upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve locking of pipe mutexes in the context of MAC:

Browse source 
(1) Where previously the pipe mutex was selectively grabbed during
    pipe_ioctl(), now always grab it and then release if if not
    needed.  This protects the call to mac_check_pipe_ioctl() to
    make sure the label remains consistent.  (Note: it looks
    like sigio locking may be incorrect for fgetown() since we
    call it not-by-reference and sigio locking assumes call by
    reference).

(2) In pipe_stat(), lock the pipe if MAC is compiled in so that
    the call to mac_check_pipe_stat() gets a locked pipe to
    protect label consistency.  We still release the lock before
    returning actual stat() data, risking inconsistency, but
    apparently our pipe locking model accepts that risk.

(3) In various pipe MAC authorization checks, assert that the pipe
    lock is held.

(4) Grab the lock when performing a pipe relabel operation, and
    assert it a little deeper in the stack.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson 2002-10-01 04:30:19 +00:00
parent 6be0c25e4e
commit 1aa37f5392
10 changed files with 318 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
sys/kern/kern_mac.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

16
sys/kern/sys_pipe.c
View file

@ -1165,8 +1165,11 @@ pipe_ioctl(fp, cmd, data, active_cred, td)
struct pipe *mpipe = (struct pipe *)fp->f_data;
#ifdef MAC
int error;
#endif
/* XXXMAC: Pipe should be locked for this check. */
PIPE_LOCK(mpipe);
#ifdef MAC
error = mac_check_pipe_ioctl(active_cred, mpipe, cmd, data);
if (error)
return (error);
@ -1175,10 +1178,10 @@ pipe_ioctl(fp, cmd, data, active_cred, td)
switch (cmd) {
case FIONBIO:
PIPE_UNLOCK(mpipe);
return (0);
case FIOASYNC:
PIPE_LOCK(mpipe);
if (*(int *)data) {
mpipe->pipe_state |= PIPE_ASYNC;
} else {
@ -1188,7 +1191,6 @@ pipe_ioctl(fp, cmd, data, active_cred, td)
return (0);
case FIONREAD:
PIPE_LOCK(mpipe);
if (mpipe->pipe_state & PIPE_DIRECTW)
*(int *)data = mpipe->pipe_map.cnt;
else
@ -1197,22 +1199,27 @@ pipe_ioctl(fp, cmd, data, active_cred, td)
return (0);
case FIOSETOWN:
PIPE_UNLOCK(mpipe);
return (fsetown(*(int *)data, &mpipe->pipe_sigio));
case FIOGETOWN:
PIPE_UNLOCK(mpipe);
*(int *)data = fgetown(mpipe->pipe_sigio);
return (0);
/* This is deprecated, FIOSETOWN should be used instead. */
case TIOCSPGRP:
PIPE_UNLOCK(mpipe);
return (fsetown(-(*(int *)data), &mpipe->pipe_sigio));
/* This is deprecated, FIOGETOWN should be used instead. */
case TIOCGPGRP:
PIPE_UNLOCK(mpipe);
*(int *)data = -fgetown(mpipe->pipe_sigio);
return (0);
}
PIPE_UNLOCK(mpipe);
return (ENOTTY);
}
@ -1288,8 +1295,9 @@ pipe_stat(fp, ub, active_cred, td)
#ifdef MAC
int error;
/* XXXMAC: Pipe should be locked for this check. */
PIPE_LOCK(pipe);
error = mac_check_pipe_stat(active_cred, pipe);
PIPE_UNLOCK(pipe);
if (error)
return (error);
#endif

34
sys/security/mac/mac_framework.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_internal.h
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_net.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_pipe.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_process.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_syscalls.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_system.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;

34
sys/security/mac/mac_vfs.c
View file

@ -2572,6 +2572,11 @@ mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
return (error);
@ -2582,6 +2587,11 @@ mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
return (error);
@ -2592,6 +2602,11 @@ mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
return (error);
@ -2603,6 +2618,11 @@ mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
return (error);
@ -2613,6 +2633,11 @@ mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
return (error);
@ -2623,6 +2648,11 @@ mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
if (!mac_enforce_pipe)
return (0);
MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
return (error);
@ -2889,6 +2919,8 @@ mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
{
int error;
PIPE_LOCK_ASSERT(pipe, MA_OWNED);
error = mac_check_pipe_relabel(cred, pipe, label);
if (error)
return (error);
@ -3192,7 +3224,9 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
break;
case DTYPE_PIPE:
pipe = (struct pipe *)fp->f_data;
PIPE_LOCK(pipe);
error = mac_pipe_label_set(td->td_ucred, pipe, &intlabel);
PIPE_UNLOCK(pipe);
break;
default:
error = EINVAL;