| mac_partition.c (172930) | mac_partition.c (172955) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_partition/mac_partition.c 172930 2007-10-24 19:04:04Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_partition/mac_partition.c 172955 2007-10-25 11:31:11Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. |
| 43 * |
|
| 43 * Experiment with a partition-like model. 44 */ 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/module.h> 49#include <sys/priv.h> 50#include <sys/proc.h> --- 13 unchanged lines hidden (view full) --- 64SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 65 &mac_partition_enabled, 0, "Enforce partition policy"); 66 67static int partition_slot; 68#define SLOT(l) mac_label_get((l), partition_slot) 69#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 70 71static void | 44 * Experiment with a partition-like model. 45 */ 46 47#include <sys/param.h> 48#include <sys/kernel.h> 49#include <sys/module.h> 50#include <sys/priv.h> 51#include <sys/proc.h> --- 13 unchanged lines hidden (view full) --- 65SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 66 &mac_partition_enabled, 0, "Enforce partition policy"); 67 68static int partition_slot; 69#define SLOT(l) mac_label_get((l), partition_slot) 70#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 71 72static void |
| 72mac_partition_init_label(struct label *label) | 73partition_init_label(struct label *label) |
| 73{ 74 75 SLOT_SET(label, 0); 76} 77 78static void | 74{ 75 76 SLOT_SET(label, 0); 77} 78 79static void |
| 79mac_partition_destroy_label(struct label *label) | 80partition_destroy_label(struct label *label) |
| 80{ 81 82 SLOT_SET(label, 0); 83} 84 85static void | 81{ 82 83 SLOT_SET(label, 0); 84} 85 86static void |
| 86mac_partition_copy_label(struct label *src, struct label *dest) | 87partition_copy_label(struct label *src, struct label *dest) |
| 87{ 88 89 SLOT_SET(dest, SLOT(src)); 90} 91 92static int | 88{ 89 90 SLOT_SET(dest, SLOT(src)); 91} 92 93static int |
| 93mac_partition_externalize_label(struct label *label, char *element_name, | 94partition_externalize_label(struct label *label, char *element_name, |
| 94 struct sbuf *sb, int *claimed) 95{ 96 97 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 98 return (0); 99 100 (*claimed)++; 101 102 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 103 return (EINVAL); 104 else 105 return (0); 106} 107 108static int | 95 struct sbuf *sb, int *claimed) 96{ 97 98 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 99 return (0); 100 101 (*claimed)++; 102 103 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 104 return (EINVAL); 105 else 106 return (0); 107} 108 109static int |
| 109mac_partition_internalize_label(struct label *label, char *element_name, | 110partition_internalize_label(struct label *label, char *element_name, |
| 110 char *element_data, int *claimed) 111{ 112 113 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 114 return (0); 115 116 (*claimed)++; 117 SLOT_SET(label, strtol(element_data, NULL, 10)); 118 return (0); 119} 120 121static void | 111 char *element_data, int *claimed) 112{ 113 114 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 115 return (0); 116 117 (*claimed)++; 118 SLOT_SET(label, strtol(element_data, NULL, 10)); 119 return (0); 120} 121 122static void |
| 122mac_partition_proc_create_swapper(struct ucred *cred) | 123partition_proc_create_swapper(struct ucred *cred) |
| 123{ 124 125 SLOT_SET(cred->cr_label, 0); 126} 127 128static void | 124{ 125 126 SLOT_SET(cred->cr_label, 0); 127} 128 129static void |
| 129mac_partition_proc_create_init(struct ucred *cred) | 130partition_proc_create_init(struct ucred *cred) |
| 130{ 131 132 SLOT_SET(cred->cr_label, 0); 133} 134 135static void | 131{ 132 133 SLOT_SET(cred->cr_label, 0); 134} 135 136static void |
| 136mac_partition_cred_relabel(struct ucred *cred, struct label *newlabel) | 137partition_cred_relabel(struct ucred *cred, struct label *newlabel) |
| 137{ 138 139 if (SLOT(newlabel) != 0) 140 SLOT_SET(cred->cr_label, SLOT(newlabel)); 141} 142 143static int 144label_on_label(struct label *subject, struct label *object) --- 7 unchanged lines hidden (view full) --- 152 153 if (SLOT(subject) == SLOT(object)) 154 return (0); 155 156 return (EPERM); 157} 158 159static int | 138{ 139 140 if (SLOT(newlabel) != 0) 141 SLOT_SET(cred->cr_label, SLOT(newlabel)); 142} 143 144static int 145label_on_label(struct label *subject, struct label *object) --- 7 unchanged lines hidden (view full) --- 153 154 if (SLOT(subject) == SLOT(object)) 155 return (0); 156 157 return (EPERM); 158} 159 160static int |
| 160mac_partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) | 161partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) |
| 161{ 162 int error; 163 164 error = 0; 165 166 /* Treat "0" as a no-op request. */ 167 if (SLOT(newlabel) != 0) { 168 /* 169 * Require BSD privilege in order to change the partition. | 162{ 163 int error; 164 165 error = 0; 166 167 /* Treat "0" as a no-op request. */ 168 if (SLOT(newlabel) != 0) { 169 /* 170 * Require BSD privilege in order to change the partition. |
| 170 * Originally we also required that the process not be 171 * in a partition in the first place, but this didn't 172 * interact well with sendmail. | 171 * Originally we also required that the process not be in a 172 * partition in the first place, but this didn't interact 173 * well with sendmail. |
