From owner-p4-projects  Sat Sep 28 12:26:27 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 3E6BF37B404; Sat, 28 Sep 2002 12:26:19 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E120437B401
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 12:26:18 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2710C43E77
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 12:26:18 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8SJQICo096520
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 12:26:18 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8SJQHu7096517
	for perforce@freebsd.org; Sat, 28 Sep 2002 12:26:17 -0700 (PDT)
Date: Sat, 28 Sep 2002 12:26:17 -0700 (PDT)
Message-Id: <200209281926.g8SJQHu7096517@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 18288 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18288

Change 18288 by rwatson@rwatson_tislabs on 2002/09/28 12:25:23

	Similar class of changes to those made in Biba a little bit
	ago: teach the kernel module how to speak our MLS label strings,
	and get rid of the MLS user module, since that's no longer
	needed.  Update mac.conf to reflect the fact that libmac_generic
	can now be used with MLS strings.

Affected files ...

.. //depot/projects/trustedbsd/mac/etc/mac.conf#3 edit
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/Makefile#3 edit
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/mac_mls/Makefile#2 delete
.. //depot/projects/trustedbsd/mac/lib/libmac/modules/mac_mls/mac_mls.c#2 delete
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#95 edit

Differences ...

==== //depot/projects/trustedbsd/mac/etc/mac.conf#3 (text+ko) ====

@@ -17,7 +17,6 @@
 # Bind policy names to loadable shared modules
 #
 
-module mac_mls libmac_mls.so.1			# MLS confidentiality
-module mac_generic libmac_generic.so.1 biba te	# Type enforcement
-module mac_partition libmac_partition.so.1	# Partition policy
+module mac_generic libmac_generic.so.1 biba mls, te	# Type enforcement
+module mac_partition libmac_partition.so.1		# Partition policy
 

==== //depot/projects/trustedbsd/mac/lib/libmac/modules/Makefile#3 (text+ko) ====

@@ -1,3 +1,3 @@
-SUBDIR		= mac_generic mac_mls mac_partition
+SUBDIR		= mac_generic mac_partition
 
 .include <bsd.subdir.mk>

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#95 (text+ko) ====

@@ -53,6 +53,7 @@
 #include <sys/systm.h>
 #include <sys/sysproto.h>
 #include <sys/sysent.h>
+#include <sys/systm.h>
 #include <sys/vnode.h>
 #include <sys/file.h>
 #include <sys/socket.h>
@@ -466,26 +467,104 @@
 	SLOT(label) = NULL;
 }
 
+/*
+ * mac_mls_element_to_string() is basically an snprintf wrapper with
+ * the same properties as snprintf().  It returns the length it would
+ * have added to the string in the event the string is too short.
+ */
+static int
+mac_mls_element_to_string(char *string, size_t size,
+    struct mac_mls_element *element)
+{
+
+	switch (element->mme_type) {
+	case MAC_MLS_TYPE_HIGH:
+		return (snprintf(string, size, "high"));
+
+	case MAC_MLS_TYPE_LOW:
+		return (snprintf(string, size, "low"));
+
+	case MAC_MLS_TYPE_EQUAL:
+		return (snprintf(string, size, "equal"));
+
+	case MAC_MLS_TYPE_LEVEL:
+		return (snprintf(string, size, "%d", element->mme_level));
+
+	default:
+		panic("mac_mls_element_to_string: invalid type (%d)",
+		    element->mme_type);
+	}
+}
+
 static int
 mac_mls_externalize_label(struct label *label, struct mac *mac,
     struct mac_element *element, int *claimed)
 {
 	struct mac_mls *mac_mls;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr;
+	size_t left, len;
 	int error;
 
 	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) == 0) {
 		(*claimed)++;
 
-		if (element->me_databuflen < sizeof(struct mac_mls))
+		mac_mls = SLOT(label);
+
+		bzero(string, sizeof(string));
+		curptr = string;
+		left = MAC_MAX_LABEL_ELEMENT_DATALEN;
+
+		if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) {
+			len = mac_mls_element_to_string(curptr, left,
+			    &mac_mls->mm_single);
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+		}
+
+		if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) {
+			len = snprintf(curptr, left, "(");
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+
+			len = mac_mls_element_to_string(curptr, left,
+			    &mac_mls->mm_rangelow);
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+
+			len = snprintf(curptr, left, "-");
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+
+			len = mac_mls_element_to_string(curptr, left,
+			    &mac_mls->mm_rangehigh);
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+
+			len = snprintf(curptr, left, ")");
+			if (len >= left)
+				return (EINVAL);
+			left -= len;
+			curptr += len;
+		}
+
+		if (strlen(string)+1 > element->me_databuflen)
 			return (EINVAL);
 
