PERFORCE change 15425 for review

Fri Aug 2 01:05:04 GMT 2002

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15425

Change 15425 by cvance at cvance_laptop on 2002/08/01 18:04:47

	Add support for a basic mac_policy syscall handler.
	Things to think about: 
	    - who guarantees MPSAFE, trustedbsd harness or the modules?  
	    - the module must perform the copyin on the arg parameter.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 edit
.. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 (text+ko) ====

@@ -363,6 +363,9 @@
 			 * that all enumerated values are handled.
 			 */
 			break;
+		case MAC_SYSCALL:
+			mpc->mpc_ops->mpo_mac_policy =
+			    mpe->mpe_function;
 		case MAC_DESTROY:
 			mpc->mpc_ops->mpo_destroy =
 			    mpe->mpe_function;
@@ -3060,6 +3063,40 @@
 	return (error);
 }
 
+/*
+ * MPSAFE
+ */
+int
+mac_policy(struct thread *td, struct mac_policy_args *uap)
+{
+	int error;
+	char target[128]; /* TBD: should be MAX_MAXNAME or some such */
+	struct mac_policy_conf *mpc;
+
+	error = copyinstr(uap->policy, target, sizeof(target), NULL);
+	if (error == ENAMETOOLONG) {
+		return (EINVAL);
+	}
+	if (error) {
+		return (error);
+	}
+
+	error = ENOSYS;
+	MAC_POLICY_LIST_BUSY();
+	LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+		if (strcmp(mpc->mpc_name, target) == 0 &&
+			mpc->mpc_ops->mpo_mac_policy) {
+			error = mpc->mpc_ops->mpo_mac_policy(SCARG(uap, call),
+							     SCARG(uap, arg));
+			goto out;
+		}
+	}
+
+ out:
+	MAC_POLICY_LIST_UNBUSY();
+	return (error);
+}
+
 SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
 SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
 
@@ -3107,4 +3144,11 @@
 	return (ENOSYS);
 }
 
+int
+mac_policy(struct thread *td, struct mac_policy *uap)
+{
+
+	return (ENOSYS);
+}
+
 #endif /* !MAC */

==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 (text+ko) ====

@@ -567,5 +567,5 @@
 392	STD	BSD	{ int uuidgen(struct uuid *store, int count); }
 393	MSTD	BSD	{ int sendfile(int fd, int s, off_t offset, size_t nbytes, \
 				struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
-394	MNOIMPL	BSD	{ int mac_policy(const char *policy, int call, \
+394	MSTD	BSD	{ int mac_policy(const char *policy, int call, \
 				void *arg); }

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 (text+ko) ====


==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 (text+ko) ====

@@ -63,6 +63,11 @@
 	void	(*mpo_init)(struct mac_policy_conf *mpc);
 
 	/*
+	 * Generic policy-directed security syscall
+	 */
+	int	(*mpo_mac_policy)(int call, void *arg);
+
+	/*
 	 * Label operations.
 	 */
 	void	(*mpo_init_bpfdesc)(struct bpf_d *, struct label *label);
@@ -330,6 +335,7 @@
 
 enum mac_op_constant {
 	MAC_OP_LAST,
+	MAC_SYSCALL,
 	MAC_DESTROY,
 	MAC_INIT,
 	MAC_INIT_BPFDESC,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

