diff options
| author | rwatson <rwatson@FreeBSD.org> | 2005-05-04 10:39:15 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2005-05-04 10:39:15 +0000 |
| commit | 2197ab2d9342ec86dee8d80f036f78a3fced3ff7 (patch) | |
| tree | f0b55e1f47aadd0b1a94b34901f76cb2bd96c403 /sys/security/mac_stub | |
| parent | ddd6311fb87bee11285e589301f537f9ea1491b2 (diff) | |
| download | FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.zip FreeBSD-src-2197ab2d9342ec86dee8d80f036f78a3fced3ff7.tar.gz | |
Introduce MAC Framework and MAC Policy entry points to label and control
access to POSIX Semaphores:
mac_init_posix_sem() Initialize label for POSIX semaphore
mac_create_posix_sem() Create POSIX semaphore
mac_destroy_posix_sem() Destroy POSIX semaphore
mac_check_posix_sem_destroy() Check whether semaphore may be destroyed
mac_check_posix_sem_getvalue() Check whether semaphore may be queried
mac_check_possix_sem_open() Check whether semaphore may be opened
mac_check_posix_sem_post() Check whether semaphore may be posted to
mac_check_posix_sem_unlink() Check whether semaphore may be unlinked
mac_check_posix_sem_wait() Check whether may wait on semaphore
Update Biba, MLS, Stub, and Test policies to implement these entry points.
For information flow policies, most semaphore operations are effectively
read/write.
Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Sponsored by: DARPA, McAfee, SPARTA
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_stub')
| -rw-r--r-- | sys/security/mac_stub/mac_stub.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 64a06d9..0581247 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -63,6 +63,8 @@ #include <sys/sem.h> #include <sys/shm.h> +#include <posix4/ksem.h> + #include <fs/devfs/devfs.h> #include <net/bpfdesc.h> @@ -273,6 +275,13 @@ stub_create_pipe(struct ucred *cred, struct pipepair *pp, } static void +stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + +} + +static void stub_create_socket_from_socket(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketlabel) @@ -821,6 +830,54 @@ stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int +stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int +stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, + struct label *ks_label) +{ + + return (0); +} + +static int stub_check_proc_debug(struct ucred *cred, struct proc *proc) { @@ -1326,6 +1383,7 @@ static struct mac_policy_ops mac_stub_ops = .mpo_init_mount_label = stub_init_label, .mpo_init_mount_fs_label = stub_init_label, .mpo_init_pipe_label = stub_init_label, + .mpo_init_posix_sem_label = stub_init_label, .mpo_init_socket_label = stub_init_label_waitcheck, .mpo_init_socket_peer_label = stub_init_label_waitcheck, .mpo_init_vnode_label = stub_init_label, @@ -1343,6 +1401,7 @@ static struct mac_policy_ops mac_stub_ops = .mpo_destroy_mount_label = stub_destroy_label, .mpo_destroy_mount_fs_label = stub_destroy_label, .mpo_destroy_pipe_label = stub_destroy_label, + .mpo_destroy_posix_sem_label = stub_destroy_label, .mpo_destroy_socket_label = stub_destroy_label, .mpo_destroy_socket_peer_label = stub_destroy_label, .mpo_destroy_vnode_label = stub_destroy_label, @@ -1381,6 +1440,7 @@ static struct mac_policy_ops mac_stub_ops = .mpo_update_devfsdirent = stub_update_devfsdirent, .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, .mpo_create_pipe = stub_create_pipe, + .mpo_create_posix_sem = stub_create_posix_sem, .mpo_create_socket = stub_create_socket, .mpo_create_socket_from_socket = stub_create_socket_from_socket, .mpo_relabel_pipe = stub_relabel_pipe, @@ -1451,6 +1511,12 @@ static struct mac_policy_ops mac_stub_ops = .mpo_check_pipe_relabel = stub_check_pipe_relabel, .mpo_check_pipe_stat = stub_check_pipe_stat, .mpo_check_pipe_write = stub_check_pipe_write, + .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy, + .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue, + .mpo_check_posix_sem_open = stub_check_posix_sem_open, + .mpo_check_posix_sem_post = stub_check_posix_sem_post, + .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink, + .mpo_check_posix_sem_wait = stub_check_posix_sem_wait, .mpo_check_proc_debug = stub_check_proc_debug, .mpo_check_proc_sched = stub_check_proc_sched, .mpo_check_proc_setuid = stub_check_proc_setuid, |