| 173 */ 174 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); 175 } 176 177 return (error); 178} 179 180static int | 174 */ 175 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); 176 } 177 178 return (error); 179} 180 181static int |
| 181mac_partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) | 182partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) |
| 182{ 183 int error; 184 185 error = label_on_label(cr1->cr_label, cr2->cr_label); 186 187 return (error == 0 ? 0 : ESRCH); 188} 189 190static int | 183{ 184 int error; 185 186 error = label_on_label(cr1->cr_label, cr2->cr_label); 187 188 return (error == 0 ? 0 : ESRCH); 189} 190 191static int |
| 191mac_partition_proc_check_debug(struct ucred *cred, struct proc *p) | 192partition_proc_check_debug(struct ucred *cred, struct proc *p) |
| 192{ 193 int error; 194 195 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 196 197 return (error ? ESRCH : 0); 198} 199 200static int | 193{ 194 int error; 195 196 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 197 198 return (error ? ESRCH : 0); 199} 200 201static int |
| 201mac_partition_proc_check_sched(struct ucred *cred, struct proc *p) | 202partition_proc_check_sched(struct ucred *cred, struct proc *p) |
| 202{ 203 int error; 204 205 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 206 207 return (error ? ESRCH : 0); 208} 209 210static int | 203{ 204 int error; 205 206 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 207 208 return (error ? ESRCH : 0); 209} 210 211static int |
| 211mac_partition_proc_check_signal(struct ucred *cred, struct proc *p, | 212partition_proc_check_signal(struct ucred *cred, struct proc *p, |
| 212 int signum) 213{ 214 int error; 215 216 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 217 218 return (error ? ESRCH : 0); 219} 220 221static int | 213 int signum) 214{ 215 int error; 216 217 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 218 219 return (error ? ESRCH : 0); 220} 221 222static int |
| 222mac_partition_socket_check_visible(struct ucred *cred, struct socket *so, | 223partition_socket_check_visible(struct ucred *cred, struct socket *so, |
| 223 struct label *solabel) 224{ 225 int error; 226 227 error = label_on_label(cred->cr_label, solabel); 228 229 return (error ? ENOENT : 0); 230} 231 232static int | 224 struct label *solabel) 225{ 226 int error; 227 228 error = label_on_label(cred->cr_label, solabel); 229 230 return (error ? ENOENT : 0); 231} 232 233static int |
| 233mac_partition_vnode_check_exec(struct ucred *cred, struct vnode *vp, | 234partition_vnode_check_exec(struct ucred *cred, struct vnode *vp, |
| 234 struct label *vplabel, struct image_params *imgp, 235 struct label *execlabel) 236{ 237 238 if (execlabel != NULL) { 239 /* 240 * We currently don't permit labels to be changed at 241 * exec-time as part of the partition model, so disallow 242 * non-NULL partition label changes in execlabel. 243 */ 244 if (SLOT(execlabel) != 0) 245 return (EINVAL); 246 } 247 248 return (0); 249} 250 | 235 struct label *vplabel, struct image_params *imgp, 236 struct label *execlabel) 237{ 238 239 if (execlabel != NULL) { 240 /* 241 * We currently don't permit labels to be changed at 242 * exec-time as part of the partition model, so disallow 243 * non-NULL partition label changes in execlabel. 244 */ 245 if (SLOT(execlabel) != 0) 246 return (EINVAL); 247 } 248 249 return (0); 250} 251 |
| 251static struct mac_policy_ops mac_partition_ops = | 252static struct mac_policy_ops partition_ops = |
| 252{ | 253{ |
| 253 .mpo_cred_init_label = mac_partition_init_label, 254 .mpo_cred_destroy_label = mac_partition_destroy_label, 255 .mpo_cred_copy_label = mac_partition_copy_label, 256 .mpo_cred_externalize_label = mac_partition_externalize_label, 257 .mpo_cred_internalize_label = mac_partition_internalize_label, 258 .mpo_proc_create_swapper = mac_partition_proc_create_swapper, 259 .mpo_proc_create_init = mac_partition_proc_create_init, 260 .mpo_cred_relabel = mac_partition_cred_relabel, 261 .mpo_cred_check_relabel = mac_partition_cred_check_relabel, 262 .mpo_cred_check_visible = mac_partition_cred_check_visible, 263 .mpo_proc_check_debug = mac_partition_proc_check_debug, 264 .mpo_proc_check_sched = mac_partition_proc_check_sched, 265 .mpo_proc_check_signal = mac_partition_proc_check_signal, 266 .mpo_socket_check_visible = mac_partition_socket_check_visible, 267 .mpo_vnode_check_exec = mac_partition_vnode_check_exec, | 254 .mpo_cred_init_label = partition_init_label, 255 .mpo_cred_destroy_label = partition_destroy_label, 256 .mpo_cred_copy_label = partition_copy_label, 257 .mpo_cred_externalize_label = partition_externalize_label, 258 .mpo_cred_internalize_label = partition_internalize_label, 259 .mpo_proc_create_swapper = partition_proc_create_swapper, 260 .mpo_proc_create_init = partition_proc_create_init, 261 .mpo_cred_relabel = partition_cred_relabel, 262 .mpo_cred_check_relabel = partition_cred_check_relabel, 263 .mpo_cred_check_visible = partition_cred_check_visible, 264 .mpo_proc_check_debug = partition_proc_check_debug, 265 .mpo_proc_check_sched = partition_proc_check_sched, 266 .mpo_proc_check_signal = partition_proc_check_signal, 267 .mpo_socket_check_visible = partition_socket_check_visible, 268 .mpo_vnode_check_exec = partition_vnode_check_exec, |
| 268}; 269 | 269}; 270 |
| 270MAC_POLICY_SET(&mac_partition_ops, mac_partition, "TrustedBSD MAC/Partition", | 271MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", |
| 271 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); | 272 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); |