D35372.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D35372.diff
View Options

	diff --git a/sys/security/mac_ddb/mac_ddb.c b/sys/security/mac_ddb/mac_ddb.c
	--- a/sys/security/mac_ddb/mac_ddb.c
	+++ b/sys/security/mac_ddb/mac_ddb.c
	@@ -29,11 +29,17 @@
	*/

	#include <sys/param.h>
	+#include <sys/jail.h>
	#include <sys/kdb.h>
	#include <sys/module.h>
	+#include <sys/mount.h>
	#include <sys/proc.h>
	+#include <sys/queue.h>
	+#include <sys/rman.h>
	#include <sys/sysctl.h>

	+#include <net/vnet.h>
	+
	#include <ddb/ddb.h>
	#include <ddb/db_command.h>

	@@ -67,6 +73,11 @@
	char *modif);

	static db_validation_fn_t db_thread_valid;
	+static db_validation_fn_t db_show_ffs_valid;
	+static db_validation_fn_t db_show_prison_valid;
	+static db_validation_fn_t db_show_proc_valid;
	+static db_validation_fn_t db_show_rman_valid;
	+static db_validation_fn_t db_show_vnet_valid;

	struct cmd_list_item {
	const char *name;
	@@ -80,7 +91,12 @@

	/* List of ddb(4) 'show' commands which are allowed by this policy. */
	static const struct cmd_list_item show_command_list[] = {
	+ { "ffs", db_show_ffs_valid },
	+ { "prison", db_show_prison_valid },
	+ { "proc", db_show_proc_valid },
	+ { "rman", db_show_rman_valid },
	{ "thread", db_thread_valid },
	+ { "vnet", db_show_vnet_valid },
	};

	static int
	@@ -103,6 +119,91 @@
	return (EACCES);
	}

	+static int
	+db_show_ffs_valid(db_expr_t addr, bool have_addr, db_expr_t count, char *modif)
	+{
	+ struct mount *mp;
	+
	+ /* No addr will show all mounts. */
	+ if (!have_addr)
	+ return (0);
	+
	+ TAILQ_FOREACH(mp, &mountlist, mnt_list)
	+ if ((void )mp == (void )addr)
	+ return (0);
	+
	+ return (EACCES);
	+}
	+
	+static int
	+db_show_prison_valid(db_expr_t addr, bool have_addr, db_expr_t count,
	+ char *modif)
	+{
	+ struct prison *pr;
	+ int pr_id;
	+
	+ if (!have_addr \|\| addr == 0)
	+ return (0);
	+
	+ /* prison can match by pointer address or ID. */
	+ pr_id = (int)addr;
	+ TAILQ_FOREACH(pr, &allprison, pr_list)
	+ if (pr->pr_id == pr_id \|\| (void )pr == (void )addr)
	+ return (0);
	+
	+ return (EACCES);
	+}
	+
	+static int
	+db_show_proc_valid(db_expr_t addr, bool have_addr, db_expr_t count,
	+ char *modif)
	+{
	+ struct proc *p;
	+ int i;
	+
	+ /* Default will show the current proc. */
	+ if (!have_addr)
	+ return (0);
	+
	+ for (i = 0; i <= pidhash; i++) {
	+ LIST_FOREACH(p, &pidhashtbl[i], p_hash) {
	+ if ((void )p == (void )addr)
	+ return (0);
	+ }
	+ }
	+
	+ return (EACCES);
	+}
	+
	+static int
	+db_show_rman_valid(db_expr_t addr, bool have_addr, db_expr_t count, char *modif)
	+{
	+ struct rman *rm;
	+
	+ TAILQ_FOREACH(rm, &rman_head, rm_link) {
	+ if ((void )rm == (void )rm)
	+ return (0);
	+ }
	+
	+ return (EACCES);
	+}
	+
	+static int
	+db_show_vnet_valid(db_expr_t addr, bool have_addr, db_expr_t count, char *modif)
	+{
	+ VNET_ITERATOR_DECL(vnet);
	+
	+ if (!have_addr)
	+ return (0);
	+
	+ VNET_FOREACH(vnet) {
	+ if ((void )vnet == (void )addr)
	+ return (0);
	+ }
	+
	+ return (EACCES);
	+}
	+
	static int
	command_match(struct db_command *cmd, struct cmd_list_item item)
	{

File Metadata

Mime Type: text/plain
Expires: Sun, Dec 21, 7:37 AM (5 h, 42 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27109581
Default Alt Text: D35372.diff (2 KB)

D35372.diffNo OneTemporaryActions

D35372.diffView Options

File Metadata

Event Timeline

D35372.diff
No OneTemporary
Actions

D35372.diff
View Options