| mac_biba.c (109623) | mac_biba.c (110350) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 109623 2003-01-21 08:56:16Z alfred $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 110350 2003-02-04 21:00:51Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1079 unchanged lines hidden (view full) --- 1122} 1123 1124static void 1125mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1126{ 1127 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 1128 char tiflist[sizeof(trusted_interfaces)]; 1129 struct mac_biba *dest; | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1079 unchanged lines hidden (view full) --- 1122} 1123 1124static void 1125mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1126{ 1127 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 1128 char tiflist[sizeof(trusted_interfaces)]; 1129 struct mac_biba *dest; |
| 1130 int len, grade; | 1130 int len, type; |
| 1131 1132 dest = SLOT(ifnetlabel); 1133 1134 if (ifnet->if_type == IFT_LOOP) { | 1131 1132 dest = SLOT(ifnetlabel); 1133 1134 if (ifnet->if_type == IFT_LOOP) { |
| 1135 grade = MAC_BIBA_TYPE_EQUAL; | 1135 type = MAC_BIBA_TYPE_EQUAL; |
| 1136 goto set; 1137 } 1138 1139 if (trust_all_interfaces) { | 1136 goto set; 1137 } 1138 1139 if (trust_all_interfaces) { |
| 1140 grade = MAC_BIBA_TYPE_HIGH; | 1140 type = MAC_BIBA_TYPE_HIGH; |
| 1141 goto set; 1142 } 1143 | 1141 goto set; 1142 } 1143 |
| 1144 grade = MAC_BIBA_TYPE_LOW; | 1144 type = MAC_BIBA_TYPE_LOW; |
| 1145 1146 if (trusted_interfaces[0] == '\0' || 1147 !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1148 goto set; 1149 1150 bzero(tiflist, sizeof(tiflist)); 1151 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1152 if(*p != ' ' && *p != '\t') 1153 *q = *p; 1154 1155 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 1156 1157 for (p = q = tiflist;; p++) { 1158 if (*p == ',' || *p == '\0') { 1159 len = p - q; 1160 if (len < IFNAMSIZ) { 1161 bzero(tifname, sizeof(tifname)); 1162 bcopy(q, tifname, len); 1163 if (strcmp(tifname, ifname) == 0) { | 1145 1146 if (trusted_interfaces[0] == '\0' || 1147 !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1148 goto set; 1149 1150 bzero(tiflist, sizeof(tiflist)); 1151 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1152 if(*p != ' ' && *p != '\t') 1153 *q = *p; 1154 1155 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 1156 1157 for (p = q = tiflist;; p++) { 1158 if (*p == ',' || *p == '\0') { 1159 len = p - q; 1160 if (len < IFNAMSIZ) { 1161 bzero(tifname, sizeof(tifname)); 1162 bcopy(q, tifname, len); 1163 if (strcmp(tifname, ifname) == 0) { |
| 1164 grade = MAC_BIBA_TYPE_HIGH; | 1164 type = MAC_BIBA_TYPE_HIGH; |
| 1165 break; 1166 } 1167 } else { 1168 *p = '\0'; 1169 printf("mac_biba warning: interface name " 1170 "\"%s\" is too long (must be < %d)\n", 1171 q, IFNAMSIZ); 1172 } 1173 if (*p == '\0') 1174 break; 1175 q = p + 1; 1176 } 1177 } 1178set: | 1165 break; 1166 } 1167 } else { 1168 *p = '\0'; 1169 printf("mac_biba warning: interface name " 1170 "\"%s\" is too long (must be < %d)\n", 1171 q, IFNAMSIZ); 1172 } 1173 if (*p == '\0') 1174 break; 1175 q = p + 1; 1176 } 1177 } 1178set: |
| 1179 mac_biba_set_single(dest, grade, 0, NULL); 1180 mac_biba_set_range(dest, grade, 0, NULL, grade, 0, NULL); | 1179 mac_biba_set_single(dest, type, 0, NULL); 1180 mac_biba_set_range(dest, type, 0, NULL, type, 0, NULL); |
| 1181} 1182 1183static void 1184mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1185 struct ipq *ipq, struct label *ipqlabel) 1186{ 1187 struct mac_biba *source, *dest; 1188 --- 1483 unchanged lines hidden --- | 1181} 1182 1183static void 1184mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1185 struct ipq *ipq, struct label *ipqlabel) 1186{ 1187 struct mac_biba *source, *dest; 1188 --- 1483 unchanged lines hidden --- |