PERFORCE change 18277 for review
Robert Watson
rwatson at freebsd.org
Sat Sep 28 17:17:17 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18277
Change 18277 by rwatson at rwatson_tislabs on 2002/09/28 10:16:55
Teach Biba policy to pass strings rather than binary blobs
between the user and kernel code. This pushes some parsing into
the kernel, but only a limited amount. Remove the Biba userland
module since it is no longer required, and modify the default
mac.conf to point at libmac_generic since it is a string. Some
review of the string code here, especially snprintf and the
parsing, would be much appreciated. My local tests seem to
demonstrate a faira mount of correctness, though.
Affected files ...
.. //depot/projects/trustedbsd/mac/etc/mac.conf#2 edit
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/Makefile#2 edit
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/mac_biba/Makefile#2 delete
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/mac_biba/mac_biba.c#2 delete
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#113 edit
Differences ...
==== //depot/projects/trustedbsd/mac/etc/mac.conf#2 (text+ko) ====
@@ -17,8 +17,7 @@
# Bind policy names to loadable shared modules
#
-module mac_biba libmac_biba.so.1 # Biba integrity
-module mac_mls libmac_mls.so.1 # MLS confidentiality
-module mac_generic libmac_generic.so.1 te # Type enforcement
-module mac_partition libmac_partition.so.1 # Partition policy
+module mac_mls libmac_mls.so.1 # MLS confidentiality
+module mac_generic libmac_generic.so.1 biba te # Type enforcement
+module mac_partition libmac_partition.so.1 # Partition policy
==== //depot/projects/trustedbsd/mac/lib/libmac/modules/Makefile#2 (text+ko) ====
@@ -1,3 +1,3 @@
-SUBDIR = mac_biba mac_generic mac_mls mac_partition
+SUBDIR = mac_generic mac_mls mac_partition
.include <bsd.subdir.mk>
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#113 (text+ko) ====
@@ -53,6 +53,7 @@
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/sysent.h>
+#include <sys/systm.h>
#include <sys/vnode.h>
#include <sys/file.h>
#include <sys/socket.h>
@@ -477,27 +478,104 @@
SLOT(label) = NULL; /* Slightly cautious */
}
+/*
+ * mac_biba_element_to_string() is basically an snprintf wrapper with
+ * the same properties as snprintf(). It returns the length it would
+ * have added to the string in the event the string is too short.
+ */
+static int
+mac_biba_element_to_string(size_t size, char *string,
+ struct mac_biba_element *element)
+{
+
+ switch (element->mbe_type) {
+ case MAC_BIBA_TYPE_HIGH:
+ return (snprintf(string, size, "high"));
+
+ case MAC_BIBA_TYPE_LOW:
+ return (snprintf(string, size, "low"));
+
+ case MAC_BIBA_TYPE_EQUAL:
+ return (snprintf(string, size, "equal"));
+
+ case MAC_BIBA_TYPE_GRADE:
+ return (snprintf(string, size, "%d", element->mbe_grade));
+
+ default:
+ panic("mac_biba_element_to_string: invalid type (%d)",
+ element->mbe_type);
+ }
+}
+
static int
mac_biba_externalize_label(struct label *label, struct mac *mac,
struct mac_element *element, int *claimed)
{
struct mac_biba *mac_biba;
+ char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr;
+ size_t len, left;
int error;
if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) == 0) {
(*claimed)++;
- if (element->me_databuflen < sizeof(struct mac_biba))
+ mac_biba = SLOT(label);
+
+ bzero(string, sizeof(string));
+ curptr = string;
+ left = MAC_MAX_LABEL_ELEMENT_DATALEN;
+
+ if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
+ len = mac_biba_element_to_string(left, curptr,
+ &mac_biba->mb_single);
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+ }
+
+ if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
+ len = snprintf(curptr, left, "(");
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+
+ len = mac_biba_element_to_string(left, curptr,
+ &mac_biba->mb_rangelow);
