| mac_biba.c (122875) | mac_biba.c (122879) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 122875 2003-11-18 00:39:07Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 122879 2003-11-18 04:11:52Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 24 unchanged lines hidden (view full) --- 67#include <net/if.h> 68#include <net/if_types.h> 69#include <net/if_var.h> 70 71#include <netinet/in.h> 72#include <netinet/in_pcb.h> 73#include <netinet/ip_var.h> 74 | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 24 unchanged lines hidden (view full) --- 67#include <net/if.h> 68#include <net/if_types.h> 69#include <net/if_var.h> 70 71#include <netinet/in.h> 72#include <netinet/in_pcb.h> 73#include <netinet/ip_var.h> 74 |
| 75#include <vm/uma.h> |
|
| 75#include <vm/vm.h> 76 77#include <sys/mac_policy.h> 78 79#include <security/mac_biba/mac_biba.h> 80 81SYSCTL_DECL(_security_mac); 82 --- 36 unchanged lines hidden (view full) --- 119static int revocation_enabled = 0; 120SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 121 &revocation_enabled, 0, "Revoke access to objects on relabel"); 122TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 123 124static int mac_biba_slot; 125#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 126 | 76#include <vm/vm.h> 77 78#include <sys/mac_policy.h> 79 80#include <security/mac_biba/mac_biba.h> 81 82SYSCTL_DECL(_security_mac); 83 --- 36 unchanged lines hidden (view full) --- 120static int revocation_enabled = 0; 121SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 122 &revocation_enabled, 0, "Revoke access to objects on relabel"); 123TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 124 125static int mac_biba_slot; 126#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 127 |
| 127MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); | 128static uma_zone_t zone_biba; |
| 128 129static __inline int 130biba_bit_set_empty(u_char *set) { 131 int i; 132 133 for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 134 if (set[i] != 0) 135 return (0); 136 return (1); 137} 138 139static struct mac_biba * 140biba_alloc(int flag) 141{ | 129 130static __inline int 131biba_bit_set_empty(u_char *set) { 132 int i; 133 134 for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 135 if (set[i] != 0) 136 return (0); 137 return (1); 138} 139 140static struct mac_biba * 141biba_alloc(int flag) 142{ |
| 142 struct mac_biba *mac_biba; | |
| 143 | 143 |
| 144 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | flag); 145 146 return (mac_biba); | 144 return (uma_zalloc(zone_biba, flag | M_ZERO)); |
| 147} 148 149static void 150biba_free(struct mac_biba *mac_biba) 151{ 152 153 if (mac_biba != NULL) | 145} 146 147static void 148biba_free(struct mac_biba *mac_biba) 149{ 150 151 if (mac_biba != NULL) |
| 154 free(mac_biba, M_MACBIBA); | 152 uma_zfree(zone_biba, mac_biba); |
| 155 else 156 atomic_add_int(&destroyed_not_inited, 1); 157} 158 159static int 160biba_atmostflags(struct mac_biba *mac_biba, int flags) 161{ 162 --- 324 unchanged lines hidden (view full) --- 487 488/* 489 * Policy module operations. 490 */ 491static void 492mac_biba_init(struct mac_policy_conf *conf) 493{ 494 | 153 else 154 atomic_add_int(&destroyed_not_inited, 1); 155} 156 157static int 158biba_atmostflags(struct mac_biba *mac_biba, int flags) 159{ 160 --- 324 unchanged lines hidden (view full) --- 485 486/* 487 * Policy module operations. 488 */ 489static void 490mac_biba_init(struct mac_policy_conf *conf) 491{ 492 |
| 493 zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 494 NULL, NULL, NULL, UMA_ALIGN_PTR, 0); |
|
| 495} 496 497/* 498 * Label operations. 499 */ 500static void 501mac_biba_init_label(struct label *label) 502{ --- 2286 unchanged lines hidden --- | 495} 496 497/* 498 * Label operations. 499 */ 500static void 501mac_biba_init_label(struct label *label) 502{ --- 2286 unchanged lines hidden --- |