1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
9 * the Security Research Division of Network Associates, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. The names of the authors may not be used to endorse or promote
22 * products derived from this software without specific prior written
23 * permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 101934 2002-08-15 18:51:27Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Biba fixed label mandatory integrity policy.
43 */
44
45#include <sys/types.h>
46#include <sys/param.h>
47#include <sys/acl.h>
48#include <sys/conf.h>
49#include <sys/kernel.h>
50#include <sys/mac.h>
51#include <sys/mount.h>
52#include <sys/proc.h>
53#include <sys/systm.h>
54#include <sys/sysproto.h>
55#include <sys/sysent.h>
56#include <sys/vnode.h>
57#include <sys/file.h>
58#include <sys/socket.h>
59#include <sys/socketvar.h>
60#include <sys/pipe.h>
61#include <sys/sysctl.h>
62
63#include <fs/devfs/devfs.h>
64
65#include <net/bpfdesc.h>
66#include <net/if.h>
67#include <net/if_types.h>
68#include <net/if_var.h>
69
70#include <netinet/in.h>
71#include <netinet/ip_var.h>
72
73#include <vm/vm.h>
74
75#include <sys/mac_policy.h>
76
77#include <security/mac_biba/mac_biba.h>
78
79SYSCTL_DECL(_security_mac);
80
81SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0,
82 "TrustedBSD mac_biba policy controls");
83
84static int mac_biba_enabled = 0;
85SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW,
86 &mac_biba_enabled, 0, "Enforce MAC/Biba policy");
87
88static int destroyed_not_inited;
89SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
90 &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
91
92static int trust_all_interfaces = 0;
93SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
94 &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
95TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
96
97static char trusted_interfaces[128];
98SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
99 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
100TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
101 sizeof(trusted_interfaces));
102
103static int mac_biba_revocation_enabled = 0;
104SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
105 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel");
106TUNABLE_INT("security.mac.biba.revocation_enabled",
107 &mac_biba_revocation_enabled);
108
109static int mac_biba_slot;
110#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr)
111
112MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels");
113
114static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
115 struct label *vnodelabel, mode_t acc_mode);
116
117static struct mac_biba *
118biba_alloc(int how)
119{
120 struct mac_biba *mac_biba;
121
122 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how);
123
124 return (mac_biba);
125}
126
127static void
128biba_free(struct mac_biba *mac_biba)
129{
130
131 if (mac_biba != NULL)
132 free(mac_biba, M_MACBIBA);
133 else
134 atomic_add_int(&destroyed_not_inited, 1);
135}
136
137static int
138mac_biba_dominate_element(struct mac_biba_element *a,
139 struct mac_biba_element *b)
140{
141
142 switch(a->mbe_type) {
143 case MAC_BIBA_TYPE_EQUAL:
144 case MAC_BIBA_TYPE_HIGH:
145 return (1);
146
147 case MAC_BIBA_TYPE_LOW:
148 switch (b->mbe_type) {
149 case MAC_BIBA_TYPE_GRADE:
150 case MAC_BIBA_TYPE_HIGH:
151 return (0);
152
153 case MAC_BIBA_TYPE_EQUAL:
154 case MAC_BIBA_TYPE_LOW:
155 return (1);
156
157 default:
158 panic("mac_biba_dominate_element: b->mbe_type invalid");
159 }
160
161 case MAC_BIBA_TYPE_GRADE:
162 switch (b->mbe_type) {
163 case MAC_BIBA_TYPE_EQUAL:
164 case MAC_BIBA_TYPE_LOW:
165 return (1);
166
167 case MAC_BIBA_TYPE_HIGH:
168 return (0);
169
170 case MAC_BIBA_TYPE_GRADE:
171 return (a->mbe_grade >= b->mbe_grade);
172
173 default:
174 panic("mac_biba_dominate_element: b->mbe_type invalid");
175 }
176
177 default:
178 panic("mac_biba_dominate_element: a->mbe_type invalid");
179 }
180
181 return (0);
182}
183
184static int
185mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb)
186{
187
188 return (mac_biba_dominate_element(&rangeb->mb_rangehigh,
189 &rangea->mb_rangehigh) &&
190 mac_biba_dominate_element(&rangea->mb_rangelow,
191 &rangeb->mb_rangelow));
192}
193
194static int
195mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range)
196{
197
198 KASSERT((single->mb_flag & MAC_BIBA_FLAG_SINGLE) != 0,
199 ("mac_biba_single_in_range: a not single"));
200 KASSERT((range->mb_flag & MAC_BIBA_FLAG_RANGE) != 0,
201 ("mac_biba_single_in_range: b not range"));
202
203 return (mac_biba_dominate_element(&range->mb_rangehigh,
204 &single->mb_single) &&
205 mac_biba_dominate_element(&single->mb_single,
206 &range->mb_rangelow));
207
208 return (1);
209}
210
211static int
212mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b)
213{
214 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
215 ("mac_biba_dominate_single: a not single"));
216 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
217 ("mac_biba_dominate_single: b not single"));
218
219 return (mac_biba_dominate_element(&a->mb_single, &b->mb_single));
220}
221
222static int
223mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b)
224{
225
226 if (a->mbe_type == MAC_BIBA_TYPE_EQUAL ||
227 b->mbe_type == MAC_BIBA_TYPE_EQUAL)
228 return (1);
229
230 return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade);
231}
232
233static int
234mac_biba_equal_range(struct mac_biba *a, struct mac_biba *b)
235{
236
237 KASSERT((a->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
238 ("mac_biba_equal_range: a not range"));
239 KASSERT((b->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
240 ("mac_biba_equal_range: b not range"));
241
242 return (mac_biba_equal_element(&a->mb_rangelow, &b->mb_rangelow) &&
243 mac_biba_equal_element(&a->mb_rangehigh, &b->mb_rangehigh));
244}
245
246static int
247mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b)
248{
249
250 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
251 ("mac_biba_equal_single: a not single"));
252 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
253 ("mac_biba_equal_single: b not single"));
254
255 return (mac_biba_equal_element(&a->mb_single, &b->mb_single));
256}
257
258static int
259mac_biba_high_single(struct mac_biba *mac_biba)
260{
261
262 return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH);
263}
264
265static int
266mac_biba_valid(struct mac_biba *mac_biba)
267{
268
269 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
270 switch (mac_biba->mb_single.mbe_type) {
271 case MAC_BIBA_TYPE_GRADE:
272 break;
273
274 case MAC_BIBA_TYPE_EQUAL:
275 case MAC_BIBA_TYPE_HIGH:
276 case MAC_BIBA_TYPE_LOW:
277 if (mac_biba->mb_single.mbe_grade != 0)
278 return (EINVAL);
279 break;
280
281 default:
282 return (EINVAL);
283 }
284 } else {
285 if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF)
286 return (EINVAL);
287 }
288
289 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
290 switch (mac_biba->mb_rangelow.mbe_type) {
291 case MAC_BIBA_TYPE_GRADE:
292 break;
293
294 case MAC_BIBA_TYPE_EQUAL:
295 case MAC_BIBA_TYPE_HIGH:
296 case MAC_BIBA_TYPE_LOW:
297 if (mac_biba->mb_rangelow.mbe_grade != 0)
298 return (EINVAL);
299 break;
300
301 default:
302 return (EINVAL);
303 }
304
305 switch (mac_biba->mb_rangehigh.mbe_type) {
306 case MAC_BIBA_TYPE_GRADE:
307 break;
308
309 case MAC_BIBA_TYPE_EQUAL:
310 case MAC_BIBA_TYPE_HIGH:
311 case MAC_BIBA_TYPE_LOW:
312 if (mac_biba->mb_rangehigh.mbe_grade != 0)
313 return (EINVAL);
314 break;
315
316 default:
317 return (EINVAL);
318 }
319 if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh,
320 &mac_biba->mb_rangelow))
321 return (EINVAL);
322 } else {
323 if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF ||
324 mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF)
325 return (EINVAL);
326 }
327
328 return (0);
329}
330
331static void
332mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow,
333 u_short gradelow, u_short typehigh, u_short gradehigh)
334{
335
336 mac_biba->mb_rangelow.mbe_type = typelow;
337 mac_biba->mb_rangelow.mbe_grade = gradelow;
338 mac_biba->mb_rangehigh.mbe_type = typehigh;
339 mac_biba->mb_rangehigh.mbe_grade = gradehigh;
340 mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE;
341}
342
343static void
344mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade)
345{
346
347 mac_biba->mb_single.mbe_type = type;
348 mac_biba->mb_single.mbe_grade = grade;
349 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE;
350}
351
352static void
353mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto)
354{
355 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
356 ("mac_biba_copy_range: labelfrom not range"));
357
358 labelto->mb_rangelow = labelfrom->mb_rangelow;
359 labelto->mb_rangehigh = labelfrom->mb_rangehigh;
360 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
361}
362
363static void
364mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto)
365{
366
367 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
368 ("mac_biba_copy_single: labelfrom not single"));
369
370 labelto->mb_single = labelfrom->mb_single;
371 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE;
372}
373
374static void
375mac_biba_copy_single_to_range(struct mac_biba *labelfrom,
376 struct mac_biba *labelto)
377{
378
379 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
380 ("mac_biba_copy_single_to_range: labelfrom not single"));
381
382 labelto->mb_rangelow = labelfrom->mb_single;
383 labelto->mb_rangehigh = labelfrom->mb_single;
384 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
385}
386
387/*
388 * Policy module operations.
389 */
390static void
391mac_biba_destroy(struct mac_policy_conf *conf)
392{
393
394}
395
396static void
397mac_biba_init(struct mac_policy_conf *conf)
398{
399
400}
401
402/*
403 * Label operations.
404 */
405static void
406mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label)
407{
408
409 SLOT(label) = biba_alloc(M_WAITOK);
410}
411
412static void
413mac_biba_init_cred(struct ucred *ucred, struct label *label)
414{
415
416 SLOT(label) = biba_alloc(M_WAITOK);
417}
418
419static void
420mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent,
421 struct label *label)
422{
423
424 SLOT(label) = biba_alloc(M_WAITOK);
425}
426
427static void
428mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label)
429{
430
431 SLOT(label) = biba_alloc(M_WAITOK);
432}
433
434static void
435mac_biba_init_ipq(struct ipq *ipq, struct label *label)
436{
437
438 SLOT(label) = biba_alloc(M_WAITOK);
439}
440
441static int
442mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label)
443{
444
445 SLOT(label) = biba_alloc(how);
446 if (SLOT(label) == NULL)
447 return (ENOMEM);
448
449 return (0);
450}
451
452static void
453mac_biba_init_mount(struct mount *mount, struct label *mntlabel,
454 struct label *fslabel)
455{
456
457 SLOT(mntlabel) = biba_alloc(M_WAITOK);
458 SLOT(fslabel) = biba_alloc(M_WAITOK);
459}
460
461static void
462mac_biba_init_socket(struct socket *socket, struct label *label,
463 struct label *peerlabel)
464{
465
466 SLOT(label) = biba_alloc(M_WAITOK);
467 SLOT(peerlabel) = biba_alloc(M_WAITOK);
468}
469
470static void
471mac_biba_init_pipe(struct pipe *pipe, struct label *label)
472{
473
474 SLOT(label) = biba_alloc(M_WAITOK);
475}
476
477static void
478mac_biba_init_temp(struct label *label)
479{
480
481 SLOT(label) = biba_alloc(M_WAITOK);
482}
483
484static void
485mac_biba_init_vnode(struct vnode *vp, struct label *label)
486{
487
488 SLOT(label) = biba_alloc(M_WAITOK);
489}
490
491static void
492mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
493{
494
495 biba_free(SLOT(label));
496 SLOT(label) = NULL;
497}
498
499static void
500mac_biba_destroy_cred(struct ucred *ucred, struct label *label)
501{
502
503 biba_free(SLOT(label));
504 SLOT(label) = NULL;
505}
506
507static void
508mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent,
509 struct label *label)
510{
511
512 biba_free(SLOT(label));
513 SLOT(label) = NULL;
514}
515
516static void
517mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label)
518{
519
520 biba_free(SLOT(label));
521 SLOT(label) = NULL;
522}
523
524static void
525mac_biba_destroy_ipq(struct ipq *ipq, struct label *label)
526{
527
528 biba_free(SLOT(label));
529 SLOT(label) = NULL;
530}
531
532static void
533mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label)
534{
535
536 biba_free(SLOT(label));
537 SLOT(label) = NULL;
538}
539
540static void
541mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel,
542 struct label *fslabel)
543{
544
545 biba_free(SLOT(mntlabel));
546 SLOT(mntlabel) = NULL;
547 biba_free(SLOT(fslabel));
548 SLOT(fslabel) = NULL;
549}
550
551static void
552mac_biba_destroy_socket(struct socket *socket, struct label *label,
553 struct label *peerlabel)
554{
555
556 biba_free(SLOT(label));
557 SLOT(label) = NULL;
558 biba_free(SLOT(peerlabel));
559 SLOT(peerlabel) = NULL;
560}
561
562static void
563mac_biba_destroy_pipe(struct pipe *pipe, struct label *label)
564{
565
566 biba_free(SLOT(label));
567 SLOT(label) = NULL;
568}
569
570static void
571mac_biba_destroy_temp(struct label *label)
572{
573
574 biba_free(SLOT(label));
575 SLOT(label) = NULL;
576}
577
578static void
579mac_biba_destroy_vnode(struct vnode *vp, struct label *label)
580{
581
582 biba_free(SLOT(label));
583 SLOT(label) = NULL;
584}
585
586static int
587mac_biba_externalize(struct label *label, struct mac *extmac)
588{
589 struct mac_biba *mac_biba;
590
591 mac_biba = SLOT(label);
592
593 if (mac_biba == NULL) {
594 printf("mac_biba_externalize: NULL pointer\n");
595 return (0);
596 }
597
598 extmac->m_biba = *mac_biba;
599
600 return (0);
601}
602
603static int
604mac_biba_internalize(struct label *label, struct mac *extmac)
605{
606 struct mac_biba *mac_biba;
607 int error;
608
609 mac_biba = SLOT(label);
610
611 error = mac_biba_valid(mac_biba);
612 if (error)
613 return (error);
614
615 *mac_biba = extmac->m_biba;
616
617 return (0);
618}
619
620/*
621 * Labeling event operations: file system objects, and things that look
622 * a lot like file system objects.
623 */
624static void
625mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
626 struct label *label)
627{
628 struct mac_biba *mac_biba;
629 int biba_type;
630
631 mac_biba = SLOT(label);
632 if (strcmp(dev->si_name, "null") == 0 ||
633 strcmp(dev->si_name, "zero") == 0 ||
634 strcmp(dev->si_name, "random") == 0 ||
635 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
636 biba_type = MAC_BIBA_TYPE_EQUAL;
637 else
638 biba_type = MAC_BIBA_TYPE_HIGH;
639 mac_biba_set_single(mac_biba, biba_type, 0);
640}
641
642static void
643mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
644 struct devfs_dirent *devfs_dirent, struct label *label)
645{
646 struct mac_biba *mac_biba;
647
648 mac_biba = SLOT(label);
649 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
650}
651
652static void
653mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
654 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
655{
656 struct mac_biba *source, *dest;
657
658 source = SLOT(direntlabel);
659 dest = SLOT(vnodelabel);
660 mac_biba_copy_single(source, dest);
661}
662
663static void
664mac_biba_create_vnode(struct ucred *cred, struct vnode *parent,
665 struct label *parentlabel, struct vnode *child, struct label *childlabel)
666{
667 struct mac_biba *source, *dest;
668
669 source = SLOT(&cred->cr_label);
670 dest = SLOT(childlabel);
671
672 mac_biba_copy_single(source, dest);
673}
674
675static void
676mac_biba_create_mount(struct ucred *cred, struct mount *mp,
677 struct label *mntlabel, struct label *fslabel)
678{
679 struct mac_biba *source, *dest;
680
681 source = SLOT(&cred->cr_label);
682 dest = SLOT(mntlabel);
683 mac_biba_copy_single(source, dest);
684 dest = SLOT(fslabel);
685 mac_biba_copy_single(source, dest);
686}
687
688static void
689mac_biba_create_root_mount(struct ucred *cred, struct mount *mp,
690 struct label *mntlabel, struct label *fslabel)
691{
692 struct mac_biba *mac_biba;
693
694 /* Always mount root as high integrity. */
695 mac_biba = SLOT(fslabel);
696 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
697 mac_biba = SLOT(mntlabel);
698 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
699}
700
701static void
702mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
703 struct label *vnodelabel, struct label *label)
704{
705 struct mac_biba *source, *dest;
706
707 source = SLOT(label);
708 dest = SLOT(vnodelabel);
709
710 mac_biba_copy_single(source, dest);
711}
712
713static void
714mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
715 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
716{
717 struct mac_biba *source, *dest;
718
719 source = SLOT(vnodelabel);
720 dest = SLOT(direntlabel);
721
722 mac_biba_copy_single(source, dest);
723}
724
725static void
726mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
727 struct ucred *cred)
728{
729 struct mac_biba *source, *dest;
730
731 source = SLOT(&cred->cr_label);
732 dest = SLOT(vnodelabel);
733
734 /*
735 * Only copy the single, not the range, since vnodes only have
736 * a single.
737 */
738 mac_biba_copy_single(source, dest);
739}
740
741static int
742mac_biba_update_vnode_from_externalized(struct vnode *vp,
743 struct label *vnodelabel, struct mac *extmac)
744{
745 struct mac_biba *source, *dest;
746 int error;
747
748 source = &extmac->m_biba;
749 dest = SLOT(vnodelabel);
750
751 error = mac_biba_valid(source);
752 if (error)
753 return (error);
754
755 if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
756 return (EINVAL);
757
758 mac_biba_copy_single(source, dest);
759
760 return (0);
761}
762
763static void
764mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel,
765 struct mount *mp, struct label *fslabel)
766{
767 struct mac_biba *source, *dest;
768
769 source = SLOT(fslabel);
770 dest = SLOT(vnodelabel);
771
772 mac_biba_copy_single(source, dest);
773}
774
775/*
776 * Labeling event operations: IPC object.
777 */
778static void
779mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
780 struct mbuf *m, struct label *mbuflabel)
781{
782 struct mac_biba *source, *dest;
783
784 source = SLOT(socketlabel);
785 dest = SLOT(mbuflabel);
786
787 mac_biba_copy_single(source, dest);
788}
789
790static void
791mac_biba_create_socket(struct ucred *cred, struct socket *socket,
792 struct label *socketlabel)
793{
794 struct mac_biba *source, *dest;
795
796 source = SLOT(&cred->cr_label);
797 dest = SLOT(socketlabel);
798
799 mac_biba_copy_single(source, dest);
800 mac_biba_copy_single_to_range(source, dest);
801}
802
803static void
804mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe,
805 struct label *pipelabel)
806{
807 struct mac_biba *source, *dest;
808
809 source = SLOT(&cred->cr_label);
810 dest = SLOT(pipelabel);
811
812 mac_biba_copy_single(source, dest);
813}
814
815static void
816mac_biba_create_socket_from_socket(struct socket *oldsocket,
817 struct label *oldsocketlabel, struct socket *newsocket,
818 struct label *newsocketlabel)
819{
820 struct mac_biba *source, *dest;
821
822 source = SLOT(oldsocketlabel);
823 dest = SLOT(newsocketlabel);
824
825 mac_biba_copy_single(source, dest);
826 mac_biba_copy_range(source, dest);
827}
828
829static void
830mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
831 struct label *socketlabel, struct label *newlabel)
832{
833 struct mac_biba *source, *dest;
834
835 source = SLOT(newlabel);
836 dest = SLOT(socketlabel);
837
838 mac_biba_copy_single(source, dest);
839 mac_biba_copy_range(source, dest);
840}
841
842static void
843mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
844 struct label *pipelabel, struct label *newlabel)
845{
846 struct mac_biba *source, *dest;
847
848 source = SLOT(newlabel);
849 dest = SLOT(pipelabel);
850
851 mac_biba_copy_single(source, dest);
852}
853
854static void
855mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
856 struct socket *socket, struct label *socketpeerlabel)
857{
858 struct mac_biba *source, *dest;
859
860 source = SLOT(mbuflabel);
861 dest = SLOT(socketpeerlabel);
862
863 mac_biba_copy_single(source, dest);
864}
865
866/*
867 * Labeling event operations: network objects.
868 */
869static void
870mac_biba_set_socket_peer_from_socket(struct socket *oldsocket,
871 struct label *oldsocketlabel, struct socket *newsocket,
872 struct label *newsocketpeerlabel)
873{
874 struct mac_biba *source, *dest;
875
876 source = SLOT(oldsocketlabel);
877 dest = SLOT(newsocketpeerlabel);
878
879 mac_biba_copy_single(source, dest);
880}
881
882static void
883mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
884 struct label *bpflabel)
885{
886 struct mac_biba *source, *dest;
887
888 source = SLOT(&cred->cr_label);
889 dest = SLOT(bpflabel);
890
891 mac_biba_copy_single(source, dest);
892}
893
894static void
895mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
896{
897 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q;
898 char tiflist[sizeof(trusted_interfaces)];
899 struct mac_biba *dest;
900 int len, grade;
901
902 dest = SLOT(ifnetlabel);
903
904 if (ifnet->if_type == IFT_LOOP) {
905 grade = MAC_BIBA_TYPE_EQUAL;
906 goto set;
907 }
908
909 if (trust_all_interfaces) {
910 grade = MAC_BIBA_TYPE_HIGH;
911 goto set;
912 }
913
914 grade = MAC_BIBA_TYPE_LOW;
915
916 if (trusted_interfaces[0] == '\0' ||
917 !strvalid(trusted_interfaces, sizeof(trusted_interfaces)))
918 goto set;
919
920 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++)
921 if(*p != ' ' && *p != '\t')
922 *q = *p;
923
924 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit);
925
926 for (p = q = tiflist;; p++) {
927 if (*p == ',' || *p == '\0') {
928 len = p - q;
929 if (len < IFNAMSIZ) {
930 bzero(tifname, sizeof(tifname));
931 bcopy(q, tifname, len);
932 if (strcmp(tifname, ifname) == 0) {
933 grade = MAC_BIBA_TYPE_HIGH;
934 break;
935 }
936 }
937 if (*p == '\0')
938 break;
939 q = p + 1;
940 }
941 }
942set:
943 mac_biba_set_single(dest, grade, 0);
944 mac_biba_set_range(dest, grade, 0, grade, 0);
945}
946
947static void
948mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
949 struct ipq *ipq, struct label *ipqlabel)
950{
951 struct mac_biba *source, *dest;
952
953 source = SLOT(fragmentlabel);
954 dest = SLOT(ipqlabel);
955
956 mac_biba_copy_single(source, dest);
957}
958
959static void
960mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
961 struct mbuf *datagram, struct label *datagramlabel)
962{
963 struct mac_biba *source, *dest;
964
965 source = SLOT(ipqlabel);
966 dest = SLOT(datagramlabel);
967
968 /* Just use the head, since we require them all to match. */
969 mac_biba_copy_single(source, dest);
970}
971
972static void
973mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
974 struct mbuf *fragment, struct label *fragmentlabel)
975{
976 struct mac_biba *source, *dest;
977
978 source = SLOT(datagramlabel);
979 dest = SLOT(fragmentlabel);
980
981 mac_biba_copy_single(source, dest);
982}
983
984static void
985mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
986 struct label *oldmbuflabel, struct mbuf *newmbuf,
987 struct label *newmbuflabel)
988{
989 struct mac_biba *source, *dest;
990
991 source = SLOT(oldmbuflabel);
992 dest = SLOT(newmbuflabel);
993
994 mac_biba_copy_single(source, dest);
995}
996
997static void
998mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
999 struct mbuf *mbuf, struct label *mbuflabel)
1000{
1001 struct mac_biba *dest;
1002
1003 dest = SLOT(mbuflabel);
1004
1005 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
1006}
1007
1008static void
1009mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
1010 struct mbuf *mbuf, struct label *mbuflabel)
1011{
1012 struct mac_biba *source, *dest;
1013
1014 source = SLOT(bpflabel);
1015 dest = SLOT(mbuflabel);
1016
1017 mac_biba_copy_single(source, dest);
1018}
1019
1020static void
1021mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
1022 struct mbuf *m, struct label *mbuflabel)
1023{
1024 struct mac_biba *source, *dest;
1025
1026 source = SLOT(ifnetlabel);
1027 dest = SLOT(mbuflabel);
1028
1029 mac_biba_copy_single(source, dest);
1030}
1031
1032static void
1033mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
1034 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
1035 struct mbuf *newmbuf, struct label *newmbuflabel)
1036{
1037 struct mac_biba *source, *dest;
1038
1039 source = SLOT(oldmbuflabel);
1040 dest = SLOT(newmbuflabel);
1041
1042 mac_biba_copy_single(source, dest);
1043}
1044
1045static void
1046mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel,
1047 struct mbuf *newmbuf, struct label *newmbuflabel)
1048{
1049 struct mac_biba *source, *dest;
1050
1051 source = SLOT(oldmbuflabel);
1052 dest = SLOT(newmbuflabel);
1053
1054 mac_biba_copy_single(source, dest);
1055}
1056
1057static int
1058mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
1059 struct ipq *ipq, struct label *ipqlabel)
1060{
1061 struct mac_biba *a, *b;
1062
1063 a = SLOT(ipqlabel);
1064 b = SLOT(fragmentlabel);
1065
1066 return (mac_biba_equal_single(a, b));
1067}
1068
1069static void
1070mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
1071 struct label *ifnetlabel, struct label *newlabel)
1072{
1073 struct mac_biba *source, *dest;
1074
1075 source = SLOT(newlabel);
1076 dest = SLOT(ifnetlabel);
1077
1078 mac_biba_copy_single(source, dest);
1079 mac_biba_copy_range(source, dest);
1080}
1081
1082static void
1083mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1084 struct ipq *ipq, struct label *ipqlabel)
1085{
1086
1087 /* NOOP: we only accept matching labels, so no need to update */
1088}
1089
1090/*
1091 * Labeling event operations: processes.
1092 */
1093static void
1094mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
1095{
1096 struct mac_biba *source, *dest;
1097
1098 source = SLOT(&cred_parent->cr_label);
1099 dest = SLOT(&cred_child->cr_label);
1100
1101 mac_biba_copy_single(source, dest);
1102 mac_biba_copy_range(source, dest);
1103}
1104
1105static void
1106mac_biba_execve_transition(struct ucred *old, struct ucred *new,
1107 struct vnode *vp, struct mac *vnodelabel)
1108{
1109 struct mac_biba *source, *dest;
1110
1111 source = SLOT(&old->cr_label);
1112 dest = SLOT(&new->cr_label);
1113
1114 mac_biba_copy_single(source, dest);
1115 mac_biba_copy_range(source, dest);
1116}
1117
1118static int
1119mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
1120 struct mac *vnodelabel)
1121{
1122
1123 return (0);
1124}
1125
1126static void
1127mac_biba_create_proc0(struct ucred *cred)
1128{
1129 struct mac_biba *dest;
1130
1131 dest = SLOT(&cred->cr_label);
1132
1133 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
1134 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1135}
1136
1137static void
1138mac_biba_create_proc1(struct ucred *cred)
1139{
1140 struct mac_biba *dest;
1141
1142 dest = SLOT(&cred->cr_label);
1143
1144 mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0);
1145 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1146}
1147
1148static void
1149mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
1150{
1151 struct mac_biba *source, *dest;
1152
1153 source = SLOT(newlabel);
1154 dest = SLOT(&cred->cr_label);
1155
1156 mac_biba_copy_single(source, dest);
1157 mac_biba_copy_range(source, dest);
1158}
1159
1160/*
1161 * Access control checks.
1162 */
1163static int
1164mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1165 struct ifnet *ifnet, struct label *ifnetlabel)
1166{
1167 struct mac_biba *a, *b;
1168
1169 if (!mac_biba_enabled)
1170 return (0);
1171
1172 a = SLOT(bpflabel);
1173 b = SLOT(ifnetlabel);
1174
1175 if (mac_biba_equal_single(a, b))
1176 return (0);
1177 return (EACCES);
1178}
1179
1180static int
1181mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel)
1182{
1183 struct mac_biba *subj, *new;
1184
1185 subj = SLOT(&cred->cr_label);
1186 new = SLOT(newlabel);
1187
1188 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1189 return (EINVAL);
1190
1191 /*
1192 * XXX: Allow processes with root privilege to set labels outside
1193 * their range, so suid things like "su" work. This WILL go away
1194 * when we figure out the 'correct' solution...
1195 */
1196 if (!suser_cred(cred, 0))
1197 return (0);
1198
1199 /*
1200 * The new single must be in the old range.
1201 */
1202 if (!mac_biba_single_in_range(new, subj))
1203 return (EPERM);
1204
1205 /*
1206 * The new range must be in the old range.
1207 */
1208 if (!mac_biba_range_in_range(new, subj))
1209 return (EPERM);
1210
1211 /*
1212 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1213 */
1214
1215 return (0);
1216}
1217
1218static int
1219mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2)
1220{
1221 struct mac_biba *subj, *obj;
1222
1223 if (!mac_biba_enabled)
1224 return (0);
1225
1226 subj = SLOT(&u1->cr_label);
1227 obj = SLOT(&u2->cr_label);
1228
1229 /* XXX: range */
1230 if (!mac_biba_dominate_single(obj, subj))
1231 return (ESRCH);
1232
1233 return (0);
1234}
1235
1236static int
1237mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
1238 struct label *ifnetlabel, struct label *newlabel)
1239{
1240 struct mac_biba *subj, *new;
1241
1242 subj = SLOT(&cred->cr_label);
1243 new = SLOT(newlabel);
1244
1245 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1246 return (EINVAL);
1247
1248 /*
1249 * XXX: Only Biba HIGH subjects may relabel interfaces. */
1250 if (!mac_biba_high_single(subj))
1251 return (EPERM);
1252
1253 return (suser_cred(cred, 0));
1254}
1255
1256static int
1257mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
1258 struct mbuf *m, struct label *mbuflabel)
1259{
1260 struct mac_biba *p, *i;
1261
1262 if (!mac_biba_enabled)
1263 return (0);
1264
1265 p = SLOT(mbuflabel);
1266 i = SLOT(ifnetlabel);
1267
1268 return (mac_biba_single_in_range(p, i) ? 0 : EACCES);
1269}
1270
1271static int
1272mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
1273 struct label *mntlabel)
1274{
1275 struct mac_biba *subj, *obj;
1276
1277 if (!mac_biba_enabled)
1278 return (0);
1279
1280 subj = SLOT(&cred->cr_label);
1281 obj = SLOT(mntlabel);
1282
1283 if (!mac_biba_dominate_single(obj, subj))
1284 return (EACCES);
1285
1286 return (0);
1287}
1288
1289static int
1290mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
1291 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1292{
1293
1294 if(!mac_biba_enabled)
1295 return (0);
1296
1297 /* XXX: This will be implemented soon... */
1298
1299 return (0);
1300}
1301
1302static int
1303mac_biba_check_pipe_op(struct ucred *cred, struct pipe *pipe,
1304 struct label *pipelabel, int op)
1305{
1306 struct mac_biba *subj, *obj;
1307
1308 if (!mac_biba_enabled)
1309 return (0);
1310
1311 subj = SLOT(&cred->cr_label);
1312 obj = SLOT((pipelabel));
1313
1314 switch(op) {
1315 case MAC_OP_PIPE_READ:
1316 case MAC_OP_PIPE_STAT:
1317 case MAC_OP_PIPE_POLL:
1318 if (!mac_biba_dominate_single(obj, subj))
1319 return (EACCES);
1320 break;
1321 case MAC_OP_PIPE_WRITE:
1322 if (!mac_biba_dominate_single(subj, obj))
1323 return (EACCES);
1324 break;
1325 default:
1326 panic("mac_biba_check_pipe_op: invalid pipe operation");
1327 }
1328
1329 return (0);
1330}
1331
1332static int
1333mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
1334 struct label *pipelabel, struct label *newlabel)
1335{
1336 struct mac_biba *subj, *obj, *new;
1337
1338 new = SLOT(newlabel);
1339 subj = SLOT(&cred->cr_label);
1340 obj = SLOT(pipelabel);
1341
1342 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1343 return (EINVAL);
1344
1345 /*
1346 * To relabel a pipe, the old pipe label must be in the subject
1347 * range.
1348 */
1349 if (!mac_biba_single_in_range(obj, subj))
1350 return (EPERM);
1351
1352 /*
1353 * To relabel a pipe, the new pipe label must be in the subject
1354 * range.
1355 */
1356 if (!mac_biba_single_in_range(new, subj))
1357 return (EPERM);
1358
1359 /*
1360 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1361 */
1362
1363 return (0);
1364}
1365
1366static int
1367mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
1368{
1369 struct mac_biba *subj, *obj;
1370
1371 if (!mac_biba_enabled)
1372 return (0);
1373
1374 subj = SLOT(&cred->cr_label);
1375 obj = SLOT(&proc->p_ucred->cr_label);
1376
1377 /* XXX: range checks */
1378 if (!mac_biba_dominate_single(obj, subj))
1379 return (ESRCH);
1380 if (!mac_biba_dominate_single(subj, obj))
1381 return (EACCES);
1382
1383 return (0);
1384}
1385
1386static int
1387mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
1388{
1389 struct mac_biba *subj, *obj;
1390
1391 if (!mac_biba_enabled)
1392 return (0);
1393
1394 subj = SLOT(&cred->cr_label);
1395 obj = SLOT(&proc->p_ucred->cr_label);
1396
1397 /* XXX: range checks */
1398 if (!mac_biba_dominate_single(obj, subj))
1399 return (ESRCH);
1400 if (!mac_biba_dominate_single(subj, obj))
1401 return (EACCES);
1402
1403 return (0);
1404}
1405
1406static int
1407mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
1408{
1409 struct mac_biba *subj, *obj;
1410
1411 if (!mac_biba_enabled)
1412 return (0);
1413
1414 subj = SLOT(&cred->cr_label);
1415 obj = SLOT(&proc->p_ucred->cr_label);
1416
1417 /* XXX: range checks */
1418 if (!mac_biba_dominate_single(obj, subj))
1419 return (ESRCH);
1420 if (!mac_biba_dominate_single(subj, obj))
1421 return (EACCES);
1422
1423 return (0);
1424}
1425
1426static int
1427mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
1428 struct mbuf *m, struct label *mbuflabel)
1429{
1430 struct mac_biba *p, *s;
1431
1432 if (!mac_biba_enabled)
1433 return (0);
1434
1435 p = SLOT(mbuflabel);
1436 s = SLOT(socketlabel);
1437
1438 return (mac_biba_equal_single(p, s) ? 0 : EACCES);
1439}
1440
1441static int
1442mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket,
1443 struct label *socketlabel, struct label *newlabel)
1444{
1445 struct mac_biba *subj, *obj, *new;
1446
1447 new = SLOT(newlabel);
1448 subj = SLOT(&cred->cr_label);
1449 obj = SLOT(socketlabel);
1450
1451 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1452 return (EINVAL);
1453
1454 /*
1455 * To relabel a socket, the old socket label must be in the subject
1456 * range.
1457 */
1458 if (!mac_biba_single_in_range(obj, subj))
1459 return (EPERM);
1460
1461 /*
1462 * To relabel a socket, the new socket label must be in the subject
1463 * range.
1464 */
1465 if (!mac_biba_single_in_range(new, subj))
1466 return (EPERM);
1467
1468 /*
1469 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1470 */
1471
1472 return (0);
1473}
1474
1475static int
1476mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
1477 struct label *socketlabel)
1478{
1479 struct mac_biba *subj, *obj;
1480
1481 subj = SLOT(&cred->cr_label);
1482 obj = SLOT(socketlabel);
1483
1484 if (!mac_biba_dominate_single(obj, subj))
1485 return (ENOENT);
1486
1487 return (0);
1488}
1489
1490static int
1491mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
1492 struct label *label, mode_t flags)
1493{
1494
1495 return (mac_biba_check_vnode_open(cred, vp, label, flags));
1496}
1497
1498static int
1499mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1500 struct label *dlabel)
1501{
1502 struct mac_biba *subj, *obj;
1503
1504 if (!mac_biba_enabled)
1505 return (0);
1506
1507 subj = SLOT(&cred->cr_label);
1508 obj = SLOT(dlabel);
1509
1510 if (!mac_biba_dominate_single(obj, subj))
1511 return (EACCES);
1512
1513 return (0);
1514}
1515
1516static int
1517mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1518 struct label *dlabel)
1519{
1520 struct mac_biba *subj, *obj;
1521
1522 if (!mac_biba_enabled)
1523 return (0);
1524
1525 subj = SLOT(&cred->cr_label);
1526 obj = SLOT(dlabel);
1527
1528 if (!mac_biba_dominate_single(obj, subj))
1529 return (EACCES);
1530
1531 return (0);
1532}
1533
1534static int
1535mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1536 struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1537{
1538 struct mac_biba *subj, *obj;
1539
1540 if (!mac_biba_enabled)
1541 return (0);
1542
1543 subj = SLOT(&cred->cr_label);
1544 obj = SLOT(dlabel);
1545
1546 if (!mac_biba_dominate_single(subj, obj))
1547 return (EACCES);
1548
1549 return (0);
1550}
1551
1552static int
1553mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1554 struct label *dlabel, struct vnode *vp, struct label *label,
1555 struct componentname *cnp)
1556{
1557 struct mac_biba *subj, *obj;
1558
1559 if (!mac_biba_enabled)
1560 return (0);
1561
1562 subj = SLOT(&cred->cr_label);
1563 obj = SLOT(dlabel);
1564
1565 if (!mac_biba_dominate_single(subj, obj))
1566 return (EACCES);
1567
1568 obj = SLOT(label);
1569
1570 if (!mac_biba_dominate_single(subj, obj))
1571 return (EACCES);
1572
1573 return (0);
1574}
1575
1576static int
1577mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1578 struct label *label, acl_type_t type)
1579{
1580 struct mac_biba *subj, *obj;
1581
1582 if (!mac_biba_enabled)
1583 return (0);
1584
1585 subj = SLOT(&cred->cr_label);
1586 obj = SLOT(label);
1587
1588 if (!mac_biba_dominate_single(subj, obj))
1589 return (EACCES);
1590
1591 return (0);
1592}
1593
1594static int
1595mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1596 struct label *label)
1597{
1598 struct mac_biba *subj, *obj;
1599
1600 if (!mac_biba_enabled)
1601 return (0);
1602
1603 subj = SLOT(&cred->cr_label);
1604 obj = SLOT(label);
1605
1606 if (!mac_biba_dominate_single(obj, subj))
1607 return (EACCES);
1608
1609 return (0);
1610}
1611
1612static int
1613mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1614 struct label *label, acl_type_t type)
1615{
1616 struct mac_biba *subj, *obj;
1617
1618 if (!mac_biba_enabled)
1619 return (0);
1620
1621 subj = SLOT(&cred->cr_label);
1622 obj = SLOT(label);
1623
1624 if (!mac_biba_dominate_single(obj, subj))
1625 return (EACCES);
1626
1627 return (0);
1628}
1629
1630static int
1631mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1632 struct label *label, int attrnamespace, const char *name, struct uio *uio)
1633{
1634 struct mac_biba *subj, *obj;
1635
1636 if (!mac_biba_enabled)
1637 return (0);
1638
1639 subj = SLOT(&cred->cr_label);
1640 obj = SLOT(label);
1641
1642 if (!mac_biba_dominate_single(obj, subj))
1643 return (EACCES);
1644
1645 return (0);
1646}
1647
1648static int
1649mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1650 struct label *dlabel, struct componentname *cnp)
1651{
1652 struct mac_biba *subj, *obj;
1653
1654 if (!mac_biba_enabled)
1655 return (0);
1656
1657 subj = SLOT(&cred->cr_label);
1658 obj = SLOT(dlabel);
1659
1660 if (!mac_biba_dominate_single(obj, subj))
1661 return (EACCES);
1662
1663 return (0);
1664}
1665
1666static int
1667mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
1668 struct label *vnodelabel, mode_t acc_mode)
1669{
1670 struct mac_biba *subj, *obj;
1671
1672 if (!mac_biba_enabled)
1673 return (0);
1674
1675 subj = SLOT(&cred->cr_label);
1676 obj = SLOT(vnodelabel);
1677
1678 /* XXX privilege override for admin? */
1679 if (acc_mode & (VREAD | VEXEC | VSTAT)) {
1680 if (!mac_biba_dominate_single(obj, subj))
1681 return (EACCES);
1682 }
1683 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
1684 if (!mac_biba_dominate_single(subj, obj))
1685 return (EACCES);
1686 }
1687
1688 return (0);
1689}
1690
1691static int
1692mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
1693 struct label *dlabel)
1694{
1695 struct mac_biba *subj, *obj;
1696
1697 if (!mac_biba_enabled)
1698 return (0);
1699
1700 subj = SLOT(&cred->cr_label);
1701 obj = SLOT(dlabel);
1702
1703 if (!mac_biba_dominate_single(obj, subj))
1704 return (EACCES);
1705
1706 return (0);
1707}
1708
1709static int
1710mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1711 struct label *label)
1712{
1713 struct mac_biba *subj, *obj;
1714
1715 if (!mac_biba_enabled)
1716 return (0);
1717
1718 subj = SLOT(&cred->cr_label);
1719 obj = SLOT(label);
1720
1721 if (!mac_biba_dominate_single(obj, subj))
1722 return (EACCES);
1723
1724 return (0);
1725}
1726
1727static int
1728mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1729 struct label *vnodelabel, struct label *newlabel)
1730{
1731 struct mac_biba *old, *new, *subj;
1732
1733 old = SLOT(vnodelabel);
1734 new = SLOT(newlabel);
1735 subj = SLOT(&cred->cr_label);
1736
1737 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1738 return (EINVAL);
1739
1740 /*
1741 * To relabel a vnode, the old vnode label must be in the subject
1742 * range.
1743 */
1744 if (!mac_biba_single_in_range(old, subj))
1745 return (EPERM);
1746
1747 /*
1748 * To relabel a vnode, the new vnode label must be in the subject
1749 * range.
