mac_mls.c (104546) | mac_mls.c (105606) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
37 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 104546 2002-10-06 02:46:26Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 105606 2002-10-21 04:15:40Z rwatson $ |
38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * MLS fixed label mandatory confidentiality policy. 43 */ 44 45#include <sys/types.h> --- 40 unchanged lines hidden (view full) --- 86SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW, 87 &mac_mls_enabled, 0, "Enforce MAC/MLS policy"); 88TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled); 89 90static int destroyed_not_inited; 91SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 92 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 93 | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * MLS fixed label mandatory confidentiality policy. 43 */ 44 45#include <sys/types.h> --- 40 unchanged lines hidden (view full) --- 86SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW, 87 &mac_mls_enabled, 0, "Enforce MAC/MLS policy"); 88TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled); 89 90static int destroyed_not_inited; 91SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 92 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 93 |
94static int ptys_equal = 0; 95SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW, 96 &ptys_equal, 0, "Label pty devices as mls/equal on create"); 97TUNABLE_INT("security.mac.mls.ptys_equal", &ptys_equal); 98 |
|
94static int mac_mls_revocation_enabled = 0; 95SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, 96 &mac_mls_revocation_enabled, 0, "Revoke access to objects on relabel"); 97TUNABLE_INT("security.mac.mls.revocation_enabled", 98 &mac_mls_revocation_enabled); 99 100static int mac_mls_slot; 101#define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr) --- 346 unchanged lines hidden (view full) --- 448 if (strcmp(dev->si_name, "null") == 0 || 449 strcmp(dev->si_name, "zero") == 0 || 450 strcmp(dev->si_name, "random") == 0 || 451 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 452 mls_type = MAC_MLS_TYPE_EQUAL; 453 else if (strcmp(dev->si_name, "kmem") == 0 || 454 strcmp(dev->si_name, "mem") == 0) 455 mls_type = MAC_MLS_TYPE_HIGH; | 99static int mac_mls_revocation_enabled = 0; 100SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, 101 &mac_mls_revocation_enabled, 0, "Revoke access to objects on relabel"); 102TUNABLE_INT("security.mac.mls.revocation_enabled", 103 &mac_mls_revocation_enabled); 104 105static int mac_mls_slot; 106#define SLOT(l) ((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr) --- 346 unchanged lines hidden (view full) --- 453 if (strcmp(dev->si_name, "null") == 0 || 454 strcmp(dev->si_name, "zero") == 0 || 455 strcmp(dev->si_name, "random") == 0 || 456 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 457 mls_type = MAC_MLS_TYPE_EQUAL; 458 else if (strcmp(dev->si_name, "kmem") == 0 || 459 strcmp(dev->si_name, "mem") == 0) 460 mls_type = MAC_MLS_TYPE_HIGH; |
461 else if (ptys_equal && 462 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 463 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 464 mls_type = MAC_MLS_TYPE_EQUAL; |
|
456 else 457 mls_type = MAC_MLS_TYPE_LOW; 458 mac_mls_set_single(mac_mls, mls_type, 0); 459} 460 461static void 462mac_mls_create_devfs_directory(char *dirname, int dirnamelen, 463 struct devfs_dirent *devfs_dirent, struct label *label) --- 1681 unchanged lines hidden --- | 465 else 466 mls_type = MAC_MLS_TYPE_LOW; 467 mac_mls_set_single(mac_mls, mls_type, 0); 468} 469 470static void 471mac_mls_create_devfs_directory(char *dirname, int dirnamelen, 472 struct devfs_dirent *devfs_dirent, struct label *label) --- 1681 unchanged lines hidden --- |