1100894Srwatson/*- 2168955Srwatson * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3172930Srwatson * Copyright (c) 2006 SPARTA, Inc. 4189503Srwatson * Copyright (c) 2007, 2009 Robert N. M. Watson 5100894Srwatson * All rights reserved. 6100894Srwatson * 7106392Srwatson * This software was developed for the FreeBSD Project in part by Network 8106392Srwatson * Associates Laboratories, the Security Research Division of Network 9106392Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 10106392Srwatson * as part of the DARPA CHATS research program. 11100894Srwatson * 12168951Srwatson * Portions of this software were developed by Robert Watson for the 13168951Srwatson * TrustedBSD Project. 14168951Srwatson * 15172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 16172930Srwatson * N66001-04-C-6019 ("SEFOS"). 17172930Srwatson * 18189503Srwatson * This software was developed at the University of Cambridge Computer 19189503Srwatson * Laboratory with support from a grant from Google, Inc. 20189503Srwatson * 21100894Srwatson * Redistribution and use in source and binary forms, with or without 22100894Srwatson * modification, are permitted provided that the following conditions 23100894Srwatson * are met: 24100894Srwatson * 1. Redistributions of source code must retain the above copyright 25100894Srwatson * notice, this list of conditions and the following disclaimer. 26100894Srwatson * 2. Redistributions in binary form must reproduce the above copyright 27100894Srwatson * notice, this list of conditions and the following disclaimer in the 28100894Srwatson * documentation and/or other materials provided with the distribution. 29100894Srwatson * 30100894Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31100894Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32100894Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33100894Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34100894Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35100894Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36100894Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37100894Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38100894Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39100894Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40100894Srwatson * SUCH DAMAGE. 41100894Srwatson */ 42116182Sobrien 43168951Srwatson/* 44168951Srwatson * MAC Framework entry points relating to overall operation of system, 45168951Srwatson * including global services such as the kernel environment and loadable 46168951Srwatson * modules. 47168951Srwatson * 48168951Srwatson * System checks often align with existing privilege checks, but provide 49168951Srwatson * additional security context that may be relevant to policies, such as the 50168951Srwatson * specific object being operated on. 51168951Srwatson */ 52168951Srwatson 53116182Sobrien#include <sys/cdefs.h> 54116182Sobrien__FBSDID("$FreeBSD$"); 55116182Sobrien 56100894Srwatson#include "opt_mac.h" 57101173Srwatson 58100894Srwatson#include <sys/param.h> 59100979Srwatson#include <sys/kernel.h> 60100979Srwatson#include <sys/lock.h> 61102949Sbde#include <sys/malloc.h> 62129880Sphk#include <sys/module.h> 63100979Srwatson#include <sys/mutex.h> 64189503Srwatson#include <sys/sdt.h> 65100979Srwatson#include <sys/systm.h> 