PERFORCE change 18752 for review
Robert Watson
rwatson at freebsd.org
Sat Oct 5 19:22:13 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18752
Change 18752 by rwatson at rwatson_tislabs on 2002/10/05 12:21:35
IFC TrustedBSD base -> TrustedBSD MAC. Mostly loop-back of
integrated MAC changes, including vnode_link check, devfs_symlink
creation, re-ordering of kern_mac.c, etc. kern_mac.c merged
using -ay, so manually changes may arrive later.
Affected files ...
.. //depot/projects/trustedbsd/mac/etc/MAKEDEV#15 integrate
.. //depot/projects/trustedbsd/mac/release/doc/en_US.ISO8859-1/hardware/common/dev.sgml#23 integrate
.. //depot/projects/trustedbsd/mac/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#35 integrate
.. //depot/projects/trustedbsd/mac/sys/conf/bsd.kern.mk#2 delete
.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#27 integrate
.. //depot/projects/trustedbsd/mac/sys/geom/geom_bsd.c#9 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/kern_conf.c#11 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#297 integrate
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#87 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#125 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#55 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#107 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#80 integrate
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#52 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#171 integrate
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#134 integrate
Differences ...
==== //depot/projects/trustedbsd/mac/etc/MAKEDEV#15 (text+ko) ====
@@ -20,7 +20,7 @@
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# @(#)MAKEDEV 5.2 (Berkeley) 6/22/90
-# $FreeBSD: src/etc/MAKEDEV,v 1.329 2002/10/04 20:44:46 sam Exp $
+# $FreeBSD: src/etc/MAKEDEV,v 1.330 2002/10/05 18:28:48 scottl Exp $
#
# Device "make" file. Valid arguments:
# all makes all known devices, standard number of units (or close)
@@ -44,7 +44,6 @@
# fd* floppy disk drives (3 1/2", 5 1/4")
# fla* M-Systems DiskOnChip
# idad* Compaq Smart-2 RAID arrays
-# matcd* Matsushita (Panasonic) CD-ROM disks
# mcd* Mitsumi CD-ROM disks
# md* Memory (or malloc) disk
# mlx* Mylex DAC960 RAID controllers
@@ -314,7 +313,7 @@
sh $0 acd0 acd0t0 afd0 ast0 # ATAPI devices
sh $0 wd0 wd1 wd2 wd3 # OLD disk
sh $0 wcd0 wfd0 wst0 # OLD ATAPI devs
- sh $0 cd0 matcd0 mcd0 scd0 # cdrom
+ sh $0 cd0 mcd0 scd0 # cdrom
sh $0 sa0 wt0 # tape
sh $0 vty12 # virtual tty
sh $0 cuaa0 cuaa1 cuaa2 cuaa3 # serial tty
@@ -853,36 +852,6 @@
umask 77
;;
-matcd*)
- umask 2
- case $i in
- matcd*) unit=`expr $i : '.....\(.*\)'`; name=matcd; chr=46;;
- esac
- case $unit in
- 0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)
- mknod ${name}${unit}a c $chr $(($unit * 8 + 0)) \
- root:operator
- mknod ${name}${unit}c c $chr $(($unit * 8 + 2)) \
- root:operator
- ln -f ${name}${unit}a r${name}${unit}a
- ln -f ${name}${unit}c r${name}${unit}c
- chmod 640 ${name}${unit}[a-h] r${name}${unit}[a-h]
-
- mknod ${name}${unit}la c $chr $(($unit * 8 + 128)) \
- root:operator
- mknod ${name}${unit}lc c $chr $(($unit * 8 + 130)) \
- root:operator
- ln -f ${name}${unit}la r${name}${unit}la
- ln -f ${name}${unit}lc r${name}${unit}lc
