From owner-p4-projects@FreeBSD.ORG Tue Aug 15 17:44:21 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 594E016A4E0; Tue, 15 Aug 2006 17:44:21 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 306B016A4DA for ; Tue, 15 Aug 2006 17:44:21 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EA7E43D6B for ; Tue, 15 Aug 2006 17:44:20 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7FHiKUu035486 for ; Tue, 15 Aug 2006 17:44:20 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7FHiJdB035483 for perforce@freebsd.org; Tue, 15 Aug 2006 17:44:19 GMT (envelope-from millert@freebsd.org) Date: Tue, 15 Aug 2006 17:44:19 GMT Message-Id: <200608151744.k7FHiJdB035483@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 104070 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Aug 2006 17:44:21 -0000 http://perforce.freebsd.org/chv.cgi?CH=104070 Change 104070 by millert@millert_macbook on 2006/08/15 17:44:17 Add security.mac.sebsd.compute.create, security.mac.sebsd.compute.member, and security.mac.sebsd.canon.context sysctls for use by libselinux. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_sysctl.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_sysctl.c#2 (text+ko) ==== @@ -366,7 +366,169 @@ return (error); } +/* + * Sysctl handler for security.mac.sebsd.canon_context. + * Check sid validity, returns canonical name of context. + */ +static int +sysctl_canon_context SYSCTL_HANDLER_ARGS +{ + u_int32_t sid, len; + char *context, *canon; + int error; + +#ifdef SECURITY__COMPUTE_CHECK + error = cred_has_security(kauth_cred_get(), SECURITY__COMPUTE_CHECK); + if (error) + return (error); +#endif + + if (req->newlen < 2) + return (EINVAL); + if (req->newlen > 512) /* arbitrary */ + return (ENAMETOOLONG); + context = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); + error = SYSCTL_IN(req, context, req->newlen); + if (error) + goto out; + if (context[req->newlen - 1] != '\0') { + error = EINVAL; + goto out; + } + /* + * XXX We need POLICY_RDLOCK here, but it's not exported! + */ + error = security_context_to_sid(context, strlen(context) + 1, &sid); + if (error) + goto out; + + error = security_sid_to_context(sid, &canon, &len); + if (error == 0) { + error = SYSCTL_OUT(req, canon, len); + sebsd_free(canon, M_SEBSD); + } +out: + sebsd_free(context, M_SEBSD); + return (error); +} + +/* + * Sysctl handler for security.mac.sebsd.compute_create. Create new sid + * given input "scontext\0tcontext\0", tclass. + */ +static int +sysctl_compute_create SYSCTL_HANDLER_ARGS +{ + u_int32_t sid, tsid, newsid, len; + u_int16_t tclass; + char *scontext, *tcontext, *newcontext; + int error; + + error = cred_has_security(kauth_cred_get(), SECURITY__COMPUTE_CREATE); + if (error) + return (error); + + if (req->newlen < 4 + sizeof(tclass)) + return (EINVAL); + if (req->newlen > 512) /* arbitrary */ + return (ENAMETOOLONG); + scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); + error = SYSCTL_IN(req, scontext, req->newlen); + if (error) + goto out; + if (scontext[req->newlen - (1 + sizeof(tclass))] != '\0') { + error = EINVAL; + goto out; + } + tcontext = &scontext[strlen(scontext) + 1]; + if (tcontext >= &scontext[req->newlen - (1 + sizeof(tclass))]) { + error = EINVAL; + goto out; + } + bcopy(&tcontext[strlen(tcontext) + 1], &tclass, sizeof(tclass)); + /* + * XXX We need POLICY_RDLOCK here, but it's not exported! + */ + error = security_context_to_sid(scontext, strlen(scontext) + 1, &sid); + if (error) + goto out; + error = security_context_to_sid(tcontext, strlen(tcontext) + 1, &tsid); + if (error) + goto out; + + error = security_transition_sid(sid, tsid, tclass, &newsid); + if (error) + goto out; + + error = security_sid_to_context(newsid, &newcontext, &len); + if (error == 0) { + error = SYSCTL_OUT(req, newcontext, len); + sebsd_free(newcontext, M_SEBSD); + } +out: + sebsd_free(scontext, M_SEBSD); + return (error); +} + +/* + * Sysctl handler for security.mac.sebsd.compute_member. Compute member sid + * given input "scontext\0tcontext\0", tclass. + */ static int +sysctl_compute_member SYSCTL_HANDLER_ARGS +{ + u_int32_t sid, tsid, newsid, len; + u_int16_t tclass; + char *scontext, *tcontext, *newcontext; + int error; + + error = cred_has_security(kauth_cred_get(), SECURITY__COMPUTE_MEMBER); + if (error) + return (error); + + if (req->newlen < 4 + sizeof(tclass)) + return (EINVAL); + if (req->newlen > 512) /* arbitrary */ + return (ENAMETOOLONG); + scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); + error = SYSCTL_IN(req, scontext, req->newlen); + if (error) + goto out; + if (scontext[req->newlen - (1 + sizeof(tclass))] != '\0') { + error = EINVAL; + goto out; + } + tcontext = &scontext[strlen(scontext) + 1]; + if (tcontext >= &scontext[req->newlen - (1 + sizeof(tclass))]) { + error = EINVAL; + goto out; + } + bcopy(&tcontext[strlen(tcontext) + 1], &tclass, sizeof(tclass)); + /* + * XXX We need POLICY_RDLOCK here, but it's not exported! + */ + error = security_context_to_sid(scontext, strlen(scontext) + 1, &sid); + if (error) + goto out; + error = security_context_to_sid(tcontext, strlen(tcontext) + 1, &tsid); + if (error) + goto out; + + error = security_member_sid(sid, tsid, tclass, &newsid); + if (error) + goto out; + + error = security_sid_to_context(newsid, &newcontext, &len); + if (error == 0) { + error = SYSCTL_OUT(req, newcontext, len); + sebsd_free(newcontext, M_SEBSD); + } +out: + sebsd_free(scontext, M_SEBSD); + return (error); +} + +static int sysctl_sebsd_policypath SYSCTL_HANDLER_ARGS { void *path; @@ -412,6 +574,15 @@ SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A", "SEBSD access vector decision query"); +SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, canon_context, CTLTYPE_STRING | + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_canon_context, "A", + "SEBSD context verification query"); +SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_create, CTLTYPE_STRING | + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_create, "A", + "SEBSD context computation query"); +SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_member, CTLTYPE_STRING | + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_member, "A", + "SEBSD context member query"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, auditing, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, sysctl_sebsd_auditing, "I", "SEBSD avc auditing"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | @@ -436,6 +607,9 @@ sysctl_register_oid(&sysctl__security_mac_sebsd_file_sids); sysctl_register_oid(&sysctl__security_mac_sebsd_change_sid); sysctl_register_oid(&sysctl__security_mac_sebsd_compute_av); + sysctl_register_oid(&sysctl__security_mac_sebsd_compute_create); + sysctl_register_oid(&sysctl__security_mac_sebsd_compute_member); + sysctl_register_oid(&sysctl__security_mac_sebsd_canon_context); sysctl_register_oid(&sysctl__security_mac_sebsd_auditing); sysctl_register_oid(&sysctl__security_mac_sebsd_enforcing); sysctl_register_oid(&sysctl__security_mac_sebsd_policyvers);