Date: Mon, 29 Oct 2007 07:42:54 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 128276 for review Message-ID: <200710290742.l9T7gsKI020425@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=128276 Change 128276 by zhouzhouyi@zhouzhouyi_mactest on 2007/10/29 07:42:42 Adapt the testsuite according to integration Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/conf/files#6 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/i386/conf/GENERIC#5 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_policy.h#6 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_vfs.c#6 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_biba/mac_biba.c#5 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_mls/mac_mls.c#5 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#8 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_log.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#4 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/link/00.t#4 (text+ko) ==== @@ -7,7 +7,7 @@ dir=`dirname $0` . ${dir}/../misc.sh -echo "1..9" +echo "1..10" n0=`namegen` n1=`namegen` @@ -18,7 +18,7 @@ #turn off all the switches for i in `sysctl security.mac | grep "\.enabled"| sed 's/\([a-z\.]*\.enabled\)\(:\ \)\([01]\)/\1/`; do -sysctl ${i}=0 + t=`sysctl ${i}=0` done mac_mls_support=`sysctl -n security.mac.mls.enabled 2>/dev/null` @@ -36,7 +36,7 @@ ############################################################# t=`sysctl security.mac.mls.enabled=1` - echo "enforcing mac/mls!" +# echo "enforcing mac/mls!" #case 1: mkdir mactestexpect "" 0 -m "mls/low(low-high)" -f ${mactest_conf} mkdir ${n3} 0755 #case 2: setfmac @@ -52,24 +52,28 @@ mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} ############################################################# -#case 6: unlink - echo -n "pid = -1 mac_test_check_vnode_delete:" > ${mactest_conf} - echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf} + t=`sysctl security.mac.mls.enabled=0` +#case 6: link success + truncate -s 0 ${mactest_conf} + mactestexpect "" 0 -m "mls/5(low-high)" -f ${mactest_conf} link ${n3}/${n2} ${n3}/${n1} + t=`sysctl security.mac.mls.enabled=1` + +#case 7: unlink + truncate -s 0 ${mactest_conf} mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} - -#case 7: setfmac fail, old vnode not in range +#case 8: setfmac fail, old vnode not in range echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} echo "biba/high(low-high),mls/6(6-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} mactestexpect "setfmac:.mac_set_link.${n3}.${n1},.biba.,mls.6.:.Operation.not.permitted" "" -m "mls/6(6-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1} -#case 8: setfmac success +#case 9: setfmac success echo -n "pid = -2 mac_test_check_vnode_relabel:" > ${mactest_conf} echo "biba/high(low-high),mls/6(4-6) biba/high,mls/5 biba/,mls/6" >> ${mactest_conf} mactestexpect "" "" -m "mls/6(4-6)" -f ${mactest_conf} system setfmac "biba/,mls/6" ${n3}/${n1} -#case 9: unlink +#case 10: unlink rm ${mactest_conf} touch ${mactest_conf} mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} unlink ${n3}/${n1} @@ -77,7 +81,6 @@ #cleanup: t=`sysctl security.mac.mls.enabled=0` - echo "disabling mac/mls!" rm -fr ${n3} rm ${mactest_conf} fi ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/conf/files#6 (text+ko) ==== @@ -2057,6 +2057,8 @@ security/mac_seeotheruids/mac_seeotheruids.c optional mac_seeotheruids security/mac_stub/mac_stub.c optional mac_stub security/mac_test/mac_test.c optional mac_test +security/mac_test/mac_test_if.c optional mac_test +security/mac_test/mac_test_log.c optional mac_test ufs/ffs/ffs_alloc.c optional ffs ufs/ffs/ffs_balloc.c optional ffs ufs/ffs/ffs_inode.c optional ffs ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/i386/conf/GENERIC#5 (text+ko) ==== @@ -28,6 +28,10 @@ makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +options MAC +options MAC_MLS +options MAC_BIBA +options MAC_TEST options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_policy.h#6 (text+ko) ==== @@ -634,6 +634,7 @@ mpo_init_bpfdesc_label_t mpo_init_bpfdesc_label; mpo_init_cred_label_t mpo_init_cred_label; mpo_init_devfs_label_t mpo_init_devfs_label; + mpo_init_devfs_label_t