| mac_mls.c (172930) | mac_mls.c (172955) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 172930 2007-10-24 19:04:04Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 172955 2007-10-25 11:31:11Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 41 unchanged lines hidden (view full) --- 88#include <security/mac/mac_policy.h> 89#include <security/mac_mls/mac_mls.h> 90 91SYSCTL_DECL(_security_mac); 92 93SYSCTL_NODE(_security_mac, OID_AUTO, mls, CTLFLAG_RW, 0, 94 "TrustedBSD mac_mls policy controls"); 95 | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 41 unchanged lines hidden (view full) --- 88#include <security/mac/mac_policy.h> 89#include <security/mac_mls/mac_mls.h> 90 91SYSCTL_DECL(_security_mac); 92 93SYSCTL_NODE(_security_mac, OID_AUTO, mls, CTLFLAG_RW, 0, 94 "TrustedBSD mac_mls policy controls"); 95 |
| 96static int mac_mls_label_size = sizeof(struct mac_mls); | 96static int mls_label_size = sizeof(struct mac_mls); |
| 97SYSCTL_INT(_security_mac_mls, OID_AUTO, label_size, CTLFLAG_RD, | 97SYSCTL_INT(_security_mac_mls, OID_AUTO, label_size, CTLFLAG_RD, |
| 98 &mac_mls_label_size, 0, "Size of struct mac_mls"); | 98 &mls_label_size, 0, "Size of struct mac_mls"); |
| 99 | 99 |
| 100static int mac_mls_enabled = 1; 101SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW, 102 &mac_mls_enabled, 0, "Enforce MAC/MLS policy"); 103TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled); | 100static int mls_enabled = 1; 101SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW, &mls_enabled, 0, 102 "Enforce MAC/MLS policy"); 103TUNABLE_INT("security.mac.mls.enabled", &mls_enabled); |
| 104 105static int destroyed_not_inited; 106SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 107 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 108 109static int ptys_equal = 0; 110SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW, 111 &ptys_equal, 0, "Label pty devices as mls/equal on create"); 112TUNABLE_INT("security.mac.mls.ptys_equal", &ptys_equal); 113 114static int revocation_enabled = 0; 115SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, 116 &revocation_enabled, 0, "Revoke access to objects on relabel"); 117TUNABLE_INT("security.mac.mls.revocation_enabled", &revocation_enabled); 118 119static int max_compartments = MAC_MLS_MAX_COMPARTMENTS; 120SYSCTL_INT(_security_mac_mls, OID_AUTO, max_compartments, CTLFLAG_RD, 121 &max_compartments, 0, "Maximum compartments the policy supports"); 122 | 104 105static int destroyed_not_inited; 106SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 107 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 108 109static int ptys_equal = 0; 110SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW, 111 &ptys_equal, 0, "Label pty devices as mls/equal on create"); 112TUNABLE_INT("security.mac.mls.ptys_equal", &ptys_equal); 113 114static int revocation_enabled = 0; 115SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, 116 &revocation_enabled, 0, "Revoke access to objects on relabel"); 117TUNABLE_INT("security.mac.mls.revocation_enabled", &revocation_enabled); 118 119static int max_compartments = MAC_MLS_MAX_COMPARTMENTS; 120SYSCTL_INT(_security_mac_mls, OID_AUTO, max_compartments, CTLFLAG_RD, 121 &max_compartments, 0, "Maximum compartments the policy supports"); 122 |
| 123static int mac_mls_slot; 124#define SLOT(l) ((struct mac_mls *)mac_label_get((l), mac_mls_slot)) 125#define SLOT_SET(l, val) mac_label_set((l), mac_mls_slot, (uintptr_t)(val)) | 123static int mls_slot; 124#define SLOT(l) ((struct mac_mls *)mac_label_get((l), mls_slot)) 125#define SLOT_SET(l, val) mac_label_set((l), mls_slot, (uintptr_t)(val)) |
| 126 127static uma_zone_t zone_mls; 128 129static __inline int 130mls_bit_set_empty(u_char *set) { 131 int i; 132 133 for (i = 0; i < MAC_MLS_MAX_COMPARTMENTS >> 3; i++) --- 5 unchanged lines hidden (view full) --- 139static struct mac_mls * 140mls_alloc(int flag) 141{ 142 143 return (uma_zalloc(zone_mls, flag | M_ZERO)); 144} 145 146static void | 126 127static uma_zone_t zone_mls; 128 129static __inline int 130mls_bit_set_empty(u_char *set) { 131 int i; 132 133 for (i = 0; i < MAC_MLS_MAX_COMPARTMENTS >> 3; i++) --- 5 unchanged lines hidden (view full) --- 139static struct mac_mls * 140mls_alloc(int flag) 141{ 142 143 return (uma_zalloc(zone_mls, flag | M_ZERO)); 144} 145 146static void |
| 147mls_free(struct mac_mls *mac_mls) | 147mls_free(struct mac_mls *mm) |
| 148{ 149 | 148{ 149 |
| 150 if (mac_mls != NULL) 151 uma_zfree(zone_mls, mac_mls); | 150 if (mm != NULL) 151 uma_zfree(zone_mls, mm); |
| 152 else 153 atomic_add_int(&destroyed_not_inited, 1); 154} 155 156static int | 152 else 153 atomic_add_int(&destroyed_not_inited, 1); 154} 155 156static int |
| 157mls_atmostflags(struct mac_mls *mac_mls, int flags) | 157mls_atmostflags(struct mac_mls *mm, int flags) |
| 158{ 159 | 158{ 159 |
| 160 if ((mac_mls->mm_flags & flags) != mac_mls->mm_flags) | 160 if ((mm->mm_flags & flags) != mm->mm_flags) |
| 161 return (EINVAL); 162 return (0); 163} 164 165static int | 161 return (EINVAL); 162 return (0); 163} 164 165static int |
| 166mac_mls_dominate_element(struct mac_mls_element *a, 167 struct mac_mls_element *b) | 166mls_dominate_element(struct mac_mls_element *a, struct mac_mls_element *b) |
| 168{ 169 int bit; 170 171 switch (a->mme_type) { 172 case MAC_MLS_TYPE_EQUAL: 173 case MAC_MLS_TYPE_HIGH: 174 return (1); 175 176 case MAC_MLS_TYPE_LOW: 177 switch (b->mme_type) { 178 case MAC_MLS_TYPE_LEVEL: 179 case MAC_MLS_TYPE_HIGH: 180 return (0); 181 182 case MAC_MLS_TYPE_EQUAL: 183 case MAC_MLS_TYPE_LOW: 184 return (1); 185 186 default: | 167{ 168 int bit; 169 170 switch (a->mme_type) { 171 case MAC_MLS_TYPE_EQUAL: 172 case MAC_MLS_TYPE_HIGH: 173 return (1); 174 175 case MAC_MLS_TYPE_LOW: 176 switch (b->mme_type) { 177 case MAC_MLS_TYPE_LEVEL: 178 case MAC_MLS_TYPE_HIGH: 179 return (0); 180 181 case MAC_MLS_TYPE_EQUAL: 182 case MAC_MLS_TYPE_LOW: 183 return (1); 184 185 default: |
| 187 panic("mac_mls_dominate_element: b->mme_type invalid"); | 186 panic("mls_dominate_element: b->mme_type invalid"); |
| 188 } 189 190 case MAC_MLS_TYPE_LEVEL: 191 switch (b->mme_type) { 192 case MAC_MLS_TYPE_EQUAL: 193 case MAC_MLS_TYPE_LOW: 194 return (1); 195 --- 4 unchanged lines hidden (view full) --- 200 for (bit = 1; bit <= MAC_MLS_MAX_COMPARTMENTS; bit++) 201 if (!MAC_MLS_BIT_TEST(bit, 202 a->mme_compartments) && 203 MAC_MLS_BIT_TEST(bit, b->mme_compartments)) 204 return (0); 205 return (a->mme_level >= b->mme_level); 206 207 default: | 187 } 188 189 case MAC_MLS_TYPE_LEVEL: 190 switch (b->mme_type) { 191 case MAC_MLS_TYPE_EQUAL: 192 case MAC_MLS_TYPE_LOW: 193 return (1); 194 --- 4 unchanged lines hidden (view full) --- 199 for (bit = 1; bit <= MAC_MLS_MAX_COMPARTMENTS; bit++) 200 if (!MAC_MLS_BIT_TEST(bit, 201 a->mme_compartments) && 202 MAC_MLS_BIT_TEST(bit, b->mme_compartments)) 203 return (0); 204 return (a->mme_level >= b->mme_level); 205 206 default: |
| 208 panic("mac_mls_dominate_element: b->mme_type invalid"); | 207 panic("mls_dominate_element: b->mme_type invalid"); |
| 209 } 210 211 default: | 208 } 209 210 default: |
| 212 panic("mac_mls_dominate_element: a->mme_type invalid"); | 211 panic("mls_dominate_element: a->mme_type invalid"); |
| 213 } 214 215 return (0); 216} 217 218static int | 212 } 213 214 return (0); 215} 216 217static int |
| 219mac_mls_range_in_range(struct mac_mls *rangea, struct mac_mls *rangeb) | 218mls_range_in_range(struct mac_mls *rangea, struct mac_mls *rangeb) |
| 220{ 221 | 219{ 220 |
| 222 return (mac_mls_dominate_element(&rangeb->mm_rangehigh, | 221 return (mls_dominate_element(&rangeb->mm_rangehigh, |
| 223 &rangea->mm_rangehigh) && | 222 &rangea->mm_rangehigh) && |
| 224 mac_mls_dominate_element(&rangea->mm_rangelow, | 223 mls_dominate_element(&rangea->mm_rangelow, |
| 225 &rangeb->mm_rangelow)); 226} 227 228static int | 224 &rangeb->mm_rangelow)); 225} 226 227static int |
| 229mac_mls_effective_in_range(struct mac_mls *effective, struct mac_mls *range) | 228mls_effective_in_range(struct mac_mls *effective, struct mac_mls *range) |
| 230{ 231 232 KASSERT((effective->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 229{ 230 231 KASSERT((effective->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 233 ("mac_mls_effective_in_range: a not effective")); | 232 ("mls_effective_in_range: a not effective")); |
| 234 KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, | 233 KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, |
| 235 ("mac_mls_effective_in_range: b not range")); | 234 ("mls_effective_in_range: b not range")); |
| 236 | 235 |
| 237 return (mac_mls_dominate_element(&range->mm_rangehigh, | 236 return (mls_dominate_element(&range->mm_rangehigh, |
| 238 &effective->mm_effective) && | 237 &effective->mm_effective) && |
| 239 mac_mls_dominate_element(&effective->mm_effective, | 238 mls_dominate_element(&effective->mm_effective, |
| 240 &range->mm_rangelow)); 241 242 return (1); 243} 244 245static int | 239 &range->mm_rangelow)); 240 241 return (1); 242} 243 244static int |
| 246mac_mls_dominate_effective(struct mac_mls *a, struct mac_mls *b) | 245mls_dominate_effective(struct mac_mls *a, struct mac_mls *b) |
| 247{ 248 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 246{ 247 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 249 ("mac_mls_dominate_effective: a not effective")); | 248 ("mls_dominate_effective: a not effective")); |
| 250 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 249 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 251 ("mac_mls_dominate_effective: b not effective")); | 250 ("mls_dominate_effective: b not effective")); |
| 252 | 251 |
| 253 return (mac_mls_dominate_element(&a->mm_effective, &b->mm_effective)); | 252 return (mls_dominate_element(&a->mm_effective, &b->mm_effective)); |
| 254} 255 256static int | 253} 254 255static int |
| 257mac_mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) | 256mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) |
| 258{ 259 260 if (a->mme_type == MAC_MLS_TYPE_EQUAL || 261 b->mme_type == MAC_MLS_TYPE_EQUAL) 262 return (1); 263 264 return (a->mme_type == b->mme_type && a->mme_level == b->mme_level); 265} 266 267static int | 257{ 258 259 if (a->mme_type == MAC_MLS_TYPE_EQUAL || 260 b->mme_type == MAC_MLS_TYPE_EQUAL) 261 return (1); 262 263 return (a->mme_type == b->mme_type && a->mme_level == b->mme_level); 264} 265 266static int |
| 268mac_mls_equal_effective(struct mac_mls *a, struct mac_mls *b) | 267mls_equal_effective(struct mac_mls *a, struct mac_mls *b) |
| 269{ 270 271 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 268{ 269 270 KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 272 ("mac_mls_equal_effective: a not effective")); | 271 ("mls_equal_effective: a not effective")); |
| 273 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 272 KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 274 ("mac_mls_equal_effective: b not effective")); | 273 ("mls_equal_effective: b not effective")); |
| 275 | 274 |
| 276 return (mac_mls_equal_element(&a->mm_effective, &b->mm_effective)); | 275 return (mls_equal_element(&a->mm_effective, &b->mm_effective)); |
| 277} 278 279static int | 276} 277 278static int |
| 280mac_mls_contains_equal(struct mac_mls *mac_mls) | 279mls_contains_equal(struct mac_mls *mm) |
| 281{ 282 | 280{ 281 |
| 283 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) 284 if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) | 282 if (mm->mm_flags & MAC_MLS_FLAG_EFFECTIVE) 283 if (mm->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) |
| 285 return (1); 286 | 284 return (1); 285 |
| 287 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 288 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL) | 286 if (mm->mm_flags & MAC_MLS_FLAG_RANGE) { 287 if (mm->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL) |
| 289 return (1); | 288 return (1); |
| 290 if (mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) | 289 if (mm->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) |
| 291 return (1); 292 } 293 294 return (0); 295} 296 297static int | 290 return (1); 291 } 292 293 return (0); 294} 295 296static int |
| 298mac_mls_subject_privileged(struct mac_mls *mac_mls) | 297mls_subject_privileged(struct mac_mls *mm) |
| 299{ 300 | 298{ 299 |
| 301 KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == 302 MAC_MLS_FLAGS_BOTH, 303 ("mac_mls_subject_privileged: subject doesn't have both labels")); | 300 KASSERT((mm->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH, 301 ("mls_subject_privileged: subject doesn't have both labels")); |
| 304 305 /* If the effective is EQUAL, it's ok. */ | 302 303 /* If the effective is EQUAL, it's ok. */ |
| 306 if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) | 304 if (mm->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) |
| 307 return (0); 308 309 /* If either range endpoint is EQUAL, it's ok. */ | 305 return (0); 306 307 /* If either range endpoint is EQUAL, it's ok. */ |
| 310 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL || 311 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) | 308 if (mm->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL || 309 mm->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) |
| 312 return (0); 313 314 /* If the range is low-high, it's ok. */ | 310 return (0); 311 312 /* If the range is low-high, it's ok. */ |
| 315 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_LOW && 316 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_HIGH) | 313 if (mm->mm_rangelow.mme_type == MAC_MLS_TYPE_LOW && 314 mm->mm_rangehigh.mme_type == MAC_MLS_TYPE_HIGH) |
| 317 return (0); 318 319 /* It's not ok. */ 320 return (EPERM); 321} 322 323static int | 315 return (0); 316 317 /* It's not ok. */ 318 return (EPERM); 319} 320 321static int |
| 324mac_mls_valid(struct mac_mls *mac_mls) | 322mls_valid(struct mac_mls *mm) |
| 325{ 326 | 323{ 324 |
| 327 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 328 switch (mac_mls->mm_effective.mme_type) { | 325 if (mm->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 326 switch (mm->mm_effective.mme_type) { |
| 329 case MAC_MLS_TYPE_LEVEL: 330 break; 331 332 case MAC_MLS_TYPE_EQUAL: 333 case MAC_MLS_TYPE_HIGH: 334 case MAC_MLS_TYPE_LOW: | 327 case MAC_MLS_TYPE_LEVEL: 328 break; 329 330 case MAC_MLS_TYPE_EQUAL: 331 case MAC_MLS_TYPE_HIGH: 332 case MAC_MLS_TYPE_LOW: |
| 335 if (mac_mls->mm_effective.mme_level != 0 || | 333 if (mm->mm_effective.mme_level != 0 || |
| 336 !MAC_MLS_BIT_SET_EMPTY( | 334 !MAC_MLS_BIT_SET_EMPTY( |
| 337 mac_mls->mm_effective.mme_compartments)) | 335 mm->mm_effective.mme_compartments)) |
| 338 return (EINVAL); 339 break; 340 341 default: 342 return (EINVAL); 343 } 344 } else { | 336 return (EINVAL); 337 break; 338 339 default: 340 return (EINVAL); 341 } 342 } else { |
| 345 if (mac_mls->mm_effective.mme_type != MAC_MLS_TYPE_UNDEF) | 343 if (mm->mm_effective.mme_type != MAC_MLS_TYPE_UNDEF) |
| 346 return (EINVAL); 347 } 348 | 344 return (EINVAL); 345 } 346 |
| 349 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 350 switch (mac_mls->mm_rangelow.mme_type) { | 347 if (mm->mm_flags & MAC_MLS_FLAG_RANGE) { 348 switch (mm->mm_rangelow.mme_type) { |
| 351 case MAC_MLS_TYPE_LEVEL: 352 break; 353 354 case MAC_MLS_TYPE_EQUAL: 355 case MAC_MLS_TYPE_HIGH: 356 case MAC_MLS_TYPE_LOW: | 349 case MAC_MLS_TYPE_LEVEL: 350 break; 351 352 case MAC_MLS_TYPE_EQUAL: 353 case MAC_MLS_TYPE_HIGH: 354 case MAC_MLS_TYPE_LOW: |
| 357 if (mac_mls->mm_rangelow.mme_level != 0 || | 355 if (mm->mm_rangelow.mme_level != 0 || |
| 358 !MAC_MLS_BIT_SET_EMPTY( | 356 !MAC_MLS_BIT_SET_EMPTY( |
| 359 mac_mls->mm_rangelow.mme_compartments)) | 357 mm->mm_rangelow.mme_compartments)) |
| 360 return (EINVAL); 361 break; 362 363 default: 364 return (EINVAL); 365 } 366 | 358 return (EINVAL); 359 break; 360 361 default: 362 return (EINVAL); 363 } 364 |
| 367 switch (mac_mls->mm_rangehigh.mme_type) { | 365 switch (mm->mm_rangehigh.mme_type) { |
| 368 case MAC_MLS_TYPE_LEVEL: 369 break; 370 371 case MAC_MLS_TYPE_EQUAL: 372 case MAC_MLS_TYPE_HIGH: 373 case MAC_MLS_TYPE_LOW: | 366 case MAC_MLS_TYPE_LEVEL: 367 break; 368 369 case MAC_MLS_TYPE_EQUAL: 370 case MAC_MLS_TYPE_HIGH: 371 case MAC_MLS_TYPE_LOW: |
| 374 if (mac_mls->mm_rangehigh.mme_level != 0 || | 372 if (mm->mm_rangehigh.mme_level != 0 || |
| 375 !MAC_MLS_BIT_SET_EMPTY( | 373 !MAC_MLS_BIT_SET_EMPTY( |
| 376 mac_mls->mm_rangehigh.mme_compartments)) | 374 mm->mm_rangehigh.mme_compartments)) |
| 377 return (EINVAL); 378 break; 379 380 default: 381 return (EINVAL); 382 } | 375 return (EINVAL); 376 break; 377 378 default: 379 return (EINVAL); 380 } |
| 383 if (!mac_mls_dominate_element(&mac_mls->mm_rangehigh, 384 &mac_mls->mm_rangelow)) | 381 if (!mls_dominate_element(&mm->mm_rangehigh, 382 &mm->mm_rangelow)) |
| 385 return (EINVAL); 386 } else { | 383 return (EINVAL); 384 } else { |
| 387 if (mac_mls->mm_rangelow.mme_type != MAC_MLS_TYPE_UNDEF || 388 mac_mls->mm_rangehigh.mme_type != MAC_MLS_TYPE_UNDEF) | 385 if (mm->mm_rangelow.mme_type != MAC_MLS_TYPE_UNDEF || 386 mm->mm_rangehigh.mme_type != MAC_MLS_TYPE_UNDEF) |
| 389 return (EINVAL); 390 } 391 392 return (0); 393} 394 395static void | 387 return (EINVAL); 388 } 389 390 return (0); 391} 392 393static void |
| 396mac_mls_set_range(struct mac_mls *mac_mls, u_short typelow, 397 u_short levellow, u_char *compartmentslow, u_short typehigh, 398 u_short levelhigh, u_char *compartmentshigh) | 394mls_set_range(struct mac_mls *mm, u_short typelow, u_short levellow, 395 u_char *compartmentslow, u_short typehigh, u_short levelhigh, 396 u_char *compartmentshigh) |
| 399{ 400 | 397{ 398 |
| 401 mac_mls->mm_rangelow.mme_type = typelow; 402 mac_mls->mm_rangelow.mme_level = levellow; | 399 mm->mm_rangelow.mme_type = typelow; 400 mm->mm_rangelow.mme_level = levellow; |
| 403 if (compartmentslow != NULL) | 401 if (compartmentslow != NULL) |
| 404 memcpy(mac_mls->mm_rangelow.mme_compartments, | 402 memcpy(mm->mm_rangelow.mme_compartments, |
| 405 compartmentslow, | 403 compartmentslow, |
| 406 sizeof(mac_mls->mm_rangelow.mme_compartments)); 407 mac_mls->mm_rangehigh.mme_type = typehigh; 408 mac_mls->mm_rangehigh.mme_level = levelhigh; | 404 sizeof(mm->mm_rangelow.mme_compartments)); 405 mm->mm_rangehigh.mme_type = typehigh; 406 mm->mm_rangehigh.mme_level = levelhigh; |
| 409 if (compartmentshigh != NULL) | 407 if (compartmentshigh != NULL) |
| 410 memcpy(mac_mls->mm_rangehigh.mme_compartments, | 408 memcpy(mm->mm_rangehigh.mme_compartments, |
| 411 compartmentshigh, | 409 compartmentshigh, |
| 412 sizeof(mac_mls->mm_rangehigh.mme_compartments)); 413 mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; | 410 sizeof(mm->mm_rangehigh.mme_compartments)); 411 mm->mm_flags |= MAC_MLS_FLAG_RANGE; |
| 414} 415 416static void | 412} 413 414static void |
| 417mac_mls_set_effective(struct mac_mls *mac_mls, u_short type, u_short level, | 415mls_set_effective(struct mac_mls *mm, u_short type, u_short level, |
| 418 u_char *compartments) 419{ 420 | 416 u_char *compartments) 417{ 418 |
| 421 mac_mls->mm_effective.mme_type = type; 422 mac_mls->mm_effective.mme_level = level; | 419 mm->mm_effective.mme_type = type; 420 mm->mm_effective.mme_level = level; |
| 423 if (compartments != NULL) | 421 if (compartments != NULL) |
