mac_biba.c revision 103759
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 103759 2002-09-21 19:26:59Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/malloc.h> 52#include <sys/mount.h> 53#include <sys/proc.h> 54#include <sys/systm.h> 55#include <sys/sysproto.h> 56#include <sys/sysent.h> 57#include <sys/vnode.h> 58#include <sys/file.h> 59#include <sys/socket.h> 60#include <sys/socketvar.h> 61#include <sys/pipe.h> 62#include <sys/sysctl.h> 63 64#include <fs/devfs/devfs.h> 65 66#include <net/bpfdesc.h> 67#include <net/if.h> 68#include <net/if_types.h> 69#include <net/if_var.h> 70 71#include <netinet/in.h> 72#include <netinet/ip_var.h> 73 74#include <vm/vm.h> 75 76#include <sys/mac_policy.h> 77 78#include <security/mac_biba/mac_biba.h> 79 80SYSCTL_DECL(_security_mac); 81 82SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 83 "TrustedBSD mac_biba policy controls"); 84 85static int mac_biba_enabled = 0; 86SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 87 &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 88TUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 89 90static int destroyed_not_inited; 91SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 92 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 93 94static int trust_all_interfaces = 0; 95SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 96 &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 97TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 98 99static char trusted_interfaces[128]; 100SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 101 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 102TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 103 sizeof(trusted_interfaces)); 104 105static int mac_biba_revocation_enabled = 0; 106SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 107 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 108TUNABLE_INT("security.mac.biba.revocation_enabled", 109 &mac_biba_revocation_enabled); 110 111static int mac_biba_slot; 112#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 113 114MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 115 116static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 117 struct label *vnodelabel, mode_t acc_mode); 118 119static struct mac_biba * 120biba_alloc(int how) 121{ 122 struct mac_biba *mac_biba; 123 124 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how); 125 126 return (mac_biba); 127} 128 129static void 130biba_free(struct mac_biba *mac_biba) 131{ 132 133 if (mac_biba != NULL) 134 free(mac_biba, M_MACBIBA); 135 else 136 atomic_add_int(&destroyed_not_inited, 1); 137} 138 139static int 140mac_biba_dominate_element(struct mac_biba_element *a, 141 struct mac_biba_element *b) 142{ 143 144 switch(a->mbe_type) { 145 case MAC_BIBA_TYPE_EQUAL: 146 case MAC_BIBA_TYPE_HIGH: 147 return (1); 148 149 case MAC_BIBA_TYPE_LOW: 150 switch (b->mbe_type) { 151 case MAC_BIBA_TYPE_GRADE: 152 case MAC_BIBA_TYPE_HIGH: 153 return (0); 154 155 case MAC_BIBA_TYPE_EQUAL: 156 case MAC_BIBA_TYPE_LOW: 157 return (1); 158 159 default: 160 panic("mac_biba_dominate_element: b->mbe_type invalid"); 161 } 162 163 case MAC_BIBA_TYPE_GRADE: 164 switch (b->mbe_type) { 165 case MAC_BIBA_TYPE_EQUAL: 166 case MAC_BIBA_TYPE_LOW: 167 return (1); 168 169 case MAC_BIBA_TYPE_HIGH: 170 return (0); 171 172 case MAC_BIBA_TYPE_GRADE: 173 return (a->mbe_grade >= b->mbe_grade); 174 175 default: 176 panic("mac_biba_dominate_element: b->mbe_type invalid"); 177 } 178 179 default: 180 panic("mac_biba_dominate_element: a->mbe_type invalid"); 181 } 182 183 return (0); 184} 185 186static int 187mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 188{ 189 190 return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 191 &rangea->mb_rangehigh) && 192 mac_biba_dominate_element(&rangea->mb_rangelow, 193 &rangeb->mb_rangelow)); 194} 195 196static int 197mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 198{ 199 200 KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 201 ("mac_biba_single_in_range: a not single")); 202 KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 203 ("mac_biba_single_in_range: b not range")); 204 205 return (mac_biba_dominate_element(&range->mb_rangehigh, 206 &single->mb_single) && 207 mac_biba_dominate_element(&single->mb_single, 208 &range->mb_rangelow)); 209 210 return (1); 211} 212 213static int 214mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 215{ 216 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 217 ("mac_biba_dominate_single: a not single")); 218 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 219 ("mac_biba_dominate_single: b not single")); 220 221 return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 222} 223 224static int 225mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 226{ 227 228 if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 229 b->mbe_type == MAC_BIBA_TYPE_EQUAL) 230 return (1); 231 232 return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 233} 234 235static int 236mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 237{ 238 239 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 240 ("mac_biba_equal_single: a not single")); 241 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 242 ("mac_biba_equal_single: b not single")); 243 244 return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 245} 246 247static int 248mac_biba_valid(struct mac_biba *mac_biba) 249{ 250 251 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 252 switch (mac_biba->mb_single.mbe_type) { 253 case MAC_BIBA_TYPE_GRADE: 254 break; 255 256 case MAC_BIBA_TYPE_EQUAL: 257 case MAC_BIBA_TYPE_HIGH: 258 case MAC_BIBA_TYPE_LOW: 259 if (mac_biba->mb_single.mbe_grade != 0) 260 return (EINVAL); 261 break; 262 263 default: 264 return (EINVAL); 265 } 266 } else { 267 if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 268 return (EINVAL); 269 } 270 271 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 272 switch (mac_biba->mb_rangelow.mbe_type) { 273 case MAC_BIBA_TYPE_GRADE: 274 break; 275 276 case MAC_BIBA_TYPE_EQUAL: 277 case MAC_BIBA_TYPE_HIGH: 278 case MAC_BIBA_TYPE_LOW: 279 if (mac_biba->mb_rangelow.mbe_grade != 0) 280 return (EINVAL); 281 break; 282 283 default: 284 return (EINVAL); 285 } 286 287 switch (mac_biba->mb_rangehigh.mbe_type) { 288 case MAC_BIBA_TYPE_GRADE: 289 break; 290 291 case MAC_BIBA_TYPE_EQUAL: 292 case MAC_BIBA_TYPE_HIGH: 293 case MAC_BIBA_TYPE_LOW: 294 if (mac_biba->mb_rangehigh.mbe_grade != 0) 295 return (EINVAL); 296 break; 297 298 default: 299 return (EINVAL); 300 } 301 if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 302 &mac_biba->mb_rangelow)) 303 return (EINVAL); 304 } else { 305 if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 306 mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 307 return (EINVAL); 308 } 309 310 return (0); 311} 312 313static