diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-10-06 02:46:26 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-10-06 02:46:26 +0000 |
| commit | 2ad996a2d39a58404c64c9e7ca9e071ff607c4ce (patch) | |
| tree | 3fea72f53d4028d0b27b47359673c85f56a3e2f8 /sys/security/mac_biba | |
| parent | f2ac31e2ec91340be2682c1750526e12229b45ee (diff) | |
| download | FreeBSD-src-2ad996a2d39a58404c64c9e7ca9e071ff607c4ce.zip FreeBSD-src-2ad996a2d39a58404c64c9e7ca9e071ff607c4ce.tar.gz | |
Sync from MAC tree: break out the single mmap entry point into
seperate entry points for each occasion:
mac_check_vnode_mmap() Check at initial mapping
mac_check_vnode_mprotect() Check at mapping protection change
mac_check_vnode_mmap_downgrade() Determine if a mapping downgrade
should take place following
subject relabel.
Implement mmap() and mprotect() entry points for labeled vnode
policies. These entry points are currently not hooked up to the
VM system in the base tree. These changes improve the consistency
of the access control interface and offer more flexibility regarding
limiting access to vnode mmaping.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_biba')
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index b202cdb..b947a1b 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1564,6 +1564,34 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, } static int +mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, + struct label *label, int prot) +{ + struct mac_biba *subj, *obj; + + /* + * Rely on the use of open()-time protections to handle + * non-revocation cases. + */ + if (!mac_biba_enabled || !mac_biba_revocation_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { + if (!mac_biba_dominate_single(obj, subj)) + return (EACCES); + } + if (prot & VM_PROT_WRITE) { + if (!mac_biba_dominate_single(subj, obj)) + return (EACCES); + } + + return (0); +} + +static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, mode_t acc_mode) { @@ -1909,26 +1937,6 @@ mac_biba_check_vnode_write(struct ucred *active_cred, return (0); } -static vm_prot_t -mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, - struct label *label, int newmapping) -{ - struct mac_biba *subj, *obj; - vm_prot_t prot = 0; - - if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) - return (VM_PROT_ALL); - - subj = SLOT(&cred->cr_label); - obj = SLOT(label); - - if (mac_biba_dominate_single(obj, subj)) - prot |= VM_PROT_READ | VM_PROT_EXECUTE; - if (mac_biba_dominate_single(subj, obj)) - prot |= VM_PROT_WRITE; - return (prot); -} - static struct mac_policy_op_entry mac_biba_ops[] = { { MAC_DESTROY, @@ -2129,6 +2137,10 @@ static struct mac_policy_op_entry mac_biba_ops[] = (macop_t)mac_biba_check_vnode_link }, { MAC_CHECK_VNODE_LOOKUP, (macop_t)mac_biba_check_vnode_lookup }, + { MAC_CHECK_VNODE_MMAP, + (macop_t)mac_biba_check_vnode_mmap }, + { MAC_CHECK_VNODE_MPROTECT, + (macop_t)mac_biba_check_vnode_mmap }, { MAC_CHECK_VNODE_OPEN, (macop_t)mac_biba_check_vnode_open }, { MAC_CHECK_VNODE_POLL, @@ -2163,8 +2175,6 @@ static struct mac_policy_op_entry mac_biba_ops[] = (macop_t)mac_biba_check_vnode_stat }, { MAC_CHECK_VNODE_WRITE, (macop_t)mac_biba_check_vnode_write }, - { MAC_CHECK_VNODE_MMAP_PERMS, - (macop_t)mac_biba_check_vnode_mmap_perms }, { MAC_OP_LAST, NULL } }; |
