Page MenuHomeFreeBSD
Differential D20295

Support for setting labels via veriexec
ClosedPublic
Actions

Authored by stevek on May 17 2019, 6:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 8, 5:35 AM
Unknown Object (File)
Sun, Feb 8, 2:27 AM
Unknown Object (File)
Sat, Feb 7, 7:36 PM
Unknown Object (File)
Sat, Jan 31, 4:34 AM
Unknown Object (File)
Dec 10 2025, 1:32 PM
Unknown Object (File)
Dec 10 2025, 1:08 PM
Unknown Object (File)
Nov 29 2025, 8:59 AM
Unknown Object (File)
Nov 29 2025, 1:23 AM
View All Files
Subscribers
imp
jtl

Details

Reviewers
sjg
Commits
rS347942: Add a new ioctl for the larger params struct that includes the label.
Summary

Add a new ioctl for the larger params struct that includes the label.

We need to make the find_veriexec_file() function available publicly, so
rename it to mac_veriexec_metadata_find_file_info() and make it non-static.

Bump the version of the veriexec device interface so user space will know
the labelized version of fingerprint loading is available.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

stevek created this revision.May 17 2019, 6:39 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 17 2019, 6:39 PM
Harbormaster completed remote builds in B24286: Diff 57494.May 17 2019, 6:39 PM
stevek updated this revision to Diff 57495.EditedMay 17 2019, 6:56 PM

Return the size of the allocated space for the label, even if we copied in a smaller label.

Harbormaster completed remote builds in B24287: Diff 57495.May 17 2019, 6:56 PM
stevek edited the summary of this revision. (Show Details)May 17 2019, 6:57 PM
sjg accepted this revision.May 17 2019, 7:16 PM

Thanks!

This revision is now accepted and ready to land.May 17 2019, 7:16 PM
Closed by commit rS347942: Add a new ioctl for the larger params struct that includes the label. (authored by stevek). · Explain WhyMay 17 2019, 7:27 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
veriexec/
6 lines
21 lines
security/
mac_veriexec/
10 lines
7 lines
153 lines

Diff 57499

View Options

head/sys/dev/veriexec/veriexec_ioctl.h

Loading...
View Options

head/sys/dev/veriexec/verified_exec.c

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec.h

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec_internal.h

Loading...
View Options

head/sys/security/mac_veriexec/veriexec_metadata.c

Loading...