| mac_test.c (168951) | mac_test.c (168954) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by McAfee --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by McAfee --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 168951 2007-04-22 15:31:22Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 168954 2007-04-22 16:18:10Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * MAC Test policy - tests MAC Framework labeling by assigning object class 41 * magic numbers to each label and validates that each time an object label 42 * is passed into the policy, it has a consistent object type, catching --- 220 unchanged lines hidden (view full) --- 263static void 264mac_test_init_mount_label(struct label *label) 265{ 266 267 LABEL_INIT(label, MAGIC_MOUNT); 268 COUNTER_INC(init_mount_label); 269} 270 | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * MAC Test policy - tests MAC Framework labeling by assigning object class 41 * magic numbers to each label and validates that each time an object label 42 * is passed into the policy, it has a consistent object type, catching --- 220 unchanged lines hidden (view full) --- 263static void 264mac_test_init_mount_label(struct label *label) 265{ 266 267 LABEL_INIT(label, MAGIC_MOUNT); 268 COUNTER_INC(init_mount_label); 269} 270 |
| 271COUNTER_DECL(init_mount_fs_label); 272static void 273mac_test_init_mount_fs_label(struct label *label) 274{ 275 276 LABEL_INIT(label, MAGIC_MOUNT); 277 COUNTER_INC(init_mount_fs_label); 278} 279 | |
| 280COUNTER_DECL(init_socket_label); 281static int 282mac_test_init_socket_label(struct label *label, int flag) 283{ 284 285 if (flag & M_WAITOK) 286 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 287 "mac_test_init_socket_label() at %s:%d", __FILE__, --- 166 unchanged lines hidden (view full) --- 454static void 455mac_test_destroy_mount_label(struct label *label) 456{ 457 458 LABEL_DESTROY(label, MAGIC_MOUNT); 459 COUNTER_INC(destroy_mount_label); 460} 461 | 271COUNTER_DECL(init_socket_label); 272static int 273mac_test_init_socket_label(struct label *label, int flag) 274{ 275 276 if (flag & M_WAITOK) 277 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 278 "mac_test_init_socket_label() at %s:%d", __FILE__, --- 166 unchanged lines hidden (view full) --- 445static void 446mac_test_destroy_mount_label(struct label *label) 447{ 448 449 LABEL_DESTROY(label, MAGIC_MOUNT); 450 COUNTER_INC(destroy_mount_label); 451} 452 |
| 462COUNTER_DECL(destroy_mount_fs_label); 463static void 464mac_test_destroy_mount_fs_label(struct label *label) 465{ 466 467 LABEL_DESTROY(label, MAGIC_MOUNT); 468 COUNTER_INC(destroy_mount_fs_label); 469} 470 | |
| 471COUNTER_DECL(destroy_socket_label); 472static void 473mac_test_destroy_socket_label(struct label *label) 474{ 475 476 LABEL_DESTROY(label, MAGIC_SOCKET); 477 COUNTER_INC(destroy_socket_label); 478} --- 128 unchanged lines hidden (view full) --- 607} 608 609/* 610 * Labeling event operations: file system objects, and things that look 611 * a lot like file system objects. 612 */ 613COUNTER_DECL(associate_vnode_devfs); 614static void | 453COUNTER_DECL(destroy_socket_label); 454static void 455mac_test_destroy_socket_label(struct label *label) 456{ 457 458 LABEL_DESTROY(label, MAGIC_SOCKET); 459 COUNTER_INC(destroy_socket_label); 460} --- 128 unchanged lines hidden (view full) --- 589} 590 591/* 592 * Labeling event operations: file system objects, and things that look 593 * a lot like file system objects. 594 */ 595COUNTER_DECL(associate_vnode_devfs); 596static void |
| 615mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel, | 597mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, |
| 616 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 617 struct label *vlabel) 618{ 619 | 598 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 599 struct label *vlabel) 600{ 601 |
| 620 LABEL_CHECK(fslabel, MAGIC_MOUNT); | 602 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
| 621 LABEL_CHECK(delabel, MAGIC_DEVFS); 622 LABEL_CHECK(vlabel, MAGIC_VNODE); 623 COUNTER_INC(associate_vnode_devfs); 624} 625 626COUNTER_DECL(associate_vnode_extattr); 627static int | 603 LABEL_CHECK(delabel, MAGIC_DEVFS); 604 LABEL_CHECK(vlabel, MAGIC_VNODE); 605 COUNTER_INC(associate_vnode_devfs); 606} 607 608COUNTER_DECL(associate_vnode_extattr); 609static int |
