| mac_mls.c (131025) | mac_mls.c (132232) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 131025 2004-06-24 03:34:46Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 132232 2004-07-16 02:03:50Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * MLS fixed label mandatory confidentiality policy. 40 */ 41 42#include <sys/types.h> --- 168 unchanged lines hidden (view full) --- 211 212 return (mac_mls_dominate_element(&rangeb->mm_rangehigh, 213 &rangea->mm_rangehigh) && 214 mac_mls_dominate_element(&rangea->mm_rangelow, 215 &rangeb->mm_rangelow)); 216} 217 218static int | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * MLS fixed label mandatory confidentiality policy. 40 */ 41 42#include <sys/types.h> --- 168 unchanged lines hidden (view full) --- 211 212 return (mac_mls_dominate_element(&rangeb->mm_rangehigh, 213 &rangea->mm_rangehigh) && 214 mac_mls_dominate_element(&rangea->mm_rangelow, 215 &rangeb->mm_rangelow)); 216} 217 218static int |
| 219mac_mls_single_in_range(struct mac_mls *single, struct mac_mls *range) | 219mac_mls_effective_in_range(struct mac_mls *effective, struct mac_mls *range) |
| 220{ 221 | 220{ 221 |
| 222 KASSERT((single->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 223 ("mac_mls_single_in_range: a not single")); | 222 KASSERT((effective->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 223 ("mac_mls_effective_in_range: a not effective")); |
| 224 KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, | 224 KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, |
| 225 ("mac_mls_single_in_range: b not range")); | 225 ("mac_mls_effective_in_range: b not range")); |
| 226 227 return (mac_mls_dominate_element(&range->mm_rangehigh, | 226 227 return (mac_mls_dominate_element(&range->mm_rangehigh, |
| 228 &single->mm_single) && 229 mac_mls_dominate_element(&single->mm_single, | 228 &effective->mm_effective) && 229 mac_mls_dominate_element(&effective->mm_effective, |
| 230 &range->mm_rangelow)); 231 232 return (1); 233} 234 235static int | 230 &range->mm_rangelow)); 231 232 return (1); 233} 234 235static int |
| 236mac_mls_dominate_single(struct mac_mls *a, struct mac_mls *b) | 236mac_mls_dominate_effective(struct mac_mls *a, struct mac_mls *b) |
| 237{ | 237{ |
| 238 KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 239 ("mac_mls_dominate_single: a not single")); 240 KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 241 ("mac_mls_dominate_single: b not single")); | 238 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 239 ("mac_mls_dominate_effective: a not effective")); 240 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 241 ("mac_mls_dominate_effective: b not effective")); |
| 242 | 242 |
| 243 return (mac_mls_dominate_element(&a->mm_single, &b->mm_single)); | 243 return (mac_mls_dominate_element(&a->mm_effective, &b->mm_effective)); |
| 244} 245 246static int 247mac_mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) 248{ 249 250 if (a->mme_type == MAC_MLS_TYPE_EQUAL || 251 b->mme_type == MAC_MLS_TYPE_EQUAL) 252 return (1); 253 254 return (a->mme_type == b->mme_type && a->mme_level == b->mme_level); 255} 256 257static int | 244} 245 246static int 247mac_mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) 248{ 249 250 if (a->mme_type == MAC_MLS_TYPE_EQUAL || 251 b->mme_type == MAC_MLS_TYPE_EQUAL) 252 return (1); 253 254 return (a->mme_type == b->mme_type && a->mme_level == b->mme_level); 255} 256 257static int |
| 258mac_mls_equal_single(struct mac_mls *a, struct mac_mls *b) | 258mac_mls_equal_effective(struct mac_mls *a, struct mac_mls *b) |
| 259{ 260 | 259{ 260 |
| 261 KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 262 ("mac_mls_equal_single: a not single")); 263 KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 264 ("mac_mls_equal_single: b not single")); | 261 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 262 ("mac_mls_equal_effective: a not effective")); 263 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 264 ("mac_mls_equal_effective: b not effective")); |
| 265 | 265 |
| 266 return (mac_mls_equal_element(&a->mm_single, &b->mm_single)); | 266 return (mac_mls_equal_element(&a->mm_effective, &b->mm_effective)); |
| 267} 268 269static int 270mac_mls_contains_equal(struct mac_mls *mac_mls) 271{ 272 | 267} 268 269static int 270mac_mls_contains_equal(struct mac_mls *mac_mls) 271{ 272 |
| 273 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) 274 if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) | 273 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) 274 if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) |
| 275 return (1); 276 277 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 278 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL) 279 return (1); 280 if (mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 281 return (1); 282 } --- 4 unchanged lines hidden (view full) --- 287static int 288mac_mls_subject_privileged(struct mac_mls *mac_mls) 289{ 290 291 KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == 292 MAC_MLS_FLAGS_BOTH, 293 ("mac_mls_subject_privileged: subject doesn't have both labels")); 294 | 275 return (1); 276 277 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 278 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL) 279 return (1); 280 if (mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 281 return (1); 282 } --- 4 unchanged lines hidden (view full) --- 287static int 288mac_mls_subject_privileged(struct mac_mls *mac_mls) 289{ 290 291 KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == 292 MAC_MLS_FLAGS_BOTH, 293 ("mac_mls_subject_privileged: subject doesn't have both labels")); 294 |
| 295 /* If the single is EQUAL, it's ok. */ 296 if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) | 295 /* If the effective is EQUAL, it's ok. */ 296 if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) |
| 297 return (0); 298 299 /* If either range endpoint is EQUAL, it's ok. */ 300 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL || 301 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 302 return (0); 303 304 /* If the range is low-high, it's ok. */ --- 4 unchanged lines hidden (view full) --- 309 /* It's not ok. */ 310 return (EPERM); 311} 312 313static int 314mac_mls_valid(struct mac_mls *mac_mls) 315{ 316 | 297 return (0); 298 299 /* If either range endpoint is EQUAL, it's ok. */ 300 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL || 301 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 302 return (0); 303 304 /* If the range is low-high, it's ok. */ --- 4 unchanged lines hidden (view full) --- 309 /* It's not ok. */ 310 return (EPERM); 311} 312 313static int 314mac_mls_valid(struct mac_mls *mac_mls) 315{ 316 |
| 317 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { 318 switch (mac_mls->mm_single.mme_type) { | 317 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 318 switch (mac_mls->mm_effective.mme_type) { |
| 319 case MAC_MLS_TYPE_LEVEL: 320 break; 321 322 case MAC_MLS_TYPE_EQUAL: 323 case MAC_MLS_TYPE_HIGH: 324 case MAC_MLS_TYPE_LOW: | 319 case MAC_MLS_TYPE_LEVEL: 320 break; 321 322 case MAC_MLS_TYPE_EQUAL: 323 case MAC_MLS_TYPE_HIGH: 324 case MAC_MLS_TYPE_LOW: |
| 325 if (mac_mls->mm_single.mme_level != 0 || | 325 if (mac_mls->mm_effective.mme_level != 0 || |
| 326 !MAC_MLS_BIT_SET_EMPTY( | 326 !MAC_MLS_BIT_SET_EMPTY( |
| 327 mac_mls->mm_single.mme_compartments)) | 327 mac_mls->mm_effective.mme_compartments)) |
| 328 return (EINVAL); 329 break; 330 331 default: 332 return (EINVAL); 333 } 334 } else { | 328 return (EINVAL); 329 break; 330 331 default: 332 return (EINVAL); 333 } 334 } else { |
| 335 if (mac_mls->mm_single.mme_type != MAC_MLS_TYPE_UNDEF) | 335 if (mac_mls->mm_effective.mme_type != MAC_MLS_TYPE_UNDEF) |
| 336 return (EINVAL); 337 } 338 339 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 340 switch (mac_mls->mm_rangelow.mme_type) { 341 case MAC_MLS_TYPE_LEVEL: 342 break; 343 --- 55 unchanged lines hidden (view full) --- 399 if (compartmentshigh != NULL) 400 memcpy(mac_mls->mm_rangehigh.mme_compartments, 401 compartmentshigh, 402 sizeof(mac_mls->mm_rangehigh.mme_compartments)); 403 mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; 404} 405 406static void | 336 return (EINVAL); 337 } 338 339 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 340 switch (mac_mls->mm_rangelow.mme_type) { 341 case MAC_MLS_TYPE_LEVEL: 342 break; 343 --- 55 unchanged lines hidden (view full) --- 399 if (compartmentshigh != NULL) 400 memcpy(mac_mls->mm_rangehigh.mme_compartments, 401 compartmentshigh, 402 sizeof(mac_mls->mm_rangehigh.mme_compartments)); 403 mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; 404} 405 406static void |
| 407mac_mls_set_single(struct mac_mls *mac_mls, u_short type, u_short level, | 407mac_mls_set_effective(struct mac_mls *mac_mls, u_short type, u_short level, |
| 408 u_char *compartments) 409{ 410 | 408 u_char *compartments) 409{ 410 |
| 411 mac_mls->mm_single.mme_type = type; 412 mac_mls->mm_single.mme_level = level; | 411 mac_mls->mm_effective.mme_type = type; 412 mac_mls->mm_effective.mme_level = level; |
| 413 if (compartments != NULL) | 413 if (compartments != NULL) |
| 414 memcpy(mac_mls->mm_single.mme_compartments, compartments, 415 sizeof(mac_mls->mm_single.mme_compartments)); 416 mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; | 414 memcpy(mac_mls->mm_effective.mme_compartments, compartments, 415 sizeof(mac_mls->mm_effective.mme_compartments)); 416 mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; |
| 417} 418 419static void 420mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) 421{ 422 423 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_RANGE) != 0, 424 ("mac_mls_copy_range: labelfrom not range")); 425 426 labelto->mm_rangelow = labelfrom->mm_rangelow; 427 labelto->mm_rangehigh = labelfrom->mm_rangehigh; 428 labelto->mm_flags |= MAC_MLS_FLAG_RANGE; 429} 430 431static void | 417} 418 419static void 420mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) 421{ 422 423 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_RANGE) != 0, 424 ("mac_mls_copy_range: labelfrom not range")); 425 426 labelto->mm_rangelow = labelfrom->mm_rangelow; 427 labelto->mm_rangehigh = labelfrom->mm_rangehigh; 428 labelto->mm_flags |= MAC_MLS_FLAG_RANGE; 429} 430 431static void |
| 432mac_mls_copy_single(struct mac_mls *labelfrom, struct mac_mls *labelto) | 432mac_mls_copy_effective(struct mac_mls *labelfrom, struct mac_mls *labelto) |
| 433{ 434 | 433{ 434 |
| 435 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 436 ("mac_mls_copy_single: labelfrom not single")); | 435 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, 436 ("mac_mls_copy_effective: labelfrom not effective")); |
| 437 | 437 |
| 438 labelto->mm_single = labelfrom->mm_single; 439 labelto->mm_flags |= MAC_MLS_FLAG_SINGLE; | 438 labelto->mm_effective = labelfrom->mm_effective; 439 labelto->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; |
| 440} 441 442static void 443mac_mls_copy(struct mac_mls *source, struct mac_mls *dest) 444{ 445 | 440} 441 442static void 443mac_mls_copy(struct mac_mls *source, struct mac_mls *dest) 444{ 445 |
| 446 if (source->mm_flags & MAC_MLS_FLAG_SINGLE) 447 mac_mls_copy_single(source, dest); | 446 if (source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) 447 mac_mls_copy_effective(source, dest); |
| 448 if (source->mm_flags & MAC_MLS_FLAG_RANGE) 449 mac_mls_copy_range(source, dest); 450} 451 452/* 453 * Policy module operations. 454 */ 455static void --- 86 unchanged lines hidden (view full) --- 542 * if there isn't room in the sbuf. Note: the sbuf will be modified 543 * even in a failure case, so the caller may need to revert the sbuf 544 * by restoring the offset if that's undesired. 545 */ 546static int 547mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls) 548{ 549 | 448 if (source->mm_flags & MAC_MLS_FLAG_RANGE) 449 mac_mls_copy_range(source, dest); 450} 451 452/* 453 * Policy module operations. 454 */ 455static void --- 86 unchanged lines hidden (view full) --- 542 * if there isn't room in the sbuf. Note: the sbuf will be modified 543 * even in a failure case, so the caller may need to revert the sbuf 544 * by restoring the offset if that's undesired. 545 */ 546static int 547mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls) 548{ 549 |
| 550 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { 551 if (mac_mls_element_to_string(sb, &mac_mls->mm_single) | 550 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 551 if (mac_mls_element_to_string(sb, &mac_mls->mm_effective) |
| 552 == -1) 553 return (EINVAL); 554 } 555 556 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 557 if (sbuf_putc(sb, '(') == -1) 558 return (EINVAL); 559 --- 88 unchanged lines hidden (view full) --- 648 649/* 650 * Note: destructively consumes the string, make a local copy before 651 * calling if that's a problem. 652 */ 653static int 654mac_mls_parse(struct mac_mls *mac_mls, char *string) 655{ | 552 == -1) 553 return (EINVAL); 554 } 555 556 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 557 if (sbuf_putc(sb, '(') == -1) 558 return (EINVAL); 559 --- 88 unchanged lines hidden (view full) --- 648 649/* 650 * Note: destructively consumes the string, make a local copy before 651 * calling if that's a problem. 652 */ 653static int 654mac_mls_parse(struct mac_mls *mac_mls, char *string) 655{ |
| 656 char *rangehigh, *rangelow, *single; | 656 char *rangehigh, *rangelow, *effective; |
| 657 int error; 658 | 657 int error; 658 |
| 659 single = strsep(&string, "("); 660 if (*single == '\0') 661 single = NULL; | 659 effective = strsep(&string, "("); 660 if (*effective == '\0') 661 effective = NULL; |
| 662 663 if (string != NULL) { 664 rangelow = strsep(&string, "-"); 665 if (string == NULL) 666 return (EINVAL); 667 rangehigh = strsep(&string, ")"); 668 if (string == NULL) 669 return (EINVAL); --- 4 unchanged lines hidden (view full) --- 674 rangehigh = NULL; 675 } 676 677 KASSERT((rangelow != NULL && rangehigh != NULL) || 678 (rangelow == NULL && rangehigh == NULL), 679 ("mac_mls_parse: range mismatch")); 680 681 bzero(mac_mls, sizeof(*mac_mls)); | 662 663 if (string != NULL) { 664 rangelow = strsep(&string, "-"); 665 if (string == NULL) 666 return (EINVAL); 667 rangehigh = strsep(&string, ")"); 668 if (string == NULL) 669 return (EINVAL); --- 4 unchanged lines hidden (view full) --- 674 rangehigh = NULL; 675 } 676 677 KASSERT((rangelow != NULL && rangehigh != NULL) || 678 (rangelow == NULL && rangehigh == NULL), 679 ("mac_mls_parse: range mismatch")); 680 681 bzero(mac_mls, sizeof(*mac_mls)); |
| 682 if (single != NULL) { 683 error = mac_mls_parse_element(&mac_mls->mm_single, single); | 682 if (effective != NULL) { 683 error = mac_mls_parse_element(&mac_mls->mm_effective, effective); |
| 684 if (error) 685 return (error); | 684 if (error) 685 return (error); |
| 686 mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; | 686 mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; |
| 687 } 688 689 if (rangelow != NULL) { 690 error = mac_mls_parse_element(&mac_mls->mm_rangelow, 691 rangelow); 692 if (error) 693 return (error); 694 error = mac_mls_parse_element(&mac_mls->mm_rangehigh, --- 60 unchanged lines hidden (view full) --- 755 strcmp(dev->si_name, "mem") == 0) 756 mls_type = MAC_MLS_TYPE_HIGH; 757 else if (ptys_equal && 758 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 759 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 760 mls_type = MAC_MLS_TYPE_EQUAL; 761 else 762 mls_type = MAC_MLS_TYPE_LOW; | 687 } 688 689 if (rangelow != NULL) { 690 error = mac_mls_parse_element(&mac_mls->mm_rangelow, 691 rangelow); 692 if (error) 693 return (error); 694 error = mac_mls_parse_element(&mac_mls->mm_rangehigh, --- 60 unchanged lines hidden (view full) --- 755 strcmp(dev->si_name, "mem") == 0) 756 mls_type = MAC_MLS_TYPE_HIGH; 757 else if (ptys_equal && 758 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 759 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 760 mls_type = MAC_MLS_TYPE_EQUAL; 761 else 762 mls_type = MAC_MLS_TYPE_LOW; |
| 763 mac_mls_set_single(mac_mls, mls_type, 0, NULL); | 763 mac_mls_set_effective(mac_mls, mls_type, 0, NULL); |
| 764} 765 766static void 767mac_mls_create_devfs_directory(struct mount *mp, char *dirname, 768 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 769{ 770 struct mac_mls *mac_mls; 771 772 mac_mls = SLOT(label); | 764} 765 766static void 767mac_mls_create_devfs_directory(struct mount *mp, char *dirname, 768 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 769{ 770 struct mac_mls *mac_mls; 771 772 mac_mls = SLOT(label); |
| 773 mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); | 773 mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); |
| 774} 775 776static void 777mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, 778 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 779 struct label *delabel) 780{ 781 struct mac_mls *source, *dest; 782 783 source = SLOT(cred->cr_label); 784 dest = SLOT(delabel); 785 | 774} 775 776static void 777mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, 778 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 779 struct label *delabel) 780{ 781 struct mac_mls *source, *dest; 782 783 source = SLOT(cred->cr_label); 784 dest = SLOT(delabel); 785 |
| 786 mac_mls_copy_single(source, dest); | 786 mac_mls_copy_effective(source, dest); |
| 787} 788 789static void 790mac_mls_create_mount(struct ucred *cred, struct mount *mp, 791 struct label *mntlabel, struct label *fslabel) 792{ 793 struct mac_mls *source, *dest; 794 795 source = SLOT(cred->cr_label); 796 dest = SLOT(mntlabel); | 787} 788 789static void 790mac_mls_create_mount(struct ucred *cred, struct mount *mp, 791 struct label *mntlabel, struct label *fslabel) 792{ 793 struct mac_mls *source, *dest; 794 795 source = SLOT(cred->cr_label); 796 dest = SLOT(mntlabel); |
| 797 mac_mls_copy_single(source, dest); | 797 mac_mls_copy_effective(source, dest); |
| 798 dest = SLOT(fslabel); | 798 dest = SLOT(fslabel); |
| 799 mac_mls_copy_single(source, dest); | 799 mac_mls_copy_effective(source, dest); |
| 800} 801 802static void 803mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, 804 struct label *mntlabel, struct label *fslabel) 805{ 806 struct mac_mls *mac_mls; 807 808 /* Always mount root as high integrity. */ 809 mac_mls = SLOT(fslabel); | 800} 801 802static void 803mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, 804 struct label *mntlabel, struct label *fslabel) 805{ 806 struct mac_mls *mac_mls; 807 808 /* Always mount root as high integrity. */ 809 mac_mls = SLOT(fslabel); |
| 810 mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); | 810 mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); |
| 811 mac_mls = SLOT(mntlabel); | 811 mac_mls = SLOT(mntlabel); |
| 812 mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); | 812 mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); |
| 813} 814 815static void 816mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, 817 struct label *vnodelabel, struct label *label) 818{ 819 struct mac_mls *source, *dest; 820 --- 8 unchanged lines hidden (view full) --- 829 struct devfs_dirent *devfs_dirent, struct label *direntlabel, 830 struct vnode *vp, struct label *vnodelabel) 831{ 832 struct mac_mls *source, *dest; 833 834 source = SLOT(vnodelabel); 835 dest = SLOT(direntlabel); 836 | 813} 814 815static void 816mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, 817 struct label *vnodelabel, struct label *label) 818{ 819 struct mac_mls *source, *dest; 820 --- 8 unchanged lines hidden (view full) --- 829 struct devfs_dirent *devfs_dirent, struct label *direntlabel, 830 struct vnode *vp, struct label *vnodelabel) 831{ 832 struct mac_mls *source, *dest; 833 834 source = SLOT(vnodelabel); 835 dest = SLOT(direntlabel); 836 |
| 837 mac_mls_copy_single(source, dest); | 837 mac_mls_copy_effective(source, dest); |
| 838} 839 840static void 841mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 842 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 843 struct label *vlabel) 844{ 845 struct mac_mls *source, *dest; 846 847 source = SLOT(delabel); 848 dest = SLOT(vlabel); 849 | 838} 839 840static void 841mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 842 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 843 struct label *vlabel) 844{ 845 struct mac_mls *source, *dest; 846 847 source = SLOT(delabel); 848 dest = SLOT(vlabel); 849 |
| 850 mac_mls_copy_single(source, dest); | 850 mac_mls_copy_effective(source, dest); |
| 851} 852 853static int 854mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 855 struct vnode *vp, struct label *vlabel) 856{ 857 struct mac_mls temp, *source, *dest; 858 int buflen, error; 859 860 source = SLOT(fslabel); 861 dest = SLOT(vlabel); 862 863 buflen = sizeof(temp); 864 bzero(&temp, buflen); 865 866 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 867 MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 868 if (error == ENOATTR || error == EOPNOTSUPP) { 869 /* Fall back to the fslabel. */ | 851} 852 853static int 854mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 855 struct vnode *vp, struct label *vlabel) 856{ 857 struct mac_mls temp, *source, *dest; 858 int buflen, error; 859 860 source = SLOT(fslabel); 861 dest = SLOT(vlabel); 862 863 buflen = sizeof(temp); 864 bzero(&temp, buflen); 865 866 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 867 MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 868 if (error == ENOATTR || error == EOPNOTSUPP) { 869 /* Fall back to the fslabel. */ |
| 870 mac_mls_copy_single(source, dest); | 870 mac_mls_copy_effective(source, dest); |
