Cross Reference: /freebsd-10.3-release/sys/security/mac_biba/mac

Deleted Added

sdiff udiff text old ( 173108 ) new ( 173138 )

full compact

mac_biba.c (173108)	mac_biba.c (173138)
1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *	1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 173108 2007-10-28 17:55:57Z rwatson $	38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 173138 2007-10-29 13:33:06Z rwatson $
39 / 40 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 / 46 --- 722 unchanged lines hidden* (view full) --- 769static void 770biba_copy_label(struct label src, struct label dest) 771{ 772 773 SLOT(dest) = SLOT(src); 774} 775 776/*	39 / 40 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 / 46 --- 722 unchanged lines hidden* (view full) --- 769static void 770biba_copy_label(struct label src, struct label dest) 771{ 772 773 SLOT(dest) = SLOT(src); 774} 775 776/*
777 * Labeling event operations: file system objects, and things that look a lot 778 * like file system objects.	777 * Object-specific entry point implementations are sorted alphabetically by 778 * object type name and then by operation.
779 */	779 */
780static void 781biba_devfs_create_device(struct ucred cred, struct mount mp, 782 struct cdev dev, struct devfs_dirent de, struct label *delabel)	780static int 781biba_bpfdesc_check_receive(struct bpf_d d, struct label dlabel, 782 struct ifnet ifp, struct label ifplabel)
783{	783{
784 struct mac_biba mb; 785* int biba_type;	784 struct mac_biba a, b;
786	785
787 mb = SLOT(delabel); 788 if (strcmp(dev->si_name, "null") == 0 \|\| 789 strcmp(dev->si_name, "zero") == 0 \|\| 790 strcmp(dev->si_name, "random") == 0 \|\| 791 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 792 biba_type = MAC_BIBA_TYPE_EQUAL; 793 else if (ptys_equal && 794 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 \|\| 795 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 796 biba_type = MAC_BIBA_TYPE_EQUAL; 797 else 798 biba_type = MAC_BIBA_TYPE_HIGH; 799 biba_set_effective(mb, biba_type, 0, NULL); 800}	786 if (!biba_enabled) 787 return (0);
801	788
802static void 803biba_devfs_create_directory(struct mount mp, char dirname, int dirnamelen, 804 struct devfs_dirent de, struct label delabel) 805{ 806 struct mac_biba *mb;	789 a = SLOT(dlabel); 790 b = SLOT(ifplabel);
807	791
808 mb = SLOT(delabel); 809 810 biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL);	792 if (biba_equal_effective(a, b)) 793 return (0); 794 return (EACCES);
811} 812 813static void	795} 796 797static void
814biba_devfs_create_symlink(struct ucred cred, struct mount mp, 815 struct devfs_dirent dd, struct label ddlabel, struct devfs_dirent de, 816* struct label *delabel)	798biba_bpfdesc_create(struct ucred cred, struct bpf_d d, 799 struct label *dlabel)
817{ 818 struct mac_biba source, dest; 819 820 source = SLOT(cred->cr_label);	800{ 801 struct mac_biba source, dest; 802 803 source = SLOT(cred->cr_label);
821 dest = SLOT(delabel);	804 dest = SLOT(dlabel);
822 823 biba_copy_effective(source, dest); 824} 825 826static void	805 806 biba_copy_effective(source, dest); 807} 808 809static void
827biba_mount_create(struct ucred cred, struct mount mp, 828 struct label *mplabel)	810biba_bpfdesc_create_mbuf(struct bpf_d d, struct label dlabel, 811 struct mbuf m, struct label mlabel)
829{ 830 struct mac_biba source, dest; 831	812{ 813 struct mac_biba source, dest; 814
832 source = SLOT(cred->cr_label); 833 dest = SLOT(mplabel);	815 source = SLOT(dlabel); 816 dest = SLOT(mlabel);
834 835 biba_copy_effective(source, dest); 836} 837	817 818 biba_copy_effective(source, dest); 819} 820
838static void 839biba_vnode_relabel(struct ucred cred, struct vnode vp, 840 struct label vplabel, struct label newlabel)	821static int 822biba_cred_check_relabel(struct ucred cred, struct label newlabel)
841{	823{
842 struct mac_biba source, dest;	824 struct mac_biba subj, new; 825 int error;
843	826
844 source = SLOT(newlabel); 845 dest = SLOT(vplabel);	827 subj = SLOT(cred->cr_label); 828 new = SLOT(newlabel);
846	829
847 biba_copy(source, dest); 848}	830 /* 831 * If there is a Biba label update for the credential, it may 832 * be an update of the effective, range, or both. 833 / 834* error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 835 if (error) 836 return (error);
849	837
850static void 851biba_devfs_update(struct mount mp, struct devfs_dirent de, 852 struct label delabel, struct vnode vp, struct label vplabel) 853{ 854* struct mac_biba source, dest;	838 /* 839 * If the Biba label is to be changed, authorize as appropriate. 840 / 841* if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 842 /* 843 * If the change request modifies both the Biba label 844 * effective and range, check that the new effective will be 845 * in the new range. 846 / 847* if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 848 MAC_BIBA_FLAGS_BOTH && 849 !biba_effective_in_range(new, new)) 850 return (EINVAL);
855	851
856 source = SLOT(vplabel); 857 dest = SLOT(delabel);	852 /* 853 * To change the Biba effective label on a credential, the 854 * new effective label must be in the current range. 855 / 856* if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 857 !biba_effective_in_range(new, subj)) 858 return (EPERM);
858	859
859 biba_copy(source, dest); 860}	860 /* 861 * To change the Biba range on a credential, the new range 862 * label must be in the current range. 863 / 864* if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 865 !biba_range_in_range(new, subj)) 866 return (EPERM);
861	867
862static void 863biba_devfs_vnode_associate(struct mount mp, struct label mntlabel, 864 struct devfs_dirent de, struct label delabel, struct vnode vp, 865* struct label vplabel) 866{ 867* struct mac_biba source, dest; 868 869 source = SLOT(delabel); 870 dest = SLOT(vplabel); 871 872 biba_copy_effective(source, dest); 873} 874 875static int 876biba_vnode_associate_extattr(struct mount mp, struct label mplabel, 877 struct vnode vp, struct label vplabel) 878{ 879 struct mac_biba mb_temp, source, dest; 880 int buflen, error; 881 882 source = SLOT(mplabel); 883 dest = SLOT(vplabel); 884 885 buflen = sizeof(mb_temp); 886 bzero(&mb_temp, buflen); 887 888 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 889 MAC_BIBA_EXTATTR_NAME, &buflen, (char ) &mb_temp, curthread); 890* if (error == ENOATTR \|\| error == EOPNOTSUPP) { 891 /* Fall back to the mntlabel. / 892* biba_copy_effective(source, dest); 893 return (0); 894 } else if (error) 895 return (error); 896 897 if (buflen != sizeof(mb_temp)) { 898 printf("biba_vnode_associate_extattr: bad size %d\n", 899 buflen); 900 return (EPERM);	868 /* 869 * To have EQUAL in any component of the new credential Biba 870 * label, the subject must already have EQUAL in their label. 871 / 872* if (biba_contains_equal(new)) { 873 error = biba_subject_privileged(subj); 874 if (error) 875 return (error); 876 }
901 }	877 }
902 if (biba_valid(&mb_temp) != 0) { 903 printf("biba_vnode_associate_extattr: invalid\n"); 904 return (EPERM); 905 } 906 if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != 907 MAC_BIBA_FLAG_EFFECTIVE) { 908 printf("biba_vnode_associate_extattr: not effective\n"); 909 return (EPERM); 910 }
911	878
912 biba_copy_effective(&mb_temp, dest);
913 return (0); 914} 915	879 return (0); 880} 881
916static void 917biba_vnode_associate_singlelabel(struct mount mp, struct label mplabel, 918 struct vnode vp, struct label vplabel) 919{ 920 struct mac_biba source, dest; 921 922 source = SLOT(mplabel); 923 dest = SLOT(vplabel); 924 925 biba_copy_effective(source, dest); 926} 927
928static int	882static int
929biba_vnode_create_extattr(struct ucred cred, struct mount mp, 930 struct label mplabel, struct vnode dvp, struct label dvplabel, 931* struct vnode vp, struct label vplabel, struct componentname *cnp)	883biba_cred_check_visible(struct ucred u1, struct ucred u2)
932{	884{
933 struct mac_biba source, dest, mb_temp; 934 size_t buflen; 935 int error;	885 struct mac_biba subj, obj;
936	886
937 buflen = sizeof(mb_temp); 938 bzero(&mb_temp, buflen); 939 940 source = SLOT(cred->cr_label); 941 dest = SLOT(vplabel); 942 biba_copy_effective(source, &mb_temp); 943 944 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 945 MAC_BIBA_EXTATTR_NAME, buflen, (char ) &mb_temp, curthread); 946* if (error == 0) 947 biba_copy_effective(source, dest); 948 return (error); 949} 950 951static int 952biba_vnode_setlabel_extattr(struct ucred cred, struct vnode vp, 953 struct label vplabel, struct label intlabel) 954{ 955 struct mac_biba source, mb_temp; 956* size_t buflen; 957 int error; 958 959 buflen = sizeof(mb_temp); 960 bzero(&mb_temp, buflen); 961 962 source = SLOT(intlabel); 963 if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0)	887 if (!biba_enabled)
964 return (0); 965	888 return (0); 889
966 biba_copy_effective(source, &mb_temp);	890 subj = SLOT(u1->cr_label); 891 obj = SLOT(u2->cr_label);
967	892
968 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 969 MAC_BIBA_EXTATTR_NAME, buflen, (char ) &mb_temp, curthread); 970* return (error); 971}	893 /* XXX: range / 894* if (!biba_dominate_effective(obj, subj)) 895 return (ESRCH);
972	896
973/* 974 * Labeling event operations: IPC object. 975 / 976static void 977biba_inpcb_create(struct socket so, struct label solabel, 978* struct inpcb inp, struct label inplabel) 979{ 980 struct mac_biba source, dest; 981 982 source = SLOT(solabel); 983 dest = SLOT(inplabel); 984 985 biba_copy_effective(source, dest);	897 return (0);
986} 987 988static void	898} 899 900static void
989biba_socket_create_mbuf(struct socket so, struct label solabel, 990 struct mbuf m, struct label mlabel)	901biba_cred_relabel(struct ucred cred, struct label newlabel)
991{ 992 struct mac_biba source, dest; 993	902{ 903 struct mac_biba source, dest; 904
994 source = SLOT(solabel); 995 dest = SLOT(mlabel);	905 source = SLOT(newlabel); 906 dest = SLOT(cred->cr_label);
996	907
997 biba_copy_effective(source, dest);	908 biba_copy(source, dest);
998} 999 1000static void	909} 910 911static void
1001biba_socket_create(struct ucred cred, struct socket so, 1002 struct label *solabel)	912biba_devfs_create_device(struct ucred cred, struct mount mp, 913 struct cdev dev, struct devfs_dirent de, struct label *delabel)
1003{	914{
1004 struct mac_biba source, dest;	915 struct mac_biba mb; 916* int biba_type;
1005	917
1006 source = SLOT(cred->cr_label); 1007 dest = SLOT(solabel); 1008 1009 biba_copy_effective(source, dest);	918 mb = SLOT(delabel); 919 if (strcmp(dev->si_name, "null") == 0 \|\| 920 strcmp(dev->si_name, "zero") == 0 \|\| 921 strcmp(dev->si_name, "random") == 0 \|\| 922 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 923 biba_type = MAC_BIBA_TYPE_EQUAL; 924 else if (ptys_equal && 925 (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 \|\| 926 strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 927 biba_type = MAC_BIBA_TYPE_EQUAL; 928 else 929 biba_type = MAC_BIBA_TYPE_HIGH; 930 biba_set_effective(mb, biba_type, 0, NULL);
1010} 1011 1012static void	931} 932 933static void
1013biba_pipe_create(struct ucred cred, struct pipepair pp, 1014 struct label *pplabel)	934biba_devfs_create_directory(struct mount mp, char dirname, int dirnamelen, 935 struct devfs_dirent de, struct label delabel)
1015{	936{
1016 struct mac_biba source, dest;	937 struct mac_biba *mb;
1017	938
1018 source = SLOT(cred->cr_label); 1019 dest = SLOT(pplabel);	939 mb = SLOT(delabel);
1020	940
1021 biba_copy_effective(source, dest);	941 biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL);
1022} 1023 1024static void	942} 943 944static void
1025biba_posixsem_create(struct ucred cred, struct ksem ks, 1026 struct label *kslabel)	945biba_devfs_create_symlink(struct ucred cred, struct mount mp, 946 struct devfs_dirent dd, struct label ddlabel, struct devfs_dirent de, 947* struct label *delabel)
1027{ 1028 struct mac_biba source, dest; 1029 1030 source = SLOT(cred->cr_label);	948{ 949 struct mac_biba source, dest; 950 951 source = SLOT(cred->cr_label);
1031 dest = SLOT(kslabel);	952 dest = SLOT(delabel);
1032 1033 biba_copy_effective(source, dest); 1034} 1035 1036static void	953 954 biba_copy_effective(source, dest); 955} 956 957static void
1037biba_socket_newconn(struct socket oldso, struct label oldsolabel, 1038 struct socket newso, struct label newsolabel)	958biba_devfs_update(struct mount mp, struct devfs_dirent de, 959 struct label delabel, struct vnode vp, struct label *vplabel)
1039{ 1040 struct mac_biba source, dest; 1041	960{ 961 struct mac_biba source, dest; 962
1042 source = SLOT(oldsolabel); 1043 dest = SLOT(newsolabel);	963 source = SLOT(vplabel); 964 dest = SLOT(delabel);
1044	965
1045 biba_copy_effective(source, dest); 1046} 1047 1048static void 1049biba_socket_relabel(struct ucred cred, struct socket so, 1050 struct label solabel, struct label newlabel) 1051{ 1052 struct mac_biba source, dest; 1053 1054 source = SLOT(newlabel); 1055 dest = SLOT(solabel); 1056
1057 biba_copy(source, dest); 1058} 1059 1060static void	966 biba_copy(source, dest); 967} 968 969static void
1061biba_pipe_relabel(struct ucred cred, struct pipepair pp, 1062 struct label pplabel, struct label newlabel)	970biba_devfs_vnode_associate(struct mount mp, struct label mntlabel, 971 struct devfs_dirent de, struct label delabel, struct vnode vp, 972* struct label *vplabel)
1063{ 1064 struct mac_biba source, dest; 1065	973{ 974 struct mac_biba source, dest; 975
1066 source = SLOT(newlabel); 1067 dest = SLOT(pplabel);	976 source = SLOT(delabel); 977 dest = SLOT(vplabel);
1068	978
1069 biba_copy(source, dest); 1070} 1071 1072static void 1073biba_socketpeer_set_from_mbuf(struct mbuf m, struct label mlabel, 1074 struct socket so, struct label sopeerlabel) 1075{ 1076 struct mac_biba source, dest; 1077 1078 source = SLOT(mlabel); 1079 dest = SLOT(sopeerlabel); 1080
1081 biba_copy_effective(source, dest); 1082} 1083	979 biba_copy_effective(source, dest); 980} 981
1084/* 1085 * Labeling event operations: System V IPC objects. 1086 / 1087static void 1088biba_sysvmsg_create(struct ucred cred, struct msqid_kernel msqkptr, 1089* struct label msqlabel, struct msg msgptr, struct label *msglabel)	982static int 983biba_ifnet_check_relabel(struct ucred cred, struct ifnet ifp, 984 struct label ifplabel, struct label newlabel)
1090{	985{
1091 struct mac_biba source, dest;	986 struct mac_biba subj, new; 987 int error;
1092	988
1093 /* Ignore the msgq label / 1094* source = SLOT(cred->cr_label); 1095 dest = SLOT(msglabel);	989 subj = SLOT(cred->cr_label); 990 new = SLOT(newlabel);
1096	991
1097 biba_copy_effective(source, dest); 1098}	992 /* 993 * If there is a Biba label update for the interface, it may be an 994 * update of the effective, range, or both. 995 / 996* error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 997 if (error) 998 return (error);
1099	999
1100static void 1101biba_sysvmsq_create(struct ucred cred, struct msqid_kernel msqkptr, 1102 struct label msqlabel) 1103{ 1104* struct mac_biba source, dest;	1000 /* 1001 * Relabling network interfaces requires Biba privilege. 1002 / 1003* error = biba_subject_privileged(subj); 1004 if (error) 1005 return (error);