void 314mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 315 u_short gradelow, u_short typehigh, u_short gradehigh) 316{ 317 318 mac_biba->mb_rangelow.mbe_type = typelow; 319 mac_biba->mb_rangelow.mbe_grade = gradelow; 320 mac_biba->mb_rangehigh.mbe_type = typehigh; 321 mac_biba->mb_rangehigh.mbe_grade = gradehigh; 322 mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 323} 324 325static void 326mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) 327{ 328 329 mac_biba->mb_single.mbe_type = type; 330 mac_biba->mb_single.mbe_grade = grade; 331 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 332} 333 334static void 335mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 336{ 337 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 338 ("mac_biba_copy_range: labelfrom not range")); 339 340 labelto->mb_rangelow = labelfrom->mb_rangelow; 341 labelto->mb_rangehigh = labelfrom->mb_rangehigh; 342 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 343} 344 345static void 346mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 347{ 348 349 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 350 ("mac_biba_copy_single: labelfrom not single")); 351 352 labelto->mb_single = labelfrom->mb_single; 353 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 354} 355 356static void 357mac_biba_copy_single_to_range(struct mac_biba *labelfrom, 358 struct mac_biba *labelto) 359{ 360 361 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 362 ("mac_biba_copy_single_to_range: labelfrom not single")); 363 364 labelto->mb_rangelow = labelfrom->mb_single; 365 labelto->mb_rangehigh = labelfrom->mb_single; 366 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 367} 368 369/* 370 * Policy module operations. 371 */ 372static void 373mac_biba_destroy(struct mac_policy_conf *conf) 374{ 375 376} 377 378static void 379mac_biba_init(struct mac_policy_conf *conf) 380{ 381 382} 383 384/* 385 * Label operations. 386 */ 387static void 388mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 389{ 390 391 SLOT(label) = biba_alloc(M_WAITOK); 392} 393 394static void 395mac_biba_init_cred(struct ucred *ucred, struct label *label) 396{ 397 398 SLOT(label) = biba_alloc(M_WAITOK); 399} 400 401static void 402mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent, 403 struct label *label) 404{ 405 406 SLOT(label) = biba_alloc(M_WAITOK); 407} 408 409static void 410mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label) 411{ 412 413 SLOT(label) = biba_alloc(M_WAITOK); 414} 415 416static void 417mac_biba_init_ipq(struct ipq *ipq, struct label *label) 418{ 419 420 SLOT(label) = biba_alloc(M_WAITOK); 421} 422 423static int 424mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 425{ 426 427 SLOT(label) = biba_alloc(how); 428 if (SLOT(label) == NULL) 429 return (ENOMEM); 430 431 return (0); 432} 433 434static void 435mac_biba_init_mount(struct mount *mount, struct label *mntlabel, 436 struct label *fslabel) 437{ 438 439 SLOT(mntlabel) = biba_alloc(M_WAITOK); 440 SLOT(fslabel) = biba_alloc(M_WAITOK); 441} 442 443static void 444mac_biba_init_socket(struct socket *socket, struct label *label, 445 struct label *peerlabel) 446{ 447 448 SLOT(label) = biba_alloc(M_WAITOK); 449 SLOT(peerlabel) = biba_alloc(M_WAITOK); 450} 451 452static void 453mac_biba_init_pipe(struct pipe *pipe, struct label *label) 454{ 455 456 SLOT(label) = biba_alloc(M_WAITOK); 457} 458 459static void 460mac_biba_init_temp(struct label *label) 461{ 462 463 SLOT(label) = biba_alloc(M_WAITOK); 464} 465 466static void 467mac_biba_init_vnode(struct vnode *vp, struct label *label) 468{ 469 470 SLOT(label) = biba_alloc(M_WAITOK); 471} 472 473static void 474mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 475{ 476 477 biba_free(SLOT(label)); 478 SLOT(label) = NULL; 479} 480 481static void 482mac_biba_destroy_cred(struct ucred *ucred, struct label *label) 483{ 484 485 biba_free(SLOT(label)); 486 SLOT(label) = NULL; 487} 488 489static void 490mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 491 struct label *label) 492{ 493 494 biba_free(SLOT(label)); 495 SLOT(label) = NULL; 496} 497 498static void 499mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label) 500{ 501 502 biba_free(SLOT(label)); 503 SLOT(label) = NULL; 504} 505 506static void 507mac_biba_destroy_ipq(struct ipq *ipq, struct label *label) 508{ 509 510 biba_free(SLOT(label)); 511 SLOT(label) = NULL; 512} 513 514static void 515mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label) 516{ 517 518 biba_free(SLOT(label)); 519 SLOT(label) = NULL; 520} 521 522static void 523mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel, 524 struct label *fslabel) 525{ 526 527 biba_free(SLOT(mntlabel)); 528 SLOT(mntlabel) = NULL; 529 biba_free(SLOT(fslabel)); 530 SLOT(fslabel) = NULL; 531} 532 533static void 534mac_biba_destroy_socket(struct socket *socket, struct label *label, 535 struct label *peerlabel) 536{ 537 538 biba_free(SLOT(label)); 539 SLOT(label) = NULL; 540 biba_free(SLOT(peerlabel)); 541 SLOT(peerlabel) = NULL; 542} 543 544static void 545mac_biba_destroy_pipe(struct pipe *pipe, struct label *label) 546{ 547 548 biba_free(SLOT(label)); 549 SLOT(label) = NULL; 550} 551 552static void 553mac_biba_destroy_temp(struct label *label) 554{ 555 556 biba_free(SLOT(label)); 557 SLOT(label) = NULL; 558} 559 560static void 561mac_biba_destroy_vnode(struct vnode *vp, struct label *label) 562{ 563 564 biba_free(SLOT(label)); 565 SLOT(label) = NULL; 566} 567 568static int 569mac_biba_externalize(struct label *label, struct mac *extmac) 570{ 571 struct mac_biba *mac_biba; 572 573 mac_biba = SLOT(label); 574 575 if (mac_biba == NULL) { 576 printf("mac_biba_externalize: NULL pointer\n"); 577 return (0); 578 } 579 580 extmac->m_biba = *mac_biba; 581 582 return (0); 583} 584 585static int 586mac_biba_internalize(struct label *label, struct mac *extmac) 587{ 588 struct mac_biba *mac_biba; 589 int error; 590 591 mac_biba = SLOT(label); 592 593 error = mac_biba_valid(mac_biba); 594 if (error) 595 return (error); 596 597 *mac_biba = extmac->m_biba; 598 599 return (0); 600} 601 602/* 603 * Labeling event operations: file system objects, and things that look 604 * a lot like file system objects. 