66100979Srwatson#include <sys/vnode.h> 67100979Srwatson#include <sys/sysctl.h> 68100894Srwatson 69163606Srwatson#include <security/mac/mac_framework.h> 70121362Srwatson#include <security/mac/mac_internal.h> 71165469Srwatson#include <security/mac/mac_policy.h> 72100979Srwatson 73189503SrwatsonMAC_CHECK_PROBE_DEFINE1(kenv_check_dump, "struct ucred *"); 74189503Srwatson 75100894Srwatsonint 76172930Srwatsonmac_kenv_check_dump(struct ucred *cred) 77106308Srwatson{ 78106308Srwatson int error; 79106308Srwatson 80191731Srwatson MAC_POLICY_CHECK_NOSLEEP(kenv_check_dump, cred); 81189503Srwatson MAC_CHECK_PROBE1(kenv_check_dump, error, cred); 82106308Srwatson 83106308Srwatson return (error); 84106308Srwatson} 85106308Srwatson 86189503SrwatsonMAC_CHECK_PROBE_DEFINE2(kenv_check_get, "struct ucred *", "char *"); 87189503Srwatson 88106308Srwatsonint 89172930Srwatsonmac_kenv_check_get(struct ucred *cred, char *name) 90106308Srwatson{ 91106308Srwatson int error; 92106308Srwatson 93191731Srwatson MAC_POLICY_CHECK_NOSLEEP(kenv_check_get, cred, name); 94189503Srwatson MAC_CHECK_PROBE2(kenv_check_get, error, cred, name); 95106308Srwatson 96106308Srwatson return (error); 97106308Srwatson} 98106308Srwatson 99189503SrwatsonMAC_CHECK_PROBE_DEFINE3(kenv_check_set, "struct ucred *", "char *", 100189503Srwatson "char *"); 101189503Srwatson 102106308Srwatsonint 103172930Srwatsonmac_kenv_check_set(struct ucred *cred, char *name, char *value) 104106308Srwatson{ 105106308Srwatson int error; 106106308Srwatson 107191731Srwatson MAC_POLICY_CHECK_NOSLEEP(kenv_check_set, cred, name, value); 108189503Srwatson MAC_CHECK_PROBE3(kenv_check_set, error, cred, name, value); 109106308Srwatson 110106308Srwatson return (error); 111106308Srwatson} 112106308Srwatson 113189503SrwatsonMAC_CHECK_PROBE_DEFINE2(kenv_check_unset, "struct ucred *", "char *"); 114189503Srwatson 115106308Srwatsonint 116172930Srwatsonmac_kenv_check_unset(struct ucred *cred, char *name) 117106308Srwatson{ 118106308Srwatson int error; 119106308Srwatson 120191731Srwatson MAC_POLICY_CHECK_NOSLEEP(kenv_check_unset, cred, name); 121189503Srwatson MAC_CHECK_PROBE2(kenv_check_unset, error, cred, name); 122106308Srwatson 123106308Srwatson return (error); 124106308Srwatson} 125106308Srwatson 126189503SrwatsonMAC_CHECK_PROBE_DEFINE2(kld_check_load, "struct ucred *", "struct vnode *"); 127189503Srwatson 128106308Srwatsonint 129172930Srwatsonmac_kld_check_load(struct ucred *cred, struct vnode *vp) 130107089Srwatson{ 131107089Srwatson int error; 132107089Srwatson 133172930Srwatson ASSERT_VOP_LOCKED(vp, "mac_kld_check_load"); 134107089Srwatson 135191731Srwatson MAC_POLICY_CHECK(kld_check_load, cred, vp, vp->v_label); 136189503Srwatson MAC_CHECK_PROBE2(kld_check_load, error, cred, vp); 137107089Srwatson 138107089Srwatson return (error); 139107089Srwatson} 140107089Srwatson 141189503SrwatsonMAC_CHECK_PROBE_DEFINE1(kld_check_stat, "struct ucred *"); 142189503Srwatson 143107089Srwatsonint 144172930Srwatsonmac_kld_check_stat(struct ucred *cred) 145107089Srwatson{ 146107089Srwatson int error; 147107089Srwatson 148191731Srwatson MAC_POLICY_CHECK_NOSLEEP(kld_check_stat, cred); 149189503Srwatson MAC_CHECK_PROBE1(kld_check_stat, error, cred); 150107089Srwatson 151107089Srwatson return (error); 152107089Srwatson} 153107089Srwatson 