| 871 return (0); 872 } else if (error) 873 return (error); 874 875 if (buflen != sizeof(temp)) { 876 printf("mac_mls_associate_vnode_extattr: bad size %d\n", 877 buflen); 878 return (EPERM); 879 } 880 if (mac_mls_valid(&temp) != 0) { 881 printf("mac_mls_associate_vnode_extattr: invalid\n"); 882 return (EPERM); 883 } | 871 return (0); 872 } else if (error) 873 return (error); 874 875 if (buflen != sizeof(temp)) { 876 printf("mac_mls_associate_vnode_extattr: bad size %d\n", 877 buflen); 878 return (EPERM); 879 } 880 if (mac_mls_valid(&temp) != 0) { 881 printf("mac_mls_associate_vnode_extattr: invalid\n"); 882 return (EPERM); 883 } |
| 884 if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) { 885 printf("mac_mls_associated_vnode_extattr: not single\n"); | 884 if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { 885 printf("mac_mls_associated_vnode_extattr: not effective\n"); |
| 886 return (EPERM); 887 } 888 | 886 return (EPERM); 887 } 888 |
| 889 mac_mls_copy_single(&temp, dest); | 889 mac_mls_copy_effective(&temp, dest); |
| 890 return (0); 891} 892 893static void 894mac_mls_associate_vnode_singlelabel(struct mount *mp, 895 struct label *fslabel, struct vnode *vp, struct label *vlabel) 896{ 897 struct mac_mls *source, *dest; 898 899 source = SLOT(fslabel); 900 dest = SLOT(vlabel); 901 | 890 return (0); 891} 892 893static void 894mac_mls_associate_vnode_singlelabel(struct mount *mp, 895 struct label *fslabel, struct vnode *vp, struct label *vlabel) 896{ 897 struct mac_mls *source, *dest; 898 899 source = SLOT(fslabel); 900 dest = SLOT(vlabel); 901 |
| 902 mac_mls_copy_single(source, dest); | 902 mac_mls_copy_effective(source, dest); |
| 903} 904 905static int 906mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, 907 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 908 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 909{ 910 struct mac_mls *source, *dest, temp; 911 size_t buflen; 912 int error; 913 914 buflen = sizeof(temp); 915 bzero(&temp, buflen); 916 917 source = SLOT(cred->cr_label); 918 dest = SLOT(vlabel); | 903} 904 905static int 906mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, 907 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 908 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 909{ 910 struct mac_mls *source, *dest, temp; 911 size_t buflen; 912 int error; 913 914 buflen = sizeof(temp); 915 bzero(&temp, buflen); 916 917 source = SLOT(cred->cr_label); 918 dest = SLOT(vlabel); |
| 919 mac_mls_copy_single(source, &temp); | 919 mac_mls_copy_effective(source, &temp); |
| 920 921 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 922 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); 923 if (error == 0) | 920 921 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 922 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); 923 if (error == 0) |
| 924 mac_mls_copy_single(source, dest); | 924 mac_mls_copy_effective(source, dest); |
| 925 return (error); 926} 927 928static int 929mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 930 struct label *vlabel, struct label *intlabel) 931{ 932 struct mac_mls *source, temp; 933 size_t buflen; 934 int error; 935 936 buflen = sizeof(temp); 937 bzero(&temp, buflen); 938 939 source = SLOT(intlabel); | 925 return (error); 926} 927 928static int 929mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 930 struct label *vlabel, struct label *intlabel) 931{ 932 struct mac_mls *source, temp; 933 size_t buflen; 934 int error; 935 936 buflen = sizeof(temp); 937 bzero(&temp, buflen); 938 939 source = SLOT(intlabel); |
| 940 if ((source->mm_flags & MAC_MLS_FLAG_SINGLE) == 0) | 940 if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) |
| 941 return (0); 942 | 941 return (0); 942 |
| 943 mac_mls_copy_single(source, &temp); | 943 mac_mls_copy_effective(source, &temp); |
| 944 945 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 946 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); 947 return (error); 948} 949 950/* 951 * Labeling event operations: IPC object. 952 */ 953static void 954mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, 955 struct inpcb *inp, struct label *inplabel) 956{ 957 struct mac_mls *source, *dest; 958 959 source = SLOT(solabel); 960 dest = SLOT(inplabel); 961 | 944 945 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, 946 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); 947 return (error); 948} 949 950/* 951 * Labeling event operations: IPC object. 952 */ 953static void 954mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, 955 struct inpcb *inp, struct label *inplabel) 956{ 957 struct mac_mls *source, *dest; 958 959 source = SLOT(solabel); 960 dest = SLOT(inplabel); 961 |
| 962 mac_mls_copy_single(source, dest); | 962 mac_mls_copy_effective(source, dest); |
| 963} 964 965static void 966mac_mls_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 967 struct mbuf *m, struct label *mbuflabel) 968{ 969 struct mac_mls *source, *dest; 970 971 source = SLOT(socketlabel); 972 dest = SLOT(mbuflabel); 973 | 963} 964 965static void 966mac_mls_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 967 struct mbuf *m, struct label *mbuflabel) 968{ 969 struct mac_mls *source, *dest; 970 971 source = SLOT(socketlabel); 972 dest = SLOT(mbuflabel); 973 |
| 974 mac_mls_copy_single(source, dest); | 974 mac_mls_copy_effective(source, dest); |
| 975} 976 977static void 978mac_mls_create_socket(struct ucred *cred, struct socket *socket, 979 struct label *socketlabel) 980{ 981 struct mac_mls *source, *dest; 982 983 source = SLOT(cred->cr_label); 984 dest = SLOT(socketlabel); 985 | 975} 976 977static void 978mac_mls_create_socket(struct ucred *cred, struct socket *socket, 979 struct label *socketlabel) 980{ 981 struct mac_mls *source, *dest; 982 983 source = SLOT(cred->cr_label); 984 dest = SLOT(socketlabel); 985 |
| 986 mac_mls_copy_single(source, dest); | 986 mac_mls_copy_effective(source, dest); |
| 987} 988 989static void 990mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, 991 struct label *pipelabel) 992{ 993 struct mac_mls *source, *dest; 994 995 source = SLOT(cred->cr_label); 996 dest = SLOT(pipelabel); 997 | 987} 988 989static void 990mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, 991 struct label *pipelabel) 992{ 993 struct mac_mls *source, *dest; 994 995 source = SLOT(cred->cr_label); 996 dest = SLOT(pipelabel); 997 |
| 998 mac_mls_copy_single(source, dest); | 998 mac_mls_copy_effective(source, dest); |
| 999} 1000 1001static void 1002mac_mls_create_socket_from_socket(struct socket *oldsocket, 1003 struct label *oldsocketlabel, struct socket *newsocket, 1004 struct label *newsocketlabel) 1005{ 1006 struct mac_mls *source, *dest; 1007 1008 source = SLOT(oldsocketlabel); 1009 dest = SLOT(newsocketlabel); 1010 | 999} 1000 1001static void 1002mac_mls_create_socket_from_socket(struct socket *oldsocket, 1003 struct label *oldsocketlabel, struct socket *newsocket, 1004 struct label *newsocketlabel) 1005{ 1006 struct mac_mls *source, *dest; 1007 1008 source = SLOT(oldsocketlabel); 1009 dest = SLOT(newsocketlabel); 1010 |
| 1011 mac_mls_copy_single(source, dest); | 1011 mac_mls_copy_effective(source, dest); |
| 1012} 1013 1014static void 1015mac_mls_relabel_socket(struct ucred *cred, struct socket *socket, 1016 struct label *socketlabel, struct label *newlabel) 1017{ 1018 struct mac_mls *source, *dest; 1019 --- 19 unchanged lines hidden (view full) --- 1039mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1040 struct socket *socket, struct label *socketpeerlabel) 1041{ 1042 struct mac_mls *source, *dest; 1043 1044 source = SLOT(mbuflabel); 1045 dest = SLOT(socketpeerlabel); 1046 | 1012} 1013 1014static void 1015mac_mls_relabel_socket(struct ucred *cred, struct socket *socket, 1016 struct label *socketlabel, struct label *newlabel) 1017{ 1018 struct mac_mls *source, *dest; 1019 --- 19 unchanged lines hidden (view full) --- 1039mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1040 struct socket *socket, struct label *socketpeerlabel) 1041{ 1042 struct mac_mls *source, *dest; 1043 1044 source = SLOT(mbuflabel); 1045 dest = SLOT(socketpeerlabel); 1046 |
| 1047 mac_mls_copy_single(source, dest); | 1047 mac_mls_copy_effective(source, dest); |
| 1048} 1049 1050/* 1051 * Labeling event operations: network objects. 1052 */ 1053static void 1054mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, 1055 struct label *oldsocketlabel, struct socket *newsocket, 1056 struct label *newsocketpeerlabel) 1057{ 1058 struct mac_mls *source, *dest; 1059 1060 source = SLOT(oldsocketlabel); 1061 dest = SLOT(newsocketpeerlabel); 1062 | 1048} 1049 1050/* 1051 * Labeling event operations: network objects. 1052 */ 1053static void 1054mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, 1055 struct label *oldsocketlabel, struct socket *newsocket, 1056 struct label *newsocketpeerlabel) 1057{ 1058 struct mac_mls *source, *dest; 1059 1060 source = SLOT(oldsocketlabel); 1061 dest = SLOT(newsocketpeerlabel); 1062 |
| 1063 mac_mls_copy_single(source, dest); | 1063 mac_mls_copy_effective(source, dest); |
| 1064} 1065 1066static void 1067mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1068 struct label *bpflabel) 1069{ 1070 struct mac_mls *source, *dest; 1071 1072 source = SLOT(cred->cr_label); 1073 dest = SLOT(bpflabel); 1074 | 1064} 1065 1066static void 1067mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1068 struct label *bpflabel) 1069{ 1070 struct mac_mls *source, *dest; 1071 1072 source = SLOT(cred->cr_label); 1073 dest = SLOT(bpflabel); 1074 |
| 1075 mac_mls_copy_single(source, dest); | 1075 mac_mls_copy_effective(source, dest); |
| 1076} 1077 1078static void 1079mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1080{ 1081 struct mac_mls *dest; 1082 int type; 1083 1084 dest = SLOT(ifnetlabel); 1085 1086 if (ifnet->if_type == IFT_LOOP) 1087 type = MAC_MLS_TYPE_EQUAL; 1088 else 1089 type = MAC_MLS_TYPE_LOW; 1090 | 1076} 1077 1078static void 1079mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1080{ 1081 struct mac_mls *dest; 1082 int type; 1083 1084 dest = SLOT(ifnetlabel); 1085 1086 if (ifnet->if_type == IFT_LOOP) 1087 type = MAC_MLS_TYPE_EQUAL; 1088 else 1089 type = MAC_MLS_TYPE_LOW; 1090 |
| 1091 mac_mls_set_single(dest, type, 0, NULL); | 1091 mac_mls_set_effective(dest, type, 0, NULL); |
| 1092 mac_mls_set_range(dest, type, 0, NULL, type, 0, NULL); 1093} 1094 1095static void 1096mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1097 struct ipq *ipq, struct label *ipqlabel) 1098{ 1099 struct mac_mls *source, *dest; 1100 1101 source = SLOT(fragmentlabel); 1102 dest = SLOT(ipqlabel); 1103 | 1092 mac_mls_set_range(dest, type, 0, NULL, type, 0, NULL); 1093} 1094 1095static void 1096mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1097 struct ipq *ipq, struct label *ipqlabel) 1098{ 1099 struct mac_mls *source, *dest; 1100 1101 source = SLOT(fragmentlabel); 1102 dest = SLOT(ipqlabel); 1103 |
| 1104 mac_mls_copy_single(source, dest); | 1104 mac_mls_copy_effective(source, dest); |
