mac_biba.c revision 106354
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8101099Srwatson * This software was developed for the FreeBSD Project in part by NAI Labs, 9101099Srwatson * the Security Research Division of Network Associates, Inc. under 10101099Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11101099Srwatson * CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 3. The names of the authors may not be used to endorse or promote 22101099Srwatson * products derived from this software without specific prior written 23101099Srwatson * permission. 24101099Srwatson * 25101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35101099Srwatson * SUCH DAMAGE. 36101099Srwatson * 37101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106354 2002-11-02 20:16:35Z mux $ 38101099Srwatson */ 39101099Srwatson 40101099Srwatson/* 41101099Srwatson * Developed by the TrustedBSD Project. 42101099Srwatson * Biba fixed label mandatory integrity policy. 43101099Srwatson */ 44101099Srwatson 45101099Srwatson#include <sys/types.h> 46101099Srwatson#include <sys/param.h> 47101099Srwatson#include <sys/acl.h> 48101099Srwatson#include <sys/conf.h> 49105988Srwatson#include <sys/extattr.h> 50101099Srwatson#include <sys/kernel.h> 51101099Srwatson#include <sys/mac.h> 52103183Sbde#include <sys/malloc.h> 53101099Srwatson#include <sys/mount.h> 54101099Srwatson#include <sys/proc.h> 55101099Srwatson#include <sys/systm.h> 56101099Srwatson#include <sys/sysproto.h> 57101099Srwatson#include <sys/sysent.h> 58105696Srwatson#include <sys/systm.h> 59101099Srwatson#include <sys/vnode.h> 60101099Srwatson#include <sys/file.h> 61101099Srwatson#include <sys/socket.h> 62101099Srwatson#include <sys/socketvar.h> 63101099Srwatson#include <sys/pipe.h> 64101099Srwatson#include <sys/sysctl.h> 65101099Srwatson 66101099Srwatson#include <fs/devfs/devfs.h> 67101099Srwatson 68101099Srwatson#include <net/bpfdesc.h> 69101099Srwatson#include <net/if.h> 70101099Srwatson#include <net/if_types.h> 71101099Srwatson#include <net/if_var.h> 72101099Srwatson 73101099Srwatson#include <netinet/in.h> 74101099Srwatson#include <netinet/ip_var.h> 75101099Srwatson 76101099Srwatson#include <vm/vm.h> 77101099Srwatson 78101099Srwatson#include <sys/mac_policy.h> 79101099Srwatson 80101099Srwatson#include <security/mac_biba/mac_biba.h> 81101099Srwatson 82101099SrwatsonSYSCTL_DECL(_security_mac); 83101099Srwatson 84101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 85101099Srwatson "TrustedBSD mac_biba policy controls"); 86101099Srwatson 87105988Srwatsonstatic int mac_biba_label_size = sizeof(struct mac_biba); 88105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 89105988Srwatson &mac_biba_label_size, 0, "Size of struct mac_biba"); 90105988Srwatson 91101099Srwatsonstatic int mac_biba_enabled = 0; 92101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 93101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 94102980SrwatsonTUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 95101099Srwatson 96101099Srwatsonstatic int destroyed_not_inited; 97101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 98101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 99101099Srwatson 100101099Srwatsonstatic int trust_all_interfaces = 0; 101101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 102101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 103101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 104101099Srwatson 105101099Srwatsonstatic char trusted_interfaces[128]; 106101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 107101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 108101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 109101099Srwatson sizeof(trusted_interfaces)); 110101099Srwatson 111105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 112105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 113105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 114105643Srwatson 115105606Srwatsonstatic int ptys_equal = 0; 116105606SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, 117105606Srwatson &ptys_equal, 0, "Label pty devices as biba/equal on create"); 118105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 119105606Srwatson 120105637Srwatsonstatic int revocation_enabled = 0; 121101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 122105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 123105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 124101099Srwatson 125101099Srwatsonstatic int mac_biba_slot; 126101099Srwatson#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 127101099Srwatson 128101099SrwatsonMALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 129101099Srwatson 130105643Srwatsonstatic __inline int 131105643Srwatsonbiba_bit_set_empty(u_char *set) { 132105643Srwatson int i; 133105643Srwatson 134105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 135105643Srwatson if (set[i] != 0) 136105643Srwatson return (0); 137105643Srwatson return (1); 138105643Srwatson} 139105643Srwatson 140101099Srwatsonstatic struct mac_biba * 141104514Srwatsonbiba_alloc(int flag) 142101099Srwatson{ 143101099Srwatson struct mac_biba *mac_biba; 144101099Srwatson 145104514Srwatson mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | flag); 146101099Srwatson 147101099Srwatson return (mac_biba); 148101099Srwatson} 149101099Srwatson 150101099Srwatsonstatic void 151101099Srwatsonbiba_free(struct mac_biba *mac_biba) 152101099Srwatson{ 153101099Srwatson 154101099Srwatson if (mac_biba != NULL) 155101099Srwatson free(mac_biba, M_MACBIBA); 156101099Srwatson else 157101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 158101099Srwatson} 159101099Srwatson 160101099Srwatsonstatic int 161105634Srwatsonbiba_atmostflags(struct mac_biba *mac_biba, int flags) 162105634Srwatson{ 163105634Srwatson 164105634Srwatson if ((mac_biba->mb_flags & flags) != mac_biba->mb_flags) 165105634Srwatson return (EINVAL); 166105634Srwatson return (0); 167105634Srwatson} 168105634Srwatson 169105634Srwatsonstatic int 170101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 171101099Srwatson struct mac_biba_element *b) 172101099Srwatson{ 173105643Srwatson int bit; 174101099Srwatson 175105736Srwatson switch (a->mbe_type) { 176101099Srwatson case MAC_BIBA_TYPE_EQUAL: 177101099Srwatson case MAC_BIBA_TYPE_HIGH: 178101099Srwatson return (1); 179101099Srwatson 180101099Srwatson case MAC_BIBA_TYPE_LOW: 181101099Srwatson switch (b->mbe_type) { 182101099Srwatson case MAC_BIBA_TYPE_GRADE: 183101099Srwatson case MAC_BIBA_TYPE_HIGH: 184101099Srwatson return (0); 185101099Srwatson 186101099Srwatson case MAC_BIBA_TYPE_EQUAL: 187101099Srwatson case MAC_BIBA_TYPE_LOW: 188101099Srwatson return (1); 189101099Srwatson 190101099Srwatson default: 191101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 192101099Srwatson } 193101099Srwatson 194101099Srwatson case MAC_BIBA_TYPE_GRADE: 195101099Srwatson switch (b->mbe_type) { 196101099Srwatson case MAC_BIBA_TYPE_EQUAL: 197101099Srwatson case MAC_BIBA_TYPE_LOW: 198101099Srwatson return (1); 199101099Srwatson 200101099Srwatson case MAC_BIBA_TYPE_HIGH: 201101099Srwatson return (0); 202101099Srwatson 203101099Srwatson case MAC_BIBA_TYPE_GRADE: 204105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 205105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 206105643Srwatson a->mbe_compartments) && 207105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 208105643Srwatson return (0); 209101099Srwatson return (a->mbe_grade >= b->mbe_grade); 210101099Srwatson 211101099Srwatson default: 212101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 213101099Srwatson } 214101099Srwatson 215101099Srwatson default: 216101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 217101099Srwatson } 218101099Srwatson 219101099Srwatson return (0); 220101099Srwatson} 221101099Srwatson 222101099Srwatsonstatic int 223105988Srwatsonmac_biba_subject_dominate_high(struct mac_biba *mac_biba) 224105988Srwatson{ 225105988Srwatson struct mac_biba_element *element; 226105988Srwatson 227106174Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 228105988Srwatson ("mac_biba_single_in_range: mac_biba not single")); 229105988Srwatson element = &mac_biba->mb_single; 230105988Srwatson 231105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 232105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 233105988Srwatson} 234105988Srwatson 235105988Srwatsonstatic int 236101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 237101099Srwatson{ 238101099Srwatson 239101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 240101099Srwatson &rangea->mb_rangehigh) && 241101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 242101099Srwatson &rangeb->mb_rangelow)); 243101099Srwatson} 244101099Srwatson 245101099Srwatsonstatic int 246101099Srwatsonmac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 247101099Srwatson{ 248101099Srwatson 249103750Srwatson KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 250101099Srwatson ("mac_biba_single_in_range: a not single")); 251103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 252101099Srwatson ("mac_biba_single_in_range: b not range")); 253101099Srwatson 254101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 255101099Srwatson &single->mb_single) && 256101099Srwatson mac_biba_dominate_element(&single->mb_single, 257101099Srwatson &range->mb_rangelow)); 258101099Srwatson 259101099Srwatson return (1); 260101099Srwatson} 261101099Srwatson 262101099Srwatsonstatic int 263101099Srwatsonmac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 264101099Srwatson{ 265101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 266101099Srwatson ("mac_biba_dominate_single: a not single")); 267101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 268101099Srwatson ("mac_biba_dominate_single: b not single")); 269101099Srwatson 270101099Srwatson return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 271101099Srwatson} 272101099Srwatson 273101099Srwatsonstatic int 274101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 275101099Srwatson{ 276101099Srwatson 277101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 278101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 279101099Srwatson return (1); 280101099Srwatson 281101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 282101099Srwatson} 283101099Srwatson 284101099Srwatsonstatic int 285101099Srwatsonmac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 286101099Srwatson{ 287101099Srwatson 288101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 289101099Srwatson ("mac_biba_equal_single: a not single")); 290101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 291101099Srwatson ("mac_biba_equal_single: b not single")); 292101099Srwatson 293101099Srwatson return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 294101099Srwatson} 295101099Srwatson 296101099Srwatsonstatic int 297105634Srwatsonmac_biba_contains_equal(struct mac_biba *mac_biba) 298105634Srwatson{ 299105634Srwatson 300105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) 301105634Srwatson if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) 302105634Srwatson return (1); 303105634Srwatson 304105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 305105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 306105634Srwatson return (1); 307105634Srwatson if (mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 308105637Srwatson return (1); 309105634Srwatson } 310105634Srwatson 311105634Srwatson return (0); 312105634Srwatson} 313105634Srwatson 314105634Srwatsonstatic int 315106090Srwatsonmac_biba_subject_privileged(struct mac_biba *mac_biba) 316105634Srwatson{ 317105634Srwatson 318105634Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) == 319105634Srwatson MAC_BIBA_FLAGS_BOTH, 320106090Srwatson ("mac_biba_subject_privileged: subject doesn't have both labels")); 321105634Srwatson 322105634Srwatson /* If the single is EQUAL, it's ok. */ 323105634Srwatson if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) 324105634Srwatson return (0); 325105634Srwatson 326105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 327105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 328105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 329105634Srwatson return (0); 330105634Srwatson 331105634Srwatson /* If the range is low-high, it's ok. */ 332105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 333105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 334105634Srwatson return (0); 335105634Srwatson 336105634Srwatson /* It's not ok. */ 337105634Srwatson return (EPERM); 338105634Srwatson} 339105634Srwatson 340106091Srwatsonstatic int 341105988Srwatsonmac_biba_high_single(struct mac_biba *mac_biba) 342105988Srwatson{ 343105988Srwatson 344105988Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 345105988Srwatson ("mac_biba_equal_single: mac_biba not single")); 346105988Srwatson 347105988Srwatson