PERFORCE change 16600 for review

[Brian Feldman]

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16600

Change 16600 by green at green_laptop_2 on 2002/08/26 13:04:05

	Snapshot changes to make TrustedBSD/Lomac PLM work.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.c#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.h#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/policy_plm.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.c#2 (text+ko) ====

@@ -95,7 +95,8 @@
 struct lomac_node_entry lomac_node_entry_root = {
 	SLIST_HEAD_INITIALIZER(lomac_node_entry),
 	{ NULL },
-	LN_HIGHEST_LEVEL | LN_INHERIT_HIGH,
+	{},	/* finish filling in during lomac_plm_initialize() */
+	{},
 	"/"
 };
 
@@ -130,21 +131,22 @@
  * This is called from inside getnewvnode() before the vnode is in use.
  */
 void
-lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct vnode *vp,
-    struct componentname *cnp, lattr_t *subjlattr) {
-	struct lomac_node *ln = VTOLOMAC(vp);
+lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct lomac_node *dln,
+    struct vnode *vp, struct lomac_node *ln, struct componentname *cnp)
+{
 	struct lomac_node_entry *mlne = NULL;
 
 	/*
 	 * Only "/" has no parent, so inherit directly from our PLM root.
 	 */
 	if (dvp == NULL) {
-		ln->ln_flags = lomac_node_entry_root.ln_flags;
+		mac_biba_copy(&lomac_node_entry_root.ln_child_label,
+		    &ln->ln_child_label);
+		mac_biba_copy(&lomac_node_entry_root.ln_label,
+		    &ln->ln_label);
 		ln->ln_entry = ln->ln_underpolicy = &lomac_node_entry_root;
 	} else {
-		struct lomac_node *dln = VTOLOMAC(dvp);
 		struct lomac_node_entry *dlne = dln->ln_entry;
-		int fixup_inherit = 0;
 
 		/*
 		 * If we have no directory-specific entry, we inherit
@@ -153,64 +155,40 @@
 		 * from the corresponding lomac_node_entry.
 		 */
 		if (dlne == NULL) {
-			ln->ln_flags = dln->ln_flags & LN_INHERIT_MASK;
-			fixup_inherit = 1;
+			mac_biba_copy(&dln->ln_child_label,
+			    &ln->ln_child_label);
+			mac_biba_copy(&dln->ln_child_label, &ln->ln_label);
 			ln->ln_underpolicy = dln->ln_underpolicy;
 			ln->ln_entry = NULL;
 		} else if ((mlne = lomac_plm_subtree_find_cnp(dlne, cnp)) ==
 		    NULL) {
-			ln->ln_flags = dlne->ln_flags & LN_INHERIT_MASK;
-			fixup_inherit = 2;
+			mac_biba_copy(&dlne->ln_child_label,
+			    &ln->ln_child_label);
+			mac_biba_copy(&dlne->ln_child_label, &ln->ln_label);
 			ln->ln_underpolicy = dlne;
 			ln->ln_entry = NULL;
+#ifdef notyet
+			ln->ln_flags |=
+			    (dlne->ln_flags & LN_CHILD_ATTR_MASK) >>
+			    LN_CHILD_ATTR_SHIFT;
+#endif
 		} else {
+			mac_biba_copy(&mlne->ln_child_label,
+			    &ln->ln_child_label);
+			mac_biba_copy(&mlne->ln_label, &ln->ln_label);
 			ln->ln_entry = ln->ln_underpolicy = mlne;
 		}
-		if (fixup_inherit) {
-			switch (ln->ln_flags) {
-			case LN_INHERIT_LOW:
-				ln->ln_flags |= LN_LOWEST_LEVEL;
-				break;
-			case LN_INHERIT_SUBJ:
-				if (subjlattr->level == LOMAC_HIGHEST_LEVEL)
-					ln->ln_flags |= LN_HIGHEST_LEVEL;
-				else {
-					ln->ln_flags &= ~LN_INHERIT_MASK;
-					ln->ln_flags |= LN_INHERIT_LOW |
-					    LN_LOWEST_LEVEL;
-				}
-				break;
-			case LN_INHERIT_HIGH:
-				ln->ln_flags |= LN_HIGHEST_LEVEL;
-				break;
-			}
-			if (fixup_inherit == 2)
-				ln->ln_flags |=
-				    (dlne->ln_flags & LN_CHILD_ATTR_MASK) >>
-				    LN_CHILD_ATTR_SHIFT;
-		} else {
-			/* this is the only case where mlne != NULL */
-			ln->ln_flags &= ~(LN_INHERIT_MASK | LN_ATTR_MASK);
-			ln->ln_flags |= mlne->ln_flags &
-			    (LN_INHERIT_MASK | LN_ATTR_MASK);
-			if ((mlne->ln_flags & LN_LEVEL_MASK) ==
-			    LN_SUBJ_LEVEL) {
-				if (subjlattr->level == LOMAC_HIGHEST_LEVEL)
-					ln->ln_flags |= LN_HIGHEST_LEVEL;
-				else
-					ln->ln_flags |= LN_LOWEST_LEVEL;
-			} else
-				ln->ln_flags |= mlne->ln_flags & LN_LEVEL_MASK;
-		}
 	}
 
