1/*- |
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson |
3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by McAfee 9 * Research, the Security Research Division of McAfee, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA --- 15 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 166533 2007-02-06 14:19:25Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Generic mandatory access module that does nothing. 40 */ 41 42#include <sys/types.h> --- 54 unchanged lines hidden (view full) --- 97#define SYSVIPCSHMMAGIC 0x76119ab0 98#define PIPEMAGIC 0xdc6c9919 99#define POSIXSEMMAGIC 0x78ae980c 100#define PROCMAGIC 0x3b4be98f 101#define CREDMAGIC 0x9a5a4987 102#define VNODEMAGIC 0x1a67a45c 103#define EXMAGIC 0x849ba1fd 104 |
105#define SLOT(x) mac_label_get((x), test_slot) 106#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) |
107 108#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \ 109 SLOT(x) == 0, ("%s: Bad BPF label", __func__ )) 110#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \ 111 SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ )) 112#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \ 113 SLOT(x) == 0, ("%s: Bad IFNET label", __func__ )) 114#define ASSERT_INPCB_LABEL(x) KASSERT(SLOT(x) == INPCBMAGIC || \ --- 186 unchanged lines hidden (view full) --- 301 302/* 303 * Label operations. 304 */ 305static void 306mac_test_init_bpfdesc_label(struct label *label) 307{ 308 |
309 SLOT_SET(label, BPFMAGIC); |
310 atomic_add_int(&init_count_bpfdesc, 1); 311} 312 313static void 314mac_test_init_cred_label(struct label *label) 315{ 316 |
317 SLOT_SET(label, CREDMAGIC); |
318 atomic_add_int(&init_count_cred, 1); 319} 320 321static void 322mac_test_init_devfsdirent_label(struct label *label) 323{ 324 |
325 SLOT_SET(label, DEVFSMAGIC); |
326 atomic_add_int(&init_count_devfsdirent, 1); 327} 328 329static void 330mac_test_init_ifnet_label(struct label *label) 331{ 332 |
333 SLOT_SET(label, IFNETMAGIC); |
334 atomic_add_int(&init_count_ifnet, 1); 335} 336 337static int 338mac_test_init_inpcb_label(struct label *label, int flag) 339{ 340 341 if (flag & M_WAITOK) 342 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 343 "mac_test_init_inpcb_label() at %s:%d", __FILE__, 344 __LINE__); 345 |
346 SLOT_SET(label, INPCBMAGIC); |
347 atomic_add_int(&init_count_inpcb, 1); 348 return (0); 349} 350 351static void 352mac_test_init_sysv_msgmsg_label(struct label *label) 353{ |
354 SLOT_SET(label, SYSVIPCMSGMAGIC); |
355 atomic_add_int(&init_count_sysv_msg, 1); 356} 357 358static void 359mac_test_init_sysv_msgqueue_label(struct label *label) 360{ |
361 SLOT_SET(label, SYSVIPCMSQMAGIC); |
362 atomic_add_int(&init_count_sysv_msq, 1); 363} 364 365static void 366mac_test_init_sysv_sem_label(struct label *label) 367{ |
368 SLOT_SET(label, SYSVIPCSEMMAGIC); |
369 atomic_add_int(&init_count_sysv_sem, 1); 370} 371 372static void 373mac_test_init_sysv_shm_label(struct label *label) 374{ |
375 SLOT_SET(label, SYSVIPCSHMMAGIC); |
376 atomic_add_int(&init_count_sysv_shm, 1); 377} 378 379static int 380mac_test_init_ipq_label(struct label *label, int flag) 381{ 382 383 if (flag & M_WAITOK) 384 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 385 "mac_test_init_ipq_label() at %s:%d", __FILE__, 386 __LINE__); 387 |
388 SLOT_SET(label, IPQMAGIC); |
