PERFORCE change 22719 for review
Robert Watson
rwatson at freebsd.org
Tue Dec 24 22:06:48 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22719
Change 22719 by rwatson at rwatson_paprika on 2002/12/24 14:06:46
Instrument and authorize sysarch(), the platform-dependent service
access system call. Perform authorization only for sysarch() calls
that require suser privilege, since those are the ones we're most
interested in right now.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/alpha/alpha/sys_machdep.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/i386/i386/sys_machdep.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#372 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#194 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#116 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#92 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#226 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#180 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/alpha/alpha/sys_machdep.c#7 (text+ko) ====
@@ -35,9 +35,12 @@
*
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/sysent.h>
@@ -114,6 +117,12 @@
if (error)
return (error);
+#ifdef MAC
+ error = mac_check_sysarch_ioperm(td->td_ucred));
+ if (error)
+ return (error);
+#endif
+
error = securelevel_gt(td->td_ucred, 0);
if (error)
return (error);
==== //depot/projects/trustedbsd/mac/sys/i386/i386/sys_machdep.c#8 (text+ko) ====
@@ -36,10 +36,12 @@
*/
#include "opt_kstack_pages.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/proc.h>
@@ -183,6 +185,10 @@
if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0)
return (error);
+#ifdef MAC
+ if ((error = mac_check_sysarch_ioperm(td->td_ucred)) != 0)
+ return (error);
+#endif
if ((error = suser(td)) != 0)
return (error);
if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#372 (text+ko) ====
@@ -2622,6 +2622,18 @@
}
int
+mac_check_sysarch_ioperm(struct ucred *cred)
+{
+ int error;
+
+ if (!mac_enforce_system)
+ return (0);
+
+ MAC_CHECK(check_sysarch_ioperm, cred);
+ return (error);
+}
+
+int
mac_check_system_acct(struct ucred *cred, struct vnode *vp)
{
int error;
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#194 (text+ko) ====
@@ -1892,6 +1892,24 @@
}
static int
+mac_biba_check_sysarch_ioperm(struct ucred *cred)
+{
+ struct mac_biba *subj;
+ int error;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+
+ error = mac_biba_subject_privileged(subj);
+ if (error)
+ return (error);
+
+ return (0);
+}
+
+static int
mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -2708,6 +2726,7 @@
.mpo_check_socket_deliver = mac_biba_check_socket_deliver,
.mpo_check_socket_relabel = mac_biba_check_socket_relabel,
.mpo_check_socket_visible = mac_biba_check_socket_visible,
+ .mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm,
.mpo_check_system_acct = mac_biba_check_system_acct,
.mpo_check_system_settime = mac_biba_check_system_settime,
.mpo_check_system_swapon = mac_biba_check_system_swapon,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#116 (text+ko) ====
@@ -670,6 +670,13 @@
}
static int
+mac_none_check_sysarch_ioperm(struct ucred *cred)
+{
+
+ return (0);
+}
+
+static int
mac_none_check_system_acct(struct ucred *cred, struct vnode *vp,
struct label *vlabel)
{
@@ -1070,6 +1077,7 @@
.mpo_check_socket_listen = mac_none_check_socket_listen,
.mpo_check_socket_relabel = mac_none_check_socket_relabel,
.mpo_check_socket_visible = mac_none_check_socket_visible,
+ .mpo_check_sysarch_ioperm = mac_none_check_sysarch_ioperm,
.mpo_check_system_acct = mac_none_check_system_acct,
.mpo_check_system_reboot = mac_none_check_system_reboot,
.mpo_check_system_settime = mac_none_check_system_settime,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#92 (text+ko) ====
@@ -1066,6 +1066,13 @@
}
static int
+mac_test_check_sysarch_ioperm(struct ucred *cred)
+{
+
+ return (0);
+}
+
+static int
mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -1467,6 +1474,7 @@
.mpo_check_socket_listen = mac_test_check_socket_listen,
.mpo_check_socket_relabel = mac_test_check_socket_relabel,
.mpo_check_socket_visible = mac_test_check_socket_visible,
+ .mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
.mpo_check_system_acct = mac_test_check_system_acct,
.mpo_check_system_reboot = mac_test_check_system_reboot,
.mpo_check_system_settime = mac_test_check_system_settime,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#226 (text+ko) ====
@@ -265,6 +265,7 @@
int mac_check_socket_receive(struct ucred *cred, struct socket *so);
int mac_check_socket_send(struct ucred *cred, struct socket *so);
int mac_check_socket_visible(struct ucred *cred, struct socket *so);
+int mac_check_sysarch_ioperm(struct ucred *cred);
int mac_check_system_acct(struct ucred *cred, struct vnode *vp);
int mac_check_system_nfsd(struct ucred *cred);
int mac_check_system_reboot(struct ucred *cred, int howto);
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#180 (text+ko) ====
@@ -323,6 +323,7 @@
struct socket *so, struct label *socketlabel);
int (*mpo_check_socket_visible)(struct ucred *cred,
struct socket *so, struct label *socketlabel);
+ int (*mpo_check_sysarch_ioperm)(struct ucred *cred);
int (*mpo_check_system_acct)(struct ucred *cred,
struct vnode *vp, struct label *vlabel);
int (*mpo_check_system_nfsd)(struct ucred *cred);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list