PERFORCE change 22551 for review

Chris Vance cvance at freebsd.org
Fri Dec 20 14:12:33 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=22551

Change 22551 by cvance at cvance_laptop on 2002/12/20 06:11:57

	Implement the sebsd_load_policy system call for SEBSD so that
	the policy may be updated at run time. This will NOT revoke
	existing permissions, it just permits a new policy to be
	loaded into the security server.  It's primary use is in
	developing policy configuration for test machines.  This
	functionality required some pretty stiff locking (effectively
	bringing the system to a halt), but loading a policy is not
	expected to occur very frequently.
	
	To support the above changes, the file open/read/close
	operations now grab Giant.  Additionally, the open operation
	can now take a pathname from a userspace string.

Affected files ...

.. //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/mac/lib/libsebsd/system.c#2 (text+ko) ====

@@ -56,3 +56,9 @@
 {
 	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_TOGGLE , NULL);
 }
+
+int
+sebsd_load_policy(const char *path)
+{
+	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_LOAD_POLICY, path);
+}

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#64 (text+ko) ====

@@ -117,16 +117,35 @@
 
 	task = SLOT(&cred->cr_label);
 
-	return avc_has_perm(task->sid, SECINITSID_KERNEL, 
-			    SECCLASS_SYSTEM, perm);
+	return (avc_has_perm(task->sid, SECINITSID_KERNEL, 
+	    SECCLASS_SYSTEM, perm));
+}
+
+static int
+cred_has_security(struct ucred *cred, access_vector_t perm)
+{
+	struct task_security_struct *task;
+
+	task = SLOT(&cred->cr_label);
+
+	return (avc_has_perm(task->sid, SECINITSID_SECURITY, 
+	    SECCLASS_SECURITY, perm));
 }
 
 int
 thread_has_system(struct thread *td, access_vector_t perm)
 {
+
 	return (cred_has_system(td->td_proc->p_ucred, perm));
 }
 	      
+int
+thread_has_security(struct thread *td, access_vector_t perm)
+{
+
+	return (cred_has_security(td->td_proc->p_ucred, perm));
+}
+	      
 static __inline security_class_t
 vnode_type_to_security_class(enum vtype vt) 
 {

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#10 (text+ko) ====

@@ -53,6 +53,7 @@
 extern int security_init(void);
 extern int sebsd_syscall(struct thread *td, int call, void *args);
 extern int thread_has_system(struct thread *td, access_vector_t perm);
+extern int thread_has_security(struct thread *td, access_vector_t perm);
 #endif /* _KERNEL */
 
 #endif /* _SYS_SECURITY_SEBSD_H */

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#3 (text+ko) ====

@@ -42,7 +42,32 @@
 
 #include <security/sebsd/sebsd.h>
 #include <security/sebsd/sebsd_syscalls.h>
+#include <security/sebsd/linux-compat.h>
 #include <security/sebsd/avc/avc.h>
+#include <security/sebsd/ss/fileutils.h>
+#include <security/sebsd/ss/services.h>
+
+static int
+sys_load_policy(struct thread *td, char *path)
+{
+	FILE *fp;
+	int rc;
+	
+	rc = thread_has_security(td, SECURITY__LOAD_POLICY);
+	if (rc)
+		return (rc);
+
+	fp = sebsd_fopen(path, "r", UIO_USERSPACE);
+	if (!fp) {
+		printf("ss:  unable to open policy file\n");
+		return (EINVAL);
+	}
+
+	rc = security_load_policy(fp);
+	(void)fclose(fp);
+
+	return (rc);
+}
 
 int
 sebsd_syscall(struct thread *td, int call, void *args)
@@ -56,6 +81,9 @@
 	case SEBSDCALL_AVC_ENFORCING:
 		err = sys_avc_enforcing(td);
 		break;
+	case SEBSDCALL_LOAD_POLICY:
+		err = sys_load_policy(td, (char *)args);
+		break;
 	default:
 		err = EINVAL;
 		break;

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscalls.h#2 (text+ko) ====

@@ -4,10 +4,11 @@
 /*
  * TBD: Should we really try to line up with SELinux?
  */
-#define SEBSDCALL_AVC_TOGGLE    11
-#define SEBSDCALL_AVC_ENFORCING 40
+#define SEBSDCALL_LOAD_POLICY		7
+#define SEBSDCALL_AVC_TOGGLE		11
+#define SEBSDCALL_AVC_ENFORCING		40
 