389 atomic_add_int(&init_count_ipq, 1); 390 return (0); 391} 392 393static int 394mac_test_init_mbuf_label(struct label *label, int flag) 395{ 396 397 if (flag & M_WAITOK) 398 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 399 "mac_test_init_mbuf_label() at %s:%d", __FILE__, 400 __LINE__); 401 |
402 SLOT_SET(label, MBUFMAGIC); |
403 atomic_add_int(&init_count_mbuf, 1); 404 return (0); 405} 406 407static void 408mac_test_init_mount_label(struct label *label) 409{ 410 |
411 SLOT_SET(label, MOUNTMAGIC); |
412 atomic_add_int(&init_count_mount, 1); 413} 414 415static void 416mac_test_init_mount_fs_label(struct label *label) 417{ 418 |
419 SLOT_SET(label, MOUNTMAGIC); |
420 atomic_add_int(&init_count_mount_fslabel, 1); 421} 422 423static int 424mac_test_init_socket_label(struct label *label, int flag) 425{ 426 427 if (flag & M_WAITOK) 428 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 429 "mac_test_init_socket_label() at %s:%d", __FILE__, 430 __LINE__); 431 |
432 SLOT_SET(label, SOCKETMAGIC); |
433 atomic_add_int(&init_count_socket, 1); 434 return (0); 435} 436 437static int 438mac_test_init_socket_peer_label(struct label *label, int flag) 439{ 440 441 if (flag & M_WAITOK) 442 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 443 "mac_test_init_socket_peer_label() at %s:%d", __FILE__, 444 __LINE__); 445 |
446 SLOT_SET(label, SOCKETMAGIC); |
447 atomic_add_int(&init_count_socket_peerlabel, 1); 448 return (0); 449} 450 451static void 452mac_test_init_pipe_label(struct label *label) 453{ 454 |
455 SLOT_SET(label, PIPEMAGIC); |
456 atomic_add_int(&init_count_pipe, 1); 457} 458 459static void 460mac_test_init_posix_sem_label(struct label *label) 461{ 462 |
463 SLOT_SET(label, POSIXSEMMAGIC); |
464 atomic_add_int(&init_count_posixsems, 1); 465} 466 467static void 468mac_test_init_proc_label(struct label *label) 469{ 470 |
471 SLOT_SET(label, PROCMAGIC); |
472 atomic_add_int(&init_count_proc, 1); 473} 474 475static void 476mac_test_init_vnode_label(struct label *label) 477{ 478 |
479 SLOT_SET(label, VNODEMAGIC); |
480 atomic_add_int(&init_count_vnode, 1); 481} 482 483static void 484mac_test_destroy_bpfdesc_label(struct label *label) 485{ 486 487 if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) { 488 atomic_add_int(&destroy_count_bpfdesc, 1); |
489 SLOT_SET(label, EXMAGIC); |
490 } else if (SLOT(label) == EXMAGIC) { 491 DEBUGGER("mac_test_destroy_bpfdesc: dup destroy"); 492 } else { 493 DEBUGGER("mac_test_destroy_bpfdesc: corrupted label"); 494 } 495} 496 497static void 498mac_test_destroy_cred_label(struct label *label) 499{ 500 501 if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) { 502 atomic_add_int(&destroy_count_cred, 1); |
503 SLOT_SET(label, EXMAGIC); |
504 } else if (SLOT(label) == EXMAGIC) { 505 DEBUGGER("mac_test_destroy_cred: dup destroy"); 506 } else { 507 DEBUGGER("mac_test_destroy_cred: corrupted label"); 508 } 509} 510 511static void 512mac_test_destroy_devfsdirent_label(struct label *label) 513{ 514 515 if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) { 516 atomic_add_int(&destroy_count_devfsdirent, 1); |
517 SLOT_SET(label, EXMAGIC); |
518 } else if (SLOT(label) == EXMAGIC) { 519 DEBUGGER("mac_test_destroy_devfsdirent: dup destroy"); 520 } else { 521 DEBUGGER("mac_test_destroy_devfsdirent: corrupted label"); 522 } 523} 524 525static void 526mac_test_destroy_ifnet_label(struct label *label) 527{ 528 529 if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) { 530 atomic_add_int(&destroy_count_ifnet, 1); |
