From owner-p4-projects@FreeBSD.ORG Mon Jun 11 09:13:43 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0C32E16A474; Mon, 11 Jun 2007 09:13:43 +0000 (UTC) X-Original-To: perforce@FreeBSD.org Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9740516A469 for ; Mon, 11 Jun 2007 09:13:42 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 8627F13C44C for ; Mon, 11 Jun 2007 09:13:42 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l5B9DgOa067138 for ; Mon, 11 Jun 2007 09:13:42 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l5B9DfEr067126 for perforce@freebsd.org; Mon, 11 Jun 2007 09:13:41 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Mon, 11 Jun 2007 09:13:41 GMT Message-Id: <200706110913.l5B9DfEr067126@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 121405 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2007 09:13:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=121405 Change 121405 by zhouzhouyi@zhouzhouyi_mactest on 2007/06/11 09:13:12 Sending the selected mac label slots in string form to user space by /dev/mactestpipe. Currently send all slots. Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 (text+ko) ==== @@ -60,7 +60,7 @@ #include #include #include - +#include #include #include @@ -71,7 +71,7 @@ #include #include -SYSCTL_DECL(_security_mac); +//SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, "TrustedBSD mac_test policy controls"); @@ -167,7 +167,8 @@ static void mac_test_init_cred_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_cred_label\n", + strlen("mac_test_init_cred_label\n")); LABEL_INIT(label, MAGIC_CRED); COUNTER_INC(init_cred_label); } @@ -176,7 +177,8 @@ static void mac_test_init_devfs_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_devfs_label\n", + strlen("mac_test_init_devfs_label\n")); LABEL_INIT(label, MAGIC_DEVFS); COUNTER_INC(init_devfs_label); } @@ -185,7 +187,8 @@ static void mac_test_init_ifnet_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_ifnet_label\n", + strlen("mac_test_init_ifnet_label\n")); LABEL_INIT(label, MAGIC_IFNET); COUNTER_INC(init_ifnet_label); } @@ -194,7 +197,8 @@ static int mac_test_init_inpcb_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_inpcb_label\n", + strlen("mac_test_init_inpcb_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_inpcb_label() at %s:%d", __FILE__, @@ -209,6 +213,8 @@ static void mac_test_init_sysv_msgmsg_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_msgmsg_label\n", + strlen("mac_test_init_sysv_msgmsg_label\n")); LABEL_INIT(label, MAGIC_SYSV_MSG); COUNTER_INC(init_sysv_msg_label); } @@ -217,6 +223,8 @@ static void mac_test_init_sysv_msgqueue_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_msgqueue_label\n", + strlen("mac_test_init_sysv_msgqueue_label\n")); LABEL_INIT(label, MAGIC_SYSV_MSQ); COUNTER_INC(init_sysv_msq_label); } @@ -225,6 +233,8 @@ static void mac_test_init_sysv_sem_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_sem_label\n", + strlen("mac_test_init_sysv_sem_label\n")); LABEL_INIT(label, MAGIC_SYSV_SEM); COUNTER_INC(init_sysv_sem_label); } @@ -233,6 +243,8 @@ static void mac_test_init_sysv_shm_label(struct label *label) { + mactest_pipe_submit("mac_test_init_sysv_shm_label\n", + strlen("mac_test_init_sysv_shm_label\n")); LABEL_INIT(label, MAGIC_SYSV_SHM); COUNTER_INC(init_sysv_shm_label); } @@ -241,7 +253,8 @@ static int mac_test_init_ipq_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_ipq_label\n", + strlen("mac_test_init_ipq_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_ipq_label() at %s:%d", __FILE__, @@ -256,7 +269,8 @@ static int mac_test_init_mbuf_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_mbuf_label\n", + strlen("mac_test_init_mbuf_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_mbuf_label() at %s:%d", __FILE__, @@ -271,7 +285,8 @@ static void mac_test_init_mount_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_mount_label\n", + strlen("mac_test_init_mount_label\n")); LABEL_INIT(label, MAGIC_MOUNT); COUNTER_INC(init_mount_label); } @@ -297,7 +312,8 @@ static int mac_test_init_socket_peer_label(struct label *label, int flag) { - + mactest_pipe_submit("mac_test_init_socket_peer_label\n", + strlen("mac_test_init_socket_peer_label\n")); if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "mac_test_init_socket_peer_label() at %s:%d", __FILE__, @@ -312,7 +328,8 @@ static void mac_test_init_pipe_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_pipe_label\n", + strlen("mac_test_init_pipe_label\n")); LABEL_INIT(label, MAGIC_PIPE); COUNTER_INC(init_pipe_label); } @@ -321,7 +338,8 @@ static void mac_test_init_posix_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_posix_sem_label\n", + strlen("mac_test_init_posix_sem_label\n")); LABEL_INIT(label, MAGIC_POSIX_SEM); COUNTER_INC(init_posix_sem_label); } @@ -330,7 +348,8 @@ static void mac_test_init_proc_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_proc_label\n", + strlen("mac_test_init_proc_label\n")); LABEL_INIT(label, MAGIC_PROC); COUNTER_INC(init_proc_label); } @@ -339,7 +358,8 @@ static void mac_test_init_vnode_label(struct label *label) { - + mactest_pipe_submit("mac_test_init_vnode_label\n", + strlen("mac_test_init_vnode_label\n")); LABEL_INIT(label, MAGIC_VNODE); COUNTER_INC(init_vnode_label); } @@ -348,7 +368,8 @@ static void mac_test_destroy_bpfdesc_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_bpfdesc_label\n", + strlen("mac_test_destroy_bpfdesc_label\n")); LABEL_DESTROY(label, MAGIC_BPF); COUNTER_INC(destroy_bpfdesc_label); } @@ -357,7 +378,8 @@ static void mac_test_destroy_cred_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_cred_label\n", + strlen("mac_test_destroy_cred_label\n")); LABEL_DESTROY(label, MAGIC_CRED); COUNTER_INC(destroy_cred_label); } @@ -366,7 +388,8 @@ static void mac_test_destroy_devfs_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_devfs_label\n", + strlen("mac_test_destroy_devfs_label\n")); LABEL_DESTROY(label, MAGIC_DEVFS); COUNTER_INC(destroy_devfs_label); } @@ -375,7 +398,8 @@ static void mac_test_destroy_ifnet_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_ifnet_label\n", + strlen("mac_test_destroy_ifnet_label\n")); LABEL_DESTROY(label, MAGIC_IFNET); COUNTER_INC(destroy_ifnet_label); } @@ -384,7 +408,8 @@ static void mac_test_destroy_inpcb_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_inpcb_label\n", + strlen("mac_test_destroy_inpcb_label\n")); LABEL_DESTROY(label, MAGIC_INPCB); COUNTER_INC(destroy_inpcb_label); } @@ -393,7 +418,8 @@ static void mac_test_destroy_sysv_msgmsg_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_msgmsg_label\n", + strlen("mac_test_destroy_sysv_msgmsg__label\n")); LABEL_DESTROY(label, MAGIC_SYSV_MSG); COUNTER_INC(destroy_sysv_msg_label); } @@ -402,7 +428,8 @@ static void mac_test_destroy_sysv_msgqueue_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_msgqueue_label\n", + strlen("mac_test_destroy_sysv_msgqueue_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_MSQ); COUNTER_INC(destroy_sysv_msq_label); } @@ -411,7 +438,8 @@ static void mac_test_destroy_sysv_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_sem_label\n", + strlen("mac_test_destroy_sysv_sem_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_SEM); COUNTER_INC(destroy_sysv_sem_label); } @@ -420,7 +448,8 @@ static void mac_test_destroy_sysv_shm_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_sysv_shm_label\n", + strlen("mac_test_destroy_sysv_shm_label\n")); LABEL_DESTROY(label, MAGIC_SYSV_SHM); COUNTER_INC(destroy_sysv_shm_label); } @@ -429,7 +458,8 @@ static void mac_test_destroy_ipq_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_ipq_label\n", + strlen("mac_test_destroy_ipq_label\n")); LABEL_DESTROY(label, MAGIC_IPQ); COUNTER_INC(destroy_ipq_label); } @@ -438,7 +468,8 @@ static void mac_test_destroy_mbuf_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_mbuf_label\n", + strlen("mac_test_destroy_mbuf_label\n")); /* * If we're loaded dynamically, there may be mbufs in flight that * didn't have label storage allocated for