From owner-p4-projects@FreeBSD.ORG Wed Feb 9 20:08:51 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7B8AF16A4D0; Wed, 9 Feb 2005 20:08:51 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2735016A4CE for ; Wed, 9 Feb 2005 20:08:51 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1F8743D48 for ; Wed, 9 Feb 2005 20:08:50 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j19K8oPs009064 for ; Wed, 9 Feb 2005 20:08:50 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j19K8o15009061 for perforce@freebsd.org; Wed, 9 Feb 2005 20:08:50 GMT (envelope-from areisse@nailabs.com) Date: Wed, 9 Feb 2005 20:08:50 GMT Message-Id: <200502092008.j19K8o15009061@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 70719 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 20:08:52 -0000 http://perforce.freebsd.org/chv.cgi?CH=70719 Change 70719 by areisse@areisse_tislabs on 2005/02/09 20:07:57 Remove usused capabilities (CAP_MAC_*, CAP_INF_*, CAP_LINK_DIR) and renumber some of the others so that there are less than 32 and the masks all fit in a uint32_t. Use a 32-bit access_vector_t. This makes the binary policy format compatible with selinux (versions 15-18). Old FreeBSD policies are not compatible with this change, and must be rebuilt with either an updated sebsd_checkpolicy, or checkpolicy from selinux. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 (text+ko) ==== @@ -58,38 +58,16 @@ return ("CAP_FSETID"); case CAP_KILL: return ("CAP_KILL"); - case CAP_LINK_DIR: - return ("CAP_LINK_DIR"); case CAP_SETFCAP: return ("CAP_SETFCAP"); case CAP_SETGID: return ("CAP_SETGID"); case CAP_SETUID: return ("CAP_SETUID"); - case CAP_MAC_DOWNGRADE: - return ("CAP_MAC_DOWNGRADE"); - case CAP_MAC_READ: - return ("CAP_MAC_READ"); - case CAP_MAC_RELABEL_SUBJ: - return ("CAP_MAC_RELABEL_SUBJ"); - case CAP_MAC_UPGRADE: - return ("CAP_MAC_UPGRADE"); - case CAP_MAC_WRITE: - return ("CAP_MAC_WRITE"); - case CAP_INF_NOFLOAT_OBJ: - return ("CAP_INF_NOFLOAT_OBJ"); - case CAP_INF_NOFLOAT_SUBJ: - return ("CAP_INF_NOFLOAT_SUBJ"); - case CAP_INF_RELABEL_OBJ: - return ("CAP_INF_RELABEL_OBJ"); - case CAP_INF_RELABEL_SUBJ: - return ("CAP_INF_RELABEL_SUBJ"); case CAP_AUDIT_CONTROL: return ("CAP_AUDIT_CONTROL"); case CAP_AUDIT_WRITE: return ("CAP_AUDIT_WRITE"); - case CAP_SETPCAP: - return ("CAP_SETPCAP"); case CAP_SYS_SETFFLAG: return ("CAP_SYS_SETFFLAG"); case CAP_NET_BIND_SERVICE: ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 (text+ko) ==== @@ -56,7 +56,7 @@ * for permissions are defined in the automatically generated * header file av_permissions.h. */ -typedef u64 access_vector_t; +typedef u32 access_vector_t; /* * Each object class is identified by a fixed-size value. ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 (text+ko) ==== @@ -336,23 +336,15 @@ printk(KERN_ERR "security: avtab: entry has both access vectors and types\n"); goto bad; } + + if (avdatum->specified & AVTAB_AV) { - - if (avdatum->specified & AVTAB_ALLOWED) { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_allowed(avdatum) = (((u64) b1) << 32) | b2; - } - if (avdatum->specified & AVTAB_AUDITDENY) { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_auditdeny(avdatum) = (((u64) b1) << 32) | b2; - } - if (avdatum->specified & AVTAB_AUDITALLOW) { - u32 b1 = le32_to_cpu (buf[items++]); - u32 b2 = le32_to_cpu (buf[items++]); - avtab_auditallow(avdatum) = (((u64) b1) << 32) | b2; - } + if (avdatum->specified & AVTAB_ALLOWED) + avtab_allowed(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITDENY) + avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]); + if (avdatum->specified & AVTAB_AUDITALLOW) + avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]); } else { if (avdatum->specified & AVTAB_TRANSITION) avtab_transition(avdatum) = le32_to_cpu(buf[items++]); ==== //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 (text+ko) ==== @@ -113,21 +113,11 @@ #define CAP_FOWNER (0x0000000000000010) #define CAP_FSETID (0x0000000000000020) #define