- chmod 640 ${name}${unit}l[a-h] r${name}${unit}l[a-h]
- ;;
- *)
- echo bad unit for disk in: $i
- ;;
- esac
- umask 77
- ;;
-
wcd*)
umask 2 ;
unit=`expr $i : '...\(.*\)'`
==== //depot/projects/trustedbsd/mac/release/doc/en_US.ISO8859-1/hardware/common/dev.sgml#23 (text+ko) ====
@@ -31,7 +31,7 @@
<sect1>
<sect1info>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/hardware/common/dev.sgml,v 1.105 2002/10/04 16:53:39 bmah Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/hardware/common/dev.sgml,v 1.106 2002/10/05 17:23:18 bmah Exp $</pubdate>
</sect1info>
<title>Supported Devices</title>
@@ -3041,6 +3041,41 @@
</sect2>
<sect2>
+ <title>Cryptographic Accelerators</title>
+
+ <para arch="i386,pc98">Accelerators based on
+ the Hifn 7751, 7811, or 7951 chipsets (&man.hifn.4; driver)
+
+ <itemizedlist>
+ <listitem>
+ <para>Invertex AEON</para>
+ </listitem>
+ <listitem>
+ <para>Hifn 7751 reference board</para>
+ </listitem>
+ <listitem>
+ <para>Global Technologies Group PowerCrypt and XL-Crypt</para>
+ </listitem>
+ <listitem>
+ <para>NetSec 7751</para>
+ </listitem>
+ <listitem>
+ <para>Soekris Engineering vpn1201 and vpn1211</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <para arch="i386,pc98">Accelerators based on
+ the Bluesteel 5501 or 5601 chipsets (&man.ubsec.4;
+ driver)</para>
+
+ <para arch="i386,pc98">Accelerators based on
+ the Broadcom BCM5801, BCM5802, BCM5805, BCM5820, BCM 5821,
+ BCM5822 chipsets (&man.ubsec.4; driver)</para>
+
+ </sect2>
+
+ <sect2>
<title>Miscellaneous</title>
<para arch="i386,pc98">FAX-Modem/PCCARD
==== //depot/projects/trustedbsd/mac/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#35 (text+ko) ====
@@ -3,7 +3,7 @@
<corpauthor>The FreeBSD Project</corpauthor>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.430 2002/10/04 16:53:12 bmah Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.431 2002/10/05 17:22:22 bmah Exp $</pubdate>
<copyright>
<year>2000</year>
@@ -111,6 +111,14 @@
<para role="historic">The &man.agp.4; driver for AGP devices has been
added. &merged;</para>
+ <para>A new in-kernel cryptographic framework (see &man.crypto.4;
+ and &man.crypto.9;) has been imported from OpenBSD. It provides
+ a consistent interface to hardware and software implementations
+ of cryptographic algorithms for use by the kernel and access to
+ cryptographic hardware for user-mode applications.
+ Hardware device drivers are provided to support hifn-based cards
+ (&man.hifn.4;) and Broadcom-based cards (&man.ubsec.4;).</para>
+
<para>A new &man.ddb.4; command <command>show pcpu</command> lists
some of the per-CPU data.</para>
@@ -469,12 +477,11 @@
<para>The &os; kernel scheduler now supports Kernel-Scheduled
Entities (KSEs), which provides support for multiple threads of
- execution per process similar to Schedular Activations. At this
+ execution per process similar to Scheduler Activations. At this
point, the kernel has most of the changes needed to support
threading. The kernel scheduler can schedule multiple threads per
- process, but only on a single CPU at a time. Support for
- userland programs to create and utilize multiple threads is not
- yet completed.
+ process, but only on a single CPU at a time. More information
+ can be found in &man.kse.2;.
