Date: Fri, 19 Nov 2004 15:48:05 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 65452 for review Message-ID: <200411191548.iAJFm589053201@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=65452 Change 65452 by areisse@areisse_tislabs on 2004/11/19 15:47:32 Begin the update of sebsd to selinux version 2004081908. This step was initial merging only, the kernel is in an unworking state. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#6 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#6 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/Makefile#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/initial_sids#3 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkflask.sh#3 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.c#1 branch .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.h#1 branch .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.h#3 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls_types.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.c#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.h#5 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#6 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#7 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.c#9 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.h#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.c#4 integrate .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.h#4 integrate Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#6 (text+ko) ==== @@ -583,6 +583,9 @@ } else { printf(" fs/inode info not available"); } + inode = a->u.fs.dentry->d_inode; + } else if (a->u.fs.inode) { + inode = a->u.fs.inode; } break; case AVC_AUDIT_DATA_NET: @@ -1018,3 +1021,14 @@ avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); return rc; } + +static int __init avc_log_level_setup(char *str) +{ + avc_log_level = simple_strtol(str, NULL, 0); + if (avc_log_level > 7) + avc_log_level = 7; + return 1; +} + +__setup("avc_log_level=", avc_log_level_setup); + ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#6 (text+ko) ==== @@ -62,8 +62,20 @@ } fs; struct { char *netif; - u16 port; - u32 daddr; + struct sock *sk; + u16 family; + u16 dport; + u16 sport; + union { + struct { + u32 daddr; + u32 saddr; + } v4; + struct { + struct in6_addr daddr; + struct in6_addr saddr; + } v6; + } fam; } net; cap_value_t cap; int ipc_id; @@ -86,25 +98,6 @@ #define AVC_CAV_PROBES 6 #define AVC_CAV_MISSES 7 #define AVC_NSTATS 8 -extern unsigned avc_cache_stats[AVC_NSTATS]; - -#ifdef AVC_CACHE_STATS -static inline void avc_cache_stats_incr(int type) -{ - avc_cache_stats[type]++; -} - -static inline void avc_cache_stats_add(int type, unsigned val) -{ - avc_cache_stats[type] += val; -} -#else -static inline void avc_cache_stats_incr(int type) -{ } - -static inline void avc_cache_stats_add(int type, unsigned val) -{ } -#endif /* * AVC display support ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/Makefile#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/access_vectors#5 (text+ko) ==== @@ -220,10 +220,11 @@ { fork transition - sigchld - sigkill - sigstop - signal + sigchld # commonly granted from child to parent + sigkill # cannot be caught or ignored + sigstop # cannot be caught or ignored + signull # for kill(pid, 0) + signal # all other signals ptrace getsched setsched @@ -233,6 +234,13 @@ getcap setcap share + getattr + setexec + setfscreate + noatsecure + siginh + setrlimit + rlimitinh } @@ -279,16 +287,14 @@ class security { compute_av - notify_perm - transition_sid - member_sid - sid_to_context - context_to_sid + compute_create + compute_member + check_context load_policy - get_sids - register_avc - change_sid - get_user_sids + compute_relabel + compute_user + setenforce # was avc_toggle in system class + setbool } @@ -366,3 +372,15 @@ mknod lease } + + +# +# Define the access vector interpretation for controlling +# changes to passwd information. +# +class passwd +{ + passwd + chfn + chsh +} ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/initial_sids#3 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#5 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkflask.sh#3 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/security_classes#4 (text+ko) ==== @@ -42,5 +42,11 @@ #Posix.1b-related classes class posix_sem +# +# userspace object manager classes +# + +# passwd/chfn/chsh +class passwd # FLASK ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#5 (text+ko) ==== @@ -4,6 +4,24 @@ * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ +/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> + * + * Added conditional policy language extensions + * + * Copyright (C) 2003 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ + +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/vmalloc.h> +#include <linux/errno.h> + +#include "avtab.h" +#include "policydb.h" + #ifdef _KERNEL #include <sys/param.h> #include <sys/conf.h> @@ -22,6 +40,31 @@ (keyp->source_type << 9)) & \ AVTAB_HASH_MASK) +static kmem_cache_t *avtab_node_cachep; + +static struct avtab_node* +avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur, + struct avtab_key *key, struct avtab_datum *datum) +{ + struct avtab_node * newnode; + newnode = kmem_cache_alloc(avtab_node_cachep, SLAB_KERNEL); + if (newnode == NULL) + return NULL; + memset(newnode, 0, sizeof(struct avtab_node)); + newnode->key = *key; + newnode->datum = *datum; + if (prev) { + newnode->next = prev->next; + prev->next = newnode; + } else { + newnode->next = h->htable[hvalue]; + h->htable[hvalue] = newnode; + } + + h->nel++; + return newnode; +} + int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; @@ -50,24 +93,48 @@ break; } - newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); - if (newnode == NULL) - return ENOMEM; - memset(newnode, 0, sizeof(*newnode)); - newnode->key = *key; - newnode->datum = *datum; - if (prev) { - newnode->next = prev->next; - prev->next = newnode; - } else { - newnode->next = h->htable[hvalue]; - h->htable[hvalue] = newnode; - } + newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); + if(!newnode) + return -ENOMEM; - h->nel++; return 0; } +/* Unlike avtab_insert(), this function allow multiple insertions of the same + * key/specified mask into the table, as needed by the conditional avtab. + * It also returns a pointer to the node inserted. + */ +struct avtab_node * +avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) +{ + int hvalue; + struct avtab_node *prev, *cur, *newnode; + + if (!h) + return NULL; + hvalue = AVTAB_HASH(key); + for (prev = NULL, cur = h->htable[hvalue]; + cur; + prev = cur, cur = cur->next) { + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class == cur->key.target_class && + (datum->specified & cur->datum.specified)) + break; + if (key->source_type < cur->key.source_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type < cur->key.target_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class < cur->key.target_class) + break; + } + newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); + + return newnode; +} struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified) { @@ -99,12 +166,73 @@ return NULL; } +/* This search function returns a node pointer, and can be used in + * conjunction with avtab_search_next_node() + */ +struct avtab_node* +avtab_search_node(struct avtab *h, struct avtab_key *key, int specified) +{ + int hvalue; + struct avtab_node *cur; + + if (!h) + return NULL; + + hvalue = AVTAB_HASH(key); + for (cur = h->htable[hvalue]; cur; cur = cur->next) { + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class == cur->key.target_class && + (specified & cur->datum.specified)) + return cur; + + if (key->source_type < cur->key.source_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type < cur->key.target_type) + break; + if (key->source_type == cur->key.source_type && + key->target_type == cur->key.target_type && + key->target_class < cur->key.target_class) + break; + } + return NULL; +} + +struct avtab_node* +avtab_search_node_next(struct avtab_node *node, int specified) +{ + struct avtab_node *cur; + + if (!node) + return NULL; + + for (cur = node->next; cur; cur = cur->next) { + if (node->key.source_type == cur->key.source_type && + node->key.target_type == cur->key.target_type && + node->key.target_class == cur->key.target_class && + (specified & cur->datum.specified)) + return cur; + + if (node->key.source_type < cur->key.source_type) + break; + if (node->key.source_type == cur->key.source_type && + node->key.target_type < cur->key.target_type) + break; + if (node->key.source_type == cur->key.source_type && + node->key.target_type == cur->key.target_type && + node->key.target_class < cur->key.target_class) + break; + } + return NULL; +} + void avtab_destroy(struct avtab *h) { int i; struct avtab_node *cur, *temp; - if (!h) + if (!h || !h->htable) return; for (i = 0; i < AVTAB_SIZE; i++) { @@ -116,7 +244,8 @@ } h->htable[i] = NULL; } - kfree(h->htable); + vfree(h->htable); + h->htable = NULL; } @@ -184,6 +313,65 @@ max_chain_len); } +int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey) +{ + __u32 *buf; + __u32 items, items2; + + memset(avkey, 0, sizeof(struct avtab_key)); + memset(avdatum, 0, sizeof(struct avtab_datum)); + + buf = next_entry(fp, sizeof(__u32)); + if (!buf) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + goto bad; + } + items2 = le32_to_cpu(buf[0]); + buf = next_entry(fp, sizeof(__u32)*items2); + if (!buf) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + goto bad; + } + items = 0; + avkey->source_type = le32_to_cpu(buf[items++]); + avkey->target_type = le32_to_cpu(buf[items++]); + avkey->target_class = le32_to_cpu(buf[items++]); + avdatum->specified = le32_to_cpu(buf[items++]); + if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) { + printk(KERN_ERR "security: avtab: null entry\n"); + goto bad; + } + if ((avdatum->specified & AVTAB_AV) && + (avdatum->specified & AVTAB_TYPE)) { + printk(KERN_ERR "security: avtab: entry has both access vectors and types\n"); + goto bad; + } + if (avdatum->specified & AVTAB_AV) { + if (avdatum->specified & AVTAB_ALLOWED) + avtab_allowed(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITDENY) + avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITALLOW) + avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]); + } else { + if (avdatum->specified & AVTAB_TRANSITION) + avtab_transition(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_CHANGE) + avtab_change(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_MEMBER) + avtab_member(avdatum) = le32_to_cpu(buf[items++]); + } + if (items != items2) { + printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n", + items2, items); + goto bad; + } + + return 0; +bad: + return -1; +} + int avtab_read(struct avtab *a, void *fp, u32 config) { int i, rc = EINVAL; @@ -204,33 +392,7 @@ goto bad; } for (i = 0; i < nel; i++) { - memset(&avkey, 0, sizeof(avkey)); - memset(&avdatum, 0, sizeof(avdatum)); - - buf = next_entry(fp, sizeof(u32)); - if (!buf) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; - } - items2 = le32_to_cpu(buf[0]); - buf = next_entry(fp, sizeof(u32)*items2); - if (!buf) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; - } - items = 0; - avkey.source_type = le32_to_cpu(buf[items++]); - avkey.target_type = le32_to_cpu(buf[items++]); - avkey.target_class = le32_to_cpu(buf[items++]); - avdatum.specified = le32_to_cpu(buf[items++]); - if (!(avdatum.specified & (AVTAB_AV | AVTAB_TYPE))) { - printk(KERN_ERR "security: avtab: null entry\n"); - goto bad; - } - if ((avdatum.specified & AVTAB_AV) && - (avdatum.specified & AVTAB_TYPE)) { - printk(KERN_ERR "security: avtab: entry has both " - "access vectors and types\n"); + if (avtab_read_item(fp, &avdatum, &avkey)) goto bad; } if (avdatum.specified & AVTAB_AV) { ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#5 (text+ko) ==== @@ -7,6 +7,16 @@ * * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ + +/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> + * + * Added conditional policy language extensions + * + * Copyright (C) 2003 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ #ifndef _SS_AVTAB_H_ #define _SS_AVTAB_H_ @@ -59,8 +69,19 @@ void *args), void *args); void avtab_hash_eval(struct avtab *h, char *tag); + +int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey); int avtab_read(struct avtab *a, void *fp, u32 config); +struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, + struct avtab_datum *datum); + +struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified); + +struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); + +void avtab_cache_init(void); + #define AVTAB_HASH_BITS 15 #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS) #define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1) ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#4 (text+ko) ==== @@ -21,7 +21,7 @@ n1 = e1->node; n2 = e2->node; - prev = 0; + prev = NULL; while (n1 || n2) { new = kmalloc(sizeof(*new), GFP_ATOMIC); if (!new) { @@ -44,7 +44,7 @@ n2 = n2->next; } - new->next = 0; + new->next = NULL; if (prev) prev->next = new; else @@ -84,7 +84,7 @@ ebitmap_init(dst); n = src->node; - prev = 0; + prev = NULL; while (n) { new = kmalloc(sizeof(*new), GFP_ATOMIC); if (!new) { @@ -94,7 +94,7 @@ memset(new, 0, sizeof(*new)); new->startbit = n->startbit; new->map = n->map; - new->next = 0; + new->next = NULL; if (prev) prev->next = new; else @@ -159,7 +159,7 @@ { struct ebitmap_node *n, *prev, *new; - prev = 0; + prev = NULL; n = e->node; while (n && n->startbit <= bit) { if ((n->startbit + MAPSIZE) > bit) { @@ -235,7 +235,7 @@ } e->highbit = 0; - e->node = 0; + e->node = NULL; return; } @@ -257,8 +257,8 @@ count = le32_to_cpu(buf[2]); if (mapsize != MAPSIZE) { - printk(KERN_ERR "security: ebitmap: map size %d does not " - "match my size %d (high bit was %d)\n", mapsize, + printk(KERN_ERR "security: ebitmap: map size %u does not " + "match my size %Zd (high bit was %d)\n", mapsize, MAPSIZE, e->highbit); goto out; } @@ -268,7 +268,7 @@ } if (e->highbit & (MAPSIZE - 1)) { printk(KERN_ERR "security: ebitmap: high bit (%d) is not a " - "multiple of the map size (%d)\n", e->highbit, MAPSIZE); + "multiple of the map size (%Zd)\n", e->highbit, MAPSIZE); goto bad; } l = NULL; @@ -290,13 +290,13 @@ if (n->startbit & (MAPSIZE - 1)) { printk(KERN_ERR "security: ebitmap start bit (%d) is " - "not a multiple of the map size (%d)\n", + "not a multiple of the map size (%Zd)\n", n->startbit, MAPSIZE); goto bad_free; } if (n->startbit > (e->highbit - MAPSIZE)) { printk(KERN_ERR "security: ebitmap start bit (%d) is " - "beyond the end of the bitmap (%d)\n", + "beyond the end of the bitmap (%Zd)\n", n->startbit, (e->highbit - MAPSIZE)); goto bad_free; } ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#4 (text+ko) ==== @@ -1,10 +1,7 @@ - -/* Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> */ - -/* FLASK */ - -/* +/* * Implementation of the multi-level security (MLS) policy. + * + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ #include <security/sebsd/ss/mls.h> @@ -13,10 +10,10 @@ * Remove any permissions from `allowed' that are * denied by the MLS policy. */ -void mls_compute_av(context_struct_t * scontext, - context_struct_t * tcontext, - class_datum_t * tclass, - access_vector_t * allowed) +void mls_compute_av(struct context *scontext, + struct context *tcontext, + struct class_datum *tclass, + u32 *allowed) { unsigned int rel[2]; int l; @@ -63,12 +60,11 @@ } } - /* * Return the length in bytes for the MLS fields of the * security context string representation of `context'. */ -int mls_compute_context_len(context_struct_t * context) +int mls_compute_context_len(struct context * context) { int i, l, len; @@ -81,26 +77,25 @@ if (ebitmap_get_bit(&context->range.level[l].cat, i - 1)) len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1; - if (mls_level_relation(context->range.level[0], context->range.level[1]) == MLS_RELATION_EQ) + if (mls_level_relation(context->range.level[0], context->range.level[1]) + == MLS_RELATION_EQ) break; } return len; } - /* - * Write the security context string representation of + * Write the security context string representation of * the MLS fields of `context' into the string `*scontext'. * Update `*scontext' to point to the end of the MLS fields. */ -int mls_sid_to_context(context_struct_t * context, +int mls_sid_to_context(struct context *context, char **scontext) { char *scontextp; int i, l; - scontextp = *scontext; for (l = 0; l < 2; l++) { @@ -116,7 +111,8 @@ *scontextp = ','; scontextp++; } - if (mls_level_relation(context->range.level[0], context->range.level[1]) != MLS_RELATION_EQ) { + if (mls_level_relation(context->range.level[0], context->range.level[1]) + != MLS_RELATION_EQ) { scontextp--; sprintf(scontextp, "-"); scontextp++; @@ -130,60 +126,59 @@ return 0; } - /* - * Return TRUE if the MLS fields in the security context - * structure `c' are valid. Return FALSE otherwise. + * Return 1 if the MLS fields in the security context + * structure `c' are valid. Return 0 otherwise. */ -int mls_context_isvalid(policydb_t *p, context_struct_t * c) +int mls_context_isvalid(struct policydb *p, struct context *c) { unsigned int relation; - level_datum_t *levdatum; - user_datum_t *usrdatum; - mls_range_list_t *rnode; + struct level_datum *levdatum; + struct user_datum *usrdatum; + struct mls_range_list *rnode; int i, l; - /* - * MLS range validity checks: high must dominate low, low level must - * be valid (category set <-> sensitivity check), and high level must + /* + * MLS range validity checks: high must dominate low, low level must + * be valid (category set <-> sensitivity check), and high level must * be valid (category set <-> sensitivity check) */ relation = mls_level_relation(c->range.level[1], c->range.level[0]); if (!