FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F8.1 2009-06-03T18:46:28Z 2009-06-03T18:46:28Z Robert Watson rwatson@FreeBSD.org 2009-06-03T18:46:28Z urn:sha1:3de4046939a04576ede9d97f48f6a02d1a2ccc8c modules are loaded by avoiding mbuf label lookups when policies aren't loaded, pushing further socket locking into MAC policy modules, and avoiding locking MAC ifnet locks when no policies are loaded: - Check mac_policies_count before looking for mbuf MAC label m_tags in MAC Framework entry points. We will still pay label lookup costs if MAC policies are present but don't require labels (typically a single mbuf header field read, but perhaps further indirection if IPSEC or other m_tag consumers are in use). - Further push socket locking for socket-related access control checks and events into MAC policies from the MAC Framework, so that sockets are only locked if a policy specifically requires a lock to protect a label. This resolves lock order issues during sonewconn() and also in local domain socket cross-connect where multiple socket locks could not be held at once for the purposes of propagatig MAC labels across multiple sockets. Eliminate mac_policy_count check in some entry points where it no longer avoids locking. - Add mac_policy_count checking in some entry points relating to network interfaces that otherwise lock a global MAC ifnet lock used to protect ifnet labels. Obtained from: TrustedBSD Project 2009-03-08T12:32:06Z Robert Watson rwatson@FreeBSD.org 2009-03-08T12:32:06Z urn:sha1:fefd0ac8a911c1b3b63da1602bb13cee5ffe4311 extended attribute get/set; in the case of get an uninitialized user buffer was passed before the EA was retrieved, making it of relatively little use; the latter was simply unused by any policies. Obtained from: TrustedBSD Project Sponsored by: Google, Inc. 2009-03-08T10:58:37Z Robert Watson rwatson@FreeBSD.org 2009-03-08T10:58:37Z urn:sha1:6f6174a7621e3a97032b067d72d873d1cda60b64 naming by renaming certain "proc" entry points to "cred" entry points, reflecting their manipulation of credentials. For some entry points, the process was passed into the framework but not into policies; in these cases, stop passing in the process since we don't need it. mac_proc_check_setaudit -> mac_cred_check_setaudit mac_proc_check_setaudit_addr -> mac_cred_check_setaudit_addr mac_proc_check_setauid -> mac_cred_check_setauid mac_proc_check_setegid -> mac_cred_check_setegid mac_proc_check_seteuid -> mac_cred_check_seteuid mac_proc_check_setgid -> mac_cred_check_setgid mac_proc_check_setgroups -> mac_cred_ceck_setgroups mac_proc_check_setregid -> mac_cred_check_setregid mac_proc_check_setresgid -> mac_cred_check_setresgid mac_proc_check_setresuid -> mac_cred_check_setresuid mac_proc_check_setreuid -> mac_cred_check_setreuid mac_proc_check_setuid -> mac_cred_check_setuid Obtained from: TrustedBSD Project Sponsored by: Google, Inc. 2009-01-10T10:58:41Z Robert Watson rwatson@FreeBSD.org 2009-01-10T10:58:41Z urn:sha1:9162f64b58d01ec01481d60b6cdc06ffd8e8c7fc they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine <nectar at apple.com> Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. 2009-01-10T09:17:16Z Robert Watson rwatson@FreeBSD.org 2009-01-10T09:17:16Z urn:sha1:dbdcb99498a0007fafce9b8f1b85de424b5d70d7 MPC_OBJECT_IPQ; it was already defined, just not used. Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. 2008-10-28T13:44:11Z Edward Tomasz Napierala trasz@FreeBSD.org 2008-10-28T13:44:11Z urn:sha1:15bc6b2bd8d8c56ad74e57675dde8501bc7f53e1 to add more V* constants, and the variables changed by this patch were often being assigned to mode_t variables, which is 16 bit. Approved by: rwatson (mentor) 2008-10-28T11:33:06Z Robert Watson rwatson@FreeBSD.org 2008-10-28T11:33:06Z urn:sha1:212ab0cfb38a01878cc1bd44eeb4e6fcab384d5d that they operate directly on credentials: mac_proc_create_swapper(), mac_proc_create_init(), and mac_proc_associate_nfsd(). Update policies. Obtained from: TrustedBSD Project 2008-10-26T22:46:37Z Robert Watson rwatson@FreeBSD.org 2008-10-26T22:46:37Z urn:sha1:048e1287faad7d3a34f1557edc996e19d8745310 modeled on IPv4 fragment reassembly queue support. Obtained from: TrustedBSD Project 2008-10-17T15:11:12Z Bjoern A. Zeeb bz@FreeBSD.org 2008-10-17T15:11:12Z urn:sha1:7fb179ba7e6d3d82bddcd292bad1e1b7b4aef95e that handle mac_socket_check_visible. Reviewed by: rwatson MFC after: 3 months (set timer; decide then) 2008-08-23T15:26:36Z Robert Watson rwatson@FreeBSD.org 2008-08-23T15:26:36Z urn:sha1:6356dba0b403daa023dec24559ab1f8e602e4f14 (1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd. (2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required. MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.