Introduce MAC Framework and MAC Policy entry points to label and control

access to POSIX Semaphores: mac_init_posix_sem() Initialize label for POSIX semaphore mac_create_posix_sem() Create POSIX semaphore mac_destroy_posix_sem() Destroy POSIX semaphore mac_check_posix_sem_destroy() Check whether semaphore may be destroyed mac_check_posix_sem_getvalue() Check whether semaphore may be queried mac_check_possix_sem_open() Check whether semaphore may be opened mac_check_posix_sem_post() Check whether semaphore may be posted to mac_check_posix_sem_unlink() Check whether semaphore may be unlinked mac_check_posix_sem_wait() Check whether may wait on semaphore Update Biba, MLS, Stub, and Test policies to implement these entry points. For information flow policies, most semaphore operations are effectively read/write. Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Sponsored by: DARPA, McAfee, SPARTA Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2005-05-04 10:39:15 +0000
committer: rwatson <rwatson@FreeBSD.org> 2005-05-04 10:39:15 +0000
commit: 2197ab2d9342ec86dee8d80f036f78a3fced3ff7 (patch)
tree: f0b55e1f47aadd0b1a94b34901f76cb2bd96c403 /sys/security/mac_test
parent: ddd6311fb87bee11285e589301f537f9ea1491b2 (diff)
download: FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.zip
FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.tar.gz
1 files changed, 61 insertions, 0 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index b2fa853..735a643 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -62,6 +62,8 @@
 #include <sys/sem.h>
 #include <sys/shm.h>
 
+#include <posix4/ksem.h>
+
 #include <fs/devfs/devfs.h>
 
 #include <net/bpfdesc.h>
@@ -130,6 +132,8 @@ SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW,
 	SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ ))
 #define	ASSERT_PIPE_LABEL(x)	KASSERT(SLOT(x) == PIPEMAGIC ||		\
 	SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
+#define	ASSERT_POSIX_LABEL(x)	KASSERT(SLOT(x) == POSIXSEMMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ ))
 #define	ASSERT_PROC_LABEL(x)	KASSERT(SLOT(x) == PROCMAGIC ||		\
 	SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
 #define	ASSERT_CRED_LABEL(x)	KASSERT(SLOT(x) == CREDMAGIC ||		\
@@ -190,6 +194,9 @@ SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel,
 static int	init_count_pipe;
 SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
     &init_count_pipe, 0, "pipe init calls");
+static int	init_count_posixsems;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD,
+    &init_count_posixsems, 0, "posix sems init calls");
 static int	init_count_proc;
 SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD,
     &init_count_proc, 0, "proc init calls");
@@ -247,6 +254,9 @@ SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel,
 static int      destroy_count_pipe;
 SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
     &destroy_count_pipe, 0, "pipe destroy calls");
+static int	destroy_count_posixsems;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_posixsems, CTLFLAG_RD,
+    &destroy_count_posixsems, 0, "posix sems destroy calls");
 static int      destroy_count_proc;
 SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD,
     &destroy_count_proc, 0, "proc destroy calls");
@@ -447,6 +457,14 @@ mac_test_init_pipe_label(struct label *label)
 }
 
 static void
+mac_test_init_posix_sem_label(struct label *label)
+{
+
+	SLOT(label) = POSIXSEMMAGIC;
+	atomic_add_int(&init_count_posixsems, 1);
+}
+
+static void
 mac_test_init_proc_label(struct label *label)
 {
 
@@ -697,6 +715,20 @@ mac_test_destroy_pipe_label(struct label *label)
 }
 
 static void
+mac_test_destroy_posix_sem_label(struct label *label)
+{
+
+	if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) {
+		atomic_add_int(&destroy_count_posixsems, 1);
+		SLOT(label) = EXMAGIC;
+	} else if (SLOT(label) == EXMAGIC) {
+		DEBUGGER("mac_test_destroy_posix_sem: dup destroy");
+	} else {
+		DEBUGGER("mac_test_destroy_posix_sem: corrupted label");
+	}
+}
+
+static void
 mac_test_destroy_proc_label(struct label *label)
 {
 
@@ -954,6 +986,15 @@ mac_test_create_pipe(struct ucred *cred, struct pipepair *pp,
 }
 
 static void
+mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem,
+   struct label *posixlabel)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+	ASSERT_POSIX_LABEL(posixlabel);
+}
+
+static void
 mac_test_create_socket_from_socket(struct socket *oldsocket,
     struct label *oldsocketlabel, struct socket *newsocket,
     struct label *newsocketlabel)
@@ -1677,6 +1718,17 @@ mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp,
 }
 
 static int
+mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr,
+    struct label *ks_label)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+	ASSERT_POSIX_LABEL(ks_label);
+
+	return (0);
+}
+
+static int
 mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
 {
 
@@ -2377,6 +2429,7 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_init_mount_label = mac_test_init_mount_label,
 	.mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
 	.mpo_init_pipe_label = mac_test_init_pipe_label,
+	.mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
 	.mpo_init_proc_label = mac_test_init_proc_label,
 	.mpo_init_socket_label = mac_test_init_socket_label,
 	.mpo_init_socket_peer_label = mac_test_init_socket_peer_label,
@@ -2396,6 +2449,7 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_destroy_mount_label = mac_test_destroy_mount_label,
 	.mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
 	.mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
+	.mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
 	.mpo_destroy_proc_label = mac_test_destroy_proc_label,
 	.mpo_destroy_socket_label = mac_test_destroy_socket_label,
 	.mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label,
@@ -2431,6 +2485,7 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_update_devfsdirent = mac_test_update_devfsdirent,
 	.mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket,
 	.mpo_create_pipe = mac_test_create_pipe,
+	.mpo_create_posix_sem = mac_test_create_posix_sem,
 	.mpo_create_socket = mac_test_create_socket,
 	.mpo_create_socket_from_socket = mac_test_create_socket_from_socket,
 	.mpo_relabel_pipe = mac_test_relabel_pipe,
@@ -2504,6 +2559,12 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_pipe_relabel = mac_test_check_pipe_relabel,
 	.mpo_check_pipe_stat = mac_test_check_pipe_stat,
 	.mpo_check_pipe_write = mac_test_check_pipe_write,
+	.mpo_check_posix_sem_destroy = mac_test_check_posix_sem,
+	.mpo_check_posix_sem_getvalue = mac_test_check_posix_sem,
+	.mpo_check_posix_sem_open = mac_test_check_posix_sem,
+	.mpo_check_posix_sem_post = mac_test_check_posix_sem,
+	.mpo_check_posix_sem_unlink = mac_test_check_posix_sem,
+	.mpo_check_posix_sem_wait = mac_test_check_posix_sem,
 	.mpo_check_proc_debug = mac_test_check_proc_debug,
 	.mpo_check_proc_sched = mac_test_check_proc_sched,
 	.mpo_check_proc_setuid = mac_test_check_proc_setuid,
author	rwatson <rwatson@FreeBSD.org>	2005-05-04 10:39:15 +0000
committer	rwatson <rwatson@FreeBSD.org>	2005-05-04 10:39:15 +0000
commit	2197ab2d9342ec86dee8d80f036f78a3fced3ff7 (patch)
tree	f0b55e1f47aadd0b1a94b34901f76cb2bd96c403 /sys/security/mac_test
parent	ddd6311fb87bee11285e589301f537f9ea1491b2 (diff)
download	FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.zip FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.tar.gz