Implement read(2)/write(2) and neccessary lseek(2) for posix shmfd.

Add MAC framework entries for posix shm read and write.

Do not allow implicit extension of the underlying memory segment past
the limit set by ftruncate(2) by either of the syscalls.  Read and
write returns short i/o, lseek(2) fails with EINVAL when resulting
offset does not fit into the limit.

Discussed with:	alc
Tested by:	pho
Sponsored by:	The FreeBSD Foundation

3 files changed, 46 insertions, 0 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 92aedea..77cb8bc 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -243,6 +243,8 @@ int	mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,
 	    int prot, int flags);
 int	mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
 	    accmode_t accmode);
+int	mac_posixshm_check_read(struct ucred *active_cred,
+	    struct ucred *file_cred, struct shmfd *shmfd);
 int	mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
 	    mode_t mode);
 int	mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
@@ -252,6 +254,8 @@ int	mac_posixshm_check_stat(struct ucred *active_cred,
 int	mac_posixshm_check_truncate(struct ucred *active_cred,
 	    struct ucred *file_cred, struct shmfd *shmfd);
 int	mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd);
+int	mac_posixshm_check_write(struct ucred *active_cred,
+	    struct ucred *file_cred, struct shmfd *shmfd);
 void 	mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd);
 void	mac_posixshm_destroy(struct shmfd *);
 void	mac_posixshm_init(struct shmfd *);
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 090dc40..dadadb5 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -363,6 +363,9 @@ typedef int	(*mpo_posixshm_check_mmap_t)(struct ucred *cred,
 typedef int	(*mpo_posixshm_check_open_t)(struct ucred *cred,
 		    struct shmfd *shmfd, struct label *shmlabel,
 		    accmode_t accmode);
+typedef int	(*mpo_posixshm_check_read_t)(struct ucred *active_cred,
+		    struct ucred *file_cred, struct shmfd *shmfd,
+		    struct label *shmlabel);
 typedef int	(*mpo_posixshm_check_setmode_t)(struct ucred *cred,
 		    struct shmfd *shmfd, struct label *shmlabel,
 		    mode_t mode);
@@ -377,6 +380,9 @@ typedef int	(*mpo_posixshm_check_truncate_t)(struct ucred *active_cred,
 		    struct label *shmlabel);
 typedef int	(*mpo_posixshm_check_unlink_t)(struct ucred *cred,
 		    struct shmfd *shmfd, struct label *shmlabel);
+typedef int	(*mpo_posixshm_check_write_t)(struct ucred *active_cred,
+		    struct ucred *file_cred, struct shmfd *shmfd,
+		    struct label *shmlabel);
 typedef void	(*mpo_posixshm_create_t)(struct ucred *cred,
 		    struct shmfd *shmfd, struct label *shmlabel);
 typedef void	(*mpo_posixshm_destroy_label_t)(struct label *label);
@@ -818,11 +824,13 @@ struct mac_policy_ops {
 	mpo_posixshm_check_create_t		mpo_posixshm_check_create;
 	mpo_posixshm_check_mmap_t		mpo_posixshm_check_mmap;
 	mpo_posixshm_check_open_t		mpo_posixshm_check_open;
+	mpo_posixshm_check_read_t		mpo_posixshm_check_read;
 	mpo_posixshm_check_setmode_t		mpo_posixshm_check_setmode;
 	mpo_posixshm_check_setowner_t		mpo_posixshm_check_setowner;
 	mpo_posixshm_check_stat_t		mpo_posixshm_check_stat;
 	mpo_posixshm_check_truncate_t		mpo_posixshm_check_truncate;
 	mpo_posixshm_check_unlink_t		mpo_posixshm_check_unlink;
+	mpo_posixshm_check_write_t		mpo_posixshm_check_write;
 	mpo_posixshm_create_t			mpo_posixshm_create;
 	mpo_posixshm_destroy_label_t		mpo_posixshm_destroy_label;
 	mpo_posixshm_init_label_t		mpo_posixshm_init_label;
diff --git a/sys/security/mac/mac_posix_shm.c b/sys/security/mac/mac_posix_shm.c
index d5d15fc..1202d46 100644
--- a/sys/security/mac/mac_posix_shm.c
+++ b/sys/security/mac/mac_posix_shm.c
@@ -228,3 +228,37 @@ mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, uid_t uid,
 
 	return (error);
 }
+
+MAC_CHECK_PROBE_DEFINE3(posixshm_check_read, "struct ucred *",
+    "struct ucred *", "struct shmfd *");
+
+int
+mac_posixshm_check_read(struct ucred *active_cred, struct ucred *file_cred,
+    struct shmfd *shmfd)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixshm_check_read, active_cred,
+	    file_cred, shmfd, shmfd->shm_label);
+	MAC_CHECK_PROBE3(posixshm_check_read, error, active_cred,
+	    file_cred, shmfd);
+
+	return (error);
+}
+
+MAC_CHECK_PROBE_DEFINE3(posixshm_check_write, "struct ucred *",
+    "struct ucred *", "struct shmfd *");
+
+int
+mac_posixshm_check_write(struct ucred *active_cred, struct ucred *file_cred,
+    struct shmfd *shmfd)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixshm_check_write, active_cred,
+	    file_cred, shmfd, shmfd->shm_label);
+	MAC_CHECK_PROBE3(posixshm_check_write, error, active_cred,
+	    file_cred, shmfd);
+
+	return (error);
+}