Mercurial > illumos > fmac

changeset 7857:a50b497f89fe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Basic process security context transition support Implement basic process security context transition support, leveraging the prior patch for file security contexts on executables. With this support and a suitable labeled filesystem and policy, processes will automatically transition into an appropriate security context when they execute a program based on the program file's security context, and a process may explicitly transition to a given security context if authorized via the already existing setexeccon() interface. This only implements the core logic for a transition; a number of other checks will be added later, such as a check to decide whether the linker security flag needs to be set on the transition, ptrace-related checking, checks on the inheritance of state such as open file descriptors, the normal file execute check applied via VOP_ACCESS, mmap/mprotect PROT_EXEC checks, etc. The checks applied here are: - If not transitioning, may the process execute the file without transitioning to a new security context (:file execute_no_trans)? - If transitioning, may the process transition to the new security context (:process transition) and may the new process security context be entered via a program with this file security context (:file entrypoint)? Changes since the prior version of this patch include: - setsecid changed from int to boolean_t, with B_TRUE and B_FALSE as values. Webrev available at: http://cr.opensolaris.org/~sds/exec/
author Stephen Smalley <sds@tycho.nsa.gov>
date Tue, 09 Sep 2008 16:09:39 -0400
parents d58705eb5b58
children 8367f05f6752
files usr/src/uts/common/fmac/fmac.c usr/src/uts/common/os/exec.c usr/src/uts/common/sys/fmac/fmac.h
diffstat 3 files changed, 65 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/fmac/fmac.c	Tue Sep 09 16:09:39 2008 -0400
+++ b/usr/src/uts/common/fmac/fmac.c	Tue Sep 09 16:09:39 2008 -0400
@@ -319,3 +319,46 @@
 	vp->v_secid = secid;
 	mutex_exit(&(vp->v_lock));
 }
+
+int
+fmac_exec(cred_t *cr, vnode_t *vp, boolean_t *setsecid,
+    security_id_t *prev_secidp, security_id_t *secidp)
+{
+	security_id_t prev_secid, secid;
+	int error;
+
+	if (!fmac_enabled)
+		return (0);
+
+	prev_secid = crgetsecid(cr);
+	secid = crgetexecsecid(cr);
+	if (!secid) {
+		error = security_transition_sid(prev_secid, vp->v_secid,
+		    SECCLASS_PROCESS, &secid);
+		if (error)
+			return (error);
+	}
+
+	if (prev_secid == secid) {
+		error = avc_has_perm(prev_secid, vp->v_secid, SECCLASS_FILE,
+		    FILE__EXECUTE_NO_TRANS);
+		if (error)
+			return (error);
+		*setsecid = B_FALSE;
+		return (0);
+	}
+
+	error = avc_has_perm(prev_secid, secid, SECCLASS_PROCESS,
+	    PROCESS__TRANSITION);
+	if (error)
+		return (error);
+
+	error = avc_has_perm(secid, vp->v_secid, SECCLASS_FILE,
+	    FILE__ENTRYPOINT);
+	if (error)
+		return (error);
+	*setsecid = B_TRUE;
+	*prev_secidp = prev_secid;
+	*secidp = secid;
+	return (0);
+}
--- a/usr/src/uts/common/os/exec.c	Tue Sep 09 16:09:39 2008 -0400
+++ b/usr/src/uts/common/os/exec.c	Tue Sep 09 16:09:39 2008 -0400
@@ -68,6 +68,7 @@
 #include <sys/pool.h>
 #include <sys/sdt.h>
 #include <sys/brand.h>
+#include <sys/fmac/fmac.h>
 
 #include <c2/audit.h>
 
@@ -522,6 +523,8 @@
 	int suidflags = 0;
 	ssize_t resid;
 	uid_t uid, gid;
+	security_id_t prev_secid, secid;
+	boolean_t setsecid = B_FALSE;
 	struct vattr vattr;
 	char magbuf[MAGIC_BYTES];
 	int setid;
@@ -562,11 +565,26 @@
 	if ((eswp = findexec_by_hdr(magbuf)) == NULL)
 		goto bad;
 
-	if (level == 0 &&
-	    (privflags = execsetid(vp, &vattr, &uid, &gid)) != 0) {
+	if (level == 0) {
+		privflags = execsetid(vp, &vattr, &uid, &gid);
+
+		error = fmac_exec(CRED(), vp, &setsecid, &prev_secid, &secid);
+		if (error)
+			goto bad;
 
+		if (setsecid)
+			privflags |= PRIV_SETUGID;
+	}
+
+	if (level == 0 && privflags != 0) {
 		newcred = cred = crdup(cred);
 
+		if (setsecid) {
+			cred->cr_prev_secid = prev_secid;
+			cred->cr_secid = secid;
+			cred->cr_exec_secid = SECSID_NULL;
+		}
+
 		/* If we can, drop the PA bit */
 		if ((privflags & PRIV_RESET) != 0)
 			priv_adjust_PA(cred);
--- a/usr/src/uts/common/sys/fmac/fmac.h	Tue Sep 09 16:09:39 2008 -0400
+++ b/usr/src/uts/common/sys/fmac/fmac.h	Tue Sep 09 16:09:39 2008 -0400
@@ -89,6 +89,8 @@
 int fmac_vnode_create(vnode_t *, char *, xvattr_t *, vattr_t **, cred_t *,
     security_id_t *);
 void fmac_vnode_post_create(vnode_t *, security_id_t);
+int fmac_exec(cred_t *cr, vnode_t *vp, boolean_t *setsecid,
+    security_id_t *prev_secidp, security_id_t *secidp);
 #endif /* _KERNEL */
 
 #ifdef __cplusplus