New setcred() system call and associated MAC hooks - src

diff options


context:
space:
mode:

author	Olivier Certner <olce@FreeBSD.org>	2024-07-18 20:47:43 +0000
committer	Olivier Certner <olce@FreeBSD.org>	2024-12-16 14:42:39 +0000
commit	ddb3eb4efe55e57c206f3534263c77b837aff1dc (patch)
tree	99cea7aeb54327b1e809f3d0b0274d1e30e32c38 /sys/security/mac
parent	87c06b7d026f2beeb3c2f695567ef72aa3a427ea (diff)

Diffstat (limited to 'sys/security/mac')

-rw-r--r--

sys/security/mac/mac_cred.c

-rw-r--r--

sys/security/mac/mac_framework.h

-rw-r--r--

sys/security/mac/mac_policy.h

3 files changed, 61 insertions, 2 deletions

diff --git a/sys/security/mac/mac_cred.c b/sys/security/mac/mac_cred.c
index 304265b783f1..5066de277176 100644
--- a/sys/security/mac/mac_cred.c
+++ b/sys/security/mac/mac_cred.c

@@ -209,6 +209,53 @@ mac_cred_check_relabel(struct ucred *cred, struct label *newlabel)

return (error);

}

+/*

+ * Entry hook for setcred().

+ *

+ * Called with no lock held by setcred() so that MAC modules may allocate memory

+ * in preparation for checking privileges. A call to this hook is always

+ * followed by a matching call to mac_cred_setcred_exit(). Between these two,

+ * setcred() may or may not call mac_cred_check_setcred().

+ */

+void

+mac_cred_setcred_enter(void)

+ MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_enter);

+MAC_CHECK_PROBE_DEFINE3(cred_check_setcred, "unsigned int", "struct ucred *",

+ "struct ucred *");

+/*

+ * Check hook for setcred().

+ *

+ * When called, the current process' lock is held. It thus cannot perform

+ * memory allocations, which must be done in advance in

+ * mac_cred_setcred_enter(). It *MUST NOT* tamper with the process' lock.

+ */

+int

+mac_cred_check_setcred(u_int flags, const struct ucred *old_cred,

+ struct ucred *new_cred)

+ int error;

+ MAC_POLICY_CHECK_NOSLEEP(cred_check_setcred, flags, old_cred, new_cred);

+ MAC_CHECK_PROBE3(cred_check_setcred, error, flags, old_cred, new_cred);

+ return (error);

+/*

+ * Exit hook for setcred().

+ *

+ * Called with no lock held, exactly once per call to mac_cred_setcred_enter().

+ */

+void

+mac_cred_setcred_exit(void)

+ MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_exit);

MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t");

int

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index c69b9cd64454..8e43f267f368 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h

@@ -72,6 +72,7 @@ struct mbuf;

struct mount;

struct msg;

struct msqid_kernel;

+struct pipepair;

struct proc;

struct semid_kernel;

struct shmfd;

@@ -80,7 +81,6 @@ struct sockaddr;

struct socket;

struct sysctl_oid;

struct sysctl_req;

-struct pipepair;

struct thread;

struct timespec;

struct ucred;

@@ -115,6 +115,10 @@ int mac_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai);

int mac_cred_check_setaudit_addr(struct ucred *cred,

struct auditinfo_addr *aia);

int mac_cred_check_setauid(struct ucred *cred, uid_t auid);

+void mac_cred_setcred_enter(void);

+int mac_cred_check_setcred(u_int flags, const struct ucred *old_cred,

+ struct ucred *new_cred);

+void mac_cred_setcred_exit(void);

int mac_cred_check_setegid(struct ucred *cred, gid_t egid);

int mac_cred_check_seteuid(struct ucred *cred, uid_t euid);

int mac_cred_check_setgid(struct ucred *cred, gid_t gid);

diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 084684e57497..66e489060804 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h

@@ -144,6 +144,10 @@ typedef int (*mpo_cred_check_setaudit_t)(struct ucred *cred,

typedef int (*mpo_cred_check_setaudit_addr_t)(struct ucred *cred,

struct auditinfo_addr *aia);

typedef int (*mpo_cred_check_setauid_t)(struct ucred *cred, uid_t auid);

+typedef void (*mpo_cred_setcred_enter_t)(void);

+typedef int (*mpo_cred_check_setcred_t)(u_int flags,

+ const struct ucred *old_cred, struct ucred *new_cred);

+typedef void (*mpo_cred_setcred_exit_t)(void);

typedef int (*mpo_cred_check_setegid_t)(struct ucred *cred, gid_t egid);

typedef int (*mpo_cred_check_seteuid_t)(struct ucred *cred, uid_t euid);

typedef int (*mpo_cred_check_setgid_t)(struct ucred *cred, gid_t gid);

@@ -720,6 +724,9 @@ struct mac_policy_ops {

mpo_cred_check_setaudit_t mpo_cred_check_setaudit;

mpo_cred_check_setaudit_addr_t mpo_cred_check_setaudit_addr;

mpo_cred_check_setauid_t mpo_cred_check_setauid;

+ mpo_cred_setcred_enter_t mpo_cred_setcred_enter;

+ mpo_cred_check_setcred_t mpo_cred_check_setcred;

+ mpo_cred_setcred_exit_t mpo_cred_setcred_exit;

mpo_cred_check_setuid_t mpo_cred_check_setuid;

mpo_cred_check_seteuid_t mpo_cred_check_seteuid;

mpo_cred_check_setgid_t mpo_cred_check_setgid;

@@ -1033,8 +1040,9 @@ struct mac_policy_conf {

* 3 7.x

* 4 8.x

* 5 14.x

+ * 6 15.x

-#define MAC_VERSION 5

+#define MAC_VERSION 6

#define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \

static struct mac_policy_conf mpname##_mac_policy_conf = { \