PERFORCE change 20061 for review
Brian Feldman
green at freebsd.org
Thu Oct 24 18:07:06 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20061
Change 20061 by green at green_laptop_2 on 2002/10/24 11:06:31
* Continue synchronize mac_lomac with mac_biba changes (e.g.
complete extattr methodology switchover).
* Disable mac_lomac protection against sysctl changes for the
time being.
* Update mac_lomac logic to utilize demotion rather than
denial, so now it's LESS like Biba!
* Include debugging code for mmap revocation as that is currently
not doing anything.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/modules/Makefile#48 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#15 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#8 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/modules/Makefile#48 (text+ko) ====
@@ -66,6 +66,7 @@
mac_biba \
mac_bsdextended \
mac_ifoff \
+ mac_lomac \
mac_mls \
mac_none \
mac_partition \
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#15 (text+ko) ====
@@ -79,6 +79,11 @@
#include <security/mac_lomac/mac_lomac.h>
+struct mac_lomac_proc {
+ struct mac_lomac mac_lomac;
+ struct mtx mtx;
+};
+
SYSCTL_DECL(_security_mac);
SYSCTL_NODE(_security_mac, OID_AUTO, lomac, CTLFLAG_RW, 0,
@@ -120,6 +125,8 @@
static int mac_lomac_slot;
#define SLOT(l) ((struct mac_lomac *)LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
+#define PSLOT(l) ((struct mac_lomac_proc *) \
+ LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
MALLOC_DEFINE(M_MACLOMAC, "lomac label", "MAC/LOMAC labels");
@@ -420,6 +427,36 @@
mac_lomac_copy_range(source, dest);
}
+static int
+maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel)
+{
+ struct mac_lomac_proc *subj = PSLOT(&curthread->td_proc->p_label);
+
+ mtx_lock(&subj->mtx);
+ if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
+ /*
+ * Check to see if the pending demotion would be more or
+ * less severe than this one, and keep the more severe.
+ * This can only happen for a multi-threaded application.
+ */
+ if (mac_lomac_dominate_single(objlabel, &subj->mac_lomac))
+ goto out;
+ }
+ bzero(&subj->mac_lomac, sizeof(subj->mac_lomac));
+ mac_lomac_copy_single(objlabel, &subj->mac_lomac);
+ mac_lomac_set_range(&subj->mac_lomac,
+ objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade,
+ objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade);
+ subj->mac_lomac.ml_flags |= MAC_LOMAC_FLAG_UPDATE;
+ mtx_lock_spin(&sched_lock);
+ curthread->td_kse->ke_flags |= KEF_ASTPENDING;
+ curthread->td_proc->p_sflag |= PS_MACPEND;
+ mtx_unlock_spin(&sched_lock);
+out:
+ mtx_unlock(&subj->mtx);
+ return (0);
+}
+
/*
* Policy module operations.
*/
@@ -457,6 +494,15 @@
}
static void
+mac_lomac_init_proc_label(struct ucred *ucred, struct label *label)
+{
+
+ PSLOT(label) = malloc(sizeof(struct mac_lomac_proc), M_MACLOMAC,
+ M_ZERO | M_WAITOK);
+ mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF);
+}
+
+static void
mac_lomac_destroy_label(struct label *label)
{
@@ -464,6 +510,15 @@
SLOT(label) = NULL;
}
+static void
+mac_lomac_destroy_proc_label(struct ucred *ucred, struct label *label)
+{
+
+ mtx_destroy(&PSLOT(label)->mtx);
+ FREE(PSLOT(label), M_MACLOMAC);
+ PSLOT(label) = NULL;
+}
+
/*
* mac_lomac_element_to_string() is basically an snprintf wrapper with
* the same properties as snprintf(). It returns the length it would
@@ -763,30 +818,6 @@
}
static void
-mac_lomac_create_vnode(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *vlabel)
-{
- struct mac_lomac *source, *dest, temp;
- size_t buflen;
- int error;
-
- buflen = sizeof(temp);
- bzero(&temp, buflen);
-
- source = SLOT(&cred->cr_label);
- dest = SLOT(vlabel);
- mac_lomac_copy_single(source, &temp);
-
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
- MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
- if (error == 0)
- mac_lomac_copy_single(source, dest);
-#ifdef notyet
- return (error);
-#endif
-}
-
-static void
mac_lomac_create_mount(struct ucred *cred, struct mount *mp,
struct label *mntlabel, struct label *fslabel)
{
@@ -825,7 +856,7 @@
source = SLOT(label);
#ifdef notyet
- if ((source->ml_flags & MAC_BIBA_FLAG_SINGLE) == 0)
+ if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
return (0);
#endif
#ifndef notyet
@@ -854,24 +885,21 @@
}
static void
-mac_lomac_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
- struct ucred *cred)
+mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
- dest = SLOT(vnodelabel);
+ source = SLOT(delabel);
+ dest = SLOT(vlabel);
- /*
- * Only copy the single, not the range, since vnodes only have
- * a single.
