PERFORCE change 231382 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jul 23 20:43:49 UTC 2013
http://p4web.freebsd.org/@@231382?ac=10
Change 231382 by rwatson at rwatson_cinnamon on 2013/07/23 20:43:26
Add 70-80 new TESLA assertions relating to MAC, process
access-control, and sysctl privilege checking.
Affected files ...
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ctl.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ioctl.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_note.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_osrel.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_rlimit.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_status.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_type.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/kern_cpuset.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/kern_mib.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#5 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/ksched.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/sys_process.c#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/modules/Makefile#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/sys/tesla-kernel.h#7 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#13 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#3 edit
Differences ...
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs.c#2 (text+ko) ====
@@ -54,6 +54,8 @@
#include <sys/systm.h>
#include <sys/vnode.h>
+#include <sys/tesla-kernel.h>
+
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_param.h>
@@ -72,6 +74,8 @@
struct vnode *textvp;
int error;
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0);
+
freepath = NULL;
PROC_LOCK(p);
textvp = p->p_textvp;
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ctl.c#2 (text+ko) ====
@@ -46,6 +46,7 @@
#include <sys/sbuf.h>
#include <sys/signalvar.h>
#include <sys/sx.h>
+#include <sys/tesla-kernel.h>
#include <sys/uio.h>
#include <fs/pseudofs/pseudofs.h>
@@ -312,6 +313,8 @@
int error;
struct namemap *nm;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
if (uio == NULL || uio->uio_rw != UIO_WRITE)
return (EOPNOTSUPP);
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_ioctl.c#2 (text+ko) ====
@@ -38,6 +38,7 @@
#include <sys/proc.h>
#include <sys/signalvar.h>
#include <sys/systm.h>
+#include <sys/tesla-kernel.h>
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
@@ -70,6 +71,8 @@
int ival;
#endif
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
KASSERT(p != NULL,
("%s() called without a process", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_note.c#2 (text+ko) ====
@@ -39,13 +39,20 @@
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/sbuf.h>
+#include <sys/tesla-kernel.h>
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
+/* Required for TESLA assertion. */
+#include <sys/proc.h>
+
int
procfs_doprocnote(PFS_FILL_ARGS)
{
+
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
sbuf_trim(sb);
sbuf_finish(sb);
/* send to process's notify function */
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_osrel.c#2 (text+ko) ====
@@ -34,6 +34,7 @@
#include <sys/proc.h>
#include <sys/sbuf.h>
#include <sys/uio.h>
+#include <sys/tesla-kernel.h>
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
@@ -44,6 +45,8 @@
const char *pp;
int ov, osrel, i;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
if (uio == NULL)
return (EOPNOTSUPP);
if (uio->uio_rw == UIO_READ) {
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_rlimit.c#2 (text+ko) ====
@@ -55,6 +55,7 @@
#include <sys/sbuf.h>
#include <sys/types.h>
#include <sys/malloc.h>
