From owner-p4-projects Tue Jan 14 0:20: 3 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CE96C37B405; Tue, 14 Jan 2003 00:19:37 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78FDD37B401 for ; Tue, 14 Jan 2003 00:19:37 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2406343EB2 for ; Tue, 14 Jan 2003 00:19:36 -0800 (PST) (envelope-from chris@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E8JZfh080511 for ; Tue, 14 Jan 2003 00:19:35 -0800 (PST) (envelope-from chris@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E8JZkx080508 for perforce@freebsd.org; Tue, 14 Jan 2003 00:19:35 -0800 (PST) Date: Tue, 14 Jan 2003 00:19:35 -0800 (PST) Message-Id: <200301140819.h0E8JZkx080508@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f From: Chris Costello Subject: PERFORCE change 23726 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=23726 Change 23726 by chris@chris_holly on 2003/01/14 00:19:30 Piece together a new "Label operations" section. Add a few more entry points I seem to have missed on the first few sweeps. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#28 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#28 (text+ko) ==== @@ -155,8 +155,8 @@ be passed NULL pointers for label arguments to entry points. - - Policy Module Registration + + General-Purpose Module Entry Points Modules may be declared using the MAC_POLICY_SET() macro, which names the @@ -298,8 +298,1320 @@ caution should be applied. + + <function>&mac.mpo;_syscall</function> + + + + int + &mac.mpo;_syscall + + struct thread + *td + int call + void *arg + + + + + + &mac.thead; + + + + td + Calling thread + + + + call + Syscall number + + + arg + Pointer to syscall arguments + + + + + + This entry point provides a policy-multiplexed system + call so that policies may provide additional services to + user processes without registering specific system calls. + The policy name provided during registration is used to + demux calls from userland, and the arguments will be + forwarded to this entry point. When implementing new + services, security modules should be sure to invoke + appropriate access control checks from the MAC framework as + needed. For example, if a policy implements an augmented + signal functionality, it should call the necessary signal + access control checks to invoke the MAC framework and other + registered policies. + + Modules must currently perform the + copyin() of the syscall data on their + own. + + + + <function>&mac.mpo;_thread_userret</function> + + + + void + &mac.mpo;_thread_userret + + struct thread + *td + + + + + + &mac.thead; + + + + td + Returning thread + + + + + + + This entry point permits policy modules to perform + MAC-related events when a thread returns to user space. + This is required for policies that have floating process + labels, as it's not always possible to acquire the process + lock at arbitrary points in the stack during system call + processing; process labels might represent traditional + authentication data, process history information, or other + data. + + + + Label Operations + + + <function>&mac.mpo;_init_bpfdesc_label</function> + + + + void + &mac.mpo;_init_bpfdesc_label + + struct bpf_d + *bpf_d + struct label + *label + + + + + + &mac.thead; + + + + bpf_d + Object; bpf descriptor + + + + label + New label to apply + + + + + + Initialize the label on a newly instantiated bpfdesc (BPF + descriptor) + + + + <function>&mac.mpo;_init_cred_label</function> + + + + void + &mac.mpo;_init_cred_label + + struct label + *label + + + + + + &mac.thead; + + + + label + New label to initialize + + + + + + Initialize the label for a newly instantiated + user credential. + + + + <function>&mac.mpo;_init_devfsdirent_label</function> + + + + void + &mac.mpo;_init_devfsdirent_label + + struct devfs_dirent + *devfs_dirent + struct label + *label + + + + + + &mac.thead; + + + + devfs_dirent + Object; devfs directory entry + + + + label + New label to apply + + + + + + Initialize the label on a newly instantiated devfs + entry. + + + + <function>&mac.mpo;_init_ifnet_label</function> + + + + void + &mac.mpo;_init_ifnet_label + + struct ifnet + *ifnet + struct label + *label + + + + + + &mac.thead; + + + + ifnet + Object; network interface + + + + label + New label to apply + + + + + + Initialize the label on a newly instantiated network + interface. + + + + <function>&mac.mpo;_init_ipq_label</function> + + + + void + &mac.mpo;_init_ipq_label + + struct ipq + *ipq + struct label + *label + + + + + + &mac.thead; + + + + ipq + Object; IP reassembly queue + + + + label + New label to apply + + + + + + Initialize the label on a newly instantiated IP fragment + reassembly queue. + + + + <function>&mac.mpo;_init_mbuf_label</function> + + + + void + &mac.mpo;_init_mbuf_label + + struct mbuf + *mbuf + int how + struct label + *label + + + + + + &mac.thead; + + + + mbuf + Object; mbuf + + + + how + Blocking/non-blocking &man.malloc.9;; see + below + + + + label + Policy label to initialize + + + + + Initialize the label on a newly instantiated mbuf packet + header (mbuf). The + how field may be one of + M_WAITOK and M_NOWAIT, and + should be employed to avoid performing a blocking + &man.malloc.9; during this initialization call. Mbuf + allocation frequently occurs in performance sensitive + environments, and the implementation should be careful to + avoid blocking or long-lived operations. This entry point + is permitted to fail resulting in the failure to allocate + the mbuf header. + + + + <function>&mac.mpo;_init_mount_label</function> + + + + void + &mac.mpo;_init_mount_label + + struct mount + *mount + struct label + *mntlabel + struct label + *fslabel + + + + + + + &mac.thead; + + + + mount + Object; file system mount point + + + + mntlabel + Policy label to be initialized for the mount + itself + + + + fslabel + Policy label to be initialized for the file + system + + + + + + Initialize the labels on a newly instantiated mount + point. + + + + <function>&mac.mpo;_init_mount_fs_label</function> + + + + void + &mac.mpo;_init_mount_fs_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Label to be initialized + + + + + + Initialize the label on a newly mounted file + system. + + + + <function>&mac.mpo;_init_pipe_label</function> + + + + void + &mac.mpo;_init_pipe_label + + struct + label*label + + + + + + &mac.thead; + + + + label + Label to be filled in + + + + + Initialize a label for a newly instantiated pipe. + + + + <function>&mac.mpo;_init_socket_label</function> + + + + void + &mac.mpo;_init_socket_label + + struct label + *label + int flag + + + + + + &mac.thead; + + + + label + New label to initialize + + + + flag + &man.malloc.9; flags + + + + + + Initialize a label for a newly instantiated + socket. + + + + <function>&mac.mpo;_init_socket_peer_label</function> + + + + void + &mac.mpo;_init_socket_peer_label + + struct label + *label + int flag + + + + + + &mac.thead; + + + + label + New label to initialize + + + + flag + &man.malloc.9; flags + + + + + + Initialize the peer label for a newly instantiated + socket. + + + + <function>&mac.mpo;_init_proc_label</function> + + + + void + &mac.mpo;_init_proc_label + + struct label + *label + + + + + + &mac.thead; + + + + label + New label to initialize + + + + + + Initialize the label for a newly instantiated + process. + + + + + <function>&mac.mpo;_init_vnode_label</function> + + + + void + &mac.mpo;_init_vnode_label + + struct vnode + *vp + struct label + *label + + + + + + &mac.thead; + + + + vp + Object; file system object + + + + label + New label to initialize + + + + + + Initialize the label on a newly instantiated vnode. + + + <function>&mac.mpo;_destroy_bpfdesc_label</function> + + + + void + &mac.mpo;_destroy_bpfdesc_label + + struct label + *label + + + + + + &mac.thead; + + + + label + bpfdesc label + + + + + + Destroy the label on a bpf descriptor. In this entry + point a policy should free any internal storage associated + with label so that it may be + destroyed. + + + + <function>&mac.mpo;_destroy_cred_label</function> + + + + void + &mac.mpo;_destroy_cred_label + + struct ucred + *cred + struct label + *label + + + + + + &mac.thead; + + + + cred + Subject; user credential + + + + label + Label being destroyed + + + + + + Destroy the label on a credential. In this entry point, + a policy module should free any internal storage associated + with label so that it may be + destroyed. + + + + + <function>&mac.mpo;_destroy_devfsdirent_label</function> + + + + void + &mac.mpo;_destroy_devfsdirent_label + + struct devfs_dirent + *devfs_dirent + struct label + *label + + + + + + &mac.thead; + + + + devfs_dirent + Object; devfs directory entry + + + + label + Label being destroyed + + + + + + Destroy the label on a devfs entry. In this entry + point, a policy module should free any internal storage + asociated with label so that it may + be destroyed. + + + + <function>&mac.mpo;_destroy_ifnet_label</function> + + + + void + &mac.mpo;_destroy_ifnet_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Label being destroyed + + + + + + Destroy the label on a removed interface. In this entry + point, a policy module should free any internal storage + associated with label so that it may + be destroyed. + + + + <function>&mac.mpo;_destroy_ipq_label</function> + + + + void + &mac.mpo;_destroy_ipq_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Label being destroyed + + + + + + Destroy the label on an IP fragment queue. In this + entry point, a policy module should free any internal + storage associated with label so that + it may be destroyed. + + + + <function>&mac.mpo;_destroy_mbuf_label</function> + + + + void + &mac.mpo;_destroy_mbuf_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Label being destroyed + + + + + + Destroy the label on an mbuf header. In this entry + point, a policy module should free any internal storage + associated with label so that it may + be destroyed. + + + + <function>&mac.mpo;_destroy_mount_label</function> + + + + void + &mac.mpo;_destroy_mount_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Mount point label being destroyed + + + + + + Destroy the labels on a mount point. In this entry + point, a policy module should free the internal storage + associated with mntlabel so that they + may be destroyed. + + + + <function>&mac.mpo;_destroy_mount_label</function> + + + + void + &mac.mpo;_destroy_mount_label + + struct mount + *mp + struct label + *mntlabel + struct label + *fslabel + + + + + + &mac.thead; + + + + mp + Object; file system mount point + + + + mntlabel + Mount point label being destroyed + + + + fslabel + File system label being destroyed> + + + + + + Destroy the labels on a mount point. In this entry + point, a policy module should free the internal storage + associated with mntlabel and + fslabel so that they may be + destroyed. + + + + <function>&mac.mpo;_destroy_socket_label</function> + + + + void + &mac.mpo;_destroy_socket_label + + struct label + *label + + + + + + + &mac.thead; + + + + label + Socket label being destroyed + + + + + + + Destroy the label on a socket. In this entry point, a + policy module should free any internal storage associated + with label so that it may be + destroyed. + + + + <function>&mac.mpo;_destroy_socket_peer_label</function> + + + + void + &mac.mpo;_destroy_socket_peer_label + + struct label + *peerlabel + + + + + + &mac.thead; + + + + peerlabel + Socket peer label being destroyed + + + + + + Destroy the peer label on a socket. In this entry + point, a policy module should free any internal storage + associated with label so that it may + be destroyed. + + + + <function>&mac.mpo;_destroy_pipe_label</function> + + + + void + &mac.mpo;_destroy_pipe_label + + struct label + *label + + + + + + &mac.thead; + + + + label + Pipe label + + + + + + Destroy the label on a pipe. In this entry point, a + policy module should free any internal storage associated + with label so that it may be + destroyed. + + + + <function>&mac.mpo;_destroy_proc_label</function> + + + + void + &mac.mpo;_destroy_proc_label + struct label + *label + + + + + + &mac.thead; + + + >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message