-#define SEBSDCALL_NUM           40
+#define SEBSDCALL_NUM			40
 
 /* Structure definitions for compute_av call */
 struct security_query {

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/avtab.c#3 (text+ko) ====

@@ -130,7 +130,10 @@
 		}
 		h->htable[i] = NULL;
 	}
+	/* XXX TBD: Shouldn't need giant for deallocation */
+	mtx_lock(&Giant);
 	sebsd_free(h->htable, M_SEBSD_SS);
+	mtx_unlock(&Giant);
 }
 
 
@@ -164,8 +167,12 @@
 {
 	int i;
 
+	/* XXX TBD: Shouldn't need giant for allocation */
+	mtx_lock(&Giant);
 	h->htable = sebsd_malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE,
-				 M_SEBSD_SS, M_WAITOK | M_ZERO);
+	    M_SEBSD_SS, M_WAITOK | M_ZERO);
+	mtx_unlock(&Giant);
+
 	if (!h->htable)
 		return -1;
 	for (i = 0; i < AVTAB_SIZE; i++)

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.c#3 (text+ko) ====

@@ -53,14 +53,16 @@
 {
 	int error;
 
+	mtx_lock(&Giant);
 	error = vn_close(fp->FILE_vp, fp->FILE_saved_open_flags,
 	    curthread->td_ucred, curthread);
+	mtx_unlock(&Giant);
 	sebsd_free(fp, M_TEMP);
 	return (error);
 }
 
 FILE *
-fopen(const char *path, const char *type)
+sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg)
 {
 	struct nameidata nd;
 	struct thread *td = curthread;
@@ -71,12 +73,15 @@
 		return (NULL);
 	fp = sebsd_malloc(sizeof(*fp), M_TEMP, M_WAITOK | M_ZERO);
 	fp->FILE_saved_open_flags = FREAD;
-	NDINIT(&nd, LOOKUP, LOCKLEAF, UIO_SYSSPACE, path, td);
+	mtx_lock(&Giant);	
+	NDINIT(&nd, LOOKUP, LOCKLEAF, pathseg, path, td);
 	error = vn_open(&nd, &fp->FILE_saved_open_flags, 0);
 	if (error)
 		return (NULL);
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	VOP_UNLOCK(nd.ni_vp, 0, td);
+	mtx_unlock(&Giant);	
+
 	fp->FILE_vp = nd.ni_vp;
 	fp->FILE_uio.uio_iov = &fp->FILE_iov;
 	fp->FILE_uio.uio_iovcnt = 1;
@@ -89,6 +94,13 @@
 	return (fp);
 }
 
+FILE *
+fopen(const char *path, const char *type)
+{
+
+	return (sebsd_fopen(path, type, UIO_SYSSPACE));
+}
+
 size_t
 fread(void *ptr, size_t size, size_t nmemb, FILE *fp)
 {
@@ -97,9 +109,11 @@
 	fp->FILE_uio.uio_iov->iov_base = ptr;
 	fp->FILE_uio.uio_resid = fp->FILE_uio.uio_iov->iov_len = size * nmemb;
 	fp->FILE_uio.uio_td = td;
+	mtx_lock(&Giant);	
 	vn_lock(fp->FILE_vp, LK_SHARED | LK_RETRY | LK_NOPAUSE, td);
 	(void)VOP_READ(fp->FILE_vp, &fp->FILE_uio, 0, td->td_ucred);
 	VOP_UNLOCK(fp->FILE_vp, 0, td);
+	mtx_unlock(&Giant);	
 	return (((size * nmemb) - fp->FILE_uio.uio_resid) / size);
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/fileutils.h#3 (text+ko) ====

@@ -54,6 +54,7 @@
 
 int fclose(FILE *fp);
 FILE *fopen(const char *path, const char *type);
+FILE *sebsd_fopen(const char *path, const char *type, enum uio_seg pathseg);
 size_t fread(void *ptr, size_t size, size_t nmemb, FILE *fp);
 #else /* _KERNEL */
 #include <stdio.h>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list