Low Watermark MAC (LOMAC) implementation for Linux
Ilmar S. Habibulin
ilmar at ints.ru
Wed Oct 13 05:18:24 GMT 1999
On Mon, 11 Oct 1999, Robert Watson wrote:
> Interestingly, I have exchanged emails with Tim, and he describes lomac
> with the following text:
> From a technical standpoint, LOMAC is designed to be portable between
> UNIXes (it has an OS-adaptation layer), and the makefiles are already
> aware of multiple platforms. I started on BSD before switching to
> Linux, and lately I've been wanting to go back to BSD. If you decide
> to port LOMAC back to BSD, I'd love to put your code into the
> distribution.
Maybe it is portable. So should i contact Tim, or maybe he will join us in
this list? Anyway the problem with extanded attributes on files exists.
And we should solve it. Maybe guys from sgi will help us? ;-)
> Again, haven't done a serious reading of the code yet so I don't know what
> would be involved, but the idea of an OS-independent MAC subsystem sounds
> pretty spiffy--I haven't really been following the MAC discussion about
> the limitations of specific models (and therefore of the lomac
> applicability), so I'm probably not qualified to comment of the generality
> and usefulness of it as a technique :-). I'll put a couple of hours into
> it this morning...
My opinion is that MAC first should be implemented like BLM model, because
BLM model reflects many aspects of secret document processing verrry well.
Other models are no so good (imho). The Biba model maybe used together
with BLM (not my idea but my imho too).
And i have some proposals for coding all this posix stuff.
In attachment there are three files. posix1e.h describes extended
attributes, which should be included in pcred structure (if POSIX1E_EXT
defined).
Now what should we do with extended file attributes?
PS. And what about cvs?
-------------- next part --------------
/*-
* Copyright (c) 1999 Ilmar S. Habibulin
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: mac.h,v 1.5 1999/06/23 07:29:12 ilmar Exp $
*/
#ifndef _SYS_MAC_H_
#define _SYS_MAC_H_
#define MREAD 1
#define MWRITE 2
#define MACCESS 3
#define MMMAPR 4 /* mmap with READ protection */
#define MMMAPW 5 /* mmap with WRITE protection */
#define MEXEC MREAD
#define MSEARCH MREAD
/* System V IPC */
#define MSGCTL 1
#define MSGCTL_IPC_SET 2
#define MSGCTL_IPC_STAT 3
#define MSGGET 4
#define MSGSND 5
#define MSGRCV 6
#define SEMCTL 7
#define SEMCTL_IPC_SET 8
#define SEMCTL_IPC_STAT 9
#define SEMCTL_GETPID 10
#define SEMCTL_GETVAL 11
#define SEMCTL_GETALL 12
#define SEMCTL_SETVAL 13
#define SEMCTL_SETALL 14
#define SEMGET 15
#define SEMOP1 16
#define SEMOP2 17
#define SEMOP3 18
#define SHMAT 19
#define SHMCTL 20
#define OSHMCTL 21
#define SHMGET 22
#define MAC_SYS_LOW _mac_label_low
#define MAC_SYS_HIGH _mac_label_high
#define MAC_SYS_EMPTY (-1)
struct proc;
struct file;
struct pipe;
struct vnode;
struct socket;
struct pcred;
struct ucred;
/*typedef unsigned char mac;
typedef mac * mac_t;
struct proc_mac_label {
mac max_level;
mac curr_level;
};
typedef struct proc_mac_label pmac;
typedef pmac * pmac_t; */
/*
* New MAC label implementation
*
*/
struct _mac_label {
u_char level; /* sensivity level - hierarchical category */
u_int64 compartment; /* compartment - non-hierarchical category */
};
/* But only 4 low bits are used for level. Others are reserved for use in
* Biba integrety model implementation - future use
*/
typedef (struct _mac_label *) mac_t;
