Two patches for MACs.

Pawel Jakub Dawidek nick at garage.freebsd.pl
Mon Jul 7 09:46:39 GMT 2003 

Hello.

I'm sending two patches that might be helpful.

First one allow modules writter to control if module can be unloaded.
I'm write such module and I've put there sysctl that controls if it
can be unloaded or not (it works like securelevel, if it will be set
to 1, there is no chance to unload module or downgrade this sysctl).
So I can decide about this when I'm registering module.
For now I got hack for this: I'm remembering mac_policy_conf struct
for my module and I'm modifing it on sysctl change.

Secound patch will allow to control change of file birthday and
because times are pointers we are able to figure out which fields
are changed. Also now there is no information if there is
VA_UTIMES_NULL specified.

-- 
Pawel Jakub Dawidek                       pawel at dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
-------------- next part --------------
diff -ur /usr/src/sys/kern/kern_mac.c src/sys/kern/kern_mac.c
--- /usr/src/sys/kern/kern_mac.c	Tue Jul  1 11:29:30 2003
+++ src/sys/kern/kern_mac.c	Sat Jul  5 09:40:21 2003
@@ -664,6 +664,7 @@
 static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
+	int error;
 
 	/*
 	 * If we fail the load, we may get a request to unload.  Check
@@ -692,8 +693,13 @@
 		mac_policy_release_exclusive();
 		return (EBUSY);
 	}
-	if (mpc->mpc_ops->mpo_destroy != NULL)
-		(*(mpc->mpc_ops->mpo_destroy))(mpc);
+	if (mpc->mpc_ops->mpo_destroy != NULL) {
+		error = (*(mpc->mpc_ops->mpo_destroy))(mpc);
+		if (error != 0) {
+			mac_policy_release_exclusive();
+			return (error);
+		}
+	}
 
 	LIST_REMOVE(mpc, mpc_list);
 	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
diff -ur /usr/src/sys/security/mac_biba/mac_biba.c src/sys/security/mac_biba/mac_biba.c
--- /usr/src/sys/security/mac_biba/mac_biba.c	Mon Jun 23 03:26:33 2003
+++ src/sys/security/mac_biba/mac_biba.c	Sat Jul  5 09:44:08 2003
@@ -487,10 +487,11 @@
 /*
  * Policy module operations.
  */
-static void
+static int
 mac_biba_destroy(struct mac_policy_conf *conf)
 {
 
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/security/mac_bsdextended/mac_bsdextended.c src/sys/security/mac_bsdextended/mac_bsdextended.c
--- /usr/src/sys/security/mac_bsdextended/mac_bsdextended.c	Thu Mar 27 20:26:38 2003
+++ src/sys/security/mac_bsdextended/mac_bsdextended.c	Sat Jul  5 09:44:40 2003
@@ -191,12 +191,13 @@
 	/* Register dynamic sysctl's for rules. */
 }
 
-static void
+static int
 mac_bsdextended_destroy(struct mac_policy_conf *mpc)
 {
 
 	/* Tear down sysctls. */
 	/* Destroy ruleset lock. */
+	return (0);
 }
 
 static int
diff -ur /usr/src/sys/security/mac_lomac/mac_lomac.c src/sys/security/mac_lomac/mac_lomac.c
--- /usr/src/sys/security/mac_lomac/mac_lomac.c	Mon Jun 23 03:26:33 2003
+++ src/sys/security/mac_lomac/mac_lomac.c	Sat Jul  5 09:45:04 2003
@@ -598,10 +598,11 @@
 /*
  * Policy module operations.
  */
-static void
+static int
 mac_lomac_destroy(struct mac_policy_conf *conf)
 {
 
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/security/mac_mls/mac_mls.c src/sys/security/mac_mls/mac_mls.c
--- /usr/src/sys/security/mac_mls/mac_mls.c	Mon Jun 23 03:26:34 2003
+++ src/sys/security/mac_mls/mac_mls.c	Sat Jul  5 09:45:28 2003
@@ -452,10 +452,11 @@
 /*
  * Policy module operations.
  */
-static void
+static int
 mac_mls_destroy(struct mac_policy_conf *conf)
 {
 
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/security/mac_none/mac_none.c src/sys/security/mac_none/mac_none.c
--- /usr/src/sys/security/mac_none/mac_none.c	Tue Jul  1 11:30:12 2003
+++ src/sys/security/mac_none/mac_none.c	Sat Jul  5 09:45:56 2003
@@ -84,10 +84,11 @@
 /*
  * Policy module operations.
  */
-static void
+static int
 mac_none_destroy(struct mac_policy_conf *conf)
 {
 