return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); 348105988Srwatson} 349105988Srwatson 350105634Srwatsonstatic int 351101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 352101099Srwatson{ 353101099Srwatson 354101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 355101099Srwatson switch (mac_biba->mb_single.mbe_type) { 356101099Srwatson case MAC_BIBA_TYPE_GRADE: 357101099Srwatson break; 358101099Srwatson 359101099Srwatson case MAC_BIBA_TYPE_EQUAL: 360101099Srwatson case MAC_BIBA_TYPE_HIGH: 361101099Srwatson case MAC_BIBA_TYPE_LOW: 362105643Srwatson if (mac_biba->mb_single.mbe_grade != 0 || 363105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 364105643Srwatson mac_biba->mb_single.mbe_compartments)) 365101099Srwatson return (EINVAL); 366101099Srwatson break; 367101099Srwatson 368101099Srwatson default: 369101099Srwatson return (EINVAL); 370101099Srwatson } 371101099Srwatson } else { 372101099Srwatson if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 373101099Srwatson return (EINVAL); 374101099Srwatson } 375101099Srwatson 376101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 377101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 378101099Srwatson case MAC_BIBA_TYPE_GRADE: 379101099Srwatson break; 380101099Srwatson 381101099Srwatson case MAC_BIBA_TYPE_EQUAL: 382101099Srwatson case MAC_BIBA_TYPE_HIGH: 383101099Srwatson case MAC_BIBA_TYPE_LOW: 384105643Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0 || 385105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 386105643Srwatson mac_biba->mb_rangelow.mbe_compartments)) 387101099Srwatson return (EINVAL); 388101099Srwatson break; 389101099Srwatson 390101099Srwatson default: 391101099Srwatson return (EINVAL); 392101099Srwatson } 393101099Srwatson 394101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 395101099Srwatson case MAC_BIBA_TYPE_GRADE: 396101099Srwatson break; 397101099Srwatson 398101099Srwatson case MAC_BIBA_TYPE_EQUAL: 399101099Srwatson case MAC_BIBA_TYPE_HIGH: 400101099Srwatson case MAC_BIBA_TYPE_LOW: 401105643Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0 || 402105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 403105643Srwatson mac_biba->mb_rangehigh.mbe_compartments)) 404101099Srwatson return (EINVAL); 405101099Srwatson break; 406101099Srwatson 407101099Srwatson default: 408101099Srwatson return (EINVAL); 409101099Srwatson } 410101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 411101099Srwatson &mac_biba->mb_rangelow)) 412101099Srwatson return (EINVAL); 413101099Srwatson } else { 414101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 415101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 416101099Srwatson return (EINVAL); 417101099Srwatson } 418101099Srwatson 419101099Srwatson return (0); 420101099Srwatson} 421101099Srwatson 422101099Srwatsonstatic void 423101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 424105643Srwatson u_short gradelow, u_char *compartmentslow, u_short typehigh, 425105643Srwatson u_short gradehigh, u_char *compartmentshigh) 426101099Srwatson{ 427101099Srwatson 428101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 429101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 430105643Srwatson if (compartmentslow != NULL) 431105643Srwatson memcpy(mac_biba->mb_rangelow.mbe_compartments, 432105643Srwatson compartmentslow, 433105643Srwatson sizeof(mac_biba->mb_rangelow.mbe_compartments)); 434101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 435101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 436105643Srwatson if (compartmentshigh != NULL) 437105643Srwatson memcpy(mac_biba->mb_rangehigh.mbe_compartments, 438105643Srwatson compartmentshigh, 439105643Srwatson sizeof(mac_biba->mb_rangehigh.mbe_compartments)); 440101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 441101099Srwatson} 442101099Srwatson 443101099Srwatsonstatic void 444105643Srwatsonmac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade, 445105643Srwatson u_char *compartments) 446101099Srwatson{ 447101099Srwatson 448101099Srwatson mac_biba->mb_single.mbe_type = type; 449101099Srwatson mac_biba->mb_single.mbe_grade = grade; 450105643Srwatson if (compartments != NULL) 451105643Srwatson memcpy(mac_biba->mb_single.mbe_compartments, compartments, 452105643Srwatson sizeof(mac_biba->mb_single.mbe_compartments)); 453101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 454101099Srwatson} 455101099Srwatson 456101099Srwatsonstatic void 457101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 458101099Srwatson{ 459105643Srwatson 460101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 461101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 462101099Srwatson 463101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 464101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 465101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 466101099Srwatson} 467101099Srwatson 468101099Srwatsonstatic void 469101099Srwatsonmac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 470101099Srwatson{ 471101099Srwatson 472101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 473101099Srwatson ("mac_biba_copy_single: labelfrom not single")); 474101099Srwatson 475101099Srwatson labelto->mb_single = labelfrom->mb_single; 476101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 477101099Srwatson} 478101099Srwatson 479105656Srwatsonstatic void 480105656Srwatsonmac_biba_copy(struct mac_biba *source, struct mac_biba *dest) 481105656Srwatson{ 482105656Srwatson 483105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_SINGLE) 484105656Srwatson mac_biba_copy_single(source, dest); 485105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 486105656Srwatson mac_biba_copy_range(source, dest); 487105656Srwatson} 488105656Srwatson 489101099Srwatson/* 490101099Srwatson * Policy module operations. 491101099Srwatson */ 492101099Srwatsonstatic void 493101099Srwatsonmac_biba_destroy(struct mac_policy_conf *conf) 494101099Srwatson{ 495101099Srwatson 496101099Srwatson} 497101099Srwatson 498101099Srwatsonstatic void 499101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 500101099Srwatson{ 501101099Srwatson 502101099Srwatson} 503101099Srwatson 504101099Srwatson/* 505101099Srwatson * Label operations. 506101099Srwatson */ 507101099Srwatsonstatic void 508104514Srwatsonmac_biba_init_label(struct label *label) 509101099Srwatson{ 510101099Srwatson 511101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 512101099Srwatson} 513101099Srwatson 514101099Srwatsonstatic int 515104514Srwatsonmac_biba_init_label_waitcheck(struct label *label, int flag) 516101099Srwatson{ 517101099Srwatson 518104514Srwatson SLOT(label) = biba_alloc(flag); 519101099Srwatson if (SLOT(label) == NULL) 520101099Srwatson return (ENOMEM); 521101099Srwatson 522101099Srwatson return (0); 523101099Srwatson} 524101099Srwatson 525101099Srwatsonstatic void 526104514Srwatsonmac_biba_destroy_label(struct label *label) 527101099Srwatson{ 528101099Srwatson 529101099Srwatson biba_free(SLOT(label)); 530101099Srwatson SLOT(label) = NULL; 531101099Srwatson} 532101099Srwatson 533105696Srwatson/* 534105696Srwatson * mac_biba_element_to_string() is basically an snprintf wrapper with 535105696Srwatson * the same properties as snprintf(). It returns the length it would 536105696Srwatson * have added to the string in the event the string is too short. 537105696Srwatson */ 538105696Srwatsonstatic size_t 539105696Srwatsonmac_biba_element_to_string(char *string, size_t size, 540105696Srwatson struct mac_biba_element *element) 541105696Srwatson{ 542105696Srwatson int pos, bit = 1; 543105696Srwatson 544105696Srwatson switch (element->mbe_type) { 545105696Srwatson case MAC_BIBA_TYPE_HIGH: 546105696Srwatson return (snprintf(string, size, "high")); 547105696Srwatson 548105696Srwatson case MAC_BIBA_TYPE_LOW: 549105696Srwatson return (snprintf(string, size, "low")); 550105696Srwatson 551105696Srwatson case MAC_BIBA_TYPE_EQUAL: 552105696Srwatson return (snprintf(string, size, "equal")); 553105696Srwatson 554105696Srwatson case MAC_BIBA_TYPE_GRADE: 555105696Srwatson pos = snprintf(string, size, "%d:", element->mbe_grade); 556105696Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) { 557105696Srwatson if (MAC_BIBA_BIT_TEST(bit, element->mbe_compartments)) 558105696Srwatson pos += snprintf(string + pos, size - pos, 559105696Srwatson "%d+", bit); 560105696Srwatson } 561105696Srwatson if (string[pos - 1] == '+' || string[pos - 1] == ':') 562106214Srwatson string[--pos] = '\0'; 563105696Srwatson return (pos); 564105696Srwatson 565105696Srwatson default: 566105696Srwatson panic("mac_biba_element_to_string: invalid type (%d)", 567105696Srwatson element->mbe_type); 568105696Srwatson } 569105696Srwatson} 570105696Srwatson 571101099Srwatsonstatic int 572105696Srwatsonmac_biba_to_string(char *string, size_t size, size_t *caller_len, 573105696Srwatson struct mac_biba *mac_biba) 574101099Srwatson{ 575105696Srwatson size_t left, len; 576105696Srwatson char *curptr; 577105696Srwatson 578105696Srwatson bzero(string, size); 579105696Srwatson curptr = string; 580105696Srwatson left = size; 581105696Srwatson 582105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 583105696Srwatson len = mac_biba_element_to_string(curptr, left, 584105696Srwatson &mac_biba->mb_single); 585105696Srwatson if (len >= left) 586105696Srwatson return (EINVAL); 587105696Srwatson left -= len; 588105696Srwatson curptr += len; 589105696Srwatson } 590105696Srwatson 591105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 592105696Srwatson len = snprintf(curptr, left, "("); 593105696Srwatson if (len >= left) 594105696Srwatson return (EINVAL); 595105696Srwatson left -= len; 596105696Srwatson curptr += len; 597105696Srwatson 598105696Srwatson len = mac_biba_element_to_string(curptr, left, 599105696Srwatson &mac_biba->mb_rangelow); 600105696Srwatson if (len >= left) 601105696Srwatson return (EINVAL); 602105696Srwatson left -= len; 603105696Srwatson curptr += len; 604105696Srwatson 605105696Srwatson len = snprintf(curptr, left, "-"); 606105696Srwatson if (len >= left) 607105696Srwatson return (EINVAL); 608105696Srwatson left -= len; 609105696Srwatson curptr += len; 610105696Srwatson 611105696Srwatson len = mac_biba_element_to_string(curptr, left, 612105696Srwatson &mac_biba->mb_rangehigh); 613105696Srwatson if (len >= left) 614105696Srwatson return (EINVAL); 615105696Srwatson left -= len; 616105696Srwatson curptr += len; 617105696Srwatson 618105696Srwatson len = snprintf(curptr, left, ")"); 619105696Srwatson if (len >= left) 620105696Srwatson return (EINVAL); 621105696Srwatson left -= len; 622105696Srwatson curptr += len; 623105696Srwatson } 624105696Srwatson 625105696Srwatson *caller_len = strlen(string); 626105696Srwatson return (0); 627105696Srwatson} 628105696Srwatson 629105696Srwatsonstatic int 630105696Srwatsonmac_biba_externalize_label(struct label *label, char *element_name, 631105696Srwatson char *element_data, size_t size, size_t *len, int *claimed) 632105696Srwatson{ 633101099Srwatson struct mac_biba *mac_biba; 634105696Srwatson int error; 635101099Srwatson 636105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 637105696Srwatson return (0); 638105696Srwatson 639105696Srwatson (*claimed)++; 640105696Srwatson 641101099Srwatson mac_biba = SLOT(label); 642105696Srwatson error = mac_biba_to_string(element_data, size, len, mac_biba); 643105696Srwatson if (error) 644105696Srwatson return (error); 645101099Srwatson 646105696Srwatson *len = strlen(element_data); 647105696Srwatson return (0); 648105696Srwatson} 649105696Srwatson 650105696Srwatsonstatic int 651105696Srwatsonmac_biba_parse_element(struct mac_biba_element *element, char *string) 652101099Srwatson{ 653105696Srwatson 654105696Srwatson if (strcmp(string, "high") == 0 || 655105696Srwatson strcmp(string, "hi") == 0) { 656105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 657105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 658105696Srwatson } else if (strcmp(string, "low") == 0 || 659105696Srwatson strcmp(string, "lo") == 0) { 660105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 661105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 662105696Srwatson } else if (strcmp(string, "equal") == 0 || 663105696Srwatson strcmp(string, "eq") == 0) { 664105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 665105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 666105696Srwatson } else { 667105696Srwatson char *p0, *p1; 668105696Srwatson int d; 669105696Srwatson 670105696Srwatson p0 = string; 671105696Srwatson d = strtol(p0, &p1, 10); 672105696Srwatson 673105696Srwatson if (d < 0 || d > 65535) 674105696Srwatson return (EINVAL); 675105696Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 676105696Srwatson element->mbe_grade = d; 677105696Srwatson 678105696Srwatson if (*p1 != ':') { 679105696Srwatson if (p1 == p0 || *p1 != '\0') 680105696Srwatson return (EINVAL); 681105696Srwatson else 682105696Srwatson return (0); 683105696Srwatson } 684105696Srwatson else 685105696Srwatson if (*(p1 + 1) == '\0') 686105696Srwatson return (0); 687105696Srwatson 688105696Srwatson while ((p0 = ++p1)) { 689105696Srwatson d = strtol(p0, &p1, 10); 690105696Srwatson if (d < 1 || d > MAC_BIBA_MAX_COMPARTMENTS) 691105696Srwatson return (EINVAL); 692105696Srwatson 693105696Srwatson MAC_BIBA_BIT_SET(d, element->mbe_compartments); 694105696Srwatson 695105696Srwatson if (*p1 == '\0') 696105696Srwatson break; 697105696Srwatson if (p1 == p0 || *p1 != '+') 698105696Srwatson return (EINVAL); 699105696Srwatson } 700105696Srwatson } 701105696Srwatson 702105696Srwatson return (0); 703105696Srwatson} 704105696Srwatson 705105696Srwatson/* 706105696Srwatson * Note: destructively consumes the string, make a local copy before 707105696Srwatson * calling if that's a problem. 