PERFORCE change 16108 for review
Chris Vance
cvance at freebsd.org
Fri Aug 16 13:37:30 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16108
Change 16108 by cvance at cvance_laptop on 2002/08/16 06:36:36
Updates to SEBSD module:
* Add sebsd_syscall.c to Makefile
* Add sebsd_syscall MAC syscall handler
* Move flask.h up a level and fix references
* Implement avc_toggle() and avc_enforcing system calls
* Rework entire execute/transition code, now checks
creds at check_exec_vnode(), make correct decision
in will_transition(), and only perform the
transition in execve_transition(). Assumes entire
exec process is "atomic" so permission checks may be
performed first phase, and still remain valid when
the actual re-label is done.
* Add signal permission checks
* Cleanup dead code and unused debug statements
* Fix extended attribute handling (again) to do the
right thing when an attribute isn't located (now uses
SECINITSID_UNLABELED)
* Add stubs for vnode operations
(tagged "TBD: Not Implemented")
* Reoganized sysctl handlers and removed/converted to syscall
security.mac.sebsd.debug
* That's it (I think)
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/modules/sebsd/Makefile#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc_ss.h#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/flask.h#2 delete
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/flask.h#3 branch
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#22 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_syscall.c#1 add
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#3 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/global.h#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/security.h#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/symtab.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/modules/sebsd/Makefile#2 (text+ko) ====
@@ -6,6 +6,7 @@
SRCS= vnode_if.h \
opt_mac.h \
sebsd.c \
+ sebsd_syscall.c \
sebsd_sysctl.c \
avc.c \
avtab.c \
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#4 (text+ko) ====
@@ -807,3 +807,59 @@
return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
ssid, tsid, tclass, perms, seqno, 0);
}
+
+int
+sys_avc_toggle(struct thread *td)
+{
+ extern int ss_initialized;
+ int error;
+
+ /*
+ * TBD: enforce this:
+ */
+ error = thread_has_system(curthread, SYSTEM__AVC_TOGGLE);
+ if (error)
+ return error;
+
+ avc_debug_always_allow = !avc_debug_always_allow;
+ if (!avc_debug_always_allow) {
+ avc_ss_reset(avc_cache.latest_notif);
+ if (!ss_initialized) {
+ error = security_init();
+ if (error)
+ panic("SELinux: Could not initialize\n");
+ }
+ }
+ td->td_retval[0] = avc_debug_always_allow;
+
+ return (0);
+}
+
+int
+sys_avc_enforcing(struct thread *td)
+{
+ td->td_retval[0] = !avc_debug_always_allow;
+ return 0;
+}
+
+
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+/*
+ * TBD: should have build-time non development mode that does not permit
+ * toggling debug mode.
+ */
+int
+sys_avc_toggle(struct thread *td)
+{
+ td->td_retval[0] = 0;
+ return (0);
+}
+
+int
+sys_avc_enforcing(struct thread *td)
+{
+ td->td_retval[0] = 1;
+ return (0);
+}
+
+#endif /* CONFIG_SECURITY_SELINUX_DEVELOP */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.h#6 (text+ko) ====
@@ -15,7 +15,7 @@
#ifdef __FreeBSD__
-#include <security/sebsd/avc/flask.h>
+#include <security/sebsd/flask.h>
#include <security/sebsd/sebsd.h>
#include <security/sebsd/avc/av_permissions.h>
#include <security/sebsd/ss/security.h>
@@ -342,5 +342,8 @@
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+extern int sys_avc_toggle(struct thread *td);
+extern int sys_avc_enforcing(struct thread *td);
+
#endif /* _LINUX_AVC_H_ */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc_ss.h#3 (text+ko) ====