605 */ 606static void 607mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 608 struct label *label) 609{ 610 struct mac_biba *mac_biba; 611 int biba_type; 612 613 mac_biba = SLOT(label); 614 if (strcmp(dev->si_name, "null") == 0 || 615 strcmp(dev->si_name, "zero") == 0 || 616 strcmp(dev->si_name, "random") == 0 || 617 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 618 biba_type = MAC_BIBA_TYPE_EQUAL; 619 else 620 biba_type = MAC_BIBA_TYPE_HIGH; 621 mac_biba_set_single(mac_biba, biba_type, 0); 622} 623 624static void 625mac_biba_create_devfs_directory(char *dirname, int dirnamelen, 626 struct devfs_dirent *devfs_dirent, struct label *label) 627{ 628 struct mac_biba *mac_biba; 629 630 mac_biba = SLOT(label); 631 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 632} 633 634static void 635mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 636 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 637{ 638 struct mac_biba *source, *dest; 639 640 source = SLOT(direntlabel); 641 dest = SLOT(vnodelabel); 642 mac_biba_copy_single(source, dest); 643} 644 645static void 646mac_biba_create_vnode(struct ucred *cred, struct vnode *parent, 647 struct label *parentlabel, struct vnode *child, struct label *childlabel) 648{ 649 struct mac_biba *source, *dest; 650 651 source = SLOT(&cred->cr_label); 652 dest = SLOT(childlabel); 653 654 mac_biba_copy_single(source, dest); 655} 656 657static void 658mac_biba_create_mount(struct ucred *cred, struct mount *mp, 659 struct label *mntlabel, struct label *fslabel) 660{ 661 struct mac_biba *source, *dest; 662 663 source = SLOT(&cred->cr_label); 664 dest = SLOT(mntlabel); 665 mac_biba_copy_single(source, dest); 666 dest = SLOT(fslabel); 667 mac_biba_copy_single(source, dest); 668} 669 670static void 671mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 672 struct label *mntlabel, struct label *fslabel) 673{ 674 struct mac_biba *mac_biba; 675 676 /* Always mount root as high integrity. */ 677 mac_biba = SLOT(fslabel); 678 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 679 mac_biba = SLOT(mntlabel); 680 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 681} 682 683static void 684mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 685 struct label *vnodelabel, struct label *label) 686{ 687 struct mac_biba *source, *dest; 688 689 source = SLOT(label); 690 dest = SLOT(vnodelabel); 691 692 mac_biba_copy_single(source, dest); 693} 694 695static void 696mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 697 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 698{ 699 struct mac_biba *source, *dest; 700 701 source = SLOT(vnodelabel); 702 dest = SLOT(direntlabel); 703 704 mac_biba_copy_single(source, dest); 705} 706 707static void 708mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 709 struct ucred *cred) 710{ 711 struct mac_biba *source, *dest; 712 713 source = SLOT(&cred->cr_label); 714 dest = SLOT(vnodelabel); 715 716 /* 717 * Only copy the single, not the range, since vnodes only have 718 * a single. 719 */ 720 mac_biba_copy_single(source, dest); 721} 722 723static int 724mac_biba_update_vnode_from_externalized(struct vnode *vp, 725 struct label *vnodelabel, struct mac *extmac) 726{ 727 struct mac_biba *source, *dest; 728 int error; 729 730 source = &extmac->m_biba; 731 dest = SLOT(vnodelabel); 732 733 error = mac_biba_valid(source); 734 if (error) 735 return (error); 736 737 if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 738 return (EINVAL); 739 740 mac_biba_copy_single(source, dest); 741 742 return (0); 743} 744 745static void 746mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 747 struct mount *mp, struct label *fslabel) 748{ 749 struct mac_biba *source, *dest; 750 751 source = SLOT(fslabel); 752 dest = SLOT(vnodelabel); 753 754 mac_biba_copy_single(source, dest); 755} 756 757/* 758 * Labeling event operations: IPC object. 759 */ 760static void 761mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 762 struct mbuf *m, struct label *mbuflabel) 763{ 764 struct mac_biba *source, *dest; 765 766 source = SLOT(socketlabel); 767 dest = SLOT(mbuflabel); 768 769 mac_biba_copy_single(source, dest); 770} 771 772static void 773mac_biba_create_socket(struct ucred *cred, struct socket *socket, 774 struct label *socketlabel) 775{ 776 struct mac_biba *source, *dest; 777 778 source = SLOT(&cred->cr_label); 779 dest = SLOT(socketlabel); 780 781 mac_biba_copy_single(source, dest); 782 mac_biba_copy_single_to_range(source, dest); 783} 784 785static void 786mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 787 struct label *pipelabel) 788{ 789 struct mac_biba *source, *dest; 790 791 source = SLOT(&cred->cr_label); 792 dest = SLOT(pipelabel); 793 794 mac_biba_copy_single(source, dest); 795} 796 797static void 798mac_biba_create_socket_from_socket(struct socket *oldsocket, 799 struct label *oldsocketlabel, struct socket *newsocket, 800 struct label *newsocketlabel) 801{ 802 struct mac_biba *source, *dest; 803 804 source = SLOT(oldsocketlabel); 805 dest = SLOT(newsocketlabel); 806 807 mac_biba_copy_single(source, dest); 808 mac_biba_copy_range(source, dest); 809} 810 811static void 812mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 813 struct label *socketlabel, struct label *newlabel) 814{ 815 struct mac_biba *source, *dest; 816 817 source = SLOT(newlabel); 818 dest = SLOT(socketlabel); 819 820 mac_biba_copy_single(source, dest); 821 mac_biba_copy_range(source, dest); 822} 823 824static void 825mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 826 struct label *pipelabel, struct label *newlabel) 827{ 828 struct mac_biba *source, *dest; 829 830 source = SLOT(newlabel); 831 dest = SLOT(pipelabel); 832 833 mac_biba_copy_single(source, dest); 834} 835 836static void 837mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 838 struct socket *socket, struct label *socketpeerlabel) 839{ 840 struct mac_biba *source, *dest; 841 842 source = SLOT(mbuflabel); 843 dest = SLOT(socketpeerlabel); 844 845 mac_biba_copy_single(source, dest); 846} 847 848/* 849 * Labeling event operations: network objects. 850 */ 851static void 852mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 853 struct label *oldsocketlabel, struct socket *newsocket, 854 struct label *newsocketpeerlabel) 855{ 856 struct mac_biba *source, *dest; 857 858 source = SLOT(oldsocketlabel); 859 dest = SLOT(newsocketpeerlabel); 860 861 mac_biba_copy_single(source, dest); 862} 863 864static void 865mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 866 struct label *bpflabel) 867{ 868 struct mac_biba *source, *dest; 869 870 source = SLOT(&cred->cr_label); 871 dest = SLOT(bpflabel); 872 873 mac_biba_copy_single(source, dest); 874} 875 876static void 877mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 878{ 879 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 880 char tiflist[sizeof(trusted_interfaces)]; 881 struct mac_biba *dest; 882 int len, grade; 883 884 dest = SLOT(ifnetlabel); 885 886 if (ifnet->if_type == IFT_LOOP) { 887 grade = MAC_BIBA_TYPE_EQUAL; 888 goto set; 889 } 890 891 if (trust_all_interfaces) { 892 grade = MAC_BIBA_TYPE_HIGH; 893 goto set; 894 } 895 896 grade = MAC_BIBA_TYPE_LOW; 897 898 if (trusted_interfaces[0] == '\0' || 899 !