| 424 memcpy(mac_mls->mm_effective.mme_compartments, compartments, 425 sizeof(mac_mls->mm_effective.mme_compartments)); 426 mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; | 422 memcpy(mm->mm_effective.mme_compartments, compartments, 423 sizeof(mm->mm_effective.mme_compartments)); 424 mm->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; |
| 427} 428 429static void | 425} 426 427static void |
| 430mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) | 428mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) |
| 431{ 432 433 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_RANGE) != 0, | 429{ 430 431 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_RANGE) != 0, |
| 434 ("mac_mls_copy_range: labelfrom not range")); | 432 ("mls_copy_range: labelfrom not range")); |
| 435 436 labelto->mm_rangelow = labelfrom->mm_rangelow; 437 labelto->mm_rangehigh = labelfrom->mm_rangehigh; 438 labelto->mm_flags |= MAC_MLS_FLAG_RANGE; 439} 440 441static void | 433 434 labelto->mm_rangelow = labelfrom->mm_rangelow; 435 labelto->mm_rangehigh = labelfrom->mm_rangehigh; 436 labelto->mm_flags |= MAC_MLS_FLAG_RANGE; 437} 438 439static void |
| 442mac_mls_copy_effective(struct mac_mls *labelfrom, struct mac_mls *labelto) | 440mls_copy_effective(struct mac_mls *labelfrom, struct mac_mls *labelto) |
| 443{ 444 445 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, | 441{ 442 443 KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, |
| 446 ("mac_mls_copy_effective: labelfrom not effective")); | 444 ("mls_copy_effective: labelfrom not effective")); |
| 447 448 labelto->mm_effective = labelfrom->mm_effective; 449 labelto->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; 450} 451 452static void | 445 446 labelto->mm_effective = labelfrom->mm_effective; 447 labelto->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; 448} 449 450static void |
| 453mac_mls_copy(struct mac_mls *source, struct mac_mls *dest) | 451mls_copy(struct mac_mls *source, struct mac_mls *dest) |
| 454{ 455 456 if (source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) | 452{ 453 454 if (source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) |
| 457 mac_mls_copy_effective(source, dest); | 455 mls_copy_effective(source, dest); |
| 458 if (source->mm_flags & MAC_MLS_FLAG_RANGE) | 456 if (source->mm_flags & MAC_MLS_FLAG_RANGE) |
| 459 mac_mls_copy_range(source, dest); | 457 mls_copy_range(source, dest); |
| 460} 461 462/* 463 * Policy module operations. 464 */ 465static void | 458} 459 460/* 461 * Policy module operations. 462 */ 463static void |
| 466mac_mls_init(struct mac_policy_conf *conf) | 464mls_init(struct mac_policy_conf *conf) |
| 467{ 468 469 zone_mls = uma_zcreate("mac_mls", sizeof(struct mac_mls), NULL, 470 NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 471} 472 473/* 474 * Label operations. 475 */ 476static void | 465{ 466 467 zone_mls = uma_zcreate("mac_mls", sizeof(struct mac_mls), NULL, 468 NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 469} 470 471/* 472 * Label operations. 473 */ 474static void |
| 477mac_mls_init_label(struct label *label) | 475mls_init_label(struct label *label) |
| 478{ 479 480 SLOT_SET(label, mls_alloc(M_WAITOK)); 481} 482 483static int | 476{ 477 478 SLOT_SET(label, mls_alloc(M_WAITOK)); 479} 480 481static int |
| 484mac_mls_init_label_waitcheck(struct label *label, int flag) | 482mls_init_label_waitcheck(struct label *label, int flag) |
| 485{ 486 487 SLOT_SET(label, mls_alloc(flag)); 488 if (SLOT(label) == NULL) 489 return (ENOMEM); 490 491 return (0); 492} 493 494static void | 483{ 484 485 SLOT_SET(label, mls_alloc(flag)); 486 if (SLOT(label) == NULL) 487 return (ENOMEM); 488 489 return (0); 490} 491 492static void |
| 495mac_mls_destroy_label(struct label *label) | 493mls_destroy_label(struct label *label) |
| 496{ 497 498 mls_free(SLOT(label)); 499 SLOT_SET(label, NULL); 500} 501 502/* | 494{ 495 496 mls_free(SLOT(label)); 497 SLOT_SET(label, NULL); 498} 499 500/* |
| 503 * mac_mls_element_to_string() accepts an sbuf and MLS element. It 504 * converts the MLS element to a string and stores the result in the 505 * sbuf; if there isn't space in the sbuf, -1 is returned. | 501 * mls_element_to_string() accepts an sbuf and MLS element. It converts the 502 * MLS element to a string and stores the result in the sbuf; if there isn't 503 * space in the sbuf, -1 is returned. |
| 506 */ 507static int | 504 */ 505static int |
| 508mac_mls_element_to_string(struct sbuf *sb, struct mac_mls_element *element) | 506mls_element_to_string(struct sbuf *sb, struct mac_mls_element *element) |
| 509{ 510 int i, first; 511 512 switch (element->mme_type) { 513 case MAC_MLS_TYPE_HIGH: 514 return (sbuf_printf(sb, "high")); 515 516 case MAC_MLS_TYPE_LOW: --- 19 unchanged lines hidden (view full) --- 536 if (sbuf_printf(sb, "+%d", i) == -1) 537 return (-1); 538 } 539 } 540 } 541 return (0); 542 543 default: | 507{ 508 int i, first; 509 510 switch (element->mme_type) { 511 case MAC_MLS_TYPE_HIGH: 512 return (sbuf_printf(sb, "high")); 513 514 case MAC_MLS_TYPE_LOW: --- 19 unchanged lines hidden (view full) --- 534 if (sbuf_printf(sb, "+%d", i) == -1) 535 return (-1); 536 } 537 } 538 } 539 return (0); 540 541 default: |
| 544 panic("mac_mls_element_to_string: invalid type (%d)", | 542 panic("mls_element_to_string: invalid type (%d)", |
| 545 element->mme_type); 546 } 547} 548 549/* | 543 element->mme_type); 544 } 545} 546 547/* |
| 550 * mac_mls_to_string() converts an MLS label to a string, and places 551 * the results in the passed sbuf. It returns 0 on success, or EINVAL 552 * if there isn't room in the sbuf. Note: the sbuf will be modified 553 * even in a failure case, so the caller may need to revert the sbuf 554 * by restoring the offset if that's undesired. | 548 * mls_to_string() converts an MLS label to a string, and places the results 549 * in the passed sbuf. It returns 0 on success, or EINVAL if there isn't 550 * room in the sbuf. Note: the sbuf will be modified even in a failure case, 551 * so the caller may need to revert the sbuf by restoring the offset if 552 * that's undesired. |
| 555 */ 556static int | 553 */ 554static int |
| 557mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls) | 555mls_to_string(struct sbuf *sb, struct mac_mls *mm) |
| 558{ 559 | 556{ 557 |
| 560 if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 561 if (mac_mls_element_to_string(sb, &mac_mls->mm_effective) 562 == -1) | 558 if (mm->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 559 if (mls_element_to_string(sb, &mm->mm_effective) == -1) |
| 563 return (EINVAL); 564 } 565 | 560 return (EINVAL); 561 } 562 |
| 566 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { | 563 if (mm->mm_flags & MAC_MLS_FLAG_RANGE) { |
| 567 if (sbuf_putc(sb, '(') == -1) 568 return (EINVAL); 569 | 564 if (sbuf_putc(sb, '(') == -1) 565 return (EINVAL); 566 |
| 570 if (mac_mls_element_to_string(sb, &mac_mls->mm_rangelow) 571 == -1) | 567 if (mls_element_to_string(sb, &mm->mm_rangelow) == -1) |
| 572 return (EINVAL); 573 574 if (sbuf_putc(sb, '-') == -1) 575 return (EINVAL); 576 | 568 return (EINVAL); 569 570 if (sbuf_putc(sb, '-') == -1) 571 return (EINVAL); 572 |
| 577 if (mac_mls_element_to_string(sb, &mac_mls->mm_rangehigh) 578 == -1) | 573 if (mls_element_to_string(sb, &mm->mm_rangehigh) == -1) |
| 579 return (EINVAL); 580 581 if (sbuf_putc(sb, ')') == -1) 582 return (EINVAL); 583 } 584 585 return (0); 586} 587 588static int | 574 return (EINVAL); 575 576 if (sbuf_putc(sb, ')') == -1) 577 return (EINVAL); 578 } 579 580 return (0); 581} 582 583static int |
| 589mac_mls_externalize_label(struct label *label, char *element_name, | 584mls_externalize_label(struct label *label, char *element_name, |
| 590 struct sbuf *sb, int *claimed) 591{ | 585 struct sbuf *sb, int *claimed) 586{ |
| 592 struct mac_mls *mac_mls; | 587 struct mac_mls *mm; |
| 593 594 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0) 595 return (0); 596 597 (*claimed)++; 598 | 588 589 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0) 590 return (0); 591 592 (*claimed)++; 593 |
| 599 mac_mls = SLOT(label); | 594 mm = SLOT(label); |
| 600 | 595 |
| 601 return (mac_mls_to_string(sb, mac_mls)); | 596 return (mls_to_string(sb, mm)); |
| 602} 603 604static int | 597} 598 599static int |
| 605mac_mls_parse_element(struct mac_mls_element *element, char *string) | 600mls_parse_element(struct mac_mls_element *element, char *string) |
| 606{ 607 char *compartment, *end, *level; 608 int value; 609 | 601{ 602 char *compartment, *end, *level; 603 int value; 604 |
| 610 if (strcmp(string, "high") == 0 || 611 strcmp(string, "hi") == 0) { | 605 if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) { |
| 612 element->mme_type = MAC_MLS_TYPE_HIGH; 613 element->mme_level = MAC_MLS_TYPE_UNDEF; | 606 element->mme_type = MAC_MLS_TYPE_HIGH; 607 element->mme_level = MAC_MLS_TYPE_UNDEF; |
| 614 } else if (strcmp(string, "low") == 0 || 615 strcmp(string, "lo") == 0) { | 608 } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) { |
| 616 element->mme_type = MAC_MLS_TYPE_LOW; 617 element->mme_level = MAC_MLS_TYPE_UNDEF; 618 } else if (strcmp(string, "equal") == 0 || 619 strcmp(string, "eq") == 0) { 620 element->mme_type = MAC_MLS_TYPE_EQUAL; 621 element->mme_level = MAC_MLS_TYPE_UNDEF; 622 } else { 623 element->mme_type = MAC_MLS_TYPE_LEVEL; --- 5 unchanged lines hidden (view full) --- 629 value = strtol(level, &end, 10); 630 if (end == level || *end != '\0') 631 return (EINVAL); 632 if (value < 0 || value > 65535) 633 return (EINVAL); 634 element->mme_level = value; 635 636 /* | 609 element->mme_type = MAC_MLS_TYPE_LOW; 610 element->mme_level = MAC_MLS_TYPE_UNDEF; 611 } else if (strcmp(string, "equal") == 0 || 612 strcmp(string, "eq") == 0) { 613 element->mme_type = MAC_MLS_TYPE_EQUAL; 614 element->mme_level = MAC_MLS_TYPE_UNDEF; 615 } else { 616 element->mme_type = MAC_MLS_TYPE_LEVEL; --- 5 unchanged lines hidden (view full) --- 622 value = strtol(level, &end, 10); 623 if (end == level || *end != '\0') 624 return (EINVAL); 625 if (value < 0 || value > 65535) 626 return (EINVAL); 627 element->mme_level = value; 628 629 /* |
| 637 * Optional compartment piece of the element. If none 638 * are included, we assume that the label has no 639 * compartments. | 630 * Optional compartment piece of the element. If none are 631 * included, we assume that the label has no compartments. |
| 640 */ 641 if (string == NULL) 642 return (0); 643 if (*string == '\0') 644 return (0); 645 646 while ((compartment = strsep(&string, "+")) != NULL) { 647 value = strtol(compartment, &end, 10); --- 4 unchanged lines hidden (view full) --- 652 MAC_MLS_BIT_SET(value, element->mme_compartments); 653 } 654 } 655 656 return (0); 657} 658 659/* | 632 */ 633 if (string == NULL) 634 return (0); 635 if (*string == '\0') 636 return (0); 637 638 while ((compartment = strsep(&string, "+")) != NULL) { 639 value = strtol(compartment, &end, 10); --- 4 unchanged lines hidden (view full) --- 644 MAC_MLS_BIT_SET(value, element->mme_compartments); 645 } 646 } 647 648 return (0); 649} 650 651/* |
| 660 * Note: destructively consumes the string, make a local copy before 661 * calling if that's a problem. | 652 * Note: destructively consumes the string, make a local copy before calling 653 * if that's a problem. |
| 662 */ 663static int | 654 */ 655static int |
| 664mac_mls_parse(struct mac_mls *mac_mls, char *string) | 656mls_parse(struct mac_mls *mm, char *string) |
| 665{ 666 char *rangehigh, *rangelow, *effective; 667 int error; 668 669 effective = strsep(&string, "("); 670 if (*effective == '\0') 671 effective = NULL; 672 --- 8 unchanged lines hidden (view full) --- 681 return (EINVAL); 682 } else { 683 rangelow = NULL; 684 rangehigh = NULL; 685 } 686 687 KASSERT((rangelow != NULL && rangehigh != NULL) || 688 (rangelow == NULL && rangehigh == NULL), | 657{ 658 char *rangehigh, *rangelow, *effective; 659 int error; 660 661 effective = strsep(&string, "("); 662 if (*effective == '\0') 663 effective = NULL; 664 --- 8 unchanged lines hidden (view full) --- 673 return (EINVAL); 674 } else { 675 rangelow = NULL; 676 rangehigh = NULL; 677 } 678 679 KASSERT((rangelow != NULL && rangehigh != NULL) || 680 (rangelow == NULL && rangehigh == NULL), |
| 689 ("mac_mls_parse: range mismatch")); | 681 ("mls_parse: range mismatch")); |
| 690 | 682 |
| 691 bzero(mac_mls, sizeof(*mac_mls)); | 683 bzero(mm, sizeof(*mm)); |
| 692 if (effective != NULL) { | 684 if (effective != NULL) { |
| 693 error = mac_mls_parse_element(&mac_mls->mm_effective, effective); | 685 error = mls_parse_element(&mm->mm_effective, effective); |
| 694 if (error) 695 return (error); | 686 if (error) 687 return (error); |
| 696 mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; | 688 mm->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; |
| 697 } 698 699 if (rangelow != NULL) { | 689 } 690 691 if (rangelow != NULL) { |
| 700 error = mac_mls_parse_element(&mac_mls->mm_rangelow, | 692 error = mls_parse_element(&mm->mm_rangelow, |
| 701 rangelow); 702 if (error) 703 return (error); | 693 rangelow); 694 if (error) 695 return (error); |
| 704 error = mac_mls_parse_element(&mac_mls->mm_rangehigh, | 696 error = mls_parse_element(&mm->mm_rangehigh, |
| 705 rangehigh); 706 if (error) 707 return (error); | 697 rangehigh); 698 if (error) 699 return (error); |
| 708 mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; | 700 mm->mm_flags |= MAC_MLS_FLAG_RANGE; |
| 709 } 710 | 701 } 702 |
| 711 error = mac_mls_valid(mac_mls); | 703 error = mls_valid(mm); |
| 712 if (error) 713 return (error); 714 715 return (0); 716} 717 718static int | 704 if (error) 705 return (error); 706 707 return (0); 708} 709 710static int |
| 719mac_mls_internalize_label(struct label *label, char *element_name, | 711mls_internalize_label(struct label *label, char *element_name, |
| 720 char *element_data, int *claimed) 721{ | 712 char *element_data, int *claimed) 713{ |
| 722 struct mac_mls *mac_mls, mac_mls_temp; | 714 struct mac_mls *mm, mm_temp; |
| 723 int error; 724 725 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0) 726 return (0); 727 728 (*claimed)++; 729 | 715 int error; 716 717 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0) 718 return (0); 719 720 (*claimed)++; 721 |
| 730 error = mac_mls_parse(&mac_mls_temp, element_data); | 722 error = mls_parse(&mm_temp, element_data); |
| 731 if (error) 732 return (error); 733 | 723 if (error) 724 return (error); 725 |
| 734 mac_mls = SLOT(label); 735 *mac_mls = mac_mls_temp; | 726 mm = SLOT(label); 727 *mm = mm_temp; |
| 736 737 return (0); 738} 739 740static void | 728 729 return (0); 730} 731 732static void |
| 741mac_mls_copy_label(struct label *src, struct label *dest) | 733mls_copy_label(struct label *src, struct label *dest) |
| 742{ 743 744 *SLOT(dest) = *SLOT(src); 745} 746 747/* | 734{ 735 736 *SLOT(dest) = *SLOT(src); 737} 738 739/* |
| 748 * Labeling event operations: file system objects, and things that look 749 * a lot like file system objects. | 740 * Labeling event operations: file system objects, and things that look a lot 741 * like file system objects. |
| 750 */ 751static void | 742 */ 743static void |
| 752mac_mls_devfs_create_device(struct ucred *cred, struct mount *mp, | 744mls_devfs_create_device(struct ucred *cred, struct mount *mp, |
| 753 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 754{ | 745 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 746{ |
| 755 struct mac_mls *mac_mls; | 747 struct mac_mls *mm; |
| 756 int mls_type; 757 | 748 int mls_type; 749 |
| 758 mac_mls = SLOT(delabel); | 750 mm = SLOT(delabel); |
| 759 if (strcmp(dev->si_name, "null") == 0 || 760 strcmp(dev->si_name, "zero") == 0 || 761 strcmp(dev->si_name, "random") == 0 || 762 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 763 mls_type = MAC_MLS_TYPE_EQUAL; 764 else if (strcmp(dev->si_name, "kmem") == 0 || 765 strcmp(dev->si_name, "mem") == 0) 766 mls_type = MAC_MLS_TYPE_HIGH; 767 else if (ptys_equal && 768 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 769 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 770 mls_type = MAC_MLS_TYPE_EQUAL; 771 else 772 mls_type = MAC_MLS_TYPE_LOW; | 751 if (strcmp(dev->si_name, "null") == 0 || 752 strcmp(dev->si_name, "zero") == 0 || 753 strcmp(dev->si_name, "random") == 0 || 754 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 755 mls_type = MAC_MLS_TYPE_EQUAL; 756 else if (strcmp(dev->si_name, "kmem") == 0 || 757 strcmp(dev->si_name, "mem") == 0) 758 mls_type = MAC_MLS_TYPE_HIGH; 759 else if (ptys_equal && 760 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 761 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 762 mls_type = MAC_MLS_TYPE_EQUAL; 763 else 764 mls_type = MAC_MLS_TYPE_LOW; |
| 773 mac_mls_set_effective(mac_mls, mls_type, 0, NULL); | 765 mls_set_effective(mm, mls_type, 0, NULL); |
| 774} 775 776static void | 766} 767 768static void |
| 777mac_mls_devfs_create_directory(struct mount *mp, char *dirname, 778 int dirnamelen, struct devfs_dirent *de, struct label *delabel) | 769mls_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, 770 struct devfs_dirent *de, struct label *delabel) |
| 779{ | 771{ |
| 780 struct mac_mls *mac_mls; | 772 struct mac_mls *mm; |
| 781 | 773 |
| 782 mac_mls = SLOT(delabel); 783 mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); | 774 mm = SLOT(delabel); 775 mls_set_effective(mm, MAC_MLS_TYPE_LOW, 0, NULL); |
| 784} 785 786static void | 776} 777 778static void |
| 787mac_mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, | 779mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, |
| 788 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 789 struct label *delabel) 790{ 791 struct mac_mls *source, *dest; 792 793 source = SLOT(cred->cr_label); 794 dest = SLOT(delabel); 795 | 780 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 781 struct label *delabel) 782{ 783 struct mac_mls *source, *dest; 784 785 source = SLOT(cred->cr_label); 786 dest = SLOT(delabel); 787 |
| 796 mac_mls_copy_effective(source, dest); | 788 mls_copy_effective(source, dest); |
| 797} 798 799static void | 789} 790 791static void |
| 800mac_mls_mount_create(struct ucred *cred, struct mount *mp, 801 struct label *mplabel) | 792mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) |
| 802{ 803 struct mac_mls *source, *dest; 804 805 source = SLOT(cred->cr_label); 806 dest = SLOT(mplabel); | 793{ 794 struct mac_mls *source, *dest; 795 796 source = SLOT(cred->cr_label); 797 dest = SLOT(mplabel); |
| 807 mac_mls_copy_effective(source, dest); | 798 799 mls_copy_effective(source, dest); |
| 808} 809 810static void | 800} 801 802static void |
| 811mac_mls_vnode_relabel(struct ucred *cred, struct vnode *vp, | 803mls_vnode_relabel(struct ucred *cred, struct vnode *vp, |
| 812 struct label *vplabel, struct label *label) 813{ 814 struct mac_mls *source, *dest; 815 816 source = SLOT(label); 817 dest = SLOT(vplabel); 818 | 804 struct label *vplabel, struct label *label) 805{ 806 struct mac_mls *source, *dest; 807 808 source = SLOT(label); 809 dest = SLOT(vplabel); 810 |
| 819 mac_mls_copy(source, dest); | 811 mls_copy(source, dest); |
| 820} 821 822static void | 812} 813 814static void |
| 823mac_mls_devfs_update(struct mount *mp, struct devfs_dirent *de, | 815mls_devfs_update(struct mount *mp, struct devfs_dirent *de, |
| 824 struct label *delabel, struct vnode *vp, struct label *vplabel) 825{ 826 struct mac_mls *source, *dest; 827 828 source = SLOT(vplabel); 829 dest = SLOT(delabel); 830 | 816 struct label *delabel, struct vnode *vp, struct label *vplabel) 817{ 818 struct mac_mls *source, *dest; 819 820 source = SLOT(vplabel); 821 dest = SLOT(delabel); 822 |
