Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 May 2005 13:44:13 GMT
From:      Andrew Reisse <areisse@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 76611 for review
Message-ID:  <200505061344.j46DiDhR068133@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76611

Change 76611 by areisse@areisse_ibook on 2005/05/06 13:43:37

	Bring over changes from selinux version 2004081908 (through sebsd).
	This adds support for conditional rules (booleans).
	This change is merging only, it does not work yet.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc-selinux.c#1 branch
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_ss.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask_types.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#4 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_labels.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#1 branch
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#1 branch
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/global.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services_private.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.h#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/symtab.c#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/symtab.h#2 integrate

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#2 (text+ko) ====

@@ -83,7 +83,76 @@
 	return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
 }
 
+#ifdef AVC_CACHE_STATS
+static inline void avc_cache_stats_incr(int type)
+{
+	avc_cache_stats[type]++;
+}
+
+static inline void avc_cache_stats_add(int type, unsigned val)
+
+	avc_cache_stats[type] += val;
+}
+#else
+static inline void avc_cache_stats_incr(int type)
+{ }
+	if (rc)
+static inline void avc_cache_stats_add(int type, unsigned val)
+{ }
+#endif
+
 /**
+ * avc_dump_av - Display an access vector in human-readable form.
+ * @tclass: target security class
+ * @av: access vector
+ */
+void avc_dump_av(security_class_t tclass, access_vector_t av)
+{
+	char **common_pts = 0;
+	access_vector_t common_base = 0, perm;
+	int i, i2;
+
+	if (av == 0) {
+		printk(" null");
+		return;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+		if (av_inherit[i].tclass == tclass) {
+			common_pts = av_inherit[i].common_pts;
+			common_base = av_inherit[i].common_base;
+			break;
+		}
+	}
+
+	printk(" {");
+	i = 0;
+	perm = 1;
+	while (perm < common_base) {
+		if (perm & av)
+			printk(" %s", common_pts[i]);
+		i++;
+		perm <<= 1;
+	}
+
+	while (i < sizeof(av) * 8) {
+		if (perm & av) {
+			for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
+				if ((av_perm_to_string[i2].tclass == tclass) &&
+				    (av_perm_to_string[i2].value == perm))
+					break;
+			}
+			if (i2 < ARRAY_SIZE(av_perm_to_string))
+				printk(" %s", av_perm_to_string[i2].name);
+		}
+		i++;
+		perm <<= 1;
+	}
+
+	printk(" }");
+}
+
+/**
  * avc_dump_query - Display a SID pair and a class in human-readable form.
  * @ssid: source security identifier
  * @tsid: target security identifier
@@ -139,7 +208,7 @@
 			       "%d entries\n", i);
 			break;
 		}
-		bzero(new, sizeof(*new));
+		memset(new, 0, sizeof(*new));
 		new->next = avc_node_freelist;
 		avc_node_freelist = new;
 	}
@@ -931,13 +1000,13 @@
 
 	denied = requested & ~(ae->avd.allowed);
 
-	if (/*!requested || */denied) {
+	if (!requested || denied) {
 		if (selinux_enforcing) {
 			spin_unlock_irqrestore(&avc_lock,flags);
 			rc = EACCES;
 			goto out;
 		} else {
-		  /*ae->avd.allowed |= requested;*/
+			ae->avd.allowed |= requested;
 			spin_unlock_irqrestore(&avc_lock,flags);
 			goto out;
 		}

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#2 (text+ko) ====

@@ -77,13 +77,9 @@
 };
 
 /* Initialize an AVC audit data structure. */
-#ifdef __APPLE__
-#define AVC_AUDIT_DATA_INIT(_d,_t) \
-        { bzero((_d), sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-#else
 #define AVC_AUDIT_DATA_INIT(_d,_t) \
         { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-#endif
+
 /*
  * AVC statistics
  */
@@ -96,26 +92,7 @@
 #define AVC_CAV_PROBES           6
 #define AVC_CAV_MISSES           7
 #define AVC_NSTATS               8
-extern unsigned avc_cache_stats[AVC_NSTATS];
-
-#ifdef AVC_CACHE_STATS
-static inline void avc_cache_stats_incr(int type)
-{
-	avc_cache_stats[type]++;
-}
-
-static inline void avc_cache_stats_add(int type, unsigned val)
-{
-	avc_cache_stats[type] += val;
-}
-#else
-static inline void avc_cache_stats_incr(int type)
-{ }
 
-static inline void avc_cache_stats_add(int type, unsigned val)
-{ }
-#endif
-
 /*
  * AVC display support
  */
@@ -134,6 +111,7 @@
  * AVC operations
  */
 
+/* Initialize the AVC */
 void avc_init(void);
 
 int avc_lookup(
@@ -185,5 +163,5 @@
 		     u32 events, security_id_t ssid, security_id_t tsid,
 		     security_class_t tclass, access_vector_t perms);
 
-#endif /* _SELINUX_AVC_H_ */
+#endif /* _LINUX_AVC_H_ */
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_ss.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask_types.h#2 (text+ko) ====

@@ -56,7 +56,7 @@
  * for permissions are defined in the automatically generated
  * header file av_permissions.h.
  */
-typedef u64 access_vector_t;
+typedef u32 access_vector_t;
 
 /*
  * Each object class is identified by a fixed-size value.

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#4 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_labels.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#2 (text+ko) ====

@@ -208,6 +208,20 @@
   int  *outlen;
 };
 
+static int
+sebsd_get_bools(struct thread *td, struct sebsd_get_bools *gb)
+{
+	char *out = NULL;
+	if (gb->out)
+		out = malloc(gb->len, M_SEBSD, M_WAITOK);
+	int err = security_get_bool_string(&gb->len, out);
+	if (out && err == 0)
+		err = copyout(out, gb->out, gb->len);
+	if (out)
+		free(out, M_SEBSD);
+	return (err);
+}
+
 int
 sebsd_syscall(struct proc *td, int call, void *args)
 {
@@ -286,6 +300,58 @@
 	  }
 	  break;
 
+
+	case SEBSDCALL_GET_BOOLS:
+		if (copyin(args, &gb, sizeof (struct sebsd_get_bools)))
+			return (EFAULT);
+		err = sebsd_get_bools(td, &gb);
+		if (copyout(&gb, args, sizeof (struct sebsd_get_bools)))
+			return (EFAULT);
+		break;
+
+	case SEBSDCALL_GET_BOOL:
+	{
+		char str[128];
+		int  active, pending;
+		err = copyinstr(args,str, 128, NULL);
+		if (err)
+			return (err);
+		security_get_bool(str, &active, &pending);
+		*td->td_retval = active | (pending << 1);
+		return (0);
+	}
+
+	case SEBSDCALL_SET_BOOL:
+	{
+		char *str;
+
+		err = thread_has_security(td, SECURITY__SETBOOL);
+		if (err)
+			return (err);
+
+		if (copyin(args, &p, sizeof (struct lp_args)))
+			return (EFAULT);
+		str = malloc(p.len, M_SEBSD, M_WAITOK);
+		if (!str)
+			return (ENOMEM);
+		if (copyin(p.data, str, p.len)) {
+			free(str, M_SEBSD);
+			return (EFAULT);
+		}
+
+		str[p.len-1] = 0;
+		err = security_set_bool(str+1, str[0]-'0');
+		free(str, M_SEBSD);
+		break;
+	}
+
+	case SEBSDCALL_COMMIT_BOOLS:
+		err = thread_has_security(td, SECURITY__SETBOOL);
+		if (err)
+			return (err);
+
+		return security_commit_pending_bools();
+
 	default:
 		err = EINVAL;
 		break;

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#2 (text+ko) ====

@@ -5,6 +5,10 @@
  * TBD: Should we really try to line up with SELinux?
  */
 #define SEBSDCALL_LOAD_POLICY		7
+#define SEBSDCALL_GET_BOOLS	        8
+#define SEBSDCALL_GET_BOOL		9
+#define SEBSDCALL_SET_BOOL		10
+#define SEBSDCALL_COMMIT_BOOLS		11
 #define SEBSDCALL_GETUSERSIDS		6
 #define SEBSDCALL_GETFILESIDS           5
 #define SEBSDCALL_CHANGE_SID            4
@@ -28,6 +32,10 @@
         u32 seqno;
 };
 
+struct sebsd_get_bools {
+	int   len;
+	char *out;
+};
 
 
 #endif /* _SEBSD_SYSCALLS_H_ */

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#2 (text+ko) ====

@@ -4,6 +4,16 @@
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
 
+/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * 	Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ *	This program is free software; you can redistribute it and/or modify
+ *  	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation, version 2.
+ */
+
 #ifdef _KERNEL
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -22,6 +32,29 @@
  (keyp->source_type << 9)) & \
  AVTAB_HASH_MASK)
 
+static struct avtab_node*
+avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur,
+		  struct avtab_key *key, struct avtab_datum *datum)
+{
+	struct avtab_node * newnode;
+	newnode = kmalloc(sizeof(*newnode), GFP_KERNEL);
+	if (newnode == NULL)
+		return NULL;
+	memset(newnode, 0, sizeof(struct avtab_node));
+	newnode->key = *key;
+	newnode->datum = *datum;
+	if (prev) {
+		newnode->next = prev->next;
+		prev->next = newnode;
+	} else {
+		newnode->next = h->htable[hvalue];
+		h->htable[hvalue] = newnode;
+	}
+
+	h->nel++;
+	return newnode;
+}
+
 int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
 {
 	int hvalue;
@@ -50,25 +83,49 @@
 			break;
 	}
 
-	newnode = kmalloc(sizeof(*newnode), GFP_KERNEL);
-	if (newnode == NULL)
+	newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
+	if(!newnode)
 		return ENOMEM;
-	memset(newnode, 0, sizeof(*newnode));
-	newnode->key = *key;
-	newnode->datum = *datum;
-	if (prev) {
-		newnode->next = prev->next;
-		prev->next = newnode;
-	} else {
-		newnode->next = h->htable[hvalue];
-		h->htable[hvalue] = newnode;
-	}
 
-	h->nel++;
 	return 0;
 }
 
+/* Unlike avtab_insert(), this function allow multiple insertions of the same
+ * key/specified mask into the table, as needed by the conditional avtab.
+ * It also returns a pointer to the node inserted.
+ */
+struct avtab_node *
+avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum)
+{
+	int hvalue;
+	struct avtab_node *prev, *cur, *newnode;
 
+	if (!h)
+		return NULL;
+	hvalue = AVTAB_HASH(key);
+	for (prev = NULL, cur = h->htable[hvalue];
+	     cur;
+	     prev = cur, cur = cur->next) {
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type == cur->key.target_type &&
+		    key->target_class == cur->key.target_class &&
+		    (datum->specified & cur->datum.specified))
+			break;
+		if (key->source_type < cur->key.source_type)
+			break;
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type < cur->key.target_type)
+			break;
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type == cur->key.target_type &&
+		    key->target_class < cur->key.target_class)
+			break;
+	}
+	newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
+
+	return newnode;
+}
+
 struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified)
 {
 	int hvalue;
@@ -99,12 +156,73 @@
 	return NULL;
 }
 
+/* This search function returns a node pointer, and can be used in
+ * conjunction with avtab_search_next_node()
+ */
+struct avtab_node*
+avtab_search_node(struct avtab *h, struct avtab_key *key, int specified)
+{
+	int hvalue;
+	struct avtab_node *cur;
+
+	if (!h)
+		return NULL;
+
+	hvalue = AVTAB_HASH(key);
+	for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type == cur->key.target_type &&
+		    key->target_class == cur->key.target_class &&
+		    (specified & cur->datum.specified))
+			return cur;
+
+		if (key->source_type < cur->key.source_type)
+			break;
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type < cur->key.target_type)
+			break;
+		if (key->source_type == cur->key.source_type &&
+		    key->target_type == cur->key.target_type &&
+		    key->target_class < cur->key.target_class)
+			break;
+	}
+	return NULL;
+}
+
+struct avtab_node*
+avtab_search_node_next(struct avtab_node *node, int specified)
+{
+	struct avtab_node *cur;
+
+	if (!node)
+		return NULL;
+
+	for (cur = node->next; cur; cur = cur->next) {
+		if (node->key.source_type == cur->key.source_type &&
+		    node->key.target_type == cur->key.target_type &&
+		    node->key.target_class == cur->key.target_class &&
+		    (specified & cur->datum.specified))
+			return cur;
+
+		if (node->key.source_type < cur->key.source_type)
+			break;
+		if (node->key.source_type == cur->key.source_type &&
+		    node->key.target_type < cur->key.target_type)
+			break;
+		if (node->key.source_type == cur->key.source_type &&
+		    node->key.target_type == cur->key.target_type &&
+		    node->key.target_class < cur->key.target_class)
+			break;
+	}
+	return NULL;
+}
+
 void avtab_destroy(struct avtab *h)
 {
 	int i;
 	struct avtab_node *cur, *temp;
 
-	if (!h)
+	if (!h || !h->htable)
 		return;
 
 	for (i = 0; i < AVTAB_SIZE; i++) {
@@ -117,6 +235,7 @@
 		h->htable[i] = NULL;
 	}
 	kfree(h->htable);
+	h->htable = NULL;
 }
 
