mac_biba.c (106212) | mac_biba.c (106214) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106212 2002-10-30 17:56:57Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106214 2002-10-30 18:10:46Z rwatson $ |
38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 508 unchanged lines hidden (view full) --- 554 case MAC_BIBA_TYPE_GRADE: 555 pos = snprintf(string, size, "%d:", element->mbe_grade); 556 for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) { 557 if (MAC_BIBA_BIT_TEST(bit, element->mbe_compartments)) 558 pos += snprintf(string + pos, size - pos, 559 "%d+", bit); 560 } 561 if (string[pos - 1] == '+' || string[pos - 1] == ':') | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> --- 508 unchanged lines hidden (view full) --- 554 case MAC_BIBA_TYPE_GRADE: 555 pos = snprintf(string, size, "%d:", element->mbe_grade); 556 for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) { 557 if (MAC_BIBA_BIT_TEST(bit, element->mbe_compartments)) 558 pos += snprintf(string + pos, size - pos, 559 "%d+", bit); 560 } 561 if (string[pos - 1] == '+' || string[pos - 1] == ':') |
562 string[--pos] = NULL; | 562 string[--pos] = '\0'; |
563 return (pos); 564 565 default: 566 panic("mac_biba_element_to_string: invalid type (%d)", 567 element->mbe_type); 568 } 569} 570 --- 784 unchanged lines hidden (view full) --- 1355 dest = SLOT(&cred_child->cr_label); 1356 1357 mac_biba_copy_single(source, dest); 1358 mac_biba_copy_range(source, dest); 1359} 1360 1361static void 1362mac_biba_execve_transition(struct ucred *old, struct ucred *new, | 563 return (pos); 564 565 default: 566 panic("mac_biba_element_to_string: invalid type (%d)", 567 element->mbe_type); 568 } 569} 570 --- 784 unchanged lines hidden (view full) --- 1355 dest = SLOT(&cred_child->cr_label); 1356 1357 mac_biba_copy_single(source, dest); 1358 mac_biba_copy_range(source, dest); 1359} 1360 1361static void 1362mac_biba_execve_transition(struct ucred *old, struct ucred *new, |
1363 struct vnode *vp, struct mac *vnodelabel) | 1363 struct vnode *vp, struct label *vnodelabel) |
1364{ 1365 struct mac_biba *source, *dest; 1366 1367 source = SLOT(&old->cr_label); 1368 dest = SLOT(&new->cr_label); 1369 1370 mac_biba_copy_single(source, dest); 1371 mac_biba_copy_range(source, dest); 1372} 1373 1374static int 1375mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, | 1364{ 1365 struct mac_biba *source, *dest; 1366 1367 source = SLOT(&old->cr_label); 1368 dest = SLOT(&new->cr_label); 1369 1370 mac_biba_copy_single(source, dest); 1371 mac_biba_copy_range(source, dest); 1372} 1373 1374static int 1375mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, |
1376 struct mac *vnodelabel) | 1376 struct label *vnodelabel) |
1377{ 1378 1379 return (0); 1380} 1381 1382static void 1383mac_biba_create_proc0(struct ucred *cred) 1384{ --- 412 unchanged lines hidden (view full) --- 1797 1798 p = SLOT(mbuflabel); 1799 s = SLOT(socketlabel); 1800 1801 return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1802} 1803 1804static int | 1377{ 1378 1379 return (0); 1380} 1381 1382static void 1383mac_biba_create_proc0(struct ucred *cred) 1384{ --- 412 unchanged lines hidden (view full) --- 1797 1798 p = SLOT(mbuflabel); 1799 s = SLOT(socketlabel); 1800 1801 return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1802} 1803 1804static int |
1805mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, | 1805mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, |
1806 struct label *socketlabel, struct label *newlabel) 1807{ 1808 struct mac_biba *subj, *obj, *new; 1809 int error; 1810 1811 new = SLOT(newlabel); 1812 subj = SLOT(&cred->cr_label); 1813 obj = SLOT(socketlabel); --- 964 unchanged lines hidden --- | 1806 struct label *socketlabel, struct label *newlabel) 1807{ 1808 struct mac_biba *subj, *obj, *new; 1809 int error; 1810 1811 new = SLOT(newlabel); 1812 subj = SLOT(&cred->cr_label); 1813 obj = SLOT(socketlabel); --- 964 unchanged lines hidden --- |