PERFORCE change 108514 for review

Todd Miller millert at FreeBSD.org
Thu Oct 26 19:23:48 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=108514

Change 108514 by millert at millert_macbook on 2006/10/26 19:23:29

	Update based on November DSEP release.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/README#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/README#3 (text+ko) ====

@@ -60,6 +60,89 @@
       Mach servers.  The launchd and notifyd daemons have been modified
       to use our security-enhanced MiG.
 
+
+New Features in the 20061013 release
+=====================================
+   - Framework entrypoints have been renamed to follow the convention of
+          mpo_<object>_<operation>()  
+     or
+	  mpo_<object>_[check,label,notify]_<operation>()
+
+     where <object> is audit, cred, devfs, file, lctx, policy etc.
+     The policy-specific functions (registration, etc) are an exception, in 
+     that they do not have values to check, label and notify.
+
+   - All sample policy modules have been updated to use this convention. See
+     mac_policy.h and API documentation for details.
+
+   - A unique identifier has been added for each policy to facilitate quick 
+     lookups by the Framework. This is used in the new externalize/internalize
+     changes where policies register a label namespace based on their handle.
+
+   - 'mnt_fslabel' has been removed from struct mount as there was no need for
+     separate fslabel and mntlabel. The framework and entrypoints have been 
+     renamed to suit.
+
+   - The MAC Framework kernel interface (the mac_foo routines) have been 
+     split from mac.h into a separate header file, mac_framework.h. This 
+     mirrors a similar change in the TrustedBSD mac2 branch.
+
+   - Previously we were using the foo_internal.h interfaces which technically 
+     break Apple's KPI. In order to comply with Apple's KPI conventions, we 
+     have changed how a cred is obtained from struct proc by changing 
+     p->p_ucred to proc_ucred() or vfs_context_cred() where possible. 
+
+   - New entrypoints have been added 
+	mpo_task_label_copy
+	mpo_task_label_externalize
+	mpo_task_label_internalize
+
+   - In addition to renaming these entrypoints, we split their 
+     definitions in mac_policy.h as they shared a definition with the 
+     non-"once" value.  
+	mpo_port_check_make_send_once
+	mpo_port_check_move_send_once
+	mpo_port_check_hold_send_once
+
+      For example,
+         mpo_check_port_move_send_t   *mpo_check_port_move_send;
+         mpo_check_port_move_send_t   *mpo_check_port_move_send_once;
+
+      becomes:
+         mpo_port_check_move_send_t       *mpo_port_check_move_send;
+         mpo_port_check_move_send_once_t  *mpo_port_check_move_send_once;
+
+   - These entry points have been modified. In particular, we renamed one 
+     of the parameters, the API does not change.  However the semantics of 
+     the policies must understand that when we combined the two mount labels, 
+     the policies will always be passed the one remaining label.
+        mpo_vnode_label_update_extattr
+
+   - The lctx label entrypoints implementation within the MLS policy have 
+     been removed as MLS does not label login contexts anymore. The Framework 
+     still contains these entry points.
+
+   - We do not provide linkage for modules with the kernel symbol 
+     IS_64BIT_PROCESS anymore and made changes to MACFrameworks.exports.
+
+   - We fixed a race condition while setting and updating an extended 
+     attribute label. 
+   
+   - mac_vnode_label_associate_file() has been moved to hold the vnode lock
+     around the call to mpo_vnode_label_associate_file.
+
+   - mac_test sample policy has been cleaned up to reduce warnings about
+     NULL parameters. In particular, we did this by adding tags to the 
+     mac_policy.h API documentation. The scripts that generate the policy 
+     module understand a few tags and permit the policy to be automatically 
+     generated in a more intelligent way.  In the future, would like to provide
+     additional automatic policy generation through the use of these tags.
+
+   - The MAC Framework API documentation has been updated; documentation is 
+     available in the docs/Framework/html/directory.
+
+
+
 New Features in the 20060929 release
 =====================================
 
@@ -576,23 +659,6 @@
       so that a security policy module can set initial labels based on
       an authenticated user login session.
 
-    - The build infrastructure was enhanced to provide the ability to
-      build installation packages and disk images.  These packages may
-      be installed with the standard Apple software installation GUI
-      tools.  While this functionality is still considered
-      experimental, it has proven to be quite useful.  After
-      completing a top-level build and install, the disk image can be
-      build by the 'dmg' target in the Makefile.  The resultant disk
-      image contains a single software installation package with the
-      MAC framework and related components.  See the
-      src/dsep-install-gui.txt document for additional information on
-      using the graphical install tool.
-
-      For example:
-        % make
-	% make install
-	% make dmg
-
     - The various sample policies have been updated to support the
       recent changes to the Framework: mac_mls, mactest, mac_none,
       mac_stub.  Note that the SEDarwin policy module is no longer

More information about the trustedbsd-cvs mailing list