| 831 mac_mls_copy_effective(source, dest); | 823 mls_copy_effective(source, dest); |
| 832} 833 834static void | 824} 825 826static void |
| 835mac_mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, | 827mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, |
| 836 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 837 struct label *vplabel) 838{ 839 struct mac_mls *source, *dest; 840 841 source = SLOT(delabel); 842 dest = SLOT(vplabel); 843 | 828 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 829 struct label *vplabel) 830{ 831 struct mac_mls *source, *dest; 832 833 source = SLOT(delabel); 834 dest = SLOT(vplabel); 835 |
| 844 mac_mls_copy_effective(source, dest); | 836 mls_copy_effective(source, dest); |
| 845} 846 847static int | 837} 838 839static int |
| 848mac_mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, | 840mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, |
| 849 struct vnode *vp, struct label *vplabel) 850{ | 841 struct vnode *vp, struct label *vplabel) 842{ |
| 851 struct mac_mls temp, *source, *dest; | 843 struct mac_mls mm_temp, *source, *dest; |
| 852 int buflen, error; 853 854 source = SLOT(mplabel); 855 dest = SLOT(vplabel); 856 | 844 int buflen, error; 845 846 source = SLOT(mplabel); 847 dest = SLOT(vplabel); 848 |
| 857 buflen = sizeof(temp); 858 bzero(&temp, buflen); | 849 buflen = sizeof(mm_temp); 850 bzero(&mm_temp, buflen); |
| 859 860 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, | 851 852 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, |
| 861 MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); | 853 MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread); |
| 862 if (error == ENOATTR || error == EOPNOTSUPP) { 863 /* Fall back to the mntlabel. */ | 854 if (error == ENOATTR || error == EOPNOTSUPP) { 855 /* Fall back to the mntlabel. */ |
| 864 mac_mls_copy_effective(source, dest); | 856 mls_copy_effective(source, dest); |
| 865 return (0); 866 } else if (error) 867 return (error); 868 | 857 return (0); 858 } else if (error) 859 return (error); 860 |
| 869 if (buflen != sizeof(temp)) { 870 printf("mac_mls_vnode_associate_extattr: bad size %d\n", 871 buflen); | 861 if (buflen != sizeof(mm_temp)) { 862 printf("mls_vnode_associate_extattr: bad size %d\n", buflen); |
| 872 return (EPERM); 873 } | 863 return (EPERM); 864 } |
| 874 if (mac_mls_valid(&temp) != 0) { 875 printf("mac_mls_vnode_associate_extattr: invalid\n"); | 865 if (mls_valid(&mm_temp) != 0) { 866 printf("mls_vnode_associate_extattr: invalid\n"); |
| 876 return (EPERM); 877 } | 867 return (EPERM); 868 } |
| 878 if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { 879 printf("mac_mls_associated_vnode_extattr: not effective\n"); | 869 if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) != 870 MAC_MLS_FLAG_EFFECTIVE) { 871 printf("mls_associated_vnode_extattr: not effective\n"); |
| 880 return (EPERM); 881 } 882 | 872 return (EPERM); 873 } 874 |
| 883 mac_mls_copy_effective(&temp, dest); | 875 mls_copy_effective(&mm_temp, dest); |
| 884 return (0); 885} 886 887static void | 876 return (0); 877} 878 879static void |
| 888mac_mls_vnode_associate_singlelabel(struct mount *mp, 889 struct label *mplabel, struct vnode *vp, struct label *vplabel) | 880mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 881 struct vnode *vp, struct label *vplabel) |
| 890{ 891 struct mac_mls *source, *dest; 892 893 source = SLOT(mplabel); 894 dest = SLOT(vplabel); 895 | 882{ 883 struct mac_mls *source, *dest; 884 885 source = SLOT(mplabel); 886 dest = SLOT(vplabel); 887 |
| 896 mac_mls_copy_effective(source, dest); | 888 mls_copy_effective(source, dest); |
| 897} 898 899static int | 889} 890 891static int |
| 900mac_mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, | 892mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, |
| 901 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 902 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 903{ | 893 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 894 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 895{ |
| 904 struct mac_mls *source, *dest, temp; | 896 struct mac_mls *source, *dest, mm_temp; |
| 905 size_t buflen; 906 int error; 907 | 897 size_t buflen; 898 int error; 899 |
| 908 buflen = sizeof(temp); 909 bzero(&temp, buflen); | 900 buflen = sizeof(mm_temp); 901 bzero(&mm_temp, buflen); |
| 910 911 source = SLOT(cred->cr_label); 912 dest = SLOT(vplabel); | 902 903 source = SLOT(cred->cr_label); 904 dest = SLOT(vplabel); |
| 913 mac_mls_copy_effective(source, &temp); | 905 mls_copy_effective(source, &mm_temp); |
| 914 915 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, | 906 907 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, |
| 916 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); | 908 MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); |
| 917 if (error == 0) | 909 if (error == 0) |
| 918 mac_mls_copy_effective(source, dest); | 910 mls_copy_effective(source, dest); |
| 919 return (error); 920} 921 922static int | 911 return (error); 912} 913 914static int |
| 923mac_mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, | 915mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, |
| 924 struct label *vplabel, struct label *intlabel) 925{ | 916 struct label *vplabel, struct label *intlabel) 917{ |
| 926 struct mac_mls *source, temp; | 918 struct mac_mls *source, mm_temp; |
| 927 size_t buflen; 928 int error; 929 | 919 size_t buflen; 920 int error; 921 |
| 930 buflen = sizeof(temp); 931 bzero(&temp, buflen); | 922 buflen = sizeof(mm_temp); 923 bzero(&mm_temp, buflen); |
| 932 933 source = SLOT(intlabel); 934 if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) 935 return (0); 936 | 924 925 source = SLOT(intlabel); 926 if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) 927 return (0); 928 |
| 937 mac_mls_copy_effective(source, &temp); | 929 mls_copy_effective(source, &mm_temp); |
| 938 939 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, | 930 931 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, |
| 940 MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); | 932 MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); |
| 941 return (error); 942} 943 944/* 945 * Labeling event operations: IPC object. 946 */ 947static void | 933 return (error); 934} 935 936/* 937 * Labeling event operations: IPC object. 938 */ 939static void |
| 948mac_mls_inpcb_create(struct socket *so, struct label *solabel, 949 struct inpcb *inp, struct label *inplabel) | 940mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, 941 struct label *inplabel) |
| 950{ 951 struct mac_mls *source, *dest; 952 953 source = SLOT(solabel); 954 dest = SLOT(inplabel); 955 | 942{ 943 struct mac_mls *source, *dest; 944 945 source = SLOT(solabel); 946 dest = SLOT(inplabel); 947 |
| 956 mac_mls_copy_effective(source, dest); | 948 mls_copy_effective(source, dest); |
| 957} 958 959static void | 949} 950 951static void |
| 960mac_mls_socket_create_mbuf(struct socket *so, struct label *solabel, | 952mls_socket_create_mbuf(struct socket *so, struct label *solabel, |
| 961 struct mbuf *m, struct label *mlabel) 962{ 963 struct mac_mls *source, *dest; 964 965 source = SLOT(solabel); 966 dest = SLOT(mlabel); 967 | 953 struct mbuf *m, struct label *mlabel) 954{ 955 struct mac_mls *source, *dest; 956 957 source = SLOT(solabel); 958 dest = SLOT(mlabel); 959 |
| 968 mac_mls_copy_effective(source, dest); | 960 mls_copy_effective(source, dest); |
| 969} 970 971static void | 961} 962 963static void |
| 972mac_mls_socket_create(struct ucred *cred, struct socket *so, | 964mls_socket_create(struct ucred *cred, struct socket *so, |
| 973 struct label *solabel) 974{ 975 struct mac_mls *source, *dest; 976 977 source = SLOT(cred->cr_label); 978 dest = SLOT(solabel); 979 | 965 struct label *solabel) 966{ 967 struct mac_mls *source, *dest; 968 969 source = SLOT(cred->cr_label); 970 dest = SLOT(solabel); 971 |
| 980 mac_mls_copy_effective(source, dest); | 972 mls_copy_effective(source, dest); |
| 981} 982 983static void | 973} 974 975static void |
| 984mac_mls_pipe_create(struct ucred *cred, struct pipepair *pp, | 976mls_pipe_create(struct ucred *cred, struct pipepair *pp, |
| 985 struct label *pplabel) 986{ 987 struct mac_mls *source, *dest; 988 989 source = SLOT(cred->cr_label); 990 dest = SLOT(pplabel); 991 | 977 struct label *pplabel) 978{ 979 struct mac_mls *source, *dest; 980 981 source = SLOT(cred->cr_label); 982 dest = SLOT(pplabel); 983 |
| 992 mac_mls_copy_effective(source, dest); | 984 mls_copy_effective(source, dest); |
| 993} 994 995static void | 985} 986 987static void |
| 996mac_mls_posixsem_create(struct ucred *cred, struct ksem *ks, | 988mls_posixsem_create(struct ucred *cred, struct ksem *ks, |
| 997 struct label *kslabel) 998{ 999 struct mac_mls *source, *dest; 1000 1001 source = SLOT(cred->cr_label); 1002 dest = SLOT(kslabel); 1003 | 989 struct label *kslabel) 990{ 991 struct mac_mls *source, *dest; 992 993 source = SLOT(cred->cr_label); 994 dest = SLOT(kslabel); 995 |
| 1004 mac_mls_copy_effective(source, dest); | 996 mls_copy_effective(source, dest); |
| 1005} 1006 1007static void | 997} 998 999static void |
| 1008mac_mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, | 1000mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, |
| 1009 struct socket *newso, struct label *newsolabel) 1010{ 1011 struct mac_mls *source, *dest; 1012 1013 source = SLOT(oldsolabel); 1014 dest = SLOT(newsolabel); 1015 | 1001 struct socket *newso, struct label *newsolabel) 1002{ 1003 struct mac_mls *source, *dest; 1004 1005 source = SLOT(oldsolabel); 1006 dest = SLOT(newsolabel); 1007 |
| 1016 mac_mls_copy_effective(source, dest); | 1008 mls_copy_effective(source, dest); |
| 1017} 1018 1019static void | 1009} 1010 1011static void |
| 1020mac_mls_socket_relabel(struct ucred *cred, struct socket *so, | 1012mls_socket_relabel(struct ucred *cred, struct socket *so, |
| 1021 struct label *solabel, struct label *newlabel) 1022{ 1023 struct mac_mls *source, *dest; 1024 1025 source = SLOT(newlabel); 1026 dest = SLOT(solabel); 1027 | 1013 struct label *solabel, struct label *newlabel) 1014{ 1015 struct mac_mls *source, *dest; 1016 1017 source = SLOT(newlabel); 1018 dest = SLOT(solabel); 1019 |
| 1028 mac_mls_copy(source, dest); | 1020 mls_copy(source, dest); |
| 1029} 1030 1031static void | 1021} 1022 1023static void |
| 1032mac_mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, | 1024mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, |
| 1033 struct label *pplabel, struct label *newlabel) 1034{ 1035 struct mac_mls *source, *dest; 1036 1037 source = SLOT(newlabel); 1038 dest = SLOT(pplabel); 1039 | 1025 struct label *pplabel, struct label *newlabel) 1026{ 1027 struct mac_mls *source, *dest; 1028 1029 source = SLOT(newlabel); 1030 dest = SLOT(pplabel); 1031 |
| 1040 mac_mls_copy(source, dest); | 1032 mls_copy(source, dest); |
| 1041} 1042 1043static void | 1033} 1034 1035static void |
| 1044mac_mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, | 1036mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, |
| 1045 struct socket *so, struct label *sopeerlabel) 1046{ 1047 struct mac_mls *source, *dest; 1048 1049 source = SLOT(mlabel); 1050 dest = SLOT(sopeerlabel); 1051 | 1037 struct socket *so, struct label *sopeerlabel) 1038{ 1039 struct mac_mls *source, *dest; 1040 1041 source = SLOT(mlabel); 1042 dest = SLOT(sopeerlabel); 1043 |
| 1052 mac_mls_copy_effective(source, dest); | 1044 mls_copy_effective(source, dest); |
| 1053} 1054 1055/* 1056 * Labeling event operations: System V IPC objects. 1057 */ 1058static void | 1045} 1046 1047/* 1048 * Labeling event operations: System V IPC objects. 1049 */ 1050static void |
| 1059mac_mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, | 1051mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, |
| 1060 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1061{ 1062 struct mac_mls *source, *dest; 1063 1064 /* Ignore the msgq label. */ 1065 source = SLOT(cred->cr_label); 1066 dest = SLOT(msglabel); 1067 | 1052 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1053{ 1054 struct mac_mls *source, *dest; 1055 1056 /* Ignore the msgq label. */ 1057 source = SLOT(cred->cr_label); 1058 dest = SLOT(msglabel); 1059 |
| 1068 mac_mls_copy_effective(source, dest); | 1060 mls_copy_effective(source, dest); |
| 1069} 1070 1071static void | 1061} 1062 1063static void |
| 1072mac_mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, | 1064mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, |
| 1073 struct label *msqlabel) 1074{ 1075 struct mac_mls *source, *dest; 1076 1077 source = SLOT(cred->cr_label); 1078 dest = SLOT(msqlabel); 1079 | 1065 struct label *msqlabel) 1066{ 1067 struct mac_mls *source, *dest; 1068 1069 source = SLOT(cred->cr_label); 1070 dest = SLOT(msqlabel); 1071 |
| 1080 mac_mls_copy_effective(source, dest); | 1072 mls_copy_effective(source, dest); |
| 1081} 1082 1083static void | 1073} 1074 1075static void |
| 1084mac_mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, | 1076mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, |
| 1085 struct label *semalabel) 1086{ 1087 struct mac_mls *source, *dest; 1088 1089 source = SLOT(cred->cr_label); 1090 dest = SLOT(semalabel); 1091 | 1077 struct label *semalabel) 1078{ 1079 struct mac_mls *source, *dest; 1080 1081 source = SLOT(cred->cr_label); 1082 dest = SLOT(semalabel); 1083 |
| 1092 mac_mls_copy_effective(source, dest); | 1084 mls_copy_effective(source, dest); |
| 1093} 1094 1095static void | 1085} 1086 1087static void |
| 1096mac_mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, | 1088mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, |
| 1097 struct label *shmlabel) 1098{ 1099 struct mac_mls *source, *dest; 1100 1101 source = SLOT(cred->cr_label); 1102 dest = SLOT(shmlabel); 1103 | 1089 struct label *shmlabel) 1090{ 1091 struct mac_mls *source, *dest; 1092 1093 source = SLOT(cred->cr_label); 1094 dest = SLOT(shmlabel); 1095 |
| 1104 mac_mls_copy_effective(source, dest); | 1096 mls_copy_effective(source, dest); |
| 1105} 1106 1107/* 1108 * Labeling event operations: network objects. 1109 */ 1110static void | 1097} 1098 1099/* 1100 * Labeling event operations: network objects. 1101 */ 1102static void |
| 1111mac_mls_socketpeer_set_from_socket(struct socket *oldso, | 1103mls_socketpeer_set_from_socket(struct socket *oldso, |
| 1112 struct label *oldsolabel, struct socket *newso, 1113 struct label *newsopeerlabel) 1114{ 1115 struct mac_mls *source, *dest; 1116 1117 source = SLOT(oldsolabel); 1118 dest = SLOT(newsopeerlabel); 1119 | 1104 struct label *oldsolabel, struct socket *newso, 1105 struct label *newsopeerlabel) 1106{ 1107 struct mac_mls *source, *dest; 1108 1109 source = SLOT(oldsolabel); 1110 dest = SLOT(newsopeerlabel); 1111 |
| 1120 mac_mls_copy_effective(source, dest); | 1112 mls_copy_effective(source, dest); |
| 1121} 1122 1123static void | 1113} 1114 1115static void |
| 1124mac_mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 1125 struct label *dlabel) | 1116mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) |
| 1126{ 1127 struct mac_mls *source, *dest; 1128 1129 source = SLOT(cred->cr_label); 1130 dest = SLOT(dlabel); 1131 | 1117{ 1118 struct mac_mls *source, *dest; 1119 1120 source = SLOT(cred->cr_label); 1121 dest = SLOT(dlabel); 1122 |
| 1132 mac_mls_copy_effective(source, dest); | 1123 mls_copy_effective(source, dest); |
| 1133} 1134 1135static void | 1124} 1125 1126static void |
| 1136mac_mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) | 1127mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) |
| 1137{ 1138 struct mac_mls *dest; 1139 int type; 1140 1141 dest = SLOT(ifplabel); 1142 1143 if (ifp->if_type == IFT_LOOP) 1144 type = MAC_MLS_TYPE_EQUAL; 1145 else 1146 type = MAC_MLS_TYPE_LOW; 1147 | 1128{ 1129 struct mac_mls *dest; 1130 int type; 1131 1132 dest = SLOT(ifplabel); 1133 1134 if (ifp->if_type == IFT_LOOP) 1135 type = MAC_MLS_TYPE_EQUAL; 1136 else 1137 type = MAC_MLS_TYPE_LOW; 1138 |
| 1148 mac_mls_set_effective(dest, type, 0, NULL); 1149 mac_mls_set_range(dest, type, 0, NULL, type, 0, NULL); | 1139 mls_set_effective(dest, type, 0, NULL); 1140 mls_set_range(dest, type, 0, NULL, type, 0, NULL); |
| 1150} 1151 1152static void | 1141} 1142 1143static void |
| 1153mac_mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, | 1144mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, |
| 1154 struct label *ipqlabel) 1155{ 1156 struct mac_mls *source, *dest; 1157 1158 source = SLOT(mlabel); 1159 dest = SLOT(ipqlabel); 1160 | 1145 struct label *ipqlabel) 1146{ 1147 struct mac_mls *source, *dest; 1148 1149 source = SLOT(mlabel); 1150 dest = SLOT(ipqlabel); 1151 |
| 1161 mac_mls_copy_effective(source, dest); | 1152 mls_copy_effective(source, dest); |
| 1162} 1163 1164static void | 1153} 1154 1155static void |
| 1165mac_mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, 1166 struct mbuf *m, struct label *mlabel) | 1156mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, 1157 struct label *mlabel) |
| 1167{ 1168 struct mac_mls *source, *dest; 1169 1170 source = SLOT(ipqlabel); 1171 dest = SLOT(mlabel); 1172 1173 /* Just use the head, since we require them all to match. */ | 1158{ 1159 struct mac_mls *source, *dest; 1160 1161 source = SLOT(ipqlabel); 1162 dest = SLOT(mlabel); 1163 1164 /* Just use the head, since we require them all to match. */ |
| 1174 mac_mls_copy_effective(source, dest); | 1165 mls_copy_effective(source, dest); |
| 1175} 1176 1177static void | 1166} 1167 1168static void |
| 1178mac_mls_netinet_fragment(struct mbuf *m, struct label *mlabel, 1179 struct mbuf *frag, struct label *fraglabel) | 1169mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, 1170 struct label *fraglabel) |
| 1180{ 1181 struct mac_mls *source, *dest; 1182 1183 source = SLOT(mlabel); 1184 dest = SLOT(fraglabel); 1185 | 1171{ 1172 struct mac_mls *source, *dest; 1173 1174 source = SLOT(mlabel); 1175 dest = SLOT(fraglabel); 1176 |
| 1186 mac_mls_copy_effective(source, dest); | 1177 mls_copy_effective(source, dest); |
| 1187} 1188 1189static void | 1178} 1179 1180static void |
| 1190mac_mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, | 1181mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, |
| 1191 struct mbuf *m, struct label *mlabel) 1192{ 1193 struct mac_mls *source, *dest; 1194 1195 source = SLOT(inplabel); 1196 dest = SLOT(mlabel); 1197 | 1182 struct mbuf *m, struct label *mlabel) 1183{ 1184 struct mac_mls *source, *dest; 1185 1186 source = SLOT(inplabel); 1187 dest = SLOT(mlabel); 1188 |
| 1198 mac_mls_copy_effective(source, dest); | 1189 mls_copy_effective(source, dest); |
| 1199} 1200 1201static void | 1190} 1191 1192static void |
| 1202mac_mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, | 1193mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, |
| 1203 struct mbuf *m, struct label *mlabel) 1204{ 1205 struct mac_mls *dest; 1206 1207 dest = SLOT(mlabel); 1208 | 1194 struct mbuf *m, struct label *mlabel) 1195{ 1196 struct mac_mls *dest; 1197 1198 dest = SLOT(mlabel); 1199 |
| 1209 mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); | 1200 mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); |
| 1210} 1211 1212static void | 1201} 1202 1203static void |
| 1213mac_mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, | 1204mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, |
