mac_biba.c revision 102112
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 102112 2002-08-19 16:43:25Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/ip_var.h> 72 73#include <vm/vm.h> 74 75#include <sys/mac_policy.h> 76 77#include <security/mac_biba/mac_biba.h> 78 79SYSCTL_DECL(_security_mac); 80 81SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 82 "TrustedBSD mac_biba policy controls"); 83 84static int mac_biba_enabled = 0; 85SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 86 &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 87 88static int destroyed_not_inited; 89SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 90 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 91 92static int trust_all_interfaces = 0; 93SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 94 &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 95TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 96 97static char trusted_interfaces[128]; 98SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 99 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 100TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 101 sizeof(trusted_interfaces)); 102 103static int mac_biba_revocation_enabled = 0; 104SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 105 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 106TUNABLE_INT("security.mac.biba.revocation_enabled", 107 &mac_biba_revocation_enabled); 108 109static int mac_biba_slot; 110#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 111 112MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 113 114static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 115 struct label *vnodelabel, mode_t acc_mode); 116 117static struct mac_biba * 118biba_alloc(int how) 119{ 120 struct mac_biba *mac_biba; 121 122 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how); 123 124 return (mac_biba); 125} 126 127static void 128biba_free(struct mac_biba *mac_biba) 129{ 130 131 if (mac_biba != NULL) 132 free(mac_biba, M_MACBIBA); 133 else 134 atomic_add_int(&destroyed_not_inited, 1); 135} 136 137static int 138mac_biba_dominate_element(struct mac_biba_element *a, 139 struct mac_biba_element *b) 140{ 141 142 switch(a->mbe_type) { 143 case MAC_BIBA_TYPE_EQUAL: 144 case MAC_BIBA_TYPE_HIGH: 145 return (1); 146 147 case MAC_BIBA_TYPE_LOW: 148 switch (b->mbe_type) { 149 case MAC_BIBA_TYPE_GRADE: 150 case MAC_BIBA_TYPE_HIGH: 151 return (0); 152 153 case MAC_BIBA_TYPE_EQUAL: 154 case MAC_BIBA_TYPE_LOW: 155 return (1); 156 157 default: 158 panic("mac_biba_dominate_element: b->mbe_type invalid"); 159 } 160 161 case MAC_BIBA_TYPE_GRADE: 162 switch (b->mbe_type) { 163 case MAC_BIBA_TYPE_EQUAL: 164 case MAC_BIBA_TYPE_LOW: 165 return (1); 166 167 case MAC_BIBA_TYPE_HIGH: 168 return (0); 169 170 case MAC_BIBA_TYPE_GRADE: 171 return (a->mbe_grade >= b->mbe_grade); 172 173 default: 174 panic("mac_biba_dominate_element: b->mbe_type invalid"); 175 } 176 177 default: 178 panic("mac_biba_dominate_element: a->mbe_type invalid"); 179 } 180 181 return (0); 182} 183 184static int 185mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 186{ 187 188 return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 189 &rangea->mb_rangehigh) && 190 mac_biba_dominate_element(&rangea->mb_rangelow, 191 &rangeb->mb_rangelow)); 192} 193 194static int 195mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 196{ 197 198 KASSERT((single->mb_flag & MAC_BIBA_FLAG_SINGLE) != 0, 199 ("mac_biba_single_in_range: a not single")); 200 KASSERT((range->mb_flag & MAC_BIBA_FLAG_RANGE) != 0, 201 ("mac_biba_single_in_range: b not range")); 202 203 return (mac_biba_dominate_element(&range->mb_rangehigh, 204 &single->mb_single) && 205 mac_biba_dominate_element(&single->mb_single, 206 &range->mb_rangelow)); 207 208 return (1); 209} 210 211static int 212mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 213{ 214 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 215 ("mac_biba_dominate_single: a not single")); 216 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 217 ("mac_biba_dominate_single: b not single")); 218 219 return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 220} 221 222static int 223mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 224{ 225 226 if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 227 b->mbe_type == MAC_BIBA_TYPE_EQUAL) 228 return (1); 229 230 return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 231} 232 233static int 234mac_biba_equal_range(struct mac_biba *a, struct mac_biba *b) 235{ 236 237 KASSERT((a->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 238 ("mac_biba_equal_range: a not range")); 239 KASSERT((b->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 240 ("mac_biba_equal_range: b not range")); 241 242 return (mac_biba_equal_element(&a->mb_rangelow, &b->mb_rangelow) && 243 mac_biba_equal_element(&a->mb_rangehigh, &b->mb_rangehigh)); 244} 245 246static int 247mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 248{ 249 250 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 251 ("mac_biba_equal_single: a not single")); 252 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 253 ("mac_biba_equal_single: b not single")); 254 255 return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 256} 257 258static int 259mac_biba_high_single(struct mac_biba *mac_biba) 260{ 261 262 return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); 263} 264 265static int 266mac_biba_valid(struct mac_biba *mac_biba) 267{ 268 269 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 270 switch (mac_biba->mb_single.mbe_type) { 271 case MAC_BIBA_TYPE_GRADE: 272 break; 273 274 case MAC_BIBA_TYPE_EQUAL: 275 case MAC_BIBA_TYPE_HIGH: 276 case MAC_BIBA_TYPE_LOW: 277 if (mac_biba->mb_single.mbe_grade != 0) 278 return (EINVAL); 279 break; 280 281 default: 282 return (EINVAL); 283 } 284 } else { 285 if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 286 return (EINVAL); 287 } 288 289 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 290 switch (mac_biba->mb_rangelow.mbe_type) { 291 case MAC_BIBA_TYPE_GRADE: 292 break; 293 294 case MAC_BIBA_TYPE_EQUAL: 295 case MAC_BIBA_TYPE_HIGH: 296 case MAC_BIBA_TYPE_LOW: 297 if (mac_biba->mb_rangelow.mbe_grade != 0) 298 return (EINVAL); 299 break; 300 301 default: 302 return (EINVAL); 303 } 304 305 switch (mac_biba->mb_rangehigh.mbe_type) { 306 case MAC_BIBA_TYPE_GRADE: 307 break; 308 309 case MAC_BIBA_TYPE_EQUAL: 310 case MAC_BIBA_TYPE_HIGH: 311 case MAC_BIBA_TYPE_LOW: 312 if (mac_biba->mb_rangehigh.mbe_grade != 0) 313 return (EINVAL); 314 break; 315 316 default: 317 return (EINVAL); 318 } 319 if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 320 &mac_biba->mb_rangelow)) 321 return (EINVAL); 322 } else { 