu, 5 May 2005 14:33:45 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61DD243DCA for ; Thu, 5 May 2005 14:33:45 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j45EXjHf058094 for ; Thu, 5 May 2005 14:33:45 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j45EXj90058091 for perforce@freebsd.org; Thu, 5 May 2005 14:33:45 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 5 May 2005 14:33:45 GMT Message-Id: <200505051433.j45EXj90058091@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 76557 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 14:33:46 -0000 http://perforce.freebsd.org/chv.cgi?CH=76557 Change 76557 by rwatson@rwatson_paprika on 2005/05/05 14:33:43 Merge dev_clone_cred event handler from trustedbsd_sebsd to trustedbsd_mac for eventual delivery to FreeBSD CVS. This introduces a new devfs event handler for cloning, which provides the credential associated with the device lookup to the device driver and MAC Framework. This allows device drivers to create nodes with owner/permissions/etc based on elements of the credential performing the lookup, and allows the MAC Framework and its policies to create an initial device node label based on that same credential. Due to the way in which events occur and data structures are passed around, storing a reference to the lookup-time credential in the cdev is necessary to usefully re-expose the credential when passing the device node from devfs to the MAC Framework when the devfsdirent is created. However, we do expose the credential explicitly to policies to avoid building in assumptions about the location/source of the credential. In this change, the policies are not modified. Note that the credential pointer will be NULL in non-clone scenarios. Affected files ... .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#20 edit .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#57 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_conf.c#25 edit .. //depot/projects/trustedbsd/mac/sys/kern/tty_pty.c#20 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#14 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#254 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#93 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#207 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#34 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#147 edit .. //depot/projects/trustedbsd/mac/sys/sys/conf.h#26 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#273 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#230 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#20 (text+ko) ==== @@ -325,8 +325,8 @@ de->de_dirent->d_type = DT_CHR; } #ifdef MAC - mac_create_devfs_device(dm->dm_mount, dev, de, - dev->si_name); + mac_create_devfs_device(dev->si_cred, dm->dm_mount, + dev, de, dev->si_name); #endif *dep = de; de->de_dir = dd; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#57 (text+ko) ==== @@ -648,9 +648,13 @@ goto notfound; cdev = NULL; - EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev); - if (cdev == NULL) - goto notfound; + EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, + strlen(pname), &cdev); + if (cdev == NULL) { + EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev); + if (cdev == NULL) + goto notfound; + } devfs_populate(dmp); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_conf.c#25 (text+ko) ==== @@ -42,6 +42,7 @@ #include #include #include +#include #include static MALLOC_DEFINE(M_DEVT, "cdev", "cdev storage"); @@ -51,6 +52,9 @@ static struct mtx devmtx; static void freedev(struct cdev *dev); static void destroy_devl(struct cdev *dev); +static struct cdev *make_dev_credv(struct cdevsw *devsw, int minornr, + struct ucred *cr, uid_t uid, gid_t gid, int mode, const char *fmt, + va_list ap); void dev_lock(void) @@ -300,6 +304,8 @@ freedev(struct cdev *dev) { + if (dev->si_cred != NULL) + crfree(dev->si_cred); free(dev, M_DEVT); } @@ -370,11 +376,11 @@ dev_unlock(); } -struct cdev * -make_dev(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid, int mode, const char *fmt, ...) +static struct cdev * +make_dev_credv(struct cdevsw *devsw, int minornr, struct ucred *cr, uid_t uid, + gid_t gid, int mode, const char *fmt, va_list ap) { struct cdev *dev; - va_list ap; int i; KASSERT((minornr & ~MAXMINOR) == 0, @@ -400,16 +406,18 @@ ("make_dev() by driver %s on pre-existing device (min=%x, name=%s)", devsw->d_name, minor(dev), devtoname(dev))); - va_start(ap, fmt); i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap); if (i > (sizeof dev->__si_namebuf - 1)) { printf("WARNING: Device name truncated! (%s)\n", dev->__si_namebuf); } - va_end(ap); dev->si_devsw = devsw; dev->si_flags |= SI_NAMED; + if (cr != NULL) + dev->si_cred = crhold(cr); + else + dev->si_cred = NULL; dev->si_uid = uid; dev->si_gid = gid; dev->si_mode = mode; @@ -419,6 +427,33 @@ return (dev); } +struct cdev * +make_dev(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid, int mode, + const char *fmt, ...) +{ + struct cdev *dev; + va_list ap; + + va_start(ap, fmt); + dev = make_dev_credv(devsw, minornr, NULL, uid, gid, mode, fmt, ap); + va_end(ap); + return (dev); +} + +struct cdev * +make_dev_cred(struct cdevsw *devsw, int minornr, struct ucred *cr, uid_t uid, + gid_t gid, int mode, const char *fmt, ...) +{ + struct cdev *dev; + va_list ap; + + va_start(ap, fmt); + dev = make_dev_credv(devsw, minornr, cr, uid, gid, mode, fmt, ap); + va_end(ap); + + return (dev); +} + int dev_named(struct cdev *pdev, const char *name) { ==== //depot/projects/trustedbsd/mac/sys/kern/tty_pty.c#20 (text+ko) ==== @@ -63,7 +63,7 @@ static void ptsstart(struct tty *tp); static void ptsstop(struct tty *tp, int rw); static void ptcwakeup(struct tty *tp, int flag); -static struct cdev *ptyinit(struct cdev *cdev); +static struct cdev *ptyinit(struct cdev *cdev, struct thread *td); static d_open_t ptsopen; static d_close_t ptsclose; @@ -132,7 +132,7 @@ * than 256 ptys. */ static struct cdev * -ptyinit(struct cdev *devc) +ptyinit(struct cdev *devc, struct thread *td) { struct cdev *devs; struct ptsc *pt; @@ -146,7 +146,7 @@ devc->si_flags &= ~SI_CHEAPCLONE; pt = malloc(sizeof(*pt), M_PTY, M_WAITOK | M_ZERO); - pt->devs = devs = make_dev(&pts_cdevsw, n, + pt->devs = devs = make_dev_cred(&pts_cdevsw, n, td->td_ucred, UID_ROOT, GID_WHEEL, 0666, "tty%c%r", names[n / 32], n % 32); pt->devc = devc; @@ -272,7 +272,7 @@ struct ptsc *pt; if (!dev->si_drv1) - ptyinit(dev); + ptyinit(dev, td); if (!dev->si_drv1) return(ENXIO); tp = dev->si_tty; @@ -681,7 +681,8 @@ } static void -pty_clone(void *arg, char *name, int namelen, struct cdev **dev) +pty_clone(void *arg, struct ucred *cr, char *name, int namelen, + struct cdev **dev) { int u; @@ -708,7 +709,7 @@ u += name[4] - 'a' + 10; else return; - *dev = make_dev(&ptc_cdevsw, u, + *dev = make_dev_cred(&ptc_cdevsw, u, cr, UID_ROOT, GID_WHEEL, 0666, "pty%c%r", names[u / 32], u % 32); dev_ref(*dev); (*dev)->si_flags |= SI_CHEAPCLONE; @@ -719,7 +720,7 @@ ptc_drvinit(void *unused) { - EVENTHANDLER_REGISTER(dev_clone, pty_clone, 0, 1000); + EVENTHANDLER_REGISTER(dev_clone_cred, pty_clone, 0, 1000); } SYSINIT(ptcdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,ptc_drvinit,NULL) ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_vfs.c#14 (text+ko) ==== @@ -939,11 +939,11 @@ } void -mac_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *de, const char *fullpath) +mac_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, const char *fullpath) { - MAC_PERFORM(create_devfs_device, mp, dev, de, de->de_label, + MAC_PERFORM(create_devfs_device, cred, mp, dev, de, de->de_label, fullpath); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#254 (text+ko) ==== @@ -858,8 +858,8 @@ * a lot like file system objects. */ static void -mac_biba_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *devfs_dirent, struct label *label, +mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { struct mac_biba *mac_biba; ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#93 (text+ko) ==== @@ -916,8 +916,8 @@ * a lot like file system objects. */ static void -mac_lomac_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *devfs_dirent, struct label *label, +mac_lomac_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { struct mac_lomac *mac_lomac; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#207 (text+ko) ==== @@ -822,8 +822,8 @@ * a lot like file system objects. */ static void -mac_mls_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *devfs_dirent, struct label *label, +mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { struct mac_mls *mac_mls; ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#34 (text+ko) ==== @@ -183,8 +183,8 @@ } static void -stub_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *devfs_dirent, struct label *label, +stub_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#147 (text+ko) ==== @@ -865,8 +865,8 @@ } static void -mac_test_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *devfs_dirent, struct label *label, +mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { ==== //depot/projects/trustedbsd/mac/sys/sys/conf.h#26 (text+ko) ==== @@ -68,6 +68,7 @@ uid_t si_uid; gid_t si_gid; mode_t si_mode; + struct ucred *si_cred; u_int si_drv0; int si_refcount; LIST_ENTRY(cdev) si_list; @@ -253,6 +254,9 @@ void dev_strategy(struct cdev *dev, struct buf *bp); struct cdev *make_dev(struct cdevsw *_devsw, int _minor, uid_t _uid, gid_t _gid, int _perms, const char *_fmt, ...) __printflike(6, 7); +struct cdev *make_dev_cred(struct cdevsw *_devsw, int _minor, + struct ucred *_cr, uid_t _uid, gid_t _gid, int _perms, + const char *_fmt, ...) __printflike(7, 8); struct cdev *make_dev_alias(struct cdev *_pdev, const char *_fmt, ...) __printflike(2, 3); int dev2unit(struct cdev *_dev); void dev_lock(void); @@ -280,6 +284,10 @@ int dev_stdclone(char *_name, char **_namep, const char *_stem, int *_unit); EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn); +typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cred, char *name, + int namelen, struct cdev **result); +EVENTHANDLER_DECLARE(dev_clone_cred, dev_clone_cred_fn); + /* Stuff relating to kernel-dump */ struct dumperinfo { ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#273 (text+ko) ==== @@ -195,8 +195,8 @@ struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(struct mount *mp, struct cdev *dev, - struct devfs_dirent *de, const char *fullpath); +void mac_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#230 (text+ko) ==== @@ -190,7 +190,8 @@ void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(struct mount *mp, struct cdev *dev, + void (*mpo_create_devfs_device)(struct ucred *cred, + struct mount *mp, struct cdev *dev, struct devfs_dirent *de, struct label *label, const char *fullpath); void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname,