summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_mac.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-10-06 02:46:26 +0000
committerrwatson <rwatson@FreeBSD.org>2002-10-06 02:46:26 +0000
commit2ad996a2d39a58404c64c9e7ca9e071ff607c4ce (patch)
tree3fea72f53d4028d0b27b47359673c85f56a3e2f8 /sys/kern/kern_mac.c
parentf2ac31e2ec91340be2682c1750526e12229b45ee (diff)
downloadFreeBSD-src-2ad996a2d39a58404c64c9e7ca9e071ff607c4ce.zip
FreeBSD-src-2ad996a2d39a58404c64c9e7ca9e071ff607c4ce.tar.gz
Sync from MAC tree: break out the single mmap entry point into
seperate entry points for each occasion: mac_check_vnode_mmap() Check at initial mapping mac_check_vnode_mprotect() Check at mapping protection change mac_check_vnode_mmap_downgrade() Determine if a mapping downgrade should take place following subject relabel. Implement mmap() and mprotect() entry points for labeled vnode policies. These entry points are currently not hooked up to the VM system in the base tree. These changes improve the consistency of the access control interface and offer more flexibility regarding limiting access to vnode mmaping. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/kern_mac.c')
-rw-r--r--sys/kern/kern_mac.c81
1 files changed, 63 insertions, 18 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 69b1772..bed8a95 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -216,8 +216,8 @@ static int mac_policy_register(struct mac_policy_conf *mpc);
static int mac_policy_unregister(struct mac_policy_conf *mpc);
static int mac_stdcreatevnode_ea(struct vnode *vp);
-static void mac_cred_mmapped_drop_perms(struct thread *td,
- struct ucred *cred);
+static void mac_check_vnode_mmap_downgrade(struct ucred *cred,
+ struct vnode *vp, int *prot);
static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
struct ucred *cred, struct vm_map *map);
@@ -813,8 +813,16 @@ mac_policy_register(struct mac_policy_conf *mpc)
mpc->mpc_ops->mpo_check_vnode_lookup =
mpe->mpe_function;
break;
- case MAC_CHECK_VNODE_MMAP_PERMS:
- mpc->mpc_ops->mpo_check_vnode_mmap_perms =
+ case MAC_CHECK_VNODE_MMAP:
+ mpc->mpc_ops->mpo_check_vnode_mmap =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_VNODE_MMAP_DOWNGRADE:
+ mpc->mpc_ops->mpo_check_vnode_mmap_downgrade =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_VNODE_MPROTECT:
+ mpc->mpc_ops->mpo_check_vnode_mprotect =
mpe->mpe_function;
break;
case MAC_CHECK_VNODE_OPEN:
@@ -1940,21 +1948,56 @@ mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
return (error);
}
-vm_prot_t
-mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping)
+int
+mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot)
{
- vm_prot_t result = VM_PROT_ALL;
+ int error;
- if (!mac_enforce_vm)
- return (result);
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap");
- /*
- * This should be some sort of MAC_BITWISE, maybe :)
- */
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_perms");
- MAC_BOOLEAN(check_vnode_mmap_perms, &, cred, vp, &vp->v_label,
- newmapping);
- return (result);
+ if (!mac_enforce_fs || !mac_enforce_vm)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot);
+ return (error);
+}
+
+void
+mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
+{
+ int result = *prot;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_downgrade");
+
+ if (!mac_enforce_fs || !mac_enforce_vm)
+ return;
+
+ MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label,
+ &result);
+
+ *prot = result;
+}
+
+int
+mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mprotect");
+
+ if (!mac_enforce_fs || !mac_enforce_vm)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot);
+ return (error);
}
int
@@ -2337,7 +2380,8 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
struct vm_map *map)
{
struct vm_map_entry *vme;
- vm_prot_t result, revokeperms;
+ int result;
+ vm_prot_t revokeperms;
vm_object_t object;
vm_ooffset_t offset;
struct vnode *vp;
@@ -2378,7 +2422,8 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
continue;
vp = (struct vnode *)object->handle;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- result = mac_check_vnode_mmap_prot(cred, vp, 0);
+ result = vme->max_protection;
+ mac_check_vnode_mmap_downgrade(cred, vp, &result);
VOP_UNLOCK(vp, 0, td);
/*
* Find out what maximum protection we may be allowing
OpenPOWER on IntegriCloud