PERFORCE change 65452 for review
Andrew Reisse
areisse at FreeBSD.org
Fri Nov 19 15:48:05 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=65452
Change 65452 by areisse at areisse_tislabs on 2004/11/19 15:47:32
Begin the update of sebsd to selinux version 2004081908.
This step was initial merging only, the kernel is in an
unworking state.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#6 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#6 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/Makefile#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#5 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/initial_sids#3 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#5 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkflask.sh#3 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#5 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#5 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.c#1 branch
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.h#1 branch
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.h#3 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls_types.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.h#5 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#6 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#7 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.c#9 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.h#4 integrate
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#6 (text+ko) ====
@@ -583,6 +583,9 @@
} else {
printf(" fs/inode info not available");
}
+ inode = a->u.fs.dentry->d_inode;
+ } else if (a->u.fs.inode) {
+ inode = a->u.fs.inode;
}
break;
case AVC_AUDIT_DATA_NET:
@@ -1018,3 +1021,14 @@
avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
return rc;
}
+
+static int __init avc_log_level_setup(char *str)
+{
+ avc_log_level = simple_strtol(str, NULL, 0);
+ if (avc_log_level > 7)
+ avc_log_level = 7;
+ return 1;
+}
+
+__setup("avc_log_level=", avc_log_level_setup);
+
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#6 (text+ko) ====
@@ -62,8 +62,20 @@
} fs;
struct {
char *netif;
- u16 port;
- u32 daddr;
+ struct sock *sk;
+ u16 family;
+ u16 dport;
+ u16 sport;
+ union {
+ struct {
+ u32 daddr;
+ u32 saddr;
+ } v4;
+ struct {
+ struct in6_addr daddr;
+ struct in6_addr saddr;
+ } v6;
+ } fam;
} net;
cap_value_t cap;
int ipc_id;
@@ -86,25 +98,6 @@
#define AVC_CAV_PROBES 6
#define AVC_CAV_MISSES 7
#define AVC_NSTATS 8
-extern unsigned avc_cache_stats[AVC_NSTATS];
-
-#ifdef AVC_CACHE_STATS
-static inline void avc_cache_stats_incr(int type)
-{
- avc_cache_stats[type]++;
-}
-
-static inline void avc_cache_stats_add(int type, unsigned val)
-{
- avc_cache_stats[type] += val;
-}
-#else
-static inline void avc_cache_stats_incr(int type)
-{ }
-
-static inline void avc_cache_stats_add(int type, unsigned val)
-{ }
-#endif
/*
* AVC display support
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/Makefile#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#5 (text+ko) ====
@@ -220,10 +220,11 @@
{
fork
transition
- sigchld
- sigkill
- sigstop
- signal
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
ptrace
getsched
setsched
@@ -233,6 +234,13 @@
getcap
setcap
share
+ getattr
+ setexec
+ setfscreate
+ noatsecure
+ siginh
+ setrlimit
+ rlimitinh
}
@@ -279,16 +287,14 @@
class security
{
compute_av
- notify_perm
- transition_sid
- member_sid
- sid_to_context
- context_to_sid
+ compute_create
+ compute_member
+ check_context
load_policy
- get_sids
- register_avc
- change_sid
- get_user_sids
+ compute_relabel
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
}
@@ -366,3 +372,15 @@
mknod
lease
}
+
+
+#
+# Define the access vector interpretation for controlling
+# changes to passwd information.
