summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2006-10-22 11:52:19 +0000
committerrwatson <rwatson@FreeBSD.org>2006-10-22 11:52:19 +0000
commit7beaaf5cd2391ef1f8159791b46dbeb83ab0c2fb (patch)
tree15bbe7ba3ad64d39db33baa0b88a2dae4206568e /sys/security
parentcbcb760109a202fb847f48aa942a8b84b1e85015 (diff)
downloadFreeBSD-src-7beaaf5cd2391ef1f8159791b46dbeb83ab0c2fb.zip
FreeBSD-src-7beaaf5cd2391ef1f8159791b46dbeb83ab0c2fb.tar.gz
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h
begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_framework.c3
-rw-r--r--sys/security/mac/mac_framework.h86
-rw-r--r--sys/security/mac/mac_inet.c1
-rw-r--r--sys/security/mac/mac_label.c1
-rw-r--r--sys/security/mac/mac_net.c1
-rw-r--r--sys/security/mac/mac_pipe.c1
-rw-r--r--sys/security/mac/mac_policy.h2
-rw-r--r--sys/security/mac/mac_posix_sem.c1
-rw-r--r--sys/security/mac/mac_process.c1
-rw-r--r--sys/security/mac/mac_socket.c1
-rw-r--r--sys/security/mac/mac_syscalls.c3
-rw-r--r--sys/security/mac/mac_system.c1
-rw-r--r--sys/security/mac/mac_sysv_msg.c1
-rw-r--r--sys/security/mac/mac_sysv_sem.c1
-rw-r--r--sys/security/mac/mac_sysv_shm.c1
-rw-r--r--sys/security/mac/mac_vfs.c1
-rw-r--r--sys/security/mac_lomac/mac_lomac.c2
17 files changed, 32 insertions, 76 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index b553c80..8d69dcc 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -91,6 +91,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in.h>
#include <netinet/ip_var.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
#ifdef MAC
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 520e767..02d3eb9 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -1,7 +1,7 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -37,91 +37,33 @@
*
* $FreeBSD$
*/
-/*
- * Userland/kernel interface for Mandatory Access Control.
- *
- * The POSIX.1e implementation page may be reached at:
- * http://www.trustedbsd.org/
- */
-
-#ifndef _SYS_MAC_H_
-#define _SYS_MAC_H_
-
-#include <sys/_label.h>
-
-#ifndef _POSIX_MAC
-#define _POSIX_MAC
-#endif
/*
- * MAC framework-related constants and limits.
+ * Kernel interface for Mandatory Access Control -- how kernel services
+ * interact with the TrustedBSD MAC Framework.
*/
-#define MAC_MAX_POLICY_NAME 32
-#define MAC_MAX_LABEL_ELEMENT_NAME 32
-#define MAC_MAX_LABEL_ELEMENT_DATA 4096
-#define MAC_MAX_LABEL_BUF_LEN 8192
-
-struct mac {
- size_t m_buflen;
- char *m_string;
-};
-typedef struct mac *mac_t;
+#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_
+#define _SYS_SECURITY_MAC_MAC_MAC_FRAMEWORK_H_
#ifndef _KERNEL
+#error "no user-serviceable parts inside"
+#endif
-/*
- * Location of the userland MAC framework configuration file. mac.conf
- * binds policy names to shared libraries that understand those policies,
- * as well as setting defaults for MAC-aware applications.
- */
-#define MAC_CONFFILE "/etc/mac.conf"
-
-/*
- * Extended non-POSIX.1e interfaces that offer additional services
- * available from the userland and kernel MAC frameworks.
- */
-__BEGIN_DECLS
-int mac_execve(char *fname, char **argv, char **envv, mac_t _label);
-int mac_free(mac_t _label);
-int mac_from_text(mac_t *_label, const char *_text);
-int mac_get_fd(int _fd, mac_t _label);
-int mac_get_file(const char *_path, mac_t _label);
-int mac_get_link(const char *_path, mac_t _label);
-int mac_get_peer(int _fd, mac_t _label);
-int mac_get_pid(pid_t _pid, mac_t _label);
-int mac_get_proc(mac_t _label);
-int mac_is_present(const char *_policyname);
-int mac_prepare(mac_t *_label, const char *_elements);
-int mac_prepare_file_label(mac_t *_label);
-int mac_prepare_ifnet_label(mac_t *_label);
-int mac_prepare_process_label(mac_t *_label);
-int mac_prepare_type(mac_t *_label, const char *_type);
-int mac_set_fd(int _fildes, const mac_t _label);
-int mac_set_file(const char *_path, mac_t _label);
-int mac_set_link(const char *_path, mac_t _label);
-int mac_set_proc(const mac_t _label);
-int mac_syscall(const char *_policyname, int _call, void *_arg);
-int mac_to_text(mac_t mac, char **_text);
-__END_DECLS
-
-#else /* _KERNEL */
+#include <sys/_label.h>
-/*
- * Kernel functions to manage and evaluate labels.
