Page MenuHomeFreeBSD
Differential D20295

Support for setting labels via veriexec
ClosedPublic
Actions

Authored by stevek on May 17 2019, 6:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 1:47 PM
Unknown Object (File)
Sun, Sep 28, 2:04 PM
Unknown Object (File)
Sat, Sep 27, 8:01 PM
Unknown Object (File)
Sep 15 2025, 2:40 PM
Unknown Object (File)
Sep 15 2025, 2:32 PM
Unknown Object (File)
Sep 15 2025, 2:23 PM
Unknown Object (File)
Sep 15 2025, 2:21 PM
Unknown Object (File)
Sep 15 2025, 2:07 PM
View All 99 Files
Subscribers
imp
jtl

Details

Reviewers
sjg
Commits
rS347942: Add a new ioctl for the larger params struct that includes the label.
Summary

Add a new ioctl for the larger params struct that includes the label.

We need to make the find_veriexec_file() function available publicly, so
rename it to mac_veriexec_metadata_find_file_info() and make it non-static.

Bump the version of the veriexec device interface so user space will know
the labelized version of fingerprint loading is available.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

stevek created this revision.May 17 2019, 6:39 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 17 2019, 6:39 PM
Harbormaster completed remote builds in B24286: Diff 57494.May 17 2019, 6:39 PM
stevek updated this revision to Diff 57495.EditedMay 17 2019, 6:56 PM

Return the size of the allocated space for the label, even if we copied in a smaller label.

Harbormaster completed remote builds in B24287: Diff 57495.May 17 2019, 6:56 PM
stevek edited the summary of this revision. (Show Details)May 17 2019, 6:57 PM
sjg accepted this revision.May 17 2019, 7:16 PM

Thanks!

This revision is now accepted and ready to land.May 17 2019, 7:16 PM
Closed by commit rS347942: Add a new ioctl for the larger params struct that includes the label. (authored by stevek). · Explain WhyMay 17 2019, 7:27 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
veriexec/
6 lines
21 lines
security/
mac_veriexec/
10 lines
7 lines
153 lines

Diff 57499

View Options

head/sys/dev/veriexec/veriexec_ioctl.h

Loading...
View Options

head/sys/dev/veriexec/verified_exec.c

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec.h

Loading...
View Options

head/sys/security/mac_veriexec/mac_veriexec_internal.h

Loading...
View Options

head/sys/security/mac_veriexec/veriexec_metadata.c

Loading...