+#
+class passwd
+{
+ passwd
+ chfn
+ chsh
+}
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/initial_sids#3 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#5 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkflask.sh#3 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#4 (text+ko) ====
@@ -42,5 +42,11 @@
#Posix.1b-related classes
class posix_sem
+#
+# userspace object manager classes
+#
+
+# passwd/chfn/chsh
+class passwd
# FLASK
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#5 (text+ko) ====
@@ -4,6 +4,24 @@
* Author : Stephen Smalley, <sds at epoch.ncsc.mil>
*/
+/* Updated: Frank Mayer <mayerf at tresys.com> and Karl MacMillan <kmacmillan at tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/errno.h>
+
+#include "avtab.h"
+#include "policydb.h"
+
#ifdef _KERNEL
#include <sys/param.h>
#include <sys/conf.h>
@@ -22,6 +40,31 @@
(keyp->source_type << 9)) & \
AVTAB_HASH_MASK)
+static kmem_cache_t *avtab_node_cachep;
+
+static struct avtab_node*
+avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur,
+ struct avtab_key *key, struct avtab_datum *datum)
+{
+ struct avtab_node * newnode;
+ newnode = kmem_cache_alloc(avtab_node_cachep, SLAB_KERNEL);
+ if (newnode == NULL)
+ return NULL;
+ memset(newnode, 0, sizeof(struct avtab_node));
+ newnode->key = *key;
+ newnode->datum = *datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return newnode;
+}
+
int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
{
int hvalue;
@@ -50,24 +93,48 @@
break;
}
- newnode = kmalloc(sizeof(*newnode), GFP_KERNEL);
- if (newnode == NULL)
- return ENOMEM;
- memset(newnode, 0, sizeof(*newnode));
- newnode->key = *key;
- newnode->datum = *datum;
- if (prev) {
- newnode->next = prev->next;
- prev->next = newnode;
- } else {
- newnode->next = h->htable[hvalue];
- h->htable[hvalue] = newnode;
- }
+ newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
+ if(!newnode)
+ return -ENOMEM;
- h->nel++;
return 0;
}
+/* Unlike avtab_insert(), this function allow multiple insertions of the same
+ * key/specified mask into the table, as needed by the conditional avtab.
+ * It also returns a pointer to the node inserted.
+ */
+struct avtab_node *
+avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum)
+{
+ int hvalue;
+ struct avtab_node *prev, *cur, *newnode;
+
+ if (!h)
+ return NULL;
+ hvalue = AVTAB_HASH(key);
+ for (prev = NULL, cur = h->htable[hvalue];
+ cur;
+ prev = cur, cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (datum->specified & cur->datum.specified))
+ break;
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+ newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
+
+ return newnode;
+}
struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified)
{
@@ -99,12 +166,73 @@
return NULL;
}
+/* This search function returns a node pointer, and can be used in
+ * conjunction with avtab_search_next_node()
+ */
+struct avtab_node*
+avtab_search_node(struct avtab *h, struct avtab_key *key, int specified)
+{
+ int hvalue;
+ struct avtab_node *cur;
+
+ if (!h)
+ return NULL;
+
+ hvalue = AVTAB_HASH(key);
+ for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->datum.specified))
+ return cur;
+
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+ return NULL;
+}
+
+struct avtab_node*
+avtab_search_node_next(struct avtab_node *node, int specified)
+{
+ struct avtab_node *cur;
+
+ if (!node)
+ return NULL;
+
+ for (cur = node->next; cur; cur = cur->next) {
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type == cur->key.target_type &&
+ node->key.target_class == cur->key.target_class &&
+ (specified & cur->datum.specified))
