From c096756c00f4ec7b2e88bfaa5a0c8fc4941775b9 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 21 Aug 2003 13:53:01 +0000 Subject: [PATCH] Add mac_check_vnode_deleteextattr() and mac_check_vnode_listextattr(): explicit access control checks to delete and list extended attributes on a vnode, rather than implicitly combining with the setextattr and getextattr checks. This reflects EA API changes in the kernel made recently, including the move to explicit VOP's for both of these operations. Obtained from: TrustedBSD PRoject Sponsored by: DARPA, Network Associates Laboratories --- sys/kern/kern_mac.c | 32 ++++++++++++++++++++++++++++++++ sys/kern/vfs_extattr.c | 7 +++---- sys/kern/vfs_syscalls.c | 7 +++---- sys/security/mac/mac_framework.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_framework.h | 4 ++++ sys/security/mac/mac_internal.h | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_net.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_pipe.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_policy.h | 5 +++++ sys/security/mac/mac_process.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_syscalls.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_system.c | 32 ++++++++++++++++++++++++++++++++ sys/security/mac/mac_vfs.c | 32 ++++++++++++++++++++++++++++++++ sys/sys/mac.h | 4 ++++ sys/sys/mac_policy.h | 5 +++++ 15 files changed, 312 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 7d51ca78220..5eeda6c6317 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -4270,8 +4270,8 @@ extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname, vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, - attrname, NULL); + error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace, + attrname); if (error) goto done; #endif @@ -4418,8 +4418,7 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data, sizep = &size; #ifdef MAC - error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace, - "", &auio); + error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace); if (error) goto done; #endif diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 7d51ca78220..5eeda6c6317 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -4270,8 +4270,8 @@ extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname, vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, - attrname, NULL); + error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace, + attrname); if (error) goto done; #endif @@ -4418,8 +4418,7 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data, sizep = &size; #ifdef MAC - error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace, - "", &auio); + error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace); if (error) goto done; #endif diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 2412f8bf8da..046c2fc099c 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -279,6 +279,8 @@ int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, acl_type_t type); +int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name); int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp); int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, @@ -287,6 +289,8 @@ int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, int attrnamespace, const char *name, struct uio *uio); int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace); int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp); int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index b1f7a4329f1..d38efe423dd 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -359,6 +359,9 @@ struct mac_policy_ops { struct componentname *cnp); int (*mpo_check_vnode_deleteacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_deleteextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name); int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, struct label *label, struct image_params *imgp, struct label *execlabel); @@ -370,6 +373,8 @@ struct mac_policy_ops { int (*mpo_check_vnode_link)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_listextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace); int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index f3cc2f8bd7e..dcd88315155 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -1613,6 +1613,22 @@ mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (error); } +int +mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_deleteextattr, cred, vp, &vp->v_label, + attrnamespace, name); + return (error); +} + int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp) @@ -1677,6 +1693,22 @@ mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (error); } +int +mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace) +{ + int error; + + ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr"); + + if (!mac_enforce_fs) + return (0); + + MAC_CHECK(check_vnode_listextattr, cred, vp, &vp->v_label, + attrnamespace); + return (error); +} + int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) diff --git a/sys/sys/mac.h b/sys/sys/mac.h index 2412f8bf8da..046c2fc099c 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -279,6 +279,8 @@ int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, acl_type_t type); +int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name); int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp); int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, @@ -287,6 +289,8 @@ int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, int attrnamespace, const char *name, struct uio *uio); int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace); int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp); int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index b1f7a4329f1..d38efe423dd 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -359,6 +359,9 @@ struct mac_policy_ops { struct componentname *cnp); int (*mpo_check_vnode_deleteacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_deleteextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name); int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, struct label *label, struct image_params *imgp, struct label *execlabel); @@ -370,6 +373,8 @@ struct mac_policy_ops { int (*mpo_check_vnode_link)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_listextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace); int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp);