PERFORCE change 95810 for review
Todd Miller
millert at FreeBSD.org
Fri Apr 21 18:30:47 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=95810
Change 95810 by millert at millert_g5tower on 2006/04/21 18:30:32
Remove a horrible policy hack and have mach_init use
mac_execve() instead.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#9 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#9 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#9 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/system_cmds/mach_init.tproj/bootstrap.c#9 (text+ko) ====
@@ -49,6 +49,7 @@
#import <sys/time.h>
#import <sys/resource.h>
#import <sys/wait.h>
+#import <sys/mac.h>
#import <pthread.h>
#import <string.h>
#import <ctype.h>
@@ -825,8 +826,9 @@
static void
exec_server(server_t *serverp)
{
- char **argv;
+ char **argv, *cp, textlabel[512];
sigset_t mask;
+ mac_t label;
/*
* Setup environment for server, someday this should be Mach stuff
@@ -881,12 +883,19 @@
sigemptyset(&mask);
(void) sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL);
+ if (mach_get_task_label_text(mach_task_self(), "sebsd", textlabel) == 0
+ && (cp = rindex(textlabel, ':')) != NULL) {
+ *(cp + 1) = '\0';
+ strlcat(textlabel, "mach_servers_d");
+ if (mac_from_text(&label, textlabel) == 0)
+ mac_set_proc(label);
+ }
execv(argv[0], argv);
unix_fatal("Disabled server %x bootstrap %x: \"%s\": exec()",
serverp->port,
serverp->bootstrap->bootstrap_port,
serverp->cmd);
-}
+}
static char **
argvize(const char *string)
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#9 (text+ko) ====
@@ -37,7 +37,7 @@
install:
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 ${POLICY} ${DESTDIR}
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR}
- $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin
+ $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin/contexts
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin
(cd $(CURDIR)/.. && tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/ && tar -xf -)
(cd $(FLASK)/.. && tar -cf - flask) | (cd $(DESTDIR)/private/etc/sedarwin/policy && tar -xf -)
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#6 (text+ko) ====
@@ -310,63 +310,6 @@
#################################
#
-# domain_exec_trans(parent_domain, child_domain)
-#
-# Permissions for transitioning to a new domain.
-#
-
-define(`domain_exec_trans',`
-
-#
-# Allow the process to transition to the new domain.
-#
-allow $1 $2:process transition;
-
-#
-# Do not audit when glibc secure mode is enabled upon the transition.
-#
-dontaudit $1 $2:process noatsecure;
-
-#
-# Allow the process to execute the program.
-#
-allow $1 *:file { read x_file_perms };
-
-#
-# Allow the process to reap the new domain.
-#
-allow $2 $1:process sigchld;
-
-#
-# Allow the new domain to inherit and use file
-# descriptions from the creating process and vice versa.
-#
-allow $2 $1:fd use;
-allow $1 $2:fd use;
-
-#
-# Allow the new domain to write back to the old domain via a pipe.
-#
-allow $2 $1:fifo_file rw_file_perms;
-
-#
-# Allow the new domain to read and execute the program.
-#
-allow $2 *:file rx_file_perms;
-
-#
-# Allow the new domain to be entered via the program.
-#
-allow $2 *:file entrypoint;
-
-#
-# Make the transition
-#
-type_transition $1 *:process $2;
-')
-
-#################################
-#
# domain_auto_trans(parent_domain, program_type, child_domain)
#
# Define a default domain transition and allow it.
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#9 (text+ko) ====
@@ -131,15 +131,14 @@
#allow init_d { bin_t shell_exec_t file_t }:dir_file_class_set rw_file_perms;
#allow init_d bin_t:file execute_no_trans;
-# Things executed by mach_init transition to mach_servers_d
-# XXX - awful hack
-domain_exec_trans(mach_init_d,mach_servers_d);
-
# Transition from init_d -> mach_init_d when mach_init starts
# and then back to init_d when BSD init is exec'd
domain_auto_trans(init_d,mach_init_exec_t,mach_init_d);
domain_auto_trans(mach_init_d,init_exec_t,init_d);
+# mach_init_d does its own transition to mach_servers_d
+allow mach_init_d mach_servers_d:process transition;
+
# User transitions for login and sshd
domain_auto_trans(init_d,login_exec_t,login_d);
domain_auto_trans(user_d,login_exec_t,login_d);
@@ -194,11 +193,17 @@
allow user_d security_t:security *;
# Transitions for mach servers started by mach_init
-domain_auto_trans(mach_init_d,windowserver_exec_t,windowserver_d);
-domain_auto_trans(mach_init_d,lookupd_exec_t,lookupd_d);
-domain_auto_trans(mach_init_d,notifyd_exec_t,notifyd_d);
-domain_auto_trans(mach_init_d,diskarbitrationd_exec_t,diskarbitrationd_d);
-domain_auto_trans(mach_init_d,configd_exec_t,configd_d);
+allow mach_servers_d file_t:file entrypoint;
+domain_auto_trans(mach_servers_d,windowserver_exec_t,windowserver_d);
+allow mach_servers_d windowserver_exec_t:file entrypoint;
+domain_auto_trans(mach_servers_d,lookupd_exec_t,lookupd_d);
+allow mach_servers_d lookupd_exec_t:file entrypoint;
+domain_auto_trans(mach_servers_d,notifyd_exec_t,notifyd_d);
+allow mach_servers_d notifyd_exec_t:file entrypoint;
+domain_auto_trans(mach_servers_d,diskarbitrationd_exec_t,diskarbitrationd_d);
+allow mach_servers_d diskarbitrationd_exec_t:file entrypoint;
+domain_auto_trans(mach_servers_d,configd_exec_t,configd_d);
+allow mach_servers_d configd_exec_t:file entrypoint;
# Transitions for things started by BSD init
domain_auto_trans(init_d,systemstarter_exec_t,systemstarter_d);
More information about the p4-projects
mailing list