+ return cur;
+
+ if (node->key.source_type < cur->key.source_type)
+ break;
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type < cur->key.target_type)
+ break;
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type == cur->key.target_type &&
+ node->key.target_class < cur->key.target_class)
+ break;
+ }
+ return NULL;
+}
+
void avtab_destroy(struct avtab *h)
{
int i;
struct avtab_node *cur, *temp;
- if (!h)
+ if (!h || !h->htable)
return;
for (i = 0; i < AVTAB_SIZE; i++) {
@@ -116,7 +244,8 @@
}
h->htable[i] = NULL;
}
- kfree(h->htable);
+ vfree(h->htable);
+ h->htable = NULL;
}
@@ -184,6 +313,65 @@
max_chain_len);
}
+int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey)
+{
+ __u32 *buf;
+ __u32 items, items2;
+
+ memset(avkey, 0, sizeof(struct avtab_key));
+ memset(avdatum, 0, sizeof(struct avtab_datum));
+
+ buf = next_entry(fp, sizeof(__u32));
+ if (!buf) {
+ printk(KERN_ERR "security: avtab: truncated entry\n");
+ goto bad;
+ }
+ items2 = le32_to_cpu(buf[0]);
+ buf = next_entry(fp, sizeof(__u32)*items2);
+ if (!buf) {
+ printk(KERN_ERR "security: avtab: truncated entry\n");
+ goto bad;
+ }
+ items = 0;
+ avkey->source_type = le32_to_cpu(buf[items++]);
+ avkey->target_type = le32_to_cpu(buf[items++]);
+ avkey->target_class = le32_to_cpu(buf[items++]);
+ avdatum->specified = le32_to_cpu(buf[items++]);
+ if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) {
+ printk(KERN_ERR "security: avtab: null entry\n");
+ goto bad;
+ }
+ if ((avdatum->specified & AVTAB_AV) &&
+ (avdatum->specified & AVTAB_TYPE)) {
+ printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
+ goto bad;
+ }
+ if (avdatum->specified & AVTAB_AV) {
+ if (avdatum->specified & AVTAB_ALLOWED)
+ avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_AUDITDENY)
+ avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_AUDITALLOW)
+ avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
+ } else {
+ if (avdatum->specified & AVTAB_TRANSITION)
+ avtab_transition(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_CHANGE)
+ avtab_change(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_MEMBER)
+ avtab_member(avdatum) = le32_to_cpu(buf[items++]);
+ }
+ if (items != items2) {
+ printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n",
+ items2, items);
+ goto bad;
+ }
+
+ return 0;
+bad:
+ return -1;
+}
+
int avtab_read(struct avtab *a, void *fp, u32 config)
{
int i, rc = EINVAL;
@@ -204,33 +392,7 @@
goto bad;
}
for (i = 0; i < nel; i++) {
- memset(&avkey, 0, sizeof(avkey));
- memset(&avdatum, 0, sizeof(avdatum));
-
- buf = next_entry(fp, sizeof(u32));
- if (!buf) {
- printk(KERN_ERR "security: avtab: truncated entry\n");
- goto bad;
- }
- items2 = le32_to_cpu(buf[0]);
- buf = next_entry(fp, sizeof(u32)*items2);
- if (!buf) {
- printk(KERN_ERR "security: avtab: truncated entry\n");
- goto bad;
- }
- items = 0;
- avkey.source_type = le32_to_cpu(buf[items++]);
- avkey.target_type = le32_to_cpu(buf[items++]);
- avkey.target_class = le32_to_cpu(buf[items++]);
- avdatum.specified = le32_to_cpu(buf[items++]);
- if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) {
- printk(KERN_ERR "security: avtab: null entry\n");
- goto bad;
- }
- if ((avdatum.specified & AVTAB_AV) &&
- (avdatum.specified & AVTAB_TYPE)) {
- printk(KERN_ERR "security: avtab: entry has both "
- "access vectors and types\n");
+ if (avtab_read_item(fp, &avdatum, &avkey))
goto bad;
}
if (avdatum.specified & AVTAB_AV) {
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#5 (text+ko) ====
@@ -7,6 +7,16 @@
*
* Author : Stephen Smalley, <sds at epoch.ncsc.mil>
*/
+
