PERFORCE change 70719 for review

Andrew Reisse areisse at FreeBSD.org
Wed Feb 9 20:08:50 GMT 2005


http://perforce.freebsd.org/chv.cgi?CH=70719

Change 70719 by areisse at areisse_tislabs on 2005/02/09 20:07:57

	Remove usused capabilities (CAP_MAC_*, CAP_INF_*, CAP_LINK_DIR)
	and renumber some of the others so that there are less than 32 and
	the masks all fit in a uint32_t.
	
	Use a 32-bit access_vector_t. This makes the binary policy format
	compatible with selinux (versions 15-18). Old FreeBSD policies are
	not compatible with this change, and must be rebuilt with either an
	updated sebsd_checkpolicy, or checkpolicy from selinux.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#8 (text+ko) ====

@@ -58,38 +58,16 @@
 		return ("CAP_FSETID");
 	case CAP_KILL:
 		return ("CAP_KILL");
-	case CAP_LINK_DIR:
-		return ("CAP_LINK_DIR");
 	case CAP_SETFCAP:
 		return ("CAP_SETFCAP");
 	case CAP_SETGID:
 		return ("CAP_SETGID");
 	case CAP_SETUID:
 		return ("CAP_SETUID");
-	case CAP_MAC_DOWNGRADE:
-		return ("CAP_MAC_DOWNGRADE");
-	case CAP_MAC_READ:
-		return ("CAP_MAC_READ");
-	case CAP_MAC_RELABEL_SUBJ:
-		return ("CAP_MAC_RELABEL_SUBJ");
-	case CAP_MAC_UPGRADE:
-		return ("CAP_MAC_UPGRADE");
-	case CAP_MAC_WRITE:
-		return ("CAP_MAC_WRITE");
-	case CAP_INF_NOFLOAT_OBJ:
-		return ("CAP_INF_NOFLOAT_OBJ");
-	case CAP_INF_NOFLOAT_SUBJ:
-		return ("CAP_INF_NOFLOAT_SUBJ");
-	case CAP_INF_RELABEL_OBJ:
-		return ("CAP_INF_RELABEL_OBJ");
-	case CAP_INF_RELABEL_SUBJ:
-		return ("CAP_INF_RELABEL_SUBJ");
 	case CAP_AUDIT_CONTROL:
 		return ("CAP_AUDIT_CONTROL");
 	case CAP_AUDIT_WRITE:
 		return ("CAP_AUDIT_WRITE");
-	case CAP_SETPCAP:
-		return ("CAP_SETPCAP");
 	case CAP_SYS_SETFFLAG:
 		return ("CAP_SYS_SETFFLAG");
 	case CAP_NET_BIND_SERVICE:

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#6 (text+ko) ====

@@ -56,7 +56,7 @@
  * for permissions are defined in the automatically generated
  * header file av_permissions.h.
  */
-typedef u64 access_vector_t;
+typedef u32 access_vector_t;
 
 /*
  * Each object class is identified by a fixed-size value.

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#7 (text+ko) ====

@@ -336,23 +336,15 @@
 		printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
 		goto bad;
 	}
+
+
 	if (avdatum->specified & AVTAB_AV) {
-
-		if (avdatum->specified & AVTAB_ALLOWED) {
-			u32 b1 = le32_to_cpu (buf[items++]);
-			u32 b2 = le32_to_cpu (buf[items++]);
-			avtab_allowed(avdatum) = (((u64) b1) << 32) | b2;
-		}
-		if (avdatum->specified & AVTAB_AUDITDENY) {
-			u32 b1 = le32_to_cpu (buf[items++]);
-			u32 b2 = le32_to_cpu (buf[items++]);
-			avtab_auditdeny(avdatum) = (((u64) b1) << 32) | b2;
-		}
-		if (avdatum->specified & AVTAB_AUDITALLOW) {
-			u32 b1 = le32_to_cpu (buf[items++]);
-			u32 b2 = le32_to_cpu (buf[items++]);
-			avtab_auditallow(avdatum) = (((u64) b1) << 32) | b2;
-		}
+		if (avdatum->specified & AVTAB_ALLOWED)
+			avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_AUDITDENY)
+			avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
+		if (avdatum->specified & AVTAB_AUDITALLOW)
+			avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
 	} else {
 		if (avdatum->specified & AVTAB_TRANSITION)
 			avtab_transition(avdatum) = le32_to_cpu(buf[items++]);

