| mac_lomac.c (168951) | mac_lomac.c (168954) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 168951 2007-04-22 15:31:22Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 168954 2007-04-22 16:18:10Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * Low-watermark floating label mandatory integrity policy. 41 */ 42 --- 901 unchanged lines hidden (view full) --- 944 source = SLOT(cred->cr_label); 945 dest = SLOT(delabel); 946 947 mac_lomac_copy_single(source, dest); 948} 949 950static void 951mac_lomac_create_mount(struct ucred *cred, struct mount *mp, | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * Low-watermark floating label mandatory integrity policy. 41 */ 42 --- 901 unchanged lines hidden (view full) --- 944 source = SLOT(cred->cr_label); 945 dest = SLOT(delabel); 946 947 mac_lomac_copy_single(source, dest); 948} 949 950static void 951mac_lomac_create_mount(struct ucred *cred, struct mount *mp, |
| 952 struct label *mntlabel, struct label *fslabel) | 952 struct label *mntlabel) |
| 953{ 954 struct mac_lomac *source, *dest; 955 956 source = SLOT(cred->cr_label); 957 dest = SLOT(mntlabel); 958 mac_lomac_copy_single(source, dest); | 953{ 954 struct mac_lomac *source, *dest; 955 956 source = SLOT(cred->cr_label); 957 dest = SLOT(mntlabel); 958 mac_lomac_copy_single(source, dest); |
| 959 dest = SLOT(fslabel); 960 mac_lomac_copy_single(source, dest); | |
| 961} 962 963static void 964mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp, 965 struct label *vnodelabel, struct label *label) 966{ 967 struct mac_lomac *source, *dest; 968 --- 12 unchanged lines hidden (view full) --- 981 982 source = SLOT(vnodelabel); 983 dest = SLOT(direntlabel); 984 985 mac_lomac_copy(source, dest); 986} 987 988static void | 959} 960 961static void 962mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp, 963 struct label *vnodelabel, struct label *label) 964{ 965 struct mac_lomac *source, *dest; 966 --- 12 unchanged lines hidden (view full) --- 979 980 source = SLOT(vnodelabel); 981 dest = SLOT(direntlabel); 982 983 mac_lomac_copy(source, dest); 984} 985 986static void |
| 989mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel, | 987mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, |
| 990 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 991 struct label *vlabel) 992{ 993 struct mac_lomac *source, *dest; 994 995 source = SLOT(delabel); 996 dest = SLOT(vlabel); 997 998 mac_lomac_copy_single(source, dest); 999} 1000 1001static int | 988 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 989 struct label *vlabel) 990{ 991 struct mac_lomac *source, *dest; 992 993 source = SLOT(delabel); 994 dest = SLOT(vlabel); 995 996 mac_lomac_copy_single(source, dest); 997} 998 999static int |
| 1002mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, | 1000mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, |
| 1003 struct vnode *vp, struct label *vlabel) 1004{ 1005 struct mac_lomac temp, *source, *dest; 1006 int buflen, error; 1007 | 1001 struct vnode *vp, struct label *vlabel) 1002{ 1003 struct mac_lomac temp, *source, *dest; 1004 int buflen, error; 1005 |
| 1008 source = SLOT(fslabel); | 1006 source = SLOT(mntlabel); |
| 1009 dest = SLOT(vlabel); 1010 1011 buflen = sizeof(temp); 1012 bzero(&temp, buflen); 1013 1014 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, 1015 MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread); 1016 if (error == ENOATTR || error == EOPNOTSUPP) { | 1007 dest = SLOT(vlabel); 1008 1009 buflen = sizeof(temp); 1010 bzero(&temp, buflen); 1011 1012 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, 1013 MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread); 1014 if (error == ENOATTR || error == EOPNOTSUPP) { |
| 1017 /* Fall back to the fslabel. */ | 1015 /* Fall back to the mntlabel. */ |
| 1018 mac_lomac_copy_single(source, dest); 1019 return (0); 1020 } else if (error) 1021 return (error); 1022 1023 if (buflen != sizeof(temp)) { 1024 if (buflen != sizeof(temp) - sizeof(temp.ml_auxsingle)) { 1025 printf("mac_lomac_associate_vnode_extattr: bad size %d\n", --- 16 unchanged lines hidden (view full) --- 1042 } 1043 1044 mac_lomac_copy_single(&temp, dest); 1045 return (0); 1046} 1047 1048static void 1049mac_lomac_associate_vnode_singlelabel(struct mount *mp, | 1016 mac_lomac_copy_single(source, dest); 1017 return (0); 1018 } else if (error) 1019 return (error); 1020 1021 if (buflen != sizeof(temp)) { 1022 if (buflen != sizeof(temp) - sizeof(temp.ml_auxsingle)) { 1023 printf("mac_lomac_associate_vnode_extattr: bad size %d\n", --- 16 unchanged lines hidden (view full) --- 1040 } 1041 1042 mac_lomac_copy_single(&temp, dest); 1043 return (0); 1044} 1045 1046static void 1047mac_lomac_associate_vnode_singlelabel(struct mount *mp, |
| 1050 struct label *fslabel, struct vnode *vp, struct label *vlabel) | 1048 struct label *mntlabel, struct vnode *vp, struct label *vlabel) |
| 1051{ 1052 struct mac_lomac *source, *dest; 1053 | 1049{ 1050 struct mac_lomac *source, *dest; 1051 |
| 1054 source = SLOT(fslabel); | 1052 source = SLOT(mntlabel); |
| 1055 dest = SLOT(vlabel); 1056 1057 mac_lomac_copy_single(source, dest); 1058} 1059 1060static int 1061mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, | 1053 dest = SLOT(vlabel); 1054 1055 mac_lomac_copy_single(source, dest); 1056} 1057 1058static int 1059mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, |
| 1062 struct label *fslabel, struct vnode *dvp, struct label *dlabel, | 1060 struct label *mntlabel, struct vnode *dvp, struct label *dlabel, |
| 1063 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 1064{ 1065 struct mac_lomac *source, *dest, *dir, temp; 1066 size_t buflen; 1067 int error; 1068 1069 buflen = sizeof(temp); 1070 bzero(&temp, buflen); --- 1757 unchanged lines hidden (view full) --- 2828 .mpo_init_cred_label = mac_lomac_init_label, 2829 .mpo_init_devfsdirent_label = mac_lomac_init_label, 2830 .mpo_init_ifnet_label = mac_lomac_init_label, 2831 .mpo_init_syncache_label = mac_lomac_init_label_waitcheck, 2832 .mpo_init_inpcb_label = mac_lomac_init_label_waitcheck, 2833 .mpo_init_ipq_label = mac_lomac_init_label_waitcheck, 2834 .mpo_init_mbuf_label = mac_lomac_init_label_waitcheck, 2835 .mpo_init_mount_label = mac_lomac_init_label, | 1061 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 1062{ 1063 struct mac_lomac *source, *dest, *dir, temp; 1064 size_t buflen; 1065 int error; 1066 1067 buflen = sizeof(temp); 1068 bzero(&temp, buflen); --- 1757 unchanged lines hidden (view full) --- 2826 .mpo_init_cred_label = mac_lomac_init_label, 2827 .mpo_init_devfsdirent_label = mac_lomac_init_label, 2828 .mpo_init_ifnet_label = mac_lomac_init_label, 2829 .mpo_init_syncache_label = mac_lomac_init_label_waitcheck, 2830 .mpo_init_inpcb_label = mac_lomac_init_label_waitcheck, 2831 .mpo_init_ipq_label = mac_lomac_init_label_waitcheck, 2832 .mpo_init_mbuf_label = mac_lomac_init_label_waitcheck, 2833 .mpo_init_mount_label = mac_lomac_init_label, |
| 2836 .mpo_init_mount_fs_label = mac_lomac_init_label, | |
| 2837 .mpo_init_pipe_label = mac_lomac_init_label, 2838 .mpo_init_proc_label = mac_lomac_init_proc_label, 2839 .mpo_init_socket_label = mac_lomac_init_label_waitcheck, 2840 .mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck, 2841 .mpo_init_vnode_label = mac_lomac_init_label, 2842 .mpo_init_syncache_from_inpcb = mac_lomac_init_syncache_from_inpcb, 2843 .mpo_destroy_bpfdesc_label = mac_lomac_destroy_label, 2844 .mpo_destroy_cred_label = mac_lomac_destroy_label, 2845 .mpo_destroy_devfsdirent_label = mac_lomac_destroy_label, 2846 .mpo_destroy_ifnet_label = mac_lomac_destroy_label, 2847 .mpo_destroy_inpcb_label = mac_lomac_destroy_label, 2848 .mpo_destroy_ipq_label = mac_lomac_destroy_label, 2849 .mpo_destroy_mbuf_label = mac_lomac_destroy_label, 2850 .mpo_destroy_mount_label = mac_lomac_destroy_label, | 2834 .mpo_init_pipe_label = mac_lomac_init_label, 2835 .mpo_init_proc_label = mac_lomac_init_proc_label, 2836 .mpo_init_socket_label = mac_lomac_init_label_waitcheck, 2837 .mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck, 2838 .mpo_init_vnode_label = mac_lomac_init_label, 2839 .mpo_init_syncache_from_inpcb = mac_lomac_init_syncache_from_inpcb, 2840 .mpo_destroy_bpfdesc_label = mac_lomac_destroy_label, 2841 .mpo_destroy_cred_label = mac_lomac_destroy_label, 2842 .mpo_destroy_devfsdirent_label = mac_lomac_destroy_label, 2843 .mpo_destroy_ifnet_label = mac_lomac_destroy_label, 2844 .mpo_destroy_inpcb_label = mac_lomac_destroy_label, 2845 .mpo_destroy_ipq_label = mac_lomac_destroy_label, 2846 .mpo_destroy_mbuf_label = mac_lomac_destroy_label, 2847 .mpo_destroy_mount_label = mac_lomac_destroy_label, |
| 2851 .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, | |
| 2852 .mpo_destroy_pipe_label = mac_lomac_destroy_label, 2853 .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, 2854 .mpo_destroy_syncache_label = mac_lomac_destroy_label, 2855 .mpo_destroy_socket_label = mac_lomac_destroy_label, 2856 .mpo_destroy_socket_peer_label = mac_lomac_destroy_label, 2857 .mpo_destroy_vnode_label = mac_lomac_destroy_label, 2858 .mpo_copy_cred_label = mac_lomac_copy_label, 2859 .mpo_copy_ifnet_label = mac_lomac_copy_label, --- 109 unchanged lines hidden --- | 2848 .mpo_destroy_pipe_label = mac_lomac_destroy_label, 2849 .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, 2850 .mpo_destroy_syncache_label = mac_lomac_destroy_label, 2851 .mpo_destroy_socket_label = mac_lomac_destroy_label, 2852 .mpo_destroy_socket_peer_label = mac_lomac_destroy_label, 2853 .mpo_destroy_vnode_label = mac_lomac_destroy_label, 2854 .mpo_copy_cred_label = mac_lomac_copy_label, 2855 .mpo_copy_ifnet_label = mac_lomac_copy_label, --- 109 unchanged lines hidden --- |