From 74e62b1b75c300ed90ee10ab6496973d575400c1 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Sat, 5 Oct 2002 18:40:10 +0000 Subject: [PATCH] Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during devfs VOP symlink creation by introducing a new entry point to determine the label of the devfs_dirent prior to allocation of a vnode for the symlink. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/fs/devfs/devfs_vnops.c | 7 +++---- sys/kern/kern_mac.c | 13 +++++++++++++ sys/security/mac/mac_framework.c | 13 +++++++++++++ sys/security/mac/mac_framework.h | 2 ++ sys/security/mac/mac_internal.h | 13 +++++++++++++ sys/security/mac/mac_net.c | 13 +++++++++++++ sys/security/mac/mac_pipe.c | 13 +++++++++++++ sys/security/mac/mac_policy.h | 4 ++++ sys/security/mac/mac_process.c | 13 +++++++++++++ sys/security/mac/mac_syscalls.c | 13 +++++++++++++ sys/security/mac/mac_system.c | 13 +++++++++++++ sys/security/mac/mac_vfs.c | 13 +++++++++++++ sys/sys/mac.h | 2 ++ sys/sys/mac_policy.h | 4 ++++ 14 files changed, 132 insertions(+), 4 deletions(-) diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index da09f0d48c8..5f7775c4c5e 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -868,12 +868,11 @@ devfs_symlink(ap) MALLOC(de->de_symlink, char *, i, M_DEVFS, M_WAITOK); bcopy(ap->a_target, de->de_symlink, i); lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread); +#ifdef MAC + mac_create_devfs_symlink(ap->a_cnp->cn_cred, dd, de); +#endif TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0); -#ifdef MAC - mac_create_vnode(ap->a_cnp->cn_cred, ap->a_dvp, *ap->a_vpp); - mac_update_devfsdirent(de, *ap->a_vpp); -#endif /* MAC */ lockmgr(&dmp->dm_lock, LK_RELEASE, 0, curthread); return (0); } diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index a646ad328f9..b0d04681e20 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -244,6 +244,8 @@ void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); void mac_create_devfs_directory(char *dirname, int dirnamelen, struct devfs_dirent *de); void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp); +void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de); void mac_create_vnode(struct ucred *cred, struct vnode *parent, struct vnode *child); void mac_create_mount(struct ucred *cred, struct mount *mp); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index d9f1a8ed72c..d455d3c065b 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -110,6 +110,9 @@ struct mac_policy_ops { struct label *label); void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_symlink)(struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, + struct devfs_dirent *de, struct label *delabel); void (*mpo_create_devfs_vnode)(struct devfs_dirent *de, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); @@ -387,6 +390,7 @@ enum mac_op_constant { MAC_INTERNALIZE, MAC_CREATE_DEVFS_DEVICE, MAC_CREATE_DEVFS_DIRECTORY, + MAC_CREATE_DEVFS_SYMLINK, MAC_CREATE_DEVFS_VNODE, MAC_CREATE_VNODE, MAC_CREATE_MOUNT, diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 5719b01f51e..8a9de011ba0 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -519,6 +519,10 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; + case MAC_CREATE_DEVFS_SYMLINK: + mpc->mpc_ops->mpo_create_devfs_symlink = + mpe->mpe_function; + break; case MAC_CREATE_DEVFS_VNODE: mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; @@ -2946,6 +2950,15 @@ mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); } +void +mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de) +{ + + MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + &de->de_label); +} + static int mac_stdcreatevnode_ea(struct vnode *vp) { diff --git a/sys/sys/mac.h b/sys/sys/mac.h index a646ad328f9..b0d04681e20 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -244,6 +244,8 @@ void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); void mac_create_devfs_directory(char *dirname, int dirnamelen, struct devfs_dirent *de); void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp); +void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, + struct devfs_dirent *de); void mac_create_vnode(struct ucred *cred, struct vnode *parent, struct vnode *child); void mac_create_mount(struct ucred *cred, struct mount *mp); diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index d9f1a8ed72c..d455d3c065b 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -110,6 +110,9 @@ struct mac_policy_ops { struct label *label); void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_symlink)(struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, + struct devfs_dirent *de, struct label *delabel); void (*mpo_create_devfs_vnode)(struct devfs_dirent *de, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); @@ -387,6 +390,7 @@ enum mac_op_constant { MAC_INTERNALIZE, MAC_CREATE_DEVFS_DEVICE, MAC_CREATE_DEVFS_DIRECTORY, + MAC_CREATE_DEVFS_SYMLINK, MAC_CREATE_DEVFS_VNODE, MAC_CREATE_VNODE, MAC_CREATE_MOUNT, -- 2.45.2