323 if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 324 mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 325 return (EINVAL); 326 } 327 328 return (0); 329} 330 331static void 332mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 333 u_short gradelow, u_short typehigh, u_short gradehigh) 334{ 335 336 mac_biba->mb_rangelow.mbe_type = typelow; 337 mac_biba->mb_rangelow.mbe_grade = gradelow; 338 mac_biba->mb_rangehigh.mbe_type = typehigh; 339 mac_biba->mb_rangehigh.mbe_grade = gradehigh; 340 mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 341} 342 343static void 344mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) 345{ 346 347 mac_biba->mb_single.mbe_type = type; 348 mac_biba->mb_single.mbe_grade = grade; 349 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 350} 351 352static void 353mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 354{ 355 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 356 ("mac_biba_copy_range: labelfrom not range")); 357 358 labelto->mb_rangelow = labelfrom->mb_rangelow; 359 labelto->mb_rangehigh = labelfrom->mb_rangehigh; 360 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 361} 362 363static void 364mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 365{ 366 367 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 368 ("mac_biba_copy_single: labelfrom not single")); 369 370 labelto->mb_single = labelfrom->mb_single; 371 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 372} 373 374static void 375mac_biba_copy_single_to_range(struct mac_biba *labelfrom, 376 struct mac_biba *labelto) 377{ 378 379 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 380 ("mac_biba_copy_single_to_range: labelfrom not single")); 381 382 labelto->mb_rangelow = labelfrom->mb_single; 383 labelto->mb_rangehigh = labelfrom->mb_single; 384 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 385} 386 387/* 388 * Policy module operations. 389 */ 390static void 391mac_biba_destroy(struct mac_policy_conf *conf) 392{ 393 394} 395 396static void 397mac_biba_init(struct mac_policy_conf *conf) 398{ 399 400} 401 402/* 403 * Label operations. 404 */ 405static void 406mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 407{ 408 409 SLOT(label) = biba_alloc(M_WAITOK); 410} 411 412static void 413mac_biba_init_cred(struct ucred *ucred, struct label *label) 414{ 415 416 SLOT(label) = biba_alloc(M_WAITOK); 417} 418 419static void 420mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent, 421 struct label *label) 422{ 423 424 SLOT(label) = biba_alloc(M_WAITOK); 425} 426 427static void 428mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label) 429{ 430 431 SLOT(label) = biba_alloc(M_WAITOK); 432} 433 434static void 435mac_biba_init_ipq(struct ipq *ipq, struct label *label) 436{ 437 438 SLOT(label) = biba_alloc(M_WAITOK); 439} 440 441static int 442mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 443{ 444 445 SLOT(label) = biba_alloc(how); 446 if (SLOT(label) == NULL) 447 return (ENOMEM); 448 449 return (0); 450} 451 452static void 453mac_biba_init_mount(struct mount *mount, struct label *mntlabel, 454 struct label *fslabel) 455{ 456 457 SLOT(mntlabel) = biba_alloc(M_WAITOK); 458 SLOT(fslabel) = biba_alloc(M_WAITOK); 459} 460 461static void 462mac_biba_init_socket(struct socket *socket, struct label *label, 463 struct label *peerlabel) 464{ 465 466 SLOT(label) = biba_alloc(M_WAITOK); 467 SLOT(peerlabel) = biba_alloc(M_WAITOK); 468} 469 470static void 471mac_biba_init_pipe(struct pipe *pipe, struct label *label) 472{ 473 474 SLOT(label) = biba_alloc(M_WAITOK); 475} 476 477static void 478mac_biba_init_temp(struct label *label) 479{ 480 481 SLOT(label) = biba_alloc(M_WAITOK); 482} 483 484static void 485mac_biba_init_vnode(struct vnode *vp, struct label *label) 486{ 487 488 SLOT(label) = biba_alloc(M_WAITOK); 489} 490 491static void 492mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 493{ 494 495 biba_free(SLOT(label)); 496 SLOT(label) = NULL; 497} 498 499static void 500mac_biba_destroy_cred(struct ucred *ucred, struct label *label) 501{ 502 503 biba_free(SLOT(label)); 504 SLOT(label) = NULL; 505} 506 507static void 508mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 509 struct label *label) 510{ 511 512 biba_free(SLOT(label)); 513 SLOT(label) = NULL; 514} 515 516static void 517mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label) 518{ 519 520 biba_free(SLOT(label)); 521 SLOT(label) = NULL; 522} 523 524static void 525mac_biba_destroy_ipq(struct ipq *ipq, struct label *label) 526{ 527 528 biba_free(SLOT(label)); 529 SLOT(label) = NULL; 530} 531 532static void 533mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label) 534{ 535 536 biba_free(SLOT(label)); 537 SLOT(label) = NULL; 538} 539 540static void 541mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel, 542 struct label *fslabel) 543{ 544 545 biba_free(SLOT(mntlabel)); 546 SLOT(mntlabel) = NULL; 547 biba_free(SLOT(fslabel)); 548 SLOT(fslabel) = NULL; 549} 550 551static void 552mac_biba_destroy_socket(struct socket *socket, struct label *label, 553 struct label *peerlabel) 554{ 555 556 biba_free(SLOT(label)); 557 SLOT(label) = NULL; 558 biba_free(SLOT(peerlabel)); 559 SLOT(peerlabel) = NULL; 560} 561 562static void 563mac_biba_destroy_pipe(struct pipe *pipe, struct label *label) 564{ 565 566 biba_free(SLOT(label)); 567 SLOT(label) = NULL; 568} 569 570static void 571mac_biba_destroy_temp(struct label *label) 572{ 573 574 biba_free(SLOT(label)); 575 SLOT(label) = NULL; 576} 577 578static void 579mac_biba_destroy_vnode(struct vnode *vp, struct label *label) 580{ 581 582 biba_free(SLOT(label)); 583 SLOT(label) = NULL; 584} 585 586static int 587mac_biba_externalize(struct label *label, struct mac *extmac) 588{ 589 struct mac_biba *mac_biba; 590 591 mac_biba = SLOT(label); 592 593 if (mac_biba == NULL) { 594 printf("mac_biba_externalize: NULL pointer\n"); 595 return (0); 596 } 597 598 extmac->m_biba = *mac_biba; 599 600 return (0); 601} 602 603static int 604mac_biba_internalize(struct label *label, struct mac *extmac) 605{ 606 struct mac_biba *mac_biba; 607 int error; 608 609 mac_biba = SLOT(label); 610 611 error = mac_biba_valid(mac_biba); 612 if (error) 613 return (error); 614 615 *mac_biba = extmac->m_biba; 616 617 return (0); 618} 619 620/* 621 * Labeling event operations: file system objects, and things that look 622 * a lot like file system objects. 