PERFORCE change 92285 for review

Thu Feb 23 11:22:21 PST 2006

http://perforce.freebsd.org/chv.cgi?CH=92285

Change 92285 by millert at millert_g4tower on 2006/02/23 19:21:40

	Add 2 new methods to the security server: mach_get_task_label()
	which gets the label handle of a task and mach_get_label() which
	allocates a new label handle and copies a port's label into it.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/mach_port.c#5 (text+ko) ====

@@ -1760,6 +1760,47 @@
 	return kr;
 }
 
+/*
+ * Get a label handle representing the given port's port label.
+ */
+kern_return_t
+mach_get_label(
+	ipc_space_t		space,
+	mach_port_name_t	name,
+	mach_port_name_t	*outlabel)
+{
+	ipc_entry_t entry;
+	ipc_port_t port;
+	struct label outl;
+	kern_return_t kr;
+
+	if (!MACH_PORT_VALID(name))
+		return KERN_INVALID_NAME;
+
+	/* Lookup the port name in the task's space. */
+	kr = ipc_right_lookup_write(space, name, &entry);
+	if (kr != KERN_SUCCESS)
+		return kr;
+
+	/* Make sure we are not dealing with a label handle. */
+	port = (ipc_port_t) entry->ie_object;
+	ip_lock(port);
+	is_write_unlock(space);
+	if (ip_kotype(port) == IKOT_LABELH) {
+		/* already is a label handle! */
+		ip_unlock(port);
+		return KERN_INVALID_ARGUMENT;
+	}
+
+	/* Copy the port label and stash it in a new label handle. */
+	mac_init_port_label(&outl);
+	mac_copy_port_label(&port->ip_label, &outl); 
+	kr = labelh_new_user(space, &outl, outlabel);
+	ip_unlock(port);
+
+	return KERN_SUCCESS;
+}
+
 /* also works on label handles */
 
 kern_return_t

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/kern/security.c#5 (text+ko) ====

@@ -31,6 +31,32 @@
 #include <kern/task.h>
 
 kern_return_t
+mach_get_task_label(
+	task_t		 t,
+	mach_port_name_t *outlabel)
+{
+	ipc_labelh_t	lh = t->label;
+	ipc_space_t	space = t->itk_space;
+	kern_return_t	kr;
+
+	ip_lock(lh->lh_port);
+	lh->lh_port->ip_mscount++;
+	lh->lh_port->ip_srights++;
+	ip_reference(lh->lh_port);
+	ip_unlock(lh->lh_port);
+	kr = ipc_object_copyout(space, lh->lh_port,
+	    MACH_MSG_TYPE_PORT_SEND, 0, outlabel);
+	if (kr != KERN_SUCCESS) {
+		ip_lock(lh->lh_port);
+		ip_release(lh->lh_port);
+		ip_check_unlock(lh->lh_port);
+		*outlabel = MACH_PORT_NULL;
+	}
+  
+	return (KERN_SUCCESS);
+}
+
+kern_return_t
 mach_get_task_label_text(
 	task_t		t,
 	labelstr_t	policies,

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/mach/security.defs#6 (text+ko) ====

@@ -13,6 +13,20 @@
 type labelstr_t = c_string[*:512];
 
 /**
+  @brief Retrieve a task label as a label handle
+  @param task Target's task port
+  @param label Returned label handle
+
+  This call retrieves a label handle label for the
+  specified task, with respect to the specified policies.
+
+  @return Standard MiG return values (0 for success)
+*/
+
+routine mach_get_task_label(task      : task_t;
+			    out label : mach_port_name_t);
+
+/**
   @brief Retrieve a task label in textual form
   @param task Target's task port
   @param policies Comma-delimited list of policies to query
@@ -29,6 +43,26 @@
 				 out label : labelstr_t);
 
 /**
+  @brief Retrieve a port label as a label handle
+  @param task Issuer's task port
+  @param port Port to query label from
+  @param label Returned label handle
+
+  This call retrieves a label handle label for the
+  specified task, with respect to the specified policies.
+
+  This call retrieves a label handle for the specified port, with
+  respect to the specified policies. If the port represents a label
+  handle, KERN_INVALID_ARGUMENT is returned.
+
+  @return Standard MiG return values (0 for success)
+*/
+
+routine mach_get_label(task      : ipc_space_t;
+		       port      : mach_port_name_t;
+		       out label : mach_port_name_t);
+
+/**
   @brief Retrieve a port label in textual form
   @param task Issuer's task port
   @param name Port to query label from