| 1105} 1106 1107static void 1108mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1109 struct mbuf *datagram, struct label *datagramlabel) 1110{ 1111 struct mac_mls *source, *dest; 1112 1113 source = SLOT(ipqlabel); 1114 dest = SLOT(datagramlabel); 1115 1116 /* Just use the head, since we require them all to match. */ | 1105} 1106 1107static void 1108mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1109 struct mbuf *datagram, struct label *datagramlabel) 1110{ 1111 struct mac_mls *source, *dest; 1112 1113 source = SLOT(ipqlabel); 1114 dest = SLOT(datagramlabel); 1115 1116 /* Just use the head, since we require them all to match. */ |
| 1117 mac_mls_copy_single(source, dest); | 1117 mac_mls_copy_effective(source, dest); |
| 1118} 1119 1120static void 1121mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1122 struct mbuf *fragment, struct label *fragmentlabel) 1123{ 1124 struct mac_mls *source, *dest; 1125 1126 source = SLOT(datagramlabel); 1127 dest = SLOT(fragmentlabel); 1128 | 1118} 1119 1120static void 1121mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1122 struct mbuf *fragment, struct label *fragmentlabel) 1123{ 1124 struct mac_mls *source, *dest; 1125 1126 source = SLOT(datagramlabel); 1127 dest = SLOT(fragmentlabel); 1128 |
| 1129 mac_mls_copy_single(source, dest); | 1129 mac_mls_copy_effective(source, dest); |
| 1130} 1131 1132static void 1133mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 1134 struct mbuf *m, struct label *mlabel) 1135{ 1136 struct mac_mls *source, *dest; 1137 1138 source = SLOT(inplabel); 1139 dest = SLOT(mlabel); 1140 | 1130} 1131 1132static void 1133mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 1134 struct mbuf *m, struct label *mlabel) 1135{ 1136 struct mac_mls *source, *dest; 1137 1138 source = SLOT(inplabel); 1139 dest = SLOT(mlabel); 1140 |
| 1141 mac_mls_copy_single(source, dest); | 1141 mac_mls_copy_effective(source, dest); |
| 1142} 1143 1144static void 1145mac_mls_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1146 struct label *oldmbuflabel, struct mbuf *newmbuf, 1147 struct label *newmbuflabel) 1148{ 1149 struct mac_mls *source, *dest; --- 15 unchanged lines hidden (view full) --- 1165static void 1166mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1167 struct mbuf *mbuf, struct label *mbuflabel) 1168{ 1169 struct mac_mls *dest; 1170 1171 dest = SLOT(mbuflabel); 1172 | 1142} 1143 1144static void 1145mac_mls_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1146 struct label *oldmbuflabel, struct mbuf *newmbuf, 1147 struct label *newmbuflabel) 1148{ 1149 struct mac_mls *source, *dest; --- 15 unchanged lines hidden (view full) --- 1165static void 1166mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1167 struct mbuf *mbuf, struct label *mbuflabel) 1168{ 1169 struct mac_mls *dest; 1170 1171 dest = SLOT(mbuflabel); 1172 |
| 1173 mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); | 1173 mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); |
| 1174} 1175 1176static void 1177mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1178 struct mbuf *mbuf, struct label *mbuflabel) 1179{ 1180 struct mac_mls *source, *dest; 1181 1182 source = SLOT(bpflabel); 1183 dest = SLOT(mbuflabel); 1184 | 1174} 1175 1176static void 1177mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1178 struct mbuf *mbuf, struct label *mbuflabel) 1179{ 1180 struct mac_mls *source, *dest; 1181 1182 source = SLOT(bpflabel); 1183 dest = SLOT(mbuflabel); 1184 |
| 1185 mac_mls_copy_single(source, dest); | 1185 mac_mls_copy_effective(source, dest); |
| 1186} 1187 1188static void 1189mac_mls_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1190 struct mbuf *m, struct label *mbuflabel) 1191{ 1192 struct mac_mls *source, *dest; 1193 1194 source = SLOT(ifnetlabel); 1195 dest = SLOT(mbuflabel); 1196 | 1186} 1187 1188static void 1189mac_mls_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1190 struct mbuf *m, struct label *mbuflabel) 1191{ 1192 struct mac_mls *source, *dest; 1193 1194 source = SLOT(ifnetlabel); 1195 dest = SLOT(mbuflabel); 1196 |
| 1197 mac_mls_copy_single(source, dest); | 1197 mac_mls_copy_effective(source, dest); |
| 1198} 1199 1200static void 1201mac_mls_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1202 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1203 struct mbuf *newmbuf, struct label *newmbuflabel) 1204{ 1205 struct mac_mls *source, *dest; 1206 1207 source = SLOT(oldmbuflabel); 1208 dest = SLOT(newmbuflabel); 1209 | 1198} 1199 1200static void 1201mac_mls_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1202 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1203 struct mbuf *newmbuf, struct label *newmbuflabel) 1204{ 1205 struct mac_mls *source, *dest; 1206 1207 source = SLOT(oldmbuflabel); 1208 dest = SLOT(newmbuflabel); 1209 |
| 1210 mac_mls_copy_single(source, dest); | 1210 mac_mls_copy_effective(source, dest); |
| 1211} 1212 1213static void 1214mac_mls_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1215 struct mbuf *newmbuf, struct label *newmbuflabel) 1216{ 1217 struct mac_mls *source, *dest; 1218 1219 source = SLOT(oldmbuflabel); 1220 dest = SLOT(newmbuflabel); 1221 | 1211} 1212 1213static void 1214mac_mls_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1215 struct mbuf *newmbuf, struct label *newmbuflabel) 1216{ 1217 struct mac_mls *source, *dest; 1218 1219 source = SLOT(oldmbuflabel); 1220 dest = SLOT(newmbuflabel); 1221 |
| 1222 mac_mls_copy_single(source, dest); | 1222 mac_mls_copy_effective(source, dest); |
| 1223} 1224 1225static int 1226mac_mls_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1227 struct ipq *ipq, struct label *ipqlabel) 1228{ 1229 struct mac_mls *a, *b; 1230 1231 a = SLOT(ipqlabel); 1232 b = SLOT(fragmentlabel); 1233 | 1223} 1224 1225static int 1226mac_mls_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1227 struct ipq *ipq, struct label *ipqlabel) 1228{ 1229 struct mac_mls *a, *b; 1230 1231 a = SLOT(ipqlabel); 1232 b = SLOT(fragmentlabel); 1233 |
| 1234 return (mac_mls_equal_single(a, b)); | 1234 return (mac_mls_equal_effective(a, b)); |
| 1235} 1236 1237static void 1238mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1239 struct label *ifnetlabel, struct label *newlabel) 1240{ 1241 struct mac_mls *source, *dest; 1242 --- 28 unchanged lines hidden (view full) --- 1271 */ 1272static void 1273mac_mls_create_proc0(struct ucred *cred) 1274{ 1275 struct mac_mls *dest; 1276 1277 dest = SLOT(cred->cr_label); 1278 | 1235} 1236 1237static void 1238mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1239 struct label *ifnetlabel, struct label *newlabel) 1240{ 1241 struct mac_mls *source, *dest; 1242 --- 28 unchanged lines hidden (view full) --- 1271 */ 1272static void 1273mac_mls_create_proc0(struct ucred *cred) 1274{ 1275 struct mac_mls *dest; 1276 1277 dest = SLOT(cred->cr_label); 1278 |
| 1279 mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); | 1279 mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); |
| 1280 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1281 0, NULL); 1282} 1283 1284static void 1285mac_mls_create_proc1(struct ucred *cred) 1286{ 1287 struct mac_mls *dest; 1288 1289 dest = SLOT(cred->cr_label); 1290 | 1280 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1281 0, NULL); 1282} 1283 1284static void 1285mac_mls_create_proc1(struct ucred *cred) 1286{ 1287 struct mac_mls *dest; 1288 1289 dest = SLOT(cred->cr_label); 1290 |
| 1291 mac_mls_set_single(dest, MAC_MLS_TYPE_LOW, 0, NULL); | 1291 mac_mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); |
| 1292 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1293 0, NULL); 1294} 1295 1296static void 1297mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel) 1298{ 1299 struct mac_mls *source, *dest; --- 14 unchanged lines hidden (view full) --- 1314 struct mac_mls *a, *b; 1315 1316 if (!mac_mls_enabled) 1317 return (0); 1318 1319 a = SLOT(bpflabel); 1320 b = SLOT(ifnetlabel); 1321 | 1292 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1293 0, NULL); 1294} 1295 1296static void 1297mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel) 1298{ 1299 struct mac_mls *source, *dest; --- 14 unchanged lines hidden (view full) --- 1314 struct mac_mls *a, *b; 1315 1316 if (!mac_mls_enabled) 1317 return (0); 1318 1319 a = SLOT(bpflabel); 1320 b = SLOT(ifnetlabel); 1321 |
| 1322 if (mac_mls_equal_single(a, b)) | 1322 if (mac_mls_equal_effective(a, b)) |
| 1323 return (0); 1324 return (EACCES); 1325} 1326 1327static int 1328mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1329{ 1330 struct mac_mls *subj, *new; 1331 int error; 1332 1333 subj = SLOT(cred->cr_label); 1334 new = SLOT(newlabel); 1335 1336 /* 1337 * If there is an MLS label update for the credential, it may be | 1323 return (0); 1324 return (EACCES); 1325} 1326 1327static int 1328mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1329{ 1330 struct mac_mls *subj, *new; 1331 int error; 1332 1333 subj = SLOT(cred->cr_label); 1334 new = SLOT(newlabel); 1335 1336 /* 1337 * If there is an MLS label update for the credential, it may be |
| 1338 * an update of single, range, or both. | 1338 * an update of effective, range, or both. |
| 1339 */ 1340 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1341 if (error) 1342 return (error); 1343 1344 /* 1345 * If the MLS label is to be changed, authorize as appropriate. 1346 */ 1347 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1348 /* | 1339 */ 1340 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1341 if (error) 1342 return (error); 1343 1344 /* 1345 * If the MLS label is to be changed, authorize as appropriate. 1346 */ 1347 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1348 /* |
| 1349 * If the change request modifies both the MLS label single 1350 * and range, check that the new single will be in the | 1349 * If the change request modifies both the MLS label effective 1350 * and range, check that the new effective will be in the |
| 1351 * new range. 1352 */ 1353 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == 1354 MAC_MLS_FLAGS_BOTH && | 1351 * new range. 1352 */ 1353 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == 1354 MAC_MLS_FLAGS_BOTH && |
| 1355 !mac_mls_single_in_range(new, new)) | 1355 !mac_mls_effective_in_range(new, new)) |
| 1356 return (EINVAL); 1357 1358 /* | 1356 return (EINVAL); 1357 1358 /* |
| 1359 * To change the MLS single label on a credential, the 1360 * new single label must be in the current range. | 1359 * To change the MLS effective label on a credential, the 1360 * new effective label must be in the current range. |
| 1361 */ | 1361 */ |
| 1362 if (new->mm_flags & MAC_MLS_FLAG_SINGLE && 1363 !mac_mls_single_in_range(new, subj)) | 1362 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && 1363 !mac_mls_effective_in_range(new, subj)) |
| 1364 return (EPERM); 1365 1366 /* 1367 * To change the MLS range label on a credential, the 1368 * new range must be in the current range. 1369 */ 1370 if (new->mm_flags & MAC_MLS_FLAG_RANGE && 1371 !mac_mls_range_in_range(new, subj)) --- 21 unchanged lines hidden (view full) --- 1393 1394 if (!mac_mls_enabled) 1395 return (0); 1396 1397 subj = SLOT(u1->cr_label); 1398 obj = SLOT(u2->cr_label); 1399 1400 /* XXX: range */ | 1364 return (EPERM); 1365 1366 /* 1367 * To change the MLS range label on a credential, the 1368 * new range must be in the current range. 1369 */ 1370 if (new->mm_flags & MAC_MLS_FLAG_RANGE && 1371 !mac_mls_range_in_range(new, subj)) --- 21 unchanged lines hidden (view full) --- 1393 1394 if (!mac_mls_enabled) 1395 return (0); 1396 1397 subj = SLOT(u1->cr_label); 1398 obj = SLOT(u2->cr_label); 1399 1400 /* XXX: range */ |
| 1401 if (!mac_mls_dominate_single(subj, obj)) | 1401 if (!mac_mls_dominate_effective(subj, obj)) |
| 1402 return (ESRCH); 1403 1404 return (0); 1405} 1406 1407static int 1408mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1409 struct label *ifnetlabel, struct label *newlabel) 1410{ 1411 struct mac_mls *subj, *new; 1412 int error; 1413 1414 subj = SLOT(cred->cr_label); 1415 new = SLOT(newlabel); 1416 1417 /* 1418 * If there is an MLS label update for the interface, it may | 1402 return (ESRCH); 1403 1404 return (0); 1405} 1406 1407static int 1408mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1409 struct label *ifnetlabel, struct label *newlabel) 1410{ 1411 struct mac_mls *subj, *new; 1412 int error; 1413 1414 subj = SLOT(cred->cr_label); 1415 new = SLOT(newlabel); 1416 1417 /* 1418 * If there is an MLS label update for the interface, it may |
| 1419 * be an update of single, range, or both. | 1419 * be an update of effective, range, or both. |
| 1420 */ 1421 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1422 if (error) 1423 return (error); 1424 1425 /* 1426 * Relabeling network interfaces requires MLS privilege. 1427 */ --- 9 unchanged lines hidden (view full) --- 1437 struct mac_mls *p, *i; 1438 1439 if (!mac_mls_enabled) 1440 return (0); 1441 1442 p = SLOT(mbuflabel); 1443 i = SLOT(ifnetlabel); 1444 | 1420 */ 1421 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1422 if (error) 1423 return (error); 1424 1425 /* 1426 * Relabeling network interfaces requires MLS privilege. 1427 */ --- 9 unchanged lines hidden (view full) --- 1437 struct mac_mls *p, *i; 1438 1439 if (!mac_mls_enabled) 1440 return (0); 1441 1442 p = SLOT(mbuflabel); 1443 i = SLOT(ifnetlabel); 1444 |
| 1445 return (mac_mls_single_in_range(p, i) ? 0 : EACCES); | 1445 return (mac_mls_effective_in_range(p, i) ? 0 : EACCES); |
| 1446} 1447 1448static int 1449mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 1450 struct mbuf *m, struct label *mlabel) 1451{ 1452 struct mac_mls *p, *i; 1453 1454 if (!mac_mls_enabled) 1455 return (0); 1456 1457 p = SLOT(mlabel); 1458 i = SLOT(inplabel); 1459 | 1446} 1447 1448static int 1449mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 1450 struct mbuf *m, struct label *mlabel) 1451{ 1452 struct mac_mls *p, *i; 1453 1454 if (!mac_mls_enabled) 1455 return (0); 1456 1457 p = SLOT(mlabel); 1458 i = SLOT(inplabel); 1459 |
| 1460 return (mac_mls_equal_single(p, i) ? 0 : EACCES); | 1460 return (mac_mls_equal_effective(p, i) ? 0 : EACCES); |
| 1461} 1462 1463static int 1464mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, 1465 struct label *mntlabel) 1466{ 1467 struct mac_mls *subj, *obj; 1468 1469 if (!mac_mls_enabled) 1470 return (0); 1471 1472 subj = SLOT(cred->cr_label); 1473 obj = SLOT(mntlabel); 1474 | 1461} 1462 1463static int 1464mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, 1465 struct label *mntlabel) 1466{ 1467 struct mac_mls *subj, *obj; 1468 1469 if (!mac_mls_enabled) 1470 return (0); 1471 1472 subj = SLOT(cred->cr_label); 1473 obj = SLOT(mntlabel); 1474 |
| 1475 if (!mac_mls_dominate_single(subj, obj)) | 1475 if (!mac_mls_dominate_effective(subj, obj)) |
| 1476 return (EACCES); 1477 1478 return (0); 1479} 1480 1481static int 1482mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 1483 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) --- 14 unchanged lines hidden (view full) --- 1498 struct mac_mls *subj, *obj; 1499 1500 if (!mac_mls_enabled) 1501 return (0); 1502 1503 subj = SLOT(cred->cr_label); 1504 obj = SLOT((pipelabel)); 1505 | 1476 return (EACCES); 1477 1478 return (0); 1479} 1480 1481static int 1482mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 1483 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) --- 14 unchanged lines hidden (view full) --- 1498 struct mac_mls *subj, *obj; 1499 1500 if (!mac_mls_enabled) 1501 return (0); 1502 1503 subj = SLOT(cred->cr_label); 1504 obj = SLOT((pipelabel)); 1505 |
| 1506 if (!mac_mls_dominate_single(subj, obj)) | 1506 if (!mac_mls_dominate_effective(subj, obj)) |
| 1507 return (EACCES); 1508 1509 return (0); 1510} 1511 1512static int 1513mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, 1514 struct label *pipelabel) 1515{ 1516 struct mac_mls *subj, *obj; 1517 1518 if (!mac_mls_enabled) 1519 return (0); 1520 1521 subj = SLOT(cred->cr_label); 1522 obj = SLOT((pipelabel)); 1523 | 1507 return (EACCES); 1508 1509 return (0); 1510} 1511 1512static int 1513mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, 1514 struct label *pipelabel) 1515{ 1516 struct mac_mls *subj, *obj; 1517 1518 if (!mac_mls_enabled) 1519 return (0); 1520 1521 subj = SLOT(cred->cr_label); 1522 obj = SLOT((pipelabel)); 1523 |
| 1524 if (!mac_mls_dominate_single(subj, obj)) | 1524 if (!mac_mls_dominate_effective(subj, obj)) |
| 1525 return (EACCES); 1526 1527 return (0); 1528} 1529 1530static int 1531mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1532 struct label *pipelabel, struct label *newlabel) 1533{ 1534 struct mac_mls *subj, *obj, *new; 1535 int error; 1536 1537 new = SLOT(newlabel); 1538 subj = SLOT(cred->cr_label); 1539 obj = SLOT(pipelabel); 1540 1541 /* 1542 * If there is an MLS label update for a pipe, it must be a | 1525 return (EACCES); 1526 1527 return (0); 1528} 1529 1530static int 1531mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1532 struct label *pipelabel, struct label *newlabel) 1533{ 1534 struct mac_mls *subj, *obj, *new; 1535 int error; 1536 1537 new = SLOT(newlabel); 1538 subj = SLOT(cred->cr_label); 1539 obj = SLOT(pipelabel); 1540 1541 /* 1542 * If there is an MLS label update for a pipe, it must be a |
| 1543 * single update. | 1543 * effective update. |
| 1544 */ | 1544 */ |
| 1545 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); | 1545 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); |
| 1546 if (error) 1547 return (error); 1548 1549 /* 1550 * To perform a relabel of a pipe (MLS label or not), MLS must 1551 * authorize the relabel. 1552 */ | 1546 if (error) 1547 return (error); 1548 1549 /* 1550 * To perform a relabel of a pipe (MLS label or not), MLS must 1551 * authorize the relabel. 1552 */ |
| 1553 if (!mac_mls_single_in_range(obj, subj)) | 1553 if (!mac_mls_effective_in_range(obj, subj)) |
| 1554 return (EPERM); 1555 1556 /* 1557 * If the MLS label is to be changed, authorize as appropriate. 1558 */ | 1554 return (EPERM); 1555 1556 /* 1557 * If the MLS label is to be changed, authorize as appropriate. 1558 */ |
| 1559 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { | 1559 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { |
| 1560 /* 1561 * To change the MLS label on a pipe, the new pipe label 1562 * must be in the subject range. 1563 */ | 1560 /* 1561 * To change the MLS label on a pipe, the new pipe label 1562 * must be in the subject range. 1563 */ |
| 1564 if (!mac_mls_single_in_range(new, subj)) | 1564 if (!mac_mls_effective_in_range(new, subj)) |
| 1565 return (EPERM); 1566 1567 /* 1568 * To change the MLS label on a pipe to be EQUAL, the 1569 * subject must have appropriate privilege. 1570 */ 1571 if (mac_mls_contains_equal(new)) { 1572 error = mac_mls_subject_privileged(subj); --- 12 unchanged lines hidden (view full) --- 1585 struct mac_mls *subj, *obj; 1586 1587 if (!mac_mls_enabled) 1588 return (0); 1589 1590 subj = SLOT(cred->cr_label); 1591 obj = SLOT((pipelabel)); 1592 | 1565 return (EPERM); 1566 1567 /* 1568 * To change the MLS label on a pipe to be EQUAL, the 1569 * subject must have appropriate privilege. 1570 */ 1571 if (mac_mls_contains_equal(new)) { 1572 error = mac_mls_subject_privileged(subj); --- 12 unchanged lines hidden (view full) --- 1585 struct mac_mls *subj, *obj; 1586 1587 if (!mac_mls_enabled) 1588 return (0); 1589 1590 subj = SLOT(cred->cr_label); 1591 obj = SLOT((pipelabel)); 1592 |
| 1593 if (!mac_mls_dominate_single(subj, obj)) | 1593 if (!mac_mls_dominate_effective(subj, obj)) |
| 1594 return (EACCES); 1595 1596 return (0); 1597} 1598 1599static int 1600mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, 1601 struct label *pipelabel) 1602{ 1603 struct mac_mls *subj, *obj; 1604 1605 if (!mac_mls_enabled) 1606 return (0); 1607 1608 subj = SLOT(cred->cr_label); 1609 obj = SLOT((pipelabel)); 1610 | 1594 return (EACCES); 1595 1596 return (0); 1597} 1598 1599static int 1600mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, 1601 struct label *pipelabel) 1602{ 1603 struct mac_mls *subj, *obj; 1604 1605 if (!mac_mls_enabled) 1606 return (0); 1607 1608 subj = SLOT(cred->cr_label); 1609 obj = SLOT((pipelabel)); 1610 |
| 1611 if (!mac_mls_dominate_single(obj, subj)) | 1611 if (!mac_mls_dominate_effective(obj, subj)) |
| 1612 return (EACCES); 1613 1614 return (0); 1615} 1616 1617static int 1618mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) 1619{ 1620 struct mac_mls *subj, *obj; 1621 1622 if (!mac_mls_enabled) 1623 return (0); 1624 1625 subj = SLOT(cred->cr_label); 1626 obj = SLOT(proc->p_ucred->cr_label); 1627 1628 /* XXX: range checks */ | 1612 return (EACCES); 1613 1614 return (0); 1615} 1616 1617static int 1618mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) 1619{ 1620 struct mac_mls *subj, *obj; 1621 1622 if (!mac_mls_enabled) 1623 return (0); 1624 1625 subj = SLOT(cred->cr_label); 1626 obj = SLOT(proc->p_ucred->cr_label); 1627 1628 /* XXX: range checks */ |
| 1629 if (!mac_mls_dominate_single(subj, obj)) | 1629 if (!mac_mls_dominate_effective(subj, obj)) |
| 1630 return (ESRCH); | 1630 return (ESRCH); |
| 1631 if (!mac_mls_dominate_single(obj, subj)) | 1631 if (!mac_mls_dominate_effective(obj, subj)) |
| 1632 return (EACCES); 1633 1634 return (0); 1635} 1636 1637static int 1638mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) 1639{ 1640 struct mac_mls *subj, *obj; 1641 1642 if (!mac_mls_enabled) 1643 return (0); 1644 1645 subj = SLOT(cred->cr_label); 1646 obj = SLOT(proc->p_ucred->cr_label); 1647 1648 /* XXX: range checks */ | 1632 return (EACCES); 1633 1634 return (0); 1635} 1636 1637static int 1638mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) 1639{ 1640 struct mac_mls *subj, *obj; 1641 1642 if (!mac_mls_enabled) 1643 return (0); 1644 1645 subj = SLOT(cred->cr_label); 1646 obj = SLOT(proc->p_ucred->cr_label); 1647 1648 /* XXX: range checks */ |
| 1649 if (!mac_mls_dominate_single(subj, obj)) | 1649 if (!mac_mls_dominate_effective(subj, obj)) |
| 1650 return (ESRCH); | 1650 return (ESRCH); |
| 1651 if (!mac_mls_dominate_single(obj, subj)) | 1651 if (!mac_mls_dominate_effective(obj, subj)) |
