Date: Mon, 11 Jun 2007 09:13:41 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 121405 for review Message-ID: <200706110913.l5B9DfEr067126@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=121405 Change 121405 by zhouzhouyi@zhouzhouyi_mactest on 2007/06/11 09:13:12 Sending the selected mac label slots in string form to user space by /dev/mactestpipe. Currently send all slots. Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 (text+ko) ==== @@ -60,7 +60,7 @@ #include <sys/socketvar.h> #include <sys/sx.h> #include <sys/sysctl.h> - +#include <sys/mac.h> #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -71,7 +71,7 @@ #include <security/mac/mac_policy.h> #include <security/mac_test/mac_test_private.h> -SYSCTL_DECL(_security_mac); +//SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, "TrustedBSD mac_test policy controls"); @@ -167,7 +167,8 @@ static void mac_test_init_cred_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_cred_label\n", + strlen("mac_test_init_cred_label\n")); LABEL_INIT(label, MAGIC_CRED); COUNTER_INC(init_cred_label); } @@ -176,7 +177,8 @@ static void mac_test_init_devfs_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_devfs_label\n", + strlen("mac_test_init_devfs_label\n")); LABEL_INIT(label, MAGIC_DEVFS); COUNTER_INC(init_devfs_label); } @@ -185,7 +187,8 @@ static void mac_test_init_ifnet_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_ifnet_label\n", + strlen("mac_test_init_ifnet_label\n")); LABEL_INIT(label, MAGIC_IFNET); COUNTER_INC(init_ifnet_label); } @@ -194,7 +197,8 @@ static int mac_test_init_inpcb_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_inpcb_label\n", + strlen("mac_test_init_inpcb_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_inpcb_label() at %s:%d", __FILE__, @@ -209,6 +213,8 @@ static void mac_test_init_sysv_msgmsg_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_msgmsg_label\n", + strlen("mac_test_init_sysv_msgmsg_label\n")); LABEL_INIT(label, MAGIC_SYSV_MSG); COUNTER_INC(init_sysv_msg_label); } @@ -217,6 +223,8 @@ static void mac_test_init_sysv_msgqueue_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_msgqueue_label\n", + strlen("mac_test_init_sysv_msgqueue_label\n")); LABEL_INIT(label, MAGIC_SYSV_MSQ); COUNTER_INC(init_sysv_msq_label); } @@ -225,6 +233,8 @@ static void mac_test_init_sysv_sem_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_sem_label\n", + strlen("mac_test_init_sysv_sem_label\n")); LABEL_INIT(label, MAGIC_SYSV_SEM); COUNTER_INC(init_sysv_sem_label); } @@ -233,6 +243,8 @@ static void mac_test_init_sysv_shm_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_shm_label\n", + strlen("mac_test_init_sysv_shm_label\n")); LABEL_INIT(label, MAGIC_SYSV_SHM); COUNTER_INC(init_sysv_shm_label); } @@ -241,7 +253,8 @@ static int mac_test_init_ipq_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_ipq_label\n", + strlen("mac_test_init_ipq_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_ipq_label() at %s:%d", __FILE__, @@ -256,7 +269,8 @@ static int mac_test_init_mbuf_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_mbuf_label\n", + strlen("mac_test_init_mbuf_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_mbuf_label() at %s:%d", __FILE__, @@ -271,7 +285,8 @@ static void mac_test_init_mount_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_mount_label\n", + strlen("mac_test_init_mount_label\n")); LABEL_INIT(label, MAGIC_MOUNT); COUNTER_INC(init_mount_label); } @@ -297,7 +312,8 @@ static int mac_test_init_socket_peer_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_socket_peer_label\n", + strlen("mac_test_init_socket_peer_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_socket_peer_label() at %s:%d", __FILE__, @@ -312,7 +328,8 @@ static void mac_test_init_pipe_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_pipe_label\n", + strlen("mac_test_init_pipe_label\n")); LABEL_INIT(label, MAGIC_PIPE); COUNTER_INC(init_pipe_label); } @@ -321,7 +338,8 @@ static void mac_test_init_posix_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_posix_sem_label\n", + strlen("mac_test_init_posix_sem_label\n")); LABEL_INIT(label, MAGIC_POSIX_SEM); COUNTER_INC(init_posix_sem_label); } @@ -330,7 +348,8 @@ static void mac_test_init_proc_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_proc_label\n", + strlen("mac_test_init_proc_label\n")); LABEL_INIT(label, MAGIC_PROC); COUNTER_INC(init_proc_label); } @@ -339,7 +358,8 @@ static void mac_test_init_vnode_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_vnode_label\n", + strlen("mac_test_init_vnode_label\n")); LABEL_INIT(label, MAGIC_VNODE); COUNTER_INC(init_vnode_label); } @@ -348,7 +368,8 @@ static void mac_test_destroy_bpfdesc_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_bpfdesc_label\n", + strlen("mac_test_destroy_bpfdesc_label\n")); LABEL_DESTROY(label, MAGIC_BPF); COUNTER_INC(destroy_bpfdesc_label); } @@ -357,7 +378,8 @@ static void mac_test_destroy_cred_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_cred_label\n", + strlen("mac_test_destroy_cred_label\n")); LABEL_DESTROY(label, MAGIC_CRED); COUNTER_INC(destroy_cred_label); } @@ -366,7 +388,8 @@ static void mac_test_destroy_devfs_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_devfs_label\n", + strlen("mac_test_destroy_devfs_label\n")); LABEL_DESTROY(label, MAGIC_DEVFS); COUNTER_INC(destroy_devfs_label); } @@ -375,7 +398,8 @@ static void mac_test_destroy_ifnet_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_ifnet_label\n", + strlen("mac_test_destroy_ifnet_label\n")); LABEL_DESTROY(label, MAGIC_IFNET); COUNTER_INC(destroy_ifnet_label); } @@ -384,7 +408,8 @@ static void mac_test_destroy_inpcb_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_inpcb_label\n", + strlen("mac_test_destroy_inpcb_label\n")); LABEL_DESTROY(label, MAGIC_INPCB); COUNTER_INC(destroy_inpcb_label); } @@ -393,7 +418,8 @@ static void mac_test_destroy_sysv_msgmsg_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_msgmsg_label\n", + strlen("mac_test_destroy_sysv_msgmsg__label\n")); LABEL_DESTROY(label, MAGIC_SYSV_MSG); COUNTER_INC(destroy_sysv_msg_label); } @@ -402,7 +428,8 @@ static void mac_test_destroy_sysv_msgqueue_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_msgqueue_label\n", + strlen("mac_test_destroy_sysv_msgqueue_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_MSQ); COUNTER_INC(destroy_sysv_msq_label); } @@ -411,7 +438,8 @@ static void mac_test_destroy_sysv_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_sem_label\n", + strlen("mac_test_destroy_sysv_sem_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_SEM); COUNTER_INC(destroy_sysv_sem_label); } @@ -420,7 +448,8 @@ static void mac_test_destroy_sysv_shm_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_shm_label\n", + strlen("mac_test_destroy_sysv_shm_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_SHM); COUNTER_INC(destroy_sysv_shm_label); } @@ -429,7 +458,8 @@ static void mac_test_destroy_ipq_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_ipq_label\n", + strlen("mac_test_destroy_ipq_label\n")); LABEL_DESTROY(label, MAGIC_IPQ); COUNTER_INC(destroy_ipq_label); } @@ -438,7 +468,8 @@ static void mac_test_destroy_mbuf_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_mbuf_label\n", + strlen("mac_test_destroy_mbuf_label\n")); /* * If we're loaded dynamically, there may be mbufs in flight that * didn't have label storage allocated for them. Handle this @@ -455,7 +486,8 @@ static void mac_test_destroy_mount_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_mount_label\n", + strlen("mac_test_destroy_mount_label\n")); LABEL_DESTROY(label, MAGIC_MOUNT); COUNTER_INC(destroy_mount_label); } @@ -464,7 +496,8 @@ static void