From owner-p4-projects  Thu Aug  1 18: 5:16 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1002737B406; Thu,  1 Aug 2002 18:05:06 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3364637B401
	for <perforce@freebsd.org>; Thu,  1 Aug 2002 18:05:05 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C4AC543E4A
	for <perforce@freebsd.org>; Thu,  1 Aug 2002 18:05:04 -0700 (PDT)
	(envelope-from cvance@tislabs.com)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g72154JU089868
	for <perforce@freebsd.org>; Thu, 1 Aug 2002 18:05:04 -0700 (PDT)
	(envelope-from cvance@tislabs.com)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g72154i9089777
	for perforce@freebsd.org; Thu, 1 Aug 2002 18:05:04 -0700 (PDT)
Date: Thu, 1 Aug 2002 18:05:04 -0700 (PDT)
Message-Id: <200208020105.g72154i9089777@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to cvance@tislabs.com using -f
From: Chris Vance <cvance@FreeBSD.org>
Subject: PERFORCE change 15425 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15425

Change 15425 by cvance@cvance_laptop on 2002/08/01 18:04:47

	Add support for a basic mac_policy syscall handler.
	Things to think about: 
	    - who guarantees MPSAFE, trustedbsd harness or the modules?  
	    - the module must perform the copyin on the arg parameter.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 edit
.. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 (text+ko) ====

@@ -363,6 +363,9 @@
 			 * that all enumerated values are handled.
 			 */
 			break;
+		case MAC_SYSCALL:
+			mpc->mpc_ops->mpo_mac_policy =
+			    mpe->mpe_function;
 		case MAC_DESTROY:
 			mpc->mpc_ops->mpo_destroy =
 			    mpe->mpe_function;
@@ -3060,6 +3063,40 @@
 	return (error);
 }
 
+/*
+ * MPSAFE
+ */
+int
+mac_policy(struct thread *td, struct mac_policy_args *uap)
+{
+	int error;
+	char target[128]; /* TBD: should be MAX_MAXNAME or some such */
+	struct mac_policy_conf *mpc;
+
+	error = copyinstr(uap->policy, target, sizeof(target), NULL);
+	if (error == ENAMETOOLONG) {
+		return (EINVAL);
+	}
+	if (error) {
+		return (error);
+	}
+
+	error = ENOSYS;
+	MAC_POLICY_LIST_BUSY();
+	LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+		if (strcmp(mpc->mpc_name, target) == 0 &&
+			mpc->mpc_ops->mpo_mac_policy) {
+			error = mpc->mpc_ops->mpo_mac_policy(SCARG(uap, call),
+							     SCARG(uap, arg));
+			goto out;
+		}
+	}
+
+ out:
+	MAC_POLICY_LIST_UNBUSY();
+	return (error);
+}
+
 SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
 SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
 
@@ -3107,4 +3144,11 @@
 	return (ENOSYS);
 }
 
+int
+mac_policy(struct thread *td, struct mac_policy *uap)
+{
+
+	return (ENOSYS);
+}
+
 #endif /* !MAC */

==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 (text+ko) ====

@@ -567,5 +567,5 @@
 392	STD	BSD	{ int uuidgen(struct uuid *store, int count); }
 393	MSTD	BSD	{ int sendfile(int fd, int s, off_t offset, size_t nbytes, \
 				struct sf_hdtr *hdtr, off_t *sbytes, int flags); }
-394	MNOIMPL	BSD	{ int mac_policy(const char *policy, int call, \
+394	MSTD	BSD	{ int mac_policy(const char *policy, int call, \
 				void *arg); }

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 (text+ko) ====


==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 (text+ko) ====

@@ -63,6 +63,11 @@
 	void	(*mpo_init)(struct mac_policy_conf *mpc);
 
 	/*
+	 * Generic policy-directed security syscall
+	 */
+	int	(*mpo_mac_policy)(int call, void *arg);
+
+	/*
 	 * Label operations.
 	 */
 	void	(*mpo_init_bpfdesc)(struct bpf_d *, struct label *label);
@@ -330,6 +335,7 @@
 
 enum mac_op_constant {
 	MAC_OP_LAST,
+	MAC_SYSCALL,
 	MAC_DESTROY,
 	MAC_INIT,
 	MAC_INIT_BPFDESC,

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message