From owner-p4-projects Mon Oct 21 12:39:16 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id AE81837B404; Mon, 21 Oct 2002 12:38:55 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 441F637B401 for ; Mon, 21 Oct 2002 12:38:55 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74C6343E6A for ; Mon, 21 Oct 2002 12:38:54 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9LJcOmV027089 for ; Mon, 21 Oct 2002 12:38:24 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9LJcNdf027086 for perforce@freebsd.org; Mon, 21 Oct 2002 12:38:23 -0700 (PDT) Date: Mon, 21 Oct 2002 12:38:23 -0700 (PDT) Message-Id: <200210211938.g9LJcNdf027086@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 19821 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=19821 Change 19821 by rwatson@rwatson_paprika on 2002/10/21 12:38:00 Integ main FreeBSD tree into TrustedBSD base -- biba/mls loopback, largely. Affected files ... .. //depot/projects/trustedbsd/base/sys/fs/msdosfs/bootsect.h#3 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_mutex.c#18 integrate .. //depot/projects/trustedbsd/base/sys/kern/subr_disk.c#11 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#12 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#2 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#11 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#2 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac.h#10 integrate .. //depot/projects/trustedbsd/base/sys/sys/proc.h#25 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/fs/msdosfs/bootsect.h#3 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/fs/msdosfs/bootsect.h,v 1.9 2001/11/28 16:56:42 jhb Exp $ */ +/* $FreeBSD: src/sys/fs/msdosfs/bootsect.h,v 1.10 2002/10/21 19:00:50 jhb Exp $ */ /* $NetBSD: bootsect.h,v 1.9 1997/11/17 15:36:17 ws Exp $ */ /* @@ -59,7 +59,7 @@ struct bootsector710 { u_int8_t bsJump[3]; /* jump inst E9xxxx or EBxx90 */ int8_t bsOEMName[8]; /* OEM name and version */ - int8_t bsPBP[53]; /* BIOS parameter block */ + int8_t bsBPB[53]; /* BIOS parameter block */ int8_t bsExt[26]; /* Bootsector Extension */ int8_t bsBootCode[418]; /* pad so structure is 512b */ u_int8_t bsBootSectSig2; /* 2 & 3 are only defined for FAT32? */ ==== //depot/projects/trustedbsd/base/sys/kern/kern_mutex.c#18 (text+ko) ==== @@ -27,7 +27,7 @@ * * from BSDI $Id: mutex_witness.c,v 1.1.2.20 2000/04/27 03:10:27 cp Exp $ * and BSDI $Id: synch_machdep.c,v 2.3.2.39 2000/04/27 03:10:25 cp Exp $ - * $FreeBSD: src/sys/kern/kern_mutex.c,v 1.112 2002/10/12 05:32:23 jeff Exp $ + * $FreeBSD: src/sys/kern/kern_mutex.c,v 1.113 2002/10/21 18:48:28 des Exp $ */ /* @@ -215,14 +215,17 @@ &mutex_prof_enable, 0, "Enable tracing of mutex holdtime"); struct mutex_prof { - const char *name; - const char *file; - int line; + const char *name; + const char *file; + int line; + /* + * XXX should use specialized struct members instead of an array + * and these silly #defines. + */ #define MPROF_MAX 0 #define MPROF_TOT 1 #define MPROF_CNT 2 -#define MPROF_AVG 3 - uintmax_t counter[4]; + uintmax_t counter[3]; struct mutex_prof *next; }; @@ -232,10 +235,10 @@ * * Note: NUM_MPROF_BUFFERS must be smaller than MPROF_HASH_SIZE. */ -#define NUM_MPROF_BUFFERS 1000 +#define NUM_MPROF_BUFFERS 1000 static struct mutex_prof mprof_buf[NUM_MPROF_BUFFERS]; static int first_free_mprof_buf; -#define MPROF_HASH_SIZE 1009 +#define MPROF_HASH_SIZE 1009 static struct mutex_prof *mprof_hash[MPROF_HASH_SIZE]; static int mutex_prof_acquisitions; @@ -279,19 +282,27 @@ int error, i; if (first_free_mprof_buf == 0) - return SYSCTL_OUT(req, "No locking recorded", - sizeof("No locking recorded")); + return (SYSCTL_OUT(req, "No locking recorded", + sizeof("No locking recorded"))); sb = sbuf_new(NULL, NULL, 