mac_biba.c revision 145076
1101099Srwatson/*- 2126097Srwatson * Copyright (c) 1999-2002 Robert N. M. Watson 3140628Srwatson * Copyright (c) 2001-2005 McAfee, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8140628Srwatson * This software was developed for the FreeBSD Project in part by McAfee 9140628Srwatson * Research, the Security Research Division of McAfee, Inc. under 10140628Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11140628Srwatson * CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32101099Srwatson * SUCH DAMAGE. 33101099Srwatson * 34101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 145076 2005-04-14 16:03:30Z csjp $ 35101099Srwatson */ 36101099Srwatson 37101099Srwatson/* 38101099Srwatson * Developed by the TrustedBSD Project. 39101099Srwatson * Biba fixed label mandatory integrity policy. 40101099Srwatson */ 41101099Srwatson 42101099Srwatson#include <sys/types.h> 43101099Srwatson#include <sys/param.h> 44101099Srwatson#include <sys/acl.h> 45101099Srwatson#include <sys/conf.h> 46105988Srwatson#include <sys/extattr.h> 47101099Srwatson#include <sys/kernel.h> 48101099Srwatson#include <sys/mac.h> 49103183Sbde#include <sys/malloc.h> 50145076Scsjp#include <sys/mman.h> 51101099Srwatson#include <sys/mount.h> 52101099Srwatson#include <sys/proc.h> 53115497Srwatson#include <sys/sbuf.h> 54101099Srwatson#include <sys/systm.h> 55101099Srwatson#include <sys/sysproto.h> 56101099Srwatson#include <sys/sysent.h> 57105696Srwatson#include <sys/systm.h> 58101099Srwatson#include <sys/vnode.h> 59101099Srwatson#include <sys/file.h> 60101099Srwatson#include <sys/socket.h> 61101099Srwatson#include <sys/socketvar.h> 62101099Srwatson#include <sys/pipe.h> 63101099Srwatson#include <sys/sysctl.h> 64140628Srwatson#include <sys/msg.h> 65140628Srwatson#include <sys/sem.h> 66140628Srwatson#include <sys/shm.h> 67101099Srwatson 68101099Srwatson#include <fs/devfs/devfs.h> 69101099Srwatson 70101099Srwatson#include <net/bpfdesc.h> 71101099Srwatson#include <net/if.h> 72101099Srwatson#include <net/if_types.h> 73101099Srwatson#include <net/if_var.h> 74101099Srwatson 75101099Srwatson#include <netinet/in.h> 76122875Srwatson#include <netinet/in_pcb.h> 77101099Srwatson#include <netinet/ip_var.h> 78101099Srwatson 79122879Srwatson#include <vm/uma.h> 80101099Srwatson#include <vm/vm.h> 81101099Srwatson 82101099Srwatson#include <sys/mac_policy.h> 83101099Srwatson 84101099Srwatson#include <security/mac_biba/mac_biba.h> 85101099Srwatson 86101099SrwatsonSYSCTL_DECL(_security_mac); 87101099Srwatson 88101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 89101099Srwatson "TrustedBSD mac_biba policy controls"); 90101099Srwatson 91105988Srwatsonstatic int mac_biba_label_size = sizeof(struct mac_biba); 92105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 93105988Srwatson &mac_biba_label_size, 0, "Size of struct mac_biba"); 94105988Srwatson 95107731Srwatsonstatic int mac_biba_enabled = 1; 96101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 97101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 98102980SrwatsonTUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 99101099Srwatson 100101099Srwatsonstatic int destroyed_not_inited; 101101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 102101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 103101099Srwatson 104101099Srwatsonstatic int trust_all_interfaces = 0; 105101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 106101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 107101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 108101099Srwatson 109101099Srwatsonstatic char trusted_interfaces[128]; 110101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 111101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 112101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 113101099Srwatson sizeof(trusted_interfaces)); 114101099Srwatson 115105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 116105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 117105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 118105643Srwatson 119105606Srwatsonstatic int ptys_equal = 0; 120105606SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, 121105606Srwatson &ptys_equal, 0, "Label pty devices as biba/equal on create"); 122105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 123105606Srwatson 124105637Srwatsonstatic int revocation_enabled = 0; 125101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 126105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 127105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 128101099Srwatson 129101099Srwatsonstatic int mac_biba_slot; 130101099Srwatson#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 131132781Skan#define SLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_biba_slot).l_ptr = (val)) 132101099Srwatson 133122879Srwatsonstatic uma_zone_t zone_biba; 134101099Srwatson 135105643Srwatsonstatic __inline int 136105643Srwatsonbiba_bit_set_empty(u_char *set) { 137105643Srwatson int i; 138105643Srwatson 139105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 140105643Srwatson if (set[i] != 0) 141105643Srwatson return (0); 142105643Srwatson return (1); 143105643Srwatson} 