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 900 goto set; 901 902 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 903 if(*p != ' ' && *p != '\t') 904 *q = *p; 905 906 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 907 908 for (p = q = tiflist;; p++) { 909 if (*p == ',' || *p == '\0') { 910 len = p - q; 911 if (len < IFNAMSIZ) { 912 bzero(tifname, sizeof(tifname)); 913 bcopy(q, tifname, len); 914 if (strcmp(tifname, ifname) == 0) { 915 grade = MAC_BIBA_TYPE_HIGH; 916 break; 917 } 918 } 919 if (*p == '\0') 920 break; 921 q = p + 1; 922 } 923 } 924set: 925 mac_biba_set_single(dest, grade, 0); 926 mac_biba_set_range(dest, grade, 0, grade, 0); 927} 928 929static void 930mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 931 struct ipq *ipq, struct label *ipqlabel) 932{ 933 struct mac_biba *source, *dest; 934 935 source = SLOT(fragmentlabel); 936 dest = SLOT(ipqlabel); 937 938 mac_biba_copy_single(source, dest); 939} 940 941static void 942mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 943 struct mbuf *datagram, struct label *datagramlabel) 944{ 945 struct mac_biba *source, *dest; 946 947 source = SLOT(ipqlabel); 948 dest = SLOT(datagramlabel); 949 950 /* Just use the head, since we require them all to match. */ 951 mac_biba_copy_single(source, dest); 952} 953 954static void 955mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 956 struct mbuf *fragment, struct label *fragmentlabel) 957{ 958 struct mac_biba *source, *dest; 959 960 source = SLOT(datagramlabel); 961 dest = SLOT(fragmentlabel); 962 963 mac_biba_copy_single(source, dest); 964} 965 966static void 967mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 968 struct label *oldmbuflabel, struct mbuf *newmbuf, 969 struct label *newmbuflabel) 970{ 971 struct mac_biba *source, *dest; 972 973 source = SLOT(oldmbuflabel); 974 dest = SLOT(newmbuflabel); 975 976 mac_biba_copy_single(source, dest); 977} 978 979static void 980mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 981 struct mbuf *mbuf, struct label *mbuflabel) 982{ 983 struct mac_biba *dest; 984 985 dest = SLOT(mbuflabel); 986 987 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 988} 989 990static void 991mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 992 struct mbuf *mbuf, struct label *mbuflabel) 993{ 994 struct mac_biba *source, *dest; 995 996 source = SLOT(bpflabel); 997 dest = SLOT(mbuflabel); 998 999 mac_biba_copy_single(source, dest); 1000} 1001 1002static void 1003mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1004 struct mbuf *m, struct label *mbuflabel) 1005{ 1006 struct mac_biba *source, *dest; 1007 1008 source = SLOT(ifnetlabel); 1009 dest = SLOT(mbuflabel); 1010 1011 mac_biba_copy_single(source, dest); 1012} 1013 1014static void 1015mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1016 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1017 struct mbuf *newmbuf, struct label *newmbuflabel) 1018{ 1019 struct mac_biba *source, *dest; 1020 1021 source = SLOT(oldmbuflabel); 1022 dest = SLOT(newmbuflabel); 1023 1024 mac_biba_copy_single(source, dest); 1025} 1026 1027static void 1028mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1029 struct mbuf *newmbuf, struct label *newmbuflabel) 1030{ 1031 struct mac_biba *source, *dest; 1032 1033 source = SLOT(oldmbuflabel); 1034 dest = SLOT(newmbuflabel); 1035 1036 mac_biba_copy_single(source, dest); 1037} 1038 1039static int 1040mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1041 struct ipq *ipq, struct label *ipqlabel) 1042{ 1043 struct mac_biba *a, *b; 1044 1045 a = SLOT(ipqlabel); 1046 b = SLOT(fragmentlabel); 1047 1048 return (mac_biba_equal_single(a, b)); 1049} 1050 1051static void 1052mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1053 struct label *ifnetlabel, struct label *newlabel) 1054{ 1055 struct mac_biba *source, *dest; 1056 1057 source = SLOT(newlabel); 1058 dest = SLOT(ifnetlabel); 1059 1060 mac_biba_copy_single(source, dest); 1061 mac_biba_copy_range(source, dest); 1062} 1063 1064static void 1065mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1066 struct ipq *ipq, struct label *ipqlabel) 1067{ 1068 1069 /* NOOP: we only accept matching labels, so no need to update */ 1070} 1071 1072/* 1073 * Labeling event operations: processes. 1074 */ 1075static void 1076mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1077{ 1078 struct mac_biba *source, *dest; 1079 1080 source = SLOT(&cred_parent->cr_label); 1081 dest = SLOT(&cred_child->cr_label); 1082 1083 mac_biba_copy_single(source, dest); 1084 mac_biba_copy_range(source, dest); 1085} 1086 1087static void 1088mac_biba_execve_transition(struct ucred *old, struct ucred *new, 1089 struct vnode *vp, struct mac *vnodelabel) 1090{ 1091 struct mac_biba *source, *dest; 1092 1093 source = SLOT(&old->cr_label); 1094 dest = SLOT(&new->cr_label); 1095 1096 mac_biba_copy_single(source, dest); 1097 mac_biba_copy_range(source, dest); 1098} 1099 1100static int 1101mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1102 struct mac *vnodelabel) 1103{ 1104 1105 return (0); 1106} 1107 1108static void 1109mac_biba_create_proc0(struct ucred *cred) 1110{ 1111 struct mac_biba *dest; 1112 1113 dest = SLOT(&cred->cr_label); 1114 1115 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1116 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1117} 1118 1119static void 1120mac_biba_create_proc1(struct ucred *cred) 1121{ 1122 struct mac_biba *dest; 1123 1124 dest = SLOT(&cred->cr_label); 1125 1126 mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); 1127 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1128} 1129 1130static void 1131mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1132{ 1133 struct mac_biba *source, *dest; 1134 1135 source = SLOT(newlabel); 1136 dest = SLOT(&cred->cr_label); 1137 1138 mac_biba_copy_single(source, dest); 1139 mac_biba_copy_range(source, dest); 1140} 1141 1142/* 1143 * Access control checks. 1144 */ 1145static int 1146mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1147 struct ifnet *ifnet, struct label *ifnetlabel) 1148{ 1149 struct mac_biba *a, *b; 1150 1151 if (!mac_biba_enabled) 1152 return (0); 1153 1154 a = SLOT(bpflabel); 1155 b = SLOT(ifnetlabel); 1156 1157 if (mac_biba_equal_single(a, b)) 1158 return (0); 1159 return (EACCES); 1160} 1161 1162static int 1163mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1164{ 1165 struct mac_biba *subj, *new; 1166 1167 subj = SLOT(&cred->cr_label); 1168 new = SLOT(newlabel); 1169 1170 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1171 return (EINVAL); 1172 1173 /* 1174 * XXX: Allow processes with root privilege to set labels outside 1175 * their range, so suid things like "su" work. This WILL go away 1176 * when we figure out the 'correct' solution... 1177 */ 1178 if (!suser_cred(cred, 0)) 1179 return (0); 1180 1181 /* 1182 * The new single must be in the old range. 1183 */ 1184 if (!mac_biba_single_in_range(new, subj)) 1185 return (EPERM); 1186 1187 /* 1188 * The new range must be in the old range. 