+/* Updated: Frank Mayer <mayerf at tresys.com> and Karl MacMillan <kmacmillan at tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
#ifndef _SS_AVTAB_H_
#define _SS_AVTAB_H_
@@ -59,8 +69,19 @@
void *args),
void *args);
void avtab_hash_eval(struct avtab *h, char *tag);
+
+int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey);
int avtab_read(struct avtab *a, void *fp, u32 config);
+struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
+ struct avtab_datum *datum);
+
+struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified);
+
+struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
+
+void avtab_cache_init(void);
+
#define AVTAB_HASH_BITS 15
#define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)
#define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1)
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#4 (text+ko) ====
@@ -21,7 +21,7 @@
n1 = e1->node;
n2 = e2->node;
- prev = 0;
+ prev = NULL;
while (n1 || n2) {
new = kmalloc(sizeof(*new), GFP_ATOMIC);
if (!new) {
@@ -44,7 +44,7 @@
n2 = n2->next;
}
- new->next = 0;
+ new->next = NULL;
if (prev)
prev->next = new;
else
@@ -84,7 +84,7 @@
ebitmap_init(dst);
n = src->node;
- prev = 0;
+ prev = NULL;
while (n) {
new = kmalloc(sizeof(*new), GFP_ATOMIC);
if (!new) {
@@ -94,7 +94,7 @@
memset(new, 0, sizeof(*new));
new->startbit = n->startbit;
new->map = n->map;
- new->next = 0;
+ new->next = NULL;
if (prev)
prev->next = new;
else
@@ -159,7 +159,7 @@
{
struct ebitmap_node *n, *prev, *new;
- prev = 0;
+ prev = NULL;
n = e->node;
while (n && n->startbit <= bit) {
if ((n->startbit + MAPSIZE) > bit) {
@@ -235,7 +235,7 @@
}
e->highbit = 0;
- e->node = 0;
+ e->node = NULL;
return;
}
@@ -257,8 +257,8 @@
count = le32_to_cpu(buf[2]);
if (mapsize != MAPSIZE) {
- printk(KERN_ERR "security: ebitmap: map size %d does not "
- "match my size %d (high bit was %d)\n", mapsize,
+ printk(KERN_ERR "security: ebitmap: map size %u does not "
+ "match my size %Zd (high bit was %d)\n", mapsize,
MAPSIZE, e->highbit);
goto out;
}
@@ -268,7 +268,7 @@
}
if (e->highbit & (MAPSIZE - 1)) {
printk(KERN_ERR "security: ebitmap: high bit (%d) is not a "
- "multiple of the map size (%d)\n", e->highbit, MAPSIZE);
+ "multiple of the map size (%Zd)\n", e->highbit, MAPSIZE);
goto bad;
}
l = NULL;
@@ -290,13 +290,13 @@
if (n->startbit & (MAPSIZE - 1)) {
printk(KERN_ERR "security: ebitmap start bit (%d) is "
- "not a multiple of the map size (%d)\n",
+ "not a multiple of the map size (%Zd)\n",
n->startbit, MAPSIZE);
goto bad_free;
}
if (n->startbit > (e->highbit - MAPSIZE)) {
printk(KERN_ERR "security: ebitmap start bit (%d) is "
- "beyond the end of the bitmap (%d)\n",
+ "beyond the end of the bitmap (%Zd)\n",
n->startbit, (e->highbit - MAPSIZE));
goto bad_free;
}
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#4 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#4 (text+ko) ====
@@ -1,10 +1,7 @@
-
-/* Author : Stephen Smalley (NAI Labs), <ssmalley at nai.com> */
-
-/* FLASK */
-
-/*
+/*
* Implementation of the multi-level security (MLS) policy.
+ *
+ * Author : Stephen Smalley, <sds at epoch.ncsc.mil>
*/
#include <security/sebsd/ss/mls.h>
@@ -13,10 +10,10 @@
* Remove any permissions from `allowed' that are
* denied by the MLS policy.
*/
-void mls_compute_av(context_struct_t * scontext,
- context_struct_t * tcontext,
- class_datum_t * tclass,
- access_vector_t * allowed)
+void mls_compute_av(struct context *scontext,
+ struct context *tcontext,
+ struct class_datum *tclass,
+ u32 *allowed)
{
unsigned int rel[2];
int l;
@@ -63,12 +60,11 @@
}
}
-
/*
* Return the length in bytes for the MLS fields of the
* security context string representation of `context'.