- */
mac_lomac_copy_single(source, dest);
}
static int
-mac_lomac_update_vnode_from_extattr(struct vnode *vp, struct label *vlabel,
- struct mount *mp, struct label *fslabel)
+mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+ struct vnode *vp, struct label *vlabel)
{
struct mac_lomac temp, *source, *dest;
size_t buflen;
@@ -911,17 +939,61 @@
}
static void
-mac_lomac_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel,
- struct mount *mp, struct label *fslabel)
+mac_lomac_associate_vnode_singlelabel(struct mount *mp,
+ struct label *fslabel, struct vnode *vp, struct label *vlabel)
{
struct mac_lomac *source, *dest;
source = SLOT(fslabel);
- dest = SLOT(vnodelabel);
+ dest = SLOT(vlabel);
mac_lomac_copy_single(source, dest);
}
+static int
+mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
+ struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct vnode *vp, struct label *vlabel, struct componentname *cnp)
+{
+ struct mac_lomac *source, *dest, temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(temp);
+ bzero(&temp, buflen);
+
+ source = SLOT(&cred->cr_label);
+ dest = SLOT(vlabel);
+ mac_lomac_copy_single(source, &temp);
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
+ MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
+ if (error == 0)
+ mac_lomac_copy_single(source, dest);
+ return (error);
+}
+
+static int
+mac_lomac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vlabel, struct label *intlabel)
+{
+ struct mac_lomac *source, temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(temp);
+ bzero(&temp, buflen);
+
+ source = SLOT(intlabel);
+ if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ return (0);
+
+ mac_lomac_copy_single(source, &temp);
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
+ MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
+ return (error);
+}
+
/*
* Labeling event operations: IPC object.
*/
@@ -1473,24 +1545,6 @@
}
static int
-mac_lomac_check_mount_stat(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(mntlabel);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
{
@@ -1504,24 +1558,6 @@
}
static int
-mac_lomac_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT((pipelabel));
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_pipe_read(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel)
{
@@ -1534,7 +1570,7 @@
obj = SLOT((pipelabel));
if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
+ return (maybe_demote(subj, obj));
return (0);
}
@@ -1591,24 +1627,6 @@
}
static int
-mac_lomac_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT((pipelabel));
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_pipe_write(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel)
{
@@ -1774,6 +1792,7 @@
mac_lomac_check_sysctl(struct ucred *cred, int *name, u_int namelen,
void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
{
+#ifdef notyet
struct mac_lomac *subj;
if (!mac_lomac_enabled)
@@ -1790,46 +1809,11 @@
return (EPERM);
}
- return (0);
-}
-
-static int
-mac_lomac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(dlabel);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
+#endif
return (0);
}
static int
-mac_lomac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(dlabel);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
{
@@ -1890,60 +1874,6 @@
}
static int
-mac_lomac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label, struct image_params *imgp)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mac_lomac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
- struct label *label, acl_type_t type)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mac_lomac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *label, int attrnamespace, const char *name, struct uio *uio)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(label);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct vnode *vp, struct label *label,
struct componentname *cnp)
@@ -1968,25 +1898,35 @@
}
static int
-mac_lomac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct componentname *cnp)
+mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
+ struct label *label, int prot)
{
struct mac_lomac *subj, *obj;
+ /*
+ * Rely on the use of open()-time protections to handle
+ * non-revocation cases.