708105696Srwatson */ 709105696Srwatsonstatic int 710105696Srwatsonmac_biba_parse(struct mac_biba *mac_biba, char *string) 711105696Srwatson{ 712105696Srwatson char *range, *rangeend, *rangehigh, *rangelow, *single; 713101099Srwatson int error; 714101099Srwatson 715105696Srwatson /* Do we have a range? */ 716105696Srwatson single = string; 717105696Srwatson range = index(string, '('); 718105696Srwatson if (range == single) 719105696Srwatson single = NULL; 720105696Srwatson rangelow = rangehigh = NULL; 721105696Srwatson if (range != NULL) { 722105696Srwatson /* Nul terminate the end of the single string. */ 723105696Srwatson *range = '\0'; 724105696Srwatson range++; 725105696Srwatson rangelow = range; 726105696Srwatson rangehigh = index(rangelow, '-'); 727105696Srwatson if (rangehigh == NULL) 728105696Srwatson return (EINVAL); 729105696Srwatson rangehigh++; 730105696Srwatson if (*rangelow == '\0' || *rangehigh == '\0') 731105696Srwatson return (EINVAL); 732105696Srwatson rangeend = index(rangehigh, ')'); 733105696Srwatson if (rangeend == NULL) 734105696Srwatson return (EINVAL); 735105696Srwatson if (*(rangeend + 1) != '\0') 736105696Srwatson return (EINVAL); 737105696Srwatson /* Nul terminate the ends of the ranges. */ 738105696Srwatson *(rangehigh - 1) = '\0'; 739105696Srwatson *rangeend = '\0'; 740105696Srwatson } 741105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 742105696Srwatson (rangelow == NULL && rangehigh == NULL), 743105696Srwatson ("mac_biba_internalize_label: range mismatch")); 744101099Srwatson 745105696Srwatson bzero(mac_biba, sizeof(*mac_biba)); 746105696Srwatson if (single != NULL) { 747105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_single, single); 748105696Srwatson if (error) 749105696Srwatson return (error); 750105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 751105696Srwatson } 752105696Srwatson 753105696Srwatson if (rangelow != NULL) { 754105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangelow, 755105696Srwatson rangelow); 756105696Srwatson if (error) 757105696Srwatson return (error); 758105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangehigh, 759105696Srwatson rangehigh); 760105696Srwatson if (error) 761105696Srwatson return (error); 762105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 763105696Srwatson } 764105696Srwatson 765101099Srwatson error = mac_biba_valid(mac_biba); 766101099Srwatson if (error) 767101099Srwatson return (error); 768101099Srwatson 769105696Srwatson return (0); 770105696Srwatson} 771101099Srwatson 772105696Srwatsonstatic int 773105696Srwatsonmac_biba_internalize_label(struct label *label, char *element_name, 774105696Srwatson char *element_data, int *claimed) 775105696Srwatson{ 776105696Srwatson struct mac_biba *mac_biba, mac_biba_temp; 777105696Srwatson int error; 778105696Srwatson 779105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 780105696Srwatson return (0); 781105696Srwatson 782105696Srwatson (*claimed)++; 783105696Srwatson 784105696Srwatson error = mac_biba_parse(&mac_biba_temp, element_data); 785105696Srwatson if (error) 786105696Srwatson return (error); 787105696Srwatson 788105696Srwatson mac_biba = SLOT(label); 789105696Srwatson *mac_biba = mac_biba_temp; 790105696Srwatson 791101099Srwatson return (0); 792101099Srwatson} 793101099Srwatson 794105696Srwatsonstatic void 795105696Srwatsonmac_biba_copy_label(struct label *src, struct label *dest) 796105696Srwatson{ 797105696Srwatson 798105696Srwatson *SLOT(dest) = *SLOT(src); 799105696Srwatson} 800105696Srwatson 801101099Srwatson/* 802101099Srwatson * Labeling event operations: file system objects, and things that look 803101099Srwatson * a lot like file system objects. 804101099Srwatson */ 805101099Srwatsonstatic void 806101099Srwatsonmac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 807101099Srwatson struct label *label) 808101099Srwatson{ 809101099Srwatson struct mac_biba *mac_biba; 810101099Srwatson int biba_type; 811101099Srwatson 812101099Srwatson mac_biba = SLOT(label); 813101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 814101099Srwatson strcmp(dev->si_name, "zero") == 0 || 815101099Srwatson strcmp(dev->si_name, "random") == 0 || 816101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 817101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 818105606Srwatson else if (ptys_equal && 819105606Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 820105606Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 821105606Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 822101099Srwatson else 823101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 824105643Srwatson mac_biba_set_single(mac_biba, biba_type, 0, NULL); 825101099Srwatson} 826101099Srwatson 827101099Srwatsonstatic void 828101099Srwatsonmac_biba_create_devfs_directory(char *dirname, int dirnamelen, 829101099Srwatson struct devfs_dirent *devfs_dirent, struct label *label) 830101099Srwatson{ 831101099Srwatson struct mac_biba *mac_biba; 832101099Srwatson 833101099Srwatson mac_biba = SLOT(label); 834105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 835101099Srwatson} 836101099Srwatson 837101099Srwatsonstatic void 838104535Srwatsonmac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 839104535Srwatson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 840104535Srwatson{ 841104535Srwatson struct mac_biba *source, *dest; 842104535Srwatson 843104535Srwatson source = SLOT(&cred->cr_label); 844104535Srwatson dest = SLOT(delabel); 845104535Srwatson 846104535Srwatson mac_biba_copy_single(source, dest); 847104535Srwatson} 848104535Srwatson 849104535Srwatsonstatic void 850101099Srwatsonmac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 851101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 852101099Srwatson{ 853101099Srwatson struct mac_biba *source, *dest; 854101099Srwatson 855101099Srwatson source = SLOT(direntlabel); 856101099Srwatson dest = SLOT(vnodelabel); 857101099Srwatson mac_biba_copy_single(source, dest); 858101099Srwatson} 859101099Srwatson 860101099Srwatsonstatic void 861101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 862101099Srwatson struct label *mntlabel, struct label *fslabel) 863101099Srwatson{ 864101099Srwatson struct mac_biba *source, *dest; 865101099Srwatson 866101099Srwatson source = SLOT(&cred->cr_label); 867101099Srwatson dest = SLOT(mntlabel); 868101099Srwatson mac_biba_copy_single(source, dest); 869101099Srwatson dest = SLOT(fslabel); 870101099Srwatson mac_biba_copy_single(source, dest); 871101099Srwatson} 872101099Srwatson 873101099Srwatsonstatic void 874101099Srwatsonmac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 875101099Srwatson struct label *mntlabel, struct label *fslabel) 876101099Srwatson{ 877101099Srwatson struct mac_biba *mac_biba; 878101099Srwatson 879101099Srwatson /* Always mount root as high integrity. */ 880101099Srwatson mac_biba = SLOT(fslabel); 881105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 882101099Srwatson mac_biba = SLOT(mntlabel); 883105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 884101099Srwatson} 885101099Srwatson 886101099Srwatsonstatic void 887101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 888101099Srwatson struct label *vnodelabel, struct label *label) 889101099Srwatson{ 890101099Srwatson struct mac_biba *source, *dest; 891101099Srwatson 892101099Srwatson source = SLOT(label); 893101099Srwatson dest = SLOT(vnodelabel); 894101099Srwatson 895105656Srwatson mac_biba_copy(source, dest); 896101099Srwatson} 897101099Srwatson 898101099Srwatsonstatic void 899101099Srwatsonmac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 900101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 901101099Srwatson{ 902101099Srwatson struct mac_biba *source, *dest; 903101099Srwatson 904101099Srwatson source = SLOT(vnodelabel); 905101099Srwatson dest = SLOT(direntlabel); 906101099Srwatson 907105656Srwatson mac_biba_copy(source, dest); 908101099Srwatson} 909101099Srwatson 910101099Srwatsonstatic void 911105988Srwatsonmac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 912105988Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 913105988Srwatson struct label *vlabel) 914101099Srwatson{ 915101099Srwatson struct mac_biba *source, *dest; 916101099Srwatson 917105988Srwatson source = SLOT(delabel); 918105988Srwatson dest = SLOT(vlabel); 919101099Srwatson 920101099Srwatson mac_biba_copy_single(source, dest); 921101099Srwatson} 922101099Srwatson 923101099Srwatsonstatic int 924105988Srwatsonmac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 925105988Srwatson struct vnode *vp, struct label *vlabel) 926101099Srwatson{ 927105988Srwatson struct mac_biba temp, *source, *dest; 928106354Smux int buflen, error; 929101099Srwatson 930105988Srwatson source = SLOT(fslabel); 931105988Srwatson dest = SLOT(vlabel); 932101099Srwatson 933105988Srwatson buflen = sizeof(temp); 934105988Srwatson bzero(&temp, buflen); 935105988Srwatson 936105988Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 937105988Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 938105988Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 939105988Srwatson /* Fall back to the fslabel. */ 940105988Srwatson mac_biba_copy_single(source, dest); 941105988Srwatson return (0); 942105988Srwatson } else if (error) 943101099Srwatson return (error); 944101099Srwatson 945105988Srwatson if (buflen != sizeof(temp)) { 946105988Srwatson printf("mac_biba_associate_vnode_extattr: bad size %d\n", 947105988Srwatson buflen); 948105988Srwatson return (EPERM); 949105988Srwatson } 950105988Srwatson if (mac_biba_valid(&temp) != 0) { 951105988Srwatson printf("mac_biba_associate_vnode_extattr: invalid\n"); 952105988Srwatson return (EPERM); 953105988Srwatson } 954105988Srwatson if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) { 955105988Srwatson printf("mac_biba_associate_vnode_extattr: not single\n"); 956105988Srwatson return (EPERM); 957105988Srwatson } 958101099Srwatson 959105988Srwatson mac_biba_copy_single(&temp, dest); 960101099Srwatson return (0); 961101099Srwatson} 962101099Srwatson 963101099Srwatsonstatic void 964105988Srwatsonmac_biba_associate_vnode_singlelabel(struct mount *mp, 965105988Srwatson struct label *fslabel, struct vnode *vp, struct label *vlabel) 966101099Srwatson{ 967101099Srwatson struct mac_biba *source, *dest; 968101099Srwatson 969101099Srwatson source = SLOT(fslabel); 970105988Srwatson dest = SLOT(vlabel); 971101099Srwatson 972101099Srwatson mac_biba_copy_single(source, dest); 973101099Srwatson} 974101099Srwatson 975105988Srwatsonstatic int 976105988Srwatsonmac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, 977105988Srwatson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 978105988Srwatson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 979105988Srwatson{ 980105988Srwatson struct mac_biba *source, *dest, temp; 981105988Srwatson size_t buflen; 982105988Srwatson int error; 983105988Srwatson 984105988Srwatson buflen = sizeof(temp); 985105988Srwatson bzero(&temp, buflen); 986105988Srwatson 987105988Srwatson source = SLOT(&cred->cr_label); 988105988Srwatson dest = SLOT(vlabel); 989105988Srwatson mac_biba_copy_single(source, &temp); 990105988Srwatson 991105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 992105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 993105988Srwatson if (error == 0) 994105988Srwatson mac_biba_copy_single(source, dest); 995105988Srwatson return (error); 996105988Srwatson} 997105988Srwatson 998105988Srwatsonstatic int 999105988Srwatsonmac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 1000105988Srwatson struct label *vlabel, struct label *intlabel) 1001105988Srwatson{ 1002105988Srwatson struct mac_biba *source, temp; 1003105988Srwatson size_t buflen; 1004105988Srwatson int error; 1005105988Srwatson 1006105988Srwatson buflen = sizeof(temp); 1007105988Srwatson bzero(&temp, buflen); 1008105988Srwatson 1009105988Srwatson source = SLOT(intlabel); 1010105988Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_SINGLE) == 0) 1011105988Srwatson return (0); 1012105988Srwatson 1013105988Srwatson mac_biba_copy_single(source, &temp); 1014105988Srwatson 1015105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 1016105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 1017105988Srwatson return (error); 1018105988Srwatson} 1019105988Srwatson 1020101099Srwatson/* 1021101099Srwatson * Labeling event operations: IPC object. 