*/
-int mls_compute_context_len(context_struct_t * context)
+int mls_compute_context_len(struct context * context)
{
int i, l, len;
@@ -81,26 +77,25 @@
if (ebitmap_get_bit(&context->range.level[l].cat, i - 1))
len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1;
- if (mls_level_relation(context->range.level[0], context->range.level[1]) == MLS_RELATION_EQ)
+ if (mls_level_relation(context->range.level[0], context->range.level[1])
+ == MLS_RELATION_EQ)
break;
}
return len;
}
-
/*
- * Write the security context string representation of
+ * Write the security context string representation of
* the MLS fields of `context' into the string `*scontext'.
* Update `*scontext' to point to the end of the MLS fields.
*/
-int mls_sid_to_context(context_struct_t * context,
+int mls_sid_to_context(struct context *context,
char **scontext)
{
char *scontextp;
int i, l;
-
scontextp = *scontext;
for (l = 0; l < 2; l++) {
@@ -116,7 +111,8 @@
*scontextp = ',';
scontextp++;
}
- if (mls_level_relation(context->range.level[0], context->range.level[1]) != MLS_RELATION_EQ) {
+ if (mls_level_relation(context->range.level[0], context->range.level[1])
+ != MLS_RELATION_EQ) {
scontextp--;
sprintf(scontextp, "-");
scontextp++;
@@ -130,60 +126,59 @@
return 0;
}
-
/*
- * Return TRUE if the MLS fields in the security context
- * structure `c' are valid. Return FALSE otherwise.
+ * Return 1 if the MLS fields in the security context
+ * structure `c' are valid. Return 0 otherwise.
*/
-int mls_context_isvalid(policydb_t *p, context_struct_t * c)
+int mls_context_isvalid(struct policydb *p, struct context *c)
{
unsigned int relation;
- level_datum_t *levdatum;
- user_datum_t *usrdatum;
- mls_range_list_t *rnode;
+ struct level_datum *levdatum;
+ struct user_datum *usrdatum;
+ struct mls_range_list *rnode;
int i, l;
- /*
- * MLS range validity checks: high must dominate low, low level must
- * be valid (category set <-> sensitivity check), and high level must
+ /*
+ * MLS range validity checks: high must dominate low, low level must
+ * be valid (category set <-> sensitivity check), and high level must
* be valid (category set <-> sensitivity check)
*/
relation = mls_level_relation(c->range.level[1],
c->range.level[0]);
if (!(relation & (MLS_RELATION_DOM | MLS_RELATION_EQ)))
/* High does not dominate low. */
- return FALSE;
+ return 0;
for (l = 0; l < 2; l++) {
if (!c->range.level[l].sens || c->range.level[l].sens > p->p_levels.nprim)
- return FALSE;
- levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
- p->p_sens_val_to_name[c->range.level[l].sens - 1]);
+ return 0;
+ levdatum = hashtab_search(p->p_levels.table,
+ p->p_sens_val_to_name[c->range.level[l].sens - 1]);
if (!levdatum)
- return FALSE;
+ return 0;
for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
if (i > p->p_cats.nprim)
- return FALSE;
+ return 0;
if (!ebitmap_get_bit(&levdatum->level->cat, i - 1))
/*
* Category may not be associated with
* sensitivity in low level.
*/
- return FALSE;
+ return 0;
}
}
}
- if (c->role == OBJECT_R_VAL)
- return TRUE;
+ if (c->role == OBJECT_R_VAL)
+ return 1;
/*
* User must be authorized for the MLS range.
*/
if (!c->user || c->user > p->p_users.nprim)
- return FALSE;
+ return 0;
usrdatum = p->user_val_to_struct[c->user - 1];
for (rnode = usrdatum->ranges; rnode; rnode = rnode->next) {
if (mls_range_contains(rnode->range, c->range))
@@ -191,9 +186,9 @@
}
if (!rnode)
/* user may not be associated with range */
- return FALSE;
+ return 0;
- return TRUE;
+ return 1;
}
@@ -202,33 +197,33 @@
* `context' based on the string representation in
* the string `*scontext'. Update `*scontext' to
* point to the end of the string representation of
- * the MLS fields.
