From 06a50d7eca47eb6b3becf34b26caa0235cc5d07e Mon Sep 17 00:00:00 2001 From: Ian Moffett Date: Tue, 23 Sep 2025 16:30:15 -0400 Subject: kern: security: Add initial support for MAC This commit introduces initial support for mandatory access control. As one may recall, L5 follows "everything is memory". In order to interact with a resource, a process must request it from the kernel in the form of a (sometimes) syncable memory buffer. Each resource as well as processes have an access level, if a process attempts to request a resource with a higher access level than it, the request is rejected by the kernel. However, if a process has a greater than or equal access level as a resource, the request can be granted. Signed-off-by: Ian Moffett --- src/sys/include/compat/unix/syscall.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src/sys/include/compat/unix') diff --git a/src/sys/include/compat/unix/syscall.h b/src/sys/include/compat/unix/syscall.h index daca2dc..a3e7257 100644 --- a/src/sys/include/compat/unix/syscall.h +++ b/src/sys/include/compat/unix/syscall.h @@ -35,11 +35,15 @@ #include /* - * Syscall numbers + * Default syscall numbers + * + * Defines marked as (mandatory) must be implemented + * between latches. */ #define SYS_none 0x00 #define SYS_exit 0x01 #define SYS_write 0x02 +#define SYS_cross 0x03 /* cross a border (mandatory) */ /* * Exit the current process - exit(2) syscall @@ -51,11 +55,17 @@ scret_t sys_exit(struct syscall_args *scargs); */ scret_t sys_write(struct syscall_args *scargs); +/* + * Cross a resource border - L5 mandatory + */ +scret_t sys_cross(struct syscall_args *scargs); + #ifdef _NEED_UNIX_SCTAB scret_t(*g_unix_sctab[])(struct syscall_args *) = { [SYS_none] = NULL, [SYS_exit] = sys_exit, - [SYS_write] = sys_write + [SYS_write] = sys_write, + [SYS_cross] = sys_cross }; #endif /* !_NEED_UNIX_SCTAB */ -- cgit v1.2.3