FreeBSD/src
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2026-06-02 11:24:32 +00:00
Code Issues Projects Releases Wiki Activity

Import LOMAC preliminary release 2.0.0 in src/sys/security. These files may

Browse Source 
be modified and do not have to remain on the vendor branch.

http://opensource.nailabs.com/lomac/index.html

Sponsored by: DARPA, NAI Labs (CBOSS project)
This commit is contained in:
Brian Feldman
2001-11-19 22:34:06 +00:00
parent ae3a37e4a0
commit 3795613d1d
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/cvs2svn/branches/NAILabs/; revision=86629
svn path=/cvs2svn/tags/LOMAC_2_2_0/; revision=86631; tag=vendor/lomac/2.2.0
30 changed files with 521 additions and 384 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sys/contrib/lomac/kernel_pipe.h
-45
View File
@@ -1,45 +0,0 @@
#ifndef _KERNEL_PIPE_H_
#define _KERNEL_PIPE_H_
/******************************************************************
*
* kernel_pipe.h
*
* LOMAC - Low Water-Mark Mandatory Access Control
* Copyright (c) 1999-2001 Networks Associates, Inc. All rights reserved.
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* Neither the name of NAI Labs, Inc. nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $Id: kernel_pipe.h,v 1.1 2001/09/20 21:29:21 tfraser Exp $
*
* Public interface to kernel_pipe.c, the part of the LOMAC kernel
* interface that takes control of operations on unnamed pipes.
*
*/
int lomac_initialize_pipes( void );
int lomac_uninitialize_pipes( void );
#endif /* _KERNEL_PIPE_H_ */
sys/contrib/lomac/kernel_socket.h
-35
View File
@@ -1,35 +0,0 @@
/*
* LOMAC - Low Water-Mark Mandatory Access Control
* Copyright (c) 2001 Networks Associates Technology, Inc.
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $Id: kernel_socket.h,v 1.1 2001/09/26 23:00:44 tfraser Exp $
*
*/
#ifndef _KERNEL_SOCKET_H_
#define _KERNEL_SOCKET_H_
int lomac_initialize_sockets( void );
int lomac_uninitialize_sockets( void );
#endif /* _KERNEL_SOCKET_H_ */
sys/contrib/lomac/lomac.h
-193
View File
@@ -1,193 +0,0 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacfs.h,v 1.20 2001/10/17 15:34:29 bfeldman Exp $
*/
#ifndef _LOMAC_H_
#define _LOMAC_H_
/*
* This file defines the `lattr_t' type, which represents
* the architecture-independent notion of LOMAC attributes.
*
* Each architecture must associate LOMAC attributes with subjects and
* objects. This association can be implemented in an architecture-
* specific way. However, when it comes time to make a decision by
* comparing two LOMAC attributes, the architecture-specific code should
* construct two instances of the architecture-independent lattr_t type
* and compare them using the lomac_must_demote() and lomac_must_deny()
* functions.
*
* The following two examples demonstrate how architecture-specific code
* might do this construction and comparison:
*
* EXAMPLE USAGE:
*
* Example 1: subject x reads object y.
* (1) a = LOMAC attributes of subject x
* (2) b = LOMAC attributes of object y
* (3) demote_result = lomac_must_demote( a, b );
* (4) IF demote_result THEN
* (5) IF subject x is running in "deny read instead of demote" mode THEN
* (6) RETURN read denied
* (7) ENDIF
* (8) IF subject x is not running in "never demote" mode THEN
* (9) demote subject x
* (10) ENDIF
* (11) ENDIF
* (12) perform read on object y
*
*
* Example 2: subject x writes object y.
* (50) a = LOMAC attributes of subject x
* (51) b = LOMAC attributes of object y
* (52) IF lomac_must_deny( a, b ) THEN
* (53) return write denied
* (54) ELSE
* (55) perform write operation on object y
* (56) ENDIF
*
* Lines 1, 2, 50, and 51 show the architecture-specific code
* constructing instances of lattr_t.
*
* Lines 5 and 8 ask "is the subject running in some mode?" (See note
* on modes, below.) The architecture-specific code must use these
* modes to determine when to call lomac_must_demote/deny() and when not
* to.
