PERFORCE change 52679 for review
Andrew Reisse
areisse at FreeBSD.org
Tue May 11 18:51:32 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=52679
Change 52679 by areisse at areisse_ibook on 2004/05/11 11:50:45
Support for loading security policy modules. The mac_test policy
is still present, but not compiled in or enabled by default.
Using security policy modules requires the recent bootx and libkld
changes.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/bootstrap.cpp#3 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/kext.cpp#2 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/load.c#2 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/malloc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/kmod.c#3 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/startup.c#3 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/conf/files#4 edit
.. //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/mac_base.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/bootstrap.cpp#3 (text+ko) ====
@@ -68,8 +68,6 @@
*/
KLDBootstrap::KLDBootstrap() {
- malloc_init();
-
kmod_load_function = &load_kernel_extension;
record_startup_extensions_function = &recordStartupExtensions;
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/kext.cpp#2 (text+ko) ====
@@ -744,3 +744,82 @@
}
return result;
}
+
+extern "C" kload_error __kload_load_modules(dgraph_t * dgraph);
+extern "C" kload_error kload_load_modules2 (dgraph_t *dgraph);
+
+extern "C"
+kern_return_t kmod_load_nodeps (const char *name, const char *ver, size_t size, void *data)
+{
+ kern_return_t result = KERN_SUCCESS;
+ kload_error load_result = kload_error_none;
+ dgraph_t dgraph;
+ dgraph_entry_t *entry;
+ kmod_info_t *kmod_info;
+
+ if (dgraph_init(&dgraph) != dgraph_valid)
+ return KERN_FAILURE;
+
+ entry = dgraph_add_dependent (&dgraph, name, data, size, 1, name, ver, 0, 0);
+ if (!entry) {
+ IOLog("can't record %s in dependency graph\n", name);
+ result = KERN_FAILURE;
+ goto out;
+ }
+
+ if (kload_map_entry(entry) != kload_error_none) {
+ IOLog ("can't map %s in preparation for loading\n", name);
+ result = KERN_FAILURE;
+ goto out;
+ }
+
+ dgraph.root = dgraph_find_root(&dgraph);
+
+ if (!dgraph.root) {
+ IOLog ("Dependency graph to load %s has no root.\n", name);
+ result = KERN_FAILURE;
+ goto out;
+ }
+
+ dgraph_establish_load_order(&dgraph);
+
+ load_result = kload_load_modules2 (&dgraph);
+ if (load_result != kload_error_none &&
+ load_result != kload_error_already_loaded) {
+ IOLog ("load_dgraph failed\n");
+ result = KERN_FAILURE;
+ goto out;
+ }
+
+ out:
+ dgraph_free(&dgraph, 0);
+ return result;
+}
+
+extern "C" int preload_find_data (const char *name, size_t *size, void **ptr);
+
+extern "C"
+void kmod_load_early ()
+{
+ void *emvv;
+ size_t emsize;
+
+ if (preload_find_data (" modules", &emsize, &emvv)) {
+ int *emv = (int *) emvv;
+ int n = emv[0];
+
+ emv++;
+
+ for (int i = 0; i < n; i++) {
+ char *name = (char *) (emv+2);
+ void *data = ((char *) (emv+2)) + emv[0];
+
+ IOLog ("Loading early module %s\n", name);
+ kmod_load_nodeps (name, "*", emv[1], data);
+
+ emv = (int*) (((char *) (emv+2)) + emv[0] + emv[1]);
+ if ((char*)emv - (char*)emvv >= emsize)
+ break;
+ }
+ }
+}
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/load.c#2 (text+ko) ====
@@ -686,7 +686,82 @@
/*******************************************************************************
*
*******************************************************************************/
-static
+
+kload_error kload_load_modules2 (dgraph_t *dgraph)
+{
+ kload_error result = kload_map_dgraph(dgraph);
+ if (result != kload_error_none) {
+ IOLog ("map failed\n");
+ return result;
+ }
+ result = __kload_patch_dgraph(dgraph);
+ if (result != kload_error_none) {
+ IOLog ("patch failed\n");
+ return result;
+ }
+
+ kld_address_func(&__kload_linkedit_address);
+ kld_set_link_options(KLD_STRIP_ALL);
+
+ dgraph_entry_t *entry = dgraph->load_order[0];
+ struct mach_header * kmh;
+
+ entry->object = kld_file_getaddr(entry->name, &entry->object_length);
+ if (!entry->object) {
+ IOLog("kld_file_getaddr() failed for module %s", entry->name);
+ result = kload_error_link_load;
+ goto out;
+ }
+
+ G_current_load_entry = entry;
+
+ result = kld_load_from_memory(&kmh, entry->name,
+ entry->object, entry->object_length);
+
+ kmod_info_t *kmi;
+ if (!kld_lookup("_kmod_info", &kmi))
+ {
+ printf ("can't find kmodinfo\n");
+ goto out;
+ }
+
+ char *dest_address = (char *)entry->kernel_alloc_address;
+ memcpy(dest_address, kmh, entry->kernel_hdr_size);
+ memcpy(dest_address + round_page(entry->kernel_hdr_size),
+ (void *)((unsigned long)kmh + entry->kernel_hdr_size),
+ entry->kernel_load_size - entry->kernel_hdr_size);
