mac_framework.c (104541) | mac_framework.c (104546) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_framework.c 104541 2002-10-05 21:23:47Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_framework.c 104546 2002-10-06 02:46:26Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 163 unchanged lines hidden (view full) --- 211#endif 212 213static int error_select(int error1, int error2); 214static int mac_externalize(struct label *label, struct mac *mac); 215static int mac_policy_register(struct mac_policy_conf *mpc); 216static int mac_policy_unregister(struct mac_policy_conf *mpc); 217 218static int mac_stdcreatevnode_ea(struct vnode *vp); | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 163 unchanged lines hidden (view full) --- 211#endif 212 213static int error_select(int error1, int error2); 214static int mac_externalize(struct label *label, struct mac *mac); 215static int mac_policy_register(struct mac_policy_conf *mpc); 216static int mac_policy_unregister(struct mac_policy_conf *mpc); 217 218static int mac_stdcreatevnode_ea(struct vnode *vp); |
219static void mac_cred_mmapped_drop_perms(struct thread *td, 220 struct ucred *cred); | 219static void mac_check_vnode_mmap_downgrade(struct ucred *cred, 220 struct vnode *vp, int *prot); |
221static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, 222 struct ucred *cred, struct vm_map *map); 223 224static void mac_destroy_socket_label(struct label *label); 225 226MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector"); 227MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes"); 228 --- 579 unchanged lines hidden (view full) --- 808 case MAC_CHECK_VNODE_LINK: 809 mpc->mpc_ops->mpo_check_vnode_link = 810 mpe->mpe_function; 811 break; 812 case MAC_CHECK_VNODE_LOOKUP: 813 mpc->mpc_ops->mpo_check_vnode_lookup = 814 mpe->mpe_function; 815 break; | 221static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, 222 struct ucred *cred, struct vm_map *map); 223 224static void mac_destroy_socket_label(struct label *label); 225 226MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector"); 227MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes"); 228 --- 579 unchanged lines hidden (view full) --- 808 case MAC_CHECK_VNODE_LINK: 809 mpc->mpc_ops->mpo_check_vnode_link = 810 mpe->mpe_function; 811 break; 812 case MAC_CHECK_VNODE_LOOKUP: 813 mpc->mpc_ops->mpo_check_vnode_lookup = 814 mpe->mpe_function; 815 break; |
816 case MAC_CHECK_VNODE_MMAP_PERMS: 817 mpc->mpc_ops->mpo_check_vnode_mmap_perms = | 816 case MAC_CHECK_VNODE_MMAP: 817 mpc->mpc_ops->mpo_check_vnode_mmap = |
818 mpe->mpe_function; 819 break; | 818 mpe->mpe_function; 819 break; |
820 case MAC_CHECK_VNODE_MMAP_DOWNGRADE: 821 mpc->mpc_ops->mpo_check_vnode_mmap_downgrade = 822 mpe->mpe_function; 823 break; 824 case MAC_CHECK_VNODE_MPROTECT: 825 mpc->mpc_ops->mpo_check_vnode_mprotect = 826 mpe->mpe_function; 827 break; |
|
820 case MAC_CHECK_VNODE_OPEN: 821 mpc->mpc_ops->mpo_check_vnode_open = 822 mpe->mpe_function; 823 break; 824 case MAC_CHECK_VNODE_POLL: 825 mpc->mpc_ops->mpo_check_vnode_poll = 826 mpe->mpe_function; 827 break; --- 1107 unchanged lines hidden (view full) --- 1935 error = vn_refreshlabel(dvp, cred); 1936 if (error) 1937 return (error); 1938 1939 MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp); 1940 return (error); 1941} 1942 | 828 case MAC_CHECK_VNODE_OPEN: 829 mpc->mpc_ops->mpo_check_vnode_open = 830 mpe->mpe_function; 831 break; 832 case MAC_CHECK_VNODE_POLL: 833 mpc->mpc_ops->mpo_check_vnode_poll = 834 mpe->mpe_function; 835 break; --- 1107 unchanged lines hidden (view full) --- 1943 error = vn_refreshlabel(dvp, cred); 1944 if (error) 1945 return (error); 1946 1947 MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp); 1948 return (error); 1949} 1950 |
1943vm_prot_t 1944mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping) | 1951int 1952mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot) |
1945{ | 1953{ |
1946 vm_prot_t result = VM_PROT_ALL; | 1954 int error; |
1947 | 1955 |