1022101099Srwatson */ 1023101099Srwatsonstatic void 1024101099Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 1025101099Srwatson struct mbuf *m, struct label *mbuflabel) 1026101099Srwatson{ 1027101099Srwatson struct mac_biba *source, *dest; 1028101099Srwatson 1029101099Srwatson source = SLOT(socketlabel); 1030101099Srwatson dest = SLOT(mbuflabel); 1031101099Srwatson 1032101099Srwatson mac_biba_copy_single(source, dest); 1033101099Srwatson} 1034101099Srwatson 1035101099Srwatsonstatic void 1036101099Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *socket, 1037101099Srwatson struct label *socketlabel) 1038101099Srwatson{ 1039101099Srwatson struct mac_biba *source, *dest; 1040101099Srwatson 1041101099Srwatson source = SLOT(&cred->cr_label); 1042101099Srwatson dest = SLOT(socketlabel); 1043101099Srwatson 1044101099Srwatson mac_biba_copy_single(source, dest); 1045101099Srwatson} 1046101099Srwatson 1047101099Srwatsonstatic void 1048101099Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 1049101099Srwatson struct label *pipelabel) 1050101099Srwatson{ 1051101099Srwatson struct mac_biba *source, *dest; 1052101099Srwatson 1053101099Srwatson source = SLOT(&cred->cr_label); 1054101099Srwatson dest = SLOT(pipelabel); 1055101099Srwatson 1056101099Srwatson mac_biba_copy_single(source, dest); 1057101099Srwatson} 1058101099Srwatson 1059101099Srwatsonstatic void 1060101099Srwatsonmac_biba_create_socket_from_socket(struct socket *oldsocket, 1061101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1062101099Srwatson struct label *newsocketlabel) 1063101099Srwatson{ 1064101099Srwatson struct mac_biba *source, *dest; 1065101099Srwatson 1066101099Srwatson source = SLOT(oldsocketlabel); 1067101099Srwatson dest = SLOT(newsocketlabel); 1068101099Srwatson 1069101099Srwatson mac_biba_copy_single(source, dest); 1070101099Srwatson} 1071101099Srwatson 1072101099Srwatsonstatic void 1073101099Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 1074101099Srwatson struct label *socketlabel, struct label *newlabel) 1075101099Srwatson{ 1076101099Srwatson struct mac_biba *source, *dest; 1077101099Srwatson 1078101099Srwatson source = SLOT(newlabel); 1079101099Srwatson dest = SLOT(socketlabel); 1080101099Srwatson 1081105656Srwatson mac_biba_copy(source, dest); 1082101099Srwatson} 1083101099Srwatson 1084101099Srwatsonstatic void 1085101099Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 1086101099Srwatson struct label *pipelabel, struct label *newlabel) 1087101099Srwatson{ 1088101099Srwatson struct mac_biba *source, *dest; 1089101099Srwatson 1090101099Srwatson source = SLOT(newlabel); 1091101099Srwatson dest = SLOT(pipelabel); 1092101099Srwatson 1093105656Srwatson mac_biba_copy(source, dest); 1094101099Srwatson} 1095101099Srwatson 1096101099Srwatsonstatic void 1097101099Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1098101099Srwatson struct socket *socket, struct label *socketpeerlabel) 1099101099Srwatson{ 1100101099Srwatson struct mac_biba *source, *dest; 1101101099Srwatson 1102101099Srwatson source = SLOT(mbuflabel); 1103101099Srwatson dest = SLOT(socketpeerlabel); 1104101099Srwatson 1105101099Srwatson mac_biba_copy_single(source, dest); 1106101099Srwatson} 1107101099Srwatson 1108101099Srwatson/* 1109101099Srwatson * Labeling event operations: network objects. 1110101099Srwatson */ 1111101099Srwatsonstatic void 1112101099Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 1113101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1114101099Srwatson struct label *newsocketpeerlabel) 1115101099Srwatson{ 1116101099Srwatson struct mac_biba *source, *dest; 1117101099Srwatson 1118101099Srwatson source = SLOT(oldsocketlabel); 1119101099Srwatson dest = SLOT(newsocketpeerlabel); 1120101099Srwatson 1121101099Srwatson mac_biba_copy_single(source, dest); 1122101099Srwatson} 1123101099Srwatson 1124101099Srwatsonstatic void 1125101099Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1126101099Srwatson struct label *bpflabel) 1127101099Srwatson{ 1128101099Srwatson struct mac_biba *source, *dest; 1129101099Srwatson 1130101099Srwatson source = SLOT(&cred->cr_label); 1131101099Srwatson dest = SLOT(bpflabel); 1132101099Srwatson 1133101099Srwatson mac_biba_copy_single(source, dest); 1134101099Srwatson} 1135101099Srwatson 1136101099Srwatsonstatic void 1137101099Srwatsonmac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1138101099Srwatson{ 1139101099Srwatson char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 1140101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1141101099Srwatson struct mac_biba *dest; 1142101099Srwatson int len, grade; 1143101099Srwatson 1144101099Srwatson dest = SLOT(ifnetlabel); 1145101099Srwatson 1146101099Srwatson if (ifnet->if_type == IFT_LOOP) { 1147101099Srwatson grade = MAC_BIBA_TYPE_EQUAL; 1148101099Srwatson goto set; 1149101099Srwatson } 1150101099Srwatson 1151101099Srwatson if (trust_all_interfaces) { 1152101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 1153101099Srwatson goto set; 1154101099Srwatson } 1155101099Srwatson 1156101099Srwatson grade = MAC_BIBA_TYPE_LOW; 1157101099Srwatson 1158101099Srwatson if (trusted_interfaces[0] == '\0' || 1159101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1160101099Srwatson goto set; 1161101099Srwatson 1162106089Srwatson bzero(tiflist, sizeof(tiflist)); 1163101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1164101099Srwatson if(*p != ' ' && *p != '\t') 1165101099Srwatson *q = *p; 1166101099Srwatson 1167101099Srwatson snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 1168101099Srwatson 1169101099Srwatson for (p = q = tiflist;; p++) { 1170101099Srwatson if (*p == ',' || *p == '\0') { 1171101099Srwatson len = p - q; 1172101099Srwatson if (len < IFNAMSIZ) { 1173101099Srwatson bzero(tifname, sizeof(tifname)); 1174101099Srwatson bcopy(q, tifname, len); 1175101099Srwatson if (strcmp(tifname, ifname) == 0) { 1176101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 1177101099Srwatson break; 1178101099Srwatson } 1179106089Srwatson } else { 1180106089Srwatson *p = '\0'; 1181106089Srwatson printf("mac_biba warning: interface name " 1182106089Srwatson "\"%s\" is too long (must be < %d)\n", 1183106089Srwatson q, IFNAMSIZ); 1184101099Srwatson } 1185101099Srwatson if (*p == '\0') 1186101099Srwatson break; 1187101099Srwatson q = p + 1; 1188101099Srwatson } 1189101099Srwatson } 1190101099Srwatsonset: 1191105643Srwatson mac_biba_set_single(dest, grade, 0, NULL); 1192105643Srwatson mac_biba_set_range(dest, grade, 0, NULL, grade, 0, NULL); 1193101099Srwatson} 1194101099Srwatson 1195101099Srwatsonstatic void 1196101099Srwatsonmac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1197101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1198101099Srwatson{ 1199101099Srwatson struct mac_biba *source, *dest; 1200101099Srwatson 1201101099Srwatson source = SLOT(fragmentlabel); 1202101099Srwatson dest = SLOT(ipqlabel); 1203101099Srwatson 1204101099Srwatson mac_biba_copy_single(source, dest); 1205101099Srwatson} 1206101099Srwatson 1207101099Srwatsonstatic void 1208101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1209101099Srwatson struct mbuf *datagram, struct label *datagramlabel) 1210101099Srwatson{ 1211101099Srwatson struct mac_biba *source, *dest; 1212101099Srwatson 1213101099Srwatson source = SLOT(ipqlabel); 1214101099Srwatson dest = SLOT(datagramlabel); 1215101099Srwatson 1216101099Srwatson /* Just use the head, since we require them all to match. */ 1217101099Srwatson mac_biba_copy_single(source, dest); 1218101099Srwatson} 1219101099Srwatson 1220101099Srwatsonstatic void 1221101099Srwatsonmac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1222101099Srwatson struct mbuf *fragment, struct label *fragmentlabel) 1223101099Srwatson{ 1224101099Srwatson struct mac_biba *source, *dest; 1225101099Srwatson 1226101099Srwatson source = SLOT(datagramlabel); 1227101099Srwatson dest = SLOT(fragmentlabel); 1228101099Srwatson 1229101099Srwatson mac_biba_copy_single(source, dest); 1230101099Srwatson} 1231101099Srwatson 1232101099Srwatsonstatic void 1233101099Srwatsonmac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1234101099Srwatson struct label *oldmbuflabel, struct mbuf *newmbuf, 1235101099Srwatson struct label *newmbuflabel) 1236101099Srwatson{ 1237101099Srwatson struct mac_biba *source, *dest; 1238101099Srwatson 1239101099Srwatson source = SLOT(oldmbuflabel); 1240101099Srwatson dest = SLOT(newmbuflabel); 1241101099Srwatson 1242105656Srwatson /* 1243105656Srwatson * Because the source mbuf may not yet have been "created", 1244105696Srwatson * just initialized, we do a conditional copy. Since we don't 1245105656Srwatson * allow mbufs to have ranges, do a KASSERT to make sure that 1246105656Srwatson * doesn't happen. 1247105656Srwatson */ 1248105656Srwatson KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) == 0, 1249105656Srwatson ("mac_biba_create_mbuf_from_mbuf: source mbuf has range")); 1250105656Srwatson mac_biba_copy(source, dest); 1251101099Srwatson} 1252101099Srwatson 1253101099Srwatsonstatic void 1254101099Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1255101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1256101099Srwatson{ 1257101099Srwatson struct mac_biba *dest; 1258101099Srwatson 1259101099Srwatson dest = SLOT(mbuflabel); 1260101099Srwatson 1261105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1262101099Srwatson} 1263101099Srwatson 1264101099Srwatsonstatic void 1265101099Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1266101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1267101099Srwatson{ 1268101099Srwatson struct mac_biba *source, *dest; 1269101099Srwatson 1270101099Srwatson source = SLOT(bpflabel); 1271101099Srwatson dest = SLOT(mbuflabel); 1272101099Srwatson 1273101099Srwatson mac_biba_copy_single(source, dest); 1274101099Srwatson} 1275101099Srwatson 1276101099Srwatsonstatic void 1277101099Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1278101099Srwatson struct mbuf *m, struct label *mbuflabel) 1279101099Srwatson{ 1280101099Srwatson struct mac_biba *source, *dest; 1281101099Srwatson 1282101099Srwatson source = SLOT(ifnetlabel); 1283101099Srwatson dest = SLOT(mbuflabel); 1284101099Srwatson 1285101099Srwatson mac_biba_copy_single(source, dest); 1286101099Srwatson} 1287101099Srwatson 1288101099Srwatsonstatic void 1289101099Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1290101099Srwatson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1291101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1292101099Srwatson{ 1293101099Srwatson struct mac_biba *source, *dest; 1294101099Srwatson 1295101099Srwatson source = SLOT(oldmbuflabel); 1296101099Srwatson dest = SLOT(newmbuflabel); 1297101099Srwatson 1298101099Srwatson mac_biba_copy_single(source, dest); 1299101099Srwatson} 1300101099Srwatson 1301101099Srwatsonstatic void 1302101099Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1303101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1304101099Srwatson{ 1305101099Srwatson struct mac_biba *source, *dest; 1306101099Srwatson 1307101099Srwatson source = SLOT(oldmbuflabel); 1308101099Srwatson dest = SLOT(newmbuflabel); 1309101099Srwatson 1310101099Srwatson mac_biba_copy_single(source, dest); 1311101099Srwatson} 1312101099Srwatson 1313101099Srwatsonstatic int 1314101099Srwatsonmac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1315101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1316101099Srwatson{ 1317101099Srwatson struct mac_biba *a, *b; 1318101099Srwatson 1319101099Srwatson a = SLOT(ipqlabel); 1320101099Srwatson b = SLOT(fragmentlabel); 1321101099Srwatson 1322101099Srwatson return (mac_biba_equal_single(a, b)); 1323101099Srwatson} 1324101099Srwatson 1325101099Srwatsonstatic void 1326101099Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1327101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1328101099Srwatson{ 1329101099Srwatson struct mac_biba *source, *dest; 1330101099Srwatson 1331101099Srwatson source = SLOT(newlabel); 1332101099Srwatson dest = SLOT(ifnetlabel); 1333101099Srwatson 1334105656Srwatson mac_biba_copy(source, dest); 1335101099Srwatson} 1336101099Srwatson 1337101099Srwatsonstatic void 1338101099Srwatsonmac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1339101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1340101099Srwatson{ 1341101099Srwatson 1342101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1343101099Srwatson} 1344101099Srwatson 1345101099Srwatson/* 1346101099Srwatson * Labeling event operations: processes. 