1105	1006
1106 source = SLOT(cred->cr_label); 1107 dest = SLOT(msqlabel); 1108 1109 biba_copy_effective(source, dest);	1007 return (0);
1110} 1111	1008} 1009
1112static void 1113biba_sysvsem_create(struct ucred cred, struct semid_kernel semakptr, 1114 struct label *semalabel)	1010static int 1011biba_ifnet_check_transmit(struct ifnet ifp, struct label ifplabel, 1012 struct mbuf m, struct label mlabel)
1115{	1013{
1116 struct mac_biba source, dest;	1014 struct mac_biba p, i;
1117	1015
1118 source = SLOT(cred->cr_label); 1119 dest = SLOT(semalabel);	1016 if (!biba_enabled) 1017 return (0);
1120	1018
1121 biba_copy_effective(source, dest); 1122}	1019 p = SLOT(mlabel); 1020 i = SLOT(ifplabel);
1123	1021
1124static void 1125biba_sysvshm_create(struct ucred cred, struct shmid_kernel shmsegptr, 1126 struct label shmlabel) 1127{ 1128* struct mac_biba source, dest; 1129 1130 source = SLOT(cred->cr_label); 1131 dest = SLOT(shmlabel); 1132 1133 biba_copy_effective(source, dest);	1022 return (biba_effective_in_range(p, i) ? 0 : EACCES);
1134} 1135	1023} 1024
1136/* 1137 * Labeling event operations: network objects. 1138 */
1139static void	1025static void
1140biba_socketpeer_set_from_socket(struct socket oldso, 1141* struct label oldsolabel, struct socket newso, 1142 struct label newsopeerlabel) 1143{ 1144* struct mac_biba source, dest; 1145 1146 source = SLOT(oldsolabel); 1147 dest = SLOT(newsopeerlabel); 1148 1149 biba_copy_effective(source, dest); 1150} 1151 1152static void 1153biba_bpfdesc_create(struct ucred cred, struct bpf_d d, 1154 struct label dlabel) 1155{ 1156* struct mac_biba source, dest; 1157 1158 source = SLOT(cred->cr_label); 1159 dest = SLOT(dlabel); 1160 1161 biba_copy_effective(source, dest); 1162} 1163 1164static void
1165biba_ifnet_create(struct ifnet ifp, struct label ifplabel) 1166{ 1167 char tifname[IFNAMSIZ], p, q; 1168 char tiflist[sizeof(trusted_interfaces)]; 1169 struct mac_biba dest; 1170* int len, type; 1171 1172 dest = SLOT(ifplabel); --- 41 unchanged lines hidden (view full) --- 1214 } 1215 } 1216set: 1217 biba_set_effective(dest, type, 0, NULL); 1218 biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1219} 1220 1221static void	1026biba_ifnet_create(struct ifnet ifp, struct label ifplabel) 1027{ 1028 char tifname[IFNAMSIZ], p, q; 1029 char tiflist[sizeof(trusted_interfaces)]; 1030 struct mac_biba dest; 1031* int len, type; 1032 1033 dest = SLOT(ifplabel); --- 41 unchanged lines hidden (view full) --- 1075 } 1076 } 1077set: 1078 biba_set_effective(dest, type, 0, NULL); 1079 biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1080} 1081 1082static void
1222biba_ipq_create(struct mbuf m, struct label mlabel, struct ipq ipq, 1223* struct label *ipqlabel)	1083biba_ifnet_create_mbuf(struct ifnet ifp, struct label ifplabel, 1084 struct mbuf m, struct label mlabel)
1224{ 1225 struct mac_biba source, dest; 1226	1085{ 1086 struct mac_biba source, dest; 1087
1227 source = SLOT(mlabel); 1228 dest = SLOT(ipqlabel);	1088 source = SLOT(ifplabel); 1089 dest = SLOT(mlabel);
1229 1230 biba_copy_effective(source, dest); 1231} 1232 1233static void	1090 1091 biba_copy_effective(source, dest); 1092} 1093 1094static void
1234biba_ipq_reassemble(struct ipq ipq, struct label ipqlabel, struct mbuf m, 1235* struct label *mlabel)	1095biba_ifnet_relabel(struct ucred cred, struct ifnet ifp, 1096 struct label ifplabel, struct label newlabel)
1236{ 1237 struct mac_biba source, dest; 1238	1097{ 1098 struct mac_biba source, dest; 1099
1239 source = SLOT(ipqlabel); 1240 dest = SLOT(mlabel);	1100 source = SLOT(newlabel); 1101 dest = SLOT(ifplabel);
1241	1102
1242 /* Just use the head, since we require them all to match. / 1243* biba_copy_effective(source, dest);	1103 biba_copy(source, dest);
1244} 1245	1104} 1105
	1106static int 1107biba_inpcb_check_deliver(struct inpcb inp, struct label inplabel, 1108 struct mbuf m, struct label mlabel) 1109{ 1110 struct mac_biba p, i; 1111 1112 if (!biba_enabled) 1113 return (0); 1114 1115 p = SLOT(mlabel); 1116 i = SLOT(inplabel); 1117 1118 return (biba_equal_effective(p, i) ? 0 : EACCES); 1119} 1120
1246static void	1121static void
1247biba_netinet_fragment(struct mbuf m, struct label mlabel, 1248 struct mbuf frag, struct label fraglabel)	1122biba_inpcb_create(struct socket so, struct label solabel, 1123 struct inpcb inp, struct label inplabel)
1249{ 1250 struct mac_biba source, dest; 1251	1124{ 1125 struct mac_biba source, dest; 1126
1252 source = SLOT(mlabel); 1253 dest = SLOT(fraglabel);	1127 source = SLOT(solabel); 1128 dest = SLOT(inplabel);
1254 1255 biba_copy_effective(source, dest); 1256} 1257 1258static void 1259biba_inpcb_create_mbuf(struct inpcb inp, struct label inplabel, 1260 struct mbuf m, struct label mlabel) 1261{ 1262 struct mac_biba source, dest; 1263 1264 source = SLOT(inplabel); 1265 dest = SLOT(mlabel); 1266 1267 biba_copy_effective(source, dest); 1268} 1269 1270static void	1129 1130 biba_copy_effective(source, dest); 1131} 1132 1133static void 1134biba_inpcb_create_mbuf(struct inpcb inp, struct label inplabel, 1135 struct mbuf m, struct label mlabel) 1136{ 1137 struct mac_biba source, dest; 1138 1139 source = SLOT(inplabel); 1140 dest = SLOT(mlabel); 1141 1142 biba_copy_effective(source, dest); 1143} 1144 1145static void
1271biba_bpfdesc_create_mbuf(struct bpf_d d, struct label dlabel, 1272 struct mbuf m, struct label mlabel)	1146biba_inpcb_sosetlabel(struct socket so, struct label solabel, 1147 struct inpcb inp, struct label inplabel)
1273{ 1274 struct mac_biba source, dest; 1275	1148{ 1149 struct mac_biba source, dest; 1150
1276 source = SLOT(dlabel); 1277 dest = SLOT(mlabel);	1151 source = SLOT(solabel); 1152 dest = SLOT(inplabel);
1278	1153
1279 biba_copy_effective(source, dest);	1154 biba_copy(source, dest);
1280} 1281 1282static void	1155} 1156 1157static void
1283biba_ifnet_create_mbuf(struct ifnet ifp, struct label ifplabel, 1284 struct mbuf m, struct label mlabel)	1158biba_ipq_create(struct mbuf m, struct label mlabel, struct ipq ipq, 1159* struct label *ipqlabel)
1285{ 1286 struct mac_biba source, dest; 1287	1160{ 1161 struct mac_biba source, dest; 1162
1288 source = SLOT(ifplabel); 1289 dest = SLOT(mlabel);	1163 source = SLOT(mlabel); 1164 dest = SLOT(ipqlabel);
1290 1291 biba_copy_effective(source, dest); 1292} 1293 1294static int 1295biba_ipq_match(struct mbuf m, struct label mlabel, struct ipq ipq, 1296* struct label ipqlabel) 1297{ 1298* struct mac_biba a, b; 1299 1300 a = SLOT(ipqlabel); 1301 b = SLOT(mlabel); 1302 1303 return (biba_equal_effective(a, b)); 1304} 1305 1306static void	1165 1166 biba_copy_effective(source, dest); 1167} 1168 1169static int 1170biba_ipq_match(struct mbuf m, struct label mlabel, struct ipq ipq, 1171* struct label ipqlabel) 1172{ 1173* struct mac_biba a, b; 1174 1175 a = SLOT(ipqlabel); 1176 b = SLOT(mlabel); 1177 1178 return (biba_equal_effective(a, b)); 1179} 1180 1181static void
1307biba_ifnet_relabel(struct ucred cred, struct ifnet ifp, 1308 struct label ifplabel, struct label newlabel)	1182biba_ipq_reassemble(struct ipq ipq, struct label ipqlabel, struct mbuf m, 1183* struct label *mlabel)
1309{ 1310 struct mac_biba source, dest; 1311	1184{ 1185 struct mac_biba source, dest; 1186
1312 source = SLOT(newlabel); 1313 dest = SLOT(ifplabel);	1187 source = SLOT(ipqlabel); 1188 dest = SLOT(mlabel);
1314	1189
1315 biba_copy(source, dest);	1190 /* Just use the head, since we require them all to match. / 1191* biba_copy_effective(source, dest);
1316} 1317 1318static void 1319biba_ipq_update(struct mbuf m, struct label mlabel, struct ipq ipq, 1320* struct label ipqlabel) 1321{ 1322* 1323 /* NOOP: we only accept matching labels, so no need to update / 1324} 1325*	1192} 1193 1194static void 1195biba_ipq_update(struct mbuf m, struct label mlabel, struct ipq ipq, 1196* struct label ipqlabel) 1197{ 1198* 1199 /* NOOP: we only accept matching labels, so no need to update / 1200} 1201*
	1202static int 1203biba_kld_check_load(struct ucred cred, struct vnode vp, 1204 struct label vplabel) 1205{ 1206* struct mac_biba subj, obj; 1207 int error; 1208 1209 if (!biba_enabled) 1210 return (0); 1211 1212 subj = SLOT(cred->cr_label); 1213 1214 error = biba_subject_privileged(subj); 1215 if (error) 1216 return (error); 1217 1218 obj = SLOT(vplabel); 1219 if (!biba_high_effective(obj)) 1220 return (EACCES); 1221 1222 return (0); 1223} 1224 1225static int 1226biba_mount_check_stat(struct ucred cred, struct mount mp, 1227 struct label mplabel) 1228{ 1229* struct mac_biba subj, obj; 1230 1231 if (!biba_enabled) 1232 return (0); 1233 1234 subj = SLOT(cred->cr_label); 1235 obj = SLOT(mplabel); 1236 1237 if (!biba_dominate_effective(obj, subj)) 1238 return (EACCES); 1239 1240 return (0); 1241} 1242
1326static void	1243static void
1327biba_inpcb_sosetlabel(struct socket so, struct label solabel, 1328 struct inpcb inp, struct label inplabel)	1244biba_mount_create(struct ucred cred, struct mount mp, 1245 struct label *mplabel)
1329{ 1330 struct mac_biba source, dest; 1331	1246{ 1247 struct mac_biba source, dest; 1248
1332 source = SLOT(solabel); 1333 dest = SLOT(inplabel);	1249 source = SLOT(cred->cr_label); 1250 dest = SLOT(mplabel);
1334	1251
1335 biba_copy(source, dest);	1252 biba_copy_effective(source, dest);
1336} 1337 1338static void 1339biba_netatalk_aarp_send(struct ifnet ifp, struct label ifplabel, 1340 struct mbuf m, struct label mlabel) 1341{ 1342 struct mac_biba dest; 1343* --- 32 unchanged lines hidden (view full) --- 1376 1377 dest = SLOT(mlabel); 1378 1379 /* XXX: where is the label for the firewall really coming from? / 1380* biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1381} 1382 1383static void	1253} 1254 1255static void 1256biba_netatalk_aarp_send(struct ifnet ifp, struct label ifplabel, 1257 struct mbuf m, struct label mlabel) 1258{ 1259 struct mac_biba dest; 1260* --- 32 unchanged lines hidden (view full) --- 1293 1294 dest = SLOT(mlabel); 1295 1296 /* XXX: where is the label for the firewall really coming from? / 1297* biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1298} 1299 1300static void
	1301biba_netinet_fragment(struct mbuf m, struct label mlabel, 1302 struct mbuf frag, struct label fraglabel) 1303{ 1304 struct mac_biba source, dest; 1305 1306 source = SLOT(mlabel); 1307 dest = SLOT(fraglabel); 1308 1309 biba_copy_effective(source, dest); 1310} 1311 1312static void
1384biba_netinet_icmp_reply(struct mbuf mrecv, struct label mrecvlabel, 1385 struct mbuf msend, struct label msendlabel) 1386{ 1387 struct mac_biba source, dest; 1388 1389 source = SLOT(mrecvlabel); 1390 dest = SLOT(msendlabel); 1391 --- 17 unchanged lines hidden (view full) --- 1409{ 1410 struct mac_biba dest; 1411* 1412 dest = SLOT(mlabel); 1413 1414 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1415} 1416	1313biba_netinet_icmp_reply(struct mbuf mrecv, struct label mrecvlabel, 1314 struct mbuf msend, struct label msendlabel) 1315{ 1316 struct mac_biba source, dest; 1317 1318 source = SLOT(mrecvlabel); 1319 dest = SLOT(msendlabel); 1320 --- 17 unchanged lines hidden (view full) --- 1338{ 1339 struct mac_biba dest; 1340* 1341 dest = SLOT(mlabel); 1342 1343 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1344} 1345
1417/* 1418 * Labeling event operations: processes. 1419 / 1420static void 1421biba_proc_create_swapper(struct ucred cred)	1346static int 1347biba_pipe_check_ioctl(struct ucred cred, struct pipepair pp, 1348 struct label pplabel, unsigned long cmd, void / caddr_t / data)
1422{	1349{
1423 struct mac_biba *dest;
1424	1350
1425 dest = SLOT(cred->cr_label);	1351 if(!biba_enabled) 1352 return (0);
1426	1353
1427 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1428 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1429 0, NULL); 1430}	1354 /* XXX: This will be implemented soon... */
1431	1355
1432static void 1433biba_proc_create_init(struct ucred cred) 1434{ 1435* struct mac_biba dest; 1436* 1437 dest = SLOT(cred->cr_label); 1438 1439 biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1440 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1441 0, NULL);	1356 return (0);
1442} 1443	1357} 1358
1444static void 1445biba_proc_associate_nfsd(struct ucred *cred)	1359static int 1360biba_pipe_check_poll(struct ucred cred, struct pipepair pp, 1361 struct label *pplabel)
1446{	1362{
1447 struct mac_biba *label;	1363 struct mac_biba subj, obj;
1448	1364
1449 label = SLOT(cred->cr_label); 1450 biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 1451 biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1452 0, NULL); 1453}	1365 if (!biba_enabled) 1366 return (0);
1454	1367
1455static void 1456biba_cred_relabel(struct ucred cred, struct label newlabel) 1457{ 1458 struct mac_biba source, dest;	1368 subj = SLOT(cred->cr_label); 1369 obj = SLOT(pplabel);
1459	1370
1460 source = SLOT(newlabel); 1461 dest = SLOT(cred->cr_label);	1371 if (!biba_dominate_effective(obj, subj)) 1372 return (EACCES);
1462	1373
1463 biba_copy(source, dest);	1374 return (0);
1464} 1465	1375} 1376
1466/* 1467 * Label cleanup/flush operations 1468 / 1469static void 1470biba_sysvmsg_cleanup(struct label msglabel) 1471{ 1472 1473 bzero(SLOT(msglabel), sizeof(struct mac_biba)); 1474} 1475 1476static void 1477biba_sysvmsq_cleanup(struct label msqlabel) 1478{ 1479* 1480 bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 1481} 1482 1483static void 1484biba_sysvsem_cleanup(struct label semalabel) 1485{ 1486* 1487 bzero(SLOT(semalabel), sizeof(struct mac_biba)); 1488} 1489 1490static void 1491biba_sysvshm_cleanup(struct label shmlabel) 1492{ 1493* bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 1494} 1495 1496/* 1497 * Access control checks. 1498 */
1499static int	1377static int
1500biba_bpfdesc_check_receive(struct bpf_d d, struct label dlabel, 1501 struct ifnet ifp, struct label ifplabel)	1378biba_pipe_check_read(struct ucred cred, struct pipepair pp, 1379 struct label *pplabel)
1502{	1380{
1503 struct mac_biba a, b;	1381 struct mac_biba subj, obj;
1504 1505 if (!biba_enabled) 1506 return (0); 1507	1382 1383 if (!biba_enabled) 1384 return (0); 1385
1508 a = SLOT(dlabel); 1509 b = SLOT(ifplabel);	1386 subj = SLOT(cred->cr_label); 1387 obj = SLOT(pplabel);
1510	1388
1511 if (biba_equal_effective(a, b)) 1512 return (0); 1513 return (EACCES);	1389 if (!biba_dominate_effective(obj, subj)) 1390 return (EACCES); 1391 1392 return (0);
1514} 1515 1516static int	1393} 1394 1395static int
1517biba_cred_check_relabel(struct ucred cred, struct label newlabel)	1396biba_pipe_check_relabel(struct ucred cred, struct pipepair pp, 1397 struct label pplabel, struct label newlabel)
1518{	1398{
1519 struct mac_biba subj, new;	1399 struct mac_biba subj, obj, *new;
1520 int error; 1521	1400 int error; 1401
1522 subj = SLOT(cred->cr_label);
1523 new = SLOT(newlabel);	1402 new = SLOT(newlabel);
	1403 subj = SLOT(cred->cr_label); 1404 obj = SLOT(pplabel);
1524 1525 /*	1405 1406 /*
1526 * If there is a Biba label update for the credential, it may 1527 * be an update of the effective, range, or both.	1407 * If there is a Biba label update for a pipe, it must be a effective 1408 * update.
1528 */	1409 */
1529 error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);	1410 error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
1530 if (error) 1531 return (error); 1532 1533 /*	1411 if (error) 1412 return (error); 1413 1414 /*
	1415 * To perform a relabel of a pipe (Biba label or not), Biba must 1416 * authorize the relabel. 1417 / 1418* if (!biba_effective_in_range(obj, subj)) 1419 return (EPERM); 1420 1421 /*
1534 * If the Biba label is to be changed, authorize as appropriate. 1535 */	1422 * If the Biba label is to be changed, authorize as appropriate. 1423 */
1536 if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) {	1424 if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
1537 /*	1425 /*
1538 * If the change request modifies both the Biba label 1539 * effective and range, check that the new effective will be 1540 * in the new range.	1426 * To change the Biba label on a pipe, the new pipe label 1427 * must be in the subject range.
1541 */	1428 */
1542 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 1543 MAC_BIBA_FLAGS_BOTH && 1544 !biba_effective_in_range(new, new)) 1545 return (EINVAL); 1546 1547 /* 1548 * To change the Biba effective label on a credential, the 1549 * new effective label must be in the current range. 1550 / 1551* if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 1552 !biba_effective_in_range(new, subj))	1429 if (!biba_effective_in_range(new, subj))
1553 return (EPERM); 1554 1555 /*	1430 return (EPERM); 1431 1432 /*
1556 * To change the Biba range on a credential, the new range 1557 * label must be in the current range.	1433 * To change the Biba label on a pipe to be EQUAL, the 1434 * subject must have appropriate privilege.
1558 */	1435 */
1559 if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 1560 !biba_range_in_range(new, subj)) 1561 return (EPERM); 1562 1563 /* 1564 * To have EQUAL in any component of the new credential Biba 1565 * label, the subject must already have EQUAL in their label. 1566 */
1567 if (biba_contains_equal(new)) { 1568 error = biba_subject_privileged(subj); 1569 if (error) 1570 return (error); 1571 } 1572 } 1573 1574 return (0); 1575} 1576 1577static int	1436 if (biba_contains_equal(new)) { 1437 error = biba_subject_privileged(subj); 1438 if (error) 1439 return (error); 1440 } 1441 } 1442 1443 return (0); 1444} 1445 1446static int
1578biba_cred_check_visible(struct ucred u1, struct ucred u2)	1447biba_pipe_check_stat(struct ucred cred, struct pipepair pp, 1448 struct label *pplabel)
1579{ 1580 struct mac_biba subj, obj; 1581 1582 if (!biba_enabled) 1583 return (0); 1584	1449{ 1450 struct mac_biba subj, obj; 1451 1452 if (!biba_enabled) 1453 return (0); 1454
1585 subj = SLOT(u1->cr_label); 1586 obj = SLOT(u2->cr_label);	1455 subj = SLOT(cred->cr_label); 1456 obj = SLOT(pplabel);
1587	1457
1588 /* XXX: range */
1589 if (!biba_dominate_effective(obj, subj))	1458 if (!biba_dominate_effective(obj, subj))
1590 return (ESRCH);	1459 return (EACCES);
1591 1592 return (0); 1593} 1594 1595static int	1460 1461 return (0); 1462} 1463 1464static int
1596biba_ifnet_check_relabel(struct ucred cred, struct ifnet ifp, 1597 struct label ifplabel, struct label newlabel)	1465biba_pipe_check_write(struct ucred cred, struct pipepair pp, 1466 struct label *pplabel)
1598{	1467{
1599 struct mac_biba subj, new; 1600 int error;	1468 struct mac_biba subj, obj;
1601	1469
	1470 if (!biba_enabled) 1471 return (0); 1472
1602 subj = SLOT(cred->cr_label);	1473 subj = SLOT(cred->cr_label);
1603 new = SLOT(newlabel);	1474 obj = SLOT(pplabel);
1604	1475
1605 /* 1606 * If there is a Biba label update for the interface, it may be an 1607 * update of the effective, range, or both. 1608 / 1609* error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1610 if (error) 1611 return (error);	1476 if (!biba_dominate_effective(subj, obj)) 1477 return (EACCES);
1612	1478
1613 /* 1614 * Relabling network interfaces requires Biba privilege. 1615 / 1616* error = biba_subject_privileged(subj); 1617 if (error) 1618 return (error); 1619
1620 return (0); 1621} 1622	1479 return (0); 1480} 1481
1623static int 1624biba_ifnet_check_transmit(struct ifnet ifp, struct label ifplabel, 1625 struct mbuf m, struct label mlabel)	1482static void 1483biba_pipe_create(struct ucred cred, struct pipepair pp, 1484 struct label *pplabel)
1626{	1485{
1627 struct mac_biba p, i;	1486 struct mac_biba source, dest;
1628	1487
1629 if (!biba_enabled) 1630 return (0);	1488 source = SLOT(cred->cr_label); 1489 dest = SLOT(pplabel);
1631	1490
1632 p = SLOT(mlabel); 1633 i = SLOT(ifplabel);	1491 biba_copy_effective(source, dest); 1492}
1634	1493
1635 return (biba_effective_in_range(p, i) ? 0 : EACCES);	1494static void 1495biba_pipe_relabel(struct ucred cred, struct pipepair pp, 1496 struct label pplabel, struct label newlabel) 1497{ 1498 struct mac_biba source, dest; 1499 1500 source = SLOT(newlabel); 1501 dest = SLOT(pplabel); 1502 1503 biba_copy(source, dest);
1636} 1637 1638static int	1504} 1505 1506static int
1639biba_inpcb_check_deliver(struct inpcb inp, struct label inplabel, 1640 struct mbuf m, struct label mlabel)	1507biba_posixsem_check_write(struct ucred cred, struct ksem ks, 1508 struct label *kslabel)
1641{	1509{
1642 struct mac_biba p, i;	1510 struct mac_biba subj, obj;
1643 1644 if (!biba_enabled) 1645 return (0); 1646	1511 1512 if (!biba_enabled) 1513 return (0); 1514
1647 p = SLOT(mlabel); 1648 i = SLOT(inplabel);	1515 subj = SLOT(cred->cr_label); 1516 obj = SLOT(kslabel);
1649	1517
1650 return (biba_equal_effective(p, i) ? 0 : EACCES);	1518 if (!biba_dominate_effective(subj, obj)) 1519 return (EACCES); 1520 1521 return (0);
1651} 1652 1653static int	1522} 1523 1524static int
1654biba_sysvmsq_check_msgrcv(struct ucred cred, struct msg msgptr, 1655 struct label *msglabel)	1525biba_posixsem_check_rdonly(struct ucred cred, struct ksem ks, 1526 struct label *kslabel)
1656{ 1657 struct mac_biba subj, obj; 1658 1659 if (!biba_enabled) 1660 return (0); 1661 1662 subj = SLOT(cred->cr_label);	1527{ 1528 struct mac_biba subj, obj; 1529 1530 if (!biba_enabled) 1531 return (0); 1532 1533 subj = SLOT(cred->cr_label);
1663 obj = SLOT(msglabel);	1534 obj = SLOT(kslabel);
1664 1665 if (!biba_dominate_effective(obj, subj)) 1666 return (EACCES); 1667 1668 return (0); 1669} 1670	1535 1536 if (!biba_dominate_effective(obj, subj)) 1537 return (EACCES); 1538 1539 return (0); 1540} 1541
	1542static void 1543biba_posixsem_create(struct ucred cred, struct ksem ks, 1544 struct label kslabel) 1545{ 1546* struct mac_biba source, dest; 1547 1548 source = SLOT(cred->cr_label); 1549 dest = SLOT(kslabel); 1550 1551 biba_copy_effective(source, dest); 1552} 1553 1554/* 1555 * Some system privileges are allowed regardless of integrity grade; others 1556 * are allowed only when running with privilege with respect to the Biba 1557 * policy as they might otherwise allow bypassing of the integrity policy. 1558 */
1671static int	1559static int
1672biba_sysvmsq_check_msgrmid(struct ucred cred, struct msg msgptr, 1673 struct label *msglabel)	1560biba_priv_check(struct ucred *cred, int priv)
1674{	1561{
1675 struct mac_biba subj, obj;	1562 struct mac_biba subj; 1563* int error;
1676 1677 if (!biba_enabled) 1678 return (0); 1679	1564 1565 if (!biba_enabled) 1566 return (0); 1567
1680 subj = SLOT(cred->cr_label); 1681 obj = SLOT(msglabel);	1568 /* 1569 * Exempt only specific privileges from the Biba integrity policy. 1570 / 1571* switch (priv) { 1572 case PRIV_KTRACE: 1573 case PRIV_MSGBUF:
1682	1574
1683 if (!biba_dominate_effective(subj, obj)) 1684 return (EACCES);	1575 /* 1576 * Allow processes to manipulate basic process audit properties, and 1577 * to submit audit records. 1578 / 1579* case PRIV_AUDIT_GETAUDIT: 1580 case PRIV_AUDIT_SETAUDIT: 1581 case PRIV_AUDIT_SUBMIT:
1685	1582
	1583 /* 1584 * Allow processes to manipulate their regular UNIX credentials. 1585 / 1586* case PRIV_CRED_SETUID: 1587 case PRIV_CRED_SETEUID: 1588 case PRIV_CRED_SETGID: 1589 case PRIV_CRED_SETEGID: 1590 case PRIV_CRED_SETGROUPS: 1591 case PRIV_CRED_SETREUID: 1592 case PRIV_CRED_SETREGID: 1593 case PRIV_CRED_SETRESUID: 1594 case PRIV_CRED_SETRESGID: 1595 1596 /* 1597 * Allow processes to perform system monitoring. 1598 / 1599* case PRIV_SEEOTHERGIDS: 1600 case PRIV_SEEOTHERUIDS: 1601 break; 1602 1603 /* 1604 * Allow access to general process debugging facilities. We 1605 * separately control debugging based on MAC label. 1606 / 1607* case PRIV_DEBUG_DIFFCRED: 1608 case PRIV_DEBUG_SUGID: 1609 case PRIV_DEBUG_UNPRIV: 1610 1611 /* 1612 * Allow manipulating jails. 1613 / 1614* case PRIV_JAIL_ATTACH: 1615 1616 /* 1617 * Allow privilege with respect to the Partition policy, but not the 1618 * Privs policy. 1619 / 1620* case PRIV_MAC_PARTITION: 1621 1622 /* 1623 * Allow privilege with respect to process resource limits and login 1624 * context. 1625 / 1626* case PRIV_PROC_LIMIT: 1627 case PRIV_PROC_SETLOGIN: 1628 case PRIV_PROC_SETRLIMIT: 1629 1630 /* 1631 * Allow System V and POSIX IPC privileges. 1632 / 1633* case PRIV_IPC_READ: 1634 case PRIV_IPC_WRITE: 1635 case PRIV_IPC_ADMIN: 1636 case PRIV_IPC_MSGSIZE: 1637 case PRIV_MQ_ADMIN: 1638 1639 /* 1640 * Allow certain scheduler manipulations -- possibly this should be 1641 * controlled by more fine-grained policy, as potentially low 1642 * integrity processes can deny CPU to higher integrity ones. 1643 / 1644* case PRIV_SCHED_DIFFCRED: 1645 case PRIV_SCHED_SETPRIORITY: 1646 case PRIV_SCHED_RTPRIO: 1647 case PRIV_SCHED_SETPOLICY: 1648 case PRIV_SCHED_SET: 1649 case PRIV_SCHED_SETPARAM: 1650 1651 /* 1652 * More IPC privileges. 1653 / 1654* case PRIV_SEM_WRITE: 1655 1656 /* 1657 * Allow signaling privileges subject to integrity policy. 1658 / 1659* case PRIV_SIGNAL_DIFFCRED: 1660 case PRIV_SIGNAL_SUGID: 1661 1662 /* 1663 * Allow access to only limited sysctls from lower integrity levels; 1664 * piggy-back on the Jail definition. 1665 / 1666* case PRIV_SYSCTL_WRITEJAIL: 1667 1668 /* 1669 * Allow TTY-based privileges, subject to general device access using 1670 * labels on TTY device nodes, but not console privilege. 1671 / 1672* case PRIV_TTY_DRAINWAIT: 1673 case PRIV_TTY_DTRWAIT: 1674 case PRIV_TTY_EXCLUSIVE: 1675 case PRIV_TTY_PRISON: 1676 case PRIV_TTY_STI: 1677 case PRIV_TTY_SETA: 1678 1679 /* 1680 * Grant most VFS privileges, as almost all are in practice bounded 1681 * by more specific checks using labels. 1682 / 1683* case PRIV_VFS_READ: 1684 case PRIV_VFS_WRITE: 1685 case PRIV_VFS_ADMIN: 1686 case PRIV_VFS_EXEC: 1687 case PRIV_VFS_LOOKUP: 1688 case PRIV_VFS_CHFLAGS_DEV: 1689 case PRIV_VFS_CHOWN: 1690 case PRIV_VFS_CHROOT: 1691 case PRIV_VFS_RETAINSUGID: 1692 case PRIV_VFS_EXCEEDQUOTA: 1693 case PRIV_VFS_FCHROOT: 1694 case PRIV_VFS_FHOPEN: 1695 case PRIV_VFS_FHSTATFS: 1696 case PRIV_VFS_GENERATION: 1697 case PRIV_VFS_GETFH: 1698 case PRIV_VFS_GETQUOTA: 1699 case PRIV_VFS_LINK: 1700 case PRIV_VFS_MOUNT: 1701 case PRIV_VFS_MOUNT_OWNER: 1702 case PRIV_VFS_MOUNT_PERM: 1703 case PRIV_VFS_MOUNT_SUIDDIR: 1704 case PRIV_VFS_MOUNT_NONUSER: 1705 case PRIV_VFS_SETGID: 1706 case PRIV_VFS_STICKYFILE: 1707 case PRIV_VFS_SYSFLAGS: 1708 case PRIV_VFS_UNMOUNT: 1709 1710 /* 1711 * Allow VM privileges; it would be nice if these were subject to 1712 * resource limits. 1713 / 1714* case PRIV_VM_MADV_PROTECT: 1715 case PRIV_VM_MLOCK: 1716 case PRIV_VM_MUNLOCK: 1717 1718 /* 1719 * Allow some but not all network privileges. In general, dont allow 1720 * reconfiguring the network stack, just normal use. 1721 / 1722* case PRIV_NETATALK_RESERVEDPORT: 1723 case PRIV_NETINET_RESERVEDPORT: 1724 case PRIV_NETINET_RAW: 1725 case PRIV_NETINET_REUSEPORT: 1726 case PRIV_NETIPX_RESERVEDPORT: 1727 case PRIV_NETIPX_RAW: 1728 break; 1729 1730 /* 1731 * All remaining system privileges are allow only if the process 1732 * holds privilege with respect to the Biba policy. 1733 / 1734* default: 1735 subj = SLOT(cred->cr_label); 1736 error = biba_subject_privileged(subj); 1737 if (error) 1738 return (error); 1739 }
1686 return (0); 1687} 1688	1740 return (0); 1741} 1742
