Date: Thu, 26 Oct 2006 19:23:33 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108514 for review Message-ID: <200610261923.k9QJNXCm078556@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108514 Change 108514 by millert@millert_macbook on 2006/10/26 19:23:29 Update based on November DSEP release. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/README#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/README#3 (text+ko) ==== @@ -60,6 +60,89 @@ Mach servers. The launchd and notifyd daemons have been modified to use our security-enhanced MiG. + +New Features in the 20061013 release +===================================== + - Framework entrypoints have been renamed to follow the convention of + mpo_<object>_<operation>() + or + mpo_<object>_[check,label,notify]_<operation>() + + where <object> is audit, cred, devfs, file, lctx, policy etc. + The policy-specific functions (registration, etc) are an exception, in + that they do not have values to check, label and notify. + + - All sample policy modules have been updated to use this convention. See + mac_policy.h and API documentation for details. + + - A unique identifier has been added for each policy to facilitate quick + lookups by the Framework. This is used in the new externalize/internalize + changes where policies register a label namespace based on their handle. + + - 'mnt_fslabel' has been removed from struct mount as there was no need for + separate fslabel and mntlabel. The framework and entrypoints have been + renamed to suit. + + - The MAC Framework kernel interface (the mac_foo routines) have been + split from mac.h into a separate header file, mac_framework.h. This + mirrors a similar change in the TrustedBSD mac2 branch. + + - Previously we were using the foo_internal.h interfaces which technically + break Apple's KPI. In order to comply with Apple's KPI conventions, we + have changed how a cred is obtained from struct proc by changing + p->p_ucred to proc_ucred() or vfs_context_cred() where possible. + + - New entrypoints have been added + mpo_task_label_copy + mpo_task_label_externalize + mpo_task_label_internalize + + - In addition to renaming these entrypoints, we split their + definitions in mac_policy.h as they shared a definition with the + non-"once" value. + mpo_port_check_make_send_once + mpo_port_check_move_send_once + mpo_port_check_hold_send_once + + For example, + mpo_check_port_move_send_t *mpo_check_port_move_send; + mpo_check_port_move_send_t *mpo_check_port_move_send_once; + + becomes: + mpo_port_check_move_send_t *mpo_port_check_move_send; + mpo_port_check_move_send_once_t *mpo_port_check_move_send_once; + + - These entry points have been modified. In particular, we renamed one + of the parameters, the API does not change. However the semantics of + the policies must understand that when we combined the two mount labels, + the policies will always be passed the one remaining label. + mpo_vnode_label_update_extattr + + - The lctx label entrypoints implementation within the MLS policy have + been removed as MLS does not label login contexts anymore. The Framework + still contains these entry points. + + - We do not provide linkage for modules with the kernel symbol + IS_64BIT_PROCESS anymore and made changes to MACFrameworks.exports. + + - We fixed a race condition while setting and updating an extended + attribute label. + + - mac_vnode_label_associate_file() has been moved to hold the vnode lock + around the call to mpo_vnode_label_associate_file. + + - mac_test sample policy has been cleaned up to reduce warnings about + NULL parameters. In particular, we did this by adding tags to the + mac_policy.h API documentation. The scripts that generate the policy + module understand a few tags and permit the policy to be automatically + generated in a more intelligent way. In the future, would like to provide + additional automatic policy generation through the use of these tags. + + - The MAC Framework API documentation has been updated; documentation is + available in the docs/Framework/html/directory. + + + New Features in the 20060929 release ===================================== @@ -576,23 +659,6 @@ so that a security policy module can set initial labels based on an authenticated user login session. - - The build infrastructure was enhanced to provide the ability to - build installation packages and disk images. These packages may - be installed with the standard Apple software installation GUI - tools. While this functionality is still considered - experimental, it has proven to be quite useful. After - completing a top-level build and install, the disk image can be - build by the 'dmg' target in the Makefile. The resultant disk - image contains a single software installation package with the - MAC framework and related components. See the - src/dsep-install-gui.txt document for additional information on - using the graphical install tool. - - For example: - % make - % make install - % make dmg - - The various sample policies have been updated to support the recent changes to the Framework: mac_mls, mactest, mac_none, mac_stub. Note that the SEDarwin policy module is no longer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610261923.k9QJNXCm078556>