git: 768fe2300987 - releng/14.0 - New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mitchell Horne <mhorne_at_FreeBSD.org>
Date: Wed, 18 Oct 2023 18:03:41 UTC
The branch releng/14.0 has been updated by mhorne:

URL: https://cgit.FreeBSD.org/src/commit/?id=768fe23009877b42a9f45b0ca9e9c05f9db76649

commit 768fe23009877b42a9f45b0ca9e9c05f9db76649
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-18 17:59:34 +0000

    New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
    
    This is a new helper function that leverages existing code: It calls
    successively cr_canseeotheruids(), cr_canseeothergids() and
    cr_canseejailproc() (as long as the previous didn't deny access).  Will
    be used in a subsequent commit.
    
    Approved by:            re (gjb)
    Reviewed by:            mhorne
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40627
    
    (cherry picked from commit e4a7b4f99cfd4931468c0866da4ae8b49cf5badb)
    (cherry picked from commit 4a78431a52e9e65c6181a943bca2430633350db1)
---
 sys/kern/kern_prot.c | 19 +++++++++++++++++++
 sys/sys/proc.h       |  1 +
 2 files changed, 20 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index ed15cb566499..1e6073b554e4 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1434,6 +1434,25 @@ cr_canseejailproc(struct ucred *u1, struct ucred *u2)
 	return (ESRCH);
 }
 
+/*
+ * Helper for cr_cansee*() functions to abide by system-wide security.bsd.see_*
+ * policies.  Determines if u1 "can see" u2 according to these policies.
+ * Returns: 0 for permitted, ESRCH otherwise
+ */
+int
+cr_bsd_visible(struct ucred *u1, struct ucred *u2)
+{
+	int error;
+
+	if ((error = cr_canseeotheruids(u1, u2)))
+		return (error);
+	if ((error = cr_canseeothergids(u1, u2)))
+		return (error);
+	if ((error = cr_canseejailproc(u1, u2)))
+		return (error);
+	return (0);
+}
+
 /*-
  * Determine if u1 "can see" the subject specified by u2.
  * Returns: 0 for permitted, an errno value otherwise
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 3102cae7add0..8609bbd124ad 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -1163,6 +1163,7 @@ void	ast_sched(struct thread *td, int tda);
 void	ast_unsched_locked(struct thread *td, int tda);
 
 struct	thread *choosethread(void);
+int	cr_bsd_visible(struct ucred *u1, struct ucred *u2);
 int	cr_cansee(struct ucred *u1, struct ucred *u2);
 int	cr_canseesocket(struct ucred *cred, struct socket *so);
 int	cr_canseeothergids(struct ucred *u1, struct ucred *u2);