1750 */
1751 if (!mac_biba_single_in_range(new, subj))
1752 return (EPERM);
1753
1754 /*
1755 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1756 */
1757
1758 return (suser_cred(cred, 0));
1759}
1760
1761static int
1762mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1763 struct label *dlabel, struct vnode *vp, struct label *label,
1764 struct componentname *cnp)
1765{
1766 struct mac_biba *subj, *obj;
1767
1768 if (!mac_biba_enabled)
1769 return (0);
1770
1771 subj = SLOT(&cred->cr_label);
1772 obj = SLOT(dlabel);
1773
1774 if (!mac_biba_dominate_single(subj, obj))
1775 return (EACCES);
1776
1777 obj = SLOT(label);
1778
1779 if (!mac_biba_dominate_single(subj, obj))
1780 return (EACCES);
1781
1782 return (0);
1783}
1784
1785static int
1786mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1787 struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1788 struct componentname *cnp)
1789{
1790 struct mac_biba *subj, *obj;
1791
1792 if (!mac_biba_enabled)
1793 return (0);
1794
1795 subj = SLOT(&cred->cr_label);
1796 obj = SLOT(dlabel);
1797
1798 if (!mac_biba_dominate_single(subj, obj))
1799 return (EACCES);
1800
1801 if (vp != NULL) {
1802 obj = SLOT(label);
1803
1804 if (!mac_biba_dominate_single(subj, obj))
1805 return (EACCES);
1806 }
1807
1808 return (0);
1809}
1810
1811static int
1812mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1813 struct label *label)
1814{
1815 struct mac_biba *subj, *obj;
1816
1817 if (!mac_biba_enabled)
1818 return (0);
1819
1820 subj = SLOT(&cred->cr_label);
1821 obj = SLOT(label);
1822
1823 if (!mac_biba_dominate_single(subj, obj))
1824 return (EACCES);
1825
1826 return (0);
1827}
1828
1829static int
1830mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1831 struct label *label, acl_type_t type, struct acl *acl)
1832{
1833 struct mac_biba *subj, *obj;
1834
1835 if (!mac_biba_enabled)
1836 return (0);
1837
1838 subj = SLOT(&cred->cr_label);
1839 obj = SLOT(label);
1840
1841 if (!mac_biba_dominate_single(subj, obj))
1842 return (EACCES);
1843
1844 return (0);
1845}
1846
1847static int
1848mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1849 struct label *vnodelabel, int attrnamespace, const char *name,
1850 struct uio *uio)
1851{
1852 struct mac_biba *subj, *obj;
1853
1854 if (!mac_biba_enabled)
1855 return (0);
1856
1857 subj = SLOT(&cred->cr_label);
1858 obj = SLOT(vnodelabel);
1859
1860 if (!mac_biba_dominate_single(subj, obj))
1861 return (EACCES);
1862
1863 /* XXX: protect the MAC EA in a special way? */
1864
1865 return (0);
1866}
1867
1868static int
1869mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1870 struct label *vnodelabel, u_long flags)
1871{
1872 struct mac_biba *subj, *obj;
1873
1874 if (!mac_biba_enabled)
1875 return (0);
1876
1877 subj = SLOT(&cred->cr_label);
1878 obj = SLOT(vnodelabel);
1879
1880 if (!mac_biba_dominate_single(subj, obj))
1881 return (EACCES);
1882
1883 return (0);
1884}
1885
1886static int
1887mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1888 struct label *vnodelabel, mode_t mode)
1889{
1890 struct mac_biba *subj, *obj;
1891
1892 if (!mac_biba_enabled)
1893 return (0);
1894
1895 subj = SLOT(&cred->cr_label);
1896 obj = SLOT(vnodelabel);
1897
1898 if (!mac_biba_dominate_single(subj, obj))
1899 return (EACCES);
1900
1901 return (0);
1902}
1903
1904static int
1905mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1906 struct label *vnodelabel, uid_t uid, gid_t gid)
1907{
1908 struct mac_biba *subj, *obj;
1909
1910 if (!mac_biba_enabled)
1911 return (0);
1912
1913 subj = SLOT(&cred->cr_label);
1914 obj = SLOT(vnodelabel);
1915
1916 if (!mac_biba_dominate_single(subj, obj))
1917 return (EACCES);
1918
1919 return (0);
1920}
1921
1922static int
1923mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1924 struct label *vnodelabel, struct timespec atime, struct timespec mtime)
1925{
1926 struct mac_biba *subj, *obj;
1927
1928 if (!mac_biba_enabled)
1929 return (0);
1930
1931 subj = SLOT(&cred->cr_label);
1932 obj = SLOT(vnodelabel);
1933
1934 if (!mac_biba_dominate_single(subj, obj))
1935 return (EACCES);
1936
1937 return (0);
1938}
1939
1940static int
1941mac_biba_check_vnode_stat(struct ucred *cred, struct vnode *vp,
1942 struct label *vnodelabel)
1943{
1944 struct mac_biba *subj, *obj;
1945
1946 if (!mac_biba_enabled)
1947 return (0);
1948
1949 subj = SLOT(&cred->cr_label);
1950 obj = SLOT(vnodelabel);
1951
1952 if (!mac_biba_dominate_single(obj, subj))
1953 return (EACCES);
1954
1955 return (0);
1956}
1957
1958static vm_prot_t
1959mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
1960 struct label *label, int newmapping)
1961{
1962 struct mac_biba *subj, *obj;
1963 vm_prot_t prot = 0;
1964
1965 if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping))
1966 return (VM_PROT_ALL);
1967
1968 subj = SLOT(&cred->cr_label);
1969 obj = SLOT(label);
1970
1971 if (mac_biba_dominate_single(obj, subj))
1972 prot |= VM_PROT_READ | VM_PROT_EXECUTE;
1973 if (mac_biba_dominate_single(subj, obj))
1974 prot |= VM_PROT_WRITE;
1975 return (prot);
1976}
1977
1978static int
1979mac_biba_check_vnode_op(struct ucred *cred, struct vnode *vp,
1980 struct label *label, int op)
1981{
1982 struct mac_biba *subj, *obj;
1983
1984 if (!mac_biba_enabled || !mac_biba_revocation_enabled)
1985 return (0);
1986
1987 subj = SLOT(&cred->cr_label);
1988 obj = SLOT(label);
1989
1990 switch (op) {
1991 case MAC_OP_VNODE_POLL:
1992 case MAC_OP_VNODE_READ:
1993 if (!mac_biba_dominate_single(obj, subj))
1994 return (EACCES);
1995 return (0);
1996
1997 case MAC_OP_VNODE_WRITE:
1998 if (!mac_biba_dominate_single(subj, obj))
1999 return (EACCES);
2000 return (0);
2001
2002 default:
2003 printf("mac_biba_check_vnode_op: unknown operation %d\n", op);
2004 return (EINVAL);
2005 }
2006}
2007
2008static struct mac_policy_op_entry mac_biba_ops[] =
2009{
2010 { MAC_DESTROY,
2011 (macop_t)mac_biba_destroy },
2012 { MAC_INIT,
2013 (macop_t)mac_biba_init },
2014 { MAC_INIT_BPFDESC,
2015 (macop_t)mac_biba_init_bpfdesc },
2016 { MAC_INIT_CRED,
2017 (macop_t)mac_biba_init_cred },
2018 { MAC_INIT_DEVFSDIRENT,
2019 (macop_t)mac_biba_init_devfsdirent },
2020 { MAC_INIT_IFNET,
2021 (macop_t)mac_biba_init_ifnet },
2022 { MAC_INIT_IPQ,
2023 (macop_t)mac_biba_init_ipq },
2024 { MAC_INIT_MBUF,
2025 (macop_t)mac_biba_init_mbuf },
2026 { MAC_INIT_MOUNT,
2027 (macop_t)mac_biba_init_mount },
2028 { MAC_INIT_PIPE,
2029 (macop_t)mac_biba_init_pipe },
2030 { MAC_INIT_SOCKET,
2031 (macop_t)mac_biba_init_socket },
2032 { MAC_INIT_TEMP,
2033 (macop_t)mac_biba_init_temp },
2034 { MAC_INIT_VNODE,
2035 (macop_t)mac_biba_init_vnode },
2036 { MAC_DESTROY_BPFDESC,
2037 (macop_t)mac_biba_destroy_bpfdesc },
2038 { MAC_DESTROY_CRED,
2039 (macop_t)mac_biba_destroy_cred },
2040 { MAC_DESTROY_DEVFSDIRENT,
2041 (macop_t)mac_biba_destroy_devfsdirent },
2042 { MAC_DESTROY_IFNET,
2043 (macop_t)mac_biba_destroy_ifnet },
2044 { MAC_DESTROY_IPQ,
2045 (macop_t)mac_biba_destroy_ipq },
2046 { MAC_DESTROY_MBUF,
2047 (macop_t)mac_biba_destroy_mbuf },
2048 { MAC_DESTROY_MOUNT,
2049 (macop_t)mac_biba_destroy_mount },
2050 { MAC_DESTROY_PIPE,
2051 (macop_t)mac_biba_destroy_pipe },
2052 { MAC_DESTROY_SOCKET,
2053 (macop_t)mac_biba_destroy_socket },
2054 { MAC_DESTROY_TEMP,
2055 (macop_t)mac_biba_destroy_temp },
2056 { MAC_DESTROY_VNODE,
2057 (macop_t)mac_biba_destroy_vnode },
2058 { MAC_EXTERNALIZE,
2059 (macop_t)mac_biba_externalize },
2060 { MAC_INTERNALIZE,
2061 (macop_t)mac_biba_internalize },
2062 { MAC_CREATE_DEVFS_DEVICE,
2063 (macop_t)mac_biba_create_devfs_device },
2064 { MAC_CREATE_DEVFS_DIRECTORY,
2065 (macop_t)mac_biba_create_devfs_directory },
2066 { MAC_CREATE_DEVFS_VNODE,
2067 (macop_t)mac_biba_create_devfs_vnode },
2068 { MAC_CREATE_VNODE,
2069 (macop_t)mac_biba_create_vnode },
2070 { MAC_CREATE_MOUNT,
2071 (macop_t)mac_biba_create_mount },
2072 { MAC_CREATE_ROOT_MOUNT,
2073 (macop_t)mac_biba_create_root_mount },
2074 { MAC_RELABEL_VNODE,
2075 (macop_t)mac_biba_relabel_vnode },
2076 { MAC_UPDATE_DEVFSDIRENT,
2077 (macop_t)mac_biba_update_devfsdirent },
2078 { MAC_UPDATE_PROCFSVNODE,
2079 (macop_t)mac_biba_update_procfsvnode },
2080 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
2081 (macop_t)mac_biba_update_vnode_from_externalized },
2082 { MAC_UPDATE_VNODE_FROM_MOUNT,
2083 (macop_t)mac_biba_update_vnode_from_mount },
2084 { MAC_CREATE_MBUF_FROM_SOCKET,
2085 (macop_t)mac_biba_create_mbuf_from_socket },
2086 { MAC_CREATE_PIPE,
2087 (macop_t)mac_biba_create_pipe },
2088 { MAC_CREATE_SOCKET,
2089 (macop_t)mac_biba_create_socket },
2090 { MAC_CREATE_SOCKET_FROM_SOCKET,
2091 (macop_t)mac_biba_create_socket_from_socket },
2092 { MAC_RELABEL_PIPE,
2093 (macop_t)mac_biba_relabel_pipe },
2094 { MAC_RELABEL_SOCKET,
2095 (macop_t)mac_biba_relabel_socket },
2096 { MAC_SET_SOCKET_PEER_FROM_MBUF,
2097 (macop_t)mac_biba_set_socket_peer_from_mbuf },
2098 { MAC_SET_SOCKET_PEER_FROM_SOCKET,
2099 (macop_t)mac_biba_set_socket_peer_from_socket },
2100 { MAC_CREATE_BPFDESC,
2101 (macop_t)mac_biba_create_bpfdesc },
2102 { MAC_CREATE_DATAGRAM_FROM_IPQ,
2103 (macop_t)mac_biba_create_datagram_from_ipq },
2104 { MAC_CREATE_FRAGMENT,
2105 (macop_t)mac_biba_create_fragment },
2106 { MAC_CREATE_IFNET,
2107 (macop_t)mac_biba_create_ifnet },
2108 { MAC_CREATE_IPQ,
2109 (macop_t)mac_biba_create_ipq },
2110 { MAC_CREATE_MBUF_FROM_MBUF,
2111 (macop_t)mac_biba_create_mbuf_from_mbuf },
2112 { MAC_CREATE_MBUF_LINKLAYER,
2113 (macop_t)mac_biba_create_mbuf_linklayer },
2114 { MAC_CREATE_MBUF_FROM_BPFDESC,
2115 (macop_t)mac_biba_create_mbuf_from_bpfdesc },
2116 { MAC_CREATE_MBUF_FROM_IFNET,
2117 (macop_t)mac_biba_create_mbuf_from_ifnet },
2118 { MAC_CREATE_MBUF_MULTICAST_ENCAP,
2119 (macop_t)mac_biba_create_mbuf_multicast_encap },
2120 { MAC_CREATE_MBUF_NETLAYER,
2121 (macop_t)mac_biba_create_mbuf_netlayer },
2122 { MAC_FRAGMENT_MATCH,
2123 (macop_t)mac_biba_fragment_match },
2124 { MAC_RELABEL_IFNET,
2125 (macop_t)mac_biba_relabel_ifnet },
2126 { MAC_UPDATE_IPQ,
2127 (macop_t)mac_biba_update_ipq },
2128 { MAC_CREATE_CRED,
2129 (macop_t)mac_biba_create_cred },
2130 { MAC_EXECVE_TRANSITION,
2131 (macop_t)mac_biba_execve_transition },
2132 { MAC_EXECVE_WILL_TRANSITION,
2133 (macop_t)mac_biba_execve_will_transition },
2134 { MAC_CREATE_PROC0,
2135 (macop_t)mac_biba_create_proc0 },
2136 { MAC_CREATE_PROC1,
2137 (macop_t)mac_biba_create_proc1 },
2138 { MAC_RELABEL_CRED,
2139 (macop_t)mac_biba_relabel_cred },
2140 { MAC_CHECK_BPFDESC_RECEIVE,
2141 (macop_t)mac_biba_check_bpfdesc_receive },
2142 { MAC_CHECK_CRED_RELABEL,
2143 (macop_t)mac_biba_check_cred_relabel },
2144 { MAC_CHECK_CRED_VISIBLE,
2145 (macop_t)mac_biba_check_cred_visible },
2146 { MAC_CHECK_IFNET_RELABEL,
2147 (macop_t)mac_biba_check_ifnet_relabel },
2148 { MAC_CHECK_IFNET_TRANSMIT,
2149 (macop_t)mac_biba_check_ifnet_transmit },
2150 { MAC_CHECK_MOUNT_STAT,
2151 (macop_t)mac_biba_check_mount_stat },
2152 { MAC_CHECK_PIPE_IOCTL,
2153 (macop_t)mac_biba_check_pipe_ioctl },
2154 { MAC_CHECK_PIPE_OP,
2155 (macop_t)mac_biba_check_pipe_op },
2156 { MAC_CHECK_PIPE_RELABEL,
2157 (macop_t)mac_biba_check_pipe_relabel },
2158 { MAC_CHECK_PROC_DEBUG,
2159 (macop_t)mac_biba_check_proc_debug },
2160 { MAC_CHECK_PROC_SCHED,
2161 (macop_t)mac_biba_check_proc_sched },
2162 { MAC_CHECK_PROC_SIGNAL,
2163 (macop_t)mac_biba_check_proc_signal },
2164 { MAC_CHECK_SOCKET_DELIVER,
2165 (macop_t)mac_biba_check_socket_deliver },
2166 { MAC_CHECK_SOCKET_RELABEL,
2167 (macop_t)mac_biba_check_socket_relabel },
2168 { MAC_CHECK_SOCKET_VISIBLE,
2169 (macop_t)mac_biba_check_socket_visible },
2170 { MAC_CHECK_VNODE_ACCESS,
2171 (macop_t)mac_biba_check_vnode_access },
2172 { MAC_CHECK_VNODE_CHDIR,
2173 (macop_t)mac_biba_check_vnode_chdir },
2174 { MAC_CHECK_VNODE_CHROOT,
2175 (macop_t)mac_biba_check_vnode_chroot },
2176 { MAC_CHECK_VNODE_CREATE,
2177 (macop_t)mac_biba_check_vnode_create },
2178 { MAC_CHECK_VNODE_DELETE,
2179 (macop_t)mac_biba_check_vnode_delete },
2180 { MAC_CHECK_VNODE_DELETEACL,
2181 (macop_t)mac_biba_check_vnode_deleteacl },
2182 { MAC_CHECK_VNODE_EXEC,
2183 (macop_t)mac_biba_check_vnode_exec },
2184 { MAC_CHECK_VNODE_GETACL,
2185 (macop_t)mac_biba_check_vnode_getacl },
2186 { MAC_CHECK_VNODE_GETEXTATTR,
2187 (macop_t)mac_biba_check_vnode_getextattr },
2188 { MAC_CHECK_VNODE_LOOKUP,
2189 (macop_t)mac_biba_check_vnode_lookup },
2190 { MAC_CHECK_VNODE_OPEN,
2191 (macop_t)mac_biba_check_vnode_open },
2192 { MAC_CHECK_VNODE_READDIR,
2193 (macop_t)mac_biba_check_vnode_readdir },
2194 { MAC_CHECK_VNODE_READLINK,
2195 (macop_t)mac_biba_check_vnode_readlink },
2196 { MAC_CHECK_VNODE_RELABEL,
2197 (macop_t)mac_biba_check_vnode_relabel },
2198 { MAC_CHECK_VNODE_RENAME_FROM,
2199 (macop_t)mac_biba_check_vnode_rename_from },
2200 { MAC_CHECK_VNODE_RENAME_TO,
2201 (macop_t)mac_biba_check_vnode_rename_to },
2202 { MAC_CHECK_VNODE_REVOKE,
2203 (macop_t)mac_biba_check_vnode_revoke },
2204 { MAC_CHECK_VNODE_SETACL,
2205 (macop_t)mac_biba_check_vnode_setacl },
2206 { MAC_CHECK_VNODE_SETEXTATTR,
2207 (macop_t)mac_biba_check_vnode_setextattr },
2208 { MAC_CHECK_VNODE_SETFLAGS,
2209 (macop_t)mac_biba_check_vnode_setflags },
2210 { MAC_CHECK_VNODE_SETMODE,
2211 (macop_t)mac_biba_check_vnode_setmode },
2212 { MAC_CHECK_VNODE_SETOWNER,
2213 (macop_t)mac_biba_check_vnode_setowner },
2214 { MAC_CHECK_VNODE_SETUTIMES,
2215 (macop_t)mac_biba_check_vnode_setutimes },
2216 { MAC_CHECK_VNODE_STAT,
2217 (macop_t)mac_biba_check_vnode_stat },
2218 { MAC_CHECK_VNODE_MMAP_PERMS,
2219 (macop_t)mac_biba_check_vnode_mmap_perms },
2220 { MAC_CHECK_VNODE_OP,
2221 (macop_t)mac_biba_check_vnode_op },
2222 { MAC_OP_LAST, NULL }
2223};
2224
2225MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba",
2226 MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot);
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
9 * the Security Research Division of Network Associates, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. The names of the authors may not be used to endorse or promote
22 * products derived from this software without specific prior written
23 * permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 101934 2002-08-15 18:51:27Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Biba fixed label mandatory integrity policy.