+ */
if (!mac_lomac_enabled)
return (0);
subj = SLOT(&cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(label);
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
+ if (prot & VM_PROT_WRITE) {
+ if (!mac_lomac_dominate_single(subj, obj))
+ return (EACCES);
+ }
+ if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
+ if (!mac_lomac_dominate_single(obj, subj))
+ return (maybe_demote(subj, obj));
+ }
return (0);
}
static int
-mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
+mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
struct label *label, int prot)
{
struct mac_lomac *subj, *obj;
@@ -2001,82 +1941,69 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
- }
if (prot & VM_PROT_WRITE) {
if (!mac_lomac_dominate_single(subj, obj))
return (EACCES);
}
-
- return (0);
-}
-
-static int
-mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, mode_t acc_mode)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(vnodelabel);
-
- /* XXX privilege override for admin? */
- if (acc_mode & (VREAD | VEXEC | VSTAT)) {
+ if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
if (!mac_lomac_dominate_single(obj, subj))
return (EACCES);
}
- if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
- if (!mac_lomac_dominate_single(subj, obj))
- return (EACCES);
- }
return (0);
}
-static int
-mac_lomac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+static __inline const char *
+prot2str(vm_prot_t prot)
{
- struct mac_lomac *subj, *obj;
- if (!mac_lomac_enabled || !revocation_enabled)
- return (0);
-
- subj = SLOT(&active_cred->cr_label);
- obj = SLOT(label);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
+ switch (prot & VM_PROT_ALL) {
+ case VM_PROT_READ:
+ return ("r--");
+ case VM_PROT_READ | VM_PROT_WRITE:
+ return ("rw-");
+ case VM_PROT_READ | VM_PROT_EXECUTE:
+ return ("r-x");
+ case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
+ return ("rwx");
+ case VM_PROT_WRITE:
+ return ("-w-");
+ case VM_PROT_EXECUTE:
+ return ("--x");
+ case VM_PROT_WRITE | VM_PROT_EXECUTE:
+ return ("-wx");
+ default:
+ return ("---");
+ }
}
-static int
-mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+static void
+mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
+ struct label *label, vm_prot_t *prot)
{
struct mac_lomac *subj, *obj;
+ /*
+ * Rely on the use of open()-time protections to handle
+ * non-revocation cases.
+ */
if (!mac_lomac_enabled || !revocation_enabled)
- return (0);
+ return;
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
+ printf("lomac mmap dg (%u): *prot was %s\n",
+ curthread->td_proc->p_pid, prot2str(*prot));
+ if (!mac_lomac_dominate_single(subj, obj))
+ *prot &= ~VM_PROT_WRITE;
+ printf("lomac mmap dg (%u): *prot is %s\n",
+ curthread->td_proc->p_pid, prot2str(*prot));
}
static int
-mac_lomac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
+mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp,
+ struct label *vnodelabel, mode_t acc_mode)
{
struct mac_lomac *subj, *obj;
@@ -2084,28 +2011,31 @@
return (0);
subj = SLOT(&cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
+ /* XXX privilege override for admin? */
+ if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
+ if (!mac_lomac_dominate_single(subj, obj))
+ return (EACCES);
+ }
return (0);
}
static int
-mac_lomac_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
- struct label *label)
+mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
+ struct vnode *vp, struct label *label)
{
struct mac_lomac *subj, *obj;
- if (!mac_lomac_enabled)
+ if (!mac_lomac_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(&active_cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
+ return (maybe_demote(subj, obj));
return (0);
}
@@ -2341,24 +2271,6 @@
}
static int
-mac_lomac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *vnodelabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!mac_lomac_enabled)
- return (0);
-
- subj = SLOT(&active_cred->cr_label);
- obj = SLOT(vnodelabel);
-
- if (!mac_lomac_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_lomac_check_vnode_swapon(struct ucred *cred, struct vnode *vp,
struct label *label)
{
@@ -2394,6 +2306,46 @@
return (0);
}
+static void
+mac_lomac_thread_userret(struct thread *td)
+{
+ struct proc *p = td->td_proc;
+ struct mac_lomac_proc *subj = PSLOT(&p->p_label);
+ struct ucred *newcred, *oldcred;
+
+ mtx_lock(&subj->mtx);
+ if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
+ mtx_unlock(&subj->mtx);
+ newcred = crget();
+ /*
+ * Prevent a lock order reversal in
+ * mac_cred_mmapped_drop_perms; ideally, the other
+ * user of subj->mtx wouldn't be holding Giant.
+ */
+ mtx_lock(&Giant);
+ mtx_lock(&subj->mtx);
+ /*
+ * Check if we lost the race while allocating the cred.