+#include <sys/tesla-kernel.h>
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
@@ -66,6 +67,8 @@
struct plimit *limp;
int i;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
/*
* Obtain a private reference to resource limits
*/
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_status.c#2 (text+ko) ====
@@ -51,6 +51,7 @@
#include <sys/resourcevar.h>
#include <sys/sbuf.h>
#include <sys/sysent.h>
+#include <sys/tesla-kernel.h>
#include <sys/tty.h>
#include <vm/vm.h>
@@ -73,6 +74,8 @@
int pid, ppid, pgid, sid;
int i;
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0);
+
pid = p->p_pid;
PROC_LOCK(p);
ppid = p->p_pptr ? p->p_pptr->p_pid : 0;
==== //depot/projects/ctsrd/tesla/src/sys/fs/procfs/procfs_type.c#2 (text+ko) ====
@@ -38,6 +38,7 @@
#include <sys/proc.h>
#include <sys/sbuf.h>
#include <sys/sysent.h>
+#include <sys/tesla-kernel.h>
#include <fs/pseudofs/pseudofs.h>
#include <fs/procfs/procfs.h>
@@ -47,6 +48,8 @@
{
static const char *none = "Not Available";
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), p) == 0);
+
if (p != NULL && p->p_sysent && p->p_sysent->sv_name)
sbuf_printf(sb, "%s", p->p_sysent->sv_name);
else
==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_cpuset.c#2 (text+ko) ====
@@ -54,6 +54,7 @@
#include <sys/limits.h>
#include <sys/bus.h>
#include <sys/interrupt.h>
+#include <sys/tesla-kernel.h>
#include <vm/uma.h>
@@ -538,6 +539,8 @@
}
}
PROC_LOCK_ASSERT(p, MA_OWNED);
+ TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), p) == 0);
+
/*
* Now that the appropriate locks are held and we have enough cpusets,
* make sure the operation will succeed before applying changes. The
@@ -713,6 +716,9 @@
error = cpuset_which(CPU_WHICH_TID, id, &p, &td, &set);
if (error)
goto out;
+
+ TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), p) == 0);
+
set = NULL;
thread_lock(td);
error = cpuset_shadow(td->td_cpuset, nset, mask);
==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_mib.c#2 (text+ko) ====
@@ -53,8 +53,12 @@
#include <sys/jail.h>
#include <sys/smp.h>
#include <sys/sx.h>
+#include <sys/tesla-kernel.h>
#include <sys/unistd.h>
+/* Required for TESLA assertion. */
+#include <sys/priv.h>
+
SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0,
"Sysctl internal magic");
SYSCTL_NODE(, CTL_KERN, kern, CTLFLAG_RW|CTLFLAG_CAPRD, 0,
@@ -292,6 +296,9 @@
error = sysctl_handle_string(oidp, tmpname, len, req);
if (req->newptr != NULL && error == 0) {
+ TESLA_SYSCALL_PREVIOUSLY(priv_check(req->td,
+ PRIV_SYSCTL_WRITEJAIL) == 0);
+
/*
* Copy the locally set hostname to all jails that share
* this host info.
@@ -349,6 +356,10 @@
error = sysctl_handle_int(oidp, &level, 0, req);
if (error || !req->newptr)
return (error);
+
+ TESLA_SYSCALL_PREVIOUSLY(priv_check(req->td, PRIV_SYSCTL_WRITEJAIL) ==
+ 0);
+
/* Permit update only if the new securelevel exceeds the old. */
sx_slock(&allprison_lock);
mtx_lock(&pr->pr_mtx);
==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#5 (text+ko) ====
==== //depot/projects/ctsrd/tesla/src/sys/kern/ksched.c#2 (text+ko) ====
@@ -48,6 +48,7 @@
#include <sys/posix4.h>
#include <sys/resource.h>
#include <sys/sched.h>
+#include <sys/tesla-kernel.h>
FEATURE(kposix_priority_scheduling, "POSIX P1003.1B realtime extensions");
@@ -136,6 +137,8 @@
int policy;
int e;
+ TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), td->td_proc) == 0);
+
e = getscheduler(ksched, td, &policy);
if (e == 0)
@@ -152,6 +155,8 @@
{
struct rtprio rtp;
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0);
+
pri_to_rtp(td, &rtp);
if (RTP_PRIO_IS_REALTIME(rtp.type))
param->sched_priority = rtpprio_to_p4prio(rtp.prio);