| 1214 struct mbuf *m, struct label *mlabel) 1215{ 1216 struct mac_mls *source, *dest; 1217 1218 source = SLOT(dlabel); 1219 dest = SLOT(mlabel); 1220 | 1205 struct mbuf *m, struct label *mlabel) 1206{ 1207 struct mac_mls *source, *dest; 1208 1209 source = SLOT(dlabel); 1210 dest = SLOT(mlabel); 1211 |
| 1221 mac_mls_copy_effective(source, dest); | 1212 mls_copy_effective(source, dest); |
| 1222} 1223 1224static void | 1213} 1214 1215static void |
| 1225mac_mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, | 1216mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, |
| 1226 struct mbuf *m, struct label *mlabel) 1227{ 1228 struct mac_mls *source, *dest; 1229 1230 source = SLOT(ifplabel); 1231 dest = SLOT(mlabel); 1232 | 1217 struct mbuf *m, struct label *mlabel) 1218{ 1219 struct mac_mls *source, *dest; 1220 1221 source = SLOT(ifplabel); 1222 dest = SLOT(mlabel); 1223 |
| 1233 mac_mls_copy_effective(source, dest); | 1224 mls_copy_effective(source, dest); |
| 1234} 1235 1236static void | 1225} 1226 1227static void |
| 1237mac_mls_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, | 1228mls_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, |
| 1238 struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, 1239 struct label *mnewlabel) 1240{ 1241 struct mac_mls *source, *dest; 1242 1243 source = SLOT(mlabel); 1244 dest = SLOT(mnewlabel); 1245 | 1229 struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, 1230 struct label *mnewlabel) 1231{ 1232 struct mac_mls *source, *dest; 1233 1234 source = SLOT(mlabel); 1235 dest = SLOT(mnewlabel); 1236 |
| 1246 mac_mls_copy_effective(source, dest); | 1237 mls_copy_effective(source, dest); |
| 1247} 1248 1249static void | 1238} 1239 1240static void |
| 1250mac_mls_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, | 1241mls_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, |
| 1251 struct mbuf *mnew, struct label *mnewlabel) 1252{ 1253 struct mac_mls *source, *dest; 1254 1255 source = SLOT(mlabel); 1256 dest = SLOT(mnewlabel); 1257 | 1242 struct mbuf *mnew, struct label *mnewlabel) 1243{ 1244 struct mac_mls *source, *dest; 1245 1246 source = SLOT(mlabel); 1247 dest = SLOT(mnewlabel); 1248 |
| 1258 mac_mls_copy_effective(source, dest); | 1249 mls_copy_effective(source, dest); |
| 1259} 1260 1261static int | 1250} 1251 1252static int |
| 1262mac_mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, | 1253mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, |
| 1263 struct label *ipqlabel) 1264{ 1265 struct mac_mls *a, *b; 1266 1267 a = SLOT(ipqlabel); 1268 b = SLOT(mlabel); 1269 | 1254 struct label *ipqlabel) 1255{ 1256 struct mac_mls *a, *b; 1257 1258 a = SLOT(ipqlabel); 1259 b = SLOT(mlabel); 1260 |
| 1270 return (mac_mls_equal_effective(a, b)); | 1261 return (mls_equal_effective(a, b)); |
| 1271} 1272 1273static void | 1262} 1263 1264static void |
| 1274mac_mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, | 1265mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, |
| 1275 struct label *ifplabel, struct label *newlabel) 1276{ 1277 struct mac_mls *source, *dest; 1278 1279 source = SLOT(newlabel); 1280 dest = SLOT(ifplabel); 1281 | 1266 struct label *ifplabel, struct label *newlabel) 1267{ 1268 struct mac_mls *source, *dest; 1269 1270 source = SLOT(newlabel); 1271 dest = SLOT(ifplabel); 1272 |
| 1282 mac_mls_copy(source, dest); | 1273 mls_copy(source, dest); |
| 1283} 1284 1285static void | 1274} 1275 1276static void |
| 1286mac_mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, | 1277mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, |
| 1287 struct label *ipqlabel) 1288{ 1289 1290 /* NOOP: we only accept matching labels, so no need to update */ 1291} 1292 1293static void | 1278 struct label *ipqlabel) 1279{ 1280 1281 /* NOOP: we only accept matching labels, so no need to update */ 1282} 1283 1284static void |
| 1294mac_mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, | 1285mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, |
| 1295 struct inpcb *inp, struct label *inplabel) 1296{ 1297 struct mac_mls *source, *dest; 1298 1299 source = SLOT(solabel); 1300 dest = SLOT(inplabel); 1301 | 1286 struct inpcb *inp, struct label *inplabel) 1287{ 1288 struct mac_mls *source, *dest; 1289 1290 source = SLOT(solabel); 1291 dest = SLOT(inplabel); 1292 |
| 1302 mac_mls_copy(source, dest); | 1293 mls_copy(source, dest); |
| 1303} 1304 1305static void | 1294} 1295 1296static void |
| 1306mac_mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) | 1297mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) |
| 1307{ 1308 struct mac_mls *dest; 1309 1310 dest = SLOT(mlabel); 1311 1312 /* XXX: where is the label for the firewall really comming from? */ | 1298{ 1299 struct mac_mls *dest; 1300 1301 dest = SLOT(mlabel); 1302 1303 /* XXX: where is the label for the firewall really comming from? */ |
| 1313 mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); | 1304 mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); |
| 1314} 1315 1316static void | 1305} 1306 1307static void |
| 1317mac_mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) | 1308mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) |
| 1318{ 1319 struct mac_mls *source, *dest; 1320 1321 source = SLOT(inp->inp_label); 1322 dest = SLOT(label); | 1309{ 1310 struct mac_mls *source, *dest; 1311 1312 source = SLOT(inp->inp_label); 1313 dest = SLOT(label); |
| 1323 mac_mls_copy_effective(source, dest); | 1314 1315 mls_copy_effective(source, dest); |
| 1324} 1325 1326static void | 1316} 1317 1318static void |
| 1327mac_mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, | 1319mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, |
| 1328 struct label *mlabel) 1329{ 1330 struct mac_mls *source, *dest; 1331 1332 source = SLOT(sc_label); 1333 dest = SLOT(mlabel); | 1320 struct label *mlabel) 1321{ 1322 struct mac_mls *source, *dest; 1323 1324 source = SLOT(sc_label); 1325 dest = SLOT(mlabel); |
| 1334 mac_mls_copy_effective(source, dest); | 1326 1327 mls_copy_effective(source, dest); |
| 1335} 1336 1337/* 1338 * Labeling event operations: processes. 1339 */ 1340static void | 1328} 1329 1330/* 1331 * Labeling event operations: processes. 1332 */ 1333static void |
| 1341mac_mls_proc_create_swapper(struct ucred *cred) | 1334mls_proc_create_swapper(struct ucred *cred) |
| 1342{ 1343 struct mac_mls *dest; 1344 1345 dest = SLOT(cred->cr_label); 1346 | 1335{ 1336 struct mac_mls *dest; 1337 1338 dest = SLOT(cred->cr_label); 1339 |
| 1347 mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); 1348 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1349 0, NULL); | 1340 mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); 1341 mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 1342 NULL); |
| 1350} 1351 1352static void | 1343} 1344 1345static void |
| 1353mac_mls_proc_create_init(struct ucred *cred) | 1346mls_proc_create_init(struct ucred *cred) |
| 1354{ 1355 struct mac_mls *dest; 1356 1357 dest = SLOT(cred->cr_label); 1358 | 1347{ 1348 struct mac_mls *dest; 1349 1350 dest = SLOT(cred->cr_label); 1351 |
| 1359 mac_mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); 1360 mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 1361 0, NULL); | 1352 mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); 1353 mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 1354 NULL); |
| 1362} 1363 1364static void | 1355} 1356 1357static void |
| 1365mac_mls_cred_relabel(struct ucred *cred, struct label *newlabel) | 1358mls_cred_relabel(struct ucred *cred, struct label *newlabel) |
| 1366{ 1367 struct mac_mls *source, *dest; 1368 1369 source = SLOT(newlabel); 1370 dest = SLOT(cred->cr_label); 1371 | 1359{ 1360 struct mac_mls *source, *dest; 1361 1362 source = SLOT(newlabel); 1363 dest = SLOT(cred->cr_label); 1364 |
| 1372 mac_mls_copy(source, dest); | 1365 mls_copy(source, dest); |
| 1373} 1374 1375/* 1376 * Label cleanup/flush operations. 1377 */ 1378static void | 1366} 1367 1368/* 1369 * Label cleanup/flush operations. 1370 */ 1371static void |
| 1379mac_mls_sysvmsg_cleanup(struct label *msglabel) | 1372mls_sysvmsg_cleanup(struct label *msglabel) |
| 1380{ 1381 1382 bzero(SLOT(msglabel), sizeof(struct mac_mls)); 1383} 1384 1385static void | 1373{ 1374 1375 bzero(SLOT(msglabel), sizeof(struct mac_mls)); 1376} 1377 1378static void |
| 1386mac_mls_sysvmsq_cleanup(struct label *msqlabel) | 1379mls_sysvmsq_cleanup(struct label *msqlabel) |
| 1387{ 1388 1389 bzero(SLOT(msqlabel), sizeof(struct mac_mls)); 1390} 1391 1392static void | 1380{ 1381 1382 bzero(SLOT(msqlabel), sizeof(struct mac_mls)); 1383} 1384 1385static void |
| 1393mac_mls_sysvsem_cleanup(struct label *semalabel) | 1386mls_sysvsem_cleanup(struct label *semalabel) |
| 1394{ 1395 1396 bzero(SLOT(semalabel), sizeof(struct mac_mls)); 1397} 1398 1399static void | 1387{ 1388 1389 bzero(SLOT(semalabel), sizeof(struct mac_mls)); 1390} 1391 1392static void |
| 1400mac_mls_sysvshm_cleanup(struct label *shmlabel) | 1393mls_sysvshm_cleanup(struct label *shmlabel) |
| 1401{ 1402 1403 bzero(SLOT(shmlabel), sizeof(struct mac_mls)); 1404} 1405 1406/* 1407 * Access control checks. 1408 */ 1409static int | 1394{ 1395 1396 bzero(SLOT(shmlabel), sizeof(struct mac_mls)); 1397} 1398 1399/* 1400 * Access control checks. 1401 */ 1402static int |
| 1410mac_mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, | 1403mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, |
| 1411 struct ifnet *ifp, struct label *ifplabel) 1412{ 1413 struct mac_mls *a, *b; 1414 | 1404 struct ifnet *ifp, struct label *ifplabel) 1405{ 1406 struct mac_mls *a, *b; 1407 |
| 1415 if (!mac_mls_enabled) | 1408 if (!mls_enabled) |
| 1416 return (0); 1417 1418 a = SLOT(dlabel); 1419 b = SLOT(ifplabel); 1420 | 1409 return (0); 1410 1411 a = SLOT(dlabel); 1412 b = SLOT(ifplabel); 1413 |
| 1421 if (mac_mls_equal_effective(a, b)) | 1414 if (mls_equal_effective(a, b)) |
| 1422 return (0); 1423 return (EACCES); 1424} 1425 1426static int | 1415 return (0); 1416 return (EACCES); 1417} 1418 1419static int |
| 1427mac_mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) | 1420mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) |
| 1428{ 1429 struct mac_mls *subj, *new; 1430 int error; 1431 1432 subj = SLOT(cred->cr_label); 1433 new = SLOT(newlabel); 1434 1435 /* | 1421{ 1422 struct mac_mls *subj, *new; 1423 int error; 1424 1425 subj = SLOT(cred->cr_label); 1426 new = SLOT(newlabel); 1427 1428 /* |
| 1436 * If there is an MLS label update for the credential, it may be 1437 * an update of effective, range, or both. | 1429 * If there is an MLS label update for the credential, it may be an 1430 * update of effective, range, or both. |
| 1438 */ 1439 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1440 if (error) 1441 return (error); 1442 1443 /* 1444 * If the MLS label is to be changed, authorize as appropriate. 1445 */ 1446 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1447 /* | 1431 */ 1432 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1433 if (error) 1434 return (error); 1435 1436 /* 1437 * If the MLS label is to be changed, authorize as appropriate. 1438 */ 1439 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1440 /* |
| 1448 * If the change request modifies both the MLS label effective 1449 * and range, check that the new effective will be in the 1450 * new range. | 1441 * If the change request modifies both the MLS label 1442 * effective and range, check that the new effective will be 1443 * in the new range. |
| 1451 */ 1452 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == | 1444 */ 1445 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == |
| 1453 MAC_MLS_FLAGS_BOTH && 1454 !mac_mls_effective_in_range(new, new)) | 1446 MAC_MLS_FLAGS_BOTH && !mls_effective_in_range(new, new)) |
| 1455 return (EINVAL); 1456 1457 /* | 1447 return (EINVAL); 1448 1449 /* |
| 1458 * To change the MLS effective label on a credential, the 1459 * new effective label must be in the current range. | 1450 * To change the MLS effective label on a credential, the new 1451 * effective label must be in the current range. |
| 1460 */ 1461 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && | 1452 */ 1453 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && |
| 1462 !mac_mls_effective_in_range(new, subj)) | 1454 !mls_effective_in_range(new, subj)) |
| 1463 return (EPERM); 1464 1465 /* | 1455 return (EPERM); 1456 1457 /* |
| 1466 * To change the MLS range label on a credential, the 1467 * new range must be in the current range. | 1458 * To change the MLS range label on a credential, the new 1459 * range must be in the current range. |
| 1468 */ 1469 if (new->mm_flags & MAC_MLS_FLAG_RANGE && | 1460 */ 1461 if (new->mm_flags & MAC_MLS_FLAG_RANGE && |
| 1470 !mac_mls_range_in_range(new, subj)) | 1462 !mls_range_in_range(new, subj)) |
| 1471 return (EPERM); 1472 1473 /* | 1463 return (EPERM); 1464 1465 /* |
| 1474 * To have EQUAL in any component of the new credential 1475 * MLS label, the subject must already have EQUAL in 1476 * their label. | 1466 * To have EQUAL in any component of the new credential MLS 1467 * label, the subject must already have EQUAL in their label. |
| 1477 */ | 1468 */ |
| 1478 if (mac_mls_contains_equal(new)) { 1479 error = mac_mls_subject_privileged(subj); | 1469 if (mls_contains_equal(new)) { 1470 error = mls_subject_privileged(subj); |
| 1480 if (error) 1481 return (error); 1482 } 1483 } 1484 1485 return (0); 1486} 1487 1488static int | 1471 if (error) 1472 return (error); 1473 } 1474 } 1475 1476 return (0); 1477} 1478 1479static int |
| 1489mac_mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) | 1480mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) |
| 1490{ 1491 struct mac_mls *subj, *obj; 1492 | 1481{ 1482 struct mac_mls *subj, *obj; 1483 |
| 1493 if (!mac_mls_enabled) | 1484 if (!mls_enabled) |
| 1494 return (0); 1495 1496 subj = SLOT(cr1->cr_label); 1497 obj = SLOT(cr2->cr_label); 1498 1499 /* XXX: range */ | 1485 return (0); 1486 1487 subj = SLOT(cr1->cr_label); 1488 obj = SLOT(cr2->cr_label); 1489 1490 /* XXX: range */ |
| 1500 if (!mac_mls_dominate_effective(subj, obj)) | 1491 if (!mls_dominate_effective(subj, obj)) |
| 1501 return (ESRCH); 1502 1503 return (0); 1504} 1505 1506static int | 1492 return (ESRCH); 1493 1494 return (0); 1495} 1496 1497static int |
| 1507mac_mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, | 1498mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, |
| 1508 struct label *ifplabel, struct label *newlabel) 1509{ 1510 struct mac_mls *subj, *new; 1511 int error; 1512 1513 subj = SLOT(cred->cr_label); 1514 new = SLOT(newlabel); 1515 1516 /* | 1499 struct label *ifplabel, struct label *newlabel) 1500{ 1501 struct mac_mls *subj, *new; 1502 int error; 1503 1504 subj = SLOT(cred->cr_label); 1505 new = SLOT(newlabel); 1506 1507 /* |
| 1517 * If there is an MLS label update for the interface, it may 1518 * be an update of effective, range, or both. | 1508 * If there is an MLS label update for the interface, it may be an 1509 * update of effective, range, or both. |
| 1519 */ 1520 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1521 if (error) 1522 return (error); 1523 1524 /* 1525 * Relabeling network interfaces requires MLS privilege. 1526 */ | 1510 */ 1511 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1512 if (error) 1513 return (error); 1514 1515 /* 1516 * Relabeling network interfaces requires MLS privilege. 1517 */ |
| 1527 error = mac_mls_subject_privileged(subj); | 1518 error = mls_subject_privileged(subj); |
| 1528 1529 return (0); 1530} 1531 1532static int | 1519 1520 return (0); 1521} 1522 1523static int |
| 1533mac_mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, | 1524mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, |
| 1534 struct mbuf *m, struct label *mlabel) 1535{ 1536 struct mac_mls *p, *i; 1537 | 1525 struct mbuf *m, struct label *mlabel) 1526{ 1527 struct mac_mls *p, *i; 1528 |
| 1538 if (!mac_mls_enabled) | 1529 if (!mls_enabled) |
| 1539 return (0); 1540 1541 p = SLOT(mlabel); 1542 i = SLOT(ifplabel); 1543 | 1530 return (0); 1531 1532 p = SLOT(mlabel); 1533 i = SLOT(ifplabel); 1534 |
| 1544 return (mac_mls_effective_in_range(p, i) ? 0 : EACCES); | 1535 return (mls_effective_in_range(p, i) ? 0 : EACCES); |
| 1545} 1546 1547static int | 1536} 1537 1538static int |
| 1548mac_mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, | 1539mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, |
| 1549 struct mbuf *m, struct label *mlabel) 1550{ 1551 struct mac_mls *p, *i; 1552 | 1540 struct mbuf *m, struct label *mlabel) 1541{ 1542 struct mac_mls *p, *i; 1543 |
| 1553 if (!mac_mls_enabled) | 1544 if (!mls_enabled) |
| 1554 return (0); 1555 1556 p = SLOT(mlabel); 1557 i = SLOT(inplabel); 1558 | 1545 return (0); 1546 1547 p = SLOT(mlabel); 1548 i = SLOT(inplabel); 1549 |
| 1559 return (mac_mls_equal_effective(p, i) ? 0 : EACCES); | 1550 return (mls_equal_effective(p, i) ? 0 : EACCES); |
| 1560} 1561 1562static int | 1551} 1552 1553static int |
| 1563mac_mls_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, | 1554mls_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, |
| 1564 struct label *msglabel) 1565{ 1566 struct mac_mls *subj, *obj; 1567 | 1555 struct label *msglabel) 1556{ 1557 struct mac_mls *subj, *obj; 1558 |
| 1568 if (!mac_mls_enabled) | 1559 if (!mls_enabled) |
| 1569 return (0); 1570 1571 subj = SLOT(cred->cr_label); 1572 obj = SLOT(msglabel); 1573 | 1560 return (0); 1561 1562 subj = SLOT(cred->cr_label); 1563 obj = SLOT(msglabel); 1564 |
| 1574 if (!mac_mls_dominate_effective(subj, obj)) | 1565 if (!mls_dominate_effective(subj, obj)) |
| 1575 return (EACCES); 1576 1577 return (0); 1578} 1579 1580static int | 1566 return (EACCES); 1567 1568 return (0); 1569} 1570 1571static int |
| 1581mac_mls_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, | 1572mls_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, |
| 1582 struct label *msglabel) 1583{ 1584 struct mac_mls *subj, *obj; 1585 | 1573 struct label *msglabel) 1574{ 1575 struct mac_mls *subj, *obj; 1576 |
| 1586 if (!mac_mls_enabled) | 1577 if (!mls_enabled) |
| 1587 return (0); 1588 1589 subj = SLOT(cred->cr_label); 1590 obj = SLOT(msglabel); 1591 | 1578 return (0); 1579 1580 subj = SLOT(cred->cr_label); 1581 obj = SLOT(msglabel); 1582 |
| 1592 if (!mac_mls_dominate_effective(obj, subj)) | 1583 if (!mls_dominate_effective(obj, subj)) |
| 1593 return (EACCES); 1594 1595 return (0); 1596} 1597 1598static int | 1584 return (EACCES); 1585 1586 return (0); 1587} 1588 1589static int |
| 1599mac_mls_sysvmsq_check_msqget(struct ucred *cred, 1600 struct msqid_kernel *msqkptr, struct label *msqklabel) | 1590mls_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 1591 struct label *msqklabel) |
| 1601{ 1602 struct mac_mls *subj, *obj; 1603 | 1592{ 1593 struct mac_mls *subj, *obj; 1594 |
| 1604 if (!mac_mls_enabled) | 1595 if (!mls_enabled) |
| 1605 return (0); 1606 1607 subj = SLOT(cred->cr_label); 1608 obj = SLOT(msqklabel); 1609 | 1596 return (0); 1597 1598 subj = SLOT(cred->cr_label); 1599 obj = SLOT(msqklabel); 1600 |
| 1610 if (!mac_mls_dominate_effective(subj, obj)) | 1601 if (!mls_dominate_effective(subj, obj)) |
| 1611 return (EACCES); 1612 1613 return (0); 1614} 1615 1616static int | 1602 return (EACCES); 1603 1604 return (0); 1605} 1606 1607static int |
