PERFORCE change 121405 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Mon Jun 11 09:13:43 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=121405
Change 121405 by zhouzhouyi at zhouzhouyi_mactest on 2007/06/11 09:13:12
Sending the selected mac label slots in string form to user space by /dev/mactestpipe.
Currently send all slots.
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#4 (text+ko) ====
@@ -60,7 +60,7 @@
#include <sys/socketvar.h>
#include <sys/sx.h>
#include <sys/sysctl.h>
-
+#include <sys/mac.h>
#include <fs/devfs/devfs.h>
#include <net/bpfdesc.h>
@@ -71,7 +71,7 @@
#include <security/mac/mac_policy.h>
#include <security/mac_test/mac_test_private.h>
-SYSCTL_DECL(_security_mac);
+//SYSCTL_DECL(_security_mac);
SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
"TrustedBSD mac_test policy controls");
@@ -167,7 +167,8 @@
static void
mac_test_init_cred_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_cred_label\n",
+ strlen("mac_test_init_cred_label\n"));
LABEL_INIT(label, MAGIC_CRED);
COUNTER_INC(init_cred_label);
}
@@ -176,7 +177,8 @@
static void
mac_test_init_devfs_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_devfs_label\n",
+ strlen("mac_test_init_devfs_label\n"));
LABEL_INIT(label, MAGIC_DEVFS);
COUNTER_INC(init_devfs_label);
}
@@ -185,7 +187,8 @@
static void
mac_test_init_ifnet_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_ifnet_label\n",
+ strlen("mac_test_init_ifnet_label\n"));
LABEL_INIT(label, MAGIC_IFNET);
COUNTER_INC(init_ifnet_label);
}
@@ -194,7 +197,8 @@
static int
mac_test_init_inpcb_label(struct label *label, int flag)
{
-
+ mactest_pipe_submit("mac_test_init_inpcb_label\n",
+ strlen("mac_test_init_inpcb_label\n"));
if (flag & M_WAITOK)
WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
"mac_test_init_inpcb_label() at %s:%d", __FILE__,
@@ -209,6 +213,8 @@
static void
mac_test_init_sysv_msgmsg_label(struct label *label)
{
+ mactest_pipe_submit("mac_test_init_sysv_msgmsg_label\n",
+ strlen("mac_test_init_sysv_msgmsg_label\n"));
LABEL_INIT(label, MAGIC_SYSV_MSG);
COUNTER_INC(init_sysv_msg_label);
}
@@ -217,6 +223,8 @@
static void
mac_test_init_sysv_msgqueue_label(struct label *label)
{
+ mactest_pipe_submit("mac_test_init_sysv_msgqueue_label\n",
+ strlen("mac_test_init_sysv_msgqueue_label\n"));
LABEL_INIT(label, MAGIC_SYSV_MSQ);
COUNTER_INC(init_sysv_msq_label);
}
@@ -225,6 +233,8 @@
static void
mac_test_init_sysv_sem_label(struct label *label)
{
+ mactest_pipe_submit("mac_test_init_sysv_sem_label\n",
+ strlen("mac_test_init_sysv_sem_label\n"));
LABEL_INIT(label, MAGIC_SYSV_SEM);
COUNTER_INC(init_sysv_sem_label);
}
@@ -233,6 +243,8 @@
static void
mac_test_init_sysv_shm_label(struct label *label)
{
+ mactest_pipe_submit("mac_test_init_sysv_shm_label\n",
+ strlen("mac_test_init_sysv_shm_label\n"));
LABEL_INIT(label, MAGIC_SYSV_SHM);
COUNTER_INC(init_sysv_shm_label);
}
@@ -241,7 +253,8 @@
static int
mac_test_init_ipq_label(struct label *label, int flag)
{
-
+ mactest_pipe_submit("mac_test_init_ipq_label\n",
+ strlen("mac_test_init_ipq_label\n"));
if (flag & M_WAITOK)
WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
"mac_test_init_ipq_label() at %s:%d", __FILE__,
@@ -256,7 +269,8 @@
static int
mac_test_init_mbuf_label(struct label *label, int flag)
{
-
+ mactest_pipe_submit("mac_test_init_mbuf_label\n",
+ strlen("mac_test_init_mbuf_label\n"));
if (flag & M_WAITOK)
WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
"mac_test_init_mbuf_label() at %s:%d", __FILE__,
@@ -271,7 +285,8 @@
static void
mac_test_init_mount_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_mount_label\n",
+ strlen("mac_test_init_mount_label\n"));
LABEL_INIT(label, MAGIC_MOUNT);
COUNTER_INC(init_mount_label);
}
@@ -297,7 +312,8 @@
static int
mac_test_init_socket_peer_label(struct label *label, int flag)
{
-
+ mactest_pipe_submit("mac_test_init_socket_peer_label\n",
+ strlen("mac_test_init_socket_peer_label\n"));
if (flag & M_WAITOK)
WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