1347101099Srwatson */ 1348101099Srwatsonstatic void 1349101099Srwatsonmac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1350101099Srwatson{ 1351101099Srwatson struct mac_biba *source, *dest; 1352101099Srwatson 1353101099Srwatson source = SLOT(&cred_parent->cr_label); 1354101099Srwatson dest = SLOT(&cred_child->cr_label); 1355101099Srwatson 1356101099Srwatson mac_biba_copy_single(source, dest); 1357101099Srwatson mac_biba_copy_range(source, dest); 1358101099Srwatson} 1359101099Srwatson 1360101099Srwatsonstatic void 1361101099Srwatsonmac_biba_execve_transition(struct ucred *old, struct ucred *new, 1362106214Srwatson struct vnode *vp, struct label *vnodelabel) 1363101099Srwatson{ 1364101099Srwatson struct mac_biba *source, *dest; 1365101099Srwatson 1366101099Srwatson source = SLOT(&old->cr_label); 1367101099Srwatson dest = SLOT(&new->cr_label); 1368101099Srwatson 1369101099Srwatson mac_biba_copy_single(source, dest); 1370101099Srwatson mac_biba_copy_range(source, dest); 1371101099Srwatson} 1372101099Srwatson 1373101099Srwatsonstatic int 1374101099Srwatsonmac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1375106214Srwatson struct label *vnodelabel) 1376101099Srwatson{ 1377101099Srwatson 1378101099Srwatson return (0); 1379101099Srwatson} 1380101099Srwatson 1381101099Srwatsonstatic void 1382101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 1383101099Srwatson{ 1384101099Srwatson struct mac_biba *dest; 1385101099Srwatson 1386101099Srwatson dest = SLOT(&cred->cr_label); 1387101099Srwatson 1388105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1389105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1390105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1391101099Srwatson} 1392101099Srwatson 1393101099Srwatsonstatic void 1394101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 1395101099Srwatson{ 1396101099Srwatson struct mac_biba *dest; 1397101099Srwatson 1398101099Srwatson dest = SLOT(&cred->cr_label); 1399101099Srwatson 1400105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1401105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1402105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1403101099Srwatson} 1404101099Srwatson 1405101099Srwatsonstatic void 1406101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1407101099Srwatson{ 1408101099Srwatson struct mac_biba *source, *dest; 1409101099Srwatson 1410101099Srwatson source = SLOT(newlabel); 1411101099Srwatson dest = SLOT(&cred->cr_label); 1412101099Srwatson 1413105656Srwatson mac_biba_copy(source, dest); 1414101099Srwatson} 1415101099Srwatson 1416101099Srwatson/* 1417101099Srwatson * Access control checks. 1418101099Srwatson */ 1419101099Srwatsonstatic int 1420101099Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1421101099Srwatson struct ifnet *ifnet, struct label *ifnetlabel) 1422101099Srwatson{ 1423101099Srwatson struct mac_biba *a, *b; 1424101099Srwatson 1425101099Srwatson if (!mac_biba_enabled) 1426101099Srwatson return (0); 1427101099Srwatson 1428101099Srwatson a = SLOT(bpflabel); 1429101099Srwatson b = SLOT(ifnetlabel); 1430101099Srwatson 1431101099Srwatson if (mac_biba_equal_single(a, b)) 1432101099Srwatson return (0); 1433101099Srwatson return (EACCES); 1434101099Srwatson} 1435101099Srwatson 1436101099Srwatsonstatic int 1437101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1438101099Srwatson{ 1439101099Srwatson struct mac_biba *subj, *new; 1440105634Srwatson int error; 1441101099Srwatson 1442101099Srwatson subj = SLOT(&cred->cr_label); 1443101099Srwatson new = SLOT(newlabel); 1444101099Srwatson 1445101099Srwatson /* 1446105634Srwatson * If there is a Biba label update for the credential, it may 1447105634Srwatson * be an update of the single, range, or both. 1448101099Srwatson */ 1449105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1450105634Srwatson if (error) 1451105634Srwatson return (error); 1452101099Srwatson 1453101099Srwatson /* 1454105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1455101099Srwatson */ 1456105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1457105634Srwatson /* 1458105634Srwatson * To change the Biba single label on a credential, the 1459105634Srwatson * new single label must be in the current range. 1460105634Srwatson */ 1461105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && 1462105634Srwatson !mac_biba_single_in_range(new, subj)) 1463105634Srwatson return (EPERM); 1464101099Srwatson 1465105634Srwatson /* 1466105634Srwatson * To change the Biba range on a credential, the new 1467105634Srwatson * range label must be in the current range. 1468105634Srwatson */ 1469105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 1470105634Srwatson !mac_biba_range_in_range(new, subj)) 1471105634Srwatson return (EPERM); 1472101099Srwatson 1473105634Srwatson /* 1474105634Srwatson * To have EQUAL in any component of the new credential 1475105634Srwatson * Biba label, the subject must already have EQUAL in 1476105634Srwatson * their label. 1477105634Srwatson */ 1478105634Srwatson if (mac_biba_contains_equal(new)) { 1479106090Srwatson error = mac_biba_subject_privileged(subj); 1480105634Srwatson if (error) 1481105634Srwatson return (error); 1482105634Srwatson } 1483101099Srwatson 1484105634Srwatson /* 1485105634Srwatson * XXXMAC: Additional consistency tests regarding the 1486105634Srwatson * single and range of the new label might be performed 1487105634Srwatson * here. 1488105634Srwatson */ 1489105634Srwatson } 1490105634Srwatson 1491101099Srwatson return (0); 1492101099Srwatson} 1493101099Srwatson 1494101099Srwatsonstatic int 1495101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1496101099Srwatson{ 1497101099Srwatson struct mac_biba *subj, *obj; 1498101099Srwatson 1499101099Srwatson if (!mac_biba_enabled) 1500101099Srwatson return (0); 1501101099Srwatson 1502101099Srwatson subj = SLOT(&u1->cr_label); 1503101099Srwatson obj = SLOT(&u2->cr_label); 1504101099Srwatson 1505101099Srwatson /* XXX: range */ 1506101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1507101099Srwatson return (ESRCH); 1508101099Srwatson 1509101099Srwatson return (0); 1510101099Srwatson} 1511101099Srwatson 1512101099Srwatsonstatic int 1513101099Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1514101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1515101099Srwatson{ 1516101099Srwatson struct mac_biba *subj, *new; 1517105634Srwatson int error; 1518101099Srwatson 1519101099Srwatson subj = SLOT(&cred->cr_label); 1520101099Srwatson new = SLOT(newlabel); 1521101099Srwatson 1522105634Srwatson /* 1523105634Srwatson * If there is a Biba label update for the interface, it may 1524105634Srwatson * be an update of the single, range, or both. 1525105634Srwatson */ 1526105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1527105634Srwatson if (error) 1528105634Srwatson return (error); 1529101099Srwatson 1530105634Srwatson /* 1531106160Srwatson * Relabling network interfaces requires Biba privilege. 1532106160Srwatson */ 1533106160Srwatson error = mac_biba_subject_privileged(subj); 1534106160Srwatson if (error) 1535106160Srwatson return (error); 1536106160Srwatson 1537106160Srwatson /* 1538105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1539105634Srwatson */ 1540105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1541105634Srwatson /* 1542105634Srwatson * Rely on the traditional superuser status for the Biba 1543105634Srwatson * interface relabel requirements. XXXMAC: This will go 1544105634Srwatson * away. 1545105634Srwatson */ 1546105634Srwatson error = suser_cred(cred, 0); 1547105634Srwatson if (error) 1548105634Srwatson return (EPERM); 1549105634Srwatson 1550105634Srwatson /* 1551105634Srwatson * XXXMAC: Additional consistency tests regarding the single 1552105634Srwatson * and the range of the new label might be performed here. 1553105634Srwatson */ 1554105634Srwatson } 1555105634Srwatson 1556105634Srwatson return (0); 1557101099Srwatson} 1558101099Srwatson 1559103759Srwatsonstatic int 1560101099Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1561101099Srwatson struct mbuf *m, struct label *mbuflabel) 1562101099Srwatson{ 1563101099Srwatson struct mac_biba *p, *i; 1564103761Srwatson 1565101099Srwatson if (!mac_biba_enabled) 1566101099Srwatson return (0); 1567101099Srwatson 1568101099Srwatson p = SLOT(mbuflabel); 1569101099Srwatson i = SLOT(ifnetlabel); 1570103759Srwatson 1571101099Srwatson return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1572101099Srwatson} 1573101099Srwatson 1574101099Srwatsonstatic int 1575101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1576101099Srwatson struct label *mntlabel) 1577101099Srwatson{ 1578101099Srwatson struct mac_biba *subj, *obj; 1579101099Srwatson 1580101099Srwatson if (!mac_biba_enabled) 1581101099Srwatson return (0); 1582101099Srwatson 1583101099Srwatson subj = SLOT(&cred->cr_label); 1584101099Srwatson obj = SLOT(mntlabel); 1585101099Srwatson 1586101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1587101099Srwatson return (EACCES); 1588101099Srwatson 1589101099Srwatson return (0); 1590101099Srwatson} 1591101099Srwatson 1592101099Srwatsonstatic int 1593101099Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1594101099Srwatson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1595101099Srwatson{ 1596103759Srwatson 1597101099Srwatson if(!mac_biba_enabled) 1598101099Srwatson return (0); 1599101099Srwatson 1600101099Srwatson /* XXX: This will be implemented soon... */ 1601101099Srwatson 1602101099Srwatson return (0); 1603101099Srwatson} 1604101099Srwatson 1605101099Srwatsonstatic int 1606102115Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1607102115Srwatson struct label *pipelabel) 1608101099Srwatson{ 1609101099Srwatson struct mac_biba *subj, *obj; 1610101099Srwatson 1611101099Srwatson if (!mac_biba_enabled) 1612101099Srwatson return (0); 1613101099Srwatson 1614101099Srwatson subj = SLOT(&cred->cr_label); 1615101099Srwatson obj = SLOT((pipelabel)); 1616101099Srwatson 1617102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1618102115Srwatson return (EACCES); 1619101099Srwatson 1620101099Srwatson return (0); 1621101099Srwatson} 1622101099Srwatson 1623101099Srwatsonstatic int 1624102115Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1625102115Srwatson struct label *pipelabel) 1626102115Srwatson{ 1627102115Srwatson struct mac_biba *subj, *obj; 1628102115Srwatson 1629102115Srwatson if (!mac_biba_enabled) 1630102115Srwatson return (0); 1631102115Srwatson 1632102115Srwatson subj = SLOT(&cred->cr_label); 1633102115Srwatson obj = SLOT((pipelabel)); 1634102115Srwatson 1635102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1636102115Srwatson return (EACCES); 1637102115Srwatson 1638102115Srwatson return (0); 1639102115Srwatson} 1640102115Srwatson 1641102115Srwatsonstatic int 1642101099Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1643101099Srwatson struct label *pipelabel, struct label *newlabel) 1644101099Srwatson{ 1645101099Srwatson struct mac_biba *subj, *obj, *new; 1646105634Srwatson int error; 1647101099Srwatson 1648101099Srwatson new = SLOT(newlabel); 1649101099Srwatson subj = SLOT(&cred->cr_label); 1650101099Srwatson obj = SLOT(pipelabel); 1651101099Srwatson 1652101099Srwatson /* 1653105634Srwatson * If there is a Biba label update for a pipe, it must be a 1654105634Srwatson * single update. 1655101099Srwatson */ 1656105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 1657105634Srwatson if (error) 1658105634Srwatson return (error); 1659101099Srwatson 1660101099Srwatson /* 1661105634Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1662105634Srwatson * authorize the relabel. 1663101099Srwatson */ 1664105634Srwatson if (!mac_biba_single_in_range(obj, subj)) 1665101099Srwatson return (EPERM); 1666101099Srwatson 1667101099Srwatson /* 1668105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1669101099Srwatson */ 1670105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 1671105634Srwatson /* 1672105634Srwatson * To change the Biba label on a pipe, the new pipe label 1673105634Srwatson * must be in the subject range. 1674105634Srwatson */ 1675105634Srwatson if (!mac_biba_single_in_range(new, subj)) 1676105634Srwatson return (EPERM); 1677101099Srwatson 1678105634Srwatson /* 1679105634Srwatson * To change the Biba label on a pipe to be EQUAL, the 1680105634Srwatson * subject must have appropriate privilege. 