diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 14:28:33 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 14:28:33 +0000 |
| commit | 5b4c0a83ffe5155893733797736e14c3b44f759a (patch) | |
| tree | 0451ebf64c9463d83390da0d7e40b911f8094664 /sys | |
| parent | 3bce61119252e49f26de5fb98bae2b055f51c734 (diff) | |
| download | FreeBSD-src-5b4c0a83ffe5155893733797736e14c3b44f759a.zip FreeBSD-src-5b4c0a83ffe5155893733797736e14c3b44f759a.tar.gz | |
Perform explicit label type checks for externalize entry points, rather than
a generic initialized test.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 80 |
1 files changed, 70 insertions, 10 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index e59bcf9..6c88010 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -568,14 +568,74 @@ test_vnode_copy_label(struct label *src, struct label *dest) COUNTER_INC(vnode_copy_label); } -COUNTER_DECL(externalize_label); +COUNTER_DECL(cred_externalize_label); static int -test_externalize_label(struct label *label, char *element_name, +test_cred_externalize_label(struct label *label, char *element_name, struct sbuf *sb, int *claimed) { - LABEL_NOTFREE(label); - COUNTER_INC(externalize_label); + LABEL_CHECK(label, MAGIC_CRED); + COUNTER_INC(cred_externalize_label); + + return (0); +} + +COUNTER_DECL(ifnet_externalize_label); +static int +test_ifnet_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_IFNET); + COUNTER_INC(ifnet_externalize_label); + + return (0); +} + +COUNTER_DECL(pipe_externalize_label); +static int +test_pipe_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_PIPE); + COUNTER_INC(pipe_externalize_label); + + return (0); +} + +COUNTER_DECL(socket_externalize_label); +static int +test_socket_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socket_externalize_label); + + return (0); +} + +COUNTER_DECL(socketpeer_externalize_label); +static int +test_socketpeer_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_externalize_label); + + return (0); +} + +COUNTER_DECL(vnode_externalize_label); +static int +test_vnode_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_externalize_label); return (0); } @@ -2584,12 +2644,12 @@ static struct mac_policy_ops test_ops = .mpo_pipe_copy_label = test_pipe_copy_label, .mpo_socket_copy_label = test_socket_copy_label, .mpo_vnode_copy_label = test_vnode_copy_label, - .mpo_cred_externalize_label = test_externalize_label, - .mpo_ifnet_externalize_label = test_externalize_label, - .mpo_pipe_externalize_label = test_externalize_label, - .mpo_socket_externalize_label = test_externalize_label, - .mpo_socketpeer_externalize_label = test_externalize_label, - .mpo_vnode_externalize_label = test_externalize_label, + .mpo_cred_externalize_label = test_cred_externalize_label, + .mpo_ifnet_externalize_label = test_ifnet_externalize_label, + .mpo_pipe_externalize_label = test_pipe_externalize_label, + .mpo_socket_externalize_label = test_socket_externalize_label, + .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, + .mpo_vnode_externalize_label = test_vnode_externalize_label, .mpo_cred_internalize_label = test_internalize_label, .mpo_ifnet_internalize_label = test_internalize_label, .mpo_pipe_internalize_label = test_internalize_label, |