-		mac_mls = SLOT(label);
-
-		error = copyout(mac_mls, element->me_data, sizeof(*mac_mls));
+		error = copyout(string, element->me_data, strlen(string)+1);
 		if (error)
 			return (error);
 
-		element->me_datalen = sizeof(*mac_mls);
+		element->me_datalen = strlen(string)+1;
 	}
 
 	return (0);
@@ -509,22 +588,106 @@
 }
 
 static int
+mac_mls_parse_element(struct mac_mls_element *element, char *string)
+{
+
+	if (strcmp(string, "high") == 0 ||
+	    strcmp(string, "hi") == 0) {
+		element->mme_type = MAC_MLS_TYPE_HIGH;
+		element->mme_level = MAC_MLS_TYPE_UNDEF;
+	} else if (strcmp(string, "low") == 0 ||
+	    strcmp(string, "lo") == 0) {
+		element->mme_type = MAC_MLS_TYPE_LOW;
+		element->mme_level = MAC_MLS_TYPE_UNDEF;
+	} else if (strcmp(string, "equal") == 0 ||
+	    strcmp(string, "eq") == 0) {
+		element->mme_type = MAC_MLS_TYPE_EQUAL;
+		element->mme_level = MAC_MLS_TYPE_UNDEF;
+	} else {
+		int d;
+
+		d = strtol(string, NULL, 10);
+		if (d < 0 || d > 65535)
+			return (EINVAL);
+		element->mme_type = MAC_MLS_TYPE_LEVEL;
+		element->mme_level = d;
+	}
+
+	return (0);
+}
+
+static int
 mac_mls_internalize_label(struct label *label, struct mac *mac,
     struct mac_element *element, int *claimed)
 {
 	struct mac_mls *mac_mls, mac_mls_temp;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];		/* XXX */
+	char *range, *rangeend, *rangehigh, *rangelow, *single;
 	int error;
 
 	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) == 0) {
 		(*claimed)++;
 
-		if (element->me_datalen != sizeof(*mac_mls))
+		error = copyin(element->me_data, &string, element->me_datalen);
+		if (error)
+			return (error);
+
+		if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
 			return (EINVAL);
 
-		error = copyin(element->me_data, &mac_mls_temp,
-		    sizeof(mac_mls_temp));
-		if (error)
-			return (error);
+		/* Do we have a range? */
+		single = string;
+		range = index(string, '(');
+		if (range == single)
+			single = NULL;
+		rangelow = rangehigh = NULL;
+		if (range != NULL) {
+			/* Nul terminate the end of the single string. */
+			*range = '\0';
+			range++;
+			rangelow = range;
+			rangehigh = index(rangelow, '-');
+			if (rangehigh == NULL)
+				return (EINVAL);
+			rangehigh++;
+			if (*rangelow == '\0' || *rangehigh == '\0')
+				return (EINVAL);
+			rangeend = index(rangehigh, ')');
+			if (rangeend == NULL)
+				return (EINVAL);
+			if (*(rangeend + 1) != '\0')
+				return (EINVAL);
+			/* Nul terminate the ends of the ranges. */
+			*(rangehigh - 1) = '\0';
+			*rangeend = '\0';
+		}
+		KASSERT((rangelow != NULL && rangehigh != NULL) ||
+		    (rangelow == NULL && rangehigh == NULL),
+		    ("mac_biba_internalize_label: range mismatch"));
+
+		printf("MLS: single: %s, range low: %s, range high: %s\n",
+		    single, rangelow, rangehigh);
+
+		bzero(&mac_mls_temp, sizeof(mac_mls_temp));
+		if (single != NULL) {
+			error = mac_mls_parse_element(
+			    &mac_mls_temp.mm_single, single);
+			if (error)
+				return (error);
+			mac_mls_temp.mm_flags |= MAC_MLS_FLAG_SINGLE;
+		}
+
+		if (rangelow != NULL) {
+			error = mac_mls_parse_element(
+			    &mac_mls_temp.mm_rangelow, rangelow);
+			if (error)
+				return (error);
+			error = mac_mls_parse_element(
+			    &mac_mls_temp.mm_rangehigh, rangehigh);
+			if (error)
+				return (error);
+			mac_mls_temp.mm_flags |= MAC_MLS_FLAG_RANGE;
+		}
 
 		error = mac_mls_valid(&mac_mls_temp);
 		if (error)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message