src/sys/security/mac_none, branch releng/5.3

src/sys/security/mac_none, branch releng/5.3 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F5.3 2004-02-22T00:33:12Z Update my personal copyrights and NETA copyrights in the kernel 2004-02-22T00:33:12Z Robert Watson rwatson@FreeBSD.org 2004-02-22T00:33:12Z urn:sha1:f6a4109212fd8fbabc731f07b2dd5c7e07fbec33 to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the lines from getting excessively long as the years start to add up. Suggested by: imp mac_none is now the null policy, not a stub policy, so remove the 2003-08-21T16:19:17Z Robert Watson rwatson@FreeBSD.org 2003-08-21T16:19:17Z urn:sha1:0164a4992a536ad96a70dbf8338a68f2917d1ed0 stubs. Add a pointer to mac_stub, which is now the stub policy. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Redesign the externalization APIs from the MAC Framework to 2003-06-23T01:26:34Z Robert Watson rwatson@FreeBSD.org 2003-06-23T01:26:34Z urn:sha1:f51e58036ebe3a3e75527325e659d7ba02b129ed the MAC policy modules to improve robustness against C string bugs and vulnerabilities. Following these revisions, all string construction of labels for export to userspace (or elsewhere) is performed using the sbuf API, which prevents the consumer from having to perform laborious and intricate pointer and buffer checks. This substantially simplifies the externalization logic, both at the MAC Framework level, and in individual policies; this becomes especially useful when policies export more complex label data, such as with compartments in Biba and MLS. Bundled in here are some other minor fixes associated with externalization: including avoiding malloc while holding the process mutex in mac_lomac, and hence avoid a failure mode when printing labels during a downgrade operation due to the removal of the M_NOWAIT case. This has been running in the MAC development tree for about three weeks without problems. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Trim "trustedbsd_" from the front of the policy module "short names"; 2003-03-27T19:26:39Z Robert Watson rwatson@FreeBSD.org 2003-03-27T19:26:39Z urn:sha1:78183ac2d2669c86a73f9acc38050ce09295a1a7 the vendor is only included in the long name currently, reducing verbosity when modules are registered and unregistered. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Modify the mac_init_ipq() MAC Framework entry point to accept an 2003-03-26T15:12:03Z Robert Watson rwatson@FreeBSD.org 2003-03-26T15:12:03Z urn:sha1:5e7ce4785f43ef1e01c5a85bc10c9ddba60076d7 additional flags argument to indicate blocking disposition, and pass in M_NOWAIT from the IP reassembly code to indicate that blocking is not OK when labeling a new IP fragment reassembly queue. This should eliminate some of the WITNESS warnings that have started popping up since fine-grained IP stack locking started going in; if memory allocation fails, the creation of the fragment queue will be aborted. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Update MAC "none" stub policy to include stubs for the following 2003-03-25T01:18:06Z Robert Watson rwatson@FreeBSD.org 2003-03-25T01:18:06Z urn:sha1:09de2dc22f61d33a751665b207c353b6c95314ff entry points: mac_none_thread_userret() mac_none_check_kenv_dump() mac_none_check_kenv_get() mac_none_check_kenv_set() mac_none_check_kenv_unset() mac_none_check_kld_load() mac_none_check_kld_stat() mac_none_check_kld_unload() mac_none_check_sysarch_ioperm() mac_none_check_system_acct() mac_none_check_system_settime() mac_none_check_system_swapoff() Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Default policies to on: if you load them or compile them into your 2002-12-10T16:20:34Z Robert Watson rwatson@FreeBSD.org 2002-12-10T16:20:34Z urn:sha1:eba0370d9028d9b36bc36dea083f1ae6a0592e73 kernel, you should expect them to do something, so now they do. This doesn't affect users who don't load or explicitly compile in the policies. Approved by: re (jhb) Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Remove dm_root entry from struct devfs_mount. It's never set, and is 2002-12-09T03:44:28Z Robert Watson rwatson@FreeBSD.org 2002-12-09T03:44:28Z urn:sha1:990b4b2dc5b91303cf16dc49217fc819dfffa3b0 unused. Replace it with a dm_mount back-pointer to the struct mount that the devfs_mount is associated with. Export that pointer to MAC Framework entry points, where all current policies don't use the pointer. This permits the SEBSD port of SELinux's FLASK/TE to compile out-of-the-box on 5.0-CURRENT with full file system labeling support. Approved by: re (murray) Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Garbage collect mac_create_devfs_vnode() -- it hasn't been used since 2002-11-12T04:20:36Z Robert Watson rwatson@FreeBSD.org 2002-11-12T04:20:36Z urn:sha1:63b6f478ecc7e0a87ee8d9a7148ec0f2dab9dde6 we brought in the new cache and locking model for vnode labels. We now rely on mac_associate_devfs_vnode(). Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Update MAC modules for changes in arguments for exec MAC policy 2002-11-08T18:04:36Z Robert Watson rwatson@FreeBSD.org 2002-11-08T18:04:36Z urn:sha1:ef5def596d3e5479f096ed526f0fcc31e3dc519e entry points to include an explicit execlabel. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories