From owner-p4-projects@FreeBSD.ORG Fri May 6 13:44:14 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0611D16A4D5; Fri, 6 May 2005 13:44:14 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCA8516A4D3 for ; Fri, 6 May 2005 13:44:13 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91A2843D9B for ; Fri, 6 May 2005 13:44:13 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j46DiDg7068136 for ; Fri, 6 May 2005 13:44:13 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j46DiDhR068133 for perforce@freebsd.org; Fri, 6 May 2005 13:44:13 GMT (envelope-from areisse@nailabs.com) Date: Fri, 6 May 2005 13:44:13 GMT Message-Id: <200505061344.j46DiDhR068133@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 76611 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 13:44:14 -0000 http://perforce.freebsd.org/chv.cgi?CH=76611 Change 76611 by areisse@areisse_ibook on 2005/05/06 13:43:37 Bring over changes from selinux version 2004081908 (through sebsd). This adds support for conditional rules (booleans). This change is merging only, it does not work yet. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc-selinux.c#1 branch .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_ss.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask_types.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#4 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_labels.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#1 branch .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#1 branch .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/global.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services_private.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.h#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/symtab.c#2 integrate .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/symtab.h#2 integrate Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#2 (text+ko) ==== @@ -83,7 +83,76 @@ return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); } +#ifdef AVC_CACHE_STATS +static inline void avc_cache_stats_incr(int type) +{ + avc_cache_stats[type]++; +} + +static inline void avc_cache_stats_add(int type, unsigned val) + + avc_cache_stats[type] += val; +} +#else +static inline void avc_cache_stats_incr(int type) +{ } + if (rc) +static inline void avc_cache_stats_add(int type, unsigned val) +{ } +#endif + /** + * avc_dump_av - Display an access vector in human-readable form. + * @tclass: target security class + * @av: access vector + */ +void avc_dump_av(security_class_t tclass, access_vector_t av) +{ + char **common_pts = 0; + access_vector_t common_base = 0, perm; + int i, i2; + + if (av == 0) { + printk(" null"); + return; + } + + for (i = 0; i < ARRAY_SIZE(av_inherit); i++) { + if (av_inherit[i].tclass == tclass) { + common_pts = av_inherit[i].common_pts; + common_base = av_inherit[i].common_base; + break; + } + } + + printk(" {"); + i = 0; + perm = 1; + while (perm < common_base) { + if (perm & av) + printk(" %s", common_pts[i]); + i++; + perm <<= 1; + } + + while (i < sizeof(av) * 8) { + if (perm & av) { + for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) { + if ((av_perm_to_string[i2].tclass == tclass) && + (av_perm_to_string[i2].value == perm)) + break; + } + if (i2 < ARRAY_SIZE(av_perm_to_string)) + printk(" %s", av_perm_to_string[i2].name); + } + i++; + perm <<= 1; + } + + printk(" }"); +} + +/** * avc_dump_query - Display a SID pair and a class in human-readable form. * @ssid: source security identifier * @tsid: target security identifier @@ -139,7 +208,7 @@ "%d entries\n", i); break; } - bzero(new, sizeof(*new)); + memset(new, 0, sizeof(*new)); new->next = avc_node_freelist; avc_node_freelist = new; } @@ -931,13 +1000,13 @@ denied = requested & ~(ae->avd.allowed); - if (/*!requested || */denied) { + if (!requested || denied) { if (selinux_enforcing) { spin_unlock_irqrestore(&avc_lock,flags); rc = EACCES; goto out; } else { - /*ae->avd.allowed |= requested;*/ + ae->avd.allowed |= requested; spin_unlock_irqrestore(&avc_lock,flags); goto out; } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#2 (text+ko) ==== @@ -77,13 +77,9 @@ }; /* Initialize an AVC audit data structure. */ -#ifdef __APPLE__ -#define AVC_AUDIT_DATA_INIT(_d,_t) \ - { bzero((_d), sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } -#else #define AVC_AUDIT_DATA_INIT(_d,_t) \ { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } -#endif + /* * AVC statistics */ @@ -96,26 +92,7 @@ #define AVC_CAV_PROBES 6 #define AVC_CAV_MISSES 7 #define AVC_NSTATS 8 -extern unsigned avc_cache_stats[AVC_NSTATS]; - -#ifdef AVC_CACHE_STATS -static inline void avc_cache_stats_incr(int type) -{ - avc_cache_stats[type]++; -} - -static inline void avc_cache_stats_add(int type, unsigned val) -{ - avc_cache_stats[type] += val; -} -#else -static inline void avc_cache_stats_incr(int type) -{ } -static inline void avc_cache_stats_add(int type, unsigned val) -{ } -#endif - /* * AVC display support */ @@ -134,6 +111,7 @@ * AVC operations */ +/* Initialize the AVC */ void avc_init(void); int avc_lookup( @@ -185,5 +163,5 @@ u32 events, security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms); -#endif /* _SELINUX_AVC_H_ */ +#endif /* _LINUX_AVC_H_ */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_ss.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask_types.h#2 (text+ko) ==== @@ -56,7 +56,7 @@ * for permissions are defined in the automatically generated * header file av_permissions.h. */ -typedef u64 access_vector_t; +typedef u32 access_vector_t; /* * Each object class is identified by a fixed-size value. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_labels.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#2 (text+ko) ==== @@ -208,6 +208,20 @@ int *outlen; }; +static int +sebsd_get_bools(struct thread *td, struct sebsd_get_bools *gb) +{ + char *out = NULL; + if (gb->out) + out = malloc(gb->len, M_SEBSD, M_WAITOK); + int err = security_get_bool_string(&gb->len, out); + if (out && err == 0) + err = copyout(out, gb->out, gb->len); + if (out) + free(out, M_SEBSD); + return (err); +} + int sebsd_syscall(struct proc *td, int call, void *args) { @@ -286,6 +300,58 @@ } break; + + case SEBSDCALL_GET_BOOLS: + if (copyin(args, &gb, sizeof (struct sebsd_get_bools))) + return (EFAULT); + err = sebsd_get_bools(td, &gb); + if (copyout(&gb, args, sizeof (struct sebsd_get_bools))) + return (EFAULT); + break; + + case SEBSDCALL_GET_BOOL: + { + char str[128]; + int active, pending; + err = copyinstr(args,str, 128, NULL); + if (err) + return (err); + security_get_bool(str, &active, &pending); + *td->td_retval = active | (pending << 1); + return (0); + } + + case SEBSDCALL_SET_BOOL: + { + char *str; + + err = thread_has_security(td, SECURITY__SETBOOL); + if (err) + return (err); + + if (copyin(args, &p, sizeof (struct lp_args))) + return (EFAULT); + str = malloc(p.len, M_SEBSD, M_WAITOK); + if (!str) + return (ENOMEM); + if (copyin(p.data, str, p.len)) { + free(str, M_SEBSD); + return (EFAULT); + } + + str[p.len-1] = 0; + err = security_set_bool(str+1, str[0]-'0'); + free(str, M_SEBSD); + break; + } + + case SEBSDCALL_COMMIT_BOOLS: + err = thread_has_security(td, SECURITY__SETBOOL); + if (err) + return (err); + + return security_commit_pending_bools(); + default: err = EINVAL; break; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#2 (text+ko) ==== @@ -5,6 +5,10 @@ * TBD: Should we really try to line up with SELinux? */ #define SEBSDCALL_LOAD_POLICY 7 +#define SEBSDCALL_GET_BOOLS 8 +#define SEBSDCALL_GET_BOOL 9 +#define SEBSDCALL_SET_BOOL 10 +#define SEBSDCALL_COMMIT_BOOLS 11 #define SEBSDCALL_GETUSERSIDS 6 #define SEBSDCALL_GETFILESIDS 5 #define SEBSDCALL_CHANGE_SID 4 @@ -28,6 +32,10 @@ u32 seqno; }; +struct sebsd_get_bools { + int len; + char *out; +}; #endif /* _SEBSD_SYSCALLS_H_ */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#2 (text+ko) ==== @@ -4,6 +4,16 @@ * Author : Stephen Smalley, */ +/* Updated: Frank Mayer and Karl MacMillan + * + * Added conditional policy language extensions + * + * Copyright (C) 2003 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ + #ifdef _KERNEL #include #include @@ -22,6 +32,29 @@ (keyp->source_type << 9)) & \ AVTAB_HASH_MASK) +static struct avtab_node* +avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur, + struct avtab_key *key, struct avtab_datum *datum) +{ + struct avtab_node * newnode; + newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); + if (newnode == NULL) + return NULL; + memset(newnode, 0, sizeof(struct avtab_node)); + newnode->key = *key; + newnode->datum = *datum; + if (prev) { + newnode->next = prev->next; + prev->next = newnode; + } else { + newnode->next = h->htable[hvalue]; + h->htable[hvalue] = newnode; + } + + h->nel++; + return newnode; +} + int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; @@ -50,25 +83,49 @@ break; } - newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); - if (newnode == NULL) + newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); + if(!newnode) return ENOMEM; - memset(newnode, 0, sizeof(*newnode)); - newnode->key = *key; - newnode->datum = *datum; - if (prev) { - newnode->next = prev->next; - prev->next = newnode; - } else { - newnode->next = h->htable[hvalue]; - h->htable[hvalue] = newnode; - } - h->nel++; return 0; } +/* Unlike avtab_insert(), this function allow multiple insertions of the same + * key/specified mask into the table, as needed by the conditional avtab. + * It also returns a pointer to the node inserted. + */ +struct avtab_node * +avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) +{ + int hvalue; + struct avtab_node *prev, *cur, *newnode; + if (!h) + return NULL; + hvalue = AVTAB_HASH(key); + for (prev = NULL, cur = h->htable[hvalue]; + cur; + prev = cur, cur = cur->next) { + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class == cur->key.target_class && + (datum->specified & cur->datum.specified)) + break; + if (key->source_type < cur->key.source_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type < cur->key.target_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class < cur->key.target_class) + break; + } + newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); + + return newnode; +} + struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified) { int hvalue; @@ -99,12 +156,73 @@ return NULL; } +/* This search function returns a node pointer, and can be used in + * conjunction with avtab_search_next_node() + */ +struct avtab_node* +avtab_search_node(struct avtab *h, struct avtab_key *key, int specified) +{ + int hvalue; + struct avtab_node *cur; + + if (!h) + return NULL; + + hvalue = AVTAB_HASH(key); + for (cur = h->htable[hvalue]; cur; cur = cur->next) { + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class == cur->key.target_class && + (specified & cur->datum.specified)) + return cur; + + if (key->source_type < cur->key.source_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type < cur->key.target_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class < cur->key.target_class) + break; + } + return NULL; +} + +struct avtab_node* +avtab_search_node_next(struct avtab_node *node, int specified) +{ + struct avtab_node *cur; + + if (!node) + return NULL; + + for (cur = node->next; cur; cur = cur->next) { + if (node->key.source_type == cur->key.source_type && + node->key.target_type == cur->key.target_type && + node->key.target_class == cur->key.target_class && + (specified & cur->datum.specified)) + return cur; + + if (node->key.source_type < cur->key.source_type) + break; + if (node->key.source_type == cur->key.source_type && + node->key.target_type < cur->key.target_type) + break; + if (node->key.source_type == cur->key.source_type && + node->key.target_type == cur->key.target_type && + node->key.target_class < cur->key.target_class) + break; + } + return NULL; +} + void avtab_destroy(struct avtab *h) { int i; struct avtab_node *cur, *temp; - if (!h) + if (!h || !h->htable) return; for (i = 0; i < AVTAB_SIZE; i++) { @@ -117,6 +235,7 @@ h->htable[i] = NULL; } kfree(h->htable); + h->htable = NULL; } @@ -184,6 +303,67 @@ max_chain_len); } +int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey) +{ + u32 *buf; + u32 items, items2; + + memset(avkey, 0, sizeof(struct avtab_key)); + memset(avdatum, 0, sizeof(struct avtab_datum)); + + buf = next_entry(fp, sizeof(u32)); + if (!buf) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + goto bad; + } + items2 = le32_to_cpu(buf[0]); + buf = next_entry(fp, sizeof(u32)*items2); + if (!buf) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + goto bad; + } + items = 0; + avkey->source_type = le32_to_cpu(buf[items++]); + avkey->target_type = le32_to_cpu(buf[items++]); + avkey->target_class = le32_to_cpu(buf[items++]); + avdatum->specified = le32_to_cpu(buf[items++]); + if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) { + printk(KERN_ERR "security: avtab: null entry\n"); + goto bad; + } + if ((avdatum->specified & AVTAB_AV) && + (avdatum->specified & AVTAB_TYPE)) { + printk(KERN_ERR "security: avtab: entry has both access vectors and types\n"); + goto bad; + } + + + if (avdatum->specified & AVTAB_AV) { + if (avdatum->specified & AVTAB_ALLOWED) + avtab_allowed(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITDENY) + avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITALLOW) + avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]); + } else { + if (avdatum->specified & AVTAB_TRANSITION) + avtab_transition(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_CHANGE) + avtab_change(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_MEMBER) + avtab_member(avdatum) = le32_to_cpu(buf[items++]); + } + if (items != items2) { + printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n", + items2, items); + goto bad; + } + + return 0; +bad: + return -1; +} + int avtab_read(struct avtab *a, void *fp, u32 config) { int i, rc = EINVAL; @@ -204,67 +384,8 @@ goto bad; } for (i = 0; i < nel; i++) { - memset(&avkey, 0, sizeof(avkey)); - memset(&avdatum, 0, sizeof(avdatum)); - - buf = next_entry(fp, sizeof(u32)); - if (!buf) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; - } - items2 = le32_to_cpu(buf[0]); - buf = next_entry(fp, sizeof(u32)*items2); - if (!buf) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; - } - items = 0; - avkey.source_type = le32_to_cpu(buf[items++]); - avkey.target_type = le32_to_cpu(buf[items++]); - avkey.target_class = le32_to_cpu(buf[items++]); - avdatum.specified = le32_to_cpu(buf[items++]); - if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) { - printk(KERN_ERR "security: avtab: null entry\n"); - goto bad; - } - if ((avdatum.specified & AVTAB_AV) && - (avdatum.specified & AVTAB_TYPE)) { - printk(KERN_ERR "security: avtab: entry has both " - "access vectors and types\n"); + if (avtab_read_item(fp, &avdatum, &avkey)) goto bad; - } - if (avdatum.specified & AVTAB_AV) { - if (avdatum.specified & AVTAB_ALLOWED) - { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_allowed(&avdatum) = (((u64) b1) << 32) | b2; - } - if (avdatum.specified & AVTAB_AUDITDENY) - { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_auditdeny(&avdatum) = (((u64) b1) << 32) | b2; - } - if (avdatum.specified & AVTAB_AUDITALLOW) - { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_auditallow(&avdatum) = (((u64) b1) << 32) | b2; - } - } else { - if (avdatum.specified & AVTAB_TRANSITION) - avtab_transition(&avdatum) = le32_to_cpu(buf[items++]); - if (avdatum.specified & AVTAB_CHANGE) - avtab_change(&avdatum) = le32_to_cpu(buf[items++]); - if (avdatum.specified & AVTAB_MEMBER) - avtab_member(&avdatum) = le32_to_cpu(buf[items++]); - } - if (items != items2) { - printk(KERN_ERR "security: avtab: entry only had %d " - "items, expected %d\n", items2, items); - goto bad; - } rc = avtab_insert(a, &avkey, &avdatum); if (rc) { if (rc == ENOMEM) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#2 (text+ko) ==== @@ -7,6 +7,16 @@ * * Author : Stephen Smalley, */ + +/* Updated: Frank Mayer and Karl MacMillan + * + * Added conditional policy language extensions + * + * Copyright (C) 2003 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ #ifndef _SS_AVTAB_H_ #define _SS_AVTAB_H_ @@ -27,6 +37,7 @@ #define AVTAB_MEMBER 32 #define AVTAB_CHANGE 64 #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) +#define AVTAB_ENABLED 0x80000000 /* reserved for used in cond_avtab */ u32 specified; /* what fields are specified */ access_vector_t data[3]; /* access vectors or types */ #define avtab_allowed(x) (x)->data[0] @@ -58,8 +69,19 @@ void *args), void *args); void avtab_hash_eval(struct avtab *h, char *tag); + +int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey); int avtab_read(struct avtab *a, void *fp, u32 config); +struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, + struct avtab_datum *datum); + +struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified); + +struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); + +void avtab_cache_init(void); + #define AVTAB_HASH_BITS 15 #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS) #define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#2 (text+ko) ==== @@ -21,7 +21,7 @@ n1 = e1->node; n2 = e2->node; - prev = 0; + prev = NULL; while (n1 || n2) { new = kmalloc(sizeof(*new), GFP_ATOMIC); if (!new) { @@ -44,7 +44,7 @@ n2 = n2->next; } - new->next = 0; + new->next = NULL; if (prev) prev->next = new; else @@ -94,7 +94,7 @@ memset(new, 0, sizeof(*new)); new->startbit = n->startbit; new->map = n->map; - new->next = 0; + new->next = NULL; if (prev) prev->next = new; else @@ -159,7 +159,7 @@ { struct ebitmap_node *n, *prev, *new; - prev = 0; + prev = NULL; n = e->node; while (n && n->startbit <= bit) { if ((n->startbit + MAPSIZE) > bit) { @@ -235,7 +235,7 @@ } e->highbit = 0; - e->node = 0; + e->node = NULL; return; } @@ -257,8 +257,8 @@ count = le32_to_cpu(buf[2]); if (mapsize != MAPSIZE) { - printk(KERN_ERR "security: ebitmap: map size %d does not " - "match my size %d (high bit was %d)\n", mapsize, + printk(KERN_ERR "security: ebitmap: map size %u does not " + "match my size %Zd (high bit was %d)\n", mapsize, MAPSIZE, e->highbit); goto out; } @@ -268,7 +268,7 @@ } if (e->highbit & (MAPSIZE - 1)) { printk(KERN_ERR "security: ebitmap: high bit (%d) is not a " - "multiple of the map size (%d)\n", e->highbit, MAPSIZE); + "multiple of the map size (%Zd)\n", e->highbit, MAPSIZE); goto bad; } l = NULL; @@ -290,13 +290,13 @@ if (n->startbit & (MAPSIZE - 1)) { printk(KERN_ERR "security: ebitmap start bit (%d) is " - "not a multiple of the map size (%d)\n", + "not a multiple of the map size (%Zd)\n", n->startbit, MAPSIZE); goto bad_free; } if (n->startbit > (e->highbit - MAPSIZE)) { printk(KERN_ERR "security: ebitmap start bit (%d) is " - "beyond the end of the bitmap (%d)\n", + "beyond the end of the bitmap (%Zd)\n", n->startbit, (e->highbit - MAPSIZE)); goto bad_free; } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.h#2 (text+ko) ==== @@ -56,7 +56,7 @@ static inline void ebitmap_init(struct ebitmap *e) { - bzero(e, sizeof(*e)); + memset(e, 0, sizeof(*e)); } int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2); ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/fileutils.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/global.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#2 (text+ko) ==== @@ -4,6 +4,16 @@ * Author : Stephen Smalley, */ +/* Updated: Frank Mayer and Karl MacMillan + * + * Added conditional policy language extensions + * + * Copyright (C) 2003 - 2004 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ + #if defined(__FreeBSD__) && defined(_KERNEL) #include #include @@ -26,26 +36,74 @@ "classes", "roles", "types", - "users" + "users", mls_symtab_names + "bools" }; #endif +int policydb_loaded_version; + static unsigned int symtab_sizes[SYM_NUM] = { 2, 32, 16, 512, - 128 + 128, mls_symtab_sizes + 16 +}; + +struct policydb_compat_info { + int version; + int sym_num; + int ocon_num; +}; + +/* These need to be updated if SYM_NUM or OCON_NUM changes */ +static struct policydb_compat_info policydb_compat[] = { + { + .version = POLICYDB_VERSION_BASE, + .sym_num = SYM_NUM - 1, + .ocon_num = OCON_NUM - 1, + }, + { + .version = POLICYDB_VERSION_BOOL, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM - 1, + }, + { + .version = POLICYDB_VERSION_IPV6, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, + }, + { + .version = POLICYDB_VERSION_NLCLASS, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, + }, }; +static struct policydb_compat_info *policydb_lookup_compat(int version) +{ + int i; + struct policydb_compat_info *info = NULL; + + for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) { + if (policydb_compat[i].version == version) { + info = &policydb_compat[i]; + break; + } + } + return info; +} + /* * Initialize the role table. */ int roles_init(struct policydb *p) { - char *key = 0; + char *key = NULL; int rc; struct role_datum *role; @@ -102,6 +160,10 @@ if (rc) goto out_free_avtab; + rc = cond_policydb_init(p); + if (rc) + goto out_free_avtab; + out: return rc; @@ -131,6 +193,8 @@ comdatum = datum; p = datap; + if (!comdatum->value || comdatum->value > p->p_commons.nprim) + return EINVAL; p->p_common_val_to_name[comdatum->value - 1] = key; return 0; } @@ -142,6 +206,8 @@ cladatum = datum; p = datap; + if (!cladatum->value || cladatum->value > p->p_classes.nprim) + return EINVAL; p->p_class_val_to_name[cladatum->value - 1] = key; p->class_val_to_struct[cladatum->value - 1] = cladatum; return 0; @@ -154,6 +220,8 @@ role = datum; p = datap; + if (!role->value || role->value > p->p_roles.nprim) + return EINVAL; p->p_role_val_to_name[role->value - 1] = key; p->role_val_to_struct[role->value - 1] = role; return 0; @@ -167,8 +235,11 @@ typdatum = datum; p = datap; - if (typdatum->primary) + if (typdatum->primary) { + if (!typdatum->value || typdatum->value > p->p_types.nprim) + return EINVAL; p->p_type_val_to_name[typdatum->value - 1] = key; + } return 0; >>> TRUNCATED FOR MAIL (1000 lines) <<<