mac_biba.c revision 102129
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8101099Srwatson * This software was developed for the FreeBSD Project in part by NAI Labs, 9101099Srwatson * the Security Research Division of Network Associates, Inc. under 10101099Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11101099Srwatson * CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 3. The names of the authors may not be used to endorse or promote 22101099Srwatson * products derived from this software without specific prior written 23101099Srwatson * permission. 24101099Srwatson * 25101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35101099Srwatson * SUCH DAMAGE. 36101099Srwatson * 37101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 102129 2002-08-19 19:04:53Z rwatson $ 38101099Srwatson */ 39101099Srwatson 40101099Srwatson/* 41101099Srwatson * Developed by the TrustedBSD Project. 42101099Srwatson * Biba fixed label mandatory integrity policy. 43101099Srwatson */ 44101099Srwatson 45101099Srwatson#include <sys/types.h> 46101099Srwatson#include <sys/param.h> 47101099Srwatson#include <sys/acl.h> 48101099Srwatson#include <sys/conf.h> 49101099Srwatson#include <sys/kernel.h> 50101099Srwatson#include <sys/mac.h> 51101099Srwatson#include <sys/mount.h> 52101099Srwatson#include <sys/proc.h> 53101099Srwatson#include <sys/systm.h> 54101099Srwatson#include <sys/sysproto.h> 55101099Srwatson#include <sys/sysent.h> 56101099Srwatson#include <sys/vnode.h> 57101099Srwatson#include <sys/file.h> 58101099Srwatson#include <sys/socket.h> 59101099Srwatson#include <sys/socketvar.h> 60101099Srwatson#include <sys/pipe.h> 61101099Srwatson#include <sys/sysctl.h> 62101099Srwatson 63101099Srwatson#include <fs/devfs/devfs.h> 64101099Srwatson 65101099Srwatson#include <net/bpfdesc.h> 66101099Srwatson#include <net/if.h> 67101099Srwatson#include <net/if_types.h> 68101099Srwatson#include <net/if_var.h> 69101099Srwatson 70101099Srwatson#include <netinet/in.h> 71101099Srwatson#include <netinet/ip_var.h> 72101099Srwatson 73101099Srwatson#include <vm/vm.h> 74101099Srwatson 75101099Srwatson#include <sys/mac_policy.h> 76101099Srwatson 77101099Srwatson#include <security/mac_biba/mac_biba.h> 78101099Srwatson 79101099SrwatsonSYSCTL_DECL(_security_mac); 80101099Srwatson 81101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 82101099Srwatson "TrustedBSD mac_biba policy controls"); 83101099Srwatson 84101099Srwatsonstatic int mac_biba_enabled = 0; 85101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 86101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 87101099Srwatson 88101099Srwatsonstatic int destroyed_not_inited; 89101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 90101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 91101099Srwatson 92101099Srwatsonstatic int trust_all_interfaces = 0; 93101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 94101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 95101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 96101099Srwatson 97101099Srwatsonstatic char trusted_interfaces[128]; 98101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 99101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 100101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 101101099Srwatson sizeof(trusted_interfaces)); 102101099Srwatson 103101099Srwatsonstatic int mac_biba_revocation_enabled = 0; 104101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 105101099Srwatson &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 106101099SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", 107101099Srwatson &mac_biba_revocation_enabled); 108101099Srwatson 109101099Srwatsonstatic int mac_biba_slot; 110101099Srwatson#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 111101099Srwatson 112101099SrwatsonMALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 113101099Srwatson 114101099Srwatsonstatic int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 115101099Srwatson struct label *vnodelabel, mode_t acc_mode); 116101099Srwatson 117101099Srwatsonstatic struct mac_biba * 118101099Srwatsonbiba_alloc(int how) 119101099Srwatson{ 120101099Srwatson struct mac_biba *mac_biba; 121101099Srwatson 122101099Srwatson mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how); 123101099Srwatson 124101099Srwatson return (mac_biba); 125101099Srwatson} 126101099Srwatson 127101099Srwatsonstatic void 128101099Srwatsonbiba_free(struct mac_biba *mac_biba) 129101099Srwatson{ 130101099Srwatson 131101099Srwatson if (mac_biba != NULL) 132101099Srwatson free(mac_biba, M_MACBIBA); 133101099Srwatson else 134101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 135101099Srwatson} 136101099Srwatson 137101099Srwatsonstatic int 138101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 139101099Srwatson struct mac_biba_element *b) 140101099Srwatson{ 141101099Srwatson 142101099Srwatson switch(a->mbe_type) { 143101099Srwatson case MAC_BIBA_TYPE_EQUAL: 144101099Srwatson case MAC_BIBA_TYPE_HIGH: 145101099Srwatson return (1); 146101099Srwatson 147101099Srwatson case MAC_BIBA_TYPE_LOW: 148101099Srwatson switch (b->mbe_type) { 149101099Srwatson case MAC_BIBA_TYPE_GRADE: 150101099Srwatson case MAC_BIBA_TYPE_HIGH: 151101099Srwatson return (0); 152101099Srwatson 153101099Srwatson case MAC_BIBA_TYPE_EQUAL: 154101099Srwatson case MAC_BIBA_TYPE_LOW: 155101099Srwatson return (1); 156101099Srwatson 157101099Srwatson default: 158101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 159101099Srwatson } 160101099Srwatson 161101099Srwatson case MAC_BIBA_TYPE_GRADE: 162101099Srwatson switch (b->mbe_type) { 163101099Srwatson case MAC_BIBA_TYPE_EQUAL: 164101099Srwatson case MAC_BIBA_TYPE_LOW: 165101099Srwatson return (1); 166101099Srwatson 167101099Srwatson case MAC_BIBA_TYPE_HIGH: 168101099Srwatson return (0); 169101099Srwatson 170101099Srwatson case MAC_BIBA_TYPE_GRADE: 171101099Srwatson return (a->mbe_grade >= b->mbe_grade); 172101099Srwatson 173101099Srwatson default: 174101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 175101099Srwatson } 176101099Srwatson 177101099Srwatson default: 178101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 179101099Srwatson } 180101099Srwatson 181101099Srwatson return (0); 182101099Srwatson} 183101099Srwatson 184101099Srwatsonstatic int 185101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 186101099Srwatson{ 187101099Srwatson 188101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 189101099Srwatson &rangea->mb_rangehigh) && 190101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 191101099Srwatson &rangeb->mb_rangelow)); 192101099Srwatson} 193101099Srwatson 194101099Srwatsonstatic int 195101099Srwatsonmac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 196101099Srwatson{ 197101099Srwatson 198101099Srwatson KASSERT((single->mb_flag & MAC_BIBA_FLAG_SINGLE) != 0, 199101099Srwatson ("mac_biba_single_in_range: a not single")); 200101099Srwatson KASSERT((range->mb_flag & MAC_BIBA_FLAG_RANGE) != 0, 201101099Srwatson ("mac_biba_single_in_range: b not range")); 202101099Srwatson 203101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 204101099Srwatson &single->mb_single) && 205101099Srwatson mac_biba_dominate_element(&single->mb_single, 206101099Srwatson &range->mb_rangelow)); 207101099Srwatson 208101099Srwatson return (1); 209101099Srwatson} 210101099Srwatson 211101099Srwatsonstatic int 212101099Srwatsonmac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 213101099Srwatson{ 214101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 215101099Srwatson ("mac_biba_dominate_single: a not single")); 216101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 217101099Srwatson ("mac_biba_dominate_single: b not single")); 218101099Srwatson 219101099Srwatson return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 220101099Srwatson} 221101099Srwatson 222101099Srwatsonstatic int 223101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 224101099Srwatson{ 225101099Srwatson 226101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 227101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 228101099Srwatson return (1); 229101099Srwatson 230101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 231101099Srwatson} 232101099Srwatson 233101099Srwatsonstatic int 234101099Srwatsonmac_biba_equal_range(struct mac_biba *a, struct mac_biba *b) 235101099Srwatson{ 236101099Srwatson 237101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 238101099Srwatson ("mac_biba_equal_range: a not range")); 239101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 240101099Srwatson ("mac_biba_equal_range: b not range")); 241101099Srwatson 242101099Srwatson return (mac_biba_equal_element(&a->mb_rangelow, &b->mb_rangelow) && 243101099Srwatson mac_biba_equal_element(&a->mb_rangehigh, &b->mb_rangehigh)); 244101099Srwatson} 245101099Srwatson 246101099Srwatsonstatic int 247101099Srwatsonmac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 248101099Srwatson{ 249101099Srwatson 250101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 251101099Srwatson ("mac_biba_equal_single: a not single")); 252101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 253101099Srwatson ("mac_biba_equal_single: b not single")); 254101099Srwatson 255101099Srwatson return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 256101099Srwatson} 257101099Srwatson 258101099Srwatsonstatic int 259101099Srwatsonmac_biba_high_single(struct mac_biba *mac_biba) 260101099Srwatson{ 261101099Srwatson 262101099Srwatson return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); 263101099Srwatson} 264101099Srwatson 265101099Srwatsonstatic int 266101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 267101099Srwatson{ 268101099Srwatson 269101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 270101099Srwatson switch (mac_biba->mb_single.mbe_type) { 271101099Srwatson case MAC_BIBA_TYPE_GRADE: 272101099Srwatson break; 273101099Srwatson 274101099Srwatson case MAC_BIBA_TYPE_EQUAL: 275101099Srwatson case MAC_BIBA_TYPE_HIGH: 276101099Srwatson case MAC_BIBA_TYPE_LOW: 277101099Srwatson if (mac_biba->mb_single.mbe_grade != 0) 278101099Srwatson return (EINVAL); 279101099Srwatson break; 280101099Srwatson 281101099Srwatson default: 282101099Srwatson return (EINVAL); 283101099Srwatson } 284101099Srwatson } else { 285101099Srwatson if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 286101099Srwatson return (EINVAL); 287101099Srwatson } 288101099Srwatson 289101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 290101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 291101099Srwatson case MAC_BIBA_TYPE_GRADE: 292101099Srwatson break; 293101099Srwatson 294101099Srwatson case MAC_BIBA_TYPE_EQUAL: 295101099Srwatson case MAC_BIBA_TYPE_HIGH: 296101099Srwatson case MAC_BIBA_TYPE_LOW: 