PERFORCE change 20129 for review

Robert Watson rwatson at freebsd.org
Fri Oct 25 16:50:15 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20129

Change 20129 by rwatson at rwatson_tislabs on 2002/10/25 09:49:22

	Add mac_check_reboot(), which permits policies to get in on
	the access control decision to reboot a machine.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#329 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#14 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#192 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#148 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#329 (text+ko) ====

@@ -143,6 +143,11 @@
     &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
 TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process);
 
+static int	mac_enforce_reboot = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_reboot, CTLFLAG_RW,
+    &mac_enforce_reboot, 0, "Enforce MAC policy for reboot operations");
+TUNABLE_INT("security.mac.enforce_reboot", &mac_enforce_reboot);
+
 static int	mac_enforce_socket = 1;
 SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW,
     &mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
@@ -883,6 +888,10 @@
 			mpc->mpc_ops->mpo_check_proc_signal =
 			    mpe->mpe_function;
 			break;
+		case MAC_CHECK_REBOOT:
+			mpc->mpc_ops->mpo_check_reboot =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_SOCKET_BIND:
 			mpc->mpc_ops->mpo_check_socket_bind =
 			    mpe->mpe_function;
@@ -2957,6 +2966,19 @@
 }
 
 int
+mac_check_reboot(struct ucred *cred, int howto)
+{
+	int error;
+
+	if (!mac_enforce_reboot)
+		return (0);
+
+	MAC_CHECK(check_reboot, cred, howto);
+
+	return (error);
+}
+
+int
 mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
     struct sockaddr *sockaddr)
 {

==== //depot/projects/trustedbsd/mac/sys/kern/kern_shutdown.c#14 (text+ko) ====

@@ -43,6 +43,7 @@
 #include "opt_ddb_trace.h"
 #include "opt_ddb_unattended.h"
 #include "opt_hw_wdog.h"
+#include "opt_mac.h"
 #include "opt_panic.h"
 #include "opt_show_busybufs.h"
 
@@ -56,6 +57,7 @@
 #include <sys/eventhandler.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
@@ -159,10 +161,17 @@
 {
 	int error;
 
-	mtx_lock(&Giant);
-	if ((error = suser(td)) == 0)
+	error = 0;
+#ifdef MAC
+	error = mac_check_reboot(td->td_ucred, uap->opt);
+#endif
+	if (error == 0)
+		error = suser(td);
+	if (error == 0) {
+		mtx_lock(&Giant);
 		boot(uap->opt);
-	mtx_unlock(&Giant);
+		mtx_unlock(&Giant);
+	}
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#192 (text+ko) ====

@@ -302,6 +302,7 @@
 int	mac_check_proc_sched(struct ucred *cred, struct proc *proc);
 int	mac_check_proc_signal(struct ucred *cred, struct proc *proc,
 	    int signum);
+int	mac_check_reboot(struct ucred *cred, int howto);
 int	mac_check_socket_bind(struct ucred *cred, struct socket *so,
 	    struct sockaddr *sockaddr);
 int	mac_check_socket_connect(struct ucred *cred, struct socket *so,

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#148 (text+ko) ====

@@ -297,6 +297,7 @@
 		    struct proc *proc);
 	int	(*mpo_check_proc_signal)(struct ucred *cred,
 		    struct proc *proc, int signum);
+	int	(*mpo_check_reboot)(struct ucred *cred, int howto);
 	int	(*mpo_check_socket_bind)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel,
 		    struct sockaddr *sockaddr);
@@ -506,6 +507,7 @@
 	MAC_CHECK_PROC_DEBUG,
 	MAC_CHECK_PROC_SCHED,
 	MAC_CHECK_PROC_SIGNAL,
+	MAC_CHECK_REBOOT,
 	MAC_CHECK_SOCKET_BIND,
 	MAC_CHECK_SOCKET_CONNECT,
 	MAC_CHECK_SOCKET_DELIVER,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list