<note>
<para>KSE is a work in progress.</para>
@@ -3670,7 +3677,7 @@
<application>less</application> has been imported.</para>
<para>An XML processing library, named
- <filename>libbsdxml</filename> has been added for the benefit
+ <filename>libbsdxml</filename>, has been added for the benefit
of XML-using utilities in the base system. It is based almost
entirely on an import of <application>expat</application>
1.95.5, but is installed under a different name to avoid
==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#27 (text+ko) ====
@@ -31,7 +31,7 @@
* @(#)kernfs_vnops.c 8.15 (Berkeley) 5/21/95
* From: FreeBSD: src/sys/miscfs/kernfs/kernfs_vnops.c 1.43
*
- * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.49 2002/10/01 10:08:08 phk Exp $
+ * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.50 2002/10/05 18:40:10 rwatson Exp $
*/
/*
==== //depot/projects/trustedbsd/mac/sys/geom/geom_bsd.c#9 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_bsd.c,v 1.24 2002/09/30 08:59:59 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_bsd.c,v 1.25 2002/10/05 18:52:06 phk Exp $
*
* This is the method for dealing with BSD disklabels. It has been
* extensively (by my standards at least) commented, in the vain hope that
@@ -103,7 +103,7 @@
d->d_type = g_dec_le2(ptr + 4);
d->d_subtype = g_dec_le2(ptr + 6);
bcopy(ptr + 8, d->d_typename, 16);
- bcopy(d->d_packname, ptr + 24, 16);
+ bcopy(ptr + 24, d->d_packname, 16);
d->d_secsize = g_dec_le4(ptr + 40);
d->d_nsectors = g_dec_le4(ptr + 44);
d->d_ntracks = g_dec_le4(ptr + 48);
==== //depot/projects/trustedbsd/mac/sys/kern/kern_conf.c#11 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_conf.c,v 1.111 2002/09/27 18:27:09 phk Exp $
+ * $FreeBSD: src/sys/kern/kern_conf.c,v 1.112 2002/10/05 17:10:28 green Exp $
*/
#include <sys/param.h>
@@ -436,6 +436,8 @@
u *= 10;
u += name[i++] - '0';
}
+ if (u > 0xffffff)
+ return (0);
*unit = u;
if (namep)
*namep = &name[i];
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#297 (text+ko) ====
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#87 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
- * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.289 2002/10/02 09:05:30 phk Exp $
+ * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.290 2002/10/05 18:11:32 rwatson Exp $
*/
/* For 4.3 integer FS ID compatibility */
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#125 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.12 2002/09/21 19:50:28 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.15 2002/10/05 18:56:25 rwatson Exp $
*/
/*
@@ -1891,31 +1891,31 @@
}
static int
-mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
struct mac_biba *subj, *obj;
-
+
if (!mac_biba_enabled)
return (0);
-
+
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
-
+
if (!mac_biba_dominate_single(subj, obj))
return (EACCES);
obj = SLOT(label);
-
+
if (!mac_biba_dominate_single(subj, obj))
return (EACCES);
- return (0);
+ return (0);
}
static int
-mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp)
{
struct mac_biba *subj, *obj;
==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#55 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.2 2002/08/19 19:04:52 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_bsdextended/mac_bsdextended.c,v 1.3 2002/10/05 18:25:48 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
@@ -451,10 +451,10 @@
{
struct vattr vap;
int error;
-
+
if (!mac_bsdextended_enabled)
return (0);
-
+
error = VOP_GETATTR(dvp, &vap, cred, curthread);
if (error)
return (error);
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#107 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.10 2002/09/21 19:26:59 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.13 2002/10/05 18:56:25 rwatson Exp $
*/
/*
@@ -1941,19 +1941,19 @@
return (0);
}
-static int
+static int
mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
struct mac_mls *subj, *obj;
-
+
if (!mac_mls_enabled)
return (0);
-
+
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
-
+
if (!mac_mls_dominate_single(obj, subj))
return (EACCES);
@@ -1961,7 +1961,7 @@
if (!mac_mls_dominate_single(obj, subj))
return (EACCES);
- return (0);
+ return (0);
}
static int
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#80 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.7 2002/08/20 02:54:09 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.10 2002/10/05 18:56:25 rwatson Exp $
*/
/*
@@ -691,14 +691,14 @@
return (0);
}
-static int
-mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+static int
+mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
-
+
return (0);
-}
+}
static int
mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#52 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.6 2002/08/20 02:53:35 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.9 2002/10/05 18:56:25 rwatson Exp $
*/
/*
@@ -1071,13 +1071,13 @@
}
static int
-mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
{
-
+
return (0);
-}
+}
static int
mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#171 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/mac.h,v 1.9 2002/10/02 02:42:38 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac.h,v 1.11 2002/10/05 18:40:10 rwatson Exp $
*/
/*
* Userland/kernel interface for Mandatory Access Control.
@@ -261,6 +261,8 @@
void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
struct devfs_dirent *de);
void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
+void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+ struct devfs_dirent *de);
void mac_create_vnode(struct ucred *cred, struct vnode *parent,
struct vnode *child);
void mac_create_mount(struct ucred *cred, struct mount *mp);
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#134 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/sys/mac_policy.h,v 1.10 2002/10/02 02:42:38 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac_policy.h,v 1.13 2002/10/05 18:40:10 rwatson Exp $
*/
/*
* Kernel interface for MAC policy modules.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list