==== //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#6 (text+ko) ====

@@ -113,21 +113,11 @@
 #define	CAP_FOWNER		(0x0000000000000010)
 #define	CAP_FSETID		(0x0000000000000020)
 #define	CAP_KILL		(0x0000000000000040)
-#define	CAP_LINK_DIR		(0x0000000000000080)
-#define	CAP_SETFCAP		(0x0000000000000100)
-#define	CAP_SETGID		(0x0000000000000200)
-#define	CAP_SETUID		(0x0000000000000400)
-#define	CAP_MAC_DOWNGRADE	(0x0000000000000800)
-#define	CAP_MAC_READ		(0x0000000000001000)
-#define	CAP_MAC_RELABEL_SUBJ	(0x0000000000002000)
-#define	CAP_MAC_UPGRADE		(0x0000000000004000)
-#define	CAP_MAC_WRITE		(0x0000000000008000)
-#define	CAP_INF_NOFLOAT_OBJ	(0x0000000000010000)
-#define	CAP_INF_NOFLOAT_SUBJ	(0x0000000000020000)
-#define	CAP_INF_RELABEL_OBJ	(0x0000000000040000)
-#define	CAP_INF_RELABEL_SUBJ	(0x0000000000080000)
-#define	CAP_AUDIT_CONTROL	(0x0000000000100000)
-#define	CAP_AUDIT_WRITE		(0x0000000000200000)
+#define	CAP_SETFCAP		(0x0000000000000080)
+#define	CAP_SETGID		(0x0000000000000100)
+#define	CAP_SETUID		(0x0000000000000200)
+#define	CAP_AUDIT_CONTROL	(0x0000000000000400)
+#define	CAP_AUDIT_WRITE		(0x0000000000000800)
 
 /*
  * The following is no longer functional.
@@ -137,49 +127,44 @@
  * We do not support modifying the capabilities of other processes, as Linux
  * (from which this one originated) does.
  */
-#define	CAP_SETPCAP		(0x0000000000400000)
-/* This is unallocated: */
-#define	CAP_XXX_INVALID1	(0x0000000000800000)
-#define	CAP_SYS_SETFFLAG	(0x0000000001000000)
+/*#define	CAP_SETPCAP		(0x0000000000002000)*/
+#define	CAP_SYS_SETFFLAG	(0x0000000000001000)
 /*
  * The CAP_LINUX_IMMUTABLE flag approximately maps into the
  * general file flag setting capability in BSD.  Therefore, for
  * compatibility, map the constants.
  */
 #define	CAP_LINUX_IMMUTABLE	CAP_SYS_SETFFLAG
-#define	CAP_NET_BIND_SERVICE	(0x0000000002000000)
-#define	CAP_NET_BROADCAST	(0x0000000004000000)
-#define	CAP_NET_ADMIN		(0x0000000008000000)
-#define	CAP_NET_RAW		(0x0000000010000000)
-#define	CAP_IPC_LOCK		(0x0000000020000000)
-#define	CAP_IPC_OWNER		(0x0000000040000000)
+#define	CAP_NET_BIND_SERVICE	(0x0000000000002000)
+#define	CAP_NET_BROADCAST	(0x0000000000004000)
+#define	CAP_NET_ADMIN		(0x0000000000008000)
+#define	CAP_NET_RAW		(0x0000000000010000)
+#define	CAP_IPC_LOCK		(0x0000000000020000)
+#define	CAP_IPC_OWNER		(0x0000000000040000)
 /*
  * The following capabilities, borrowed from Linux, are unsafe in a
  * secure environment.
  */
-#define	CAP_SYS_MODULE		(0x0000000080000000)
-#define	CAP_SYS_RAWIO		(0x0000000100000000)
-#define	CAP_SYS_CHROOT		(0x0000000200000000)
-#define	CAP_SYS_PTRACE		(0x0000000400000000)
-#define	CAP_SYS_PACCT		(0x0000000800000000)
-#define	CAP_SYS_ADMIN		(0x0000001000000000)
+#define	CAP_SYS_MODULE		(0x0000000000080000)
+#define	CAP_SYS_RAWIO		(0x0000000000100000)
+#define	CAP_SYS_CHROOT		(0x0000000000200000)
+#define	CAP_SYS_PTRACE		(0x0000000000400000)
+#define	CAP_SYS_PACCT		(0x0000000000800000)
+#define	CAP_SYS_ADMIN		(0x0000000001000000)
 /*
  * Back to the safe ones, again.
  */
-#define	CAP_SYS_BOOT		(0x0000002000000000)
-#define	CAP_SYS_NICE		(0x0000004000000000)
-#define	CAP_SYS_RESOURCE	(0x0000008000000000)
-#define	CAP_SYS_TIME		(0x0000010000000000)
-#define	CAP_SYS_TTY_CONFIG	(0x0000020000000000)
-#define	CAP_MKNOD		(0x0000040000000000)
+#define	CAP_SYS_BOOT		(0x0000000002000000)
+#define	CAP_SYS_NICE		(0x0000000004000000)
+#define	CAP_SYS_RESOURCE	(0x0000000008000000)
+#define	CAP_SYS_TIME		(0x0000000010000000)
+#define	CAP_SYS_TTY_CONFIG	(0x0000000020000000)
+#define	CAP_MKNOD		(0x0000000040000000)
 #define	CAP_MAX_ID		CAP_MKNOD
 
 #define	CAP_ALL_ON	(CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \
     CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \
-    CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \
-    CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \
-    CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \
-    CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \
+    CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_AUDIT_CONTROL | \
     CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \
     CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \
     CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list