+ * the MLS fields.
*
* This function modifies the string in place, inserting
- * NULL characters to terminate the MLS fields.
+ * NULL characters to terminate the MLS fields.
*/
int mls_context_to_sid(char oldc,
char **scontext,
- context_struct_t * context)
+ struct context *context)
{
char delim;
char *scontextp, *p;
- level_datum_t *levdatum;
- cat_datum_t *catdatum;
- int l;
+ struct level_datum *levdatum;
+ struct cat_datum *catdatum;
+ int l, rc = -EINVAL;
if (!oldc) {
/* No MLS component to the security context. Try
to use a default 'unclassified' value. */
- levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
- (hashtab_key_t) "unclassified");
-
+ levdatum = hashtab_search(policydb.p_levels.table,
+ "unclassified");
if (!levdatum)
- return -EINVAL;
+ goto out;
context->range.level[0].sens = levdatum->level->sens;
context->range.level[1].sens = context->range.level[0].sens;
- return 0;
+ rc = 0;
+ goto out;
}
/* Extract low sensitivity. */
@@ -241,11 +236,9 @@
*p++ = 0;
for (l = 0; l < 2; l++) {
- levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table,
- (hashtab_key_t) scontextp);
-
+ levdatum = hashtab_search(policydb.p_levels.table, scontextp);
if (!levdatum)
- return -EINVAL;
+ goto out;
context->range.level[l].sens = levdatum->level->sens;
@@ -259,15 +252,15 @@
if (delim != 0)
*p++ = 0;
- catdatum = (cat_datum_t *) hashtab_search(policydb.p_cats.table,
- (hashtab_key_t) scontextp);
-
+ catdatum = hashtab_search(policydb.p_cats.table,
+ scontextp);
if (!catdatum)
- return -EINVAL;
+ goto out;
- if (!ebitmap_set_bit(&context->range.level[l].cat,
- catdatum->value - 1, TRUE))
- return -ENOMEM;
+ rc = ebitmap_set_bit(&context->range.level[l].cat,
+ catdatum->value - 1, 1);
+ if (rc)
+ goto out;
if (delim != ',')
break;
}
@@ -287,50 +280,55 @@
if (l == 0) {
context->range.level[1].sens = context->range.level[0].sens;
- ebitmap_cpy(&context->range.level[1].cat, &context->range.level[0].cat);
+ rc = ebitmap_cpy(&context->range.level[1].cat,
+ &context->range.level[0].cat);
+ if (rc)
+ goto out;
}
- *scontext = p;
- return 0;
+ *scontext = ++p;
+ rc = 0;
+out:
+ return rc;
}
-
-/*
+/*
* Copies the MLS range from `src' into `dst'.
*/
-static __inline int mls_copy_context(context_struct_t * dst,
- context_struct_t * src)
+static inline int mls_copy_context(struct context *dst,
+ struct context *src)
{
- int l;
+ int l, rc = 0;
/* Copy the MLS range from the source context */
for (l = 0; l < 2; l++) {
+
dst->range.level[l].sens = src->range.level[l].sens;
- if (!ebitmap_cpy(&dst->range.level[l].cat, &src->range.level[l].cat))
- return -ENOMEM;
+ rc = ebitmap_cpy(&dst->range.level[l].cat,
+ &src->range.level[l].cat);
+ if (rc)
+ break;
}
- return 0;
+ return rc;
}
-
-/*
+/*
* Convert the MLS fields in the security context
* structure `c' from the values specified in the
* policy `oldp' to the values specified in the policy `newp'.
*/
-int mls_convert_context(policydb_t * oldp,
- policydb_t * newp,
- context_struct_t * c)
+int mls_convert_context(struct policydb *oldp,
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list