623 */ 624static void 625mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 626 struct label *label) 627{ 628 struct mac_biba *mac_biba; 629 int biba_type; 630 631 mac_biba = SLOT(label); 632 if (strcmp(dev->si_name, "null") == 0 || 633 strcmp(dev->si_name, "zero") == 0 || 634 strcmp(dev->si_name, "random") == 0 || 635 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 636 biba_type = MAC_BIBA_TYPE_EQUAL; 637 else 638 biba_type = MAC_BIBA_TYPE_HIGH; 639 mac_biba_set_single(mac_biba, biba_type, 0); 640} 641 642static void 643mac_biba_create_devfs_directory(char *dirname, int dirnamelen, 644 struct devfs_dirent *devfs_dirent, struct label *label) 645{ 646 struct mac_biba *mac_biba; 647 648 mac_biba = SLOT(label); 649 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 650} 651 652static void 653mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 654 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 655{ 656 struct mac_biba *source, *dest; 657 658 source = SLOT(direntlabel); 659 dest = SLOT(vnodelabel); 660 mac_biba_copy_single(source, dest); 661} 662 663static void 664mac_biba_create_vnode(struct ucred *cred, struct vnode *parent, 665 struct label *parentlabel, struct vnode *child, struct label *childlabel) 666{ 667 struct mac_biba *source, *dest; 668 669 source = SLOT(&cred->cr_label); 670 dest = SLOT(childlabel); 671 672 mac_biba_copy_single(source, dest); 673} 674 675static void 676mac_biba_create_mount(struct ucred *cred, struct mount *mp, 677 struct label *mntlabel, struct label *fslabel) 678{ 679 struct mac_biba *source, *dest; 680 681 source = SLOT(&cred->cr_label); 682 dest = SLOT(mntlabel); 683 mac_biba_copy_single(source, dest); 684 dest = SLOT(fslabel); 685 mac_biba_copy_single(source, dest); 686} 687 688static void 689mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 690 struct label *mntlabel, struct label *fslabel) 691{ 692 struct mac_biba *mac_biba; 693 694 /* Always mount root as high integrity. */ 695 mac_biba = SLOT(fslabel); 696 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 697 mac_biba = SLOT(mntlabel); 698 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 699} 700 701static void 702mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 703 struct label *vnodelabel, struct label *label) 704{ 705 struct mac_biba *source, *dest; 706 707 source = SLOT(label); 708 dest = SLOT(vnodelabel); 709 710 mac_biba_copy_single(source, dest); 711} 712 713static void 714mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 715 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 716{ 717 struct mac_biba *source, *dest; 718 719 source = SLOT(vnodelabel); 720 dest = SLOT(direntlabel); 721 722 mac_biba_copy_single(source, dest); 723} 724 725static void 726mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 727 struct ucred *cred) 728{ 729 struct mac_biba *source, *dest; 730 731 source = SLOT(&cred->cr_label); 732 dest = SLOT(vnodelabel); 733 734 /* 735 * Only copy the single, not the range, since vnodes only have 736 * a single. 737 */ 738 mac_biba_copy_single(source, dest); 739} 740 741static int 742mac_biba_update_vnode_from_externalized(struct vnode *vp, 743 struct label *vnodelabel, struct mac *extmac) 744{ 745 struct mac_biba *source, *dest; 746 int error; 747 748 source = &extmac->m_biba; 749 dest = SLOT(vnodelabel); 750 751 error = mac_biba_valid(source); 752 if (error) 753 return (error); 754 755 if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 756 return (EINVAL); 757 758 mac_biba_copy_single(source, dest); 759 760 return (0); 761} 762 763static void 764mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 765 struct mount *mp, struct label *fslabel) 766{ 767 struct mac_biba *source, *dest; 768 769 source = SLOT(fslabel); 770 dest = SLOT(vnodelabel); 771 772 mac_biba_copy_single(source, dest); 773} 774 775/* 776 * Labeling event operations: IPC object. 777 */ 778static void 779mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 780 struct mbuf *m, struct label *mbuflabel) 781{ 782 struct mac_biba *source, *dest; 783 784 source = SLOT(socketlabel); 785 dest = SLOT(mbuflabel); 786 787 mac_biba_copy_single(source, dest); 788} 789 790static void 791mac_biba_create_socket(struct ucred *cred, struct socket *socket, 792 struct label *socketlabel) 793{ 794 struct mac_biba *source, *dest; 795 796 source = SLOT(&cred->cr_label); 797 dest = SLOT(socketlabel); 798 799 mac_biba_copy_single(source, dest); 800 mac_biba_copy_single_to_range(source, dest); 801} 802 803static void 804mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 805 struct label *pipelabel) 806{ 807 struct mac_biba *source, *dest; 808 809 source = SLOT(&cred->cr_label); 810 dest = SLOT(pipelabel); 811 812 mac_biba_copy_single(source, dest); 813} 814 815static void 816mac_biba_create_socket_from_socket(struct socket *oldsocket, 817 struct label *oldsocketlabel, struct socket *newsocket, 818 struct label *newsocketlabel) 819{ 820 struct mac_biba *source, *dest; 821 822 source = SLOT(oldsocketlabel); 823 dest = SLOT(newsocketlabel); 824 825 mac_biba_copy_single(source, dest); 826 mac_biba_copy_range(source, dest); 827} 828 829static void 830mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 831 struct label *socketlabel, struct label *newlabel) 832{ 833 struct mac_biba *source, *dest; 834 835 source = SLOT(newlabel); 836 dest = SLOT(socketlabel); 837 838 mac_biba_copy_single(source, dest); 839 mac_biba_copy_range(source, dest); 840} 841 842static void 843mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 844 struct label *pipelabel, struct label *newlabel) 845{ 846 struct mac_biba *source, *dest; 847 848 source = SLOT(newlabel); 849 dest = SLOT(pipelabel); 850 851 mac_biba_copy_single(source, dest); 852} 853 854static void 855mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 856 struct socket *socket, struct label *socketpeerlabel) 857{ 858 struct mac_biba *source, *dest; 859 860 source = SLOT(mbuflabel); 861 dest = SLOT(socketpeerlabel); 862 863 mac_biba_copy_single(source, dest); 864} 865 866/* 867 * Labeling event operations: network objects. 868 */ 869static void 870mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 871 struct label *oldsocketlabel, struct socket *newsocket, 872 struct label *newsocketpeerlabel) 873{ 874 struct mac_biba *source, *dest; 875 876 source = SLOT(oldsocketlabel); 877 dest = SLOT(newsocketpeerlabel); 878 879 mac_biba_copy_single(source, dest); 880} 881 882static void 883mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 884 struct label *bpflabel) 885{ 886 struct mac_biba *source, *dest; 887 888 source = SLOT(&cred->cr_label); 889 dest = SLOT(bpflabel); 890 891 mac_biba_copy_single(source, dest); 892} 893 894static void 895mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 896{ 897 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 898 char tiflist[sizeof(trusted_interfaces)]; 899 struct mac_biba *dest; 900 int len, grade; 901 902 dest = SLOT(ifnetlabel); 903 904 if (ifnet->if_type == IFT_LOOP) { 905 grade = MAC_BIBA_TYPE_EQUAL; 906 goto set; 907 } 908 909 if (trust_all_interfaces) { 910 grade = MAC_BIBA_TYPE_HIGH; 911 goto set; 912 } 913 914 grade = MAC_BIBA_TYPE_LOW; 915 916 if (trusted_interfaces[0] == '\0' || 917 !