| mac_biba.c (104569) | mac_biba.c (105606) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
| 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 104569 2002-10-06 13:11:01Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 105606 2002-10-21 04:15:40Z rwatson $ |
| 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 51 unchanged lines hidden (view full) --- 97TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 98 99static char trusted_interfaces[128]; 100SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 101 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 102TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 103 sizeof(trusted_interfaces)); 104 | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 51 unchanged lines hidden (view full) --- 97TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 98 99static char trusted_interfaces[128]; 100SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 101 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 102TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 103 sizeof(trusted_interfaces)); 104 |
| 105static int ptys_equal = 0; 106SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, 107 &ptys_equal, 0, "Label pty devices as biba/equal on create"); 108TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 109 |
|
| 105static int mac_biba_revocation_enabled = 0; 106SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 107 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 108TUNABLE_INT("security.mac.biba.revocation_enabled", 109 &mac_biba_revocation_enabled); 110 111static int mac_biba_slot; 112#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) --- 343 unchanged lines hidden (view full) --- 456 int biba_type; 457 458 mac_biba = SLOT(label); 459 if (strcmp(dev->si_name, "null") == 0 || 460 strcmp(dev->si_name, "zero") == 0 || 461 strcmp(dev->si_name, "random") == 0 || 462 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 463 biba_type = MAC_BIBA_TYPE_EQUAL; | 110static int mac_biba_revocation_enabled = 0; 111SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 112 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 113TUNABLE_INT("security.mac.biba.revocation_enabled", 114 &mac_biba_revocation_enabled); 115 116static int mac_biba_slot; 117#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) --- 343 unchanged lines hidden (view full) --- 461 int biba_type; 462 463 mac_biba = SLOT(label); 464 if (strcmp(dev->si_name, "null") == 0 || 465 strcmp(dev->si_name, "zero") == 0 || 466 strcmp(dev->si_name, "random") == 0 || 467 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 468 biba_type = MAC_BIBA_TYPE_EQUAL; |
| 469 else if (ptys_equal && 470 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 471 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 472 biba_type = MAC_BIBA_TYPE_EQUAL; |
|
| 464 else 465 biba_type = MAC_BIBA_TYPE_HIGH; 466 mac_biba_set_single(mac_biba, biba_type, 0); 467} 468 469static void 470mac_biba_create_devfs_directory(char *dirname, int dirnamelen, 471 struct devfs_dirent *devfs_dirent, struct label *label) --- 1711 unchanged lines hidden --- | 473 else 474 biba_type = MAC_BIBA_TYPE_HIGH; 475 mac_biba_set_single(mac_biba, biba_type, 0); 476} 477 478static void 479mac_biba_create_devfs_directory(char *dirname, int dirnamelen, 480 struct devfs_dirent *devfs_dirent, struct label *label) --- 1711 unchanged lines hidden --- |