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+
+ len = snprintf(curptr, left, "-");
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+
+ len = mac_biba_element_to_string(left, curptr,
+ &mac_biba->mb_rangehigh);
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+
+ len = snprintf(curptr, left, ")");
+ if (len >= left)
+ return (EINVAL);
+ left -= len;
+ curptr += len;
+ }
+
+ if (strlen(string)+1 > element->me_databuflen)
return (EINVAL);
- mac_biba = SLOT(label);
-
- error = copyout(mac_biba, element->me_data,
- sizeof(*mac_biba));
+ error = copyout(string, element->me_data, strlen(string)+1);
if (error)
return (error);
- element->me_datalen = sizeof(*mac_biba);
+ element->me_datalen = sizeof(strlen(string)+1);
}
return (0);
@@ -521,22 +599,106 @@
}
static int
+mac_biba_parse_element(struct mac_biba_element *element, char *string)
+{
+
+ if (strcmp(string, "high") == 0 ||
+ strcmp(string, "hi") == 0) {
+ element->mbe_type = MAC_BIBA_TYPE_HIGH;
+ element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
+ } else if (strcmp(string, "low") == 0 ||
+ strcmp(string, "lo") == 0) {
+ element->mbe_type = MAC_BIBA_TYPE_LOW;
+ element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
+ } else if (strcmp(string, "equal") == 0 ||
+ strcmp(string, "eq") == 0) {
+ element->mbe_type = MAC_BIBA_TYPE_EQUAL;
+ element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
+ } else {
+ int d;
+
+ d = strtol(string, NULL, 10);
+ if (d < 0 || d > 65535)
+ return (EINVAL);
+ element->mbe_type = MAC_BIBA_TYPE_GRADE;
+ element->mbe_grade = d;
+ }
+
+ return (0);
+}
+
+static int
mac_biba_internalize_label(struct label *label, struct mac *mac,
struct mac_element *element, int *claimed)
{
struct mac_biba *mac_biba, mac_biba_temp;
+ char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */
+ char *range, *rangeend, *rangehigh, *rangelow, *single;
int error;
if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) == 0) {
(*claimed)++;
- if (element->me_datalen != sizeof(*mac_biba))
+ error = copyin(element->me_data, &string, element->me_datalen);
+ if (error)
+ return (error);
+
+ if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
return (EINVAL);
- error = copyin(element->me_data, &mac_biba_temp,
- sizeof(mac_biba_temp));
- if (error)
- return (error);
+ /* Do we have a range? */
+ single = string;
+ range = index(string, '(');
+ if (range == single)
+ single = NULL;
+ rangelow = rangehigh = NULL;
+ if (range != NULL) {
+ /* Nul terminate the end of the single string. */
+ *range = '\0';
+ range++;
+ rangelow = range;
+ rangehigh = index(rangelow, '-');
+ if (rangehigh == NULL)
+ return (EINVAL);
+ rangehigh++;
+ if (*rangelow == '\0' || *rangehigh == '\0')
+ return (EINVAL);
+ rangeend = index(rangehigh, ')');
+ if (rangeend == NULL)
+ return (EINVAL);
+ if (*(rangeend + 1) != '\0')
+ return (EINVAL);
+ /* Nul terminate the ends of the ranges. */
+ *(rangehigh - 1) = '\0';
+ *rangeend = '\0';
+ }
+ KASSERT((rangelow != NULL && rangehigh != NULL) ||
+ (rangelow == NULL && rangehigh == NULL),
+ ("mac_biba_internalize_label: range mismatch"));
+
+ printf("Biba: single: %s, range low: %s, range high: %s\n",
+ single, rangelow, rangehigh);
+
+ bzero(&mac_biba_temp, sizeof(mac_biba_temp));
+ if (single != NULL) {
+ error = mac_biba_parse_element(
+ &mac_biba_temp.mb_single, single);
+ if (error)
+ return (error);
+ mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_SINGLE;
+ }
+
+ if (rangelow != NULL) {
+ error = mac_biba_parse_element(
+ &mac_biba_temp.mb_rangelow, rangelow);
+ if (error)
+ return (error);
+ error == mac_biba_parse_element(
+ &mac_biba_temp.mb_rangehigh, rangehigh);
+ if (error)
+ return (error);
+ mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_RANGE;
+ }
error = mac_biba_valid(&mac_biba_temp);
if (error)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list