1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
--- 20 unchanged lines hidden (view full) ---
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 105643 2002-10-21 18:42:01Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Biba fixed label mandatory integrity policy.
43 */
44
45#include <sys/types.h>
--- 396 unchanged lines hidden (view full) ---
442
443 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
444 ("mac_biba_copy_single: labelfrom not single"));
445
446 labelto->mb_single = labelfrom->mb_single;
447 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE;
448}
449
450/*
451 * Policy module operations.
452 */
453static void
454mac_biba_destroy(struct mac_policy_conf *conf)
455{
456
457}
--- 168 unchanged lines hidden (view full) ---
626mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
627 struct label *vnodelabel, struct label *label)
628{
629 struct mac_biba *source, *dest;
630
631 source = SLOT(label);
632 dest = SLOT(vnodelabel);
633
634 mac_biba_copy_single(source, dest);
635}
636
637static void
638mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
639 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
640{
641 struct mac_biba *source, *dest;
642
643 source = SLOT(vnodelabel);
644 dest = SLOT(direntlabel);
645
646 mac_biba_copy_single(source, dest);
647}
648
649static void
650mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
651 struct ucred *cred)
652{
653 struct mac_biba *source, *dest;
654
--- 97 unchanged lines hidden (view full) ---
752mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
753 struct label *socketlabel, struct label *newlabel)
754{
755 struct mac_biba *source, *dest;
756
757 source = SLOT(newlabel);
758 dest = SLOT(socketlabel);
759
760 mac_biba_copy_single(source, dest);
761}
762
763static void
764mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
765 struct label *pipelabel, struct label *newlabel)
766{
767 struct mac_biba *source, *dest;
768
769 source = SLOT(newlabel);
770 dest = SLOT(pipelabel);
771
772 mac_biba_copy_single(source, dest);
773}
774
775static void
776mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
777 struct socket *socket, struct label *socketpeerlabel)
778{
779 struct mac_biba *source, *dest;
780
--- 126 unchanged lines hidden (view full) ---
907 struct label *oldmbuflabel, struct mbuf *newmbuf,
908 struct label *newmbuflabel)
909{
910 struct mac_biba *source, *dest;
911
912 source = SLOT(oldmbuflabel);
913 dest = SLOT(newmbuflabel);
914
915 mac_biba_copy_single(source, dest);
916}
917
918static void
919mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
920 struct mbuf *mbuf, struct label *mbuflabel)
921{
922 struct mac_biba *dest;
923
--- 67 unchanged lines hidden (view full) ---
991mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
992 struct label *ifnetlabel, struct label *newlabel)
993{
994 struct mac_biba *source, *dest;
995
996 source = SLOT(newlabel);
997 dest = SLOT(ifnetlabel);
998
999 mac_biba_copy_single(source, dest);
1000 mac_biba_copy_range(source, dest);
1001}
1002
1003static void
1004mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1005 struct ipq *ipq, struct label *ipqlabel)
1006{
1007
1008 /* NOOP: we only accept matching labels, so no need to update */
--- 62 unchanged lines hidden (view full) ---
1071static void
1072mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
1073{
1074 struct mac_biba *source, *dest;
1075
1076 source = SLOT(newlabel);
1077 dest = SLOT(&cred->cr_label);
1078
1079 mac_biba_copy_single(source, dest);
1080 mac_biba_copy_range(source, dest);
1081}
1082
1083/*
1084 * Access control checks.
1085 */
1086static int
1087mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1088 struct ifnet *ifnet, struct label *ifnetlabel)
--- 1266 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
--- 20 unchanged lines hidden (view full) ---
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 105643 2002-10-21 18:42:01Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Biba fixed label mandatory integrity policy.
43 */
44
45#include <sys/types.h>
--- 396 unchanged lines hidden (view full) ---
442
443 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
444 ("mac_biba_copy_single: labelfrom not single"));
445
446 labelto->mb_single = labelfrom->mb_single;
447 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE;
448}
449
450/*
451 * Policy module operations.
452 */
453static void
454mac_biba_destroy(struct mac_policy_conf *conf)
455{
456
457}
--- 168 unchanged lines hidden (view full) ---
626mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
627 struct label *vnodelabel, struct label *label)
628{
629 struct mac_biba *source, *dest;
630
631 source = SLOT(label);
632 dest = SLOT(vnodelabel);
633
634 mac_biba_copy_single(source, dest);
635}
636
637static void
638mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
639 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
640{
641 struct mac_biba *source, *dest;
642
643 source = SLOT(vnodelabel);
644 dest = SLOT(direntlabel);
645
646 mac_biba_copy_single(source, dest);
647}
648
649static void
650mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
651 struct ucred *cred)
652{
653 struct mac_biba *source, *dest;
654
--- 97 unchanged lines hidden (view full) ---
752mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
753 struct label *socketlabel, struct label *newlabel)
754{
755 struct mac_biba *source, *dest;
756
757 source = SLOT(newlabel);
758 dest = SLOT(socketlabel);
759
760 mac_biba_copy_single(source, dest);
761}
762
763static void
764mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
765 struct label *pipelabel, struct label *newlabel)
766{
767 struct mac_biba *source, *dest;
768
769 source = SLOT(newlabel);
770 dest = SLOT(pipelabel);
771
772 mac_biba_copy_single(source, dest);
773}
774
775static void
776mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
777 struct socket *socket, struct label *socketpeerlabel)
778{
779 struct mac_biba *source, *dest;
780
--- 126 unchanged lines hidden (view full) ---
907 struct label *oldmbuflabel, struct mbuf *newmbuf,
908 struct label *newmbuflabel)
909{
910 struct mac_biba *source, *dest;
911
912 source = SLOT(oldmbuflabel);
913 dest = SLOT(newmbuflabel);
914
915 mac_biba_copy_single(source, dest);
916}
917
918static void
919mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
920 struct mbuf *mbuf, struct label *mbuflabel)
921{
922 struct mac_biba *dest;
923
--- 67 unchanged lines hidden (view full) ---
991mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
992 struct label *ifnetlabel, struct label *newlabel)
993{
994 struct mac_biba *source, *dest;
995
996 source = SLOT(newlabel);
997 dest = SLOT(ifnetlabel);
998
999 mac_biba_copy_single(source, dest);
1000 mac_biba_copy_range(source, dest);
1001}
1002
1003static void
1004mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1005 struct ipq *ipq, struct label *ipqlabel)
1006{
1007
1008 /* NOOP: we only accept matching labels, so no need to update */
--- 62 unchanged lines hidden (view full) ---
1071static void
1072mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
1073{
1074 struct mac_biba *source, *dest;
1075
1076 source = SLOT(newlabel);
1077 dest = SLOT(&cred->cr_label);
1078
1079 mac_biba_copy_single(source, dest);
1080 mac_biba_copy_range(source, dest);
1081}
1082
1083/*
1084 * Access control checks.
1085 */
1086static int
1087mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1088 struct ifnet *ifnet, struct label *ifnetlabel)
--- 1266 unchanged lines hidden ---