+
+ bzero(kmi->name, sizeof(kmi->name));
+ strcpy(kmi->name, entry->expected_kmod_name);
+
+ bzero(kmi->version, sizeof(kmi->version));
+ strcpy(kmi->version, entry->expected_kmod_vers);
+
+ if (entry->kernel_alloc_address) {
+ kmi->address = entry->kernel_alloc_address;
+ } else {
+ kmi->address = entry->loaded_address;
+ }
+ kmi->size = entry->kernel_alloc_size;
+ kmi->hdr_size = round_page(entry->kernel_hdr_size);
+
+ flush_dcache(entry->kernel_alloc_address, entry->kernel_alloc_size, false);
+ invalidate_icache(entry->kernel_alloc_address, entry->kernel_alloc_size, false);
+
+ if(kmod_create_internal(kmi, &(entry->kmod_id)))
+ IOLog("kmod_create failed\n");
+
+ out:
+ __kload_clear_kld_globals();
+
+ kld_unload_all(1);
+
+ if (result)
+ __kload_start_module (entry);
+
+ return result;
+}
+
kload_error __kload_load_modules(dgraph_t * dgraph
#ifndef KERNEL
,
@@ -2364,7 +2439,7 @@
/*******************************************************************************
*******************************************************************************/
-
+extern int kth_started;
/*******************************************************************************
*
*******************************************************************************/
@@ -2445,6 +2520,12 @@
&G_current_load_entry->kernel_alloc_address,
G_current_load_entry->kernel_alloc_size, TRUE);
#else
+ if (!kth_started)
+ {
+ G_current_load_entry->kernel_alloc_address = kalloc (G_current_load_entry->kernel_alloc_size);
+ mach_result = KERN_SUCCESS;
+ }
+ else
mach_result = vm_allocate(kernel_map,
&G_current_load_entry->kernel_alloc_address,
G_current_load_entry->kernel_alloc_size, TRUE);
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/libsa/malloc.c#3 (text+ko) ====
@@ -123,8 +123,8 @@
*
* Allocate the mutual exclusion lock that protect malloc's data.
*********************************************************************/
-__private_extern__ void
-malloc_init(void)
+void
+kld_malloc_init(void)
{
malloc_lock = mutex_alloc(ETAP_IO_AHA);
malInited = 1;
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/kmod.c#3 (text+ko) ====
@@ -228,6 +228,7 @@
extern vm_offset_t sectPRELINKB;
extern int sectSizePRELINK;
+extern int kth_started;
kern_return_t
kmod_create_internal(kmod_info_t *info, kmod_t *id)
@@ -243,7 +244,7 @@
}
isPrelink = ((info->address >= sectPRELINKB) && (info->address < (sectPRELINKB + sectSizePRELINK)));
- if (!isPrelink) {
+ if (!isPrelink && kth_started) {
rc = vm_map_wire(kernel_map, info->address + info->hdr_size,
info->address + info->size, VM_PROT_DEFAULT, FALSE);
if (rc != KERN_SUCCESS) {
@@ -283,6 +284,9 @@
*id = info->id;
+ if (!isPrelink && !kth_started)
+ ;
+
simple_unlock(&kmod_lock);
#if DEBUG
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/osfmk/kern/startup.c#3 (text+ko) ====
@@ -126,6 +126,9 @@
ipc_bootstrap();
vm_mem_init();
+ kmod_init();
+ kld_malloc_init();
+
mac_init_mach();
mac_late_init();
@@ -142,7 +145,6 @@
#endif
machine_init();
- kmod_init();
clock_init();
init_timers();
@@ -167,7 +169,7 @@
* Dynamic Phase: 2 of 2
*/
etap_init_phase2();
-
+
/*
* Create a kernel thread to start the other kernel
* threads.
@@ -185,6 +187,8 @@
panic("cpu_launch_first_thread returns!");
}
+int kth_started = 0;
+
/*
* Now running in a thread. Create the rest of the kernel threads
* and the bootstrap task.
@@ -257,12 +261,14 @@
shared_file_boot_time_init(ENV_DEFAULT_ROOT, machine_slot[cpu_number()].cpu_type);
+ kth_started = 1;
+
#ifdef IOKIT
{
PE_init_iokit();
}
#endif
-
+
(void) spllo(); /* Allow interruptions */
/*
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/conf/files#4 (text+ko) ====
@@ -12,7 +12,6 @@
security/mac_system.c standard
security/mac_socket.c standard
security/mac_network.c standard
-security/mac_test/mac_test.c standard
security/mac_mls/mac_mls.c standard
security/sebsd/sebsd.c standard
security/sebsd/sebsd_syscall.c standard
==== //depot/projects/trustedbsd/sedarwin73/apsl/xnu/security/mac_base.c#3 (text+ko) ====
@@ -306,12 +306,12 @@
void
mac_late_init(void)
{
- extern struct mac_policy_conf test_mac_policy_conf;
+ //extern struct mac_policy_conf test_mac_policy_conf;
extern struct mac_policy_conf sebsd_mac_policy_conf;
extern struct mac_policy_conf mac_mls_mac_policy_conf;
- printf("MAC: init mac_test\n");
- mac_policy_register(&test_mac_policy_conf);
+ //printf("MAC: init mac_test\n");
+ //mac_policy_register(&test_mac_policy_conf);
printf("MAC: init sebsd\n");
mac_policy_register(&sebsd_mac_policy_conf);
@@ -319,6 +319,8 @@
printf("MAC: init MAC/MLS\n");
mac_policy_register(&mac_mls_mac_policy_conf);
+ kmod_load_early();
+
mac_late = 1;
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list