| mac_test.c (104546) | mac_test.c (105696) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
| 37 * $FreeBSD: head/sys/security/mac_test/mac_test.c 104546 2002-10-06 02:46:26Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_test/mac_test.c 105696 2002-10-22 14:31:34Z rwatson $ |
| 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> --- 37 unchanged lines hidden (view full) --- 83#define DEVFSMAGIC 0x9ee79c32 84#define IFNETMAGIC 0xc218b120 85#define IPQMAGIC 0x206188ef 86#define MBUFMAGIC 0xbbefa5bb 87#define MOUNTMAGIC 0xc7c46e47 88#define SOCKETMAGIC 0x9199c6cd 89#define PIPEMAGIC 0xdc6c9919 90#define CREDMAGIC 0x9a5a4987 | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> --- 37 unchanged lines hidden (view full) --- 83#define DEVFSMAGIC 0x9ee79c32 84#define IFNETMAGIC 0xc218b120 85#define IPQMAGIC 0x206188ef 86#define MBUFMAGIC 0xbbefa5bb 87#define MOUNTMAGIC 0xc7c46e47 88#define SOCKETMAGIC 0x9199c6cd 89#define PIPEMAGIC 0xdc6c9919 90#define CREDMAGIC 0x9a5a4987 |
| 91#define TEMPMAGIC 0x70336678 | |
| 92#define VNODEMAGIC 0x1a67a45c 93#define EXMAGIC 0x849ba1fd 94 95#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long 96static int test_slot; 97SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 98 &test_slot, 0, "Slot allocated by framework"); 99 --- 26 unchanged lines hidden (view full) --- 126 &init_count_socket, 0, "socket init calls"); 127static int init_count_socket_peerlabel; 128SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel, 129 CTLFLAG_RD, &init_count_socket_peerlabel, 0, 130 "socket_peerlabel init calls"); 131static int init_count_pipe; 132SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, 133 &init_count_pipe, 0, "pipe init calls"); | 91#define VNODEMAGIC 0x1a67a45c 92#define EXMAGIC 0x849ba1fd 93 94#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long 95static int test_slot; 96SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 97 &test_slot, 0, "Slot allocated by framework"); 98 --- 26 unchanged lines hidden (view full) --- 125 &init_count_socket, 0, "socket init calls"); 126static int init_count_socket_peerlabel; 127SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel, 128 CTLFLAG_RD, &init_count_socket_peerlabel, 0, 129 "socket_peerlabel init calls"); 130static int init_count_pipe; 131SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, 132 &init_count_pipe, 0, "pipe init calls"); |
| 134static int init_count_temp; 135SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD, 136 &init_count_temp, 0, "temp init calls"); | |
| 137static int init_count_vnode; 138SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD, 139 &init_count_vnode, 0, "vnode init calls"); 140 141static int destroy_count_bpfdesc; 142SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD, 143 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls"); 144static int destroy_count_cred; --- 23 unchanged lines hidden (view full) --- 168 &destroy_count_socket, 0, "socket destroy calls"); 169static int destroy_count_socket_peerlabel; 170SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel, 171 CTLFLAG_RD, &destroy_count_socket_peerlabel, 0, 172 "socket_peerlabel destroy calls"); 173static int destroy_count_pipe; 174SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, 175 &destroy_count_pipe, 0, "pipe destroy calls"); | 133static int init_count_vnode; 134SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD, 135 &init_count_vnode, 0, "vnode init calls"); 136 137static int destroy_count_bpfdesc; 138SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD, 139 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls"); 140static int destroy_count_cred; --- 23 unchanged lines hidden (view full) --- 164 &destroy_count_socket, 0, "socket destroy calls"); 165static int destroy_count_socket_peerlabel; 166SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel, 167 CTLFLAG_RD, &destroy_count_socket_peerlabel, 0, 168 "socket_peerlabel destroy calls"); 169static int destroy_count_pipe; 170SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, 171 &destroy_count_pipe, 0, "pipe destroy calls"); |
| 176static int destroy_count_temp; 177SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_temp, CTLFLAG_RD, 178 &destroy_count_temp, 0, "temp destroy calls"); | |
| 179static int destroy_count_vnode; 180SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD, 181 &destroy_count_vnode, 0, "vnode destroy calls"); 182 183static int externalize_count; 184SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD, 185 &externalize_count, 0, "Subject/object externalize calls"); 186static int internalize_count; --- 112 unchanged lines hidden (view full) --- 299mac_test_init_pipe_label(struct label *label) 300{ 301 302 SLOT(label) = PIPEMAGIC; 303 atomic_add_int(&init_count_pipe, 1); 304} 305 306static void | 172static int destroy_count_vnode; 173SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD, 174 &destroy_count_vnode, 0, "vnode destroy calls"); 175 176static int externalize_count; 177SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD, 178 &externalize_count, 0, "Subject/object externalize calls"); 179static int internalize_count; --- 112 unchanged lines hidden (view full) --- 292mac_test_init_pipe_label(struct label *label) 293{ 294 295 SLOT(label) = PIPEMAGIC; 296 atomic_add_int(&init_count_pipe, 1); 297} 298 299static void |
| 307mac_test_init_temp_label(struct label *label) 308{ 309 310 SLOT(label) = TEMPMAGIC; 311 atomic_add_int(&init_count_temp, 1); 312} 313 314static void | |
| 315mac_test_init_vnode_label(struct label *label) 316{ 317 318 SLOT(label) = VNODEMAGIC; 319 atomic_add_int(&init_count_vnode, 1); 320} 321 322static void --- 146 unchanged lines hidden (view full) --- 469 } else if (SLOT(label) == EXMAGIC) { 470 Debugger("mac_test_destroy_pipe: dup destroy"); 471 } else { 472 Debugger("mac_test_destroy_pipe: corrupted label"); 473 } 474} 475 476static void | 300mac_test_init_vnode_label(struct label *label) 301{ 302 303 SLOT(label) = VNODEMAGIC; 304 atomic_add_int(&init_count_vnode, 1); 305} 306 307static void --- 146 unchanged lines hidden (view full) --- 454 } else if (SLOT(label) == EXMAGIC) { 455 Debugger("mac_test_destroy_pipe: dup destroy"); 456 } else { 457 Debugger("mac_test_destroy_pipe: corrupted label"); 458 } 459} 460 461static void |
| 477mac_test_destroy_temp_label(struct label *label) 478{ 479 480 if (SLOT(label) == TEMPMAGIC || SLOT(label) == 0) { 481 atomic_add_int(&destroy_count_temp, 1); 482 SLOT(label) = EXMAGIC; 483 } else if (SLOT(label) == EXMAGIC) { 484 Debugger("mac_test_destroy_temp: dup destroy"); 485 } else { 486 Debugger("mac_test_destroy_temp: corrupted label"); 487 } 488} 489 490static void | |
| 491mac_test_destroy_vnode_label(struct label *label) 492{ 493 494 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) { 495 atomic_add_int(&destroy_count_vnode, 1); 496 SLOT(label) = EXMAGIC; 497 } else if (SLOT(label) == EXMAGIC) { 498 Debugger("mac_test_destroy_vnode: dup destroy"); 499 } else { 500 Debugger("mac_test_destroy_vnode: corrupted label"); 501 } 502} 503 504static int | 462mac_test_destroy_vnode_label(struct label *label) 463{ 464 465 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) { 466 atomic_add_int(&destroy_count_vnode, 1); 467 SLOT(label) = EXMAGIC; 468 } else if (SLOT(label) == EXMAGIC) { 469 Debugger("mac_test_destroy_vnode: dup destroy"); 470 } else { 471 Debugger("mac_test_destroy_vnode: corrupted label"); 472 } 473} 474 475static int |
| 505mac_test_externalize(struct label *label, struct mac *extmac) | 476mac_test_externalize_label(struct label *label, char *element_name, 477 char *element_data, size_t size, size_t *len, int *claimed) |
| 506{ 507 508 atomic_add_int(&externalize_count, 1); 509 510 return (0); 511} 512 513static int | 478{ 479 480 atomic_add_int(&externalize_count, 1); 481 482 return (0); 483} 484 485static int |
| 514mac_test_internalize(struct label *label, struct mac *extmac) | 486mac_test_externalize_vnode_oldmac(struct label *label, struct oldmac *extmac) |
| 515{ 516 | 487{ 488 |
| 489 atomic_add_int(&externalize_count, 1); 490 491 return (0); 492} 493 494static int 495mac_test_internalize_label(struct label *label, struct mac *mac, 496 char *element_name, char *element_data, int *claimed) 497{ 498 |
|
| 517 atomic_add_int(&internalize_count, 1); 518 519 return (0); 520} 521 522/* 523 * Labeling event operations: file system objects, and things that look 524 * a lot like file system objects. --- 725 unchanged lines hidden (view full) --- 1250 { MAC_INIT_MOUNT_FS_LABEL, 1251 (macop_t)mac_test_init_mount_fs_label }, 1252 { MAC_INIT_PIPE_LABEL, 1253 (macop_t)mac_test_init_pipe_label }, 1254 { MAC_INIT_SOCKET_LABEL, 1255 (macop_t)mac_test_init_socket_label }, 1256 { MAC_INIT_SOCKET_PEER_LABEL, 1257 (macop_t)mac_test_init_socket_peer_label }, | 499 atomic_add_int(&internalize_count, 1); 500 501 return (0); 502} 503 504/* 505 * Labeling event operations: file system objects, and things that look 506 * a lot like file system objects. --- 725 unchanged lines hidden (view full) --- 1232 { MAC_INIT_MOUNT_FS_LABEL, 1233 (macop_t)mac_test_init_mount_fs_label }, 1234 { MAC_INIT_PIPE_LABEL, 1235 (macop_t)mac_test_init_pipe_label }, 1236 { MAC_INIT_SOCKET_LABEL, 1237 (macop_t)mac_test_init_socket_label }, 1238 { MAC_INIT_SOCKET_PEER_LABEL, 1239 (macop_t)mac_test_init_socket_peer_label }, |
| 1258 { MAC_INIT_TEMP_LABEL, 1259 (macop_t)mac_test_init_temp_label }, | |
| 1260 { MAC_INIT_VNODE_LABEL, 1261 (macop_t)mac_test_init_vnode_label }, 1262 { MAC_DESTROY_BPFDESC_LABEL, 1263 (macop_t)mac_test_destroy_bpfdesc_label }, 1264 { MAC_DESTROY_CRED_LABEL, 1265 (macop_t)mac_test_destroy_cred_label }, 1266 { MAC_DESTROY_DEVFSDIRENT_LABEL, 1267 (macop_t)mac_test_destroy_devfsdirent_label }, --- 8 unchanged lines hidden (view full) --- 1276 { MAC_DESTROY_MOUNT_FS_LABEL, 1277 (macop_t)mac_test_destroy_mount_fs_label }, 1278 { MAC_DESTROY_PIPE_LABEL, 1279 (macop_t)mac_test_destroy_pipe_label }, 1280 { MAC_DESTROY_SOCKET_LABEL, 1281 (macop_t)mac_test_destroy_socket_label }, 1282 { MAC_DESTROY_SOCKET_PEER_LABEL, 1283 (macop_t)mac_test_destroy_socket_peer_label }, | 1240 { MAC_INIT_VNODE_LABEL, 1241 (macop_t)mac_test_init_vnode_label }, 1242 { MAC_DESTROY_BPFDESC_LABEL, 1243 (macop_t)mac_test_destroy_bpfdesc_label }, 1244 { MAC_DESTROY_CRED_LABEL, 1245 (macop_t)mac_test_destroy_cred_label }, 1246 { MAC_DESTROY_DEVFSDIRENT_LABEL, 1247 (macop_t)mac_test_destroy_devfsdirent_label }, --- 8 unchanged lines hidden (view full) --- 1256 { MAC_DESTROY_MOUNT_FS_LABEL, 1257 (macop_t)mac_test_destroy_mount_fs_label }, 1258 { MAC_DESTROY_PIPE_LABEL, 1259 (macop_t)mac_test_destroy_pipe_label }, 1260 { MAC_DESTROY_SOCKET_LABEL, 1261 (macop_t)mac_test_destroy_socket_label }, 1262 { MAC_DESTROY_SOCKET_PEER_LABEL, 1263 (macop_t)mac_test_destroy_socket_peer_label }, |
| 1284 { MAC_DESTROY_TEMP_LABEL, 1285 (macop_t)mac_test_destroy_temp_label }, | |
| 1286 { MAC_DESTROY_VNODE_LABEL, 1287 (macop_t)mac_test_destroy_vnode_label }, | 1264 { MAC_DESTROY_VNODE_LABEL, 1265 (macop_t)mac_test_destroy_vnode_label }, |
| 1288 { MAC_EXTERNALIZE, 1289 (macop_t)mac_test_externalize }, 1290 { MAC_INTERNALIZE, 1291 (macop_t)mac_test_internalize }, | 1266 { MAC_EXTERNALIZE_CRED_LABEL, 1267 (macop_t)mac_test_externalize_label }, 1268 { MAC_EXTERNALIZE_IFNET_LABEL, 1269 (macop_t)mac_test_externalize_label }, 1270 { MAC_EXTERNALIZE_PIPE_LABEL, 1271 (macop_t)mac_test_externalize_label }, 1272 { MAC_EXTERNALIZE_SOCKET_LABEL, 1273 (macop_t)mac_test_externalize_label }, 1274 { MAC_EXTERNALIZE_SOCKET_PEER_LABEL, 1275 (macop_t)mac_test_externalize_label }, 1276 { MAC_EXTERNALIZE_VNODE_LABEL, 1277 (macop_t)mac_test_externalize_label }, 1278 { MAC_EXTERNALIZE_VNODE_OLDMAC, 1279 (macop_t)mac_test_externalize_vnode_oldmac }, 1280 { MAC_INTERNALIZE_CRED_LABEL, 1281 (macop_t)mac_test_internalize_label }, 1282 { MAC_INTERNALIZE_IFNET_LABEL, 1283 (macop_t)mac_test_internalize_label }, 1284 { MAC_INTERNALIZE_PIPE_LABEL, 1285 (macop_t)mac_test_internalize_label }, 1286 { MAC_INTERNALIZE_SOCKET_LABEL, 1287 (macop_t)mac_test_internalize_label }, 1288 { MAC_INTERNALIZE_VNODE_LABEL, 1289 (macop_t)mac_test_internalize_label }, |
| 1292 { MAC_CREATE_DEVFS_DEVICE, 1293 (macop_t)mac_test_create_devfs_device }, 1294 { MAC_CREATE_DEVFS_DIRECTORY, 1295 (macop_t)mac_test_create_devfs_directory }, 1296 { MAC_CREATE_DEVFS_SYMLINK, 1297 (macop_t)mac_test_create_devfs_symlink }, 1298 { MAC_CREATE_DEVFS_VNODE, 1299 (macop_t)mac_test_create_devfs_vnode }, --- 179 unchanged lines hidden --- | 1290 { MAC_CREATE_DEVFS_DEVICE, 1291 (macop_t)mac_test_create_devfs_device }, 1292 { MAC_CREATE_DEVFS_DIRECTORY, 1293 (macop_t)mac_test_create_devfs_directory }, 1294 { MAC_CREATE_DEVFS_SYMLINK, 1295 (macop_t)mac_test_create_devfs_symlink }, 1296 { MAC_CREATE_DEVFS_VNODE, 1297 (macop_t)mac_test_create_devfs_vnode }, --- 179 unchanged lines hidden --- |