them. Handle this @@ -455,7 +486,8 @@ static void mac_test_destroy_mount_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_mount_label\n", + strlen("mac_test_destroy_mount_label\n")); LABEL_DESTROY(label, MAGIC_MOUNT); COUNTER_INC(destroy_mount_label); } @@ -464,7 +496,8 @@ static void mac_test_destroy_socket_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_socket_label\n", + strlen("mac_test_destroy_socket_label\n")); LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_label); } @@ -473,7 +506,8 @@ static void mac_test_destroy_socket_peer_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_socket_peer_label\n", + strlen("mac_test_destroy_socket_peer_label\n")); LABEL_DESTROY(label, MAGIC_SOCKET); COUNTER_INC(destroy_socket_peer_label); } @@ -482,7 +516,8 @@ static void mac_test_destroy_pipe_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_pipe_label\n", + strlen("mac_test_destroy_pipe_label\n")); LABEL_DESTROY(label, MAGIC_PIPE); COUNTER_INC(destroy_pipe_label); } @@ -491,7 +526,8 @@ static void mac_test_destroy_posix_sem_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_posix_sem_label\n", + strlen("mac_test_destroy_posix_sem_label\n")); LABEL_DESTROY(label, MAGIC_POSIX_SEM); COUNTER_INC(destroy_posix_sem_label); } @@ -500,7 +536,8 @@ static void mac_test_destroy_proc_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_proc_label\n", + strlen("mac_test_destroy_proc_label\n")); LABEL_DESTROY(label, MAGIC_PROC); COUNTER_INC(destroy_proc_label); } @@ -509,7 +546,8 @@ static void mac_test_destroy_vnode_label(struct label *label) { - + mactest_pipe_submit("mac_test_destroy_vnode_label\n", + strlen("mac_test_destroy_vnode_label\n")); LABEL_DESTROY(label, MAGIC_VNODE); COUNTER_INC(destroy_vnode_label); } @@ -518,7 +556,9 @@ static void mac_test_copy_cred_label(struct label *src, struct label *dest) { - + mactest_pipe_submit("mac_test_copy_cred_label\n", + strlen("mac_test_copy_cred_label\n")); + MACTEST_PIPE_SUBMIT_LABEL(cred,src); LABEL_CHECK(src, MAGIC_CRED); LABEL_CHECK(dest, MAGIC_CRED); COUNTER_INC(copy_cred_label); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 (text+ko) ==== @@ -46,7 +46,8 @@ #include #include #include - +#include +#include #include /* @@ -54,13 +55,6 @@ * mandatory access control test data */ -/* - * Memory types. - */ -static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes"); -static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent", - "mactest pipe entries and buffers"); - /* * mactest pipe buffer parameters. @@ -233,6 +227,7 @@ pgsigio(&mp->mp_sigio, SIGIO, 0); } +char *elements="?biba,?lomac,?mls,?sebsd"; /* * mactest_pipe_submit(): the mactest hooks submits mactest records via this * interface, which arranges for them to be delivered to pipe queues. @@ -258,6 +253,7 @@ } + /* * Pop the next record off of an mactest pipe. */ ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 (text+ko) ==== @@ -1,7 +1,37 @@ #ifndef _SECURITY_MAC_TEST_PRIVATE_H #define _SECURITY_MAC_TEST_PRIVATE_H - +#include void mactest_pipe_submit(void *record, u_int record_len); +extern char *elements; + +/* + * Memory types. + */ +static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes"); +static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent", + "mactest pipe entries and buffers"); + +#define MACTEST_PIPE_SUBMIT_LABEL(type,label) do { \ + int strleng = 0; \ + char *buffer; \ + char *elements1 = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \ + if (!elements1) \ + goto exit; \ + strcpy(elements1, elements); \ + buffer = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \ + if (!buffer) \ + goto exit1; \ + mac_externalize_##type##_label(label, elements1, \ + buffer, 256); \ + strleng = strlen(buffer); \ + *(buffer + strleng) = '\n'; \ + mactest_pipe_submit(buffer, strleng + 1); \ + free(buffer, M_MACTEST_PIPE); \ +exit1: \ + free(elements1, M_MACTEST_PIPE); \ +exit: \ + ;/*extra ; to avoid label at the end of compound statement*/ \ +}while(0) #endif /* ! _SECURITY_MAC_TEST_PRIVATE_H */