PERFORCE change 87153 for review
Robert Watson
rwatson at FreeBSD.org
Wed Nov 23 21:25:01 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=87153
Change 87153 by rwatson at rwatson_zoo on 2005/11/23 21:24:39
Simple module to trace devfs path information.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/modules/mac_devfs/Makefile#2 (text+ko) ====
@@ -1,9 +1,9 @@
-# $FreeBSD: src/sys/modules/mac_none/Makefile,v 1.2 2002/10/22 17:10:15 rwatson Exp $
+# $FreeBSD$
-.PATH: ${.CURDIR}/../../security/mac_none
+.PATH: ${.CURDIR}/../../security/mac_devfs
-KMOD= mac_none
+KMOD= mac_devfs
SRCS= vnode_if.h \
- mac_none.c
+ mac_devfs.c
.include <bsd.kmod.mk>
==== //depot/projects/trustedbsd/mac/sys/security/mac_devfs/mac_devfs.c#2 (text+ko) ====
@@ -1,15 +1,9 @@
/*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2005 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
*
- * This software was developed for the FreeBSD Project in part by Network
- * Associates Laboratories, the Security Research Division of Network
- * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
- * as part of the DARPA CHATS research program.
- *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -31,15 +25,11 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_none/mac_none.c,v 1.32 2005/09/19 18:52:50 phk Exp $
+ * $FreeBSD$
*/
/*
* Developed by the TrustedBSD Project.
- *
- * Sample policy implementing no entry points; for performance measurement
- * purposes only. If you're looking for a stub policy to base new policies
- * on, try mac_stub.
*/
#include <sys/types.h>
@@ -76,18 +66,53 @@
#include <sys/mac_policy.h>
-SYSCTL_DECL(_security_mac);
+static void
+mac_devfs_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vlabel)
+{
+
+}
+
+static void
+mac_devfs_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label,
+ const char *fullpath)
+{
+
+ printf("mac_devfs_create_devfs_device(uid %d mp %s cdev %s "
+ "fullpath %s", cred != NULL ? cred->cr_uid : -1,
+ mp->mnt_stat.f_mntonname, dev->si_name, fullpath);
+}
+
+static void
+mac_devfs_create_devfs_directory(struct mount *mp, char *dirname,
+ int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label,
+ const char *fullpath)
+{
+
+ printf("mac_devfs_create_devfs_device(mp %s dirname %s fullpath %s",
+ mp->mnt_stat.f_mntonname, dirname, fullpath);
+}
-SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0,
- "TrustedBSD mac_none policy controls");
+static void
+mac_devfs_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel, const char *fullpath)
+{
-static int mac_none_enabled = 1;
-SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW,
- &mac_none_enabled, 0, "Enforce none policy");
+ printf("mac_devfs_create_devfs_device(uid %d mp %s fullpath %s",
+ cred != NULL ? cred->cr_uid : -1, mp->mnt_stat.f_mntonname,
+ fullpath);
+}
static struct mac_policy_ops mac_none_ops =
{
+ .mpo_associate_vnode_devfs = mac_devfs_associate_vnode_devfs,
+ .mpo_create_devfs_device = mac_devfs_create_devfs_device,
+ .mpo_create_devfs_directory = mac_devfs_create_devfs_directory,
+ .mpo_create_devfs_symlink = mac_devfs_create_devfs_symlink,
};
-MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/None",
+MAC_POLICY_SET(&mac_none_ops, mac_none, "TrustedBSD MAC/devfs",
MPC_LOADTIME_FLAG_UNLOADOK, NULL);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list