kern: security: Add initial support for MAC

This commit introduces initial support for mandatory access control. As
one may recall, L5 follows "everything is memory". In order to interact
with a resource, a process must request it from the kernel in the form
of a (sometimes) syncable memory buffer.

Each resource as well as processes have an access level, if a process
attempts to request a resource with a higher access level than it, the
request is rejected by the kernel. However, if a process has a greater
than or equal access level as a resource, the request can be granted.

Signed-off-by: Ian Moffett <ian@osmora.org>

1 files changed, 12 insertions, 2 deletions

diff --git a/src/sys/include/compat/unix/syscall.h b/src/sys/include/compat/unix/syscall.h
index daca2dc..a3e7257 100644
--- a/src/sys/include/compat/unix/syscall.h
+++ b/src/sys/include/compat/unix/syscall.h
@@ -35,11 +35,15 @@
 #include <sys/syscall.h>
 
 /*
- * Syscall numbers
+ * Default syscall numbers
+ *
+ * Defines marked as (mandatory) must be implemented
+ * between latches.
  */
 #define SYS_none    0x00
 #define SYS_exit    0x01
 #define SYS_write   0x02
+#define SYS_cross   0x03    /* cross a border (mandatory) */
 
 /*
  * Exit the current process - exit(2) syscall
@@ -51,11 +55,17 @@ scret_t sys_exit(struct syscall_args *scargs);
  */
 scret_t sys_write(struct syscall_args *scargs);
 
+/*
+ * Cross a resource border - L5 mandatory
+ */
+scret_t sys_cross(struct syscall_args *scargs);
+
 #ifdef _NEED_UNIX_SCTAB
 scret_t(*g_unix_sctab[])(struct syscall_args *) = {
     [SYS_none]   = NULL,
     [SYS_exit]   = sys_exit,
-    [SYS_write]  = sys_write
+    [SYS_write]  = sys_write,
+    [SYS_cross]  = sys_cross
 };
 
 #endif  /* !_NEED_UNIX_SCTAB */