1681105634Srwatson */ 1682105634Srwatson if (mac_biba_contains_equal(new)) { 1683106090Srwatson error = mac_biba_subject_privileged(subj); 1684105634Srwatson if (error) 1685105634Srwatson return (error); 1686105634Srwatson } 1687105634Srwatson } 1688105634Srwatson 1689101099Srwatson return (0); 1690101099Srwatson} 1691101099Srwatson 1692101099Srwatsonstatic int 1693102115Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1694102115Srwatson struct label *pipelabel) 1695102115Srwatson{ 1696102115Srwatson struct mac_biba *subj, *obj; 1697102115Srwatson 1698102115Srwatson if (!mac_biba_enabled) 1699102115Srwatson return (0); 1700102115Srwatson 1701102115Srwatson subj = SLOT(&cred->cr_label); 1702102115Srwatson obj = SLOT((pipelabel)); 1703102115Srwatson 1704102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1705102115Srwatson return (EACCES); 1706102115Srwatson 1707102115Srwatson return (0); 1708102115Srwatson} 1709102115Srwatson 1710102115Srwatsonstatic int 1711102115Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1712102115Srwatson struct label *pipelabel) 1713102115Srwatson{ 1714102115Srwatson struct mac_biba *subj, *obj; 1715102115Srwatson 1716102115Srwatson if (!mac_biba_enabled) 1717102115Srwatson return (0); 1718102115Srwatson 1719102115Srwatson subj = SLOT(&cred->cr_label); 1720102115Srwatson obj = SLOT((pipelabel)); 1721102115Srwatson 1722102115Srwatson if (!mac_biba_dominate_single(subj, obj)) 1723102115Srwatson return (EACCES); 1724102115Srwatson 1725102115Srwatson return (0); 1726102115Srwatson} 1727102115Srwatson 1728102115Srwatsonstatic int 1729101099Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1730101099Srwatson{ 1731101099Srwatson struct mac_biba *subj, *obj; 1732101099Srwatson 1733101099Srwatson if (!mac_biba_enabled) 1734101099Srwatson return (0); 1735101099Srwatson 1736101099Srwatson subj = SLOT(&cred->cr_label); 1737101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1738101099Srwatson 1739101099Srwatson /* XXX: range checks */ 1740101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1741101099Srwatson return (ESRCH); 1742101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1743101099Srwatson return (EACCES); 1744101099Srwatson 1745101099Srwatson return (0); 1746101099Srwatson} 1747101099Srwatson 1748101099Srwatsonstatic int 1749101099Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1750101099Srwatson{ 1751101099Srwatson struct mac_biba *subj, *obj; 1752103759Srwatson 1753101099Srwatson if (!mac_biba_enabled) 1754101099Srwatson return (0); 1755101099Srwatson 1756101099Srwatson subj = SLOT(&cred->cr_label); 1757101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1758103759Srwatson 1759101099Srwatson /* XXX: range checks */ 1760101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1761101099Srwatson return (ESRCH); 1762101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1763101099Srwatson return (EACCES); 1764101099Srwatson 1765101099Srwatson return (0); 1766101099Srwatson} 1767101099Srwatson 1768101099Srwatsonstatic int 1769101099Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1770101099Srwatson{ 1771101099Srwatson struct mac_biba *subj, *obj; 1772103759Srwatson 1773101099Srwatson if (!mac_biba_enabled) 1774101099Srwatson return (0); 1775101099Srwatson 1776101099Srwatson subj = SLOT(&cred->cr_label); 1777101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1778103759Srwatson 1779101099Srwatson /* XXX: range checks */ 1780101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1781101099Srwatson return (ESRCH); 1782101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1783101099Srwatson return (EACCES); 1784101099Srwatson 1785101099Srwatson return (0); 1786101099Srwatson} 1787101099Srwatson 1788101099Srwatsonstatic int 1789101934Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1790101099Srwatson struct mbuf *m, struct label *mbuflabel) 1791101099Srwatson{ 1792101099Srwatson struct mac_biba *p, *s; 1793101099Srwatson 1794101099Srwatson if (!mac_biba_enabled) 1795101099Srwatson return (0); 1796101099Srwatson 1797101099Srwatson p = SLOT(mbuflabel); 1798101099Srwatson s = SLOT(socketlabel); 1799101099Srwatson 1800101099Srwatson return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1801101099Srwatson} 1802101099Srwatson 1803101099Srwatsonstatic int 1804106214Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, 1805101099Srwatson struct label *socketlabel, struct label *newlabel) 1806101099Srwatson{ 1807101099Srwatson struct mac_biba *subj, *obj, *new; 1808105634Srwatson int error; 1809101099Srwatson 1810101099Srwatson new = SLOT(newlabel); 1811101099Srwatson subj = SLOT(&cred->cr_label); 1812101099Srwatson obj = SLOT(socketlabel); 1813101099Srwatson 1814101099Srwatson /* 1815105634Srwatson * If there is a Biba label update for the socket, it may be 1816105634Srwatson * an update of single. 1817101099Srwatson */ 1818105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 1819105634Srwatson if (error) 1820105634Srwatson return (error); 1821101099Srwatson 1822101099Srwatson /* 1823105634Srwatson * To relabel a socket, the old socket single must be in the subject 1824101099Srwatson * range. 1825101099Srwatson */ 1826105634Srwatson if (!mac_biba_single_in_range(obj, subj)) 1827101099Srwatson return (EPERM); 1828101099Srwatson 1829101099Srwatson /* 1830105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1831101099Srwatson */ 1832105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 1833105634Srwatson /* 1834105634Srwatson * To relabel a socket, the new socket single must be in 1835105634Srwatson * the subject range. 1836105634Srwatson */ 1837105634Srwatson if (!mac_biba_single_in_range(new, subj)) 1838105634Srwatson return (EPERM); 1839101099Srwatson 1840105634Srwatson /* 1841105634Srwatson * To change the Biba label on the socket to contain EQUAL, 1842105634Srwatson * the subject must have appropriate privilege. 1843105634Srwatson */ 1844105634Srwatson if (mac_biba_contains_equal(new)) { 1845106090Srwatson error = mac_biba_subject_privileged(subj); 1846105634Srwatson if (error) 1847105634Srwatson return (error); 1848105634Srwatson } 1849105634Srwatson } 1850105634Srwatson 1851101099Srwatson return (0); 1852101099Srwatson} 1853101099Srwatson 1854101099Srwatsonstatic int 1855101099Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1856101099Srwatson struct label *socketlabel) 1857101099Srwatson{ 1858101099Srwatson struct mac_biba *subj, *obj; 1859101099Srwatson 1860105722Srwatson if (!mac_biba_enabled) 1861105722Srwatson return (0); 1862105722Srwatson 1863101099Srwatson subj = SLOT(&cred->cr_label); 1864101099Srwatson obj = SLOT(socketlabel); 1865101099Srwatson 1866101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1867101099Srwatson return (ENOENT); 1868101099Srwatson 1869101099Srwatson return (0); 1870101099Srwatson} 1871101099Srwatson 1872101099Srwatsonstatic int 1873106161Srwatsonmac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 1874106161Srwatson struct label *label) 1875106161Srwatson{ 1876106161Srwatson struct mac_biba *subj, *obj; 1877106161Srwatson 1878106161Srwatson if (!mac_biba_enabled) 1879106161Srwatson return (0); 1880106161Srwatson 1881106161Srwatson subj = SLOT(&cred->cr_label); 1882106161Srwatson obj = SLOT(label); 1883106161Srwatson 1884106161Srwatson if (!mac_biba_subject_privileged(subj)) 1885106161Srwatson return (EPERM); 1886106161Srwatson 1887106161Srwatson if (!mac_biba_high_single(obj)) 1888106161Srwatson return (EACCES); 1889106161Srwatson 1890106161Srwatson return (0); 1891106161Srwatson} 1892106161Srwatson 1893106161Srwatsonstatic int 1894106161Srwatsonmac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 1895106161Srwatson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 1896106161Srwatson{ 1897106161Srwatson struct mac_biba *subj; 1898106161Srwatson int error; 1899106161Srwatson 1900106161Srwatson if (!mac_biba_enabled) 1901106161Srwatson return (0); 1902106161Srwatson 1903106161Srwatson subj = SLOT(&cred->cr_label); 1904106161Srwatson 1905106161Srwatson /* 1906106161Srwatson * In general, treat sysctl variables as biba/high, but also 1907106161Srwatson * require privilege to change them, since they are a 1908106161Srwatson * communications channel between grades. Exempt MIB 1909106161Srwatson * queries from this due to undocmented sysctl magic. 1910106161Srwatson * XXXMAC: This probably requires some more review. 1911106161Srwatson */ 1912106161Srwatson if (new != NULL) { 1913106161Srwatson if (namelen > 0 && name[0] == 0) 1914106161Srwatson return (0); 1915106161Srwatson 1916106161Srwatson if (!mac_biba_subject_dominate_high(subj)) 1917106161Srwatson return (EACCES); 1918106161Srwatson 1919106161Srwatson error = mac_biba_subject_privileged(subj); 1920106161Srwatson if (error) 1921106161Srwatson return (error); 1922106161Srwatson } 1923106161Srwatson 1924106161Srwatson return (0); 1925106161Srwatson} 1926106161Srwatson 1927106161Srwatsonstatic int 1928101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1929101099Srwatson struct label *dlabel) 1930101099Srwatson{ 1931101099Srwatson struct mac_biba *subj, *obj; 1932101099Srwatson 1933101099Srwatson if (!mac_biba_enabled) 1934101099Srwatson return (0); 1935101099Srwatson 1936101099Srwatson subj = SLOT(&cred->cr_label); 1937101099Srwatson obj = SLOT(dlabel); 1938101099Srwatson 1939101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1940101099Srwatson return (EACCES); 1941101099Srwatson 1942101099Srwatson return (0); 1943101099Srwatson} 1944101099Srwatson 1945101099Srwatsonstatic int 1946101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1947101099Srwatson struct label *dlabel) 1948101099Srwatson{ 1949101099Srwatson struct mac_biba *subj, *obj; 1950101099Srwatson 1951101099Srwatson if (!mac_biba_enabled) 1952101099Srwatson return (0); 1953101099Srwatson 1954101099Srwatson subj = SLOT(&cred->cr_label); 1955101099Srwatson obj = SLOT(dlabel); 1956101099Srwatson 1957101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1958101099Srwatson return (EACCES); 1959101099Srwatson 1960101099Srwatson return (0); 1961101099Srwatson} 1962101099Srwatson 1963101099Srwatsonstatic int 1964101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1965101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1966101099Srwatson{ 1967101099Srwatson struct mac_biba *subj, *obj; 1968101099Srwatson 1969101099Srwatson if (!mac_biba_enabled) 1970101099Srwatson return (0); 1971101099Srwatson 1972101099Srwatson subj = SLOT(&cred->cr_label); 1973101099Srwatson obj = SLOT(dlabel); 1974101099Srwatson 1975101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1976101099Srwatson return (EACCES); 1977101099Srwatson 1978101099Srwatson return (0); 1979101099Srwatson} 1980101099Srwatson 1981101099Srwatsonstatic int 1982101099Srwatsonmac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1983101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1984101099Srwatson struct componentname *cnp) 1985101099Srwatson{ 1986101099Srwatson struct mac_biba *subj, *obj; 1987101099Srwatson 1988101099Srwatson if (!mac_biba_enabled) 1989101099Srwatson return (0); 1990101099Srwatson 1991101099Srwatson subj = SLOT(&cred->cr_label); 1992101099Srwatson obj = SLOT(dlabel); 1993101099Srwatson 1994101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1995101099Srwatson return (EACCES); 1996101099Srwatson 1997101099Srwatson obj = SLOT(label); 1998101099Srwatson 1999101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2000101099Srwatson return (EACCES); 2001101099Srwatson 2002101099Srwatson return (0); 2003101099Srwatson} 2004101099Srwatson 2005101099Srwatsonstatic int 2006101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 2007101099Srwatson struct label *label, acl_type_t type) 2008101099Srwatson{ 2009101099Srwatson struct mac_biba *subj, *obj; 2010101099Srwatson 2011101099Srwatson if (!mac_biba_enabled) 2012101099Srwatson return (0); 2013101099Srwatson 2014101099Srwatson subj = SLOT(&cred->cr_label); 2015101099Srwatson obj = SLOT(label); 2016101099Srwatson 2017101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2018101099Srwatson return (EACCES); 2019101099Srwatson 2020101099Srwatson return (0); 2021101099Srwatson} 2022101099Srwatson 2023101099Srwatsonstatic int 2024101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 2025101099Srwatson struct label *label) 2026101099Srwatson{ 2027101099Srwatson struct mac_biba *subj, *obj; 2028101099Srwatson 2029101099Srwatson if (!mac_biba_enabled) 2030101099Srwatson return (0); 2031101099Srwatson 2032101099Srwatson subj = SLOT(&cred->cr_label); 2033101099Srwatson obj = SLOT(label); 2034101099Srwatson 2035101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2036101099Srwatson return (EACCES); 2037101099Srwatson 2038101099Srwatson return (0); 2039101099Srwatson} 2040101099Srwatson 2041101099Srwatsonstatic int 2042101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 2043101099Srwatson struct label *label, acl_type_t type) 2044101099Srwatson{ 2045101099Srwatson struct mac_biba *subj, *obj; 2046101099Srwatson 2047101099Srwatson if (!mac_biba_enabled) 2048101099Srwatson return (0); 2049101099Srwatson 2050101099Srwatson subj = SLOT(&cred->cr_label); 2051101099Srwatson obj = SLOT(label); 2052101099Srwatson 2053101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2054101099Srwatson return (EACCES); 2055101099Srwatson 2056101099Srwatson return (0); 2057101099Srwatson} 