PERFORCE change 16466 for review
Brian Feldman
green at freebsd.org
Fri Aug 23 16:32:00 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16466
Change 16466 by green at green_laptop_2 on 2002/08/23 09:31:19
Add basic support for TrustedBSD/Lomac in ps(1), which should
now work similarly for both versions of Lomac in the tree.
Affected files ...
.. //depot/projects/trustedbsd/mac/bin/ps/lomac.c#7 edit
.. //depot/projects/trustedbsd/mac/include/Makefile#16 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/mac/bin/ps/lomac.c#7 (text+ko) ====
@@ -43,6 +43,7 @@
__FBSDID("$FreeBSD: src/bin/ps/lomac.c,v 1.8 2002/07/10 20:44:55 dillon Exp $");
#include <sys/types.h>
+#include <sys/mac.h>
#include <security/lomac/lomacio.h>
#include <err.h>
@@ -57,7 +58,7 @@
#define LOMAC_DEVICE "/dev/lomac"
-static int devlomac = -1; /* file descriptor for LOMAC_DEVICE */
+static int devlomac = -2; /* file descriptor for LOMAC_DEVICE */
/* lomac_start()
*
@@ -71,8 +72,10 @@
static void
lomac_start(void)
{
- if ((devlomac = open(LOMAC_DEVICE, O_RDWR)) == -1)
- err(1, "cannot open %s", LOMAC_DEVICE);
+ if ((devlomac = open(LOMAC_DEVICE, O_RDWR)) == -1 &&
+ mac_is_present_np("lomac") != 1)
+ err(1, "cannot open %s or TrustedBSD/Lomac not loaded",
+ LOMAC_DEVICE);
}
/* lomac_stop()
@@ -88,7 +91,7 @@
lomac_stop(void)
{
- if (devlomac != -1 && close(devlomac) == -1)
+ if (devlomac >= 0 && close(devlomac) == -1)
err(1, "cannot close %s", LOMAC_DEVICE);
}
@@ -110,8 +113,21 @@
get_lattr(int pid)
{
- if (devlomac == -1)
+ if (devlomac == -2)
lomac_start();
+ if (devlomac == -1) {
+ struct mac_biba mb;
+ struct mac_pid_data mpd;
+ size_t datalen;
+
+ strcpy(mpd.mpd_name, "trustedbsd_mac_lomac");
+ mpd.mpd_data = (void *)&mb;
+ datalen = sizeof(mb);
+ mpd.mpd_datalen = &datalen;
+ if (mac_get_pid(pid, &mpd, 1) != 0)
+ err(1, "mac_get_pid");
+ return (mb.mb_single.mbe_type);
+ }
if (ioctl(devlomac, LIOGETPLEVEL, &pid) == -1)
err(1, "ioctl");
return (pid);
==== //depot/projects/trustedbsd/mac/include/Makefile#16 (text+ko) ====
@@ -41,7 +41,7 @@
fs/procfs fs/smbfs fs/umapfs fs/unionfs isofs/cd9660 \
netatm/ipatm netatm/sigpvc netatm/spans netatm/uni \
security/lomac security/mac_biba security/mac_bsdextended \
- security/mac_mls security/sebsd ufs/ffs ufs/ufs
+ security/mac_lomac security/mac_mls security/sebsd ufs/ffs ufs/ufs
# For SHARED=symlinks, cam and netatm are symlinks, so cam/scsi and netatm/*
# are taken care of
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#4 (text+ko) ====
@@ -486,7 +486,8 @@
goto out;
}
bzero(&subj->mac_biba, sizeof(subj->mac_biba));
- mac_biba_copy(objlabel, &subj->mac_biba);
+ mac_biba_copy_single(objlabel, &subj->mac_biba);
+ mac_biba_copy_single_to_range(objlabel, &subj->mac_biba);
subj->mac_biba.mb_flags |= MAC_BIBA_FLAG_UPDATESUBJ;
out:
mtx_unlock(&subj->mtx);
@@ -712,6 +713,27 @@
}
static int
+mac_lomac_externalize_pid(pid_t pid, struct ucred *cred, char *data,
+ size_t *datalenp)
+{
+ struct mac_biba *target = SLOT(&cred->cr_label);
+ size_t datalen;
+ int error;
+
+ error = copyin(datalenp, &datalen, sizeof(datalen));
+ if (error)
+ return (error);
+ if (datalen < sizeof(struct mac_biba))
+ return (ENOMEM);
+ error = copyout(target, data, sizeof(*target));
+ if (error == 0) {
+ datalen = sizeof(*target);
+ error = copyout(&datalen, datalenp, sizeof(datalen));
+ }
+ return (error);
+}
+
+static int
mac_biba_internalize(struct label *label, struct mac *extmac)
{
struct mac_biba *mac_biba;
@@ -2376,6 +2398,8 @@
(macop_t)mac_biba_destroy_vnode },
{ MAC_EXTERNALIZE,
(macop_t)mac_biba_externalize },
+ { MAC_EXTERNALIZE_PID,
+ (macop_t)mac_lomac_externalize_pid },
{ MAC_INTERNALIZE,
(macop_t)mac_biba_internalize },
{ MAC_CREATE_DEVFS_DEVICE,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list