	1743static void 1744biba_proc_associate_nfsd(struct ucred cred) 1745{ 1746* struct mac_biba label; 1747* 1748 label = SLOT(cred->cr_label); 1749 biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 1750 biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1751 0, NULL); 1752} 1753
1689static int	1754static int
1690biba_sysvmsq_check_msqget(struct ucred cred, struct msqid_kernel msqkptr, 1691 struct label *msqklabel)	1755biba_proc_check_debug(struct ucred cred, struct proc p)
1692{ 1693 struct mac_biba subj, obj; 1694 1695 if (!biba_enabled) 1696 return (0); 1697 1698 subj = SLOT(cred->cr_label);	1756{ 1757 struct mac_biba subj, obj; 1758 1759 if (!biba_enabled) 1760 return (0); 1761 1762 subj = SLOT(cred->cr_label);
1699 obj = SLOT(msqklabel);	1763 obj = SLOT(p->p_ucred->cr_label);
1700	1764
	1765 /* XXX: range checks */
1701 if (!biba_dominate_effective(obj, subj))	1766 if (!biba_dominate_effective(obj, subj))
	1767 return (ESRCH); 1768 if (!biba_dominate_effective(subj, obj))
1702 return (EACCES); 1703 1704 return (0); 1705} 1706 1707static int	1769 return (EACCES); 1770 1771 return (0); 1772} 1773 1774static int
1708biba_sysvmsq_check_msqsnd(struct ucred cred, struct msqid_kernel msqkptr, 1709 struct label *msqklabel)	1775biba_proc_check_sched(struct ucred cred, struct proc p)
1710{ 1711 struct mac_biba subj, obj; 1712 1713 if (!biba_enabled) 1714 return (0); 1715 1716 subj = SLOT(cred->cr_label);	1776{ 1777 struct mac_biba subj, obj; 1778 1779 if (!biba_enabled) 1780 return (0); 1781 1782 subj = SLOT(cred->cr_label);
1717 obj = SLOT(msqklabel);	1783 obj = SLOT(p->p_ucred->cr_label);
1718	1784
	1785 /* XXX: range checks / 1786* if (!biba_dominate_effective(obj, subj)) 1787 return (ESRCH);
1719 if (!biba_dominate_effective(subj, obj)) 1720 return (EACCES); 1721 1722 return (0); 1723} 1724 1725static int	1788 if (!biba_dominate_effective(subj, obj)) 1789 return (EACCES); 1790 1791 return (0); 1792} 1793 1794static int
1726biba_sysvmsq_check_msqrcv(struct ucred cred, struct msqid_kernel msqkptr, 1727 struct label *msqklabel)	1795biba_proc_check_signal(struct ucred cred, struct proc p, int signum)
1728{ 1729 struct mac_biba subj, obj; 1730 1731 if (!biba_enabled) 1732 return (0); 1733 1734 subj = SLOT(cred->cr_label);	1796{ 1797 struct mac_biba subj, obj; 1798 1799 if (!biba_enabled) 1800 return (0); 1801 1802 subj = SLOT(cred->cr_label);
1735 obj = SLOT(msqklabel);	1803 obj = SLOT(p->p_ucred->cr_label);
1736	1804
	1805 /* XXX: range checks */
1737 if (!biba_dominate_effective(obj, subj))	1806 if (!biba_dominate_effective(obj, subj))
	1807 return (ESRCH); 1808 if (!biba_dominate_effective(subj, obj))
1738 return (EACCES); 1739 1740 return (0); 1741} 1742 1743static int	1809 return (EACCES); 1810 1811 return (0); 1812} 1813 1814static int
1744biba_sysvmsq_check_msqctl(struct ucred cred, struct msqid_kernel msqkptr, 1745 struct label *msqklabel, int cmd)	1815biba_socket_check_deliver(struct socket so, struct label solabel, 1816 struct mbuf m, struct label mlabel)
1746{	1817{
1747 struct mac_biba subj, obj;	1818 struct mac_biba p, s;
1748 1749 if (!biba_enabled) 1750 return (0); 1751	1819 1820 if (!biba_enabled) 1821 return (0); 1822
1752 subj = SLOT(cred->cr_label); 1753 obj = SLOT(msqklabel);	1823 p = SLOT(mlabel); 1824 s = SLOT(solabel);
1754	1825
1755 switch(cmd) { 1756 case IPC_RMID: 1757 case IPC_SET: 1758 if (!biba_dominate_effective(subj, obj)) 1759 return (EACCES); 1760 break;	1826 return (biba_equal_effective(p, s) ? 0 : EACCES); 1827}
1761	1828
1762 case IPC_STAT: 1763 if (!biba_dominate_effective(obj, subj)) 1764 return (EACCES); 1765 break;	1829static void 1830biba_proc_create_init(struct ucred cred) 1831{ 1832* struct mac_biba *dest;
1766	1833
1767 default: 1768 return (EACCES); 1769 }	1834 dest = SLOT(cred->cr_label);
1770	1835
1771 return (0);	1836 biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1837 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1838 0, NULL);
1772} 1773	1839} 1840
1774static int 1775biba_sysvsem_check_semctl(struct ucred cred, struct semid_kernel semakptr, 1776 struct label *semaklabel, int cmd)	1841static void 1842biba_proc_create_swapper(struct ucred *cred)
1777{	1843{
1778 struct mac_biba subj, obj;	1844 struct mac_biba *dest;
1779	1845
1780 if (!biba_enabled) 1781 return (0);	1846 dest = SLOT(cred->cr_label);
1782	1847
	1848 biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1849 biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1850 0, NULL); 1851} 1852 1853static int 1854biba_socket_check_relabel(struct ucred cred, struct socket so, 1855 struct label solabel, struct label newlabel) 1856{ 1857 struct mac_biba subj, obj, new; 1858* int error; 1859 1860 new = SLOT(newlabel);
1783 subj = SLOT(cred->cr_label);	1861 subj = SLOT(cred->cr_label);
1784 obj = SLOT(semaklabel);	1862 obj = SLOT(solabel);
1785	1863
1786 switch(cmd) { 1787 case IPC_RMID: 1788 case IPC_SET: 1789 case SETVAL: 1790 case SETALL: 1791 if (!biba_dominate_effective(subj, obj)) 1792 return (EACCES); 1793 break;	1864 /* 1865 * If there is a Biba label update for the socket, it may be an 1866 * update of effective. 1867 / 1868* error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1869 if (error) 1870 return (error);
1794	1871
1795 case IPC_STAT: 1796 case GETVAL: 1797 case GETPID: 1798 case GETNCNT: 1799 case GETZCNT: 1800 case GETALL: 1801 if (!biba_dominate_effective(obj, subj)) 1802 return (EACCES); 1803 break;	1872 /* 1873 * To relabel a socket, the old socket effective must be in the 1874 * subject range. 1875 / 1876* if (!biba_effective_in_range(obj, subj)) 1877 return (EPERM);
1804	1878
1805 default: 1806 return (EACCES);	1879 /* 1880 * If the Biba label is to be changed, authorize as appropriate. 1881 / 1882* if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1883 /* 1884 * To relabel a socket, the new socket effective must be in 1885 * the subject range. 1886 / 1887* if (!biba_effective_in_range(new, subj)) 1888 return (EPERM); 1889 1890 /* 1891 * To change the Biba label on the socket to contain EQUAL, 1892 * the subject must have appropriate privilege. 1893 / 1894* if (biba_contains_equal(new)) { 1895 error = biba_subject_privileged(subj); 1896 if (error) 1897 return (error); 1898 }
1807 } 1808 1809 return (0); 1810} 1811 1812static int	1899 } 1900 1901 return (0); 1902} 1903 1904static int
1813biba_sysvsem_check_semget(struct ucred cred, struct semid_kernel semakptr, 1814 struct label *semaklabel)	1905biba_socket_check_visible(struct ucred cred, struct socket so, 1906 struct label *solabel)
1815{ 1816 struct mac_biba subj, obj; 1817 1818 if (!biba_enabled) 1819 return (0); 1820 1821 subj = SLOT(cred->cr_label);	1907{ 1908 struct mac_biba subj, obj; 1909 1910 if (!biba_enabled) 1911 return (0); 1912 1913 subj = SLOT(cred->cr_label);
1822 obj = SLOT(semaklabel);	1914 obj = SLOT(solabel);
1823 1824 if (!biba_dominate_effective(obj, subj))	1915 1916 if (!biba_dominate_effective(obj, subj))
1825 return (EACCES);	1917 return (ENOENT);
1826 1827 return (0); 1828} 1829	1918 1919 return (0); 1920} 1921
1830static int 1831biba_sysvsem_check_semop(struct ucred cred, struct semid_kernel semakptr, 1832 struct label *semaklabel, size_t accesstype)	1922static void 1923biba_socket_create(struct ucred cred, struct socket so, 1924 struct label *solabel)
1833{	1925{
1834 struct mac_biba subj, obj;	1926 struct mac_biba source, dest;
1835	1927
1836 if (!biba_enabled) 1837 return (0);	1928 source = SLOT(cred->cr_label); 1929 dest = SLOT(solabel);
1838	1930
1839 subj = SLOT(cred->cr_label); 1840 obj = SLOT(semaklabel);	1931 biba_copy_effective(source, dest); 1932}
1841	1933
1842 if (accesstype & SEM_R) 1843 if (!biba_dominate_effective(obj, subj)) 1844 return (EACCES);	1934static void 1935biba_socket_create_mbuf(struct socket so, struct label solabel, 1936 struct mbuf m, struct label mlabel) 1937{ 1938 struct mac_biba source, dest;
1845	1939
1846 if (accesstype & SEM_A) 1847 if (!biba_dominate_effective(subj, obj)) 1848 return (EACCES);	1940 source = SLOT(solabel); 1941 dest = SLOT(mlabel);
1849	1942
1850 return (0);	1943 biba_copy_effective(source, dest);
1851} 1852	1944} 1945
1853static int 1854biba_sysvshm_check_shmat(struct ucred cred, struct shmid_kernel shmsegptr, 1855 struct label *shmseglabel, int shmflg)	1946static void 1947biba_socket_newconn(struct socket oldso, struct label oldsolabel, 1948 struct socket newso, struct label newsolabel)
1856{	1949{
1857 struct mac_biba subj, obj;	1950 struct mac_biba source, dest;
1858	1951
1859 if (!biba_enabled) 1860 return (0);	1952 source = SLOT(oldsolabel); 1953 dest = SLOT(newsolabel);
1861	1954
1862 subj = SLOT(cred->cr_label); 1863 obj = SLOT(shmseglabel); 1864 1865 if (!biba_dominate_effective(obj, subj)) 1866 return (EACCES); 1867 if ((shmflg & SHM_RDONLY) == 0) { 1868 if (!biba_dominate_effective(subj, obj)) 1869 return (EACCES); 1870 } 1871 1872 return (0);	1955 biba_copy_effective(source, dest);
1873} 1874	1956} 1957
1875static int 1876biba_sysvshm_check_shmctl(struct ucred cred, struct shmid_kernel shmsegptr, 1877 struct label *shmseglabel, int cmd)	1958static void 1959biba_socket_relabel(struct ucred cred, struct socket so, 1960 struct label solabel, struct label newlabel)
1878{	1961{
1879 struct mac_biba subj, obj;	1962 struct mac_biba source, dest;
1880	1963
1881 if (!biba_enabled) 1882 return (0);	1964 source = SLOT(newlabel); 1965 dest = SLOT(solabel);
1883	1966
1884 subj = SLOT(cred->cr_label); 1885 obj = SLOT(shmseglabel);	1967 biba_copy(source, dest); 1968}
1886	1969
1887 switch(cmd) { 1888 case IPC_RMID: 1889 case IPC_SET: 1890 if (!biba_dominate_effective(subj, obj)) 1891 return (EACCES); 1892 break;	1970static void 1971biba_socketpeer_set_from_mbuf(struct mbuf m, struct label mlabel, 1972 struct socket so, struct label sopeerlabel) 1973{ 1974 struct mac_biba source, dest;
1893	1975
1894 case IPC_STAT: 1895 case SHM_STAT: 1896 if (!biba_dominate_effective(obj, subj)) 1897 return (EACCES); 1898 break;	1976 source = SLOT(mlabel); 1977 dest = SLOT(sopeerlabel);
1899	1978
1900 default: 1901 return (EACCES); 1902 } 1903 1904 return (0);	1979 biba_copy_effective(source, dest);
1905} 1906	1980} 1981
1907static int 1908biba_sysvshm_check_shmget(struct ucred cred, struct shmid_kernel shmsegptr, 1909 struct label *shmseglabel, int shmflg)	1982static void 1983biba_socketpeer_set_from_socket(struct socket oldso, 1984* struct label oldsolabel, struct socket newso, 1985 struct label *newsopeerlabel)
1910{	1986{
1911 struct mac_biba subj, obj;	1987 struct mac_biba source, dest;
1912	1988
1913 if (!biba_enabled) 1914 return (0);	1989 source = SLOT(oldsolabel); 1990 dest = SLOT(newsopeerlabel);
1915	1991
1916 subj = SLOT(cred->cr_label); 1917 obj = SLOT(shmseglabel);	1992 biba_copy_effective(source, dest); 1993}
1918	1994
1919 if (!biba_dominate_effective(obj, subj)) 1920 return (EACCES);	1995static void 1996biba_syncache_create(struct label label, struct inpcb inp) 1997{ 1998 struct mac_biba source, dest;
1921	1999
1922 return (0);	2000 source = SLOT(inp->inp_label); 2001 dest = SLOT(label); 2002 biba_copy_effective(source, dest);
1923} 1924	2003} 2004
	2005static void 2006biba_syncache_create_mbuf(struct label sc_label, struct mbuf m, 2007 struct label mlabel) 2008{ 2009* struct mac_biba source, dest; 2010 2011 source = SLOT(sc_label); 2012 dest = SLOT(mlabel); 2013 biba_copy_effective(source, dest); 2014} 2015
1925static int	2016static int
1926biba_kld_check_load(struct ucred cred, struct vnode vp,	2017biba_system_check_acct(struct ucred cred, struct vnode vp,
1927 struct label vplabel) 1928{ 1929* struct mac_biba subj, obj; 1930 int error; 1931 1932 if (!biba_enabled) 1933 return (0); 1934 1935 subj = SLOT(cred->cr_label); 1936 1937 error = biba_subject_privileged(subj); 1938 if (error) 1939 return (error); 1940	2018 struct label vplabel) 2019{ 2020* struct mac_biba subj, obj; 2021 int error; 2022 2023 if (!biba_enabled) 2024 return (0); 2025 2026 subj = SLOT(cred->cr_label); 2027 2028 error = biba_subject_privileged(subj); 2029 if (error) 2030 return (error); 2031
	2032 if (vplabel == NULL) 2033 return (0); 2034
1941 obj = SLOT(vplabel); 1942 if (!biba_high_effective(obj)) 1943 return (EACCES); 1944 1945 return (0); 1946} 1947 1948static int	2035 obj = SLOT(vplabel); 2036 if (!biba_high_effective(obj)) 2037 return (EACCES); 2038 2039 return (0); 2040} 2041 2042static int
1949biba_mount_check_stat(struct ucred cred, struct mount mp, 1950 struct label *mplabel)	2043biba_system_check_auditctl(struct ucred cred, struct vnode vp, 2044 struct label *vplabel)
1951{ 1952 struct mac_biba subj, obj;	2045{ 2046 struct mac_biba subj, obj;
	2047 int error;
1953 1954 if (!biba_enabled) 1955 return (0); 1956 1957 subj = SLOT(cred->cr_label);	2048 2049 if (!biba_enabled) 2050 return (0); 2051 2052 subj = SLOT(cred->cr_label);
1958 obj = SLOT(mplabel);
1959	2053
1960 if (!biba_dominate_effective(obj, subj))	2054 error = biba_subject_privileged(subj); 2055 if (error) 2056 return (error); 2057 2058 if (vplabel == NULL) 2059 return (0); 2060 2061 obj = SLOT(vplabel); 2062 if (!biba_high_effective(obj))
1961 return (EACCES); 1962 1963 return (0); 1964} 1965 1966static int	2063 return (EACCES); 2064 2065 return (0); 2066} 2067 2068static int
1967biba_pipe_check_ioctl(struct ucred cred, struct pipepair pp, 1968 struct label pplabel, unsigned long cmd, void / caddr_t / data)	2069biba_system_check_auditon(struct ucred *cred, int cmd)
1969{	2070{
	2071 struct mac_biba subj; 2072* int error;
1970	2073
1971 if(!biba_enabled)	2074 if (!biba_enabled)
1972 return (0); 1973	2075 return (0); 2076
1974 /* XXX: This will be implemented soon... */	2077 subj = SLOT(cred->cr_label);
1975	2078
	2079 error = biba_subject_privileged(subj); 2080 if (error) 2081 return (error); 2082
1976 return (0); 1977} 1978 1979static int	2083 return (0); 2084} 2085 2086static int
1980biba_pipe_check_poll(struct ucred cred, struct pipepair pp, 1981 struct label *pplabel)	2087biba_system_check_swapoff(struct ucred cred, struct vnode vp, 2088 struct label *label)
1982{	2089{
1983 struct mac_biba subj, obj;	2090 struct mac_biba subj; 2091* int error;
1984 1985 if (!biba_enabled) 1986 return (0); 1987 1988 subj = SLOT(cred->cr_label);	2092 2093 if (!biba_enabled) 2094 return (0); 2095 2096 subj = SLOT(cred->cr_label);
1989 obj = SLOT(pplabel);
1990	2097
1991 if (!biba_dominate_effective(obj, subj)) 1992 return (EACCES);	2098 error = biba_subject_privileged(subj); 2099 if (error) 2100 return (error);
1993 1994 return (0); 1995} 1996 1997static int	2101 2102 return (0); 2103} 2104 2105static int
1998biba_pipe_check_read(struct ucred cred, struct pipepair pp, 1999 struct label *pplabel)	2106biba_system_check_swapon(struct ucred cred, struct vnode vp, 2107 struct label *vplabel)
2000{ 2001 struct mac_biba subj, obj;	2108{ 2109 struct mac_biba subj, obj;
	2110 int error;
2002 2003 if (!biba_enabled) 2004 return (0); 2005 2006 subj = SLOT(cred->cr_label);	2111 2112 if (!biba_enabled) 2113 return (0); 2114 2115 subj = SLOT(cred->cr_label);
2007 obj = SLOT(pplabel);	2116 obj = SLOT(vplabel);
2008	2117
2009 if (!biba_dominate_effective(obj, subj))	2118 error = biba_subject_privileged(subj); 2119 if (error) 2120 return (error); 2121 2122 if (!biba_high_effective(obj))
2010 return (EACCES); 2011 2012 return (0); 2013} 2014 2015static int	2123 return (EACCES); 2124 2125 return (0); 2126} 2127 2128static int
2016biba_pipe_check_relabel(struct ucred cred, struct pipepair pp, 2017 struct label pplabel, struct label newlabel)	2129biba_system_check_sysctl(struct ucred cred, struct sysctl_oid oidp, 2130 void arg1, int arg2, struct sysctl_req req)
2018{	2131{
2019 struct mac_biba subj, obj, *new;	2132 struct mac_biba *subj;
2020 int error; 2021	2133 int error; 2134
2022 new = SLOT(newlabel);	2135 if (!biba_enabled) 2136 return (0); 2137
2023 subj = SLOT(cred->cr_label);	2138 subj = SLOT(cred->cr_label);
2024 obj = SLOT(pplabel);
2025 2026 /*	2139 2140 /*
2027 * If there is a Biba label update for a pipe, it must be a effective 2028 * update.	2141 * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, 2142 * but also require privilege to change them.
2029 */	2143 */
2030 error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2031 if (error) 2032 return (error);	2144 if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2145 if (!biba_subject_dominate_high(subj)) 2146 return (EACCES);
2033	2147
2034 /* 2035 * To perform a relabel of a pipe (Biba label or not), Biba must 2036 * authorize the relabel. 2037 / 2038* if (!biba_effective_in_range(obj, subj)) 2039 return (EPERM); 2040 2041 /* 2042 * If the Biba label is to be changed, authorize as appropriate. 2043 / 2044* if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2045 /* 2046 * To change the Biba label on a pipe, the new pipe label 2047 * must be in the subject range. 2048 / 2049* if (!biba_effective_in_range(new, subj)) 2050 return (EPERM); 2051 2052 /* 2053 * To change the Biba label on a pipe to be EQUAL, the 2054 * subject must have appropriate privilege. 2055 / 2056* if (biba_contains_equal(new)) { 2057 error = biba_subject_privileged(subj); 2058 if (error) 2059 return (error); 2060 }	2148 error = biba_subject_privileged(subj); 2149 if (error) 2150 return (error);
2061 } 2062 2063 return (0); 2064} 2065	2151 } 2152 2153 return (0); 2154} 2155
2066static int 2067biba_pipe_check_stat(struct ucred cred, struct pipepair pp, 2068 struct label *pplabel)	2156static void 2157biba_sysvmsg_cleanup(struct label *msglabel)
2069{	2158{
2070 struct mac_biba subj, obj;
2071	2159
2072 if (!biba_enabled) 2073 return (0);	2160 bzero(SLOT(msglabel), sizeof(struct mac_biba)); 2161}
2074	2162
2075 subj = SLOT(cred->cr_label); 2076 obj = SLOT(pplabel);	2163static void 2164biba_sysvmsg_create(struct ucred cred, struct msqid_kernel msqkptr, 2165 struct label msqlabel, struct msg msgptr, struct label msglabel) 2166{ 2167* struct mac_biba source, dest;
2077	2168
2078 if (!biba_dominate_effective(obj, subj)) 2079 return (EACCES);	2169 /* Ignore the msgq label / 2170* source = SLOT(cred->cr_label); 2171 dest = SLOT(msglabel);
2080	2172
2081 return (0);	2173 biba_copy_effective(source, dest);
2082} 2083 2084static int	2174} 2175 2176static int
2085biba_pipe_check_write(struct ucred cred, struct pipepair pp, 2086 struct label *pplabel)	2177biba_sysvmsq_check_msgrcv(struct ucred cred, struct msg msgptr, 2178 struct label *msglabel)
2087{ 2088 struct mac_biba subj, obj; 2089 2090 if (!biba_enabled) 2091 return (0); 2092 2093 subj = SLOT(cred->cr_label);	2179{ 2180 struct mac_biba subj, obj; 2181 2182 if (!biba_enabled) 2183 return (0); 2184 2185 subj = SLOT(cred->cr_label);
2094 obj = SLOT(pplabel);	2186 obj = SLOT(msglabel);
2095	2187
2096 if (!biba_dominate_effective(subj, obj))	2188 if (!biba_dominate_effective(obj, subj))
2097 return (EACCES); 2098 2099 return (0); 2100} 2101 2102static int	2189 return (EACCES); 2190 2191 return (0); 2192} 2193 2194static int
2103biba_posixsem_check_write(struct ucred cred, struct ksem ks, 2104 struct label *kslabel)	2195biba_sysvmsq_check_msgrmid(struct ucred cred, struct msg msgptr, 2196 struct label *msglabel)
2105{ 2106 struct mac_biba subj, obj; 2107 2108 if (!biba_enabled) 2109 return (0); 2110 2111 subj = SLOT(cred->cr_label);	2197{ 2198 struct mac_biba subj, obj; 2199 2200 if (!biba_enabled) 2201 return (0); 2202 2203 subj = SLOT(cred->cr_label);
2112 obj = SLOT(kslabel);	2204 obj = SLOT(msglabel);
2113 2114 if (!biba_dominate_effective(subj, obj)) 2115 return (EACCES); 2116 2117 return (0); 2118} 2119 2120static int	2205 2206 if (!biba_dominate_effective(subj, obj)) 2207 return (EACCES); 2208 2209 return (0); 2210} 2211 2212static int
2121biba_posixsem_check_rdonly(struct ucred cred, struct ksem ks, 2122 struct label *kslabel)	2213biba_sysvmsq_check_msqget(struct ucred cred, struct msqid_kernel msqkptr, 2214 struct label *msqklabel)
2123{ 2124 struct mac_biba subj, obj; 2125 2126 if (!biba_enabled) 2127 return (0); 2128 2129 subj = SLOT(cred->cr_label);	2215{ 2216 struct mac_biba subj, obj; 2217 2218 if (!biba_enabled) 2219 return (0); 2220 2221 subj = SLOT(cred->cr_label);
2130 obj = SLOT(kslabel);	2222 obj = SLOT(msqklabel);
2131 2132 if (!biba_dominate_effective(obj, subj)) 2133 return (EACCES); 2134 2135 return (0); 2136} 2137 2138static int	2223 2224 if (!biba_dominate_effective(obj, subj)) 2225 return (EACCES); 2226 2227 return (0); 2228} 2229 2230static int
2139biba_proc_check_debug(struct ucred cred, struct proc p)	2231biba_sysvmsq_check_msqsnd(struct ucred cred, struct msqid_kernel msqkptr, 2232 struct label *msqklabel)
2140{ 2141 struct mac_biba subj, obj; 2142 2143 if (!biba_enabled) 2144 return (0); 2145 2146 subj = SLOT(cred->cr_label);	2233{ 2234 struct mac_biba subj, obj; 2235 2236 if (!biba_enabled) 2237 return (0); 2238 2239 subj = SLOT(cred->cr_label);
2147 obj = SLOT(p->p_ucred->cr_label);	2240 obj = SLOT(msqklabel);
2148	2241
2149 /* XXX: range checks / 2150* if (!biba_dominate_effective(obj, subj)) 2151 return (ESRCH);
2152 if (!biba_dominate_effective(subj, obj)) 2153 return (EACCES); 2154 2155 return (0); 2156} 2157 2158static int	2242 if (!biba_dominate_effective(subj, obj)) 2243 return (EACCES); 2244 2245 return (0); 2246} 2247 2248static int
2159biba_proc_check_sched(struct ucred cred, struct proc p)	2249biba_sysvmsq_check_msqrcv(struct ucred cred, struct msqid_kernel msqkptr, 2250 struct label *msqklabel)
2160{ 2161 struct mac_biba subj, obj; 2162 2163 if (!biba_enabled) 2164 return (0); 2165 2166 subj = SLOT(cred->cr_label);	2251{ 2252 struct mac_biba subj, obj; 2253 2254 if (!biba_enabled) 2255 return (0); 2256 2257 subj = SLOT(cred->cr_label);
2167 obj = SLOT(p->p_ucred->cr_label);	2258 obj = SLOT(msqklabel);
2168	2259
2169 /* XXX: range checks */
2170 if (!biba_dominate_effective(obj, subj))	2260 if (!biba_dominate_effective(obj, subj))
2171 return (ESRCH); 2172 if (!biba_dominate_effective(subj, obj))
2173 return (EACCES); 2174 2175 return (0); 2176} 2177 2178static int	2261 return (EACCES); 2262 2263 return (0); 2264} 2265 2266static int
2179biba_proc_check_signal(struct ucred cred, struct proc p, int signum)	2267biba_sysvmsq_check_msqctl(struct ucred cred, struct msqid_kernel msqkptr, 2268 struct label *msqklabel, int cmd)
2180{ 2181 struct mac_biba subj, obj; 2182 2183 if (!biba_enabled) 2184 return (0); 2185 2186 subj = SLOT(cred->cr_label);	2269{ 2270 struct mac_biba subj, obj; 2271 2272 if (!biba_enabled) 2273 return (0); 2274 2275 subj = SLOT(cred->cr_label);
2187 obj = SLOT(p->p_ucred->cr_label);	2276 obj = SLOT(msqklabel);
2188	2277
2189 /* XXX: range checks / 2190* if (!biba_dominate_effective(obj, subj)) 2191 return (ESRCH); 2192 if (!biba_dominate_effective(subj, obj))	2278 switch(cmd) { 2279 case IPC_RMID: 2280 case IPC_SET: 2281 if (!biba_dominate_effective(subj, obj)) 2282 return (EACCES); 2283 break; 2284 2285 case IPC_STAT: 2286 if (!biba_dominate_effective(obj, subj)) 2287 return (EACCES); 2288 break; 2289 2290 default:
2193 return (EACCES);	2291 return (EACCES);
	2292 }
2194 2195 return (0); 2196} 2197	2293 2294 return (0); 2295} 2296
2198static int 2199biba_socket_check_deliver(struct socket so, struct label solabel, 2200 struct mbuf m, struct label mlabel)	2297static void 2298biba_sysvmsq_cleanup(struct label *msqlabel)
2201{	2299{
2202 struct mac_biba p, s;
2203	2300
2204 if (!biba_enabled) 2205 return (0);	2301 bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 2302}
2206	2303
2207 p = SLOT(mlabel); 2208 s = SLOT(solabel);	2304static void 2305biba_sysvmsq_create(struct ucred cred, struct msqid_kernel msqkptr, 2306 struct label msqlabel) 2307{ 2308* struct mac_biba source, dest;
2209	2309
2210 return (biba_equal_effective(p, s) ? 0 : EACCES);	2310 source = SLOT(cred->cr_label); 2311 dest = SLOT(msqlabel); 2312 2313 biba_copy_effective(source, dest);
2211} 2212 2213static int	2314} 2315 2316static int
2214biba_socket_check_relabel(struct ucred cred, struct socket so, 2215 struct label solabel, struct label newlabel)	2317biba_sysvsem_check_semctl(struct ucred cred, struct semid_kernel semakptr, 2318 struct label *semaklabel, int cmd)
2216{	2319{
2217 struct mac_biba subj, obj, new; 2218* int error;	2320 struct mac_biba subj, obj;
2219	2321
2220 new = SLOT(newlabel);	2322 if (!biba_enabled) 2323 return (0); 2324