| 1652 return (EACCES); 1653 1654 return (0); 1655} 1656 1657static int 1658mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1659{ 1660 struct mac_mls *subj, *obj; 1661 1662 if (!mac_mls_enabled) 1663 return (0); 1664 1665 subj = SLOT(cred->cr_label); 1666 obj = SLOT(proc->p_ucred->cr_label); 1667 1668 /* XXX: range checks */ | 1652 return (EACCES); 1653 1654 return (0); 1655} 1656 1657static int 1658mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1659{ 1660 struct mac_mls *subj, *obj; 1661 1662 if (!mac_mls_enabled) 1663 return (0); 1664 1665 subj = SLOT(cred->cr_label); 1666 obj = SLOT(proc->p_ucred->cr_label); 1667 1668 /* XXX: range checks */ |
| 1669 if (!mac_mls_dominate_single(subj, obj)) | 1669 if (!mac_mls_dominate_effective(subj, obj)) |
| 1670 return (ESRCH); | 1670 return (ESRCH); |
| 1671 if (!mac_mls_dominate_single(obj, subj)) | 1671 if (!mac_mls_dominate_effective(obj, subj)) |
| 1672 return (EACCES); 1673 1674 return (0); 1675} 1676 1677static int 1678mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, 1679 struct mbuf *m, struct label *mbuflabel) 1680{ 1681 struct mac_mls *p, *s; 1682 1683 if (!mac_mls_enabled) 1684 return (0); 1685 1686 p = SLOT(mbuflabel); 1687 s = SLOT(socketlabel); 1688 | 1672 return (EACCES); 1673 1674 return (0); 1675} 1676 1677static int 1678mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, 1679 struct mbuf *m, struct label *mbuflabel) 1680{ 1681 struct mac_mls *p, *s; 1682 1683 if (!mac_mls_enabled) 1684 return (0); 1685 1686 p = SLOT(mbuflabel); 1687 s = SLOT(socketlabel); 1688 |
| 1689 return (mac_mls_equal_single(p, s) ? 0 : EACCES); | 1689 return (mac_mls_equal_effective(p, s) ? 0 : EACCES); |
| 1690} 1691 1692static int 1693mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, 1694 struct label *socketlabel, struct label *newlabel) 1695{ 1696 struct mac_mls *subj, *obj, *new; 1697 int error; 1698 1699 new = SLOT(newlabel); 1700 subj = SLOT(cred->cr_label); 1701 obj = SLOT(socketlabel); 1702 1703 /* 1704 * If there is an MLS label update for the socket, it may be | 1690} 1691 1692static int 1693mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, 1694 struct label *socketlabel, struct label *newlabel) 1695{ 1696 struct mac_mls *subj, *obj, *new; 1697 int error; 1698 1699 new = SLOT(newlabel); 1700 subj = SLOT(cred->cr_label); 1701 obj = SLOT(socketlabel); 1702 1703 /* 1704 * If there is an MLS label update for the socket, it may be |
| 1705 * an update of single. | 1705 * an update of effective. |
| 1706 */ | 1706 */ |
| 1707 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); | 1707 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); |
| 1708 if (error) 1709 return (error); 1710 1711 /* | 1708 if (error) 1709 return (error); 1710 1711 /* |
| 1712 * To relabel a socket, the old socket single must be in the subject | 1712 * To relabel a socket, the old socket effective must be in the subject |
| 1713 * range. 1714 */ | 1713 * range. 1714 */ |
| 1715 if (!mac_mls_single_in_range(obj, subj)) | 1715 if (!mac_mls_effective_in_range(obj, subj)) |
| 1716 return (EPERM); 1717 1718 /* 1719 * If the MLS label is to be changed, authorize as appropriate. 1720 */ | 1716 return (EPERM); 1717 1718 /* 1719 * If the MLS label is to be changed, authorize as appropriate. 1720 */ |
| 1721 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { | 1721 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { |
| 1722 /* | 1722 /* |
| 1723 * To relabel a socket, the new socket single must be in | 1723 * To relabel a socket, the new socket effective must be in |
| 1724 * the subject range. 1725 */ | 1724 * the subject range. 1725 */ |
| 1726 if (!mac_mls_single_in_range(new, subj)) | 1726 if (!mac_mls_effective_in_range(new, subj)) |
| 1727 return (EPERM); 1728 1729 /* 1730 * To change the MLS label on the socket to contain EQUAL, 1731 * the subject must have appropriate privilege. 1732 */ 1733 if (mac_mls_contains_equal(new)) { 1734 error = mac_mls_subject_privileged(subj); --- 12 unchanged lines hidden (view full) --- 1747 struct mac_mls *subj, *obj; 1748 1749 if (!mac_mls_enabled) 1750 return (0); 1751 1752 subj = SLOT(cred->cr_label); 1753 obj = SLOT(socketlabel); 1754 | 1727 return (EPERM); 1728 1729 /* 1730 * To change the MLS label on the socket to contain EQUAL, 1731 * the subject must have appropriate privilege. 1732 */ 1733 if (mac_mls_contains_equal(new)) { 1734 error = mac_mls_subject_privileged(subj); --- 12 unchanged lines hidden (view full) --- 1747 struct mac_mls *subj, *obj; 1748 1749 if (!mac_mls_enabled) 1750 return (0); 1751 1752 subj = SLOT(cred->cr_label); 1753 obj = SLOT(socketlabel); 1754 |
| 1755 if (!mac_mls_dominate_single(subj, obj)) | 1755 if (!mac_mls_dominate_effective(subj, obj)) |
| 1756 return (ENOENT); 1757 1758 return (0); 1759} 1760 1761static int 1762mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, 1763 struct label *label) 1764{ 1765 struct mac_mls *subj, *obj; 1766 1767 if (!mac_mls_enabled) 1768 return (0); 1769 1770 subj = SLOT(cred->cr_label); 1771 obj = SLOT(label); 1772 | 1756 return (ENOENT); 1757 1758 return (0); 1759} 1760 1761static int 1762mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, 1763 struct label *label) 1764{ 1765 struct mac_mls *subj, *obj; 1766 1767 if (!mac_mls_enabled) 1768 return (0); 1769 1770 subj = SLOT(cred->cr_label); 1771 obj = SLOT(label); 1772 |
| 1773 if (!mac_mls_dominate_single(obj, subj) || 1774 !mac_mls_dominate_single(subj, obj)) | 1773 if (!mac_mls_dominate_effective(obj, subj) || 1774 !mac_mls_dominate_effective(subj, obj)) |
| 1775 return (EACCES); 1776 1777 return (0); 1778} 1779 1780static int 1781mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1782 struct label *dlabel) 1783{ 1784 struct mac_mls *subj, *obj; 1785 1786 if (!mac_mls_enabled) 1787 return (0); 1788 1789 subj = SLOT(cred->cr_label); 1790 obj = SLOT(dlabel); 1791 | 1775 return (EACCES); 1776 1777 return (0); 1778} 1779 1780static int 1781mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1782 struct label *dlabel) 1783{ 1784 struct mac_mls *subj, *obj; 1785 1786 if (!mac_mls_enabled) 1787 return (0); 1788 1789 subj = SLOT(cred->cr_label); 1790 obj = SLOT(dlabel); 1791 |
| 1792 if (!mac_mls_dominate_single(subj, obj)) | 1792 if (!mac_mls_dominate_effective(subj, obj)) |
| 1793 return (EACCES); 1794 1795 return (0); 1796} 1797 1798static int 1799mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1800 struct label *dlabel) 1801{ 1802 struct mac_mls *subj, *obj; 1803 1804 if (!mac_mls_enabled) 1805 return (0); 1806 1807 subj = SLOT(cred->cr_label); 1808 obj = SLOT(dlabel); 1809 | 1793 return (EACCES); 1794 1795 return (0); 1796} 1797 1798static int 1799mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1800 struct label *dlabel) 1801{ 1802 struct mac_mls *subj, *obj; 1803 1804 if (!mac_mls_enabled) 1805 return (0); 1806 1807 subj = SLOT(cred->cr_label); 1808 obj = SLOT(dlabel); 1809 |
| 1810 if (!mac_mls_dominate_single(subj, obj)) | 1810 if (!mac_mls_dominate_effective(subj, obj)) |
| 1811 return (EACCES); 1812 1813 return (0); 1814} 1815 1816static int 1817mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1818 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1819{ 1820 struct mac_mls *subj, *obj; 1821 1822 if (!mac_mls_enabled) 1823 return (0); 1824 1825 subj = SLOT(cred->cr_label); 1826 obj = SLOT(dlabel); 1827 | 1811 return (EACCES); 1812 1813 return (0); 1814} 1815 1816static int 1817mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1818 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1819{ 1820 struct mac_mls *subj, *obj; 1821 1822 if (!mac_mls_enabled) 1823 return (0); 1824 1825 subj = SLOT(cred->cr_label); 1826 obj = SLOT(dlabel); 1827 |
| 1828 if (!mac_mls_dominate_single(obj, subj)) | 1828 if (!mac_mls_dominate_effective(obj, subj)) |
| 1829 return (EACCES); 1830 1831 return (0); 1832} 1833 1834static int 1835mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1836 struct label *dlabel, struct vnode *vp, struct label *label, 1837 struct componentname *cnp) 1838{ 1839 struct mac_mls *subj, *obj; 1840 1841 if (!mac_mls_enabled) 1842 return (0); 1843 1844 subj = SLOT(cred->cr_label); 1845 obj = SLOT(dlabel); 1846 | 1829 return (EACCES); 1830 1831 return (0); 1832} 1833 1834static int 1835mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1836 struct label *dlabel, struct vnode *vp, struct label *label, 1837 struct componentname *cnp) 1838{ 1839 struct mac_mls *subj, *obj; 1840 1841 if (!mac_mls_enabled) 1842 return (0); 1843 1844 subj = SLOT(cred->cr_label); 1845 obj = SLOT(dlabel); 1846 |
| 1847 if (!mac_mls_dominate_single(obj, subj)) | 1847 if (!mac_mls_dominate_effective(obj, subj)) |
| 1848 return (EACCES); 1849 1850 obj = SLOT(label); 1851 | 1848 return (EACCES); 1849 1850 obj = SLOT(label); 1851 |
| 1852 if (!mac_mls_dominate_single(obj, subj)) | 1852 if (!mac_mls_dominate_effective(obj, subj)) |
| 1853 return (EACCES); 1854 1855 return (0); 1856} 1857 1858static int 1859mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1860 struct label *label, acl_type_t type) 1861{ 1862 struct mac_mls *subj, *obj; 1863 1864 if (!mac_mls_enabled) 1865 return (0); 1866 1867 subj = SLOT(cred->cr_label); 1868 obj = SLOT(label); 1869 | 1853 return (EACCES); 1854 1855 return (0); 1856} 1857 1858static int 1859mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1860 struct label *label, acl_type_t type) 1861{ 1862 struct mac_mls *subj, *obj; 1863 1864 if (!mac_mls_enabled) 1865 return (0); 1866 1867 subj = SLOT(cred->cr_label); 1868 obj = SLOT(label); 1869 |
| 1870 if (!mac_mls_dominate_single(obj, subj)) | 1870 if (!mac_mls_dominate_effective(obj, subj)) |
| 1871 return (EACCES); 1872 1873 return (0); 1874} 1875 1876static int 1877mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 1878 struct label *label, int attrnamespace, const char *name) 1879{ 1880 struct mac_mls *subj, *obj; 1881 1882 if (!mac_mls_enabled) 1883 return (0); 1884 1885 subj = SLOT(cred->cr_label); 1886 obj = SLOT(label); 1887 | 1871 return (EACCES); 1872 1873 return (0); 1874} 1875 1876static int 1877mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 1878 struct label *label, int attrnamespace, const char *name) 1879{ 1880 struct mac_mls *subj, *obj; 1881 1882 if (!mac_mls_enabled) 1883 return (0); 1884 1885 subj = SLOT(cred->cr_label); 1886 obj = SLOT(label); 1887 |
| 1888 if (!mac_mls_dominate_single(obj, subj)) | 1888 if (!mac_mls_dominate_effective(obj, subj)) |
| 1889 return (EACCES); 1890 1891 return (0); 1892} 1893 1894static int 1895mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1896 struct label *label, struct image_params *imgp, --- 15 unchanged lines hidden (view full) --- 1912 } 1913 1914 if (!mac_mls_enabled) 1915 return (0); 1916 1917 subj = SLOT(cred->cr_label); 1918 obj = SLOT(label); 1919 | 1889 return (EACCES); 1890 1891 return (0); 1892} 1893 1894static int 1895mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1896 struct label *label, struct image_params *imgp, --- 15 unchanged lines hidden (view full) --- 1912 } 1913 1914 if (!mac_mls_enabled) 1915 return (0); 1916 1917 subj = SLOT(cred->cr_label); 1918 obj = SLOT(label); 1919 |
