1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 116701 2003-06-23 01:26:34Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Low-watermark floating label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> 43#include <sys/param.h> 44#include <sys/acl.h> 45#include <sys/conf.h> 46#include <sys/extattr.h> 47#include <sys/kernel.h> 48#include <sys/mac.h> 49#include <sys/malloc.h> 50#include <sys/mount.h> 51#include <sys/proc.h> |
52#include <sys/sbuf.h> |
53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/systm.h> 57#include <sys/vnode.h> 58#include <sys/file.h> 59#include <sys/socket.h> 60#include <sys/socketvar.h> --- 418 unchanged lines hidden (view full) --- 479 if (source->ml_flags & MAC_LOMAC_FLAG_SINGLE) 480 mac_lomac_copy_single(source, dest); 481 if (source->ml_flags & MAC_LOMAC_FLAG_AUX) 482 mac_lomac_copy_auxsingle(source, dest); 483 if (source->ml_flags & MAC_LOMAC_FLAG_RANGE) 484 mac_lomac_copy_range(source, dest); 485} 486 |
487static int mac_lomac_to_string(struct sbuf *sb, 488 struct mac_lomac *mac_lomac); |
489 490static int 491maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, 492 const char *actionname, const char *objname, struct vnode *vpq) 493{ |
494 struct sbuf subjlabel_sb, subjtext_sb, objlabel_sb; 495 char *subjlabeltext, *objlabeltext, *subjtext; 496 struct mac_lomac cached_subjlabel; 497 struct mac_lomac_proc *subj; |
498 struct vattr va; |
499 struct proc *p; |
500 pid_t pgid; 501 |
502 subj = PSLOT(&curthread->td_proc->p_label); 503 |
504 p = curthread->td_proc; 505 mtx_lock(&subj->mtx); 506 if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { 507 /* 508 * Check to see if the pending demotion would be more or 509 * less severe than this one, and keep the more severe. 510 * This can only happen for a multi-threaded application. 511 */ --- 17 unchanged lines hidden (view full) --- 529 &subj->mac_lomac.ml_rangelow)) 530 subj->mac_lomac.ml_rangelow = objlabel->ml_single; 531 subj->mac_lomac.ml_rangehigh = objlabel->ml_single; 532 subj->mac_lomac.ml_flags |= MAC_LOMAC_FLAG_UPDATE; 533 mtx_lock_spin(&sched_lock); 534 curthread->td_flags |= TDF_ASTPENDING; 535 curthread->td_proc->p_sflag |= PS_MACPEND; 536 mtx_unlock_spin(&sched_lock); |
537 538 /* 539 * Avoid memory allocation while holding a mutex; cache the 540 * label. 541 */ 542 mac_lomac_copy_single(&subj->mac_lomac, &cached_subjlabel); |
543 mtx_unlock(&subj->mtx); |
544 545 sbuf_new(&subjlabel_sb, NULL, 0, SBUF_AUTOEXTEND); 546 mac_lomac_to_string(&subjlabel_sb, subjlabel); 547 sbuf_finish(&subjlabel_sb); 548 subjlabeltext = sbuf_data(&subjlabel_sb); 549 550 sbuf_new(&subjtext_sb, NULL, 0, SBUF_AUTOEXTEND); 551 mac_lomac_to_string(&subjtext_sb, &subj->mac_lomac); 552 sbuf_finish(&subjtext_sb); 553 subjtext = sbuf_data(&subjtext_sb); 554 555 sbuf_new(&objlabel_sb, NULL, 0, SBUF_AUTOEXTEND); 556 mac_lomac_to_string(&objlabel_sb, objlabel); 557 sbuf_finish(&objlabel_sb); 558 objlabeltext = sbuf_data(&objlabel_sb); 559 |
