svn commit: r201197 - stable/7/sys/kern
Robert Watson
rwatson at FreeBSD.org
Tue Dec 29 13:55:16 UTC 2009
Author: rwatson
Date: Tue Dec 29 13:55:15 2009
New Revision: 201197
URL: http://svn.freebsd.org/changeset/base/201197
Log:
Merge r189063 from head to stable/7:
Add static tracing for privilege checking:
priv:kernel:priv_check:priv_ok fires for granted privileges
priv:kernel:priv_check:priv_err fires for denied privileges
The first argument is the requested privilege number. The naming
convention is a little different from the OpenSolaris equivilent
because we can't have '-' in probefunc names, and our privilege
namespace is different.
Requested by: bz
Modified:
stable/7/sys/kern/kern_priv.c
Directory Properties:
stable/7/sys/ (props changed)
stable/7/sys/cddl/contrib/opensolaris/ (props changed)
stable/7/sys/contrib/dev/acpica/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
Modified: stable/7/sys/kern/kern_priv.c
==============================================================================
--- stable/7/sys/kern/kern_priv.c Tue Dec 29 13:35:18 2009 (r201196)
+++ stable/7/sys/kern/kern_priv.c Tue Dec 29 13:55:15 2009 (r201197)
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2006 nCircle Network Security, Inc.
+ * Copyright (c) 2009 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert N. M. Watson for the TrustedBSD
@@ -27,6 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include "opt_kdtrace.h"
#include "opt_mac.h"
#include <sys/cdefs.h>
@@ -37,6 +39,7 @@ __FBSDID("$FreeBSD$");
#include <sys/kernel.h>
#include <sys/priv.h>
#include <sys/proc.h>
+#include <sys/sdt.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
@@ -57,6 +60,14 @@ SYSCTL_INT(_security_bsd, OID_AUTO, suse
&suser_enabled, 0, "processes with uid 0 have privilege");
TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
+SDT_PROVIDER_DEFINE(priv);
+
+SDT_PROBE_DEFINE(priv, kernel, priv_check, priv_ok);
+SDT_PROBE_ARGTYPE(priv, kernel, priv_check, priv_ok, 0, "int");
+
+SDT_PROBE_DEFINE(priv, kernel, priv_check, priv_err);
+SDT_PROBE_ARGTYPE(priv, kernel, priv_check, priv_err, 0, "int");
+
/*
* Check a credential for privilege. Lots of good reasons to deny privilege;
* only a few to grant it.
@@ -76,7 +87,7 @@ priv_check_cred(struct ucred *cred, int
#ifdef MAC
error = mac_priv_check(cred, priv);
if (error)
- return (error);
+ goto out;
#endif
/*
@@ -85,7 +96,7 @@ priv_check_cred(struct ucred *cred, int
*/
error = prison_priv_check(cred, priv);
if (error)
- return (error);
+ goto out;
/*
* Having determined if privilege is restricted by various policies,
@@ -103,13 +114,17 @@ priv_check_cred(struct ucred *cred, int
case PRIV_MAXFILES:
case PRIV_MAXPROC:
case PRIV_PROC_LIMIT:
- if (cred->cr_ruid == 0)
- return (0);
+ if (cred->cr_ruid == 0) {
+ error = 0;
+ goto out;
+ }
break;
default:
- if (cred->cr_uid == 0)
- return (0);
+ if (cred->cr_uid == 0) {
+ error = 0;
+ goto out;
+ }
break;
}
}
@@ -119,10 +134,26 @@ priv_check_cred(struct ucred *cred, int
* privilege.
*/
#ifdef MAC
- if (mac_priv_grant(cred, priv) == 0)
- return (0);
+ if (mac_priv_grant(cred, priv) == 0) {
+ error = 0;
+ goto out;
+ }
#endif
- return (EPERM);
+
+ /*
+ * The default is deny, so if no policies have granted it, reject
+ * with a privilege error here.
+ */
+ error = EPERM;
+out:
+ if (error) {
+ SDT_PROBE(priv, kernel, priv_check, priv_err, priv, 0, 0, 0,
+ 0);
+ } else {
+ SDT_PROBE(priv, kernel, priv_check, priv_ok, priv, 0, 0, 0,
+ 0);
+ }
+ return (error);
}
int
More information about the svn-src-stable-7
mailing list