2221 subj = SLOT(cred->cr_label);	2325 subj = SLOT(cred->cr_label);
2222 obj = SLOT(solabel);	2326 obj = SLOT(semaklabel);
2223	2327
2224 /* 2225 * If there is a Biba label update for the socket, it may be an 2226 * update of effective. 2227 / 2228* error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2229 if (error) 2230 return (error);	2328 switch(cmd) { 2329 case IPC_RMID: 2330 case IPC_SET: 2331 case SETVAL: 2332 case SETALL: 2333 if (!biba_dominate_effective(subj, obj)) 2334 return (EACCES); 2335 break;
2231	2336
2232 /* 2233 * To relabel a socket, the old socket effective must be in the 2234 * subject range. 2235 / 2236* if (!biba_effective_in_range(obj, subj)) 2237 return (EPERM);	2337 case IPC_STAT: 2338 case GETVAL: 2339 case GETPID: 2340 case GETNCNT: 2341 case GETZCNT: 2342 case GETALL: 2343 if (!biba_dominate_effective(obj, subj)) 2344 return (EACCES); 2345 break;
2238	2346
2239 /* 2240 * If the Biba label is to be changed, authorize as appropriate. 2241 / 2242* if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2243 /* 2244 * To relabel a socket, the new socket effective must be in 2245 * the subject range. 2246 / 2247* if (!biba_effective_in_range(new, subj)) 2248 return (EPERM); 2249 2250 /* 2251 * To change the Biba label on the socket to contain EQUAL, 2252 * the subject must have appropriate privilege. 2253 / 2254* if (biba_contains_equal(new)) { 2255 error = biba_subject_privileged(subj); 2256 if (error) 2257 return (error); 2258 }	2347 default: 2348 return (EACCES);
2259 } 2260 2261 return (0); 2262} 2263 2264static int	2349 } 2350 2351 return (0); 2352} 2353 2354static int
2265biba_socket_check_visible(struct ucred cred, struct socket so, 2266 struct label *solabel)	2355biba_sysvsem_check_semget(struct ucred cred, struct semid_kernel semakptr, 2356 struct label *semaklabel)
2267{ 2268 struct mac_biba subj, obj; 2269 2270 if (!biba_enabled) 2271 return (0); 2272 2273 subj = SLOT(cred->cr_label);	2357{ 2358 struct mac_biba subj, obj; 2359 2360 if (!biba_enabled) 2361 return (0); 2362 2363 subj = SLOT(cred->cr_label);
2274 obj = SLOT(solabel);	2364 obj = SLOT(semaklabel);
2275 2276 if (!biba_dominate_effective(obj, subj))	2365 2366 if (!biba_dominate_effective(obj, subj))
2277 return (ENOENT);	2367 return (EACCES);
2278 2279 return (0); 2280} 2281	2368 2369 return (0); 2370} 2371
2282/* 2283 * Some system privileges are allowed regardless of integrity grade; others 2284 * are allowed only when running with privilege with respect to the Biba 2285 * policy as they might otherwise allow bypassing of the integrity policy. 2286 */
2287static int	2372static int
2288biba_priv_check(struct ucred *cred, int priv)	2373biba_sysvsem_check_semop(struct ucred cred, struct semid_kernel semakptr, 2374 struct label *semaklabel, size_t accesstype)
2289{	2375{
2290 struct mac_biba subj; 2291* int error;	2376 struct mac_biba subj, obj;
2292 2293 if (!biba_enabled) 2294 return (0); 2295	2377 2378 if (!biba_enabled) 2379 return (0); 2380
2296 /* 2297 * Exempt only specific privileges from the Biba integrity policy. 2298 / 2299* switch (priv) { 2300 case PRIV_KTRACE: 2301 case PRIV_MSGBUF:	2381 subj = SLOT(cred->cr_label); 2382 obj = SLOT(semaklabel);
2302	2383
2303 /* 2304 * Allow processes to manipulate basic process audit properties, and 2305 * to submit audit records. 2306 / 2307* case PRIV_AUDIT_GETAUDIT: 2308 case PRIV_AUDIT_SETAUDIT: 2309 case PRIV_AUDIT_SUBMIT:	2384 if (accesstype & SEM_R) 2385 if (!biba_dominate_effective(obj, subj)) 2386 return (EACCES);
2310	2387
2311 /* 2312 * Allow processes to manipulate their regular UNIX credentials. 2313 / 2314* case PRIV_CRED_SETUID: 2315 case PRIV_CRED_SETEUID: 2316 case PRIV_CRED_SETGID: 2317 case PRIV_CRED_SETEGID: 2318 case PRIV_CRED_SETGROUPS: 2319 case PRIV_CRED_SETREUID: 2320 case PRIV_CRED_SETREGID: 2321 case PRIV_CRED_SETRESUID: 2322 case PRIV_CRED_SETRESGID:	2388 if (accesstype & SEM_A) 2389 if (!biba_dominate_effective(subj, obj)) 2390 return (EACCES);
2323	2391
2324 /* 2325 * Allow processes to perform system monitoring. 2326 / 2327* case PRIV_SEEOTHERGIDS: 2328 case PRIV_SEEOTHERUIDS: 2329 break;	2392 return (0); 2393}
2330	2394
2331 /* 2332 * Allow access to general process debugging facilities. We 2333 * separately control debugging based on MAC label. 2334 / 2335* case PRIV_DEBUG_DIFFCRED: 2336 case PRIV_DEBUG_SUGID: 2337 case PRIV_DEBUG_UNPRIV:	2395static void 2396biba_sysvsem_cleanup(struct label semalabel) 2397*{
2338	2398
2339 /* 2340 * Allow manipulating jails. 2341 / 2342* case PRIV_JAIL_ATTACH:	2399 bzero(SLOT(semalabel), sizeof(struct mac_biba)); 2400}
2343	2401
2344 /* 2345 * Allow privilege with respect to the Partition policy, but not the 2346 * Privs policy. 2347 / 2348* case PRIV_MAC_PARTITION:	2402static void 2403biba_sysvsem_create(struct ucred cred, struct semid_kernel semakptr, 2404 struct label semalabel) 2405{ 2406* struct mac_biba source, dest;
2349	2407
2350 /* 2351 * Allow privilege with respect to process resource limits and login 2352 * context. 2353 / 2354* case PRIV_PROC_LIMIT: 2355 case PRIV_PROC_SETLOGIN: 2356 case PRIV_PROC_SETRLIMIT:	2408 source = SLOT(cred->cr_label); 2409 dest = SLOT(semalabel);
2357	2410
2358 /* 2359 * Allow System V and POSIX IPC privileges. 2360 / 2361* case PRIV_IPC_READ: 2362 case PRIV_IPC_WRITE: 2363 case PRIV_IPC_ADMIN: 2364 case PRIV_IPC_MSGSIZE: 2365 case PRIV_MQ_ADMIN: 2366 2367 /* 2368 * Allow certain scheduler manipulations -- possibly this should be 2369 * controlled by more fine-grained policy, as potentially low 2370 * integrity processes can deny CPU to higher integrity ones. 2371 / 2372* case PRIV_SCHED_DIFFCRED: 2373 case PRIV_SCHED_SETPRIORITY: 2374 case PRIV_SCHED_RTPRIO: 2375 case PRIV_SCHED_SETPOLICY: 2376 case PRIV_SCHED_SET: 2377 case PRIV_SCHED_SETPARAM: 2378 2379 /* 2380 * More IPC privileges. 2381 / 2382* case PRIV_SEM_WRITE: 2383 2384 /* 2385 * Allow signaling privileges subject to integrity policy. 2386 / 2387* case PRIV_SIGNAL_DIFFCRED: 2388 case PRIV_SIGNAL_SUGID: 2389 2390 /* 2391 * Allow access to only limited sysctls from lower integrity levels; 2392 * piggy-back on the Jail definition. 2393 / 2394* case PRIV_SYSCTL_WRITEJAIL: 2395 2396 /* 2397 * Allow TTY-based privileges, subject to general device access using 2398 * labels on TTY device nodes, but not console privilege. 2399 / 2400* case PRIV_TTY_DRAINWAIT: 2401 case PRIV_TTY_DTRWAIT: 2402 case PRIV_TTY_EXCLUSIVE: 2403 case PRIV_TTY_PRISON: 2404 case PRIV_TTY_STI: 2405 case PRIV_TTY_SETA: 2406 2407 /* 2408 * Grant most VFS privileges, as almost all are in practice bounded 2409 * by more specific checks using labels. 2410 / 2411* case PRIV_VFS_READ: 2412 case PRIV_VFS_WRITE: 2413 case PRIV_VFS_ADMIN: 2414 case PRIV_VFS_EXEC: 2415 case PRIV_VFS_LOOKUP: 2416 case PRIV_VFS_CHFLAGS_DEV: 2417 case PRIV_VFS_CHOWN: 2418 case PRIV_VFS_CHROOT: 2419 case PRIV_VFS_RETAINSUGID: 2420 case PRIV_VFS_EXCEEDQUOTA: 2421 case PRIV_VFS_FCHROOT: 2422 case PRIV_VFS_FHOPEN: 2423 case PRIV_VFS_FHSTATFS: 2424 case PRIV_VFS_GENERATION: 2425 case PRIV_VFS_GETFH: 2426 case PRIV_VFS_GETQUOTA: 2427 case PRIV_VFS_LINK: 2428 case PRIV_VFS_MOUNT: 2429 case PRIV_VFS_MOUNT_OWNER: 2430 case PRIV_VFS_MOUNT_PERM: 2431 case PRIV_VFS_MOUNT_SUIDDIR: 2432 case PRIV_VFS_MOUNT_NONUSER: 2433 case PRIV_VFS_SETGID: 2434 case PRIV_VFS_STICKYFILE: 2435 case PRIV_VFS_SYSFLAGS: 2436 case PRIV_VFS_UNMOUNT: 2437 2438 /* 2439 * Allow VM privileges; it would be nice if these were subject to 2440 * resource limits. 2441 / 2442* case PRIV_VM_MADV_PROTECT: 2443 case PRIV_VM_MLOCK: 2444 case PRIV_VM_MUNLOCK: 2445 2446 /* 2447 * Allow some but not all network privileges. In general, dont allow 2448 * reconfiguring the network stack, just normal use. 2449 / 2450* case PRIV_NETATALK_RESERVEDPORT: 2451 case PRIV_NETINET_RESERVEDPORT: 2452 case PRIV_NETINET_RAW: 2453 case PRIV_NETINET_REUSEPORT: 2454 case PRIV_NETIPX_RESERVEDPORT: 2455 case PRIV_NETIPX_RAW: 2456 break; 2457 2458 /* 2459 * All remaining system privileges are allow only if the process 2460 * holds privilege with respect to the Biba policy. 2461 / 2462* default: 2463 subj = SLOT(cred->cr_label); 2464 error = biba_subject_privileged(subj); 2465 if (error) 2466 return (error); 2467 } 2468 return (0);	2411 biba_copy_effective(source, dest);
2469} 2470 2471static int	2412} 2413 2414static int
2472biba_system_check_acct(struct ucred cred, struct vnode vp, 2473 struct label *vplabel)	2415biba_sysvshm_check_shmat(struct ucred cred, struct shmid_kernel shmsegptr, 2416 struct label *shmseglabel, int shmflg)
2474{ 2475 struct mac_biba subj, obj;	2417{ 2418 struct mac_biba subj, obj;
2476 int error;
2477 2478 if (!biba_enabled) 2479 return (0); 2480 2481 subj = SLOT(cred->cr_label);	2419 2420 if (!biba_enabled) 2421 return (0); 2422 2423 subj = SLOT(cred->cr_label);
	2424 obj = SLOT(shmseglabel);
2482	2425
2483 error = biba_subject_privileged(subj); 2484 if (error) 2485 return (error); 2486 2487 if (vplabel == NULL) 2488 return (0); 2489 2490 obj = SLOT(vplabel); 2491 if (!biba_high_effective(obj))	2426 if (!biba_dominate_effective(obj, subj))
2492 return (EACCES);	2427 return (EACCES);
2493	2428 if ((shmflg & SHM_RDONLY) == 0) { 2429 if (!biba_dominate_effective(subj, obj)) 2430 return (EACCES); 2431 } 2432
2494 return (0); 2495} 2496 2497static int	2433 return (0); 2434} 2435 2436static int
2498biba_system_check_auditctl(struct ucred cred, struct vnode vp, 2499 struct label *vplabel)	2437biba_sysvshm_check_shmctl(struct ucred cred, struct shmid_kernel shmsegptr, 2438 struct label *shmseglabel, int cmd)
2500{ 2501 struct mac_biba subj, obj;	2439{ 2440 struct mac_biba subj, obj;
2502 int error;
2503 2504 if (!biba_enabled) 2505 return (0); 2506 2507 subj = SLOT(cred->cr_label);	2441 2442 if (!biba_enabled) 2443 return (0); 2444 2445 subj = SLOT(cred->cr_label);
	2446 obj = SLOT(shmseglabel);
2508	2447
2509 error = biba_subject_privileged(subj); 2510 if (error) 2511 return (error);	2448 switch(cmd) { 2449 case IPC_RMID: 2450 case IPC_SET: 2451 if (!biba_dominate_effective(subj, obj)) 2452 return (EACCES); 2453 break;
2512	2454
2513 if (vplabel == NULL) 2514 return (0);	2455 case IPC_STAT: 2456 case SHM_STAT: 2457 if (!biba_dominate_effective(obj, subj)) 2458 return (EACCES); 2459 break;
2515	2460
2516 obj = SLOT(vplabel); 2517 if (!biba_high_effective(obj))	2461 default:
2518 return (EACCES);	2462 return (EACCES);
	2463 }
2519 2520 return (0); 2521} 2522 2523static int	2464 2465 return (0); 2466} 2467 2468static int
2524biba_system_check_auditon(struct ucred *cred, int cmd)	2469biba_sysvshm_check_shmget(struct ucred cred, struct shmid_kernel shmsegptr, 2470 struct label *shmseglabel, int shmflg)
2525{	2471{
2526 struct mac_biba subj; 2527* int error;	2472 struct mac_biba subj, obj;
2528 2529 if (!biba_enabled) 2530 return (0); 2531 2532 subj = SLOT(cred->cr_label);	2473 2474 if (!biba_enabled) 2475 return (0); 2476 2477 subj = SLOT(cred->cr_label);
	2478 obj = SLOT(shmseglabel);
2533	2479
2534 error = biba_subject_privileged(subj); 2535 if (error) 2536 return (error);	2480 if (!biba_dominate_effective(obj, subj)) 2481 return (EACCES);
2537 2538 return (0); 2539} 2540	2482 2483 return (0); 2484} 2485
2541static int 2542biba_system_check_swapon(struct ucred cred, struct vnode vp, 2543 struct label *vplabel)	2486static void 2487biba_sysvshm_cleanup(struct label *shmlabel)
2544{	2488{
2545 struct mac_biba subj, obj; 2546 int error;
2547	2489
2548 if (!biba_enabled) 2549 return (0);	2490 bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 2491}
2550	2492
2551 subj = SLOT(cred->cr_label); 2552 obj = SLOT(vplabel);	2493static void 2494biba_sysvshm_create(struct ucred cred, struct shmid_kernel shmsegptr, 2495 struct label shmlabel) 2496{ 2497* struct mac_biba source, dest;
2553	2498
2554 error = biba_subject_privileged(subj); 2555 if (error) 2556 return (error);	2499 source = SLOT(cred->cr_label); 2500 dest = SLOT(shmlabel);
2557	2501
2558 if (!biba_high_effective(obj)) 2559 return (EACCES); 2560 2561 return (0);	2502 biba_copy_effective(source, dest);
2562} 2563 2564static int	2503} 2504 2505static int