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 918 goto set; 919 920 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 921 if(*p != ' ' && *p != '\t') 922 *q = *p; 923 924 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 925 926 for (p = q = tiflist;; p++) { 927 if (*p == ',' || *p == '\0') { 928 len = p - q; 929 if (len < IFNAMSIZ) { 930 bzero(tifname, sizeof(tifname)); 931 bcopy(q, tifname, len); 932 if (strcmp(tifname, ifname) == 0) { 933 grade = MAC_BIBA_TYPE_HIGH; 934 break; 935 } 936 } 937 if (*p == '\0') 938 break; 939 q = p + 1; 940 } 941 } 942set: 943 mac_biba_set_single(dest, grade, 0); 944 mac_biba_set_range(dest, grade, 0, grade, 0); 945} 946 947static void 948mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 949 struct ipq *ipq, struct label *ipqlabel) 950{ 951 struct mac_biba *source, *dest; 952 953 source = SLOT(fragmentlabel); 954 dest = SLOT(ipqlabel); 955 956 mac_biba_copy_single(source, dest); 957} 958 959static void 960mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 961 struct mbuf *datagram, struct label *datagramlabel) 962{ 963 struct mac_biba *source, *dest; 964 965 source = SLOT(ipqlabel); 966 dest = SLOT(datagramlabel); 967 968 /* Just use the head, since we require them all to match. */ 969 mac_biba_copy_single(source, dest); 970} 971 972static void 973mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 974 struct mbuf *fragment, struct label *fragmentlabel) 975{ 976 struct mac_biba *source, *dest; 977 978 source = SLOT(datagramlabel); 979 dest = SLOT(fragmentlabel); 980 981 mac_biba_copy_single(source, dest); 982} 983 984static void 985mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 986 struct label *oldmbuflabel, struct mbuf *newmbuf, 987 struct label *newmbuflabel) 988{ 989 struct mac_biba *source, *dest; 990 991 source = SLOT(oldmbuflabel); 992 dest = SLOT(newmbuflabel); 993 994 mac_biba_copy_single(source, dest); 995} 996 997static void 998mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 999 struct mbuf *mbuf, struct label *mbuflabel) 1000{ 1001 struct mac_biba *dest; 1002 1003 dest = SLOT(mbuflabel); 1004 1005 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1006} 1007 1008static void 1009mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1010 struct mbuf *mbuf, struct label *mbuflabel) 1011{ 1012 struct mac_biba *source, *dest; 1013 1014 source = SLOT(bpflabel); 1015 dest = SLOT(mbuflabel); 1016 1017 mac_biba_copy_single(source, dest); 1018} 1019 1020static void 1021mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1022 struct mbuf *m, struct label *mbuflabel) 1023{ 1024 struct mac_biba *source, *dest; 1025 1026 source = SLOT(ifnetlabel); 1027 dest = SLOT(mbuflabel); 1028 1029 mac_biba_copy_single(source, dest); 1030} 1031 1032static void 1033mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1034 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1035 struct mbuf *newmbuf, struct label *newmbuflabel) 1036{ 1037 struct mac_biba *source, *dest; 1038 1039 source = SLOT(oldmbuflabel); 1040 dest = SLOT(newmbuflabel); 1041 1042 mac_biba_copy_single(source, dest); 1043} 1044 1045static void 1046mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1047 struct mbuf *newmbuf, struct label *newmbuflabel) 1048{ 1049 struct mac_biba *source, *dest; 1050 1051 source = SLOT(oldmbuflabel); 1052 dest = SLOT(newmbuflabel); 1053 1054 mac_biba_copy_single(source, dest); 1055} 1056 1057static int 1058mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1059 struct ipq *ipq, struct label *ipqlabel) 1060{ 1061 struct mac_biba *a, *b; 1062 1063 a = SLOT(ipqlabel); 1064 b = SLOT(fragmentlabel); 1065 1066 return (mac_biba_equal_single(a, b)); 1067} 1068 1069static void 1070mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1071 struct label *ifnetlabel, struct label *newlabel) 1072{ 1073 struct mac_biba *source, *dest; 1074 1075 source = SLOT(newlabel); 1076 dest = SLOT(ifnetlabel); 1077 1078 mac_biba_copy_single(source, dest); 1079 mac_biba_copy_range(source, dest); 1080} 1081 1082static void 1083mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1084 struct ipq *ipq, struct label *ipqlabel) 1085{ 1086 1087 /* NOOP: we only accept matching labels, so no need to update */ 1088} 1089 1090/* 1091 * Labeling event operations: processes. 1092 */ 1093static void 1094mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1095{ 1096 struct mac_biba *source, *dest; 1097 1098 source = SLOT(&cred_parent->cr_label); 1099 dest = SLOT(&cred_child->cr_label); 1100 1101 mac_biba_copy_single(source, dest); 1102 mac_biba_copy_range(source, dest); 1103} 1104 1105static void 1106mac_biba_execve_transition(struct ucred *old, struct ucred *new, 1107 struct vnode *vp, struct mac *vnodelabel) 1108{ 1109 struct mac_biba *source, *dest; 1110 1111 source = SLOT(&old->cr_label); 1112 dest = SLOT(&new->cr_label); 1113 1114 mac_biba_copy_single(source, dest); 1115 mac_biba_copy_range(source, dest); 1116} 1117 1118static int 1119mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1120 struct mac *vnodelabel) 1121{ 1122 1123 return (0); 1124} 1125 1126static void 1127mac_biba_create_proc0(struct ucred *cred) 1128{ 1129 struct mac_biba *dest; 1130 1131 dest = SLOT(&cred->cr_label); 1132 1133 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1134 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1135} 1136 1137static void 1138mac_biba_create_proc1(struct ucred *cred) 1139{ 1140 struct mac_biba *dest; 1141 1142 dest = SLOT(&cred->cr_label); 1143 1144 mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); 1145 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1146} 1147 1148static void 1149mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1150{ 1151 struct mac_biba *source, *dest; 1152 1153 source = SLOT(newlabel); 1154 dest = SLOT(&cred->cr_label); 1155 1156 mac_biba_copy_single(source, dest); 1157 mac_biba_copy_range(source, dest); 1158} 1159 1160/* 1161 * Access control checks. 1162 */ 1163static int 1164mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1165 struct ifnet *ifnet, struct label *ifnetlabel) 1166{ 1167 struct mac_biba *a, *b; 1168 1169 if (!mac_biba_enabled) 1170 return (0); 1171 1172 a = SLOT(bpflabel); 1173 b = SLOT(ifnetlabel); 1174 1175 if (mac_biba_equal_single(a, b)) 1176 return (0); 1177 return (EACCES); 1178} 1179 1180static int 1181mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1182{ 1183 struct mac_biba *subj, *new; 1184 1185 subj = SLOT(&cred->cr_label); 1186 new = SLOT(newlabel); 1187 1188 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1189 return (EINVAL); 1190 1191 /* 1192 * XXX: Allow processes with root privilege to set labels outside 1193 * their range, so suid things like "su" work. This WILL go away 1194 * when we figure out the 'correct' solution... 