mac_biba.c revision 106393
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8106393Srwatson * This software was developed for the FreeBSD Project in part by Network 9106393Srwatson * Associates Laboratories, the Security Research Division of Network 10106393Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11106393Srwatson * as part of the DARPA CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32101099Srwatson * SUCH DAMAGE. 33101099Srwatson * 34101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106393 2002-11-04 01:53:12Z rwatson $ 35101099Srwatson */ 36101099Srwatson 37101099Srwatson/* 38101099Srwatson * Developed by the TrustedBSD Project. 39101099Srwatson * Biba fixed label mandatory integrity policy. 40101099Srwatson */ 41101099Srwatson 42101099Srwatson#include <sys/types.h> 43101099Srwatson#include <sys/param.h> 44101099Srwatson#include <sys/acl.h> 45101099Srwatson#include <sys/conf.h> 46105988Srwatson#include <sys/extattr.h> 47101099Srwatson#include <sys/kernel.h> 48101099Srwatson#include <sys/mac.h> 49103183Sbde#include <sys/malloc.h> 50101099Srwatson#include <sys/mount.h> 51101099Srwatson#include <sys/proc.h> 52101099Srwatson#include <sys/systm.h> 53101099Srwatson#include <sys/sysproto.h> 54101099Srwatson#include <sys/sysent.h> 55105696Srwatson#include <sys/systm.h> 56101099Srwatson#include <sys/vnode.h> 57101099Srwatson#include <sys/file.h> 58101099Srwatson#include <sys/socket.h> 59101099Srwatson#include <sys/socketvar.h> 60101099Srwatson#include <sys/pipe.h> 61101099Srwatson#include <sys/sysctl.h> 62101099Srwatson 63101099Srwatson#include <fs/devfs/devfs.h> 64101099Srwatson 65101099Srwatson#include <net/bpfdesc.h> 66101099Srwatson#include <net/if.h> 67101099Srwatson#include <net/if_types.h> 68101099Srwatson#include <net/if_var.h> 69101099Srwatson 70101099Srwatson#include <netinet/in.h> 71101099Srwatson#include <netinet/ip_var.h> 72101099Srwatson 73101099Srwatson#include <vm/vm.h> 74101099Srwatson 75101099Srwatson#include <sys/mac_policy.h> 76101099Srwatson 77101099Srwatson#include <security/mac_biba/mac_biba.h> 78101099Srwatson 79101099SrwatsonSYSCTL_DECL(_security_mac); 80101099Srwatson 81101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 82101099Srwatson "TrustedBSD mac_biba policy controls"); 83101099Srwatson 84105988Srwatsonstatic int mac_biba_label_size = sizeof(struct mac_biba); 85105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 86105988Srwatson &mac_biba_label_size, 0, "Size of struct mac_biba"); 87105988Srwatson 88101099Srwatsonstatic int mac_biba_enabled = 0; 89101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 90101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 91102980SrwatsonTUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 92101099Srwatson 93101099Srwatsonstatic int destroyed_not_inited; 94101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 95101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 96101099Srwatson 97101099Srwatsonstatic int trust_all_interfaces = 0; 98101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 99101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 100101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 101101099Srwatson 102101099Srwatsonstatic char trusted_interfaces[128]; 103101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 104101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 105101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 106101099Srwatson sizeof(trusted_interfaces)); 107101099Srwatson 108105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 109105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 110105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 111105643Srwatson 112105606Srwatsonstatic int ptys_equal = 0; 113105606SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, 114105606Srwatson &ptys_equal, 0, "Label pty devices as biba/equal on create"); 115105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 116105606Srwatson 117105637Srwatsonstatic int revocation_enabled = 0; 118101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 119105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 120105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 121101099Srwatson 122101099Srwatsonstatic int mac_biba_slot; 123101099Srwatson#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 124101099Srwatson 125101099SrwatsonMALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 126101099Srwatson 127105643Srwatsonstatic __inline int 128105643Srwatsonbiba_bit_set_empty(u_char *set) { 129105643Srwatson int i; 130105643Srwatson 131105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 132105643Srwatson if (set[i] != 0) 133105643Srwatson return (0); 134105643Srwatson return (1); 135105643Srwatson} 136105643Srwatson 137101099Srwatsonstatic struct mac_biba * 138104514Srwatsonbiba_alloc(int flag) 139101099Srwatson{ 140101099Srwatson struct mac_biba *mac_biba; 141101099Srwatson 142104514Srwatson mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | flag); 143101099Srwatson 144101099Srwatson return (mac_biba); 145101099Srwatson} 146101099Srwatson 147101099Srwatsonstatic void 148101099Srwatsonbiba_free(struct mac_biba *mac_biba) 149101099Srwatson{ 150101099Srwatson 151101099Srwatson if (mac_biba != NULL) 152101099Srwatson free(mac_biba, M_MACBIBA); 153101099Srwatson else 154101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 155101099Srwatson} 156101099Srwatson 157101099Srwatsonstatic int 158105634Srwatsonbiba_atmostflags(struct mac_biba *mac_biba, int flags) 159105634Srwatson{ 160105634Srwatson 161105634Srwatson if ((mac_biba->mb_flags & flags) != mac_biba->mb_flags) 162105634Srwatson return (EINVAL); 163105634Srwatson return (0); 164105634Srwatson} 165105634Srwatson 166105634Srwatsonstatic int 167101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 168101099Srwatson struct mac_biba_element *b) 169101099Srwatson{ 170105643Srwatson int bit; 171101099Srwatson 172105736Srwatson switch (a->mbe_type) { 173101099Srwatson case MAC_BIBA_TYPE_EQUAL: 174101099Srwatson case MAC_BIBA_TYPE_HIGH: 175101099Srwatson return (1); 176101099Srwatson 177101099Srwatson case MAC_BIBA_TYPE_LOW: 178101099Srwatson switch (b->mbe_type) { 179101099Srwatson case MAC_BIBA_TYPE_GRADE: 180101099Srwatson case MAC_BIBA_TYPE_HIGH: 181101099Srwatson return (0); 182101099Srwatson 183101099Srwatson case MAC_BIBA_TYPE_EQUAL: 184101099Srwatson case MAC_BIBA_TYPE_LOW: 185101099Srwatson return (1); 186101099Srwatson 187101099Srwatson default: 188101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 189101099Srwatson } 190101099Srwatson 191101099Srwatson case MAC_BIBA_TYPE_GRADE: 192101099Srwatson switch (b->mbe_type) { 193101099Srwatson case MAC_BIBA_TYPE_EQUAL: 194101099Srwatson case MAC_BIBA_TYPE_LOW: 195101099Srwatson return (1); 196101099Srwatson 197101099Srwatson case MAC_BIBA_TYPE_HIGH: 198101099Srwatson return (0); 199101099Srwatson 200101099Srwatson case MAC_BIBA_TYPE_GRADE: 201105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 202105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 203105643Srwatson a->mbe_compartments) && 204105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 205105643Srwatson return (0); 206101099Srwatson return (a->mbe_grade >= b->mbe_grade); 207101099Srwatson 208101099Srwatson default: 209101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 210101099Srwatson } 211101099Srwatson 212101099Srwatson default: 213101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 214101099Srwatson } 215101099Srwatson 216101099Srwatson return (0); 217101099Srwatson} 218101099Srwatson 219101099Srwatsonstatic int 220105988Srwatsonmac_biba_subject_dominate_high(struct mac_biba *mac_biba) 221105988Srwatson{ 222105988Srwatson struct mac_biba_element *element; 223105988Srwatson 224106174Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 225105988Srwatson ("mac_biba_single_in_range: mac_biba not single")); 226105988Srwatson element = &mac_biba->mb_single; 227105988Srwatson 228105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 229105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 230105988Srwatson} 231105988Srwatson 232105988Srwatsonstatic int 233101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 234101099Srwatson{ 235101099Srwatson 236101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 237101099Srwatson &rangea->mb_rangehigh) && 238101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 239101099Srwatson &rangeb->mb_rangelow)); 240101099Srwatson} 241101099Srwatson 242101099Srwatsonstatic int 243101099Srwatsonmac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 244101099Srwatson{ 245101099Srwatson 246103750Srwatson KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 247101099Srwatson ("mac_biba_single_in_range: a not single")); 248103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 249101099Srwatson ("mac_biba_single_in_range: b not range")); 250101099Srwatson 251101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 252101099Srwatson &single->mb_single) && 253101099Srwatson mac_biba_dominate_element(&single->mb_single, 254101099Srwatson &range->mb_rangelow)); 255101099Srwatson 256101099Srwatson return (1); 257101099Srwatson} 258101099Srwatson 259101099Srwatsonstatic int 260101099Srwatsonmac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 261101099Srwatson{ 262101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 263101099Srwatson ("mac_biba_dominate_single: a not single")); 264101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 265101099Srwatson ("mac_biba_dominate_single: b not single")); 266101099Srwatson 267101099Srwatson return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 268101099Srwatson} 269101099Srwatson 270101099Srwatsonstatic int 271101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 272101099Srwatson{ 273101099Srwatson 274101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 275101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 276101099Srwatson return (1); 277101099Srwatson 278101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 279101099Srwatson} 280101099Srwatson 281101099Srwatsonstatic int 282101099Srwatsonmac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 283101099Srwatson{ 284101099Srwatson 285101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 286101099Srwatson ("mac_biba_equal_single: a not single")); 287101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 288101099Srwatson ("mac_biba_equal_single: b not single")); 289101099Srwatson 290101099Srwatson return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 291101099Srwatson} 292101099Srwatson 293101099Srwatsonstatic int 294105634Srwatsonmac_biba_contains_equal(struct mac_biba *mac_biba) 295105634Srwatson{ 296105634Srwatson 297105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) 298105634Srwatson if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) 299105634Srwatson return (1); 300105634Srwatson 301105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 302105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 303105634Srwatson return (1); 304105634Srwatson if (mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 305105637Srwatson return (1); 306105634Srwatson } 307105634Srwatson 308105634Srwatson return (0); 309105634Srwatson} 310105634Srwatson 311105634Srwatsonstatic int 312106090Srwatsonmac_biba_subject_privileged(struct mac_biba *mac_biba) 313105634Srwatson{ 314105634Srwatson 315105634Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) == 316105634Srwatson MAC_BIBA_FLAGS_BOTH, 317106090Srwatson ("mac_biba_subject_privileged: subject doesn't have both labels")); 318105634Srwatson 319105634Srwatson /* If the single is EQUAL, it's ok. */ 320105634Srwatson if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) 321105634Srwatson return (0); 322105634Srwatson 323105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 324105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 325105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 326105634Srwatson return (0); 327105634Srwatson 328105634Srwatson /* If the range is low-high, it's ok. */ 329105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 330105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 331105634Srwatson return (0); 332105634Srwatson 333105634Srwatson /* It's not ok. */ 334105634Srwatson return (EPERM); 335105634Srwatson} 336105634Srwatson 337106091Srwatsonstatic int 338105988Srwatsonmac_biba_high_single(struct mac_biba *mac_biba) 339105988Srwatson{ 340105988Srwatson 341105988Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 342105988Srwatson ("mac_biba_equal_single: mac_biba not single")); 343105988Srwatson 344105988Srwatson return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); 345105988Srwatson} 346105988Srwatson 347105634Srwatsonstatic int 348101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 349101099Srwatson{ 