mac_cred.c revision 184407
1100894Srwatson/*- 2184407Srwatson * Copyright (c) 1999-2002, 2008 Robert N. M. Watson 3100894Srwatson * Copyright (c) 2001 Ilmar S. Habibulin 4126097Srwatson * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5145147Srwatson * Copyright (c) 2005 Samy Al Bahra 6172930Srwatson * Copyright (c) 2006 SPARTA, Inc. 7182063Srwatson * Copyright (c) 2008 Apple Inc. 8100894Srwatson * All rights reserved. 9100894Srwatson * 10100894Srwatson * This software was developed by Robert Watson and Ilmar Habibulin for the 11100894Srwatson * TrustedBSD Project. 12100894Srwatson * 13106392Srwatson * This software was developed for the FreeBSD Project in part by Network 14106392Srwatson * Associates Laboratories, the Security Research Division of Network 15106392Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 16106392Srwatson * as part of the DARPA CHATS research program. 17100894Srwatson * 18172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 19172930Srwatson * N66001-04-C-6019 ("SEFOS"). 20172930Srwatson * 21100894Srwatson * Redistribution and use in source and binary forms, with or without 22100894Srwatson * modification, are permitted provided that the following conditions 23100894Srwatson * are met: 24100894Srwatson * 1. Redistributions of source code must retain the above copyright 25100894Srwatson * notice, this list of conditions and the following disclaimer. 26100894Srwatson * 2. Redistributions in binary form must reproduce the above copyright 27100894Srwatson * notice, this list of conditions and the following disclaimer in the 28100894Srwatson * documentation and/or other materials provided with the distribution. 29100894Srwatson * 30100894Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31100894Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32100894Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33100894Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34100894Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35100894Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36100894Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37100894Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38100894Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39100894Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40100894Srwatson * SUCH DAMAGE. 41100894Srwatson */ 42116182Sobrien 43116182Sobrien#include <sys/cdefs.h> 44116182Sobrien__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 184407 2008-10-28 11:33:06Z rwatson $"); 45116182Sobrien 46100894Srwatson#include "opt_mac.h" 47101173Srwatson 48100894Srwatson#include <sys/param.h> 49106856Srwatson#include <sys/condvar.h> 50106468Srwatson#include <sys/imgact.h> 51100979Srwatson#include <sys/kernel.h> 52100979Srwatson#include <sys/lock.h> 53102949Sbde#include <sys/malloc.h> 54100979Srwatson#include <sys/mutex.h> 55100979Srwatson#include <sys/mac.h> 56100979Srwatson#include <sys/proc.h> 57116701Srwatson#include <sys/sbuf.h> 58100979Srwatson#include <sys/systm.h> 59100979Srwatson#include <sys/vnode.h> 60100979Srwatson#include <sys/mount.h> 61100979Srwatson#include <sys/file.h> 62100979Srwatson#include <sys/namei.h> 63100979Srwatson#include <sys/sysctl.h> 64100894Srwatson 65100979Srwatson#include <vm/vm.h> 66100979Srwatson#include <vm/pmap.h> 67100979Srwatson#include <vm/vm_map.h> 68100979Srwatson#include <vm/vm_object.h> 69100979Srwatson 70163606Srwatson#include <security/mac/mac_framework.h> 71121361Srwatson#include <security/mac/mac_internal.h> 72165469Srwatson#include <security/mac/mac_policy.h> 73100979Srwatson 74103136Srwatsonstatic int mac_mmap_revocation = 1; 75103136SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW, 76103136Srwatson &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " 77103136Srwatson "relabel"); 78121361Srwatson 79101892Srwatsonstatic int mac_mmap_revocation_via_cow = 0; 80100979SrwatsonSYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 81100979Srwatson &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 82100979Srwatson "copy-on-write semantics, or by removing all write access"); 83100979Srwatson 84100979Srwatsonstatic void mac_cred_mmapped_drop_perms_recurse(struct thread *td, 85100979Srwatson struct ucred *cred, struct vm_map *map); 86100979Srwatson 87122524Srwatsonstruct label * 88122524Srwatsonmac_cred_label_alloc(void) 89104521Srwatson{ 90122524Srwatson struct label *label; 91104521Srwatson 92122524Srwatson label = mac_labelzone_alloc(M_WAITOK); 93172930Srwatson MAC_PERFORM(cred_init_label, label); 94122524Srwatson return (label); 95104521Srwatson} 96104521Srwatson 97104521Srwatsonvoid 98172930Srwatsonmac_cred_init(struct ucred *cred) 99105694Srwatson{ 100105694Srwatson 101182063Srwatson if (mac_labeled & MPC_OBJECT_CRED) 102182063Srwatson cred->cr_label = mac_cred_label_alloc(); 103182063Srwatson else 104182063Srwatson cred->cr_label = NULL; 105105694Srwatson} 106105694Srwatson 107122524Srwatsonstatic struct label * 108122524Srwatsonmac_proc_label_alloc(void) 109122524Srwatson{ 110122524Srwatson struct label *label; 111122524Srwatson 112122524Srwatson label = mac_labelzone_alloc(M_WAITOK); 113172930Srwatson MAC_PERFORM(proc_init_label, label); 114122524Srwatson return (label); 115122524Srwatson} 116122524Srwatson 117105694Srwatsonvoid 118172930Srwatsonmac_proc_init(struct proc *p) 119107105Srwatson{ 120107105Srwatson 121182063Srwatson if (mac_labeled & MPC_OBJECT_PROC) 122182063Srwatson p->p_label = mac_proc_label_alloc(); 123182063Srwatson else 124182063Srwatson p->p_label = NULL; 125107105Srwatson} 126107105Srwatson 127105988Srwatsonvoid 128122524Srwatsonmac_cred_label_free(struct label *label) 129104521Srwatson{ 130104521Srwatson 131172930Srwatson MAC_PERFORM(cred_destroy_label, label); 132122524Srwatson mac_labelzone_free(label); 133104521Srwatson} 134104521Srwatson 135104521Srwatsonvoid 136172930Srwatsonmac_cred_destroy(struct ucred *cred) 137105694Srwatson{ 138105694Srwatson 139182063Srwatson if (cred->cr_label != NULL) { 140182063Srwatson mac_cred_label_free(cred->cr_label); 141182063Srwatson cred->cr_label = NULL; 142182063Srwatson } 143105694Srwatson} 144105694Srwatson 145122524Srwatsonstatic void 146122524Srwatsonmac_proc_label_free(struct label *label) 147122524Srwatson{ 148122524Srwatson 149172930Srwatson MAC_PERFORM(proc_destroy_label, label); 150122524Srwatson mac_labelzone_free(label); 151122524Srwatson} 152122524Srwatson 153105694Srwatsonvoid 154172930Srwatsonmac_proc_destroy(struct proc *p) 155107105Srwatson{ 156107105Srwatson 157182063Srwatson if (p->p_label != NULL) { 158182063Srwatson mac_proc_label_free(p->p_label); 159182063Srwatson p->p_label = NULL; 160182063Srwatson } 161107105Srwatson} 162107105Srwatson 163184407Srwatson/* 164184407Srwatson * When a thread becomes an NFS server daemon, its credential may need to be 165184407Srwatson * updated to reflect this so that policies can recognize when file system 166184407Srwatson * operations originate from the network. 167184407Srwatson * 168184407Srwatson * At some point, it would be desirable if the credential used for each NFS 169184407Srwatson * RPC could be set based on the RPC context (i.e., source system, etc) to 170184407Srwatson * provide more fine-grained access control. 171184407Srwatson */ 172184407Srwatsonvoid 173184407Srwatsonmac_cred_associate_nfsd(struct ucred *cred) 174105694Srwatson{ 175104522Srwatson 176184407Srwatson MAC_PERFORM(cred_associate_nfsd, cred); 177104522Srwatson} 178104522Srwatson 179104522Srwatson/* 180165425Srwatson * Initialize MAC label for the first kernel process, from which other kernel 181165425Srwatson * processes and threads are spawned. 