@@ -182,6 +187,8 @@
int e = 0;
struct rtprio rtp;
+ TESLA_SYSCALL_PREVIOUSLY(p_cansched(ANY(ptr), td->td_proc) == 0);
+
switch(policy)
{
case SCHED_RR:
@@ -224,6 +231,9 @@
int
ksched_getscheduler(struct ksched *ksched, struct thread *td, int *policy)
{
+
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0);
+
return getscheduler(ksched, td, policy);
}
@@ -286,6 +296,9 @@
ksched_rr_get_interval(struct ksched *ksched,
struct thread *td, struct timespec *timespec)
{
+
+ TESLA_SYSCALL_PREVIOUSLY(p_cansee(ANY(ptr), td->td_proc) == 0);
+
*timespec = ksched->rr_interval;
return 0;
==== //depot/projects/ctsrd/tesla/src/sys/kern/sys_process.c#3 (text+ko) ====
@@ -48,6 +48,7 @@
#include <sys/sx.h>
#include <sys/malloc.h>
#include <sys/signalvar.h>
+#include <sys/tesla-kernel.h>
#include <machine/reg.h>
@@ -140,6 +141,8 @@
proc_read_regs(struct thread *td, struct reg *regs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_regs(td, regs));
}
@@ -147,6 +150,8 @@
proc_write_regs(struct thread *td, struct reg *regs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_regs(td, regs));
}
@@ -154,6 +159,8 @@
proc_read_dbregs(struct thread *td, struct dbreg *dbregs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_dbregs(td, dbregs));
}
@@ -161,6 +168,8 @@
proc_write_dbregs(struct thread *td, struct dbreg *dbregs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_dbregs(td, dbregs));
}
@@ -172,6 +181,8 @@
proc_read_fpregs(struct thread *td, struct fpreg *fpregs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_fpregs(td, fpregs));
}
@@ -179,6 +190,8 @@
proc_write_fpregs(struct thread *td, struct fpreg *fpregs)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_fpregs(td, fpregs));
}
@@ -188,6 +201,8 @@
proc_read_regs32(struct thread *td, struct reg32 *regs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_regs32(td, regs32));
}
@@ -195,6 +210,8 @@
proc_write_regs32(struct thread *td, struct reg32 *regs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_regs32(td, regs32));
}
@@ -202,6 +219,8 @@
proc_read_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_dbregs32(td, dbregs32));
}
@@ -209,6 +228,8 @@
proc_write_dbregs32(struct thread *td, struct dbreg32 *dbregs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_dbregs32(td, dbregs32));
}
@@ -216,6 +237,8 @@
proc_read_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(fill_fpregs32(td, fpregs32));
}
@@ -223,6 +246,8 @@
proc_write_fpregs32(struct thread *td, struct fpreg32 *fpregs32)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(set_fpregs32(td, fpregs32));
}
#endif
@@ -231,6 +256,8 @@
proc_sstep(struct thread *td)
{
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), td->td_proc) == 0);
+
PROC_ACTION(ptrace_single_step(td));
}
@@ -242,6 +269,8 @@
vm_prot_t reqprot;
int error, fault_flags, page_offset, writing;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
/*
* Assert that someone has locked this vmspace. (Should be
* curthread but we can't assert that.) This keeps the process
@@ -337,6 +366,8 @@
u_int pathlen;
int error, index;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
error = 0;
obj = NULL;
@@ -443,6 +474,8 @@
struct ptrace_vm_entry pve;
int error;
+ TESLA_SYSCALL_PREVIOUSLY(p_candebug(ANY(ptr), p) == 0);
+
pve.pve_entry = pve32->pve_entry;
pve.pve_pathlen = pve32->pve_pathlen;
pve.pve_path = (void *)(uintptr_t)pve32->pve_path;
==== //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#3 (text+ko) ====
@@ -136,6 +136,8 @@
#include <sys/uio.h>
#include <sys/jail.h>
#include <sys/syslog.h>
+#include <sys/tesla-kernel.h>
+