mac_test_destroy_socket_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_socket_label\n", + strlen("mac_test_destroy_socket_label\n")); LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_label); } @@ -473,7 +506,8 @@ static void mac_test_destroy_socket_peer_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_socket_peer_label\n", + strlen("mac_test_destroy_socket_peer_label\n")); LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_peer_label); } @@ -482,7 +516,8 @@ static void mac_test_destroy_pipe_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_pipe_label\n", + strlen("mac_test_destroy_pipe_label\n")); LABEL_DESTROY(label, MAGIC_PIPE); COUNTER_INC(destroy_pipe_label); } @@ -491,7 +526,8 @@ static void mac_test_destroy_posix_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_posix_sem_label\n", + strlen("mac_test_destroy_posix_sem_label\n")); LABEL_DESTROY(label, MAGIC_POSIX_SEM); COUNTER_INC(destroy_posix_sem_label); } @@ -500,7 +536,8 @@ static void mac_test_destroy_proc_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_proc_label\n", + strlen("mac_test_destroy_proc_label\n")); LABEL_DESTROY(label, MAGIC_PROC); COUNTER_INC(destroy_proc_label); } @@ -509,7 +546,8 @@ static void mac_test_destroy_vnode_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_vnode_label\n", + strlen("mac_test_destroy_vnode_label\n")); LABEL_DESTROY(label, MAGIC_VNODE); COUNTER_INC(destroy_vnode_label); } @@ -518,7 +556,9 @@ static void mac_test_copy_cred_label(struct label *src, struct label *dest) { - + mactest_pipe_submit("mac_test_copy_cred_label\n", + strlen("mac_test_copy_cred_label\n")); + MACTEST_PIPE_SUBMIT_LABEL(cred,src); LABEL_CHECK(src, MAGIC_CRED); LABEL_CHECK(dest, MAGIC_CRED); COUNTER_INC(copy_cred_label); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 (text+ko) ==== @@ -46,7 +46,8 @@ #include <sys/signalvar.h> #include <sys/systm.h> #include <sys/uio.h> - +#include <sys/mac.h> +#include <sys/mbuf.h> #include <security/mac_test/mac_test_private.h> /* @@ -54,13 +55,6 @@ * mandatory access control test data */ -/* - * Memory types. - */ -static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes"); -static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent", - "mactest pipe entries and buffers"); - /* * mactest pipe buffer parameters. @@ -233,6 +227,7 @@ pgsigio(&mp->mp_sigio, SIGIO, 0); } +char *elements="?biba,?lomac,?mls,?sebsd"; /* * mactest_pipe_submit(): the mactest hooks submits mactest records via this * interface, which arranges for them to be delivered to pipe queues. @@ -258,6 +253,7 @@ } + /* * Pop the next record off of an mactest pipe. */ ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 (text+ko) ==== @@ -1,7 +1,37 @@ #ifndef _SECURITY_MAC_TEST_PRIVATE_H #define _SECURITY_MAC_TEST_PRIVATE_H - +#include <security/mac/mac_internal.h> void mactest_pipe_submit(void *record, u_int record_len); +extern char *elements; + +/* + * Memory types. + */ +static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes"); +static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent", + "mactest pipe entries and buffers"); + +#define MACTEST_PIPE_SUBMIT_LABEL(type,label) do { \ + int strleng = 0; \ + char *buffer; \ + char *elements1 = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \ + if (!elements1) \ + goto exit; \ + strcpy(elements1, elements); \ + buffer = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \ + if (!buffer) \ + goto exit1; \ + mac_externalize_##type##_label(label, elements1, \ + buffer, 256); \ + strleng = strlen(buffer); \ + *(buffer + strleng) = '\n'; \ + mactest_pipe_submit(buffer, strleng + 1); \ + free(buffer, M_MACTEST_PIPE); \ +exit1: \ + free(elements1, M_MACTEST_PIPE); \ +exit: \ + ;/*extra ; to avoid label at the end of compound statement*/ \ +}while(0) #endif /* ! _SECURITY_MAC_TEST_PRIVATE_H */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706110913.l5B9DfEr067126>