| mac_partition.c (172955) | mac_partition.c (173138) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_partition/mac_partition.c 172955 2007-10-25 11:31:11Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_partition/mac_partition.c 173138 2007-10-29 13:33:06Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Experiment with a partition-like model. 45 */ 46 --- 17 unchanged lines hidden (view full) --- 64static int mac_partition_enabled = 1; 65SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 66 &mac_partition_enabled, 0, "Enforce partition policy"); 67 68static int partition_slot; 69#define SLOT(l) mac_label_get((l), partition_slot) 70#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 71 | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Experiment with a partition-like model. 45 */ 46 --- 17 unchanged lines hidden (view full) --- 64static int mac_partition_enabled = 1; 65SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 66 &mac_partition_enabled, 0, "Enforce partition policy"); 67 68static int partition_slot; 69#define SLOT(l) mac_label_get((l), partition_slot) 70#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 71 |
| 72static void 73partition_init_label(struct label *label) | 72static int 73label_on_label(struct label *subject, struct label *object) |
| 74{ 75 | 74{ 75 |
| 76 SLOT_SET(label, 0); 77} | 76 if (mac_partition_enabled == 0) 77 return (0); |
| 78 | 78 |
| 79static void 80partition_destroy_label(struct label *label) 81{ | 79 if (SLOT(subject) == 0) 80 return (0); |
| 82 | 81 |
| 83 SLOT_SET(label, 0); 84} | 82 if (SLOT(subject) == SLOT(object)) 83 return (0); |
| 85 | 84 |
| 86static void 87partition_copy_label(struct label *src, struct label *dest) 88{ 89 90 SLOT_SET(dest, SLOT(src)); | 85 return (EPERM); |
| 91} 92 | 86} 87 |
| 88/* 89 * Object-specific entry points are sorted alphabetically by object type name 90 * and then by operation. 91 */ |
|
| 93static int | 92static int |
| 94partition_externalize_label(struct label *label, char *element_name, 95 struct sbuf *sb, int *claimed) | 93partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) |
| 96{ | 94{ |
| 95 int error; |
|
| 97 | 96 |
| 98 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 99 return (0); | 97 error = 0; |
| 100 | 98 |
| 101 (*claimed)++; | 99 /* Treat "0" as a no-op request. */ 100 if (SLOT(newlabel) != 0) { 101 /* 102 * Require BSD privilege in order to change the partition. 103 * Originally we also required that the process not be in a 104 * partition in the first place, but this didn't interact 105 * well with sendmail. 106 */ 107 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); 108 } |
| 102 | 109 |
| 103 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 104 return (EINVAL); 105 else 106 return (0); | 110 return (error); |
| 107} 108 109static int | 111} 112 113static int |
| 110partition_internalize_label(struct label *label, char *element_name, 111 char *element_data, int *claimed) | 114partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) |
| 112{ | 115{ |
| 116 int error; |
|
| 113 | 117 |
| 114 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 115 return (0); | 118 error = label_on_label(cr1->cr_label, cr2->cr_label); |
| 116 | 119 |
| 117 (*claimed)++; 118 SLOT_SET(label, strtol(element_data, NULL, 10)); 119 return (0); | 120 return (error == 0 ? 0 : ESRCH); |
| 120} 121 122static void | 121} 122 123static void |
| 123partition_proc_create_swapper(struct ucred *cred) | 124partition_cred_copy_label(struct label *src, struct label *dest) |
| 124{ 125 | 125{ 126 |
| 126 SLOT_SET(cred->cr_label, 0); | 127 SLOT_SET(dest, SLOT(src)); |
| 127} 128 129static void | 128} 129 130static void |
| 130partition_proc_create_init(struct ucred *cred) | 131partition_cred_destroy_label(struct label *label) |
| 131{ 132 | 132{ 133 |
| 133 SLOT_SET(cred->cr_label, 0); | 134 SLOT_SET(label, 0); |
| 134} 135 | 135} 136 |
| 136static void 137partition_cred_relabel(struct ucred *cred, struct label *newlabel) 138{ 139 140 if (SLOT(newlabel) != 0) 141 SLOT_SET(cred->cr_label, SLOT(newlabel)); 142} 143 | |
| 144static int | 137static int |
| 145label_on_label(struct label *subject, struct label *object) | 138partition_cred_externalize_label(struct label *label, char *element_name, 139 struct sbuf *sb, int *claimed) |
| 146{ 147 | 140{ 141 |
| 148 if (mac_partition_enabled == 0) | 142 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) |
| 149 return (0); 150 | 143 return (0); 144 |
| 151 if (SLOT(subject) == 0) 152 return (0); | 145 (*claimed)++; |
| 153 | 146 |
| 154 if (SLOT(subject) == SLOT(object)) | 147 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 148 return (EINVAL); 149 else |
| 155 return (0); | 150 return (0); |
| 151} |
|
| 156 | 152 |
| 157 return (EPERM); | 153static void 154partition_cred_init_label(struct label *label) 155{ 156 157 SLOT_SET(label, 0); |
| 158} 159 160static int | 158} 159 160static int |
| 161partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) | 161partition_cred_internalize_label(struct label *label, char *element_name, 162 char *element_data, int *claimed) |
| 162{ | 163{ |
| 163 int error; | |
| 164 | 164 |
| 165 error = 0; | 165 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 166 return (0); |
| 166 | 167 |
| 167 /* Treat "0" as a no-op request. */ 168 if (SLOT(newlabel) != 0) { 169 /* 170 * Require BSD privilege in order to change the partition. 171 * Originally we also required that the process not be in a 172 * partition in the first place, but this didn't interact 173 * well with sendmail. 174 */ 175 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); 176 } 177 178 return (error); | 168 (*claimed)++; 169 SLOT_SET(label, strtol(element_data, NULL, 10)); 170 return (0); |
| 179} 180 | 171} 172 |
| 181static int 182partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) | 173static void 174partition_cred_relabel(struct ucred *cred, struct label *newlabel) |
| 183{ | 175{ |
| 184 int error; | |
| 185 | 176 |
| 186 error = label_on_label(cr1->cr_label, cr2->cr_label); 187 188 return (error == 0 ? 0 : ESRCH); | 177 if (SLOT(newlabel) != 0) 178 SLOT_SET(cred->cr_label, SLOT(newlabel)); |
| 189} 190 191static int 192partition_proc_check_debug(struct ucred *cred, struct proc *p) 193{ 194 int error; 195 196 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); --- 17 unchanged lines hidden (view full) --- 214{ 215 int error; 216 217 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 218 219 return (error ? ESRCH : 0); 220} 221 | 179} 180 181static int 182partition_proc_check_debug(struct ucred *cred, struct proc *p) 183{ 184 int error; 185 186 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); --- 17 unchanged lines hidden (view full) --- 204{ 205 int error; 206 207 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 208 209 return (error ? ESRCH : 0); 210} 211 |
| 212static void 213partition_proc_create_init(struct ucred *cred) 214{ 215 216 SLOT_SET(cred->cr_label, 0); 217} 218 219static void 220partition_proc_create_swapper(struct ucred *cred) 221{ 222 223 SLOT_SET(cred->cr_label, 0); 224} 225 |
|
| 222static int 223partition_socket_check_visible(struct ucred *cred, struct socket *so, 224 struct label *solabel) 225{ 226 int error; 227 228 error = label_on_label(cred->cr_label, solabel); 229 --- 16 unchanged lines hidden (view full) --- 246 return (EINVAL); 247 } 248 249 return (0); 250} 251 252static struct mac_policy_ops partition_ops = 253{ | 226static int 227partition_socket_check_visible(struct ucred *cred, struct socket *so, 228 struct label *solabel) 229{ 230 int error; 231 232 error = label_on_label(cred->cr_label, solabel); 233 --- 16 unchanged lines hidden (view full) --- 250 return (EINVAL); 251 } 252 253 return (0); 254} 255 256static struct mac_policy_ops partition_ops = 257{ |
| 254 .mpo_cred_init_label = partition_init_label, 255 .mpo_cred_destroy_label = partition_destroy_label, 256 .mpo_cred_copy_label = partition_copy_label, 257 .mpo_cred_externalize_label = partition_externalize_label, 258 .mpo_cred_internalize_label = partition_internalize_label, 259 .mpo_proc_create_swapper = partition_proc_create_swapper, 260 .mpo_proc_create_init = partition_proc_create_init, 261 .mpo_cred_relabel = partition_cred_relabel, | |
| 262 .mpo_cred_check_relabel = partition_cred_check_relabel, 263 .mpo_cred_check_visible = partition_cred_check_visible, | 258 .mpo_cred_check_relabel = partition_cred_check_relabel, 259 .mpo_cred_check_visible = partition_cred_check_visible, |
| 260 .mpo_cred_copy_label = partition_cred_copy_label, 261 .mpo_cred_destroy_label = partition_cred_destroy_label, 262 .mpo_cred_externalize_label = partition_cred_externalize_label, 263 .mpo_cred_init_label = partition_cred_init_label, 264 .mpo_cred_internalize_label = partition_cred_internalize_label, 265 .mpo_cred_relabel = partition_cred_relabel, |
|
| 264 .mpo_proc_check_debug = partition_proc_check_debug, 265 .mpo_proc_check_sched = partition_proc_check_sched, 266 .mpo_proc_check_signal = partition_proc_check_signal, | 266 .mpo_proc_check_debug = partition_proc_check_debug, 267 .mpo_proc_check_sched = partition_proc_check_sched, 268 .mpo_proc_check_signal = partition_proc_check_signal, |
| 269 .mpo_proc_create_init = partition_proc_create_init, 270 .mpo_proc_create_swapper = partition_proc_create_swapper, |
|
| 267 .mpo_socket_check_visible = partition_socket_check_visible, 268 .mpo_vnode_check_exec = partition_vnode_check_exec, 269}; 270 271MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", 272 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); | 271 .mpo_socket_check_visible = partition_socket_check_visible, 272 .mpo_vnode_check_exec = partition_vnode_check_exec, 273}; 274 275MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", 276 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot); |