CAP_KILL (0x0000000000000040) -#define CAP_LINK_DIR (0x0000000000000080) -#define CAP_SETFCAP (0x0000000000000100) -#define CAP_SETGID (0x0000000000000200) -#define CAP_SETUID (0x0000000000000400) -#define CAP_MAC_DOWNGRADE (0x0000000000000800) -#define CAP_MAC_READ (0x0000000000001000) -#define CAP_MAC_RELABEL_SUBJ (0x0000000000002000) -#define CAP_MAC_UPGRADE (0x0000000000004000) -#define CAP_MAC_WRITE (0x0000000000008000) -#define CAP_INF_NOFLOAT_OBJ (0x0000000000010000) -#define CAP_INF_NOFLOAT_SUBJ (0x0000000000020000) -#define CAP_INF_RELABEL_OBJ (0x0000000000040000) -#define CAP_INF_RELABEL_SUBJ (0x0000000000080000) -#define CAP_AUDIT_CONTROL (0x0000000000100000) -#define CAP_AUDIT_WRITE (0x0000000000200000) +#define CAP_SETFCAP (0x0000000000000080) +#define CAP_SETGID (0x0000000000000100) +#define CAP_SETUID (0x0000000000000200) +#define CAP_AUDIT_CONTROL (0x0000000000000400) +#define CAP_AUDIT_WRITE (0x0000000000000800) /* * The following is no longer functional. @@ -137,49 +127,44 @@ * We do not support modifying the capabilities of other processes, as Linux * (from which this one originated) does. */ -#define CAP_SETPCAP (0x0000000000400000) -/* This is unallocated: */ -#define CAP_XXX_INVALID1 (0x0000000000800000) -#define CAP_SYS_SETFFLAG (0x0000000001000000) +/*#define CAP_SETPCAP (0x0000000000002000)*/ +#define CAP_SYS_SETFFLAG (0x0000000000001000) /* * The CAP_LINUX_IMMUTABLE flag approximately maps into the * general file flag setting capability in BSD. Therefore, for * compatibility, map the constants. */ #define CAP_LINUX_IMMUTABLE CAP_SYS_SETFFLAG -#define CAP_NET_BIND_SERVICE (0x0000000002000000) -#define CAP_NET_BROADCAST (0x0000000004000000) -#define CAP_NET_ADMIN (0x0000000008000000) -#define CAP_NET_RAW (0x0000000010000000) -#define CAP_IPC_LOCK (0x0000000020000000) -#define CAP_IPC_OWNER (0x0000000040000000) +#define CAP_NET_BIND_SERVICE (0x0000000000002000) +#define CAP_NET_BROADCAST (0x0000000000004000) +#define CAP_NET_ADMIN (0x0000000000008000) +#define CAP_NET_RAW (0x0000000000010000) +#define CAP_IPC_LOCK (0x0000000000020000) +#define CAP_IPC_OWNER (0x0000000000040000) /* * The following capabilities, borrowed from Linux, are unsafe in a * secure environment. */ -#define CAP_SYS_MODULE (0x0000000080000000) -#define CAP_SYS_RAWIO (0x0000000100000000) -#define CAP_SYS_CHROOT (0x0000000200000000) -#define CAP_SYS_PTRACE (0x0000000400000000) -#define CAP_SYS_PACCT (0x0000000800000000) -#define CAP_SYS_ADMIN (0x0000001000000000) +#define CAP_SYS_MODULE (0x0000000000080000) +#define CAP_SYS_RAWIO (0x0000000000100000) +#define CAP_SYS_CHROOT (0x0000000000200000) +#define CAP_SYS_PTRACE (0x0000000000400000) +#define CAP_SYS_PACCT (0x0000000000800000) +#define CAP_SYS_ADMIN (0x0000000001000000) /* * Back to the safe ones, again. */ -#define CAP_SYS_BOOT (0x0000002000000000) -#define CAP_SYS_NICE (0x0000004000000000) -#define CAP_SYS_RESOURCE (0x0000008000000000) -#define CAP_SYS_TIME (0x0000010000000000) -#define CAP_SYS_TTY_CONFIG (0x0000020000000000) -#define CAP_MKNOD (0x0000040000000000) +#define CAP_SYS_BOOT (0x0000000002000000) +#define CAP_SYS_NICE (0x0000000004000000) +#define CAP_SYS_RESOURCE (0x0000000008000000) +#define CAP_SYS_TIME (0x0000000010000000) +#define CAP_SYS_TTY_CONFIG (0x0000000020000000) +#define CAP_MKNOD (0x0000000040000000) #define CAP_MAX_ID CAP_MKNOD #define CAP_ALL_ON (CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \ CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \ - CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \ - CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \ - CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \ - CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \ + CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_AUDIT_CONTROL | \ CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \ CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \ CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \