Mercurial > illumos > fmac
changeset 7885:76e5e2554169
Re: [fmac-discuss] [PATCH] Move link/setattr hooks into filesystem code
On Thu, 2008-10-16 at 23:18 -0700, John Weeks wrote:
> On 10/16/08 07:48, Stephen Smalley wrote:
> > Move the remaining FMAC permission checking hooks (link, setattr) from
> > the fop layer into the filesystem code for consistency with the other
> > permission checking hooks. This also allows fmac_vnode_link() to occur
> > after the VOP_REALVP call by the filesystem code and thus not need to
> > separately invoke it. The fmac_vnode_link() hook is required in order
> > to check link permission to the target file. The fmac_vnode_setattr()
> > hook is required in order to ensure that setattr permission to the
> > target file is always checked, as the existing zfs access checks can be
> > overridden by the various secpolicy hooks called by zfs_setattr(). This
> > might be later obsoleted by the integration of FMAC and privileges.
> >
> > Webrev at: http://cr.opensolaris.org/~sds/linksetattr/
>
> Acked-by: John Weeks <john.weeks@sun.com>
>
> Please resolve cstyle issue before pushing.
Revised patch to fix all cstyle issues reported by cstyle -cpP on all
files modified by this patch.
| author | Stephen Smalley <sds@tycho.nsa.gov> |
|---|---|
| date | Fri, 17 Oct 2008 13:28:26 -0400 |
| parents | 711c35fb7932 |
| children | 2b3705cc2d65 |
| files | usr/src/uts/common/fmac/fmac.c usr/src/uts/common/fs/tmpfs/tmp_vnops.c usr/src/uts/common/fs/vnode.c usr/src/uts/common/fs/zfs/zfs_vnops.c usr/src/uts/common/sys/fmac/fmac.h |
| diffstat | 5 files changed, 28 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/fmac/fmac.c Wed Oct 15 15:42:09 2008 -0400 +++ b/usr/src/uts/common/fmac/fmac.c Fri Oct 17 13:28:26 2008 -0400 @@ -189,7 +189,7 @@ if (XVA_ISSET_RTN(&xvattr, XAT_SECCTX)) { error = security_context_to_sid(xoap->xoa_secctx, - strlen(xoap->xoa_secctx), &secid); + strlen(xoap->xoa_secctx), &secid); if (error) return (error); } else { @@ -377,7 +377,7 @@ xva_from_va(xvap, vap); *vapp = &xvap->xva_vattr; } else { - xvap = (xvattr_t *) vap; + xvap = (xvattr_t *)vap; } error = security_sid_to_context(secid, &scontext, &scontext_len); @@ -409,13 +409,11 @@ } int -fmac_vnode_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr, - caller_context_t *ct) +fmac_vnode_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr) { security_id_t cr_secid; security_class_t sclass; int error; - vnode_t *realvp; avc_audit_data_t ad; if (!fmac_enabled) @@ -425,9 +423,6 @@ if (!sclass) return (0); - if (VOP_REALVP(svp, &realvp, ct) == 0) - svp = realvp; - cr_secid = crgetsecid(cr); AVC_AUDIT_DATA_INIT(&ad, FS); @@ -440,7 +435,7 @@ ad.u.fs.vp = svp; return (avc_has_perm(cr_secid, svp->v_secid, sclass, - FILE__LINK, &ad)); + FILE__LINK, &ad)); } int @@ -555,7 +550,7 @@ AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.vp = vp; return (avc_has_perm(cr_secid, vp->v_secid, sclass, - FILE__SETATTR, &ad)); + FILE__SETATTR, &ad)); } int @@ -702,7 +697,7 @@ if (!fmac_enabled) return (0); return (avc_has_perm(crgetsecid((cred_t *)scr), crgetsecid(tcr), - SECCLASS_PROCESS, PROCESS__PTRACE, NULL)); + SECCLASS_PROCESS, PROCESS__PTRACE, NULL)); } access_vector_t