350101099Srwatson 351101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 352101099Srwatson switch (mac_biba->mb_single.mbe_type) { 353101099Srwatson case MAC_BIBA_TYPE_GRADE: 354101099Srwatson break; 355101099Srwatson 356101099Srwatson case MAC_BIBA_TYPE_EQUAL: 357101099Srwatson case MAC_BIBA_TYPE_HIGH: 358101099Srwatson case MAC_BIBA_TYPE_LOW: 359105643Srwatson if (mac_biba->mb_single.mbe_grade != 0 || 360105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 361105643Srwatson mac_biba->mb_single.mbe_compartments)) 362101099Srwatson return (EINVAL); 363101099Srwatson break; 364101099Srwatson 365101099Srwatson default: 366101099Srwatson return (EINVAL); 367101099Srwatson } 368101099Srwatson } else { 369101099Srwatson if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 370101099Srwatson return (EINVAL); 371101099Srwatson } 372101099Srwatson 373101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 374101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 375101099Srwatson case MAC_BIBA_TYPE_GRADE: 376101099Srwatson break; 377101099Srwatson 378101099Srwatson case MAC_BIBA_TYPE_EQUAL: 379101099Srwatson case MAC_BIBA_TYPE_HIGH: 380101099Srwatson case MAC_BIBA_TYPE_LOW: 381105643Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0 || 382105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 383105643Srwatson mac_biba->mb_rangelow.mbe_compartments)) 384101099Srwatson return (EINVAL); 385101099Srwatson break; 386101099Srwatson 387101099Srwatson default: 388101099Srwatson return (EINVAL); 389101099Srwatson } 390101099Srwatson 391101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 392101099Srwatson case MAC_BIBA_TYPE_GRADE: 393101099Srwatson break; 394101099Srwatson 395101099Srwatson case MAC_BIBA_TYPE_EQUAL: 396101099Srwatson case MAC_BIBA_TYPE_HIGH: 397101099Srwatson case MAC_BIBA_TYPE_LOW: 398105643Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0 || 399105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 400105643Srwatson mac_biba->mb_rangehigh.mbe_compartments)) 401101099Srwatson return (EINVAL); 402101099Srwatson break; 403101099Srwatson 404101099Srwatson default: 405101099Srwatson return (EINVAL); 406101099Srwatson } 407101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 408101099Srwatson &mac_biba->mb_rangelow)) 409101099Srwatson return (EINVAL); 410101099Srwatson } else { 411101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 412101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 413101099Srwatson return (EINVAL); 414101099Srwatson } 415101099Srwatson 416101099Srwatson return (0); 417101099Srwatson} 418101099Srwatson 419101099Srwatsonstatic void 420101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 421105643Srwatson u_short gradelow, u_char *compartmentslow, u_short typehigh, 422105643Srwatson u_short gradehigh, u_char *compartmentshigh) 423101099Srwatson{ 424101099Srwatson 425101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 426101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 427105643Srwatson if (compartmentslow != NULL) 428105643Srwatson memcpy(mac_biba->mb_rangelow.mbe_compartments, 429105643Srwatson compartmentslow, 430105643Srwatson sizeof(mac_biba->mb_rangelow.mbe_compartments)); 431101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 432101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 433105643Srwatson if (compartmentshigh != NULL) 434105643Srwatson memcpy(mac_biba->mb_rangehigh.mbe_compartments, 435105643Srwatson compartmentshigh, 436105643Srwatson sizeof(mac_biba->mb_rangehigh.mbe_compartments)); 437101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 438101099Srwatson} 439101099Srwatson 440101099Srwatsonstatic void 441105643Srwatsonmac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade, 442105643Srwatson u_char *compartments) 443101099Srwatson{ 444101099Srwatson 445101099Srwatson mac_biba->mb_single.mbe_type = type; 446101099Srwatson mac_biba->mb_single.mbe_grade = grade; 447105643Srwatson if (compartments != NULL) 448105643Srwatson memcpy(mac_biba->mb_single.mbe_compartments, compartments, 449105643Srwatson sizeof(mac_biba->mb_single.mbe_compartments)); 450101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 451101099Srwatson} 452101099Srwatson 453101099Srwatsonstatic void 454101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 455101099Srwatson{ 456105643Srwatson 457101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 458101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 459101099Srwatson 460101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 461101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 462101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 463101099Srwatson} 464101099Srwatson 465101099Srwatsonstatic void 466101099Srwatsonmac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 467101099Srwatson{ 468101099Srwatson 469101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 470101099Srwatson ("mac_biba_copy_single: labelfrom not single")); 471101099Srwatson 472101099Srwatson labelto->mb_single = labelfrom->mb_single; 473101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 474101099Srwatson} 475101099Srwatson 476105656Srwatsonstatic void 477105656Srwatsonmac_biba_copy(struct mac_biba *source, struct mac_biba *dest) 478105656Srwatson{ 479105656Srwatson 480105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_SINGLE) 481105656Srwatson mac_biba_copy_single(source, dest); 482105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 483105656Srwatson mac_biba_copy_range(source, dest); 484105656Srwatson} 485105656Srwatson 486101099Srwatson/* 487101099Srwatson * Policy module operations. 488101099Srwatson */ 489101099Srwatsonstatic void 490101099Srwatsonmac_biba_destroy(struct mac_policy_conf *conf) 491101099Srwatson{ 492101099Srwatson 493101099Srwatson} 494101099Srwatson 495101099Srwatsonstatic void 496101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 497101099Srwatson{ 498101099Srwatson 499101099Srwatson} 500101099Srwatson 501101099Srwatson/* 502101099Srwatson * Label operations. 503101099Srwatson */ 504101099Srwatsonstatic void 505104514Srwatsonmac_biba_init_label(struct label *label) 506101099Srwatson{ 507101099Srwatson 508101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 509101099Srwatson} 510101099Srwatson 511101099Srwatsonstatic int 512104514Srwatsonmac_biba_init_label_waitcheck(struct label *label, int flag) 513101099Srwatson{ 514101099Srwatson 515104514Srwatson SLOT(label) = biba_alloc(flag); 516101099Srwatson if (SLOT(label) == NULL) 517101099Srwatson return (ENOMEM); 518101099Srwatson 519101099Srwatson return (0); 520101099Srwatson} 521101099Srwatson 522101099Srwatsonstatic void 523104514Srwatsonmac_biba_destroy_label(struct label *label) 524101099Srwatson{ 525101099Srwatson 526101099Srwatson biba_free(SLOT(label)); 527101099Srwatson SLOT(label) = NULL; 528101099Srwatson} 529101099Srwatson 530105696Srwatson/* 531105696Srwatson * mac_biba_element_to_string() is basically an snprintf wrapper with 532105696Srwatson * the same properties as snprintf(). It returns the length it would 533105696Srwatson * have added to the string in the event the string is too short. 534105696Srwatson */ 535105696Srwatsonstatic size_t 536105696Srwatsonmac_biba_element_to_string(char *string, size_t size, 537105696Srwatson struct mac_biba_element *element) 538105696Srwatson{ 539105696Srwatson int pos, bit = 1; 540105696Srwatson 541105696Srwatson switch (element->mbe_type) { 542105696Srwatson case MAC_BIBA_TYPE_HIGH: 543105696Srwatson return (snprintf(string, size, "high")); 544105696Srwatson 545105696Srwatson case MAC_BIBA_TYPE_LOW: 546105696Srwatson return (snprintf(string, size, "low")); 547105696Srwatson 548105696Srwatson case MAC_BIBA_TYPE_EQUAL: 549105696Srwatson return (snprintf(string, size, "equal")); 550105696Srwatson 551105696Srwatson case MAC_BIBA_TYPE_GRADE: 552105696Srwatson pos = snprintf(string, size, "%d:", element->mbe_grade); 553105696Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) { 554105696Srwatson if (MAC_BIBA_BIT_TEST(bit, element->mbe_compartments)) 555105696Srwatson pos += snprintf(string + pos, size - pos, 556105696Srwatson "%d+", bit); 557105696Srwatson } 558105696Srwatson if (string[pos - 1] == '+' || string[pos - 1] == ':') 559106214Srwatson string[--pos] = '\0'; 560105696Srwatson return (pos); 561105696Srwatson 562105696Srwatson default: 563105696Srwatson panic("mac_biba_element_to_string: invalid type (%d)", 564105696Srwatson element->mbe_type); 565105696Srwatson } 566105696Srwatson} 567105696Srwatson 568101099Srwatsonstatic int 569105696Srwatsonmac_biba_to_string(char *string, size_t size, size_t *caller_len, 570105696Srwatson struct mac_biba *mac_biba) 571101099Srwatson{ 572105696Srwatson size_t left, len; 573105696Srwatson char *curptr; 574105696Srwatson 575105696Srwatson bzero(string, size); 576105696Srwatson curptr = string; 577105696Srwatson left = size; 578105696Srwatson 579105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 580105696Srwatson len = mac_biba_element_to_string(curptr, left, 581105696Srwatson &mac_biba->mb_single); 582105696Srwatson if (len >= left) 583105696Srwatson return (EINVAL); 584105696Srwatson left -= len; 585105696Srwatson curptr += len; 586105696Srwatson } 587105696Srwatson 588105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 589105696Srwatson len = snprintf(curptr, left, "("); 590105696Srwatson if (len >= left) 591105696Srwatson return (EINVAL); 592105696Srwatson left -= len; 593105696Srwatson curptr += len; 594105696Srwatson 595105696Srwatson len = mac_biba_element_to_string(curptr, left, 596105696Srwatson &mac_biba->mb_rangelow); 597105696Srwatson if (len >= left) 598105696Srwatson return (EINVAL); 599105696Srwatson left -= len; 600105696Srwatson curptr += len; 601105696Srwatson 602105696Srwatson len = snprintf(curptr, left, "-"); 603105696Srwatson if (len >= left) 604105696Srwatson return (EINVAL); 605105696Srwatson left -= len; 606105696Srwatson curptr += len; 607105696Srwatson 608105696Srwatson len = mac_biba_element_to_string(curptr, left, 609105696Srwatson &mac_biba->mb_rangehigh); 610105696Srwatson if (len >= left) 611105696Srwatson return (EINVAL); 612105696Srwatson left -= len; 613105696Srwatson curptr += len; 614105696Srwatson 615105696Srwatson len = snprintf(curptr, left, ")"); 616105696Srwatson if (len >= left) 617105696Srwatson return (EINVAL); 618105696Srwatson left -= len; 619105696Srwatson curptr += len; 620105696Srwatson } 621105696Srwatson 622105696Srwatson *caller_len = strlen(string); 623105696Srwatson return (0); 624105696Srwatson} 625105696Srwatson 626105696Srwatsonstatic int 627105696Srwatsonmac_biba_externalize_label(struct label *label, char *element_name, 628105696Srwatson char *element_data, size_t size, size_t *len, int *claimed) 629105696Srwatson{ 630101099Srwatson struct mac_biba *mac_biba; 631105696Srwatson int error; 632101099Srwatson 633105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 634105696Srwatson return (0); 635105696Srwatson 636105696Srwatson (*claimed)++; 637105696Srwatson 638101099Srwatson mac_biba = SLOT(label); 639105696Srwatson error = mac_biba_to_string(element_data, size, len, mac_biba); 640105696Srwatson if (error) 641105696Srwatson return (error); 642101099Srwatson 643105696Srwatson *len = strlen(element_data); 644105696Srwatson return (0); 645105696Srwatson} 646105696Srwatson 647105696Srwatsonstatic int 648105696Srwatsonmac_biba_parse_element(struct mac_biba_element *element, char *string) 649101099Srwatson{ 650105696Srwatson 651105696Srwatson if (strcmp(string, "high") == 0 || 652105696Srwatson strcmp(string, "hi") == 0) { 653105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 654105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 655105696Srwatson } else if (strcmp(string, "low") == 0 || 656105696Srwatson strcmp(string, "lo") == 0) { 657105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 658105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 659105696Srwatson } else if (strcmp(string, "equal") == 0 || 660105696Srwatson strcmp(string, "eq") == 0) { 661105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 662105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 663105696Srwatson } else { 664105696Srwatson char *p0, *p1; 665105696Srwatson int d; 666105696Srwatson 667105696Srwatson p0 = string; 668105696Srwatson d = strtol(p0, &p1, 10); 669105696Srwatson 670105696Srwatson if (d < 0 || d > 65535) 671105696Srwatson return (EINVAL); 672105696Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 673105696Srwatson element->mbe_grade = d; 674105696Srwatson 675105696Srwatson if (*p1 != ':') { 676105696Srwatson if (p1 == p0 || *p1 != '\0') 677105696Srwatson return (EINVAL); 678105696Srwatson else 679105696Srwatson return (0); 680105696Srwatson } 681105696Srwatson else 682105696Srwatson if (*(p1 + 1) == '\0') 683105696Srwatson return (0); 684105696Srwatson 685105696Srwatson while ((p0 = ++p1)) { 686105696Srwatson d = strtol(p0, &p1, 10); 687105696Srwatson if (d < 1 || d > MAC_BIBA_MAX_COMPARTMENTS) 688105696Srwatson return (EINVAL); 689105696Srwatson 690105696Srwatson MAC_BIBA_BIT_SET(d, element->mbe_compartments); 691105696Srwatson 692105696Srwatson if (*p1 == '\0') 693105696Srwatson break; 694105696Srwatson if (p1 == p0 || *p1 != '+') 695105696Srwatson return (EINVAL); 696105696Srwatson } 697105696Srwatson } 698105696Srwatson 699105696Srwatson return (0); 700105696Srwatson} 701105696Srwatson 702105696Srwatson/* 703105696Srwatson * Note: destructively consumes the string, make a local copy before 704105696Srwatson * calling if that's a problem. 705105696Srwatson */ 706105696Srwatsonstatic int 707105696Srwatsonmac_biba_parse(struct mac_biba *mac_biba, char *string) 708105696Srwatson{ 709105696Srwatson char *range, *rangeend, *rangehigh, *rangelow, *single; 710101099Srwatson int error; 711101099Srwatson 712105696Srwatson /* Do we have a range? */ 713105696Srwatson single = string; 714105696Srwatson range = index(string, '('); 715105696Srwatson if (range == single) 716105696Srwatson single = NULL; 717105696Srwatson rangelow = rangehigh = NULL; 718105696Srwatson if (range != NULL) { 719105696Srwatson /* Nul terminate the end of the single string. */ 720105696Srwatson *range = '\0'; 721105696Srwatson range++; 722105696Srwatson rangelow = range; 723105696Srwatson rangehigh = index(rangelow, '-'); 724105696Srwatson if (rangehigh == NULL) 725105696Srwatson return (EINVAL); 726105696Srwatson rangehigh++; 727105696Srwatson if (*rangelow == '\0' || *rangehigh == '\0') 728105696Srwatson return (EINVAL); 729105696Srwatson rangeend = index(rangehigh, ')'); 730105696Srwatson if (rangeend == NULL) 731105696Srwatson return (EINVAL); 732105696Srwatson if (*(rangeend + 1) != '\0') 733105696Srwatson return (EINVAL); 734105696Srwatson /* Nul terminate the ends of the ranges. */ 735105696Srwatson *(rangehigh - 1) = '\0'; 736105696Srwatson *rangeend = '\0'; 737105696Srwatson } 738105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 739105696Srwatson (rangelow == NULL && rangehigh == NULL), 740105696Srwatson ("mac_biba_internalize_label: range mismatch")); 741101099Srwatson 742105696Srwatson bzero(mac_biba, sizeof(*mac_biba)); 743105696Srwatson if (single != NULL) { 744105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_single, single); 745105696Srwatson if (error) 746105696Srwatson return (error); 747105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 748105696Srwatson } 749105696Srwatson 750105696Srwatson if (rangelow != NULL) { 751105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangelow, 752105696Srwatson rangelow); 753105696Srwatson if (error) 754105696Srwatson return (error); 755105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangehigh, 756105696Srwatson rangehigh); 757105696Srwatson if (error) 758105696Srwatson return (error); 759105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 760105696Srwatson } 761105696Srwatson 762101099Srwatson error = mac_biba_valid(mac_biba); 763101099Srwatson if (error) 764101099Srwatson return (error); 765101099Srwatson 766105696Srwatson return (0); 767105696Srwatson} 768101099Srwatson 769105696Srwatsonstatic int 770105696Srwatsonmac_biba_internalize_label(struct label *label, char *element_name, 771105696Srwatson char *element_data, int *claimed) 772105696Srwatson{ 773105696Srwatson struct mac_biba *mac_biba, mac_biba_temp; 774105696Srwatson int error; 775105696Srwatson 776105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 777105696Srwatson return (0); 778105696Srwatson 779105696Srwatson (*claimed)++; 780105696Srwatson 781105696Srwatson error = mac_biba_parse(&mac_biba_temp, element_data); 782105696Srwatson if (error) 783105696Srwatson return (error); 784105696Srwatson 785105696Srwatson mac_biba = SLOT(label); 786105696Srwatson *mac_biba = mac_biba_temp; 787105696Srwatson 788101099Srwatson return (0); 789101099Srwatson} 790101099Srwatson 791105696Srwatsonstatic void 792105696Srwatsonmac_biba_copy_label(struct label *src, struct label *dest) 793105696Srwatson{ 794105696Srwatson 795105696Srwatson *SLOT(dest) = *SLOT(src); 796105696Srwatson} 797105696Srwatson 798101099Srwatson/* 799101099Srwatson * Labeling event operations: file system objects, and things that look 800101099Srwatson * a lot like file system objects. 801101099Srwatson */ 802101099Srwatsonstatic void 803101099Srwatsonmac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 804101099Srwatson struct label *label) 805101099Srwatson{ 806101099Srwatson struct mac_biba *mac_biba; 807101099Srwatson int biba_type; 808101099Srwatson 809101099Srwatson mac_biba = SLOT(label); 810101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 811101099Srwatson strcmp(dev->si_name, "zero") == 0 || 812101099Srwatson strcmp(dev->si_name, "random") == 0 || 813101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 814101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 815105606Srwatson else if (ptys_equal && 816105606Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 817105606Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 818105606Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 819101099Srwatson else 820101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 821105643Srwatson mac_biba_set_single(mac_biba, biba_type, 0, NULL); 822101099Srwatson} 823101099Srwatson 824101099Srwatsonstatic void 825101099Srwatsonmac_biba_create_devfs_directory(char *dirname, int dirnamelen, 826101099Srwatson struct devfs_dirent *devfs_dirent, struct label *label) 827101099Srwatson{ 828101099Srwatson struct mac_biba *mac_biba; 829101099Srwatson 830101099Srwatson mac_biba = SLOT(label); 831105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 832101099Srwatson} 833101099Srwatson 834101099Srwatsonstatic void 835104535Srwatsonmac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 836104535Srwatson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 837104535Srwatson{ 838104535Srwatson struct mac_biba *source, *dest; 839104535Srwatson 840104535Srwatson source = SLOT(&cred->cr_label); 841104535Srwatson dest = SLOT(delabel); 842104535Srwatson 843104535Srwatson mac_biba_copy_single(source, dest); 844104535Srwatson} 845104535Srwatson 846104535Srwatsonstatic void 847101099Srwatsonmac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 848101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 849101099Srwatson{ 850101099Srwatson struct mac_biba *source, *dest; 851101099Srwatson 852101099Srwatson source = SLOT(direntlabel); 853101099Srwatson dest = SLOT(vnodelabel); 854101099Srwatson mac_biba_copy_single(source, dest); 855101099Srwatson} 856101099Srwatson 857101099Srwatsonstatic void 858101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 859101099Srwatson struct label *mntlabel, struct label *fslabel) 860101099Srwatson{ 861101099Srwatson struct mac_biba *source, *dest; 862101099Srwatson 863101099Srwatson source = SLOT(&cred->cr_label); 864101099Srwatson dest = SLOT(mntlabel); 865101099Srwatson mac_biba_copy_single(source, dest); 866101099Srwatson dest = SLOT(fslabel); 867101099Srwatson mac_biba_copy_single(source, dest); 868101099Srwatson} 869101099Srwatson 870101099Srwatsonstatic void 871101099Srwatsonmac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 872101099Srwatson struct label *mntlabel, struct label *fslabel) 873101099Srwatson{ 874101099Srwatson struct mac_biba *mac_biba; 875101099Srwatson 876101099Srwatson /* Always mount root as high integrity. */ 877101099Srwatson mac_biba = SLOT(fslabel); 878105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 879101099Srwatson mac_biba = SLOT(mntlabel); 880105643Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 881101099Srwatson} 882101099Srwatson 883101099Srwatsonstatic void 884101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 885101099Srwatson struct label *vnodelabel, struct label *label) 886101099Srwatson{ 887101099Srwatson struct mac_biba *source, *dest; 888101099Srwatson 889101099Srwatson source = SLOT(label); 890101099Srwatson dest = SLOT(vnodelabel); 891101099Srwatson 892105656Srwatson mac_biba_copy(source, dest); 893101099Srwatson} 894101099Srwatson 895101099Srwatsonstatic void 896101099Srwatsonmac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 897101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 898101099Srwatson{ 899101099Srwatson struct mac_biba *source, *dest; 900101099Srwatson 901101099Srwatson source = SLOT(vnodelabel); 902101099Srwatson dest = SLOT(direntlabel); 903101099Srwatson 904105656Srwatson mac_biba_copy(source, dest); 905101099Srwatson} 906101099Srwatson 907101099Srwatsonstatic void 908105988Srwatsonmac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 909105988Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 910105988Srwatson struct label *vlabel) 911101099Srwatson{ 912101099Srwatson struct mac_biba *source, *dest; 913101099Srwatson 914105988Srwatson source = SLOT(delabel); 915105988Srwatson dest = SLOT(vlabel); 916101099Srwatson 917101099Srwatson mac_biba_copy_single(source, dest); 918101099Srwatson} 919101099Srwatson 920101099Srwatsonstatic int 921105988Srwatsonmac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 922105988Srwatson struct vnode *vp, struct label *vlabel) 923101099Srwatson{ 924105988Srwatson struct mac_biba temp, *source, *dest; 925106354Smux int buflen, error; 926101099Srwatson 927105988Srwatson source = SLOT(fslabel); 928105988Srwatson dest = SLOT(vlabel); 929101099Srwatson 930105988Srwatson buflen = sizeof(temp); 931105988Srwatson bzero(&temp, buflen); 932105988Srwatson 933105988Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 934105988Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 935105988Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 936105988Srwatson /* Fall back to the fslabel. */ 937105988Srwatson mac_biba_copy_single(source, dest); 938105988Srwatson return (0); 939105988Srwatson } else if (error) 940101099Srwatson return (error); 941101099Srwatson 942105988Srwatson if (buflen != sizeof(temp)) { 943105988Srwatson printf("mac_biba_associate_vnode_extattr: bad size %d\n", 944105988Srwatson buflen); 945105988Srwatson return (EPERM); 946105988Srwatson } 947105988Srwatson if (mac_biba_valid(&temp) != 0) { 948105988Srwatson printf("mac_biba_associate_vnode_extattr: invalid\n"); 949105988Srwatson return (EPERM); 950105988Srwatson } 951105988Srwatson if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) { 952105988Srwatson printf("mac_biba_associate_vnode_extattr: not single\n"); 953105988Srwatson return (EPERM); 954105988Srwatson } 955101099Srwatson 956105988Srwatson mac_biba_copy_single(&temp, dest); 957101099Srwatson return (0); 958101099Srwatson} 959101099Srwatson 960101099Srwatsonstatic void 961105988Srwatsonmac_biba_associate_vnode_singlelabel(struct mount *mp, 962105988Srwatson struct label *fslabel, struct vnode *vp, struct label *vlabel) 963101099Srwatson{ 964101099Srwatson struct mac_biba *source, *dest; 965101099Srwatson 966101099Srwatson source = SLOT(fslabel); 967105988Srwatson dest = SLOT(vlabel); 968101099Srwatson 969101099Srwatson mac_biba_copy_single(source, dest); 970101099Srwatson} 971101099Srwatson 972105988Srwatsonstatic int 973105988Srwatsonmac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, 974105988Srwatson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 975105988Srwatson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 976105988Srwatson{ 977105988Srwatson struct mac_biba *source, *dest, temp; 978105988Srwatson size_t buflen; 979105988Srwatson int error; 980105988Srwatson 981105988Srwatson buflen = sizeof(temp); 982105988Srwatson bzero(&temp, buflen); 983105988Srwatson 984105988Srwatson source = SLOT(&cred->cr_label); 985105988Srwatson dest = SLOT(vlabel); 986105988Srwatson mac_biba_copy_single(source, &temp); 987105988Srwatson 988105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 989105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 990105988Srwatson if (error == 0) 991105988Srwatson mac_biba_copy_single(source, dest); 992105988Srwatson return (error); 993105988Srwatson} 994105988Srwatson 995105988Srwatsonstatic int 996105988Srwatsonmac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 997105988Srwatson struct label *vlabel, struct label *intlabel) 998105988Srwatson{ 999105988Srwatson struct mac_biba *source, temp; 1000105988Srwatson size_t buflen; 1001105988Srwatson int error; 1002105988Srwatson 1003105988Srwatson buflen = sizeof(temp); 1004105988Srwatson bzero(&temp, buflen); 1005105988Srwatson 1006105988Srwatson source = SLOT(intlabel); 1007105988Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_SINGLE) == 0) 1008105988Srwatson return (0); 1009105988Srwatson 1010105988Srwatson mac_biba_copy_single(source, &temp); 1011105988Srwatson 1012105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 1013105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 1014105988Srwatson return (error); 1015105988Srwatson} 1016105988Srwatson 1017101099Srwatson/* 1018101099Srwatson * Labeling event operations: IPC object. 