git: 3ad322db8902 - stable/14 - New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects

From: Mitchell Horne <mhorne_at_FreeBSD.org>
Date: Tue, 17 Oct 2023 19:43:24 UTC
The branch stable/14 has been updated by mhorne:

URL: https://cgit.FreeBSD.org/src/commit/?id=3ad322db8902da1c3d3669471e4e5738f980a849

commit 3ad322db8902da1c3d3669471e4e5738f980a849
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-17 19:42:58 +0000

    New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
    
    This is a new helper function that leverages existing code: It calls
    successively cr_canseeotheruids(), cr_canseeothergids() and
    cr_canseejailproc() (as long as the previous didn't deny access).  Will
    be used in a subsequent commit.
    
    Reviewed by:            mhorne
    MFC after:              2 weeks
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40627
    
    (cherry picked from commit e4a7b4f99cfd4931468c0866da4ae8b49cf5badb)
---
 sys/kern/kern_prot.c | 19 +++++++++++++++++++
 sys/sys/proc.h       |  1 +
 2 files changed, 20 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index ed15cb566499..1e6073b554e4 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1434,6 +1434,25 @@ cr_canseejailproc(struct ucred *u1, struct ucred *u2)
 	return (ESRCH);
 }
 
+/*
+ * Helper for cr_cansee*() functions to abide by system-wide security.bsd.see_*
+ * policies.  Determines if u1 "can see" u2 according to these policies.
+ * Returns: 0 for permitted, ESRCH otherwise
+ */
+int
+cr_bsd_visible(struct ucred *u1, struct ucred *u2)
+{
+	int error;
+
+	if ((error = cr_canseeotheruids(u1, u2)))
+		return (error);
+	if ((error = cr_canseeothergids(u1, u2)))
+		return (error);
+	if ((error = cr_canseejailproc(u1, u2)))
+		return (error);
+	return (0);
+}
+
 /*-
  * Determine if u1 "can see" the subject specified by u2.
  * Returns: 0 for permitted, an errno value otherwise
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 3102cae7add0..8609bbd124ad 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -1163,6 +1163,7 @@ void	ast_sched(struct thread *td, int tda);
 void	ast_unsched_locked(struct thread *td, int tda);
 
 struct	thread *choosethread(void);
+int	cr_bsd_visible(struct ucred *u1, struct ucred *u2);
 int	cr_cansee(struct ucred *u1, struct ucred *u2);
 int	cr_canseesocket(struct ucred *cred, struct socket *so);
 int	cr_canseeothergids(struct ucred *u1, struct ucred *u2);