From 78a117e6fa3ea5484baa385417846432dcafd758 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 23 Aug 2008 15:26:36 +0000 Subject: Introduce two related changes to the TrustedBSD MAC Framework: (1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd. (2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required. MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. --- sys/security/mac_partition/mac_partition.c | 33 +++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) (limited to 'sys/security/mac_partition') diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 153155c..255e776 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -2,6 +2,7 @@ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001-2002 Networks Associates Technology, Inc. * Copyright (c) 2006 SPARTA, Inc. + * Copyright (c) 2008 Apple Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -76,9 +77,20 @@ label_on_label(struct label *subject, struct label *object) if (partition_enabled == 0) return (0); + if (subject == NULL) + return (0); + if (SLOT(subject) == 0) return (0); + /* + * If the object label hasn't been allocated, then it's effectively + * not in a partition, and we know the subject is as it has a label + * and it's not 0, so reject. + */ + if (object == NULL) + return (EPERM); + if (SLOT(subject) == SLOT(object)) return (0); @@ -124,7 +136,10 @@ static void partition_cred_copy_label(struct label *src, struct label *dest) { - SLOT_SET(dest, SLOT(src)); + if (src != NULL && dest != NULL) + SLOT_SET(dest, SLOT(src)); + else if (dest != NULL) + SLOT_SET(dest, 0); } static void @@ -144,10 +159,14 @@ partition_cred_externalize_label(struct label *label, char *element_name, (*claimed)++; - if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) - return (EINVAL); - else - return (0); + if (label != NULL) { + if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) + return (EINVAL); + } else { + if (sbuf_printf(sb, "0") == -1) + return (EINVAL); + } + return (0); } static void @@ -174,7 +193,7 @@ static void partition_cred_relabel(struct ucred *cred, struct label *newlabel) { - if (SLOT(newlabel) != 0) + if (newlabel != NULL && SLOT(newlabel) != 0) SLOT_SET(cred->cr_label, SLOT(newlabel)); } @@ -273,4 +292,4 @@ static struct mac_policy_ops partition_ops = }; MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", - MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); + MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot, MPC_OBJECT_CRED); -- cgit v1.1