43 */
44
45#include <sys/types.h>
46#include <sys/param.h>
47#include <sys/acl.h>
48#include <sys/conf.h>
49#include <sys/kernel.h>
50#include <sys/mac.h>
51#include <sys/mount.h>
52#include <sys/proc.h>
53#include <sys/systm.h>
54#include <sys/sysproto.h>
55#include <sys/sysent.h>
56#include <sys/vnode.h>
57#include <sys/file.h>
58#include <sys/socket.h>
59#include <sys/socketvar.h>
60#include <sys/pipe.h>
61#include <sys/sysctl.h>
62
63#include <fs/devfs/devfs.h>
64
65#include <net/bpfdesc.h>
66#include <net/if.h>
67#include <net/if_types.h>
68#include <net/if_var.h>
69
70#include <netinet/in.h>
71#include <netinet/ip_var.h>
72
73#include <vm/vm.h>
74
75#include <sys/mac_policy.h>
76
77#include <security/mac_biba/mac_biba.h>
78
79SYSCTL_DECL(_security_mac);
80
81SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0,
82 "TrustedBSD mac_biba policy controls");
83
84static int mac_biba_enabled = 0;
85SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW,
86 &mac_biba_enabled, 0, "Enforce MAC/Biba policy");
87
88static int destroyed_not_inited;
89SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
90 &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
91
92static int trust_all_interfaces = 0;
93SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
94 &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
95TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
96
97static char trusted_interfaces[128];
98SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
99 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
100TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
101 sizeof(trusted_interfaces));
102
103static int mac_biba_revocation_enabled = 0;
104SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
105 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel");
106TUNABLE_INT("security.mac.biba.revocation_enabled",
107 &mac_biba_revocation_enabled);
108
109static int mac_biba_slot;
110#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr)
111
112MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels");
113
114static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
115 struct label *vnodelabel, mode_t acc_mode);
116
117static struct mac_biba *
118biba_alloc(int how)
119{
120 struct mac_biba *mac_biba;
121
122 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how);
123
124 return (mac_biba);
125}
126
127static void
128biba_free(struct mac_biba *mac_biba)
129{
130
131 if (mac_biba != NULL)
132 free(mac_biba, M_MACBIBA);
133 else
134 atomic_add_int(&destroyed_not_inited, 1);
135}
136
137static int
138mac_biba_dominate_element(struct mac_biba_element *a,
139 struct mac_biba_element *b)
140{
141
142 switch(a->mbe_type) {
143 case MAC_BIBA_TYPE_EQUAL:
144 case MAC_BIBA_TYPE_HIGH:
145 return (1);
146
147 case MAC_BIBA_TYPE_LOW:
148 switch (b->mbe_type) {
149 case MAC_BIBA_TYPE_GRADE:
150 case MAC_BIBA_TYPE_HIGH:
151 return (0);
152
153 case MAC_BIBA_TYPE_EQUAL:
154 case MAC_BIBA_TYPE_LOW:
155 return (1);
156
157 default:
158 panic("mac_biba_dominate_element: b->mbe_type invalid");
159 }
160
161 case MAC_BIBA_TYPE_GRADE:
162 switch (b->mbe_type) {
163 case MAC_BIBA_TYPE_EQUAL:
164 case MAC_BIBA_TYPE_LOW:
165 return (1);
166
167 case MAC_BIBA_TYPE_HIGH:
168 return (0);
169
170 case MAC_BIBA_TYPE_GRADE:
171 return (a->mbe_grade >= b->mbe_grade);
172
173 default:
174 panic("mac_biba_dominate_element: b->mbe_type invalid");
175 }
176
177 default:
178 panic("mac_biba_dominate_element: a->mbe_type invalid");
179 }
180
181 return (0);
182}
183
184static int
185mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb)
186{
187
188 return (mac_biba_dominate_element(&rangeb->mb_rangehigh,
189 &rangea->mb_rangehigh) &&
190 mac_biba_dominate_element(&rangea->mb_rangelow,
191 &rangeb->mb_rangelow));
192}
193
194static int
195mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range)
196{
197
198 KASSERT((single->mb_flag & MAC_BIBA_FLAG_SINGLE) != 0,
199 ("mac_biba_single_in_range: a not single"));
200 KASSERT((range->mb_flag & MAC_BIBA_FLAG_RANGE) != 0,
201 ("mac_biba_single_in_range: b not range"));
202
203 return (mac_biba_dominate_element(&range->mb_rangehigh,
204 &single->mb_single) &&
205 mac_biba_dominate_element(&single->mb_single,
206 &range->mb_rangelow));
207
208 return (1);
209}
210
211static int
212mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b)
213{
214 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
215 ("mac_biba_dominate_single: a not single"));
216 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
217 ("mac_biba_dominate_single: b not single"));
218
219 return (mac_biba_dominate_element(&a->mb_single, &b->mb_single));
220}
221
222static int
223mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b)
224{
225
226 if (a->mbe_type == MAC_BIBA_TYPE_EQUAL ||
227 b->mbe_type == MAC_BIBA_TYPE_EQUAL)
228 return (1);
229
230 return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade);
231}
232
233static int
234mac_biba_equal_range(struct mac_biba *a, struct mac_biba *b)
235{
236
237 KASSERT((a->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
238 ("mac_biba_equal_range: a not range"));
239 KASSERT((b->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
240 ("mac_biba_equal_range: b not range"));
241
242 return (mac_biba_equal_element(&a->mb_rangelow, &b->mb_rangelow) &&
243 mac_biba_equal_element(&a->mb_rangehigh, &b->mb_rangehigh));
244}
245
246static int
247mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b)
248{
249
250 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
251 ("mac_biba_equal_single: a not single"));
252 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
253 ("mac_biba_equal_single: b not single"));
254
255 return (mac_biba_equal_element(&a->mb_single, &b->mb_single));
256}
257
258static int
259mac_biba_high_single(struct mac_biba *mac_biba)
260{
261
262 return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH);
263}
264
265static int
266mac_biba_valid(struct mac_biba *mac_biba)
267{
268
269 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
270 switch (mac_biba->mb_single.mbe_type) {
271 case MAC_BIBA_TYPE_GRADE:
272 break;
273
274 case MAC_BIBA_TYPE_EQUAL:
275 case MAC_BIBA_TYPE_HIGH:
276 case MAC_BIBA_TYPE_LOW:
277 if (mac_biba->mb_single.mbe_grade != 0)
278 return (EINVAL);
279 break;
280
281 default:
282 return (EINVAL);
283 }
284 } else {
285 if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF)
286 return (EINVAL);
287 }
288
289 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
290 switch (mac_biba->mb_rangelow.mbe_type) {
291 case MAC_BIBA_TYPE_GRADE:
292 break;
293
294 case MAC_BIBA_TYPE_EQUAL:
295 case MAC_BIBA_TYPE_HIGH:
296 case MAC_BIBA_TYPE_LOW:
297 if (mac_biba->mb_rangelow.mbe_grade != 0)
298 return (EINVAL);
299 break;
300
301 default:
302 return (EINVAL);
303 }
304
305 switch (mac_biba->mb_rangehigh.mbe_type) {
306 case MAC_BIBA_TYPE_GRADE:
307 break;
308
309 case MAC_BIBA_TYPE_EQUAL:
310 case MAC_BIBA_TYPE_HIGH:
311 case MAC_BIBA_TYPE_LOW:
312 if (mac_biba->mb_rangehigh.mbe_grade != 0)
313 return (EINVAL);
314 break;
315
316 default:
317 return (EINVAL);
318 }
319 if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh,
320 &mac_biba->mb_rangelow))
321 return (EINVAL);
322 } else {
323 if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF ||
324 mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF)
325 return (EINVAL);
326 }
327
328 return (0);
329}
330
331static void
332mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow,
333 u_short gradelow, u_short typehigh, u_short gradehigh)
334{
335
336 mac_biba->mb_rangelow.mbe_type = typelow;
337 mac_biba->mb_rangelow.mbe_grade = gradelow;
338 mac_biba->mb_rangehigh.mbe_type = typehigh;
339 mac_biba->mb_rangehigh.mbe_grade = gradehigh;
340 mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE;
341}
342
343static void
344mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade)
345{
346
347 mac_biba->mb_single.mbe_type = type;
348 mac_biba->mb_single.mbe_grade = grade;
349 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE;
350}
351
352static void
353mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto)
354{
355 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
356 ("mac_biba_copy_range: labelfrom not range"));
357
358 labelto->mb_rangelow = labelfrom->mb_rangelow;
359 labelto->mb_rangehigh = labelfrom->mb_rangehigh;
360 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
361}
362
363static void
364mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto)
365{
366
367 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
368 ("mac_biba_copy_single: labelfrom not single"));
369
370 labelto->mb_single = labelfrom->mb_single;
371 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE;
372}
373
374static void
375mac_biba_copy_single_to_range(struct mac_biba *labelfrom,
376 struct mac_biba *labelto)
377{
378
379 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
380 ("mac_biba_copy_single_to_range: labelfrom not single"));
381
382 labelto->mb_rangelow = labelfrom->mb_single;
383 labelto->mb_rangehigh = labelfrom->mb_single;
384 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
385}
386
387/*
388 * Policy module operations.
389 */
390static void
391mac_biba_destroy(struct mac_policy_conf *conf)
392{
393
394}
395
396static void
397mac_biba_init(struct mac_policy_conf *conf)
398{
399
400}
401
402/*
403 * Label operations.
404 */
405static void
406mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label)
407{
408
409 SLOT(label) = biba_alloc(M_WAITOK);
410}
411
412static void
413mac_biba_init_cred(struct ucred *ucred, struct label *label)
414{
415
416 SLOT(label) = biba_alloc(M_WAITOK);
417}
418
419static void
420mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent,
421 struct label *label)
422{
423
424 SLOT(label) = biba_alloc(M_WAITOK);
425}
426
427static void
428mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label)
429{
430
431 SLOT(label) = biba_alloc(M_WAITOK);
432}
433
434static void
435mac_biba_init_ipq(struct ipq *ipq, struct label *label)
436{
437
438 SLOT(label) = biba_alloc(M_WAITOK);
439}
440
441static int
442mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label)
443{
444
445 SLOT(label) = biba_alloc(how);
446 if (SLOT(label) == NULL)
447 return (ENOMEM);
448
449 return (0);
450}
451
452static void
453mac_biba_init_mount(struct mount *mount, struct label *mntlabel,
454 struct label *fslabel)
455{
456
457 SLOT(mntlabel) = biba_alloc(M_WAITOK);
458 SLOT(fslabel) = biba_alloc(M_WAITOK);
459}
460
461static void
462mac_biba_init_socket(struct socket *socket, struct label *label,
463 struct label *peerlabel)
464{
465
466 SLOT(label) = biba_alloc(M_WAITOK);
467 SLOT(peerlabel) = biba_alloc(M_WAITOK);
468}
469
470static void
471mac_biba_init_pipe(struct pipe *pipe, struct label *label)
472{
473
474 SLOT(label) = biba_alloc(M_WAITOK);
475}
476
477static void
478mac_biba_init_temp(struct label *label)
479{
480
481 SLOT(label) = biba_alloc(M_WAITOK);
482}
483
484static void
485mac_biba_init_vnode(struct vnode *vp, struct label *label)
486{
487
488 SLOT(label) = biba_alloc(M_WAITOK);
489}
490
491static void
492mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
493{
494
495 biba_free(SLOT(label));
496 SLOT(label) = NULL;
497}
498
499static void
500mac_biba_destroy_cred(struct ucred *ucred, struct label *label)
501{
502
503 biba_free(SLOT(label));
504 SLOT(label) = NULL;
505}
506
507static void
508mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent,
509 struct label *label)
510{
511
512 biba_free(SLOT(label));
513 SLOT(label) = NULL;
514}
515
516static void
517mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label)
518{
519
520 biba_free(SLOT(label));
521 SLOT(label) = NULL;
522}
523
524static void
525mac_biba_destroy_ipq(struct ipq *ipq, struct label *label)
526{
527
528 biba_free(SLOT(label));
529 SLOT(label) = NULL;
530}
531
532static void
533mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label)
534{
535
536 biba_free(SLOT(label));
537 SLOT(label) = NULL;
538}
539
540static void
541mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel,
542 struct label *fslabel)
543{
544
545 biba_free(SLOT(mntlabel));
546 SLOT(mntlabel) = NULL;
547 biba_free(SLOT(fslabel));
548 SLOT(fslabel) = NULL;
549}
550
551static void
552mac_biba_destroy_socket(struct socket *socket, struct label *label,
553 struct label *peerlabel)
554{
555
556 biba_free(SLOT(label));
557 SLOT(label) = NULL;
558 biba_free(SLOT(peerlabel));
559 SLOT(peerlabel) = NULL;
560}
561
562static void
563mac_biba_destroy_pipe(struct pipe *pipe, struct label *label)
564{
565
566 biba_free(SLOT(label));
567 SLOT(label) = NULL;
568}
569
570static void
571mac_biba_destroy_temp(struct label *label)
572{
573
574 biba_free(SLOT(label));
575 SLOT(label) = NULL;
576}
577
578static void
579mac_biba_destroy_vnode(struct vnode *vp, struct label *label)
580{
581
582 biba_free(SLOT(label));
583 SLOT(label) = NULL;
584}
585
586static int
587mac_biba_externalize(struct label *label, struct mac *extmac)
588{
589 struct mac_biba *mac_biba;
590
591 mac_biba = SLOT(label);
592
593 if (mac_biba == NULL) {
594 printf("mac_biba_externalize: NULL pointer\n");
595 return (0);
596 }
597
598 extmac->m_biba = *mac_biba;
599
600 return (0);
601}
602
603static int
604mac_biba_internalize(struct label *label, struct mac *extmac)
605{
606 struct mac_biba *mac_biba;
607 int error;
608
609 mac_biba = SLOT(label);
610
611 error = mac_biba_valid(mac_biba);
612 if (error)
613 return (error);
614
615 *mac_biba = extmac->m_biba;
616
617 return (0);
618}
619
620/*
621 * Labeling event operations: file system objects, and things that look
622 * a lot like file system objects.