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/security/mac_partition/mac_partition.c src/sys/security/mac_partition/mac_partition.c
--- /usr/src/sys/security/mac_partition/mac_partition.c	Tue Jul  1 11:30:12 2003
+++ src/sys/security/mac_partition/mac_partition.c	Sat Jul  5 09:48:01 2003
@@ -94,11 +94,12 @@
 	SLOT(label) = 0;
 }
 
-static void
+static int
 mac_partition_destroy_label(struct label *label)
 {
 
 	SLOT(label) = 0;
+	return (0);
 }
 
 static int
diff -ur /usr/src/sys/security/mac_portacl/mac_portacl.c src/sys/security/mac_portacl/mac_portacl.c
--- /usr/src/sys/security/mac_portacl/mac_portacl.c	Tue Mar 18 09:45:24 2003
+++ src/sys/security/mac_portacl/mac_portacl.c	Sat Jul  5 09:49:12 2003
@@ -160,12 +160,13 @@
  * Note that there is an inherent race condition in the unload of modules
  * and access via sysctl.
  */
-static void
+static int
 destroy(struct mac_policy_conf *mpc)
 {
 
 	sx_destroy(&rule_sx);
 	toast_rules(&rule_head);
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/security/mac_test/mac_test.c src/sys/security/mac_test/mac_test.c
--- /usr/src/sys/security/mac_test/mac_test.c	Tue Jul  1 11:30:12 2003
+++ src/sys/security/mac_test/mac_test.c	Sat Jul  5 09:46:18 2003
@@ -189,10 +189,11 @@
 /*
  * Policy module operations.
  */
-static void
+static int
 mac_test_destroy(struct mac_policy_conf *conf)
 {
 
+	return (0);
 }
 
 static void
diff -ur /usr/src/sys/sys/mac_policy.h src/sys/sys/mac_policy.h
--- /usr/src/sys/sys/mac_policy.h	Tue Jul  1 11:30:17 2003
+++ src/sys/sys/mac_policy.h	Sat Jul  5 09:43:16 2003
@@ -69,7 +69,7 @@
 	/*
 	 * Policy module operations.
 	 */
-	void	(*mpo_destroy)(struct mac_policy_conf *mpc);
+	int	(*mpo_destroy)(struct mac_policy_conf *mpc);
 	void	(*mpo_init)(struct mac_policy_conf *mpc);
 
 	/*
-------------- next part --------------
diff -ur /usr/src/sys/kern/kern_mac.c src/sys/kern/kern_mac.c
--- /usr/src/sys/kern/kern_mac.c	Tue Jul  1 11:29:30 2003
+++ src/sys/kern/kern_mac.c	Sat Jul  5 08:44:08 2003
@@ -1998,7 +1998,8 @@
 
 int
 mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct timespec atime, struct timespec mtime)
+    struct timespec *atime, struct timespec *mtime, struct timespec *birthtime,
+    int null)
 {
 	int error;
 
@@ -2008,7 +2009,7 @@
 		return (0);
 
 	MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
-	    mtime);
+	    mtime, bithtime, null);
 	return (error);
 }
 
diff -ur /usr/src/sys/kern/vfs_syscalls.c src/sys/kern/vfs_syscalls.c
--- /usr/src/sys/kern/vfs_syscalls.c	Tue Jul  1 11:29:38 2003
+++ src/sys/kern/vfs_syscalls.c	Sat Jul  5 08:53:30 2003
@@ -2388,13 +2388,16 @@
 	vattr.va_mtime = ts[1];
 	if (setbirthtime)
 		vattr.va_birthtime = ts[1];
-	if (numtimes > 2)
+	if (numtimes > 2) {
+		setbirthtime = 1;
 		vattr.va_birthtime = ts[2];
+	}
 	if (nullflag)
 		vattr.va_vaflags |= VA_UTIMES_NULL;
 #ifdef MAC
-	error = mac_check_vnode_setutimes(td->td_ucred, vp, vattr.va_atime,
-	    vattr.va_mtime);
+	error = mac_check_vnode_setutimes(td->td_ucred, vp, &vattr.va_atime,
+	    &vattr.va_mtime, setbirthtime ? &vattr.va_birthtime : NULL,
+	    nullflag);
 #endif
 	if (error == 0)
 		error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
diff -ur /usr/src/sys/security/mac_biba/mac_biba.c src/sys/security/mac_biba/mac_biba.c
--- /usr/src/sys/security/mac_biba/mac_biba.c	Mon Jun 23 03:26:33 2003
+++ src/sys/security/mac_biba/mac_biba.c	Sat Jul  5 09:00:11 2003
@@ -2538,7 +2538,8 @@
 