mpo_init_mactest_label; mpo_placeholder_t _mpo_placeholder0; mpo_init_ifnet_label_t mpo_init_ifnet_label; mpo_init_inpcb_label_t mpo_init_inpcb_label; ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_vfs.c#6 (text+ko) ==== @@ -66,6 +66,7 @@ #include <vm/vm_object.h> #include <fs/devfs/devfs.h> +#include <sys/dirent.h> #include <security/mac/mac_framework.h> #include <security/mac/mac_internal.h> @@ -90,11 +91,28 @@ return (label); } + + +static struct label * +mac_mactest_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_devfs_label, label); + MAC_PERFORM(init_mactest_label, label); + return (label); +} + + void mac_init_devfs(struct devfs_dirent *de) { - de->de_label = mac_devfs_label_alloc(); + if (de&&de->de_dirent&&!strncmp(de->de_dirent->d_name,"mactest", 7)) + de->de_label = mac_mactest_label_alloc(); + else + de->de_label = mac_devfs_label_alloc(); } static struct label * ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_biba/mac_biba.c#5 (text+ko) ==== @@ -793,6 +793,7 @@ if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || + strcmp(dev->si_name, "mactest") == 0 || strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) biba_type = MAC_BIBA_TYPE_EQUAL; else if (ptys_equal && ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_mls/mac_mls.c#5 (text+ko) ==== @@ -754,6 +754,7 @@ mac_mls = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "mactest") == 0 || strcmp(dev->si_name, "random") == 0 || strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) mls_type = MAC_MLS_TYPE_EQUAL; ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#8 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.79 2007/10/21 11:11:07 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.76 2007/04/23 13:36:54 rwatson Exp $ */ /* @@ -54,13 +54,15 @@ #include <sys/msg.h> #include <sys/proc.h> #include <sys/vnode.h> +#include <sys/uio.h> #include <sys/sem.h> #include <sys/shm.h> #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/sx.h> #include <sys/sysctl.h> - +#include <sys/mac.h> +#include <sys/extattr.h> #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -69,14 +71,19 @@ #include <net/if_var.h> #include <security/mac/mac_policy.h> +#include <security/mac_test/mac_test_private.h> -SYSCTL_DECL(_security_mac); +//SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, "TrustedBSD mac_test policy controls"); +SYSCTL_PROC(_security_mac_test, OID_AUTO, pseudoinit, CTLTYPE_INT | CTLFLAG_RW, 0, 0, + mac_test_init_if, "I", "set to setup the pseudo interfaces for MAC test"); + #define MAGIC_BPF 0xfe1ad1b6 #define MAGIC_DEVFS 0x9ee79c32 +#define MAGIC_MACTESTLOG 0x9ee79c33 #define MAGIC_IFNET 0xc218b120 #define MAGIC_INPCB 0x4440f7bb #define MAGIC_IPQ 0x206188ef @@ -119,14 +126,16 @@ #define LABEL_CHECK(label, magic) do { \ if (label != NULL) { \ - KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ + KASSERT(SLOT(label) == magic || SLOT(label) == 0 || \ + SLOT(label) == MAGIC_MACTESTLOG, \ ("%s: bad %s label", __func__, #magic)); \ } \ } while (0) #define LABEL_DESTROY(label, magic) do { \ - if (SLOT(label) == magic || SLOT(label) == 0) { \ - SLOT_SET(label, MAGIC_FREE); \ + if (SLOT(label) == magic || SLOT(label) == 0 || \ + SLOT(label) == MAGIC_MACTESTLOG ) { \ + SLOT_SET(label, MAGIC_FREE); \ } else if (SLOT(label) == MAGIC_FREE) { \ DEBUGGER("%s: dup destroy", __func__); \ } else { \ @@ -150,7 +159,9 @@ static void mac_test_init_bpfdesc_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_bpfdesc_label\n", + strlen("mac_test_init_bpfdesc_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_BPF); COUNTER_INC(init_bpfdesc_label); } @@ -159,7 +170,9 @@ static void mac_test_init_cred_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_cred_label\n", + strlen("mac_test_init_cred_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_CRED); COUNTER_INC(init_cred_label); } @@ -168,16 +181,26 @@ static void mac_test_init_devfs_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_devfs_label\n", + strlen("mac_test_init_devfs_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_DEVFS); COUNTER_INC(init_devfs_label); } +static void +mac_test_init_mactest_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_MACTESTLOG); +} + COUNTER_DECL(init_ifnet_label); static