diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-11-05 17:51:56 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-11-05 17:51:56 +0000 |
| commit | 6c4f4d26f40ce589a67efe5260b3ba8b84d18f53 (patch) | |
| tree | 0c35ffffc1443eb8831c156b8636e7d9d90c53af /sys/sys/mac.h | |
| parent | 948267c75e47c6aad3531acbe80d2dd7c9622792 (diff) | |
| download | FreeBSD-src-6c4f4d26f40ce589a67efe5260b3ba8b84d18f53.zip FreeBSD-src-6c4f4d26f40ce589a67efe5260b3ba8b84d18f53.tar.gz | |
Bring in two sets of changes:
(1) Permit userland applications to request a change of label atomic
with an execve() via mac_execve(). This is required for the
SEBSD port of SELinux/FLASK. Attempts to invoke this without
MAC compiled in result in ENOSYS, as with all other MAC system
calls. Complexity, if desired, is present in policy modules,
rather than the framework.
(2) Permit policies to have access to both the label of the vnode
being executed as well as the interpreter if it's a shell
script or related UNIX nonsense. Because we can't hold both
vnode locks at the same time, cache the interpreter label.
SEBSD relies on this because it supports secure transitioning
via shell script executables. Other policies might want to
take both labels into account during an integrity or
confidentiality decision at execve()-time.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/sys/mac.h')
| -rw-r--r-- | sys/sys/mac.h | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/sys/sys/mac.h b/sys/sys/mac.h index 904ead3..3d56a17 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -84,6 +84,8 @@ typedef struct mac *mac_t; * Extended non-POSIX.1e interfaces that offer additional services * available from the userland and kernel MAC frameworks. */ +int mac_execve(char *fname, char **argv, char **envv, + mac_t _label); int mac_free(mac_t _label); int mac_from_text(mac_t *_label, const char *_text); int mac_get_fd(int _fd, mac_t _label); @@ -113,6 +115,7 @@ struct componentname; struct devfs_dirent; struct ifnet; struct ifreq; +struct image_params; struct ipq; struct mbuf; struct mount; @@ -129,7 +132,6 @@ struct vnode; #include <sys/acl.h> /* XXX acl_type_t */ -struct vop_refreshlabel_args; struct vop_setlabel_args; /* @@ -216,9 +218,14 @@ void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); * Labeling event operations: processes. */ void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); +int mac_execve_enter(struct image_params *imgp, struct mac *mac_p, + struct label *execlabel); +void mac_execve_exit(struct image_params *imgp); void mac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp); -int mac_execve_will_transition(struct ucred *old, struct vnode *vp); + struct vnode *vp, struct label *interpvnodelabel, + struct image_params *imgp); +int mac_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *interpvnodelabel, struct image_params *imgp); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); @@ -269,7 +276,8 @@ int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, acl_type_t type); -int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, + struct image_params *imgp); int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type); int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, |