2565biba_system_check_swapoff(struct ucred cred, struct vnode vp, 2566 struct label *label)	2506biba_vnode_associate_extattr(struct mount mp, struct label mplabel, 2507 struct vnode vp, struct label vplabel)
2567{	2508{
2568 struct mac_biba subj; 2569* int error;	2509 struct mac_biba mb_temp, source, dest; 2510 int buflen, error;
2570	2511
2571 if (!biba_enabled) 2572 return (0);	2512 source = SLOT(mplabel); 2513 dest = SLOT(vplabel);
2573	2514
2574 subj = SLOT(cred->cr_label);	2515 buflen = sizeof(mb_temp); 2516 bzero(&mb_temp, buflen);
2575	2517
2576 error = biba_subject_privileged(subj); 2577 if (error)	2518 error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 2519 MAC_BIBA_EXTATTR_NAME, &buflen, (char ) &mb_temp, curthread); 2520* if (error == ENOATTR \|\| error == EOPNOTSUPP) { 2521 /* Fall back to the mntlabel. / 2522* biba_copy_effective(source, dest); 2523 return (0); 2524 } else if (error)
2578 return (error); 2579	2525 return (error); 2526
	2527 if (buflen != sizeof(mb_temp)) { 2528 printf("biba_vnode_associate_extattr: bad size %d\n", 2529 buflen); 2530 return (EPERM); 2531 } 2532 if (biba_valid(&mb_temp) != 0) { 2533 printf("biba_vnode_associate_extattr: invalid\n"); 2534 return (EPERM); 2535 } 2536 if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != 2537 MAC_BIBA_FLAG_EFFECTIVE) { 2538 printf("biba_vnode_associate_extattr: not effective\n"); 2539 return (EPERM); 2540 } 2541 2542 biba_copy_effective(&mb_temp, dest);
2580 return (0); 2581} 2582	2543 return (0); 2544} 2545
2583static int 2584biba_system_check_sysctl(struct ucred cred, struct sysctl_oid oidp, 2585 void arg1, int arg2, struct sysctl_req req)	2546static void 2547biba_vnode_associate_singlelabel(struct mount mp, struct label mplabel, 2548 struct vnode vp, struct label vplabel)
2586{	2549{
2587 struct mac_biba subj; 2588* int error;	2550 struct mac_biba source, dest;
2589	2551
2590 if (!biba_enabled) 2591 return (0);	2552 source = SLOT(mplabel); 2553 dest = SLOT(vplabel);
2592	2554
2593 subj = SLOT(cred->cr_label); 2594 2595 /* 2596 * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, 2597 * but also require privilege to change them. 2598 / 2599* if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2600 if (!biba_subject_dominate_high(subj)) 2601 return (EACCES); 2602 2603 error = biba_subject_privileged(subj); 2604 if (error) 2605 return (error); 2606 } 2607 2608 return (0);	2555 biba_copy_effective(source, dest);
2609} 2610 2611static int 2612biba_vnode_check_chdir(struct ucred cred, struct vnode dvp, 2613 struct label dvplabel) 2614{ 2615* struct mac_biba subj, obj; 2616 --- 620 unchanged lines hidden (view full) --- 3237 obj = SLOT(vplabel); 3238 3239 if (!biba_dominate_effective(subj, obj)) 3240 return (EACCES); 3241 3242 return (0); 3243} 3244	2556} 2557 2558static int 2559biba_vnode_check_chdir(struct ucred cred, struct vnode dvp, 2560 struct label dvplabel) 2561{ 2562* struct mac_biba subj, obj; 2563 --- 620 unchanged lines hidden (view full) --- 3184 obj = SLOT(vplabel); 3185 3186 if (!biba_dominate_effective(subj, obj)) 3187 return (EACCES); 3188 3189 return (0); 3190} 3191
3245static void 3246biba_syncache_create(struct label label, struct inpcb inp)	3192static int 3193biba_vnode_create_extattr(struct ucred cred, struct mount mp, 3194 struct label mplabel, struct vnode dvp, struct label dvplabel, 3195* struct vnode vp, struct label vplabel, struct componentname *cnp)
3247{	3196{
3248 struct mac_biba source, dest;	3197 struct mac_biba source, dest, mb_temp; 3198 size_t buflen; 3199 int error;
3249	3200
3250 source = SLOT(inp->inp_label); 3251 dest = SLOT(label); 3252 biba_copy_effective(source, dest);	3201 buflen = sizeof(mb_temp); 3202 bzero(&mb_temp, buflen); 3203 3204 source = SLOT(cred->cr_label); 3205 dest = SLOT(vplabel); 3206 biba_copy_effective(source, &mb_temp); 3207 3208 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3209 MAC_BIBA_EXTATTR_NAME, buflen, (char ) &mb_temp, curthread); 3210* if (error == 0) 3211 biba_copy_effective(source, dest); 3212 return (error);
3253} 3254 3255static void	3213} 3214 3215static void
3256biba_syncache_create_mbuf(struct label sc_label, struct mbuf m, 3257 struct label *mlabel)	3216biba_vnode_relabel(struct ucred cred, struct vnode vp, 3217 struct label vplabel, struct label newlabel)
3258{ 3259 struct mac_biba source, dest; 3260	3218{ 3219 struct mac_biba source, dest; 3220
3261 source = SLOT(sc_label); 3262 dest = SLOT(mlabel); 3263 biba_copy_effective(source, dest);	3221 source = SLOT(newlabel); 3222 dest = SLOT(vplabel); 3223 3224 biba_copy(source, dest);
3264} 3265	3225} 3226
	3227static int 3228biba_vnode_setlabel_extattr(struct ucred cred, struct vnode vp, 3229 struct label vplabel, struct label intlabel) 3230{ 3231 struct mac_biba source, mb_temp; 3232* size_t buflen; 3233 int error; 3234 3235 buflen = sizeof(mb_temp); 3236 bzero(&mb_temp, buflen); 3237 3238 source = SLOT(intlabel); 3239 if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 3240 return (0); 3241 3242 biba_copy_effective(source, &mb_temp); 3243 3244 error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3245 MAC_BIBA_EXTATTR_NAME, buflen, (char ) &mb_temp, curthread); 3246* return (error); 3247} 3248
3266static struct mac_policy_ops mac_biba_ops = 3267{ 3268 .mpo_init = biba_init,	3249static struct mac_policy_ops mac_biba_ops = 3250{ 3251 .mpo_init = biba_init,
3269 .mpo_bpfdesc_init_label = biba_init_label, 3270 .mpo_cred_init_label = biba_init_label, 3271 .mpo_devfs_init_label = biba_init_label, 3272 .mpo_ifnet_init_label = biba_init_label, 3273 .mpo_inpcb_init_label = biba_init_label_waitcheck, 3274 .mpo_syncache_init_label = biba_init_label_waitcheck, 3275 .mpo_sysvmsg_init_label = biba_init_label, 3276 .mpo_sysvmsq_init_label = biba_init_label, 3277 .mpo_sysvsem_init_label = biba_init_label, 3278 .mpo_sysvshm_init_label = biba_init_label, 3279 .mpo_ipq_init_label = biba_init_label_waitcheck, 3280 .mpo_mbuf_init_label = biba_init_label_waitcheck, 3281 .mpo_mount_init_label = biba_init_label, 3282 .mpo_pipe_init_label = biba_init_label, 3283 .mpo_posixsem_init_label = biba_init_label, 3284 .mpo_socket_init_label = biba_init_label_waitcheck, 3285 .mpo_socketpeer_init_label = biba_init_label_waitcheck, 3286 .mpo_syncache_create = biba_syncache_create, 3287 .mpo_vnode_init_label = biba_init_label,	3252 3253 .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3254 .mpo_bpfdesc_create = biba_bpfdesc_create, 3255 .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
3288 .mpo_bpfdesc_destroy_label = biba_destroy_label,	3256 .mpo_bpfdesc_destroy_label = biba_destroy_label,
3289 .mpo_cred_destroy_label = biba_destroy_label, 3290 .mpo_devfs_destroy_label = biba_destroy_label, 3291 .mpo_ifnet_destroy_label = biba_destroy_label, 3292 .mpo_inpcb_destroy_label = biba_destroy_label, 3293 .mpo_syncache_destroy_label = biba_destroy_label, 3294 .mpo_sysvmsg_destroy_label = biba_destroy_label, 3295 .mpo_sysvmsq_destroy_label = biba_destroy_label, 3296 .mpo_sysvsem_destroy_label = biba_destroy_label, 3297 .mpo_sysvshm_destroy_label = biba_destroy_label, 3298 .mpo_ipq_destroy_label = biba_destroy_label, 3299 .mpo_mbuf_destroy_label = biba_destroy_label, 3300 .mpo_mount_destroy_label = biba_destroy_label, 3301 .mpo_pipe_destroy_label = biba_destroy_label, 3302 .mpo_posixsem_destroy_label = biba_destroy_label, 3303 .mpo_socket_destroy_label = biba_destroy_label, 3304 .mpo_socketpeer_destroy_label = biba_destroy_label, 3305 .mpo_vnode_destroy_label = biba_destroy_label,	3257 .mpo_bpfdesc_init_label = biba_init_label, 3258 3259 .mpo_cred_check_relabel = biba_cred_check_relabel, 3260 .mpo_cred_check_visible = biba_cred_check_visible,
3306 .mpo_cred_copy_label = biba_copy_label,	3261 .mpo_cred_copy_label = biba_copy_label,
3307 .mpo_ifnet_copy_label = biba_copy_label, 3308 .mpo_mbuf_copy_label = biba_copy_label, 3309 .mpo_pipe_copy_label = biba_copy_label, 3310 .mpo_socket_copy_label = biba_copy_label, 3311 .mpo_vnode_copy_label = biba_copy_label,	3262 .mpo_cred_destroy_label = biba_destroy_label,
3312 .mpo_cred_externalize_label = biba_externalize_label,	3263 .mpo_cred_externalize_label = biba_externalize_label,
3313 .mpo_ifnet_externalize_label = biba_externalize_label, 3314 .mpo_pipe_externalize_label = biba_externalize_label, 3315 .mpo_socket_externalize_label = biba_externalize_label, 3316 .mpo_socketpeer_externalize_label = biba_externalize_label, 3317 .mpo_vnode_externalize_label = biba_externalize_label,	3264 .mpo_cred_init_label = biba_init_label,
3318 .mpo_cred_internalize_label = biba_internalize_label,	3265 .mpo_cred_internalize_label = biba_internalize_label,
3319 .mpo_ifnet_internalize_label = biba_internalize_label, 3320 .mpo_pipe_internalize_label = biba_internalize_label, 3321 .mpo_socket_internalize_label = biba_internalize_label, 3322 .mpo_vnode_internalize_label = biba_internalize_label,	3266 .mpo_cred_relabel = biba_cred_relabel, 3267
3323 .mpo_devfs_create_device = biba_devfs_create_device, 3324 .mpo_devfs_create_directory = biba_devfs_create_directory, 3325 .mpo_devfs_create_symlink = biba_devfs_create_symlink,	3268 .mpo_devfs_create_device = biba_devfs_create_device, 3269 .mpo_devfs_create_directory = biba_devfs_create_directory, 3270 .mpo_devfs_create_symlink = biba_devfs_create_symlink,
3326 .mpo_mount_create = biba_mount_create, 3327 .mpo_vnode_relabel = biba_vnode_relabel,	3271 .mpo_devfs_destroy_label = biba_destroy_label, 3272 .mpo_devfs_init_label = biba_init_label,
3328 .mpo_devfs_update = biba_devfs_update, 3329 .mpo_devfs_vnode_associate = biba_devfs_vnode_associate,	3273 .mpo_devfs_update = biba_devfs_update, 3274 .mpo_devfs_vnode_associate = biba_devfs_vnode_associate,
3330 .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, 3331 .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, 3332 .mpo_vnode_create_extattr = biba_vnode_create_extattr, 3333 .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, 3334 .mpo_socket_create_mbuf = biba_socket_create_mbuf, 3335 .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, 3336 .mpo_pipe_create = biba_pipe_create, 3337 .mpo_posixsem_create = biba_posixsem_create, 3338 .mpo_socket_create = biba_socket_create, 3339 .mpo_socket_newconn = biba_socket_newconn, 3340 .mpo_pipe_relabel = biba_pipe_relabel, 3341 .mpo_socket_relabel = biba_socket_relabel, 3342 .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, 3343 .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, 3344 .mpo_bpfdesc_create = biba_bpfdesc_create, 3345 .mpo_ipq_reassemble = biba_ipq_reassemble, 3346 .mpo_netinet_fragment = biba_netinet_fragment,	3275 3276 .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, 3277 .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, 3278 .mpo_ifnet_copy_label = biba_copy_label,
3347 .mpo_ifnet_create = biba_ifnet_create,	3279 .mpo_ifnet_create = biba_ifnet_create,
	3280 .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3281 .mpo_ifnet_destroy_label = biba_destroy_label, 3282 .mpo_ifnet_externalize_label = biba_externalize_label, 3283 .mpo_ifnet_init_label = biba_init_label, 3284 .mpo_ifnet_internalize_label = biba_internalize_label, 3285 .mpo_ifnet_relabel = biba_ifnet_relabel, 3286 3287 .mpo_inpcb_check_deliver = biba_inpcb_check_deliver,
3348 .mpo_inpcb_create = biba_inpcb_create,	3288 .mpo_inpcb_create = biba_inpcb_create,
3349 .mpo_sysvmsg_create = biba_sysvmsg_create, 3350 .mpo_sysvmsq_create = biba_sysvmsq_create, 3351 .mpo_sysvsem_create = biba_sysvsem_create, 3352 .mpo_sysvshm_create = biba_sysvshm_create, 3353 .mpo_ipq_create = biba_ipq_create,
3354 .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,	3289 .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,
3355 .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3356 .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,	3290 .mpo_inpcb_destroy_label = biba_destroy_label, 3291 .mpo_inpcb_init_label = biba_init_label_waitcheck, 3292 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3293 3294 .mpo_ipq_create = biba_ipq_create, 3295 .mpo_ipq_destroy_label = biba_destroy_label, 3296 .mpo_ipq_init_label = biba_init_label_waitcheck,
3357 .mpo_ipq_match = biba_ipq_match,	3297 .mpo_ipq_match = biba_ipq_match,
3358 .mpo_ifnet_relabel = biba_ifnet_relabel,	3298 .mpo_ipq_reassemble = biba_ipq_reassemble,
3359 .mpo_ipq_update = biba_ipq_update,	3299 .mpo_ipq_update = biba_ipq_update,
3360 .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3361 .mpo_proc_create_swapper = biba_proc_create_swapper, 3362 .mpo_proc_create_init = biba_proc_create_init, 3363 .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, 3364 .mpo_cred_relabel = biba_cred_relabel, 3365 .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3366 .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3367 .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3368 .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3369 .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3370 .mpo_cred_check_relabel = biba_cred_check_relabel, 3371 .mpo_cred_check_visible = biba_cred_check_visible, 3372 .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, 3373 .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, 3374 .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, 3375 .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, 3376 .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, 3377 .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, 3378 .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, 3379 .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, 3380 .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, 3381 .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, 3382 .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, 3383 .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, 3384 .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, 3385 .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, 3386 .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget,	3300
3387 .mpo_kld_check_load = biba_kld_check_load,	3301 .mpo_kld_check_load = biba_kld_check_load,
	3302 3303 .mpo_mbuf_copy_label = biba_copy_label, 3304 .mpo_mbuf_destroy_label = biba_destroy_label, 3305 .mpo_mbuf_init_label = biba_init_label_waitcheck, 3306
3388 .mpo_mount_check_stat = biba_mount_check_stat,	3307 .mpo_mount_check_stat = biba_mount_check_stat,
	3308 .mpo_mount_create = biba_mount_create, 3309 .mpo_mount_destroy_label = biba_destroy_label, 3310 .mpo_mount_init_label = biba_init_label, 3311 3312 .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, 3313 3314 .mpo_netinet_arp_send = biba_netinet_arp_send, 3315 .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, 3316 .mpo_netinet_firewall_send = biba_netinet_firewall_send, 3317 .mpo_netinet_fragment = biba_netinet_fragment, 3318 .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, 3319 .mpo_netinet_igmp_send = biba_netinet_igmp_send, 3320 3321 .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, 3322
3389 .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, 3390 .mpo_pipe_check_poll = biba_pipe_check_poll, 3391 .mpo_pipe_check_read = biba_pipe_check_read, 3392 .mpo_pipe_check_relabel = biba_pipe_check_relabel, 3393 .mpo_pipe_check_stat = biba_pipe_check_stat, 3394 .mpo_pipe_check_write = biba_pipe_check_write,	3323 .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, 3324 .mpo_pipe_check_poll = biba_pipe_check_poll, 3325 .mpo_pipe_check_read = biba_pipe_check_read, 3326 .mpo_pipe_check_relabel = biba_pipe_check_relabel, 3327 .mpo_pipe_check_stat = biba_pipe_check_stat, 3328 .mpo_pipe_check_write = biba_pipe_check_write,
	3329 .mpo_pipe_copy_label = biba_copy_label, 3330 .mpo_pipe_create = biba_pipe_create, 3331 .mpo_pipe_destroy_label = biba_destroy_label, 3332 .mpo_pipe_externalize_label = biba_externalize_label, 3333 .mpo_pipe_init_label = biba_init_label, 3334 .mpo_pipe_internalize_label = biba_internalize_label, 3335 .mpo_pipe_relabel = biba_pipe_relabel, 3336
3395 .mpo_posixsem_check_destroy = biba_posixsem_check_write, 3396 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3397 .mpo_posixsem_check_open = biba_posixsem_check_write, 3398 .mpo_posixsem_check_post = biba_posixsem_check_write, 3399 .mpo_posixsem_check_unlink = biba_posixsem_check_write, 3400 .mpo_posixsem_check_wait = biba_posixsem_check_write,	3337 .mpo_posixsem_check_destroy = biba_posixsem_check_write, 3338 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3339 .mpo_posixsem_check_open = biba_posixsem_check_write, 3340 .mpo_posixsem_check_post = biba_posixsem_check_write, 3341 .mpo_posixsem_check_unlink = biba_posixsem_check_write, 3342 .mpo_posixsem_check_wait = biba_posixsem_check_write,
	3343 .mpo_posixsem_create = biba_posixsem_create, 3344 .mpo_posixsem_destroy_label = biba_destroy_label, 3345 .mpo_posixsem_init_label = biba_init_label, 3346 3347 .mpo_priv_check = biba_priv_check, 3348 3349 .mpo_proc_associate_nfsd = biba_proc_associate_nfsd,
3401 .mpo_proc_check_debug = biba_proc_check_debug, 3402 .mpo_proc_check_sched = biba_proc_check_sched, 3403 .mpo_proc_check_signal = biba_proc_check_signal,	3350 .mpo_proc_check_debug = biba_proc_check_debug, 3351 .mpo_proc_check_sched = biba_proc_check_sched, 3352 .mpo_proc_check_signal = biba_proc_check_signal,
	3353 .mpo_proc_create_init = biba_proc_create_init, 3354 .mpo_proc_create_swapper = biba_proc_create_swapper, 3355
3404 .mpo_socket_check_deliver = biba_socket_check_deliver, 3405 .mpo_socket_check_relabel = biba_socket_check_relabel, 3406 .mpo_socket_check_visible = biba_socket_check_visible,	3356 .mpo_socket_check_deliver = biba_socket_check_deliver, 3357 .mpo_socket_check_relabel = biba_socket_check_relabel, 3358 .mpo_socket_check_visible = biba_socket_check_visible,
	3359 .mpo_socket_copy_label = biba_copy_label, 3360 .mpo_socket_create = biba_socket_create, 3361 .mpo_socket_create_mbuf = biba_socket_create_mbuf, 3362 .mpo_socket_destroy_label = biba_destroy_label, 3363 .mpo_socket_externalize_label = biba_externalize_label, 3364 .mpo_socket_init_label = biba_init_label_waitcheck, 3365 .mpo_socket_internalize_label = biba_internalize_label, 3366 .mpo_socket_newconn = biba_socket_newconn, 3367 .mpo_socket_relabel = biba_socket_relabel, 3368 3369 .mpo_socketpeer_destroy_label = biba_destroy_label, 3370 .mpo_socketpeer_externalize_label = biba_externalize_label, 3371 .mpo_socketpeer_init_label = biba_init_label_waitcheck, 3372 .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, 3373 .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, 3374 3375 .mpo_syncache_create = biba_syncache_create, 3376 .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, 3377 .mpo_syncache_destroy_label = biba_destroy_label, 3378 .mpo_syncache_init_label = biba_init_label_waitcheck, 3379
3407 .mpo_system_check_acct = biba_system_check_acct, 3408 .mpo_system_check_auditctl = biba_system_check_auditctl, 3409 .mpo_system_check_auditon = biba_system_check_auditon,	3380 .mpo_system_check_acct = biba_system_check_acct, 3381 .mpo_system_check_auditctl = biba_system_check_auditctl, 3382 .mpo_system_check_auditon = biba_system_check_auditon,
3410 .mpo_system_check_swapon = biba_system_check_swapon,
3411 .mpo_system_check_swapoff = biba_system_check_swapoff,	3383 .mpo_system_check_swapoff = biba_system_check_swapoff,
	3384 .mpo_system_check_swapon = biba_system_check_swapon,
3412 .mpo_system_check_sysctl = biba_system_check_sysctl,	3385 .mpo_system_check_sysctl = biba_system_check_sysctl,
	3386 3387 .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3388 .mpo_sysvmsg_create = biba_sysvmsg_create, 3389 .mpo_sysvmsg_destroy_label = biba_destroy_label, 3390 .mpo_sysvmsg_init_label = biba_init_label, 3391 3392 .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, 3393 .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, 3394 .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, 3395 .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, 3396 .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, 3397 .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, 3398 .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3399 .mpo_sysvmsq_create = biba_sysvmsq_create, 3400 .mpo_sysvmsq_destroy_label = biba_destroy_label, 3401 .mpo_sysvmsq_init_label = biba_init_label, 3402 3403 .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, 3404 .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, 3405 .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, 3406 .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3407 .mpo_sysvsem_create = biba_sysvsem_create, 3408 .mpo_sysvsem_destroy_label = biba_destroy_label, 3409 .mpo_sysvsem_init_label = biba_init_label, 3410 3411 .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, 3412 .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, 3413 .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, 3414 .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3415 .mpo_sysvshm_create = biba_sysvshm_create, 3416 .mpo_sysvshm_destroy_label = biba_destroy_label, 3417 .mpo_sysvshm_init_label = biba_init_label, 3418 3419 .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, 3420 .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel,
3413 .mpo_vnode_check_access = biba_vnode_check_open, 3414 .mpo_vnode_check_chdir = biba_vnode_check_chdir, 3415 .mpo_vnode_check_chroot = biba_vnode_check_chroot, 3416 .mpo_vnode_check_create = biba_vnode_check_create, 3417 .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl, 3418 .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr, 3419 .mpo_vnode_check_exec = biba_vnode_check_exec, 3420 .mpo_vnode_check_getacl = biba_vnode_check_getacl, --- 15 unchanged lines hidden (view full) --- 3436 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3437 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3438 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3439 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3440 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3441 .mpo_vnode_check_stat = biba_vnode_check_stat, 3442 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3443 .mpo_vnode_check_write = biba_vnode_check_write,	3421 .mpo_vnode_check_access = biba_vnode_check_open, 3422 .mpo_vnode_check_chdir = biba_vnode_check_chdir, 3423 .mpo_vnode_check_chroot = biba_vnode_check_chroot, 3424 .mpo_vnode_check_create = biba_vnode_check_create, 3425 .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl, 3426 .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr, 3427 .mpo_vnode_check_exec = biba_vnode_check_exec, 3428 .mpo_vnode_check_getacl = biba_vnode_check_getacl, --- 15 unchanged lines hidden (view full) --- 3444 .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3445 .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3446 .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3447 .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3448 .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3449 .mpo_vnode_check_stat = biba_vnode_check_stat, 3450 .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3451 .mpo_vnode_check_write = biba_vnode_check_write,
3444 .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, 3445 .mpo_netinet_arp_send = biba_netinet_arp_send, 3446 .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, 3447 .mpo_netinet_firewall_send = biba_netinet_firewall_send, 3448 .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, 3449 .mpo_netinet_igmp_send = biba_netinet_igmp_send, 3450 .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, 3451 .mpo_priv_check = biba_priv_check,	3452 .mpo_vnode_create_extattr = biba_vnode_create_extattr, 3453 .mpo_vnode_copy_label = biba_copy_label, 3454 .mpo_vnode_destroy_label = biba_destroy_label, 3455 .mpo_vnode_externalize_label = biba_externalize_label, 3456 .mpo_vnode_init_label = biba_init_label, 3457 .mpo_vnode_internalize_label = biba_internalize_label, 3458 .mpo_vnode_relabel = biba_vnode_relabel, 3459 .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr,
3452}; 3453 3454MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3455 MPC_LOADTIME_FLAG_NOTLATE \| MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot);	3460}; 3461 3462MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3463 MPC_LOADTIME_FLAG_NOTLATE \| MPC_LOADTIME_FLAG_LABELMBUFS, &biba_slot);