144105643Srwatson 145101099Srwatsonstatic struct mac_biba * 146104514Srwatsonbiba_alloc(int flag) 147101099Srwatson{ 148101099Srwatson 149122879Srwatson return (uma_zalloc(zone_biba, flag | M_ZERO)); 150101099Srwatson} 151101099Srwatson 152101099Srwatsonstatic void 153101099Srwatsonbiba_free(struct mac_biba *mac_biba) 154101099Srwatson{ 155101099Srwatson 156101099Srwatson if (mac_biba != NULL) 157122879Srwatson uma_zfree(zone_biba, mac_biba); 158101099Srwatson else 159101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 160101099Srwatson} 161101099Srwatson 162101099Srwatsonstatic int 163105634Srwatsonbiba_atmostflags(struct mac_biba *mac_biba, int flags) 164105634Srwatson{ 165105634Srwatson 166105634Srwatson if ((mac_biba->mb_flags & flags) != mac_biba->mb_flags) 167105634Srwatson return (EINVAL); 168105634Srwatson return (0); 169105634Srwatson} 170105634Srwatson 171105634Srwatsonstatic int 172101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 173101099Srwatson struct mac_biba_element *b) 174101099Srwatson{ 175105643Srwatson int bit; 176101099Srwatson 177105736Srwatson switch (a->mbe_type) { 178101099Srwatson case MAC_BIBA_TYPE_EQUAL: 179101099Srwatson case MAC_BIBA_TYPE_HIGH: 180101099Srwatson return (1); 181101099Srwatson 182101099Srwatson case MAC_BIBA_TYPE_LOW: 183101099Srwatson switch (b->mbe_type) { 184101099Srwatson case MAC_BIBA_TYPE_GRADE: 185101099Srwatson case MAC_BIBA_TYPE_HIGH: 186101099Srwatson return (0); 187101099Srwatson 188101099Srwatson case MAC_BIBA_TYPE_EQUAL: 189101099Srwatson case MAC_BIBA_TYPE_LOW: 190101099Srwatson return (1); 191101099Srwatson 192101099Srwatson default: 193101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 194101099Srwatson } 195101099Srwatson 196101099Srwatson case MAC_BIBA_TYPE_GRADE: 197101099Srwatson switch (b->mbe_type) { 198101099Srwatson case MAC_BIBA_TYPE_EQUAL: 199101099Srwatson case MAC_BIBA_TYPE_LOW: 200101099Srwatson return (1); 201101099Srwatson 202101099Srwatson case MAC_BIBA_TYPE_HIGH: 203101099Srwatson return (0); 204101099Srwatson 205101099Srwatson case MAC_BIBA_TYPE_GRADE: 206105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 207105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 208105643Srwatson a->mbe_compartments) && 209105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 210105643Srwatson return (0); 211101099Srwatson return (a->mbe_grade >= b->mbe_grade); 212101099Srwatson 213101099Srwatson default: 214101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 215101099Srwatson } 216101099Srwatson 217101099Srwatson default: 218101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 219101099Srwatson } 220101099Srwatson 221101099Srwatson return (0); 222101099Srwatson} 223101099Srwatson 224101099Srwatsonstatic int 225105988Srwatsonmac_biba_subject_dominate_high(struct mac_biba *mac_biba) 226105988Srwatson{ 227105988Srwatson struct mac_biba_element *element; 228105988Srwatson 229132232Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 230132232Srwatson ("mac_biba_effective_in_range: mac_biba not effective")); 231132232Srwatson element = &mac_biba->mb_effective; 232105988Srwatson 233105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 234105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 235105988Srwatson} 236105988Srwatson 237105988Srwatsonstatic int 238101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 239101099Srwatson{ 240101099Srwatson 241101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 242101099Srwatson &rangea->mb_rangehigh) && 243101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 244101099Srwatson &rangeb->mb_rangelow)); 245101099Srwatson} 246101099Srwatson 247101099Srwatsonstatic int 248136774Srwatsonmac_biba_effective_in_range(struct mac_biba *effective, 249136774Srwatson struct mac_biba *range) 250101099Srwatson{ 251101099Srwatson 252132232Srwatson KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 253132232Srwatson ("mac_biba_effective_in_range: a not effective")); 254103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 255132232Srwatson ("mac_biba_effective_in_range: b not range")); 256101099Srwatson 257101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 258132232Srwatson &effective->mb_effective) && 259132232Srwatson mac_biba_dominate_element(&effective->mb_effective, 260101099Srwatson &range->mb_rangelow)); 261101099Srwatson 262101099Srwatson return (1); 263101099Srwatson} 264101099Srwatson 265101099Srwatsonstatic int 266132232Srwatsonmac_biba_dominate_effective(struct mac_biba *a, struct mac_biba *b) 267101099Srwatson{ 268132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 269132232Srwatson ("mac_biba_dominate_effective: a not effective")); 270132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 271132232Srwatson ("mac_biba_dominate_effective: b not effective")); 272101099Srwatson 273132232Srwatson return (mac_biba_dominate_element(&a->mb_effective, &b->mb_effective)); 274101099Srwatson} 275101099Srwatson 276101099Srwatsonstatic int 277101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 278101099Srwatson{ 279101099Srwatson 280101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 281101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 