2058101099Srwatson 2059101099Srwatsonstatic int 2060101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 2061101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 2062101099Srwatson{ 2063101099Srwatson struct mac_biba *subj, *obj; 2064101099Srwatson 2065101099Srwatson if (!mac_biba_enabled) 2066101099Srwatson return (0); 2067101099Srwatson 2068101099Srwatson subj = SLOT(&cred->cr_label); 2069101099Srwatson obj = SLOT(label); 2070101099Srwatson 2071101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2072101099Srwatson return (EACCES); 2073101099Srwatson 2074101099Srwatson return (0); 2075101099Srwatson} 2076101099Srwatson 2077101099Srwatsonstatic int 2078104530Srwatsonmac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, 2079104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2080104530Srwatson struct componentname *cnp) 2081104530Srwatson{ 2082104530Srwatson struct mac_biba *subj, *obj; 2083104530Srwatson 2084104530Srwatson if (!mac_biba_enabled) 2085104530Srwatson return (0); 2086104530Srwatson 2087104530Srwatson subj = SLOT(&cred->cr_label); 2088104530Srwatson obj = SLOT(dlabel); 2089104530Srwatson 2090104530Srwatson if (!mac_biba_dominate_single(subj, obj)) 2091104530Srwatson return (EACCES); 2092104530Srwatson 2093104530Srwatson obj = SLOT(label); 2094104530Srwatson 2095104530Srwatson if (!mac_biba_dominate_single(subj, obj)) 2096104530Srwatson return (EACCES); 2097104530Srwatson 2098104530Srwatson return (0); 2099104530Srwatson} 2100104530Srwatson 2101104530Srwatsonstatic int 2102103759Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2103101099Srwatson struct label *dlabel, struct componentname *cnp) 2104101099Srwatson{ 2105101099Srwatson struct mac_biba *subj, *obj; 2106103759Srwatson 2107101099Srwatson if (!mac_biba_enabled) 2108101099Srwatson return (0); 2109103759Srwatson 2110101099Srwatson subj = SLOT(&cred->cr_label); 2111101099Srwatson obj = SLOT(dlabel); 2112103759Srwatson 2113101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2114101099Srwatson return (EACCES); 2115101099Srwatson 2116103759Srwatson return (0); 2117101099Srwatson} 2118101099Srwatson 2119101099Srwatsonstatic int 2120104546Srwatsonmac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2121104546Srwatson struct label *label, int prot) 2122104546Srwatson{ 2123104546Srwatson struct mac_biba *subj, *obj; 2124104546Srwatson 2125104546Srwatson /* 2126104546Srwatson * Rely on the use of open()-time protections to handle 2127104546Srwatson * non-revocation cases. 2128104546Srwatson */ 2129105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2130104546Srwatson return (0); 2131104546Srwatson 2132104546Srwatson subj = SLOT(&cred->cr_label); 2133104546Srwatson obj = SLOT(label); 2134104546Srwatson 2135104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2136104546Srwatson if (!mac_biba_dominate_single(obj, subj)) 2137104546Srwatson return (EACCES); 2138104546Srwatson } 2139104546Srwatson if (prot & VM_PROT_WRITE) { 2140104546Srwatson if (!mac_biba_dominate_single(subj, obj)) 2141104546Srwatson return (EACCES); 2142104546Srwatson } 2143104546Srwatson 2144104569Srwatson return (0); 2145104546Srwatson} 2146104546Srwatson 2147104546Srwatsonstatic int 2148101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 2149106212Srwatson struct label *vnodelabel, int acc_mode) 2150101099Srwatson{ 2151101099Srwatson struct mac_biba *subj, *obj; 2152101099Srwatson 2153101099Srwatson if (!mac_biba_enabled) 2154101099Srwatson return (0); 2155101099Srwatson 2156101099Srwatson subj = SLOT(&cred->cr_label); 2157101099Srwatson obj = SLOT(vnodelabel); 2158101099Srwatson 2159101099Srwatson /* XXX privilege override for admin? */ 2160101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 2161101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2162101099Srwatson return (EACCES); 2163101099Srwatson } 2164101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 2165101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2166101099Srwatson return (EACCES); 2167101099Srwatson } 2168101099Srwatson 2169101099Srwatson return (0); 2170101099Srwatson} 2171101099Srwatson 2172101099Srwatsonstatic int 2173102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2174102129Srwatson struct vnode *vp, struct label *label) 2175102112Srwatson{ 2176102112Srwatson struct mac_biba *subj, *obj; 2177102112Srwatson 2178105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2179102112Srwatson return (0); 2180102112Srwatson 2181102129Srwatson subj = SLOT(&active_cred->cr_label); 2182102112Srwatson obj = SLOT(label); 2183102112Srwatson 2184102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 2185102112Srwatson return (EACCES); 2186102112Srwatson 2187102112Srwatson return (0); 2188102112Srwatson} 2189102112Srwatson 2190102112Srwatsonstatic int 2191102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2192102129Srwatson struct vnode *vp, struct label *label) 2193102112Srwatson{ 2194102112Srwatson struct mac_biba *subj, *obj; 2195102112Srwatson 2196105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2197102112Srwatson return (0); 2198102112Srwatson 2199102129Srwatson subj = SLOT(&active_cred->cr_label); 2200102112Srwatson obj = SLOT(label); 2201102112Srwatson 2202102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 2203102112Srwatson return (EACCES); 2204102112Srwatson 2205102112Srwatson return (0); 2206102112Srwatson} 2207102112Srwatson 2208102112Srwatsonstatic int 2209101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2210101099Srwatson struct label *dlabel) 2211101099Srwatson{ 2212101099Srwatson struct mac_biba *subj, *obj; 2213101099Srwatson 2214101099Srwatson if (!mac_biba_enabled) 2215101099Srwatson return (0); 2216101099Srwatson 2217101099Srwatson subj = SLOT(&cred->cr_label); 2218101099Srwatson obj = SLOT(dlabel); 2219101099Srwatson 2220101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2221101099Srwatson return (EACCES); 2222101099Srwatson 2223101099Srwatson return (0); 2224101099Srwatson} 2225101099Srwatson 2226101099Srwatsonstatic int 2227101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2228101099Srwatson struct label *label) 2229101099Srwatson{ 2230101099Srwatson struct mac_biba *subj, *obj; 2231101099Srwatson 2232101099Srwatson if (!mac_biba_enabled) 2233101099Srwatson return (0); 2234101099Srwatson 2235101099Srwatson subj = SLOT(&cred->cr_label); 2236101099Srwatson obj = SLOT(label); 2237101099Srwatson 2238101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2239101099Srwatson return (EACCES); 2240101099Srwatson 2241101099Srwatson return (0); 2242101099Srwatson} 2243101099Srwatson 2244101099Srwatsonstatic int 2245101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2246101099Srwatson struct label *vnodelabel, struct label *newlabel) 2247101099Srwatson{ 2248101099Srwatson struct mac_biba *old, *new, *subj; 2249105634Srwatson int error; 2250101099Srwatson 2251101099Srwatson old = SLOT(vnodelabel); 2252101099Srwatson new = SLOT(newlabel); 2253101099Srwatson subj = SLOT(&cred->cr_label); 2254101099Srwatson 2255101099Srwatson /* 2256105634Srwatson * If there is a Biba label update for the vnode, it must be a 2257105634Srwatson * single label. 2258101099Srwatson */ 2259105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 2260105634Srwatson if (error) 2261105634Srwatson return (error); 2262101099Srwatson 2263101099Srwatson /* 2264105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 2265105634Srwatson * authorize the relabel. 2266101099Srwatson */ 2267105634Srwatson if (!mac_biba_single_in_range(old, subj)) 2268101099Srwatson return (EPERM); 2269101099Srwatson 2270101099Srwatson /* 2271105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2272101099Srwatson */ 2273105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 2274105634Srwatson /* 2275105634Srwatson * To change the Biba label on a vnode, the new vnode label 2276105634Srwatson * must be in the subject range. 2277105634Srwatson */ 2278105634Srwatson if (!mac_biba_single_in_range(new, subj)) 2279105634Srwatson return (EPERM); 2280101099Srwatson 2281105634Srwatson /* 2282105634Srwatson * To change the Biba label on the vnode to be EQUAL, 2283105634Srwatson * the subject must have appropriate privilege. 2284105634Srwatson */ 2285105634Srwatson if (mac_biba_contains_equal(new)) { 2286106090Srwatson error = mac_biba_subject_privileged(subj); 2287105634Srwatson if (error) 2288105634Srwatson return (error); 2289105634Srwatson } 2290105634Srwatson } 2291105634Srwatson 2292105634Srwatson return (0); 2293101099Srwatson} 2294101099Srwatson 2295101099Srwatsonstatic int 2296101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 2297101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2298101099Srwatson struct componentname *cnp) 2299101099Srwatson{ 2300101099Srwatson struct mac_biba *subj, *obj; 2301101099Srwatson 2302101099Srwatson if (!mac_biba_enabled) 2303101099Srwatson return (0); 2304101099Srwatson 2305101099Srwatson subj = SLOT(&cred->cr_label); 2306101099Srwatson obj = SLOT(dlabel); 2307101099Srwatson 2308101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2309101099Srwatson return (EACCES); 2310101099Srwatson 2311101099Srwatson obj = SLOT(label); 2312101099Srwatson 2313101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2314101099Srwatson return (EACCES); 2315101099Srwatson 2316101099Srwatson return (0); 2317101099Srwatson} 2318101099Srwatson 2319101099Srwatsonstatic int 2320101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2321101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2322101099Srwatson struct componentname *cnp) 2323101099Srwatson{ 2324101099Srwatson struct mac_biba *subj, *obj; 2325101099Srwatson 2326101099Srwatson if (!mac_biba_enabled) 2327101099Srwatson return (0); 2328101099Srwatson 2329101099Srwatson subj = SLOT(&cred->cr_label); 2330101099Srwatson obj = SLOT(dlabel); 2331101099Srwatson 2332101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2333101099Srwatson return (EACCES); 2334101099Srwatson 2335101099Srwatson if (vp != NULL) { 2336101099Srwatson obj = SLOT(label); 2337101099Srwatson 2338101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2339101099Srwatson return (EACCES); 2340101099Srwatson } 2341101099Srwatson 2342101099Srwatson return (0); 2343101099Srwatson} 2344101099Srwatson 2345101099Srwatsonstatic int 2346101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2347101099Srwatson struct label *label) 2348101099Srwatson{ 2349101099Srwatson struct mac_biba *subj, *obj; 2350101099Srwatson 2351101099Srwatson if (!mac_biba_enabled) 2352101099Srwatson return (0); 2353101099Srwatson 2354101099Srwatson subj = SLOT(&cred->cr_label); 2355101099Srwatson obj = SLOT(label); 2356101099Srwatson 2357101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2358101099Srwatson return (EACCES); 2359101099Srwatson 2360101099Srwatson return (0); 2361101099Srwatson} 2362101099Srwatson 2363101099Srwatsonstatic int 2364101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2365101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 2366101099Srwatson{ 2367101099Srwatson struct mac_biba *subj, *obj; 2368101099Srwatson 2369101099Srwatson if (!mac_biba_enabled) 2370101099Srwatson return (0); 2371101099Srwatson 2372101099Srwatson subj = SLOT(&cred->cr_label); 2373101099Srwatson obj = SLOT(label); 2374101099Srwatson 2375101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2376101099Srwatson return (EACCES); 2377101099Srwatson 2378101099Srwatson return (0); 2379101099Srwatson} 2380101099Srwatson 2381101099Srwatsonstatic int 2382101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2383101099Srwatson struct label *vnodelabel, int attrnamespace, const char *name, 2384101099Srwatson struct uio *uio) 2385101099Srwatson{ 2386101099Srwatson struct mac_biba *subj, *obj; 2387101099Srwatson 2388101099Srwatson if (!mac_biba_enabled) 2389101099Srwatson return (0); 2390101099Srwatson 2391101099Srwatson subj = SLOT(&cred->cr_label); 2392101099Srwatson obj = SLOT(vnodelabel); 2393101099Srwatson 2394101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2395101099Srwatson return (EACCES); 2396101099Srwatson 2397101099Srwatson /* XXX: protect the MAC EA in a special way? */ 2398101099Srwatson 2399101099Srwatson return (0); 2400101099Srwatson} 2401101099Srwatson 2402101099Srwatsonstatic int 2403101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2404101099Srwatson struct label *vnodelabel, u_long flags) 2405101099Srwatson{ 2406101099Srwatson struct mac_biba *subj, *obj; 2407101099Srwatson 2408101099Srwatson if (!mac_biba_enabled) 2409101099Srwatson return (0); 2410101099Srwatson 2411101099Srwatson subj = SLOT(&cred->cr_label); 2412101099Srwatson obj = SLOT(vnodelabel); 2413101099Srwatson 2414101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2415101099Srwatson return (EACCES); 2416101099Srwatson 2417101099Srwatson return (0); 2418101099Srwatson} 2419101099Srwatson 