Page MenuHomeFreeBSD
Differential D20295

Support for setting labels via veriexec
ClosedPublic
Actions

Authored by stevek on May 17 2019, 6:39 PM.
Tags
None
Referenced Files
F153732824: D20295.id57495.diff
Thu, Apr 23, 7:32 AM
Unknown Object (File)
Tue, Apr 21, 12:02 PM
Unknown Object (File)
Wed, Apr 15, 12:49 AM
Unknown Object (File)
Tue, Apr 14, 11:58 PM
Unknown Object (File)
Tue, Apr 7, 3:09 AM
Unknown Object (File)
Mon, Apr 6, 2:36 PM
Unknown Object (File)
Sat, Apr 4, 12:11 PM
Unknown Object (File)
Sat, Apr 4, 10:37 AM
View All Files
Subscribers
imp
jtl

Details

Reviewers
sjg
Commits
rS347942: Add a new ioctl for the larger params struct that includes the label.
Summary

Add a new ioctl for the larger params struct that includes the label.

We need to make the find_veriexec_file() function available publicly, so
rename it to mac_veriexec_metadata_find_file_info() and make it non-static.

Bump the version of the veriexec device interface so user space will know
the labelized version of fingerprint loading is available.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

stevek created this revision.May 17 2019, 6:39 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 17 2019, 6:39 PM
Harbormaster completed remote builds in B24286: Diff 57494.May 17 2019, 6:39 PM
stevek updated this revision to Diff 57495.EditedMay 17 2019, 6:56 PM

Return the size of the allocated space for the label, even if we copied in a smaller label.

Harbormaster completed remote builds in B24287: Diff 57495.May 17 2019, 6:56 PM
stevek edited the summary of this revision. (Show Details)May 17 2019, 6:57 PM
sjg accepted this revision.May 17 2019, 7:16 PM

Thanks!

This revision is now accepted and ready to land.May 17 2019, 7:16 PM
Closed by commit rS347942: Add a new ioctl for the larger params struct that includes the label. (authored by stevek). · Explain WhyMay 17 2019, 7:27 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
veriexec/
6 lines
21 lines
security/
mac_veriexec/
10 lines
7 lines
153 lines

Diff 57499

View Options

head/sys/dev/veriexec/veriexec_ioctl.h

Loading...
View Options

head/sys/dev/veriexec/verified_exec.c

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec.h

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec_internal.h

Loading...
View Options

head/sys/security/mac_veriexec/veriexec_metadata.c

Loading...