"mac_test_init_socket_peer_label() at %s:%d", __FILE__,
@@ -312,7 +328,8 @@
static void
mac_test_init_pipe_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_pipe_label\n",
+ strlen("mac_test_init_pipe_label\n"));
LABEL_INIT(label, MAGIC_PIPE);
COUNTER_INC(init_pipe_label);
}
@@ -321,7 +338,8 @@
static void
mac_test_init_posix_sem_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_posix_sem_label\n",
+ strlen("mac_test_init_posix_sem_label\n"));
LABEL_INIT(label, MAGIC_POSIX_SEM);
COUNTER_INC(init_posix_sem_label);
}
@@ -330,7 +348,8 @@
static void
mac_test_init_proc_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_proc_label\n",
+ strlen("mac_test_init_proc_label\n"));
LABEL_INIT(label, MAGIC_PROC);
COUNTER_INC(init_proc_label);
}
@@ -339,7 +358,8 @@
static void
mac_test_init_vnode_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_init_vnode_label\n",
+ strlen("mac_test_init_vnode_label\n"));
LABEL_INIT(label, MAGIC_VNODE);
COUNTER_INC(init_vnode_label);
}
@@ -348,7 +368,8 @@
static void
mac_test_destroy_bpfdesc_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_bpfdesc_label\n",
+ strlen("mac_test_destroy_bpfdesc_label\n"));
LABEL_DESTROY(label, MAGIC_BPF);
COUNTER_INC(destroy_bpfdesc_label);
}
@@ -357,7 +378,8 @@
static void
mac_test_destroy_cred_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_cred_label\n",
+ strlen("mac_test_destroy_cred_label\n"));
LABEL_DESTROY(label, MAGIC_CRED);
COUNTER_INC(destroy_cred_label);
}
@@ -366,7 +388,8 @@
static void
mac_test_destroy_devfs_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_devfs_label\n",
+ strlen("mac_test_destroy_devfs_label\n"));
LABEL_DESTROY(label, MAGIC_DEVFS);
COUNTER_INC(destroy_devfs_label);
}
@@ -375,7 +398,8 @@
static void
mac_test_destroy_ifnet_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_ifnet_label\n",
+ strlen("mac_test_destroy_ifnet_label\n"));
LABEL_DESTROY(label, MAGIC_IFNET);
COUNTER_INC(destroy_ifnet_label);
}
@@ -384,7 +408,8 @@
static void
mac_test_destroy_inpcb_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_inpcb_label\n",
+ strlen("mac_test_destroy_inpcb_label\n"));
LABEL_DESTROY(label, MAGIC_INPCB);
COUNTER_INC(destroy_inpcb_label);
}
@@ -393,7 +418,8 @@
static void
mac_test_destroy_sysv_msgmsg_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_sysv_msgmsg_label\n",
+ strlen("mac_test_destroy_sysv_msgmsg__label\n"));
LABEL_DESTROY(label, MAGIC_SYSV_MSG);
COUNTER_INC(destroy_sysv_msg_label);
}
@@ -402,7 +428,8 @@
static void
mac_test_destroy_sysv_msgqueue_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_sysv_msgqueue_label\n",
+ strlen("mac_test_destroy_sysv_msgqueue_label\n"));
LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
COUNTER_INC(destroy_sysv_msq_label);
}
@@ -411,7 +438,8 @@
static void
mac_test_destroy_sysv_sem_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_sysv_sem_label\n",
+ strlen("mac_test_destroy_sysv_sem_label\n"));
LABEL_DESTROY(label, MAGIC_SYSV_SEM);
COUNTER_INC(destroy_sysv_sem_label);
}
@@ -420,7 +448,8 @@
static void
mac_test_destroy_sysv_shm_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_sysv_shm_label\n",
+ strlen("mac_test_destroy_sysv_shm_label\n"));
LABEL_DESTROY(label, MAGIC_SYSV_SHM);
COUNTER_INC(destroy_sysv_shm_label);
}
@@ -429,7 +458,8 @@
static void
mac_test_destroy_ipq_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_ipq_label\n",
+ strlen("mac_test_destroy_ipq_label\n"));
LABEL_DESTROY(label, MAGIC_IPQ);
COUNTER_INC(destroy_ipq_label);
}
@@ -438,7 +468,8 @@
static void
mac_test_destroy_mbuf_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_mbuf_label\n",
+ strlen("mac_test_destroy_mbuf_label\n"));
/*
* If we're loaded dynamically, there may be mbufs in flight that
* didn't have label storage allocated for them. Handle this
@@ -455,7 +486,8 @@
static void
mac_test_destroy_mount_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_mount_label\n",
+ strlen("mac_test_destroy_mount_label\n"));
LABEL_DESTROY(label, MAGIC_MOUNT);
COUNTER_INC(destroy_mount_label);
}
@@ -464,7 +496,8 @@
static void
mac_test_destroy_socket_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_socket_label\n",
+ strlen("mac_test_destroy_socket_label\n"));
LABEL_DESTROY(label, MAGIC_SOCKET);
COUNTER_INC(destroy_socket_label);
}
@@ -473,7 +506,8 @@
static void
mac_test_destroy_socket_peer_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_socket_peer_label\n",
+ strlen("mac_test_destroy_socket_peer_label\n"));
LABEL_DESTROY(label, MAGIC_SOCKET);
COUNTER_INC(destroy_socket_peer_label);
}
@@ -482,7 +516,8 @@
static void
mac_test_destroy_pipe_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_pipe_label\n",
+ strlen("mac_test_destroy_pipe_label\n"));
LABEL_DESTROY(label, MAGIC_PIPE);
COUNTER_INC(destroy_pipe_label);
}
@@ -491,7 +526,8 @@
static void
mac_test_destroy_posix_sem_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_posix_sem_label\n",
+ strlen("mac_test_destroy_posix_sem_label\n"));
LABEL_DESTROY(label, MAGIC_POSIX_SEM);
COUNTER_INC(destroy_posix_sem_label);
}
@@ -500,7 +536,8 @@
static void
mac_test_destroy_proc_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_proc_label\n",
+ strlen("mac_test_destroy_proc_label\n"));
LABEL_DESTROY(label, MAGIC_PROC);
COUNTER_INC(destroy_proc_label);
}
@@ -509,7 +546,8 @@
static void
mac_test_destroy_vnode_label(struct label *label)
{
-
+ mactest_pipe_submit("mac_test_destroy_vnode_label\n",
+ strlen("mac_test_destroy_vnode_label\n"));
LABEL_DESTROY(label, MAGIC_VNODE);
COUNTER_INC(destroy_vnode_label);
}
@@ -518,7 +556,9 @@
static void
mac_test_copy_cred_label(struct label *src, struct label *dest)
{
-
+ mactest_pipe_submit("mac_test_copy_cred_label\n",
+ strlen("mac_test_copy_cred_label\n"));
+ MACTEST_PIPE_SUBMIT_LABEL(cred,src);
LABEL_CHECK(src, MAGIC_CRED);
LABEL_CHECK(dest, MAGIC_CRED);
COUNTER_INC(copy_cred_label);
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_pipe.c#2 (text+ko) ====
@@ -46,7 +46,8 @@
#include <sys/signalvar.h>
#include <sys/systm.h>
#include <sys/uio.h>
-
+#include <sys/mac.h>
+#include <sys/mbuf.h>
#include <security/mac_test/mac_test_private.h>
/*
@@ -54,13 +55,6 @@
* mandatory access control test data
*/
-/*
- * Memory types.
- */
-static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes");
-static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent",
- "mactest pipe entries and buffers");
-
/*
* mactest pipe buffer parameters.
@@ -233,6 +227,7 @@
pgsigio(&mp->mp_sigio, SIGIO, 0);
}
+char *elements="?biba,?lomac,?mls,?sebsd";
/*
* mactest_pipe_submit(): the mactest hooks submits mactest records via this
* interface, which arranges for them to be delivered to pipe queues.
@@ -258,6 +253,7 @@
}
+
/*
* Pop the next record off of an mactest pipe.
*/
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#2 (text+ko) ====
@@ -1,7 +1,37 @@
#ifndef _SECURITY_MAC_TEST_PRIVATE_H
#define _SECURITY_MAC_TEST_PRIVATE_H
-
+#include <security/mac/mac_internal.h>
void
mactest_pipe_submit(void *record, u_int record_len);
+extern char *elements;
+
+/*
+ * Memory types.
+ */
+static MALLOC_DEFINE(M_MACTEST_PIPE, "mactest_pipe", "mactest pipes");
+static MALLOC_DEFINE(M_MACTEST_PIPE_ENTRY, "mactest_pipeent",
+ "mactest pipe entries and buffers");
+
+#define MACTEST_PIPE_SUBMIT_LABEL(type,label) do { \
+ int strleng = 0; \
+ char *buffer; \
+ char *elements1 = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \
+ if (!elements1) \
+ goto exit; \
+ strcpy(elements1, elements); \
+ buffer = malloc(256, M_MACTEST_PIPE, M_NOWAIT); \
+ if (!buffer) \
+ goto exit1; \
+ mac_externalize_##type##_label(label, elements1, \
+ buffer, 256); \
+ strleng = strlen(buffer); \
+ *(buffer + strleng) = '\n'; \
+ mactest_pipe_submit(buffer, strleng + 1); \
+ free(buffer, M_MACTEST_PIPE); \
+exit1: \
+ free(elements1, M_MACTEST_PIPE); \
+exit: \
+ ;/*extra ; to avoid label at the end of compound statement*/ \
+}while(0)
#endif /* ! _SECURITY_MAC_TEST_PRIVATE_H */
More information about the p4-projects
mailing list