typedef struct _mac_label mac;
extern mac _mac_label_low;
extern mac _mac_label_high;
#ifdef _POSIX_MAC
/*
* These are the access functions described in POSIX.1E
*/
#ifndef KERNEL
/* 26.3 Functions */
int mac_dominate(mac_t labela, mac_t labelb); // libposix1e
int mac_equal(mac_t labela, mac_t labelb); // libposix1e
int mac_free(void *buf_p); // libposix1e
mac_t mac_from_text(const char *text_p); // libposix1e
mac_t mac_get_fd(int fildes); // kernel
mac_t mac_get_file(const char *path_p); // kernel
mac_t mac_get_proc(void); // kernel
mac_t mac_glb(mac_t labela, mac_t labelb); // ??? libposix1e
mac_t mac_lub(mac_t labela, mac_t labelb); // ??? libposix1e
int mac_set_fd(int fildes, mac_t label); // kernel
int mac_set_file(const char *path_p, mac_t label); // kernel
int mac_set_proc(mac_t label); // kernel
ssize_t mac_size(mac_t label); // ??? libposix1e
char * mac_to_text(mac_t label, size_t *len_p); // libposix1e
int mac_valid(mac_t label); // libposix1e
#else /* KERNEL */
/* ???????????, ???????? ?? ?????? ?? ????????? ???????? */
int allow_mandatory_access (struct proc *, struct file *, int);
int allow_mandatory_access_vnode (struct proc *, struct vnode *, int);
int allow_mandatory_access_socket (struct proc *, struct socket *, int);
int allow_mandatory_access_pipe (struct proc *, struct pipe *, int);
int allow_mandatory_open_vnode (struct proc *, struct vnode *, int);
int allow_mandatory_open_socket (struct proc *, struct socket *, int);
int allow_mandatory_access_ipc (struct proc *, caddr_t, int);
int allow_mandatory_signal(struct proc *, struct pcred *, struct proc *, int);
int allow_mandatory_signal_io( uid_t, struct ucred *, struct proc *);
#endif /* KERNEL */
#else /* _POSIX_MAC */
#ifdef KERNEL
#endif /* KERNEL */
#endif /* _POSIX_MAC */
#endif /* _SYS_MAC_H_ */
-------------- next part --------------
/*
*
* POSIX 1E main implementation file
*
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/posix1e.h>
MALLOC_DEFINE(M_POSIX1EATTR, "", "");
/* This structure is like p_cred in proc */
/*struct posix1e_attr {
u_int refcount;
mac mac_maclabel;
mac curr_maclabel;
cap caps;
};*/
/* Create new structure */
struct posix1e_attr * p1ea_malloc (void)
{
register struct posix1e_attr *a_p;
MALLOC(a_p, struct posix1e_attr *, sizeof(*a_p), M_POSIX1EATTR,
M_WAITOK);
bzero((caddr_t)a_p, sizeof(*a_p));
a_p->refcount = 1;
return (a_p);
}
/* delete old structure */
void p1ea_free (struct posix1e_attr *free_p)
{
if (--free_p->refcount == 0)
FREE((caddr_t)free_p, M_M_POSIX1EATTR);
}
/* copy struture contents */
void p1ea_copy (struct posix1e_attr *a_p, struct posix1e_attr *b_p)
{
*b_p = *a_p;
b_p->refcount = 1;
}
-------------- next part --------------
/*
*
* POSIX 1e main implementation file header.
*
*/
#include <sys/types.h>
#include <sys/mac.h>
#include <sys/cap.h>
#include <sys/audit.h>
#ifndef POSIX1E_H
#define POSIX1E_H
#ifdef (_POSIX_AUD || _POSIX_ACL || _POSIX_MAC || _POSIX_CAP || POSIX_INF)
#define _POSIX1E_EXT
#endif
#ifndef KERNEL
#else /* KERNEL */
MALLOC_DECLARE(M_POSIX1EATTR);
/* This structure is included into p_cred in proc */
struct posix1e_attr {
uint refcount;
mac max_maclabel;
mac curr_maclabel;
cap caps;
};
struct posix1e_attr * p1ea_malloc _P((void));
void p1ea_free _P((struct posix1e_attr *));
void p1ea_copy _P((struct posix1e_attr *, struct posix1e_attr *));
#endif /* KERNEL */
#endif /* POSIX1E_H */
More information about the posix1e
mailing list