From owner-p4-projects Mon Aug 26 13: 5:38 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8BC1D37B405; Mon, 26 Aug 2002 13:04:51 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EED537B400 for ; Mon, 26 Aug 2002 13:04:51 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8E2A43E7B for ; Mon, 26 Aug 2002 13:04:50 -0700 (PDT) (envelope-from green@freebsd.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7QK4oJU007840 for ; Mon, 26 Aug 2002 13:04:50 -0700 (PDT) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7QK4orU007834 for perforce@freebsd.org; Mon, 26 Aug 2002 13:04:50 -0700 (PDT) Date: Mon, 26 Aug 2002 13:04:50 -0700 (PDT) Message-Id: <200208262004.g7QK4orU007834@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 16600 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16600 Change 16600 by green@green_laptop_2 on 2002/08/26 13:04:05 Snapshot changes to make TrustedBSD/Lomac PLM work. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.c#2 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.h#2 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/policy_plm.h#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.c#2 (text+ko) ==== @@ -95,7 +95,8 @@ struct lomac_node_entry lomac_node_entry_root = { SLIST_HEAD_INITIALIZER(lomac_node_entry), { NULL }, - LN_HIGHEST_LEVEL | LN_INHERIT_HIGH, + {}, /* finish filling in during lomac_plm_initialize() */ + {}, "/" }; @@ -130,21 +131,22 @@ * This is called from inside getnewvnode() before the vnode is in use. */ void -lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct vnode *vp, - struct componentname *cnp, lattr_t *subjlattr) { - struct lomac_node *ln = VTOLOMAC(vp); +lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct lomac_node *dln, + struct vnode *vp, struct lomac_node *ln, struct componentname *cnp) +{ struct lomac_node_entry *mlne = NULL; /* * Only "/" has no parent, so inherit directly from our PLM root. */ if (dvp == NULL) { - ln->ln_flags = lomac_node_entry_root.ln_flags; + mac_biba_copy(&lomac_node_entry_root.ln_child_label, + &ln->ln_child_label); + mac_biba_copy(&lomac_node_entry_root.ln_label, + &ln->ln_label); ln->ln_entry = ln->ln_underpolicy = &lomac_node_entry_root; } else { - struct lomac_node *dln = VTOLOMAC(dvp); struct lomac_node_entry *dlne = dln->ln_entry; - int fixup_inherit = 0; /* * If we have no directory-specific entry, we inherit @@ -153,64 +155,40 @@ * from the corresponding lomac_node_entry. */ if (dlne == NULL) { - ln->ln_flags = dln->ln_flags & LN_INHERIT_MASK; - fixup_inherit = 1; + mac_biba_copy(&dln->ln_child_label, + &ln->ln_child_label); + mac_biba_copy(&dln->ln_child_label, &ln->ln_label); ln->ln_underpolicy = dln->ln_underpolicy; ln->ln_entry = NULL; } else if ((mlne = lomac_plm_subtree_find_cnp(dlne, cnp)) == NULL) { - ln->ln_flags = dlne->ln_flags & LN_INHERIT_MASK; - fixup_inherit = 2; + mac_biba_copy(&dlne->ln_child_label, + &ln->ln_child_label); + mac_biba_copy(&dlne->ln_child_label, &ln->ln_label); ln->ln_underpolicy = dlne; ln->ln_entry = NULL; +#ifdef notyet + ln->ln_flags |= + (dlne->ln_flags & LN_CHILD_ATTR_MASK) >> + LN_CHILD_ATTR_SHIFT; +#endif } else { + mac_biba_copy(&mlne->ln_child_label, + &ln->ln_child_label); + mac_biba_copy(&mlne->ln_label, &ln->ln_label); ln->ln_entry = ln->ln_underpolicy = mlne; } - if (fixup_inherit) { - switch (ln->ln_flags) { - case LN_INHERIT_LOW: - ln->ln_flags |= LN_LOWEST_LEVEL; - break; - case LN_INHERIT_SUBJ: - if (subjlattr->level == LOMAC_HIGHEST_LEVEL) - ln->ln_flags |= LN_HIGHEST_LEVEL; - else { - ln->ln_flags &= ~LN_INHERIT_MASK; - ln->ln_flags |= LN_INHERIT_LOW | - LN_LOWEST_LEVEL; - } - break; - case LN_INHERIT_HIGH: - ln->ln_flags |= LN_HIGHEST_LEVEL; - break; - } - if (fixup_inherit == 2) - ln->ln_flags |= - (dlne->ln_flags & LN_CHILD_ATTR_MASK) >> - LN_CHILD_ATTR_SHIFT; - } else { - /* this is the only case where mlne != NULL */ - ln->ln_flags &= ~(LN_INHERIT_MASK | LN_ATTR_MASK); - ln->ln_flags |= mlne->ln_flags & - (LN_INHERIT_MASK | LN_ATTR_MASK); - if ((mlne->ln_flags & LN_LEVEL_MASK) == - LN_SUBJ_LEVEL) { - if (subjlattr->level == LOMAC_HIGHEST_LEVEL) - ln->ln_flags |= LN_HIGHEST_LEVEL; - else - ln->ln_flags |= LN_LOWEST_LEVEL; - } else - ln->ln_flags |= mlne->ln_flags & LN_LEVEL_MASK; - } } - KASSERT(ln->ln_flags & LN_LEVEL_MASK, ("lomac_node has no level")); - KASSERT(ln->ln_flags & LN_INHERIT_MASK, ("lomac_node has no inherit")); + KASSERT(ln->ln_label.mb_flags & MAC_BIBA_FLAG_SINGLE, + ("lomac_node has no level")); + KASSERT(ln->ln_child_label.mb_flags & MAC_BIBA_FLAG_SINGLE, + ("lomac_node has no inherit")); #ifdef INVARIANTS if (mlne != NULL) { - KASSERT(mlne->ln_flags & LN_LEVEL_MASK, + KASSERT(mlne->ln_label.mb_flags & MAC_BIBA_FLAG_SINGLE, ("lomac_node_entry has no level")); - KASSERT(mlne->ln_flags & LN_INHERIT_MASK, + KASSERT(mlne->ln_child_label.mb_flags & MAC_BIBA_FLAG_SINGLE, ("lomac_node_entry has no inherit")); } #endif /* INVARIANTS */ @@ -225,35 +203,12 @@ lne = malloc(sizeof(*lne), M_LOMACPLM, M_WAITOK); bcopy(&head_init, &lne->ln_children, sizeof(head_init)); lne->ln_name = name; - lne->ln_flags = plne->ln_flags & LN_INHERIT_MASK; - switch (lne->ln_flags) { - case LN_INHERIT_LOW: - lne->ln_flags |= LN_LOWEST_LEVEL; - break; - case LN_INHERIT_HIGH: - lne->ln_flags |= LN_HIGHEST_LEVEL; - break; - case LN_INHERIT_SUBJ: - lne->ln_flags |= LN_SUBJ_LEVEL; - break; - } + mac_biba_copy(&plne->ln_child_label, &lne->ln_child_label); + mac_biba_copy(&plne->ln_child_label, &lne->ln_label); SLIST_INSERT_HEAD(&plne->ln_children, lne, ln_chain); return (lne); } -static void -lomac_plm_subtree_free(struct lomac_node_entry *lneself) { - struct lomac_node_entry_head *head = &lneself->ln_children; - struct lomac_node_entry *lne; - - while (!SLIST_EMPTY(head)) { - lne = SLIST_FIRST(head); - SLIST_REMOVE_HEAD(head, ln_chain); - lomac_plm_subtree_free(lne); - } - free(lneself, M_LOMACPLM); -} - struct string_list { SLIST_ENTRY(string_list) entries; char string[1]; @@ -272,29 +227,15 @@ return (sl->string); } -static void -lomac_plm_uninitialize(void) { - struct lomac_node_entry_head *head = &lomac_node_entry_root.ln_children; - struct lomac_node_entry *lne; - struct string_list *sl; - - while (!SLIST_EMPTY(head)) { - lne = SLIST_FIRST(head); - SLIST_REMOVE_HEAD(head, ln_chain); - lomac_plm_subtree_free(lne); - } - while (!SLIST_EMPTY(&string_list_head)) { - sl = SLIST_FIRST(&string_list_head); - SLIST_REMOVE_HEAD(&string_list_head, entries); - free(sl, M_LOMACPLM); - } -} - static int lomac_plm_initialize(void) { struct lomac_node_entry *plne, *lne; plm_rule_t *pr; + mac_biba_set_single(&lomac_node_entry_root.ln_label, + MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(&lomac_node_entry_root.ln_child_label, + MAC_BIBA_TYPE_HIGH, 0); for (pr = plm; pr->path != NULL; pr++) { char *path; char *comp; @@ -339,44 +280,18 @@ } lne->ln_path = pr->path; if (pr->flags == PLM_NOFLAGS) - lne->ln_flags &= ~LN_LEVEL_MASK; + mac_biba_set_single(&lne->ln_label, pr->type, + pr->grade); else - lne->ln_flags &= ~LN_INHERIT_MASK; - lne->ln_flags |= - plm_levelflags_to_node_flags[pr->level][pr->flags]; + mac_biba_set_single(&lne->ln_child_label, pr->type, + pr->grade); +#ifdef