182104522Srwatson */ 183104521Srwatsonvoid 184184407Srwatsonmac_cred_create_swapper(struct ucred *cred) 185104522Srwatson{ 186104522Srwatson 187184407Srwatson MAC_PERFORM(cred_create_swapper, cred); 188104522Srwatson} 189104522Srwatson 190104522Srwatson/* 191104522Srwatson * Initialize MAC label for the first userland process, from which other 192104522Srwatson * userland processes and threads are spawned. 193104522Srwatson */ 194104522Srwatsonvoid 195184407Srwatsonmac_cred_create_init(struct ucred *cred) 196104522Srwatson{ 197104522Srwatson 198184407Srwatson MAC_PERFORM(cred_create_init, cred); 199104522Srwatson} 200104522Srwatson 201184407Srwatsonint 202184407Srwatsonmac_cred_externalize_label(struct label *label, char *elements, 203184407Srwatson char *outbuf, size_t outbuflen) 204172957Srwatson{ 205184407Srwatson int error; 206172957Srwatson 207184407Srwatson MAC_EXTERNALIZE(cred, label, elements, outbuf, outbuflen); 208184407Srwatson 209184407Srwatson return (error); 210172957Srwatson} 211172957Srwatson 212184407Srwatsonint 213184407Srwatsonmac_cred_internalize_label(struct label *label, char *string) 214184407Srwatson{ 215184407Srwatson int error; 216184407Srwatson 217184407Srwatson MAC_INTERNALIZE(cred, label, string); 218184407Srwatson 219184407Srwatson return (error); 220184407Srwatson} 221184407Srwatson 222172957Srwatsonvoid 223104522Srwatsonmac_thread_userret(struct thread *td) 224104522Srwatson{ 225104522Srwatson 226104522Srwatson MAC_PERFORM(thread_userret, td); 227104522Srwatson} 228104522Srwatson 229104522Srwatson/* 230104522Srwatson * When a new process is created, its label must be initialized. Generally, 231165425Srwatson * this involves inheritence from the parent process, modulo possible deltas. 232165425Srwatson * This function allows that processing to take place. 233104522Srwatson */ 234104522Srwatsonvoid 235172930Srwatsonmac_cred_copy(struct ucred *src, struct ucred *dest) 236104522Srwatson{ 237104522Srwatson 238172930Srwatson MAC_PERFORM(cred_copy_label, src->cr_label, dest->cr_label); 239104522Srwatson} 240104522Srwatson 241105988Srwatsonint 242122524Srwatsonmac_execve_enter(struct image_params *imgp, struct mac *mac_p) 243106468Srwatson{ 244122524Srwatson struct label *label; 245106468Srwatson struct mac mac; 246106468Srwatson char *buffer; 247106468Srwatson int error; 248106468Srwatson 249106468Srwatson if (mac_p == NULL) 250106468Srwatson return (0); 251106468Srwatson 252182063Srwatson if (!(mac_labeled & MPC_OBJECT_CRED)) 253182063Srwatson return (EINVAL); 254182063Srwatson 255106468Srwatson error = copyin(mac_p, &mac, sizeof(mac)); 256106468Srwatson if (error) 257106468Srwatson return (error); 258106468Srwatson 259106468Srwatson error = mac_check_structmac_consistent(&mac); 260106468Srwatson if (error) 261106468Srwatson return (error); 262106468Srwatson 263111119Simp buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); 264106468Srwatson error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 265106468Srwatson if (error) { 266106468Srwatson free(buffer, M_MACTEMP); 267106468Srwatson return (error); 268106468Srwatson } 269106468Srwatson 270122524Srwatson label = mac_cred_label_alloc(); 271172930Srwatson error = mac_cred_internalize_label(label, buffer); 272106468Srwatson free(buffer, M_MACTEMP); 273106468Srwatson if (error) { 274122524Srwatson mac_cred_label_free(label); 275106468Srwatson return (error); 276106468Srwatson } 277122524Srwatson imgp->execlabel = label; 278106468Srwatson return (0); 279106468Srwatson} 280106468Srwatson 281100979Srwatsonvoid 282106468Srwatsonmac_execve_exit(struct image_params *imgp) 283100979Srwatson{ 284122524Srwatson if (imgp->execlabel != NULL) { 285122524Srwatson mac_cred_label_free(imgp->execlabel); 286122524Srwatson imgp->execlabel = NULL; 287122524Srwatson } 288106468Srwatson} 289100979Srwatson 290182063Srwatsonvoid 291182063Srwatsonmac_execve_interpreter_enter(struct vnode *interpvp, 292182063Srwatson struct label **interpvplabel) 293182063Srwatson{ 294182063Srwatson 295182063Srwatson if (mac_labeled & MPC_OBJECT_VNODE) { 296182063Srwatson *interpvplabel = mac_vnode_label_alloc(); 297182063Srwatson mac_vnode_copy_label(interpvp->v_label, *interpvplabel); 298182063Srwatson } else 299182063Srwatson *interpvplabel = NULL; 300182063Srwatson} 301182063Srwatson 302182063Srwatsonvoid 303182063Srwatsonmac_execve_interpreter_exit(struct label *interpvplabel) 304182063Srwatson{ 305182063Srwatson 306182063Srwatson if (interpvplabel != NULL) 307182063Srwatson mac_vnode_label_free(interpvplabel); 308182063Srwatson} 309182063Srwatson 310100979Srwatson/* 311100979Srwatson * When relabeling a process, call out to the policies for the maximum 312165425Srwatson * permission allowed for each object type we know about in its memory space, 313165425Srwatson * and revoke access (in the least surprising ways we know) when necessary. 314165425Srwatson * The process lock is not held here. 315100979Srwatson */ 316107271Srwatsonvoid 317100979Srwatsonmac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) 318100979Srwatson{ 319100979Srwatson 320100979Srwatson /* XXX freeze all other threads */ 321100979Srwatson mac_cred_mmapped_drop_perms_recurse(td, cred, 322100979Srwatson &td->td_proc->p_vmspace->vm_map); 323100979Srwatson /* XXX allow other threads to continue */ 324100979Srwatson} 325100979Srwatson 326100979Srwatsonstatic __inline const char * 327100979Srwatsonprot2str(vm_prot_t prot) 328100979Srwatson{ 329100979Srwatson 330100979Srwatson switch (prot & VM_PROT_ALL) { 331100979Srwatson case VM_PROT_READ: 332100979Srwatson return ("r--"); 333100979Srwatson case VM_PROT_READ | VM_PROT_WRITE: 334100979Srwatson return ("rw-"); 335100979Srwatson case VM_PROT_READ | VM_PROT_EXECUTE: 336100979Srwatson return ("r-x"); 337100979Srwatson case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE: 338100979Srwatson return ("rwx"); 339100979Srwatson case VM_PROT_WRITE: 340100979Srwatson return ("-w-"); 341100979Srwatson case VM_PROT_EXECUTE: 342100979Srwatson return ("--x"); 343100979Srwatson case VM_PROT_WRITE | VM_PROT_EXECUTE: 344100979Srwatson return ("-wx"); 345100979Srwatson default: 346100979Srwatson return ("---"); 347100979Srwatson } 348100979Srwatson} 349100979Srwatson 350100979Srwatsonstatic void 351100979Srwatsonmac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, 352100979Srwatson struct vm_map *map) 353100979Srwatson{ 354100979Srwatson struct vm_map_entry *vme; 355150913Scsjp int vfslocked, result; 356104546Srwatson vm_prot_t revokeperms; 357151115Scsjp vm_object_t backing_object, object; 358100979Srwatson vm_ooffset_t offset; 359100979Srwatson struct vnode *vp; 360156225Stegge struct mount *mp; 361100979Srwatson 362103136Srwatson if (!mac_mmap_revocation) 363103136Srwatson return; 364103136Srwatson 365100979Srwatson vm_map_lock_read(map); 366100979Srwatson for (vme = map->header.next; vme != &map->header; vme = vme->next) { 367100979Srwatson if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { 368100979Srwatson mac_cred_mmapped_drop_perms_recurse(td, cred, 369100979Srwatson vme->object.sub_map); 370100979Srwatson continue; 371100979Srwatson } 372100979Srwatson /* 373100979Srwatson * Skip over entries that obviously are not shared. 374100979Srwatson */ 375100979Srwatson if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) || 376100979Srwatson !vme->max_protection) 377100979Srwatson continue; 378100979Srwatson /* 379100979Srwatson * Drill down to the deepest backing object. 380100979Srwatson */ 381100979Srwatson offset = vme->offset; 382100979Srwatson object = vme->object.vm_object; 383100979Srwatson if (object == NULL) 384100979Srwatson continue; 385151115Scsjp VM_OBJECT_LOCK(object); 386151115Scsjp while ((backing_object = object->backing_object) != NULL) { 387151115Scsjp VM_OBJECT_LOCK(backing_object); 388150923Scsjp offset += object->backing_object_offset; 389151115Scsjp VM_OBJECT_UNLOCK(object); 390151115Scsjp object = backing_object; 391100979Srwatson } 392151115Scsjp VM_OBJECT_UNLOCK(object); 393100979Srwatson /* 394165425Srwatson * At the moment, vm_maps and objects aren't considered by 395165425Srwatson * the MAC system, so only things with backing by a normal 396165425Srwatson * object (read: vnodes) are checked. 397100979Srwatson */ 398100979Srwatson if (object->type != OBJT_VNODE) 399100979Srwatson continue; 400100979Srwatson vp = (struct vnode *)object->handle; 401150913Scsjp vfslocked = VFS_LOCK_GIANT(vp->v_mount); 402175202Sattilio vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 403104546Srwatson result = vme->max_protection; 404172930Srwatson mac_vnode_check_mmap_downgrade(cred, vp, &result); 405175294Sattilio VOP_UNLOCK(vp, 0); 406100979Srwatson /* 407165425Srwatson * Find out what maximum protection we may be allowing now 408165425Srwatson * but a policy needs to get removed. 409100979Srwatson */ 410100979Srwatson revokeperms = vme->max_protection & ~result; 411150913Scsjp if (!revokeperms) { 412150913Scsjp VFS_UNLOCK_GIANT(vfslocked); 413100979Srwatson continue; 414150913Scsjp } 415102949Sbde printf("pid %ld: revoking %s perms from %#lx:%ld " 416102949Sbde "(max %s/cur %s)\n", (long)td->td_proc->p_pid, 417102949Sbde prot2str(revokeperms), (u_long)vme->start, 418102949Sbde (long)(vme->end - vme->start), 419100979Srwatson prot2str(vme->max_protection), prot2str(vme->protection)); 420100979Srwatson vm_map_lock_upgrade(map); 421100979Srwatson /* 422100979Srwatson * This is the really simple case: if a map has more 423100979Srwatson * max_protection than is allowed, but it's not being 424165425Srwatson * actually used (that is, the current protection is still 425165425Srwatson * allowed), we can just wipe it out and do nothing more. 426100979Srwatson */ 427100979Srwatson if ((vme->protection & revokeperms) == 0) { 428100979Srwatson vme->max_protection -= revokeperms; 429100979Srwatson } else { 430100979Srwatson if (revokeperms & VM_PROT_WRITE) { 431100979Srwatson /* 432100979Srwatson * In the more complicated case, flush out all 433100979Srwatson * pending changes to the object then turn it 434100979Srwatson * copy-on-write. 435100979Srwatson */ 436100979Srwatson vm_object_reference(object); 437156225Stegge (void) vn_start_write(vp, &mp, V_WAIT); 438175202Sattilio vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 439113955Salc VM_OBJECT_LOCK(object); 440100979Srwatson vm_object_page_clean(object, 441100979Srwatson OFF_TO_IDX(offset), 442100979Srwatson OFF_TO_IDX(offset + vme->end - vme->start + 443100979Srwatson PAGE_MASK), 444100979Srwatson OBJPC_SYNC); 445113955Salc VM_OBJECT_UNLOCK(object); 446175294Sattilio VOP_UNLOCK(vp, 0); 447156225Stegge vn_finished_write(mp); 448100979Srwatson vm_object_deallocate(object); 449100979Srwatson /* 450100979Srwatson * Why bother if there's no read permissions 451100979Srwatson * anymore? For the rest, we need to leave 452100979Srwatson * the write permissions on for COW, or 453100979Srwatson * remove them entirely if configured to. 454100979Srwatson */ 455100979Srwatson if (!mac_mmap_revocation_via_cow) { 456100979Srwatson vme->max_protection &= ~VM_PROT_WRITE; 457100979Srwatson vme->protection &= ~VM_PROT_WRITE; 458100979Srwatson } if ((revokeperms & VM_PROT_READ) == 0) 459100979Srwatson vme->eflags |= MAP_ENTRY_COW | 460100979Srwatson MAP_ENTRY_NEEDS_COPY; 461100979Srwatson } 462100979Srwatson if (revokeperms & VM_PROT_EXECUTE) { 463100979Srwatson vme->max_protection &= ~VM_PROT_EXECUTE; 464100979Srwatson vme->protection &= ~VM_PROT_EXECUTE; 465100979Srwatson } 466100979Srwatson if (revokeperms & VM_PROT_READ) { 467100979Srwatson vme->max_protection = 0; 468100979Srwatson vme->protection = 0; 469100979Srwatson } 470100979Srwatson pmap_protect(map->pmap, vme->start, vme->end, 471100979Srwatson vme->protection & ~revokeperms); 472100979Srwatson vm_map_simplify_entry(map, vme); 473100979Srwatson } 474100979Srwatson vm_map_lock_downgrade(map); 475150913Scsjp VFS_UNLOCK_GIANT(vfslocked); 476100979Srwatson } 477100979Srwatson vm_map_unlock_read(map); 478100979Srwatson} 479100979Srwatson 480100979Srwatson/* 481100979Srwatson * When the subject's label changes, it may require revocation of privilege 482100979Srwatson * to mapped objects. This can't be done on-the-fly later with a unified 483100979Srwatson * buffer cache. 484100979Srwatson */ 485121361Srwatsonvoid 486172930Srwatsonmac_cred_relabel(struct ucred *cred, struct label *newlabel) 487100979Srwatson{ 488100979Srwatson 489172930Srwatson MAC_PERFORM(cred_relabel, cred, newlabel); 490100979Srwatson} 491100979Srwatson 492100979Srwatsonint 493172930Srwatsonmac_cred_check_relabel(struct ucred *cred, struct label *newlabel) 494100979Srwatson{ 495100979Srwatson int error; 496100979Srwatson 497172930Srwatson MAC_CHECK(cred_check_relabel, cred, newlabel); 498100979Srwatson 499100979Srwatson return (error); 500100979Srwatson} 501100979Srwatson 502100979Srwatsonint 503172930Srwatsonmac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) 504100979Srwatson{ 505100979Srwatson int error; 506100979Srwatson 507172930Srwatson MAC_CHECK(cred_check_visible, cr1, cr2); 508100979Srwatson 509100979Srwatson return (error); 510100979Srwatson} 511100979Srwatson 512100979Srwatsonint 513172930Srwatsonmac_proc_check_debug(struct ucred *cred, struct proc *p) 514100979Srwatson{ 515100979Srwatson int error; 516100979Srwatson 517168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 518102103Srwatson 519172930Srwatson MAC_CHECK(proc_check_debug, cred, p); 520100979Srwatson 521100979Srwatson return (error); 522100979Srwatson} 523100979Srwatson 524100979Srwatsonint 525172930Srwatsonmac_proc_check_sched(struct ucred *cred, struct proc *p) 526100979Srwatson{ 527100979Srwatson int error; 528100979Srwatson 529168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 530102103Srwatson 531172930Srwatson MAC_CHECK(proc_check_sched, cred, p); 532100979Srwatson 533100979Srwatson return (error); 534100979Srwatson} 535100979Srwatson 536100979Srwatsonint 537172930Srwatsonmac_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 538100979Srwatson{ 539100979Srwatson int error; 540100979Srwatson 541168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 542102103Srwatson 543172930Srwatson MAC_CHECK(proc_check_signal, cred, p, signum); 544100979Srwatson 545100979Srwatson return (error); 546100979Srwatson} 547145147Srwatson 548145147Srwatsonint 549172930Srwatsonmac_proc_check_setuid(struct proc *p, struct ucred *cred, uid_t uid) 550145147Srwatson{ 551145147Srwatson int error; 552145147Srwatson 553168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 554145147Srwatson 555172930Srwatson MAC_CHECK(proc_check_setuid, cred, uid); 556145147Srwatson return (error); 557145147Srwatson} 558145147Srwatson 559145147Srwatsonint 560172930Srwatsonmac_proc_check_seteuid(struct proc *p, struct ucred *cred, uid_t euid) 561145147Srwatson{ 562145147Srwatson int error; 563145147Srwatson 564168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 565145147Srwatson 566172930Srwatson MAC_CHECK(proc_check_seteuid, cred, euid); 567145147Srwatson return (error); 568145147Srwatson} 569145147Srwatson 570145147Srwatsonint 571172930Srwatsonmac_proc_check_setgid(struct proc *p, struct ucred *cred, gid_t gid) 572145147Srwatson{ 573145147Srwatson int error; 574145147Srwatson 575168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 576145147Srwatson 577172930Srwatson MAC_CHECK(proc_check_setgid, cred, gid); 578168955Srwatson 579145147Srwatson return (error); 580145147Srwatson} 581145147Srwatson 582145147Srwatsonint 583172930Srwatsonmac_proc_check_setegid(struct proc *p, struct ucred *cred, gid_t egid) 584145147Srwatson{ 585145147Srwatson int error; 586145147Srwatson 587168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 588145147Srwatson 589172930Srwatson MAC_CHECK(proc_check_setegid, cred, egid); 590168955Srwatson 591145147Srwatson return (error); 592145147Srwatson} 593145147Srwatson 594145147Srwatsonint 595172930Srwatsonmac_proc_check_setgroups(struct proc *p, struct ucred *cred, int ngroups, 596168955Srwatson gid_t *gidset) 597145147Srwatson{ 598145147Srwatson int error; 599145147Srwatson 600168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 601145147Srwatson 602172930Srwatson MAC_CHECK(proc_check_setgroups, cred, ngroups, gidset); 603145147Srwatson return (error); 604145147Srwatson} 605145147Srwatson 606145147Srwatsonint 607172930Srwatsonmac_proc_check_setreuid(struct proc *p, struct ucred *cred, uid_t ruid, 608168955Srwatson uid_t euid) 609145147Srwatson{ 610145147Srwatson int error; 611145147Srwatson 612168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 613145147Srwatson 614172930Srwatson MAC_CHECK(proc_check_setreuid, cred, ruid, euid); 615168955Srwatson 616145147Srwatson return (error); 617145147Srwatson} 618145147Srwatson 619145147Srwatsonint 620172930Srwatsonmac_proc_check_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, 621168955Srwatson gid_t egid) 622145147Srwatson{ 623145147Srwatson int error; 624145147Srwatson 625145147Srwatson PROC_LOCK_ASSERT(proc, MA_OWNED); 626145147Srwatson 627172930Srwatson MAC_CHECK(proc_check_setregid, cred, rgid, egid); 628168955Srwatson 629145147Srwatson return (error); 630145147Srwatson} 631145147Srwatson 632145147Srwatsonint 633172930Srwatsonmac_proc_check_setresuid(struct proc *p, struct ucred *cred, uid_t ruid, 634168955Srwatson uid_t euid, uid_t suid) 635145147Srwatson{ 636145147Srwatson int error; 637145147Srwatson 638168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 639145147Srwatson 640172930Srwatson MAC_CHECK(proc_check_setresuid, cred, ruid, euid, suid); 641145147Srwatson return (error); 642145147Srwatson} 643145147Srwatson 644145147Srwatsonint 645172930Srwatsonmac_proc_check_setresgid(struct proc *p, struct ucred *cred, gid_t rgid, 646168955Srwatson gid_t egid, gid_t sgid) 647145147Srwatson{ 648145147Srwatson int error; 649145147Srwatson 650168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 651145147Srwatson 652172930Srwatson MAC_CHECK(proc_check_setresgid, cred, rgid, egid, sgid); 653168955Srwatson 654145147Srwatson return (error); 655145147Srwatson} 656145234Srwatson 657145234Srwatsonint 658172930Srwatsonmac_proc_check_wait(struct ucred *cred, struct proc *p) 659145234Srwatson{ 660145234Srwatson int error; 661145234Srwatson 662168955Srwatson PROC_LOCK_ASSERT(p, MA_OWNED); 663145234Srwatson 664172930Srwatson MAC_CHECK(proc_check_wait, cred, p); 665145234Srwatson 666145234Srwatson return (error); 667145234Srwatson} 668