#include <netinet/in.h>
#include <net/vnet.h>
@@ -422,6 +424,11 @@
struct socket *so;
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_create(cred, dom, type,
+ proto) == 0);
+#endif
+
if (proto)
prp = pffindproto(dom, proto, type);
else
@@ -617,6 +624,11 @@
{
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) ==
+ 0);
+#endif
+
CURVNET_SET(so->so_vnet);
error = (*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td);
CURVNET_RESTORE();
@@ -628,6 +640,11 @@
{
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) ==
+ 0);
+#endif
+
CURVNET_SET(so->so_vnet);
error = (*so->so_proto->pr_usrreqs->pru_bindat)(fd, so, nam, td);
CURVNET_RESTORE();
@@ -651,6 +668,10 @@
{
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_listen(ANY(ptr), so) == 0);
+#endif
+
CURVNET_SET(so->so_vnet);
error = (*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td);
CURVNET_RESTORE();
@@ -898,6 +919,12 @@
{
int error;
+#ifdef MAC
+ /* Access-control check is on head rather than so. */
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_accept(ANY(ptr), ANY(ptr)) ==
+ 0);
+#endif
+
SOCK_LOCK(so);
KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
so->so_state &= ~SS_NOFDREF;
@@ -913,6 +940,11 @@
soconnect(struct socket *so, struct sockaddr *nam, struct thread *td)
{
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_connect(td->td_ucred, so,
+ nam) == 0);
+#endif
+
return (soconnectat(AT_FDCWD, so, nam, td));
}
@@ -1450,6 +1482,10 @@
{
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_send(ANY(ptr), so) == 0);
+#endif
+
CURVNET_SET(so->so_vnet);
error = so->so_proto->pr_usrreqs->pru_sosend(so, addr, uio, top,
control, flags, td);
@@ -2406,6 +2442,10 @@
{
int error;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_receive(ANY(ptr), so) == 0);
+#endif
+
CURVNET_SET(so->so_vnet);
error = (so->so_proto->pr_usrreqs->pru_soreceive(so, psa, uio, mp0,
controlp, flagsp));
@@ -3079,6 +3119,14 @@
{
int revents = 0;
+#ifdef MAC
+ /*
+ * XXXRW: Should be active_cred but actually fp->f_cred is getting
+ * passed down the stack, so the wrong cred here!
+ */
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0);
+#endif
+
SOCKBUF_LOCK(&so->so_snd);
SOCKBUF_LOCK(&so->so_rcv);
if (events & (POLLIN | POLLRDNORM))
@@ -3124,6 +3172,10 @@
struct socket *so = kn->kn_fp->f_data;
struct sockbuf *sb;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0);
+#endif
+
switch (kn->kn_filter) {
case EVFILT_READ:
if (so->so_options & SO_ACCEPTCONN)
==== //depot/projects/ctsrd/tesla/src/sys/modules/Makefile#4 (text+ko) ====
@@ -261,7 +261,6 @@
ppc \
ppi \
pps \
- procfs \
pseudofs \
${_pst} \
pty \
@@ -359,6 +358,10 @@
${_zfs} \
zlib \
+# XXXRW: Temporarily disable procfs build for TESLA, as the module contains
+# assertions which don't build as a module.
+# procfs \
+
.if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
_filemon= filemon
.endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#2 (text+ko) ====
@@ -66,6 +66,7 @@
#include <sys/file.h>
#include <sys/namei.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <vm/vm.h>
#include <vm/pmap.h>
@@ -195,6 +196,9 @@
mac_cred_relabel(struct ucred *cred, struct label *newlabel)
{
+ TESLA_SYSCALL(previously(mac_cred_check_relabel(cred, newlabel) ==
+ 0));
+
MAC_POLICY_PERFORM_NOSLEEP(cred_relabel, cred, newlabel);
}
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#2 (text+ko) ====
@@ -55,11 +55,16 @@
#include <sys/vnode.h>
#include <sys/pipe.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
#include <security/mac/mac_policy.h>
+/* Forward declaration for TESLA. */
+static int mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *newlabel);