1189 */ 1190 if (!mac_biba_range_in_range(new, subj)) 1191 return (EPERM); 1192 1193 /* 1194 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1195 */ 1196 1197 return (0); 1198} 1199 1200static int 1201mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1202{ 1203 struct mac_biba *subj, *obj; 1204 1205 if (!mac_biba_enabled) 1206 return (0); 1207 1208 subj = SLOT(&u1->cr_label); 1209 obj = SLOT(&u2->cr_label); 1210 1211 /* XXX: range */ 1212 if (!mac_biba_dominate_single(obj, subj)) 1213 return (ESRCH); 1214 1215 return (0); 1216} 1217 1218static int 1219mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1220 struct label *ifnetlabel, struct label *newlabel) 1221{ 1222 struct mac_biba *subj, *new; 1223 1224 subj = SLOT(&cred->cr_label); 1225 new = SLOT(newlabel); 1226 1227 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1228 return (EINVAL); 1229 1230 return (suser_cred(cred, 0)); 1231} 1232 1233static int 1234mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1235 struct mbuf *m, struct label *mbuflabel) 1236{ 1237 struct mac_biba *p, *i; 1238 1239 if (!mac_biba_enabled) 1240 return (0); 1241 1242 p = SLOT(mbuflabel); 1243 i = SLOT(ifnetlabel); 1244 1245 return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1246} 1247 1248static int 1249mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1250 struct label *mntlabel) 1251{ 1252 struct mac_biba *subj, *obj; 1253 1254 if (!mac_biba_enabled) 1255 return (0); 1256 1257 subj = SLOT(&cred->cr_label); 1258 obj = SLOT(mntlabel); 1259 1260 if (!mac_biba_dominate_single(obj, subj)) 1261 return (EACCES); 1262 1263 return (0); 1264} 1265 1266static int 1267mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1268 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1269{ 1270 1271 if(!mac_biba_enabled) 1272 return (0); 1273 1274 /* XXX: This will be implemented soon... */ 1275 1276 return (0); 1277} 1278 1279static int 1280mac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1281 struct label *pipelabel) 1282{ 1283 struct mac_biba *subj, *obj; 1284 1285 if (!mac_biba_enabled) 1286 return (0); 1287 1288 subj = SLOT(&cred->cr_label); 1289 obj = SLOT((pipelabel)); 1290 1291 if (!mac_biba_dominate_single(obj, subj)) 1292 return (EACCES); 1293 1294 return (0); 1295} 1296 1297static int 1298mac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1299 struct label *pipelabel) 1300{ 1301 struct mac_biba *subj, *obj; 1302 1303 if (!mac_biba_enabled) 1304 return (0); 1305 1306 subj = SLOT(&cred->cr_label); 1307 obj = SLOT((pipelabel)); 1308 1309 if (!mac_biba_dominate_single(obj, subj)) 1310 return (EACCES); 1311 1312 return (0); 1313} 1314 1315static int 1316mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1317 struct label *pipelabel, struct label *newlabel) 1318{ 1319 struct mac_biba *subj, *obj, *new; 1320 1321 new = SLOT(newlabel); 1322 subj = SLOT(&cred->cr_label); 1323 obj = SLOT(pipelabel); 1324 1325 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1326 return (EINVAL); 1327 1328 /* 1329 * To relabel a pipe, the old pipe label must be in the subject 1330 * range. 1331 */ 1332 if (!mac_biba_single_in_range(obj, subj)) 1333 return (EPERM); 1334 1335 /* 1336 * To relabel a pipe, the new pipe label must be in the subject 1337 * range. 1338 */ 1339 if (!mac_biba_single_in_range(new, subj)) 1340 return (EPERM); 1341 1342 /* 1343 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1344 */ 1345 1346 return (0); 1347} 1348 1349static int 1350mac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1351 struct label *pipelabel) 1352{ 1353 struct mac_biba *subj, *obj; 1354 1355 if (!mac_biba_enabled) 1356 return (0); 1357 1358 subj = SLOT(&cred->cr_label); 1359 obj = SLOT((pipelabel)); 1360 1361 if (!mac_biba_dominate_single(obj, subj)) 1362 return (EACCES); 1363 1364 return (0); 1365} 1366 1367static int 1368mac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1369 struct label *pipelabel) 1370{ 1371 struct mac_biba *subj, *obj; 1372 1373 if (!mac_biba_enabled) 1374 return (0); 1375 1376 subj = SLOT(&cred->cr_label); 1377 obj = SLOT((pipelabel)); 1378 1379 if (!mac_biba_dominate_single(subj, obj)) 1380 return (EACCES); 1381 1382 return (0); 1383} 1384 1385static int 1386mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1387{ 1388 struct mac_biba *subj, *obj; 1389 1390 if (!mac_biba_enabled) 1391 return (0); 1392 1393 subj = SLOT(&cred->cr_label); 1394 obj = SLOT(&proc->p_ucred->cr_label); 1395 1396 /* XXX: range checks */ 1397 if (!mac_biba_dominate_single(obj, subj)) 1398 return (ESRCH); 1399 if (!mac_biba_dominate_single(subj, obj)) 1400 return (EACCES); 1401 1402 return (0); 1403} 1404 1405static int 1406mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1407{ 1408 struct mac_biba *subj, *obj; 1409 1410 if (!mac_biba_enabled) 1411 return (0); 1412 1413 subj = SLOT(&cred->cr_label); 1414 obj = SLOT(&proc->p_ucred->cr_label); 1415 1416 /* XXX: range checks */ 1417 if (!mac_biba_dominate_single(obj, subj)) 1418 return (ESRCH); 1419 if (!mac_biba_dominate_single(subj, obj)) 1420 return (EACCES); 1421 1422 return (0); 1423} 1424 1425static int 1426mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1427{ 1428 struct mac_biba *subj, *obj; 1429 1430 if (!mac_biba_enabled) 1431 return (0); 1432 1433 subj = SLOT(&cred->cr_label); 1434 obj = SLOT(&proc->p_ucred->cr_label); 1435 1436 /* XXX: range checks */ 1437 if (!mac_biba_dominate_single(obj, subj)) 1438 return (ESRCH); 1439 if (!mac_biba_dominate_single(subj, obj)) 1440 return (EACCES); 1441 1442 return (0); 1443} 1444 1445static int 1446mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1447 struct mbuf *m, struct label *mbuflabel) 1448{ 1449 struct mac_biba *p, *s; 1450 1451 if (!mac_biba_enabled) 1452 return (0); 1453 1454 p = SLOT(mbuflabel); 1455 s = SLOT(socketlabel); 1456 1457 return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1458} 1459 1460static int 1461mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, 1462 struct label *socketlabel, struct label *newlabel) 1463{ 1464 struct mac_biba *subj, *obj, *new; 1465 1466 new = SLOT(newlabel); 1467 subj = SLOT(&cred->cr_label); 1468 obj = SLOT(socketlabel); 1469 1470 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1471 return (EINVAL); 1472 1473 /* 1474 * To relabel a socket, the old socket label must be in the subject 1475 * range. 1476 */ 1477 if (!mac_biba_single_in_range(obj, subj)) 1478 return (EPERM); 1479 1480 /* 1481 * To relabel a socket, the new socket label must be in the subject 1482 * range. 