-	KASSERT(ln->ln_flags & LN_LEVEL_MASK, ("lomac_node has no level"));
-	KASSERT(ln->ln_flags & LN_INHERIT_MASK, ("lomac_node has no inherit"));
+	KASSERT(ln->ln_label.mb_flags & MAC_BIBA_FLAG_SINGLE,
+	    ("lomac_node has no level"));
+	KASSERT(ln->ln_child_label.mb_flags & MAC_BIBA_FLAG_SINGLE,
+	    ("lomac_node has no inherit"));
 #ifdef INVARIANTS
 	if (mlne != NULL) {
-		KASSERT(mlne->ln_flags & LN_LEVEL_MASK,
+		KASSERT(mlne->ln_label.mb_flags & MAC_BIBA_FLAG_SINGLE,
 		    ("lomac_node_entry has no level"));
-		KASSERT(mlne->ln_flags & LN_INHERIT_MASK,
+		KASSERT(mlne->ln_child_label.mb_flags & MAC_BIBA_FLAG_SINGLE,
 		    ("lomac_node_entry has no inherit"));
 	}
 #endif /* INVARIANTS */
@@ -225,35 +203,12 @@
 	lne = malloc(sizeof(*lne), M_LOMACPLM, M_WAITOK);
 	bcopy(&head_init, &lne->ln_children, sizeof(head_init));
 	lne->ln_name = name;
-	lne->ln_flags = plne->ln_flags & LN_INHERIT_MASK;
-	switch (lne->ln_flags) {
-	case LN_INHERIT_LOW:
-		lne->ln_flags |= LN_LOWEST_LEVEL;
-		break;
-	case LN_INHERIT_HIGH:
-		lne->ln_flags |= LN_HIGHEST_LEVEL;
-		break;
-	case LN_INHERIT_SUBJ:
-		lne->ln_flags |= LN_SUBJ_LEVEL;
-		break;
-	}
+	mac_biba_copy(&plne->ln_child_label, &lne->ln_child_label);
+	mac_biba_copy(&plne->ln_child_label, &lne->ln_label);
 	SLIST_INSERT_HEAD(&plne->ln_children, lne, ln_chain);
 	return (lne);
 }
 
-static void
-lomac_plm_subtree_free(struct lomac_node_entry *lneself) {
-	struct lomac_node_entry_head *head = &lneself->ln_children;
-	struct lomac_node_entry *lne;
-
-	while (!SLIST_EMPTY(head)) {
-		lne = SLIST_FIRST(head);
-		SLIST_REMOVE_HEAD(head, ln_chain);
-		lomac_plm_subtree_free(lne);
-	}
-	free(lneself, M_LOMACPLM);
-}
-
 struct string_list {
 	SLIST_ENTRY(string_list) entries;
 	char string[1];
@@ -272,29 +227,15 @@
 	return (sl->string);
 }
 
-static void
-lomac_plm_uninitialize(void) {
-	struct lomac_node_entry_head *head = &lomac_node_entry_root.ln_children;
-	struct lomac_node_entry *lne;
-	struct string_list *sl;
-
-	while (!SLIST_EMPTY(head)) {
-		lne = SLIST_FIRST(head);
-		SLIST_REMOVE_HEAD(head, ln_chain);
-		lomac_plm_subtree_free(lne);
-	}
-	while (!SLIST_EMPTY(&string_list_head)) {
-		sl = SLIST_FIRST(&string_list_head);
-		SLIST_REMOVE_HEAD(&string_list_head, entries);
-		free(sl, M_LOMACPLM);
-	}
-}
-
 static int
 lomac_plm_initialize(void) {
 	struct lomac_node_entry *plne, *lne;
 	plm_rule_t *pr;
 
