git: 0dafeb5bc874 - stable/13 - New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Thu, 21 Dec 2023 13:43:23 UTC
The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=0dafeb5bc874d79907cc25b3c8dc14f9ed55b396

commit 0dafeb5bc874d79907cc25b3c8dc14f9ed55b396
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2023-12-21 13:36:09 +0000

    New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
    
    This is a new helper function that leverages existing code: It calls
    successively cr_canseeotheruids(), cr_canseeothergids() and
    cr_canseejailproc() (as long as the previous didn't deny access).  Will
    be used in a subsequent commit.
    
    Reviewed by:            mhorne
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40627
    
    (cherry picked from commit e4a7b4f99cfd4931468c0866da4ae8b49cf5badb)
    
    Approved by:    markj (mentor)
---
 sys/kern/kern_prot.c | 19 +++++++++++++++++++
 sys/sys/proc.h       |  1 +
 2 files changed, 20 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 8b56ba3f8846..8118afd4d366 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1436,6 +1436,25 @@ cr_canseejailproc(struct ucred *u1, struct ucred *u2)
 	return (ESRCH);
 }
 
+/*
+ * Helper for cr_cansee*() functions to abide by system-wide security.bsd.see_*
+ * policies.  Determines if u1 "can see" u2 according to these policies.
+ * Returns: 0 for permitted, ESRCH otherwise
+ */
+int
+cr_bsd_visible(struct ucred *u1, struct ucred *u2)
+{
+	int error;
+
+	if ((error = cr_canseeotheruids(u1, u2)))
+		return (error);
+	if ((error = cr_canseeothergids(u1, u2)))
+		return (error);
+	if ((error = cr_canseejailproc(u1, u2)))
+		return (error);
+	return (0);
+}
+
 /*-
  * Determine if u1 "can see" the subject specified by u2.
  * Returns: 0 for permitted, an errno value otherwise
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index b279839dbf8d..a85ae239f46b 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -1095,6 +1095,7 @@ int	pget(pid_t pid, int flags, struct proc **pp);
 
 void	ast(struct trapframe *framep);
 struct	thread *choosethread(void);
+int	cr_bsd_visible(struct ucred *u1, struct ucred *u2);
 int	cr_cansee(struct ucred *u1, struct ucred *u2);
 int	cr_canseesocket(struct ucred *cred, struct socket *so);
 int	cr_canseeothergids(struct ucred *u1, struct ucred *u2);