*
* Lines 6, 9, 53 and 55 show the architecture-specific code
* taking different actions depending on the results of calls to
* lomac_must_demote/deny(). The architecture-specific code is responsible
* for calling lomac_must_demote/deny() in the proper places, and carrying
* out the appropriate demotions and denials depending on the result.
*
*
* A NOTE ON LEVELS:
*
* LOMAC presently supports only two levels: 1 and 2. Future versions
* of LOMAC may support more levels. Architecture-specific code may
* assume that the LOWEST and HIGHEST constants defined below will
* always refer to the lowest and highest levels in the range. They
* may also provide support for only two levels for the time being.
* However, architecture-specific code should try to minimize any other
* assumptions about levels, in order to make it easier to increase
* the level range in the future.
*
*
* A NOTE ON CATEGORIES:
*
* The lattr_t structure's `flags' field is intended to be a bitfield
* which architecture-specific code can use to implement categories.
* The lomac_must_deny() function interprets the bits in the flags field
* as categories. A clear flags field means no categories.
*
* A NOTE ON MODES:
*
* LOMAC allows subjects to run in many modes, such as "never demote"
* or "no demote on IPC reads". Support for these modes is entirely
* the responsibility of the architecture-specific code, because the
* architecture-independent code doesn't know about operations like
* "read" or "read on an IPC object".
*
*************************************************************************/
typedef enum {
LOMAC_LOWEST_LEVEL = 1,
LOMAC_HIGHEST_LEVEL = 2
} level_t;
typedef struct {
level_t level; /* level (an integer range) */
unsigned int flags; /* category flags */
} lattr_t; /* lomac attribute structure type */
/* lomac_must_demote()
*
* in: actor - attributes of a subject that has or will perform an
* operation that may require LOMAC to demote it.
* target - attributes of the object that is or was the operand.
* out: nothing
* return: value condition
* ----- ---------
* 0 LOMAC should not demote the subject
* 1 LOMAC should demote the subject
*
* This function is a predicate which decides whether or not LOMAC should
* demote the subject with attributes `actor' after it performs an operation
* (probably some kind of a read operation) on the object with attributes
* `target'.
*
*/
static __inline int lomac_must_demote( const lattr_t *actor,
const lattr_t *target ) {
return( ( actor->level > target->level ) );
}
/* lomac_must_deny()
*
* in: actor - attributes of a subject that wants to perform some
* operation that requires LOMAC to make an allow/deny
* decision.
* target - attributes of the subject or object the above subject
* will operate upon.
* out: nothing
* return: value condition
* ----- ---------
* 0 LOMAC should allow the operation
* 1 LOMAC should deny the operation
*
* This function is a predicate which decides whether or not LOMAC should
* allow the subject with attributes `actor' to perform some operation
* (probably some kind of write or kill operation) on the subject or object
* with attributes `target'.
*
* The flags are two words: the low word is to be used for categories,
* and the high word is meant to hold implementation-dependent flags that
* are not category-related.
*
*/
static __inline int lomac_must_deny( const lattr_t *actor,
const lattr_t *target ) {
if( actor->level >= target->level ) {
return 0; /* allow */
}
if( target->flags & 0xffff ) {
if( ( actor->flags & target->flags & 0xffff ) ==
( target->flags & 0xffff ) ) {
return 0; /* allow */
}
}
return 1; /* deny */
}
#endif /* lomac.h */
sys/contrib/lomac/kernel_interface.c → sys/security/lomac/kernel_interface.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_interface.c,v 1.25 2001/10/25 21:21:59 tfraser Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/kernel_interface.h → sys/security/lomac/kernel_interface.h
+12 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,8 +31,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_interface.h,v 1.21 2001/10/15 17:58:32 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef KERNEL_INTERFACE_H
#define KERNEL_INTERFACE_H
sys/contrib/lomac/kernel_lkm.c → sys/security/lomac/kernel_lkm.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_lkm.c,v 1.26 2001/11/14 16:30:17 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/kernel_log.c → sys/security/lomac/kernel_log.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_log.c,v 1.12 2001/10/17 15:19:26 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/kernel_log.h → sys/security/lomac/kernel_log.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_log.h,v 1.5 2001/09/20 21:29:21 tfraser Exp $
* $Id$
* $FreeBSD$
*/
#ifndef _KERNEL_LOG_H_
sys/contrib/lomac/kernel_mediate.c → sys/security/lomac/kernel_mediate.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_mediate.c,v 1.9 2001/10/17 15:19:40 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
/*
sys/contrib/lomac/kernel_mediate.h → sys/security/lomac/kernel_mediate.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_mediate.h,v 1.5 2001/09/26 21:18:00 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef _KERNEL_MEDIATE_H_
sys/contrib/lomac/kernel_mmap.c → sys/security/lomac/kernel_mmap.c
+13 -17
View File
@@ -1,12 +1,13 @@
/*
* Copyright (c) 2001 Networks Associates Technology, Inc.