@@ -14,7 +14,7 @@
*/
#ifdef __FreeBSD__
-#include <security/sebsd/avc/flask.h>
+#include <security/sebsd/flask.h>
#else /* __FreeBSD__ */
#include <linux/flask/flask.h>
#endif /* __FreeBSD__ */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#22 (text+ko) ====
@@ -45,7 +45,6 @@
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
-#include <sys/sysent.h>
#include <sys/vnode.h>
#include <vm/vm.h>
@@ -80,6 +79,42 @@
printf("sebsd:: destroy\n");
}
+static int
+cred_has_perm(struct ucred *cred, struct proc *proc, access_vector_t perm)
+{
+ struct task_security_struct *task, *target;
+
+ task = SLOT(&cred->cr_label);
+ target = SLOT(&proc->p_ucred->cr_label);
+
+ return avc_has_perm_ref(task->sid, target->sid, SECCLASS_PROCESS,
+ perm, &target->avcr);
+}
+
+static int
+thread_has_perm(struct thread *td, struct proc *proc, access_vector_t perm)
+{
+ return (cred_has_perm(td->td_proc->p_ucred, proc, perm));
+}
+
+static int
+cred_has_system(struct ucred *cred, access_vector_t perm)
+{
+ struct task_security_struct *task;
+
+ task = SLOT(&cred->cr_label);
+
+ return avc_has_perm(task->sid, SECINITSID_KERNEL,
+ SECCLASS_SYSTEM, perm);
+}
+
+int
+thread_has_system(struct thread *td, access_vector_t perm)
+{
+ return (cred_has_system(td->td_proc->p_ucred, perm));
+}
+
+
static void
sebsd_init_cred(struct ucred *ucred, struct label *label)
{
@@ -154,70 +189,52 @@
}
static int
-sebsd_compute_transition(struct ucred *cred, struct vnode *vp,
- struct label *label, security_id_t *newsid)
+sebsd_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
{
- struct task_security_struct *task;
- struct vnode_security_struct *file;
- int rc;
+ access_vector_t perm;
- task = SLOT(&cred->cr_label);
- file = SLOT(label);
- rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS,
- newsid);
- if (rc)
- return EACCES;
-
- if (sebsd_verbose > 0) {
- u_int32_t scontext_len;
- security_context_t scontext;
- (void)security_sid_to_context(task->sid, &scontext, &scontext_len);
- printf("exec_vnode:: tsid (%d) = %s", task->sid, scontext);
- security_free_context(scontext);
- (void)security_sid_to_context(file->sid, &scontext, &scontext_len);
- printf(" fsid (%d) = %s", file->sid, scontext);
- security_free_context(scontext);
- (void)security_sid_to_context(*newsid, &scontext, &scontext_len);
- printf(" newsid (%d) = %s\n", *newsid, scontext);
- security_free_context(scontext);
+ switch (signum) {
+ case SIGCHLD:
+ perm = PROCESS__SIGCHLD;
+ break;
+ case SIGKILL:
+ perm = PROCESS__SIGKILL;
+ break;
+ case SIGSTOP:
+ perm = PROCESS__SIGSTOP;
+ break;
+ default:
+ perm = PROCESS__SIGNAL;
+ break;
}
- return (*newsid != task->sid);
-#ifdef notdef
- /* TBD, auditing not really working yet */
- if (newsid == task->sid) {
- rc = avc_has_perm(task->sid, file->sid,
- SECCLASS_FILE, FILE__EXECUTE_NO_TRANS);
- if (rc)
- return EACCES;
- } else {
- /* Check permissions for the transition. */
- rc = avc_has_perm(task->sid, newsid, SECCLASS_PROCESS,
- PROCESS__TRANSITION);
- if (rc)
- return EACCES;
+ return cred_has_perm(cred, proc, perm);
+}
- rc = avc_has_perm(newsid, file->sid,
- SECCLASS_FILE, FILE__ENTRYPOINT);
-/* &file->avcr, &ad); */
- if (rc)
- return EACCES;
+static void
+sebsd_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct mac *vnodelabel)
+{
+ struct task_security_struct *otask, *ntask;
+ struct vnode_security_struct *file;
+ int rc;
- /*
- * TBD: Check ptrace permission between the parent and
- * the new SID for this process if this process is
- * being traced.
- */
+ otask = SLOT(&old->cr_label);
+ ntask = SLOT(&new->cr_label);
+ file = SLOT(&vp->v_label);
- /*
- * TBD: Check share permission between the old and new
- * SIDs of the process if the process will share
- * state.
- */
- }
+ /*
+ * Should have already checked all the permissions
+ * Should have no races with file/process labels
+ * So just make the transition.
+ */
+ ntask->osid = otask->sid;
+ rc = security_transition_sid(otask->sid, file->sid, SECCLASS_PROCESS,
+ &ntask->sid);
+ if (rc)
+ return; /* TBD: what happens if the previous call failed? */
- task->osid = task->sid;
- if (task->sid != newsid) {
+ if (otask->sid != ntask->sid) {
/*
* TBD: Need to flush any open files that are now
* unauthorized. Likewise, SELinux forced a wait
@@ -225,37 +242,31 @@
*/
}
- task->sid = newsid;
-#endif /* notdef */
- return (0);
+ return;
}
-static void
-sebsd_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct mac *vnodelabel)
+static int
+sebsd_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct mac *vnodelabel)
{
struct task_security_struct *task;
+ struct vnode_security_struct *file;
security_id_t newsid;
+ int rc;
- sebsd_compute_transition(old, vp, &vp->v_label, &newsid);
- task = SLOT(&new->cr_label);
- task->osid = task->sid;
- task->sid = newsid;
-}
+ task = SLOT(&old->cr_label);
+ file = SLOT(&vp->v_label);
-static int
-sebsd_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct mac *vnodelabel)
-{
- security_id_t newsid;
- return sebsd_compute_transition(old, vp, &vp->v_label, &newsid);
-}
+ /*
+ * Should have already checked all the permissions, so just see if
+ * the SIDS are going to match.
+ */
+ rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS,
+ &newsid);
+ if (rc)
+ return EACCES;
-static int
-sebsd_check_exec_vnode(struct ucred *cred, struct vnode *vp,
- struct label *label)
-{
- return 0;
+ return (newsid != task->sid);
}
static void
@@ -283,8 +294,8 @@
static void
sebsd_create_vnode(struct ucred *cred, struct vnode *parent,
- struct label *parentlabel, struct vnode *child,
- struct label *childlabel)
+ struct label *parentlabel, struct vnode *child,
+ struct label *childlabel)
{
struct vnode_security_struct *dir, *vsec;
struct task_security_struct *task;
@@ -326,6 +337,32 @@
}
+static int
+sebsd_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+ struct label *dlabel, struct vnode *vp,
+ struct label *label)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+ struct label *dlabel, struct vnode *vp,
+ struct label *label, int samedir)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *oldlabel, struct label *newlabel)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
static void
sebsd_relabel_vnode(struct ucred *cred, struct vnode *vp,
struct label *vnodelabel, struct label *label)
@@ -339,7 +376,6 @@
dest = SLOT(vnodelabel);
if (!source) {
-/* Debugger("sebsd_relabel_vnode:: source is NULL!\n"); */
printf("sebsd_relabel_vnode:: source is NULL!\n");
return;
}
@@ -375,18 +411,15 @@
}
static int
-sebsd_check_create_vnode(struct ucred *cred, struct vnode *dvp,
+sebsd_check_vnode_create(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vattr *vap)
{
+ /* TBD: Not Implemented */
struct vnode_security_struct *file, *dir;
file = SLOT(&cred->cr_label);
dir = SLOT(dlabel);
-/*
- printf("check_create_vnode:: file=%d, dir=%d\n", file->sid,
- dir->sid);
-*/
return 0;
}
@@ -400,51 +433,208 @@
u_int32_t context_len;
int error;
- /*
- * XXX: this check is probably redundant, since we'll only get
- * called here for multilabel file systems.
- */
- if ((mp->mnt_flag & MNT_MULTILABEL) == 0) {
- return (EOPNOTSUPP);
- }
+ vsec = SLOT(vnodelabel);
context_len = 128; /* TBD: bad fixed length */
error = vn_extattr_get(vp, IO_NODELOCKED,
SEBSD_MAC_EXTATTR_NAMESPACE,
SEBSD_MAC_EXTATTR_NAME,
&context_len, context, curthread);
- if (error)
- return (error);
+ if (error == ENOATTR) {
+ vsec->sid = SECINITSID_UNLABELED; /* Use the default label */
+ struct vattr va;
+
+ VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
+ printf("sebsd_update_vnode_from_extattr: no label for inode=%d, fsid=%d\n", va.va_fileid, va.va_fsid);
+
+ return (0);
+ }
+ if (error) {
+ return (error); /* Fail closed */
+ }
if (sebsd_verbose > 1) {
- char *fullpath = "unknown";
- char *freepath = NULL;
struct vattr va;
- /*
- * XXX Releasing the vnode lock here is a very bad idea.
- */
VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
- VOP_UNLOCK(vp, 0, curthread);
- vn_fullpath(curthread, vp->v_dd, vp, &fullpath, &freepath);
- printf("sebsd_vnode_from_extattr: len=%d: context=%s file=%s inode=%d, fsid=%d\n", context_len, context, fullpath, va.va_fileid, va.va_fsid);
- if (freepath)
- free(freepath, M_TEMP);
- vn_lock(vp, LK_EXCLUSIVE, curthread);
+ printf("sebsd_vnode_from_extattr: len=%d: context=%s inode=%d, fsid=%d\n", context_len, context, va.va_fileid, va.va_fsid);
}
- vsec = SLOT(vnodelabel);
error = security_context_to_sid(context, context_len, &vsec->sid);
if (error) {
printf("sebsd_update_vnode_from_extattr: ERROR mapping context to sid: %s\n", context);
+ return (0); /* TBD bad, bad, bad */
}
-/* printf("sebsd_update_vnode_from_extattr got sid %d, label size=%d: %s\n", vsec->sid, context_len, context); */
+ return (0);
+}
+
+static int
+sebsd_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+ struct label *label)
+{
+ struct task_security_struct *task;
+ struct vnode_security_struct *file;
+ security_id_t newsid;
+ int rc;
+
+ task = SLOT(&cred->cr_label);
+ file = SLOT(label);
+ rc = security_transition_sid(task->sid, file->sid, SECCLASS_PROCESS,
+ &newsid);
+ if (rc)
+ return EACCES;
+
+ if (newsid == task->sid) {
+ rc = avc_has_perm(task->sid, file->sid,
+ SECCLASS_FILE, FILE__EXECUTE_NO_TRANS);
+ if (rc)
+ return EACCES;
+ } else {
+ /* Check permissions for the transition. */
+ rc = avc_has_perm(task->sid, newsid, SECCLASS_PROCESS,
+ PROCESS__TRANSITION);
+ if (rc)
+ return EACCES;
+
+ rc = avc_has_perm(newsid, file->sid,
+ SECCLASS_FILE, FILE__ENTRYPOINT);
+ if (rc)
+ return EACCES;
+
+ /*
+ * TBD: Check ptrace permission between the parent and
+ * the new SID for this process if this process is
+ * being traced.
+ */
+
+ /*
+ * TBD: Check share permission between the old and new
+ * SIDs of the process if the process will share
+ * state.