1024, SBUF_AUTOEXTEND); - sbuf_printf(sb, "%12s %12s %12s %12s %s\n", - "max", "total", "count", "average", "name"); + sbuf_printf(sb, "%6s %12s %11s %5s %s\n", + "max", "total", "count", "avg", "name"); + /* + * XXX this spinlock seems to be by far the largest perpetrator + * of spinlock latency (1.6 msec on an Athlon1600 was recorded + * even before I pessimized it further by moving the average + * computation here). + */ mtx_lock_spin(&mprof_mtx); for (i = 0; i < first_free_mprof_buf; ++i) - sbuf_printf(sb, "%12ju %12ju %12ju %12ju %s:%d (%s)\n", + sbuf_printf(sb, "%6ju %12ju %11ju %5ju %s:%d (%s)\n", mprof_buf[i].counter[MPROF_MAX] / 1000, mprof_buf[i].counter[MPROF_TOT] / 1000, mprof_buf[i].counter[MPROF_CNT], - mprof_buf[i].counter[MPROF_AVG] / 1000, + mprof_buf[i].counter[MPROF_CNT] == 0 ? (uintmax_t)0 : + mprof_buf[i].counter[MPROF_TOT] / + (mprof_buf[i].counter[MPROF_CNT] * 1000), mprof_buf[i].file, mprof_buf[i].line, mprof_buf[i].name); mtx_unlock_spin(&mprof_mtx); sbuf_finish(sb); @@ -299,7 +310,7 @@ sbuf_delete(sb); return (error); } -SYSCTL_PROC(_debug_mutex_prof, OID_AUTO, stats, CTLTYPE_STRING|CTLFLAG_RD, +SYSCTL_PROC(_debug_mutex_prof, OID_AUTO, stats, CTLTYPE_STRING | CTLFLAG_RD, NULL, 0, dump_mutex_prof_stats, "A", "Mutex profiling statistics"); #endif @@ -384,14 +395,12 @@ } /* * Record if the mutex has been held longer now than ever - * before + * before. */ - if ((now - acqtime) > mpp->counter[MPROF_MAX]) + if (now - acqtime > mpp->counter[MPROF_MAX]) mpp->counter[MPROF_MAX] = now - acqtime; mpp->counter[MPROF_TOT] += now - acqtime; - mpp->counter[MPROF_CNT] += 1; - mpp->counter[MPROF_AVG] = - mpp->counter[MPROF_TOT] / mpp->counter[MPROF_CNT]; + mpp->counter[MPROF_CNT]++; unlock: mtx_unlock_spin(&mprof_mtx); } ==== //depot/projects/trustedbsd/base/sys/kern/subr_disk.c#11 (text+ko) ==== @@ -6,7 +6,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- * - * $FreeBSD: src/sys/kern/subr_disk.c,v 1.63 2002/10/17 23:48:29 sobomax Exp $ + * $FreeBSD: src/sys/kern/subr_disk.c,v 1.64 2002/10/21 18:40:40 cognet Exp $ * */ @@ -22,7 +22,6 @@ #include #ifdef NO_GEOM #include -#include #include #include #include ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#12 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.22 2002/10/21 17:05:48 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.24 2002/10/21 18:42:00 rwatson Exp $ */ /* @@ -102,6 +102,10 @@ TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, sizeof(trusted_interfaces)); +static int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; +SYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, + &max_compartments, 0, "Maximum supported compartments"); + static int ptys_equal = 0; SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 0, "Label pty devices as biba/equal on create"); @@ -117,6 +121,16 @@ MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); +static __inline int +biba_bit_set_empty(u_char *set) { + int i; + + for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) + if (set[i] != 0) + return (0); + return (1); +} + static struct mac_biba * biba_alloc(int flag) { @@ -150,6 +164,7 @@ mac_biba_dominate_element(struct mac_biba_element *a, struct mac_biba_element *b) { + int bit; switch(a->mbe_type) { case MAC_BIBA_TYPE_EQUAL: @@ -180,6 +195,11 @@ return (0); case MAC_BIBA_TYPE_GRADE: + for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) + if (!MAC_BIBA_BIT_TEST(bit, + a->mbe_compartments) && + MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) + return (0); return (a->mbe_grade >= b->mbe_grade); default: @@ -310,7 +330,9 @@ case MAC_BIBA_TYPE_EQUAL: case MAC_BIBA_TYPE_HIGH: case MAC_BIBA_TYPE_LOW: - if (mac_biba->mb_single.mbe_grade != 0) + if (mac_biba->mb_single.mbe_grade != 