297101099Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0) 298101099Srwatson return (EINVAL); 299101099Srwatson break; 300101099Srwatson 301101099Srwatson default: 302101099Srwatson return (EINVAL); 303101099Srwatson } 304101099Srwatson 305101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 306101099Srwatson case MAC_BIBA_TYPE_GRADE: 307101099Srwatson break; 308101099Srwatson 309101099Srwatson case MAC_BIBA_TYPE_EQUAL: 310101099Srwatson case MAC_BIBA_TYPE_HIGH: 311101099Srwatson case MAC_BIBA_TYPE_LOW: 312101099Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0) 313101099Srwatson return (EINVAL); 314101099Srwatson break; 315101099Srwatson 316101099Srwatson default: 317101099Srwatson return (EINVAL); 318101099Srwatson } 319101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 320101099Srwatson &mac_biba->mb_rangelow)) 321101099Srwatson return (EINVAL); 322101099Srwatson } else { 323101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 324101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 325101099Srwatson return (EINVAL); 326101099Srwatson } 327101099Srwatson 328101099Srwatson return (0); 329101099Srwatson} 330101099Srwatson 331101099Srwatsonstatic void 332101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 333101099Srwatson u_short gradelow, u_short typehigh, u_short gradehigh) 334101099Srwatson{ 335101099Srwatson 336101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 337101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 338101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 339101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 340101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 341101099Srwatson} 342101099Srwatson 343101099Srwatsonstatic void 344101099Srwatsonmac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) 345101099Srwatson{ 346101099Srwatson 347101099Srwatson mac_biba->mb_single.mbe_type = type; 348101099Srwatson mac_biba->mb_single.mbe_grade = grade; 349101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 350101099Srwatson} 351101099Srwatson 352101099Srwatsonstatic void 353101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 354101099Srwatson{ 355101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 356101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 357101099Srwatson 358101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 359101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 360101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 361101099Srwatson} 362101099Srwatson 363101099Srwatsonstatic void 364101099Srwatsonmac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 365101099Srwatson{ 366101099Srwatson 367101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 368101099Srwatson ("mac_biba_copy_single: labelfrom not single")); 369101099Srwatson 370101099Srwatson labelto->mb_single = labelfrom->mb_single; 371101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 372101099Srwatson} 373101099Srwatson 374101099Srwatsonstatic void 375101099Srwatsonmac_biba_copy_single_to_range(struct mac_biba *labelfrom, 376101099Srwatson struct mac_biba *labelto) 377101099Srwatson{ 378101099Srwatson 379101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 380101099Srwatson ("mac_biba_copy_single_to_range: labelfrom not single")); 381101099Srwatson 382101099Srwatson labelto->mb_rangelow = labelfrom->mb_single; 383101099Srwatson labelto->mb_rangehigh = labelfrom->mb_single; 384101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 385101099Srwatson} 386101099Srwatson 387101099Srwatson/* 388101099Srwatson * Policy module operations. 389101099Srwatson */ 390101099Srwatsonstatic void 391101099Srwatsonmac_biba_destroy(struct mac_policy_conf *conf) 392101099Srwatson{ 393101099Srwatson 394101099Srwatson} 395101099Srwatson 396101099Srwatsonstatic void 397101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 398101099Srwatson{ 399101099Srwatson 400101099Srwatson} 401101099Srwatson 402101099Srwatson/* 403101099Srwatson * Label operations. 404101099Srwatson */ 405101099Srwatsonstatic void 406101099Srwatsonmac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 407101099Srwatson{ 408101099Srwatson 409101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 410101099Srwatson} 411101099Srwatson 412101099Srwatsonstatic void 413101099Srwatsonmac_biba_init_cred(struct ucred *ucred, struct label *label) 414101099Srwatson{ 415101099Srwatson 416101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 417101099Srwatson} 418101099Srwatson 419101099Srwatsonstatic void 420101099Srwatsonmac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent, 421101099Srwatson struct label *label) 422101099Srwatson{ 423101099Srwatson 424101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 425101099Srwatson} 426101099Srwatson 427101099Srwatsonstatic void 428101099Srwatsonmac_biba_init_ifnet(struct ifnet *ifnet, struct label *label) 429101099Srwatson{ 430101099Srwatson 431101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 432101099Srwatson} 433101099Srwatson 434101099Srwatsonstatic void 435101099Srwatsonmac_biba_init_ipq(struct ipq *ipq, struct label *label) 436101099Srwatson{ 437101099Srwatson 438101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 439101099Srwatson} 440101099Srwatson 441101099Srwatsonstatic int 442101099Srwatsonmac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 443101099Srwatson{ 444101099Srwatson 445101099Srwatson SLOT(label) = biba_alloc(how); 446101099Srwatson if (SLOT(label) == NULL) 447101099Srwatson return (ENOMEM); 448101099Srwatson 449101099Srwatson return (0); 450101099Srwatson} 451101099Srwatson 452101099Srwatsonstatic void 453101099Srwatsonmac_biba_init_mount(struct mount *mount, struct label *mntlabel, 454101099Srwatson struct label *fslabel) 455101099Srwatson{ 456101099Srwatson 457101099Srwatson SLOT(mntlabel) = biba_alloc(M_WAITOK); 458101099Srwatson SLOT(fslabel) = biba_alloc(M_WAITOK); 459101099Srwatson} 460101099Srwatson 461101099Srwatsonstatic void 462101099Srwatsonmac_biba_init_socket(struct socket *socket, struct label *label, 463101099Srwatson struct label *peerlabel) 464101099Srwatson{ 465101099Srwatson 466101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 467101099Srwatson SLOT(peerlabel) = biba_alloc(M_WAITOK); 468101099Srwatson} 469101099Srwatson 470101099Srwatsonstatic void 471101099Srwatsonmac_biba_init_pipe(struct pipe *pipe, struct label *label) 472101099Srwatson{ 473101099Srwatson 474101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 475101099Srwatson} 476101099Srwatson 477101099Srwatsonstatic void 478101099Srwatsonmac_biba_init_temp(struct label *label) 479101099Srwatson{ 480101099Srwatson 481101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 482101099Srwatson} 483101099Srwatson 484101099Srwatsonstatic void 485101099Srwatsonmac_biba_init_vnode(struct vnode *vp, struct label *label) 486101099Srwatson{ 487101099Srwatson 488101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 489101099Srwatson} 490101099Srwatson 491101099Srwatsonstatic void 492101099Srwatsonmac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 493101099Srwatson{ 494101099Srwatson 495101099Srwatson biba_free(SLOT(label)); 496101099Srwatson SLOT(label) = NULL; 497101099Srwatson} 498101099Srwatson 499101099Srwatsonstatic void 500101099Srwatsonmac_biba_destroy_cred(struct ucred *ucred, struct label *label) 501101099Srwatson{ 502101099Srwatson 503101099Srwatson biba_free(SLOT(label)); 504101099Srwatson SLOT(label) = NULL; 505101099Srwatson} 506101099Srwatson 507101099Srwatsonstatic void 508101099Srwatsonmac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 509101099Srwatson struct label *label) 510101099Srwatson{ 511101099Srwatson 512101099Srwatson biba_free(SLOT(label)); 513101099Srwatson SLOT(label) = NULL; 514101099Srwatson} 515101099Srwatson 516101099Srwatsonstatic void 517101099Srwatsonmac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label) 518101099Srwatson{ 519101099Srwatson 520101099Srwatson biba_free(SLOT(label)); 521101099Srwatson SLOT(label) = NULL; 522101099Srwatson} 523101099Srwatson 524101099Srwatsonstatic void 525101099Srwatsonmac_biba_destroy_ipq(struct ipq *ipq, struct label *label) 526101099Srwatson{ 527101099Srwatson 528101099Srwatson biba_free(SLOT(label)); 529101099Srwatson SLOT(label) = NULL; 530101099Srwatson} 531101099Srwatson 532101099Srwatsonstatic void 533101099Srwatsonmac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label) 534101099Srwatson{ 535101099Srwatson 536101099Srwatson biba_free(SLOT(label)); 537101099Srwatson SLOT(label) = NULL; 538101099Srwatson} 539101099Srwatson 540101099Srwatsonstatic void 541101099Srwatsonmac_biba_destroy_mount(struct mount *mount, struct label *mntlabel, 542101099Srwatson struct label *fslabel) 543101099Srwatson{ 544101099Srwatson 545101099Srwatson biba_free(SLOT(mntlabel)); 546101099Srwatson SLOT(mntlabel) = NULL; 547101099Srwatson biba_free(SLOT(fslabel)); 548101099Srwatson SLOT(fslabel) = NULL; 549101099Srwatson} 550101099Srwatson 551101099Srwatsonstatic void 552101099Srwatsonmac_biba_destroy_socket(struct socket *socket, struct label *label, 553101099Srwatson struct label *peerlabel) 554101099Srwatson{ 555101099Srwatson 556101099Srwatson biba_free(SLOT(label)); 557101099Srwatson SLOT(label) = NULL; 558101099Srwatson biba_free(SLOT(peerlabel)); 559101099Srwatson SLOT(peerlabel) = NULL; 560101099Srwatson} 561101099Srwatson 562101099Srwatsonstatic void 563101099Srwatsonmac_biba_destroy_pipe(struct pipe *pipe, struct label *label) 564101099Srwatson{ 565101099Srwatson 566101099Srwatson biba_free(SLOT(label)); 567101099Srwatson SLOT(label) = NULL; 568101099Srwatson} 569101099Srwatson 570101099Srwatsonstatic void 571101099Srwatsonmac_biba_destroy_temp(struct label *label) 572101099Srwatson{ 573101099Srwatson 574101099Srwatson biba_free(SLOT(label)); 575101099Srwatson SLOT(label) = NULL; 576101099Srwatson} 577101099Srwatson 578101099Srwatsonstatic void 579101099Srwatsonmac_biba_destroy_vnode(struct vnode *vp, struct label *label) 580101099Srwatson{ 581101099Srwatson 582101099Srwatson biba_free(SLOT(label)); 583101099Srwatson SLOT(label) = NULL; 584101099Srwatson} 585101099Srwatson 586101099Srwatsonstatic int 587101099Srwatsonmac_biba_externalize(struct label *label, struct mac *extmac) 588101099Srwatson{ 589101099Srwatson struct mac_biba *mac_biba; 590101099Srwatson 591101099Srwatson mac_biba = SLOT(label); 592101099Srwatson 593101099Srwatson if (mac_biba == NULL) { 594101099Srwatson printf("mac_biba_externalize: NULL pointer\n"); 595101099Srwatson return (0); 596101099Srwatson } 597101099Srwatson 598101099Srwatson extmac->m_biba = *mac_biba; 599101099Srwatson 600101099Srwatson return (0); 601101099Srwatson} 602101099Srwatson 603101099Srwatsonstatic int 604101099Srwatsonmac_biba_internalize(struct label *label, struct mac *extmac) 605101099Srwatson{ 606101099Srwatson struct mac_biba *mac_biba; 607101099Srwatson int error; 608101099Srwatson 609101099Srwatson mac_biba = SLOT(label); 610101099Srwatson 611101099Srwatson error = mac_biba_valid(mac_biba); 612101099Srwatson if (error) 613101099Srwatson return (error); 614101099Srwatson 615101099Srwatson *mac_biba = extmac->m_biba; 616101099Srwatson 617101099Srwatson return (0); 618101099Srwatson} 619101099Srwatson 620101099Srwatson/* 621101099Srwatson * Labeling event operations: file system objects, and things that look 622101099Srwatson * a lot like file system objects. 