| mac_cred.c (184407) | mac_cred.c (184412) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2008 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. --- 27 unchanged lines hidden (view full) --- 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002, 2008 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. --- 27 unchanged lines hidden (view full) --- 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43#include <sys/cdefs.h> |
| 44__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 184407 2008-10-28 11:33:06Z rwatson $"); | 44__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 184412 2008-10-28 12:49:07Z rwatson $"); |
| 45 46#include "opt_mac.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/imgact.h> 51#include <sys/kernel.h> 52#include <sys/lock.h> --- 23 unchanged lines hidden (view full) --- 76 &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " 77 "relabel"); 78 79static int mac_mmap_revocation_via_cow = 0; 80SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 81 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 82 "copy-on-write semantics, or by removing all write access"); 83 | 45 46#include "opt_mac.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/imgact.h> 51#include <sys/kernel.h> 52#include <sys/lock.h> --- 23 unchanged lines hidden (view full) --- 76 &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " 77 "relabel"); 78 79static int mac_mmap_revocation_via_cow = 0; 80SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 81 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 82 "copy-on-write semantics, or by removing all write access"); 83 |
| 84static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, | 84static void mac_proc_vm_revoke_recurse(struct thread *td, |
| 85 struct ucred *cred, struct vm_map *map); 86 87struct label * 88mac_cred_label_alloc(void) 89{ 90 struct label *label; 91 92 label = mac_labelzone_alloc(M_WAITOK); --- 216 unchanged lines hidden (view full) --- 309 310/* 311 * When relabeling a process, call out to the policies for the maximum 312 * permission allowed for each object type we know about in its memory space, 313 * and revoke access (in the least surprising ways we know) when necessary. 314 * The process lock is not held here. 315 */ 316void | 85 struct ucred *cred, struct vm_map *map); 86 87struct label * 88mac_cred_label_alloc(void) 89{ 90 struct label *label; 91 92 label = mac_labelzone_alloc(M_WAITOK); --- 216 unchanged lines hidden (view full) --- 309 310/* 311 * When relabeling a process, call out to the policies for the maximum 312 * permission allowed for each object type we know about in its memory space, 313 * and revoke access (in the least surprising ways we know) when necessary. 314 * The process lock is not held here. 315 */ 316void |
| 317mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) | 317mac_proc_vm_revoke(struct thread *td) |
| 318{ | 318{ |
| 319 struct ucred *cred; |
|
| 319 | 320 |
| 321 PROC_LOCK(td->td_proc); 322 cred = crhold(td->td_proc->p_ucred); 323 PROC_UNLOCK(td->td_proc); 324 |
|
| 320 /* XXX freeze all other threads */ | 325 /* XXX freeze all other threads */ |
| 321 mac_cred_mmapped_drop_perms_recurse(td, cred, | 326 mac_proc_vm_revoke_recurse(td, cred, |
| 322 &td->td_proc->p_vmspace->vm_map); 323 /* XXX allow other threads to continue */ | 327 &td->td_proc->p_vmspace->vm_map); 328 /* XXX allow other threads to continue */ |
| 329 330 crfree(cred); |
|
| 324} 325 326static __inline const char * 327prot2str(vm_prot_t prot) 328{ 329 330 switch (prot & VM_PROT_ALL) { 331 case VM_PROT_READ: --- 11 unchanged lines hidden (view full) --- 343 case VM_PROT_WRITE | VM_PROT_EXECUTE: 344 return ("-wx"); 345 default: 346 return ("---"); 347 } 348} 349 350static void | 331} 332 333static __inline const char * 334prot2str(vm_prot_t prot) 335{ 336 337 switch (prot & VM_PROT_ALL) { 338 case VM_PROT_READ: --- 11 unchanged lines hidden (view full) --- 350 case VM_PROT_WRITE | VM_PROT_EXECUTE: 351 return ("-wx"); 352 default: 353 return ("---"); 354 } 355} 356 357static void |
| 351mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, | 358mac_proc_vm_revoke_recurse(struct thread *td, struct ucred *cred, |
| 352 struct vm_map *map) 353{ 354 struct vm_map_entry *vme; 355 int vfslocked, result; 356 vm_prot_t revokeperms; 357 vm_object_t backing_object, object; 358 vm_ooffset_t offset; 359 struct vnode *vp; 360 struct mount *mp; 361 362 if (!mac_mmap_revocation) 363 return; 364 365 vm_map_lock_read(map); 366 for (vme = map->header.next; vme != &map->header; vme = vme->next) { 367 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { | 359 struct vm_map *map) 360{ 361 struct vm_map_entry *vme; 362 int vfslocked, result; 363 vm_prot_t revokeperms; 364 vm_object_t backing_object, object; 365 vm_ooffset_t offset; 366 struct vnode *vp; 367 struct mount *mp; 368 369 if (!mac_mmap_revocation) 370 return; 371 372 vm_map_lock_read(map); 373 for (vme = map->header.next; vme != &map->header; vme = vme->next) { 374 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { |
| 368 mac_cred_mmapped_drop_perms_recurse(td, cred, | 375 mac_proc_vm_revoke_recurse(td, cred, |
| 369 vme->object.sub_map); 370 continue; 371 } 372 /* 373 * Skip over entries that obviously are not shared. 374 */ 375 if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || 376 !vme->max_protection) --- 291 unchanged lines hidden --- | 376 vme->object.sub_map); 377 continue; 378 } 379 /* 380 * Skip over entries that obviously are not shared. 381 */ 382 if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || 383 !vme->max_protection) --- 291 unchanged lines hidden --- |