623 */
624static void
625mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
626 struct label *label)
627{
628 struct mac_biba *mac_biba;
629 int biba_type;
630
631 mac_biba = SLOT(label);
632 if (strcmp(dev->si_name, "null") == 0 ||
633 strcmp(dev->si_name, "zero") == 0 ||
634 strcmp(dev->si_name, "random") == 0 ||
635 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
636 biba_type = MAC_BIBA_TYPE_EQUAL;
637 else
638 biba_type = MAC_BIBA_TYPE_HIGH;
639 mac_biba_set_single(mac_biba, biba_type, 0);
640}
641
642static void
643mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
644 struct devfs_dirent *devfs_dirent, struct label *label)
645{
646 struct mac_biba *mac_biba;
647
648 mac_biba = SLOT(label);
649 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
650}
651
652static void
653mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
654 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
655{
656 struct mac_biba *source, *dest;
657
658 source = SLOT(direntlabel);
659 dest = SLOT(vnodelabel);
660 mac_biba_copy_single(source, dest);
661}
662
663static void
664mac_biba_create_vnode(struct ucred *cred, struct vnode *parent,
665 struct label *parentlabel, struct vnode *child, struct label *childlabel)
666{
667 struct mac_biba *source, *dest;
668
669 source = SLOT(&cred->cr_label);
670 dest = SLOT(childlabel);
671
672 mac_biba_copy_single(source, dest);
673}
674
675static void
676mac_biba_create_mount(struct ucred *cred, struct mount *mp,
677 struct label *mntlabel, struct label *fslabel)
678{
679 struct mac_biba *source, *dest;
680
681 source = SLOT(&cred->cr_label);
682 dest = SLOT(mntlabel);
683 mac_biba_copy_single(source, dest);
684 dest = SLOT(fslabel);
685 mac_biba_copy_single(source, dest);
686}
687
688static void
689mac_biba_create_root_mount(struct ucred *cred, struct mount *mp,
690 struct label *mntlabel, struct label *fslabel)
691{
692 struct mac_biba *mac_biba;
693
694 /* Always mount root as high integrity. */
695 mac_biba = SLOT(fslabel);
696 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
697 mac_biba = SLOT(mntlabel);
698 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
699}
700
701static void
702mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
703 struct label *vnodelabel, struct label *label)
704{
705 struct mac_biba *source, *dest;
706
707 source = SLOT(label);
708 dest = SLOT(vnodelabel);
709
710 mac_biba_copy_single(source, dest);
711}
712
713static void
714mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
715 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
716{
717 struct mac_biba *source, *dest;
718
719 source = SLOT(vnodelabel);
720 dest = SLOT(direntlabel);
721
722 mac_biba_copy_single(source, dest);
723}
724
725static void
726mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
727 struct ucred *cred)
728{
729 struct mac_biba *source, *dest;
730
731 source = SLOT(&cred->cr_label);
732 dest = SLOT(vnodelabel);
733
734 /*
735 * Only copy the single, not the range, since vnodes only have
736 * a single.
737 */
738 mac_biba_copy_single(source, dest);
739}
740
741static int
742mac_biba_update_vnode_from_externalized(struct vnode *vp,
743 struct label *vnodelabel, struct mac *extmac)
744{
745 struct mac_biba *source, *dest;
746 int error;
747
748 source = &extmac->m_biba;
749 dest = SLOT(vnodelabel);
750
751 error = mac_biba_valid(source);
752 if (error)
753 return (error);
754
755 if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
756 return (EINVAL);
757
758 mac_biba_copy_single(source, dest);
759
760 return (0);
761}
762
763static void
764mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel,
765 struct mount *mp, struct label *fslabel)
766{
767 struct mac_biba *source, *dest;
768
769 source = SLOT(fslabel);
770 dest = SLOT(vnodelabel);
771
772 mac_biba_copy_single(source, dest);
773}
774
775/*
776 * Labeling event operations: IPC object.
777 */
778static void
779mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
780 struct mbuf *m, struct label *mbuflabel)
781{
782 struct mac_biba *source, *dest;
783
784 source = SLOT(socketlabel);
785 dest = SLOT(mbuflabel);
786
787 mac_biba_copy_single(source, dest);
788}
789
790static void
791mac_biba_create_socket(struct ucred *cred, struct socket *socket,
792 struct label *socketlabel)
793{
794 struct mac_biba *source, *dest;
795
796 source = SLOT(&cred->cr_label);
797 dest = SLOT(socketlabel);
798
799 mac_biba_copy_single(source, dest);
800 mac_biba_copy_single_to_range(source, dest);
801}
802
803static void
804mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe,
805 struct label *pipelabel)
806{
807 struct mac_biba *source, *dest;
808
809 source = SLOT(&cred->cr_label);
810 dest = SLOT(pipelabel);
811
812 mac_biba_copy_single(source, dest);
813}
814
815static void
816mac_biba_create_socket_from_socket(struct socket *oldsocket,
817 struct label *oldsocketlabel, struct socket *newsocket,
818 struct label *newsocketlabel)
819{
820 struct mac_biba *source, *dest;
821
822 source = SLOT(oldsocketlabel);
823 dest = SLOT(newsocketlabel);
824
825 mac_biba_copy_single(source, dest);
826 mac_biba_copy_range(source, dest);
827}
828
829static void
830mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
831 struct label *socketlabel, struct label *newlabel)
832{
833 struct mac_biba *source, *dest;
834
835 source = SLOT(newlabel);
836 dest = SLOT(socketlabel);
837
838 mac_biba_copy_single(source, dest);
839 mac_biba_copy_range(source, dest);
840}
841
842static void
843mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
844 struct label *pipelabel, struct label *newlabel)
845{
846 struct mac_biba *source, *dest;
847
848 source = SLOT(newlabel);
849 dest = SLOT(pipelabel);
850
851 mac_biba_copy_single(source, dest);
852}
853
854static void
855mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
856 struct socket *socket, struct label *socketpeerlabel)
857{
858 struct mac_biba *source, *dest;
859
860 source = SLOT(mbuflabel);
861 dest = SLOT(socketpeerlabel);
862
863 mac_biba_copy_single(source, dest);
864}
865
866/*
867 * Labeling event operations: network objects.
868 */
869static void
870mac_biba_set_socket_peer_from_socket(struct socket *oldsocket,
871 struct label *oldsocketlabel, struct socket *newsocket,
872 struct label *newsocketpeerlabel)
873{
874 struct mac_biba *source, *dest;
875
876 source = SLOT(oldsocketlabel);
877 dest = SLOT(newsocketpeerlabel);
878
879 mac_biba_copy_single(source, dest);
880}
881
882static void
883mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
884 struct label *bpflabel)
885{
886 struct mac_biba *source, *dest;
887
888 source = SLOT(&cred->cr_label);
889 dest = SLOT(bpflabel);
890
891 mac_biba_copy_single(source, dest);
892}
893
894static void
895mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
896{
897 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q;
898 char tiflist[sizeof(trusted_interfaces)];
899 struct mac_biba *dest;
900 int len, grade;
901
902 dest = SLOT(ifnetlabel);
903
904 if (ifnet->if_type == IFT_LOOP) {
905 grade = MAC_BIBA_TYPE_EQUAL;
906 goto set;
907 }
908
909 if (trust_all_interfaces) {
910 grade = MAC_BIBA_TYPE_HIGH;
911 goto set;
912 }
913
914 grade = MAC_BIBA_TYPE_LOW;
915
916 if (trusted_interfaces[0] == '\0' ||
917 !strvalid(trusted_interfaces, sizeof(trusted_interfaces)))
918 goto set;
919
920 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++)
921 if(*p != ' ' && *p != '\t')
922 *q = *p;
923
924 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit);
925
926 for (p = q = tiflist;; p++) {
927 if (*p == ',' || *p == '\0') {
928 len = p - q;
929 if (len < IFNAMSIZ) {
930 bzero(tifname, sizeof(tifname));
931 bcopy(q, tifname, len);
932 if (strcmp(tifname, ifname) == 0) {
933 grade = MAC_BIBA_TYPE_HIGH;
934 break;
935 }
936 }
937 if (*p == '\0')
938 break;
939 q = p + 1;
940 }
941 }
942set:
943 mac_biba_set_single(dest, grade, 0);
944 mac_biba_set_range(dest, grade, 0, grade, 0);
945}
946
947static void
948mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
949 struct ipq *ipq, struct label *ipqlabel)
950{
951 struct mac_biba *source, *dest;
952
953 source = SLOT(fragmentlabel);
954 dest = SLOT(ipqlabel);
955
956 mac_biba_copy_single(source, dest);
957}
958
959static void
960mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
961 struct mbuf *datagram, struct label *datagramlabel)
962{
963 struct mac_biba *source, *dest;
964
965 source = SLOT(ipqlabel);
966 dest = SLOT(datagramlabel);
967
968 /* Just use the head, since we require them all to match. */
969 mac_biba_copy_single(source, dest);
970}
971
972static void
973mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
974 struct mbuf *fragment, struct label *fragmentlabel)
975{
976 struct mac_biba *source, *dest;
977
978 source = SLOT(datagramlabel);
979 dest = SLOT(fragmentlabel);
980
981 mac_biba_copy_single(source, dest);
982}
983
984static void
985mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
986 struct label *oldmbuflabel, struct mbuf *newmbuf,
987 struct label *newmbuflabel)
988{
989 struct mac_biba *source, *dest;
990
991 source = SLOT(oldmbuflabel);
992 dest = SLOT(newmbuflabel);
993
994 mac_biba_copy_single(source, dest);
995}
996
997static void
998mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
999 struct mbuf *mbuf, struct label *mbuflabel)
1000{
1001 struct mac_biba *dest;
1002
1003 dest = SLOT(mbuflabel);
1004
1005 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
1006}
1007
1008static void
1009mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
1010 struct mbuf *mbuf, struct label *mbuflabel)
1011{
1012 struct mac_biba *source, *dest;
1013
1014 source = SLOT(bpflabel);
1015 dest = SLOT(mbuflabel);
1016
1017 mac_biba_copy_single(source, dest);
1018}
1019
1020static void
1021mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
1022 struct mbuf *m, struct label *mbuflabel)
1023{
1024 struct mac_biba *source, *dest;
1025
1026 source = SLOT(ifnetlabel);
1027 dest = SLOT(mbuflabel);
1028
1029 mac_biba_copy_single(source, dest);
1030}
1031
1032static void
1033mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
1034 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
1035 struct mbuf *newmbuf, struct label *newmbuflabel)
1036{
1037 struct mac_biba *source, *dest;
1038
1039 source = SLOT(oldmbuflabel);
1040 dest = SLOT(newmbuflabel);
1041
1042 mac_biba_copy_single(source, dest);
1043}
1044
1045static void
1046mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel,
1047 struct mbuf *newmbuf, struct label *newmbuflabel)
1048{
1049 struct mac_biba *source, *dest;
1050
1051 source = SLOT(oldmbuflabel);
1052 dest = SLOT(newmbuflabel);
1053
1054 mac_biba_copy_single(source, dest);
1055}
1056
1057static int
1058mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
1059 struct ipq *ipq, struct label *ipqlabel)
1060{
1061 struct mac_biba *a, *b;
1062
1063 a = SLOT(ipqlabel);
1064 b = SLOT(fragmentlabel);
1065
1066 return (mac_biba_equal_single(a, b));
1067}
1068
1069static void
1070mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
1071 struct label *ifnetlabel, struct label *newlabel)
1072{
1073 struct mac_biba *source, *dest;
1074
1075 source = SLOT(newlabel);
1076 dest = SLOT(ifnetlabel);
1077
1078 mac_biba_copy_single(source, dest);
1079 mac_biba_copy_range(source, dest);
1080}
1081
1082static void
1083mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1084 struct ipq *ipq, struct label *ipqlabel)
1085{
1086
1087 /* NOOP: we only accept matching labels, so no need to update */
1088}
1089
1090/*
1091 * Labeling event operations: processes.
1092 */
1093static void
1094mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
1095{
1096 struct mac_biba *source, *dest;
1097
1098 source = SLOT(&cred_parent->cr_label);
1099 dest = SLOT(&cred_child->cr_label);
1100
1101 mac_biba_copy_single(source, dest);
1102 mac_biba_copy_range(source, dest);
1103}
1104
1105static void
1106mac_biba_execve_transition(struct ucred *old, struct ucred *new,
1107 struct vnode *vp, struct mac *vnodelabel)
1108{
1109 struct mac_biba *source, *dest;
1110
1111 source = SLOT(&old->cr_label);
1112 dest = SLOT(&new->cr_label);
1113
1114 mac_biba_copy_single(source, dest);
1115 mac_biba_copy_range(source, dest);
1116}
1117
1118static int
1119mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
1120 struct mac *vnodelabel)
1121{
1122
1123 return (0);
1124}
1125
1126static void
1127mac_biba_create_proc0(struct ucred *cred)
1128{
1129 struct mac_biba *dest;
1130
1131 dest = SLOT(&cred->cr_label);
1132
1133 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
1134 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1135}
1136
1137static void
1138mac_biba_create_proc1(struct ucred *cred)
1139{
1140 struct mac_biba *dest;
1141
1142 dest = SLOT(&cred->cr_label);
1143
1144 mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0);
1145 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1146}
1147
1148static void
1149mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
1150{
1151 struct mac_biba *source, *dest;
1152
1153 source = SLOT(newlabel);
1154 dest = SLOT(&cred->cr_label);
1155
1156 mac_biba_copy_single(source, dest);
1157 mac_biba_copy_range(source, dest);
1158}
1159
1160/*
1161 * Access control checks.
1162 */
1163static int
1164mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1165 struct ifnet *ifnet, struct label *ifnetlabel)
1166{
1167 struct mac_biba *a, *b;
1168
1169 if (!mac_biba_enabled)
1170 return (0);
1171
1172 a = SLOT(bpflabel);
1173 b = SLOT(ifnetlabel);
1174
1175 if (mac_biba_equal_single(a, b))
1176 return (0);
1177 return (EACCES);
1178}
1179
1180static int
1181mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel)
1182{
1183 struct mac_biba *subj, *new;
1184
1185 subj = SLOT(&cred->cr_label);
1186 new = SLOT(newlabel);
1187
1188 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1189 return (EINVAL);
1190
1191 /*
1192 * XXX: Allow processes with root privilege to set labels outside
1193 * their range, so suid things like "su" work. This WILL go away
1194 * when we figure out the 'correct' solution...
1195 */
1196 if (!suser_cred(cred, 0))
1197 return (0);
1198
1199 /*
1200 * The new single must be in the old range.
1201 */
1202 if (!mac_biba_single_in_range(new, subj))
1203 return (EPERM);
1204
1205 /*
1206 * The new range must be in the old range.
1207 */
1208 if (!mac_biba_range_in_range(new, subj))
1209 return (EPERM);
1210
1211 /*
1212 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1213 */
1214
1215 return (0);
1216}
1217
1218static int
1219mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2)
1220{
1221 struct mac_biba *subj, *obj;
1222
1223 if (!mac_biba_enabled)
1224 return (0);
1225
1226 subj = SLOT(&u1->cr_label);
1227 obj = SLOT(&u2->cr_label);
1228
1229 /* XXX: range */
1230 if (!mac_biba_dominate_single(obj, subj))
1231 return (ESRCH);
1232
1233 return (0);
1234}
1235
1236static int
1237mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
1238 struct label *ifnetlabel, struct label *newlabel)
1239{
1240 struct mac_biba *subj, *new;
1241
1242 subj = SLOT(&cred->cr_label);
1243 new = SLOT(newlabel);
1244
1245 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1246 return (EINVAL);
1247
1248 /*
1249 * XXX: Only Biba HIGH subjects may relabel interfaces. */
1250 if (!mac_biba_high_single(subj))
1251 return (EPERM);
1252
1253 return (suser_cred(cred, 0));
1254}
1255
1256static int
1257mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
1258 struct mbuf *m, struct label *mbuflabel)
1259{
1260 struct mac_biba *p, *i;
1261
1262 if (!mac_biba_enabled)
1263 return (0);
1264
1265 p = SLOT(mbuflabel);
1266 i = SLOT(ifnetlabel);
1267
1268 return (mac_biba_single_in_range(p, i) ? 0 : EACCES);
1269}
1270
1271static int
1272mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
1273 struct label *mntlabel)
1274{
1275 struct mac_biba *subj, *obj;
1276
1277 if (!mac_biba_enabled)
1278 return (0);
1279
1280 subj = SLOT(&cred->cr_label);
1281 obj = SLOT(mntlabel);
1282
1283 if (!mac_biba_dominate_single(obj, subj))
1284 return (EACCES);
1285
1286 return (0);
1287}
1288
1289static int
1290mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
1291 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1292{
1293
1294 if(!mac_biba_enabled)
1295 return (0);
1296
1297 /* XXX: This will be implemented soon... */
1298
1299 return (0);
1300}
1301
1302static int
1303mac_biba_check_pipe_op(struct ucred *cred, struct pipe *pipe,
1304 struct label *pipelabel, int op)
1305{
1306 struct mac_biba *subj, *obj;
1307
1308 if (!mac_biba_enabled)
1309 return (0);
1310
1311 subj = SLOT(&cred->cr_label);
1312 obj = SLOT((pipelabel));
1313
1314 switch(op) {
1315 case MAC_OP_PIPE_READ:
1316 case MAC_OP_PIPE_STAT:
1317 case MAC_OP_PIPE_POLL:
1318 if (!mac_biba_dominate_single(obj, subj))
1319 return (EACCES);
1320 break;
1321 case MAC_OP_PIPE_WRITE:
1322 if (!mac_biba_dominate_single(subj, obj))
1323 return (EACCES);
1324 break;
1325 default:
1326 panic("mac_biba_check_pipe_op: invalid pipe operation");
1327 }
1328
1329 return (0);
1330}
1331
1332static int
1333mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
1334 struct label *pipelabel, struct label *newlabel)
1335{
1336 struct mac_biba *subj, *obj, *new;
1337
1338 new = SLOT(newlabel);
1339 subj = SLOT(&cred->cr_label);
1340 obj = SLOT(pipelabel);
1341
1342 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1343 return (EINVAL);
1344
1345 /*
1346 * To relabel a pipe, the old pipe label must be in the subject
1347 * range.