1019101099Srwatson */ 1020101099Srwatsonstatic void 1021101099Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 1022101099Srwatson struct mbuf *m, struct label *mbuflabel) 1023101099Srwatson{ 1024101099Srwatson struct mac_biba *source, *dest; 1025101099Srwatson 1026101099Srwatson source = SLOT(socketlabel); 1027101099Srwatson dest = SLOT(mbuflabel); 1028101099Srwatson 1029101099Srwatson mac_biba_copy_single(source, dest); 1030101099Srwatson} 1031101099Srwatson 1032101099Srwatsonstatic void 1033101099Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *socket, 1034101099Srwatson struct label *socketlabel) 1035101099Srwatson{ 1036101099Srwatson struct mac_biba *source, *dest; 1037101099Srwatson 1038101099Srwatson source = SLOT(&cred->cr_label); 1039101099Srwatson dest = SLOT(socketlabel); 1040101099Srwatson 1041101099Srwatson mac_biba_copy_single(source, dest); 1042101099Srwatson} 1043101099Srwatson 1044101099Srwatsonstatic void 1045101099Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 1046101099Srwatson struct label *pipelabel) 1047101099Srwatson{ 1048101099Srwatson struct mac_biba *source, *dest; 1049101099Srwatson 1050101099Srwatson source = SLOT(&cred->cr_label); 1051101099Srwatson dest = SLOT(pipelabel); 1052101099Srwatson 1053101099Srwatson mac_biba_copy_single(source, dest); 1054101099Srwatson} 1055101099Srwatson 1056101099Srwatsonstatic void 1057101099Srwatsonmac_biba_create_socket_from_socket(struct socket *oldsocket, 1058101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1059101099Srwatson struct label *newsocketlabel) 1060101099Srwatson{ 1061101099Srwatson struct mac_biba *source, *dest; 1062101099Srwatson 1063101099Srwatson source = SLOT(oldsocketlabel); 1064101099Srwatson dest = SLOT(newsocketlabel); 1065101099Srwatson 1066101099Srwatson mac_biba_copy_single(source, dest); 1067101099Srwatson} 1068101099Srwatson 1069101099Srwatsonstatic void 1070101099Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 1071101099Srwatson struct label *socketlabel, struct label *newlabel) 1072101099Srwatson{ 1073101099Srwatson struct mac_biba *source, *dest; 1074101099Srwatson 1075101099Srwatson source = SLOT(newlabel); 1076101099Srwatson dest = SLOT(socketlabel); 1077101099Srwatson 1078105656Srwatson mac_biba_copy(source, dest); 1079101099Srwatson} 1080101099Srwatson 1081101099Srwatsonstatic void 1082101099Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 1083101099Srwatson struct label *pipelabel, struct label *newlabel) 1084101099Srwatson{ 1085101099Srwatson struct mac_biba *source, *dest; 1086101099Srwatson 1087101099Srwatson source = SLOT(newlabel); 1088101099Srwatson dest = SLOT(pipelabel); 1089101099Srwatson 1090105656Srwatson mac_biba_copy(source, dest); 1091101099Srwatson} 1092101099Srwatson 1093101099Srwatsonstatic void 1094101099Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1095101099Srwatson struct socket *socket, struct label *socketpeerlabel) 1096101099Srwatson{ 1097101099Srwatson struct mac_biba *source, *dest; 1098101099Srwatson 1099101099Srwatson source = SLOT(mbuflabel); 1100101099Srwatson dest = SLOT(socketpeerlabel); 1101101099Srwatson 1102101099Srwatson mac_biba_copy_single(source, dest); 1103101099Srwatson} 1104101099Srwatson 1105101099Srwatson/* 1106101099Srwatson * Labeling event operations: network objects. 1107101099Srwatson */ 1108101099Srwatsonstatic void 1109101099Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 1110101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1111101099Srwatson struct label *newsocketpeerlabel) 1112101099Srwatson{ 1113101099Srwatson struct mac_biba *source, *dest; 1114101099Srwatson 1115101099Srwatson source = SLOT(oldsocketlabel); 1116101099Srwatson dest = SLOT(newsocketpeerlabel); 1117101099Srwatson 1118101099Srwatson mac_biba_copy_single(source, dest); 1119101099Srwatson} 1120101099Srwatson 1121101099Srwatsonstatic void 1122101099Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1123101099Srwatson struct label *bpflabel) 1124101099Srwatson{ 1125101099Srwatson struct mac_biba *source, *dest; 1126101099Srwatson 1127101099Srwatson source = SLOT(&cred->cr_label); 1128101099Srwatson dest = SLOT(bpflabel); 1129101099Srwatson 1130101099Srwatson mac_biba_copy_single(source, dest); 1131101099Srwatson} 1132101099Srwatson 1133101099Srwatsonstatic void 1134101099Srwatsonmac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1135101099Srwatson{ 1136101099Srwatson char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 1137101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1138101099Srwatson struct mac_biba *dest; 1139101099Srwatson int len, grade; 1140101099Srwatson 1141101099Srwatson dest = SLOT(ifnetlabel); 1142101099Srwatson 1143101099Srwatson if (ifnet->if_type == IFT_LOOP) { 1144101099Srwatson grade = MAC_BIBA_TYPE_EQUAL; 1145101099Srwatson goto set; 1146101099Srwatson } 1147101099Srwatson 1148101099Srwatson if (trust_all_interfaces) { 1149101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 1150101099Srwatson goto set; 1151101099Srwatson } 1152101099Srwatson 1153101099Srwatson grade = MAC_BIBA_TYPE_LOW; 1154101099Srwatson 1155101099Srwatson if (trusted_interfaces[0] == '\0' || 1156101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1157101099Srwatson goto set; 1158101099Srwatson 1159106089Srwatson bzero(tiflist, sizeof(tiflist)); 1160101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1161101099Srwatson if(*p != ' ' && *p != '\t') 1162101099Srwatson *q = *p; 1163101099Srwatson 1164101099Srwatson snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 1165101099Srwatson 1166101099Srwatson for (p = q = tiflist;; p++) { 1167101099Srwatson if (*p == ',' || *p == '\0') { 1168101099Srwatson len = p - q; 1169101099Srwatson if (len < IFNAMSIZ) { 1170101099Srwatson bzero(tifname, sizeof(tifname)); 1171101099Srwatson bcopy(q, tifname, len); 1172101099Srwatson if (strcmp(tifname, ifname) == 0) { 1173101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 1174101099Srwatson break; 1175101099Srwatson } 1176106089Srwatson } else { 1177106089Srwatson *p = '\0'; 1178106089Srwatson printf("mac_biba warning: interface name " 1179106089Srwatson "\"%s\" is too long (must be < %d)\n", 1180106089Srwatson q, IFNAMSIZ); 1181101099Srwatson } 1182101099Srwatson if (*p == '\0') 1183101099Srwatson break; 1184101099Srwatson q = p + 1; 1185101099Srwatson } 1186101099Srwatson } 1187101099Srwatsonset: 1188105643Srwatson mac_biba_set_single(dest, grade, 0, NULL); 1189105643Srwatson mac_biba_set_range(dest, grade, 0, NULL, grade, 0, NULL); 1190101099Srwatson} 1191101099Srwatson 1192101099Srwatsonstatic void 1193101099Srwatsonmac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1194101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1195101099Srwatson{ 1196101099Srwatson struct mac_biba *source, *dest; 1197101099Srwatson 1198101099Srwatson source = SLOT(fragmentlabel); 1199101099Srwatson dest = SLOT(ipqlabel); 1200101099Srwatson 1201101099Srwatson mac_biba_copy_single(source, dest); 1202101099Srwatson} 1203101099Srwatson 1204101099Srwatsonstatic void 1205101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1206101099Srwatson struct mbuf *datagram, struct label *datagramlabel) 1207101099Srwatson{ 1208101099Srwatson struct mac_biba *source, *dest; 1209101099Srwatson 1210101099Srwatson source = SLOT(ipqlabel); 1211101099Srwatson dest = SLOT(datagramlabel); 1212101099Srwatson 1213101099Srwatson /* Just use the head, since we require them all to match. */ 1214101099Srwatson mac_biba_copy_single(source, dest); 1215101099Srwatson} 1216101099Srwatson 1217101099Srwatsonstatic void 1218101099Srwatsonmac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1219101099Srwatson struct mbuf *fragment, struct label *fragmentlabel) 1220101099Srwatson{ 1221101099Srwatson struct mac_biba *source, *dest; 1222101099Srwatson 1223101099Srwatson source = SLOT(datagramlabel); 1224101099Srwatson dest = SLOT(fragmentlabel); 1225101099Srwatson 1226101099Srwatson mac_biba_copy_single(source, dest); 1227101099Srwatson} 1228101099Srwatson 1229101099Srwatsonstatic void 1230101099Srwatsonmac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1231101099Srwatson struct label *oldmbuflabel, struct mbuf *newmbuf, 1232101099Srwatson struct label *newmbuflabel) 1233101099Srwatson{ 1234101099Srwatson struct mac_biba *source, *dest; 1235101099Srwatson 1236101099Srwatson source = SLOT(oldmbuflabel); 1237101099Srwatson dest = SLOT(newmbuflabel); 1238101099Srwatson 1239105656Srwatson /* 1240105656Srwatson * Because the source mbuf may not yet have been "created", 1241105696Srwatson * just initialized, we do a conditional copy. Since we don't 1242105656Srwatson * allow mbufs to have ranges, do a KASSERT to make sure that 1243105656Srwatson * doesn't happen. 1244105656Srwatson */ 1245105656Srwatson KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) == 0, 1246105656Srwatson ("mac_biba_create_mbuf_from_mbuf: source mbuf has range")); 1247105656Srwatson mac_biba_copy(source, dest); 1248101099Srwatson} 1249101099Srwatson 1250101099Srwatsonstatic void 1251101099Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1252101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1253101099Srwatson{ 1254101099Srwatson struct mac_biba *dest; 1255101099Srwatson 1256101099Srwatson dest = SLOT(mbuflabel); 1257101099Srwatson 1258105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1259101099Srwatson} 1260101099Srwatson 1261101099Srwatsonstatic void 1262101099Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1263101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1264101099Srwatson{ 1265101099Srwatson struct mac_biba *source, *dest; 1266101099Srwatson 1267101099Srwatson source = SLOT(bpflabel); 1268101099Srwatson dest = SLOT(mbuflabel); 1269101099Srwatson 1270101099Srwatson mac_biba_copy_single(source, dest); 1271101099Srwatson} 1272101099Srwatson 1273101099Srwatsonstatic void 1274101099Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1275101099Srwatson struct mbuf *m, struct label *mbuflabel) 1276101099Srwatson{ 1277101099Srwatson struct mac_biba *source, *dest; 1278101099Srwatson 1279101099Srwatson source = SLOT(ifnetlabel); 1280101099Srwatson dest = SLOT(mbuflabel); 1281101099Srwatson 1282101099Srwatson mac_biba_copy_single(source, dest); 1283101099Srwatson} 1284101099Srwatson 1285101099Srwatsonstatic void 1286101099Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1287101099Srwatson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1288101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1289101099Srwatson{ 1290101099Srwatson struct mac_biba *source, *dest; 1291101099Srwatson 1292101099Srwatson source = SLOT(oldmbuflabel); 1293101099Srwatson dest = SLOT(newmbuflabel); 1294101099Srwatson 1295101099Srwatson mac_biba_copy_single(source, dest); 1296101099Srwatson} 1297101099Srwatson 1298101099Srwatsonstatic void 1299101099Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1300101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1301101099Srwatson{ 1302101099Srwatson struct mac_biba *source, *dest; 1303101099Srwatson 1304101099Srwatson source = SLOT(oldmbuflabel); 1305101099Srwatson dest = SLOT(newmbuflabel); 1306101099Srwatson 1307101099Srwatson mac_biba_copy_single(source, dest); 1308101099Srwatson} 1309101099Srwatson 1310101099Srwatsonstatic int 1311101099Srwatsonmac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1312101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1313101099Srwatson{ 1314101099Srwatson struct mac_biba *a, *b; 1315101099Srwatson 1316101099Srwatson a = SLOT(ipqlabel); 1317101099Srwatson b = SLOT(fragmentlabel); 1318101099Srwatson 1319101099Srwatson return (mac_biba_equal_single(a, b)); 1320101099Srwatson} 1321101099Srwatson 1322101099Srwatsonstatic void 1323101099Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1324101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1325101099Srwatson{ 1326101099Srwatson struct mac_biba *source, *dest; 1327101099Srwatson 1328101099Srwatson source = SLOT(newlabel); 1329101099Srwatson dest = SLOT(ifnetlabel); 1330101099Srwatson 1331105656Srwatson mac_biba_copy(source, dest); 1332101099Srwatson} 1333101099Srwatson 1334101099Srwatsonstatic void 1335101099Srwatsonmac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1336101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1337101099Srwatson{ 1338101099Srwatson 1339101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1340101099Srwatson} 1341101099Srwatson 1342101099Srwatson/* 1343101099Srwatson * Labeling event operations: processes. 1344101099Srwatson */ 1345101099Srwatsonstatic void 1346101099Srwatsonmac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1347101099Srwatson{ 1348101099Srwatson struct mac_biba *source, *dest; 1349101099Srwatson 1350101099Srwatson source = SLOT(&cred_parent->cr_label); 1351101099Srwatson dest = SLOT(&cred_child->cr_label); 1352101099Srwatson 1353101099Srwatson mac_biba_copy_single(source, dest); 1354101099Srwatson mac_biba_copy_range(source, dest); 1355101099Srwatson} 1356101099Srwatson 1357101099Srwatsonstatic void 1358101099Srwatsonmac_biba_execve_transition(struct ucred *old, struct ucred *new, 1359106214Srwatson struct vnode *vp, struct label *vnodelabel) 1360101099Srwatson{ 1361101099Srwatson struct mac_biba *source, *dest; 1362101099Srwatson 1363101099Srwatson source = SLOT(&old->cr_label); 1364101099Srwatson dest = SLOT(&new->cr_label); 1365101099Srwatson 1366101099Srwatson mac_biba_copy_single(source, dest); 1367101099Srwatson mac_biba_copy_range(source, dest); 1368101099Srwatson} 1369101099Srwatson 1370101099Srwatsonstatic int 1371101099Srwatsonmac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1372106214Srwatson struct label *vnodelabel) 1373101099Srwatson{ 1374101099Srwatson 1375101099Srwatson return (0); 1376101099Srwatson} 1377101099Srwatson 1378101099Srwatsonstatic void 1379101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 1380101099Srwatson{ 1381101099Srwatson struct mac_biba *dest; 1382101099Srwatson 1383101099Srwatson dest = SLOT(&cred->cr_label); 1384101099Srwatson 1385105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1386105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1387105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1388101099Srwatson} 1389101099Srwatson 1390101099Srwatsonstatic void 1391101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 1392101099Srwatson{ 1393101099Srwatson struct mac_biba *dest; 1394101099Srwatson 1395101099Srwatson dest = SLOT(&cred->cr_label); 1396101099Srwatson 1397105643Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1398105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1399105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1400101099Srwatson} 1401101099Srwatson 1402101099Srwatsonstatic void 1403101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1404101099Srwatson{ 1405101099Srwatson struct mac_biba *source, *dest; 1406101099Srwatson 1407101099Srwatson source = SLOT(newlabel); 1408101099Srwatson dest = SLOT(&cred->cr_label); 1409101099Srwatson 1410105656Srwatson mac_biba_copy(source, dest); 1411101099Srwatson} 1412101099Srwatson 1413101099Srwatson/* 1414101099Srwatson * Access control checks. 1415101099Srwatson */ 1416101099Srwatsonstatic int 1417101099Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1418101099Srwatson struct ifnet *ifnet, struct label *ifnetlabel) 1419101099Srwatson{ 1420101099Srwatson struct mac_biba *a, *b; 1421101099Srwatson 1422101099Srwatson if (!mac_biba_enabled) 1423101099Srwatson return (0); 1424101099Srwatson 1425101099Srwatson a = SLOT(bpflabel); 1426101099Srwatson b = SLOT(ifnetlabel); 1427101099Srwatson 1428101099Srwatson if (mac_biba_equal_single(a, b)) 1429101099Srwatson return (0); 1430101099Srwatson return (EACCES); 1431101099Srwatson} 1432101099Srwatson 1433101099Srwatsonstatic int 1434101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1435101099Srwatson{ 1436101099Srwatson struct mac_biba *subj, *new; 1437105634Srwatson int error; 1438101099Srwatson 1439101099Srwatson subj = SLOT(&cred->cr_label); 1440101099Srwatson new = SLOT(newlabel); 1441101099Srwatson 1442101099Srwatson /* 1443105634Srwatson * If there is a Biba label update for the credential, it may 1444105634Srwatson * be an update of the single, range, or both. 1445101099Srwatson */ 1446105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1447105634Srwatson if (error) 1448105634Srwatson return (error); 1449101099Srwatson 1450101099Srwatson /* 1451105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1452101099Srwatson */ 1453105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1454105634Srwatson /* 1455105634Srwatson * To change the Biba single label on a credential, the 1456105634Srwatson * new single label must be in the current range. 1457105634Srwatson */ 1458105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && 1459105634Srwatson !mac_biba_single_in_range(new, subj)) 1460105634Srwatson return (EPERM); 1461101099Srwatson 1462105634Srwatson /* 1463105634Srwatson * To change the Biba range on a credential, the new 1464105634Srwatson * range label must be in the current range. 1465105634Srwatson */ 1466105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 1467105634Srwatson !mac_biba_range_in_range(new, subj)) 1468105634Srwatson return (EPERM); 1469101099Srwatson 1470105634Srwatson /* 1471105634Srwatson * To have EQUAL in any component of the new credential 1472105634Srwatson * Biba label, the subject must already have EQUAL in 1473105634Srwatson * their label. 1474105634Srwatson */ 1475105634Srwatson if (mac_biba_contains_equal(new)) { 1476106090Srwatson error = mac_biba_subject_privileged(subj); 1477105634Srwatson if (error) 1478105634Srwatson return (error); 1479105634Srwatson } 1480101099Srwatson 1481105634Srwatson /* 1482105634Srwatson * XXXMAC: Additional consistency tests regarding the 1483105634Srwatson * single and range of the new label might be performed 1484105634Srwatson * here. 1485105634Srwatson */ 1486105634Srwatson } 1487105634Srwatson 1488101099Srwatson return (0); 1489101099Srwatson} 1490101099Srwatson 1491101099Srwatsonstatic int 1492101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1493101099Srwatson{ 1494101099Srwatson struct mac_biba *subj, *obj; 1495101099Srwatson 1496101099Srwatson if (!mac_biba_enabled) 1497101099Srwatson return (0); 1498101099Srwatson 1499101099Srwatson subj = SLOT(&u1->cr_label); 1500101099Srwatson obj = SLOT(&u2->cr_label); 1501101099Srwatson 1502101099Srwatson /* XXX: range */ 1503101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1504101099Srwatson return (ESRCH); 1505101099Srwatson 1506101099Srwatson return (0); 1507101099Srwatson} 1508101099Srwatson 1509101099Srwatsonstatic int 1510101099Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1511101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1512101099Srwatson{ 1513101099Srwatson struct mac_biba *subj, *new; 1514105634Srwatson int error; 1515101099Srwatson 1516101099Srwatson subj = SLOT(&cred->cr_label); 1517101099Srwatson new = SLOT(newlabel); 1518101099Srwatson 1519105634Srwatson /* 1520105634Srwatson * If there is a Biba label update for the interface, it may 1521105634Srwatson * be an update of the single, range, or both. 1522105634Srwatson */ 1523105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1524105634Srwatson if (error) 1525105634Srwatson return (error); 1526101099Srwatson 1527105634Srwatson /* 1528106160Srwatson * Relabling network interfaces requires Biba privilege. 1529106160Srwatson */ 1530106160Srwatson error = mac_biba_subject_privileged(subj); 1531106160Srwatson if (error) 1532106160Srwatson return (error); 1533106160Srwatson 1534106160Srwatson /* 1535105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1536105634Srwatson */ 1537105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1538105634Srwatson /* 1539105634Srwatson * Rely on the traditional superuser status for the Biba 1540105634Srwatson * interface relabel requirements. XXXMAC: This will go 1541105634Srwatson * away. 1542105634Srwatson */ 1543105634Srwatson error = suser_cred(cred, 0); 1544105634Srwatson if (error) 1545105634Srwatson return (EPERM); 1546105634Srwatson 1547105634Srwatson /* 1548105634Srwatson * XXXMAC: Additional consistency tests regarding the single 1549105634Srwatson * and the range of the new label might be performed here. 1550105634Srwatson */ 1551105634Srwatson } 1552105634Srwatson 1553105634Srwatson return (0); 1554101099Srwatson} 1555101099Srwatson 1556103759Srwatsonstatic int 1557101099Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1558101099Srwatson struct mbuf *m, struct label *mbuflabel) 1559101099Srwatson{ 1560101099Srwatson struct mac_biba *p, *i; 1561103761Srwatson 1562101099Srwatson if (!mac_biba_enabled) 1563101099Srwatson return (0); 1564101099Srwatson 1565101099Srwatson p = SLOT(mbuflabel); 1566101099Srwatson i = SLOT(ifnetlabel); 1567103759Srwatson 1568101099Srwatson return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1569101099Srwatson} 1570101099Srwatson 1571101099Srwatsonstatic int 1572101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1573101099Srwatson struct label *mntlabel) 1574101099Srwatson{ 1575101099Srwatson struct mac_biba *subj, *obj; 1576101099Srwatson 1577101099Srwatson if (!mac_biba_enabled) 1578101099Srwatson return (0); 1579101099Srwatson 1580101099Srwatson subj = SLOT(&cred->cr_label); 1581101099Srwatson obj = SLOT(mntlabel); 1582101099Srwatson 1583101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1584101099Srwatson return (EACCES); 1585101099Srwatson 1586101099Srwatson return (0); 1587101099Srwatson} 1588101099Srwatson 1589101099Srwatsonstatic int 1590101099Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1591101099Srwatson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1592101099Srwatson{ 1593103759Srwatson 1594101099Srwatson if(!mac_biba_enabled) 1595101099Srwatson return (0); 1596101099Srwatson 1597101099Srwatson /* XXX: This will be implemented soon... */ 1598101099Srwatson 1599101099Srwatson return (0); 1600101099Srwatson} 1601101099Srwatson 1602101099Srwatsonstatic int 1603102115Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1604102115Srwatson struct label *pipelabel) 1605101099Srwatson{ 1606101099Srwatson struct mac_biba *subj, *obj; 1607101099Srwatson 1608101099Srwatson if (!mac_biba_enabled) 1609101099Srwatson return (0); 1610101099Srwatson 1611101099Srwatson subj = SLOT(&cred->cr_label); 1612101099Srwatson obj = SLOT((pipelabel)); 1613101099Srwatson 1614102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1615102115Srwatson return (EACCES); 1616101099Srwatson 1617101099Srwatson return (0); 1618101099Srwatson} 1619101099Srwatson 1620101099Srwatsonstatic int 1621102115Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1622102115Srwatson struct label *pipelabel) 1623102115Srwatson{ 1624102115Srwatson struct mac_biba *subj, *obj; 1625102115Srwatson 1626102115Srwatson if (!mac_biba_enabled) 1627102115Srwatson return (0); 1628102115Srwatson 1629102115Srwatson subj = SLOT(&cred->cr_label); 1630102115Srwatson obj = SLOT((pipelabel)); 1631102115Srwatson 1632102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1633102115Srwatson return (EACCES); 1634102115Srwatson 1635102115Srwatson return (0); 1636102115Srwatson} 1637102115Srwatson 1638102115Srwatsonstatic int 1639101099Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1640101099Srwatson struct label *pipelabel, struct label *newlabel) 1641101099Srwatson{ 1642101099Srwatson struct mac_biba *subj, *obj, *new; 1643105634Srwatson int error; 1644101099Srwatson 1645101099Srwatson new = SLOT(newlabel); 1646101099Srwatson subj = SLOT(&cred->cr_label); 1647101099Srwatson obj = SLOT(pipelabel); 1648101099Srwatson 1649101099Srwatson /* 1650105634Srwatson * If there is a Biba label update for a pipe, it must be a 1651105634Srwatson * single update. 1652101099Srwatson */ 1653105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 1654105634Srwatson if (error) 1655105634Srwatson return (error); 1656101099Srwatson 1657101099Srwatson /* 1658105634Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1659105634Srwatson * authorize the relabel. 1660101099Srwatson */ 1661105634Srwatson if (!mac_biba_single_in_range(obj, subj)) 1662101099Srwatson return (EPERM); 1663101099Srwatson 1664101099Srwatson /* 1665105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1666101099Srwatson */ 1667105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 1668105634Srwatson /* 1669105634Srwatson * To change the Biba label on a pipe, the new pipe label 1670105634Srwatson * must be in the subject range. 1671105634Srwatson */ 1672105634Srwatson if (!mac_biba_single_in_range(new, subj)) 1673105634Srwatson return (EPERM); 1674101099Srwatson 1675105634Srwatson /* 1676105634Srwatson * To change the Biba label on a pipe to be EQUAL, the 1677105634Srwatson * subject must have appropriate privilege. 1678105634Srwatson */ 1679105634Srwatson if (mac_biba_contains_equal(new)) { 1680106090Srwatson error = mac_biba_subject_privileged(subj); 1681105634Srwatson if (error) 1682105634Srwatson return (error); 1683105634Srwatson } 1684105634Srwatson } 1685105634Srwatson 1686101099Srwatson return (0); 1687101099Srwatson} 1688101099Srwatson 1689101099Srwatsonstatic int 1690102115Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1691102115Srwatson struct label *pipelabel) 1692102115Srwatson{ 1693102115Srwatson struct mac_biba *subj, *obj; 1694102115Srwatson 1695102115Srwatson if (!mac_biba_enabled) 1696102115Srwatson return (0); 1697102115Srwatson 1698102115Srwatson subj = SLOT(&cred->cr_label); 1699102115Srwatson obj = SLOT((pipelabel)); 1700102115Srwatson 1701102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1702102115Srwatson return (EACCES); 1703102115Srwatson 1704102115Srwatson return (0); 1705102115Srwatson} 1706102115Srwatson 1707102115Srwatsonstatic int 1708102115Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1709102115Srwatson struct label *pipelabel) 1710102115Srwatson{ 1711102115Srwatson struct mac_biba *subj, *obj; 1712102115Srwatson 1713102115Srwatson if (!mac_biba_enabled) 1714102115Srwatson return (0); 1715102115Srwatson 1716102115Srwatson subj = SLOT(&cred->cr_label); 1717102115Srwatson obj = SLOT((pipelabel)); 1718102115Srwatson 1719102115Srwatson if (!mac_biba_dominate_single(subj, obj)) 1720102115Srwatson return (EACCES); 1721102115Srwatson 1722102115Srwatson return (0); 1723102115Srwatson} 1724102115Srwatson 1725102115Srwatsonstatic int 1726101099Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1727101099Srwatson{ 1728101099Srwatson struct mac_biba *subj, *obj; 1729101099Srwatson 1730101099Srwatson if (!mac_biba_enabled) 1731101099Srwatson return (0); 1732101099Srwatson 1733101099Srwatson subj = SLOT(&cred->cr_label); 1734101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1735101099Srwatson 1736101099Srwatson /* XXX: range checks */ 1737101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1738101099Srwatson return (ESRCH); 1739101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1740101099Srwatson return (EACCES); 1741101099Srwatson 1742101099Srwatson return (0); 1743101099Srwatson} 1744101099Srwatson 1745101099Srwatsonstatic int 1746101099Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1747101099Srwatson{ 1748101099Srwatson struct mac_biba *subj, *obj; 1749103759Srwatson 1750101099Srwatson if (!mac_biba_enabled) 1751101099Srwatson return (0); 1752101099Srwatson 1753101099Srwatson subj = SLOT(&cred->cr_label); 1754101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1755103759Srwatson 1756101099Srwatson /* XXX: range checks */ 1757101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1758101099Srwatson return (ESRCH); 1759101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1760101099Srwatson return (EACCES); 1761101099Srwatson 1762101099Srwatson return (0); 1763101099Srwatson} 1764101099Srwatson 1765101099Srwatsonstatic int 1766101099Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1767101099Srwatson{ 1768101099Srwatson struct mac_biba *subj, *obj; 1769103759Srwatson 1770101099Srwatson if (!mac_biba_enabled) 1771101099Srwatson return (0); 1772101099Srwatson 1773101099Srwatson subj = SLOT(&cred->cr_label); 1774101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1775103759Srwatson 1776101099Srwatson /* XXX: range checks */ 1777101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1778101099Srwatson return (ESRCH); 1779101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1780101099Srwatson return (EACCES); 1781101099Srwatson 1782101099Srwatson return (0); 1783101099Srwatson} 1784101099Srwatson 1785101099Srwatsonstatic int 1786101934Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1787101099Srwatson struct mbuf *m, struct label *mbuflabel) 1788101099Srwatson{ 1789101099Srwatson struct mac_biba *p, *s; 1790101099Srwatson 1791101099Srwatson if (!mac_biba_enabled) 1792101099Srwatson return (0); 1793101099Srwatson 1794101099Srwatson p = SLOT(mbuflabel); 1795101099Srwatson s = SLOT(socketlabel); 1796101099Srwatson 1797101099Srwatson return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1798101099Srwatson} 1799101099Srwatson 1800101099Srwatsonstatic int 1801106214Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, 1802101099Srwatson struct label *socketlabel, struct label *newlabel) 1803101099Srwatson{ 1804101099Srwatson struct mac_biba *subj, *obj, *new; 1805105634Srwatson int error; 1806101099Srwatson 1807101099Srwatson new = SLOT(newlabel); 1808101099Srwatson subj = SLOT(&cred->cr_label); 1809101099Srwatson obj = SLOT(socketlabel); 1810101099Srwatson 1811101099Srwatson /* 1812105634Srwatson * If there is a Biba label update for the socket, it may be 1813105634Srwatson * an update of single. 1814101099Srwatson */ 1815105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 1816105634Srwatson if (error) 1817105634Srwatson return (error); 1818101099Srwatson 1819101099Srwatson /* 1820105634Srwatson * To relabel a socket, the old socket single must be in the subject 1821101099Srwatson * range. 1822101099Srwatson */ 1823105634Srwatson if (!mac_biba_single_in_range(obj, subj)) 1824101099Srwatson return (EPERM); 1825101099Srwatson 1826101099Srwatson /* 1827105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1828101099Srwatson */ 1829105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 1830105634Srwatson /* 1831105634Srwatson * To relabel a socket, the new socket single must be in 1832105634Srwatson * the subject range. 1833105634Srwatson */ 1834105634Srwatson if (!mac_biba_single_in_range(new, subj)) 1835105634Srwatson return (EPERM); 1836101099Srwatson 1837105634Srwatson /* 1838105634Srwatson * To change the Biba label on the socket to contain EQUAL, 1839105634Srwatson * the subject must have appropriate privilege. 1840105634Srwatson */ 1841105634Srwatson if (mac_biba_contains_equal(new)) { 1842106090Srwatson error = mac_biba_subject_privileged(subj); 1843105634Srwatson if (error) 1844105634Srwatson return (error); 1845105634Srwatson } 1846105634Srwatson } 1847105634Srwatson 1848101099Srwatson return (0); 1849101099Srwatson} 1850101099Srwatson 1851101099Srwatsonstatic int 1852101099Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1853101099Srwatson struct label *socketlabel) 1854101099Srwatson{ 1855101099Srwatson struct mac_biba *subj, *obj; 1856101099Srwatson 1857105722Srwatson if (!mac_biba_enabled) 1858105722Srwatson return (0); 1859105722Srwatson 1860101099Srwatson subj = SLOT(&cred->cr_label); 1861101099Srwatson obj = SLOT(socketlabel); 1862101099Srwatson 1863101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1864101099Srwatson return (ENOENT); 1865101099Srwatson 1866101099Srwatson return (0); 1867101099Srwatson} 1868101099Srwatson 1869101099Srwatsonstatic int 1870106161Srwatsonmac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 1871106161Srwatson struct label *label) 1872106161Srwatson{ 1873106161Srwatson struct mac_biba *subj, *obj; 1874106161Srwatson 1875106161Srwatson if (!mac_biba_enabled) 1876106161Srwatson return (0); 1877106161Srwatson 1878106161Srwatson subj = SLOT(&cred->cr_label); 1879106161Srwatson obj = SLOT(label); 1880106161Srwatson 1881106161Srwatson if (!mac_biba_subject_privileged(subj)) 1882106161Srwatson return (EPERM); 1883106161Srwatson 1884106161Srwatson if (!mac_biba_high_single(obj)) 1885106161Srwatson return (EACCES); 1886106161Srwatson 1887106161Srwatson return (0); 1888106161Srwatson} 1889106161Srwatson 1890106161Srwatsonstatic int 1891106161Srwatsonmac_biba_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 1892106161Srwatson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 1893106161Srwatson{ 1894106161Srwatson struct mac_biba *subj; 1895106161Srwatson int error; 1896106161Srwatson 1897106161Srwatson if (!mac_biba_enabled) 1898106161Srwatson return (0); 1899106161Srwatson 1900106161Srwatson subj = SLOT(&cred->cr_label); 1901106161Srwatson 1902106161Srwatson /* 1903106161Srwatson * In general, treat sysctl variables as biba/high, but also 1904106161Srwatson * require privilege to change them, since they are a 1905106161Srwatson * communications channel between grades. Exempt MIB 1906106161Srwatson * queries from this due to undocmented sysctl magic. 1907106161Srwatson * XXXMAC: This probably requires some more review. 1908106161Srwatson */ 1909106161Srwatson if (new != NULL) { 1910106161Srwatson if (namelen > 0 && name[0] == 0) 1911106161Srwatson return (0); 1912106161Srwatson 1913106161Srwatson if (!mac_biba_subject_dominate_high(subj)) 1914106161Srwatson return (EACCES); 1915106161Srwatson 1916106161Srwatson error = mac_biba_subject_privileged(subj); 1917106161Srwatson if (error) 1918106161Srwatson return (error); 1919106161Srwatson } 1920106161Srwatson 1921106161Srwatson return (0); 1922106161Srwatson} 1923106161Srwatson 1924106161Srwatsonstatic int 1925101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1926101099Srwatson struct label *dlabel) 1927101099Srwatson{ 1928101099Srwatson struct mac_biba *subj, *obj; 1929101099Srwatson 1930101099Srwatson if (!mac_biba_enabled) 1931101099Srwatson return (0); 1932101099Srwatson 1933101099Srwatson subj = SLOT(&cred->cr_label); 1934101099Srwatson obj = SLOT(dlabel); 1935101099Srwatson 1936101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1937101099Srwatson return (EACCES); 1938101099Srwatson 1939101099Srwatson return (0); 1940101099Srwatson} 1941101099Srwatson 1942101099Srwatsonstatic int 1943101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1944101099Srwatson struct label *dlabel) 1945101099Srwatson{ 1946101099Srwatson struct mac_biba *subj, *obj; 1947101099Srwatson 1948101099Srwatson if (!mac_biba_enabled) 1949101099Srwatson return (0); 1950101099Srwatson 1951101099Srwatson subj = SLOT(&cred->cr_label); 1952101099Srwatson obj = SLOT(dlabel); 1953101099Srwatson 1954101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1955101099Srwatson return (EACCES); 1956101099Srwatson 1957101099Srwatson return (0); 1958101099Srwatson} 1959101099Srwatson 1960101099Srwatsonstatic int 1961101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1962101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1963101099Srwatson{ 1964101099Srwatson struct mac_biba *subj, *obj; 1965101099Srwatson 1966101099Srwatson if (!mac_biba_enabled) 1967101099Srwatson return (0); 1968101099Srwatson 1969101099Srwatson subj = SLOT(&cred->cr_label); 1970101099Srwatson obj = SLOT(dlabel); 1971101099Srwatson 1972101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1973101099Srwatson return (EACCES); 1974101099Srwatson 1975101099Srwatson return (0); 1976101099Srwatson} 1977101099Srwatson 1978101099Srwatsonstatic int 1979101099Srwatsonmac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1980101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1981101099Srwatson struct componentname *cnp) 1982101099Srwatson{ 1983101099Srwatson struct mac_biba *subj, *obj; 1984101099Srwatson 1985101099Srwatson if (!mac_biba_enabled) 1986101099Srwatson return (0); 1987101099Srwatson 1988101099Srwatson subj = SLOT(&cred->cr_label); 1989101099Srwatson obj = SLOT(dlabel); 1990101099Srwatson 1991101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1992101099Srwatson return (EACCES); 1993101099Srwatson 1994101099Srwatson obj = SLOT(label); 1995101099Srwatson 1996101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1997101099Srwatson return (EACCES); 1998101099Srwatson 1999101099Srwatson return (0); 2000101099Srwatson} 2001101099Srwatson 2002101099Srwatsonstatic int 2003101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 2004101099Srwatson struct label *label, acl_type_t type) 2005101099Srwatson{ 2006101099Srwatson struct mac_biba *subj, *obj; 2007101099Srwatson 2008101099Srwatson if (!mac_biba_enabled) 2009101099Srwatson return (0); 2010101099Srwatson 2011101099Srwatson subj = SLOT(&cred->cr_label); 2012101099Srwatson obj = SLOT(label); 2013101099Srwatson 2014101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2015101099Srwatson return (EACCES); 2016101099Srwatson 2017101099Srwatson return (0); 2018101099Srwatson} 2019101099Srwatson 2020101099Srwatsonstatic int 2021101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 2022101099Srwatson struct label *label) 2023101099Srwatson{ 2024101099Srwatson struct mac_biba *subj, *obj; 2025101099Srwatson 2026101099Srwatson if (!mac_biba_enabled) 2027101099Srwatson return (0); 2028101099Srwatson 2029101099Srwatson subj = SLOT(&cred->cr_label); 2030101099Srwatson obj = SLOT(label); 2031101099Srwatson 2032101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2033101099Srwatson return (EACCES); 2034101099Srwatson 2035101099Srwatson return (0); 2036101099Srwatson} 2037101099Srwatson 2038101099Srwatsonstatic int 2039101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 2040101099Srwatson struct label *label, acl_type_t type) 2041101099Srwatson{ 2042101099Srwatson struct mac_biba *subj, *obj; 2043101099Srwatson 2044101099Srwatson if (!mac_biba_enabled) 2045101099Srwatson return (0); 2046101099Srwatson 2047101099Srwatson subj = SLOT(&cred->cr_label); 2048101099Srwatson obj = SLOT(label); 2049101099Srwatson 2050101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2051101099Srwatson return (EACCES); 2052101099Srwatson 2053101099Srwatson return (0); 2054101099Srwatson} 2055101099Srwatson 2056101099Srwatsonstatic int 