1483 */ 1484 if (!mac_biba_single_in_range(new, subj)) 1485 return (EPERM); 1486 1487 /* 1488 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1489 */ 1490 1491 return (0); 1492} 1493 1494static int 1495mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1496 struct label *socketlabel) 1497{ 1498 struct mac_biba *subj, *obj; 1499 1500 subj = SLOT(&cred->cr_label); 1501 obj = SLOT(socketlabel); 1502 1503 if (!mac_biba_dominate_single(obj, subj)) 1504 return (ENOENT); 1505 1506 return (0); 1507} 1508 1509static int 1510mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp, 1511 struct label *label, mode_t flags) 1512{ 1513 1514 return (mac_biba_check_vnode_open(cred, vp, label, flags)); 1515} 1516 1517static int 1518mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1519 struct label *dlabel) 1520{ 1521 struct mac_biba *subj, *obj; 1522 1523 if (!mac_biba_enabled) 1524 return (0); 1525 1526 subj = SLOT(&cred->cr_label); 1527 obj = SLOT(dlabel); 1528 1529 if (!mac_biba_dominate_single(obj, subj)) 1530 return (EACCES); 1531 1532 return (0); 1533} 1534 1535static int 1536mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1537 struct label *dlabel) 1538{ 1539 struct mac_biba *subj, *obj; 1540 1541 if (!mac_biba_enabled) 1542 return (0); 1543 1544 subj = SLOT(&cred->cr_label); 1545 obj = SLOT(dlabel); 1546 1547 if (!mac_biba_dominate_single(obj, subj)) 1548 return (EACCES); 1549 1550 return (0); 1551} 1552 1553static int 1554mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1555 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1556{ 1557 struct mac_biba *subj, *obj; 1558 1559 if (!mac_biba_enabled) 1560 return (0); 1561 1562 subj = SLOT(&cred->cr_label); 1563 obj = SLOT(dlabel); 1564 1565 if (!mac_biba_dominate_single(subj, obj)) 1566 return (EACCES); 1567 1568 return (0); 1569} 1570 1571static int 1572mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1573 struct label *dlabel, struct vnode *vp, struct label *label, 1574 struct componentname *cnp) 1575{ 1576 struct mac_biba *subj, *obj; 1577 1578 if (!mac_biba_enabled) 1579 return (0); 1580 1581 subj = SLOT(&cred->cr_label); 1582 obj = SLOT(dlabel); 1583 1584 if (!mac_biba_dominate_single(subj, obj)) 1585 return (EACCES); 1586 1587 obj = SLOT(label); 1588 1589 if (!mac_biba_dominate_single(subj, obj)) 1590 return (EACCES); 1591 1592 return (0); 1593} 1594 1595static int 1596mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1597 struct label *label, acl_type_t type) 1598{ 1599 struct mac_biba *subj, *obj; 1600 1601 if (!mac_biba_enabled) 1602 return (0); 1603 1604 subj = SLOT(&cred->cr_label); 1605 obj = SLOT(label); 1606 1607 if (!mac_biba_dominate_single(subj, obj)) 1608 return (EACCES); 1609 1610 return (0); 1611} 1612 1613static int 1614mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1615 struct label *label) 1616{ 1617 struct mac_biba *subj, *obj; 1618 1619 if (!mac_biba_enabled) 1620 return (0); 1621 1622 subj = SLOT(&cred->cr_label); 1623 obj = SLOT(label); 1624 1625 if (!mac_biba_dominate_single(obj, subj)) 1626 return (EACCES); 1627 1628 return (0); 1629} 1630 1631static int 1632mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1633 struct label *label, acl_type_t type) 1634{ 1635 struct mac_biba *subj, *obj; 1636 1637 if (!mac_biba_enabled) 1638 return (0); 1639 1640 subj = SLOT(&cred->cr_label); 1641 obj = SLOT(label); 1642 1643 if (!mac_biba_dominate_single(obj, subj)) 1644 return (EACCES); 1645 1646 return (0); 1647} 1648 1649static int 1650mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1651 struct label *label, int attrnamespace, const char *name, struct uio *uio) 1652{ 1653 struct mac_biba *subj, *obj; 1654 1655 if (!mac_biba_enabled) 1656 return (0); 1657 1658 subj = SLOT(&cred->cr_label); 1659 obj = SLOT(label); 1660 1661 if (!mac_biba_dominate_single(obj, subj)) 1662 return (EACCES); 1663 1664 return (0); 1665} 1666 1667static int 1668mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1669 struct label *dlabel, struct componentname *cnp) 1670{ 1671 struct mac_biba *subj, *obj; 1672 1673 if (!mac_biba_enabled) 1674 return (0); 1675 1676 subj = SLOT(&cred->cr_label); 1677 obj = SLOT(dlabel); 1678 1679 if (!mac_biba_dominate_single(obj, subj)) 1680 return (EACCES); 1681 1682 return (0); 1683} 1684 1685static int 1686mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 1687 struct label *vnodelabel, mode_t acc_mode) 1688{ 1689 struct mac_biba *subj, *obj; 1690 1691 if (!mac_biba_enabled) 1692 return (0); 1693 1694 subj = SLOT(&cred->cr_label); 1695 obj = SLOT(vnodelabel); 1696 1697 /* XXX privilege override for admin? */ 1698 if (acc_mode & (VREAD | VEXEC | VSTAT)) { 1699 if (!mac_biba_dominate_single(obj, subj)) 1700 return (EACCES); 1701 } 1702 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 1703 if (!mac_biba_dominate_single(subj, obj)) 1704 return (EACCES); 1705 } 1706 1707 return (0); 1708} 1709 1710static int 1711mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1712 struct vnode *vp, struct label *label) 1713{ 1714 struct mac_biba *subj, *obj; 1715 1716 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1717 return (0); 1718 1719 subj = SLOT(&active_cred->cr_label); 1720 obj = SLOT(label); 1721 1722 if (!mac_biba_dominate_single(obj, subj)) 1723 return (EACCES); 1724 1725 return (0); 1726} 1727 1728static int 1729mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1730 struct vnode *vp, struct label *label) 1731{ 1732 struct mac_biba *subj, *obj; 1733 1734 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1735 return (0); 1736 1737 subj = SLOT(&active_cred->cr_label); 1738 obj = SLOT(label); 1739 1740 if (!mac_biba_dominate_single(obj, subj)) 1741 return (EACCES); 1742 1743 return (0); 1744} 1745 1746static int 1747mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 1748 struct label *dlabel) 1749{ 1750 struct mac_biba *subj, *obj; 1751 1752 if (!mac_biba_enabled) 1753 return (0); 1754 1755 subj = SLOT(&cred->cr_label); 1756 obj = SLOT(dlabel); 1757 1758 if (!mac_biba_dominate_single(obj, subj)) 1759 return (EACCES); 1760 1761 return (0); 1762} 1763 1764static int 1765mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1766 struct label *label) 1767{ 1768 struct mac_biba *subj, *obj; 1769 1770 if (!mac_biba_enabled) 1771 return (0); 1772 1773 subj = SLOT(&cred->cr_label); 1774 obj = SLOT(label); 1775 1776 if (!mac_biba_dominate_single(obj, subj)) 1777 return (EACCES); 1778 1779 return (0); 1780} 1781 1782static int 1783mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1784 struct label *vnodelabel, struct label *newlabel) 1785{ 1786 struct mac_biba *old, *new, *subj; 1787 1788 old = SLOT(vnodelabel); 1789 new = SLOT(newlabel); 1790 subj = SLOT(&cred->cr_label); 1791 1792 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1793 return (EINVAL); 1794 1795 /* 1796 * To relabel a vnode, the old vnode label must be in the subject 1797 * range. 1798 */ 1799 if (!mac_biba_single_in_range(old, subj)) 1800 return (EPERM); 1801 1802 /* 1803 * To relabel a vnode, the new vnode label must be in the subject 1804 * range. 