0 || + !MAC_BIBA_BIT_SET_EMPTY( + mac_biba->mb_single.mbe_compartments)) return (EINVAL); break; @@ -330,7 +352,9 @@ case MAC_BIBA_TYPE_EQUAL: case MAC_BIBA_TYPE_HIGH: case MAC_BIBA_TYPE_LOW: - if (mac_biba->mb_rangelow.mbe_grade != 0) + if (mac_biba->mb_rangelow.mbe_grade != 0 || + !MAC_BIBA_BIT_SET_EMPTY( + mac_biba->mb_rangelow.mbe_compartments)) return (EINVAL); break; @@ -345,7 +369,9 @@ case MAC_BIBA_TYPE_EQUAL: case MAC_BIBA_TYPE_HIGH: case MAC_BIBA_TYPE_LOW: - if (mac_biba->mb_rangehigh.mbe_grade != 0) + if (mac_biba->mb_rangehigh.mbe_grade != 0 || + !MAC_BIBA_BIT_SET_EMPTY( + mac_biba->mb_rangehigh.mbe_compartments)) return (EINVAL); break; @@ -366,28 +392,42 @@ static void mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, - u_short gradelow, u_short typehigh, u_short gradehigh) + u_short gradelow, u_char *compartmentslow, u_short typehigh, + u_short gradehigh, u_char *compartmentshigh) { mac_biba->mb_rangelow.mbe_type = typelow; mac_biba->mb_rangelow.mbe_grade = gradelow; + if (compartmentslow != NULL) + memcpy(mac_biba->mb_rangelow.mbe_compartments, + compartmentslow, + sizeof(mac_biba->mb_rangelow.mbe_compartments)); mac_biba->mb_rangehigh.mbe_type = typehigh; mac_biba->mb_rangehigh.mbe_grade = gradehigh; + if (compartmentshigh != NULL) + memcpy(mac_biba->mb_rangehigh.mbe_compartments, + compartmentshigh, + sizeof(mac_biba->mb_rangehigh.mbe_compartments)); mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; } static void -mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) +mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade, + u_char *compartments) { mac_biba->mb_single.mbe_type = type; mac_biba->mb_single.mbe_grade = grade; + if (compartments != NULL) + memcpy(mac_biba->mb_single.mbe_compartments, compartments, + sizeof(mac_biba->mb_single.mbe_compartments)); mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; } static void mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) { + KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, ("mac_biba_copy_range: labelfrom not range")); @@ -407,19 +447,6 @@ labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; } -static void -mac_biba_copy_single_to_range(struct mac_biba *labelfrom, - struct mac_biba *labelto) -{ - - KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_copy_single_to_range: labelfrom not single")); - - labelto->mb_rangelow = labelfrom->mb_single; - labelto->mb_rangehigh = labelfrom->mb_single; - labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; -} - /* * Policy module operations. */ @@ -521,7 +548,7 @@ biba_type = MAC_BIBA_TYPE_EQUAL; else biba_type = MAC_BIBA_TYPE_HIGH; - mac_biba_set_single(mac_biba, biba_type, 0); + mac_biba_set_single(mac_biba, biba_type, 0, NULL); } static void @@ -531,7 +558,7 @@ struct mac_biba *mac_biba; mac_biba = SLOT(label); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -590,9 +617,9 @@ /* Always mount root as high integrity. */ mac_biba = SLOT(fslabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba = SLOT(mntlabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -694,7 +721,6 @@ dest = SLOT(socketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_single_to_range(source, dest); } static void @@ -720,7 +746,6 @@ dest = SLOT(newsocketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); } static void @@ -733,7 +758,6 @@ dest = SLOT(socketlabel); mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); } static void @@ -837,8 +861,8 @@ } } set: - mac_biba_set_single(dest, grade, 0); - mac_biba_set_range(dest, grade, 0, grade, 0); + mac_biba_set_single(dest, grade, 0, NULL); + mac_biba_set_range(dest, grade, 0, NULL, grade, 0, NULL); } static void @@ -899,7 +923,7 @@ dest = SLOT(mbuflabel); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); + mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } static void @@ -1027,8 +1051,9 @@ dest = SLOT(&cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); - mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, + MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -1038,8 +1063,9 @@ dest = SLOT(&cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); - mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); + mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, + MAC_BIBA_TYPE_HIGH, 0, NULL); } static void ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#2 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.1 2002/07/31 18:07:43 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.2 2002/10/21 18:42:00 rwatson Exp $ */ /* * Definitions for the TrustedBSD Biba integrity policy module. @@ -58,4 +58,14 @@ #define MAC_BIBA_TYPE_EQUAL 4 /* Equivilent to any * MAC_BIBA_TYPE_LABEL. */ +/* + * Biba compartments bit test/set macros. + * The range is 1 to MAC_BIBA_MAX_COMPARTMENTS. + */ +#define MAC_BIBA_BIT_TEST(b, w) \ + ((w)[(((b) - 1) >> 3)] & (1 << (((b) - 1) & 7))) +#define MAC_BIBA_BIT_SET(b, w) \ + ((w)[(((b) - 1) >> 3)] |= (1 << (((b) - 1) & 7))) +#define MAC_BIBA_BIT_SET_EMPTY(set) biba_bit_set_empty(set) + #endif /* !_SYS_SECURITY_MAC_BIBA_H */ ==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.c#11 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.19 2002/10/21 17:01:30 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_mls/mac_mls.c,v 1.22 2002/10/21 18:42:00 rwatson Exp $ */ /* @@ -96,17 +96,30 @@ &ptys_equal, 0, "Label pty devices as mls/equal on create"); TUNABLE_INT("security.mac.mls.ptys_equal", &ptys_equal); -static int mac_mls_revocation_enabled = 0; +static int revocation_enabled = 0; SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, - &mac_mls_revocation_enabled, 0, "Revoke access to objects on relabel"); -TUNABLE_INT("security.mac.mls.revocation_enabled", - &mac_mls_revocation_enabled); + &revocation_enabled, 0, "Revoke access to objects on relabel"); +TUNABLE_INT("security.mac.mls.revocation_enabled", &revocation_enabled); + +static int max_compartments = MAC_MLS_MAX_COMPARTMENTS; +SYSCTL_INT(_security_mac_mls, OID_AUTO, max_compartments, CTLFLAG_RD, + &max_compartments, 0, "Maximum compartments the policy supports"); static int mac_mls_slot; #define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr) MALLOC_DEFINE(M_MACMLS, "mls label", "MAC/MLS labels"); +static __inline int +mls_bit_set_empty(u_char *set) { + int i; + + for (i = 0; i < MAC_MLS_MAX_COMPARTMENTS >> 3; i++) + if (set[i] != 0) + return (0); + return (1); +} + static struct mac_mls * mls_alloc(int flag) { @@ -140,6 +153,7 @@ mac_mls_dominate_element(struct mac_mls_element *a, struct mac_mls_element *b) { + int bit; switch(a->mme_type) { case MAC_MLS_TYPE_EQUAL: @@ -170,6 +184,11 @@ return (0); case MAC_MLS_TYPE_LEVEL: + for (bit = 1; bit <= MAC_MLS_MAX_COMPARTMENTS; bit++) + if (!MAC_MLS_BIT_TEST(bit, + a->mme_compartments) && + MAC_MLS_BIT_TEST(bit, b->mme_compartments)) + return (0); return (a->mme_level >= b->mme_level); default: @@ -299,7 +318,9 @@ case MAC_MLS_TYPE_EQUAL: case MAC_MLS_TYPE_HIGH: case MAC_MLS_TYPE_LOW: - if (mac_mls->mm_single.mme_level != 0) + if (mac_mls->mm_single.mme_level != 0 || + !MAC_MLS_BIT_SET_EMPTY( + mac_mls->mm_single.mme_compartments)) return (EINVAL); break; @@ -319,7 +340,9 @@ case MAC_MLS_TYPE_EQUAL: case MAC_MLS_TYPE_HIGH: case MAC_MLS_TYPE_LOW: - if (mac_mls->mm_rangelow.mme_level != 0) + if (mac_mls->mm_rangelow.mme_level != 0 || + !MAC_MLS_BIT_SET_EMPTY( + mac_mls->mm_rangelow.mme_compartments)) return (EINVAL); break; @@ -334,7 +357,9 @@ case MAC_MLS_TYPE_EQUAL: case MAC_MLS_TYPE_HIGH: case