 
@@ -184,6 +303,67 @@
 	       max_chain_len);
 }
 
+int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey)
+{
+	u32 *buf;
+	u32 items, items2;
+
+	memset(avkey, 0, sizeof(struct avtab_key));
+	memset(avdatum, 0, sizeof(struct avtab_datum));
+
+	buf = next_entry(fp, sizeof(u32));
+	if (!buf) {
+		printk(KERN_ERR "security: avtab: truncated entry\n");
+		goto bad;
+	}
+	items2 = le32_to_cpu(buf[0]);
+	buf = next_entry(fp, sizeof(u32)*items2);
+	if (!buf) {
+		printk(KERN_ERR "security: avtab: truncated entry\n");
+		goto bad;
+	}
+	items = 0;
+	avkey->source_type = le32_to_cpu(buf[items++]);
+	avkey->target_type = le32_to_cpu(buf[items++]);
+	avkey->target_class = le32_to_cpu(buf[items++]);
+	avdatum->specified = le32_to_cpu(buf[items++]);
+	if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) {
+		printk(KERN_ERR "security: avtab: null entry\n");
+		goto bad;
+	}
+	if ((avdatum->specified & AVTAB_AV) &&
+	    (avdatum->specified & AVTAB_TYPE)) {
+		printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
+		goto bad;
+	}
+
+
+	if (avdatum->specified & AVTAB_AV) {
+		if (avdatum->specified & AVTAB_ALLOWED)
+			avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_AUDITDENY)
+			avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_AUDITALLOW)
+			avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
+	} else {
+		if (avdatum->specified & AVTAB_TRANSITION)
+			avtab_transition(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_CHANGE)
+			avtab_change(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_MEMBER)
+			avtab_member(avdatum) = le32_to_cpu(buf[items++]);
+	}
+	if (items != items2) {
+		printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n",
+		       items2, items);
+		goto bad;
+	}
+
+	return 0;
+bad:
+	return -1;
+}
+
 int avtab_read(struct avtab *a, void *fp, u32 config)
 {
 	int i, rc = EINVAL;
@@ -204,67 +384,8 @@
 		goto bad;
 	}
 	for (i = 0; i < nel; i++) {
-		memset(&avkey, 0, sizeof(avkey));
-		memset(&avdatum, 0, sizeof(avdatum));
-
-		buf = next_entry(fp, sizeof(u32));
-		if (!buf) {
-			printk(KERN_ERR "security: avtab: truncated entry\n");
-			goto bad;
-		}
-		items2 = le32_to_cpu(buf[0]);
-		buf = next_entry(fp, sizeof(u32)*items2);
-		if (!buf) {
-			printk(KERN_ERR "security: avtab: truncated entry\n");
-			goto bad;
-		}
-		items = 0;
-		avkey.source_type = le32_to_cpu(buf[items++]);
-		avkey.target_type = le32_to_cpu(buf[items++]);
-		avkey.target_class = le32_to_cpu(buf[items++]);
-		avdatum.specified = le32_to_cpu(buf[items++]);
-		if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) {
-			printk(KERN_ERR "security: avtab: null entry\n");
-			goto bad;
-		}
-		if ((avdatum.specified & AVTAB_AV) &&
-		    (avdatum.specified & AVTAB_TYPE)) {
-			printk(KERN_ERR "security: avtab: entry has both "
-			       "access vectors and types\n");
+		if (avtab_read_item(fp, &avdatum, &avkey))
 			goto bad;
-		}
-		if (avdatum.specified & AVTAB_AV) {
-		        if (avdatum.specified & AVTAB_ALLOWED)
-			  {
-			    u32 b1 = le32_to_cpu (buf[items++]);
-			    u32 b2 = le32_to_cpu (buf[items++]);
-			    avtab_allowed(&avdatum) = (((u64) b1) << 32) | b2;
-			  }
-			if (avdatum.specified & AVTAB_AUDITDENY) 
-			  {
-			    u32 b1 = le32_to_cpu (buf[items++]);
-			    u32 b2 = le32_to_cpu (buf[items++]);
-			    avtab_auditdeny(&avdatum) = (((u64) b1) << 32) | b2;
-			  }
-			if (avdatum.specified & AVTAB_AUDITALLOW) 
-			  {
-			    u32 b1 = le32_to_cpu (buf[items++]);
-			    u32 b2 = le32_to_cpu (buf[items++]);
-			    avtab_auditallow(&avdatum) = (((u64) b1) << 32) | b2;
-			  }
-		} else {
-			if (avdatum.specified & AVTAB_TRANSITION)
-				avtab_transition(&avdatum) = le32_to_cpu(buf[items++]);
-			if (avdatum.specified & AVTAB_CHANGE)
-				avtab_change(&avdatum) = le32_to_cpu(buf[items++]);
-			if (avdatum.specified & AVTAB_MEMBER)
-				avtab_member(&avdatum) = le32_to_cpu(buf[items++]);
-		}
-		if (items != items2) {
-			printk(KERN_ERR "security: avtab: entry only had %d "
-			       "items, expected %d\n", items2, items);
-			goto bad;
-		}
 		rc = avtab_insert(a, &avkey, &avdatum);
 		if (rc) {
 			if (rc == ENOMEM)

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#2 (text+ko) ====

@@ -7,6 +7,16 @@
  *
  *  Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
+
+/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * 	Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ *	This program is free software; you can redistribute it and/or modify
+ *  	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation, version 2.
+ */
 #ifndef _SS_AVTAB_H_
 #define _SS_AVTAB_H_
 
@@ -27,6 +37,7 @@
 #define AVTAB_MEMBER     32
 #define AVTAB_CHANGE     64
 #define AVTAB_TYPE       (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
+#define AVTAB_ENABLED    0x80000000 /* reserved for used in cond_avtab */
 	u32 specified;	/* what fields are specified */
 	access_vector_t data[3];	/* access vectors or types */
 #define avtab_allowed(x) (x)->data[0]
@@ -58,8 +69,19 @@
 			    void *args),
 	      void *args);
 void avtab_hash_eval(struct avtab *h, char *tag);
+
+int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey);
 int avtab_read(struct avtab *a, void *fp, u32 config);
 
+struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
+					  struct avtab_datum *datum);
+
+struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified);
+
+struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
+
+void avtab_cache_init(void);
+
 #define AVTAB_HASH_BITS 15
 #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)
 #define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1)

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#2 (text+ko) ====

@@ -21,7 +21,7 @@
 
 	n1 = e1->node;
 	n2 = e2->node;
-	prev = 0;
+	prev = NULL;
 	while (n1 || n2) {
 		new = kmalloc(sizeof(*new), GFP_ATOMIC);
 		if (!new) {
@@ -44,7 +44,7 @@
 			n2 = n2->next;
 		}
 
-		new->next = 0;
+		new->next = NULL;
 		if (prev)
 			prev->next = new;
 		else
@@ -94,7 +94,7 @@
 		memset(new, 0, sizeof(*new));
 		new->startbit = n->startbit;
 		new->map = n->map;
-		new->next = 0;
+		new->next = NULL;
 		if (prev)
 			prev->next = new;
 		else
@@ -159,7 +159,7 @@
 {
 	struct ebitmap_node *n, *prev, *new;
 
-	prev = 0;
+	prev = NULL;
 	n = e->node;
 	while (n && n->startbit <= bit) {
 		if ((n->startbit + MAPSIZE) > bit) {
@@ -235,7 +235,7 @@
 	}
 
 	e->highbit = 0;
-	e->node = 0;
+	e->node = NULL;
 	return;
 }
 
@@ -257,8 +257,8 @@
 	count = le32_to_cpu(buf[2]);
 
 	if (mapsize != MAPSIZE) {
-		printk(KERN_ERR "security: ebitmap: map size %d does not "
-		       "match my size %d (high bit was %d)\n", mapsize,
+		printk(KERN_ERR "security: ebitmap: map size %u does not "
+		       "match my size %Zd (high bit was %d)\n", mapsize,
 		       MAPSIZE, e->highbit);
 		goto out;
 	}
@@ -268,7 +268,7 @@
 	}
 	if (e->highbit & (MAPSIZE - 1)) {
 		printk(KERN_ERR "security: ebitmap: high bit (%d) is not a "
-		       "multiple of the map size (%d)\n", e->highbit, MAPSIZE);
+		       "multiple of the map size (%Zd)\n", e->highbit, MAPSIZE);
 		goto bad;
 	}
 	l = NULL;
@@ -290,13 +290,13 @@
 
 		if (n->startbit & (MAPSIZE - 1)) {
 			printk(KERN_ERR "security: ebitmap start bit (%d) is "
-			       "not a multiple of the map size (%d)\n",
+			       "not a multiple of the map size (%Zd)\n",
 			       n->startbit, MAPSIZE);
 			goto bad_free;
 		}
 		if (n->startbit > (e->highbit - MAPSIZE)) {
 			printk(KERN_ERR "security: ebitmap start bit (%d) is "
-			       "beyond the end of the bitmap (%d)\n",
+			       "beyond the end of the bitmap (%Zd)\n",
 			       n->startbit, (e->highbit - MAPSIZE));
 			goto bad_free;
 		}

