mac_biba.c (172970) | mac_biba.c (173018) |
---|---|
1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 172970 2007-10-25 14:37:37Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 173018 2007-10-26 13:18:38Z rwatson $ |
39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1216 unchanged lines hidden (view full) --- 1263 1264 source = SLOT(inplabel); 1265 dest = SLOT(mlabel); 1266 1267 biba_copy_effective(source, dest); 1268} 1269 1270static void | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1216 unchanged lines hidden (view full) --- 1263 1264 source = SLOT(inplabel); 1265 dest = SLOT(mlabel); 1266 1267 biba_copy_effective(source, dest); 1268} 1269 1270static void |
1271biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, | 1271biba_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, |
1272 struct mbuf *m, struct label *mlabel) 1273{ 1274 struct mac_biba *dest; 1275 1276 dest = SLOT(mlabel); 1277 1278 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1279} --- 87 unchanged lines hidden (view full) --- 1367 1368 source = SLOT(solabel); 1369 dest = SLOT(inplabel); 1370 1371 biba_copy(source, dest); 1372} 1373 1374static void | 1272 struct mbuf *m, struct label *mlabel) 1273{ 1274 struct mac_biba *dest; 1275 1276 dest = SLOT(mlabel); 1277 1278 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1279} --- 87 unchanged lines hidden (view full) --- 1367 1368 source = SLOT(solabel); 1369 dest = SLOT(inplabel); 1370 1371 biba_copy(source, dest); 1372} 1373 1374static void |
1375biba_mbuf_create_from_firewall(struct mbuf *m, struct label *label) | 1375biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) |
1376{ 1377 struct mac_biba *dest; 1378 | 1376{ 1377 struct mac_biba *dest; 1378 |
1379 dest = SLOT(label); | 1379 dest = SLOT(mlabel); |
1380 | 1380 |
1381 /* XXX: where is the label for the firewall really comming from? */ | 1381 /* XXX: where is the label for the firewall really coming from? */ |
1382 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1383} 1384 1385/* 1386 * Labeling event operations: processes. 1387 */ 1388static void 1389biba_proc_create_swapper(struct ucred *cred) --- 1925 unchanged lines hidden (view full) --- 3315 .mpo_ifnet_create = biba_ifnet_create, 3316 .mpo_inpcb_create = biba_inpcb_create, 3317 .mpo_sysvmsg_create = biba_sysvmsg_create, 3318 .mpo_sysvmsq_create = biba_sysvmsq_create, 3319 .mpo_sysvsem_create = biba_sysvsem_create, 3320 .mpo_sysvshm_create = biba_sysvshm_create, 3321 .mpo_ipq_create = biba_ipq_create, 3322 .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, | 1382 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1383} 1384 1385/* 1386 * Labeling event operations: processes. 1387 */ 1388static void 1389biba_proc_create_swapper(struct ucred *cred) --- 1925 unchanged lines hidden (view full) --- 3315 .mpo_ifnet_create = biba_ifnet_create, 3316 .mpo_inpcb_create = biba_inpcb_create, 3317 .mpo_sysvmsg_create = biba_sysvmsg_create, 3318 .mpo_sysvmsq_create = biba_sysvmsq_create, 3319 .mpo_sysvsem_create = biba_sysvsem_create, 3320 .mpo_sysvshm_create = biba_sysvshm_create, 3321 .mpo_ipq_create = biba_ipq_create, 3322 .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, |
3323 .mpo_create_mbuf_linklayer = biba_create_mbuf_linklayer, | 3323 .mpo_mbuf_create_linklayer = biba_mbuf_create_linklayer, |
3324 .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3325 .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3326 .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, 3327 .mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer, 3328 .mpo_ipq_match = biba_ipq_match, 3329 .mpo_ifnet_relabel = biba_ifnet_relabel, 3330 .mpo_ipq_update = biba_ipq_update, 3331 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, --- 75 unchanged lines hidden (view full) --- 3407 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3408 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3409 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3410 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3411 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3412 .mpo_vnode_check_stat = biba_vnode_check_stat, 3413 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3414 .mpo_vnode_check_write = biba_vnode_check_write, | 3324 .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3325 .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3326 .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, 3327 .mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer, 3328 .mpo_ipq_match = biba_ipq_match, 3329 .mpo_ifnet_relabel = biba_ifnet_relabel, 3330 .mpo_ipq_update = biba_ipq_update, 3331 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, --- 75 unchanged lines hidden (view full) --- 3407 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3408 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3409 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3410 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3411 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3412 .mpo_vnode_check_stat = biba_vnode_check_stat, 3413 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3414 .mpo_vnode_check_write = biba_vnode_check_write, |
3415 .mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall, | 3415 .mpo_netinet_firewall_send = biba_netinet_firewall_send, |
3416 .mpo_priv_check = biba_priv_check, 3417}; 3418 3419MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3420 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot); | 3416 .mpo_priv_check = biba_priv_check, 3417}; 3418 3419MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3420 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot); |