notyet if (pr->flags == PLM_NOFLAGS) lne->ln_flags |= pr->attr; else lne->ln_flags |= (pr->attr & LN_ATTR_MASK) << LN_CHILD_ATTR_SHIFT; +#endif } return (0); } - -int lomac_plm_initialized = 0; - -static int -lomac_plm_modevent(module_t module, int event, void *unused) { - int error = 0; - - switch ((enum modeventtype)event) { - case MOD_LOAD: - error = lomac_plm_initialize(); - if (error == 0) - lomac_plm_initialized = 1; - break; - case MOD_UNLOAD: - lomac_plm_uninitialize(); - case MOD_SHUTDOWN: - break; - } - return (error); -} - -static moduledata_t lomac_plm_moduledata = { - "lomac_plm", - &lomac_plm_modevent, - NULL -}; -DECLARE_MODULE(lomac_plm, lomac_plm_moduledata, SI_SUB_VFS, SI_ORDER_ANY); -MODULE_VERSION(lomac_plm, 1); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/kernel_plm.h#2 (text+ko) ==== @@ -38,7 +38,40 @@ #ifndef KERNEL_PLM_H #define KERNEL_PLM_H -extern int lomac_plm_initialized; /* set to 1 if successfully initialized */ +/* + * This is the "placeholder" structure initialized from the PLM that + * holds the level information for all named objects. + */ +struct lomac_node_entry { + SLIST_HEAD(lomac_node_entry_head, lomac_node_entry) ln_children; + SLIST_ENTRY(lomac_node_entry) ln_chain; /* chain of current level */ + struct mac_biba ln_label; /* label for this node */ + struct mac_biba ln_child_label; /* label for this node's children */ +#if 0 +#define LN_CHILD_ATTR_LOWWRITE 0x0200 /* lower levels may write to */ +#define LN_CHILD_ATTR_LOWNOOPEN 0x0400 /* lower levels may not open */ +#define LN_CHILD_ATTR_NONETDEMOTE 0x0800 /* will not demote on net read */ +#define LN_CHILD_ATTR_NODEMOTE 0x1000 /* subject won't demote on other read */ + u_int ln_flags; +#endif + char *ln_name; /* last component name (to search) */ + const char *ln_path; /* in "stable" storage */ +}; + +/* + * Make certain the mac_biba is at the beginning so we can use obscene + * coding practices for the time being and pretend they're equal for + * vnodes. + */ +struct lomac_node { + struct mac_biba ln_label; + struct mac_biba ln_child_label; + /* What's the last node explicitly specifying policy for this? */ + struct lomac_node_entry *ln_underpolicy; + /* If non-NULL, this corresponds 1:1 to a specific PLM node entry. */ + struct lomac_node_entry *ln_entry; +}; + void lomac_plm_init_lomacfs_vnode(struct vnode *dvp, struct vnode *vp, struct componentname *cnp, lattr_t *subjlattr); ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/policy_plm.h#2 (text+ko) ==== @@ -38,11 +38,9 @@ #ifndef LOMAC_PLM_H #define LOMAC_PLM_H -enum plm_level { - LOW, - SUBJ, - HIGH -}; +#define LOW MAC_BIBA_TYPE_LOW, 0 +#define HIGH MAC_BIBA_TYPE_HIGH, 0 +#define SUBJ MAC_BIBA_TYPE_EQUAL, 0 enum plm_flags { PLM_NOFLAGS, /* rule applies to this node and its children */ PLM_CHILDOF /* rule applies to node's children, not the node */ @@ -52,14 +50,10 @@ #define NONETDEMOTE LN_ATTR_NONETDEMOTE #define NODEMOTE LN_ATTR_NODEMOTE -static u_int plm_levelflags_to_node_flags[3][2] = { - { LN_LOWEST_LEVEL, LN_INHERIT_LOW }, - { LN_SUBJ_LEVEL, LN_INHERIT_SUBJ }, - { LN_HIGHEST_LEVEL, LN_INHERIT_HIGH } -}; - typedef struct plm_rule { - enum plm_level level; /* LOMAC level */ + /* struct mac_biba_element ... */ + u_short type; /* same as mbe_type */ + u_short grade; /* same as mbe_grade */ enum plm_flags flags; /* flags for PLM evaluation */ unsigned int attr; /* LN_ATTR_MASK of flags */ const char *path; /* absolute path for this PLM rule */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message