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* Copyright (c) 1988 University of Utah.
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* the Systems Programming Group of the University of Utah Computer
* Science Department.
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -16,18 +17,14 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@@ -36,11 +33,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$
*
* @(#)vm_mmap.c 8.4 (Berkeley) 1/12/94
* $FreeBSD$
* $Id: kernel_mmap.c,v 1.12 2001/10/17 15:34:29 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/kernel_monitor.c → sys/security/lomac/kernel_monitor.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_monitor.c,v 1.12 2001/10/16 15:25:02 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
/*
sys/contrib/lomac/kernel_monitor.h → sys/security/lomac/kernel_monitor.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_monitor.h,v 1.5 2001/09/26 23:00:44 tfraser Exp $
* $Id$
* $FreeBSD$
*/
#ifndef _LOMAC_MONITOR_H_
sys/contrib/lomac/kernel_pipe.c → sys/security/lomac/kernel_pipe.c
+34 -28
View File
@@ -1,35 +1,41 @@
/*************************************************************************
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* kernel_pipe.c
*
* LOMAC - Low Water-Mark Mandatory Access Control
* Copyright (c) 1999-2001 Networks Associates, Inc. All rights reserved.
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* Neither the name of NAI Labs, Inc. nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $FreeBSD$
*/
/*
* This file contains part of LOMAC's interface to the kernel. This
* part allows LOMAC to monitor (unnamed) pipe read and write
* operations by interposing control on the kernel's pipeops vector.
sys/security/lomac/kernel_pipe.h
+44
View File
@@ -0,0 +1,44 @@
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $FreeBSD$
*/
#ifndef _KERNEL_PIPE_H_
#define _KERNEL_PIPE_H_
int lomac_initialize_pipes( void );
int lomac_uninitialize_pipes( void );
#endif /* _KERNEL_PIPE_H_ */
sys/contrib/lomac/kernel_plm.c → sys/security/lomac/kernel_plm.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_plm.c,v 1.9 2001/10/17 15:20:09 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/kernel_plm.h → sys/security/lomac/kernel_plm.h
+12 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,8 +31,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_plm.h,v 1.4 2001/09/20 17:47:46 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef KERNEL_PLM_H
#define KERNEL_PLM_H
sys/contrib/lomac/kernel_socket.c → sys/security/lomac/kernel_socket.c
+34 -22
View File
@@ -1,30 +1,42 @@
/*
* LOMAC - Low Water-Mark Mandatory Access Control
* Copyright (c) 2001 Networks Associates Technology, Inc.
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* Copyright (c) 1982, 1986, 1989, 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* $Id: kernel_socket.c,v 1.9 2001/11/05 20:57:41 tfraser Exp $
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $FreeBSD$
*/
/*
* This file implements LOMAC controls over socket operations. LOMAC
* gains control of socket operations by interposing on the `struct
* pr_usrreqs' operations vectors of each `struct protosw'. This code
sys/security/lomac/kernel_socket.h
+45
View File
@@ -0,0 +1,45 @@
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
* $FreeBSD$
*/
#ifndef _KERNEL_SOCKET_H_
#define _KERNEL_SOCKET_H_
int lomac_initialize_sockets( void );
int lomac_uninitialize_sockets( void );
#endif /* _KERNEL_SOCKET_H_ */
sys/contrib/lomac/kernel_util.c → sys/security/lomac/kernel_util.c
+13 -4
View File
@@ -1,9 +1,14 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* All rights reserved.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* Copyright (c) 1982, 1986, 1989, 1991, 1993
* The Regents of the University of California. All rights reserved.
* (c) UNIX System Laboratories, Inc.