1948 if (!mac_enforce_vm) 1949 return (result); | 1956 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap"); |
1950 | 1957 |
1951 /* 1952 * This should be some sort of MAC_BITWISE, maybe :) 1953 */ 1954 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_perms"); 1955 MAC_BOOLEAN(check_vnode_mmap_perms, &, cred, vp, &vp->v_label, 1956 newmapping); 1957 return (result); | 1958 if (!mac_enforce_fs || !mac_enforce_vm) 1959 return (0); 1960 1961 error = vn_refreshlabel(vp, cred); 1962 if (error) 1963 return (error); 1964 1965 MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot); 1966 return (error); |
1958} 1959 | 1967} 1968 |
1969void 1970mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot) 1971{ 1972 int result = *prot; 1973 1974 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_downgrade"); 1975 1976 if (!mac_enforce_fs || !mac_enforce_vm) 1977 return; 1978 1979 MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label, 1980 &result); 1981 1982 *prot = result; 1983} 1984 |
|
1960int | 1985int |
1986mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) 1987{ 1988 int error; 1989 1990 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mprotect"); 1991 1992 if (!mac_enforce_fs || !mac_enforce_vm) 1993 return (0); 1994 1995 error = vn_refreshlabel(vp, cred); 1996 if (error) 1997 return (error); 1998 1999 MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot); 2000 return (error); 2001} 2002 2003int |
|
1961mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) 1962{ 1963 int error; 1964 1965 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open"); 1966 1967 if (!mac_enforce_fs) 1968 return (0); --- 363 unchanged lines hidden (view full) --- 2332 } 2333} 2334 2335static void 2336mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, 2337 struct vm_map *map) 2338{ 2339 struct vm_map_entry *vme; | 2004mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) 2005{ 2006 int error; 2007 2008 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open"); 2009 2010 if (!mac_enforce_fs) 2011 return (0); --- 363 unchanged lines hidden (view full) --- 2375 } 2376} 2377 2378static void 2379mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, 2380 struct vm_map *map) 2381{ 2382 struct vm_map_entry *vme; |
2340 vm_prot_t result, revokeperms; | 2383 int result; 2384 vm_prot_t revokeperms; |
2341 vm_object_t object; 2342 vm_ooffset_t offset; 2343 struct vnode *vp; 2344 2345 if (!mac_mmap_revocation) 2346 return; 2347 2348 vm_map_lock_read(map); --- 24 unchanged lines hidden (view full) --- 2373 * At the moment, vm_maps and objects aren't considered 2374 * by the MAC system, so only things with backing by a 2375 * normal object (read: vnodes) are checked. 2376 */ 2377 if (object->type != OBJT_VNODE) 2378 continue; 2379 vp = (struct vnode *)object->handle; 2380 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); | 2385 vm_object_t object; 2386 vm_ooffset_t offset; 2387 struct vnode *vp; 2388 2389 if (!mac_mmap_revocation) 2390 return; 2391 2392 vm_map_lock_read(map); --- 24 unchanged lines hidden (view full) --- 2417 * At the moment, vm_maps and objects aren't considered 2418 * by the MAC system, so only things with backing by a 2419 * normal object (read: vnodes) are checked. 2420 */ 2421 if (object->type != OBJT_VNODE) 2422 continue; 2423 vp = (struct vnode *)object->handle; 2424 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); |
2381 result = mac_check_vnode_mmap_prot(cred, vp, 0); | 2425 result = vme->max_protection; 2426 mac_check_vnode_mmap_downgrade(cred, vp, &result); |
2382 VOP_UNLOCK(vp, 0, td); 2383 /* 2384 * Find out what maximum protection we may be allowing 2385 * now but a policy needs to get removed. 2386 */ 2387 revokeperms = vme->max_protection & ~result; 2388 if (!revokeperms) 2389 continue; --- 1142 unchanged lines hidden --- | 2427 VOP_UNLOCK(vp, 0, td); 2428 /* 2429 * Find out what maximum protection we may be allowing 2430 * now but a policy needs to get removed. 2431 */ 2432 revokeperms = vme->max_protection & ~result; 2433 if (!revokeperms) 2434 continue; --- 1142 unchanged lines hidden --- |