531 SLOT_SET(label, EXMAGIC); |
532 } else if (SLOT(label) == EXMAGIC) { 533 DEBUGGER("mac_test_destroy_ifnet: dup destroy"); 534 } else { 535 DEBUGGER("mac_test_destroy_ifnet: corrupted label"); 536 } 537} 538 539static void 540mac_test_destroy_inpcb_label(struct label *label) 541{ 542 543 if (SLOT(label) == INPCBMAGIC || SLOT(label) == 0) { 544 atomic_add_int(&destroy_count_inpcb, 1); |
545 SLOT_SET(label, EXMAGIC); |
546 } else if (SLOT(label) == EXMAGIC) { 547 DEBUGGER("mac_test_destroy_inpcb: dup destroy"); 548 } else { 549 DEBUGGER("mac_test_destroy_inpcb: corrupted label"); 550 } 551} 552 553static void 554mac_test_destroy_sysv_msgmsg_label(struct label *label) 555{ 556 557 if (SLOT(label) == SYSVIPCMSGMAGIC || SLOT(label) == 0) { 558 atomic_add_int(&destroy_count_sysv_msg, 1); |
559 SLOT_SET(label, EXMAGIC); |
560 } else if (SLOT(label) == EXMAGIC) { 561 DEBUGGER("mac_test_destroy_sysv_msgmsg_label: dup destroy"); 562 } else { 563 DEBUGGER( 564 "mac_test_destroy_sysv_msgmsg_label: corrupted label"); 565 } 566} 567 568static void 569mac_test_destroy_sysv_msgqueue_label(struct label *label) 570{ 571 572 if (SLOT(label) == SYSVIPCMSQMAGIC || SLOT(label) == 0) { 573 atomic_add_int(&destroy_count_sysv_msq, 1); |
574 SLOT_SET(label, EXMAGIC); |
575 } else if (SLOT(label) == EXMAGIC) { 576 DEBUGGER("mac_test_destroy_sysv_msgqueue_label: dup destroy"); 577 } else { 578 DEBUGGER( 579 "mac_test_destroy_sysv_msgqueue_label: corrupted label"); 580 } 581} 582 583static void 584mac_test_destroy_sysv_sem_label(struct label *label) 585{ 586 587 if (SLOT(label) == SYSVIPCSEMMAGIC || SLOT(label) == 0) { 588 atomic_add_int(&destroy_count_sysv_sem, 1); |
589 SLOT_SET(label, EXMAGIC); |
590 } else if (SLOT(label) == EXMAGIC) { 591 DEBUGGER("mac_test_destroy_sysv_sem_label: dup destroy"); 592 } else { 593 DEBUGGER("mac_test_destroy_sysv_sem_label: corrupted label"); 594 } 595} 596 597static void 598mac_test_destroy_sysv_shm_label(struct label *label) 599{ 600 601 if (SLOT(label) == SYSVIPCSHMMAGIC || SLOT(label) == 0) { 602 atomic_add_int(&destroy_count_sysv_shm, 1); |
603 SLOT_SET(label, EXMAGIC); |
604 } else if (SLOT(label) == EXMAGIC) { 605 DEBUGGER("mac_test_destroy_sysv_shm_label: dup destroy"); 606 } else { 607 DEBUGGER("mac_test_destroy_sysv_shm_label: corrupted label"); 608 } 609} 610 611static void 612mac_test_destroy_ipq_label(struct label *label) 613{ 614 615 if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) { 616 atomic_add_int(&destroy_count_ipq, 1); |
617 SLOT_SET(label, EXMAGIC); |
618 } else if (SLOT(label) == EXMAGIC) { 619 DEBUGGER("mac_test_destroy_ipq: dup destroy"); 620 } else { 621 DEBUGGER("mac_test_destroy_ipq: corrupted label"); 622 } 623} 624 625static void --- 5 unchanged lines hidden (view full) --- 631 * didn't have label storage allocated for them. Handle this 632 * gracefully. 633 */ 634 if (label == NULL) 635 return; 636 637 if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) { 638 atomic_add_int(&destroy_count_mbuf, 1); |
639 SLOT_SET(label, EXMAGIC); |
640 } else if (SLOT(label) == EXMAGIC) { 641 DEBUGGER("mac_test_destroy_mbuf: dup destroy"); 642 } else { 643 DEBUGGER("mac_test_destroy_mbuf: corrupted label"); 644 } 645} 646 647static void 648mac_test_destroy_mount_label(struct label *label) 649{ 650 651 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) { 652 atomic_add_int(&destroy_count_mount, 1); |
653 SLOT_SET(label, EXMAGIC); |
654 } else if (SLOT(label) == EXMAGIC) { 655 DEBUGGER("mac_test_destroy_mount: dup destroy"); 656 } else { 657 DEBUGGER("mac_test_destroy_mount: corrupted label"); 658 } 659} 660 661static void 662mac_test_destroy_mount_fs_label(struct label *label) 663{ 664 665 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) { 666 atomic_add_int(&destroy_count_mount_fslabel, 1); |
667 SLOT_SET(label, EXMAGIC); |
668 } else if (SLOT(label) == EXMAGIC) { 669 DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy"); 670 } else { 671 DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label"); 672 } 673} 674 675static void 676mac_test_destroy_socket_label(struct label *label) 677{ 678 679 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) { 680 atomic_add_int(&destroy_count_socket, 1); |
681 SLOT_SET(label, EXMAGIC); |
682 } else if (SLOT(label) == EXMAGIC) { 683 DEBUGGER("mac_test_destroy_socket: dup destroy"); 684 } else { 685 DEBUGGER("mac_test_destroy_socket: corrupted label"); 686 } 687} 688 689static void 690mac_test_destroy_socket_peer_label(struct label *label) 691{ 692 693 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) { 694 atomic_add_int(&destroy_count_socket_peerlabel, 1); |
695 SLOT_SET(label, EXMAGIC); |
696 } else if (SLOT(label) == EXMAGIC) { 697 DEBUGGER("mac_test_destroy_socket_peerlabel: dup destroy"); 698 } else { 699 DEBUGGER("mac_test_destroy_socket_peerlabel: corrupted label"); 700 } 701} 702 703static void 704mac_test_destroy_pipe_label(struct label *label) 705{ 706 707 if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) { 708 atomic_add_int(&destroy_count_pipe, 1); |
709 SLOT_SET(label, EXMAGIC); |
710 } else if (SLOT(label) == EXMAGIC) { 711 DEBUGGER("mac_test_destroy_pipe: dup destroy"); 712 } else { 713 DEBUGGER("mac_test_destroy_pipe: corrupted label"); 714 } 715} 716 717static void 718mac_test_destroy_posix_sem_label(struct label *label) 719{ 720 721 if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) { 722 atomic_add_int(&destroy_count_posixsems, 1); |
723 SLOT_SET(label, EXMAGIC); |
724 } else if (SLOT(label) == EXMAGIC) { 725 DEBUGGER("mac_test_destroy_posix_sem: dup destroy"); 726 } else { 727 DEBUGGER("mac_test_destroy_posix_sem: corrupted label"); 728 } 729} 730 731static void 732mac_test_destroy_proc_label(struct label *label) 733{ 734 735 if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) { 736 atomic_add_int(&destroy_count_proc, 1); |
737 SLOT_SET(label, EXMAGIC); |
738 } else if (SLOT(label) == EXMAGIC) { 739 DEBUGGER("mac_test_destroy_proc: dup destroy"); 740 } else { 741 DEBUGGER("mac_test_destroy_proc: corrupted label"); 742 } 743} 744 745static void 746mac_test_destroy_vnode_label(struct label *label) 747{ 748 749 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) { 750 atomic_add_int(&destroy_count_vnode, 1); |
751 SLOT_SET(label, EXMAGIC); |
752 } else if (SLOT(label) == EXMAGIC) { 753 DEBUGGER("mac_test_destroy_vnode: dup destroy"); 754 } else { 755 DEBUGGER("mac_test_destroy_vnode: corrupted label"); 756 } 757} 758 759static void --- 1855 unchanged lines hidden --- |