+ */
+ if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0)
+ goto out;
+ PROC_LOCK(p);
+ oldcred = p->p_ucred;
+ crcopy(newcred, oldcred);
+ crhold(newcred);
+ mac_lomac_copy(&subj->mac_lomac, SLOT(&newcred->cr_label));
+ p->p_ucred = newcred;
+ crfree(oldcred);
+ PROC_UNLOCK(p);
+ mac_cred_mmapped_drop_perms(curthread, newcred);
+ out:
+ mtx_unlock(&subj->mtx);
+ mtx_unlock(&Giant);
+ } else {
+ mtx_unlock(&subj->mtx);
+ }
+}
+
static struct mac_policy_op_entry mac_lomac_ops[] =
{
{ MAC_DESTROY,
@@ -2418,6 +2370,8 @@
(macop_t)mac_lomac_init_label },
{ MAC_INIT_PIPE_LABEL,
(macop_t)mac_lomac_init_label },
+ { MAC_INIT_PROC,
+ (macop_t)mac_lomac_init_proc_label },
{ MAC_INIT_SOCKET_LABEL,
(macop_t)mac_lomac_init_label_waitcheck },
{ MAC_INIT_SOCKET_PEER_LABEL,
@@ -2442,6 +2396,8 @@
(macop_t)mac_lomac_destroy_label },
{ MAC_DESTROY_PIPE_LABEL,
(macop_t)mac_lomac_destroy_label },
+ { MAC_DESTROY_PROC,
+ (macop_t)mac_lomac_destroy_proc_label },
{ MAC_DESTROY_SOCKET_LABEL,
(macop_t)mac_lomac_destroy_label },
{ MAC_DESTROY_SOCKET_PEER_LABEL,
@@ -2482,8 +2438,6 @@
(macop_t)mac_lomac_create_devfs_symlink },
{ MAC_CREATE_DEVFS_VNODE,
(macop_t)mac_lomac_create_devfs_vnode },
- { MAC_CREATE_VNODE,
- (macop_t)mac_lomac_create_vnode },
{ MAC_CREATE_MOUNT,
(macop_t)mac_lomac_create_mount },
{ MAC_CREATE_ROOT_MOUNT,
@@ -2492,12 +2446,16 @@
(macop_t)mac_lomac_relabel_vnode },
{ MAC_UPDATE_DEVFSDIRENT,
(macop_t)mac_lomac_update_devfsdirent },
- { MAC_UPDATE_PROCFSVNODE,
- (macop_t)mac_lomac_update_procfsvnode },
- { MAC_UPDATE_VNODE_FROM_EXTATTR,
- (macop_t)mac_lomac_update_vnode_from_extattr },
- { MAC_UPDATE_VNODE_FROM_MOUNT,
- (macop_t)mac_lomac_update_vnode_from_mount },
+ { MAC_ASSOCIATE_VNODE_DEVFS,
+ (macop_t)mac_lomac_associate_vnode_devfs },
+ { MAC_ASSOCIATE_VNODE_EXTATTR,
+ (macop_t)mac_lomac_associate_vnode_extattr },
+ { MAC_ASSOCIATE_VNODE_SINGLELABEL,
+ (macop_t)mac_lomac_associate_vnode_singlelabel },
+ { MAC_CREATE_VNODE_EXTATTR,
+ (macop_t)mac_lomac_create_vnode_extattr },
+ { MAC_SETLABEL_VNODE_EXTATTR,
+ (macop_t)mac_lomac_setlabel_vnode_extattr },
{ MAC_CREATE_MBUF_FROM_SOCKET,
(macop_t)mac_lomac_create_mbuf_from_socket },
{ MAC_CREATE_PIPE,
@@ -2564,18 +2522,12 @@
(macop_t)mac_lomac_check_ifnet_relabel },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_lomac_check_ifnet_transmit },
- { MAC_CHECK_MOUNT_STAT,
- (macop_t)mac_lomac_check_mount_stat },
{ MAC_CHECK_PIPE_IOCTL,
(macop_t)mac_lomac_check_pipe_ioctl },
- { MAC_CHECK_PIPE_POLL,
- (macop_t)mac_lomac_check_pipe_poll },
{ MAC_CHECK_PIPE_READ,
(macop_t)mac_lomac_check_pipe_read },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_lomac_check_pipe_relabel },
- { MAC_CHECK_PIPE_STAT,
- (macop_t)mac_lomac_check_pipe_stat },
{ MAC_CHECK_PIPE_WRITE,
(macop_t)mac_lomac_check_pipe_write },
{ MAC_CHECK_PROC_DEBUG,
@@ -2594,40 +2546,24 @@
(macop_t)mac_lomac_check_sysctl },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_lomac_check_vnode_open },
- { MAC_CHECK_VNODE_CHDIR,
- (macop_t)mac_lomac_check_vnode_chdir },
- { MAC_CHECK_VNODE_CHROOT,
- (macop_t)mac_lomac_check_vnode_chroot },
{ MAC_CHECK_VNODE_CREATE,
(macop_t)mac_lomac_check_vnode_create },
{ MAC_CHECK_VNODE_DELETE,
(macop_t)mac_lomac_check_vnode_delete },
{ MAC_CHECK_VNODE_DELETEACL,
(macop_t)mac_lomac_check_vnode_deleteacl },
- { MAC_CHECK_VNODE_EXEC,
- (macop_t)mac_lomac_check_vnode_exec },
- { MAC_CHECK_VNODE_GETACL,
- (macop_t)mac_lomac_check_vnode_getacl },
- { MAC_CHECK_VNODE_GETEXTATTR,
- (macop_t)mac_lomac_check_vnode_getextattr },
{ MAC_CHECK_VNODE_LINK,
(macop_t)mac_lomac_check_vnode_link },
- { MAC_CHECK_VNODE_LOOKUP,
- (macop_t)mac_lomac_check_vnode_lookup },
{ MAC_CHECK_VNODE_MMAP,
(macop_t)mac_lomac_check_vnode_mmap },
+ { MAC_CHECK_VNODE_MMAP_DOWNGRADE,
+ (macop_t)mac_lomac_check_vnode_mmap_downgrade },
{ MAC_CHECK_VNODE_MPROTECT,
- (macop_t)mac_lomac_check_vnode_mmap },
+ (macop_t)mac_lomac_check_vnode_mprotect },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_lomac_check_vnode_open },
- { MAC_CHECK_VNODE_POLL,
- (macop_t)mac_lomac_check_vnode_poll },
{ MAC_CHECK_VNODE_READ,
(macop_t)mac_lomac_check_vnode_read },
- { MAC_CHECK_VNODE_READDIR,
- (macop_t)mac_lomac_check_vnode_readdir },
- { MAC_CHECK_VNODE_READLINK,
- (macop_t)mac_lomac_check_vnode_readlink },
{ MAC_CHECK_VNODE_RELABEL,
(macop_t)mac_lomac_check_vnode_relabel },
{ MAC_CHECK_VNODE_RENAME_FROM,
@@ -2648,12 +2584,12 @@
(macop_t)mac_lomac_check_vnode_setowner },
{ MAC_CHECK_VNODE_SETUTIMES,
(macop_t)mac_lomac_check_vnode_setutimes },
- { MAC_CHECK_VNODE_STAT,
- (macop_t)mac_lomac_check_vnode_stat },
{ MAC_CHECK_VNODE_SWAPON,
(macop_t)mac_lomac_check_vnode_swapon },
{ MAC_CHECK_VNODE_WRITE,
(macop_t)mac_lomac_check_vnode_write },
+ { MAC_THREAD_USERRET,
+ (macop_t)mac_lomac_thread_userret },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.h#8 (text+ko) ====
@@ -50,6 +50,10 @@
#define MAC_LOMAC_FLAG_SINGLE 0x00000001 /* mb_single initialized */
#define MAC_LOMAC_FLAG_RANGE 0x00000002 /* mb_range* initialized */
#define MAC_LOMAC_FLAGS_BOTH (MAC_LOMAC_FLAG_SINGLE | MAC_LOMAC_FLAG_RANGE)
+#define MAC_LOMAC_CFLAG_SINGLE 0x00000004 /* mb_single initialized */
+#define MAC_LOMAC_CFLAG_RANGE 0x00000008 /* mb_range* initialized */
+#define MAC_LOMAC_CFLAGS_BOTH (MAC_LOMAC_CFLAG_SINGLE | MAC_LOMAC_CFLAG_RANGE)
+#define MAC_LOMAC_FLAG_UPDATE 0x00000010 /* must demote this process */
#define MAC_LOMAC_TYPE_UNDEF 0 /* Undefined */
#define MAC_LOMAC_TYPE_GRADE 1 /* Hierarchal grade with mb_grade. */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list