d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Perform explicit label type checks for externalize entry points, rather than

Browse Source 
a generic initialized test.

Obtained from:	TrustedBSD Project
This commit is contained in:
rwatson 2007-10-28 14:28:33 +00:00
parent 3bce611192
commit 5b4c0a83ff
1 changed files with 70 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
sys/security/mac_test/mac_test.c
View File

@ -568,14 +568,74 @@ test_vnode_copy_label(struct label *src, struct label *dest)
COUNTER_INC(vnode_copy_label);
}
COUNTER_DECL(externalize_label);
COUNTER_DECL(cred_externalize_label);
static int
test_externalize_label(struct label *label, char *element_name,
test_cred_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_NOTFREE(label);
COUNTER_INC(externalize_label);
LABEL_CHECK(label, MAGIC_CRED);
COUNTER_INC(cred_externalize_label);
return (0);
}
COUNTER_DECL(ifnet_externalize_label);
static int
test_ifnet_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_CHECK(label, MAGIC_IFNET);
COUNTER_INC(ifnet_externalize_label);
return (0);
}
COUNTER_DECL(pipe_externalize_label);
static int
test_pipe_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_CHECK(label, MAGIC_PIPE);
COUNTER_INC(pipe_externalize_label);
return (0);
}
COUNTER_DECL(socket_externalize_label);
static int
test_socket_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_CHECK(label, MAGIC_SOCKET);
COUNTER_INC(socket_externalize_label);
return (0);
}
COUNTER_DECL(socketpeer_externalize_label);
static int
test_socketpeer_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_CHECK(label, MAGIC_SOCKET);
COUNTER_INC(socketpeer_externalize_label);
return (0);
}
COUNTER_DECL(vnode_externalize_label);
static int
test_vnode_externalize_label(struct label *label, char *element_name,
struct sbuf *sb, int *claimed)
{
LABEL_CHECK(label, MAGIC_VNODE);
COUNTER_INC(vnode_externalize_label);
return (0);
}
@ -2584,12 +2644,12 @@ static struct mac_policy_ops test_ops =
.mpo_pipe_copy_label = test_pipe_copy_label,
.mpo_socket_copy_label = test_socket_copy_label,
.mpo_vnode_copy_label = test_vnode_copy_label,
.mpo_cred_externalize_label = test_externalize_label,
.mpo_ifnet_externalize_label = test_externalize_label,
.mpo_pipe_externalize_label = test_externalize_label,
.mpo_socket_externalize_label = test_externalize_label,
.mpo_socketpeer_externalize_label = test_externalize_label,
.mpo_vnode_externalize_label = test_externalize_label,
.mpo_cred_externalize_label = test_cred_externalize_label,
.mpo_ifnet_externalize_label = test_ifnet_externalize_label,
.mpo_pipe_externalize_label = test_pipe_externalize_label,
.mpo_socket_externalize_label = test_socket_externalize_label,
.mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
.mpo_vnode_externalize_label = test_vnode_externalize_label,
.mpo_cred_internalize_label = test_internalize_label,
.mpo_ifnet_internalize_label = test_internalize_label,
.mpo_pipe_internalize_label = test_internalize_label,