| 628mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel, | 610mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, |
| 629 struct vnode *vp, struct label *vlabel) 630{ 631 | 611 struct vnode *vp, struct label *vlabel) 612{ 613 |
| 632 LABEL_CHECK(fslabel, MAGIC_MOUNT); | 614 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
| 633 LABEL_CHECK(vlabel, MAGIC_VNODE); 634 COUNTER_INC(associate_vnode_extattr); 635 636 return (0); 637} 638 639COUNTER_DECL(associate_vnode_singlelabel); 640static void 641mac_test_associate_vnode_singlelabel(struct mount *mp, | 615 LABEL_CHECK(vlabel, MAGIC_VNODE); 616 COUNTER_INC(associate_vnode_extattr); 617 618 return (0); 619} 620 621COUNTER_DECL(associate_vnode_singlelabel); 622static void 623mac_test_associate_vnode_singlelabel(struct mount *mp, |
| 642 struct label *fslabel, struct vnode *vp, struct label *vlabel) | 624 struct label *mntlabel, struct vnode *vp, struct label *vlabel) |
| 643{ 644 | 625{ 626 |
| 645 LABEL_CHECK(fslabel, MAGIC_MOUNT); | 627 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
| 646 LABEL_CHECK(vlabel, MAGIC_VNODE); 647 COUNTER_INC(associate_vnode_singlelabel); 648} 649 650COUNTER_DECL(create_devfs_device); 651static void 652mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, 653 struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) --- 26 unchanged lines hidden (view full) --- 680 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 681 LABEL_CHECK(delabel, MAGIC_DEVFS); 682 COUNTER_INC(create_devfs_symlink); 683} 684 685COUNTER_DECL(create_vnode_extattr); 686static int 687mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, | 628 LABEL_CHECK(vlabel, MAGIC_VNODE); 629 COUNTER_INC(associate_vnode_singlelabel); 630} 631 632COUNTER_DECL(create_devfs_device); 633static void 634mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, 635 struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) --- 26 unchanged lines hidden (view full) --- 662 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 663 LABEL_CHECK(delabel, MAGIC_DEVFS); 664 COUNTER_INC(create_devfs_symlink); 665} 666 667COUNTER_DECL(create_vnode_extattr); 668static int 669mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, |
| 688 struct label *fslabel, struct vnode *dvp, struct label *dlabel, | 670 struct label *mntlabel, struct vnode *dvp, struct label *dlabel, |
| 689 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 690{ 691 692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); | 671 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 672{ 673 674 LABEL_CHECK(cred->cr_label, MAGIC_CRED); |
| 693 LABEL_CHECK(fslabel, MAGIC_MOUNT); | 675 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
| 694 LABEL_CHECK(dlabel, MAGIC_VNODE); 695 COUNTER_INC(create_vnode_extattr); 696 697 return (0); 698} 699 700COUNTER_DECL(create_mount); 701static void 702mac_test_create_mount(struct ucred *cred, struct mount *mp, | 676 LABEL_CHECK(dlabel, MAGIC_VNODE); 677 COUNTER_INC(create_vnode_extattr); 678 679 return (0); 680} 681 682COUNTER_DECL(create_mount); 683static void 684mac_test_create_mount(struct ucred *cred, struct mount *mp, |
| 703 struct label *mntlabel, struct label *fslabel) | 685 struct label *mntlabel) |
| 704{ 705 706 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 707 LABEL_CHECK(mntlabel, MAGIC_MOUNT); | 686{ 687 688 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 689 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
| 708 LABEL_CHECK(fslabel, MAGIC_MOUNT); | |
| 709 COUNTER_INC(create_mount); 710} 711 712COUNTER_DECL(relabel_vnode); 713static void 714mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, 715 struct label *vnodelabel, struct label *label) 716{ --- 1768 unchanged lines hidden (view full) --- 2485 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label, 2486 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label, 2487 .