From owner-p4-projects@FreeBSD.ORG Wed Nov 23 21:25:11 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E4D3616A422; Wed, 23 Nov 2005 21:25:10 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6ABA16A41F for ; Wed, 23 Nov 2005 21:25:10 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2700943D81 for ; Wed, 23 Nov 2005 21:25:04 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id jANLP2U3094895 for ; Wed, 23 Nov 2005 21:25:02 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id jANLP1L0094892 for perforce@freebsd.org; Wed, 23 Nov 2005 21:25:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 23 Nov 2005 21:25:01 GMT Message-Id: <200511232125.jANLP1L0094892@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 87153 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Nov 2005 21:25:11 -0000 http://perforce.freebsd.org/chv.cgi?CH=87153 Change 87153 by rwatson@rwatson_zoo on 2005/11/23 21:24:39 Simple module to trace devfs path information. Affected files ... .. //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 (text+ko) ==== @@ -1,9 +1,9 @@ -# $FreeBSD: src/sys/modules/mac_none/Makefile,v 1.2 2002/10/22 17:10:15 rwatson Exp $ +# $FreeBSD$ -.PATH: ${.CURDIR}/../../security/mac_none +.PATH: ${.CURDIR}/../../security/mac_devfs -KMOD= mac_none +KMOD= mac_devfs SRCS= vnode_if.h \ - mac_none.c + mac_devfs.c .include ==== //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 (text+ko) ==== @@ -1,15 +1,9 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * - * This software was developed for the FreeBSD Project in part by Network - * Associates Laboratories, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), - * as part of the DARPA CHATS research program. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -31,15 +25,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.32 2005/09/19 18:52:50 phk Exp $ + * $FreeBSD$ */ /* * Developed by the TrustedBSD Project. - * - * Sample policy implementing no entry points; for performance measurement - * purposes only. If you're looking for a stub policy to base new policies - * on, try mac_stub. */ #include @@ -76,18 +66,53 @@ #include -SYSCTL_DECL(_security_mac); +static void +mac_devfs_associate_vnode_devfs(struct mount *mp, struct label *fslabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vlabel) +{ + +} + +static void +mac_devfs_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, + const char *fullpath) +{ + + printf("mac_devfs_create_devfs_device(uid %d mp %s cdev %s " + "fullpath %s", cred != NULL ? cred->cr_uid : -1, + mp->mnt_stat.f_mntonname, dev->si_name, fullpath); +} + +static void +mac_devfs_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label, + const char *fullpath) +{ + + printf("mac_devfs_create_devfs_device(mp %s dirname %s fullpath %s", + mp->mnt_stat.f_mntonname, dirname, fullpath); +} -SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, - "TrustedBSD mac_none policy controls"); +static void +mac_devfs_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel, const char *fullpath) +{ -static int mac_none_enabled = 1; -SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, - &mac_none_enabled, 0, "Enforce none policy"); + printf("mac_devfs_create_devfs_device(uid %d mp %s fullpath %s", + cred != NULL ? cred->cr_uid : -1, mp->mnt_stat.f_mntonname, + fullpath); +} static struct mac_policy_ops mac_none_ops = { + .mpo_associate_vnode_devfs = mac_devfs_associate_vnode_devfs, + .mpo_create_devfs_device = mac_devfs_create_devfs_device, + .mpo_create_devfs_directory = mac_devfs_create_devfs_directory, + .mpo_create_devfs_symlink = mac_devfs_create_devfs_symlink, }; -MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/None", +MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/devfs", MPC_LOADTIME_FLAG_UNLOADOK, NULL);