| 1617mac_mls_sysvmsq_check_msqsnd(struct ucred *cred, 1618 struct msqid_kernel *msqkptr, struct label *msqklabel) | 1608mls_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 1609 struct label *msqklabel) |
| 1619{ 1620 struct mac_mls *subj, *obj; 1621 | 1610{ 1611 struct mac_mls *subj, *obj; 1612 |
| 1622 if (!mac_mls_enabled) | 1613 if (!mls_enabled) |
| 1623 return (0); 1624 1625 subj = SLOT(cred->cr_label); 1626 obj = SLOT(msqklabel); 1627 | 1614 return (0); 1615 1616 subj = SLOT(cred->cr_label); 1617 obj = SLOT(msqklabel); 1618 |
| 1628 if (!mac_mls_dominate_effective(obj, subj)) | 1619 if (!mls_dominate_effective(obj, subj)) |
| 1629 return (EACCES); 1630 1631 return (0); 1632} 1633 1634static int | 1620 return (EACCES); 1621 1622 return (0); 1623} 1624 1625static int |
| 1635mac_mls_sysvmsq_check_msqrcv(struct ucred *cred, 1636 struct msqid_kernel *msqkptr, struct label *msqklabel) | 1626mls_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 1627 struct label *msqklabel) |
| 1637{ 1638 struct mac_mls *subj, *obj; 1639 | 1628{ 1629 struct mac_mls *subj, *obj; 1630 |
| 1640 if (!mac_mls_enabled) | 1631 if (!mls_enabled) |
| 1641 return (0); 1642 1643 subj = SLOT(cred->cr_label); 1644 obj = SLOT(msqklabel); 1645 | 1632 return (0); 1633 1634 subj = SLOT(cred->cr_label); 1635 obj = SLOT(msqklabel); 1636 |
| 1646 if (!mac_mls_dominate_effective(subj, obj)) | 1637 if (!mls_dominate_effective(subj, obj)) |
| 1647 return (EACCES); 1648 1649 return (0); 1650} 1651 1652static int | 1638 return (EACCES); 1639 1640 return (0); 1641} 1642 1643static int |
| 1653mac_mls_sysvmsq_check_msqctl(struct ucred *cred, 1654 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) | 1644mls_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 1645 struct label *msqklabel, int cmd) |
| 1655{ 1656 struct mac_mls *subj, *obj; 1657 | 1646{ 1647 struct mac_mls *subj, *obj; 1648 |
| 1658 if (!mac_mls_enabled) | 1649 if (!mls_enabled) |
| 1659 return (0); 1660 1661 subj = SLOT(cred->cr_label); 1662 obj = SLOT(msqklabel); 1663 1664 switch(cmd) { 1665 case IPC_RMID: 1666 case IPC_SET: | 1650 return (0); 1651 1652 subj = SLOT(cred->cr_label); 1653 obj = SLOT(msqklabel); 1654 1655 switch(cmd) { 1656 case IPC_RMID: 1657 case IPC_SET: |
| 1667 if (!mac_mls_dominate_effective(obj, subj)) | 1658 if (!mls_dominate_effective(obj, subj)) |
| 1668 return (EACCES); 1669 break; 1670 1671 case IPC_STAT: | 1659 return (EACCES); 1660 break; 1661 1662 case IPC_STAT: |
| 1672 if (!mac_mls_dominate_effective(subj, obj)) | 1663 if (!mls_dominate_effective(subj, obj)) |
| 1673 return (EACCES); 1674 break; 1675 1676 default: 1677 return (EACCES); 1678 } 1679 1680 return (0); 1681} 1682 1683static int | 1664 return (EACCES); 1665 break; 1666 1667 default: 1668 return (EACCES); 1669 } 1670 1671 return (0); 1672} 1673 1674static int |
| 1684mac_mls_sysvsem_check_semctl(struct ucred *cred, 1685 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) | 1675mls_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 1676 struct label *semaklabel, int cmd) |
| 1686{ 1687 struct mac_mls *subj, *obj; 1688 | 1677{ 1678 struct mac_mls *subj, *obj; 1679 |
| 1689 if (!mac_mls_enabled) | 1680 if (!mls_enabled) |
| 1690 return (0); 1691 1692 subj = SLOT(cred->cr_label); 1693 obj = SLOT(semaklabel); 1694 1695 switch(cmd) { 1696 case IPC_RMID: 1697 case IPC_SET: 1698 case SETVAL: 1699 case SETALL: | 1681 return (0); 1682 1683 subj = SLOT(cred->cr_label); 1684 obj = SLOT(semaklabel); 1685 1686 switch(cmd) { 1687 case IPC_RMID: 1688 case IPC_SET: 1689 case SETVAL: 1690 case SETALL: |
| 1700 if (!mac_mls_dominate_effective(obj, subj)) | 1691 if (!mls_dominate_effective(obj, subj)) |
| 1701 return (EACCES); 1702 break; 1703 1704 case IPC_STAT: 1705 case GETVAL: 1706 case GETPID: 1707 case GETNCNT: 1708 case GETZCNT: 1709 case GETALL: | 1692 return (EACCES); 1693 break; 1694 1695 case IPC_STAT: 1696 case GETVAL: 1697 case GETPID: 1698 case GETNCNT: 1699 case GETZCNT: 1700 case GETALL: |
| 1710 if (!mac_mls_dominate_effective(subj, obj)) | 1701 if (!mls_dominate_effective(subj, obj)) |
| 1711 return (EACCES); 1712 break; 1713 1714 default: 1715 return (EACCES); 1716 } 1717 1718 return (0); 1719} 1720 1721static int | 1702 return (EACCES); 1703 break; 1704 1705 default: 1706 return (EACCES); 1707 } 1708 1709 return (0); 1710} 1711 1712static int |
| 1722mac_mls_sysvsem_check_semget(struct ucred *cred, 1723 struct semid_kernel *semakptr, struct label *semaklabel) | 1713mls_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, 1714 struct label *semaklabel) |
| 1724{ 1725 struct mac_mls *subj, *obj; 1726 | 1715{ 1716 struct mac_mls *subj, *obj; 1717 |
| 1727 if (!mac_mls_enabled) | 1718 if (!mls_enabled) |
| 1728 return (0); 1729 1730 subj = SLOT(cred->cr_label); 1731 obj = SLOT(semaklabel); 1732 | 1719 return (0); 1720 1721 subj = SLOT(cred->cr_label); 1722 obj = SLOT(semaklabel); 1723 |
| 1733 if (!mac_mls_dominate_effective(subj, obj)) | 1724 if (!mls_dominate_effective(subj, obj)) |
| 1734 return (EACCES); 1735 1736 return (0); 1737} 1738 1739static int | 1725 return (EACCES); 1726 1727 return (0); 1728} 1729 1730static int |
| 1740mac_mls_sysvsem_check_semop(struct ucred *cred, 1741 struct semid_kernel *semakptr, struct label *semaklabel, 1742 size_t accesstype) | 1731mls_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 1732 struct label *semaklabel, size_t accesstype) |
| 1743{ 1744 struct mac_mls *subj, *obj; 1745 | 1733{ 1734 struct mac_mls *subj, *obj; 1735 |
| 1746 if (!mac_mls_enabled) | 1736 if (!mls_enabled) |
| 1747 return (0); 1748 1749 subj = SLOT(cred->cr_label); 1750 obj = SLOT(semaklabel); 1751 1752 if( accesstype & SEM_R ) | 1737 return (0); 1738 1739 subj = SLOT(cred->cr_label); 1740 obj = SLOT(semaklabel); 1741 1742 if( accesstype & SEM_R ) |
| 1753 if (!mac_mls_dominate_effective(subj, obj)) | 1743 if (!mls_dominate_effective(subj, obj)) |
| 1754 return (EACCES); 1755 1756 if( accesstype & SEM_A ) | 1744 return (EACCES); 1745 1746 if( accesstype & SEM_A ) |
| 1757 if (!mac_mls_dominate_effective(obj, subj)) | 1747 if (!mls_dominate_effective(obj, subj)) |
| 1758 return (EACCES); 1759 1760 return (0); 1761} 1762 1763static int | 1748 return (EACCES); 1749 1750 return (0); 1751} 1752 1753static int |
| 1764mac_mls_sysvshm_check_shmat(struct ucred *cred, 1765 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) | 1754mls_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 1755 struct label *shmseglabel, int shmflg) |
| 1766{ 1767 struct mac_mls *subj, *obj; 1768 | 1756{ 1757 struct mac_mls *subj, *obj; 1758 |
| 1769 if (!mac_mls_enabled) | 1759 if (!mls_enabled) |
| 1770 return (0); 1771 1772 subj = SLOT(cred->cr_label); 1773 obj = SLOT(shmseglabel); 1774 | 1760 return (0); 1761 1762 subj = SLOT(cred->cr_label); 1763 obj = SLOT(shmseglabel); 1764 |
| 1775 if (!mac_mls_dominate_effective(subj, obj)) | 1765 if (!mls_dominate_effective(subj, obj)) 1766 return (EACCES); 1767 if ((shmflg & SHM_RDONLY) == 0) { 1768 if (!mls_dominate_effective(obj, subj)) |
| 1776 return (EACCES); | 1769 return (EACCES); |
| 1777 if ((shmflg & SHM_RDONLY) == 0) 1778 if (!mac_mls_dominate_effective(obj, subj)) 1779 return (EACCES); | 1770 } |
| 1780 1781 return (0); 1782} 1783 1784static int | 1771 1772 return (0); 1773} 1774 1775static int |
| 1785mac_mls_sysvshm_check_shmctl(struct ucred *cred, 1786 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) | 1776mls_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 1777 struct label *shmseglabel, int cmd) |
| 1787{ 1788 struct mac_mls *subj, *obj; 1789 | 1778{ 1779 struct mac_mls *subj, *obj; 1780 |
| 1790 if (!mac_mls_enabled) | 1781 if (!mls_enabled) |
| 1791 return (0); 1792 1793 subj = SLOT(cred->cr_label); 1794 obj = SLOT(shmseglabel); 1795 1796 switch(cmd) { 1797 case IPC_RMID: 1798 case IPC_SET: | 1782 return (0); 1783 1784 subj = SLOT(cred->cr_label); 1785 obj = SLOT(shmseglabel); 1786 1787 switch(cmd) { 1788 case IPC_RMID: 1789 case IPC_SET: |
| 1799 if (!mac_mls_dominate_effective(obj, subj)) | 1790 if (!mls_dominate_effective(obj, subj)) |
| 1800 return (EACCES); 1801 break; 1802 1803 case IPC_STAT: 1804 case SHM_STAT: | 1791 return (EACCES); 1792 break; 1793 1794 case IPC_STAT: 1795 case SHM_STAT: |
| 1805 if (!mac_mls_dominate_effective(subj, obj)) | 1796 if (!mls_dominate_effective(subj, obj)) |
| 1806 return (EACCES); 1807 break; 1808 1809 default: 1810 return (EACCES); 1811 } 1812 1813 return (0); 1814} 1815 1816static int | 1797 return (EACCES); 1798 break; 1799 1800 default: 1801 return (EACCES); 1802 } 1803 1804 return (0); 1805} 1806 1807static int |
| 1817mac_mls_sysvshm_check_shmget(struct ucred *cred, 1818 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) | 1808mls_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 1809 struct label *shmseglabel, int shmflg) |
| 1819{ 1820 struct mac_mls *subj, *obj; 1821 | 1810{ 1811 struct mac_mls *subj, *obj; 1812 |
| 1822 if (!mac_mls_enabled) | 1813 if (!mls_enabled) |
| 1823 return (0); 1824 1825 subj = SLOT(cred->cr_label); 1826 obj = SLOT(shmseglabel); 1827 | 1814 return (0); 1815 1816 subj = SLOT(cred->cr_label); 1817 obj = SLOT(shmseglabel); 1818 |
| 1828 if (!mac_mls_dominate_effective(obj, subj)) | 1819 if (!mls_dominate_effective(obj, subj)) |
| 1829 return (EACCES); 1830 1831 return (0); 1832} 1833 1834static int | 1820 return (EACCES); 1821 1822 return (0); 1823} 1824 1825static int |
| 1835mac_mls_mount_check_stat(struct ucred *cred, struct mount *mp, | 1826mls_mount_check_stat(struct ucred *cred, struct mount *mp, |
| 1836 struct label *mntlabel) 1837{ 1838 struct mac_mls *subj, *obj; 1839 | 1827 struct label *mntlabel) 1828{ 1829 struct mac_mls *subj, *obj; 1830 |
| 1840 if (!mac_mls_enabled) | 1831 if (!mls_enabled) |
| 1841 return (0); 1842 1843 subj = SLOT(cred->cr_label); 1844 obj = SLOT(mntlabel); 1845 | 1832 return (0); 1833 1834 subj = SLOT(cred->cr_label); 1835 obj = SLOT(mntlabel); 1836 |
| 1846 if (!mac_mls_dominate_effective(subj, obj)) | 1837 if (!mls_dominate_effective(subj, obj)) |
| 1847 return (EACCES); 1848 1849 return (0); 1850} 1851 1852static int | 1838 return (EACCES); 1839 1840 return (0); 1841} 1842 1843static int |
| 1853mac_mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, | 1844mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, |
| 1854 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1855{ 1856 | 1845 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1846{ 1847 |
| 1857 if(!mac_mls_enabled) | 1848 if (!mls_enabled) |
| 1858 return (0); 1859 1860 /* XXX: This will be implemented soon... */ 1861 1862 return (0); 1863} 1864 1865static int | 1849 return (0); 1850 1851 /* XXX: This will be implemented soon... */ 1852 1853 return (0); 1854} 1855 1856static int |
| 1866mac_mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp, | 1857mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp, |
| 1867 struct label *pplabel) 1868{ 1869 struct mac_mls *subj, *obj; 1870 | 1858 struct label *pplabel) 1859{ 1860 struct mac_mls *subj, *obj; 1861 |
| 1871 if (!mac_mls_enabled) | 1862 if (!mls_enabled) |
| 1872 return (0); 1873 1874 subj = SLOT(cred->cr_label); 1875 obj = SLOT(pplabel); 1876 | 1863 return (0); 1864 1865 subj = SLOT(cred->cr_label); 1866 obj = SLOT(pplabel); 1867 |
| 1877 if (!mac_mls_dominate_effective(subj, obj)) | 1868 if (!mls_dominate_effective(subj, obj)) |
| 1878 return (EACCES); 1879 1880 return (0); 1881} 1882 1883static int | 1869 return (EACCES); 1870 1871 return (0); 1872} 1873 1874static int |
| 1884mac_mls_pipe_check_read(struct ucred *cred, struct pipepair *pp, | 1875mls_pipe_check_read(struct ucred *cred, struct pipepair *pp, |
| 1885 struct label *pplabel) 1886{ 1887 struct mac_mls *subj, *obj; 1888 | 1876 struct label *pplabel) 1877{ 1878 struct mac_mls *subj, *obj; 1879 |
| 1889 if (!mac_mls_enabled) | 1880 if (!mls_enabled) |
| 1890 return (0); 1891 1892 subj = SLOT(cred->cr_label); 1893 obj = SLOT(pplabel); 1894 | 1881 return (0); 1882 1883 subj = SLOT(cred->cr_label); 1884 obj = SLOT(pplabel); 1885 |
| 1895 if (!mac_mls_dominate_effective(subj, obj)) | 1886 if (!mls_dominate_effective(subj, obj)) |
| 1896 return (EACCES); 1897 1898 return (0); 1899} 1900 1901static int | 1887 return (EACCES); 1888 1889 return (0); 1890} 1891 1892static int |
| 1902mac_mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, | 1893mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, |
| 1903 struct label *pplabel, struct label *newlabel) 1904{ 1905 struct mac_mls *subj, *obj, *new; 1906 int error; 1907 1908 new = SLOT(newlabel); 1909 subj = SLOT(cred->cr_label); 1910 obj = SLOT(pplabel); 1911 1912 /* | 1894 struct label *pplabel, struct label *newlabel) 1895{ 1896 struct mac_mls *subj, *obj, *new; 1897 int error; 1898 1899 new = SLOT(newlabel); 1900 subj = SLOT(cred->cr_label); 1901 obj = SLOT(pplabel); 1902 1903 /* |
| 1913 * If there is an MLS label update for a pipe, it must be a 1914 * effective update. | 1904 * If there is an MLS label update for a pipe, it must be a effective 1905 * update. |
| 1915 */ 1916 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 1917 if (error) 1918 return (error); 1919 1920 /* 1921 * To perform a relabel of a pipe (MLS label or not), MLS must 1922 * authorize the relabel. 1923 */ | 1906 */ 1907 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 1908 if (error) 1909 return (error); 1910 1911 /* 1912 * To perform a relabel of a pipe (MLS label or not), MLS must 1913 * authorize the relabel. 1914 */ |
| 1924 if (!mac_mls_effective_in_range(obj, subj)) | 1915 if (!mls_effective_in_range(obj, subj)) |
| 1925 return (EPERM); 1926 1927 /* 1928 * If the MLS label is to be changed, authorize as appropriate. 1929 */ 1930 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 1931 /* | 1916 return (EPERM); 1917 1918 /* 1919 * If the MLS label is to be changed, authorize as appropriate. 1920 */ 1921 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 1922 /* |
| 1932 * To change the MLS label on a pipe, the new pipe label 1933 * must be in the subject range. | 1923 * To change the MLS label on a pipe, the new pipe label must 1924 * be in the subject range. |
| 1934 */ | 1925 */ |
| 1935 if (!mac_mls_effective_in_range(new, subj)) | 1926 if (!mls_effective_in_range(new, subj)) |
| 1936 return (EPERM); 1937 1938 /* | 1927 return (EPERM); 1928 1929 /* |
| 1939 * To change the MLS label on a pipe to be EQUAL, the 1940 * subject must have appropriate privilege. | 1930 * To change the MLS label on a pipe to be EQUAL, the subject 1931 * must have appropriate privilege. |
| 1941 */ | 1932 */ |
| 1942 if (mac_mls_contains_equal(new)) { 1943 error = mac_mls_subject_privileged(subj); | 1933 if (mls_contains_equal(new)) { 1934 error = mls_subject_privileged(subj); |
| 1944 if (error) 1945 return (error); 1946 } 1947 } 1948 1949 return (0); 1950} 1951 1952static int | 1935 if (error) 1936 return (error); 1937 } 1938 } 1939 1940 return (0); 1941} 1942 1943static int |
| 1953mac_mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp, | 1944mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp, |
| 1954 struct label *pplabel) 1955{ 1956 struct mac_mls *subj, *obj; 1957 | 1945 struct label *pplabel) 1946{ 1947 struct mac_mls *subj, *obj; 1948 |
| 1958 if (!mac_mls_enabled) | 1949 if (!mls_enabled) |
| 1959 return (0); 1960 1961 subj = SLOT(cred->cr_label); 1962 obj = SLOT(pplabel); 1963 | 1950 return (0); 1951 1952 subj = SLOT(cred->cr_label); 1953 obj = SLOT(pplabel); 1954 |
| 1964 if (!mac_mls_dominate_effective(subj, obj)) | 1955 if (!mls_dominate_effective(subj, obj)) |
| 1965 return (EACCES); 1966 1967 return (0); 1968} 1969 1970static int | 1956 return (EACCES); 1957 1958 return (0); 1959} 1960 1961static int |
| 1971mac_mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, | 1962mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, |
| 1972 struct label *pplabel) 1973{ 1974 struct mac_mls *subj, *obj; 1975 | 1963 struct label *pplabel) 1964{ 1965 struct mac_mls *subj, *obj; 1966 |
| 1976 if (!mac_mls_enabled) | 1967 if (!mls_enabled) |
| 1977 return (0); 1978 1979 subj = SLOT(cred->cr_label); 1980 obj = SLOT(pplabel); 1981 | 1968 return (0); 1969 1970 subj = SLOT(cred->cr_label); 1971 obj = SLOT(pplabel); 1972 |
| 1982 if (!mac_mls_dominate_effective(obj, subj)) | 1973 if (!mls_dominate_effective(obj, subj)) |
| 1983 return (EACCES); 1984 1985 return (0); 1986} 1987 1988static int | 1974 return (EACCES); 1975 1976 return (0); 1977} 1978 1979static int |
| 1989mac_mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, | 1980mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, |
| 1990 struct label *kslabel) 1991{ 1992 struct mac_mls *subj, *obj; 1993 | 1981 struct label *kslabel) 1982{ 1983 struct mac_mls *subj, *obj; 1984 |
| 1994 if (!mac_mls_enabled) | 1985 if (!mls_enabled) |
| 1995 return (0); 1996 1997 subj = SLOT(cred->cr_label); 1998 obj = SLOT(kslabel); 1999 | 1986 return (0); 1987 1988 subj = SLOT(cred->cr_label); 1989 obj = SLOT(kslabel); 1990 |
| 2000 if (!mac_mls_dominate_effective(obj, subj)) | 1991 if (!mls_dominate_effective(obj, subj)) |
| 2001 return (EACCES); 2002 2003 return (0); 2004} 2005 2006static int | 1992 return (EACCES); 1993 1994 return (0); 1995} 1996 1997static int |
| 2007mac_mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, | 1998mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, |
| 2008 struct label *kslabel) 2009{ 2010 struct mac_mls *subj, *obj; 2011 | 1999 struct label *kslabel) 2000{ 2001 struct mac_mls *subj, *obj; 2002 |
| 2012 if (!mac_mls_enabled) | 2003 if (!mls_enabled) |
| 2013 return (0); 2014 2015 subj = SLOT(cred->cr_label); 2016 obj = SLOT(kslabel); 2017 | 2004 return (0); 2005 2006 subj = SLOT(cred->cr_label); 2007 obj = SLOT(kslabel); 2008 |
| 2018 if (!mac_mls_dominate_effective(subj, obj)) | 2009 if (!mls_dominate_effective(subj, obj)) |
| 2019 return (EACCES); 2020 2021 return (0); 2022} 2023 2024static int | 2010 return (EACCES); 2011 2012 return (0); 2013} 2014 2015static int |
| 2025mac_mls_proc_check_debug(struct ucred *cred, struct proc *p) | 2016mls_proc_check_debug(struct ucred *cred, struct proc *p) |
| 2026{ 2027 struct mac_mls *subj, *obj; 2028 | 2017{ 2018 struct mac_mls *subj, *obj; 2019 |
| 2029 if (!mac_mls_enabled) | 2020 if (!mls_enabled) |
| 2030 return (0); 2031 2032 subj = SLOT(cred->cr_label); 2033 obj = SLOT(p->p_ucred->cr_label); 2034 2035 /* XXX: range checks */ | 2021 return (0); 2022 2023 subj = SLOT(cred->cr_label); 2024 obj = SLOT(p->p_ucred->cr_label); 2025 2026 /* XXX: range checks */ |
| 2036 if (!mac_mls_dominate_effective(subj, obj)) | 2027 if (!mls_dominate_effective(subj, obj)) |
| 2037 return (ESRCH); | 2028 return (ESRCH); |
| 2038 if (!mac_mls_dominate_effective(obj, subj)) | 2029 if (!mls_dominate_effective(obj, subj)) |
| 2039 return (EACCES); 2040 2041 return (0); 2042} 2043 2044static int | 2030 return (EACCES); 2031 2032 return (0); 2033} 2034 2035static int |
| 2045mac_mls_proc_check_sched(struct ucred *cred, struct proc *p) | 2036mls_proc_check_sched(struct ucred *cred, struct proc *p) |
| 2046{ 2047 struct mac_mls *subj, *obj; 2048 | 2037{ 2038 struct mac_mls *subj, *obj; 2039 |
| 2049 if (!mac_mls_enabled) | 2040 if (!mls_enabled) |
| 2050 return (0); 2051 2052 subj = SLOT(cred->cr_label); 2053 obj = SLOT(p->p_ucred->cr_label); 2054 2055 /* XXX: range checks */ | 2041 return (0); 2042 2043 subj = SLOT(cred->cr_label); 2044 obj = SLOT(p->p_ucred->cr_label); 2045 2046 /* XXX: range checks */ |
| 2056 if (!mac_mls_dominate_effective(subj, obj)) | 2047 if (!mls_dominate_effective(subj, obj)) |
