PERFORCE change 70719 for review
Andrew Reisse
areisse at FreeBSD.org
Wed Feb 9 20:08:50 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=70719
Change 70719 by areisse at areisse_tislabs on 2005/02/09 20:07:57
Remove usused capabilities (CAP_MAC_*, CAP_INF_*, CAP_LINK_DIR)
and renumber some of the others so that there are less than 32 and
the masks all fit in a uint32_t.
Use a 32-bit access_vector_t. This makes the binary policy format
compatible with selinux (versions 15-18). Old FreeBSD policies are
not compatible with this change, and must be rebuilt with either an
updated sebsd_checkpolicy, or checkpolicy from selinux.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 (text+ko) ====
@@ -58,38 +58,16 @@
return ("CAP_FSETID");
case CAP_KILL:
return ("CAP_KILL");
- case CAP_LINK_DIR:
- return ("CAP_LINK_DIR");
case CAP_SETFCAP:
return ("CAP_SETFCAP");
case CAP_SETGID:
return ("CAP_SETGID");
case CAP_SETUID:
return ("CAP_SETUID");
- case CAP_MAC_DOWNGRADE:
- return ("CAP_MAC_DOWNGRADE");
- case CAP_MAC_READ:
- return ("CAP_MAC_READ");
- case CAP_MAC_RELABEL_SUBJ:
- return ("CAP_MAC_RELABEL_SUBJ");
- case CAP_MAC_UPGRADE:
- return ("CAP_MAC_UPGRADE");
- case CAP_MAC_WRITE:
- return ("CAP_MAC_WRITE");
- case CAP_INF_NOFLOAT_OBJ:
- return ("CAP_INF_NOFLOAT_OBJ");
- case CAP_INF_NOFLOAT_SUBJ:
- return ("CAP_INF_NOFLOAT_SUBJ");
- case CAP_INF_RELABEL_OBJ:
- return ("CAP_INF_RELABEL_OBJ");
- case CAP_INF_RELABEL_SUBJ:
- return ("CAP_INF_RELABEL_SUBJ");
case CAP_AUDIT_CONTROL:
return ("CAP_AUDIT_CONTROL");
case CAP_AUDIT_WRITE:
return ("CAP_AUDIT_WRITE");
- case CAP_SETPCAP:
- return ("CAP_SETPCAP");
case CAP_SYS_SETFFLAG:
return ("CAP_SYS_SETFFLAG");
case CAP_NET_BIND_SERVICE:
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 (text+ko) ====
@@ -56,7 +56,7 @@
* for permissions are defined in the automatically generated
* header file av_permissions.h.
*/
-typedef u64 access_vector_t;
+typedef u32 access_vector_t;
/*
* Each object class is identified by a fixed-size value.
==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 (text+ko) ====
@@ -336,23 +336,15 @@
printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
goto bad;
}
+
+
if (avdatum->specified & AVTAB_AV) {
-
- if (avdatum->specified & AVTAB_ALLOWED) {
- u32 b1 = le32_to_cpu (buf[items++]);
- u32 b2 = le32_to_cpu (buf[items++]);
- avtab_allowed(avdatum) = (((u64) b1) << 32) | b2;
- }
- if (avdatum->specified & AVTAB_AUDITDENY) {
- u32 b1 = le32_to_cpu (buf[items++]);
- u32 b2 = le32_to_cpu (buf[items++]);
- avtab_auditdeny(avdatum) = (((u64) b1) << 32) | b2;
- }
- if (avdatum->specified & AVTAB_AUDITALLOW) {
- u32 b1 = le32_to_cpu (buf[items++]);
- u32 b2 = le32_to_cpu (buf[items++]);
- avtab_auditallow(avdatum) = (((u64) b1) << 32) | b2;
- }
+ if (avdatum->specified & AVTAB_ALLOWED)
+ avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_AUDITDENY)
+ avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
+ if (avdatum->specified & AVTAB_AUDITALLOW)
+ avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
} else {
if (avdatum->specified & AVTAB_TRANSITION)
avtab_transition(avdatum) = le32_to_cpu(buf[items++]);
==== //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 (text+ko) ====
@@ -113,21 +113,11 @@
#define CAP_FOWNER (0x0000000000000010)
#define CAP_FSETID (0x0000000000000020)
#define CAP_KILL (0x0000000000000040)
-#define CAP_LINK_DIR (0x0000000000000080)
-#define CAP_SETFCAP (0x0000000000000100)
-#define CAP_SETGID (0x0000000000000200)
-#define CAP_SETUID (0x0000000000000400)
-#define CAP_MAC_DOWNGRADE (0x0000000000000800)
-#define CAP_MAC_READ (0x0000000000001000)
-#define CAP_MAC_RELABEL_SUBJ (0x0000000000002000)
-#define CAP_MAC_UPGRADE (0x0000000000004000)
-#define CAP_MAC_WRITE (0x0000000000008000)
-#define CAP_INF_NOFLOAT_OBJ (0x0000000000010000)
-#define CAP_INF_NOFLOAT_SUBJ (0x0000000000020000)
-#define CAP_INF_RELABEL_OBJ (0x0000000000040000)
-#define CAP_INF_RELABEL_SUBJ (0x0000000000080000)
-#define CAP_AUDIT_CONTROL (0x0000000000100000)
-#define CAP_AUDIT_WRITE (0x0000000000200000)
+#define CAP_SETFCAP (0x0000000000000080)
+#define CAP_SETGID (0x0000000000000100)
+#define CAP_SETUID (0x0000000000000200)
+#define CAP_AUDIT_CONTROL (0x0000000000000400)
+#define CAP_AUDIT_WRITE (0x0000000000000800)
/*
* The following is no longer functional.
