PERFORCE change 104124 for review
Todd Miller
millert at FreeBSD.org
Tue Aug 15 21:25:18 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=104124
Change 104124 by millert at millert_g4tower on 2006/08/15 21:20:37
Cruft removal:
Remove unused reserved fields in struct label.
Remove bogus definitions for atomic operations.
Remove code for debugging inconsist vnode labels.
Remove unneeded include of mac.h in policy modules.
Remove MAC_DEBUG.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/_label.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/conf/MASTER#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_label.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#2 (text+ko) ====
@@ -94,7 +94,6 @@
options HW_FOOTPRINT # Cache footprint support # <hw_foot>
options MAC # Mandatory ACcess Control
options MAC_SOCKET # MAC socket labels
-#options MAC_DEBUG
options LCTX # Login Context
options MACH # Standard Mach features # <mach>
options MACH_ASSERT # Compile in assertions # <test>
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#2 (text+ko) ====
@@ -66,13 +66,6 @@
#define MSG_DEBUG
#undef MSG_DEBUG_OK
-/* Uncomment this line to see MAC debugging output. */
-/* #define MAC_DEBUG */
-#ifdef MAC_DEBUG
-#define MPRINTF(a) printf(a)
-#else
-#define MPRINTF(a)
-#endif
static void msg_freehdr(struct msg *msghdr);
typedef int sy_call_t(struct proc *, void *, int *);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#2 (text+ko) ====
@@ -34,7 +34,7 @@
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
*/
#include <sys/param.h>
@@ -62,14 +62,6 @@
/* Uncomment this line to see the debugging output */
/* #define SEM_DEBUG */
-/* Uncomment this line to see MAC debugging output. */
-/* #define MAC_DEBUG */
-#ifdef MAC_DEBUG
-#define MPRINTF(a) printf(a)
-#else
-#define MPRINTF(a)
-#endif
-
#define M_SYSVSEM M_TEMP
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#2 (text+ko) ====
@@ -55,7 +55,7 @@
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
*/
@@ -91,14 +91,6 @@
#include <kern/locks.h>
-/* Uncomment this line to see MAC debugging output. */
-/* #define MAC_DEBUG */
-#ifdef MAC_DEBUG
-#define MPRINTF(a) printf a
-#else
-#define MPRINTF(a)
-#endif
-
static void shminit(void *);
#if 0
SYSINIT(sysv_shm, SI_SUB_SYSV_SHM, SI_ORDER_FIRST, shminit, NULL)
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/_label.h#2 (text+ko) ====
@@ -45,8 +45,6 @@
#define MAC_MAX_SLOTS 8
#define MAC_FLAG_INITIALIZED 0x0000001 /* Is initialized for use. */
-#define MAC_FLAG_CLEAN 0x0000002 /* Is cleaned for re-use. */
-#define MAC_FLAG_ASSOC 0x0000004 /* */
struct label {
int l_flags;
@@ -54,9 +52,6 @@
void *l_ptr;
long l_long;
} l_perpolicy[MAC_MAX_SLOTS];
- void *reserved1;
- void *reserved2;
- void *reserved3;
};
#endif /* !_SECURITY_LABEL_H_ */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/conf/MASTER#2 (text+ko) ====
@@ -55,5 +55,4 @@
options AUDIT # Security event auditing
options MAC # Mandatory Access Controls
options MAC_ALWAYS_LABEL_MBUF
-#options MAC_DEBUG
options LCTX # Login Context
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#2 (text+ko) ====
@@ -152,51 +152,6 @@
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
-#ifdef MAC_DEBUG
-SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0,
- "TrustedBSD MAC debug info");
-
-static int mac_debug_label_fallback = 0;
-SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
- &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
- "when label is corrupted.");
-TUNABLE_INT("security.mac.debug_label_fallback",
- &mac_debug_label_fallback);
-
-SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0,
- "TrustedBSD MAC object counters");
-
-u_int nmaccreds=0, nmacmounts=0, nmactemp=0, nmacvnodes=0,
- nmacdevfsdirents=0, nmacprocs=0, nmac_psem=0, nmac_pshm=0,
- nmacsockets=0,
- nmacsysvsemas=0, nmacsysvshms=0, nmacmbufs=0;
-
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD,
- &nmaccreds, 0, "number of ucreds in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, procs, CTLFLAG_RD,
- &nmacprocs, 0, "number of procs in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD,
