mac_ifoff.c revision 101099 
1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
9 * the Security Research Division of Network Associates, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 *    notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 *    notice, this list of conditions and the following disclaimer in the
20 *    documentation and/or other materials provided with the distribution.
21 * 3. The names of the authors may not be used to endorse or promote
22 *    products derived from this software without specific prior written
23 *    permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_ifoff/mac_ifoff.c 101099 2002-07-31 18:07:45Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Limit access to interfaces until they are specifically administratively
43 * enabled.  Prevents protocol stack-driven packet leakage in unsafe
44 * environments.
45 */
46
47#include <sys/types.h>
48#include <sys/param.h>
49#include <sys/conf.h>
50#include <sys/kernel.h>
51#include <sys/mac.h>
52#include <sys/mount.h>
53#include <sys/proc.h>
54#include <sys/systm.h>
55#include <sys/sysproto.h>
56#include <sys/sysent.h>
57#include <sys/vnode.h>
58#include <sys/file.h>
59#include <sys/socket.h>
60#include <sys/socketvar.h>
61#include <sys/sysctl.h>
62
63#include <net/bpfdesc.h>
64#include <net/if.h>
65#include <net/if_types.h>
66#include <net/if_var.h>
67
68#include <vm/vm.h>
69
70#include <sys/mac_policy.h>
71
72SYSCTL_DECL(_security_mac);
73
74SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW, 0,
75    "TrustedBSD mac_ifoff policy controls");
76
77static int	mac_ifoff_enabled = 1;
78SYSCTL_INT(_security_mac_ifoff, OID_AUTO, enabled, CTLFLAG_RW,
79    &mac_ifoff_enabled, 0, "Enforce ifoff policy");
80TUNABLE_INT("security.mac.ifoff.enabled", &mac_ifoff_enabled);
81
82static int	mac_ifoff_lo_enabled = 1;
83SYSCTL_INT(_security_mac_ifoff, OID_AUTO, lo_enabled, CTLFLAG_RW,
84    &mac_ifoff_lo_enabled, 0, "Enable loopback interfaces");
85TUNABLE_INT("security.mac.ifoff.lo_enabled", &mac_ifoff_lo_enabled);
86
87static int	mac_ifoff_other_enabled = 0;
88SYSCTL_INT(_security_mac_ifoff, OID_AUTO, other_enabled, CTLFLAG_RW,
89    &mac_ifoff_other_enabled, 0, "Enable other interfaces");
90TUNABLE_INT("security.mac.ifoff.other_enabled", &mac_ifoff_other_enabled);
91
92static int	mac_ifoff_bpfrecv_enabled = 0;
93SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW,
94    &mac_ifoff_bpfrecv_enabled, 0, "Enable BPF reception even when interface "
95    "is disabled");
96TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &mac_ifoff_bpfrecv_enabled);
97
98static int
99check_ifnet_outgoing(struct ifnet *ifnet)
100{
101
102	if (!mac_ifoff_enabled)
103		return (0);
104
105	if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP)
106		return (0);
107
108	if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP)
109		return (0);
110
111	return (EPERM);
112}
113
114static int
115check_ifnet_incoming(struct ifnet *ifnet, int viabpf)
116{
117	if (!mac_ifoff_enabled)
118		return (0);
119
120	if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP)
121		return (0);
122
123	if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP)
124		return (0);
125
126	if (viabpf && mac_ifoff_bpfrecv_enabled)
127		return (0);
128
129	return (EPERM);
130}
131
132static int
133mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
134    struct ifnet *ifnet, struct label *ifnetlabel)
135{
136
137	return (check_ifnet_incoming(ifnet, 1));
138}
139
140static int
141mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
142    struct mbuf *m, struct label *mbuflabel)
143{
144
145	return (check_ifnet_outgoing(ifnet));
146}
147
148static int
149mac_ifoff_check_socket_receive(struct socket *so, struct label *socketlabel,
150    struct mbuf *m, struct label *mbuflabel)
151{
152
153	if (m->m_flags & M_PKTHDR) {
154		if (m->m_pkthdr.rcvif != NULL)
155			return (check_ifnet_incoming(m->m_pkthdr.rcvif, 0));
156	}
157
158	return (0);
159}
160
161static struct mac_policy_op_entry mac_ifoff_ops[] =
162{
163	{ MAC_CHECK_BPFDESC_RECEIVE,
164	    (macop_t)mac_ifoff_check_bpfdesc_receive },
165	{ MAC_CHECK_IFNET_TRANSMIT,
166	    (macop_t)mac_ifoff_check_ifnet_transmit },
167	{ MAC_CHECK_SOCKET_RECEIVE,
168	    (macop_t)mac_ifoff_check_socket_receive },
169	{ MAC_OP_LAST, NULL }
170};
171
172MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff",
173    MPC_LOADTIME_FLAG_UNLOADOK, NULL);
174