1805 */ 1806 if (!mac_biba_single_in_range(new, subj)) 1807 return (EPERM); 1808 1809 /* 1810 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1811 */ 1812 1813 return (suser_cred(cred, 0)); 1814} 1815 1816static int 1817mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1818 struct label *dlabel, struct vnode *vp, struct label *label, 1819 struct componentname *cnp) 1820{ 1821 struct mac_biba *subj, *obj; 1822 1823 if (!mac_biba_enabled) 1824 return (0); 1825 1826 subj = SLOT(&cred->cr_label); 1827 obj = SLOT(dlabel); 1828 1829 if (!mac_biba_dominate_single(subj, obj)) 1830 return (EACCES); 1831 1832 obj = SLOT(label); 1833 1834 if (!mac_biba_dominate_single(subj, obj)) 1835 return (EACCES); 1836 1837 return (0); 1838} 1839 1840static int 1841mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1842 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1843 struct componentname *cnp) 1844{ 1845 struct mac_biba *subj, *obj; 1846 1847 if (!mac_biba_enabled) 1848 return (0); 1849 1850 subj = SLOT(&cred->cr_label); 1851 obj = SLOT(dlabel); 1852 1853 if (!mac_biba_dominate_single(subj, obj)) 1854 return (EACCES); 1855 1856 if (vp != NULL) { 1857 obj = SLOT(label); 1858 1859 if (!mac_biba_dominate_single(subj, obj)) 1860 return (EACCES); 1861 } 1862 1863 return (0); 1864} 1865 1866static int 1867mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1868 struct label *label) 1869{ 1870 struct mac_biba *subj, *obj; 1871 1872 if (!mac_biba_enabled) 1873 return (0); 1874 1875 subj = SLOT(&cred->cr_label); 1876 obj = SLOT(label); 1877 1878 if (!mac_biba_dominate_single(subj, obj)) 1879 return (EACCES); 1880 1881 return (0); 1882} 1883 1884static int 1885mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1886 struct label *label, acl_type_t type, struct acl *acl) 1887{ 1888 struct mac_biba *subj, *obj; 1889 1890 if (!mac_biba_enabled) 1891 return (0); 1892 1893 subj = SLOT(&cred->cr_label); 1894 obj = SLOT(label); 1895 1896 if (!mac_biba_dominate_single(subj, obj)) 1897 return (EACCES); 1898 1899 return (0); 1900} 1901 1902static int 1903mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1904 struct label *vnodelabel, int attrnamespace, const char *name, 1905 struct uio *uio) 1906{ 1907 struct mac_biba *subj, *obj; 1908 1909 if (!mac_biba_enabled) 1910 return (0); 1911 1912 subj = SLOT(&cred->cr_label); 1913 obj = SLOT(vnodelabel); 1914 1915 if (!mac_biba_dominate_single(subj, obj)) 1916 return (EACCES); 1917 1918 /* XXX: protect the MAC EA in a special way? */ 1919 1920 return (0); 1921} 1922 1923static int 1924mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1925 struct label *vnodelabel, u_long flags) 1926{ 1927 struct mac_biba *subj, *obj; 1928 1929 if (!mac_biba_enabled) 1930 return (0); 1931 1932 subj = SLOT(&cred->cr_label); 1933 obj = SLOT(vnodelabel); 1934 1935 if (!mac_biba_dominate_single(subj, obj)) 1936 return (EACCES); 1937 1938 return (0); 1939} 1940 1941static int 1942mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1943 struct label *vnodelabel, mode_t mode) 1944{ 1945 struct mac_biba *subj, *obj; 1946 1947 if (!mac_biba_enabled) 1948 return (0); 1949 1950 subj = SLOT(&cred->cr_label); 1951 obj = SLOT(vnodelabel); 1952 1953 if (!mac_biba_dominate_single(subj, obj)) 1954 return (EACCES); 1955 1956 return (0); 1957} 1958 1959static int 1960mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1961 struct label *vnodelabel, uid_t uid, gid_t gid) 1962{ 1963 struct mac_biba *subj, *obj; 1964 1965 if (!mac_biba_enabled) 1966 return (0); 1967 1968 subj = SLOT(&cred->cr_label); 1969 obj = SLOT(vnodelabel); 1970 1971 if (!mac_biba_dominate_single(subj, obj)) 1972 return (EACCES); 1973 1974 return (0); 1975} 1976 1977static int 1978mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1979 struct label *vnodelabel, struct timespec atime, struct timespec mtime) 1980{ 1981 struct mac_biba *subj, *obj; 1982 1983 if (!mac_biba_enabled) 1984 return (0); 1985 1986 subj = SLOT(&cred->cr_label); 1987 obj = SLOT(vnodelabel); 1988 1989 if (!mac_biba_dominate_single(subj, obj)) 1990 return (EACCES); 1991 1992 return (0); 1993} 1994 1995static int 1996mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1997 struct vnode *vp, struct label *vnodelabel) 1998{ 1999 struct mac_biba *subj, *obj; 2000 2001 if (!mac_biba_enabled) 2002 return (0); 2003 2004 subj = SLOT(&active_cred->cr_label); 2005 obj = SLOT(vnodelabel); 2006 2007 if (!mac_biba_dominate_single(obj, subj)) 2008 return (EACCES); 2009 2010 return (0); 2011} 2012 2013static int 2014mac_biba_check_vnode_write(struct ucred *active_cred, 2015 struct ucred *file_cred, struct vnode *vp, struct label *label) 2016{ 2017 struct mac_biba *subj, *obj; 2018 2019 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2020 return (0); 2021 2022 subj = SLOT(&active_cred->cr_label); 2023 obj = SLOT(label); 2024 2025 if (!mac_biba_dominate_single(subj, obj)) 2026 return (EACCES); 2027 2028 return (0); 2029} 2030 2031static vm_prot_t 2032mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, 2033 struct label *label, int newmapping) 2034{ 2035 struct mac_biba *subj, *obj; 2036 vm_prot_t prot = 0; 2037 2038 if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) 2039 return (VM_PROT_ALL); 2040 2041 subj = SLOT(&cred->cr_label); 2042 obj = SLOT(label); 2043 2044 if (mac_biba_dominate_single(obj, subj)) 2045 prot |= VM_PROT_READ | VM_PROT_EXECUTE; 2046 if (mac_biba_dominate_single(subj, obj)) 2047 prot |= VM_PROT_WRITE; 2048 return (prot); 2049} 2050 2051static struct mac_policy_op_entry mac_biba_ops[] = 2052{ 2053 { MAC_DESTROY, 2054 (macop_t)mac_biba_destroy }, 2055 { MAC_INIT, 2056 (macop_t)mac_biba_init }, 2057 { MAC_INIT_BPFDESC, 2058 (macop_t)mac_biba_init_bpfdesc }, 2059 { MAC_INIT_CRED, 2060 (macop_t)mac_biba_init_cred }, 2061 { MAC_INIT_DEVFSDIRENT, 2062 (macop_t)mac_biba_init_devfsdirent }, 2063 { MAC_INIT_IFNET, 2064 (macop_t)mac_biba_init_ifnet }, 2065 { MAC_INIT_IPQ, 2066 (macop_t)mac_biba_init_ipq }, 2067 { MAC_INIT_MBUF, 2068 (macop_t)mac_biba_init_mbuf }, 2069 { MAC_INIT_MOUNT, 2070 (macop_t)mac_biba_init_mount }, 2071 { MAC_INIT_PIPE, 2072 (macop_t)mac_biba_init_pipe }, 2073 { MAC_INIT_SOCKET, 2074 (macop_t)mac_biba_init_socket }, 2075 { MAC_INIT_TEMP, 2076 (macop_t)mac_biba_init_temp }, 2077 { MAC_INIT_VNODE, 2078 (macop_t)mac_biba_init_vnode }, 2079 { MAC_DESTROY_BPFDESC, 2080 (macop_t)mac_biba_destroy_bpfdesc }, 2081 { MAC_DESTROY_CRED, 2082 (macop_t)mac_biba_destroy_cred }, 2083 { MAC_DESTROY_DEVFSDIRENT, 2084 (macop_t)mac_biba_destroy_devfsdirent }, 2085 { MAC_DESTROY_IFNET, 2086 (macop_t)mac_biba_destroy_ifnet }, 2087 { MAC_DESTROY_IPQ, 2088 (macop_t)mac_biba_destroy_ipq }, 2089 { MAC_DESTROY_MBUF, 2090 (macop_t)mac_biba_destroy_mbuf }, 2091 { MAC_DESTROY_MOUNT, 2092 (macop_t)mac_biba_destroy_mount }, 2093 { MAC_DESTROY_PIPE, 2094 (macop_t)mac_biba_destroy_pipe }, 2095 { MAC_DESTROY_SOCKET, 2096 (macop_t)mac_biba_destroy_socket }, 2097 { MAC_DESTROY_TEMP, 2098 (macop_t)mac_biba_destroy_temp }, 2099 { MAC_DESTROY_VNODE, 2100 (macop_t)mac_biba_destroy_vnode }, 2101 { MAC_EXTERNALIZE, 2102 (macop_t)mac_biba_externalize }, 2103 { MAC_INTERNALIZE, 2104 (macop_t)mac_biba_internalize }, 2105 { MAC_CREATE_DEVFS_DEVICE, 2106 (macop_t)mac_biba_create_devfs_device }, 2107 { MAC_CREATE_DEVFS_DIRECTORY, 2108 (macop_t)mac_biba_create_devfs_directory }, 2109 { MAC_CREATE_DEVFS_VNODE, 2110 (macop_t)mac_biba_create_devfs_vnode }, 2111 { MAC_CREATE_VNODE, 2112 (macop_t)mac_biba_create_vnode }, 2113 { MAC_CREATE_MOUNT, 2114 (macop_t)mac_biba_create_mount }, 2115 { MAC_CREATE_ROOT_MOUNT, 2116 (macop_t)mac_biba_create_root_mount }, 2117 { MAC_RELABEL_VNODE, 2118 (macop_t)mac_biba_relabel_vnode }, 2119 { MAC_UPDATE_DEVFSDIRENT, 2120 (macop_t)mac_biba_update_devfsdirent }, 2121 { MAC_UPDATE_PROCFSVNODE, 2122 (macop_t)mac_biba_update_procfsvnode }, 2123 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 2124 (macop_t)mac_biba_update_vnode_from_externalized }, 2125 { MAC_UPDATE_VNODE_FROM_MOUNT, 2126 (macop_t)mac_biba_update_vnode_from_mount }, 2127 { MAC_CREATE_MBUF_FROM_SOCKET, 2128 (macop_t)mac_biba_create_mbuf_from_socket }, 2129 { MAC_CREATE_PIPE, 2130 (macop_t)mac_biba_create_pipe }, 2131 { MAC_CREATE_SOCKET, 2132 (macop_t)mac_biba_create_socket }, 2133 { MAC_CREATE_SOCKET_FROM_SOCKET, 2134 (macop_t)mac_biba_create_socket_from_socket }, 2135 { MAC_RELABEL_PIPE, 2136 (macop_t)mac_biba_relabel_pipe }, 2137 { MAC_RELABEL_SOCKET, 2138 (macop_t)mac_biba_relabel_socket }, 2139 { MAC_SET_SOCKET_PEER_FROM_MBUF, 2140 (macop_t)mac_biba_set_socket_peer_from_mbuf }, 2141 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 2142 (macop_t)mac_biba_set_socket_peer_from_socket }, 2143 { MAC_CREATE_BPFDESC, 2144 (macop_t)mac_biba_create_bpfdesc }, 2145 { MAC_CREATE_DATAGRAM_FROM_IPQ, 2146 (macop_t)mac_biba_create_datagram_from_ipq }, 2147 { MAC_CREATE_FRAGMENT, 2148 (macop_t)mac_biba_create_fragment }, 2149 { MAC_CREATE_IFNET, 2150 (macop_t)mac_biba_create_ifnet }, 2151 { MAC_CREATE_IPQ, 2152 (macop_t)mac_biba_create_ipq }, 2153 { MAC_CREATE_MBUF_FROM_MBUF, 2154 (macop_t)mac_biba_create_mbuf_from_mbuf }, 2155 { MAC_CREATE_MBUF_LINKLAYER, 2156 (macop_t)mac_biba_create_mbuf_linklayer }, 2157 { MAC_CREATE_MBUF_FROM_BPFDESC, 2158 (macop_t)mac_biba_create_mbuf_from_bpfdesc }, 2159 { MAC_CREATE_MBUF_FROM_IFNET, 2160 (macop_t)mac_biba_create_mbuf_from_ifnet }, 2161 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 2162 (macop_t)mac_biba_create_mbuf_multicast_encap }, 2163 { MAC_CREATE_MBUF_NETLAYER, 2164 (macop_t)mac_biba_create_mbuf_netlayer }, 2165 { MAC_FRAGMENT_MATCH, 2166 (macop_t)mac_biba_fragment_match }, 2167 { MAC_RELABEL_IFNET, 2168 (macop_t)mac_biba_relabel_ifnet }, 2169 { MAC_UPDATE_IPQ, 2170 (macop_t)mac_biba_update_ipq }, 2171 { MAC_CREATE_CRED, 2172 (macop_t)mac_biba_create_cred }, 2173 { MAC_EXECVE_TRANSITION, 2174 (macop_t)mac_biba_execve_transition }, 2175 { MAC_EXECVE_WILL_TRANSITION, 2176 (macop_t)mac_biba_execve_will_transition }, 2177 { MAC_CREATE_PROC0, 2178 (macop_t)mac_biba_create_proc0 }, 2179 { MAC_CREATE_PROC1, 2180 (macop_t)mac_biba_create_proc1 }, 2181 { MAC_RELABEL_CRED, 2182 (macop_t)mac_biba_relabel_cred }, 2183 { MAC_CHECK_BPFDESC_RECEIVE, 2184 (macop_t)mac_biba_check_bpfdesc_receive }, 2185 { MAC_CHECK_CRED_RELABEL, 2186 (macop_t)mac_biba_check_cred_relabel }, 2187 { MAC_CHECK_CRED_VISIBLE, 2188 (macop_t)mac_biba_check_cred_visible }, 2189 { MAC_CHECK_IFNET_RELABEL, 2190 (macop_t)mac_biba_check_ifnet_relabel }, 2191 { MAC_CHECK_IFNET_TRANSMIT, 2192 (macop_t)mac_biba_check_ifnet_transmit }, 2193 { MAC_CHECK_MOUNT_STAT, 2194 (macop_t)mac_biba_check_mount_stat }, 2195 { MAC_CHECK_PIPE_IOCTL, 2196 (macop_t)mac_biba_check_pipe_ioctl }, 2197 { MAC_CHECK_PIPE_POLL, 2198 (macop_t)mac_biba_check_pipe_poll }, 2199 { MAC_CHECK_PIPE_READ, 2200 (macop_t)mac_biba_check_pipe_read }, 2201 { MAC_CHECK_PIPE_RELABEL, 2202 (macop_t)mac_biba_check_pipe_relabel }, 2203 { MAC_CHECK_PIPE_STAT, 2204 (macop_t)mac_biba_check_pipe_stat }, 2205 { MAC_CHECK_PIPE_WRITE, 2206 (macop_t)mac_biba_check_pipe_write }, 2207 { MAC_CHECK_PROC_DEBUG, 2208 (macop_t)mac_biba_check_proc_debug }, 2209 { MAC_CHECK_PROC_SCHED, 2210 (macop_t)mac_biba_check_proc_sched }, 2211 { MAC_CHECK_PROC_SIGNAL, 2212 (macop_t)mac_biba_check_proc_signal }, 2213 { MAC_CHECK_SOCKET_DELIVER, 2214 (macop_t)mac_biba_check_socket_deliver }, 2215 { MAC_CHECK_SOCKET_RELABEL, 2216 (macop_t)mac_biba_check_socket_relabel }, 2217 { MAC_CHECK_SOCKET_VISIBLE, 2218 (macop_t)mac_biba_check_socket_visible }, 2219 { MAC_CHECK_VNODE_ACCESS, 2220 (macop_t)mac_biba_check_vnode_access }, 2221 { MAC_CHECK_VNODE_CHDIR, 2222 (macop_t)mac_biba_check_vnode_chdir }, 2223 { MAC_CHECK_VNODE_CHROOT, 2224 (macop_t)mac_biba_check_vnode_chroot }, 2225 { MAC_CHECK_VNODE_CREATE, 2226 (macop_t)mac_biba_check_vnode_create }, 2227 { MAC_CHECK_VNODE_DELETE, 2228 (macop_t)mac_biba_check_vnode_delete }, 2229 { MAC_CHECK_VNODE_DELETEACL, 2230 (macop_t)mac_biba_check_vnode_deleteacl }, 2231 { MAC_CHECK_VNODE_EXEC, 2232 (macop_t)mac_biba_check_vnode_exec }, 2233 { MAC_CHECK_VNODE_GETACL, 2234 (macop_t)mac_biba_check_vnode_getacl }, 2235 { MAC_CHECK_VNODE_GETEXTATTR, 2236 (macop_t)mac_biba_check_vnode_getextattr }, 2237 { MAC_CHECK_VNODE_LOOKUP, 2238 (macop_t)mac_biba_check_vnode_lookup }, 2239 { MAC_CHECK_VNODE_OPEN, 2240 (macop_t)mac_biba_check_vnode_open }, 2241 { MAC_CHECK_VNODE_POLL, 2242 (macop_t)mac_biba_check_vnode_poll }, 2243 { MAC_CHECK_VNODE_READ, 2244 (macop_t)mac_biba_check_vnode_read }, 2245 { MAC_CHECK_VNODE_READDIR, 2246 (macop_t)mac_biba_check_vnode_readdir }, 2247 { MAC_CHECK_VNODE_READLINK, 2248 (macop_t)mac_biba_check_vnode_readlink }, 2249 { MAC_CHECK_VNODE_RELABEL, 2250 (macop_t)mac_biba_check_vnode_relabel }, 2251 { MAC_CHECK_VNODE_RENAME_FROM, 2252 (macop_t)mac_biba_check_vnode_rename_from }, 2253 { MAC_CHECK_VNODE_RENAME_TO, 2254 (macop_t)mac_biba_check_vnode_rename_to }, 2255 { MAC_CHECK_VNODE_REVOKE, 2256 (macop_t)mac_biba_check_vnode_revoke }, 2257 { MAC_CHECK_VNODE_SETACL, 2258 (macop_t)mac_biba_check_vnode_setacl }, 2259 { MAC_CHECK_VNODE_SETEXTATTR, 2260 (macop_t)mac_biba_check_vnode_setextattr }, 2261 { MAC_CHECK_VNODE_SETFLAGS, 2262 (macop_t)mac_biba_check_vnode_setflags }, 2263 { MAC_CHECK_VNODE_SETMODE, 2264 (macop_t)mac_biba_check_vnode_setmode }, 2265 { MAC_CHECK_VNODE_SETOWNER, 2266 (macop_t)mac_biba_check_vnode_setowner }, 2267 { MAC_CHECK_VNODE_SETUTIMES, 2268 (macop_t)mac_biba_check_vnode_setutimes }, 2269 { MAC_CHECK_VNODE_STAT, 2270 (macop_t)mac_biba_check_vnode_stat }, 2271 { MAC_CHECK_VNODE_WRITE, 2272 (macop_t)mac_biba_check_vnode_write }, 2273 { MAC_CHECK_VNODE_MMAP_PERMS, 2274 (macop_t)mac_biba_check_vnode_mmap_perms }, 2275 { MAC_OP_LAST, NULL } 2276}; 2277 2278MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2279 MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2280