Merge from TrustedBSD MAC branch:

Move the network code from using cr_cansee() to check whether a socket is visible to a requesting credential to using a new function, cr_canseesocket(), which accepts a subject credential and object socket. Implement cr_canseesocket() so that it does a prison check, a uid check, and add a comment where shortly a MAC hook will go. This will allow MAC policies to seperately instrument the visibility of sockets from the visibility of processes. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=92976
2024-12-17 10:26:15 +00:00 · 2002-03-22 19:57:41 +00:00 · 2002-03-22 19:57:41 +00:00 · 29dc1288b0 · 2020-12-20 02:59:44 +00:00
commit 29dc1288b0
parent 0d28a40a57
6 changed files with 38 additions and 13 deletions
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -59,6 +59,8 @@
 #include <sys/jail.h>
 #include <sys/pioctl.h>
 #include <sys/resourcevar.h>
+#include <sys/socket.h>
+#include <sys/socketvar.h>
 #include <sys/sysctl.h>

 static MALLOC_DEFINE(M_CRED, "cred", "credentials");
@ -1676,6 +1678,27 @@ p_candebug(struct proc *p1, struct proc *p2)
 	return (0);
 }

+/*-
+ * Determine whether the subject represented by cred can "see" a socket.
+ * Returns: 0 for permitted, ENOENT otherwise.
+ */
+int
+cr_canseesocket(struct ucred *cred, struct socket *so)
+{
+	int error;
+
+	error = prison_check(cred, so->so_cred);
+	if (error)
+		return (ENOENT);
+	if (cr_seeotheruids(cred, so->so_cred))
+		return (ENOENT);
+#ifdef MAC
+	/* XXX: error = mac_cred_check_seesocket() here. */
+#endif
+
+	return (0);
+}
+
 /*
 * Allocate a zeroed cred structure.
 */
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@ -629,8 +629,8 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
 	for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n;
 	     inp = LIST_NEXT(inp, inp_list)) {
 		if (inp->inp_gencnt <= gencnt) {
-			if (cr_cansee(req->td->td_ucred, 
-			    inp->inp_socket->so_cred))
+			if (cr_canseesocket(req->td->td_ucred,
+			    inp->inp_socket))
 				continue;
 			inp_list[i++] = inp;
 		}
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@ -849,8 +849,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS)
 	for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n;
 	     inp = LIST_NEXT(inp, inp_list)) {
 		if (inp->inp_gencnt <= gencnt) {
-			if (cr_cansee(req->td->td_ucred,
-			    inp->inp_socket->so_cred))
+			if (cr_canseesocket(req->td->td_ucred,
+			    inp->inp_socket))
 				continue;
 			inp_list[i++] = inp;
 		}
@ -920,7 +920,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto out;
 	}
-	error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred);
+	error = cr_canseesocket(req->td->td_ucred, inp->inp_socket);
 	if (error)
 		goto out;
 	cru2x(inp->inp_socket->so_cred, &xuc);
@ -972,7 +972,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto out;
 	}
-	error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred);
+	error = cr_canseesocket(req->td->td_ucred, inp->inp_socket);
 	if (error)
 		goto out;
 	cru2x(inp->inp_socket->so_cred, &xuc);
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@ -849,8 +849,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS)
 	for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n;
 	     inp = LIST_NEXT(inp, inp_list)) {
 		if (inp->inp_gencnt <= gencnt) {
-			if (cr_cansee(req->td->td_ucred,
-			    inp->inp_socket->so_cred))
+			if (cr_canseesocket(req->td->td_ucred,
+			    inp->inp_socket))
 				continue;
 			inp_list[i++] = inp;
 		}
@ -920,7 +920,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto out;
 	}
-	error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred);
+	error = cr_canseesocket(req->td->td_ucred, inp->inp_socket);
 	if (error)
 		goto out;
 	cru2x(inp->inp_socket->so_cred, &xuc);
@ -972,7 +972,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto out;
 	}
-	error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred);
+	error = cr_canseesocket(req->td->td_ucred, inp->inp_socket);
 	if (error)
 		goto out;
 	cru2x(inp->inp_socket->so_cred, &xuc);
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@ -584,8 +584,8 @@ udp_pcblist(SYSCTL_HANDLER_ARGS)
 	for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n;
 	     inp = LIST_NEXT(inp, inp_list)) {
 		if (inp->inp_gencnt <= gencnt) {
-			if (cr_cansee(req->td->td_ucred,
-			    inp->inp_socket->so_cred))
+			if (cr_canseesocket(req->td->td_ucred,
+			    inp->inp_socket))
 				continue;
 			inp_list[i++] = inp;
 		}
@ -649,7 +649,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
 		error = ENOENT;
 		goto out;
 	}
-	error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred);
+	error = cr_canseesocket(req->td->td_ucred, inp->inp_socket);
 	if (error)
 		goto out;
 	cru2x(inp->inp_socket->so_cred, &xuc);
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@ -103,6 +103,7 @@ struct malloc_type;
 struct mtx;
 struct proc;
 struct kse;
+struct socket;
 struct thread;
 struct tty;
 struct ucred;
@ -199,6 +200,7 @@ int	suser_td(struct thread *);
 int	suser_xxx(struct ucred *cred, struct proc *proc, int flag);
 int	suser_xxx_td(struct ucred *cred, struct thread *thread, int flag);
 int	cr_cansee(struct ucred *u1, struct ucred *u2);
+int	cr_canseesocket(struct ucred *cred, struct socket *so);

 char	*getenv(const char *name);
 int	getenv_int(const char *name, int *data);