| mac_biba.c (204581) | mac_biba.c (225344) |
|---|---|
| 1/*- | 1/*- |
| 2 * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson | 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson |
| 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * | 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * |
| 17 * This software was developed at the University of Cambridge Computer 18 * Laboratory with support from a grant from Google, Inc. 19 * |
|
| 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. --- 5 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 20 * Redistribution and use in source and binary forms, with or without 21 * modification, are permitted provided that the following conditions 22 * are met: 23 * 1. Redistributions of source code must retain the above copyright 24 * notice, this list of conditions and the following disclaimer. 25 * 2. Redistributions in binary form must reproduce the above copyright 26 * notice, this list of conditions and the following disclaimer in the 27 * documentation and/or other materials provided with the distribution. --- 5 unchanged lines hidden (view full) --- 33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39 * SUCH DAMAGE. 40 * |
| 38 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 204581 2010-03-02 15:05:48Z rwatson $ | 41 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 225344 2011-09-02 17:40:39Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Biba fixed label mandatory integrity policy. 45 */ 46 --- 1570 unchanged lines hidden (view full) --- 1617 1618 if (!biba_dominate_effective(subj, obj)) 1619 return (EACCES); 1620 1621 return (0); 1622} 1623 1624static int | 42 */ 43 44/* 45 * Developed by the TrustedBSD Project. 46 * 47 * Biba fixed label mandatory integrity policy. 48 */ 49 --- 1570 unchanged lines hidden (view full) --- 1620 1621 if (!biba_dominate_effective(subj, obj)) 1622 return (EACCES); 1623 1624 return (0); 1625} 1626 1627static int |
| 1628biba_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1629 struct label *kslabel, mode_t mode) 1630{ 1631 struct mac_biba *subj, *obj; 1632 1633 if (!biba_enabled) 1634 return (0); 1635 1636 subj = SLOT(cred->cr_label); 1637 obj = SLOT(kslabel); 1638 1639 if (!biba_dominate_effective(subj, obj)) 1640 return (EACCES); 1641 1642 return (0); 1643} 1644 1645static int 1646biba_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1647 struct label *kslabel, uid_t uid, gid_t gid) 1648{ 1649 struct mac_biba *subj, *obj; 1650 1651 if (!biba_enabled) 1652 return (0); 1653 1654 subj = SLOT(cred->cr_label); 1655 obj = SLOT(kslabel); 1656 1657 if (!biba_dominate_effective(subj, obj)) 1658 return (EACCES); 1659 1660 return (0); 1661} 1662 1663static int |
|
| 1625biba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1626 struct ksem *ks, struct label *kslabel) 1627{ 1628 struct mac_biba *subj, *obj; 1629 1630 if (!biba_enabled) 1631 return (0); 1632 --- 31 unchanged lines hidden (view full) --- 1664 struct mac_biba *source, *dest; 1665 1666 source = SLOT(cred->cr_label); 1667 dest = SLOT(kslabel); 1668 1669 biba_copy_effective(source, dest); 1670} 1671 | 1664biba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1665 struct ksem *ks, struct label *kslabel) 1666{ 1667 struct mac_biba *subj, *obj; 1668 1669 if (!biba_enabled) 1670 return (0); 1671 --- 31 unchanged lines hidden (view full) --- 1703 struct mac_biba *source, *dest; 1704 1705 source = SLOT(cred->cr_label); 1706 dest = SLOT(kslabel); 1707 1708 biba_copy_effective(source, dest); 1709} 1710 |
| 1711static int 1712biba_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1713 struct label *shmlabel, int prot, int flags) 1714{ 1715 struct mac_biba *subj, *obj; 1716 1717 if (!biba_enabled || !revocation_enabled) 1718 return (0); 1719 1720 subj = SLOT(cred->cr_label); 1721 obj = SLOT(shmlabel); 1722 1723 if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 1724 if (!biba_dominate_effective(obj, subj)) 1725 return (EACCES); 1726 } 1727 if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 1728 if (!biba_dominate_effective(subj, obj)) 1729 return (EACCES); 1730 } 1731 1732 return (0); 1733} 1734 1735static int 1736biba_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1737 struct label *shmlabel, accmode_t accmode) 1738{ 1739 struct mac_biba *subj, *obj; 1740 1741 if (!biba_enabled) 1742 return (0); 1743 1744 subj = SLOT(cred->cr_label); 1745 obj = SLOT(shmlabel); 1746 1747 if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { 1748 if (!biba_dominate_effective(obj, subj)) 1749 return (EACCES); 1750 } 1751 if (accmode & VMODIFY_PERMS) { 1752 if (!biba_dominate_effective(subj, obj)) 1753 return (EACCES); 1754 } 1755 1756 return (0); 1757} 1758 1759static int 1760biba_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1761 struct label *shmlabel, mode_t mode) 1762{ 1763 struct mac_biba *subj, *obj; 1764 1765 if (!biba_enabled) 1766 return (0); 1767 1768 subj = SLOT(cred->cr_label); 1769 obj = SLOT(shmlabel); 1770 1771 if (!biba_dominate_effective(subj, obj)) 1772 return (EACCES); 1773 1774 return (0); 1775} 1776 1777static int 1778biba_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1779 struct label *shmlabel, uid_t uid, gid_t gid) 1780{ 1781 struct mac_biba *subj, *obj; 1782 1783 if (!biba_enabled) 1784 return (0); 1785 1786 subj = SLOT(cred->cr_label); 1787 obj = SLOT(shmlabel); 1788 1789 if (!biba_dominate_effective(subj, obj)) 1790 return (EACCES); 1791 1792 return (0); 1793} 1794 1795static int 1796biba_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, 1797 struct shmfd *shmfd, struct label *shmlabel) 1798{ 1799 struct mac_biba *subj, *obj; 1800 1801 if (!biba_enabled) 1802 return (0); 1803 1804 subj = SLOT(active_cred->cr_label); 1805 obj = SLOT(shmlabel); 1806 1807 if (!biba_dominate_effective(obj, subj)) 1808 return (EACCES); 1809 1810 return (0); 1811} 1812 1813static int 1814biba_posixshm_check_truncate(struct ucred *active_cred, 1815 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmlabel) 1816{ 1817 struct mac_biba *subj, *obj; 1818 1819 if (!biba_enabled) 1820 return (0); 1821 1822 subj = SLOT(active_cred->cr_label); 1823 obj = SLOT(shmlabel); 1824 1825 if (!biba_dominate_effective(subj, obj)) 1826 return (EACCES); 1827 1828 return (0); 1829} 1830 1831static int 1832biba_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1833 struct label *shmlabel) 1834{ 1835 struct mac_biba *subj, *obj; 1836 1837 if (!biba_enabled) 1838 return (0); 1839 1840 subj = SLOT(cred->cr_label); 1841 obj = SLOT(shmlabel); 1842 1843 if (!biba_dominate_effective(subj, obj)) 1844 return (EACCES); 1845 1846 return (0); 1847} 1848 1849static void 1850biba_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1851 struct label *shmlabel) 1852{ 1853 struct mac_biba *source, *dest; 1854 1855 source = SLOT(cred->cr_label); 1856 dest = SLOT(shmlabel); 1857 1858 biba_copy_effective(source, dest); 1859} 1860 |
|
| 1672/* 1673 * Some system privileges are allowed regardless of integrity grade; others 1674 * are allowed only when running with privilege with respect to the Biba 1675 * policy as they might otherwise allow bypassing of the integrity policy. 1676 */ 1677static int 1678biba_priv_check(struct ucred *cred, int priv) 1679{ --- 1770 unchanged lines hidden (view full) --- 3450 .mpo_pipe_externalize_label = biba_externalize_label, 3451 .mpo_pipe_init_label = biba_init_label, 3452 .mpo_pipe_internalize_label = biba_internalize_label, 3453 .mpo_pipe_relabel = biba_pipe_relabel, 3454 3455 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3456 .mpo_posixsem_check_open = biba_posixsem_check_openunlink, 3457 .mpo_posixsem_check_post = biba_posixsem_check_write, | 1861/* 1862 * Some system privileges are allowed regardless of integrity grade; others 1863 * are allowed only when running with privilege with respect to the Biba 1864 * policy as they might otherwise allow bypassing of the integrity policy. 1865 */ 1866static int 1867biba_priv_check(struct ucred *cred, int priv) 1868{ --- 1770 unchanged lines hidden (view full) --- 3639 .mpo_pipe_externalize_label = biba_externalize_label, 3640 .mpo_pipe_init_label = biba_init_label, 3641 .mpo_pipe_internalize_label = biba_internalize_label, 3642 .mpo_pipe_relabel = biba_pipe_relabel, 3643 3644 .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3645 .mpo_posixsem_check_open = biba_posixsem_check_openunlink, 3646 .mpo_posixsem_check_post = biba_posixsem_check_write, |
| 3647 .mpo_posixsem_check_setmode = biba_posixsem_check_setmode, 3648 .mpo_posixsem_check_setowner = biba_posixsem_check_setowner, |
|
| 3458 .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3459 .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, 3460 .mpo_posixsem_check_wait = biba_posixsem_check_write, 3461 .mpo_posixsem_create = biba_posixsem_create, 3462 .mpo_posixsem_destroy_label = biba_destroy_label, 3463 .mpo_posixsem_init_label = biba_init_label, 3464 | 3649 .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3650 .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, 3651 .mpo_posixsem_check_wait = biba_posixsem_check_write, 3652 .mpo_posixsem_create = biba_posixsem_create, 3653 .mpo_posixsem_destroy_label = biba_destroy_label, 3654 .mpo_posixsem_init_label = biba_init_label, 3655 |
| 3656 .mpo_posixshm_check_mmap = biba_posixshm_check_mmap, 3657 .mpo_posixshm_check_open = biba_posixshm_check_open, 3658 .mpo_posixshm_check_setmode = biba_posixshm_check_setmode, 3659 .mpo_posixshm_check_setowner = biba_posixshm_check_setowner, 3660 .mpo_posixshm_check_stat = biba_posixshm_check_stat, 3661 .mpo_posixshm_check_truncate = biba_posixshm_check_truncate, 3662 .mpo_posixshm_check_unlink = biba_posixshm_check_unlink, 3663 .mpo_posixshm_create = biba_posixshm_create, 3664 .mpo_posixshm_destroy_label = biba_destroy_label, 3665 .mpo_posixshm_init_label = biba_init_label, 3666 |
|
| 3465 .mpo_priv_check = biba_priv_check, 3466 3467 .mpo_proc_check_debug = biba_proc_check_debug, 3468 .mpo_proc_check_sched = biba_proc_check_sched, 3469 .mpo_proc_check_signal = biba_proc_check_signal, 3470 3471 .mpo_socket_check_deliver = biba_socket_check_deliver, 3472 .mpo_socket_check_relabel = biba_socket_check_relabel, --- 106 unchanged lines hidden --- | 3667 .mpo_priv_check = biba_priv_check, 3668 3669 .mpo_proc_check_debug = biba_proc_check_debug, 3670 .mpo_proc_check_sched = biba_proc_check_sched, 3671 .mpo_proc_check_signal = biba_proc_check_signal, 3672 3673 .mpo_socket_check_deliver = biba_socket_check_deliver, 3674 .mpo_socket_check_relabel = biba_socket_check_relabel, --- 106 unchanged lines hidden --- |