+
struct label *
mac_pipe_label_alloc(void)
{
@@ -138,6 +143,9 @@
struct label *newlabel)
{
+ TESLA_SYSCALL_PREVIOUSLY(mac_pipe_check_relabel(cred, pp, newlabel)
+ == 0);
+
MAC_POLICY_PERFORM_NOSLEEP(pipe_relabel, cred, pp, pp->pp_label,
newlabel);
}
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#3 (text+ko) ====
@@ -65,6 +65,7 @@
#include <sys/file.h>
#include <sys/namei.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <vm/vm.h>
#include <vm/pmap.h>
@@ -170,12 +171,18 @@
return (error);
}
imgp->execlabel = label;
+
+ TESLA_SYSCALL_EVENTUALLY(called(mac_execve_exit));
+
return (0);
}
void
mac_execve_exit(struct image_params *imgp)
{
+
+ TESLA_SYSCALL_PREVIOUSLY(called(mac_execve_enter(imgp, ANY(ptr))));
+
if (imgp->execlabel != NULL) {
mac_cred_label_free(imgp->execlabel);
imgp->execlabel = NULL;
@@ -192,14 +199,21 @@
mac_vnode_copy_label(interpvp->v_label, *interpvplabel);
} else
*interpvplabel = NULL;
+
+ TESLA_SYSCALL_EVENTUALLY(called(mac_execve_interpreter_exit));
}
void
mac_execve_interpreter_exit(struct label *interpvplabel)
{
- if (interpvplabel != NULL)
+ if (interpvplabel != NULL) {
+ /* Awkwardly, _exit() may be called even if _enter() wasn't. */
+ TESLA_SYSCALL_PREVIOUSLY(called(
+ mac_execve_interpreter_enter(ANY(ptr), ANY(ptr))));
+
mac_vnode_label_free(interpvplabel);
+ }
}
/*
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#2 (text+ko) ====
@@ -64,6 +64,7 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <net/bpfdesc.h>
#include <net/if.h>
@@ -77,6 +78,10 @@
#include <security/mac/mac_internal.h>
#include <security/mac/mac_policy.h>
+/* Definition required for TESLA assertion. */
+static int mac_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *newlabel);
+
/*
* Currently, sockets hold two labels: the label of the socket itself, and a
* peer label, which may be used by policies to hold a copy of the label of
@@ -253,6 +258,9 @@
struct label *newlabel)
{
+ TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_relabel(cred, so, newlabel)
+ == 0);
+
SOCK_LOCK_ASSERT(so);
MAC_POLICY_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label,
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#2 (text+ko) ====
@@ -65,6 +65,7 @@
#include <sys/namei.h>
#include <sys/sdt.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <vm/vm.h>
#include <vm/pmap.h>
@@ -948,6 +949,9 @@
struct label *newlabel)
{
+ TESLA_SYSCALL(previously(mac_vnode_check_relabel(cred, vp, newlabel)
+ == 0));
+
MAC_POLICY_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel);
}
==== //depot/projects/ctsrd/tesla/src/sys/sys/tesla-kernel.h#7 (text+ko) ====
@@ -45,6 +45,11 @@
#define incallstack(fn) TSEQUENCE(called(fn), TESLA_ASSERTION_SITE, returned(fn))
+#if 0
+/* XXXRW: This doesn't yet work. */
+struct timespec __tesla_any_timespec();
+#endif
+
/*
* Convenient assertion wrappers for various scopes.
*/
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#13 (text+ko) ====
@@ -77,13 +77,12 @@
#include <sys/priv.h>
#include <sys/rwlock.h>
#include <sys/stat.h>
+#include <sys/tesla-kernel.h>
#include <sys/vmmeter.h>
#include <sys/vnode.h>
#include <security/mac/mac_framework.h>
-#include <sys/tesla-kernel.h>
-
#include <vm/vm.h>
#include <vm/vm_param.h>
#include <vm/vm_extern.h>
@@ -92,6 +91,10 @@
#include <vm/vm_pager.h>
#include <vm/vnode_pager.h>
+/* Required for TESLA assertion. */
+struct inode;
+#include <ufs/ufs/acl.h>
+
#include <ufs/ufs/extattr.h>
#include <ufs/ufs/quota.h>
#include <ufs/ufs/inode.h>
@@ -437,12 +440,10 @@
vp = ap->a_vp;
#ifdef MAC
- TESLA_SYSCALL(previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp)
