PERFORCE change 75498 for review

Mon Apr 18 16:45:23 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=75498

Change 75498 by areisse at areisse_ibook on 2005/04/18 16:45:05

	Initial support for access vectors in a mach message trailer. A new
	entry point, mac_check_ipc_methods, returns an access vector
	mapping routine numbers to permitted/denied bits. This vector is
	then stored in the message trailer (if requested by the recipient).
	Currently, any access decisions are made using the sender's task label
	at the time of the sending, and the recipient port label at the
	time of receive.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#3 (text+ko) ====

@@ -67,6 +67,7 @@
 struct vnode;
 struct devnode;
 struct task;
+struct msg_access_vector;
 
 struct mac_policy_ops {
 	/*
@@ -478,6 +479,9 @@
 	int	(*mpo_audit_postselect)(struct ucred *cred,
 		    unsigned short syscode, void *args, int error,
 		    int retval);
+
+	void	(*mpo_check_ipc_methods)(struct label *task,
+		    struct label *port, struct msg_access_vector *av);
 };
 
 struct mac_policy_conf {

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_msg.c#2 (text+ko) ====

@@ -274,6 +274,18 @@
 		trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option);
 
 #if 1
+
+		if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_AV)) {
+		  if (kmsg->ikm_sender != IO_NULL &&
+		      IP_VALID(kmsg->ikm_header.msgh_remote_port)) {
+		    mac_check_ipc_methods
+		      (&kmsg->ikm_sender->lh_label,
+		       &((ipc_port_t)kmsg->ikm_header.msgh_remote_port)->ip_label, &trailer->msgh_av);
+		  }
+		  else
+			  memset(trailer->msgh_av.av, 0, sizeof(msg_access_vector_t));
+		}
+
 		if (option & MACH_RCV_TRAILER_ELEMENTS (MACH_RCV_TRAILER_LABELS)) {
 		  if (kmsg->ikm_sender != IO_NULL) {
 		    ipc_object_t  lh = &kmsg->ikm_sender->lh_object;

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/mac.h#3 (text+ko) ====

@@ -25,6 +25,7 @@
  * SUCH DAMAGE.
  */
 
+#include <mach/message.h>
 #include <kern/task.h>
 
 /* tasks */
@@ -58,3 +59,5 @@
 int mac_check_port_hold_receive (struct label *task, struct label *port);
 
 int mac_check_task_service_access (task_t self, task_t obj, const char *perm);
+
+void mac_check_ipc_methods (struct label *task, struct label *port, msg_access_vector_t *av);

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/message.h#2 (text+ko) ====

@@ -331,6 +331,11 @@
   mach_port_name_t sender;
 } msg_labels_t;
 
+typedef struct msg_access_vector
+{
+  unsigned int			av[4];
+} msg_access_vector_t;
+
 typedef struct
 {
   mach_msg_trailer_type_t       msgh_trailer_type;
@@ -339,6 +344,7 @@
   security_token_t              msgh_sender;
   audit_token_t			msgh_audit;
   msg_labels_t                  msgh_labels;
+  msg_access_vector_t		msgh_av;
 } mach_msg_mac_trailer_t;
 
 #define MACH_MSG_TRAILER_MINIMUM_SIZE  sizeof(mach_msg_trailer_t)
@@ -513,6 +519,7 @@
 #define MACH_RCV_TRAILER_SENDER 2
 #define MACH_RCV_TRAILER_AUDIT  3
 #define MACH_RCV_TRAILER_LABELS 4
+#define MACH_RCV_TRAILER_AV     8
 
 #define MACH_RCV_TRAILER_TYPE(x)     (((x) & 0xf) << 28) 
 #define MACH_RCV_TRAILER_ELEMENTS(x) (((x) & 0xf) << 24)  

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_port.c#3 (text+ko) ====

@@ -32,6 +32,7 @@
  */
 
 #include <security/mac_internal.h>
+#include <mach/message.h>
 
 void
 mac_init_port_label (struct label *l)
@@ -171,3 +172,27 @@
 
 	return (error);
 }
+
+void
+mac_check_ipc_methods(struct label *task, struct label *port,
+    msg_access_vector_t *av)
+{
+	struct mac_policy_conf *mpc;
+	int entrycount;
+
+	memset(av, 0xff, sizeof(msg_access_vector_t));
+
+	LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
+		if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
+			mpc->mpc_ops->mpo_check_ipc_methods(
+			    task, port, av);
+	}
+	if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
+		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+			if (mpc->mpc_ops->mpo_check_ipc_methods != NULL)
+				mpc->mpc_ops->mpo_check_ipc_methods(
+				    task, port, av);
+		}
+		mac_policy_list_unbusy();
+	}
+}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