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* All or some portions of this file are derived from material licensed
* to the University of California by American Telephone and Telegraph
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
@@ -17,6 +22,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -30,7 +38,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_util.c,v 1.22 2001/11/15 20:51:13 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
@@ -61,7 +70,7 @@
#include "kernel_monitor.h"
#include "lomacfs.h"
#include "syscall_gate/syscall_gate.h"
#include "syscall_gate.h"
#define AS(name) (sizeof(struct name) / sizeof(register_t))
sys/contrib/lomac/kernel_util.h → sys/security/lomac/kernel_util.h
+12 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,8 +31,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: kernel_util.h,v 1.4 2001/11/14 16:30:17 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef KERNEL_UTIL_H
#define KERNEL_UTIL_H
sys/security/lomac/lomac.h
+114
View File
@@ -0,0 +1,114 @@
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef LOMAC_H_
#define LOMAC_H_
typedef enum {
LOMAC_LOWEST_LEVEL = 1,
LOMAC_HIGHEST_LEVEL = 2
} level_t;
typedef struct {
level_t level; /* level (an integer range) */
unsigned int flags; /* category flags */
} lattr_t; /* lomac attribute structure type */
/* lomac_must_demote()
*
* in: actor - attributes of a subject that has or will perform an
* operation that may require LOMAC to demote it.
* target - attributes of the object that is or was the operand.
* out: nothing
* return: value condition
* ----- ---------
* 0 LOMAC should not demote the subject
* 1 LOMAC should demote the subject
*
* This function is a predicate which decides whether or not LOMAC should
* demote the subject with attributes `actor' after it performs an operation
* (probably some kind of a read operation) on the object with attributes
* `target'.
*
*/
static __inline int
lomac_must_demote(const lattr_t *actor, const lattr_t *target) {
return (actor->level > target->level);
}
/* lomac_must_deny()
*
* in: actor - attributes of a subject that wants to perform some
* operation that requires LOMAC to make an allow/deny
* decision.
* target - attributes of the subject or object the above subject
* will operate upon.
* out: nothing
* return: value condition
* ----- ---------
* 0 LOMAC should allow the operation
* 1 LOMAC should deny the operation
*
* This function is a predicate which decides whether or not LOMAC should
* allow the subject with attributes `actor' to perform some operation
* (probably some kind of write or kill operation) on the subject or object
* with attributes `target'.
*
* The flags are two words: the low word is to be used for categories,
* and the high word is meant to hold implementation-dependent flags that
* are not category-related.
*
*/
static __inline int
lomac_must_deny(const lattr_t *actor, const lattr_t *target) {
if (actor->level >= target->level)
return 0; /* allow */
if (target->flags & 0xffff) {
if ((actor->flags & target->flags & 0xffff) ==
(target->flags & 0xffff)) {
return 0; /* allow */
}
}
return 1; /* deny */
}
#endif /* LOMAC_H */
sys/contrib/lomac/lomacfs.h → sys/security/lomac/lomacfs.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacfs.h,v 1.20 2001/10/17 15:34:29 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef LOMACFS_H
sys/contrib/lomac/lomacfs_subr.c → sys/security/lomac/lomacfs_subr.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacfs_subr.c,v 1.24 2001/11/05 20:57:41 tfraser Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/lomacfs_vfsops.c → sys/security/lomac/lomacfs_vfsops.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacfs_vfsops.c,v 1.16 2001/10/17 19:36:39 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/lomacfs_vnops.c → sys/security/lomac/lomacfs_vnops.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacfs_vnops.c,v 1.44 2001/11/15 20:52:54 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/lomacio.h → sys/security/lomac/lomacio.h
+12 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,8 +31,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: lomacio.h,v 1.4 2001/09/26 21:18:00 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef LOMACIO_H
#define LOMACIO_H
sys/contrib/lomac/policy_plm.h → sys/security/lomac/policy_plm.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: policy_plm.h,v 1.20 2001/11/15 20:55:05 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef LOMAC_PLM_H
sys/contrib/lomac/syscall_gate.c → sys/security/lomac/syscall_gate.c
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: syscall_gate.c,v 1.4 2001/11/05 21:23:12 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#include <sys/param.h>
sys/contrib/lomac/syscall_gate.h → sys/security/lomac/syscall_gate.h
+11 -2
View File
@@ -1,7 +1,12 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -10,6 +15,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +31,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: syscall_gate.h,v 1.2 2001/09/20 17:47:46 bfeldman Exp $
* $Id$
* $FreeBSD$
*/
#ifndef SYSCALL_GATE_H