From owner-p4-projects@FreeBSD.ORG Thu Oct 26 19:23:39 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4240316A4DD; Thu, 26 Oct 2006 19:23:39 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0842316A4D0 for ; Thu, 26 Oct 2006 19:23:39 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 216A543D72 for ; Thu, 26 Oct 2006 19:23:34 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9QJNYcH078561 for ; Thu, 26 Oct 2006 19:23:34 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9QJNXCm078556 for perforce@freebsd.org; Thu, 26 Oct 2006 19:23:33 GMT (envelope-from millert@freebsd.org) Date: Thu, 26 Oct 2006 19:23:33 GMT Message-Id: <200610261923.k9QJNXCm078556@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 108514 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2006 19:23:39 -0000 http://perforce.freebsd.org/chv.cgi?CH=108514 Change 108514 by millert@millert_macbook on 2006/10/26 19:23:29 Update based on November DSEP release. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/README#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/README#3 (text+ko) ==== @@ -60,6 +60,89 @@ Mach servers. The launchd and notifyd daemons have been modified to use our security-enhanced MiG. + +New Features in the 20061013 release +===================================== + - Framework entrypoints have been renamed to follow the convention of + mpo__() + or + mpo__[check,label,notify]_() + + where is audit, cred, devfs, file, lctx, policy etc. + The policy-specific functions (registration, etc) are an exception, in + that they do not have values to check, label and notify. + + - All sample policy modules have been updated to use this convention. See + mac_policy.h and API documentation for details. + + - A unique identifier has been added for each policy to facilitate quick + lookups by the Framework. This is used in the new externalize/internalize + changes where policies register a label namespace based on their handle. + + - 'mnt_fslabel' has been removed from struct mount as there was no need for + separate fslabel and mntlabel. The framework and entrypoints have been + renamed to suit. + + - The MAC Framework kernel interface (the mac_foo routines) have been + split from mac.h into a separate header file, mac_framework.h. This + mirrors a similar change in the TrustedBSD mac2 branch. + + - Previously we were using the foo_internal.h interfaces which technically + break Apple's KPI. In order to comply with Apple's KPI conventions, we + have changed how a cred is obtained from struct proc by changing + p->p_ucred to proc_ucred() or vfs_context_cred() where possible. + + - New entrypoints have been added + mpo_task_label_copy + mpo_task_label_externalize + mpo_task_label_internalize + + - In addition to renaming these entrypoints, we split their + definitions in mac_policy.h as they shared a definition with the + non-"once" value. + mpo_port_check_make_send_once + mpo_port_check_move_send_once + mpo_port_check_hold_send_once + + For example, + mpo_check_port_move_send_t *mpo_check_port_move_send; + mpo_check_port_move_send_t *mpo_check_port_move_send_once; + + becomes: + mpo_port_check_move_send_t *mpo_port_check_move_send; + mpo_port_check_move_send_once_t *mpo_port_check_move_send_once; + + - These entry points have been modified. In particular, we renamed one + of the parameters, the API does not change. However the semantics of + the policies must understand that when we combined the two mount labels, + the policies will always be passed the one remaining label. + mpo_vnode_label_update_extattr + + - The lctx label entrypoints implementation within the MLS policy have + been removed as MLS does not label login contexts anymore. The Framework + still contains these entry points. + + - We do not provide linkage for modules with the kernel symbol + IS_64BIT_PROCESS anymore and made changes to MACFrameworks.exports. + + - We fixed a race condition while setting and updating an extended + attribute label. + + - mac_vnode_label_associate_file() has been moved to hold the vnode lock + around the call to mpo_vnode_label_associate_file. + + - mac_test sample policy has been cleaned up to reduce warnings about + NULL parameters. In particular, we did this by adding tags to the + mac_policy.h API documentation. The scripts that generate the policy + module understand a few tags and permit the policy to be automatically + generated in a more intelligent way. In the future, would like to provide + additional automatic policy generation through the use of these tags. + + - The MAC Framework API documentation has been updated; documentation is + available in the docs/Framework/html/directory. + + + New Features in the 20060929 release ===================================== @@ -576,23 +659,6 @@ so that a security policy module can set initial labels based on an authenticated user login session. - - The build infrastructure was enhanced to provide the ability to - build installation packages and disk images. These packages may - be installed with the standard Apple software installation GUI - tools. While this functionality is still considered - experimental, it has proven to be quite useful. After - completing a top-level build and install, the disk image can be - build by the 'dmg' target in the Makefile. The resultant disk - image contains a single software installation package with the - MAC framework and related components. See the - src/dsep-install-gui.txt document for additional information on - using the graphical install tool. - - For example: - % make - % make install - % make dmg - - The various sample policies have been updated to support the recent changes to the Framework: mac_mls, mactest, mac_none, mac_stub. Note that the SEDarwin policy module is no longer