mac_process.c revision 150913
1100894Srwatson/*- 2126097Srwatson * Copyright (c) 1999-2002 Robert N. M. Watson 3100894Srwatson * Copyright (c) 2001 Ilmar S. Habibulin 4126097Srwatson * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5145147Srwatson * Copyright (c) 2005 Samy Al Bahra 6100894Srwatson * All rights reserved. 7100894Srwatson * 8100894Srwatson * This software was developed by Robert Watson and Ilmar Habibulin for the 9100894Srwatson * TrustedBSD Project. 10100894Srwatson * 11106392Srwatson * This software was developed for the FreeBSD Project in part by Network 12106392Srwatson * Associates Laboratories, the Security Research Division of Network 13106392Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 14106392Srwatson * as part of the DARPA CHATS research program. 15100894Srwatson * 16100894Srwatson * Redistribution and use in source and binary forms, with or without 17100894Srwatson * modification, are permitted provided that the following conditions 18100894Srwatson * are met: 19100894Srwatson * 1. Redistributions of source code must retain the above copyright 20100894Srwatson * notice, this list of conditions and the following disclaimer. 21100894Srwatson * 2. Redistributions in binary form must reproduce the above copyright 22100894Srwatson * notice, this list of conditions and the following disclaimer in the 23100894Srwatson * documentation and/or other materials provided with the distribution. 24100894Srwatson * 25100894Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26100894Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27100894Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28100894Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29100894Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30100894Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31100894Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32100894Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33100894Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34100894Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35100894Srwatson * SUCH DAMAGE. 36100894Srwatson */ 37116182Sobrien 38116182Sobrien#include <sys/cdefs.h> 39116182Sobrien__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 150913 2005-10-04 14:32:15Z csjp $"); 40116182Sobrien 41100894Srwatson#include "opt_mac.h" 42101173Srwatson 43100894Srwatson#include <sys/param.h> 44106856Srwatson#include <sys/condvar.h> 45106468Srwatson#include <sys/imgact.h> 46100979Srwatson#include <sys/kernel.h> 47100979Srwatson#include <sys/lock.h> 48102949Sbde#include <sys/malloc.h> 49100979Srwatson#include <sys/mutex.h> 50100979Srwatson#include <sys/mac.h> 51100979Srwatson#include <sys/proc.h> 52116701Srwatson#include <sys/sbuf.h> 53100979Srwatson#include <sys/systm.h> 54100979Srwatson#include <sys/vnode.h> 55100979Srwatson#include <sys/mount.h> 56100979Srwatson#include <sys/file.h> 57100979Srwatson#include <sys/namei.h> 58100979Srwatson#include <sys/sysctl.h> 59100894Srwatson 60100979Srwatson#include <vm/vm.h> 61100979Srwatson#include <vm/pmap.h> 62100979Srwatson#include <vm/vm_map.h> 63100979Srwatson#include <vm/vm_object.h> 64100979Srwatson 65100979Srwatson#include <sys/mac_policy.h> 66100979Srwatson 67121361Srwatson#include <security/mac/mac_internal.h> 68100979Srwatson 69121361Srwatsonint mac_enforce_process = 1; 70100979SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, 71100979Srwatson &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); 72100979SrwatsonTUNABLE_INT("security.mac.enforce_process", &mac_enforce_process); 73100979Srwatson 74121361Srwatsonint mac_enforce_vm = 1; 75103514SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, 76103514Srwatson &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); 77104236SrwatsonTUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm); 78103514Srwatson 79103136Srwatsonstatic int mac_mmap_revocation = 1; 80103136SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW, 81103136Srwatson &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " 82103136Srwatson "relabel"); 83121361Srwatson 84101892Srwatsonstatic int mac_mmap_revocation_via_cow = 0; 85100979SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 86100979Srwatson &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 87100979Srwatson "copy-on-write semantics, or by removing all write access"); 88100979Srwatson 89145147Srwatsonstatic int mac_enforce_suid = 1; 90145147SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, enforce_suid, CTLFLAG_RW, 91145147Srwatson &mac_enforce_suid, 0, "Enforce MAC policy on suid/sgid operations"); 92145147SrwatsonTUNABLE_INT("security.mac.enforce_suid", &mac_enforce_suid); 93145147Srwatson 94101988Srwatson#ifdef MAC_DEBUG 95121361Srwatsonstatic unsigned int nmaccreds, nmacprocs; 96104517SrwatsonSYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 97100979Srwatson &nmaccreds, 0, "number of ucreds in use"); 98107105SrwatsonSYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, procs, CTLFLAG_RD, 99107105Srwatson &nmacprocs, 0, "number of procs in use"); 100101988Srwatson#endif 101100979Srwatson 102100979Srwatsonstatic void mac_cred_mmapped_drop_perms_recurse(struct thread *td, 103100979Srwatson struct ucred *cred, struct vm_map *map); 104100979Srwatson 105122524Srwatsonstruct label * 106122524Srwatsonmac_cred_label_alloc(void) 107104521Srwatson{ 108122524Srwatson struct label *label; 109104521Srwatson 110122524Srwatson label = mac_labelzone_alloc(M_WAITOK); 111105694Srwatson MAC_PERFORM(init_cred_label, label); 112119184Srwatson MAC_DEBUG_COUNTER_INC(&nmaccreds); 113122524Srwatson return (label); 114104521Srwatson} 115104521Srwatson 116104521Srwatsonvoid 117105694Srwatsonmac_init_cred(struct ucred *cred) 118105694Srwatson{ 119105694Srwatson 120122524Srwatson cred->cr_label = mac_cred_label_alloc(); 121105694Srwatson} 122105694Srwatson 123122524Srwatsonstatic struct label * 124122524Srwatsonmac_proc_label_alloc(void) 125122524Srwatson{ 126122524Srwatson struct label *label; 127122524Srwatson 128122524Srwatson label = mac_labelzone_alloc(M_WAITOK); 129122524Srwatson MAC_PERFORM(init_proc_label, label); 130122524Srwatson MAC_DEBUG_COUNTER_INC(&nmacprocs); 131122524Srwatson return (label); 132122524Srwatson} 133122524Srwatson 134105694Srwatsonvoid 135107105Srwatsonmac_init_proc(struct proc *p) 136107105Srwatson{ 137107105Srwatson 138122524Srwatson p->p_label = mac_proc_label_alloc(); 139107105Srwatson} 140107105Srwatson 141105988Srwatsonvoid 142122524Srwatsonmac_cred_label_free(struct label *label) 143104521Srwatson{ 144104521Srwatson 145105694Srwatson MAC_PERFORM(destroy_cred_label, label); 146122524Srwatson mac_labelzone_free(label); 147119184Srwatson MAC_DEBUG_COUNTER_DEC(&nmaccreds); 148104521Srwatson} 149104521Srwatson 150104521Srwatsonvoid 151105694Srwatsonmac_destroy_cred(struct ucred *cred) 152105694Srwatson{ 153105694Srwatson 154122524Srwatson mac_cred_label_free(cred->cr_label); 155122524Srwatson cred->cr_label = NULL; 156105694Srwatson} 157105694Srwatson 158122524Srwatsonstatic void 159122524Srwatsonmac_proc_label_free(struct label *label) 160122524Srwatson{ 161122524Srwatson 162122524Srwatson MAC_PERFORM(destroy_proc_label, label); 163122524Srwatson mac_labelzone_free(label); 164122524Srwatson MAC_DEBUG_COUNTER_DEC(&nmacprocs); 165122524Srwatson} 166122524Srwatson 167105694Srwatsonvoid 168107105Srwatsonmac_destroy_proc(struct proc *p) 169107105Srwatson{ 170107105Srwatson 171122524Srwatson mac_proc_label_free(p->p_label); 172122524Srwatson p->p_label = NULL; 173107105Srwatson} 174107105Srwatson 175121361Srwatsonint 176105694Srwatsonmac_externalize_cred_label(struct label *label, char *elements, 177122159Srwatson char *outbuf, size_t outbuflen) 178105694Srwatson{ 179104522Srwatson int error; 180104522Srwatson 181121507Srwatson MAC_EXTERNALIZE(cred, label, elements, outbuf, outbuflen); 182104522Srwatson 183104522Srwatson return (error); 184104522Srwatson} 185104522Srwatson 186121361Srwatsonint 187105694Srwatsonmac_internalize_cred_label(struct label *label, char *string) 188105694Srwatson{ 189105694Srwatson int error; 190105694Srwatson 191121507Srwatson MAC_INTERNALIZE(cred, label, string); 192105694Srwatson 193105694Srwatson return (error); 194105694Srwatson} 195105694Srwatson 196104522Srwatson/* 197104522Srwatson * Initialize MAC label for the first kernel process, from which other 198104522Srwatson * kernel processes and threads are spawned. 199104522Srwatson */ 200104521Srwatsonvoid 201104522Srwatsonmac_create_proc0(struct ucred *cred) 202104522Srwatson{ 203104522Srwatson 204104522Srwatson MAC_PERFORM(create_proc0, cred); 205104522Srwatson} 206104522Srwatson 207104522Srwatson/* 208104522Srwatson * Initialize MAC label for the first userland process, from which other 209104522Srwatson * userland processes and threads are spawned. 210104522Srwatson */ 211104522Srwatsonvoid 212104522Srwatsonmac_create_proc1(struct ucred *cred) 213104522Srwatson{ 214104522Srwatson 215104522Srwatson MAC_PERFORM(create_proc1, cred); 216104522Srwatson} 217104522Srwatson 218104522Srwatsonvoid 219104522Srwatsonmac_thread_userret(struct thread *td) 220104522Srwatson{ 221104522Srwatson 222104522Srwatson MAC_PERFORM(thread_userret, td); 223104522Srwatson} 224104522Srwatson 225104522Srwatson/* 226104522Srwatson * When a new process is created, its label must be initialized. Generally, 227104522Srwatson * this involves inheritence from the parent process, modulo possible 228104522Srwatson * deltas. This function allows that processing to take place. 229104522Srwatson */ 230104522Srwatsonvoid 231123173Srwatsonmac_copy_cred(struct ucred *src, struct ucred *dest) 232104522Srwatson{ 233104522Srwatson 234123173Srwatson MAC_PERFORM(copy_cred_label, src->cr_label, dest->cr_label); 235104522Srwatson} 236104522Srwatson 237105988Srwatsonint 238122524Srwatsonmac_execve_enter(struct image_params *imgp, struct mac *mac_p) 239106468Srwatson{ 240122524Srwatson struct label *label; 241106468Srwatson struct mac mac; 242106468Srwatson char *buffer; 243106468Srwatson int error; 244106468Srwatson 245106468Srwatson if (mac_p == NULL) 246106468Srwatson return (0); 247106468Srwatson 248106468Srwatson error = copyin(mac_p, &mac, sizeof(mac)); 249106468Srwatson if (error) 250106468Srwatson return (error); 251106468Srwatson 252106468Srwatson error = mac_check_structmac_consistent(&mac); 253106468Srwatson if (error) 254106468Srwatson return (error); 255106468Srwatson 256111119Simp buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); 257106468Srwatson error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 258106468Srwatson if (error) { 259106468Srwatson free(buffer, M_MACTEMP); 260106468Srwatson return (error); 261106468Srwatson } 262106468Srwatson 263122524Srwatson label = mac_cred_label_alloc(); 264122524Srwatson error = mac_internalize_cred_label(label, buffer); 265106468Srwatson free(buffer, M_MACTEMP); 266106468Srwatson if (error) { 267122524Srwatson mac_cred_label_free(label); 268106468Srwatson return (error); 269106468Srwatson } 270122524Srwatson imgp->execlabel = label; 271106468Srwatson return (0); 272106468Srwatson} 273106468Srwatson 274100979Srwatsonvoid 275106468Srwatsonmac_execve_exit(struct image_params *imgp) 276100979Srwatson{ 277122524Srwatson if (imgp->execlabel != NULL) { 278122524Srwatson mac_cred_label_free(imgp->execlabel); 279122524Srwatson imgp->execlabel = NULL; 280122524Srwatson } 281106468Srwatson} 282100979Srwatson 283100979Srwatson/* 284100979Srwatson * When relabeling a process, call out to the policies for the maximum 285100979Srwatson * permission allowed for each object type we know about in its 286100979Srwatson * memory space, and revoke access (in the least surprising ways we 287100979Srwatson * know) when necessary. The process lock is not held here. 288100979Srwatson */ 289107271Srwatsonvoid 290100979Srwatsonmac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) 291100979Srwatson{ 292100979Srwatson 293100979Srwatson /* XXX freeze all other threads */ 294100979Srwatson mac_cred_mmapped_drop_perms_recurse(td, cred, 295100979Srwatson &td->td_proc->p_vmspace->vm_map); 296100979Srwatson /* XXX allow other threads to continue */ 297100979Srwatson} 298100979Srwatson 299100979Srwatsonstatic __inline const char * 300100979Srwatsonprot2str(vm_prot_t prot) 301100979Srwatson{ 302100979Srwatson 303100979Srwatson switch (prot & VM_PROT_ALL) { 304100979Srwatson case VM_PROT_READ: 305100979Srwatson return ("r--"); 306100979Srwatson case VM_PROT_READ | VM_PROT_WRITE: 307100979Srwatson return ("rw-"); 308100979Srwatson case VM_PROT_READ | VM_PROT_EXECUTE: 309100979Srwatson return ("r-x"); 310100979Srwatson case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE: 311100979Srwatson return ("rwx"); 312100979Srwatson case VM_PROT_WRITE: 313100979Srwatson return ("-w-"); 314100979Srwatson case VM_PROT_EXECUTE: 315100979Srwatson return ("--x"); 316100979Srwatson case VM_PROT_WRITE | VM_PROT_EXECUTE: 317100979Srwatson return ("-wx"); 318100979Srwatson default: 319100979Srwatson return ("---"); 320100979Srwatson } 321100979Srwatson} 322100979Srwatson 323100979Srwatsonstatic void 324100979Srwatsonmac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, 325100979Srwatson struct vm_map *map) 326100979Srwatson{ 327100979Srwatson struct vm_map_entry *vme; 328150913Scsjp int vfslocked, result; 329104546Srwatson vm_prot_t revokeperms; 330100979Srwatson vm_object_t object; 331100979Srwatson vm_ooffset_t offset; 332100979Srwatson struct vnode *vp; 333100979Srwatson 334103136Srwatson if (!mac_mmap_revocation) 335103136Srwatson return; 336103136Srwatson 337100979Srwatson vm_map_lock_read(map); 338100979Srwatson for (vme = map->header.next; vme != &map->header; vme = vme->next) { 339100979Srwatson if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { 340100979Srwatson mac_cred_mmapped_drop_perms_recurse(td, cred, 341100979Srwatson vme->object.sub_map); 342100979Srwatson continue; 343100979Srwatson } 344100979Srwatson /* 345100979Srwatson * Skip over entries that obviously are not shared. 346100979Srwatson */ 347100979Srwatson if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || 348100979Srwatson !vme->max_protection) 349100979Srwatson continue; 350100979Srwatson /* 351100979Srwatson * Drill down to the deepest backing object. 352100979Srwatson */ 353100979Srwatson offset = vme->offset; 354100979Srwatson object = vme->object.vm_object; 355100979Srwatson if (object == NULL) 356100979Srwatson continue; 357100979Srwatson while (object->backing_object != NULL) { 358100979Srwatson object = object->backing_object; 359100979Srwatson offset += object->backing_object_offset; 360100979Srwatson } 361100979Srwatson /* 362100979Srwatson * At the moment, vm_maps and objects aren't considered 363100979Srwatson * by the MAC system, so only things with backing by a 364100979Srwatson * normal object (read: vnodes) are checked. 365100979Srwatson */ 366100979Srwatson if (object->type != OBJT_VNODE) 367100979Srwatson continue; 368100979Srwatson vp = (struct vnode *)object->handle; 369150913Scsjp vfslocked = VFS_LOCK_GIANT(vp->v_mount); 370100979Srwatson vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 371104546Srwatson result = vme->max_protection; 372104546Srwatson mac_check_vnode_mmap_downgrade(cred, vp, &result); 373100979Srwatson VOP_UNLOCK(vp, 0, td); 374100979Srwatson /* 375100979Srwatson * Find out what maximum protection we may be allowing 376100979Srwatson * now but a policy needs to get removed. 377100979Srwatson */ 378100979Srwatson revokeperms = vme->max_protection & ~result; 379150913Scsjp if (!revokeperms) { 380150913Scsjp VFS_UNLOCK_GIANT(vfslocked); 381100979Srwatson continue; 382150913Scsjp } 383102949Sbde printf("pid %ld: revoking %s perms from %#lx:%ld " 384102949Sbde "(max %s/cur %s)\n", (long)td->td_proc->p_pid, 385102949Sbde prot2str(revokeperms), (u_long)vme->start, 386102949Sbde (long)(vme->end - vme->start), 387100979Srwatson prot2str(vme->max_protection), prot2str(vme->protection)); 388100979Srwatson vm_map_lock_upgrade(map); 389100979Srwatson /* 390100979Srwatson * This is the really simple case: if a map has more 391100979Srwatson * max_protection than is allowed, but it's not being 392100979Srwatson * actually used (that is, the current protection is 393100979Srwatson * still allowed), we can just wipe it out and do 394100979Srwatson * nothing more. 395100979Srwatson */ 396100979Srwatson if ((vme->protection & revokeperms) == 0) { 397100979Srwatson vme->max_protection -= revokeperms; 398100979Srwatson } else { 399100979Srwatson if (revokeperms & VM_PROT_WRITE) { 400100979Srwatson /* 401100979Srwatson * In the more complicated case, flush out all 402100979Srwatson * pending changes to the object then turn it 403100979Srwatson * copy-on-write. 404100979Srwatson */ 405100979Srwatson vm_object_reference(object); 406100979Srwatson vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); 407113955Salc VM_OBJECT_LOCK(object); 408100979Srwatson vm_object_page_clean(object, 409100979Srwatson OFF_TO_IDX(offset), 410100979Srwatson OFF_TO_IDX(offset + vme->end - vme->start + 411100979Srwatson PAGE_MASK), 412100979Srwatson OBJPC_SYNC); 413113955Salc VM_OBJECT_UNLOCK(object); 414100979Srwatson VOP_UNLOCK(vp, 0, td); 415100979Srwatson vm_object_deallocate(object); 416100979Srwatson /* 417100979Srwatson * Why bother if there's no read permissions 418100979Srwatson * anymore? For the rest, we need to leave 419100979Srwatson * the write permissions on for COW, or 420100979Srwatson * remove them entirely if configured to. 421100979Srwatson */ 422100979Srwatson if (!mac_mmap_revocation_via_cow) { 423100979Srwatson vme->max_protection &= ~VM_PROT_WRITE; 424100979Srwatson vme->protection &= ~VM_PROT_WRITE; 425100979Srwatson } if ((revokeperms & VM_PROT_READ) == 0) 426100979Srwatson vme->eflags |= MAP_ENTRY_COW | 427100979Srwatson MAP_ENTRY_NEEDS_COPY; 428100979Srwatson } 429100979Srwatson if (revokeperms & VM_PROT_EXECUTE) { 430100979Srwatson vme->max_protection &= ~VM_PROT_EXECUTE; 431100979Srwatson vme->protection &= ~VM_PROT_EXECUTE; 432100979Srwatson } 433100979Srwatson if (revokeperms & VM_PROT_READ) { 434100979Srwatson vme->max_protection = 0; 435100979Srwatson vme->protection = 0; 436100979Srwatson } 437100979Srwatson pmap_protect(map->pmap, vme->start, vme->end, 438100979Srwatson vme->protection & ~revokeperms); 439100979Srwatson vm_map_simplify_entry(map, vme); 440100979Srwatson } 441100979Srwatson vm_map_lock_downgrade(map); 442150913Scsjp VFS_UNLOCK_GIANT(vfslocked); 443100979Srwatson } 444100979Srwatson vm_map_unlock_read(map); 445100979Srwatson} 446100979Srwatson 447100979Srwatson/* 448100979Srwatson * When the subject's label changes, it may require revocation of privilege 449100979Srwatson * to mapped objects. This can't be done on-the-fly later with a unified 450100979Srwatson * buffer cache. 451100979Srwatson */ 452121361Srwatsonvoid 453100979Srwatsonmac_relabel_cred(struct ucred *cred, struct label *newlabel) 454100979Srwatson{ 455100979Srwatson 456100979Srwatson MAC_PERFORM(relabel_cred, cred, newlabel); 457100979Srwatson} 458100979Srwatson 459100979Srwatsonint 460100979Srwatsonmac_check_cred_relabel(struct ucred *cred, struct label *newlabel) 461100979Srwatson{ 462100979Srwatson int error; 463100979Srwatson 464100979Srwatson MAC_CHECK(check_cred_relabel, cred, newlabel); 465100979Srwatson 466100979Srwatson return (error); 467100979Srwatson} 468100979Srwatson 469100979Srwatsonint 470100979Srwatsonmac_check_cred_visible(struct ucred *u1, struct ucred *u2) 471100979Srwatson{ 472100979Srwatson int error; 473100979Srwatson 474100979Srwatson if (!mac_enforce_process) 475100979Srwatson return (0); 476100979Srwatson 477100979Srwatson MAC_CHECK(check_cred_visible, u1, u2); 478100979Srwatson 479100979Srwatson return (error); 480100979Srwatson} 481100979Srwatson 482100979Srwatsonint 483100979Srwatsonmac_check_proc_debug(struct ucred *cred, struct proc *proc) 484100979Srwatson{ 485100979Srwatson int error; 486100979Srwatson 487102103Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 488102103Srwatson 489100979Srwatson if (!mac_enforce_process) 490100979Srwatson return (0); 491100979Srwatson 492100979Srwatson MAC_CHECK(check_proc_debug, cred, proc); 493100979Srwatson 494100979Srwatson return (error); 495100979Srwatson} 496100979Srwatson 497100979Srwatsonint 498100979Srwatsonmac_check_proc_sched(struct ucred *cred, struct proc *proc) 499100979Srwatson{ 500100979Srwatson int error; 501100979Srwatson 502102103Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 503102103Srwatson 504100979Srwatson if (!mac_enforce_process) 505100979Srwatson return (0); 506100979Srwatson 507100979Srwatson MAC_CHECK(check_proc_sched, cred, proc); 508100979Srwatson 509100979Srwatson return (error); 510100979Srwatson} 511100979Srwatson 512100979Srwatsonint 513100979Srwatsonmac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 514100979Srwatson{ 515100979Srwatson int error; 516100979Srwatson 517102103Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 518102103Srwatson 519100979Srwatson if (!mac_enforce_process) 520100979Srwatson return (0); 521100979Srwatson 522100979Srwatson MAC_CHECK(check_proc_signal, cred, proc, signum); 523100979Srwatson 524100979Srwatson return (error); 525100979Srwatson} 526145147Srwatson 527145147Srwatsonint 528145147Srwatsonmac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid) 529145147Srwatson{ 530145147Srwatson int error; 531145147Srwatson 532145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 533145147Srwatson 534145147Srwatson if (!mac_enforce_suid) 535145147Srwatson return (0); 536145147Srwatson 537145147Srwatson MAC_CHECK(check_proc_setuid, cred, uid); 538145147Srwatson return (error); 539145147Srwatson} 540145147Srwatson 541145147Srwatsonint 542145147Srwatsonmac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid) 543145147Srwatson{ 544145147Srwatson int error; 545145147Srwatson 546145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 547145147Srwatson 548145147Srwatson if (!mac_enforce_suid) 549145147Srwatson return (0); 550145147Srwatson 551145147Srwatson MAC_CHECK(check_proc_seteuid, cred, euid); 552145147Srwatson return (error); 553145147Srwatson} 554145147Srwatson 555145147Srwatsonint 556145147Srwatsonmac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid) 557145147Srwatson{ 558145147Srwatson int error; 559145147Srwatson 560145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 561145147Srwatson 562145147Srwatson if (!mac_enforce_suid) 563145147Srwatson return (0); 564145147Srwatson 565145147Srwatson MAC_CHECK(check_proc_setgid, cred, gid); 566145147Srwatson return (error); 567145147Srwatson} 568145147Srwatson 569145147Srwatsonint 570145147Srwatsonmac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid) 571145147Srwatson{ 572145147Srwatson int error; 573145147Srwatson 574145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 575145147Srwatson 576145147Srwatson if (!mac_enforce_suid) 577145147Srwatson return (0); 578145147Srwatson 579145147Srwatson MAC_CHECK(check_proc_setegid, cred, egid); 580145147Srwatson return (error); 581145147Srwatson} 582145147Srwatson 583145147Srwatsonint 584145147Srwatsonmac_check_proc_setgroups(struct proc *proc, struct ucred *cred, 585145147Srwatson int ngroups, gid_t *gidset) 586145147Srwatson{ 587145147Srwatson int error; 588145147Srwatson 589145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 590145147Srwatson 591145147Srwatson if (!mac_enforce_suid) 592145147Srwatson return (0); 593145147Srwatson 594145147Srwatson MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); 595145147Srwatson return (error); 596145147Srwatson} 597145147Srwatson 598145147Srwatsonint 599145147Srwatsonmac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid, 600145147Srwatson uid_t euid) 601145147Srwatson{ 602145147Srwatson int error; 603145147Srwatson 604145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 605145147Srwatson 606145147Srwatson if (!mac_enforce_suid) 607145147Srwatson return (0); 608145147Srwatson 609145147Srwatson MAC_CHECK(check_proc_setreuid, cred, ruid, euid); 610145147Srwatson return (error); 611145147Srwatson} 612145147Srwatson 613145147Srwatsonint 614145147Srwatsonmac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, 615145147Srwatson gid_t egid) 616145147Srwatson{ 617145147Srwatson int error; 618145147Srwatson 619145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 620145147Srwatson 621145147Srwatson if (!mac_enforce_suid) 622145147Srwatson return (0); 623145147Srwatson 624145147Srwatson MAC_CHECK(check_proc_setregid, cred, rgid, egid); 625145147Srwatson return (error); 626145147Srwatson} 627145147Srwatson 628145147Srwatsonint 629145147Srwatsonmac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid, 630145147Srwatson uid_t euid, uid_t suid) 631145147Srwatson{ 632145147Srwatson int error; 633145147Srwatson 634145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 635145147Srwatson 636145147Srwatson if (!mac_enforce_suid) 637145147Srwatson return (0); 638145147Srwatson 639145147Srwatson MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); 640145147Srwatson return (error); 641145147Srwatson} 642145147Srwatson 643145147Srwatsonint 644145147Srwatsonmac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, 645145147Srwatson gid_t egid, gid_t sgid) 646145147Srwatson{ 647145147Srwatson int error; 648145147Srwatson 649145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 650145147Srwatson 651145147Srwatson if (!mac_enforce_suid) 652145147Srwatson return (0); 653145147Srwatson 654145147Srwatson MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); 655145147Srwatson return (error); 656145147Srwatson} 657145234Srwatson 658145234Srwatsonint 659145234Srwatsonmac_check_proc_wait(struct ucred *cred, struct proc *proc) 660145234Srwatson{ 661145234Srwatson int error; 662145234Srwatson 663145234Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 664145234Srwatson 665145234Srwatson if (!mac_enforce_process) 666145234Srwatson return (0); 667145234Srwatson 668145234Srwatson MAC_CHECK(check_proc_wait, cred, proc); 669145234Srwatson 670145234Srwatson return (error); 671145234Srwatson} 672