| 2057 return (ESRCH); | 2048 return (ESRCH); |
| 2058 if (!mac_mls_dominate_effective(obj, subj)) | 2049 if (!mls_dominate_effective(obj, subj)) |
| 2059 return (EACCES); 2060 2061 return (0); 2062} 2063 2064static int | 2050 return (EACCES); 2051 2052 return (0); 2053} 2054 2055static int |
| 2065mac_mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) | 2056mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) |
| 2066{ 2067 struct mac_mls *subj, *obj; 2068 | 2057{ 2058 struct mac_mls *subj, *obj; 2059 |
| 2069 if (!mac_mls_enabled) | 2060 if (!mls_enabled) |
| 2070 return (0); 2071 2072 subj = SLOT(cred->cr_label); 2073 obj = SLOT(p->p_ucred->cr_label); 2074 2075 /* XXX: range checks */ | 2061 return (0); 2062 2063 subj = SLOT(cred->cr_label); 2064 obj = SLOT(p->p_ucred->cr_label); 2065 2066 /* XXX: range checks */ |
| 2076 if (!mac_mls_dominate_effective(subj, obj)) | 2067 if (!mls_dominate_effective(subj, obj)) |
| 2077 return (ESRCH); | 2068 return (ESRCH); |
| 2078 if (!mac_mls_dominate_effective(obj, subj)) | 2069 if (!mls_dominate_effective(obj, subj)) |
| 2079 return (EACCES); 2080 2081 return (0); 2082} 2083 2084static int | 2070 return (EACCES); 2071 2072 return (0); 2073} 2074 2075static int |
| 2085mac_mls_socket_check_deliver(struct socket *so, struct label *solabel, | 2076mls_socket_check_deliver(struct socket *so, struct label *solabel, |
| 2086 struct mbuf *m, struct label *mlabel) 2087{ 2088 struct mac_mls *p, *s; 2089 | 2077 struct mbuf *m, struct label *mlabel) 2078{ 2079 struct mac_mls *p, *s; 2080 |
| 2090 if (!mac_mls_enabled) | 2081 if (!mls_enabled) |
| 2091 return (0); 2092 2093 p = SLOT(mlabel); 2094 s = SLOT(solabel); 2095 | 2082 return (0); 2083 2084 p = SLOT(mlabel); 2085 s = SLOT(solabel); 2086 |
| 2096 return (mac_mls_equal_effective(p, s) ? 0 : EACCES); | 2087 return (mls_equal_effective(p, s) ? 0 : EACCES); |
| 2097} 2098 2099static int | 2088} 2089 2090static int |
| 2100mac_mls_socket_check_relabel(struct ucred *cred, struct socket *so, | 2091mls_socket_check_relabel(struct ucred *cred, struct socket *so, |
| 2101 struct label *solabel, struct label *newlabel) 2102{ 2103 struct mac_mls *subj, *obj, *new; 2104 int error; 2105 2106 new = SLOT(newlabel); 2107 subj = SLOT(cred->cr_label); 2108 obj = SLOT(solabel); 2109 2110 /* | 2092 struct label *solabel, struct label *newlabel) 2093{ 2094 struct mac_mls *subj, *obj, *new; 2095 int error; 2096 2097 new = SLOT(newlabel); 2098 subj = SLOT(cred->cr_label); 2099 obj = SLOT(solabel); 2100 2101 /* |
| 2111 * If there is an MLS label update for the socket, it may be 2112 * an update of effective. | 2102 * If there is an MLS label update for the socket, it may be an 2103 * update of effective. |
| 2113 */ 2114 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 2115 if (error) 2116 return (error); 2117 2118 /* | 2104 */ 2105 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 2106 if (error) 2107 return (error); 2108 2109 /* |
| 2119 * To relabel a socket, the old socket effective must be in the subject 2120 * range. | 2110 * To relabel a socket, the old socket effective must be in the 2111 * subject range. |
| 2121 */ | 2112 */ |
| 2122 if (!mac_mls_effective_in_range(obj, subj)) | 2113 if (!mls_effective_in_range(obj, subj)) |
| 2123 return (EPERM); 2124 2125 /* 2126 * If the MLS label is to be changed, authorize as appropriate. 2127 */ 2128 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 2129 /* 2130 * To relabel a socket, the new socket effective must be in 2131 * the subject range. 2132 */ | 2114 return (EPERM); 2115 2116 /* 2117 * If the MLS label is to be changed, authorize as appropriate. 2118 */ 2119 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 2120 /* 2121 * To relabel a socket, the new socket effective must be in 2122 * the subject range. 2123 */ |
| 2133 if (!mac_mls_effective_in_range(new, subj)) | 2124 if (!mls_effective_in_range(new, subj)) |
| 2134 return (EPERM); 2135 2136 /* 2137 * To change the MLS label on the socket to contain EQUAL, 2138 * the subject must have appropriate privilege. 2139 */ | 2125 return (EPERM); 2126 2127 /* 2128 * To change the MLS label on the socket to contain EQUAL, 2129 * the subject must have appropriate privilege. 2130 */ |
| 2140 if (mac_mls_contains_equal(new)) { 2141 error = mac_mls_subject_privileged(subj); | 2131 if (mls_contains_equal(new)) { 2132 error = mls_subject_privileged(subj); |
| 2142 if (error) 2143 return (error); 2144 } 2145 } 2146 2147 return (0); 2148} 2149 2150static int | 2133 if (error) 2134 return (error); 2135 } 2136 } 2137 2138 return (0); 2139} 2140 2141static int |
| 2151mac_mls_socket_check_visible(struct ucred *cred, struct socket *so, | 2142mls_socket_check_visible(struct ucred *cred, struct socket *so, |
| 2152 struct label *solabel) 2153{ 2154 struct mac_mls *subj, *obj; 2155 | 2143 struct label *solabel) 2144{ 2145 struct mac_mls *subj, *obj; 2146 |
| 2156 if (!mac_mls_enabled) | 2147 if (!mls_enabled) |
| 2157 return (0); 2158 2159 subj = SLOT(cred->cr_label); 2160 obj = SLOT(solabel); 2161 | 2148 return (0); 2149 2150 subj = SLOT(cred->cr_label); 2151 obj = SLOT(solabel); 2152 |
| 2162 if (!mac_mls_dominate_effective(subj, obj)) | 2153 if (!mls_dominate_effective(subj, obj)) |
| 2163 return (ENOENT); 2164 2165 return (0); 2166} 2167 2168static int | 2154 return (ENOENT); 2155 2156 return (0); 2157} 2158 2159static int |
| 2169mac_mls_system_check_acct(struct ucred *cred, struct vnode *vp, | 2160mls_system_check_acct(struct ucred *cred, struct vnode *vp, |
| 2170 struct label *vplabel) 2171{ 2172 struct mac_mls *subj, *obj; 2173 | 2161 struct label *vplabel) 2162{ 2163 struct mac_mls *subj, *obj; 2164 |
| 2174 if (!mac_mls_enabled) | 2165 if (!mls_enabled) |
| 2175 return (0); 2176 2177 subj = SLOT(cred->cr_label); 2178 obj = SLOT(vplabel); 2179 | 2166 return (0); 2167 2168 subj = SLOT(cred->cr_label); 2169 obj = SLOT(vplabel); 2170 |
| 2180 if (!mac_mls_dominate_effective(obj, subj) || 2181 !mac_mls_dominate_effective(subj, obj)) | 2171 if (!mls_dominate_effective(obj, subj) || 2172 !mls_dominate_effective(subj, obj)) |
| 2182 return (EACCES); 2183 2184 return (0); 2185} 2186 2187static int | 2173 return (EACCES); 2174 2175 return (0); 2176} 2177 2178static int |
| 2188mac_mls_system_check_auditctl(struct ucred *cred, struct vnode *vp, | 2179mls_system_check_auditctl(struct ucred *cred, struct vnode *vp, |
| 2189 struct label *vplabel) 2190{ 2191 struct mac_mls *subj, *obj; 2192 | 2180 struct label *vplabel) 2181{ 2182 struct mac_mls *subj, *obj; 2183 |
| 2193 if (!mac_mls_enabled) | 2184 if (!mls_enabled) |
| 2194 return (0); 2195 2196 subj = SLOT(cred->cr_label); 2197 obj = SLOT(vplabel); 2198 | 2185 return (0); 2186 2187 subj = SLOT(cred->cr_label); 2188 obj = SLOT(vplabel); 2189 |
| 2199 if (!mac_mls_dominate_effective(obj, subj) || 2200 !mac_mls_dominate_effective(subj, obj)) | 2190 if (!mls_dominate_effective(obj, subj) || 2191 !mls_dominate_effective(subj, obj)) |
| 2201 return (EACCES); 2202 2203 return (0); 2204} 2205 2206static int | 2192 return (EACCES); 2193 2194 return (0); 2195} 2196 2197static int |
| 2207mac_mls_system_check_swapon(struct ucred *cred, struct vnode *vp, | 2198mls_system_check_swapon(struct ucred *cred, struct vnode *vp, |
| 2208 struct label *vplabel) 2209{ 2210 struct mac_mls *subj, *obj; 2211 | 2199 struct label *vplabel) 2200{ 2201 struct mac_mls *subj, *obj; 2202 |
| 2212 if (!mac_mls_enabled) | 2203 if (!mls_enabled) |
| 2213 return (0); 2214 2215 subj = SLOT(cred->cr_label); 2216 obj = SLOT(vplabel); 2217 | 2204 return (0); 2205 2206 subj = SLOT(cred->cr_label); 2207 obj = SLOT(vplabel); 2208 |
| 2218 if (!mac_mls_dominate_effective(obj, subj) || 2219 !mac_mls_dominate_effective(subj, obj)) | 2209 if (!mls_dominate_effective(obj, subj) || 2210 !mls_dominate_effective(subj, obj)) |
| 2220 return (EACCES); 2221 2222 return (0); 2223} 2224 2225static int | 2211 return (EACCES); 2212 2213 return (0); 2214} 2215 2216static int |
| 2226mac_mls_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, | 2217mls_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, |
| 2227 struct label *dvplabel) 2228{ 2229 struct mac_mls *subj, *obj; 2230 | 2218 struct label *dvplabel) 2219{ 2220 struct mac_mls *subj, *obj; 2221 |
| 2231 if (!mac_mls_enabled) | 2222 if (!mls_enabled) |
| 2232 return (0); 2233 2234 subj = SLOT(cred->cr_label); 2235 obj = SLOT(dvplabel); 2236 | 2223 return (0); 2224 2225 subj = SLOT(cred->cr_label); 2226 obj = SLOT(dvplabel); 2227 |
| 2237 if (!mac_mls_dominate_effective(subj, obj)) | 2228 if (!mls_dominate_effective(subj, obj)) |
| 2238 return (EACCES); 2239 2240 return (0); 2241} 2242 2243static int | 2229 return (EACCES); 2230 2231 return (0); 2232} 2233 2234static int |
| 2244mac_mls_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, | 2235mls_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, |
| 2245 struct label *dvplabel) 2246{ 2247 struct mac_mls *subj, *obj; 2248 | 2236 struct label *dvplabel) 2237{ 2238 struct mac_mls *subj, *obj; 2239 |
| 2249 if (!mac_mls_enabled) | 2240 if (!mls_enabled) |
| 2250 return (0); 2251 2252 subj = SLOT(cred->cr_label); 2253 obj = SLOT(dvplabel); 2254 | 2241 return (0); 2242 2243 subj = SLOT(cred->cr_label); 2244 obj = SLOT(dvplabel); 2245 |
| 2255 if (!mac_mls_dominate_effective(subj, obj)) | 2246 if (!mls_dominate_effective(subj, obj)) |
| 2256 return (EACCES); 2257 2258 return (0); 2259} 2260 2261static int | 2247 return (EACCES); 2248 2249 return (0); 2250} 2251 2252static int |
| 2262mac_mls_vnode_check_create(struct ucred *cred, struct vnode *dvp, | 2253mls_vnode_check_create(struct ucred *cred, struct vnode *dvp, |
| 2263 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2264{ 2265 struct mac_mls *subj, *obj; 2266 | 2254 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2255{ 2256 struct mac_mls *subj, *obj; 2257 |
| 2267 if (!mac_mls_enabled) | 2258 if (!mls_enabled) |
| 2268 return (0); 2269 2270 subj = SLOT(cred->cr_label); 2271 obj = SLOT(dvplabel); 2272 | 2259 return (0); 2260 2261 subj = SLOT(cred->cr_label); 2262 obj = SLOT(dvplabel); 2263 |
| 2273 if (!mac_mls_dominate_effective(obj, subj)) | 2264 if (!mls_dominate_effective(obj, subj)) |
| 2274 return (EACCES); 2275 2276 return (0); 2277} 2278 2279static int | 2265 return (EACCES); 2266 2267 return (0); 2268} 2269 2270static int |
| 2280mac_mls_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, | 2271mls_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, |
| 2281 struct label *vplabel, acl_type_t type) 2282{ 2283 struct mac_mls *subj, *obj; 2284 | 2272 struct label *vplabel, acl_type_t type) 2273{ 2274 struct mac_mls *subj, *obj; 2275 |
| 2285 if (!mac_mls_enabled) | 2276 if (!mls_enabled) |
| 2286 return (0); 2287 2288 subj = SLOT(cred->cr_label); 2289 obj = SLOT(vplabel); 2290 | 2277 return (0); 2278 2279 subj = SLOT(cred->cr_label); 2280 obj = SLOT(vplabel); 2281 |
| 2291 if (!mac_mls_dominate_effective(obj, subj)) | 2282 if (!mls_dominate_effective(obj, subj)) |
| 2292 return (EACCES); 2293 2294 return (0); 2295} 2296 2297static int | 2283 return (EACCES); 2284 2285 return (0); 2286} 2287 2288static int |
| 2298mac_mls_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, | 2289mls_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, |
| 2299 struct label *vplabel, int attrnamespace, const char *name) 2300{ 2301 struct mac_mls *subj, *obj; 2302 | 2290 struct label *vplabel, int attrnamespace, const char *name) 2291{ 2292 struct mac_mls *subj, *obj; 2293 |
| 2303 if (!mac_mls_enabled) | 2294 if (!mls_enabled) |
| 2304 return (0); 2305 2306 subj = SLOT(cred->cr_label); 2307 obj = SLOT(vplabel); 2308 | 2295 return (0); 2296 2297 subj = SLOT(cred->cr_label); 2298 obj = SLOT(vplabel); 2299 |
| 2309 if (!mac_mls_dominate_effective(obj, subj)) | 2300 if (!mls_dominate_effective(obj, subj)) |
| 2310 return (EACCES); 2311 2312 return (0); 2313} 2314 2315static int | 2301 return (EACCES); 2302 2303 return (0); 2304} 2305 2306static int |
| 2316mac_mls_vnode_check_exec(struct ucred *cred, struct vnode *vp, | 2307mls_vnode_check_exec(struct ucred *cred, struct vnode *vp, |
| 2317 struct label *vplabel, struct image_params *imgp, 2318 struct label *execlabel) 2319{ 2320 struct mac_mls *subj, *obj, *exec; 2321 int error; 2322 2323 if (execlabel != NULL) { 2324 /* 2325 * We currently don't permit labels to be changed at | 2308 struct label *vplabel, struct image_params *imgp, 2309 struct label *execlabel) 2310{ 2311 struct mac_mls *subj, *obj, *exec; 2312 int error; 2313 2314 if (execlabel != NULL) { 2315 /* 2316 * We currently don't permit labels to be changed at |
| 2326 * exec-time as part of MLS, so disallow non-NULL 2327 * MLS label elements in the execlabel. | 2317 * exec-time as part of MLS, so disallow non-NULL MLS label 2318 * elements in the execlabel. |
| 2328 */ 2329 exec = SLOT(execlabel); 2330 error = mls_atmostflags(exec, 0); 2331 if (error) 2332 return (error); 2333 } 2334 | 2319 */ 2320 exec = SLOT(execlabel); 2321 error = mls_atmostflags(exec, 0); 2322 if (error) 2323 return (error); 2324 } 2325 |
| 2335 if (!mac_mls_enabled) | 2326 if (!mls_enabled) |
| 2336 return (0); 2337 2338 subj = SLOT(cred->cr_label); 2339 obj = SLOT(vplabel); 2340 | 2327 return (0); 2328 2329 subj = SLOT(cred->cr_label); 2330 obj = SLOT(vplabel); 2331 |
| 2341 if (!mac_mls_dominate_effective(subj, obj)) | 2332 if (!mls_dominate_effective(subj, obj)) |
| 2342 return (EACCES); 2343 2344 return (0); 2345} 2346 2347static int | 2333 return (EACCES); 2334 2335 return (0); 2336} 2337 2338static int |
| 2348mac_mls_vnode_check_getacl(struct ucred *cred, struct vnode *vp, | 2339mls_vnode_check_getacl(struct ucred *cred, struct vnode *vp, |
| 2349 struct label *vplabel, acl_type_t type) 2350{ 2351 struct mac_mls *subj, *obj; 2352 | 2340 struct label *vplabel, acl_type_t type) 2341{ 2342 struct mac_mls *subj, *obj; 2343 |
| 2353 if (!mac_mls_enabled) | 2344 if (!mls_enabled) |
| 2354 return (0); 2355 2356 subj = SLOT(cred->cr_label); 2357 obj = SLOT(vplabel); 2358 | 2345 return (0); 2346 2347 subj = SLOT(cred->cr_label); 2348 obj = SLOT(vplabel); 2349 |
| 2359 if (!mac_mls_dominate_effective(subj, obj)) | 2350 if (!mls_dominate_effective(subj, obj)) |
| 2360 return (EACCES); 2361 2362 return (0); 2363} 2364 2365static int | 2351 return (EACCES); 2352 2353 return (0); 2354} 2355 2356static int |
| 2366mac_mls_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, | 2357mls_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, |
| 2367 struct label *vplabel, int attrnamespace, const char *name, 2368 struct uio *uio) 2369{ 2370 struct mac_mls *subj, *obj; 2371 | 2358 struct label *vplabel, int attrnamespace, const char *name, 2359 struct uio *uio) 2360{ 2361 struct mac_mls *subj, *obj; 2362 |
| 2372 if (!mac_mls_enabled) | 2363 if (!mls_enabled) |
| 2373 return (0); 2374 2375 subj = SLOT(cred->cr_label); 2376 obj = SLOT(vplabel); 2377 | 2364 return (0); 2365 2366 subj = SLOT(cred->cr_label); 2367 obj = SLOT(vplabel); 2368 |
| 2378 if (!mac_mls_dominate_effective(subj, obj)) | 2369 if (!mls_dominate_effective(subj, obj)) |
| 2379 return (EACCES); 2380 2381 return (0); 2382} 2383 2384static int | 2370 return (EACCES); 2371 2372 return (0); 2373} 2374 2375static int |
| 2385mac_mls_vnode_check_link(struct ucred *cred, struct vnode *dvp, | 2376mls_vnode_check_link(struct ucred *cred, struct vnode *dvp, |
| 2386 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2387 struct componentname *cnp) 2388{ 2389 struct mac_mls *subj, *obj; 2390 | 2377 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2378 struct componentname *cnp) 2379{ 2380 struct mac_mls *subj, *obj; 2381 |
| 2391 if (!mac_mls_enabled) | 2382 if (!mls_enabled) |
| 2392 return (0); 2393 2394 subj = SLOT(cred->cr_label); 2395 obj = SLOT(dvplabel); 2396 | 2383 return (0); 2384 2385 subj = SLOT(cred->cr_label); 2386 obj = SLOT(dvplabel); 2387 |
| 2397 if (!mac_mls_dominate_effective(obj, subj)) | 2388 if (!mls_dominate_effective(obj, subj)) |
| 2398 return (EACCES); 2399 2400 obj = SLOT(vplabel); | 2389 return (EACCES); 2390 2391 obj = SLOT(vplabel); |
| 2401 if (!mac_mls_dominate_effective(obj, subj)) | 2392 if (!mls_dominate_effective(obj, subj)) |
| 2402 return (EACCES); 2403 2404 return (0); 2405} 2406 2407static int | 2393 return (EACCES); 2394 2395 return (0); 2396} 2397 2398static int |
| 2408mac_mls_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, | 2399mls_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, |
| 2409 struct label *vplabel, int attrnamespace) 2410{ 2411 2412 struct mac_mls *subj, *obj; 2413 | 2400 struct label *vplabel, int attrnamespace) 2401{ 2402 2403 struct mac_mls *subj, *obj; 2404 |
| 2414 if (!mac_mls_enabled) | 2405 if (!mls_enabled) |
| 2415 return (0); 2416 2417 subj = SLOT(cred->cr_label); 2418 obj = SLOT(vplabel); 2419 | 2406 return (0); 2407 2408 subj = SLOT(cred->cr_label); 2409 obj = SLOT(vplabel); 2410 |
| 2420 if (!mac_mls_dominate_effective(subj, obj)) | 2411 if (!mls_dominate_effective(subj, obj)) |
| 2421 return (EACCES); 2422 2423 return (0); 2424} 2425 2426static int | 2412 return (EACCES); 2413 2414 return (0); 2415} 2416 2417static int |
| 2427mac_mls_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, | 2418mls_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, |
| 2428 struct label *dvplabel, struct componentname *cnp) 2429{ 2430 struct mac_mls *subj, *obj; 2431 | 2419 struct label *dvplabel, struct componentname *cnp) 2420{ 2421 struct mac_mls *subj, *obj; 2422 |
| 2432 if (!mac_mls_enabled) | 2423 if (!mls_enabled) |
| 2433 return (0); 2434 2435 subj = SLOT(cred->cr_label); 2436 obj = SLOT(dvplabel); 2437 | 2424 return (0); 2425 2426 subj = SLOT(cred->cr_label); 2427 obj = SLOT(dvplabel); 2428 |
| 2438 if (!mac_mls_dominate_effective(subj, obj)) | 2429 if (!mls_dominate_effective(subj, obj)) |
| 2439 return (EACCES); 2440 2441 return (0); 2442} 2443 2444static int | 2430 return (EACCES); 2431 2432 return (0); 2433} 2434 2435static int |
| 2445mac_mls_vnode_check_mmap(struct ucred *cred, struct vnode *vp, | 2436mls_vnode_check_mmap(struct ucred *cred, struct vnode *vp, |
| 2446 struct label *vplabel, int prot, int flags) 2447{ 2448 struct mac_mls *subj, *obj; 2449 2450 /* 2451 * Rely on the use of open()-time protections to handle 2452 * non-revocation cases. 2453 */ | 2437 struct label *vplabel, int prot, int flags) 2438{ 2439 struct mac_mls *subj, *obj; 2440 2441 /* 2442 * Rely on the use of open()-time protections to handle 2443 * non-revocation cases. 2444 */ |
| 2454 if (!mac_mls_enabled || !revocation_enabled) | 2445 if (!mls_enabled || !revocation_enabled) |
| 2455 return (0); 2456 2457 subj = SLOT(cred->cr_label); 2458 obj = SLOT(vplabel); 2459 2460 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { | 2446 return (0); 2447 2448 subj = SLOT(cred->cr_label); 2449 obj = SLOT(vplabel); 2450 2451 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { |
| 2461 if (!mac_mls_dominate_effective(subj, obj)) | 2452 if (!mls_dominate_effective(subj, obj)) |
| 2462 return (EACCES); 2463 } 2464 if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { | 2453 return (EACCES); 2454 } 2455 if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { |
| 2465 if (!mac_mls_dominate_effective(obj, subj)) | 2456 if (!mls_dominate_effective(obj, subj)) |
