From owner-p4-projects  Thu Aug  1 20:16:52 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id EEBA237B401; Thu,  1 Aug 2002 20:16:42 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5573F37B400; Thu,  1 Aug 2002 20:16:42 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id AEDFD43E70; Thu,  1 Aug 2002 20:16:41 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g723GVOo095513;
	Thu, 1 Aug 2002 23:16:31 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Thu, 1 Aug 2002 23:16:31 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Chris Vance <cvance@FreeBSD.org>
Cc: Perforce Change Reviews <perforce@FreeBSD.org>
Subject: Re: PERFORCE change 15425 for review
In-Reply-To: <200208020105.g72154i9089777@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1020801231547.90781E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG



On Thu, 1 Aug 2002, Chris Vance wrote:

> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15425
> 
> Change 15425 by cvance@cvance_laptop on 2002/08/01 18:04:47
> 
> 	Add support for a basic mac_policy syscall handler.
> 	Things to think about: 
> 	    - who guarantees MPSAFE, trustedbsd harness or the modules?  
> 	    - the module must perform the copyin on the arg parameter.

Also, you need to rebuild and commit the rebuilt init_sysent.c,
syscalls.c, and related sys/sys/ stuff.


> 
> Affected files ...
> 
> .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 edit
> .. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 edit
> .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 edit
> .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 edit
> 
> Differences ...
> 
> ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 (text+ko) ====
> 
> @@ -363,6 +363,9 @@
>  			 * that all enumerated values are handled.
>  			 */
>  			break;
> +		case MAC_SYSCALL:
> +			mpc->mpc_ops->mpo_mac_policy =
> +			    mpe->mpe_function;
>  		case MAC_DESTROY:
>  			mpc->mpc_ops->mpo_destroy =
>  			    mpe->mpe_function;
> @@ -3060,6 +3063,40 @@
>  	return (error);
>  }
>  
> +/*
> + * MPSAFE
> + */
> +int
> +mac_policy(struct thread *td, struct mac_policy_args *uap)
> +{
> +	int error;
> +	char target[128]; /* TBD: should be MAX_MAXNAME or some such */
> +	struct mac_policy_conf *mpc;
> +
> +	error = copyinstr(uap->policy, target, sizeof(target), NULL);
> +	if (error == ENAMETOOLONG) {
> +		return (EINVAL);
> +	}
> +	if (error) {
> +		return (error);
> +	}
> +
> +	error = ENOSYS;
> +	MAC_POLICY_LIST_BUSY();
> +	LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
> +		if (strcmp(mpc->mpc_name, target) == 0 &&
> +			mpc->mpc_ops->mpo_mac_policy) {
> +			error = mpc->mpc_ops->mpo_mac_policy(SCARG(uap, call),
> +							     SCARG(uap, arg));
> +			goto out;
> +		}
> +	}
> +
> + out:
> +	MAC_POLICY_LIST_UNBUSY();
> +	return (error);
> +}
> +
>  SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
>  SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
>  
> @@ -3107,4 +3144,11 @@
>  	return (ENOSYS);
>  }
>  
> +int
> +mac_policy(struct thread *td, struct mac_policy *uap)
> +{
> +
> +	return (ENOSYS);
> +}
> +
>  #endif /* !MAC */
> 
> ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 (text+ko) ====
> 
> @@ -567,5 +567,5 @@
>  392	STD	BSD	{ int uuidgen(struct uuid *store, int count); }
>  393	MSTD	BSD	{ int sendfile(int fd, int s, off_t offset, size_t nbytes, \
>  				struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
> -394	MNOIMPL	BSD	{ int mac_policy(const char *policy, int call, \
> +394	MSTD	BSD	{ int mac_policy(const char *policy, int call, \
>  				void *arg); }
> 
> ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 (text+ko) ====
> 
> 
> ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 (text+ko) ====
> 
> @@ -63,6 +63,11 @@
>  	void	(*mpo_init)(struct mac_policy_conf *mpc);
>  
>  	/*
> +	 * Generic policy-directed security syscall
> +	 */
> +	int	(*mpo_mac_policy)(int call, void *arg);
> +
> +	/*
>  	 * Label operations.
>  	 */
>  	void	(*mpo_init_bpfdesc)(struct bpf_d *, struct label *label);
> @@ -330,6 +335,7 @@
>  
>  enum mac_op_constant {
>  	MAC_OP_LAST,
> +	MAC_SYSCALL,
>  	MAC_DESTROY,
>  	MAC_INIT,
>  	MAC_INIT_BPFDESC,
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message