From owner-p4-projects@FreeBSD.ORG Thu Jul 7 18:16:00 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9F0DD16A420; Thu, 7 Jul 2005 18:15:59 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B01316A41F for ; Thu, 7 Jul 2005 18:15:59 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3CE843D49 for ; Thu, 7 Jul 2005 18:15:58 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j67IFwGi081717 for ; Thu, 7 Jul 2005 18:15:58 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j67IFwMQ081714 for perforce@freebsd.org; Thu, 7 Jul 2005 18:15:58 GMT (envelope-from areisse@nailabs.com) Date: Thu, 7 Jul 2005 18:15:58 GMT Message-Id: <200507071815.j67IFwMQ081714@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Cc: Subject: PERFORCE change 79715 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jul 2005 18:16:00 -0000 http://perforce.freebsd.org/chv.cgi?CH=79715 Change 79715 by areisse@areisse_ibook on 2005/07/07 18:15:52 Fix a mis-merge. Remove binary package steps from the makefile as it is not supported yet. Add the new entry points (and documentation) to mac_policy.h. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/Makefile#3 (text+ko) ==== @@ -19,8 +19,7 @@ cd release && make dmg clean: - rm *.dmg - cd release && make packageclean + rm -f *.dmg cd release && make distclean cd darwin && make clean for i in $(BUILD_MODULES); do cd $$i && make clean && cd ..; done ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#9 (text+ko) ==== @@ -150,6 +150,7 @@ @param p Calling process @param call Policy-specific syscall number @param arg Pointer to syscall arguments + @param retval Pointer to store actual return value in This entry point provides a policy-multiplexed system call so that policies may provide additional services to user processes without @@ -175,7 +176,8 @@ typedef int mpo_syscall_t( struct proc *p, int call, - void *arg + void *arg, + int *retval ); /*@}*/ @@ -1703,6 +1705,30 @@ struct ucred *cred, struct label *newlabel ); + +/** + @brief Request label for new (userspace) object + @param subj Subject label + @param obj Parent or existing object label + @param serv Name of service + @param out Computed label + + Ask the loaded policies to compute a label based on the two input labels + and the service name. There is currently no standard for the service name, + or even what the input labels represent (Subject and parent object are only + a suggestion). If successful, the computed label is stored in out. All labels + must be port (or task) labels. The userspace interfaces to this entry point + allow label handles (ports) to be provided. + + @return 0 on success, or an errno value for failure. +*/ + +typedef int mpo_request_object_label_t( + struct label *subj, + struct label *obj, + const char *serv, + struct label *out +); /*@}*/ /** @@ -1994,6 +2020,30 @@ ); /** + @brief Compute access control check for a Mach message-based service + @param task Sender's task label + @param port Destination port label + @param msgid Message id + + Access control computation for message-based services. This entry point + computes permission to the service requested by the specified port and message + id, for example a single MiG server routine, and is unrelated to the access + check for sending messages to ports (but that check must succeed for the + message to be sent to the destination). The result of this access computation + is stored in the message trailer field msgh_ad (only if requested by the + recipient); it does not actually inhibit the message from being sent or + received. + + @return 0 for access granted, nonzero for access denied. +*/ + +typedef int mpo_check_ipc_method_t( + struct label *task, + struct label *port, + int msgid +); + +/** @brief Access control check for POSIX semaphore create @param cred Subject credential @param name String name of the semaphore @@ -3934,6 +3984,8 @@ mpo_create_proc1_t *mpo_create_proc1; mpo_relabel_cred_t *mpo_relabel_cred; + mpo_request_object_label_t *mpo_request_object_label; + /* * Access control checks. */ @@ -3950,6 +4002,7 @@ mpo_check_fcntl_t *mpo_check_fcntl; mpo_check_get_fd_t *mpo_check_get_fd; mpo_check_ioctl_t *mpo_check_ioctl; + mpo_check_ipc_method_t *mpo_check_ipc_method; mpo_check_posix_sem_create_t *mpo_check_posix_sem_create; mpo_check_posix_sem_open_t *mpo_check_posix_sem_open; mpo_check_posix_sem_post_t *mpo_check_posix_sem_post; ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/osfmk/ipc/ipc_kmsg.c#4 (text+ko) ==== @@ -726,6 +726,7 @@ kmsg->ikm_sender = cur->label; } else + trailer->msgh_labels.sender = 0; #else trailer->msgh_labels.sender = 0; #endif