2057101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 2058101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 2059101099Srwatson{ 2060101099Srwatson struct mac_biba *subj, *obj; 2061101099Srwatson 2062101099Srwatson if (!mac_biba_enabled) 2063101099Srwatson return (0); 2064101099Srwatson 2065101099Srwatson subj = SLOT(&cred->cr_label); 2066101099Srwatson obj = SLOT(label); 2067101099Srwatson 2068101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2069101099Srwatson return (EACCES); 2070101099Srwatson 2071101099Srwatson return (0); 2072101099Srwatson} 2073101099Srwatson 2074101099Srwatsonstatic int 2075104530Srwatsonmac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, 2076104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2077104530Srwatson struct componentname *cnp) 2078104530Srwatson{ 2079104530Srwatson struct mac_biba *subj, *obj; 2080104530Srwatson 2081104530Srwatson if (!mac_biba_enabled) 2082104530Srwatson return (0); 2083104530Srwatson 2084104530Srwatson subj = SLOT(&cred->cr_label); 2085104530Srwatson obj = SLOT(dlabel); 2086104530Srwatson 2087104530Srwatson if (!mac_biba_dominate_single(subj, obj)) 2088104530Srwatson return (EACCES); 2089104530Srwatson 2090104530Srwatson obj = SLOT(label); 2091104530Srwatson 2092104530Srwatson if (!mac_biba_dominate_single(subj, obj)) 2093104530Srwatson return (EACCES); 2094104530Srwatson 2095104530Srwatson return (0); 2096104530Srwatson} 2097104530Srwatson 2098104530Srwatsonstatic int 2099103759Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2100101099Srwatson struct label *dlabel, struct componentname *cnp) 2101101099Srwatson{ 2102101099Srwatson struct mac_biba *subj, *obj; 2103103759Srwatson 2104101099Srwatson if (!mac_biba_enabled) 2105101099Srwatson return (0); 2106103759Srwatson 2107101099Srwatson subj = SLOT(&cred->cr_label); 2108101099Srwatson obj = SLOT(dlabel); 2109103759Srwatson 2110101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2111101099Srwatson return (EACCES); 2112101099Srwatson 2113103759Srwatson return (0); 2114101099Srwatson} 2115101099Srwatson 2116101099Srwatsonstatic int 2117104546Srwatsonmac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2118104546Srwatson struct label *label, int prot) 2119104546Srwatson{ 2120104546Srwatson struct mac_biba *subj, *obj; 2121104546Srwatson 2122104546Srwatson /* 2123104546Srwatson * Rely on the use of open()-time protections to handle 2124104546Srwatson * non-revocation cases. 2125104546Srwatson */ 2126105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2127104546Srwatson return (0); 2128104546Srwatson 2129104546Srwatson subj = SLOT(&cred->cr_label); 2130104546Srwatson obj = SLOT(label); 2131104546Srwatson 2132104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2133104546Srwatson if (!mac_biba_dominate_single(obj, subj)) 2134104546Srwatson return (EACCES); 2135104546Srwatson } 2136104546Srwatson if (prot & VM_PROT_WRITE) { 2137104546Srwatson if (!mac_biba_dominate_single(subj, obj)) 2138104546Srwatson return (EACCES); 2139104546Srwatson } 2140104546Srwatson 2141104569Srwatson return (0); 2142104546Srwatson} 2143104546Srwatson 2144104546Srwatsonstatic int 2145101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 2146106212Srwatson struct label *vnodelabel, int acc_mode) 2147101099Srwatson{ 2148101099Srwatson struct mac_biba *subj, *obj; 2149101099Srwatson 2150101099Srwatson if (!mac_biba_enabled) 2151101099Srwatson return (0); 2152101099Srwatson 2153101099Srwatson subj = SLOT(&cred->cr_label); 2154101099Srwatson obj = SLOT(vnodelabel); 2155101099Srwatson 2156101099Srwatson /* XXX privilege override for admin? */ 2157101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 2158101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2159101099Srwatson return (EACCES); 2160101099Srwatson } 2161101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 2162101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2163101099Srwatson return (EACCES); 2164101099Srwatson } 2165101099Srwatson 2166101099Srwatson return (0); 2167101099Srwatson} 2168101099Srwatson 2169101099Srwatsonstatic int 2170102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2171102129Srwatson struct vnode *vp, struct label *label) 2172102112Srwatson{ 2173102112Srwatson struct mac_biba *subj, *obj; 2174102112Srwatson 2175105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2176102112Srwatson return (0); 2177102112Srwatson 2178102129Srwatson subj = SLOT(&active_cred->cr_label); 2179102112Srwatson obj = SLOT(label); 2180102112Srwatson 2181102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 2182102112Srwatson return (EACCES); 2183102112Srwatson 2184102112Srwatson return (0); 2185102112Srwatson} 2186102112Srwatson 2187102112Srwatsonstatic int 2188102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2189102129Srwatson struct vnode *vp, struct label *label) 2190102112Srwatson{ 2191102112Srwatson struct mac_biba *subj, *obj; 2192102112Srwatson 2193105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2194102112Srwatson return (0); 2195102112Srwatson 2196102129Srwatson subj = SLOT(&active_cred->cr_label); 2197102112Srwatson obj = SLOT(label); 2198102112Srwatson 2199102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 2200102112Srwatson return (EACCES); 2201102112Srwatson 2202102112Srwatson return (0); 2203102112Srwatson} 2204102112Srwatson 2205102112Srwatsonstatic int 2206101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2207101099Srwatson struct label *dlabel) 2208101099Srwatson{ 2209101099Srwatson struct mac_biba *subj, *obj; 2210101099Srwatson 2211101099Srwatson if (!mac_biba_enabled) 2212101099Srwatson return (0); 2213101099Srwatson 2214101099Srwatson subj = SLOT(&cred->cr_label); 2215101099Srwatson obj = SLOT(dlabel); 2216101099Srwatson 2217101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2218101099Srwatson return (EACCES); 2219101099Srwatson 2220101099Srwatson return (0); 2221101099Srwatson} 2222101099Srwatson 2223101099Srwatsonstatic int 2224101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2225101099Srwatson struct label *label) 2226101099Srwatson{ 2227101099Srwatson struct mac_biba *subj, *obj; 2228101099Srwatson 2229101099Srwatson if (!mac_biba_enabled) 2230101099Srwatson return (0); 2231101099Srwatson 2232101099Srwatson subj = SLOT(&cred->cr_label); 2233101099Srwatson obj = SLOT(label); 2234101099Srwatson 2235101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2236101099Srwatson return (EACCES); 2237101099Srwatson 2238101099Srwatson return (0); 2239101099Srwatson} 2240101099Srwatson 2241101099Srwatsonstatic int 2242101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2243101099Srwatson struct label *vnodelabel, struct label *newlabel) 2244101099Srwatson{ 2245101099Srwatson struct mac_biba *old, *new, *subj; 2246105634Srwatson int error; 2247101099Srwatson 2248101099Srwatson old = SLOT(vnodelabel); 2249101099Srwatson new = SLOT(newlabel); 2250101099Srwatson subj = SLOT(&cred->cr_label); 2251101099Srwatson 2252101099Srwatson /* 2253105634Srwatson * If there is a Biba label update for the vnode, it must be a 2254105634Srwatson * single label. 2255101099Srwatson */ 2256105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); 2257105634Srwatson if (error) 2258105634Srwatson return (error); 2259101099Srwatson 2260101099Srwatson /* 2261105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 2262105634Srwatson * authorize the relabel. 2263101099Srwatson */ 2264105634Srwatson if (!mac_biba_single_in_range(old, subj)) 2265101099Srwatson return (EPERM); 2266101099Srwatson 2267101099Srwatson /* 2268105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2269101099Srwatson */ 2270105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { 2271105634Srwatson /* 2272105634Srwatson * To change the Biba label on a vnode, the new vnode label 2273105634Srwatson * must be in the subject range. 2274105634Srwatson */ 2275105634Srwatson if (!mac_biba_single_in_range(new, subj)) 2276105634Srwatson return (EPERM); 2277101099Srwatson 2278105634Srwatson /* 2279105634Srwatson * To change the Biba label on the vnode to be EQUAL, 2280105634Srwatson * the subject must have appropriate privilege. 2281105634Srwatson */ 2282105634Srwatson if (mac_biba_contains_equal(new)) { 2283106090Srwatson error = mac_biba_subject_privileged(subj); 2284105634Srwatson if (error) 2285105634Srwatson return (error); 2286105634Srwatson } 2287105634Srwatson } 2288105634Srwatson 2289105634Srwatson return (0); 2290101099Srwatson} 2291101099Srwatson 2292101099Srwatsonstatic int 2293101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 2294101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2295101099Srwatson struct componentname *cnp) 2296101099Srwatson{ 2297101099Srwatson struct mac_biba *subj, *obj; 2298101099Srwatson 2299101099Srwatson if (!mac_biba_enabled) 2300101099Srwatson return (0); 2301101099Srwatson 2302101099Srwatson subj = SLOT(&cred->cr_label); 2303101099Srwatson obj = SLOT(dlabel); 2304101099Srwatson 2305101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2306101099Srwatson return (EACCES); 2307101099Srwatson 2308101099Srwatson obj = SLOT(label); 2309101099Srwatson 2310101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2311101099Srwatson return (EACCES); 2312101099Srwatson 2313101099Srwatson return (0); 2314101099Srwatson} 2315101099Srwatson 2316101099Srwatsonstatic int 2317101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2318101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2319101099Srwatson struct componentname *cnp) 2320101099Srwatson{ 2321101099Srwatson struct mac_biba *subj, *obj; 2322101099Srwatson 2323101099Srwatson if (!mac_biba_enabled) 2324101099Srwatson return (0); 2325101099Srwatson 2326101099Srwatson subj = SLOT(&cred->cr_label); 2327101099Srwatson obj = SLOT(dlabel); 2328101099Srwatson 2329101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2330101099Srwatson return (EACCES); 2331101099Srwatson 2332101099Srwatson if (vp != NULL) { 2333101099Srwatson obj = SLOT(label); 2334101099Srwatson 2335101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2336101099Srwatson return (EACCES); 2337101099Srwatson } 2338101099Srwatson 2339101099Srwatson return (0); 2340101099Srwatson} 2341101099Srwatson 2342101099Srwatsonstatic int 2343101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2344101099Srwatson struct label *label) 2345101099Srwatson{ 2346101099Srwatson struct mac_biba *subj, *obj; 2347101099Srwatson 2348101099Srwatson if (!mac_biba_enabled) 2349101099Srwatson return (0); 2350101099Srwatson 2351101099Srwatson subj = SLOT(&cred->cr_label); 2352101099Srwatson obj = SLOT(label); 2353101099Srwatson 2354101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2355101099Srwatson return (EACCES); 2356101099Srwatson 2357101099Srwatson return (0); 2358101099Srwatson} 2359101099Srwatson 2360101099Srwatsonstatic int 2361101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2362101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 2363101099Srwatson{ 2364101099Srwatson struct mac_biba *subj, *obj; 2365101099Srwatson 2366101099Srwatson if (!mac_biba_enabled) 2367101099Srwatson return (0); 2368101099Srwatson 2369101099Srwatson subj = SLOT(&cred->cr_label); 2370101099Srwatson obj = SLOT(label); 2371101099Srwatson 2372101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2373101099Srwatson return (EACCES); 2374101099Srwatson 2375101099Srwatson return (0); 2376101099Srwatson} 2377101099Srwatson 2378101099Srwatsonstatic int 2379101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2380101099Srwatson struct label *vnodelabel, int attrnamespace, const char *name, 2381101099Srwatson struct uio *uio) 2382101099Srwatson{ 2383101099Srwatson struct mac_biba *subj, *obj; 2384101099Srwatson 2385101099Srwatson if (!mac_biba_enabled) 2386101099Srwatson return (0); 2387101099Srwatson 2388101099Srwatson subj = SLOT(&cred->cr_label); 2389101099Srwatson obj = SLOT(vnodelabel); 2390101099Srwatson 2391101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2392101099Srwatson return (EACCES); 2393101099Srwatson 2394101099Srwatson /* XXX: protect the MAC EA in a special way? */ 2395101099Srwatson 2396101099Srwatson return (0); 2397101099Srwatson} 2398101099Srwatson 2399101099Srwatsonstatic int 2400101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2401101099Srwatson struct label *vnodelabel, u_long flags) 2402101099Srwatson{ 2403101099Srwatson struct mac_biba *subj, *obj; 2404101099Srwatson 2405101099Srwatson if (!mac_biba_enabled) 2406101099Srwatson return (0); 2407101099Srwatson 2408101099Srwatson subj = SLOT(&cred->cr_label); 2409101099Srwatson obj = SLOT(vnodelabel); 2410101099Srwatson 2411101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2412101099Srwatson return (EACCES); 2413101099Srwatson 2414101099Srwatson return (0); 2415101099Srwatson} 2416101099Srwatson 2417101099Srwatsonstatic int 