Introduce support for Mandatory Access Control and extensible kernel

access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 10 insertions, 1 deletions

diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index f1ae350..115fb7b 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -38,6 +38,14 @@
 #define	_SYS_UCRED_H_
 
 /*
+ * XXXMAC: Recursively include mac.h due to an API assumption that it
+ * it is sufficient to include types.h and ucred.h to have a defined
+ * struct ucred.  This should be changed so that struct ucred is not
+ * exported to userland via _KERNEL.
+ */
+#include <sys/mac.h>
+
+/*
  * Credentials.
  *
  * Please do not inspect cr_uid directly to determine superuserness.
@@ -56,7 +64,8 @@ struct ucred {
 	struct uidinfo	*cr_uidinfo;	/* per euid resource consumption */
 	struct uidinfo	*cr_ruidinfo;	/* per ruid resource consumption */
 	struct prison	*cr_prison;	/* jail(4) */
-#define	cr_endcopy	cr_mtxp
+#define	cr_endcopy	cr_label
+	struct label	cr_label;	/* MAC label */
 	struct mtx	*cr_mtxp;      	/* protect refcount */
 };
 #define	NOCRED	((struct ucred *)0)	/* no credential available */