- == 0) ||
- previously(mac_vnode_check_readdir(ANY(ptr), vp) == 0));
- TESLA_PAGE_FAULT(previously(mac_vnode_check_read(ANY(ptr), ANY(ptr),
- vp) == 0) ||
- previously(mac_vnode_check_readdir(ANY(ptr), vp) == 0));
+ TESLA_SYSCALL(incallstack(ufs_readdir) ||
+ previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0));
+ TESLA_PAGE_FAULT(incallstack(ufs_readdir) ||
+ previously(mac_vnode_check_read(ANY(ptr), ANY(ptr), vp) == 0));
#endif
uio = ap->a_uio;
@@ -1482,6 +1483,12 @@
int ealen, olen, eapad1, eapad2, error, i, easize;
u_char *eae, *p;
+#ifdef MAC
+ TESLA_SYSCALL(incallstack(ufs_setacl) ||
+ previously(mac_vnode_check_deleteextattr(ANY(ptr), ap->a_vp,
+ ap->a_attrnamespace, ap->a_name) == 0));
+#endif
+
ip = VTOI(ap->a_vp);
fs = ip->i_fs;
@@ -1569,6 +1576,12 @@
unsigned easize;
int error, ealen;
+#ifdef MAC
+ TESLA_SYSCALL(incallstack(ufs_getacl) ||
+ previously(mac_vnode_check_getextattr(ANY(ptr), ap->a_vp,
+ ap->a_attrnamespace, ap->a_name) == 0));
+#endif
+
ip = VTOI(ap->a_vp);
fs = ip->i_fs;
@@ -1625,6 +1638,11 @@
uint32_t ul;
int error, ealen;
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_listextattr(ANY(ptr),
+ ap->a_vp, ap->a_attrnamespace) == 0);
+#endif
+
ip = VTOI(ap->a_vp);
fs = ip->i_fs;
@@ -1689,6 +1707,12 @@
int olen, eapad1, eapad2, error, i, easize;
u_char *eae, *p;
+#ifdef MAC
+ TESLA_SYSCALL(incallstack(ufs_setacl) ||
+ mac_vnode_check_setextattr(ANY(ptr), ap->a_vp,
+ ap->a_attrnamespace, ap->a_name) == 0);
+#endif
+
ip = VTOI(ap->a_vp);
fs = ip->i_fs;
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#2 (text+ko) ====
@@ -45,7 +45,11 @@
#include <sys/acl.h>
#include <sys/event.h>
#include <sys/extattr.h>
+#include <sys/tesla-kernel.h>
+/* Required for TESLA assertion. */
+#include <security/mac/mac_framework.h>
+
#include <ufs/ufs/quota.h>
#include <ufs/ufs/inode.h>
#include <ufs/ufs/acl.h>
@@ -359,6 +363,11 @@
} */ *ap;
{
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_getacl(ANY(ptr), ap->a_vp,
+ ap->a_type) == 0);
+#endif
+
if ((ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) == 0)
return (EOPNOTSUPP);
@@ -609,6 +618,16 @@
struct thread *td;
} */ *ap;
{
+
+#ifdef MAC
+ if (ap->a_aclp == NULL)
+ TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_deleteacl(ANY(ptr),
+ ap->a_vp, ap->a_type) == 0);
+ else
+ TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setacl(ANY(ptr),
+ ap->a_vp, ap->a_type, ap->a_aclp) == 0);
+#endif
+
if ((ap->a_vp->v_mount->mnt_flag & (MNT_ACLS | MNT_NFS4ACLS)) == 0)
return (EOPNOTSUPP);
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#3 (text+ko) ====
@@ -51,6 +51,7 @@
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/sysctl.h>
+#include <sys/tesla-kernel.h>
#include <vm/vm.h>
#include <vm/vm_extern.h>
@@ -211,6 +212,11 @@
} */ *ap;
{
+#ifdef MAC
+ TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_lookup(ANY(ptr), ap->a_dvp,
+ ap->a_cnp) == 0);
+#endif
+
return (ufs_lookup_ino(ap->a_dvp, ap->a_vpp, ap->a_cnp, NULL));
}
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#3 (text+ko) ====
@@ -61,11 +61,15 @@
#include <sys/lockf.h>
#include <sys/conf.h>
#include <sys/acl.h>
+#include <sys/tesla-kernel.h>
#include <security/mac/mac_framework.h>
#include <sys/file.h> /* XXX */
+/* Required for TESLA assertion. */
+#include <sys/syscallsubr.h>
+
#include <vm/vm.h>
#include <vm/vm_extern.h>
@@ -269,6 +273,11 @@
struct vnode *vp = ap->a_vp;
struct inode *ip;
+#ifdef MAC
+ TESLA_SYSCALL(incallstack(kern_execve) ||
+ mac_vnode_check_open(ANY(ptr), vp, ANY(int)) == 0);
+#endif
+
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list