From owner-p4-projects@FreeBSD.ORG Fri Oct 3 06:04:12 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 07BBE16A4DC; Fri, 3 Oct 2003 06:04:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2D5916A4D5 for ; Fri, 3 Oct 2003 06:04:11 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EE8743FFB for ; Fri, 3 Oct 2003 06:04:11 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h93D4AXJ070400 for ; Fri, 3 Oct 2003 06:04:10 -0700 (PDT) (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h93D48Xi070397 for perforce@freebsd.org; Fri, 3 Oct 2003 06:04:08 -0700 (PDT) (envelope-from areisse@nailabs.com) Date: Fri, 3 Oct 2003 06:04:08 -0700 (PDT) Message-Id: <200310031304.h93D48Xi070397@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 39084 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2003 13:04:12 -0000 http://perforce.freebsd.org/chv.cgi?CH=39084 Change 39084 by areisse@areisse_tislabs on 2003/10/03 06:04:05 Initial support for automatic pty labelling, using the new make_dev_cred and dev_clone_cred support. ptys are created with the user that caused the cloning. mpo_create_devfs_device takes optional cred. sebsd policy updated. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_devs.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/tty_pty.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#20 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#7 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#6 edit .. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#5 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_devs.c#5 (text+ko) ==== @@ -363,7 +363,7 @@ de->de_dirent->d_type = DT_CHR; } #ifdef MAC - mac_create_devfs_device(dm->dm_mount, dev, de, + mac_create_devfs_device(dev->si_cred, dm->dm_mount, dev, de, dev->si_name); #endif *dep = de; ==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#5 (text+ko) ==== @@ -376,6 +376,7 @@ goto notfound; cdev = NODEV; + EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, strlen(pname), &cdev); EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev); if (cdev == NODEV) goto notfound; ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#5 (text+ko) ==== @@ -41,6 +41,7 @@ #include #include #include +#include static MALLOC_DEFINE(M_DEVT, "dev_t", "dev_t storage"); @@ -214,6 +215,8 @@ if (dev->si_devsw || dev->si_drv1 || dev->si_drv2) return; LIST_REMOVE(dev, si_hash); + if (dev->si_cred) + crfree (dev->si_cred); if (dev->si_flags & SI_STASHED) { bzero(dev, sizeof(*dev)); dev->si_flags |= SI_STASHED; @@ -266,11 +269,11 @@ return ((x << 8) | y); } -dev_t -make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...) +static dev_t +make_dev_credv(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, struct ucred *cr, + int perms, const char *fmt, va_list ap) { dev_t dev; - va_list ap; int i; KASSERT((minor & ~0xffff00ff) == 0, @@ -319,16 +322,15 @@ dev->si_name); panic("don't do that"); } - va_start(ap, fmt); i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap); if (i > (sizeof dev->__si_namebuf - 1)) { printf("WARNING: Device name truncated! (%s)", dev->__si_namebuf); } - va_end(ap); dev->si_devsw = devsw; - dev->si_uid = uid; - dev->si_gid = gid; + dev->si_uid = cr ? cr->cr_uid : uid; + dev->si_gid = cr ? cr->cr_gid : gid; + dev->si_cred = cr ? crhold (cr) : NULL; dev->si_mode = perms; dev->si_flags |= SI_NAMED; @@ -336,6 +338,26 @@ return (dev); } +dev_t +make_dev_cred(struct cdevsw *devsw, int minor, struct ucred *cr, int perms, const char *fmt, ...) +{ + va_list ap; + va_start (ap, fmt); + dev_t ret = make_dev_credv (devsw, minor, 0, 0, cr, perms, fmt, ap); + va_end (ap); + return (ret); +} + +dev_t +make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...) +{ + va_list ap; + va_start (ap, fmt); + dev_t ret = make_dev_credv (devsw, minor, uid, gid, NULL, perms, fmt, ap); + va_end (ap); + return (ret); +} + int dev_named(dev_t pdev, const char *name) { ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_mac.c#10 (text+ko) ==== @@ -3785,11 +3785,11 @@ } void -mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de, +mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *de, const char *fullpath) { - MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label, + MAC_PERFORM(create_devfs_device, cr, mp, dev, de, &de->de_label, fullpath); } ==== //depot/projects/trustedbsd/sebsd/sys/kern/tty_pty.c#5 (text+ko) ==== @@ -66,7 +66,7 @@ static void ptsstart(struct tty *tp); static void ptsstop(struct tty *tp, int rw); static void ptcwakeup(struct tty *tp, int flag); -static dev_t ptyinit(dev_t cdev); +static dev_t ptyinit(dev_t cdev, struct thread *td); static d_open_t ptsopen; static d_close_t ptsclose; @@ -136,7 +136,7 @@ * than 256 ptys. */ static dev_t -ptyinit(dev_t devc) +ptyinit(dev_t devc, struct thread *td) { dev_t devs; struct pt_ioctl *pt; @@ -150,8 +150,8 @@ devc->si_flags &= ~SI_CHEAPCLONE; pt = malloc(sizeof(*pt), M_PTY, M_WAITOK | M_ZERO); - pt->devs = devs = make_dev(&pts_cdevsw, n, - UID_ROOT, GID_WHEEL, 0666, "tty%c%r", names[n / 32], n % 32); + pt->devs = devs = make_dev_cred(&pts_cdevsw, n, + td->td_ucred, 0666, "tty%c%r", names[n / 32], n % 32); pt->devc = devc; devs->si_drv1 = devc->si_drv1 = pt; @@ -346,7 +346,7 @@ struct pt_ioctl *pti; if (!dev->si_drv1) - ptyinit(dev); + ptyinit(dev, td); if (!dev->si_drv1) return(ENXIO); tp = dev->si_tty; @@ -818,10 +818,11 @@ static void ptc_drvinit(void *unused); -static void pty_clone(void *arg, char *name, int namelen, dev_t *dev); +static void pty_clone(void *arg, struct ucred *cr, char *name, int namelen, dev_t *dev); static void -pty_clone(arg, name, namelen, dev) +pty_clone(arg, cr, name, namelen, dev) + struct ucred *cr; void *arg; char *name; int namelen; @@ -852,8 +853,8 @@ u += name[4] - 'a' + 10; else return; - *dev = make_dev(&ptc_cdevsw, u, - UID_ROOT, GID_WHEEL, 0666, "pty%c%r", names[u / 32], u % 32); + *dev = make_dev_cred (&ptc_cdevsw, u, + cr, 0666, "pty%c%r", names[u / 32], u % 32); (*dev)->si_flags |= SI_CHEAPCLONE; return; } @@ -863,7 +864,7 @@ void *unused; { - EVENTHANDLER_REGISTER(dev_clone, pty_clone, 0, 1000); + EVENTHANDLER_REGISTER(dev_clone_cred, pty_clone, 0, 1000); } SYSINIT(ptcdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR_C,ptc_drvinit,NULL) ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#20 (text+ko) ==== @@ -518,7 +518,7 @@ } static void -sebsd_create_devfs_device(struct mount *mp, dev_t dev, +sebsd_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *devfs_dirent, struct label *label, const char *fullpath) { @@ -543,9 +543,23 @@ strcpy(&path[1], fullpath); rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, &newsid); + if (rc == 0) dirent->sid = newsid; + /* If there was a creating process (currently only for /dev/pty*), + try a type_transition rule. */ + if (cr != NULL) { + struct task_security_struct *task = SLOT(&cr->cr_label); + + /* XXX: uses the type specified by genfs instead of the parent directory + like it should! */ + int error = security_transition_sid(task->sid, dirent->sid, dirent->sclass, + &newsid); + if (error == 0) + dirent->sid = newsid; + } + /* TBD: debugging */ if (sebsd_verbose > 1) { printf("sebsd_create_devfs_device(%s): sbsid=%d, " @@ -794,7 +808,7 @@ int error; int tclass; - task = SLOT(&cred->cr_label); + task = SLOT(&cred->cr_label); dir = SLOT(parentlabel); vsec = SLOT(childlabel); tclass = vnode_type_to_security_class (child->v_type); ==== //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#5 (text+ko) ==== @@ -83,6 +83,7 @@ uid_t si_uid; gid_t si_gid; mode_t si_mode; + struct ucred *si_cred; /* optional cred of creating process (e.g. pty) */ u_long si_usecount; union { struct { @@ -314,6 +315,8 @@ dev_t makebdev(int _maj, int _min); dev_t make_dev(struct cdevsw *_devsw, int _minor, uid_t _uid, gid_t _gid, int _perms, const char *_fmt, ...) __printflike(6, 7); +dev_t make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr, + int _perms, const char *_fmt, ...) __printflike(5, 6); dev_t make_dev_alias(dev_t _pdev, const char *_fmt, ...) __printflike(2, 3); int dev2unit(dev_t _dev); int unit2minor(int _unit); @@ -339,6 +342,9 @@ int dev_stdclone(char *_name, char **_namep, const char *_stem, int *_unit); EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn); +typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cr, char *name, int namelen, dev_t *result); +EVENTHANDLER_DECLARE(dev_clone_cred, dev_clone_cred_fn); + /* Stuff relating to kernel-dump */ struct dumperinfo { ==== //depot/projects/trustedbsd/sebsd/sys/sys/mac.h#7 (text+ko) ==== @@ -186,7 +186,7 @@ struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(struct mount *mp, dev_t dev, +void mac_create_devfs_device(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de, const char *fullpath); ==== //depot/projects/trustedbsd/sebsd/sys/sys/mac_policy.h#7 (text+ko) ==== @@ -167,7 +167,8 @@ void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev, + /* cr is optional in create_devfs_device. */ + void (*mpo_create_devfs_device)(struct ucred *cr, struct mount *mp, dev_t dev, struct devfs_dirent *de, struct label *label, const char *fullpath); void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname, ==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#6 (text+ko) ==== @@ -167,7 +167,7 @@ # spawned by sshd # Use the pty created by sshd -allow sshd_login_t sshd_devpts_t:chr_file { setattr rw_file_perms }; +allow sshd_login_t sshd_devpts_t:chr_file { setattr rw_file_perms poll }; # Write to /var/log/lastlog allow sshd_login_t lastlog_t:file rw_file_perms; @@ -177,7 +177,7 @@ allow sshd_login_t userpty_type:chr_file { getattr relabelfrom relabelto }; # open old-style ptys -allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr }; +#allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr }; allow sshd_login_t self:capability { linux_immutable sys_resource }; @@ -212,6 +212,8 @@ role system_r types sshd_user_shell_t; role system_r types user_cvs_rw_t; +allow sshd_user_shell_t sshd_devpts_t:chr_file { getattr setattr rw_file_perms poll }; + allow sshd_user_shell_t { self sshd_t }:fd { create use }; allow sshd_user_shell_t { sbin_t bin_t home_root_t user_home_dir_t usr_t etc_t }:dir search; allow sshd_user_shell_t etc_t:file r_file_perms; ==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#5 (text+ko) ==== @@ -625,8 +625,8 @@ allow $1_t devpts_t:dir { getattr read search }; # For systems without /dev/ptmx -allow $1_t devpts_t:chr_file { poll getattr setattr read write }; -type_change $1_t devpts_t:chr_file $1_devpts_t; +#allow $1_t devpts_t:chr_file { poll getattr setattr read write }; +#type_change $1_t devpts_t:chr_file $1_devpts_t; ') ##################################