Date: Wed, 23 Nov 2005 21:25:01 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 87153 for review Message-ID: <200511232125.jANLP1L0094892@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=87153 Change 87153 by rwatson@rwatson_zoo on 2005/11/23 21:24:39 Simple module to trace devfs path information. Affected files ... .. //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 (text+ko) ==== @@ -1,9 +1,9 @@ -# $FreeBSD: src/sys/modules/mac_none/Makefile,v 1.2 2002/10/22 17:10:15 rwatson Exp $ +# $FreeBSD$ -.PATH: ${.CURDIR}/../../security/mac_none +.PATH: ${.CURDIR}/../../security/mac_devfs -KMOD= mac_none +KMOD= mac_devfs SRCS= vnode_if.h \ - mac_none.c + mac_devfs.c .include <bsd.kmod.mk> ==== //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 (text+ko) ==== @@ -1,15 +1,9 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. * - * This software was developed for the FreeBSD Project in part by Network - * Associates Laboratories, the Security Research Division of Network - * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), - * as part of the DARPA CHATS research program. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -31,15 +25,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.32 2005/09/19 18:52:50 phk Exp $ + * $FreeBSD$ */ /* * Developed by the TrustedBSD Project. - * - * Sample policy implementing no entry points; for performance measurement - * purposes only. If you're looking for a stub policy to base new policies - * on, try mac_stub. */ #include <sys/types.h> @@ -76,18 +66,53 @@ #include <sys/mac_policy.h> -SYSCTL_DECL(_security_mac); +static void +mac_devfs_associate_vnode_devfs(struct mount *mp, struct label *fslabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vlabel) +{ + +} + +static void +mac_devfs_create_devfs_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label, + const char *fullpath) +{ + + printf("mac_devfs_create_devfs_device(uid %d mp %s cdev %s " + "fullpath %s", cred != NULL ? cred->cr_uid : -1, + mp->mnt_stat.f_mntonname, dev->si_name, fullpath); +} + +static void +mac_devfs_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label, + const char *fullpath) +{ + + printf("mac_devfs_create_devfs_device(mp %s dirname %s fullpath %s", + mp->mnt_stat.f_mntonname, dirname, fullpath); +} -SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, - "TrustedBSD mac_none policy controls"); +static void +mac_devfs_create_devfs_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel, const char *fullpath) +{ -static int mac_none_enabled = 1; -SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, - &mac_none_enabled, 0, "Enforce none policy"); + printf("mac_devfs_create_devfs_device(uid %d mp %s fullpath %s", + cred != NULL ? cred->cr_uid : -1, mp->mnt_stat.f_mntonname, + fullpath); +} static struct mac_policy_ops mac_none_ops = { + .mpo_associate_vnode_devfs = mac_devfs_associate_vnode_devfs, + .mpo_create_devfs_device = mac_devfs_create_devfs_device, + .mpo_create_devfs_directory = mac_devfs_create_devfs_directory, + .mpo_create_devfs_symlink = mac_devfs_create_devfs_symlink, }; -MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/None", +MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/devfs", MPC_LOADTIME_FLAG_UNLOADOK, NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511232125.jANLP1L0094892>