623101099Srwatson */ 624101099Srwatsonstatic void 625101099Srwatsonmac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 626101099Srwatson struct label *label) 627101099Srwatson{ 628101099Srwatson struct mac_biba *mac_biba; 629101099Srwatson int biba_type; 630101099Srwatson 631101099Srwatson mac_biba = SLOT(label); 632101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 633101099Srwatson strcmp(dev->si_name, "zero") == 0 || 634101099Srwatson strcmp(dev->si_name, "random") == 0 || 635101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 636101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 637101099Srwatson else 638101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 639101099Srwatson mac_biba_set_single(mac_biba, biba_type, 0); 640101099Srwatson} 641101099Srwatson 642101099Srwatsonstatic void 643101099Srwatsonmac_biba_create_devfs_directory(char *dirname, int dirnamelen, 644101099Srwatson struct devfs_dirent *devfs_dirent, struct label *label) 645101099Srwatson{ 646101099Srwatson struct mac_biba *mac_biba; 647101099Srwatson 648101099Srwatson mac_biba = SLOT(label); 649101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 650101099Srwatson} 651101099Srwatson 652101099Srwatsonstatic void 653101099Srwatsonmac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 654101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 655101099Srwatson{ 656101099Srwatson struct mac_biba *source, *dest; 657101099Srwatson 658101099Srwatson source = SLOT(direntlabel); 659101099Srwatson dest = SLOT(vnodelabel); 660101099Srwatson mac_biba_copy_single(source, dest); 661101099Srwatson} 662101099Srwatson 663101099Srwatsonstatic void 664101099Srwatsonmac_biba_create_vnode(struct ucred *cred, struct vnode *parent, 665101099Srwatson struct label *parentlabel, struct vnode *child, struct label *childlabel) 666101099Srwatson{ 667101099Srwatson struct mac_biba *source, *dest; 668101099Srwatson 669101099Srwatson source = SLOT(&cred->cr_label); 670101099Srwatson dest = SLOT(childlabel); 671101099Srwatson 672101099Srwatson mac_biba_copy_single(source, dest); 673101099Srwatson} 674101099Srwatson 675101099Srwatsonstatic void 676101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 677101099Srwatson struct label *mntlabel, struct label *fslabel) 678101099Srwatson{ 679101099Srwatson struct mac_biba *source, *dest; 680101099Srwatson 681101099Srwatson source = SLOT(&cred->cr_label); 682101099Srwatson dest = SLOT(mntlabel); 683101099Srwatson mac_biba_copy_single(source, dest); 684101099Srwatson dest = SLOT(fslabel); 685101099Srwatson mac_biba_copy_single(source, dest); 686101099Srwatson} 687101099Srwatson 688101099Srwatsonstatic void 689101099Srwatsonmac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 690101099Srwatson struct label *mntlabel, struct label *fslabel) 691101099Srwatson{ 692101099Srwatson struct mac_biba *mac_biba; 693101099Srwatson 694101099Srwatson /* Always mount root as high integrity. */ 695101099Srwatson mac_biba = SLOT(fslabel); 696101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 697101099Srwatson mac_biba = SLOT(mntlabel); 698101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 699101099Srwatson} 700101099Srwatson 701101099Srwatsonstatic void 702101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 703101099Srwatson struct label *vnodelabel, struct label *label) 704101099Srwatson{ 705101099Srwatson struct mac_biba *source, *dest; 706101099Srwatson 707101099Srwatson source = SLOT(label); 708101099Srwatson dest = SLOT(vnodelabel); 709101099Srwatson 710101099Srwatson mac_biba_copy_single(source, dest); 711101099Srwatson} 712101099Srwatson 713101099Srwatsonstatic void 714101099Srwatsonmac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 715101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 716101099Srwatson{ 717101099Srwatson struct mac_biba *source, *dest; 718101099Srwatson 719101099Srwatson source = SLOT(vnodelabel); 720101099Srwatson dest = SLOT(direntlabel); 721101099Srwatson 722101099Srwatson mac_biba_copy_single(source, dest); 723101099Srwatson} 724101099Srwatson 725101099Srwatsonstatic void 726101099Srwatsonmac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 727101099Srwatson struct ucred *cred) 728101099Srwatson{ 729101099Srwatson struct mac_biba *source, *dest; 730101099Srwatson 731101099Srwatson source = SLOT(&cred->cr_label); 732101099Srwatson dest = SLOT(vnodelabel); 733101099Srwatson 734101099Srwatson /* 735101099Srwatson * Only copy the single, not the range, since vnodes only have 736101099Srwatson * a single. 737101099Srwatson */ 738101099Srwatson mac_biba_copy_single(source, dest); 739101099Srwatson} 740101099Srwatson 741101099Srwatsonstatic int 742101099Srwatsonmac_biba_update_vnode_from_externalized(struct vnode *vp, 743101099Srwatson struct label *vnodelabel, struct mac *extmac) 744101099Srwatson{ 745101099Srwatson struct mac_biba *source, *dest; 746101099Srwatson int error; 747101099Srwatson 748101099Srwatson source = &extmac->m_biba; 749101099Srwatson dest = SLOT(vnodelabel); 750101099Srwatson 751101099Srwatson error = mac_biba_valid(source); 752101099Srwatson if (error) 753101099Srwatson return (error); 754101099Srwatson 755101099Srwatson if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 756101099Srwatson return (EINVAL); 757101099Srwatson 758101099Srwatson mac_biba_copy_single(source, dest); 759101099Srwatson 760101099Srwatson return (0); 761101099Srwatson} 762101099Srwatson 763101099Srwatsonstatic void 764101099Srwatsonmac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 765101099Srwatson struct mount *mp, struct label *fslabel) 766101099Srwatson{ 767101099Srwatson struct mac_biba *source, *dest; 768101099Srwatson 769101099Srwatson source = SLOT(fslabel); 770101099Srwatson dest = SLOT(vnodelabel); 771101099Srwatson 772101099Srwatson mac_biba_copy_single(source, dest); 773101099Srwatson} 774101099Srwatson 775101099Srwatson/* 776101099Srwatson * Labeling event operations: IPC object. 777101099Srwatson */ 778101099Srwatsonstatic void 779101099Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 780101099Srwatson struct mbuf *m, struct label *mbuflabel) 781101099Srwatson{ 782101099Srwatson struct mac_biba *source, *dest; 783101099Srwatson 784101099Srwatson source = SLOT(socketlabel); 785101099Srwatson dest = SLOT(mbuflabel); 786101099Srwatson 787101099Srwatson mac_biba_copy_single(source, dest); 788101099Srwatson} 789101099Srwatson 790101099Srwatsonstatic void 791101099Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *socket, 792101099Srwatson struct label *socketlabel) 793101099Srwatson{ 794101099Srwatson struct mac_biba *source, *dest; 795101099Srwatson 796101099Srwatson source = SLOT(&cred->cr_label); 797101099Srwatson dest = SLOT(socketlabel); 798101099Srwatson 799101099Srwatson mac_biba_copy_single(source, dest); 800101099Srwatson mac_biba_copy_single_to_range(source, dest); 801101099Srwatson} 802101099Srwatson 803101099Srwatsonstatic void 804101099Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 805101099Srwatson struct label *pipelabel) 806101099Srwatson{ 807101099Srwatson struct mac_biba *source, *dest; 808101099Srwatson 809101099Srwatson source = SLOT(&cred->cr_label); 810101099Srwatson dest = SLOT(pipelabel); 811101099Srwatson 812101099Srwatson mac_biba_copy_single(source, dest); 813101099Srwatson} 814101099Srwatson 815101099Srwatsonstatic void 816101099Srwatsonmac_biba_create_socket_from_socket(struct socket *oldsocket, 817101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 818101099Srwatson struct label *newsocketlabel) 819101099Srwatson{ 820101099Srwatson struct mac_biba *source, *dest; 821101099Srwatson 822101099Srwatson source = SLOT(oldsocketlabel); 823101099Srwatson dest = SLOT(newsocketlabel); 824101099Srwatson 825101099Srwatson mac_biba_copy_single(source, dest); 826101099Srwatson mac_biba_copy_range(source, dest); 827101099Srwatson} 828101099Srwatson 829101099Srwatsonstatic void 830101099Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 831101099Srwatson struct label *socketlabel, struct label *newlabel) 832101099Srwatson{ 833101099Srwatson struct mac_biba *source, *dest; 834101099Srwatson 835101099Srwatson source = SLOT(newlabel); 836101099Srwatson dest = SLOT(socketlabel); 837101099Srwatson 838101099Srwatson mac_biba_copy_single(source, dest); 839101099Srwatson mac_biba_copy_range(source, dest); 840101099Srwatson} 841101099Srwatson 842101099Srwatsonstatic void 843101099Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 844101099Srwatson struct label *pipelabel, struct label *newlabel) 845101099Srwatson{ 846101099Srwatson struct mac_biba *source, *dest; 847101099Srwatson 848101099Srwatson source = SLOT(newlabel); 849101099Srwatson dest = SLOT(pipelabel); 850101099Srwatson 851101099Srwatson mac_biba_copy_single(source, dest); 852101099Srwatson} 853101099Srwatson 854101099Srwatsonstatic void 855101099Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 856101099Srwatson struct socket *socket, struct label *socketpeerlabel) 857101099Srwatson{ 858101099Srwatson struct mac_biba *source, *dest; 859101099Srwatson 860101099Srwatson source = SLOT(mbuflabel); 861101099Srwatson dest = SLOT(socketpeerlabel); 862101099Srwatson 863101099Srwatson mac_biba_copy_single(source, dest); 864101099Srwatson} 865101099Srwatson 866101099Srwatson/* 867101099Srwatson * Labeling event operations: network objects. 