PERFORCE change 17672 for review

Robert Watson rwatson at freebsd.org
Wed Sep 18 22:05:59 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17672

Change 17672 by rwatson at rwatson_paprika on 2002/09/18 15:05:53

	Update policies for hard link MAC check: don't implement
	checks based on target vnode yet, as we don't have that locked
	in the MAC framework yet.  Note that the semantics on bsdextended
	are interesting, since you can prevent users from hard linking
	files that are owned by specific other users...

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#107 (text+ko) ====

@@ -1710,6 +1710,32 @@
 }
 
 static int
+mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, 
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+	struct mac_biba *subj, *obj;
+ 
+	if (!mac_biba_enabled)
+		return (0);
+   
+	subj = SLOT(&cred->cr_label);
+	obj = SLOT(dlabel);
+ 
+	if (!mac_biba_dominate_single(subj, obj))
+		return (EACCES);
+
+#if 0
+	obj = SLOT(label);
+ 
+	if (!mac_biba_dominate_single(subj, obj))
+		return (EACCES);
+#endif
+
+	return (0);   
+}
+
+static int
 mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 
     struct label *dlabel, struct componentname *cnp)
 {
@@ -2325,6 +2351,8 @@
 	    (macop_t)mac_biba_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_biba_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_biba_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_biba_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,

==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#53 (text+ko) ====

@@ -445,6 +445,35 @@
 }
 
 static int
+mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+	struct vattr vap;
+	int error;
+  
+	if (!mac_bsdextended_enabled)
+		return (0);
+  
+	error = VOP_GETATTR(dvp, &vap, cred, curthread);
+	if (error)
+		return (error);
+	error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE);
+	if (error)
+		return (error);
+
+#if 0
+	error = VOP_GETATTR(vp, &vap, cred, curthread);
+	if (error)
+		return (error);
+	error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE);
+	if (error)
+		return (error);
+#endif
+	return (0);
+}
+
+static int
 mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel, struct componentname *cnp)
 {
@@ -715,6 +744,8 @@
 	    (macop_t)mac_bsdextended_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_bsdextended_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_bsdextended_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_bsdextended_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#73 (text+ko) ====

@@ -679,6 +679,15 @@
 }
 
 static int
+mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+ 
+	return (0);
+} 
+
+static int
 mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 
     struct label *dlabel, struct componentname *cnp)
 {
@@ -1044,6 +1053,8 @@
 	    (macop_t)mac_none_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_none_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_none_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_none_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#76 (text+ko) ====

@@ -1143,6 +1143,31 @@
 }
 
 static int
+mac_te_check_vnode_link(struct ucred *cred, struct vnode *dvp,   
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+	int error;
+ 
+	error = mac_te_check(&cred->cr_label, dlabel, MAC_TE_CLASS_DIR,
+	    MAC_TE_OPERATION_DIR_WRITE);
+	if (error)
+		return (error);
+#if 0
+	switch (vp->v_type) {
+	case VLNK:
+		return (mac_te_check(&cred->cr_label, label,
+		    MAC_TE_CLASS_SYMLINK, MAC_TE_OPERATION_SYMLINK_LINK));
+	default:
+		return (mac_te_check(&cred->cr_labl, label,
+		    MAC_TE_CLASS_FILE, MAC_TE_OPERATION_FILE_LINK));
+	}
+#endif
+
+	return (error);
+}
+
+static int
 mac_te_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,   
     struct label *dlabel, struct componentname *cnp)
 {
@@ -1772,6 +1797,8 @@
 	    (macop_t)mac_te_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_te_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_te_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_te_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.h#12 (text+ko) ====

@@ -75,6 +75,7 @@
 #define	MAC_TE_OPERATION_FILE_EXEC		4
 #define	MAC_TE_OPERATION_FILE_GETACL		5
 #define	MAC_TE_OPERATION_FILE_GETEXTATTR	6
+#define	MAC_TE_OPERATION_FILE_LINK		6
 #define	MAC_TE_OPERATION_FILE_POLL		7
 #define	MAC_TE_OPERATION_FILE_READ		8
 #define	MAC_TE_OPERATION_FILE_SETACL		9
@@ -120,10 +121,11 @@
 #define	MAC_TE_OPERATION_SYMLINK_DELETEACL	3
 #define	MAC_TE_OPERATION_SYMLINK_GETACL		4
 #define	MAC_TE_OPERATION_SYMLINK_GETEXTATTR	5
-#define	MAC_TE_OPERATION_SYMLINK_READLINK	6
-#define	MAC_TE_OPERATION_SYMLINK_SETACL		7
-#define	MAC_TE_OPERATION_SYMLINK_SETEXTATTR	8
-#define	MAC_TE_OPERATION_SYMLINK_STAT		9
+#define	MAC_TE_OPERATION_SYMLINK_LINK		6
+#define	MAC_TE_OPERATION_SYMLINK_READLINK	7
+#define	MAC_TE_OPERATION_SYMLINK_SETACL		8
+#define	MAC_TE_OPERATION_SYMLINK_SETEXTATTR	9
+#define	MAC_TE_OPERATION_SYMLINK_STAT		10
 
 #if 0
 /* XXXMAC: temporarily disabled because we still need struct oldmac */

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#44 (text+ko) ====

@@ -1053,6 +1053,15 @@
 }
 
 static int
+mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, 
+    struct label *dlabel, struct vnode *vp, struct label *label,
+    struct componentname *cnp)
+{
+ 
+	return (0);
+} 
+
+static int
 mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 
     struct label *dlabel, struct componentname *cnp)
 {
@@ -1420,6 +1429,8 @@
 	    (macop_t)mac_test_check_vnode_getacl },
 	{ MAC_CHECK_VNODE_GETEXTATTR,
 	    (macop_t)mac_test_check_vnode_getextattr },
+	{ MAC_CHECK_VNODE_LINK,
+	    (macop_t)mac_test_check_vnode_link },
 	{ MAC_CHECK_VNODE_LOOKUP,
 	    (macop_t)mac_test_check_vnode_lookup },
 	{ MAC_CHECK_VNODE_OPEN,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list