diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-08-23 15:26:36 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-08-23 15:26:36 +0000 |
| commit | 78a117e6fa3ea5484baa385417846432dcafd758 (patch) | |
| tree | 5219c0b4d17dd1dcbcb5fda367c1905a0929ee2b /sys/security/mac/mac_sysv_msg.c | |
| parent | 36dc0db8e1fa12d3f6a38164a5fb1ae82fc45eba (diff) | |
| download | FreeBSD-src-78a117e6fa3ea5484baa385417846432dcafd758.zip FreeBSD-src-78a117e6fa3ea5484baa385417846432dcafd758.tar.gz | |
Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2)
so that the general exec code isn't aware of the details of
allocating, copying, and freeing labels, rather, simply passes in
a void pointer to start and stop functions that will be used by
the framework. This change will be MFC'd.
(2) Introduce a new flags field to the MAC_POLICY_SET(9) interface
allowing policies to declare which types of objects require label
allocation, initialization, and destruction, and define a set of
flags covering various supported object types (MPC_OBJECT_PROC,
MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the
overhead of compiling the MAC Framework into the kernel if policies
aren't loaded, or if policies require labels on only a small number
or even no object types. Each time a policy is loaded or unloaded,
we recalculate a mask of labeled object types across all policies
present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it
is no longer required.
MFC after: 1 week ((1) only)
Reviewed by: csjp
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Diffstat (limited to 'sys/security/mac/mac_sysv_msg.c')
| -rw-r--r-- | sys/security/mac/mac_sysv_msg.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/sys/security/mac/mac_sysv_msg.c b/sys/security/mac/mac_sysv_msg.c index 5db6270..2c5bbca 100644 --- a/sys/security/mac/mac_sysv_msg.c +++ b/sys/security/mac/mac_sysv_msg.c @@ -1,6 +1,7 @@ /*- * Copyright (c) 2003-2004 Networks Associates Technology, Inc. * Copyright (c) 2006 SPARTA, Inc. + * Copyright (c) 2008 Apple Inc. * All rights reserved. * * This software was developed for the FreeBSD Project in part by Network @@ -70,7 +71,10 @@ void mac_sysvmsg_init(struct msg *msgptr) { - msgptr->label = mac_sysv_msgmsg_label_alloc(); + if (mac_labeled & MPC_OBJECT_SYSVMSG) + msgptr->label = mac_sysv_msgmsg_label_alloc(); + else + msgptr->label = NULL; } static struct label * @@ -87,7 +91,10 @@ void mac_sysvmsq_init(struct msqid_kernel *msqkptr) { - msqkptr->label = mac_sysv_msgqueue_label_alloc(); + if (mac_labeled & MPC_OBJECT_SYSVMSQ) + msqkptr->label = mac_sysv_msgqueue_label_alloc(); + else + msqkptr->label = NULL; } static void @@ -102,8 +109,10 @@ void mac_sysvmsg_destroy(struct msg *msgptr) { - mac_sysv_msgmsg_label_free(msgptr->label); - msgptr->label = NULL; + if (msgptr->label != NULL) { + mac_sysv_msgmsg_label_free(msgptr->label); + msgptr->label = NULL; + } } static void @@ -118,8 +127,10 @@ void mac_sysvmsq_destroy(struct msqid_kernel *msqkptr) { - mac_sysv_msgqueue_label_free(msqkptr->label); - msqkptr->label = NULL; + if (msqkptr->label != NULL) { + mac_sysv_msgqueue_label_free(msqkptr->label); + msqkptr->label = NULL; + } } void |