| 1920 if (!mac_mls_dominate_single(subj, obj)) | 1920 if (!mac_mls_dominate_effective(subj, obj)) |
| 1921 return (EACCES); 1922 1923 return (0); 1924} 1925 1926static int 1927mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1928 struct label *label, acl_type_t type) 1929{ 1930 struct mac_mls *subj, *obj; 1931 1932 if (!mac_mls_enabled) 1933 return (0); 1934 1935 subj = SLOT(cred->cr_label); 1936 obj = SLOT(label); 1937 | 1921 return (EACCES); 1922 1923 return (0); 1924} 1925 1926static int 1927mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1928 struct label *label, acl_type_t type) 1929{ 1930 struct mac_mls *subj, *obj; 1931 1932 if (!mac_mls_enabled) 1933 return (0); 1934 1935 subj = SLOT(cred->cr_label); 1936 obj = SLOT(label); 1937 |
| 1938 if (!mac_mls_dominate_single(subj, obj)) | 1938 if (!mac_mls_dominate_effective(subj, obj)) |
| 1939 return (EACCES); 1940 1941 return (0); 1942} 1943 1944static int 1945mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1946 struct label *label, int attrnamespace, const char *name, struct uio *uio) 1947{ 1948 struct mac_mls *subj, *obj; 1949 1950 if (!mac_mls_enabled) 1951 return (0); 1952 1953 subj = SLOT(cred->cr_label); 1954 obj = SLOT(label); 1955 | 1939 return (EACCES); 1940 1941 return (0); 1942} 1943 1944static int 1945mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1946 struct label *label, int attrnamespace, const char *name, struct uio *uio) 1947{ 1948 struct mac_mls *subj, *obj; 1949 1950 if (!mac_mls_enabled) 1951 return (0); 1952 1953 subj = SLOT(cred->cr_label); 1954 obj = SLOT(label); 1955 |
| 1956 if (!mac_mls_dominate_single(subj, obj)) | 1956 if (!mac_mls_dominate_effective(subj, obj)) |
| 1957 return (EACCES); 1958 1959 return (0); 1960} 1961 1962static int 1963mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1964 struct label *dlabel, struct vnode *vp, struct label *label, 1965 struct componentname *cnp) 1966{ 1967 struct mac_mls *subj, *obj; 1968 1969 if (!mac_mls_enabled) 1970 return (0); 1971 1972 subj = SLOT(cred->cr_label); 1973 obj = SLOT(dlabel); 1974 | 1957 return (EACCES); 1958 1959 return (0); 1960} 1961 1962static int 1963mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1964 struct label *dlabel, struct vnode *vp, struct label *label, 1965 struct componentname *cnp) 1966{ 1967 struct mac_mls *subj, *obj; 1968 1969 if (!mac_mls_enabled) 1970 return (0); 1971 1972 subj = SLOT(cred->cr_label); 1973 obj = SLOT(dlabel); 1974 |
| 1975 if (!mac_mls_dominate_single(obj, subj)) | 1975 if (!mac_mls_dominate_effective(obj, subj)) |
| 1976 return (EACCES); 1977 1978 obj = SLOT(dlabel); | 1976 return (EACCES); 1977 1978 obj = SLOT(dlabel); |
| 1979 if (!mac_mls_dominate_single(obj, subj)) | 1979 if (!mac_mls_dominate_effective(obj, subj)) |
| 1980 return (EACCES); 1981 1982 return (0); 1983} 1984 1985static int 1986mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 1987 struct label *label, int attrnamespace) 1988{ 1989 1990 struct mac_mls *subj, *obj; 1991 1992 if (!mac_mls_enabled) 1993 return (0); 1994 1995 subj = SLOT(cred->cr_label); 1996 obj = SLOT(label); 1997 | 1980 return (EACCES); 1981 1982 return (0); 1983} 1984 1985static int 1986mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 1987 struct label *label, int attrnamespace) 1988{ 1989 1990 struct mac_mls *subj, *obj; 1991 1992 if (!mac_mls_enabled) 1993 return (0); 1994 1995 subj = SLOT(cred->cr_label); 1996 obj = SLOT(label); 1997 |
| 1998 if (!mac_mls_dominate_single(subj, obj)) | 1998 if (!mac_mls_dominate_effective(subj, obj)) |
| 1999 return (EACCES); 2000 2001 return (0); 2002} 2003 2004static int 2005mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2006 struct label *dlabel, struct componentname *cnp) 2007{ 2008 struct mac_mls *subj, *obj; 2009 2010 if (!mac_mls_enabled) 2011 return (0); 2012 2013 subj = SLOT(cred->cr_label); 2014 obj = SLOT(dlabel); 2015 | 1999 return (EACCES); 2000 2001 return (0); 2002} 2003 2004static int 2005mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2006 struct label *dlabel, struct componentname *cnp) 2007{ 2008 struct mac_mls *subj, *obj; 2009 2010 if (!mac_mls_enabled) 2011 return (0); 2012 2013 subj = SLOT(cred->cr_label); 2014 obj = SLOT(dlabel); 2015 |
| 2016 if (!mac_mls_dominate_single(subj, obj)) | 2016 if (!mac_mls_dominate_effective(subj, obj)) |
| 2017 return (EACCES); 2018 2019 return (0); 2020} 2021 2022static int 2023mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2024 struct label *label, int prot) --- 6 unchanged lines hidden (view full) --- 2031 */ 2032 if (!mac_mls_enabled || !revocation_enabled) 2033 return (0); 2034 2035 subj = SLOT(cred->cr_label); 2036 obj = SLOT(label); 2037 2038 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { | 2017 return (EACCES); 2018 2019 return (0); 2020} 2021 2022static int 2023mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2024 struct label *label, int prot) --- 6 unchanged lines hidden (view full) --- 2031 */ 2032 if (!mac_mls_enabled || !revocation_enabled) 2033 return (0); 2034 2035 subj = SLOT(cred->cr_label); 2036 obj = SLOT(label); 2037 2038 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { |
| 2039 if (!mac_mls_dominate_single(subj, obj)) | 2039 if (!mac_mls_dominate_effective(subj, obj)) |
| 2040 return (EACCES); 2041 } 2042 if (prot & VM_PROT_WRITE) { | 2040 return (EACCES); 2041 } 2042 if (prot & VM_PROT_WRITE) { |
| 2043 if (!mac_mls_dominate_single(obj, subj)) | 2043 if (!mac_mls_dominate_effective(obj, subj)) |
| 2044 return (EACCES); 2045 } 2046 2047 return (0); 2048} 2049 2050static int 2051mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, --- 4 unchanged lines hidden (view full) --- 2056 if (!mac_mls_enabled) 2057 return (0); 2058 2059 subj = SLOT(cred->cr_label); 2060 obj = SLOT(vnodelabel); 2061 2062 /* XXX privilege override for admin? */ 2063 if (acc_mode & (VREAD | VEXEC | VSTAT)) { | 2044 return (EACCES); 2045 } 2046 2047 return (0); 2048} 2049 2050static int 2051mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, --- 4 unchanged lines hidden (view full) --- 2056 if (!mac_mls_enabled) 2057 return (0); 2058 2059 subj = SLOT(cred->cr_label); 2060 obj = SLOT(vnodelabel); 2061 2062 /* XXX privilege override for admin? */ 2063 if (acc_mode & (VREAD | VEXEC | VSTAT)) { |
| 2064 if (!mac_mls_dominate_single(subj, obj)) | 2064 if (!mac_mls_dominate_effective(subj, obj)) |
| 2065 return (EACCES); 2066 } 2067 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { | 2065 return (EACCES); 2066 } 2067 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { |
| 2068 if (!mac_mls_dominate_single(obj, subj)) | 2068 if (!mac_mls_dominate_effective(obj, subj)) |
| 2069 return (EACCES); 2070 } 2071 2072 return (0); 2073} 2074 2075static int 2076mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2077 struct vnode *vp, struct label *label) 2078{ 2079 struct mac_mls *subj, *obj; 2080 2081 if (!mac_mls_enabled || !revocation_enabled) 2082 return (0); 2083 2084 subj = SLOT(active_cred->cr_label); 2085 obj = SLOT(label); 2086 | 2069 return (EACCES); 2070 } 2071 2072 return (0); 2073} 2074 2075static int 2076mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2077 struct vnode *vp, struct label *label) 2078{ 2079 struct mac_mls *subj, *obj; 2080 2081 if (!mac_mls_enabled || !revocation_enabled) 2082 return (0); 2083 2084 subj = SLOT(active_cred->cr_label); 2085 obj = SLOT(label); 2086 |
| 2087 if (!mac_mls_dominate_single(subj, obj)) | 2087 if (!mac_mls_dominate_effective(subj, obj)) |
| 2088 return (EACCES); 2089 2090 return (0); 2091} 2092 2093static int 2094mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2095 struct vnode *vp, struct label *label) 2096{ 2097 struct mac_mls *subj, *obj; 2098 2099 if (!mac_mls_enabled || !revocation_enabled) 2100 return (0); 2101 2102 subj = SLOT(active_cred->cr_label); 2103 obj = SLOT(label); 2104 | 2088 return (EACCES); 2089 2090 return (0); 2091} 2092 2093static int 2094mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2095 struct vnode *vp, struct label *label) 2096{ 2097 struct mac_mls *subj, *obj; 2098 2099 if (!mac_mls_enabled || !revocation_enabled) 2100 return (0); 2101 2102 subj = SLOT(active_cred->cr_label); 2103 obj = SLOT(label); 2104 |
| 2105 if (!mac_mls_dominate_single(subj, obj)) | 2105 if (!mac_mls_dominate_effective(subj, obj)) |
| 2106 return (EACCES); 2107 2108 return (0); 2109} 2110 2111static int 2112mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2113 struct label *dlabel) 2114{ 2115 struct mac_mls *subj, *obj; 2116 2117 if (!mac_mls_enabled) 2118 return (0); 2119 2120 subj = SLOT(cred->cr_label); 2121 obj = SLOT(dlabel); 2122 | 2106 return (EACCES); 2107 2108 return (0); 2109} 2110 2111static int 2112mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2113 struct label *dlabel) 2114{ 2115 struct mac_mls *subj, *obj; 2116 2117 if (!mac_mls_enabled) 2118 return (0); 2119 2120 subj = SLOT(cred->cr_label); 2121 obj = SLOT(dlabel); 2122 |
| 2123 if (!mac_mls_dominate_single(subj, obj)) | 2123 if (!mac_mls_dominate_effective(subj, obj)) |
| 2124 return (EACCES); 2125 2126 return (0); 2127} 2128 2129static int 2130mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2131 struct label *vnodelabel) 2132{ 2133 struct mac_mls *subj, *obj; 2134 2135 if (!mac_mls_enabled) 2136 return (0); 2137 2138 subj = SLOT(cred->cr_label); 2139 obj = SLOT(vnodelabel); 2140 | 2124 return (EACCES); 2125 2126 return (0); 2127} 2128 2129static int 2130mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2131 struct label *vnodelabel) 2132{ 2133 struct mac_mls *subj, *obj; 2134 2135 if (!mac_mls_enabled) 2136 return (0); 2137 2138 subj = SLOT(cred->cr_label); 2139 obj = SLOT(vnodelabel); 2140 |
| 2141 if (!mac_mls_dominate_single(subj, obj)) | 2141 if (!mac_mls_dominate_effective(subj, obj)) |
| 2142 return (EACCES); 2143 2144 return (0); 2145} 2146 2147static int 2148mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2149 struct label *vnodelabel, struct label *newlabel) 2150{ 2151 struct mac_mls *old, *new, *subj; 2152 int error; 2153 2154 old = SLOT(vnodelabel); 2155 new = SLOT(newlabel); 2156 subj = SLOT(cred->cr_label); 2157 2158 /* 2159 * If there is an MLS label update for the vnode, it must be a | 2142 return (EACCES); 2143 2144 return (0); 2145} 2146 2147static int 2148mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2149 struct label *vnodelabel, struct label *newlabel) 2150{ 2151 struct mac_mls *old, *new, *subj; 2152 int error; 2153 2154 old = SLOT(vnodelabel); 2155 new = SLOT(newlabel); 2156 subj = SLOT(cred->cr_label); 2157 2158 /* 2159 * If there is an MLS label update for the vnode, it must be a |
| 2160 * single label. | 2160 * effective label. |
| 2161 */ | 2161 */ |
| 2162 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); | 2162 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); |
