Add mac_grantbylabel

This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D41431

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

veriexec: Add SPDX-License-Identifier

veriexec: fix use of getopt

getopt(3) returns int type not char. Using char triggers the
-Wtautological-constant-out-of-range-compare warning with clang.
Change the type of the variable used for holding the return value
of getopt(3) to int to match the prototype and eliminate the warning.

MFC after: 1 week

veriexec(4): Fix a compiler error

When building WITH_BEARSSL=1 veriexec(4) failes to compile.
So update the function prototype so that veriexec(4)
compiles again.

Reported by: gbe
Reviewed by: mjg, gbe
Approved by: mjg
Pull Request: https://github.com/freebsd/freebsd-src/pull/657

Add -S option to veriexec

During software installation, use veriexec -S to strictly
enforce certificate validity checks (notBefore, notAfter).

Otherwise ignore certificate validity period.
It is generally unacceptible for the Internet to stop working
just because someone did not upgrade their infrastructure for a decade.

Sponsored by: Juniper Networks, Inc.

Reviewed by: sebastien.bini_stormshield.eu
Differential Revision: https://reviews.freebsd.org/D35758

Improve parameters handling in veriexec

Provide more robust parameter parsing in veriexec. Do a little cleanup as well.

Differential revision: https://reviews.freebsd.org/D33246
Obtained from: Semihalf
Reviewed by: sjg, sebastien.bini_stormshield.eu

veriexec: Fix veriexec -i's confusion between loaded and locked states

Calling veriexec -i locked return the state of loaded and vice-versa.

Differential revision: https://reviews.freebsd.org/D30952
Reviewed by: sjg,imp
Obtained from: Stromshield

sbin/veriexec: fixed parameter parsing of option -x

The -x parameter doesn't take any arguments. It says that all further
arguments are paths to check.

Reviewed by: imp@
Sponsored by: Netflix
Pull Request: https://github.com/freebsd/freebsd-src/pull/443/files

Add verifying manifest loader for mac_veriexec

This tool will verify a signed manifest and load contents into
mac_veriexec for storage

Sponsored by: Juniper Networks
Differential Revision: D16575