mac_posix_shm.c revision 182063
1/*- 2 * Copyright (c) 2003-2006 SPARTA, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project in part by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. 9 * 10 * This software was enhanced by SPARTA ISSO under SPAWAR contract 11 * N66001-04-C-6019 ("SEFOS"). 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35#include <sys/cdefs.h> 36__FBSDID("$FreeBSD: head/sys/security/mac/mac_posix_shm.c 182063 2008-08-23 15:26:36Z rwatson $"); 37 38#include "opt_mac.h" 39 40#include <sys/param.h> 41#include <sys/kernel.h> 42#include <sys/mman.h> 43#include <sys/malloc.h> 44#include <sys/module.h> 45#include <sys/systm.h> 46#include <sys/sysctl.h> 47 48#include <security/mac/mac_framework.h> 49#include <security/mac/mac_internal.h> 50#include <security/mac/mac_policy.h> 51 52static struct label * 53mac_posixshm_label_alloc(void) 54{ 55 struct label *label; 56 57 label = mac_labelzone_alloc(M_WAITOK); 58 MAC_PERFORM(posixshm_init_label, label); 59 return (label); 60} 61 62void 63mac_posixshm_init(struct shmfd *shmfd) 64{ 65 66 if (mac_labeled & MPC_OBJECT_POSIXSHM) 67 shmfd->shm_label = mac_posixshm_label_alloc(); 68 else 69 shmfd->shm_label = NULL; 70} 71 72static void 73mac_posixshm_label_free(struct label *label) 74{ 75 76 MAC_PERFORM(posixshm_destroy_label, label); 77 mac_labelzone_free(label); 78} 79 80void 81mac_posixshm_destroy(struct shmfd *shmfd) 82{ 83 84 if (shmfd->shm_label != NULL) { 85 mac_posixshm_label_free(shmfd->shm_label); 86 shmfd->shm_label = NULL; 87 } 88} 89 90void 91mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd) 92{ 93 94 MAC_PERFORM(posixshm_create, cred, shmfd, shmfd->shm_label); 95} 96 97int 98mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, int prot, 99 int flags) 100{ 101 int error; 102 103 MAC_CHECK(posixshm_check_mmap, cred, shmfd, shmfd->shm_label, prot, 104 flags); 105 106 return (error); 107} 108 109int 110mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd) 111{ 112 int error; 113 114 MAC_CHECK(posixshm_check_open, cred, shmfd, shmfd->shm_label); 115 116 return (error); 117} 118 119int 120mac_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, 121 struct shmfd *shmfd) 122{ 123 int error; 124 125 MAC_CHECK(posixshm_check_stat, active_cred, file_cred, shmfd, 126 shmfd->shm_label); 127 128 return (error); 129} 130 131int 132mac_posixshm_check_truncate(struct ucred *active_cred, struct ucred *file_cred, 133 struct shmfd *shmfd) 134{ 135 int error; 136 137 MAC_CHECK(posixshm_check_truncate, active_cred, file_cred, shmfd, 138 shmfd->shm_label); 139 140 return (error); 141} 142 143int 144mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd) 145{ 146 int error; 147 148 MAC_CHECK(posixshm_check_unlink, cred, shmfd, shmfd->shm_label); 149 150 return (error); 151} 152