- */
struct bpf_d;
struct cdev;
struct componentname;
struct devfs_dirent;
struct ifnet;
struct ifreq;
-struct inpcb;
struct image_params;
struct inpcb;
struct ipq;
struct ksem;
struct m_tag;
+struct mac;
struct mbuf;
struct mount;
struct msg;
@@ -140,14 +82,14 @@ struct ucred;
struct uio;
struct vattr;
struct vnode;
+struct vop_setlabel_args;
#include <sys/acl.h> /* XXX acl_type_t */
-struct vop_setlabel_args;
-
/*
- * Label operations.
+ * Kernel functions to manage and evaluate labels.
*/
+
void mac_init_bpfdesc(struct bpf_d *);
void mac_init_cred(struct ucred *);
void mac_init_devfsdirent(struct devfs_dirent *);
@@ -472,6 +414,4 @@ void mac_associate_nfsd_label(struct ucred *cred);
*/
int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
-#endif /* !_KERNEL */
-
-#endif /* !_SYS_MAC_H_ */
+#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */
diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c
index 7dafc45..0d35e48 100644
--- a/sys/security/mac/mac_inet.c
+++ b/sys/security/mac/mac_inet.c
@@ -64,6 +64,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in_pcb.h>
#include <netinet/ip_var.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static struct label *
diff --git a/sys/security/mac/mac_label.c b/sys/security/mac/mac_label.c
index f6d92ef..572d598 100644
--- a/sys/security/mac/mac_label.c
+++ b/sys/security/mac/mac_label.c
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
#include <vm/uma.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
uma_zone_t zone_label;
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index d542806..eb602da 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/if_var.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
/*
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 6a59567..edc03132 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -49,6 +49,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_pipe = 1;
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index afd437f..a7e9d834 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -55,6 +55,8 @@
* Operations are sorted first by general class of operation, then
* alphabetically.
*/
+#include <sys/acl.h> /* XXX acl_type_t */
+
struct acl;
struct bpf_d;
struct componentname;
diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c
index a71b021..e852779 100644
--- a/sys/security/mac/mac_posix_sem.c
+++ b/sys/security/mac/mac_posix_sem.c
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_posix_sem = 1;
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index c3f8eab..c903204 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -64,6 +64,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
int mac_enforce_process = 1;
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index 21439cd..2766716 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in_pcb.h>
#include <netinet/ip_var.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
/*
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index b553c80..8d69dcc 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -91,6 +91,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/in.h>
#include <netinet/ip_var.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
#ifdef MAC
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 6cd6430..eef66e6 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_kld = 1;
diff --git a/sys/security/mac/mac_sysv_msg.c b/sys/security/mac/mac_sysv_msg.c
index d7e2629..86ae8a8 100644
--- a/sys/security/mac/mac_sysv_msg.c
+++ b/sys/security/mac/mac_sysv_msg.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_sysv_msg = 1;
diff --git a/sys/security/mac/mac_sysv_sem.c b/sys/security/mac/mac_sysv_sem.c
index ffe31e1..aae6788 100644
--- a/sys/security/mac/mac_sysv_sem.c
+++ b/sys/security/mac/mac_sysv_sem.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_sysv_sem = 1;
diff --git a/sys/security/mac/mac_sysv_shm.c b/sys/security/mac/mac_sysv_shm.c
index adbea14..b7c8cfb 100644
--- a/sys/security/mac/mac_sysv_shm.c
+++ b/sys/security/mac/mac_sysv_shm.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
static int mac_enforce_sysv_shm = 1;
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 058dc6c..ef667b1 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$");
#include <fs/devfs/devfs.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
/*
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 8ae03e0..07484d1 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -45,7 +45,6 @@
#include <sys/conf.h>
#include <sys/extattr.h>
#include <sys/kernel.h>
-#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mman.h>
#include <sys/mount.h>
@@ -79,6 +78,7 @@
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac_lomac/mac_lomac.h>
struct mac_lomac_proc {
OpenPOWER on IntegriCloud