- &nmacmounts, 0, "number of mounts in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD,
- &nmactemp, 0, "number of temporary labels in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD,
- &nmacvnodes, 0, "number of vnodes in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sockets, CTLFLAG_RD,
- &nmacsockets, 0, "number of sockets in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD,
- &nmacdevfsdirents, 0, "number of devfs dirents inuse");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_sem, CTLFLAG_RD,
- &nmac_psem, 0, "number of posix semaphore identifiers in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_shm, CTLFLAG_RD,
- &nmac_pshm, 0, "number of posix shared memory identifiers in use");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sysv_sems, CTLFLAG_RD,
- &nmacsysvsemas, 0, "number of sysv ipc semaphore identifiers inuse");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sysv_shms, CTLFLAG_RD,
- &nmacsysvsemas, 0, "number of sysv shared memory identifiers inuse");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
- &nmacmbufs, 0, "number of mbuf identifiers inuse");
-#endif
-
/*
* mac_static_base_mpc holds a pointer to the single instance of the base
* policy MAC configuration structure. This pointer must be set at boot,
@@ -488,22 +443,6 @@
sysctl_register_oid(&sysctl__security_mac_enforce_vm);
sysctl_register_oid(&sysctl__security_mac_mmap_revocation);
sysctl_register_oid(&sysctl__security_mac_mmap_revocation_via_cow);
-#ifdef MAC_DEBUG
- sysctl_register_oid(&sysctl__security_mac_debug);
- sysctl_register_oid(&sysctl__security_mac_debug_label_fallback);
- sysctl_register_oid(&sysctl__security_mac_debug_counters);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_creds);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_procs);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_mounts);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_temp);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_vnodes);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_devfsdirents);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_posix_sem);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_posix_shm);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_sysv_sems);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_sysv_shms);
- sysctl_register_oid(&sysctl__security_mac_debug_counters_mbufs);
-#endif
printf("MAC Framework successfully initialized\n");
/* Call bsd init functions of already loaded policies */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#2 (text+ko) ====
@@ -66,20 +66,6 @@
SYSCTL_DECL(_security);
SYSCTL_DECL(_security_mac);
-#ifdef MAC_DEBUG
-SYSCTL_DECL(_security_mac_debug);
-SYSCTL_DECL(_security_mac_debug_counters);
-
-#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1);
-#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1);
-
-#else
-
-#define MAC_DEBUG_COUNTER_INC(x)
-#define MAC_DEBUG_COUNTER_DEC(x)
-
-#endif /* MAC_DEBUG */
-
extern int mac_late;
LIST_HEAD(mac_policy_list_t, mac_policy_conf);
@@ -164,8 +150,6 @@
void mac_labelzone_init(void);
struct label *mac_labelzone_alloc(int flags);
void mac_labelzone_free(struct label *label);
-void mac_labelzone_clean(struct label *label);
-void mac_labelzone_associate(struct label *label);
void mac_init_label(struct label *label);
void mac_destroy_label(struct label *label);
@@ -540,9 +524,6 @@
#define ASSERT_VOP_LOCKED(vp,msg)
-#define atomic_add_int(P, V) (*(u_int*)(P) += (V))
-#define atomic_subtract_int(P, V) (*(u_int*)(P) -= (V))
-
struct __mac_get_pid_args;
struct __mac_get_proc_args;
struct __mac_set_proc_args;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_label.c#2 (text+ko) ====
@@ -58,10 +58,11 @@
l = (struct label *) zalloc_noblock(zone_label);
if (l == NULL)
return (NULL);
- } else
+ } else {
l = (struct label *) zalloc(zone_label);
+ }
bzero(l, sizeof(struct label));
- l->l_flags = MAC_FLAG_INITIALIZED | MAC_FLAG_CLEAN;
+ l->l_flags = MAC_FLAG_INITIALIZED;
return (l);
}
@@ -77,42 +78,3 @@
bzero(l, sizeof(struct label));
zfree(zone_label, l);
}
-
-void
-mac_labelzone_clean(struct label *l)
-{
-
- if (l == NULL)
- panic("Clean of NULL MAC label\n");
-
- if ((l->l_flags & MAC_FLAG_INITIALIZED) == 0)
- panic("Clean of uninitialized label\n");
-
-#if 0
- /* This case is probably OK */
- if (l->l_flags & MAC_FLAG_CLEAN) {
- printf("Clean of already clean label, flags=%d\n", l->l_flags);
- return;
- }
-#endif
-
- l->l_flags |= MAC_FLAG_CLEAN;
- l->l_flags &= ~MAC_FLAG_ASSOC;
-}
-
-void
-mac_labelzone_associate(struct label *l)
-{
-
- if (l == NULL)
- panic("Associate of NULL MAC label\n");
-
- if ((l->l_flags & MAC_FLAG_INITIALIZED) == 0)
- panic("Associate of uninitialized label\n");
-
- if (l->l_flags & MAC_FLAG_ASSOC)
- printf("Associate of already associated label\n");
-
- l->l_flags &= ~MAC_FLAG_CLEAN;
- l->l_flags |= MAC_FLAG_ASSOC;
-}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#2 (text+ko) ====
@@ -40,12 +40,8 @@
#include <security/mac_internal.h>
-#ifdef MAC_DEBUG
-extern u_int nmacmbufs;
-#endif
+int mac_label_mbufs = 1; /* Exported via sysctl in mac_base.c */
-int mac_label_mbufs = 1;
-
struct label *
mac_mbuf_to_label(struct mbuf *mbuf)
{
@@ -86,7 +82,7 @@
MAC_CHECK(init_mbuf_label, label, flag);
if (error)
printf("%s(): mpo_init_mbuf_label() failed!\n", __func__);
- MAC_DEBUG_COUNTER_INC(&nmacmbufs);
+
return (error);
}
@@ -98,7 +94,6 @@
label = (struct label *)(tag + 1);
MAC_PERFORM(destroy_mbuf_label, label);
mac_destroy_label(label);
- MAC_DEBUG_COUNTER_DEC(&nmacmbufs);
return;
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#2 (text+ko) ====
@@ -49,12 +49,6 @@
&mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe);
-#ifdef MAC_DEBUG
-static unsigned int nmacpipes;
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD,
- &nmacpipes, 0, "number of pipes in use");
-#endif
-
/* Define this to PIPE_LOCK_ASSERT(x, y) if mutex assertions are desired. */
#define MAC_PIPE_LOCK_ASSERT(x, y)
@@ -65,7 +59,6 @@
label = mac_labelzone_alloc(M_WAITOK);
MAC_PERFORM(init_pipe_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacpipes);
return (label);
}
@@ -82,7 +75,6 @@
MAC_PERFORM(destroy_pipe_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacpipes);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#2 (text+ko) ====
@@ -46,10 +46,6 @@
&mac_enforce_posix_sem, 0, "Enforce MAC policy on Posix Semaphores");
TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem);
-#ifdef MAC_DEBUG
-extern u_int nmac_psem;
-#endif
-
static struct label *
mac_posix_sem_label_alloc(void)
{
@@ -57,7 +53,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_posix_sem_label, label);
- MAC_DEBUG_COUNTER_INC(&nmac_psem);
return (label);
}
@@ -74,7 +69,6 @@
MAC_PERFORM(destroy_posix_sem_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmac_psem);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#2 (text+ko) ====
@@ -46,10 +46,6 @@
&mac_enforce_pshm, 0, "Enforce MAC policy on Posix Shared memory");
TUNABLE_INT("security.mac.enforce_posix_shm", &mac_enforce_posix_shm);
-#ifdef MAC_DEBUG
-extern u_int nmac_pshm;
-#endif
-
static struct label *
mac_posix_shm_label_alloc(void)
{
@@ -57,7 +53,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_posix_shm_label, label);
- MAC_DEBUG_COUNTER_INC(&nmac_pshm);
return (label);
}
@@ -74,7 +69,6 @@
MAC_PERFORM(destroy_posix_shm_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmac_pshm);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#2 (text+ko) ====
@@ -47,10 +47,6 @@
#include <security/mac_internal.h>
-#ifdef MAC_DEBUG
-extern u_int nmaccreds, nmacprocs;
-#endif
-
struct label *
mac_cred_label_alloc(void)
{
@@ -58,7 +54,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_cred_label, label);
- MAC_DEBUG_COUNTER_INC(&nmaccreds);
return (label);
}
@@ -76,7 +71,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_proc_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacprocs);
return (label);
}
@@ -92,7 +86,6 @@
{
MAC_PERFORM(destroy_cred_label, label);
- MAC_DEBUG_COUNTER_DEC(&nmaccreds);
mac_labelzone_free(label);
}
@@ -125,7 +118,6 @@
{
MAC_PERFORM(destroy_proc_label, label);
- MAC_DEBUG_COUNTER_DEC(&nmacprocs);
mac_labelzone_free(label);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#2 (text+ko) ====
@@ -64,9 +64,6 @@
extern int mac_enforce_socket;
-#ifdef MAC_DEBUG
-extern u_int nmacsockets;
-#endif
struct label *
mac_socket_label_alloc(int flag)
@@ -84,7 +81,7 @@
mac_labelzone_free(label);
return (NULL);
}
- MAC_DEBUG_COUNTER_INC(&nmacsockets);
+
return (label);
}
@@ -104,7 +101,7 @@
mac_labelzone_free(label);
return (NULL);
}
- MAC_DEBUG_COUNTER_INC(&nmacsockets);
+
return (label);
}
@@ -130,7 +127,6 @@
MAC_PERFORM(destroy_socket_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacsockets);
}
static void
@@ -139,7 +135,6 @@
MAC_PERFORM(destroy_socket_peer_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacsockets);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#2 (text+ko) ====
@@ -52,10 +52,6 @@
&mac_enforce_sysv_sem, 0, "Enforce MAC policy on System V IPC Semaphores");
TUNABLE_INT("security.mac.enforce_sysv_sem", &mac_enforce_sysv_sem);
-#ifdef MAC_DEBUG
-extern u_int nmacsysvsemas;
-#endif
-
static struct label *
mac_sysv_sem_label_alloc(void)
{
@@ -63,7 +59,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_sysv_sem_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacsysvsemas);
return (label);
}
@@ -80,7 +75,6 @@
MAC_PERFORM(destroy_sysv_sem_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacsysvsemas);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#2 (text+ko) ====
@@ -55,10 +55,6 @@
"Enforce MAC policy on System V IPC shared memory");
TUNABLE_INT("security.mac.enforce_sysv", &mac_enforce_sysv_shm);
-#ifdef MAC_DEBUG
-extern u_int nmacsysvshms;
-#endif
-
static struct label *
mac_sysv_shm_label_alloc(void)
{
@@ -66,7 +62,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_sysv_shm_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacsysvshms);
return (label);
}
@@ -83,7 +78,6 @@
MAC_PERFORM(destroy_sysv_shm_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacsysvshms);
}
void
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#2 (text+ko) ====
@@ -48,15 +48,7 @@
#include <security/mac_internal.h>
-#ifdef MAC_DEBUG
-extern u_int nmacmounts, nmacvnodes, nmaccleanvnodes, nmacassocvnodes,
- nmacdevfsdirents;
-
-extern u_int nmacassocsingle, nmacassocxattr, nmacassoccreate, nmacassoccopy,
- nmacassocdevfs;
-#endif
-
static struct label *
mac_devfsdirent_label_alloc(void)
{
@@ -64,7 +56,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_devfsdirent_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
return (label);
}
@@ -82,7 +73,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_mount_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacmounts);
return (label);
}
@@ -93,7 +83,6 @@
label = mac_labelzone_alloc(MAC_WAITOK);
MAC_PERFORM(init_mount_fs_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacmounts);
return (label);
}
@@ -120,7 +109,6 @@
{
vp->v_label = mac_vnode_label_alloc();
- MAC_DEBUG_COUNTER_INC(&nmacvnodes);
}
/*
@@ -132,18 +120,7 @@
mac_cleanup_vnode(vnode_t vp)
{
- if ((vp->v_label->l_flags & MAC_FLAG_CLEAN) &&
- ((vp->v_flag & VSYSTEM) == 0)) {
- vprint("Second clean", vp);
- printf(", vp=%x, vid=%d mp=%p fs=%s\n",
- vp, vp->v_id, vp->v_mount,
- vp->v_mount ? vp->v_mount->mnt_vfsstat.f_mntonname : "none"
- );
- }
-
MAC_PERFORM(cleanup_vnode_label, vp->v_label);
- mac_labelzone_clean(vp->v_label);
- MAC_DEBUG_COUNTER_INC(&nmaccleanvnodes);
}
static void
@@ -152,7 +129,6 @@
MAC_PERFORM(destroy_devfsdirent_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
}
void
@@ -169,7 +145,6 @@
MAC_PERFORM(destroy_mount_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacmounts);
}
static void
@@ -178,7 +153,6 @@
MAC_PERFORM(destroy_mount_fs_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacmounts);
}
void
@@ -202,7 +176,6 @@
MAC_PERFORM(destroy_vnode_label, label);
mac_labelzone_free(label);
- MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
}
void
@@ -211,7 +184,6 @@
mac_vnode_label_free(vp->v_label);
vp->v_label = NULL;
- MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
