PERFORCE change 109964 for review

Todd Miller millert at FreeBSD.org
Tue Nov 14 19:04:25 UTC 2006


http://perforce.freebsd.org/chv.cgi?CH=109964

Change 109964 by millert at millert_g5tower on 2006/11/14 18:53:49

	Add mac_task_check_get_port() to mediate task_for_pid().
	We pass in both the task and the task label to the entrypoint,
	though since the task is opaque it is not good for much
	other than getting the associated BSD process.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#16 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#25 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#38 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#16 (text+ko) ====

@@ -79,6 +79,7 @@
 struct m_tag;
 struct vop_setlabel_args;
 struct pipe;
+struct task;
 
 /*
  * Framework initialization.
@@ -388,6 +389,7 @@
 int	mac_system_check_sysctl(struct ucred *cred, int *name,
 	    u_int namelen, void *oldctl, size_t *oldlenp, int inkernel,
 	    void *newctl, size_t newlen);
+int	mac_task_check_get_port(struct ucred *cred, struct task *task);
 int	mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
 int	mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#25 (text+ko) ====

@@ -2150,6 +2150,26 @@
 );
 
 /**
+  @brief Access control check for getting a task's port
+  @param cred Subject credential
+  @param task Object task
+  @param tasklabel Object task's label
+
+  Determine whether the subject identified by the credential can get
+  the passed task's control port.
+  This call is used by the task_for_pid(2) API.
+
+  @return Return 0 if access is granted, otherwise an appropriate value for
+  errno should be returned. Suggested failure: EACCES for label mismatch,
+  EPERM for lack of privilege, or ESRCH to hide visibility of the target.
+*/
+typedef int mpo_task_check_get_port_t(
+	struct ucred *cred,
+	struct task *task,
+	struct label *tasklabel
+);
+
+/**
   @brief Update credential at exec time
   @param old Existing subject credential
   @param new New subject credential to be labeled
@@ -5608,6 +5628,7 @@
 	mpo_system_check_swapon_t		*mpo_system_check_swapon;
 	mpo_system_check_swapoff_t		*mpo_system_check_swapoff;
 	mpo_system_check_sysctl_t		*mpo_system_check_sysctl;
+	mpo_task_check_get_port_t		*mpo_task_check_get_port;
 	mpo_vnode_check_access_t		*mpo_vnode_check_access;
 	mpo_vnode_check_chdir_t			*mpo_vnode_check_chdir;
 	mpo_vnode_check_chroot_t		*mpo_vnode_check_chroot;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#6 (text+ko) ====

@@ -107,3 +107,13 @@
 
 	return (error);
 }
+
+int
+mac_task_check_get_port(struct ucred *cred, struct task *task)
+{
+	int error;
+
+	MAC_CHECK(task_check_get_port, cred, task, mac_task_get_label(task));
+
+	return (error);
+}

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#38 (text+ko) ====

@@ -1672,6 +1672,20 @@
 }
 
 static int
+sebsd_task_check_get_port(struct ucred *cred, struct task *task,
+    struct label *tasklabel)
+{
+	struct task_security_struct *subj, *obj;
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(tasklabel);
+
+	/* XXX - need new perm, not PROCESS__PTRACE */
+	return (avc_has_perm(subj->sid, obj->sid,
+	    SECCLASS_PROCESS, PROCESS__PTRACE, NULL));
+}
+
+static int
 sebsd_proc_check_debug(struct ucred *cred, struct proc *proc)
 {
 	
@@ -3649,6 +3663,7 @@
 	.mpo_port_check_hold_send_once = sebsd_port_check_hold_send_once,
 	.mpo_port_check_hold_receive = sebsd_port_check_hold_recv,
 	.mpo_proc_check_debug = sebsd_proc_check_debug,
+	.mpo_task_check_get_port = sebsd_task_check_get_port,
 	.mpo_proc_check_getaudit = sebsd_proc_check_getaudit,
 	.mpo_proc_check_mprotect = sebsd_proc_check_mprotect,
 	.mpo_proc_check_sched = sebsd_proc_check_sched,


More information about the trustedbsd-cvs mailing list