Introduce support for Mandatory Access Control and extensible

kernel access control. Invoke appropriate MAC entry points for a number of VFS-related operations in the Linux ABI module. In particular, handle uselib in a manner similar to open() (more work is probably needed here), as well as handle statfs(), and linux readdir()-like calls. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-08-01 22:23:02 +00:00 · 2002-08-01 22:23:02 +00:00 · b246ee0a3c
commit b246ee0a3c
parent 41f4dc56d1
5 changed files with 47 additions and 3 deletions
--- a/sys/compat/linux/linux_file.c
+++ b/sys/compat/linux/linux_file.c
@ -29,6 +29,7 @@
 */

 #include "opt_compat.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -38,6 +39,7 @@
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
@ -325,6 +327,13 @@ again:
 		cookies = NULL;
 	}

+#ifdef MAC
+	/*
+	 * Do directory search MAC check using non-cached credentials.
+	 */
+	if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp))
+		goto out;
+#endif /* MAC */
 	if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies,
 		 &cookies)))
 		goto out;
--- a/sys/compat/linux/linux_getcwd.c
+++ b/sys/compat/linux/linux_getcwd.c
@ -38,6 +38,7 @@
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "opt_compat.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -51,6 +52,7 @@
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/uio.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/dirent.h>
 #include <ufs/ufs/dir.h>	/* XXX only for DIRBLKSIZ */
@ -200,7 +202,12 @@ unionread:

 		eofflag = 0;

-		error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, 0, 0);
+#ifdef MAC
+		error = mac_check_vnode_readdir(td->td_ucred, uvp);
+		if (error == 0)
+#endif /* MAC */
+			error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag,
+			    0, 0);

 		off = uio.uio_offset;

--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@ -29,6 +29,7 @@
 */

 #include "opt_compat.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -37,6 +38,7 @@
 #include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
@ -250,7 +252,7 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args)
 	vp = NULL;

 	/*
-	 * XXX This code should make use of vn_open(), rather than doing
+	 * XXX: This code should make use of vn_open(), rather than doing
 	 * all this stuff itself.
 	 */
 	NDINIT(&ni, LOOKUP, FOLLOW|LOCKLEAF, UIO_USERSPACE, args->library, td);
@ -306,6 +308,11 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args)
 	 * XXX: This should use vn_open() so that it is properly authorized,
 	 * and to reduce code redundancy all over the place here.
 	 */
+#ifdef MAC
+	error = mac_check_vnode_open(td->td_ucred, vp, FREAD);
+	if (error)
+		goto cleanup;
+#endif
 	error = VOP_OPEN(vp, FREAD, td->td_ucred, td);
 	if (error)
 		goto cleanup;
--- a/sys/compat/linux/linux_stats.c
+++ b/sys/compat/linux/linux_stats.c
@ -28,12 +28,15 @@
 * $FreeBSD$
 */

+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/dirent.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/proc.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
 #include <sys/stat.h>
@ -247,6 +250,11 @@ linux_statfs(struct thread *td, struct linux_statfs_args *args)
 	mp = ndp->ni_vp->v_mount;
 	bsd_statfs = &mp->mnt_stat;
 	vrele(ndp->ni_vp);
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error)
+		return (error);
+#endif
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error)
 		return error;
@ -282,6 +290,13 @@ linux_fstatfs(struct thread *td, struct linux_fstatfs_args *args)
 	if (error)
 		return error;
 	mp = ((struct vnode *)fp->f_data)->v_mount;
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error) {
+		fdrop(fp, td);
+		return (error);
+	}
+#endif
 	bsd_statfs = &mp->mnt_stat;
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error) {
@ -344,6 +359,11 @@ linux_ustat(struct thread *td, struct linux_ustat_args *args)
 	if (vfinddev(dev, VCHR, &vp)) {
 		if (vp->v_mount == NULL)
 			return (EINVAL);
+#ifdef MAC
+		error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+		if (error)
+			return (error);
+#endif
 		stat = &(vp->v_mount->mnt_stat);
 		error = VFS_STATFS(vp->v_mount, stat, td);
 		if (error)
--- a/sys/modules/linux/Makefile
+++ b/sys/modules/linux/Makefile
@ -8,7 +8,8 @@ KMOD=	linux
 SRCS=	linux_dummy.c linux_file.c linux_getcwd.c linux_ioctl.c linux_ipc.c \
 	linux_machdep.c linux_mib.c linux_misc.c linux_signal.c linux_socket.c \
 	linux_stats.c linux_sysctl.c linux_sysent.c linux_sysvec.c \
-	linux_util.c opt_compat.h opt_linux.h opt_vmpage.h vnode_if.h
+	linux_util.c opt_compat.h opt_linux.h opt_mac.h opt_vmpage.h \
+	vnode_if.h
 OBJS=	linux_locore.o

 .if ${MACHINE_ARCH} == "i386"