1195 */ 1196 if (!suser_cred(cred, 0)) 1197 return (0); 1198 1199 /* 1200 * The new single must be in the old range. 1201 */ 1202 if (!mac_biba_single_in_range(new, subj)) 1203 return (EPERM); 1204 1205 /* 1206 * The new range must be in the old range. 1207 */ 1208 if (!mac_biba_range_in_range(new, subj)) 1209 return (EPERM); 1210 1211 /* 1212 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1213 */ 1214 1215 return (0); 1216} 1217 1218static int 1219mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1220{ 1221 struct mac_biba *subj, *obj; 1222 1223 if (!mac_biba_enabled) 1224 return (0); 1225 1226 subj = SLOT(&u1->cr_label); 1227 obj = SLOT(&u2->cr_label); 1228 1229 /* XXX: range */ 1230 if (!mac_biba_dominate_single(obj, subj)) 1231 return (ESRCH); 1232 1233 return (0); 1234} 1235 1236static int 1237mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1238 struct label *ifnetlabel, struct label *newlabel) 1239{ 1240 struct mac_biba *subj, *new; 1241 1242 subj = SLOT(&cred->cr_label); 1243 new = SLOT(newlabel); 1244 1245 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1246 return (EINVAL); 1247 1248 /* 1249 * XXX: Only Biba HIGH subjects may relabel interfaces. */ 1250 if (!mac_biba_high_single(subj)) 1251 return (EPERM); 1252 1253 return (suser_cred(cred, 0)); 1254} 1255 1256static int 1257mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1258 struct mbuf *m, struct label *mbuflabel) 1259{ 1260 struct mac_biba *p, *i; 1261 1262 if (!mac_biba_enabled) 1263 return (0); 1264 1265 p = SLOT(mbuflabel); 1266 i = SLOT(ifnetlabel); 1267 1268 return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1269} 1270 1271static int 1272mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1273 struct label *mntlabel) 1274{ 1275 struct mac_biba *subj, *obj; 1276 1277 if (!mac_biba_enabled) 1278 return (0); 1279 1280 subj = SLOT(&cred->cr_label); 1281 obj = SLOT(mntlabel); 1282 1283 if (!mac_biba_dominate_single(obj, subj)) 1284 return (EACCES); 1285 1286 return (0); 1287} 1288 1289static int 1290mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1291 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1292{ 1293 1294 if(!mac_biba_enabled) 1295 return (0); 1296 1297 /* XXX: This will be implemented soon... */ 1298 1299 return (0); 1300} 1301 1302static int 1303mac_biba_check_pipe_op(struct ucred *cred, struct pipe *pipe, 1304 struct label *pipelabel, int op) 1305{ 1306 struct mac_biba *subj, *obj; 1307 1308 if (!mac_biba_enabled) 1309 return (0); 1310 1311 subj = SLOT(&cred->cr_label); 1312 obj = SLOT((pipelabel)); 1313 1314 switch(op) { 1315 case MAC_OP_PIPE_READ: 1316 case MAC_OP_PIPE_STAT: 1317 case MAC_OP_PIPE_POLL: 1318 if (!mac_biba_dominate_single(obj, subj)) 1319 return (EACCES); 1320 break; 1321 case MAC_OP_PIPE_WRITE: 1322 if (!mac_biba_dominate_single(subj, obj)) 1323 return (EACCES); 1324 break; 1325 default: 1326 panic("mac_biba_check_pipe_op: invalid pipe operation"); 1327 } 1328 1329 return (0); 1330} 1331 1332static int 1333mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1334 struct label *pipelabel, struct label *newlabel) 1335{ 1336 struct mac_biba *subj, *obj, *new; 1337 1338 new = SLOT(newlabel); 1339 subj = SLOT(&cred->cr_label); 1340 obj = SLOT(pipelabel); 1341 1342 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1343 return (EINVAL); 1344 1345 /* 1346 * To relabel a pipe, the old pipe label must be in the subject 1347 * range. 1348 */ 1349 if (!mac_biba_single_in_range(obj, subj)) 1350 return (EPERM); 1351 1352 /* 1353 * To relabel a pipe, the new pipe label must be in the subject 1354 * range. 1355 */ 1356 if (!mac_biba_single_in_range(new, subj)) 1357 return (EPERM); 1358 1359 /* 1360 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1361 */ 1362 1363 return (0); 1364} 1365 1366static int 1367mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1368{ 1369 struct mac_biba *subj, *obj; 1370 1371 if (!mac_biba_enabled) 1372 return (0); 1373 1374 subj = SLOT(&cred->cr_label); 1375 obj = SLOT(&proc->p_ucred->cr_label); 1376 1377 /* XXX: range checks */ 1378 if (!mac_biba_dominate_single(obj, subj)) 1379 return (ESRCH); 1380 if (!mac_biba_dominate_single(subj, obj)) 1381 return (EACCES); 1382 1383 return (0); 1384} 1385 1386static int 1387mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1388{ 1389 struct mac_biba *subj, *obj; 1390 1391 if (!mac_biba_enabled) 1392 return (0); 1393 1394 subj = SLOT(&cred->cr_label); 1395 obj = SLOT(&proc->p_ucred->cr_label); 1396 1397 /* XXX: range checks */ 1398 if (!mac_biba_dominate_single(obj, subj)) 1399 return (ESRCH); 1400 if (!mac_biba_dominate_single(subj, obj)) 1401 return (EACCES); 1402 1403 return (0); 1404} 1405 1406static int 1407mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1408{ 1409 struct mac_biba *subj, *obj; 1410 1411 if (!mac_biba_enabled) 1412 return (0); 1413 1414 subj = SLOT(&cred->cr_label); 1415 obj = SLOT(&proc->p_ucred->cr_label); 1416 1417 /* XXX: range checks */ 1418 if (!mac_biba_dominate_single(obj, subj)) 1419 return (ESRCH); 1420 if (!mac_biba_dominate_single(subj, obj)) 1421 return (EACCES); 1422 1423 return (0); 1424} 1425 1426static int 1427mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1428 struct mbuf *m, struct label *mbuflabel) 1429{ 1430 struct mac_biba *p, *s; 1431 1432 if (!mac_biba_enabled) 1433 return (0); 1434 1435 p = SLOT(mbuflabel); 1436 s = SLOT(socketlabel); 1437 1438 return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1439} 1440 1441static int 1442mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, 1443 struct label *socketlabel, struct label *newlabel) 1444{ 1445 struct mac_biba *subj, *obj, *new; 1446 1447 new = SLOT(newlabel); 1448 subj = SLOT(&cred->cr_label); 1449 obj = SLOT(socketlabel); 1450 1451 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1452 return (EINVAL); 1453 1454 /* 1455 * To relabel a socket, the old socket label must be in the subject 1456 * range. 1457 */ 1458 if (!mac_biba_single_in_range(obj, subj)) 1459 return (EPERM); 1460 1461 /* 1462 * To relabel a socket, the new socket label must be in the subject 1463 * range. 