154189503SrwatsonMAC_CHECK_PROBE_DEFINE2(system_check_acct, "struct ucred *", 155189503Srwatson "struct vnode *"); 156189503Srwatson 157107089Srwatsonint 158172930Srwatsonmac_system_check_acct(struct ucred *cred, struct vnode *vp) 159106412Srwatson{ 160106412Srwatson int error; 161106412Srwatson 162106412Srwatson if (vp != NULL) { 163172930Srwatson ASSERT_VOP_LOCKED(vp, "mac_system_check_acct"); 164106412Srwatson } 165106412Srwatson 166191731Srwatson MAC_POLICY_CHECK(system_check_acct, cred, vp, 167122524Srwatson vp != NULL ? vp->v_label : NULL); 168189503Srwatson MAC_CHECK_PROBE2(system_check_acct, error, cred, vp); 169106412Srwatson 170106412Srwatson return (error); 171106412Srwatson} 172106412Srwatson 173189503SrwatsonMAC_CHECK_PROBE_DEFINE2(system_check_reboot, "struct ucred *", "int"); 174189503Srwatson 175106412Srwatsonint 176172930Srwatsonmac_system_check_reboot(struct ucred *cred, int howto) 177106024Srwatson{ 178106024Srwatson int error; 179106024Srwatson 180191731Srwatson MAC_POLICY_CHECK_NOSLEEP(system_check_reboot, cred, howto); 181189503Srwatson MAC_CHECK_PROBE2(system_check_reboot, error, cred, howto); 182106045Srwatson 183106024Srwatson return (error); 184106024Srwatson} 185106024Srwatson 186189503SrwatsonMAC_CHECK_PROBE_DEFINE2(system_check_swapon, "struct ucred *", 187189503Srwatson "struct vnode *"); 188189503Srwatson 189106024Srwatsonint 190172930Srwatsonmac_system_check_swapon(struct ucred *cred, struct vnode *vp) 191106023Srwatson{ 192106023Srwatson int error; 193106023Srwatson 194172930Srwatson ASSERT_VOP_LOCKED(vp, "mac_system_check_swapon"); 195106023Srwatson 196191731Srwatson MAC_POLICY_CHECK(system_check_swapon, cred, vp, vp->v_label); 197189503Srwatson MAC_CHECK_PROBE2(system_check_swapon, error, cred, vp); 198189503Srwatson 199106023Srwatson return (error); 200106023Srwatson} 201106023Srwatson 202189503SrwatsonMAC_CHECK_PROBE_DEFINE2(system_check_swapoff, "struct ucred *", 203189503Srwatson "struct vnode *"); 204189503Srwatson 205106023Srwatsonint 206172930Srwatsonmac_system_check_swapoff(struct ucred *cred, struct vnode *vp) 207111936Srwatson{ 208111936Srwatson int error; 209111936Srwatson 210172930Srwatson ASSERT_VOP_LOCKED(vp, "mac_system_check_swapoff"); 211111936Srwatson 212191731Srwatson MAC_POLICY_CHECK(system_check_swapoff, cred, vp, vp->v_label); 213189503Srwatson MAC_CHECK_PROBE2(system_check_swapoff, error, cred, vp); 214189503Srwatson 215111936Srwatson return (error); 216111936Srwatson} 217111936Srwatson 218189503SrwatsonMAC_CHECK_PROBE_DEFINE3(system_check_sysctl, "struct ucred *", 219189503Srwatson "struct sysctl_oid *", "struct sysctl_req *"); 220189503Srwatson 221111936Srwatsonint 222172930Srwatsonmac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 223168951Srwatson void *arg1, int arg2, struct sysctl_req *req) 224106025Srwatson{ 225106025Srwatson int error; 226106025Srwatson 227106025Srwatson /* 228147222Scsjp * XXXMAC: We would very much like to assert the SYSCTL_LOCK here, 229106025Srwatson * but since it's not exported from kern_sysctl.c, we can't. 230106025Srwatson */ 231191731Srwatson MAC_POLICY_CHECK_NOSLEEP(system_check_sysctl, cred, oidp, arg1, arg2, 232191731Srwatson req); 233189503Srwatson MAC_CHECK_PROBE3(system_check_sysctl, error, cred, oidp, req); 234106025Srwatson 235106025Srwatson return (error); 236106025Srwatson} 237