Add a new MAC entry point, mac_thread_userret(td), which permits policy

modules to perform MAC-related events when a thread returns to user space. This is required for policies that have floating process labels, as it's not always possible to acquire the process lock at arbitrary points in the stack during system call processing; process labels might represent traditional authentication data, process history information, or other data. LOMAC will use this entry point to perform the process label update prior to the thread returning to userspace, when plugged into the MAC framework. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2002-10-02 02:42:38 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-10-02 02:42:38 +0000
commit: 4be0d09ad35a2492cce9a9a891c2c800ad5c9669 (patch)
tree: 81842f8d46f9993f87a705e87627ee32a0867eaa /sys/security
parent: b9a8a81041d75fd2f18a80da77ef21a9b9ea5394 (diff)
download: FreeBSD-src-4be0d09ad35a2492cce9a9a891c2c800ad5c9669.zip
FreeBSD-src-4be0d09ad35a2492cce9a9a891c2c800ad5c9669.tar.gz
10 files changed, 92 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index b413220..ebb65cb 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -200,6 +200,7 @@ struct proc;
 struct sockaddr;
 struct socket;
 struct pipe;
+struct thread;
 struct timespec;
 struct ucred;
 struct uio;
@@ -293,6 +294,7 @@ void	mac_execve_transition(struct ucred *old, struct ucred *new,
 int	mac_execve_will_transition(struct ucred *old, struct vnode *vp);
 void	mac_create_proc0(struct ucred *cred);
 void	mac_create_proc1(struct ucred *cred);
+void	mac_thread_userret(struct thread *td);
 
 /* Access control checks. */
 int	mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index c3f2046..52fee33 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -220,6 +220,7 @@ struct mac_policy_ops {
 	void	(*mpo_create_proc1)(struct ucred *cred);
 	void	(*mpo_relabel_cred)(struct ucred *cred,
 		    struct label *newlabel);
+	void	(*mpo_thread_userret)(struct thread *thread);
 
 	/*
 	 * Access control checks.
@@ -419,6 +420,7 @@ enum mac_op_constant {
 	MAC_CREATE_PROC0,
 	MAC_CREATE_PROC1,
 	MAC_RELABEL_CRED,
+	MAC_THREAD_USERRET,
 	MAC_CHECK_BPFDESC_RECEIVE,
 	MAC_CHECK_CRED_RELABEL,
 	MAC_CHECK_CRED_VISIBLE,
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index cdbf726..2c07abe 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -652,6 +652,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
 			mpc->mpc_ops->mpo_relabel_cred =
 			    mpe->mpe_function;
 			break;
+		case MAC_THREAD_USERRET:
+			mpc->mpc_ops->mpo_thread_userret =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_BPFDESC_RECEIVE:
 			mpc->mpc_ops->mpo_check_bpfdesc_receive =
 			    mpe->mpe_function;
@@ -1581,6 +1585,13 @@ mac_create_proc1(struct ucred *cred)
 	MAC_PERFORM(create_proc1, cred);
 }
 
+void
+mac_thread_userret(struct thread *td)
+{
+
+	MAC_PERFORM(thread_userret, td);
+}
+
 /*
  * When a new process is created, its label must be initialized.  Generally,
  * this involves inheritence from the parent process, modulo possible
author	rwatson <rwatson@FreeBSD.org>	2002-10-02 02:42:38 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-10-02 02:42:38 +0000
commit	4be0d09ad35a2492cce9a9a891c2c800ad5c9669 (patch)
tree	81842f8d46f9993f87a705e87627ee32a0867eaa /sys/security
parent	b9a8a81041d75fd2f18a80da77ef21a9b9ea5394 (diff)
download	FreeBSD-src-4be0d09ad35a2492cce9a9a891c2c800ad5c9669.zip FreeBSD-src-4be0d09ad35a2492cce9a9a891c2c800ad5c9669.tar.gz