}
void
@@ -219,8 +191,6 @@
{
MAC_PERFORM(copy_vnode_label, src, dest);
- mac_labelzone_associate(dest);
- MAC_DEBUG_COUNTER_INC(&nmacassoccopy);
}
@@ -261,7 +231,6 @@
int error;
MAC_INTERNALIZE_LIST(vnode, label, string);
- mac_labelzone_associate(label);
return (error);
}
@@ -272,7 +241,6 @@
int error;
MAC_INTERNALIZE_LIST(mount_fs, label, string);
- mac_labelzone_associate(label);
return (error);
}
@@ -315,9 +283,6 @@
struct vnode *vp)
{
- mac_labelzone_associate(vp->v_label);
- MAC_DEBUG_COUNTER_INC(&nmacassocdevfs);
-
MAC_PERFORM(associate_vnode_devfs, mp, mp ? mp->mnt_fslabel : NULL, de,
de->dn_label, vp, vp->v_label);
}
@@ -332,10 +297,6 @@
MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp,
vp->v_label);
- mac_labelzone_associate(vp->v_label);
- MAC_DEBUG_COUNTER_INC(&nmacassocxattr);
- MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes);
-
return (error);
}
@@ -343,13 +304,8 @@
mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp,
- vp->v_label);
-
- mac_labelzone_associate(vp->v_label);
- MAC_DEBUG_COUNTER_INC(&nmacassocvnodes);
- MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes);
- MAC_DEBUG_COUNTER_INC(&nmacassocsingle);
+ MAC_PERFORM(associate_vnode_singlelabel, mp,
+ mp ? mp->mnt_fslabel : NULL, vp, vp->v_label);
}
int
@@ -361,10 +317,6 @@
ASSERT_VOP_LOCKED(dvp, __func__);
ASSERT_VOP_LOCKED(vp, __func__);
- mac_labelzone_associate(vp->v_label);
- MAC_DEBUG_COUNTER_INC(&nmacassoccreate);
- MAC_DEBUG_COUNTER_DEC(&nmaccleanvnodes);
-
MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel,
dvp, dvp->v_label, vp, vp->v_label, cnp);
==== //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#2 (text+ko) ====
@@ -34,7 +34,6 @@
#include <sys/kernel.h>
#include <libkern/libkern.h>
-#include <security/mac.h>
#include <security/mac_policy.h>
#include <vm/vm_kern.h>
==== //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#2 (text+ko) ====
@@ -36,7 +36,6 @@
#include <sys/kernel.h>
#include <libkern/libkern.h>
-#include <security/mac.h>
#include <security/mac_policy.h>
#include <vm/vm_kern.h>
==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#2 (text+ko) ====
@@ -119,8 +119,6 @@
#ifdef APPLE
#define TUNABLE_INT(x, y)
-#define atomic_add_int(P, V) (*(u_int*)(P) += (V))
-#define atomic_subtract_int(P, V) (*(u_int*)(P) -= (V))
#endif /* APPLE */
#define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr)
@@ -147,10 +145,6 @@
&mac_mls_enabled, 0, "Enforce MAC/MLS policy");
TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled);
-static int destroyed_not_inited;
-SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
- &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
-
static int ptys_equal = 0;
SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW,
&ptys_equal, 0, "Label pty devices as mls/equal on create");
@@ -200,7 +194,7 @@
if (mac_mls != NULL)
mac_zfree(zone_mls, (void *)mac_mls);
else
- atomic_add_int(&destroyed_not_inited, 1);
+ panic("Mac MLS Module: mls_free called on NULL label");
}
static int
@@ -561,7 +555,6 @@
sysctl_register_oid(&sysctl__security_mac_mls);
sysctl_register_oid(&sysctl__security_mac_mls_label_size);
sysctl_register_oid(&sysctl__security_mac_mls_enabled);
- sysctl_register_oid(&sysctl__security_mac_mls_destroyed_not_inited);
sysctl_register_oid(&sysctl__security_mac_mls_ptys_equal);
sysctl_register_oid(&sysctl__security_mac_mls_revocation_enabled);
sysctl_register_oid(&sysctl__security_mac_mls_max_compartments);
@@ -1925,26 +1918,6 @@
return (MAC_AUDIT_DEFAULT);
}
-#ifdef LATER
-static int
-mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
- struct ifnet *ifnet, struct label *ifnetlabel)
-{
- struct mac_mls *a, *b;
-
- if (!mac_mls_enabled)
- return (0);
-
- a = SLOT(bpflabel);
- b = SLOT(ifnetlabel);
-
- if (mac_mls_equal_effective(a, b))
- return (0);
-
- MLS_RETURN (EACCES);
-}
-#endif /* LATER */
-
static int
mac_mls_request_object_label (struct label *subj, struct label *obj,
const char *serv, struct label *out)
@@ -2705,6 +2678,15 @@
return (0);
}
+/*
+ * All System V shared memory operations modify struct shmid_ds.