868101099Srwatson */ 869101099Srwatsonstatic void 870101099Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 871101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 872101099Srwatson struct label *newsocketpeerlabel) 873101099Srwatson{ 874101099Srwatson struct mac_biba *source, *dest; 875101099Srwatson 876101099Srwatson source = SLOT(oldsocketlabel); 877101099Srwatson dest = SLOT(newsocketpeerlabel); 878101099Srwatson 879101099Srwatson mac_biba_copy_single(source, dest); 880101099Srwatson} 881101099Srwatson 882101099Srwatsonstatic void 883101099Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 884101099Srwatson struct label *bpflabel) 885101099Srwatson{ 886101099Srwatson struct mac_biba *source, *dest; 887101099Srwatson 888101099Srwatson source = SLOT(&cred->cr_label); 889101099Srwatson dest = SLOT(bpflabel); 890101099Srwatson 891101099Srwatson mac_biba_copy_single(source, dest); 892101099Srwatson} 893101099Srwatson 894101099Srwatsonstatic void 895101099Srwatsonmac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 896101099Srwatson{ 897101099Srwatson char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 898101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 899101099Srwatson struct mac_biba *dest; 900101099Srwatson int len, grade; 901101099Srwatson 902101099Srwatson dest = SLOT(ifnetlabel); 903101099Srwatson 904101099Srwatson if (ifnet->if_type == IFT_LOOP) { 905101099Srwatson grade = MAC_BIBA_TYPE_EQUAL; 906101099Srwatson goto set; 907101099Srwatson } 908101099Srwatson 909101099Srwatson if (trust_all_interfaces) { 910101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 911101099Srwatson goto set; 912101099Srwatson } 913101099Srwatson 914101099Srwatson grade = MAC_BIBA_TYPE_LOW; 915101099Srwatson 916101099Srwatson if (trusted_interfaces[0] == '\0' || 917101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 918101099Srwatson goto set; 919101099Srwatson 920101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 921101099Srwatson if(*p != ' ' && *p != '\t') 922101099Srwatson *q = *p; 923101099Srwatson 924101099Srwatson snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 925101099Srwatson 926101099Srwatson for (p = q = tiflist;; p++) { 927101099Srwatson if (*p == ',' || *p == '\0') { 928101099Srwatson len = p - q; 929101099Srwatson if (len < IFNAMSIZ) { 930101099Srwatson bzero(tifname, sizeof(tifname)); 931101099Srwatson bcopy(q, tifname, len); 932101099Srwatson if (strcmp(tifname, ifname) == 0) { 933101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 934101099Srwatson break; 935101099Srwatson } 936101099Srwatson } 937101099Srwatson if (*p == '\0') 938101099Srwatson break; 939101099Srwatson q = p + 1; 940101099Srwatson } 941101099Srwatson } 942101099Srwatsonset: 943101099Srwatson mac_biba_set_single(dest, grade, 0); 944101099Srwatson mac_biba_set_range(dest, grade, 0, grade, 0); 945101099Srwatson} 946101099Srwatson 947101099Srwatsonstatic void 948101099Srwatsonmac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 949101099Srwatson struct ipq *ipq, struct label *ipqlabel) 950101099Srwatson{ 951101099Srwatson struct mac_biba *source, *dest; 952101099Srwatson 953101099Srwatson source = SLOT(fragmentlabel); 954101099Srwatson dest = SLOT(ipqlabel); 955101099Srwatson 956101099Srwatson mac_biba_copy_single(source, dest); 957101099Srwatson} 958101099Srwatson 959101099Srwatsonstatic void 960101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 961101099Srwatson struct mbuf *datagram, struct label *datagramlabel) 962101099Srwatson{ 963101099Srwatson struct mac_biba *source, *dest; 964101099Srwatson 965101099Srwatson source = SLOT(ipqlabel); 966101099Srwatson dest = SLOT(datagramlabel); 967101099Srwatson 968101099Srwatson /* Just use the head, since we require them all to match. */ 969101099Srwatson mac_biba_copy_single(source, dest); 970101099Srwatson} 971101099Srwatson 972101099Srwatsonstatic void 973101099Srwatsonmac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 974101099Srwatson struct mbuf *fragment, struct label *fragmentlabel) 975101099Srwatson{ 976101099Srwatson struct mac_biba *source, *dest; 977101099Srwatson 978101099Srwatson source = SLOT(datagramlabel); 979101099Srwatson dest = SLOT(fragmentlabel); 980101099Srwatson 981101099Srwatson mac_biba_copy_single(source, dest); 982101099Srwatson} 983101099Srwatson 984101099Srwatsonstatic void 985101099Srwatsonmac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 986101099Srwatson struct label *oldmbuflabel, struct mbuf *newmbuf, 987101099Srwatson struct label *newmbuflabel) 988101099Srwatson{ 989101099Srwatson struct mac_biba *source, *dest; 990101099Srwatson 991101099Srwatson source = SLOT(oldmbuflabel); 992101099Srwatson dest = SLOT(newmbuflabel); 993101099Srwatson 994101099Srwatson mac_biba_copy_single(source, dest); 995101099Srwatson} 996101099Srwatson 997101099Srwatsonstatic void 998101099Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 999101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1000101099Srwatson{ 1001101099Srwatson struct mac_biba *dest; 1002101099Srwatson 1003101099Srwatson dest = SLOT(mbuflabel); 1004101099Srwatson 1005101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1006101099Srwatson} 1007101099Srwatson 1008101099Srwatsonstatic void 1009101099Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1010101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1011101099Srwatson{ 1012101099Srwatson struct mac_biba *source, *dest; 1013101099Srwatson 1014101099Srwatson source = SLOT(bpflabel); 1015101099Srwatson dest = SLOT(mbuflabel); 1016101099Srwatson 1017101099Srwatson mac_biba_copy_single(source, dest); 1018101099Srwatson} 1019101099Srwatson 1020101099Srwatsonstatic void 1021101099Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1022101099Srwatson struct mbuf *m, struct label *mbuflabel) 1023101099Srwatson{ 1024101099Srwatson struct mac_biba *source, *dest; 1025101099Srwatson 1026101099Srwatson source = SLOT(ifnetlabel); 1027101099Srwatson dest = SLOT(mbuflabel); 1028101099Srwatson 1029101099Srwatson mac_biba_copy_single(source, dest); 1030101099Srwatson} 1031101099Srwatson 1032101099Srwatsonstatic void 1033101099Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1034101099Srwatson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1035101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1036101099Srwatson{ 1037101099Srwatson struct mac_biba *source, *dest; 1038101099Srwatson 1039101099Srwatson source = SLOT(oldmbuflabel); 1040101099Srwatson dest = SLOT(newmbuflabel); 1041101099Srwatson 1042101099Srwatson mac_biba_copy_single(source, dest); 1043101099Srwatson} 1044101099Srwatson 1045101099Srwatsonstatic void 1046101099Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1047101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1048101099Srwatson{ 1049101099Srwatson struct mac_biba *source, *dest; 1050101099Srwatson 1051101099Srwatson source = SLOT(oldmbuflabel); 1052101099Srwatson dest = SLOT(newmbuflabel); 1053101099Srwatson 1054101099Srwatson mac_biba_copy_single(source, dest); 1055101099Srwatson} 1056101099Srwatson 1057101099Srwatsonstatic int 1058101099Srwatsonmac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1059101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1060101099Srwatson{ 1061101099Srwatson struct mac_biba *a, *b; 1062101099Srwatson 1063101099Srwatson a = SLOT(ipqlabel); 1064101099Srwatson b = SLOT(fragmentlabel); 1065101099Srwatson 1066101099Srwatson return (mac_biba_equal_single(a, b)); 1067101099Srwatson} 1068101099Srwatson 1069101099Srwatsonstatic void 1070101099Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1071101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1072101099Srwatson{ 1073101099Srwatson struct mac_biba *source, *dest; 1074101099Srwatson 1075101099Srwatson source = SLOT(newlabel); 1076101099Srwatson dest = SLOT(ifnetlabel); 1077101099Srwatson 1078101099Srwatson mac_biba_copy_single(source, dest); 1079101099Srwatson mac_biba_copy_range(source, dest); 1080101099Srwatson} 1081101099Srwatson 1082101099Srwatsonstatic void 1083101099Srwatsonmac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1084101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1085101099Srwatson{ 1086101099Srwatson 1087101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1088101099Srwatson} 1089101099Srwatson 1090101099Srwatson/* 1091101099Srwatson * Labeling event operations: processes. 1092101099Srwatson */ 1093101099Srwatsonstatic void 1094101099Srwatsonmac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1095101099Srwatson{ 1096101099Srwatson struct mac_biba *source, *dest; 1097101099Srwatson 1098101099Srwatson source = SLOT(&cred_parent->cr_label); 1099101099Srwatson dest = SLOT(&cred_child->cr_label); 1100101099Srwatson 1101101099Srwatson mac_biba_copy_single(source, dest); 1102101099Srwatson mac_biba_copy_range(source, dest); 1103101099Srwatson} 1104101099Srwatson 1105101099Srwatsonstatic void 1106101099Srwatsonmac_biba_execve_transition(struct ucred *old, struct ucred *new, 1107101099Srwatson struct vnode *vp, struct mac *vnodelabel) 1108101099Srwatson{ 1109101099Srwatson struct mac_biba *source, *dest; 1110101099Srwatson 1111101099Srwatson source = SLOT(&old->cr_label); 1112101099Srwatson dest = SLOT(&new->cr_label); 1113101099Srwatson 1114101099Srwatson mac_biba_copy_single(source, dest); 1115101099Srwatson mac_biba_copy_range(source, dest); 1116101099Srwatson} 1117101099Srwatson 1118101099Srwatsonstatic int 1119101099Srwatsonmac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1120101099Srwatson struct mac *vnodelabel) 1121101099Srwatson{ 1122101099Srwatson 1123101099Srwatson return (0); 1124101099Srwatson} 1125101099Srwatson 1126101099Srwatsonstatic void 1127101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 1128101099Srwatson{ 1129101099Srwatson struct mac_biba *dest; 1130101099Srwatson 1131101099Srwatson dest = SLOT(&cred->cr_label); 1132101099Srwatson 1133101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1134101099Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1135101099Srwatson} 1136101099Srwatson 1137101099Srwatsonstatic void 1138101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 1139101099Srwatson{ 1140101099Srwatson struct mac_biba *dest; 1141101099Srwatson 1142101099Srwatson dest = SLOT(&cred->cr_label); 1143101099Srwatson 1144101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); 1145101099Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1146101099Srwatson} 1147101099Srwatson 1148101099Srwatsonstatic void 1149101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1150101099Srwatson{ 1151101099Srwatson struct mac_biba *source, *dest; 1152101099Srwatson 1153101099Srwatson source = SLOT(newlabel); 1154101099Srwatson dest = SLOT(&cred->cr_label); 1155101099Srwatson 1156101099Srwatson mac_biba_copy_single(source, dest); 1157101099Srwatson mac_biba_copy_range(source, dest); 1158101099Srwatson} 1159101099Srwatson 1160101099Srwatson/* 1161101099Srwatson * Access control checks. 