--- a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c Wed Oct 15 15:42:09 2008 -0400 +++ b/usr/src/uts/common/fs/tmpfs/tmp_vnops.c Fri Oct 17 13:28:26 2008 -0400 @@ -748,6 +748,10 @@ return (EINVAL); } + error = fmac_vnode_setattr(vp, cred); + if (error) + return (error); + mutex_enter(&tp->tn_tlock); get = &tp->tn_attr; @@ -1151,6 +1155,10 @@ if (VOP_REALVP(srcvp, &realvp, ct) == 0) srcvp = realvp; + error = fmac_vnode_link(dvp, srcvp, tnm, cred); + if (error) + return (error); + parent = (struct tmpnode *)VTOTN(dvp); from = (struct tmpnode *)VTOTN(srcvp);
--- a/usr/src/uts/common/fs/vnode.c Wed Oct 15 15:42:09 2008 -0400 +++ b/usr/src/uts/common/fs/vnode.c Fri Oct 17 13:28:26 2008 -0400 @@ -3287,10 +3287,6 @@ return (EINVAL); } - err = fmac_vnode_setattr(vp, cr); - if (err) - return (err); - err = (*(vp)->v_op->vop_setattr)(vp, vap, flags, cr, ct); VOPSTATS_UPDATE(vp, setattr); return (err); @@ -3453,10 +3449,6 @@ VOPXID_MAP_CR(tdvp, cr); - err = fmac_vnode_link(tdvp, svp, tnm, cr, ct); - if (err) - return (err); - err = (*(tdvp)->v_op->vop_link)(tdvp, svp, tnm, cr, ct, flags); VOPSTATS_UPDATE(tdvp, link); return (err); @@ -4071,10 +4063,6 @@ return (EINVAL); } - err = fmac_vnode_setattr(vp, cr); - if (err) - return (err); - err = (*(vp)->v_op->vop_setsecattr) (vp, vsap, flag, cr, ct); VOPSTATS_UPDATE(vp, setsecattr); return (err);
--- a/usr/src/uts/common/fs/zfs/zfs_vnops.c Wed Oct 15 15:42:09 2008 -0400 +++ b/usr/src/uts/common/fs/zfs/zfs_vnops.c Fri Oct 17 13:28:26 2008 -0400 @@ -2518,6 +2518,13 @@ * First validate permissions */ + + err = fmac_vnode_setattr(vp, cr); + if (err) { + ZFS_EXIT(zfsvfs); + return (err); + } + if (mask & AT_SIZE) { err = zfs_zaccess(zp, ACE_WRITE_DATA, 0, skipaclchk, cr); if (err) { @@ -3474,6 +3481,12 @@ if (VOP_REALVP(svp, &realvp, ct) == 0) svp = realvp; + error = fmac_vnode_link(tdvp, svp, name, cr); + if (error) { + ZFS_EXIT(zfsvfs); + return (error); + } + if (svp->v_vfsp != tdvp->v_vfsp) { ZFS_EXIT(zfsvfs); return (EXDEV);
--- a/usr/src/uts/common/sys/fmac/fmac.h Wed Oct 15 15:42:09 2008 -0400 +++ b/usr/src/uts/common/sys/fmac/fmac.h Fri Oct 17 13:28:26 2008 -0400 @@ -93,8 +93,7 @@ int fmac_vnode_create(vnode_t *, char *, xvattr_t *, vattr_t **, cred_t *, security_id_t *); void fmac_vnode_post_create(vnode_t *, security_id_t); -int fmac_vnode_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr, - caller_context_t *ct); +int fmac_vnode_link(vnode_t *tdvp, vnode_t *svp, char *name, cred_t *cr); int fmac_vnode_remove(vnode_t *dvp, vnode_t *vp, char *name, cred_t *cr); int fmac_vnode_rename(vnode_t *sdvp, vnode_t *svp, vnode_t *tdvp, vnode_t *tvp, cred_t *cr);