| 2466 return (EACCES); 2467 } 2468 2469 return (0); 2470} 2471 2472static int | 2457 return (EACCES); 2458 } 2459 2460 return (0); 2461} 2462 2463static int |
| 2473mac_mls_vnode_check_open(struct ucred *cred, struct vnode *vp, | 2464mls_vnode_check_open(struct ucred *cred, struct vnode *vp, |
| 2474 struct label *vplabel, int acc_mode) 2475{ 2476 struct mac_mls *subj, *obj; 2477 | 2465 struct label *vplabel, int acc_mode) 2466{ 2467 struct mac_mls *subj, *obj; 2468 |
| 2478 if (!mac_mls_enabled) | 2469 if (!mls_enabled) |
| 2479 return (0); 2480 2481 subj = SLOT(cred->cr_label); 2482 obj = SLOT(vplabel); 2483 2484 /* XXX privilege override for admin? */ 2485 if (acc_mode & (VREAD | VEXEC | VSTAT)) { | 2470 return (0); 2471 2472 subj = SLOT(cred->cr_label); 2473 obj = SLOT(vplabel); 2474 2475 /* XXX privilege override for admin? */ 2476 if (acc_mode & (VREAD | VEXEC | VSTAT)) { |
| 2486 if (!mac_mls_dominate_effective(subj, obj)) | 2477 if (!mls_dominate_effective(subj, obj)) |
| 2487 return (EACCES); 2488 } 2489 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { | 2478 return (EACCES); 2479 } 2480 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { |
| 2490 if (!mac_mls_dominate_effective(obj, subj)) | 2481 if (!mls_dominate_effective(obj, subj)) |
| 2491 return (EACCES); 2492 } 2493 2494 return (0); 2495} 2496 2497static int | 2482 return (EACCES); 2483 } 2484 2485 return (0); 2486} 2487 2488static int |
| 2498mac_mls_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, | 2489mls_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, |
| 2499 struct vnode *vp, struct label *vplabel) 2500{ 2501 struct mac_mls *subj, *obj; 2502 | 2490 struct vnode *vp, struct label *vplabel) 2491{ 2492 struct mac_mls *subj, *obj; 2493 |
| 2503 if (!mac_mls_enabled || !revocation_enabled) | 2494 if (!mls_enabled || !revocation_enabled) |
| 2504 return (0); 2505 2506 subj = SLOT(active_cred->cr_label); 2507 obj = SLOT(vplabel); 2508 | 2495 return (0); 2496 2497 subj = SLOT(active_cred->cr_label); 2498 obj = SLOT(vplabel); 2499 |
| 2509 if (!mac_mls_dominate_effective(subj, obj)) | 2500 if (!mls_dominate_effective(subj, obj)) |
| 2510 return (EACCES); 2511 2512 return (0); 2513} 2514 2515static int | 2501 return (EACCES); 2502 2503 return (0); 2504} 2505 2506static int |
| 2516mac_mls_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, | 2507mls_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, |
| 2517 struct vnode *vp, struct label *vplabel) 2518{ 2519 struct mac_mls *subj, *obj; 2520 | 2508 struct vnode *vp, struct label *vplabel) 2509{ 2510 struct mac_mls *subj, *obj; 2511 |
| 2521 if (!mac_mls_enabled || !revocation_enabled) | 2512 if (!mls_enabled || !revocation_enabled) |
| 2522 return (0); 2523 2524 subj = SLOT(active_cred->cr_label); 2525 obj = SLOT(vplabel); 2526 | 2513 return (0); 2514 2515 subj = SLOT(active_cred->cr_label); 2516 obj = SLOT(vplabel); 2517 |
| 2527 if (!mac_mls_dominate_effective(subj, obj)) | 2518 if (!mls_dominate_effective(subj, obj)) |
| 2528 return (EACCES); 2529 2530 return (0); 2531} 2532 2533static int | 2519 return (EACCES); 2520 2521 return (0); 2522} 2523 2524static int |
| 2534mac_mls_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, | 2525mls_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, |
| 2535 struct label *dvplabel) 2536{ 2537 struct mac_mls *subj, *obj; 2538 | 2526 struct label *dvplabel) 2527{ 2528 struct mac_mls *subj, *obj; 2529 |
| 2539 if (!mac_mls_enabled) | 2530 if (!mls_enabled) |
| 2540 return (0); 2541 2542 subj = SLOT(cred->cr_label); 2543 obj = SLOT(dvplabel); 2544 | 2531 return (0); 2532 2533 subj = SLOT(cred->cr_label); 2534 obj = SLOT(dvplabel); 2535 |
| 2545 if (!mac_mls_dominate_effective(subj, obj)) | 2536 if (!mls_dominate_effective(subj, obj)) |
| 2546 return (EACCES); 2547 2548 return (0); 2549} 2550 2551static int | 2537 return (EACCES); 2538 2539 return (0); 2540} 2541 2542static int |
| 2552mac_mls_vnode_check_readlink(struct ucred *cred, struct vnode *vp, | 2543mls_vnode_check_readlink(struct ucred *cred, struct vnode *vp, |
| 2553 struct label *vplabel) 2554{ 2555 struct mac_mls *subj, *obj; 2556 | 2544 struct label *vplabel) 2545{ 2546 struct mac_mls *subj, *obj; 2547 |
| 2557 if (!mac_mls_enabled) | 2548 if (!mls_enabled) |
| 2558 return (0); 2559 2560 subj = SLOT(cred->cr_label); 2561 obj = SLOT(vplabel); 2562 | 2549 return (0); 2550 2551 subj = SLOT(cred->cr_label); 2552 obj = SLOT(vplabel); 2553 |
| 2563 if (!mac_mls_dominate_effective(subj, obj)) | 2554 if (!mls_dominate_effective(subj, obj)) |
| 2564 return (EACCES); 2565 2566 return (0); 2567} 2568 2569static int | 2555 return (EACCES); 2556 2557 return (0); 2558} 2559 2560static int |
| 2570mac_mls_vnode_check_relabel(struct ucred *cred, struct vnode *vp, | 2561mls_vnode_check_relabel(struct ucred *cred, struct vnode *vp, |
| 2571 struct label *vplabel, struct label *newlabel) 2572{ 2573 struct mac_mls *old, *new, *subj; 2574 int error; 2575 2576 old = SLOT(vplabel); 2577 new = SLOT(newlabel); 2578 subj = SLOT(cred->cr_label); --- 5 unchanged lines hidden (view full) --- 2584 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 2585 if (error) 2586 return (error); 2587 2588 /* 2589 * To perform a relabel of the vnode (MLS label or not), MLS must 2590 * authorize the relabel. 2591 */ | 2562 struct label *vplabel, struct label *newlabel) 2563{ 2564 struct mac_mls *old, *new, *subj; 2565 int error; 2566 2567 old = SLOT(vplabel); 2568 new = SLOT(newlabel); 2569 subj = SLOT(cred->cr_label); --- 5 unchanged lines hidden (view full) --- 2575 error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); 2576 if (error) 2577 return (error); 2578 2579 /* 2580 * To perform a relabel of the vnode (MLS label or not), MLS must 2581 * authorize the relabel. 2582 */ |
| 2592 if (!mac_mls_effective_in_range(old, subj)) | 2583 if (!mls_effective_in_range(old, subj)) |
| 2593 return (EPERM); 2594 2595 /* 2596 * If the MLS label is to be changed, authorize as appropriate. 2597 */ 2598 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 2599 /* 2600 * To change the MLS label on a vnode, the new vnode label 2601 * must be in the subject range. 2602 */ | 2584 return (EPERM); 2585 2586 /* 2587 * If the MLS label is to be changed, authorize as appropriate. 2588 */ 2589 if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { 2590 /* 2591 * To change the MLS label on a vnode, the new vnode label 2592 * must be in the subject range. 2593 */ |
| 2603 if (!mac_mls_effective_in_range(new, subj)) | 2594 if (!mls_effective_in_range(new, subj)) |
| 2604 return (EPERM); 2605 2606 /* | 2595 return (EPERM); 2596 2597 /* |
| 2607 * To change the MLS label on the vnode to be EQUAL, 2608 * the subject must have appropriate privilege. | 2598 * To change the MLS label on the vnode to be EQUAL, the 2599 * subject must have appropriate privilege. |
| 2609 */ | 2600 */ |
| 2610 if (mac_mls_contains_equal(new)) { 2611 error = mac_mls_subject_privileged(subj); | 2601 if (mls_contains_equal(new)) { 2602 error = mls_subject_privileged(subj); |
| 2612 if (error) 2613 return (error); 2614 } 2615 } 2616 2617 return (0); 2618} 2619 2620static int | 2603 if (error) 2604 return (error); 2605 } 2606 } 2607 2608 return (0); 2609} 2610 2611static int |
| 2621mac_mls_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, | 2612mls_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, |
| 2622 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2623 struct componentname *cnp) 2624{ 2625 struct mac_mls *subj, *obj; 2626 | 2613 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2614 struct componentname *cnp) 2615{ 2616 struct mac_mls *subj, *obj; 2617 |
| 2627 if (!mac_mls_enabled) | 2618 if (!mls_enabled) |
| 2628 return (0); 2629 2630 subj = SLOT(cred->cr_label); 2631 obj = SLOT(dvplabel); 2632 | 2619 return (0); 2620 2621 subj = SLOT(cred->cr_label); 2622 obj = SLOT(dvplabel); 2623 |
| 2633 if (!mac_mls_dominate_effective(obj, subj)) | 2624 if (!mls_dominate_effective(obj, subj)) |
| 2634 return (EACCES); 2635 2636 obj = SLOT(vplabel); 2637 | 2625 return (EACCES); 2626 2627 obj = SLOT(vplabel); 2628 |
| 2638 if (!mac_mls_dominate_effective(obj, subj)) | 2629 if (!mls_dominate_effective(obj, subj)) |
| 2639 return (EACCES); 2640 2641 return (0); 2642} 2643 2644static int | 2630 return (EACCES); 2631 2632 return (0); 2633} 2634 2635static int |
| 2645mac_mls_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, | 2636mls_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, |
| 2646 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2647 int samedir, struct componentname *cnp) 2648{ 2649 struct mac_mls *subj, *obj; 2650 | 2637 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2638 int samedir, struct componentname *cnp) 2639{ 2640 struct mac_mls *subj, *obj; 2641 |
| 2651 if (!mac_mls_enabled) | 2642 if (!mls_enabled) |
| 2652 return (0); 2653 2654 subj = SLOT(cred->cr_label); 2655 obj = SLOT(dvplabel); 2656 | 2643 return (0); 2644 2645 subj = SLOT(cred->cr_label); 2646 obj = SLOT(dvplabel); 2647 |
| 2657 if (!mac_mls_dominate_effective(obj, subj)) | 2648 if (!mls_dominate_effective(obj, subj)) |
| 2658 return (EACCES); 2659 2660 if (vp != NULL) { 2661 obj = SLOT(vplabel); 2662 | 2649 return (EACCES); 2650 2651 if (vp != NULL) { 2652 obj = SLOT(vplabel); 2653 |
| 2663 if (!mac_mls_dominate_effective(obj, subj)) | 2654 if (!mls_dominate_effective(obj, subj)) |
| 2664 return (EACCES); 2665 } 2666 2667 return (0); 2668} 2669 2670static int | 2655 return (EACCES); 2656 } 2657 2658 return (0); 2659} 2660 2661static int |
| 2671mac_mls_vnode_check_revoke(struct ucred *cred, struct vnode *vp, | 2662mls_vnode_check_revoke(struct ucred *cred, struct vnode *vp, |
| 2672 struct label *vplabel) 2673{ 2674 struct mac_mls *subj, *obj; 2675 | 2663 struct label *vplabel) 2664{ 2665 struct mac_mls *subj, *obj; 2666 |
| 2676 if (!mac_mls_enabled) | 2667 if (!mls_enabled) |
| 2677 return (0); 2678 2679 subj = SLOT(cred->cr_label); 2680 obj = SLOT(vplabel); 2681 | 2668 return (0); 2669 2670 subj = SLOT(cred->cr_label); 2671 obj = SLOT(vplabel); 2672 |
| 2682 if (!mac_mls_dominate_effective(obj, subj)) | 2673 if (!mls_dominate_effective(obj, subj)) |
| 2683 return (EACCES); 2684 2685 return (0); 2686} 2687 2688static int | 2674 return (EACCES); 2675 2676 return (0); 2677} 2678 2679static int |
| 2689mac_mls_vnode_check_setacl(struct ucred *cred, struct vnode *vp, | 2680mls_vnode_check_setacl(struct ucred *cred, struct vnode *vp, |
| 2690 struct label *vplabel, acl_type_t type, struct acl *acl) 2691{ 2692 struct mac_mls *subj, *obj; 2693 | 2681 struct label *vplabel, acl_type_t type, struct acl *acl) 2682{ 2683 struct mac_mls *subj, *obj; 2684 |
| 2694 if (!mac_mls_enabled) | 2685 if (!mls_enabled) |
| 2695 return (0); 2696 2697 subj = SLOT(cred->cr_label); 2698 obj = SLOT(vplabel); 2699 | 2686 return (0); 2687 2688 subj = SLOT(cred->cr_label); 2689 obj = SLOT(vplabel); 2690 |
| 2700 if (!mac_mls_dominate_effective(obj, subj)) | 2691 if (!mls_dominate_effective(obj, subj)) |
| 2701 return (EACCES); 2702 2703 return (0); 2704} 2705 2706static int | 2692 return (EACCES); 2693 2694 return (0); 2695} 2696 2697static int |
| 2707mac_mls_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, | 2698mls_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, |
| 2708 struct label *vplabel, int attrnamespace, const char *name, 2709 struct uio *uio) 2710{ 2711 struct mac_mls *subj, *obj; 2712 | 2699 struct label *vplabel, int attrnamespace, const char *name, 2700 struct uio *uio) 2701{ 2702 struct mac_mls *subj, *obj; 2703 |
| 2713 if (!mac_mls_enabled) | 2704 if (!mls_enabled) |
| 2714 return (0); 2715 2716 subj = SLOT(cred->cr_label); 2717 obj = SLOT(vplabel); 2718 | 2705 return (0); 2706 2707 subj = SLOT(cred->cr_label); 2708 obj = SLOT(vplabel); 2709 |
| 2719 if (!mac_mls_dominate_effective(obj, subj)) | 2710 if (!mls_dominate_effective(obj, subj)) |
| 2720 return (EACCES); 2721 2722 /* XXX: protect the MAC EA in a special way? */ 2723 2724 return (0); 2725} 2726 2727static int | 2711 return (EACCES); 2712 2713 /* XXX: protect the MAC EA in a special way? */ 2714 2715 return (0); 2716} 2717 2718static int |
| 2728mac_mls_vnode_check_setflags(struct ucred *cred, struct vnode *vp, | 2719mls_vnode_check_setflags(struct ucred *cred, struct vnode *vp, |
| 2729 struct label *vplabel, u_long flags) 2730{ 2731 struct mac_mls *subj, *obj; 2732 | 2720 struct label *vplabel, u_long flags) 2721{ 2722 struct mac_mls *subj, *obj; 2723 |
| 2733 if (!mac_mls_enabled) | 2724 if (!mls_enabled) |
| 2734 return (0); 2735 2736 subj = SLOT(cred->cr_label); 2737 obj = SLOT(vplabel); 2738 | 2725 return (0); 2726 2727 subj = SLOT(cred->cr_label); 2728 obj = SLOT(vplabel); 2729 |
| 2739 if (!mac_mls_dominate_effective(obj, subj)) | 2730 if (!mls_dominate_effective(obj, subj)) |
| 2740 return (EACCES); 2741 2742 return (0); 2743} 2744 2745static int | 2731 return (EACCES); 2732 2733 return (0); 2734} 2735 2736static int |
| 2746mac_mls_vnode_check_setmode(struct ucred *cred, struct vnode *vp, | 2737mls_vnode_check_setmode(struct ucred *cred, struct vnode *vp, |
| 2747 struct label *vplabel, mode_t mode) 2748{ 2749 struct mac_mls *subj, *obj; 2750 | 2738 struct label *vplabel, mode_t mode) 2739{ 2740 struct mac_mls *subj, *obj; 2741 |
| 2751 if (!mac_mls_enabled) | 2742 if (!mls_enabled) |
| 2752 return (0); 2753 2754 subj = SLOT(cred->cr_label); 2755 obj = SLOT(vplabel); 2756 | 2743 return (0); 2744 2745 subj = SLOT(cred->cr_label); 2746 obj = SLOT(vplabel); 2747 |
| 2757 if (!mac_mls_dominate_effective(obj, subj)) | 2748 if (!mls_dominate_effective(obj, subj)) |
| 2758 return (EACCES); 2759 2760 return (0); 2761} 2762 2763static int | 2749 return (EACCES); 2750 2751 return (0); 2752} 2753 2754static int |
| 2764mac_mls_vnode_check_setowner(struct ucred *cred, struct vnode *vp, | 2755mls_vnode_check_setowner(struct ucred *cred, struct vnode *vp, |
| 2765 struct label *vplabel, uid_t uid, gid_t gid) 2766{ 2767 struct mac_mls *subj, *obj; 2768 | 2756 struct label *vplabel, uid_t uid, gid_t gid) 2757{ 2758 struct mac_mls *subj, *obj; 2759 |
| 2769 if (!mac_mls_enabled) | 2760 if (!mls_enabled) |
| 2770 return (0); 2771 2772 subj = SLOT(cred->cr_label); 2773 obj = SLOT(vplabel); 2774 | 2761 return (0); 2762 2763 subj = SLOT(cred->cr_label); 2764 obj = SLOT(vplabel); 2765 |
| 2775 if (!mac_mls_dominate_effective(obj, subj)) | 2766 if (!mls_dominate_effective(obj, subj)) |
| 2776 return (EACCES); 2777 2778 return (0); 2779} 2780 2781static int | 2767 return (EACCES); 2768 2769 return (0); 2770} 2771 2772static int |
| 2782mac_mls_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, | 2773mls_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, |
| 2783 struct label *vplabel, struct timespec atime, struct timespec mtime) 2784{ 2785 struct mac_mls *subj, *obj; 2786 | 2774 struct label *vplabel, struct timespec atime, struct timespec mtime) 2775{ 2776 struct mac_mls *subj, *obj; 2777 |
| 2787 if (!mac_mls_enabled) | 2778 if (!mls_enabled) |
| 2788 return (0); 2789 2790 subj = SLOT(cred->cr_label); 2791 obj = SLOT(vplabel); 2792 | 2779 return (0); 2780 2781 subj = SLOT(cred->cr_label); 2782 obj = SLOT(vplabel); 2783 |
| 2793 if (!mac_mls_dominate_effective(obj, subj)) | 2784 if (!mls_dominate_effective(obj, subj)) |
| 2794 return (EACCES); 2795 2796 return (0); 2797} 2798 2799static int | 2785 return (EACCES); 2786 2787 return (0); 2788} 2789 2790static int |
| 2800mac_mls_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, | 2791mls_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, |
| 2801 struct vnode *vp, struct label *vplabel) 2802{ 2803 struct mac_mls *subj, *obj; 2804 | 2792 struct vnode *vp, struct label *vplabel) 2793{ 2794 struct mac_mls *subj, *obj; 2795 |
| 2805 if (!mac_mls_enabled) | 2796 if (!mls_enabled) |
| 2806 return (0); 2807 2808 subj = SLOT(active_cred->cr_label); 2809 obj = SLOT(vplabel); 2810 | 2797 return (0); 2798 2799 subj = SLOT(active_cred->cr_label); 2800 obj = SLOT(vplabel); 2801 |
| 2811 if (!mac_mls_dominate_effective(subj, obj)) | 2802 if (!mls_dominate_effective(subj, obj)) |
| 2812 return (EACCES); 2813 2814 return (0); 2815} 2816 2817static int | 2803 return (EACCES); 2804 2805 return (0); 2806} 2807 2808static int |
| 2818mac_mls_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, | 2809mls_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, |
| 2819 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2820 struct componentname *cnp) 2821{ 2822 struct mac_mls *subj, *obj; 2823 | 2810 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2811 struct componentname *cnp) 2812{ 2813 struct mac_mls *subj, *obj; 2814 |
| 2824 if (!mac_mls_enabled) | 2815 if (!mls_enabled) |
| 2825 return (0); 2826 2827 subj = SLOT(cred->cr_label); 2828 obj = SLOT(dvplabel); 2829 | 2816 return (0); 2817 2818 subj = SLOT(cred->cr_label); 2819 obj = SLOT(dvplabel); 2820 |
| 2830 if (!mac_mls_dominate_effective(obj, subj)) | 2821 if (!mls_dominate_effective(obj, subj)) |
| 2831 return (EACCES); 2832 2833 obj = SLOT(vplabel); 2834 | 2822 return (EACCES); 2823 2824 obj = SLOT(vplabel); 2825 |
| 2835 if (!mac_mls_dominate_effective(obj, subj)) | 2826 if (!mls_dominate_effective(obj, subj)) |
| 2836 return (EACCES); 2837 2838 return (0); 2839} 2840 2841static int | 2827 return (EACCES); 2828 2829 return (0); 2830} 2831 2832static int |
| 2842mac_mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, | 2833mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, |
| 2843 struct vnode *vp, struct label *vplabel) 2844{ 2845 struct mac_mls *subj, *obj; 2846 | 2834 struct vnode *vp, struct label *vplabel) 2835{ 2836 struct mac_mls *subj, *obj; 2837 |
| 2847 if (!mac_mls_enabled || !revocation_enabled) | 2838 if (!mls_enabled || !revocation_enabled) |
| 2848 return (0); 2849 2850 subj = SLOT(active_cred->cr_label); 2851 obj = SLOT(vplabel); 2852 | 2839 return (0); 2840 2841 subj = SLOT(active_cred->cr_label); 2842 obj = SLOT(vplabel); 2843 |
| 2853 if (!mac_mls_dominate_effective(obj, subj)) | 2844 if (!mls_dominate_effective(obj, subj)) |
| 2854 return (EACCES); 2855 2856 return (0); 2857} 2858 2859static void | 2845 return (EACCES); 2846 2847 return (0); 2848} 2849 2850static void |
| 2860mac_mls_associate_nfsd_label(struct ucred *cred) | 2851mls_associate_nfsd_label(struct ucred *cred) |
| 2861{ 2862 struct mac_mls *label; 2863 2864 label = SLOT(cred->cr_label); | 2852{ 2853 struct mac_mls *label; 2854 2855 label = SLOT(cred->cr_label); |
| 2865 mac_mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); 2866 mac_mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, 2867 MAC_MLS_TYPE_HIGH, 0, NULL); | 2856 mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); 2857 mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, 2858 NULL); |
| 2868} 2869 | 2859} 2860 |
| 2870static struct mac_policy_ops mac_mls_ops = | 2861static struct mac_policy_ops mls_ops = |
| 2871{ | 2862{ |