1348 */
1349 if (!mac_biba_single_in_range(obj, subj))
1350 return (EPERM);
1351
1352 /*
1353 * To relabel a pipe, the new pipe label must be in the subject
1354 * range.
1355 */
1356 if (!mac_biba_single_in_range(new, subj))
1357 return (EPERM);
1358
1359 /*
1360 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1361 */
1362
1363 return (0);
1364}
1365
1366static int
1367mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
1368{
1369 struct mac_biba *subj, *obj;
1370
1371 if (!mac_biba_enabled)
1372 return (0);
1373
1374 subj = SLOT(&cred->cr_label);
1375 obj = SLOT(&proc->p_ucred->cr_label);
1376
1377 /* XXX: range checks */
1378 if (!mac_biba_dominate_single(obj, subj))
1379 return (ESRCH);
1380 if (!mac_biba_dominate_single(subj, obj))
1381 return (EACCES);
1382
1383 return (0);
1384}
1385
1386static int
1387mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
1388{
1389 struct mac_biba *subj, *obj;
1390
1391 if (!mac_biba_enabled)
1392 return (0);
1393
1394 subj = SLOT(&cred->cr_label);
1395 obj = SLOT(&proc->p_ucred->cr_label);
1396
1397 /* XXX: range checks */
1398 if (!mac_biba_dominate_single(obj, subj))
1399 return (ESRCH);
1400 if (!mac_biba_dominate_single(subj, obj))
1401 return (EACCES);
1402
1403 return (0);
1404}
1405
1406static int
1407mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
1408{
1409 struct mac_biba *subj, *obj;
1410
1411 if (!mac_biba_enabled)
1412 return (0);
1413
1414 subj = SLOT(&cred->cr_label);
1415 obj = SLOT(&proc->p_ucred->cr_label);
1416
1417 /* XXX: range checks */
1418 if (!mac_biba_dominate_single(obj, subj))
1419 return (ESRCH);
1420 if (!mac_biba_dominate_single(subj, obj))
1421 return (EACCES);
1422
1423 return (0);
1424}
1425
1426static int
1427mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
1428 struct mbuf *m, struct label *mbuflabel)
1429{
1430 struct mac_biba *p, *s;
1431
1432 if (!mac_biba_enabled)
1433 return (0);
1434
1435 p = SLOT(mbuflabel);
1436 s = SLOT(socketlabel);
1437
1438 return (mac_biba_equal_single(p, s) ? 0 : EACCES);
1439}
1440
1441static int
1442mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket,
1443 struct label *socketlabel, struct label *newlabel)
1444{
1445 struct mac_biba *subj, *obj, *new;
1446
1447 new = SLOT(newlabel);
1448 subj = SLOT(&cred->cr_label);
1449 obj = SLOT(socketlabel);
1450
1451 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1452 return (EINVAL);
1453
1454 /*
1455 * To relabel a socket, the old socket label must be in the subject
1456 * range.
1457 */
1458 if (!mac_biba_single_in_range(obj, subj))
1459 return (EPERM);
1460
1461 /*
1462 * To relabel a socket, the new socket label must be in the subject
1463 * range.
1464 */
1465 if (!mac_biba_single_in_range(new, subj))
1466 return (EPERM);
1467
1468 /*
1469 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1470 */
1471
1472 return (0);
1473}
1474
1475static int
1476mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
1477 struct label *socketlabel)
1478{
1479 struct mac_biba *subj, *obj;
1480
1481 subj = SLOT(&cred->cr_label);
1482 obj = SLOT(socketlabel);
1483
1484 if (!mac_biba_dominate_single(obj, subj))
1485 return (ENOENT);
1486
1487 return (0);
1488}
1489
1490static int
1491mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
1492 struct label *label, mode_t flags)
1493{
1494
1495 return (mac_biba_check_vnode_open(cred, vp, label, flags));
1496}
1497
1498static int
1499mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1500 struct label *dlabel)
1501{
1502 struct mac_biba *subj, *obj;
1503
1504 if (!mac_biba_enabled)
1505 return (0);
1506
1507 subj = SLOT(&cred->cr_label);
1508 obj = SLOT(dlabel);
1509
1510 if (!mac_biba_dominate_single(obj, subj))
1511 return (EACCES);
1512
1513 return (0);
1514}
1515
1516static int
1517mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1518 struct label *dlabel)
1519{
1520 struct mac_biba *subj, *obj;
1521
1522 if (!mac_biba_enabled)
1523 return (0);
1524
1525 subj = SLOT(&cred->cr_label);
1526 obj = SLOT(dlabel);
1527
1528 if (!mac_biba_dominate_single(obj, subj))
1529 return (EACCES);
1530
1531 return (0);
1532}
1533
1534static int
1535mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1536 struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1537{
1538 struct mac_biba *subj, *obj;
1539
1540 if (!mac_biba_enabled)
1541 return (0);
1542
1543 subj = SLOT(&cred->cr_label);
1544 obj = SLOT(dlabel);
1545
1546 if (!mac_biba_dominate_single(subj, obj))
1547 return (EACCES);
1548
1549 return (0);
1550}
1551
1552static int
1553mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1554 struct label *dlabel, struct vnode *vp, struct label *label,
1555 struct componentname *cnp)
1556{
1557 struct mac_biba *subj, *obj;
1558
1559 if (!mac_biba_enabled)
1560 return (0);
1561
1562 subj = SLOT(&cred->cr_label);
1563 obj = SLOT(dlabel);
1564
1565 if (!mac_biba_dominate_single(subj, obj))
1566 return (EACCES);
1567
1568 obj = SLOT(label);
1569
1570 if (!mac_biba_dominate_single(subj, obj))
1571 return (EACCES);
1572
1573 return (0);
1574}
1575
1576static int
1577mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1578 struct label *label, acl_type_t type)
1579{
1580 struct mac_biba *subj, *obj;
1581
1582 if (!mac_biba_enabled)
1583 return (0);
1584
1585 subj = SLOT(&cred->cr_label);
1586 obj = SLOT(label);
1587
1588 if (!mac_biba_dominate_single(subj, obj))
1589 return (EACCES);
1590
1591 return (0);
1592}
1593
1594static int
1595mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1596 struct label *label)
1597{
1598 struct mac_biba *subj, *obj;
1599
1600 if (!mac_biba_enabled)
1601 return (0);
1602
1603 subj = SLOT(&cred->cr_label);
1604 obj = SLOT(label);
1605
1606 if (!mac_biba_dominate_single(obj, subj))
1607 return (EACCES);
1608
1609 return (0);
1610}
1611
1612static int
1613mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1614 struct label *label, acl_type_t type)
1615{
1616 struct mac_biba *subj, *obj;
1617
1618 if (!mac_biba_enabled)
1619 return (0);
1620
1621 subj = SLOT(&cred->cr_label);
1622 obj = SLOT(label);
1623
1624 if (!mac_biba_dominate_single(obj, subj))
1625 return (EACCES);
1626
1627 return (0);
1628}
1629
1630static int
1631mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1632 struct label *label, int attrnamespace, const char *name, struct uio *uio)
1633{
1634 struct mac_biba *subj, *obj;
1635
1636 if (!mac_biba_enabled)
1637 return (0);
1638
1639 subj = SLOT(&cred->cr_label);
1640 obj = SLOT(label);
1641
1642 if (!mac_biba_dominate_single(obj, subj))
1643 return (EACCES);
1644
1645 return (0);
1646}
1647
1648static int
1649mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1650 struct label *dlabel, struct componentname *cnp)
1651{
1652 struct mac_biba *subj, *obj;
1653
1654 if (!mac_biba_enabled)
1655 return (0);
1656
1657 subj = SLOT(&cred->cr_label);
1658 obj = SLOT(dlabel);
1659
1660 if (!mac_biba_dominate_single(obj, subj))
1661 return (EACCES);
1662
1663 return (0);
1664}
1665
1666static int
1667mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
1668 struct label *vnodelabel, mode_t acc_mode)
1669{
1670 struct mac_biba *subj, *obj;
1671
1672 if (!mac_biba_enabled)
1673 return (0);
1674
1675 subj = SLOT(&cred->cr_label);
1676 obj = SLOT(vnodelabel);
1677
1678 /* XXX privilege override for admin? */
1679 if (acc_mode & (VREAD | VEXEC | VSTAT)) {
1680 if (!mac_biba_dominate_single(obj, subj))
1681 return (EACCES);
1682 }
1683 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
1684 if (!mac_biba_dominate_single(subj, obj))
1685 return (EACCES);
1686 }
1687
1688 return (0);
1689}
1690
1691static int
1692mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
1693 struct label *dlabel)
1694{
1695 struct mac_biba *subj, *obj;
1696
1697 if (!mac_biba_enabled)
1698 return (0);
1699
1700 subj = SLOT(&cred->cr_label);
1701 obj = SLOT(dlabel);
1702
1703 if (!mac_biba_dominate_single(obj, subj))
1704 return (EACCES);
1705
1706 return (0);
1707}
1708
1709static int
1710mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1711 struct label *label)
1712{
1713 struct mac_biba *subj, *obj;
1714
1715 if (!mac_biba_enabled)
1716 return (0);
1717
1718 subj = SLOT(&cred->cr_label);
1719 obj = SLOT(label);
1720
1721 if (!mac_biba_dominate_single(obj, subj))
1722 return (EACCES);
1723
1724 return (0);
1725}
1726
1727static int
1728mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1729 struct label *vnodelabel, struct label *newlabel)
1730{
1731 struct mac_biba *old, *new, *subj;
1732
1733 old = SLOT(vnodelabel);
1734 new = SLOT(newlabel);
1735 subj = SLOT(&cred->cr_label);
1736
1737 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1738 return (EINVAL);
1739
1740 /*
1741 * To relabel a vnode, the old vnode label must be in the subject
1742 * range.
1743 */
1744 if (!mac_biba_single_in_range(old, subj))
1745 return (EPERM);
1746
1747 /*
1748 * To relabel a vnode, the new vnode label must be in the subject
1749 * range.
1750 */
1751 if (!mac_biba_single_in_range(new, subj))
1752 return (EPERM);
1753
1754 /*
1755 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1756 */
1757
1758 return (suser_cred(cred, 0));
1759}
1760
1761static int
1762mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1763 struct label *dlabel, struct vnode *vp, struct label *label,
1764 struct componentname *cnp)
1765{
1766 struct mac_biba *subj, *obj;
1767
1768 if (!mac_biba_enabled)
1769 return (0);
1770
1771 subj = SLOT(&cred->cr_label);
1772 obj = SLOT(dlabel);
1773
1774 if (!mac_biba_dominate_single(subj, obj))
1775 return (EACCES);
1776
1777 obj = SLOT(label);
1778
1779 if (!mac_biba_dominate_single(subj, obj))
1780 return (EACCES);
1781
1782 return (0);
1783}
1784
1785static int
1786mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1787 struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1788 struct componentname *cnp)
1789{
1790 struct mac_biba *subj, *obj;
1791
1792 if (!mac_biba_enabled)
1793 return (0);
1794
1795 subj = SLOT(&cred->cr_label);
1796 obj = SLOT(dlabel);
1797
1798 if (!mac_biba_dominate_single(subj, obj))
1799 return (EACCES);
1800
1801 if (vp != NULL) {
1802 obj = SLOT(label);
1803
1804 if (!mac_biba_dominate_single(subj, obj))
1805 return (EACCES);
1806 }
1807
1808 return (0);
1809}
1810
1811static int
1812mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1813 struct label *label)
1814{
1815 struct mac_biba *subj, *obj;
1816
1817 if (!mac_biba_enabled)
1818 return (0);
1819
1820 subj = SLOT(&cred->cr_label);
1821 obj = SLOT(label);
1822
1823 if (!mac_biba_dominate_single(subj, obj))
1824 return (EACCES);
1825
1826 return (0);
1827}
1828
1829static int
1830mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1831 struct label *label, acl_type_t type, struct acl *acl)
1832{
1833 struct mac_biba *subj, *obj;
1834
1835 if (!mac_biba_enabled)
1836 return (0);
1837
1838 subj = SLOT(&cred->cr_label);
1839 obj = SLOT(label);
1840
1841 if (!mac_biba_dominate_single(subj, obj))
1842 return (EACCES);
1843
1844 return (0);
1845}
1846
1847static int
1848mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1849 struct label *vnodelabel, int attrnamespace, const char *name,
1850 struct uio *uio)
1851{
1852 struct mac_biba *subj, *obj;
1853
1854 if (!mac_biba_enabled)
1855 return (0);
1856
1857 subj = SLOT(&cred->cr_label);
1858 obj = SLOT(vnodelabel);
1859
1860 if (!mac_biba_dominate_single(subj, obj))
1861 return (EACCES);
1862
1863 /* XXX: protect the MAC EA in a special way? */
1864
1865 return (0);
1866}
1867
1868static int
1869mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1870 struct label *vnodelabel, u_long flags)
1871{
1872 struct mac_biba *subj, *obj;
1873
1874 if (!mac_biba_enabled)
1875 return (0);
1876
1877 subj = SLOT(&cred->cr_label);
1878 obj = SLOT(vnodelabel);
1879
1880 if (!mac_biba_dominate_single(subj, obj))
1881 return (EACCES);
1882
1883 return (0);
1884}
1885
1886static int
1887mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1888 struct label *vnodelabel, mode_t mode)
1889{
1890 struct mac_biba *subj, *obj;
1891
1892 if (!mac_biba_enabled)
1893 return (0);
1894
1895 subj = SLOT(&cred->cr_label);
1896 obj = SLOT(vnodelabel);
1897
1898 if (!mac_biba_dominate_single(subj, obj))
1899 return (EACCES);
1900
1901 return (0);
1902}
1903
1904static int
1905mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1906 struct label *vnodelabel, uid_t uid, gid_t gid)
1907{
1908 struct mac_biba *subj, *obj;
1909
1910 if (!mac_biba_enabled)
1911 return (0);
1912
1913 subj = SLOT(&cred->cr_label);
1914 obj = SLOT(vnodelabel);
1915
1916 if (!mac_biba_dominate_single(subj, obj))
1917 return (EACCES);
1918
1919 return (0);
1920}
1921
1922static int
1923mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1924 struct label *vnodelabel, struct timespec atime, struct timespec mtime)
1925{
1926 struct mac_biba *subj, *obj;
1927
1928 if (!mac_biba_enabled)
1929 return (0);
1930
1931 subj = SLOT(&cred->cr_label);
1932 obj = SLOT(vnodelabel);
1933
1934 if (!mac_biba_dominate_single(subj, obj))
1935 return (EACCES);
1936
1937 return (0);
1938}
1939
1940static int
1941mac_biba_check_vnode_stat(struct ucred *cred, struct vnode *vp,
1942 struct label *vnodelabel)
1943{
1944 struct mac_biba *subj, *obj;
1945
1946 if (!mac_biba_enabled)
1947 return (0);
1948
1949 subj = SLOT(&cred->cr_label);
1950 obj = SLOT(vnodelabel);
1951
1952 if (!mac_biba_dominate_single(obj, subj))
1953 return (EACCES);
1954
1955 return (0);
1956}
1957
1958static vm_prot_t
1959mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
1960 struct label *label, int newmapping)
1961{
1962 struct mac_biba *subj, *obj;
1963 vm_prot_t prot = 0;
1964
1965 if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping))
1966 return (VM_PROT_ALL);
1967
1968 subj = SLOT(&cred->cr_label);
1969 obj = SLOT(label);
1970
1971 if (mac_biba_dominate_single(obj, subj))
1972 prot |= VM_PROT_READ | VM_PROT_EXECUTE;
1973 if (mac_biba_dominate_single(subj, obj))
1974 prot |= VM_PROT_WRITE;
1975 return (prot);
1976}
1977
1978static int
1979mac_biba_check_vnode_op(struct ucred *cred, struct vnode *vp,
1980 struct label *label, int op)
1981{
1982 struct mac_biba *subj, *obj;
1983
1984 if (!mac_biba_enabled || !mac_biba_revocation_enabled)
1985 return (0);
1986
1987 subj = SLOT(&cred->cr_label);
1988 obj = SLOT(label);
1989
1990 switch (op) {
1991 case MAC_OP_VNODE_POLL:
1992 case MAC_OP_VNODE_READ:
1993 if (!mac_biba_dominate_single(obj, subj))
1994 return (EACCES);
1995 return (0);
1996
1997 case MAC_OP_VNODE_WRITE:
1998 if (!mac_biba_dominate_single(subj, obj))
1999 return (EACCES);
2000 return (0);
2001
2002 default:
2003 printf("mac_biba_check_vnode_op: unknown operation %d\n", op);
2004 return (EINVAL);
2005 }
2006}
2007
2008static struct mac_policy_op_entry mac_biba_ops[] =
2009{
2010 { MAC_DESTROY,
2011 (macop_t)mac_biba_destroy },
2012 { MAC_INIT,
2013 (macop_t)mac_biba_init },
2014 { MAC_INIT_BPFDESC,
2015 (macop_t)mac_biba_init_bpfdesc },
2016 { MAC_INIT_CRED,
2017 (macop_t)mac_biba_init_cred },
2018 { MAC_INIT_DEVFSDIRENT,
2019 (macop_t)mac_biba_init_devfsdirent },
2020 { MAC_INIT_IFNET,
2021 (macop_t)mac_biba_init_ifnet },
2022 { MAC_INIT_IPQ,
2023 (macop_t)mac_biba_init_ipq },
2024 { MAC_INIT_MBUF,
2025 (macop_t)mac_biba_init_mbuf },
2026 { MAC_INIT_MOUNT,
2027 (macop_t)mac_biba_init_mount },
2028 { MAC_INIT_PIPE,
2029 (macop_t)mac_biba_init_pipe },
2030 { MAC_INIT_SOCKET,
2031 (macop_t)mac_biba_init_socket },
2032 { MAC_INIT_TEMP,
2033 (macop_t)mac_biba_init_temp },
2034 { MAC_INIT_VNODE,
2035 (macop_t)mac_biba_init_vnode },
2036 { MAC_DESTROY_BPFDESC,
2037 (macop_t)mac_biba_destroy_bpfdesc },
2038 { MAC_DESTROY_CRED,
2039 (macop_t)mac_biba_destroy_cred },
2040 { MAC_DESTROY_DEVFSDIRENT,
2041 (macop_t)mac_biba_destroy_devfsdirent },
2042 { MAC_DESTROY_IFNET,
2043 (macop_t)mac_biba_destroy_ifnet },
2044 { MAC_DESTROY_IPQ,
2045 (macop_t)mac_biba_destroy_ipq },
2046 { MAC_DESTROY_MBUF,
2047 (macop_t)mac_biba_destroy_mbuf },
2048 { MAC_DESTROY_MOUNT,
2049 (macop_t)mac_biba_destroy_mount },
2050 { MAC_DESTROY_PIPE,
2051 (macop_t)mac_biba_destroy_pipe },
2052 { MAC_DESTROY_SOCKET,
2053 (macop_t)mac_biba_destroy_socket },
2054 { MAC_DESTROY_TEMP,
2055 (macop_t)mac_biba_destroy_temp },
2056 { MAC_DESTROY_VNODE,
2057 (macop_t)mac_biba_destroy_vnode },
2058 { MAC_EXTERNALIZE,
2059 (macop_t)mac_biba_externalize },
2060 { MAC_INTERNALIZE,
2061 (macop_t)mac_biba_internalize },
2062 { MAC_CREATE_DEVFS_DEVICE,
2063 (macop_t)mac_biba_create_devfs_device },
2064 { MAC_CREATE_DEVFS_DIRECTORY,
2065 (macop_t)mac_biba_create_devfs_directory },
2066 { MAC_CREATE_DEVFS_VNODE,
2067 (macop_t)mac_biba_create_devfs_vnode },
2068 { MAC_CREATE_VNODE,
2069 (macop_t)mac_biba_create_vnode },
2070 { MAC_CREATE_MOUNT,
2071 (macop_t)mac_biba_create_mount },
2072 { MAC_CREATE_ROOT_MOUNT,
2073 (macop_t)mac_biba_create_root_mount },
2074 { MAC_RELABEL_VNODE,
2075 (macop_t)mac_biba_relabel_vnode },
2076 { MAC_UPDATE_DEVFSDIRENT,
2077 (macop_t)mac_biba_update_devfsdirent },
2078 { MAC_UPDATE_PROCFSVNODE,
2079 (macop_t)mac_biba_update_procfsvnode },
2080 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
2081 (macop_t)mac_biba_update_vnode_from_externalized },
2082 { MAC_UPDATE_VNODE_FROM_MOUNT,
2083 (macop_t)mac_biba_update_vnode_from_mount },
2084 { MAC_CREATE_MBUF_FROM_SOCKET,
2085 (macop_t)mac_biba_create_mbuf_from_socket },
2086 { MAC_CREATE_PIPE,
2087 (macop_t)mac_biba_create_pipe },
2088 { MAC_CREATE_SOCKET,
2089 (macop_t)mac_biba_create_socket },
2090 { MAC_CREATE_SOCKET_FROM_SOCKET,
2091 (macop_t)mac_biba_create_socket_from_socket },
2092 { MAC_RELABEL_PIPE,
2093 (macop_t)mac_biba_relabel_pipe },
2094 { MAC_RELABEL_SOCKET,
2095 (macop_t)mac_biba_relabel_socket },
2096 { MAC_SET_SOCKET_PEER_FROM_MBUF,
2097 (macop_t)mac_biba_set_socket_peer_from_mbuf },
2098 { MAC_SET_SOCKET_PEER_FROM_SOCKET,
2099 (macop_t)mac_biba_set_socket_peer_from_socket },
2100 { MAC_CREATE_BPFDESC,
2101 (macop_t)mac_biba_create_bpfdesc },
2102 { MAC_CREATE_DATAGRAM_FROM_IPQ,
2103 (macop_t)mac_biba_create_datagram_from_ipq },
2104 { MAC_CREATE_FRAGMENT,
2105 (macop_t)mac_biba_create_fragment },
2106 { MAC_CREATE_IFNET,
2107 (macop_t)mac_biba_create_ifnet },
2108 { MAC_CREATE_IPQ,
2109 (macop_t)mac_biba_create_ipq },
2110 { MAC_CREATE_MBUF_FROM_MBUF,
2111 (macop_t)mac_biba_create_mbuf_from_mbuf },
2112 { MAC_CREATE_MBUF_LINKLAYER,
2113 (macop_t)mac_biba_create_mbuf_linklayer },
2114 { MAC_CREATE_MBUF_FROM_BPFDESC,
2115 (macop_t)mac_biba_create_mbuf_from_bpfdesc },
2116 { MAC_CREATE_MBUF_FROM_IFNET,
2117 (macop_t)mac_biba_create_mbuf_from_ifnet },
2118 { MAC_CREATE_MBUF_MULTICAST_ENCAP,
2119 (macop_t)mac_biba_create_mbuf_multicast_encap },
2120 { MAC_CREATE_MBUF_NETLAYER,
2121 (macop_t)mac_biba_create_mbuf_netlayer },
2122 { MAC_FRAGMENT_MATCH,
2123 (macop_t)mac_biba_fragment_match },
2124 { MAC_RELABEL_IFNET,
2125 (macop_t)mac_biba_relabel_ifnet },
2126 { MAC_UPDATE_IPQ,
2127 (macop_t)mac_biba_update_ipq },
2128 { MAC_CREATE_CRED,
2129 (macop_t)mac_biba_create_cred },
2130 { MAC_EXECVE_TRANSITION,
2131 (macop_t)mac_biba_execve_transition },
2132 { MAC_EXECVE_WILL_TRANSITION,
2133 (macop_t)mac_biba_execve_will_transition },
2134 { MAC_CREATE_PROC0,
2135 (macop_t)mac_biba_create_proc0 },
2136 { MAC_CREATE_PROC1,
2137 (macop_t)mac_biba_create_proc1 },
2138 { MAC_RELABEL_CRED,
2139 (macop_t)mac_biba_relabel_cred },
2140 { MAC_CHECK_BPFDESC_RECEIVE,
2141 (macop_t)mac_biba_check_bpfdesc_receive },
2142 { MAC_CHECK_CRED_RELABEL,
2143 (macop_t)mac_biba_check_cred_relabel },
2144 { MAC_CHECK_CRED_VISIBLE,
2145 (macop_t)mac_biba_check_cred_visible },
2146 { MAC_CHECK_IFNET_RELABEL,
2147 (macop_t)mac_biba_check_ifnet_relabel },
2148 { MAC_CHECK_IFNET_TRANSMIT,
2149 (macop_t)mac_biba_check_ifnet_transmit },
2150 { MAC_CHECK_MOUNT_STAT,
2151 (macop_t)mac_biba_check_mount_stat },
2152 { MAC_CHECK_PIPE_IOCTL,
2153 (macop_t)mac_biba_check_pipe_ioctl },
2154 { MAC_CHECK_PIPE_OP,
2155 (macop_t)mac_biba_check_pipe_op },
2156 { MAC_CHECK_PIPE_RELABEL,
2157 (macop_t)mac_biba_check_pipe_relabel },
2158 { MAC_CHECK_PROC_DEBUG,
2159 (macop_t)mac_biba_check_proc_debug },
2160 { MAC_CHECK_PROC_SCHED,
2161 (macop_t)mac_biba_check_proc_sched },
2162 { MAC_CHECK_PROC_SIGNAL,
2163 (macop_t)mac_biba_check_proc_signal },
2164 { MAC_CHECK_SOCKET_DELIVER,
2165 (macop_t)mac_biba_check_socket_deliver },
2166 { MAC_CHECK_SOCKET_RELABEL,
2167 (macop_t)mac_biba_check_socket_relabel },
2168 { MAC_CHECK_SOCKET_VISIBLE,
2169 (macop_t)mac_biba_check_socket_visible },
2170 { MAC_CHECK_VNODE_ACCESS,
2171 (macop_t)mac_biba_check_vnode_access },
2172 { MAC_CHECK_VNODE_CHDIR,
2173 (macop_t)mac_biba_check_vnode_chdir },
2174 { MAC_CHECK_VNODE_CHROOT,
2175 (macop_t)mac_biba_check_vnode_chroot },
2176 { MAC_CHECK_VNODE_CREATE,
2177 (macop_t)mac_biba_check_vnode_create },
2178 { MAC_CHECK_VNODE_DELETE,
2179 (macop_t)mac_biba_check_vnode_delete },
2180 { MAC_CHECK_VNODE_DELETEACL,
2181 (macop_t)mac_biba_check_vnode_deleteacl },
2182 { MAC_CHECK_VNODE_EXEC,
2183 (macop_t)mac_biba_check_vnode_exec },
2184 { MAC_CHECK_VNODE_GETACL,
2185 (macop_t)mac_biba_check_vnode_getacl },
2186 { MAC_CHECK_VNODE_GETEXTATTR,
2187 (macop_t)mac_biba_check_vnode_getextattr },
2188 { MAC_CHECK_VNODE_LOOKUP,
2189 (macop_t)mac_biba_check_vnode_lookup },
2190 { MAC_CHECK_VNODE_OPEN,
2191 (macop_t)mac_biba_check_vnode_open },
2192 { MAC_CHECK_VNODE_READDIR,
2193 (macop_t)mac_biba_check_vnode_readdir },
2194 { MAC_CHECK_VNODE_READLINK,
2195 (macop_t)mac_biba_check_vnode_readlink },
2196 { MAC_CHECK_VNODE_RELABEL,
2197 (macop_t)mac_biba_check_vnode_relabel },
2198 { MAC_CHECK_VNODE_RENAME_FROM,
2199 (macop_t)mac_biba_check_vnode_rename_from },
2200 { MAC_CHECK_VNODE_RENAME_TO,
2201 (macop_t)mac_biba_check_vnode_rename_to },
2202 { MAC_CHECK_VNODE_REVOKE,
2203 (macop_t)mac_biba_check_vnode_revoke },
2204 { MAC_CHECK_VNODE_SETACL,
2205 (macop_t)mac_biba_check_vnode_setacl },
2206 { MAC_CHECK_VNODE_SETEXTATTR,
2207 (macop_t)mac_biba_check_vnode_setextattr },
2208 { MAC_CHECK_VNODE_SETFLAGS,
2209 (macop_t)mac_biba_check_vnode_setflags },
2210 { MAC_CHECK_VNODE_SETMODE,
2211 (macop_t)mac_biba_check_vnode_setmode },
2212 { MAC_CHECK_VNODE_SETOWNER,
2213 (macop_t)mac_biba_check_vnode_setowner },
2214 { MAC_CHECK_VNODE_SETUTIMES,
2215 (macop_t)mac_biba_check_vnode_setutimes },
2216 { MAC_CHECK_VNODE_STAT,
2217 (macop_t)mac_biba_check_vnode_stat },
2218 { MAC_CHECK_VNODE_MMAP_PERMS,
2219 (macop_t)mac_biba_check_vnode_mmap_perms },
2220 { MAC_CHECK_VNODE_OP,
2221 (macop_t)mac_biba_check_vnode_op },
2222 { MAC_OP_LAST, NULL }
2223};
2224
2225MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba",
2226 MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot);