Date: Thu, 1 Aug 2002 18:05:04 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15425 for review Message-ID: <200208020105.g72154i9089777@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15425 Change 15425 by cvance@cvance_laptop on 2002/08/01 18:04:47 Add support for a basic mac_policy syscall handler. Things to think about: - who guarantees MPSAFE, trustedbsd harness or the modules? - the module must perform the copyin on the arg parameter. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 edit .. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#225 (text+ko) ==== @@ -363,6 +363,9 @@ * that all enumerated values are handled. */ break; + case MAC_SYSCALL: + mpc->mpc_ops->mpo_mac_policy = + mpe->mpe_function; case MAC_DESTROY: mpc->mpc_ops->mpo_destroy = mpe->mpe_function; @@ -3060,6 +3063,40 @@ return (error); } +/* + * MPSAFE + */ +int +mac_policy(struct thread *td, struct mac_policy_args *uap) +{ + int error; + char target[128]; /* TBD: should be MAX_MAXNAME or some such */ + struct mac_policy_conf *mpc; + + error = copyinstr(uap->policy, target, sizeof(target), NULL); + if (error == ENAMETOOLONG) { + return (EINVAL); + } + if (error) { + return (error); + } + + error = ENOSYS; + MAC_POLICY_LIST_BUSY(); + LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { + if (strcmp(mpc->mpc_name, target) == 0 && + mpc->mpc_ops->mpo_mac_policy) { + error = mpc->mpc_ops->mpo_mac_policy(SCARG(uap, call), + SCARG(uap, arg)); + goto out; + } + } + + out: + MAC_POLICY_LIST_UNBUSY(); + return (error); +} + SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL); SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL); @@ -3107,4 +3144,11 @@ return (ENOSYS); } +int +mac_policy(struct thread *td, struct mac_policy *uap) +{ + + return (ENOSYS); +} + #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#21 (text+ko) ==== @@ -567,5 +567,5 @@ 392 STD BSD { int uuidgen(struct uuid *store, int count); } 393 MSTD BSD { int sendfile(int fd, int s, off_t offset, size_t nbytes, \ struct sf_hdtr *hdtr, off_t *sbytes, int flags); } -394 MNOIMPL BSD { int mac_policy(const char *policy, int call, \ +394 MSTD BSD { int mac_policy(const char *policy, int call, \ void *arg); } ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#141 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#106 (text+ko) ==== @@ -63,6 +63,11 @@ void (*mpo_init)(struct mac_policy_conf *mpc); /* + * Generic policy-directed security syscall + */ + int (*mpo_mac_policy)(int call, void *arg); + + /* * Label operations. */ void (*mpo_init_bpfdesc)(struct bpf_d *, struct label *label); @@ -330,6 +335,7 @@ enum mac_op_constant { MAC_OP_LAST, + MAC_SYSCALL, MAC_DESTROY, MAC_INIT, MAC_INIT_BPFDESC, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208020105.g72154i9089777>