MAC_MLS_TYPE_LOW: - if (mac_mls->mm_rangehigh.mme_level != 0) + if (mac_mls->mm_rangehigh.mme_level != 0 || + !MAC_MLS_BIT_SET_EMPTY( + mac_mls->mm_rangehigh.mme_compartments)) return (EINVAL); break; @@ -355,28 +380,42 @@ static void mac_mls_set_range(struct mac_mls *mac_mls, u_short typelow, - u_short levellow, u_short typehigh, u_short levelhigh) + u_short levellow, u_char *compartmentslow, u_short typehigh, + u_short levelhigh, u_char *compartmentshigh) { mac_mls->mm_rangelow.mme_type = typelow; mac_mls->mm_rangelow.mme_level = levellow; + if (compartmentslow != NULL) + memcpy(mac_mls->mm_rangelow.mme_compartments, + compartmentslow, + sizeof(mac_mls->mm_rangelow.mme_compartments)); mac_mls->mm_rangehigh.mme_type = typehigh; mac_mls->mm_rangehigh.mme_level = levelhigh; + if (compartmentshigh != NULL) + memcpy(mac_mls->mm_rangehigh.mme_compartments, + compartmentshigh, + sizeof(mac_mls->mm_rangehigh.mme_compartments)); mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; } static void -mac_mls_set_single(struct mac_mls *mac_mls, u_short type, u_short level) +mac_mls_set_single(struct mac_mls *mac_mls, u_short type, u_short level, + u_char *compartments) { mac_mls->mm_single.mme_type = type; mac_mls->mm_single.mme_level = level; + if (compartments != NULL) + memcpy(mac_mls->mm_single.mme_compartments, compartments, + sizeof(mac_mls->mm_single.mme_compartments)); mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; } static void mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) { + KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_RANGE) != 0, ("mac_mls_copy_range: labelfrom not range")); @@ -396,19 +435,6 @@ labelto->mm_flags |= MAC_MLS_FLAG_SINGLE; } -static void -mac_mls_copy_single_to_range(struct mac_mls *labelfrom, - struct mac_mls *labelto) -{ - - KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_copy_single_to_range: labelfrom not single")); - - labelto->mm_rangelow = labelfrom->mm_single; - labelto->mm_rangehigh = labelfrom->mm_single; - labelto->mm_flags |= MAC_MLS_FLAG_RANGE; -} - /* * Policy module operations. */ @@ -513,7 +539,7 @@ mls_type = MAC_MLS_TYPE_EQUAL; else mls_type = MAC_MLS_TYPE_LOW; - mac_mls_set_single(mac_mls, mls_type, 0); + mac_mls_set_single(mac_mls, mls_type, 0, NULL); } static void @@ -523,7 +549,7 @@ struct mac_mls *mac_mls; mac_mls = SLOT(label); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0); + mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -582,9 +608,9 @@ /* Always mount root as high integrity. */ mac_mls = SLOT(fslabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0); + mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); mac_mls = SLOT(mntlabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0); + mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -686,7 +712,6 @@ dest = SLOT(socketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_single_to_range(source, dest); } static void @@ -712,7 +737,6 @@ dest = SLOT(newsocketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); } static void @@ -725,7 +749,6 @@ dest = SLOT(socketlabel); mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); } static void @@ -793,8 +816,8 @@ else level = MAC_MLS_TYPE_LOW; - mac_mls_set_single(dest, level, 0); - mac_mls_set_range(dest, level, 0, level, 0); + mac_mls_set_single(dest, level, 0, NULL); + mac_mls_set_range(dest, level, 0, NULL, level, 0, NULL); } static void @@ -855,7 +878,7 @@ dest = SLOT(mbuflabel); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0); + mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void @@ -983,8 +1006,9 @@ dest = SLOT(&cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0); - mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, MAC_MLS_TYPE_HIGH, 0); + mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, + 0, NULL); } static void @@ -994,8 +1018,9 @@ dest = SLOT(&cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_LOW, 0); - mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, MAC_MLS_TYPE_HIGH, 0); + mac_mls_set_single(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, + 0, NULL); } static void @@ -1659,7 +1684,7 @@ * Rely on the use of open()-time protections to handle * non-revocation cases. */ - if (!mac_mls_enabled || !mac_mls_revocation_enabled) + if (!mac_mls_enabled || !revocation_enabled) return (0); subj = SLOT(&cred->cr_label); @@ -1708,7 +1733,7 @@ { struct mac_mls *subj, *obj; - if (!mac_mls_enabled || !mac_mls_revocation_enabled) + if (!mac_mls_enabled || !revocation_enabled) return (0); subj = SLOT(&active_cred->cr_label); @@ -1726,7 +1751,7 @@ { struct mac_mls *subj, *obj; - if (!mac_mls_enabled || !mac_mls_revocation_enabled) + if (!mac_mls_enabled || !revocation_enabled) return (0); subj = SLOT(&active_cred->cr_label); @@ -2029,7 +2054,7 @@ { struct mac_mls *subj, *obj; - if (!mac_mls_enabled || !mac_mls_revocation_enabled) + if (!mac_mls_enabled || !revocation_enabled) return (0); subj = SLOT(&active_cred->cr_label); ==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#2 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.1 2002/07/31 18:07:44 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.2 2002/10/21 18:42:01 rwatson Exp $ */ /* * Definitions for the TrustedBSD MLS confidentiality policy module. @@ -58,4 +58,14 @@ #define MAC_MLS_TYPE_EQUAL 4 /* Equivilent to any * MAC_MLS_TYPE_LABEL. */ +/* + * MLS compartments bit test/set macros. + * The range is 1 to MAC_MLS_MAX_COMPARTMENTS. + */ +#define MAC_MLS_BIT_TEST(b, w) \ + ((w)[(((b) - 1) >> 3)] & (1 << (((b) - 1) & 7))) +#define MAC_MLS_BIT_SET(b, w) \ + ((w)[(((b) - 1) >> 3)] |= (1 << (((b) - 1) & 7))) +#define MAC_MLS_BIT_SET_EMPTY(set) mls_bit_set_empty(set) + #endif /* !_SYS_SECURITY_MAC_MLS_H */ ==== //depot/projects/trustedbsd/base/sys/sys/mac.h#10 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac.h,v 1.14 2002/10/06 14:39:15 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac.h,v 1.15 2002/10/21 18:42:00 rwatson Exp $ */ /* * Userland/kernel interface for Mandatory Access Control. @@ -76,9 +76,11 @@ * mb_type. These structures will move to mac_biba.h once we have dymamic * labels exposed to userland. */ +#define MAC_BIBA_MAX_COMPARTMENTS 256 struct mac_biba_element { u_short mbe_type; u_short mbe_grade; + u_char mbe_compartments[MAC_BIBA_MAX_COMPARTMENTS >> 3]; }; /* @@ -100,9 +102,11 @@ * current mm_type. These structures will move to mac_mls.h once we have * dynamic labels exposed to userland. */ +#define MAC_MLS_MAX_COMPARTMENTS 256 struct mac_mls_element { u_short mme_type; u_short mme_level; + u_char mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3]; }; /* ==== //depot/projects/trustedbsd/base/sys/sys/proc.h#25 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)proc.h 8.15 (Berkeley) 5/19/95 - * $FreeBSD: src/sys/sys/proc.h,v 1.271 2002/10/15 00:14:32 jhb Exp $ + * $FreeBSD: src/sys/sys/proc.h,v 1.272 2002/10/21 18:37:34 julian Exp $ */ #ifndef _SYS_PROC_H_ @@ -447,8 +447,9 @@ #define KEF_USER 0x00200 /* Process is not officially in the kernel */ #define KEF_ASTPENDING 0x00400 /* KSE has a pending ast. */ #define KEF_NEEDRESCHED 0x00800 /* Process needs to yield. */ -#define KEF_ONLOANQ 0x01000 /* KSE is on loan queue */ +#define KEF_ONLOANQ 0x01000 /* KSE is on loan queue. */ #define KEF_DIDRUN 0x02000 /* KSE actually ran. */ +#define KEF_EXIT 0x04000 /* KSE is being killed. */ /* * (*) A bound KSE with a bound thread in a KSE process may be lent to To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message