+ */
+ }
return (0);
}
static int
+sebsd_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+ struct label *label, acl_type_t type)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+ struct label *label, int attrnamespace,
+ const char *name, struct uio *uio)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
+ struct label *label)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
+ struct label *label, acl_type_t type, struct acl *acl)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+ struct label *label, int attrnamespace,
+ const char *name, struct uio *uio)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+ struct label *label, u_long flags)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+ struct label *label, mode_t mode)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+ struct label *label, uid_t uid, gid_t gid)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+ struct label *label, struct timespec atime,
+ struct timespec mtime)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_stat(struct ucred *cred, struct vnode *vp,
+ struct label *label)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
+ struct label *dlabel)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
+ struct label *dlabel, struct vnode *vp,
+ struct label *label)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+ struct label *label, acl_type_t type)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
+sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp,
+ struct label *filelabel, mode_t acc_mode)
+{
+ /* TBD: Not Implemented */
+ return 0;
+}
+
+static int
sebsd_externalize(struct label *label, struct mac *extmac)
{
/* TBD: this assumes vnodes only and only stores '5' */
@@ -493,7 +683,7 @@
*/
static void
sebsd_create_root_mount(struct ucred *cred, struct mount *mp,
- struct mount *mntlabel, struct mount *fslabel)
+ struct mount *mntlabel, struct mount *fslabel)
{
avc_init();
if (security_init()) {
@@ -507,12 +697,15 @@
{ MAC_DESTROY,
(macop_t)sebsd_destroy },
+ { MAC_SYSCALL,
+ (macop_t)sebsd_syscall },
+
/* Process operations */
{ MAC_INIT_CRED,
(macop_t)sebsd_init_cred },
{ MAC_CREATE_CRED,
(macop_t)sebsd_create_cred },
- { MAC_CHECK_CRED_RELABEL,
+ { MAC_CHECK_CRED_RELABEL,
(macop_t)sebsd_check_cred_relabel },
{ MAC_RELABEL_CRED,
(macop_t)sebsd_relabel_cred },
@@ -523,6 +716,9 @@
(macop_t)sebsd_create_proc0 },
{ MAC_CREATE_PROC1,
(macop_t)sebsd_create_proc1 },
+ { MAC_CHECK_PROC_SIGNAL,
+ (macop_t)sebsd_check_proc_signal },
+
/* file operations */
{ MAC_INIT_VNODE,
@@ -536,10 +732,44 @@
{ MAC_RELABEL_VNODE,
(macop_t)sebsd_relabel_vnode },
{ MAC_CHECK_VNODE_EXEC,
- (macop_t)sebsd_check_exec_vnode },
+ (macop_t)sebsd_check_vnode_exec },
{ MAC_CHECK_VNODE_CREATE,
- (macop_t)sebsd_check_create_vnode },
+ (macop_t)sebsd_check_vnode_create },
+ { MAC_CHECK_VNODE_STAT,
+ (macop_t)sebsd_check_vnode_stat },
+ { MAC_CHECK_VNODE_CHDIR,
+ (macop_t)sebsd_check_vnode_chdir },
+ { MAC_CHECK_VNODE_DELETE,
+ (macop_t)sebsd_check_vnode_delete },
+ { MAC_CHECK_VNODE_DELETEACL,
+ (macop_t)sebsd_check_vnode_deleteacl },
+ { MAC_CHECK_VNODE_GETACL,
+ (macop_t)sebsd_check_vnode_getacl },
+ { MAC_CHECK_VNODE_GETEXTATTR,
+ (macop_t)sebsd_check_vnode_getextattr },
+ { MAC_CHECK_VNODE_OPEN,
+ (macop_t)sebsd_check_vnode_open },
+ { MAC_CHECK_VNODE_RENAME_FROM,
+ (macop_t)sebsd_check_vnode_rename_from },
+ { MAC_CHECK_VNODE_RENAME_TO,
+ (macop_t)sebsd_check_vnode_rename_to },
+ { MAC_CHECK_VNODE_REVOKE,
+ (macop_t)sebsd_check_vnode_revoke },
+ { MAC_CHECK_VNODE_SETACL,
+ (macop_t)sebsd_check_vnode_setacl },
+ { MAC_CHECK_VNODE_SETEXTATTR,
+ (macop_t)sebsd_check_vnode_setextattr },
+ { MAC_CHECK_VNODE_SETFLAGS,
+ (macop_t)sebsd_check_vnode_setflags },
+ { MAC_CHECK_VNODE_SETMODE,
+ (macop_t)sebsd_check_vnode_setmode },
+ { MAC_CHECK_VNODE_SETOWNER,
+ (macop_t)sebsd_check_vnode_setowner },
+ { MAC_CHECK_VNODE_SETUTIMES,
+ (macop_t)sebsd_check_vnode_setutimes },
+ { MAC_CHECK_VNODE_RELABEL,
+ (macop_t)sebsd_check_vnode_relabel },
{ MAC_EXECVE_TRANSITION,
(macop_t)sebsd_execve_transition },
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.h#6 (text+ko) ====
@@ -37,17 +37,21 @@
#ifndef _SYS_SECURITY_SEBSD_H
#define _SYS_SECURITY_SEBSD_H
+#include <security/sebsd/flask_types.h>
+
+#define SELINUX_MAGIC 0xf97cff8c
+#define SEBSD_MAC_EXTATTR_NAME "sebsd"
+#define SEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
+
#ifdef _KERNEL
MALLOC_DECLARE(M_SEBSD);
-#endif /* _KERNEL */
extern int avc_debug_always_allow;
-extern int security_init(void);
extern int sebsd_verbose;
-#define SELINUX_MAGIC 0xf97cff8c
-
-#define SEBSD_MAC_EXTATTR_NAME "sebsd"
-#define SEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
+extern int security_init(void);
+extern int sebsd_syscall(struct thread *td, int call, void *args);
+extern int thread_has_system(struct thread *td, access_vector_t perm);
+#endif /* _KERNEL */
#endif /* _SYS_SECURITY_SEBSD_H */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd_sysctl.c#3 (text+ko) ====
@@ -46,37 +46,9 @@
#include <security/sebsd/ss/security.h>
#include <security/sebsd/ss/sidtab.h>
-static int sysctl_list_sids(SYSCTL_HANDLER_ARGS);
-
-SYSCTL_DECL(_security_mac);
-SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0,
- "Security Enhanced BSD policy controls");
-
-/*
-int sebsd_enabled = 1;
-SYSCTL_INT(_security_mac_sebsd, OID_AUTO, enabled, CTLFLAG_RW,
- &sebsd_enabled, 0, "Enable Security Enhanced BSD");
-TUNABLE_INT("security.mac.sebsd.enabled", &sebsd_enabled);
-*/
-
-SYSCTL_INT(_security_mac_sebsd, OID_AUTO, debug, CTLFLAG_RW,
- &avc_debug_always_allow, 0, "Debug Security Enhanced BSD policy");
-TUNABLE_INT("security.mac.sebsd.debug", &avc_debug_always_allow);
-
-SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW,
- &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff");
-TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose);
-
-SYSCTL_OID(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD,
- NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs");
-
-
/*
* Sysctl handler for security.mac.sebsd.sids
- *
- * Lists the SIDs active in the security server
- *
- * based on sysctl for vm.zone
+ * Lists the SIDs currently active in the security server
*/
static int
sysctl_list_sids(SYSCTL_HANDLER_ARGS)
@@ -115,3 +87,23 @@
FREE(buffer, M_TEMP);
return (error);
}
+
+SYSCTL_DECL(_security_mac);
+SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0,
+ "Security Enhanced BSD policy controls");
+
+#ifdef now_a_syscall
+SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, debug, CTLTYPE_INT|CTLFLAG_RW,
+ 0, 0, sysctl_sebsd_debug, "I",
+ "Debug Security Enhanced BSD policy");
+TUNABLE_INT("security.mac.sebsd.debug", &avc_debug_always_allow);
+#endif
+
+SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW,
+ &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff");
+TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose);
+
+SYSCTL_OID(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD,
+ NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs");
+
+
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/global.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/security.h#4 (text+ko) ====
@@ -17,7 +17,7 @@
*/
#ifdef __FreeBSD__
-#include <security/sebsd/avc/flask.h>
+#include <security/sebsd/flask.h>
#else /* __FreeBSD__ */
#include <linux/flask/flask.h>
#endif /* __FreeBSD__ */
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/sidtab.c#6 (text+ko) ====
@@ -18,7 +18,7 @@
#include <security/sebsd/linux-compat.h>
#include <security/sebsd/ss/sidtab.h>
-#include <security/sebsd/avc/flask.h>
+#include <security/sebsd/flask.h>
#include <security/sebsd/ss/global.h>
#include <security/sebsd/ss/services.h>
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/ss/symtab.c#4 (text+ko) ====
@@ -14,7 +14,7 @@
#endif /* FreeBSD _KERNEL */
#include <security/sebsd/linux-compat.h>
-#include <security/sebsd/avc/flask.h>
+#include <security/sebsd/flask.h>
#include <security/sebsd/ss/global.h>
#include <security/sebsd/ss/symtab.h>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list