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.h#2 (text+ko) ====

@@ -56,7 +56,7 @@
 
 static inline void ebitmap_init(struct ebitmap *e)
 {
-	bzero(e, sizeof(*e));
+	memset(e, 0, sizeof(*e));
 }
 
 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.c#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/global.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.c#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.h#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#2 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#2 (text+ko) ====

@@ -4,6 +4,16 @@
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
 
+/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * 	Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ *	This program is free software; you can redistribute it and/or modify
+ *  	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation, version 2.
+ */
+
 #if defined(__FreeBSD__) && defined(_KERNEL)
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -26,26 +36,74 @@
 	"classes",
 	"roles",
 	"types",
-	"users"
+	"users",
 	mls_symtab_names
+	"bools"
 };
 #endif
 
+int policydb_loaded_version;
+
 static unsigned int symtab_sizes[SYM_NUM] = {
 	2,
 	32,
 	16,
 	512,
-	128
+	128,
 	mls_symtab_sizes
+	16
+};
+
+struct policydb_compat_info {
+	int version;
+	int sym_num;
+	int ocon_num;
+};
+
+/* These need to be updated if SYM_NUM or OCON_NUM changes */
+static struct policydb_compat_info policydb_compat[] = {
+	{
+		.version        = POLICYDB_VERSION_BASE,
+		.sym_num        = SYM_NUM - 1,
+		.ocon_num       = OCON_NUM - 1,
+	},
+	{
+		.version        = POLICYDB_VERSION_BOOL,
+		.sym_num        = SYM_NUM,
+		.ocon_num       = OCON_NUM - 1,
+	},
+	{
+		.version        = POLICYDB_VERSION_IPV6,
+		.sym_num        = SYM_NUM,
+		.ocon_num       = OCON_NUM,
+	},
+	{
+		.version        = POLICYDB_VERSION_NLCLASS,
+		.sym_num        = SYM_NUM,
+		.ocon_num       = OCON_NUM,
+	},
 };
 
+static struct policydb_compat_info *policydb_lookup_compat(int version)
+{
+	int i;
+	struct policydb_compat_info *info = NULL;
+
+	for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {
+		if (policydb_compat[i].version == version) {
+			info = &policydb_compat[i];
+			break;
+		}
+	}
+	return info;
+}
+
 /*
  * Initialize the role table.
  */
 int roles_init(struct policydb *p)
 {
-	char *key = 0;
+	char *key = NULL;
 	int rc;
 	struct role_datum *role;
 
@@ -102,6 +160,10 @@
 	if (rc)
 		goto out_free_avtab;
 
+	rc = cond_policydb_init(p);
+	if (rc)
+		goto out_free_avtab;
+
 out:
 	return rc;
 
@@ -131,6 +193,8 @@
 
 	comdatum = datum;
 	p = datap;
+	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
+		return EINVAL;
 	p->p_common_val_to_name[comdatum->value - 1] = key;
 	return 0;
 }
@@ -142,6 +206,8 @@
 
 	cladatum = datum;
 	p = datap;
+	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
+		return EINVAL;
 	p->p_class_val_to_name[cladatum->value - 1] = key;
 	p->class_val_to_struct[cladatum->value - 1] = cladatum;
 	return 0;
@@ -154,6 +220,8 @@
 
 	role = datum;
 	p = datap;
+	if (!role->value || role->value > p->p_roles.nprim)
+		return EINVAL;
 	p->p_role_val_to_name[role->value - 1] = key;
 	p->role_val_to_struct[role->value - 1] = role;
 	return 0;
@@ -167,8 +235,11 @@
 	typdatum = datum;
 	p = datap;
 
-	if (typdatum->primary)
+	if (typdatum->primary) {
+		if (!typdatum->value || typdatum->value > p->p_types.nprim)
+			return EINVAL;
 		p->p_type_val_to_name[typdatum->value - 1] = key;
+	}
 
 	return 0;

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505061344.j46DiDhR068133>