@@ -137,49 +127,44 @@
* We do not support modifying the capabilities of other processes, as Linux
* (from which this one originated) does.
*/
-#define CAP_SETPCAP (0x0000000000400000)
-/* This is unallocated: */
-#define CAP_XXX_INVALID1 (0x0000000000800000)
-#define CAP_SYS_SETFFLAG (0x0000000001000000)
+/*#define CAP_SETPCAP (0x0000000000002000)*/
+#define CAP_SYS_SETFFLAG (0x0000000000001000)
/*
* The CAP_LINUX_IMMUTABLE flag approximately maps into the
* general file flag setting capability in BSD. Therefore, for
* compatibility, map the constants.
*/
#define CAP_LINUX_IMMUTABLE CAP_SYS_SETFFLAG
-#define CAP_NET_BIND_SERVICE (0x0000000002000000)
-#define CAP_NET_BROADCAST (0x0000000004000000)
-#define CAP_NET_ADMIN (0x0000000008000000)
-#define CAP_NET_RAW (0x0000000010000000)
-#define CAP_IPC_LOCK (0x0000000020000000)
-#define CAP_IPC_OWNER (0x0000000040000000)
+#define CAP_NET_BIND_SERVICE (0x0000000000002000)
+#define CAP_NET_BROADCAST (0x0000000000004000)
+#define CAP_NET_ADMIN (0x0000000000008000)
+#define CAP_NET_RAW (0x0000000000010000)
+#define CAP_IPC_LOCK (0x0000000000020000)
+#define CAP_IPC_OWNER (0x0000000000040000)
/*
* The following capabilities, borrowed from Linux, are unsafe in a
* secure environment.
*/
-#define CAP_SYS_MODULE (0x0000000080000000)
-#define CAP_SYS_RAWIO (0x0000000100000000)
-#define CAP_SYS_CHROOT (0x0000000200000000)
-#define CAP_SYS_PTRACE (0x0000000400000000)
-#define CAP_SYS_PACCT (0x0000000800000000)
-#define CAP_SYS_ADMIN (0x0000001000000000)
+#define CAP_SYS_MODULE (0x0000000000080000)
+#define CAP_SYS_RAWIO (0x0000000000100000)
+#define CAP_SYS_CHROOT (0x0000000000200000)
+#define CAP_SYS_PTRACE (0x0000000000400000)
+#define CAP_SYS_PACCT (0x0000000000800000)
+#define CAP_SYS_ADMIN (0x0000000001000000)
/*
* Back to the safe ones, again.
*/
-#define CAP_SYS_BOOT (0x0000002000000000)
-#define CAP_SYS_NICE (0x0000004000000000)
-#define CAP_SYS_RESOURCE (0x0000008000000000)
-#define CAP_SYS_TIME (0x0000010000000000)
-#define CAP_SYS_TTY_CONFIG (0x0000020000000000)
-#define CAP_MKNOD (0x0000040000000000)
+#define CAP_SYS_BOOT (0x0000000002000000)
+#define CAP_SYS_NICE (0x0000000004000000)
+#define CAP_SYS_RESOURCE (0x0000000008000000)
+#define CAP_SYS_TIME (0x0000000010000000)
+#define CAP_SYS_TTY_CONFIG (0x0000000020000000)
+#define CAP_MKNOD (0x0000000040000000)
#define CAP_MAX_ID CAP_MKNOD
#define CAP_ALL_ON (CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \
CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \
- CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \
- CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \
- CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \
- CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \
+ CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_AUDIT_CONTROL | \
CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \
CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \
CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list