diff options
author | csjp <csjp@FreeBSD.org> | 2005-04-14 16:03:30 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2005-04-14 16:03:30 +0000 |
commit | e89e83d7fe58cc228e95e5dea896e841c5a94fc8 (patch) | |
tree | a937e6876873279cfd5117a2a8a0ee95fe63505b /sys/security | |
parent | 4b37bbd4869afe14bdd327fff059627a656722c0 (diff) | |
download | FreeBSD-src-e89e83d7fe58cc228e95e5dea896e841c5a94fc8.zip FreeBSD-src-e89e83d7fe58cc228e95e5dea896e841c5a94fc8.tar.gz |
Move MAC check_vnode_mmap entry point out from being exclusive to
MAP_SHARED so that the entry point gets executed un-conditionally.
This may be useful for security policies which want to perform access
control checks around run-time linking.
-add the mmap(2) flags argument to the check_vnode_mmap entry point
so that we can make access control decisions based on the type of
mapped object.
-update any dependent API around this parameter addition such as
function prototype modifications, entry point parameter additions
and the inclusion of sys/mman.h header file.
-Change the MLS, BIBA and LOMAC security policies so that subject
domination routines are not executed unless the type of mapping is
shared. This is done to maintain compatibility between the old
vm_mmap_vnode(9) and these policies.
Reviewed by: rwatson
MFC after: 1 month
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac/mac_framework.h | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_policy.h | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_vfs.c | 5 | ||||
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 5 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 5 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 5 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 2 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 2 |
8 files changed, 16 insertions, 12 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index b7d08f5..055a5ad 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -375,7 +375,7 @@ int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp); int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - int prot); + int prot, int flags); int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot); int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 952a1ba..036c7a9 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -478,7 +478,7 @@ struct mac_policy_ops { struct vnode *dvp, struct label *dlabel, struct componentname *cnp); int (*mpo_check_vnode_mmap)(struct ucred *cred, struct vnode *vp, - struct label *label, int prot); + struct label *label, int prot, int flags); void (*mpo_check_vnode_mmap_downgrade)(struct ucred *cred, struct vnode *vp, struct label *label, int *prot); int (*mpo_check_vnode_mprotect)(struct ucred *cred, diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 6bb9518..acf21a5 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -598,7 +598,8 @@ mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, } int -mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot) +mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, + int prot, int flags) { int error; @@ -607,7 +608,7 @@ mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot) if (!mac_enforce_fs || !mac_enforce_vm) return (0); - MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot); + MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot, flags); return (error); } diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index bf32677..1ff1f0f 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -47,6 +47,7 @@ #include <sys/kernel.h> #include <sys/mac.h> #include <sys/malloc.h> +#include <sys/mman.h> #include <sys/mount.h> #include <sys/proc.h> #include <sys/sbuf.h> @@ -2607,7 +2608,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) + struct label *label, int prot, int flags) { struct mac_biba *subj, *obj; @@ -2625,7 +2626,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); } - if (prot & VM_PROT_WRITE) { + if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 117f256..c4c001a 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -47,6 +47,7 @@ #include <sys/kernel.h> #include <sys/mac.h> #include <sys/malloc.h> +#include <sys/mman.h> #include <sys/mount.h> #include <sys/proc.h> #include <sys/sbuf.h> @@ -2181,7 +2182,7 @@ mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) + struct label *label, int prot, int flags) { struct mac_lomac *subj, *obj; @@ -2195,7 +2196,7 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (prot & VM_PROT_WRITE) { + if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); } diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index b2f525a..fb0c2a5 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -46,6 +46,7 @@ #include <sys/extattr.h> #include <sys/kernel.h> #include <sys/mac.h> +#include <sys/mman.h> #include <sys/malloc.h> #include <sys/mount.h> #include <sys/proc.h> @@ -2380,7 +2381,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) + struct label *label, int prot, int flags) { struct mac_mls *subj, *obj; @@ -2398,7 +2399,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); } - if (prot & VM_PROT_WRITE) { + if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 8ea7cb3..35e3c34 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -1051,7 +1051,7 @@ stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) + struct label *label, int prot, int flags) { return (0); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index cda195a..d2555bc 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1995,7 +1995,7 @@ mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot) + struct label *label, int prot, int flags) { ASSERT_CRED_LABEL(cred->cr_label); |