1162101099Srwatson */ 1163101099Srwatsonstatic int 1164101099Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1165101099Srwatson struct ifnet *ifnet, struct label *ifnetlabel) 1166101099Srwatson{ 1167101099Srwatson struct mac_biba *a, *b; 1168101099Srwatson 1169101099Srwatson if (!mac_biba_enabled) 1170101099Srwatson return (0); 1171101099Srwatson 1172101099Srwatson a = SLOT(bpflabel); 1173101099Srwatson b = SLOT(ifnetlabel); 1174101099Srwatson 1175101099Srwatson if (mac_biba_equal_single(a, b)) 1176101099Srwatson return (0); 1177101099Srwatson return (EACCES); 1178101099Srwatson} 1179101099Srwatson 1180101099Srwatsonstatic int 1181101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1182101099Srwatson{ 1183101099Srwatson struct mac_biba *subj, *new; 1184101099Srwatson 1185101099Srwatson subj = SLOT(&cred->cr_label); 1186101099Srwatson new = SLOT(newlabel); 1187101099Srwatson 1188101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1189101099Srwatson return (EINVAL); 1190101099Srwatson 1191101099Srwatson /* 1192101099Srwatson * XXX: Allow processes with root privilege to set labels outside 1193101099Srwatson * their range, so suid things like "su" work. This WILL go away 1194101099Srwatson * when we figure out the 'correct' solution... 1195101099Srwatson */ 1196101099Srwatson if (!suser_cred(cred, 0)) 1197101099Srwatson return (0); 1198101099Srwatson 1199101099Srwatson /* 1200101099Srwatson * The new single must be in the old range. 1201101099Srwatson */ 1202101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1203101099Srwatson return (EPERM); 1204101099Srwatson 1205101099Srwatson /* 1206101099Srwatson * The new range must be in the old range. 1207101099Srwatson */ 1208101099Srwatson if (!mac_biba_range_in_range(new, subj)) 1209101099Srwatson return (EPERM); 1210101099Srwatson 1211101099Srwatson /* 1212101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1213101099Srwatson */ 1214101099Srwatson 1215101099Srwatson return (0); 1216101099Srwatson} 1217101099Srwatson 1218101099Srwatsonstatic int 1219101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1220101099Srwatson{ 1221101099Srwatson struct mac_biba *subj, *obj; 1222101099Srwatson 1223101099Srwatson if (!mac_biba_enabled) 1224101099Srwatson return (0); 1225101099Srwatson 1226101099Srwatson subj = SLOT(&u1->cr_label); 1227101099Srwatson obj = SLOT(&u2->cr_label); 1228101099Srwatson 1229101099Srwatson /* XXX: range */ 1230101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1231101099Srwatson return (ESRCH); 1232101099Srwatson 1233101099Srwatson return (0); 1234101099Srwatson} 1235101099Srwatson 1236101099Srwatsonstatic int 1237101099Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1238101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1239101099Srwatson{ 1240101099Srwatson struct mac_biba *subj, *new; 1241101099Srwatson 1242101099Srwatson subj = SLOT(&cred->cr_label); 1243101099Srwatson new = SLOT(newlabel); 1244101099Srwatson 1245101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1246101099Srwatson return (EINVAL); 1247101099Srwatson 1248101099Srwatson /* 1249101099Srwatson * XXX: Only Biba HIGH subjects may relabel interfaces. */ 1250101099Srwatson if (!mac_biba_high_single(subj)) 1251101099Srwatson return (EPERM); 1252101099Srwatson 1253101099Srwatson return (suser_cred(cred, 0)); 1254101099Srwatson} 1255101099Srwatson 1256101099Srwatsonstatic int 1257101099Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1258101099Srwatson struct mbuf *m, struct label *mbuflabel) 1259101099Srwatson{ 1260101099Srwatson struct mac_biba *p, *i; 1261101099Srwatson 1262101099Srwatson if (!mac_biba_enabled) 1263101099Srwatson return (0); 1264101099Srwatson 1265101099Srwatson p = SLOT(mbuflabel); 1266101099Srwatson i = SLOT(ifnetlabel); 1267101099Srwatson 1268101099Srwatson return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1269101099Srwatson} 1270101099Srwatson 1271101099Srwatsonstatic int 1272101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1273101099Srwatson struct label *mntlabel) 1274101099Srwatson{ 1275101099Srwatson struct mac_biba *subj, *obj; 1276101099Srwatson 1277101099Srwatson if (!mac_biba_enabled) 1278101099Srwatson return (0); 1279101099Srwatson 1280101099Srwatson subj = SLOT(&cred->cr_label); 1281101099Srwatson obj = SLOT(mntlabel); 1282101099Srwatson 1283101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1284101099Srwatson return (EACCES); 1285101099Srwatson 1286101099Srwatson return (0); 1287101099Srwatson} 1288101099Srwatson 1289101099Srwatsonstatic int 1290101099Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1291101099Srwatson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1292101099Srwatson{ 1293101099Srwatson 1294101099Srwatson if(!mac_biba_enabled) 1295101099Srwatson return (0); 1296101099Srwatson 1297101099Srwatson /* XXX: This will be implemented soon... */ 1298101099Srwatson 1299101099Srwatson return (0); 1300101099Srwatson} 1301101099Srwatson 1302101099Srwatsonstatic int 1303102115Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1304102115Srwatson struct label *pipelabel) 1305101099Srwatson{ 1306101099Srwatson struct mac_biba *subj, *obj; 1307101099Srwatson 1308101099Srwatson if (!mac_biba_enabled) 1309101099Srwatson return (0); 1310101099Srwatson 1311101099Srwatson subj = SLOT(&cred->cr_label); 1312101099Srwatson obj = SLOT((pipelabel)); 1313101099Srwatson 1314102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1315102115Srwatson return (EACCES); 1316101099Srwatson 1317101099Srwatson return (0); 1318101099Srwatson} 1319101099Srwatson 1320101099Srwatsonstatic int 1321102115Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1322102115Srwatson struct label *pipelabel) 1323102115Srwatson{ 1324102115Srwatson struct mac_biba *subj, *obj; 1325102115Srwatson 1326102115Srwatson if (!mac_biba_enabled) 1327102115Srwatson return (0); 1328102115Srwatson 1329102115Srwatson subj = SLOT(&cred->cr_label); 1330102115Srwatson obj = SLOT((pipelabel)); 1331102115Srwatson 1332102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1333102115Srwatson return (EACCES); 1334102115Srwatson 1335102115Srwatson return (0); 1336102115Srwatson} 1337102115Srwatson 1338102115Srwatsonstatic int 1339101099Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1340101099Srwatson struct label *pipelabel, struct label *newlabel) 1341101099Srwatson{ 1342101099Srwatson struct mac_biba *subj, *obj, *new; 1343101099Srwatson 1344101099Srwatson new = SLOT(newlabel); 1345101099Srwatson subj = SLOT(&cred->cr_label); 1346101099Srwatson obj = SLOT(pipelabel); 1347101099Srwatson 1348101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1349101099Srwatson return (EINVAL); 1350101099Srwatson 1351101099Srwatson /* 1352101099Srwatson * To relabel a pipe, the old pipe label must be in the subject 1353101099Srwatson * range. 1354101099Srwatson */ 1355101099Srwatson if (!mac_biba_single_in_range(obj, subj)) 1356101099Srwatson return (EPERM); 1357101099Srwatson 1358101099Srwatson /* 1359101099Srwatson * To relabel a pipe, the new pipe label must be in the subject 1360101099Srwatson * range. 1361101099Srwatson */ 1362101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1363101099Srwatson return (EPERM); 1364101099Srwatson 1365101099Srwatson /* 1366101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1367101099Srwatson */ 1368101099Srwatson 1369101099Srwatson return (0); 1370101099Srwatson} 1371101099Srwatson 1372101099Srwatsonstatic int 1373102115Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1374102115Srwatson struct label *pipelabel) 1375102115Srwatson{ 1376102115Srwatson struct mac_biba *subj, *obj; 1377102115Srwatson 1378102115Srwatson if (!mac_biba_enabled) 1379102115Srwatson return (0); 1380102115Srwatson 1381102115Srwatson subj = SLOT(&cred->cr_label); 1382102115Srwatson obj = SLOT((pipelabel)); 1383102115Srwatson 1384102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1385102115Srwatson return (EACCES); 1386102115Srwatson 1387102115Srwatson return (0); 1388102115Srwatson} 1389102115Srwatson 1390102115Srwatsonstatic int 1391102115Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1392102115Srwatson struct label *pipelabel) 1393102115Srwatson{ 1394102115Srwatson struct mac_biba *subj, *obj; 1395102115Srwatson 1396102115Srwatson if (!mac_biba_enabled) 1397102115Srwatson return (0); 1398102115Srwatson 1399102115Srwatson subj = SLOT(&cred->cr_label); 1400102115Srwatson obj = SLOT((pipelabel)); 1401102115Srwatson 1402102115Srwatson if (!mac_biba_dominate_single(subj, obj)) 1403102115Srwatson return (EACCES); 1404102115Srwatson 1405102115Srwatson return (0); 1406102115Srwatson} 1407102115Srwatson 1408102115Srwatsonstatic int 1409101099Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1410101099Srwatson{ 1411101099Srwatson struct mac_biba *subj, *obj; 1412101099Srwatson 1413101099Srwatson if (!mac_biba_enabled) 1414101099Srwatson return (0); 1415101099Srwatson 1416101099Srwatson subj = SLOT(&cred->cr_label); 1417101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1418101099Srwatson 1419101099Srwatson /* XXX: range checks */ 1420101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1421101099Srwatson return (ESRCH); 1422101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1423101099Srwatson return (EACCES); 1424101099Srwatson 1425101099Srwatson return (0); 1426101099Srwatson} 1427101099Srwatson 1428101099Srwatsonstatic int 1429101099Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1430101099Srwatson{ 1431101099Srwatson struct mac_biba *subj, *obj; 1432101099Srwatson 1433101099Srwatson if (!mac_biba_enabled) 1434101099Srwatson return (0); 1435101099Srwatson 1436101099Srwatson subj = SLOT(&cred->cr_label); 1437101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1438101099Srwatson 1439101099Srwatson /* XXX: range checks */ 1440101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1441101099Srwatson return (ESRCH); 1442101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1443101099Srwatson return (EACCES); 1444101099Srwatson 1445101099Srwatson return (0); 1446101099Srwatson} 1447101099Srwatson 1448101099Srwatsonstatic int 1449101099Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1450101099Srwatson{ 1451101099Srwatson struct mac_biba *subj, *obj; 1452101099Srwatson 1453101099Srwatson if (!mac_biba_enabled) 1454101099Srwatson return (0); 1455101099Srwatson 1456101099Srwatson subj = SLOT(&cred->cr_label); 1457101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1458101099Srwatson 1459101099Srwatson /* XXX: range checks */ 1460101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1461101099Srwatson return (ESRCH); 1462101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1463101099Srwatson return (EACCES); 1464101099Srwatson 1465101099Srwatson return (0); 1466101099Srwatson} 1467101099Srwatson 1468101099Srwatsonstatic int 1469101934Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1470101099Srwatson struct mbuf *m, struct label *mbuflabel) 1471101099Srwatson{ 1472101099Srwatson struct mac_biba *p, *s; 1473101099Srwatson 1474101099Srwatson if (!mac_biba_enabled) 1475101099Srwatson return (0); 1476101099Srwatson 1477101099Srwatson p = SLOT(mbuflabel); 1478101099Srwatson s = SLOT(socketlabel); 1479101099Srwatson 1480101099Srwatson return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1481101099Srwatson} 1482101099Srwatson 1483101099Srwatsonstatic int 1484101099Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, 1485101099Srwatson struct label *socketlabel, struct label *newlabel) 1486101099Srwatson{ 1487101099Srwatson struct mac_biba *subj, *obj, *new; 1488101099Srwatson 1489101099Srwatson new = SLOT(newlabel); 1490101099Srwatson subj = SLOT(&cred->cr_label); 1491101099Srwatson obj = SLOT(socketlabel); 1492101099Srwatson 1493101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1494101099Srwatson return (EINVAL); 1495101099Srwatson 1496101099Srwatson /* 1497101099Srwatson * To relabel a socket, the old socket label must be in the subject 1498101099Srwatson * range. 