2420101099Srwatsonstatic int 2421101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2422101099Srwatson struct label *vnodelabel, mode_t mode) 2423101099Srwatson{ 2424101099Srwatson struct mac_biba *subj, *obj; 2425101099Srwatson 2426101099Srwatson if (!mac_biba_enabled) 2427101099Srwatson return (0); 2428101099Srwatson 2429101099Srwatson subj = SLOT(&cred->cr_label); 2430101099Srwatson obj = SLOT(vnodelabel); 2431101099Srwatson 2432101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2433101099Srwatson return (EACCES); 2434101099Srwatson 2435101099Srwatson return (0); 2436101099Srwatson} 2437101099Srwatson 2438101099Srwatsonstatic int 2439101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2440101099Srwatson struct label *vnodelabel, uid_t uid, gid_t gid) 2441101099Srwatson{ 2442101099Srwatson struct mac_biba *subj, *obj; 2443101099Srwatson 2444101099Srwatson if (!mac_biba_enabled) 2445101099Srwatson return (0); 2446101099Srwatson 2447101099Srwatson subj = SLOT(&cred->cr_label); 2448101099Srwatson obj = SLOT(vnodelabel); 2449101099Srwatson 2450101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2451101099Srwatson return (EACCES); 2452101099Srwatson 2453101099Srwatson return (0); 2454101099Srwatson} 2455101099Srwatson 2456101099Srwatsonstatic int 2457101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2458101099Srwatson struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2459101099Srwatson{ 2460101099Srwatson struct mac_biba *subj, *obj; 2461101099Srwatson 2462101099Srwatson if (!mac_biba_enabled) 2463101099Srwatson return (0); 2464101099Srwatson 2465101099Srwatson subj = SLOT(&cred->cr_label); 2466101099Srwatson obj = SLOT(vnodelabel); 2467101099Srwatson 2468101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2469101099Srwatson return (EACCES); 2470101099Srwatson 2471101099Srwatson return (0); 2472101099Srwatson} 2473101099Srwatson 2474101099Srwatsonstatic int 2475102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2476102129Srwatson struct vnode *vp, struct label *vnodelabel) 2477101099Srwatson{ 2478101099Srwatson struct mac_biba *subj, *obj; 2479101099Srwatson 2480101099Srwatson if (!mac_biba_enabled) 2481101099Srwatson return (0); 2482101099Srwatson 2483102129Srwatson subj = SLOT(&active_cred->cr_label); 2484101099Srwatson obj = SLOT(vnodelabel); 2485101099Srwatson 2486101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2487101099Srwatson return (EACCES); 2488101099Srwatson 2489101099Srwatson return (0); 2490101099Srwatson} 2491101099Srwatson 2492102112Srwatsonstatic int 2493102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 2494102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 2495102112Srwatson{ 2496102112Srwatson struct mac_biba *subj, *obj; 2497102112Srwatson 2498105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2499102112Srwatson return (0); 2500102112Srwatson 2501102129Srwatson subj = SLOT(&active_cred->cr_label); 2502102112Srwatson obj = SLOT(label); 2503102112Srwatson 2504102112Srwatson if (!mac_biba_dominate_single(subj, obj)) 2505102112Srwatson return (EACCES); 2506102112Srwatson 2507102112Srwatson return (0); 2508102112Srwatson} 2509102112Srwatson 2510106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 2511101099Srwatson{ 2512106217Srwatson .mpo_destroy = mac_biba_destroy, 2513106217Srwatson .mpo_init = mac_biba_init, 2514106217Srwatson .mpo_init_bpfdesc_label = mac_biba_init_label, 2515106217Srwatson .mpo_init_cred_label = mac_biba_init_label, 2516106217Srwatson .mpo_init_devfsdirent_label = mac_biba_init_label, 2517106217Srwatson .mpo_init_ifnet_label = mac_biba_init_label, 2518106217Srwatson .mpo_init_ipq_label = mac_biba_init_label, 2519106217Srwatson .mpo_init_mbuf_label = mac_biba_init_label_waitcheck, 2520106217Srwatson .mpo_init_mount_label = mac_biba_init_label, 2521106217Srwatson .mpo_init_mount_fs_label = mac_biba_init_label, 2522106217Srwatson .mpo_init_pipe_label = mac_biba_init_label, 2523106217Srwatson .mpo_init_socket_label = mac_biba_init_label_waitcheck, 2524106217Srwatson .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, 2525106217Srwatson .mpo_init_vnode_label = mac_biba_init_label, 2526106217Srwatson .mpo_destroy_bpfdesc_label = mac_biba_destroy_label, 2527106217Srwatson .mpo_destroy_cred_label = mac_biba_destroy_label, 2528106217Srwatson .mpo_destroy_devfsdirent_label = mac_biba_destroy_label, 2529106217Srwatson .mpo_destroy_ifnet_label = mac_biba_destroy_label, 2530106217Srwatson .mpo_destroy_ipq_label = mac_biba_destroy_label, 2531106217Srwatson .mpo_destroy_mbuf_label = mac_biba_destroy_label, 2532106217Srwatson .mpo_destroy_mount_label = mac_biba_destroy_label, 2533106217Srwatson .mpo_destroy_mount_fs_label = mac_biba_destroy_label, 2534106217Srwatson .mpo_destroy_pipe_label = mac_biba_destroy_label, 2535106217Srwatson .mpo_destroy_socket_label = mac_biba_destroy_label, 2536106217Srwatson .mpo_destroy_socket_peer_label = mac_biba_destroy_label, 2537106217Srwatson .mpo_destroy_vnode_label = mac_biba_destroy_label, 2538106217Srwatson .mpo_copy_pipe_label = mac_biba_copy_label, 2539106217Srwatson .mpo_copy_vnode_label = mac_biba_copy_label, 2540106217Srwatson .mpo_externalize_cred_label = mac_biba_externalize_label, 2541106217Srwatson .mpo_externalize_ifnet_label = mac_biba_externalize_label, 2542106217Srwatson .mpo_externalize_pipe_label = mac_biba_externalize_label, 2543106217Srwatson .mpo_externalize_socket_label = mac_biba_externalize_label, 2544106217Srwatson .mpo_externalize_socket_peer_label = mac_biba_externalize_label, 2545106217Srwatson .mpo_externalize_vnode_label = mac_biba_externalize_label, 2546106217Srwatson .mpo_internalize_cred_label = mac_biba_internalize_label, 2547106217Srwatson .mpo_internalize_ifnet_label = mac_biba_internalize_label, 2548106217Srwatson .mpo_internalize_pipe_label = mac_biba_internalize_label, 2549106217Srwatson .mpo_internalize_socket_label = mac_biba_internalize_label, 2550106217Srwatson .mpo_internalize_vnode_label = mac_biba_internalize_label, 2551106217Srwatson .mpo_create_devfs_device = mac_biba_create_devfs_device, 2552106217Srwatson .mpo_create_devfs_directory = mac_biba_create_devfs_directory, 2553106217Srwatson .mpo_create_devfs_symlink = mac_biba_create_devfs_symlink, 2554106217Srwatson .mpo_create_devfs_vnode = mac_biba_create_devfs_vnode, 2555106217Srwatson .mpo_create_mount = mac_biba_create_mount, 2556106217Srwatson .mpo_create_root_mount = mac_biba_create_root_mount, 2557106217Srwatson .mpo_relabel_vnode = mac_biba_relabel_vnode, 2558106217Srwatson .mpo_update_devfsdirent = mac_biba_update_devfsdirent, 2559106217Srwatson .mpo_associate_vnode_devfs = mac_biba_associate_vnode_devfs, 2560106217Srwatson .mpo_associate_vnode_extattr = mac_biba_associate_vnode_extattr, 2561106217Srwatson .mpo_associate_vnode_singlelabel = mac_biba_associate_vnode_singlelabel, 2562106217Srwatson .mpo_create_vnode_extattr = mac_biba_create_vnode_extattr, 2563106217Srwatson .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, 2564106217Srwatson .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, 2565106217Srwatson .mpo_create_pipe = mac_biba_create_pipe, 2566106217Srwatson .mpo_create_socket = mac_biba_create_socket, 2567106217Srwatson .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, 2568106217Srwatson .mpo_relabel_pipe = mac_biba_relabel_pipe, 2569106217Srwatson .mpo_relabel_socket = mac_biba_relabel_socket, 2570106217Srwatson .mpo_set_socket_peer_from_mbuf = mac_biba_set_socket_peer_from_mbuf, 2571106217Srwatson .mpo_set_socket_peer_from_socket = mac_biba_set_socket_peer_from_socket, 2572106217Srwatson .mpo_create_bpfdesc = mac_biba_create_bpfdesc, 2573106217Srwatson .mpo_create_datagram_from_ipq = mac_biba_create_datagram_from_ipq, 2574106217Srwatson .mpo_create_fragment = mac_biba_create_fragment, 2575106217Srwatson .mpo_create_ifnet = mac_biba_create_ifnet, 2576106217Srwatson .mpo_create_ipq = mac_biba_create_ipq, 2577106217Srwatson .mpo_create_mbuf_from_mbuf = mac_biba_create_mbuf_from_mbuf, 2578106217Srwatson .mpo_create_mbuf_linklayer = mac_biba_create_mbuf_linklayer, 2579106217Srwatson .mpo_create_mbuf_from_bpfdesc = mac_biba_create_mbuf_from_bpfdesc, 2580106217Srwatson .mpo_create_mbuf_from_ifnet = mac_biba_create_mbuf_from_ifnet, 2581106217Srwatson .mpo_create_mbuf_multicast_encap = mac_biba_create_mbuf_multicast_encap, 2582106217Srwatson .mpo_create_mbuf_netlayer = mac_biba_create_mbuf_netlayer, 2583106217Srwatson .mpo_fragment_match = mac_biba_fragment_match, 2584106217Srwatson .mpo_relabel_ifnet = mac_biba_relabel_ifnet, 2585106217Srwatson .mpo_update_ipq = mac_biba_update_ipq, 2586106217Srwatson .mpo_create_cred = mac_biba_create_cred, 2587106217Srwatson .mpo_execve_transition = mac_biba_execve_transition, 2588106217Srwatson .mpo_execve_will_transition = mac_biba_execve_will_transition, 2589106217Srwatson .mpo_create_proc0 = mac_biba_create_proc0, 2590106217Srwatson .mpo_create_proc1 = mac_biba_create_proc1, 2591106217Srwatson .mpo_relabel_cred = mac_biba_relabel_cred, 2592106217Srwatson .mpo_check_bpfdesc_receive = mac_biba_check_bpfdesc_receive, 2593106217Srwatson .mpo_check_cred_relabel = mac_biba_check_cred_relabel, 2594106217Srwatson .mpo_check_cred_visible = mac_biba_check_cred_visible, 2595106217Srwatson .mpo_check_ifnet_relabel = mac_biba_check_ifnet_relabel, 2596106217Srwatson .mpo_check_ifnet_transmit = mac_biba_check_ifnet_transmit, 2597106217Srwatson .mpo_check_mount_stat = mac_biba_check_mount_stat, 2598106217Srwatson .mpo_check_pipe_ioctl = mac_biba_check_pipe_ioctl, 2599106217Srwatson .mpo_check_pipe_poll = mac_biba_check_pipe_poll, 2600106217Srwatson .mpo_check_pipe_read = mac_biba_check_pipe_read, 2601106217Srwatson .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, 2602106217Srwatson .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2603106217Srwatson .mpo_check_pipe_write = mac_biba_check_pipe_write, 2604106217Srwatson .mpo_check_proc_debug = mac_biba_check_proc_debug, 2605106217Srwatson .mpo_check_proc_sched = mac_biba_check_proc_sched, 2606106217Srwatson .mpo_check_proc_signal = mac_biba_check_proc_signal, 2607106217Srwatson .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2608106217Srwatson .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2609106217Srwatson .mpo_check_socket_visible = mac_biba_check_socket_visible, 2610106217Srwatson .mpo_check_system_swapon = mac_biba_check_system_swapon, 2611106217Srwatson .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2612106217Srwatson .mpo_check_vnode_access = mac_biba_check_vnode_open, 2613106217Srwatson .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2614106217Srwatson .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2615106217Srwatson .mpo_check_vnode_create = mac_biba_check_vnode_create, 2616106217Srwatson .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2617106217Srwatson .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 2618106217Srwatson .mpo_check_vnode_exec = mac_biba_check_vnode_exec, 2619106217Srwatson .mpo_check_vnode_getacl = mac_biba_check_vnode_getacl, 2620106217Srwatson .mpo_check_vnode_getextattr = mac_biba_check_vnode_getextattr, 2621106217Srwatson .mpo_check_vnode_link = mac_biba_check_vnode_link, 2622106217Srwatson .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, 2623106217Srwatson .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, 2624106217Srwatson .mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap, 2625106217Srwatson .mpo_check_vnode_open = mac_biba_check_vnode_open, 2626106217Srwatson .mpo_check_vnode_poll = mac_biba_check_vnode_poll, 2627106217Srwatson .mpo_check_vnode_read = mac_biba_check_vnode_read, 2628106217Srwatson .mpo_check_vnode_readdir = mac_biba_check_vnode_readdir, 2629106217Srwatson .mpo_check_vnode_readlink = mac_biba_check_vnode_readlink, 2630106217Srwatson .mpo_check_vnode_relabel = mac_biba_check_vnode_relabel, 2631106217Srwatson .mpo_check_vnode_rename_from = mac_biba_check_vnode_rename_from, 2632106217Srwatson .mpo_check_vnode_rename_to = mac_biba_check_vnode_rename_to, 2633106217Srwatson .mpo_check_vnode_revoke = mac_biba_check_vnode_revoke, 2634106217Srwatson .mpo_check_vnode_setacl = mac_biba_check_vnode_setacl, 2635106217Srwatson .mpo_check_vnode_setextattr = mac_biba_check_vnode_setextattr, 2636106217Srwatson .mpo_check_vnode_setflags = mac_biba_check_vnode_setflags, 2637106217Srwatson .mpo_check_vnode_setmode = mac_biba_check_vnode_setmode, 2638106217Srwatson .mpo_check_vnode_setowner = mac_biba_check_vnode_setowner, 2639106217Srwatson .mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes, 2640106217Srwatson .mpo_check_vnode_stat = mac_biba_check_vnode_stat, 2641106217Srwatson .mpo_check_vnode_write = mac_biba_check_vnode_write, 2642101099Srwatson}; 2643101099Srwatson 2644106217SrwatsonMAC_POLICY_SET(&mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2645101099Srwatson MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2646