void mac_test_init_ifnet_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_ifnet_label\n", + strlen("mac_test_init_ifnet_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_IFNET); COUNTER_INC(init_ifnet_label); } @@ -186,7 +209,9 @@ static int mac_test_init_inpcb_label(struct label *label, int flag) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_inpcb_label\n", + strlen("mac_test_init_inpcb_label\n")); + MAC_TEST_LOG_DO_SUBMIT; if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_inpcb_label() at %s:%d", __FILE__, @@ -201,6 +226,9 @@ static void mac_test_init_sysv_msgmsg_label(struct label *label) { + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_sysv_msgmsg_label\n", + strlen("mac_test_init_sysv_msgmsg_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_SYSV_MSG); COUNTER_INC(init_sysv_msg_label); } @@ -209,6 +237,9 @@ static void mac_test_init_sysv_msgqueue_label(struct label *label) { + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_sysv_msgqueue_label\n", + strlen("mac_test_init_sysv_msgqueue_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_SYSV_MSQ); COUNTER_INC(init_sysv_msq_label); } @@ -217,6 +248,9 @@ static void mac_test_init_sysv_sem_label(struct label *label) { + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_sysv_sem_label\n", + strlen("mac_test_init_sysv_sem_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_SYSV_SEM); COUNTER_INC(init_sysv_sem_label); } @@ -225,6 +259,9 @@ static void mac_test_init_sysv_shm_label(struct label *label) { + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_sysv_shm_label\n", + strlen("mac_test_init_sysv_shm_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_SYSV_SHM); COUNTER_INC(init_sysv_shm_label); } @@ -233,7 +270,9 @@ static int mac_test_init_ipq_label(struct label *label, int flag) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_ipq_label\n", + strlen("mac_test_init_ipq_label\n")); + MAC_TEST_LOG_DO_SUBMIT; if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_ipq_label() at %s:%d", __FILE__, @@ -248,7 +287,9 @@ static int mac_test_init_mbuf_label(struct label *label, int flag) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_mbuf_label\n", + strlen("mac_test_init_mbuf_label\n")); + MAC_TEST_LOG_DO_SUBMIT; if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_mbuf_label() at %s:%d", __FILE__, @@ -263,7 +304,9 @@ static void mac_test_init_mount_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_mount_label\n", + strlen("mac_test_init_mount_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_MOUNT); COUNTER_INC(init_mount_label); } @@ -273,6 +316,9 @@ mac_test_init_socket_label(struct label *label, int flag) { + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_socket_label\n", + strlen("mac_test_init_socket_label\n")); + MAC_TEST_LOG_DO_SUBMIT; if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_socket_label() at %s:%d", __FILE__, @@ -287,7 +333,9 @@ static int mac_test_init_socket_peer_label(struct label *label, int flag) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_socket_peer_label\n", + strlen("mac_test_init_socket_peer_label\n")); + MAC_TEST_LOG_DO_SUBMIT; if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_socket_peer_label() at %s:%d", __FILE__, @@ -302,7 +350,9 @@ static void mac_test_init_pipe_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_pipe_label\n", + strlen("mac_test_init_pipe_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_PIPE); COUNTER_INC(init_pipe_label); } @@ -311,7 +361,9 @@ static void mac_test_init_posix_sem_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_posix_sem_label\n", + strlen("mac_test_init_posix_sem_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_POSIX_SEM); COUNTER_INC(init_posix_sem_label); } @@ -320,7 +372,9 @@ static void mac_test_init_proc_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_proc_label\n", + strlen("mac_test_init_proc_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_PROC); COUNTER_INC(init_proc_label); } @@ -329,7 +383,9 @@ static void mac_test_init_vnode_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_init_vnode_label\n", + strlen("mac_test_init_vnode_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_INIT(label, MAGIC_VNODE); COUNTER_INC(init_vnode_label); } @@ -338,7 +394,9 @@ static void mac_test_destroy_bpfdesc_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_bpfdesc_label\n", + strlen("mac_test_destroy_bpfdesc_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_BPF); COUNTER_INC(destroy_bpfdesc_label); } @@ -347,7 +405,9 @@ static void mac_test_destroy_cred_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_cred_label\n", + strlen("mac_test_destroy_cred_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_CRED); COUNTER_INC(destroy_cred_label); } @@ -356,7 +416,9 @@ static void mac_test_destroy_devfs_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_devfs_label\n", + strlen("mac_test_destroy_devfs_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_DEVFS); COUNTER_INC(destroy_devfs_label); } @@ -365,7 +427,9 @@ static void mac_test_destroy_ifnet_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_ifnet_label\n", + strlen("mac_test_destroy_ifnet_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_IFNET); COUNTER_INC(destroy_ifnet_label); } @@ -374,7 +438,9 @@ static void mac_test_destroy_inpcb_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_inpcb_label\n", + strlen("mac_test_destroy_inpcb_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_INPCB); COUNTER_INC(destroy_inpcb_label); } @@ -383,7 +449,9 @@ static void mac_test_destroy_sysv_msgmsg_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_sysv_msgmsg_label\n", + strlen("mac_test_destroy_sysv_msgmsg__label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SYSV_MSG); COUNTER_INC(destroy_sysv_msg_label); } @@ -392,7 +460,9 @@ static void mac_test_destroy_sysv_msgqueue_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_sysv_msgqueue_label\n", + strlen("mac_test_destroy_sysv_msgqueue_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SYSV_MSQ); COUNTER_INC(destroy_sysv_msq_label); } @@ -401,7 +471,9 @@ static void mac_test_destroy_sysv_sem_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_sysv_sem_label\n", + strlen("mac_test_destroy_sysv_sem_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SYSV_SEM); COUNTER_INC(destroy_sysv_sem_label); } @@ -410,7 +482,9 @@ static void mac_test_destroy_sysv_shm_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_sysv_shm_label\n", + strlen("mac_test_destroy_sysv_shm_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SYSV_SHM); COUNTER_INC(destroy_sysv_shm_label); } @@ -419,7 +493,9 @@ static void mac_test_destroy_ipq_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_ipq_label\n", + strlen("mac_test_destroy_ipq_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_IPQ); COUNTER_INC(destroy_ipq_label); } @@ -428,7 +504,9 @@ static void mac_test_destroy_mbuf_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_mbuf_label\n", + strlen("mac_test_destroy_mbuf_label\n")); + MAC_TEST_LOG_DO_SUBMIT; /* * If we're loaded dynamically, there may be mbufs in flight that * didn't have label storage allocated for them. Handle this @@ -445,7 +523,9 @@ static void mac_test_destroy_mount_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_mount_label\n", + strlen("mac_test_destroy_mount_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_MOUNT); COUNTER_INC(destroy_mount_label); } @@ -454,7 +534,9 @@ static void mac_test_destroy_socket_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_socket_label\n", + strlen("mac_test_destroy_socket_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_label); } @@ -463,7 +545,9 @@ static void mac_test_destroy_socket_peer_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_socket_peer_label\n", + strlen("mac_test_destroy_socket_peer_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_peer_label); } @@ -472,7 +556,9 @@ static void mac_test_destroy_pipe_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_pipe_label\n", + strlen("mac_test_destroy_pipe_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_PIPE); COUNTER_INC(destroy_pipe_label); } @@ -481,7 +567,9 @@ static void mac_test_destroy_posix_sem_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_posix_sem_label\n", + strlen("mac_test_destroy_posix_sem_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_POSIX_SEM); COUNTER_INC(destroy_posix_sem_label); } @@ -490,7 +578,9 @@ static void mac_test_destroy_proc_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_proc_label\n", + strlen("mac_test_destroy_proc_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_PROC); COUNTER_INC(destroy_proc_label); } @@ -499,7 +589,9 @@ static void mac_test_destroy_vnode_label(struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_destroy_vnode_label\n", + strlen("mac_test_destroy_vnode_label\n")); + MAC_TEST_LOG_DO_SUBMIT; LABEL_DESTROY(label, MAGIC_VNODE); COUNTER_INC(destroy_vnode_label); } @@ -508,7 +600,9 @@ static void mac_test_copy_cred_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_cred_label with src label:", + strlen("mac_test_copy_cred_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(cred,src); LABEL_CHECK(src, MAGIC_CRED); LABEL_CHECK(dest, MAGIC_CRED); COUNTER_INC(copy_cred_label); @@ -518,7 +612,9 @@ static void mac_test_copy_ifnet_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_ifnet_label with src label:", + strlen("mac_test_copy_ifnet_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(ifnet,src); LABEL_CHECK(src, MAGIC_IFNET); LABEL_CHECK(dest, MAGIC_IFNET); COUNTER_INC(copy_ifnet_label); @@ -528,7 +624,9 @@ static void mac_test_copy_mbuf_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_mbuf_label with src label:", + strlen("mac_test_copy_mbuf_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(vnode,src); LABEL_CHECK(src, MAGIC_MBUF); LABEL_CHECK(dest, MAGIC_MBUF); COUNTER_INC(copy_mbuf_label); @@ -538,7 +636,9 @@ static void mac_test_copy_pipe_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_pipe_label with src label:", + strlen("mac_test_copy_pipe_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(pipe,src); LABEL_CHECK(src, MAGIC_PIPE); LABEL_CHECK(dest, MAGIC_PIPE); COUNTER_INC(copy_pipe_label); @@ -548,7 +648,9 @@ static void mac_test_copy_socket_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_socket_label with src label:", + strlen("mac_test_copy_socket_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(socket,src); LABEL_CHECK(src, MAGIC_SOCKET); LABEL_CHECK(dest, MAGIC_SOCKET); COUNTER_INC(copy_socket_label); @@ -558,7 +660,9 @@ static void mac_test_copy_vnode_label(struct label *src, struct label *dest) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_copy_vnode_label with src label:", + strlen("mac_test_copy_vnode_label with src label:")); + MAC_TEST_LOG_SUBMIT_LABEL(vnode,src); LABEL_CHECK(src, MAGIC_VNODE); LABEL_CHECK(dest, MAGIC_VNODE); COUNTER_INC(copy_vnode_label); @@ -598,19 +702,39 @@ struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vplabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_associate_vnode_devfs " + "with mplabel delabel and vplabel:", + strlen("mac_test_associate_vnode_devfs with mplabel delabel and vplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL3(vnode,mplabel,vnode,delabel,vnode,vplabel); + if (delabel != NULL && SLOT(delabel) == MAGIC_MACTESTLOG) + LABEL_INIT(vplabel, MAGIC_MACTESTLOG); LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(delabel, MAGIC_DEVFS); LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_devfs); } - +/* + * To avoid recursion on reading /dev/mactest to a tempory file + * we associate the file with "mac_test" mac_test extattr with + * MAGIC_MACTESTLOG label + */ + COUNTER_DECL(associate_vnode_extattr); static int mac_test_associate_vnode_extattr(struct mount *mp, struct label *mplabel, struct vnode *vp, struct label *vplabel) { - + char mac_test[64]; + int error, buflen = 64; + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_associate_vnode_extattr with " + "mplabel and vplabel:", + strlen("mac_test_associate_vnode_extattr with mplabel and vplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(vnode,mplabel,vnode,vplabel); + bzero(mac_test,buflen); + error = vn_extattr_get(vp, IO_NODELOCKED, EXTATTR_NAMESPACE_SYSTEM, + "mac_test", &buflen, mac_test, curthread); + if (!error && !strncmp(mac_test,"mac_test", 8)) + LABEL_INIT(vplabel, MAGIC_MACTESTLOG); LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_extattr); @@ -623,7 +747,10 @@ mac_test_associate_vnode_singlelabel(struct mount *mp, struct label *mplabel, struct vnode *vp, struct label *vplabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_associate_vnode_singlelabel " + "with mplabel and vplabel:", + strlen("mac_test_associate_vnode_singlelabel with mplabel and vplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(vnode,mplabel,vnode,vplabel); LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_singlelabel); @@ -634,9 +761,15 @@ mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - - if (cred != NULL) + struct label * tmplabel; + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_devfs_device with cr_label and delabel:", + strlen("mac_test_create_devfs_device with cr_label and delabel:")); + if (cred != NULL){ LABEL_CHECK(cred->cr_label, MAGIC_CRED); + tmplabel = cred->cr_label; + }else + tmplabel = 0; + MAC_TEST_LOG_SUBMIT_LABEL2(cred, 0, vnode,delabel); LABEL_CHECK(delabel, MAGIC_DEVFS); COUNTER_INC(create_devfs_device); } @@ -646,7 +779,9 @@ mac_test_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de, struct label *delabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_devfs_directory with delabel:", + strlen("mac_test_create_devfs_directory with delabel:")); + MAC_TEST_LOG_SUBMIT_LABEL(vnode,delabel); LABEL_CHECK(delabel, MAGIC_DEVFS); COUNTER_INC(create_devfs_directory); } @@ -657,7 +792,10 @@ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_devfs_symlink " + "with cr_label ddlabel and delabel:", + strlen("mac_test_create_devfs_symlink with cr_label ddlabel and delabel:")); + MAC_TEST_LOG_SUBMIT_LABEL3(cred, cred->cr_label, vnode,ddlabel,vnode,delabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(ddlabel, MAGIC_DEVFS); LABEL_CHECK(delabel, MAGIC_DEVFS); @@ -670,7 +808,12 @@ struct label *mplabel, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_vnode_extattr with " + "cr_label mplabel dvplabel and vplabel:", + strlen("mac_test_create_vnode_extattr with cr_label " + "mplabel dvplabel and vplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL4(cred,cred->cr_label,vnode,mplabel,vnode, + dvplabel,vnode,vplabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(dvplabel, MAGIC_VNODE); @@ -684,7 +827,9 @@ mac_test_create_mount(struct ucred *cred, struct mount *mp, struct label *mplabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_mount with cr_label and mplabel:", + strlen("mac_test_create_mount with cr_label and mplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(cred,cred->cr_label,vnode,mplabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mplabel, MAGIC_MOUNT); COUNTER_INC(create_mount); @@ -695,7 +840,9 @@ mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct label *label) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_relabel_vnode with cr_label vplabel and label:", + strlen("mac_test_relabel_vnode with cr_label vplabel and label:")); + MAC_TEST_LOG_SUBMIT_LABEL3(cred,cred->cr_label,vnode,vplabel,vnode,label); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(label, MAGIC_VNODE); @@ -707,7 +854,10 @@ mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct label *intlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_setlabel_vnode_extattr with " + "cr_label vplabel and intlabel:", + strlen("mac_test_setlabel_vnode_extattr with cr_label vplabel and intlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL3(cred,cred->cr_label,vnode,vplabel,vnode,intlabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(intlabel, MAGIC_VNODE); @@ -721,7 +871,9 @@ mac_test_update_devfs(struct mount *mp, struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vplabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_update_devfs with direntlabel and vplabel:", + strlen("mac_test_update_devfs with direntlabel and vplabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(vnode,direntlabel,vnode,vplabel); LABEL_CHECK(direntlabel, MAGIC_DEVFS); LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(update_devfs); @@ -735,7 +887,10 @@ mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_mbuf_from_socket" + " with socketlabel and mbuflabel:", + strlen("mac_test_update_devfs with socketlabel and mbuflabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(socket,socketlabel,vnode,mbuflabel); LABEL_CHECK(socketlabel, MAGIC_SOCKET); LABEL_CHECK(mbuflabel, MAGIC_MBUF); COUNTER_INC(create_mbuf_from_socket); @@ -746,7 +901,9 @@ mac_test_create_socket(struct ucred *cred, struct socket *socket, struct label *socketlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_socket with cr_label and socketlabel:", + strlen("mac_test_create_socket with cr_label and socketlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(cred,cred->cr_label,socket,socketlabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(socketlabel, MAGIC_SOCKET); COUNTER_INC(create_socket); @@ -757,7 +914,9 @@ mac_test_create_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_pipe with cr_label and pipelabel:", + strlen("mac_test_create_socket with cr_label and pipelabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(cred,cred->cr_label,pipe,pipelabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pipelabel, MAGIC_PIPE); COUNTER_INC(create_pipe); @@ -765,12 +924,14 @@ COUNTER_DECL(create_posix_sem); static void -mac_test_create_posix_sem(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem, + struct label *posixlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_posix_sem with cr_label and posixlabel:", + strlen("mac_test_create_socket with cr_label and posixlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(cred,cred->cr_label,vnode,posixlabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + LABEL_CHECK(posixlabel, MAGIC_POSIX_SEM); COUNTER_INC(create_posix_sem); } @@ -780,7 +941,11 @@ struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_create_socket_from_socket with " + "oldsocketlabel and newsocketlabel:", + strlen("mac_test_create_socket_from_socket with oldsocketlabel " + "and newsocketlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(socket,oldsocketlabel,socket,newsocketlabel); LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); COUNTER_INC(create_socket_from_socket); @@ -791,7 +956,10 @@ mac_test_relabel_socket(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct label *newlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_relabel_socket with cr_label " + "socketlabel and newlabel:", + strlen("mac_test_relabel_socket with cr_label socketlabel and newlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL3(cred,cred->cr_label,socket,socketlabel,socket,newlabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(newlabel, MAGIC_SOCKET); COUNTER_INC(relabel_socket); @@ -802,7 +970,10 @@ mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, struct label *newlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_relabel_pipe with cr_label " + "pipelabel and newlabel:", + strlen("mac_test_relabel_pipe with cr_label pipelabel and newlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL3(cred,cred->cr_label,pipe,pipelabel,pipe,newlabel); LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pipelabel, MAGIC_PIPE); LABEL_CHECK(newlabel, MAGIC_PIPE); @@ -814,7 +985,10 @@ mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, struct socket *socket, struct label *socketpeerlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_set_socket_peer_from_mbuf with " + "mbuflabel and socketpeerlabel:", + strlen("mac_test_set_socket_peer_from_mbuf with mbuflabel and socketpeerlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(vnode,mbuflabel,socket,socketpeerlabel); LABEL_CHECK(mbuflabel, MAGIC_MBUF); LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); COUNTER_INC(set_socket_peer_from_mbuf); @@ -829,7 +1003,11 @@ struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketpeerlabel) { - + MAC_TEST_LOG_SUBMIT_WITHPID("mac_test_set_socket_peer_from_socket with" + " oldsocketlabel and newsocketpeerlabel:", + strlen("mac_test_set_socket_peer_from_socket with " + "oldsocketlabel and newsocketpeerlabel:")); + MAC_TEST_LOG_SUBMIT_LABEL2(socket,oldsocketlabel,socket,newsocketpeerlabel); LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); COUNTER_INC(set_socket_peer_from_socket); @@ -840,7 +1018,9 @@ mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, struct label *bpflabel) { >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710290742.l9T7gsKI020425>