1464 */ 1465 if (!mac_biba_single_in_range(new, subj)) 1466 return (EPERM); 1467 1468 /* 1469 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1470 */ 1471 1472 return (0); 1473} 1474 1475static int 1476mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1477 struct label *socketlabel) 1478{ 1479 struct mac_biba *subj, *obj; 1480 1481 subj = SLOT(&cred->cr_label); 1482 obj = SLOT(socketlabel); 1483 1484 if (!mac_biba_dominate_single(obj, subj)) 1485 return (ENOENT); 1486 1487 return (0); 1488} 1489 1490static int 1491mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp, 1492 struct label *label, mode_t flags) 1493{ 1494 1495 return (mac_biba_check_vnode_open(cred, vp, label, flags)); 1496} 1497 1498static int 1499mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1500 struct label *dlabel) 1501{ 1502 struct mac_biba *subj, *obj; 1503 1504 if (!mac_biba_enabled) 1505 return (0); 1506 1507 subj = SLOT(&cred->cr_label); 1508 obj = SLOT(dlabel); 1509 1510 if (!mac_biba_dominate_single(obj, subj)) 1511 return (EACCES); 1512 1513 return (0); 1514} 1515 1516static int 1517mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1518 struct label *dlabel) 1519{ 1520 struct mac_biba *subj, *obj; 1521 1522 if (!mac_biba_enabled) 1523 return (0); 1524 1525 subj = SLOT(&cred->cr_label); 1526 obj = SLOT(dlabel); 1527 1528 if (!mac_biba_dominate_single(obj, subj)) 1529 return (EACCES); 1530 1531 return (0); 1532} 1533 1534static int 1535mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1536 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1537{ 1538 struct mac_biba *subj, *obj; 1539 1540 if (!mac_biba_enabled) 1541 return (0); 1542 1543 subj = SLOT(&cred->cr_label); 1544 obj = SLOT(dlabel); 1545 1546 if (!mac_biba_dominate_single(subj, obj)) 1547 return (EACCES); 1548 1549 return (0); 1550} 1551 1552static int 1553mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1554 struct label *dlabel, struct vnode *vp, struct label *label, 1555 struct componentname *cnp) 1556{ 1557 struct mac_biba *subj, *obj; 1558 1559 if (!mac_biba_enabled) 1560 return (0); 1561 1562 subj = SLOT(&cred->cr_label); 1563 obj = SLOT(dlabel); 1564 1565 if (!mac_biba_dominate_single(subj, obj)) 1566 return (EACCES); 1567 1568 obj = SLOT(label); 1569 1570 if (!mac_biba_dominate_single(subj, obj)) 1571 return (EACCES); 1572 1573 return (0); 1574} 1575 1576static int 1577mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1578 struct label *label, acl_type_t type) 1579{ 1580 struct mac_biba *subj, *obj; 1581 1582 if (!mac_biba_enabled) 1583 return (0); 1584 1585 subj = SLOT(&cred->cr_label); 1586 obj = SLOT(label); 1587 1588 if (!mac_biba_dominate_single(subj, obj)) 1589 return (EACCES); 1590 1591 return (0); 1592} 1593 1594static int 1595mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1596 struct label *label) 1597{ 1598 struct mac_biba *subj, *obj; 1599 1600 if (!mac_biba_enabled) 1601 return (0); 1602 1603 subj = SLOT(&cred->cr_label); 1604 obj = SLOT(label); 1605 1606 if (!mac_biba_dominate_single(obj, subj)) 1607 return (EACCES); 1608 1609 return (0); 1610} 1611 1612static int 1613mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1614 struct label *label, acl_type_t type) 1615{ 1616 struct mac_biba *subj, *obj; 1617 1618 if (!mac_biba_enabled) 1619 return (0); 1620 1621 subj = SLOT(&cred->cr_label); 1622 obj = SLOT(label); 1623 1624 if (!mac_biba_dominate_single(obj, subj)) 1625 return (EACCES); 1626 1627 return (0); 1628} 1629 1630static int 1631mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1632 struct label *label, int attrnamespace, const char *name, struct uio *uio) 1633{ 1634 struct mac_biba *subj, *obj; 1635 1636 if (!mac_biba_enabled) 1637 return (0); 1638 1639 subj = SLOT(&cred->cr_label); 1640 obj = SLOT(label); 1641 1642 if (!mac_biba_dominate_single(obj, subj)) 1643 return (EACCES); 1644 1645 return (0); 1646} 1647 1648static int 1649mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1650 struct label *dlabel, struct componentname *cnp) 1651{ 1652 struct mac_biba *subj, *obj; 1653 1654 if (!mac_biba_enabled) 1655 return (0); 1656 1657 subj = SLOT(&cred->cr_label); 1658 obj = SLOT(dlabel); 1659 1660 if (!mac_biba_dominate_single(obj, subj)) 1661 return (EACCES); 1662 1663 return (0); 1664} 1665 1666static int 1667mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 1668 struct label *vnodelabel, mode_t acc_mode) 1669{ 1670 struct mac_biba *subj, *obj; 1671 1672 if (!mac_biba_enabled) 1673 return (0); 1674 1675 subj = SLOT(&cred->cr_label); 1676 obj = SLOT(vnodelabel); 1677 1678 /* XXX privilege override for admin? */ 1679 if (acc_mode & (VREAD | VEXEC | VSTAT)) { 1680 if (!mac_biba_dominate_single(obj, subj)) 1681 return (EACCES); 1682 } 1683 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 1684 if (!mac_biba_dominate_single(subj, obj)) 1685 return (EACCES); 1686 } 1687 1688 return (0); 1689} 1690 1691static int 1692mac_biba_check_vnode_poll(struct ucred *cred, struct vnode *vp, 1693 struct label *label) 1694{ 1695 struct mac_biba *subj, *obj; 1696 1697 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1698 return (0); 1699 1700 subj = SLOT(&cred->cr_label); 1701 obj = SLOT(label); 1702 1703 if (!mac_biba_dominate_single(obj, subj)) 1704 return (EACCES); 1705 1706 return (0); 1707} 1708 1709static int 1710mac_biba_check_vnode_read(struct ucred *cred, struct vnode *vp, 1711 struct label *label) 1712{ 1713 struct mac_biba *subj, *obj; 1714 1715 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1716 return (0); 1717 1718 subj = SLOT(&cred->cr_label); 1719 obj = SLOT(label); 1720 1721 if (!mac_biba_dominate_single(obj, subj)) 1722 return (EACCES); 1723 1724 return (0); 1725} 1726 1727static int 1728mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 1729 struct label *dlabel) 1730{ 1731 struct mac_biba *subj, *obj; 1732 1733 if (!mac_biba_enabled) 1734 return (0); 1735 1736 subj = SLOT(&cred->cr_label); 1737 obj = SLOT(dlabel); 1738 1739 if (!mac_biba_dominate_single(obj, subj)) 1740 return (EACCES); 1741 1742 return (0); 1743} 1744 1745static int 1746mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1747 struct label *label) 1748{ 1749 struct mac_biba *subj, *obj; 1750 1751 if (!mac_biba_enabled) 1752 return (0); 1753 1754 subj = SLOT(&cred->cr_label); 1755 obj = SLOT(label); 1756 1757 if (!mac_biba_dominate_single(obj, subj)) 1758 return (EACCES); 1759 1760 return (0); 1761} 1762 1763static int 1764mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1765 struct label *vnodelabel, struct label *newlabel) 1766{ 1767 struct mac_biba *old, *new, *subj; 1768 1769 old = SLOT(vnodelabel); 1770 new = SLOT(newlabel); 1771 subj = SLOT(&cred->cr_label); 1772 1773 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1774 return (EINVAL); 1775 1776 /* 1777 * To relabel a vnode, the old vnode label must be in the subject 1778 * range. 1779 */ 1780 if (!mac_biba_single_in_range(old, subj)) 1781 return (EPERM); 1782 1783 /* 1784 * To relabel a vnode, the new vnode label must be in the subject 1785 * range. 1786 */ 1787 if (!mac_biba_single_in_range(new, subj)) 1788 return (EPERM); 1789 1790 /* 1791 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1792 */ 1793 1794 return (suser_cred(cred, 0)); 1795} 1796 1797static int 1798mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1799 struct label *dlabel, struct vnode *vp, struct label *label, 1800 struct componentname *cnp) 1801{ 1802 struct mac_biba *subj, *obj; 1803 1804 if (!mac_biba_enabled) 1805 return (0); 1806 1807 subj = SLOT(&cred->cr_label); 1808 obj = SLOT(dlabel); 1809 1810 if (!mac_biba_dominate_single(subj, obj)) 1811 return (EACCES); 1812 1813 obj = SLOT(label); 1814 1815 if (!mac_biba_dominate_single(subj, obj)) 1816 return (EACCES); 1817 1818 return (0); 1819} 1820 1821static int 1822mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1823 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1824 struct componentname *cnp) 1825{ 1826 struct mac_biba *subj, *obj; 1827 1828 if (!mac_biba_enabled) 1829 return (0); 1830 1831 subj = SLOT(&cred->cr_label); 1832 obj = SLOT(dlabel); 1833 1834 if (!mac_biba_dominate_single(subj, obj)) 1835 return (EACCES); 1836 1837 if (vp != NULL) { 1838 obj = SLOT(label); 1839 1840 if (!mac_biba_dominate_single(subj, obj)) 1841 return (EACCES); 1842 } 1843 1844 return (0); 1845} 1846 1847static int 1848mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1849 struct label *label) 1850{ 1851 struct mac_biba *subj, *obj; 1852 1853 if (!mac_biba_enabled) 1854 return (0); 1855 1856 subj = SLOT(&cred->cr_label); 1857 obj = SLOT(label); 1858 1859 if (!mac_biba_dominate_single(subj, obj)) 1860 return (EACCES); 1861 1862 return (0); 1863} 1864 1865static int 1866mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1867 struct label *label, acl_type_t type, struct acl *acl) 1868{ 1869 struct mac_biba *subj, *obj; 1870 1871 if (!mac_biba_enabled) 1872 return (0); 1873 1874 subj = SLOT(&cred->cr_label); 1875 obj = SLOT(label); 1876 1877 if (!mac_biba_dominate_single(subj, obj)) 1878 return (EACCES); 1879 1880 return (0); 1881} 1882 1883static int 1884mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1885 struct label *vnodelabel, int attrnamespace, const char *name, 1886 struct uio *uio) 1887{ 1888 struct mac_biba *subj, *obj; 1889 1890 if (!mac_biba_enabled) 1891 return (0); 1892 1893 subj = SLOT(&cred->cr_label); 1894 obj = SLOT(vnodelabel); 1895 1896 if (!mac_biba_dominate_single(subj, obj)) 1897 return (EACCES); 1898 1899 /* XXX: protect the MAC EA in a special way? */ 1900 1901 return (0); 1902} 1903 1904static int 1905mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1906 struct label *vnodelabel, u_long flags) 1907{ 1908 struct mac_biba *subj, *obj; 1909 1910 if (!mac_biba_enabled) 1911 return (0); 1912 1913 subj = SLOT(&cred->cr_label); 1914 obj = SLOT(vnodelabel); 1915 1916 if (!mac_biba_dominate_single(subj, obj)) 1917 return (EACCES); 1918 1919 return (0); 1920} 1921 1922static int 1923mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1924 struct label *vnodelabel, mode_t mode) 1925{ 1926 struct mac_biba *subj, *obj; 1927 1928 if (!mac_biba_enabled) 1929 return (0); 1930 1931 subj = SLOT(&cred->cr_label); 1932 obj = SLOT(vnodelabel); 1933 1934 if (!mac_biba_dominate_single(subj, obj)) 1935 return (EACCES); 1936 1937 return (0); 1938} 1939 1940static int 1941mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1942 struct label *vnodelabel, uid_t uid, gid_t gid) 1943{ 1944 struct mac_biba *subj, *obj; 1945 1946 if (!mac_biba_enabled) 1947 return (0); 1948 1949 subj = SLOT(&cred->cr_label); 1950 obj = SLOT(vnodelabel); 1951 1952 if (!mac_biba_dominate_single(subj, obj)) 1953 return (EACCES); 1954 1955 return (0); 1956} 1957 1958static int 1959mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1960 struct label *vnodelabel, struct timespec atime, struct timespec mtime) 1961{ 1962 struct mac_biba *subj, *obj; 1963 1964 if (!mac_biba_enabled) 1965 return (0); 1966 1967 subj = SLOT(&cred->cr_label); 1968 obj = SLOT(vnodelabel); 1969 1970 if (!mac_biba_dominate_single(subj, obj)) 1971 return (EACCES); 1972 1973 return (0); 1974} 1975 1976static int 1977mac_biba_check_vnode_stat(struct ucred *cred, struct vnode *vp, 1978 struct label *vnodelabel) 1979{ 1980 struct mac_biba *subj, *obj; 1981 1982 if (!mac_biba_enabled) 1983 return (0); 1984 1985 subj = SLOT(&cred->cr_label); 1986 obj = SLOT(vnodelabel); 1987 1988 if (!mac_biba_dominate_single(obj, subj)) 1989 return (EACCES); 1990 1991 return (0); 1992} 1993 1994static int 1995mac_biba_check_vnode_write(struct ucred *cred, struct vnode *vp, 1996 struct label *label) 1997{ 1998 struct mac_biba *subj, *obj; 1999 2000 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2001 return (0); 2002 2003 subj = SLOT(&cred->cr_label); 2004 obj = SLOT(label); 2005 2006 if (!mac_biba_dominate_single(subj, obj)) 2007 return (EACCES); 2008 2009 return (0); 2010} 2011 2012static vm_prot_t 2013mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, 2014 struct label *label, int newmapping) 2015{ 2016 struct mac_biba *subj, *obj; 2017 vm_prot_t prot = 0; 2018 2019 if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) 2020 return (VM_PROT_ALL); 2021 2022 subj = SLOT(&cred->cr_label); 2023 obj = SLOT(label); 2024 2025 if (mac_biba_dominate_single(obj, subj)) 2026 prot |= VM_PROT_READ | VM_PROT_EXECUTE; 2027 if (mac_biba_dominate_single(subj, obj)) 2028 prot |= VM_PROT_WRITE; 2029 return (prot); 2030} 2031 2032static struct mac_policy_op_entry mac_biba_ops[] = 2033{ 2034 { MAC_DESTROY, 2035 (macop_t)mac_biba_destroy }, 2036 { MAC_INIT, 2037 (macop_t)mac_biba_init }, 2038 { MAC_INIT_BPFDESC, 2039 (macop_t)mac_biba_init_bpfdesc }, 2040 { MAC_INIT_CRED, 2041 (macop_t)mac_biba_init_cred }, 2042 { MAC_INIT_DEVFSDIRENT, 2043 (macop_t)mac_biba_init_devfsdirent }, 2044 { MAC_INIT_IFNET, 2045 (macop_t)mac_biba_init_ifnet }, 2046 { MAC_INIT_IPQ, 2047 (macop_t)mac_biba_init_ipq }, 2048 { MAC_INIT_MBUF, 2049 (macop_t)mac_biba_init_mbuf }, 2050 { MAC_INIT_MOUNT, 2051 (macop_t)mac_biba_init_mount }, 2052 { MAC_INIT_PIPE, 2053 (macop_t)mac_biba_init_pipe }, 2054 { MAC_INIT_SOCKET, 2055 (macop_t)mac_biba_init_socket }, 2056 { MAC_INIT_TEMP, 2057 (macop_t)mac_biba_init_temp }, 2058 { MAC_INIT_VNODE, 2059 (macop_t)mac_biba_init_vnode }, 2060 { MAC_DESTROY_BPFDESC, 2061 (macop_t)mac_biba_destroy_bpfdesc }, 2062 { MAC_DESTROY_CRED, 2063 (macop_t)mac_biba_destroy_cred }, 2064 { MAC_DESTROY_DEVFSDIRENT, 2065 (macop_t)mac_biba_destroy_devfsdirent }, 2066 { MAC_DESTROY_IFNET, 2067 (macop_t)mac_biba_destroy_ifnet }, 2068 { MAC_DESTROY_IPQ, 2069 (macop_t)mac_biba_destroy_ipq }, 2070 { MAC_DESTROY_MBUF, 2071 (macop_t)mac_biba_destroy_mbuf }, 2072 { MAC_DESTROY_MOUNT, 2073 (macop_t)mac_biba_destroy_mount }, 2074 { MAC_DESTROY_PIPE, 2075 (macop_t)mac_biba_destroy_pipe }, 2076 { MAC_DESTROY_SOCKET, 2077 (macop_t)mac_biba_destroy_socket }, 2078 { MAC_DESTROY_TEMP, 2079 (macop_t)mac_biba_destroy_temp }, 2080 { MAC_DESTROY_VNODE, 2081 (macop_t)mac_biba_destroy_vnode }, 2082 { MAC_EXTERNALIZE, 2083 (macop_t)mac_biba_externalize }, 2084 { MAC_INTERNALIZE, 2085 (macop_t)mac_biba_internalize }, 2086 { MAC_CREATE_DEVFS_DEVICE, 2087 (macop_t)mac_biba_create_devfs_device }, 2088 { MAC_CREATE_DEVFS_DIRECTORY, 2089 (macop_t)mac_biba_create_devfs_directory }, 2090 { MAC_CREATE_DEVFS_VNODE, 2091 (macop_t)mac_biba_create_devfs_vnode }, 2092 { MAC_CREATE_VNODE, 2093 (macop_t)mac_biba_create_vnode }, 2094 { MAC_CREATE_MOUNT, 2095 (macop_t)mac_biba_create_mount }, 2096 { MAC_CREATE_ROOT_MOUNT, 2097 (macop_t)mac_biba_create_root_mount }, 2098 { MAC_RELABEL_VNODE, 2099 (macop_t)mac_biba_relabel_vnode }, 2100 { MAC_UPDATE_DEVFSDIRENT, 2101 (macop_t)mac_biba_update_devfsdirent }, 2102 { MAC_UPDATE_PROCFSVNODE, 2103 (macop_t)mac_biba_update_procfsvnode }, 2104 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 2105 (macop_t)mac_biba_update_vnode_from_externalized }, 2106 { MAC_UPDATE_VNODE_FROM_MOUNT, 2107 (macop_t)mac_biba_update_vnode_from_mount }, 2108 { MAC_CREATE_MBUF_FROM_SOCKET, 2109 (macop_t)mac_biba_create_mbuf_from_socket }, 2110 { MAC_CREATE_PIPE, 2111 (macop_t)mac_biba_create_pipe }, 2112 { MAC_CREATE_SOCKET, 2113 (macop_t)mac_biba_create_socket }, 2114 { MAC_CREATE_SOCKET_FROM_SOCKET, 2115 (macop_t)mac_biba_create_socket_from_socket }, 2116 { MAC_RELABEL_PIPE, 2117 (macop_t)mac_biba_relabel_pipe }, 2118 { MAC_RELABEL_SOCKET, 2119 (macop_t)mac_biba_relabel_socket }, 2120 { MAC_SET_SOCKET_PEER_FROM_MBUF, 2121 (macop_t)mac_biba_set_socket_peer_from_mbuf }, 2122 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 2123 (macop_t)mac_biba_set_socket_peer_from_socket }, 2124 { MAC_CREATE_BPFDESC, 2125 (macop_t)mac_biba_create_bpfdesc }, 2126 { MAC_CREATE_DATAGRAM_FROM_IPQ, 2127 (macop_t)mac_biba_create_datagram_from_ipq }, 2128 { MAC_CREATE_FRAGMENT, 2129 (macop_t)mac_biba_create_fragment }, 2130 { MAC_CREATE_IFNET, 2131 (macop_t)mac_biba_create_ifnet }, 2132 { MAC_CREATE_IPQ, 2133 (macop_t)mac_biba_create_ipq }, 2134 { MAC_CREATE_MBUF_FROM_MBUF, 2135 (macop_t)mac_biba_create_mbuf_from_mbuf }, 2136 { MAC_CREATE_MBUF_LINKLAYER, 2137 (macop_t)mac_biba_create_mbuf_linklayer }, 2138 { MAC_CREATE_MBUF_FROM_BPFDESC, 2139 (macop_t)mac_biba_create_mbuf_from_bpfdesc }, 2140 { MAC_CREATE_MBUF_FROM_IFNET, 2141 (macop_t)mac_biba_create_mbuf_from_ifnet }, 2142 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 2143 (macop_t)mac_biba_create_mbuf_multicast_encap }, 2144 { MAC_CREATE_MBUF_NETLAYER, 2145 (macop_t)mac_biba_create_mbuf_netlayer }, 2146 { MAC_FRAGMENT_MATCH, 2147 (macop_t)mac_biba_fragment_match }, 2148 { MAC_RELABEL_IFNET, 2149 (macop_t)mac_biba_relabel_ifnet }, 2150 { MAC_UPDATE_IPQ, 2151 (macop_t)mac_biba_update_ipq }, 2152 { MAC_CREATE_CRED, 2153 (macop_t)mac_biba_create_cred }, 2154 { MAC_EXECVE_TRANSITION, 2155 (macop_t)mac_biba_execve_transition }, 2156 { MAC_EXECVE_WILL_TRANSITION, 2157 (macop_t)mac_biba_execve_will_transition }, 2158 { MAC_CREATE_PROC0, 2159 (macop_t)mac_biba_create_proc0 }, 2160 { MAC_CREATE_PROC1, 2161 (macop_t)mac_biba_create_proc1 }, 2162 { MAC_RELABEL_CRED, 2163 (macop_t)mac_biba_relabel_cred }, 2164 { MAC_CHECK_BPFDESC_RECEIVE, 2165 (macop_t)mac_biba_check_bpfdesc_receive }, 2166 { MAC_CHECK_CRED_RELABEL, 2167 (macop_t)mac_biba_check_cred_relabel }, 2168 { MAC_CHECK_CRED_VISIBLE, 2169 (macop_t)mac_biba_check_cred_visible }, 2170 { MAC_CHECK_IFNET_RELABEL, 2171 (macop_t)mac_biba_check_ifnet_relabel }, 2172 { MAC_CHECK_IFNET_TRANSMIT, 2173 (macop_t)mac_biba_check_ifnet_transmit }, 2174 { MAC_CHECK_MOUNT_STAT, 2175 (macop_t)mac_biba_check_mount_stat }, 2176 { MAC_CHECK_PIPE_IOCTL, 2177 (macop_t)mac_biba_check_pipe_ioctl }, 2178 { MAC_CHECK_PIPE_OP, 2179 (macop_t)mac_biba_check_pipe_op }, 2180 { MAC_CHECK_PIPE_RELABEL, 2181 (macop_t)mac_biba_check_pipe_relabel }, 2182 { MAC_CHECK_PROC_DEBUG, 2183 (macop_t)mac_biba_check_proc_debug }, 2184 { MAC_CHECK_PROC_SCHED, 2185 (macop_t)mac_biba_check_proc_sched }, 2186 { MAC_CHECK_PROC_SIGNAL, 2187 (macop_t)mac_biba_check_proc_signal }, 2188 { MAC_CHECK_SOCKET_DELIVER, 2189 (macop_t)mac_biba_check_socket_deliver }, 2190 { MAC_CHECK_SOCKET_RELABEL, 2191 (macop_t)mac_biba_check_socket_relabel }, 2192 { MAC_CHECK_SOCKET_VISIBLE, 2193 (macop_t)mac_biba_check_socket_visible }, 2194 { MAC_CHECK_VNODE_ACCESS, 2195 (macop_t)mac_biba_check_vnode_access }, 2196 { MAC_CHECK_VNODE_CHDIR, 2197 (macop_t)mac_biba_check_vnode_chdir }, 2198 { MAC_CHECK_VNODE_CHROOT, 2199 (macop_t)mac_biba_check_vnode_chroot }, 2200 { MAC_CHECK_VNODE_CREATE, 2201 (macop_t)mac_biba_check_vnode_create }, 2202 { MAC_CHECK_VNODE_DELETE, 2203 (macop_t)mac_biba_check_vnode_delete }, 2204 { MAC_CHECK_VNODE_DELETEACL, 2205 (macop_t)mac_biba_check_vnode_deleteacl }, 2206 { MAC_CHECK_VNODE_EXEC, 2207 (macop_t)mac_biba_check_vnode_exec }, 2208 { MAC_CHECK_VNODE_GETACL, 2209 (macop_t)mac_biba_check_vnode_getacl }, 2210 { MAC_CHECK_VNODE_GETEXTATTR, 2211 (macop_t)mac_biba_check_vnode_getextattr }, 2212 { MAC_CHECK_VNODE_LOOKUP, 2213 (macop_t)mac_biba_check_vnode_lookup }, 2214 { MAC_CHECK_VNODE_OPEN, 2215 (macop_t)mac_biba_check_vnode_open }, 2216 { MAC_CHECK_VNODE_POLL, 2217 (macop_t)mac_biba_check_vnode_poll }, 2218 { MAC_CHECK_VNODE_READ, 2219 (macop_t)mac_biba_check_vnode_read }, 2220 { MAC_CHECK_VNODE_READDIR, 2221 (macop_t)mac_biba_check_vnode_readdir }, 2222 { MAC_CHECK_VNODE_READLINK, 2223 (macop_t)mac_biba_check_vnode_readlink }, 2224 { MAC_CHECK_VNODE_RELABEL, 2225 (macop_t)mac_biba_check_vnode_relabel }, 2226 { MAC_CHECK_VNODE_RENAME_FROM, 2227 (macop_t)mac_biba_check_vnode_rename_from }, 2228 { MAC_CHECK_VNODE_RENAME_TO, 2229 (macop_t)mac_biba_check_vnode_rename_to }, 2230 { MAC_CHECK_VNODE_REVOKE, 2231 (macop_t)mac_biba_check_vnode_revoke }, 2232 { MAC_CHECK_VNODE_SETACL, 2233 (macop_t)mac_biba_check_vnode_setacl }, 2234 { MAC_CHECK_VNODE_SETEXTATTR, 2235 (macop_t)mac_biba_check_vnode_setextattr }, 2236 { MAC_CHECK_VNODE_SETFLAGS, 2237 (macop_t)mac_biba_check_vnode_setflags }, 2238 { MAC_CHECK_VNODE_SETMODE, 2239 (macop_t)mac_biba_check_vnode_setmode }, 2240 { MAC_CHECK_VNODE_SETOWNER, 2241 (macop_t)mac_biba_check_vnode_setowner }, 2242 { MAC_CHECK_VNODE_SETUTIMES, 2243 (macop_t)mac_biba_check_vnode_setutimes }, 2244 { MAC_CHECK_VNODE_STAT, 2245 (macop_t)mac_biba_check_vnode_stat }, 2246 { MAC_CHECK_VNODE_WRITE, 2247 (macop_t)mac_biba_check_vnode_write }, 2248 { MAC_CHECK_VNODE_MMAP_PERMS, 2249 (macop_t)mac_biba_check_vnode_mmap_perms }, 2250 { MAC_OP_LAST, NULL } 2251}; 2252 2253MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2254 MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2255