From c2166f1034cafe467058e46b1391fc62e348cf59 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 5 Nov 2002 14:57:49 +0000
Subject: Hook up the mac_will_execve_transition() and mac_execve_transition()
 entrypoints, #ifdef MAC.  The supporting logic already existed in kern_mac.c,
 so no change there.  This permits MAC policies to cause a process label
 change as the result of executing a binary -- typically, as a result of
 executing a specially labeled binary.

For example, the SEBSD port of SELinux/FLASK uses this functionality
to implement TE type transitions on processes using transitioning
binaries, in a manner similar to setuid.  Policies not implementing
a notion of transition (all the ones in the tree right now) require
no changes, since the old label data is copied to the new label
via mac_create_cred() even if a transition does occur.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
---
 sys/kern/kern_exec.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'sys/kern/kern_exec.c')

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 3afbd24..4586502 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -167,6 +167,9 @@ kern_execve(td, fname, argv, envv)
 	struct vnode *textvp = NULL;
 	int credential_changing;
 	int textset;
+#ifdef MAC
+	int will_transition;
+#endif
 
 	imgp = &image_params;
 
@@ -436,6 +439,10 @@ interpret:
 	    attr.va_uid;
 	credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
 	    attr.va_gid;
+#ifdef MAC
+	will_transition = mac_execve_will_transition(oldcred, imgp->vp);
+	credential_changing |= will_transition;
+#endif
 
 	if (credential_changing &&
 	    (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
@@ -478,8 +485,16 @@ interpret:
 			change_euid(newcred, euip);
 		if (attr.va_mode & VSGID)
 			change_egid(newcred, attr.va_gid);
+#ifdef MAC
+		if (will_transition)
+			mac_execve_transition(oldcred, newcred, imgp->vp);
+#endif
 		/*
 		 * Implement correct POSIX saved-id behavior.
+		 *
+		 * XXXMAC: Note that the current logic will save the
+		 * uid and gid if a MAC domain transition occurs, even
+		 * though maybe it shouldn't.
 		 */
 		change_svuid(newcred, newcred->cr_uid);
 		change_svgid(newcred, newcred->cr_gid);
-- 
cgit v1.1