| 2163 if (error) 2164 return (error); 2165 2166 /* 2167 * To perform a relabel of the vnode (MLS label or not), MLS must 2168 * authorize the relabel. 2169 */ | 2163 if (error) 2164 return (error); 2165 2166 /* 2167 * To perform a relabel of the vnode (MLS label or not), MLS must 2168 * authorize the relabel. 2169 */ |
| 2170 if (!mac_mls_single_in_range(old, subj)) | 2170 if (!mac_mls_effective_in_range(old, subj)) |
| 2171 return (EPERM); 2172 2173 /* 2174 * If the MLS label is to be changed, authorize as appropriate. 2175 */ | 2171 return (EPERM); 2172 2173 /* 2174 * If the MLS label is to be changed, authorize as appropriate. 2175 */ |
| 2176 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { | 2176 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { |
| 2177 /* 2178 * To change the MLS label on a vnode, the new vnode label 2179 * must be in the subject range. 2180 */ | 2177 /* 2178 * To change the MLS label on a vnode, the new vnode label 2179 * must be in the subject range. 2180 */ |
| 2181 if (!mac_mls_single_in_range(new, subj)) | 2181 if (!mac_mls_effective_in_range(new, subj)) |
| 2182 return (EPERM); 2183 2184 /* 2185 * To change the MLS label on the vnode to be EQUAL, 2186 * the subject must have appropriate privilege. 2187 */ 2188 if (mac_mls_contains_equal(new)) { 2189 error = mac_mls_subject_privileged(subj); --- 14 unchanged lines hidden (view full) --- 2204 struct mac_mls *subj, *obj; 2205 2206 if (!mac_mls_enabled) 2207 return (0); 2208 2209 subj = SLOT(cred->cr_label); 2210 obj = SLOT(dlabel); 2211 | 2182 return (EPERM); 2183 2184 /* 2185 * To change the MLS label on the vnode to be EQUAL, 2186 * the subject must have appropriate privilege. 2187 */ 2188 if (mac_mls_contains_equal(new)) { 2189 error = mac_mls_subject_privileged(subj); --- 14 unchanged lines hidden (view full) --- 2204 struct mac_mls *subj, *obj; 2205 2206 if (!mac_mls_enabled) 2207 return (0); 2208 2209 subj = SLOT(cred->cr_label); 2210 obj = SLOT(dlabel); 2211 |
| 2212 if (!mac_mls_dominate_single(obj, subj)) | 2212 if (!mac_mls_dominate_effective(obj, subj)) |
| 2213 return (EACCES); 2214 2215 obj = SLOT(label); 2216 | 2213 return (EACCES); 2214 2215 obj = SLOT(label); 2216 |
| 2217 if (!mac_mls_dominate_single(obj, subj)) | 2217 if (!mac_mls_dominate_effective(obj, subj)) |
| 2218 return (EACCES); 2219 2220 return (0); 2221} 2222 2223static int 2224mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2225 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2226 struct componentname *cnp) 2227{ 2228 struct mac_mls *subj, *obj; 2229 2230 if (!mac_mls_enabled) 2231 return (0); 2232 2233 subj = SLOT(cred->cr_label); 2234 obj = SLOT(dlabel); 2235 | 2218 return (EACCES); 2219 2220 return (0); 2221} 2222 2223static int 2224mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2225 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2226 struct componentname *cnp) 2227{ 2228 struct mac_mls *subj, *obj; 2229 2230 if (!mac_mls_enabled) 2231 return (0); 2232 2233 subj = SLOT(cred->cr_label); 2234 obj = SLOT(dlabel); 2235 |
| 2236 if (!mac_mls_dominate_single(obj, subj)) | 2236 if (!mac_mls_dominate_effective(obj, subj)) |
| 2237 return (EACCES); 2238 2239 if (vp != NULL) { 2240 obj = SLOT(label); 2241 | 2237 return (EACCES); 2238 2239 if (vp != NULL) { 2240 obj = SLOT(label); 2241 |
| 2242 if (!mac_mls_dominate_single(obj, subj)) | 2242 if (!mac_mls_dominate_effective(obj, subj)) |
| 2243 return (EACCES); 2244 } 2245 2246 return (0); 2247} 2248 2249static int 2250mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2251 struct label *label) 2252{ 2253 struct mac_mls *subj, *obj; 2254 2255 if (!mac_mls_enabled) 2256 return (0); 2257 2258 subj = SLOT(cred->cr_label); 2259 obj = SLOT(label); 2260 | 2243 return (EACCES); 2244 } 2245 2246 return (0); 2247} 2248 2249static int 2250mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2251 struct label *label) 2252{ 2253 struct mac_mls *subj, *obj; 2254 2255 if (!mac_mls_enabled) 2256 return (0); 2257 2258 subj = SLOT(cred->cr_label); 2259 obj = SLOT(label); 2260 |
| 2261 if (!mac_mls_dominate_single(obj, subj)) | 2261 if (!mac_mls_dominate_effective(obj, subj)) |
| 2262 return (EACCES); 2263 2264 return (0); 2265} 2266 2267static int 2268mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2269 struct label *label, acl_type_t type, struct acl *acl) 2270{ 2271 struct mac_mls *subj, *obj; 2272 2273 if (!mac_mls_enabled) 2274 return (0); 2275 2276 subj = SLOT(cred->cr_label); 2277 obj = SLOT(label); 2278 | 2262 return (EACCES); 2263 2264 return (0); 2265} 2266 2267static int 2268mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2269 struct label *label, acl_type_t type, struct acl *acl) 2270{ 2271 struct mac_mls *subj, *obj; 2272 2273 if (!mac_mls_enabled) 2274 return (0); 2275 2276 subj = SLOT(cred->cr_label); 2277 obj = SLOT(label); 2278 |
| 2279 if (!mac_mls_dominate_single(obj, subj)) | 2279 if (!mac_mls_dominate_effective(obj, subj)) |
| 2280 return (EACCES); 2281 2282 return (0); 2283} 2284 2285static int 2286mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2287 struct label *vnodelabel, int attrnamespace, const char *name, 2288 struct uio *uio) 2289{ 2290 struct mac_mls *subj, *obj; 2291 2292 if (!mac_mls_enabled) 2293 return (0); 2294 2295 subj = SLOT(cred->cr_label); 2296 obj = SLOT(vnodelabel); 2297 | 2280 return (EACCES); 2281 2282 return (0); 2283} 2284 2285static int 2286mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2287 struct label *vnodelabel, int attrnamespace, const char *name, 2288 struct uio *uio) 2289{ 2290 struct mac_mls *subj, *obj; 2291 2292 if (!mac_mls_enabled) 2293 return (0); 2294 2295 subj = SLOT(cred->cr_label); 2296 obj = SLOT(vnodelabel); 2297 |
| 2298 if (!mac_mls_dominate_single(obj, subj)) | 2298 if (!mac_mls_dominate_effective(obj, subj)) |
| 2299 return (EACCES); 2300 2301 /* XXX: protect the MAC EA in a special way? */ 2302 2303 return (0); 2304} 2305 2306static int 2307mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2308 struct label *vnodelabel, u_long flags) 2309{ 2310 struct mac_mls *subj, *obj; 2311 2312 if (!mac_mls_enabled) 2313 return (0); 2314 2315 subj = SLOT(cred->cr_label); 2316 obj = SLOT(vnodelabel); 2317 | 2299 return (EACCES); 2300 2301 /* XXX: protect the MAC EA in a special way? */ 2302 2303 return (0); 2304} 2305 2306static int 2307mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2308 struct label *vnodelabel, u_long flags) 2309{ 2310 struct mac_mls *subj, *obj; 2311 2312 if (!mac_mls_enabled) 2313 return (0); 2314 2315 subj = SLOT(cred->cr_label); 2316 obj = SLOT(vnodelabel); 2317 |
| 2318 if (!mac_mls_dominate_single(obj, subj)) | 2318 if (!mac_mls_dominate_effective(obj, subj)) |
| 2319 return (EACCES); 2320 2321 return (0); 2322} 2323 2324static int 2325mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2326 struct label *vnodelabel, mode_t mode) 2327{ 2328 struct mac_mls *subj, *obj; 2329 2330 if (!mac_mls_enabled) 2331 return (0); 2332 2333 subj = SLOT(cred->cr_label); 2334 obj = SLOT(vnodelabel); 2335 | 2319 return (EACCES); 2320 2321 return (0); 2322} 2323 2324static int 2325mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2326 struct label *vnodelabel, mode_t mode) 2327{ 2328 struct mac_mls *subj, *obj; 2329 2330 if (!mac_mls_enabled) 2331 return (0); 2332 2333 subj = SLOT(cred->cr_label); 2334 obj = SLOT(vnodelabel); 2335 |
| 2336 if (!mac_mls_dominate_single(obj, subj)) | 2336 if (!mac_mls_dominate_effective(obj, subj)) |
| 2337 return (EACCES); 2338 2339 return (0); 2340} 2341 2342static int 2343mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2344 struct label *vnodelabel, uid_t uid, gid_t gid) 2345{ 2346 struct mac_mls *subj, *obj; 2347 2348 if (!mac_mls_enabled) 2349 return (0); 2350 2351 subj = SLOT(cred->cr_label); 2352 obj = SLOT(vnodelabel); 2353 | 2337 return (EACCES); 2338 2339 return (0); 2340} 2341 2342static int 2343mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2344 struct label *vnodelabel, uid_t uid, gid_t gid) 2345{ 2346 struct mac_mls *subj, *obj; 2347 2348 if (!mac_mls_enabled) 2349 return (0); 2350 2351 subj = SLOT(cred->cr_label); 2352 obj = SLOT(vnodelabel); 2353 |
| 2354 if (!mac_mls_dominate_single(obj, subj)) | 2354 if (!mac_mls_dominate_effective(obj, subj)) |
| 2355 return (EACCES); 2356 2357 return (0); 2358} 2359 2360static int 2361mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2362 struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2363{ 2364 struct mac_mls *subj, *obj; 2365 2366 if (!mac_mls_enabled) 2367 return (0); 2368 2369 subj = SLOT(cred->cr_label); 2370 obj = SLOT(vnodelabel); 2371 | 2355 return (EACCES); 2356 2357 return (0); 2358} 2359 2360static int 2361mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2362 struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2363{ 2364 struct mac_mls *subj, *obj; 2365 2366 if (!mac_mls_enabled) 2367 return (0); 2368 2369 subj = SLOT(cred->cr_label); 2370 obj = SLOT(vnodelabel); 2371 |
| 2372 if (!mac_mls_dominate_single(obj, subj)) | 2372 if (!mac_mls_dominate_effective(obj, subj)) |
| 2373 return (EACCES); 2374 2375 return (0); 2376} 2377 2378static int 2379mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2380 struct vnode *vp, struct label *vnodelabel) 2381{ 2382 struct mac_mls *subj, *obj; 2383 2384 if (!mac_mls_enabled) 2385 return (0); 2386 2387 subj = SLOT(active_cred->cr_label); 2388 obj = SLOT(vnodelabel); 2389 | 2373 return (EACCES); 2374 2375 return (0); 2376} 2377 2378static int 2379mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2380 struct vnode *vp, struct label *vnodelabel) 2381{ 2382 struct mac_mls *subj, *obj; 2383 2384 if (!mac_mls_enabled) 2385 return (0); 2386 2387 subj = SLOT(active_cred->cr_label); 2388 obj = SLOT(vnodelabel); 2389 |
| 2390 if (!mac_mls_dominate_single(subj, obj)) | 2390 if (!mac_mls_dominate_effective(subj, obj)) |
| 2391 return (EACCES); 2392 2393 return (0); 2394} 2395 2396static int 2397mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 2398 struct vnode *vp, struct label *label) 2399{ 2400 struct mac_mls *subj, *obj; 2401 2402 if (!mac_mls_enabled || !revocation_enabled) 2403 return (0); 2404 2405 subj = SLOT(active_cred->cr_label); 2406 obj = SLOT(label); 2407 | 2391 return (EACCES); 2392 2393 return (0); 2394} 2395 2396static int 2397mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 2398 struct vnode *vp, struct label *label) 2399{ 2400 struct mac_mls *subj, *obj; 2401 2402 if (!mac_mls_enabled || !revocation_enabled) 2403 return (0); 2404 2405 subj = SLOT(active_cred->cr_label); 2406 obj = SLOT(label); 2407 |
| 2408 if (!mac_mls_dominate_single(obj, subj)) | 2408 if (!mac_mls_dominate_effective(obj, subj)) |
| 2409 return (EACCES); 2410 2411 return (0); 2412} 2413 2414static struct mac_policy_ops mac_mls_ops = 2415{ 2416 .mpo_init = mac_mls_init, --- 139 unchanged lines hidden --- | 2409 return (EACCES); 2410 2411 return (0); 2412} 2413 2414static struct mac_policy_ops mac_mls_ops = 2415{ 2416 .mpo_init = mac_mls_init, --- 139 unchanged lines hidden --- |