+	mac_biba_set_single(&lomac_node_entry_root.ln_label,
+	    MAC_BIBA_TYPE_HIGH, 0);
+	mac_biba_set_single(&lomac_node_entry_root.ln_child_label,
+	    MAC_BIBA_TYPE_HIGH, 0);
 	for (pr = plm; pr->path != NULL; pr++) {
 		char *path;
 		char *comp;
@@ -339,44 +280,18 @@
 		}
 		lne->ln_path = pr->path;
 		if (pr->flags == PLM_NOFLAGS)
-			lne->ln_flags &= ~LN_LEVEL_MASK;
+			mac_biba_set_single(&lne->ln_label, pr->type,
+			    pr->grade);
 		else
-			lne->ln_flags &= ~LN_INHERIT_MASK;
-		lne->ln_flags |= 
-		    plm_levelflags_to_node_flags[pr->level][pr->flags];
+			mac_biba_set_single(&lne->ln_child_label, pr->type,
+			    pr->grade);
+#ifdef notyet
 		if (pr->flags == PLM_NOFLAGS)
 			lne->ln_flags |= pr->attr;
 		else
 			lne->ln_flags |= (pr->attr & LN_ATTR_MASK)
 			    << LN_CHILD_ATTR_SHIFT;
+#endif
 	}
 	return (0);
 }
-
-int lomac_plm_initialized = 0;
-
-static int
-lomac_plm_modevent(module_t module, int event, void *unused) {
-	int error = 0;
-
-	switch ((enum modeventtype)event) {
-	case MOD_LOAD:
-		error = lomac_plm_initialize();
-		if (error == 0)
-			lomac_plm_initialized = 1;
-		break;
-	case MOD_UNLOAD:
-		lomac_plm_uninitialize();
-	case MOD_SHUTDOWN:
-		break;
-	}
-	return (error);
-}
-
-static moduledata_t lomac_plm_moduledata = {
-	"lomac_plm",
-	&lomac_plm_modevent,
-	NULL
-};
-DECLARE_MODULE(lomac_plm, lomac_plm_moduledata, SI_SUB_VFS, SI_ORDER_ANY);
-MODULE_VERSION(lomac_plm, 1);

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.h#2 (text+ko) ====

@@ -38,7 +38,40 @@
 #ifndef KERNEL_PLM_H
 #define KERNEL_PLM_H
 
-extern int lomac_plm_initialized; /* set to 1 if successfully initialized */
+/*
+ * This is the "placeholder" structure initialized from the PLM that
+ * holds the level information for all named objects.
+ */
+struct lomac_node_entry {
+	SLIST_HEAD(lomac_node_entry_head, lomac_node_entry) ln_children;
+	SLIST_ENTRY(lomac_node_entry) ln_chain;	/* chain of current level */
+	struct mac_biba ln_label;	/* label for this node */
+	struct mac_biba ln_child_label;	/* label for this node's children */
+#if 0
+#define	LN_CHILD_ATTR_LOWWRITE	0x0200	/* lower levels may write to */
+#define	LN_CHILD_ATTR_LOWNOOPEN	0x0400	/* lower levels may not open */
+#define	LN_CHILD_ATTR_NONETDEMOTE 0x0800 /* will not demote on net read */
+#define	LN_CHILD_ATTR_NODEMOTE	0x1000	/* subject won't demote on other read */
+	u_int ln_flags;
+#endif
+	char *ln_name;			/* last component name (to search) */
+	const char *ln_path;		/* in "stable" storage */
+};
+
+/*
+ * Make certain the mac_biba is at the beginning so we can use obscene
+ * coding practices for the time being and pretend they're equal for
+ * vnodes.
+ */
+struct lomac_node {
+	struct mac_biba ln_label;
+	struct mac_biba ln_child_label;
+	/* What's the last node explicitly specifying policy for this? */
+	struct lomac_node_entry *ln_underpolicy;
+	/* If non-NULL, this corresponds 1:1 to a specific PLM node entry. */
+	struct lomac_node_entry *ln_entry;
+};
+
 void lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct vnode *vp,
     struct componentname *cnp, lattr_t *subjlattr);
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/policy_plm.h#2 (text+ko) ====

@@ -38,11 +38,9 @@
 #ifndef	LOMAC_PLM_H
 #define	LOMAC_PLM_H
 
-enum plm_level {
-	LOW,
-	SUBJ,
-	HIGH
-};
+#define	LOW	MAC_BIBA_TYPE_LOW, 0
+#define	HIGH	MAC_BIBA_TYPE_HIGH, 0
+#define	SUBJ	MAC_BIBA_TYPE_EQUAL, 0
 enum plm_flags {
 	PLM_NOFLAGS, /* rule applies to this node and its children */
 	PLM_CHILDOF  /* rule applies to node's children, not the node */
@@ -52,14 +50,10 @@
 #define	NONETDEMOTE	LN_ATTR_NONETDEMOTE
 #define	NODEMOTE	LN_ATTR_NODEMOTE
 
-static u_int plm_levelflags_to_node_flags[3][2] = {
-	{ LN_LOWEST_LEVEL,	LN_INHERIT_LOW },
-	{ LN_SUBJ_LEVEL,	LN_INHERIT_SUBJ },
-	{ LN_HIGHEST_LEVEL,	LN_INHERIT_HIGH }
-};
-
 typedef struct plm_rule {
-	enum plm_level level;		/* LOMAC level */
+	/* struct mac_biba_element ... */
+	u_short type;			/* same as mbe_type */
+	u_short grade;			/* same as mbe_grade */
 	enum plm_flags flags;		/* flags for PLM evaluation */
 	unsigned int attr;		/* LN_ATTR_MASK of flags */
 	const char *path;		/* absolute path for this PLM rule */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message