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label, 2488 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label, 2489 .mpo_init_inpcb_label = mac_test_init_inpcb_label, 2490 .mpo_init_ipq_label = mac_test_init_ipq_label, 2491 .mpo_init_mbuf_label = mac_test_init_mbuf_label, 2492 .mpo_init_mount_label = mac_test_init_mount_label, | 690 COUNTER_INC(create_mount); 691} 692 693COUNTER_DECL(relabel_vnode); 694static void 695mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, 696 struct label *vnodelabel, struct label *label) 697{ --- 1768 unchanged lines hidden (view full) --- 2466 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label, 2467 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label, 2468 .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label, 2469 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label, 2470 .mpo_init_inpcb_label = mac_test_init_inpcb_label, 2471 .mpo_init_ipq_label = mac_test_init_ipq_label, 2472 .mpo_init_mbuf_label = mac_test_init_mbuf_label, 2473 .mpo_init_mount_label = mac_test_init_mount_label, |
| 2493 .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, | |
| 2494 .mpo_init_pipe_label = mac_test_init_pipe_label, 2495 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, 2496 .mpo_init_proc_label = mac_test_init_proc_label, 2497 .mpo_init_socket_label = mac_test_init_socket_label, 2498 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, 2499 .mpo_init_vnode_label = mac_test_init_vnode_label, 2500 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label, 2501 .mpo_destroy_cred_label = mac_test_destroy_cred_label, 2502 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label, 2503 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label, 2504 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label, 2505 .mpo_destroy_sysv_msgqueue_label = 2506 mac_test_destroy_sysv_msgqueue_label, 2507 .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label, 2508 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label, 2509 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label, 2510 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, 2511 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, 2512 .mpo_destroy_mount_label = mac_test_destroy_mount_label, | 2474 .mpo_init_pipe_label = mac_test_init_pipe_label, 2475 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, 2476 .mpo_init_proc_label = mac_test_init_proc_label, 2477 .mpo_init_socket_label = mac_test_init_socket_label, 2478 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, 2479 .mpo_init_vnode_label = mac_test_init_vnode_label, 2480 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label, 2481 .mpo_destroy_cred_label = mac_test_destroy_cred_label, 2482 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label, 2483 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label, 2484 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label, 2485 .mpo_destroy_sysv_msgqueue_label = 2486 mac_test_destroy_sysv_msgqueue_label, 2487 .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label, 2488 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label, 2489 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label, 2490 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, 2491 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, 2492 .mpo_destroy_mount_label = mac_test_destroy_mount_label, |
| 2513 .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, | |
| 2514 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, 2515 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, 2516 .mpo_destroy_proc_label = mac_test_destroy_proc_label, 2517 .mpo_destroy_socket_label = mac_test_destroy_socket_label, 2518 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, 2519 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, 2520 .mpo_copy_cred_label = mac_test_copy_cred_label, 2521 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label, --- 175 unchanged lines hidden --- | 2493 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, 2494 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, 2495 .mpo_destroy_proc_label = mac_test_destroy_proc_label, 2496 .mpo_destroy_socket_label = mac_test_destroy_socket_label, 2497 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, 2498 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, 2499 .mpo_copy_cred_label = mac_test_copy_cred_label, 2500 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label, --- 175 unchanged lines hidden --- |