+ * The MLS policy must require both read and write access for all operations.
+ */
+
+/*
+ * shmat() modifies shmid_ds.shm_atime (last shmat() time)
+ * shmat() modifies shmid_ds.shm_nattch (# of current attaches)
+ */
static int
mac_mls_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int shmflg)
@@ -2717,15 +2699,13 @@
subj = SLOT(cred->cr_label);
obj = SLOT(shmseglabel);
- if (!mac_mls_dominate_effective(subj, obj))
- MLS_RETURN (EACCES);
- if ((shmflg & SHM_RDONLY) == 0)
- if (!mac_mls_dominate_effective(obj, subj))
- MLS_RETURN (EACCES);
-
- return (0);
+ MLS_RETURN_CHECK(MLS_CHECK_EQUAL);
}
+/*
+ * shmctl() modifies shmid_ds.shm_ctime (last change by shmctl())
+ * shmctl() modifies shmid_ds.shm_lpid (pid of last shm op)
+ */
static int
mac_mls_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int cmd)
@@ -2738,28 +2718,12 @@
subj = SLOT(cred->cr_label);
obj = SLOT(shmseglabel);
- switch(cmd) {
- case IPC_RMID:
- case IPC_SET:
- if (!mac_mls_dominate_effective(obj, subj))
- MLS_RETURN (EACCES);
- break;
-
- case IPC_STAT:
- if (!mac_mls_dominate_effective(subj, obj))
- MLS_RETURN (EACCES);
- break;
- default:
- MLS_RETURN (EACCES);
- }
-
- return (0);
+ MLS_RETURN_CHECK(MLS_CHECK_EQUAL);
}
/*
- * TODO: Do we check the integrity of the implicit write access caused
- * by the bookkeeping tasks associated with the shmdt call, which may
- * modify/delete the shmseg meta-data and/or the shared segment itself?
+ * shmdt() modifies shmid_ds.shm_dtime (last shmdt() time)
+ * shmdt() modifies shmid_ds.shm_nattch (# of current attaches)
*/
static int
mac_mls_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
@@ -2773,12 +2737,12 @@
subj = SLOT(cred->cr_label);
obj = SLOT(shmseglabel);
- if (!mac_mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
+ MLS_RETURN_CHECK(MLS_CHECK_EQUAL);
}
+/*
+ * shmget() modifies shmid_ds.shm_lpid (pid of last shm op)
+ */
static int
mac_mls_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int shmflg)
@@ -2791,10 +2755,7 @@
subj = SLOT(cred->cr_label);
obj = SLOT(shmseglabel);
- if (!mac_mls_dominate_effective(subj, obj))
- MLS_RETURN (EACCES);
-
- return (0);
+ MLS_RETURN_CHECK(MLS_CHECK_EQUAL);
}
static int
@@ -3180,18 +3141,26 @@
struct label *vlabel)
{
struct mac_mls *subj, *obj;
+ int error;
if (!mac_mls_enabled)
return (0);
- /* XXXMAC: should we ever deny permission to turn accounting off? */
- if (vlabel == NULL)
- return (0);
+ subj = SLOT(cred->cr_label);
+ error = mac_mls_subject_privileged(subj);
- subj = SLOT(cred->cr_label);
- obj = SLOT(vlabel);
+ if (error == 0) {
+ if (vlabel == NULL) {
+ KASSERT((vp == NULL),
+ ("mac_mls_check_system_acct: no label for vp"));
+ } else {
+ obj = SLOT(vlabel);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list