2418101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2419101099Srwatson struct label *vnodelabel, mode_t mode) 2420101099Srwatson{ 2421101099Srwatson struct mac_biba *subj, *obj; 2422101099Srwatson 2423101099Srwatson if (!mac_biba_enabled) 2424101099Srwatson return (0); 2425101099Srwatson 2426101099Srwatson subj = SLOT(&cred->cr_label); 2427101099Srwatson obj = SLOT(vnodelabel); 2428101099Srwatson 2429101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2430101099Srwatson return (EACCES); 2431101099Srwatson 2432101099Srwatson return (0); 2433101099Srwatson} 2434101099Srwatson 2435101099Srwatsonstatic int 2436101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2437101099Srwatson struct label *vnodelabel, uid_t uid, gid_t gid) 2438101099Srwatson{ 2439101099Srwatson struct mac_biba *subj, *obj; 2440101099Srwatson 2441101099Srwatson if (!mac_biba_enabled) 2442101099Srwatson return (0); 2443101099Srwatson 2444101099Srwatson subj = SLOT(&cred->cr_label); 2445101099Srwatson obj = SLOT(vnodelabel); 2446101099Srwatson 2447101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2448101099Srwatson return (EACCES); 2449101099Srwatson 2450101099Srwatson return (0); 2451101099Srwatson} 2452101099Srwatson 2453101099Srwatsonstatic int 2454101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2455101099Srwatson struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2456101099Srwatson{ 2457101099Srwatson struct mac_biba *subj, *obj; 2458101099Srwatson 2459101099Srwatson if (!mac_biba_enabled) 2460101099Srwatson return (0); 2461101099Srwatson 2462101099Srwatson subj = SLOT(&cred->cr_label); 2463101099Srwatson obj = SLOT(vnodelabel); 2464101099Srwatson 2465101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 2466101099Srwatson return (EACCES); 2467101099Srwatson 2468101099Srwatson return (0); 2469101099Srwatson} 2470101099Srwatson 2471101099Srwatsonstatic int 2472102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2473102129Srwatson struct vnode *vp, struct label *vnodelabel) 2474101099Srwatson{ 2475101099Srwatson struct mac_biba *subj, *obj; 2476101099Srwatson 2477101099Srwatson if (!mac_biba_enabled) 2478101099Srwatson return (0); 2479101099Srwatson 2480102129Srwatson subj = SLOT(&active_cred->cr_label); 2481101099Srwatson obj = SLOT(vnodelabel); 2482101099Srwatson 2483101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 2484101099Srwatson return (EACCES); 2485101099Srwatson 2486101099Srwatson return (0); 2487101099Srwatson} 2488101099Srwatson 2489102112Srwatsonstatic int 2490102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 2491102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 2492102112Srwatson{ 2493102112Srwatson struct mac_biba *subj, *obj; 2494102112Srwatson 2495105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2496102112Srwatson return (0); 2497102112Srwatson 2498102129Srwatson subj = SLOT(&active_cred->cr_label); 2499102112Srwatson obj = SLOT(label); 2500102112Srwatson 2501102112Srwatson if (!mac_biba_dominate_single(subj, obj)) 2502102112Srwatson return (EACCES); 2503102112Srwatson 2504102112Srwatson return (0); 2505102112Srwatson} 2506102112Srwatson 2507106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 2508101099Srwatson{ 2509106217Srwatson .mpo_destroy = mac_biba_destroy, 2510106217Srwatson .mpo_init = mac_biba_init, 2511106217Srwatson .mpo_init_bpfdesc_label = mac_biba_init_label, 2512106217Srwatson .mpo_init_cred_label = mac_biba_init_label, 2513106217Srwatson .mpo_init_devfsdirent_label = mac_biba_init_label, 2514106217Srwatson .mpo_init_ifnet_label = mac_biba_init_label, 2515106217Srwatson .mpo_init_ipq_label = mac_biba_init_label, 2516106217Srwatson .mpo_init_mbuf_label = mac_biba_init_label_waitcheck, 2517106217Srwatson .mpo_init_mount_label = mac_biba_init_label, 2518106217Srwatson .mpo_init_mount_fs_label = mac_biba_init_label, 2519106217Srwatson .mpo_init_pipe_label = mac_biba_init_label, 2520106217Srwatson .mpo_init_socket_label = mac_biba_init_label_waitcheck, 2521106217Srwatson .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, 2522106217Srwatson .mpo_init_vnode_label = mac_biba_init_label, 2523106217Srwatson .mpo_destroy_bpfdesc_label = mac_biba_destroy_label, 2524106217Srwatson .mpo_destroy_cred_label = mac_biba_destroy_label, 2525106217Srwatson .mpo_destroy_devfsdirent_label = mac_biba_destroy_label, 2526106217Srwatson .mpo_destroy_ifnet_label = mac_biba_destroy_label, 2527106217Srwatson .mpo_destroy_ipq_label = mac_biba_destroy_label, 2528106217Srwatson .mpo_destroy_mbuf_label = mac_biba_destroy_label, 2529106217Srwatson .mpo_destroy_mount_label = mac_biba_destroy_label, 2530106217Srwatson .mpo_destroy_mount_fs_label = mac_biba_destroy_label, 2531106217Srwatson .mpo_destroy_pipe_label = mac_biba_destroy_label, 2532106217Srwatson .mpo_destroy_socket_label = mac_biba_destroy_label, 2533106217Srwatson .mpo_destroy_socket_peer_label = mac_biba_destroy_label, 2534106217Srwatson .mpo_destroy_vnode_label = mac_biba_destroy_label, 2535106217Srwatson .mpo_copy_pipe_label = mac_biba_copy_label, 2536106217Srwatson .mpo_copy_vnode_label = mac_biba_copy_label, 2537106217Srwatson .mpo_externalize_cred_label = mac_biba_externalize_label, 2538106217Srwatson .mpo_externalize_ifnet_label = mac_biba_externalize_label, 2539106217Srwatson .mpo_externalize_pipe_label = mac_biba_externalize_label, 2540106217Srwatson .mpo_externalize_socket_label = mac_biba_externalize_label, 2541106217Srwatson .mpo_externalize_socket_peer_label = mac_biba_externalize_label, 2542106217Srwatson .mpo_externalize_vnode_label = mac_biba_externalize_label, 2543106217Srwatson .mpo_internalize_cred_label = mac_biba_internalize_label, 2544106217Srwatson .mpo_internalize_ifnet_label = mac_biba_internalize_label, 2545106217Srwatson .mpo_internalize_pipe_label = mac_biba_internalize_label, 2546106217Srwatson .mpo_internalize_socket_label = mac_biba_internalize_label, 2547106217Srwatson .mpo_internalize_vnode_label = mac_biba_internalize_label, 2548106217Srwatson .mpo_create_devfs_device = mac_biba_create_devfs_device, 2549106217Srwatson .mpo_create_devfs_directory = mac_biba_create_devfs_directory, 2550106217Srwatson .mpo_create_devfs_symlink = mac_biba_create_devfs_symlink, 2551106217Srwatson .mpo_create_devfs_vnode = mac_biba_create_devfs_vnode, 2552106217Srwatson .mpo_create_mount = mac_biba_create_mount, 2553106217Srwatson .mpo_create_root_mount = mac_biba_create_root_mount, 2554106217Srwatson .mpo_relabel_vnode = mac_biba_relabel_vnode, 2555106217Srwatson .mpo_update_devfsdirent = mac_biba_update_devfsdirent, 2556106217Srwatson .mpo_associate_vnode_devfs = mac_biba_associate_vnode_devfs, 2557106217Srwatson .mpo_associate_vnode_extattr = mac_biba_associate_vnode_extattr, 2558106217Srwatson .mpo_associate_vnode_singlelabel = mac_biba_associate_vnode_singlelabel, 2559106217Srwatson .mpo_create_vnode_extattr = mac_biba_create_vnode_extattr, 2560106217Srwatson .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, 2561106217Srwatson .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, 2562106217Srwatson .mpo_create_pipe = mac_biba_create_pipe, 2563106217Srwatson .mpo_create_socket = mac_biba_create_socket, 2564106217Srwatson .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, 2565106217Srwatson .mpo_relabel_pipe = mac_biba_relabel_pipe, 2566106217Srwatson .mpo_relabel_socket = mac_biba_relabel_socket, 2567106217Srwatson .mpo_set_socket_peer_from_mbuf = mac_biba_set_socket_peer_from_mbuf, 2568106217Srwatson .mpo_set_socket_peer_from_socket = mac_biba_set_socket_peer_from_socket, 2569106217Srwatson .mpo_create_bpfdesc = mac_biba_create_bpfdesc, 2570106217Srwatson .mpo_create_datagram_from_ipq = mac_biba_create_datagram_from_ipq, 2571106217Srwatson .mpo_create_fragment = mac_biba_create_fragment, 2572106217Srwatson .mpo_create_ifnet = mac_biba_create_ifnet, 2573106217Srwatson .mpo_create_ipq = mac_biba_create_ipq, 2574106217Srwatson .mpo_create_mbuf_from_mbuf = mac_biba_create_mbuf_from_mbuf, 2575106217Srwatson .mpo_create_mbuf_linklayer = mac_biba_create_mbuf_linklayer, 2576106217Srwatson .mpo_create_mbuf_from_bpfdesc = mac_biba_create_mbuf_from_bpfdesc, 2577106217Srwatson .mpo_create_mbuf_from_ifnet = mac_biba_create_mbuf_from_ifnet, 2578106217Srwatson .mpo_create_mbuf_multicast_encap = mac_biba_create_mbuf_multicast_encap, 2579106217Srwatson .mpo_create_mbuf_netlayer = mac_biba_create_mbuf_netlayer, 2580106217Srwatson .mpo_fragment_match = mac_biba_fragment_match, 2581106217Srwatson .mpo_relabel_ifnet = mac_biba_relabel_ifnet, 2582106217Srwatson .mpo_update_ipq = mac_biba_update_ipq, 2583106217Srwatson .mpo_create_cred = mac_biba_create_cred, 2584106217Srwatson .mpo_execve_transition = mac_biba_execve_transition, 2585106217Srwatson .mpo_execve_will_transition = mac_biba_execve_will_transition, 2586106217Srwatson .mpo_create_proc0 = mac_biba_create_proc0, 2587106217Srwatson .mpo_create_proc1 = mac_biba_create_proc1, 2588106217Srwatson .mpo_relabel_cred = mac_biba_relabel_cred, 2589106217Srwatson .mpo_check_bpfdesc_receive = mac_biba_check_bpfdesc_receive, 2590106217Srwatson .mpo_check_cred_relabel = mac_biba_check_cred_relabel, 2591106217Srwatson .mpo_check_cred_visible = mac_biba_check_cred_visible, 2592106217Srwatson .mpo_check_ifnet_relabel = mac_biba_check_ifnet_relabel, 2593106217Srwatson .mpo_check_ifnet_transmit = mac_biba_check_ifnet_transmit, 2594106217Srwatson .mpo_check_mount_stat = mac_biba_check_mount_stat, 2595106217Srwatson .mpo_check_pipe_ioctl = mac_biba_check_pipe_ioctl, 2596106217Srwatson .mpo_check_pipe_poll = mac_biba_check_pipe_poll, 2597106217Srwatson .mpo_check_pipe_read = mac_biba_check_pipe_read, 2598106217Srwatson .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, 2599106217Srwatson .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 2600106217Srwatson .mpo_check_pipe_write = mac_biba_check_pipe_write, 2601106217Srwatson .mpo_check_proc_debug = mac_biba_check_proc_debug, 2602106217Srwatson .mpo_check_proc_sched = mac_biba_check_proc_sched, 2603106217Srwatson .mpo_check_proc_signal = mac_biba_check_proc_signal, 2604106217Srwatson .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 2605106217Srwatson .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 2606106217Srwatson .mpo_check_socket_visible = mac_biba_check_socket_visible, 2607106217Srwatson .mpo_check_system_swapon = mac_biba_check_system_swapon, 2608106217Srwatson .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 2609106217Srwatson .mpo_check_vnode_access = mac_biba_check_vnode_open, 2610106217Srwatson .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 2611106217Srwatson .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 2612106217Srwatson .mpo_check_vnode_create = mac_biba_check_vnode_create, 2613106217Srwatson .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 2614106217Srwatson .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 2615106217Srwatson .mpo_check_vnode_exec = mac_biba_check_vnode_exec, 2616106217Srwatson .mpo_check_vnode_getacl = mac_biba_check_vnode_getacl, 2617106217Srwatson .mpo_check_vnode_getextattr = mac_biba_check_vnode_getextattr, 2618106217Srwatson .mpo_check_vnode_link = mac_biba_check_vnode_link, 2619106217Srwatson .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, 2620106217Srwatson .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, 2621106217Srwatson .mpo_check_vnode_mprotect = mac_biba_check_vnode_mmap, 2622106217Srwatson .mpo_check_vnode_open = mac_biba_check_vnode_open, 2623106217Srwatson .mpo_check_vnode_poll = mac_biba_check_vnode_poll, 2624106217Srwatson .mpo_check_vnode_read = mac_biba_check_vnode_read, 2625106217Srwatson .mpo_check_vnode_readdir = mac_biba_check_vnode_readdir, 2626106217Srwatson .mpo_check_vnode_readlink = mac_biba_check_vnode_readlink, 2627106217Srwatson .mpo_check_vnode_relabel = mac_biba_check_vnode_relabel, 2628106217Srwatson .mpo_check_vnode_rename_from = mac_biba_check_vnode_rename_from, 2629106217Srwatson .mpo_check_vnode_rename_to = mac_biba_check_vnode_rename_to, 2630106217Srwatson .mpo_check_vnode_revoke = mac_biba_check_vnode_revoke, 2631106217Srwatson .mpo_check_vnode_setacl = mac_biba_check_vnode_setacl, 2632106217Srwatson .mpo_check_vnode_setextattr = mac_biba_check_vnode_setextattr, 2633106217Srwatson .mpo_check_vnode_setflags = mac_biba_check_vnode_setflags, 2634106217Srwatson .mpo_check_vnode_setmode = mac_biba_check_vnode_setmode, 2635106217Srwatson .mpo_check_vnode_setowner = mac_biba_check_vnode_setowner, 2636106217Srwatson .mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes, 2637106217Srwatson .mpo_check_vnode_stat = mac_biba_check_vnode_stat, 2638106217Srwatson .mpo_check_vnode_write = mac_biba_check_vnode_write, 2639101099Srwatson}; 2640101099Srwatson 2641106217SrwatsonMAC_POLICY_SET(&mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2642101099Srwatson MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2643