| 2872 .mpo_init = mac_mls_init, 2873 .mpo_bpfdesc_init_label = mac_mls_init_label, 2874 .mpo_cred_init_label = mac_mls_init_label, 2875 .mpo_devfs_init_label = mac_mls_init_label, 2876 .mpo_ifnet_init_label = mac_mls_init_label, 2877 .mpo_inpcb_init_label = mac_mls_init_label_waitcheck, 2878 .mpo_init_syncache_label = mac_mls_init_label_waitcheck, 2879 .mpo_sysvmsg_init_label = mac_mls_init_label, 2880 .mpo_sysvmsq_init_label = mac_mls_init_label, 2881 .mpo_sysvsem_init_label = mac_mls_init_label, 2882 .mpo_sysvshm_init_label = mac_mls_init_label, 2883 .mpo_ipq_init_label = mac_mls_init_label_waitcheck, 2884 .mpo_mbuf_init_label = mac_mls_init_label_waitcheck, 2885 .mpo_mount_init_label = mac_mls_init_label, 2886 .mpo_pipe_init_label = mac_mls_init_label, 2887 .mpo_posixsem_init_label = mac_mls_init_label, 2888 .mpo_socket_init_label = mac_mls_init_label_waitcheck, 2889 .mpo_socketpeer_init_label = mac_mls_init_label_waitcheck, 2890 .mpo_vnode_init_label = mac_mls_init_label, 2891 .mpo_bpfdesc_destroy_label = mac_mls_destroy_label, 2892 .mpo_cred_destroy_label = mac_mls_destroy_label, 2893 .mpo_devfs_destroy_label = mac_mls_destroy_label, 2894 .mpo_ifnet_destroy_label = mac_mls_destroy_label, 2895 .mpo_inpcb_destroy_label = mac_mls_destroy_label, 2896 .mpo_destroy_syncache_label = mac_mls_destroy_label, 2897 .mpo_sysvmsg_destroy_label = mac_mls_destroy_label, 2898 .mpo_sysvmsq_destroy_label = mac_mls_destroy_label, 2899 .mpo_sysvsem_destroy_label = mac_mls_destroy_label, 2900 .mpo_sysvshm_destroy_label = mac_mls_destroy_label, 2901 .mpo_ipq_destroy_label = mac_mls_destroy_label, 2902 .mpo_mbuf_destroy_label = mac_mls_destroy_label, 2903 .mpo_mount_destroy_label = mac_mls_destroy_label, 2904 .mpo_pipe_destroy_label = mac_mls_destroy_label, 2905 .mpo_posixsem_destroy_label = mac_mls_destroy_label, 2906 .mpo_socket_destroy_label = mac_mls_destroy_label, 2907 .mpo_socketpeer_destroy_label = mac_mls_destroy_label, 2908 .mpo_vnode_destroy_label = mac_mls_destroy_label, 2909 .mpo_cred_copy_label = mac_mls_copy_label, 2910 .mpo_ifnet_copy_label = mac_mls_copy_label, 2911 .mpo_mbuf_copy_label = mac_mls_copy_label, 2912 .mpo_pipe_copy_label = mac_mls_copy_label, 2913 .mpo_socket_copy_label = mac_mls_copy_label, 2914 .mpo_vnode_copy_label = mac_mls_copy_label, 2915 .mpo_cred_externalize_label = mac_mls_externalize_label, 2916 .mpo_ifnet_externalize_label = mac_mls_externalize_label, 2917 .mpo_pipe_externalize_label = mac_mls_externalize_label, 2918 .mpo_socket_externalize_label = mac_mls_externalize_label, 2919 .mpo_socketpeer_externalize_label = mac_mls_externalize_label, 2920 .mpo_vnode_externalize_label = mac_mls_externalize_label, 2921 .mpo_cred_internalize_label = mac_mls_internalize_label, 2922 .mpo_ifnet_internalize_label = mac_mls_internalize_label, 2923 .mpo_pipe_internalize_label = mac_mls_internalize_label, 2924 .mpo_socket_internalize_label = mac_mls_internalize_label, 2925 .mpo_vnode_internalize_label = mac_mls_internalize_label, 2926 .mpo_devfs_create_device = mac_mls_devfs_create_device, 2927 .mpo_devfs_create_directory = mac_mls_devfs_create_directory, 2928 .mpo_devfs_create_symlink = mac_mls_devfs_create_symlink, 2929 .mpo_mount_create = mac_mls_mount_create, 2930 .mpo_vnode_relabel = mac_mls_vnode_relabel, 2931 .mpo_devfs_update = mac_mls_devfs_update, 2932 .mpo_devfs_vnode_associate = mac_mls_devfs_vnode_associate, 2933 .mpo_vnode_associate_extattr = mac_mls_vnode_associate_extattr, 2934 .mpo_vnode_associate_singlelabel = mac_mls_vnode_associate_singlelabel, 2935 .mpo_vnode_create_extattr = mac_mls_vnode_create_extattr, 2936 .mpo_vnode_setlabel_extattr = mac_mls_vnode_setlabel_extattr, 2937 .mpo_socket_create_mbuf = mac_mls_socket_create_mbuf, 2938 .mpo_create_mbuf_from_syncache = mac_mls_create_mbuf_from_syncache, 2939 .mpo_pipe_create = mac_mls_pipe_create, 2940 .mpo_posixsem_create = mac_mls_posixsem_create, 2941 .mpo_socket_create = mac_mls_socket_create, 2942 .mpo_socket_newconn = mac_mls_socket_newconn, 2943 .mpo_pipe_relabel = mac_mls_pipe_relabel, 2944 .mpo_socket_relabel = mac_mls_socket_relabel, 2945 .mpo_socketpeer_set_from_mbuf = mac_mls_socketpeer_set_from_mbuf, 2946 .mpo_socketpeer_set_from_socket = mac_mls_socketpeer_set_from_socket, 2947 .mpo_bpfdesc_create = mac_mls_bpfdesc_create, 2948 .mpo_ipq_reassemble = mac_mls_ipq_reassemble, 2949 .mpo_netinet_fragment = mac_mls_netinet_fragment, 2950 .mpo_ifnet_create = mac_mls_ifnet_create, 2951 .mpo_inpcb_create = mac_mls_inpcb_create, 2952 .mpo_init_syncache_from_inpcb = mac_mls_init_syncache_from_inpcb, 2953 .mpo_ipq_create = mac_mls_ipq_create, 2954 .mpo_sysvmsg_create = mac_mls_sysvmsg_create, 2955 .mpo_sysvmsq_create = mac_mls_sysvmsq_create, 2956 .mpo_sysvsem_create = mac_mls_sysvsem_create, 2957 .mpo_sysvshm_create = mac_mls_sysvshm_create, 2958 .mpo_inpcb_create_mbuf = mac_mls_inpcb_create_mbuf, 2959 .mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer, 2960 .mpo_bpfdesc_create_mbuf = mac_mls_bpfdesc_create_mbuf, 2961 .mpo_ifnet_create_mbuf = mac_mls_ifnet_create_mbuf, 2962 .mpo_mbuf_create_multicast_encap = mac_mls_mbuf_create_multicast_encap, 2963 .mpo_mbuf_create_netlayer = mac_mls_mbuf_create_netlayer, 2964 .mpo_ipq_match = mac_mls_ipq_match, 2965 .mpo_ifnet_relabel = mac_mls_ifnet_relabel, 2966 .mpo_ipq_update = mac_mls_ipq_update, 2967 .mpo_inpcb_sosetlabel = mac_mls_inpcb_sosetlabel, 2968 .mpo_proc_create_swapper = mac_mls_proc_create_swapper, 2969 .mpo_proc_create_init = mac_mls_proc_create_init, 2970 .mpo_cred_relabel = mac_mls_cred_relabel, 2971 .mpo_sysvmsg_cleanup = mac_mls_sysvmsg_cleanup, 2972 .mpo_sysvmsq_cleanup = mac_mls_sysvmsq_cleanup, 2973 .mpo_sysvsem_cleanup = mac_mls_sysvsem_cleanup, 2974 .mpo_sysvshm_cleanup = mac_mls_sysvshm_cleanup, 2975 .mpo_bpfdesc_check_receive = mac_mls_bpfdesc_check_receive, 2976 .mpo_cred_check_relabel = mac_mls_cred_check_relabel, 2977 .mpo_cred_check_visible = mac_mls_cred_check_visible, 2978 .mpo_ifnet_check_relabel = mac_mls_ifnet_check_relabel, 2979 .mpo_ifnet_check_transmit = mac_mls_ifnet_check_transmit, 2980 .mpo_inpcb_check_deliver = mac_mls_inpcb_check_deliver, 2981 .mpo_sysvmsq_check_msgrcv = mac_mls_sysvmsq_check_msgrcv, 2982 .mpo_sysvmsq_check_msgrmid = mac_mls_sysvmsq_check_msgrmid, 2983 .mpo_sysvmsq_check_msqget = mac_mls_sysvmsq_check_msqget, 2984 .mpo_sysvmsq_check_msqsnd = mac_mls_sysvmsq_check_msqsnd, 2985 .mpo_sysvmsq_check_msqrcv = mac_mls_sysvmsq_check_msqrcv, 2986 .mpo_sysvmsq_check_msqctl = mac_mls_sysvmsq_check_msqctl, 2987 .mpo_sysvsem_check_semctl = mac_mls_sysvsem_check_semctl, 2988 .mpo_sysvsem_check_semget = mac_mls_sysvsem_check_semget, 2989 .mpo_sysvsem_check_semop = mac_mls_sysvsem_check_semop, 2990 .mpo_sysvshm_check_shmat = mac_mls_sysvshm_check_shmat, 2991 .mpo_sysvshm_check_shmctl = mac_mls_sysvshm_check_shmctl, 2992 .mpo_sysvshm_check_shmget = mac_mls_sysvshm_check_shmget, 2993 .mpo_mount_check_stat = mac_mls_mount_check_stat, 2994 .mpo_pipe_check_ioctl = mac_mls_pipe_check_ioctl, 2995 .mpo_pipe_check_poll = mac_mls_pipe_check_poll, 2996 .mpo_pipe_check_read = mac_mls_pipe_check_read, 2997 .mpo_pipe_check_relabel = mac_mls_pipe_check_relabel, 2998 .mpo_pipe_check_stat = mac_mls_pipe_check_stat, 2999 .mpo_pipe_check_write = mac_mls_pipe_check_write, 3000 .mpo_posixsem_check_destroy = mac_mls_posixsem_check_write, 3001 .mpo_posixsem_check_getvalue = mac_mls_posixsem_check_rdonly, 3002 .mpo_posixsem_check_open = mac_mls_posixsem_check_write, 3003 .mpo_posixsem_check_post = mac_mls_posixsem_check_write, 3004 .mpo_posixsem_check_unlink = mac_mls_posixsem_check_write, 3005 .mpo_posixsem_check_wait = mac_mls_posixsem_check_write, 3006 .mpo_proc_check_debug = mac_mls_proc_check_debug, 3007 .mpo_proc_check_sched = mac_mls_proc_check_sched, 3008 .mpo_proc_check_signal = mac_mls_proc_check_signal, 3009 .mpo_socket_check_deliver = mac_mls_socket_check_deliver, 3010 .mpo_socket_check_relabel = mac_mls_socket_check_relabel, 3011 .mpo_socket_check_visible = mac_mls_socket_check_visible, 3012 .mpo_system_check_acct = mac_mls_system_check_acct, 3013 .mpo_system_check_auditctl = mac_mls_system_check_auditctl, 3014 .mpo_system_check_swapon = mac_mls_system_check_swapon, 3015 .mpo_vnode_check_access = mac_mls_vnode_check_open, 3016 .mpo_vnode_check_chdir = mac_mls_vnode_check_chdir, 3017 .mpo_vnode_check_chroot = mac_mls_vnode_check_chroot, 3018 .mpo_vnode_check_create = mac_mls_vnode_check_create, 3019 .mpo_vnode_check_deleteacl = mac_mls_vnode_check_deleteacl, 3020 .mpo_vnode_check_deleteextattr = mac_mls_vnode_check_deleteextattr, 3021 .mpo_vnode_check_exec = mac_mls_vnode_check_exec, 3022 .mpo_vnode_check_getacl = mac_mls_vnode_check_getacl, 3023 .mpo_vnode_check_getextattr = mac_mls_vnode_check_getextattr, 3024 .mpo_vnode_check_link = mac_mls_vnode_check_link, 3025 .mpo_vnode_check_listextattr = mac_mls_vnode_check_listextattr, 3026 .mpo_vnode_check_lookup = mac_mls_vnode_check_lookup, 3027 .mpo_vnode_check_mmap = mac_mls_vnode_check_mmap, 3028 .mpo_vnode_check_open = mac_mls_vnode_check_open, 3029 .mpo_vnode_check_poll = mac_mls_vnode_check_poll, 3030 .mpo_vnode_check_read = mac_mls_vnode_check_read, 3031 .mpo_vnode_check_readdir = mac_mls_vnode_check_readdir, 3032 .mpo_vnode_check_readlink = mac_mls_vnode_check_readlink, 3033 .mpo_vnode_check_relabel = mac_mls_vnode_check_relabel, 3034 .mpo_vnode_check_rename_from = mac_mls_vnode_check_rename_from, 3035 .mpo_vnode_check_rename_to = mac_mls_vnode_check_rename_to, 3036 .mpo_vnode_check_revoke = mac_mls_vnode_check_revoke, 3037 .mpo_vnode_check_setacl = mac_mls_vnode_check_setacl, 3038 .mpo_vnode_check_setextattr = mac_mls_vnode_check_setextattr, 3039 .mpo_vnode_check_setflags = mac_mls_vnode_check_setflags, 3040 .mpo_vnode_check_setmode = mac_mls_vnode_check_setmode, 3041 .mpo_vnode_check_setowner = mac_mls_vnode_check_setowner, 3042 .mpo_vnode_check_setutimes = mac_mls_vnode_check_setutimes, 3043 .mpo_vnode_check_stat = mac_mls_vnode_check_stat, 3044 .mpo_vnode_check_unlink = mac_mls_vnode_check_unlink, 3045 .mpo_vnode_check_write = mac_mls_vnode_check_write, 3046 .mpo_associate_nfsd_label = mac_mls_associate_nfsd_label, 3047 .mpo_mbuf_create_from_firewall = mac_mls_mbuf_create_from_firewall, | 2863 .mpo_init = mls_init, 2864 .mpo_bpfdesc_init_label = mls_init_label, 2865 .mpo_cred_init_label = mls_init_label, 2866 .mpo_devfs_init_label = mls_init_label, 2867 .mpo_ifnet_init_label = mls_init_label, 2868 .mpo_inpcb_init_label = mls_init_label_waitcheck, 2869 .mpo_init_syncache_label = mls_init_label_waitcheck, 2870 .mpo_sysvmsg_init_label = mls_init_label, 2871 .mpo_sysvmsq_init_label = mls_init_label, 2872 .mpo_sysvsem_init_label = mls_init_label, 2873 .mpo_sysvshm_init_label = mls_init_label, 2874 .mpo_ipq_init_label = mls_init_label_waitcheck, 2875 .mpo_mbuf_init_label = mls_init_label_waitcheck, 2876 .mpo_mount_init_label = mls_init_label, 2877 .mpo_pipe_init_label = mls_init_label, 2878 .mpo_posixsem_init_label = mls_init_label, 2879 .mpo_socket_init_label = mls_init_label_waitcheck, 2880 .mpo_socketpeer_init_label = mls_init_label_waitcheck, 2881 .mpo_vnode_init_label = mls_init_label, 2882 .mpo_bpfdesc_destroy_label = mls_destroy_label, 2883 .mpo_cred_destroy_label = mls_destroy_label, 2884 .mpo_devfs_destroy_label = mls_destroy_label, 2885 .mpo_ifnet_destroy_label = mls_destroy_label, 2886 .mpo_inpcb_destroy_label = mls_destroy_label, 2887 .mpo_destroy_syncache_label = mls_destroy_label, 2888 .mpo_sysvmsg_destroy_label = mls_destroy_label, 2889 .mpo_sysvmsq_destroy_label = mls_destroy_label, 2890 .mpo_sysvsem_destroy_label = mls_destroy_label, 2891 .mpo_sysvshm_destroy_label = mls_destroy_label, 2892 .mpo_ipq_destroy_label = mls_destroy_label, 2893 .mpo_mbuf_destroy_label = mls_destroy_label, 2894 .mpo_mount_destroy_label = mls_destroy_label, 2895 .mpo_pipe_destroy_label = mls_destroy_label, 2896 .mpo_posixsem_destroy_label = mls_destroy_label, 2897 .mpo_socket_destroy_label = mls_destroy_label, 2898 .mpo_socketpeer_destroy_label = mls_destroy_label, 2899 .mpo_vnode_destroy_label = mls_destroy_label, 2900 .mpo_cred_copy_label = mls_copy_label, 2901 .mpo_ifnet_copy_label = mls_copy_label, 2902 .mpo_mbuf_copy_label = mls_copy_label, 2903 .mpo_pipe_copy_label = mls_copy_label, 2904 .mpo_socket_copy_label = mls_copy_label, 2905 .mpo_vnode_copy_label = mls_copy_label, 2906 .mpo_cred_externalize_label = mls_externalize_label, 2907 .mpo_ifnet_externalize_label = mls_externalize_label, 2908 .mpo_pipe_externalize_label = mls_externalize_label, 2909 .mpo_socket_externalize_label = mls_externalize_label, 2910 .mpo_socketpeer_externalize_label = mls_externalize_label, 2911 .mpo_vnode_externalize_label = mls_externalize_label, 2912 .mpo_cred_internalize_label = mls_internalize_label, 2913 .mpo_ifnet_internalize_label = mls_internalize_label, 2914 .mpo_pipe_internalize_label = mls_internalize_label, 2915 .mpo_socket_internalize_label = mls_internalize_label, 2916 .mpo_vnode_internalize_label = mls_internalize_label, 2917 .mpo_devfs_create_device = mls_devfs_create_device, 2918 .mpo_devfs_create_directory = mls_devfs_create_directory, 2919 .mpo_devfs_create_symlink = mls_devfs_create_symlink, 2920 .mpo_mount_create = mls_mount_create, 2921 .mpo_vnode_relabel = mls_vnode_relabel, 2922 .mpo_devfs_update = mls_devfs_update, 2923 .mpo_devfs_vnode_associate = mls_devfs_vnode_associate, 2924 .mpo_vnode_associate_extattr = mls_vnode_associate_extattr, 2925 .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel, 2926 .mpo_vnode_create_extattr = mls_vnode_create_extattr, 2927 .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, 2928 .mpo_socket_create_mbuf = mls_socket_create_mbuf, 2929 .mpo_create_mbuf_from_syncache = mls_create_mbuf_from_syncache, 2930 .mpo_pipe_create = mls_pipe_create, 2931 .mpo_posixsem_create = mls_posixsem_create, 2932 .mpo_socket_create = mls_socket_create, 2933 .mpo_socket_newconn = mls_socket_newconn, 2934 .mpo_pipe_relabel = mls_pipe_relabel, 2935 .mpo_socket_relabel = mls_socket_relabel, 2936 .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf, 2937 .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket, 2938 .mpo_bpfdesc_create = mls_bpfdesc_create, 2939 .mpo_ipq_reassemble = mls_ipq_reassemble, 2940 .mpo_netinet_fragment = mls_netinet_fragment, 2941 .mpo_ifnet_create = mls_ifnet_create, 2942 .mpo_inpcb_create = mls_inpcb_create, 2943 .mpo_init_syncache_from_inpcb = mls_init_syncache_from_inpcb, 2944 .mpo_ipq_create = mls_ipq_create, 2945 .mpo_sysvmsg_create = mls_sysvmsg_create, 2946 .mpo_sysvmsq_create = mls_sysvmsq_create, 2947 .mpo_sysvsem_create = mls_sysvsem_create, 2948 .mpo_sysvshm_create = mls_sysvshm_create, 2949 .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, 2950 .mpo_create_mbuf_linklayer = mls_create_mbuf_linklayer, 2951 .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, 2952 .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, 2953 .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, 2954 .mpo_mbuf_create_netlayer = mls_mbuf_create_netlayer, 2955 .mpo_ipq_match = mls_ipq_match, 2956 .mpo_ifnet_relabel = mls_ifnet_relabel, 2957 .mpo_ipq_update = mls_ipq_update, 2958 .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, 2959 .mpo_proc_create_swapper = mls_proc_create_swapper, 2960 .mpo_proc_create_init = mls_proc_create_init, 2961 .mpo_cred_relabel = mls_cred_relabel, 2962 .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, 2963 .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, 2964 .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, 2965 .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, 2966 .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, 2967 .mpo_cred_check_relabel = mls_cred_check_relabel, 2968 .mpo_cred_check_visible = mls_cred_check_visible, 2969 .mpo_ifnet_check_relabel = mls_ifnet_check_relabel, 2970 .mpo_ifnet_check_transmit = mls_ifnet_check_transmit, 2971 .mpo_inpcb_check_deliver = mls_inpcb_check_deliver, 2972 .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv, 2973 .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid, 2974 .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget, 2975 .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd, 2976 .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv, 2977 .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl, 2978 .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl, 2979 .mpo_sysvsem_check_semget = mls_sysvsem_check_semget, 2980 .mpo_sysvsem_check_semop = mls_sysvsem_check_semop, 2981 .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat, 2982 .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl, 2983 .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget, 2984 .mpo_mount_check_stat = mls_mount_check_stat, 2985 .mpo_pipe_check_ioctl = mls_pipe_check_ioctl, 2986 .mpo_pipe_check_poll = mls_pipe_check_poll, 2987 .mpo_pipe_check_read = mls_pipe_check_read, 2988 .mpo_pipe_check_relabel = mls_pipe_check_relabel, 2989 .mpo_pipe_check_stat = mls_pipe_check_stat, 2990 .mpo_pipe_check_write = mls_pipe_check_write, 2991 .mpo_posixsem_check_destroy = mls_posixsem_check_write, 2992 .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, 2993 .mpo_posixsem_check_open = mls_posixsem_check_write, 2994 .mpo_posixsem_check_post = mls_posixsem_check_write, 2995 .mpo_posixsem_check_unlink = mls_posixsem_check_write, 2996 .mpo_posixsem_check_wait = mls_posixsem_check_write, 2997 .mpo_proc_check_debug = mls_proc_check_debug, 2998 .mpo_proc_check_sched = mls_proc_check_sched, 2999 .mpo_proc_check_signal = mls_proc_check_signal, 3000 .mpo_socket_check_deliver = mls_socket_check_deliver, 3001 .mpo_socket_check_relabel = mls_socket_check_relabel, 3002 .mpo_socket_check_visible = mls_socket_check_visible, 3003 .mpo_system_check_acct = mls_system_check_acct, 3004 .mpo_system_check_auditctl = mls_system_check_auditctl, 3005 .mpo_system_check_swapon = mls_system_check_swapon, 3006 .mpo_vnode_check_access = mls_vnode_check_open, 3007 .mpo_vnode_check_chdir = mls_vnode_check_chdir, 3008 .mpo_vnode_check_chroot = mls_vnode_check_chroot, 3009 .mpo_vnode_check_create = mls_vnode_check_create, 3010 .mpo_vnode_check_deleteacl = mls_vnode_check_deleteacl, 3011 .mpo_vnode_check_deleteextattr = mls_vnode_check_deleteextattr, 3012 .mpo_vnode_check_exec = mls_vnode_check_exec, 3013 .mpo_vnode_check_getacl = mls_vnode_check_getacl, 3014 .mpo_vnode_check_getextattr = mls_vnode_check_getextattr, 3015 .mpo_vnode_check_link = mls_vnode_check_link, 3016 .mpo_vnode_check_listextattr = mls_vnode_check_listextattr, 3017 .mpo_vnode_check_lookup = mls_vnode_check_lookup, 3018 .mpo_vnode_check_mmap = mls_vnode_check_mmap, 3019 .mpo_vnode_check_open = mls_vnode_check_open, 3020 .mpo_vnode_check_poll = mls_vnode_check_poll, 3021 .mpo_vnode_check_read = mls_vnode_check_read, 3022 .mpo_vnode_check_readdir = mls_vnode_check_readdir, 3023 .mpo_vnode_check_readlink = mls_vnode_check_readlink, 3024 .mpo_vnode_check_relabel = mls_vnode_check_relabel, 3025 .mpo_vnode_check_rename_from = mls_vnode_check_rename_from, 3026 .mpo_vnode_check_rename_to = mls_vnode_check_rename_to, 3027 .mpo_vnode_check_revoke = mls_vnode_check_revoke, 3028 .mpo_vnode_check_setacl = mls_vnode_check_setacl, 3029 .mpo_vnode_check_setextattr = mls_vnode_check_setextattr, 3030 .mpo_vnode_check_setflags = mls_vnode_check_setflags, 3031 .mpo_vnode_check_setmode = mls_vnode_check_setmode, 3032 .mpo_vnode_check_setowner = mls_vnode_check_setowner, 3033 .mpo_vnode_check_setutimes = mls_vnode_check_setutimes, 3034 .mpo_vnode_check_stat = mls_vnode_check_stat, 3035 .mpo_vnode_check_unlink = mls_vnode_check_unlink, 3036 .mpo_vnode_check_write = mls_vnode_check_write, 3037 .mpo_associate_nfsd_label = mls_associate_nfsd_label, 3038 .mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall, |
| 3048}; 3049 | 3039}; 3040 |
| 3050MAC_POLICY_SET(&mac_mls_ops, mac_mls, "TrustedBSD MAC/MLS", 3051 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mac_mls_slot); | 3041MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", 3042 MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mls_slot); |