diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-30 00:01:28 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-30 00:01:28 +0000 |
| commit | aaad69006f6149b7a1042daeded0b7897d4d664c (patch) | |
| tree | bbb0a1c724a531afa7a3be02b8d3dbc0a2d6a057 /sys/security/mac_test | |
| parent | e93fa6ca815f93c8749ef9edf5a974a4ec9563c0 (diff) | |
| download | FreeBSD-src-aaad69006f6149b7a1042daeded0b7897d4d664c.zip FreeBSD-src-aaad69006f6149b7a1042daeded0b7897d4d664c.tar.gz | |
Implement per-object type consistency checks for labels passed to
'internalize' operations rather than using a single common check.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_test')
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 85 |
1 files changed, 65 insertions, 20 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index d9cb64c..32042e6 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -149,21 +149,6 @@ SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, } while (0) /* - * Functions that span multiple entry points. - */ -COUNTER_DECL(internalize_label); -static int -test_internalize_label(struct label *label, char *element_name, - char *element_data, int *claimed) -{ - - LABEL_NOTFREE(label); - COUNTER_INC(internalize_label); - - return (0); -} - -/* * Object-specific entry point implementations are sorted alphabetically by * object type name and then by operation. */ @@ -284,6 +269,18 @@ test_cred_init_label(struct label *label) COUNTER_INC(cred_init_label); } +COUNTER_DECL(cred_internalize_label); +static int +test_cred_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_CRED); + COUNTER_INC(cred_internalize_label); + + return (0); +} + COUNTER_DECL(cred_relabel); static void test_cred_relabel(struct ucred *cred, struct label *newlabel) @@ -458,6 +455,18 @@ test_ifnet_init_label(struct label *label) COUNTER_INC(ifnet_init_label); } +COUNTER_DECL(ifnet_internalize_label); +static int +test_ifnet_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_IFNET); + COUNTER_INC(ifnet_internalize_label); + + return (0); +} + COUNTER_DECL(ifnet_relabel); static void test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, @@ -976,6 +985,18 @@ test_pipe_init_label(struct label *label) COUNTER_INC(pipe_init_label); } +COUNTER_DECL(pipe_internalize_label); +static int +test_pipe_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_PIPE); + COUNTER_INC(pipe_internalize_label); + + return (0); +} + COUNTER_DECL(pipe_relabel); static void test_pipe_relabel(struct ucred *cred, struct pipepair *pp, @@ -1527,6 +1548,18 @@ test_socket_init_label(struct label *label, int flag) return (0); } +COUNTER_DECL(socket_internalize_label); +static int +test_socket_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socket_internalize_label); + + return (0); +} + COUNTER_DECL(socket_newconn); static void test_socket_newconn(struct socket *oldso, struct label *oldsolabel, @@ -2621,6 +2654,18 @@ test_vnode_init_label(struct label *label) COUNTER_INC(vnode_init_label); } +COUNTER_DECL(vnode_internalize_label); +static int +test_vnode_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_internalize_label); + + return (0); +} + COUNTER_DECL(vnode_relabel); static void test_vnode_relabel(struct ucred *cred, struct vnode *vp, @@ -2661,7 +2706,7 @@ static struct mac_policy_ops test_ops = .mpo_cred_destroy_label = test_cred_destroy_label, .mpo_cred_externalize_label = test_cred_externalize_label, .mpo_cred_init_label = test_cred_init_label, - .mpo_cred_internalize_label = test_internalize_label, + .mpo_cred_internalize_label = test_cred_internalize_label, .mpo_cred_relabel = test_cred_relabel, .mpo_devfs_create_device = test_devfs_create_device, @@ -2680,7 +2725,7 @@ static struct mac_policy_ops test_ops = .mpo_ifnet_destroy_label = test_ifnet_destroy_label, .mpo_ifnet_externalize_label = test_ifnet_externalize_label, .mpo_ifnet_init_label = test_ifnet_init_label, - .mpo_ifnet_internalize_label = test_internalize_label, + .mpo_ifnet_internalize_label = test_ifnet_internalize_label, .mpo_ifnet_relabel = test_ifnet_relabel, .mpo_syncache_destroy_label = test_syncache_destroy_label, @@ -2751,7 +2796,7 @@ static struct mac_policy_ops test_ops = .mpo_pipe_destroy_label = test_pipe_destroy_label, .mpo_pipe_externalize_label = test_pipe_externalize_label, .mpo_pipe_init_label = test_pipe_init_label, - .mpo_pipe_internalize_label = test_internalize_label, + .mpo_pipe_internalize_label = test_pipe_internalize_label, .mpo_pipe_relabel = test_pipe_relabel, .mpo_posixsem_check_destroy = test_posixsem_check_destroy, @@ -2802,7 +2847,7 @@ static struct mac_policy_ops test_ops = .mpo_socket_destroy_label = test_socket_destroy_label, .mpo_socket_externalize_label = test_socket_externalize_label, .mpo_socket_init_label = test_socket_init_label, - .mpo_socket_internalize_label = test_internalize_label, + .mpo_socket_internalize_label = test_socket_internalize_label, .mpo_socket_newconn = test_socket_newconn, .mpo_socket_relabel = test_socket_relabel, @@ -2892,7 +2937,7 @@ static struct mac_policy_ops test_ops = .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, .mpo_vnode_externalize_label = test_vnode_externalize_label, .mpo_vnode_init_label = test_vnode_init_label, - .mpo_vnode_internalize_label = test_internalize_label, + .mpo_vnode_internalize_label = test_vnode_internalize_label, .mpo_vnode_relabel = test_vnode_relabel, .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, }; |