1499101099Srwatson */ 1500101099Srwatson if (!mac_biba_single_in_range(obj, subj)) 1501101099Srwatson return (EPERM); 1502101099Srwatson 1503101099Srwatson /* 1504101099Srwatson * To relabel a socket, the new socket label must be in the subject 1505101099Srwatson * range. 1506101099Srwatson */ 1507101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1508101099Srwatson return (EPERM); 1509101099Srwatson 1510101099Srwatson /* 1511101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1512101099Srwatson */ 1513101099Srwatson 1514101099Srwatson return (0); 1515101099Srwatson} 1516101099Srwatson 1517101099Srwatsonstatic int 1518101099Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1519101099Srwatson struct label *socketlabel) 1520101099Srwatson{ 1521101099Srwatson struct mac_biba *subj, *obj; 1522101099Srwatson 1523101099Srwatson subj = SLOT(&cred->cr_label); 1524101099Srwatson obj = SLOT(socketlabel); 1525101099Srwatson 1526101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1527101099Srwatson return (ENOENT); 1528101099Srwatson 1529101099Srwatson return (0); 1530101099Srwatson} 1531101099Srwatson 1532101099Srwatsonstatic int 1533101099Srwatsonmac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp, 1534101099Srwatson struct label *label, mode_t flags) 1535101099Srwatson{ 1536101099Srwatson 1537101099Srwatson return (mac_biba_check_vnode_open(cred, vp, label, flags)); 1538101099Srwatson} 1539101099Srwatson 1540101099Srwatsonstatic int 1541101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1542101099Srwatson struct label *dlabel) 1543101099Srwatson{ 1544101099Srwatson struct mac_biba *subj, *obj; 1545101099Srwatson 1546101099Srwatson if (!mac_biba_enabled) 1547101099Srwatson return (0); 1548101099Srwatson 1549101099Srwatson subj = SLOT(&cred->cr_label); 1550101099Srwatson obj = SLOT(dlabel); 1551101099Srwatson 1552101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1553101099Srwatson return (EACCES); 1554101099Srwatson 1555101099Srwatson return (0); 1556101099Srwatson} 1557101099Srwatson 1558101099Srwatsonstatic int 1559101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1560101099Srwatson struct label *dlabel) 1561101099Srwatson{ 1562101099Srwatson struct mac_biba *subj, *obj; 1563101099Srwatson 1564101099Srwatson if (!mac_biba_enabled) 1565101099Srwatson return (0); 1566101099Srwatson 1567101099Srwatson subj = SLOT(&cred->cr_label); 1568101099Srwatson obj = SLOT(dlabel); 1569101099Srwatson 1570101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1571101099Srwatson return (EACCES); 1572101099Srwatson 1573101099Srwatson return (0); 1574101099Srwatson} 1575101099Srwatson 1576101099Srwatsonstatic int 1577101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1578101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1579101099Srwatson{ 1580101099Srwatson struct mac_biba *subj, *obj; 1581101099Srwatson 1582101099Srwatson if (!mac_biba_enabled) 1583101099Srwatson return (0); 1584101099Srwatson 1585101099Srwatson subj = SLOT(&cred->cr_label); 1586101099Srwatson obj = SLOT(dlabel); 1587101099Srwatson 1588101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1589101099Srwatson return (EACCES); 1590101099Srwatson 1591101099Srwatson return (0); 1592101099Srwatson} 1593101099Srwatson 1594101099Srwatsonstatic int 1595101099Srwatsonmac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1596101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1597101099Srwatson struct componentname *cnp) 1598101099Srwatson{ 1599101099Srwatson struct mac_biba *subj, *obj; 1600101099Srwatson 1601101099Srwatson if (!mac_biba_enabled) 1602101099Srwatson return (0); 1603101099Srwatson 1604101099Srwatson subj = SLOT(&cred->cr_label); 1605101099Srwatson obj = SLOT(dlabel); 1606101099Srwatson 1607101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1608101099Srwatson return (EACCES); 1609101099Srwatson 1610101099Srwatson obj = SLOT(label); 1611101099Srwatson 1612101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1613101099Srwatson return (EACCES); 1614101099Srwatson 1615101099Srwatson return (0); 1616101099Srwatson} 1617101099Srwatson 1618101099Srwatsonstatic int 1619101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1620101099Srwatson struct label *label, acl_type_t type) 1621101099Srwatson{ 1622101099Srwatson struct mac_biba *subj, *obj; 1623101099Srwatson 1624101099Srwatson if (!mac_biba_enabled) 1625101099Srwatson return (0); 1626101099Srwatson 1627101099Srwatson subj = SLOT(&cred->cr_label); 1628101099Srwatson obj = SLOT(label); 1629101099Srwatson 1630101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1631101099Srwatson return (EACCES); 1632101099Srwatson 1633101099Srwatson return (0); 1634101099Srwatson} 1635101099Srwatson 1636101099Srwatsonstatic int 1637101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1638101099Srwatson struct label *label) 1639101099Srwatson{ 1640101099Srwatson struct mac_biba *subj, *obj; 1641101099Srwatson 1642101099Srwatson if (!mac_biba_enabled) 1643101099Srwatson return (0); 1644101099Srwatson 1645101099Srwatson subj = SLOT(&cred->cr_label); 1646101099Srwatson obj = SLOT(label); 1647101099Srwatson 1648101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1649101099Srwatson return (EACCES); 1650101099Srwatson 1651101099Srwatson return (0); 1652101099Srwatson} 1653101099Srwatson 1654101099Srwatsonstatic int 1655101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1656101099Srwatson struct label *label, acl_type_t type) 1657101099Srwatson{ 1658101099Srwatson struct mac_biba *subj, *obj; 1659101099Srwatson 1660101099Srwatson if (!mac_biba_enabled) 1661101099Srwatson return (0); 1662101099Srwatson 1663101099Srwatson subj = SLOT(&cred->cr_label); 1664101099Srwatson obj = SLOT(label); 1665101099Srwatson 1666101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1667101099Srwatson return (EACCES); 1668101099Srwatson 1669101099Srwatson return (0); 1670101099Srwatson} 1671101099Srwatson 1672101099Srwatsonstatic int 1673101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1674101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 1675101099Srwatson{ 1676101099Srwatson struct mac_biba *subj, *obj; 1677101099Srwatson 1678101099Srwatson if (!mac_biba_enabled) 1679101099Srwatson return (0); 1680101099Srwatson 1681101099Srwatson subj = SLOT(&cred->cr_label); 1682101099Srwatson obj = SLOT(label); 1683101099Srwatson 1684101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1685101099Srwatson return (EACCES); 1686101099Srwatson 1687101099Srwatson return (0); 1688101099Srwatson} 1689101099Srwatson 1690101099Srwatsonstatic int 1691101099Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1692101099Srwatson struct label *dlabel, struct componentname *cnp) 1693101099Srwatson{ 1694101099Srwatson struct mac_biba *subj, *obj; 1695101099Srwatson 1696101099Srwatson if (!mac_biba_enabled) 1697101099Srwatson return (0); 1698101099Srwatson 1699101099Srwatson subj = SLOT(&cred->cr_label); 1700101099Srwatson obj = SLOT(dlabel); 1701101099Srwatson 1702101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1703101099Srwatson return (EACCES); 1704101099Srwatson 1705101099Srwatson return (0); 1706101099Srwatson} 1707101099Srwatson 1708101099Srwatsonstatic int 1709101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 1710101099Srwatson struct label *vnodelabel, mode_t acc_mode) 1711101099Srwatson{ 1712101099Srwatson struct mac_biba *subj, *obj; 1713101099Srwatson 1714101099Srwatson if (!mac_biba_enabled) 1715101099Srwatson return (0); 1716101099Srwatson 1717101099Srwatson subj = SLOT(&cred->cr_label); 1718101099Srwatson obj = SLOT(vnodelabel); 1719101099Srwatson 1720101099Srwatson /* XXX privilege override for admin? */ 1721101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 1722101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1723101099Srwatson return (EACCES); 1724101099Srwatson } 1725101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 1726101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1727101099Srwatson return (EACCES); 1728101099Srwatson } 1729101099Srwatson 1730101099Srwatson return (0); 1731101099Srwatson} 1732101099Srwatson 1733101099Srwatsonstatic int 1734102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1735102129Srwatson struct vnode *vp, struct label *label) 1736102112Srwatson{ 1737102112Srwatson struct mac_biba *subj, *obj; 1738102112Srwatson 1739102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1740102112Srwatson return (0); 1741102112Srwatson 1742102129Srwatson subj = SLOT(&active_cred->cr_label); 1743102112Srwatson obj = SLOT(label); 1744102112Srwatson 1745102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 1746102112Srwatson return (EACCES); 1747102112Srwatson 1748102112Srwatson return (0); 1749102112Srwatson} 1750102112Srwatson 1751102112Srwatsonstatic int 1752102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1753102129Srwatson struct vnode *vp, struct label *label) 1754102112Srwatson{ 1755102112Srwatson struct mac_biba *subj, *obj; 1756102112Srwatson 1757102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1758102112Srwatson return (0); 1759102112Srwatson 1760102129Srwatson subj = SLOT(&active_cred->cr_label); 1761102112Srwatson obj = SLOT(label); 1762102112Srwatson 1763102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 1764102112Srwatson return (EACCES); 1765102112Srwatson 1766102112Srwatson return (0); 1767102112Srwatson} 1768102112Srwatson 1769102112Srwatsonstatic int 1770101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 1771101099Srwatson struct label *dlabel) 1772101099Srwatson{ 1773101099Srwatson struct mac_biba *subj, *obj; 1774101099Srwatson 1775101099Srwatson if (!mac_biba_enabled) 1776101099Srwatson return (0); 1777101099Srwatson 1778101099Srwatson subj = SLOT(&cred->cr_label); 1779101099Srwatson obj = SLOT(dlabel); 1780101099Srwatson 1781101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1782101099Srwatson return (EACCES); 1783101099Srwatson 1784101099Srwatson return (0); 1785101099Srwatson} 1786101099Srwatson 1787101099Srwatsonstatic int 1788101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1789101099Srwatson struct label *label) 1790101099Srwatson{ 1791101099Srwatson struct mac_biba *subj, *obj; 1792101099Srwatson 1793101099Srwatson if (!mac_biba_enabled) 1794101099Srwatson return (0); 1795101099Srwatson 1796101099Srwatson subj = SLOT(&cred->cr_label); 1797101099Srwatson obj = SLOT(label); 1798101099Srwatson 1799101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1800101099Srwatson return (EACCES); 1801101099Srwatson 1802101099Srwatson return (0); 1803101099Srwatson} 1804101099Srwatson 1805101099Srwatsonstatic int 1806101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1807101099Srwatson struct label *vnodelabel, struct label *newlabel) 1808101099Srwatson{ 1809101099Srwatson struct mac_biba *old, *new, *subj; 1810101099Srwatson 1811101099Srwatson old = SLOT(vnodelabel); 1812101099Srwatson new = SLOT(newlabel); 1813101099Srwatson subj = SLOT(&cred->cr_label); 1814101099Srwatson 1815101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1816101099Srwatson return (EINVAL); 1817101099Srwatson 1818101099Srwatson /* 1819101099Srwatson * To relabel a vnode, the old vnode label must be in the subject 1820101099Srwatson * range. 1821101099Srwatson */ 1822101099Srwatson if (!mac_biba_single_in_range(old, subj)) 1823101099Srwatson return (EPERM); 1824101099Srwatson 1825101099Srwatson /* 1826101099Srwatson * To relabel a vnode, the new vnode label must be in the subject 1827101099Srwatson * range. 1828101099Srwatson */ 1829101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1830101099Srwatson return (EPERM); 1831101099Srwatson 1832101099Srwatson /* 1833101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1834101099Srwatson */ 1835101099Srwatson 1836101099Srwatson return (suser_cred(cred, 0)); 1837101099Srwatson} 1838101099Srwatson 1839101099Srwatsonstatic int 1840101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1841101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1842101099Srwatson struct componentname *cnp) 1843101099Srwatson{ 1844101099Srwatson struct mac_biba *subj, *obj; 1845101099Srwatson 1846101099Srwatson if (!mac_biba_enabled) 1847101099Srwatson return (0); 1848101099Srwatson 1849101099Srwatson subj = SLOT(&cred->cr_label); 1850101099Srwatson obj = SLOT(dlabel); 1851101099Srwatson 1852101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1853101099Srwatson return (EACCES); 1854101099Srwatson 1855101099Srwatson obj = SLOT(label); 1856101099Srwatson 1857101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1858101099Srwatson return (EACCES); 1859101099Srwatson 1860101099Srwatson return (0); 1861101099Srwatson} 1862101099Srwatson 1863101099Srwatsonstatic int 1864101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1865101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1866101099Srwatson struct componentname *cnp) 1867101099Srwatson{ 1868101099Srwatson struct mac_biba *subj, *obj; 1869101099Srwatson 1870101099Srwatson if (!mac_biba_enabled) 1871101099Srwatson return (0); 1872101099Srwatson 1873101099Srwatson subj = SLOT(&cred->cr_label); 1874101099Srwatson obj = SLOT(dlabel); 1875101099Srwatson 1876101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1877101099Srwatson return (EACCES); 1878101099Srwatson 1879101099Srwatson if (vp != NULL) { 1880101099Srwatson obj = SLOT(label); 1881101099Srwatson 1882101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1883101099Srwatson return (EACCES); 1884101099Srwatson } 1885101099Srwatson 1886101099Srwatson return (0); 1887101099Srwatson} 1888101099Srwatson 1889101099Srwatsonstatic int 1890101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1891101099Srwatson struct label *label) 1892101099Srwatson{ 1893101099Srwatson struct mac_biba *subj, *obj; 1894101099Srwatson 1895101099Srwatson if (!mac_biba_enabled) 1896101099Srwatson return (0); 1897101099Srwatson 1898101099Srwatson subj = SLOT(&cred->cr_label); 1899101099Srwatson obj = SLOT(label); 1900101099Srwatson 1901101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1902101099Srwatson return (EACCES); 1903101099Srwatson 1904101099Srwatson return (0); 1905101099Srwatson} 1906101099Srwatson 1907101099Srwatsonstatic int 1908101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1909101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 1910101099Srwatson{ 1911101099Srwatson struct mac_biba *subj, *obj; 1912101099Srwatson 1913101099Srwatson if (!mac_biba_enabled) 1914101099Srwatson return (0); 1915101099Srwatson 1916101099Srwatson subj = SLOT(&cred->cr_label); 1917101099Srwatson obj = SLOT(label); 1918101099Srwatson 1919101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1920101099Srwatson return (EACCES); 1921101099Srwatson 1922101099Srwatson return (0); 1923101099Srwatson} 1924101099Srwatson 1925101099Srwatsonstatic int 1926101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1927101099Srwatson struct label *vnodelabel, int attrnamespace, const char *name, 1928101099Srwatson struct uio *uio) 1929101099Srwatson{ 1930101099Srwatson struct mac_biba *subj, *obj; 1931101099Srwatson 1932101099Srwatson if (!mac_biba_enabled) 1933101099Srwatson return (0); 1934101099Srwatson 1935101099Srwatson subj = SLOT(&cred->cr_label); 1936101099Srwatson obj = SLOT(vnodelabel); 1937101099Srwatson 1938101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1939101099Srwatson return (EACCES); 1940101099Srwatson 1941101099Srwatson /* XXX: protect the MAC EA in a special way? */ 1942101099Srwatson 1943101099Srwatson return (0); 1944101099Srwatson} 1945101099Srwatson 1946101099Srwatsonstatic int 1947101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1948101099Srwatson struct label *vnodelabel, u_long flags) 1949101099Srwatson{ 1950101099Srwatson struct mac_biba *subj, *obj; 1951101099Srwatson 1952101099Srwatson if (!mac_biba_enabled) 1953101099Srwatson return (0); 1954101099Srwatson 1955101099Srwatson subj = SLOT(&cred->cr_label); 1956101099Srwatson obj = SLOT(vnodelabel); 1957101099Srwatson 1958101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1959101099Srwatson return (EACCES); 1960101099Srwatson 1961101099Srwatson return (0); 1962101099Srwatson} 1963101099Srwatson 1964101099Srwatsonstatic int 1965101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1966101099Srwatson struct label *vnodelabel, mode_t mode) 1967101099Srwatson{ 1968101099Srwatson struct mac_biba *subj, *obj; 1969101099Srwatson 1970101099Srwatson if (!mac_biba_enabled) 1971101099Srwatson return (0); 1972101099Srwatson 1973101099Srwatson subj = SLOT(&cred->cr_label); 1974101099Srwatson obj = SLOT(vnodelabel); 1975101099Srwatson 1976101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1977101099Srwatson return (EACCES); 1978101099Srwatson 1979101099Srwatson return (0); 1980101099Srwatson} 1981101099Srwatson 1982101099Srwatsonstatic int 1983101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1984101099Srwatson struct label *vnodelabel, uid_t uid, gid_t gid) 1985101099Srwatson{ 1986101099Srwatson struct mac_biba *subj, *obj; 1987101099Srwatson 1988101099Srwatson if (!mac_biba_enabled) 1989101099Srwatson return (0); 1990101099Srwatson 1991101099Srwatson subj = SLOT(&cred->cr_label); 1992101099Srwatson obj = SLOT(vnodelabel); 1993101099Srwatson 1994101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1995101099Srwatson return (EACCES); 1996101099Srwatson 1997101099Srwatson return (0); 1998101099Srwatson} 1999101099Srwatson 2000101099Srwatsonstatic int 2001101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2002101099Srwatson struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2003101099Srwatson{ 2004101099Srwatson struct mac_biba *subj, *obj; 2005101099Srwatson 2006101099Srwatson if (!mac_biba_enabled) 2007101099Srwatson return (0); 2008101099Srwatson 2009101099Srwatson subj = SLOT(&cred->cr_label); 2010101099Srwatson obj = SLOT(vnodelabel); 2011101099Srwatson 2012101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2013101099Srwatson return (EACCES); 2014101099Srwatson 2015101099Srwatson return (0); 2016101099Srwatson} 2017101099Srwatson 2018101099Srwatsonstatic int 2019102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2020102129Srwatson struct vnode *vp, struct label *vnodelabel) 2021101099Srwatson{ 2022101099Srwatson struct mac_biba *subj, *obj; 2023101099Srwatson 2024101099Srwatson if (!mac_biba_enabled) 2025101099Srwatson return (0); 2026101099Srwatson 2027102129Srwatson subj = SLOT(&active_cred->cr_label); 2028101099Srwatson obj = SLOT(vnodelabel); 2029101099Srwatson 2030101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2031101099Srwatson return (EACCES); 2032101099Srwatson 2033101099Srwatson return (0); 2034101099Srwatson} 2035101099Srwatson 2036102112Srwatsonstatic int 2037102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 2038102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 2039102112Srwatson{ 2040102112Srwatson struct mac_biba *subj, *obj; 2041102112Srwatson 2042102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2043102112Srwatson return (0); 2044102112Srwatson 2045102129Srwatson subj = SLOT(&active_cred->cr_label); 2046102112Srwatson obj = SLOT(label); 2047102112Srwatson 2048102112Srwatson if (!mac_biba_dominate_single(subj, obj)) 2049102112Srwatson return (EACCES); 2050102112Srwatson 2051102112Srwatson return (0); 2052102112Srwatson} 2053102112Srwatson 2054101099Srwatsonstatic vm_prot_t 2055101099Srwatsonmac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, 2056101099Srwatson struct label *label, int newmapping) 2057101099Srwatson{ 2058101099Srwatson struct mac_biba *subj, *obj; 2059101099Srwatson vm_prot_t prot = 0; 2060101099Srwatson 2061101099Srwatson if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) 2062101099Srwatson return (VM_PROT_ALL); 2063101099Srwatson 2064101099Srwatson subj = SLOT(&cred->cr_label); 2065101099Srwatson obj = SLOT(label); 2066101099Srwatson 2067101099Srwatson if (mac_biba_dominate_single(obj, subj)) 2068101099Srwatson prot |= VM_PROT_READ | VM_PROT_EXECUTE; 2069101099Srwatson if (mac_biba_dominate_single(subj, obj)) 2070101099Srwatson prot |= VM_PROT_WRITE; 2071101099Srwatson return (prot); 2072101099Srwatson} 2073101099Srwatson 2074101099Srwatsonstatic struct mac_policy_op_entry mac_biba_ops[] = 2075101099Srwatson{ 2076101099Srwatson { MAC_DESTROY, 2077101099Srwatson (macop_t)mac_biba_destroy }, 2078101099Srwatson { MAC_INIT, 2079101099Srwatson (macop_t)mac_biba_init }, 2080101099Srwatson { MAC_INIT_BPFDESC, 2081101099Srwatson (macop_t)mac_biba_init_bpfdesc }, 2082101099Srwatson { MAC_INIT_CRED, 2083101099Srwatson (macop_t)mac_biba_init_cred }, 2084101099Srwatson { MAC_INIT_DEVFSDIRENT, 2085101099Srwatson (macop_t)mac_biba_init_devfsdirent }, 2086101099Srwatson { MAC_INIT_IFNET, 2087101099Srwatson (macop_t)mac_biba_init_ifnet }, 2088101099Srwatson { MAC_INIT_IPQ, 2089101099Srwatson (macop_t)mac_biba_init_ipq }, 2090101099Srwatson { MAC_INIT_MBUF, 2091101099Srwatson (macop_t)mac_biba_init_mbuf }, 2092101099Srwatson { MAC_INIT_MOUNT, 2093101099Srwatson (macop_t)mac_biba_init_mount }, 2094101099Srwatson { MAC_INIT_PIPE, 2095101099Srwatson (macop_t)mac_biba_init_pipe }, 2096101099Srwatson { MAC_INIT_SOCKET, 2097101099Srwatson (macop_t)mac_biba_init_socket }, 2098101099Srwatson { MAC_INIT_TEMP, 2099101099Srwatson (macop_t)mac_biba_init_temp }, 2100101099Srwatson { MAC_INIT_VNODE, 2101101099Srwatson (macop_t)mac_biba_init_vnode }, 2102101099Srwatson { MAC_DESTROY_BPFDESC, 2103101099Srwatson (macop_t)mac_biba_destroy_bpfdesc }, 2104101099Srwatson { MAC_DESTROY_CRED, 2105101099Srwatson (macop_t)mac_biba_destroy_cred }, 2106101099Srwatson { MAC_DESTROY_DEVFSDIRENT, 2107101099Srwatson (macop_t)mac_biba_destroy_devfsdirent }, 2108101099Srwatson { MAC_DESTROY_IFNET, 2109101099Srwatson (macop_t)mac_biba_destroy_ifnet }, 2110101099Srwatson { MAC_DESTROY_IPQ, 2111101099Srwatson (macop_t)mac_biba_destroy_ipq }, 2112101099Srwatson { MAC_DESTROY_MBUF, 2113101099Srwatson (macop_t)mac_biba_destroy_mbuf }, 2114101099Srwatson { MAC_DESTROY_MOUNT, 2115101099Srwatson (macop_t)mac_biba_destroy_mount }, 2116101099Srwatson { MAC_DESTROY_PIPE, 2117101099Srwatson (macop_t)mac_biba_destroy_pipe }, 2118101099Srwatson { MAC_DESTROY_SOCKET, 2119101099Srwatson (macop_t)mac_biba_destroy_socket }, 2120101099Srwatson { MAC_DESTROY_TEMP, 2121101099Srwatson (macop_t)mac_biba_destroy_temp }, 2122101099Srwatson { MAC_DESTROY_VNODE, 2123101099Srwatson (macop_t)mac_biba_destroy_vnode }, 2124101099Srwatson { MAC_EXTERNALIZE, 2125101099Srwatson (macop_t)mac_biba_externalize }, 2126101099Srwatson { MAC_INTERNALIZE, 2127101099Srwatson (macop_t)mac_biba_internalize }, 2128101099Srwatson { MAC_CREATE_DEVFS_DEVICE, 2129101099Srwatson (macop_t)mac_biba_create_devfs_device }, 2130101099Srwatson { MAC_CREATE_DEVFS_DIRECTORY, 2131101099Srwatson (macop_t)mac_biba_create_devfs_directory }, 2132101099Srwatson { MAC_CREATE_DEVFS_VNODE, 2133101099Srwatson (macop_t)mac_biba_create_devfs_vnode }, 2134101099Srwatson { MAC_CREATE_VNODE, 2135101099Srwatson (macop_t)mac_biba_create_vnode }, 2136101099Srwatson { MAC_CREATE_MOUNT, 2137101099Srwatson (macop_t)mac_biba_create_mount }, 2138101099Srwatson { MAC_CREATE_ROOT_MOUNT, 2139101099Srwatson (macop_t)mac_biba_create_root_mount }, 2140101099Srwatson { MAC_RELABEL_VNODE, 2141101099Srwatson (macop_t)mac_biba_relabel_vnode }, 2142101099Srwatson { MAC_UPDATE_DEVFSDIRENT, 2143101099Srwatson (macop_t)mac_biba_update_devfsdirent }, 2144101099Srwatson { MAC_UPDATE_PROCFSVNODE, 2145101099Srwatson (macop_t)mac_biba_update_procfsvnode }, 2146101099Srwatson { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 2147101099Srwatson (macop_t)mac_biba_update_vnode_from_externalized }, 2148101099Srwatson { MAC_UPDATE_VNODE_FROM_MOUNT, 2149101099Srwatson (macop_t)mac_biba_update_vnode_from_mount }, 2150101099Srwatson { MAC_CREATE_MBUF_FROM_SOCKET, 2151101099Srwatson (macop_t)mac_biba_create_mbuf_from_socket }, 2152101099Srwatson { MAC_CREATE_PIPE, 2153101099Srwatson (macop_t)mac_biba_create_pipe }, 2154101099Srwatson { MAC_CREATE_SOCKET, 2155101099Srwatson (macop_t)mac_biba_create_socket }, 2156101099Srwatson { MAC_CREATE_SOCKET_FROM_SOCKET, 2157101099Srwatson (macop_t)mac_biba_create_socket_from_socket }, 2158101099Srwatson { MAC_RELABEL_PIPE, 2159101099Srwatson (macop_t)mac_biba_relabel_pipe }, 2160101099Srwatson { MAC_RELABEL_SOCKET, 2161101099Srwatson (macop_t)mac_biba_relabel_socket }, 2162101099Srwatson { MAC_SET_SOCKET_PEER_FROM_MBUF, 2163101099Srwatson (macop_t)mac_biba_set_socket_peer_from_mbuf }, 2164101099Srwatson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 2165101099Srwatson (macop_t)mac_biba_set_socket_peer_from_socket }, 2166101099Srwatson { MAC_CREATE_BPFDESC, 2167101099Srwatson (macop_t)mac_biba_create_bpfdesc }, 2168101099Srwatson { MAC_CREATE_DATAGRAM_FROM_IPQ, 2169101099Srwatson (macop_t)mac_biba_create_datagram_from_ipq }, 2170101099Srwatson { MAC_CREATE_FRAGMENT, 2171101099Srwatson (macop_t)mac_biba_create_fragment }, 2172101099Srwatson { MAC_CREATE_IFNET, 2173101099Srwatson (macop_t)mac_biba_create_ifnet }, 2174101099Srwatson { MAC_CREATE_IPQ, 2175101099Srwatson (macop_t)mac_biba_create_ipq }, 2176101099Srwatson { MAC_CREATE_MBUF_FROM_MBUF, 2177101099Srwatson (macop_t)mac_biba_create_mbuf_from_mbuf }, 2178101099Srwatson { MAC_CREATE_MBUF_LINKLAYER, 2179101099Srwatson (macop_t)mac_biba_create_mbuf_linklayer }, 2180101099Srwatson { MAC_CREATE_MBUF_FROM_BPFDESC, 2181101099Srwatson (macop_t)mac_biba_create_mbuf_from_bpfdesc }, 2182101099Srwatson { MAC_CREATE_MBUF_FROM_IFNET, 2183101099Srwatson (macop_t)mac_biba_create_mbuf_from_ifnet }, 2184101099Srwatson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 2185101099Srwatson (macop_t)mac_biba_create_mbuf_multicast_encap }, 2186101099Srwatson { MAC_CREATE_MBUF_NETLAYER, 2187101099Srwatson (macop_t)mac_biba_create_mbuf_netlayer }, 2188101099Srwatson { MAC_FRAGMENT_MATCH, 2189101099Srwatson (macop_t)mac_biba_fragment_match }, 2190101099Srwatson { MAC_RELABEL_IFNET, 2191101099Srwatson (macop_t)mac_biba_relabel_ifnet }, 2192101099Srwatson { MAC_UPDATE_IPQ, 2193101099Srwatson (macop_t)mac_biba_update_ipq }, 2194101099Srwatson { MAC_CREATE_CRED, 2195101099Srwatson (macop_t)mac_biba_create_cred }, 2196101099Srwatson { MAC_EXECVE_TRANSITION, 2197101099Srwatson (macop_t)mac_biba_execve_transition }, 2198101099Srwatson { MAC_EXECVE_WILL_TRANSITION, 2199101099Srwatson (macop_t)mac_biba_execve_will_transition }, 2200101099Srwatson { MAC_CREATE_PROC0, 2201101099Srwatson (macop_t)mac_biba_create_proc0 }, 2202101099Srwatson { MAC_CREATE_PROC1, 2203101099Srwatson (macop_t)mac_biba_create_proc1 }, 2204101099Srwatson { MAC_RELABEL_CRED, 2205101099Srwatson (macop_t)mac_biba_relabel_cred }, 2206101099Srwatson { MAC_CHECK_BPFDESC_RECEIVE, 2207101099Srwatson (macop_t)mac_biba_check_bpfdesc_receive }, 2208101099Srwatson { MAC_CHECK_CRED_RELABEL, 2209101099Srwatson (macop_t)mac_biba_check_cred_relabel }, 2210101099Srwatson { MAC_CHECK_CRED_VISIBLE, 2211101099Srwatson (macop_t)mac_biba_check_cred_visible }, 2212101099Srwatson { MAC_CHECK_IFNET_RELABEL, 2213101099Srwatson (macop_t)mac_biba_check_ifnet_relabel }, 2214101099Srwatson { MAC_CHECK_IFNET_TRANSMIT, 2215101099Srwatson (macop_t)mac_biba_check_ifnet_transmit }, 2216101099Srwatson { MAC_CHECK_MOUNT_STAT, 2217101099Srwatson (macop_t)mac_biba_check_mount_stat }, 2218101099Srwatson { MAC_CHECK_PIPE_IOCTL, 2219101099Srwatson (macop_t)mac_biba_check_pipe_ioctl }, 2220102115Srwatson { MAC_CHECK_PIPE_POLL, 2221102115Srwatson (macop_t)mac_biba_check_pipe_poll }, 2222102115Srwatson { MAC_CHECK_PIPE_READ, 2223102115Srwatson (macop_t)mac_biba_check_pipe_read }, 2224101099Srwatson { MAC_CHECK_PIPE_RELABEL, 2225101099Srwatson (macop_t)mac_biba_check_pipe_relabel }, 2226102115Srwatson { MAC_CHECK_PIPE_STAT, 2227102115Srwatson (macop_t)mac_biba_check_pipe_stat }, 2228102115Srwatson { MAC_CHECK_PIPE_WRITE, 2229102115Srwatson (macop_t)mac_biba_check_pipe_write }, 2230101099Srwatson { MAC_CHECK_PROC_DEBUG, 2231101099Srwatson (macop_t)mac_biba_check_proc_debug }, 2232101099Srwatson { MAC_CHECK_PROC_SCHED, 2233101099Srwatson (macop_t)mac_biba_check_proc_sched }, 2234101099Srwatson { MAC_CHECK_PROC_SIGNAL, 2235101099Srwatson (macop_t)mac_biba_check_proc_signal }, 2236101934Srwatson { MAC_CHECK_SOCKET_DELIVER, 2237101934Srwatson (macop_t)mac_biba_check_socket_deliver }, 2238101099Srwatson { MAC_CHECK_SOCKET_RELABEL, 2239101099Srwatson (macop_t)mac_biba_check_socket_relabel }, 2240101099Srwatson { MAC_CHECK_SOCKET_VISIBLE, 2241101099Srwatson (macop_t)mac_biba_check_socket_visible }, 2242101099Srwatson { MAC_CHECK_VNODE_ACCESS, 2243101099Srwatson (macop_t)mac_biba_check_vnode_access }, 2244101099Srwatson { MAC_CHECK_VNODE_CHDIR, 2245101099Srwatson (macop_t)mac_biba_check_vnode_chdir }, 2246101099Srwatson { MAC_CHECK_VNODE_CHROOT, 2247101099Srwatson (macop_t)mac_biba_check_vnode_chroot }, 2248101099Srwatson { MAC_CHECK_VNODE_CREATE, 2249101099Srwatson (macop_t)mac_biba_check_vnode_create }, 2250101099Srwatson { MAC_CHECK_VNODE_DELETE, 2251101099Srwatson (macop_t)mac_biba_check_vnode_delete }, 2252101099Srwatson { MAC_CHECK_VNODE_DELETEACL, 2253101099Srwatson (macop_t)mac_biba_check_vnode_deleteacl }, 2254101099Srwatson { MAC_CHECK_VNODE_EXEC, 2255101099Srwatson (macop_t)mac_biba_check_vnode_exec }, 2256101099Srwatson { MAC_CHECK_VNODE_GETACL, 2257101099Srwatson (macop_t)mac_biba_check_vnode_getacl }, 2258101099Srwatson { MAC_CHECK_VNODE_GETEXTATTR, 2259101099Srwatson (macop_t)mac_biba_check_vnode_getextattr }, 2260101099Srwatson { MAC_CHECK_VNODE_LOOKUP, 2261101099Srwatson (macop_t)mac_biba_check_vnode_lookup }, 2262101099Srwatson { MAC_CHECK_VNODE_OPEN, 2263101099Srwatson (macop_t)mac_biba_check_vnode_open }, 2264102112Srwatson { MAC_CHECK_VNODE_POLL, 2265102112Srwatson (macop_t)mac_biba_check_vnode_poll }, 2266102112Srwatson { MAC_CHECK_VNODE_READ, 2267102112Srwatson (macop_t)mac_biba_check_vnode_read }, 2268101099Srwatson { MAC_CHECK_VNODE_READDIR, 2269101099Srwatson (macop_t)mac_biba_check_vnode_readdir }, 2270101099Srwatson { MAC_CHECK_VNODE_READLINK, 2271101099Srwatson (macop_t)mac_biba_check_vnode_readlink }, 2272101099Srwatson { MAC_CHECK_VNODE_RELABEL, 2273101099Srwatson (macop_t)mac_biba_check_vnode_relabel }, 2274101099Srwatson { MAC_CHECK_VNODE_RENAME_FROM, 2275101099Srwatson (macop_t)mac_biba_check_vnode_rename_from }, 2276101099Srwatson { MAC_CHECK_VNODE_RENAME_TO, 2277101099Srwatson (macop_t)mac_biba_check_vnode_rename_to }, 2278101099Srwatson { MAC_CHECK_VNODE_REVOKE, 2279101099Srwatson (macop_t)mac_biba_check_vnode_revoke }, 2280101099Srwatson { MAC_CHECK_VNODE_SETACL, 2281101099Srwatson (macop_t)mac_biba_check_vnode_setacl }, 2282101099Srwatson { MAC_CHECK_VNODE_SETEXTATTR, 2283101099Srwatson (macop_t)mac_biba_check_vnode_setextattr }, 2284101099Srwatson { MAC_CHECK_VNODE_SETFLAGS, 2285101099Srwatson (macop_t)mac_biba_check_vnode_setflags }, 2286101099Srwatson { MAC_CHECK_VNODE_SETMODE, 2287101099Srwatson (macop_t)mac_biba_check_vnode_setmode }, 2288101099Srwatson { MAC_CHECK_VNODE_SETOWNER, 2289101099Srwatson (macop_t)mac_biba_check_vnode_setowner }, 2290101099Srwatson { MAC_CHECK_VNODE_SETUTIMES, 2291101099Srwatson (macop_t)mac_biba_check_vnode_setutimes }, 2292101099Srwatson { MAC_CHECK_VNODE_STAT, 2293101099Srwatson (macop_t)mac_biba_check_vnode_stat }, 2294102112Srwatson { MAC_CHECK_VNODE_WRITE, 2295102112Srwatson (macop_t)mac_biba_check_vnode_write }, 2296101099Srwatson { MAC_CHECK_VNODE_MMAP_PERMS, 2297101099Srwatson (macop_t)mac_biba_check_vnode_mmap_perms }, 2298101099Srwatson { MAC_OP_LAST, NULL } 2299101099Srwatson}; 2300101099Srwatson 2301101099SrwatsonMAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2302101099Srwatson MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2303