560 pgid = p->p_pgrp->pg_id; /* XXX could be stale? */ 561 if (vpq != NULL && VOP_GETATTR(vpq, &va, curthread->td_ucred, 562 curthread) == 0) { 563 log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" 564 " level %s after %s a level-%s %s (inode=%ld, " 565 "mountpount=%s)\n", 566 subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, 567 p->p_comm, subjtext, actionname, objlabeltext, objname, 568 va.va_fileid, vpq->v_mount->mnt_stat.f_mntonname); 569 } else { 570 log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" 571 " level %s after %s a level-%s %s\n", 572 subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, 573 p->p_comm, subjtext, actionname, objlabeltext, objname); 574 } |
575 576 sbuf_delete(&subjlabel_sb); 577 sbuf_delete(&subjtext_sb); 578 sbuf_delete(&objlabel_sb); |
579 |
580 return (0); 581} 582 583/* 584 * Relabel "to" to "from" only if "from" is a valid label (contains 585 * at least a single), as for a relabel operation which may or may 586 * not involve a relevant label. 587 */ --- 64 unchanged lines hidden (view full) --- 652mac_lomac_destroy_proc_label(struct label *label) 653{ 654 655 mtx_destroy(&PSLOT(label)->mtx); 656 FREE(PSLOT(label), M_MACLOMAC); 657 PSLOT(label) = NULL; 658} 659 |
660static int 661mac_lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element) |
662{ 663 664 switch (element->mle_type) { 665 case MAC_LOMAC_TYPE_HIGH: |
666 return (sbuf_printf(sb, "high")); |
667 668 case MAC_LOMAC_TYPE_LOW: |
669 return (sbuf_printf(sb, "low")); |
670 671 case MAC_LOMAC_TYPE_EQUAL: |
672 return (sbuf_printf(sb, "equal")); |
673 674 case MAC_LOMAC_TYPE_GRADE: |
675 return (sbuf_printf(sb, "%d", element->mle_grade)); |
676 677 default: 678 panic("mac_lomac_element_to_string: invalid type (%d)", 679 element->mle_type); 680 } 681} 682 683static int |
684mac_lomac_to_string(struct sbuf *sb, struct mac_lomac *mac_lomac) |
685{ |
686 |
687 if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) { |
688 if (mac_lomac_element_to_string(sb, &mac_lomac->ml_single) 689 == -1) 690 return (EINVAL); |
691 } 692 693 if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX) { |
694 if (sbuf_putc(sb, '[') == -1) 695 return (EINVAL); |
696 |
697 if (mac_lomac_element_to_string(sb, &mac_lomac->ml_auxsingle) 698 == -1) 699 return (EINVAL); |
700 |
701 if (sbuf_putc(sb, ']') == -1) 702 return (EINVAL); |
703 } 704 705 if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) { |
706 if (sbuf_putc(sb, '(') == -1) 707 return (EINVAL); |
708 |
709 if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangelow) 710 == -1) 711 return (EINVAL); |
712 |
713 if (sbuf_putc(sb, '-') == -1) 714 return (EINVAL); |
715 |
716 if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangehigh) 717 == -1) 718 return (EINVAL); |
719 |
720 if (sbuf_putc(sb, '-') == -1) 721 return (EINVAL); |
722 } |
723 |
724 return (0); 725} 726 727static int 728mac_lomac_externalize_label(struct label *label, char *element_name, |
729 struct sbuf *sb, int *claimed) |
730{ 731 struct mac_lomac *mac_lomac; |
732 733 if (strcmp(MAC_LOMAC_LABEL_NAME, element_name) != 0) 734 return (0); 735 736 (*claimed)++; 737 738 mac_lomac = SLOT(label); |
739 |
740 return (mac_lomac_to_string(sb, mac_lomac)); |
741} 742 743static int 744mac_lomac_parse_element(struct mac_lomac_element *element, char *string) 745{ 746 747 if (strcmp(string, "high") == 0 || 748 strcmp(string, "hi") == 0) { --- 1949 unchanged lines hidden --- |