 static int
 mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *vnodelabel, struct timespec atime, struct timespec mtime)
+    struct label *vnodelabel, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 	struct mac_biba *subj, *obj;
 
diff -ur /usr/src/sys/security/mac_bsdextended/mac_bsdextended.c src/sys/security/mac_bsdextended/mac_bsdextended.c
--- /usr/src/sys/security/mac_bsdextended/mac_bsdextended.c	Thu Mar 27 20:26:38 2003
+++ src/sys/security/mac_bsdextended/mac_bsdextended.c	Sat Jul  5 09:01:21 2003
@@ -710,7 +710,8 @@
 
 static int
 mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *label, struct timespec atime, struct timespec utime)
+    struct label *label, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 	struct vattr vap;
 	int error;
diff -ur /usr/src/sys/security/mac_lomac/mac_lomac.c src/sys/security/mac_lomac/mac_lomac.c
--- /usr/src/sys/security/mac_lomac/mac_lomac.c	Mon Jun 23 03:26:33 2003
+++ src/sys/security/mac_lomac/mac_lomac.c	Sat Jul  5 09:01:52 2003
@@ -2483,7 +2483,8 @@
 
 static int
 mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *vnodelabel, struct timespec atime, struct timespec mtime)
+    struct label *vnodelabel, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 	struct mac_lomac *subj, *obj;
 
diff -ur /usr/src/sys/security/mac_mls/mac_mls.c src/sys/security/mac_mls/mac_mls.c
--- /usr/src/sys/security/mac_mls/mac_mls.c	Mon Jun 23 03:26:34 2003
+++ src/sys/security/mac_mls/mac_mls.c	Sat Jul  5 09:02:17 2003
@@ -2301,7 +2301,8 @@
 
 static int
 mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *vnodelabel, struct timespec atime, struct timespec mtime)
+    struct label *vnodelabel, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 	struct mac_mls *subj, *obj;
 
diff -ur /usr/src/sys/security/mac_none/mac_none.c src/sys/security/mac_none/mac_none.c
--- /usr/src/sys/security/mac_none/mac_none.c	Tue Jul  1 11:30:12 2003
+++ src/sys/security/mac_none/mac_none.c	Sat Jul  5 09:02:45 2003
@@ -943,7 +943,8 @@
 
 static int
 mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *label, struct timespec atime, struct timespec mtime)
+    struct label *label, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 
 	return (0);
diff -ur /usr/src/sys/security/mac_test/mac_test.c src/sys/security/mac_test/mac_test.c
--- /usr/src/sys/security/mac_test/mac_test.c	Tue Jul  1 11:30:12 2003
+++ src/sys/security/mac_test/mac_test.c	Sat Jul  5 09:04:39 2003
@@ -1352,7 +1352,8 @@
 
 static int
 mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-    struct label *label, struct timespec atime, struct timespec mtime)
+    struct label *label, struct timespec *atime, struct timespec *mtime,
+    struct timespec *birthtime, int null)
 {
 
 	return (0);
diff -ur /usr/src/sys/sys/mac.h src/sys/sys/mac.h
--- /usr/src/sys/sys/mac.h	Fri Apr 18 21:57:37 2003
+++ src/sys/sys/mac.h	Sat Jul  5 08:45:34 2003
@@ -317,7 +317,8 @@
 int	mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
 	    uid_t uid, gid_t gid);
 int	mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
-	    struct timespec atime, struct timespec mtime);
+	    struct timespec *atime, struct timespec *mtime,
+	    struct timespec *birthtime, int null);
 int	mac_check_vnode_stat(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
 int	mac_check_vnode_write(struct ucred *active_cred,
diff -ur /usr/src/sys/sys/mac_policy.h src/sys/sys/mac_policy.h
--- /usr/src/sys/sys/mac_policy.h	Tue Jul  1 11:30:17 2003
+++ src/sys/sys/mac_policy.h	Sat Jul  5 08:46:45 2003
@@ -418,7 +418,8 @@
 		    gid_t gid);
 	int	(*mpo_check_vnode_setutimes)(struct ucred *cred,
 		    struct vnode *vp, struct label *label,
-		    struct timespec atime, struct timespec mtime);
+		    struct timespec *atime, struct timespec *mtime,
+		    struct timespec *birthtime, int null);
 	int	(*mpo_check_vnode_stat)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *label);

More information about the trustedbsd-discuss mailing list