(relation & (MLS_RELATION_DOM | MLS_RELATION_EQ))) /* High does not dominate low. */ - return FALSE; + return 0; for (l = 0; l < 2; l++) { if (!c->range.level[l].sens || c->range.level[l].sens > p->p_levels.nprim) - return FALSE; - levdatum = (level_datum_t *) hashtab_search(p->p_levels.table, - p->p_sens_val_to_name[c->range.level[l].sens - 1]); + return 0; + levdatum = hashtab_search(p->p_levels.table, + p->p_sens_val_to_name[c->range.level[l].sens - 1]); if (!levdatum) - return FALSE; + return 0; for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) { if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) { if (i > p->p_cats.nprim) - return FALSE; + return 0; if (!ebitmap_get_bit(&levdatum->level->cat, i - 1)) /* * Category may not be associated with * sensitivity in low level. */ - return FALSE; + return 0; } } } - if (c->role == OBJECT_R_VAL) - return TRUE; + if (c->role == OBJECT_R_VAL) + return 1; /* * User must be authorized for the MLS range. */ if (!c->user || c->user > p->p_users.nprim) - return FALSE; + return 0; usrdatum = p->user_val_to_struct[c->user - 1]; for (rnode = usrdatum->ranges; rnode; rnode = rnode->next) { if (mls_range_contains(rnode->range, c->range)) @@ -191,9 +186,9 @@ } if (!rnode) /* user may not be associated with range */ - return FALSE; + return 0; - return TRUE; + return 1; } @@ -202,33 +197,33 @@ * `context' based on the string representation in * the string `*scontext'. Update `*scontext' to * point to the end of the string representation of - * the MLS fields. + * the MLS fields. * * This function modifies the string in place, inserting - * NULL characters to terminate the MLS fields. + * NULL characters to terminate the MLS fields. */ int mls_context_to_sid(char oldc, char **scontext, - context_struct_t * context) + struct context *context) { char delim; char *scontextp, *p; - level_datum_t *levdatum; - cat_datum_t *catdatum; - int l; + struct level_datum *levdatum; + struct cat_datum *catdatum; + int l, rc = -EINVAL; if (!oldc) { /* No MLS component to the security context. Try to use a default 'unclassified' value. */ - levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table, - (hashtab_key_t) "unclassified"); - + levdatum = hashtab_search(policydb.p_levels.table, + "unclassified"); if (!levdatum) - return -EINVAL; + goto out; context->range.level[0].sens = levdatum->level->sens; context->range.level[1].sens = context->range.level[0].sens; - return 0; + rc = 0; + goto out; } /* Extract low sensitivity. */ @@ -241,11 +236,9 @@ *p++ = 0; for (l = 0; l < 2; l++) { - levdatum = (level_datum_t *) hashtab_search(policydb.p_levels.table, - (hashtab_key_t) scontextp); - + levdatum = hashtab_search(policydb.p_levels.table, scontextp); if (!levdatum) - return -EINVAL; + goto out; context->range.level[l].sens = levdatum->level->sens; @@ -259,15 +252,15 @@ if (delim != 0) *p++ = 0; - catdatum = (cat_datum_t *) hashtab_search(policydb.p_cats.table, - (hashtab_key_t) scontextp); - + catdatum = hashtab_search(policydb.p_cats.table, + scontextp); if (!catdatum) - return -EINVAL; + goto out; - if (!ebitmap_set_bit(&context->range.level[l].cat, - catdatum->value - 1, TRUE)) - return -ENOMEM; + rc = ebitmap_set_bit(&context->range.level[l].cat, + catdatum->value - 1, 1); + if (rc) + goto out; if (delim != ',') break; } @@ -287,50 +280,55 @@ if (l == 0) { context->range.level[1].sens = context->range.level[0].sens; - ebitmap_cpy(&context->range.level[1].cat, &context->range.level[0].cat); + rc = ebitmap_cpy(&context->range.level[1].cat, + &context->range.level[0].cat); + if (rc) + goto out; } - *scontext = p; - return 0; + *scontext = ++p; + rc = 0; +out: + return rc; } - -/* +/* * Copies the MLS range from `src' into `dst'. */ -static __inline int mls_copy_context(context_struct_t * dst, - context_struct_t * src) +static inline int mls_copy_context(struct context *dst, + struct context *src) { - int l; + int l, rc = 0; /* Copy the MLS range from the source context */ for (l = 0; l < 2; l++) { + dst->range.level[l].sens = src->range.level[l].sens; - if (!ebitmap_cpy(&dst->range.level[l].cat, &src->range.level[l].cat)) - return -ENOMEM; + rc = ebitmap_cpy(&dst->range.level[l].cat, + &src->range.level[l].cat); + if (rc) + break; } - return 0; + return rc; } - -/* +/* * Convert the MLS fields in the security context * structure `c' from the values specified in the * policy `oldp' to the values specified in the policy `newp'. */ -int mls_convert_context(policydb_t * oldp, - policydb_t * newp, - context_struct_t * c) +int mls_convert_context(struct policydb *oldp, >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411191548.iAJFm589053201>