282101099Srwatson return (1); 283101099Srwatson 284101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 285101099Srwatson} 286101099Srwatson 287101099Srwatsonstatic int 288132232Srwatsonmac_biba_equal_effective(struct mac_biba *a, struct mac_biba *b) 289101099Srwatson{ 290101099Srwatson 291132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 292132232Srwatson ("mac_biba_equal_effective: a not effective")); 293132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 294132232Srwatson ("mac_biba_equal_effective: b not effective")); 295101099Srwatson 296132232Srwatson return (mac_biba_equal_element(&a->mb_effective, &b->mb_effective)); 297101099Srwatson} 298101099Srwatson 299101099Srwatsonstatic int 300105634Srwatsonmac_biba_contains_equal(struct mac_biba *mac_biba) 301105634Srwatson{ 302105634Srwatson 303132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 304132232Srwatson if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 305105634Srwatson return (1); 306105634Srwatson 307105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 308105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 309105634Srwatson return (1); 310105634Srwatson if (mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 311105637Srwatson return (1); 312105634Srwatson } 313105634Srwatson 314105634Srwatson return (0); 315105634Srwatson} 316105634Srwatson 317105634Srwatsonstatic int 318106090Srwatsonmac_biba_subject_privileged(struct mac_biba *mac_biba) 319105634Srwatson{ 320105634Srwatson 321105634Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) == 322105634Srwatson MAC_BIBA_FLAGS_BOTH, 323106090Srwatson ("mac_biba_subject_privileged: subject doesn't have both labels")); 324105634Srwatson 325132232Srwatson /* If the effective is EQUAL, it's ok. */ 326132232Srwatson if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 327105634Srwatson return (0); 328105634Srwatson 329105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 330105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 331105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 332105634Srwatson return (0); 333105634Srwatson 334105634Srwatson /* If the range is low-high, it's ok. */ 335105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 336105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 337105634Srwatson return (0); 338105634Srwatson 339105634Srwatson /* It's not ok. */ 340105634Srwatson return (EPERM); 341105634Srwatson} 342105634Srwatson 343106091Srwatsonstatic int 344132232Srwatsonmac_biba_high_effective(struct mac_biba *mac_biba) 345105988Srwatson{ 346105988Srwatson 347132232Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 348132232Srwatson ("mac_biba_equal_effective: mac_biba not effective")); 349105988Srwatson 350132232Srwatson return (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); 351105988Srwatson} 352105988Srwatson 353105634Srwatsonstatic int 354101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 355101099Srwatson{ 356101099Srwatson 357132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 358132232Srwatson switch (mac_biba->mb_effective.mbe_type) { 359101099Srwatson case MAC_BIBA_TYPE_GRADE: 360101099Srwatson break; 361101099Srwatson 362101099Srwatson case MAC_BIBA_TYPE_EQUAL: 363101099Srwatson case MAC_BIBA_TYPE_HIGH: 364101099Srwatson case MAC_BIBA_TYPE_LOW: 365132232Srwatson if (mac_biba->mb_effective.mbe_grade != 0 || 366105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 367132232Srwatson mac_biba->mb_effective.mbe_compartments)) 368101099Srwatson return (EINVAL); 369101099Srwatson break; 370101099Srwatson 371101099Srwatson default: 372101099Srwatson return (EINVAL); 373101099Srwatson } 374101099Srwatson } else { 375132232Srwatson if (mac_biba->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) 376101099Srwatson return (EINVAL); 377101099Srwatson } 378101099Srwatson 379101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 380101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 381101099Srwatson case MAC_BIBA_TYPE_GRADE: 382101099Srwatson break; 383101099Srwatson 384101099Srwatson case MAC_BIBA_TYPE_EQUAL: 385101099Srwatson case MAC_BIBA_TYPE_HIGH: 386101099Srwatson case MAC_BIBA_TYPE_LOW: 387105643Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0 || 388105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 389105643Srwatson mac_biba->mb_rangelow.mbe_compartments)) 390101099Srwatson return (EINVAL); 391101099Srwatson break; 392101099Srwatson 393101099Srwatson default: 394101099Srwatson return (EINVAL); 395101099Srwatson } 396101099Srwatson 397101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 398101099Srwatson case MAC_BIBA_TYPE_GRADE: 399101099Srwatson break; 400101099Srwatson 401101099Srwatson case MAC_BIBA_TYPE_EQUAL: 402101099Srwatson case MAC_BIBA_TYPE_HIGH: 403101099Srwatson case MAC_BIBA_TYPE_LOW: 404105643Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0 || 405105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 406105643Srwatson mac_biba->mb_rangehigh.mbe_compartments)) 407101099Srwatson return (EINVAL); 408101099Srwatson break; 409101099Srwatson 410101099Srwatson default: 411101099Srwatson return (EINVAL); 412101099Srwatson } 413101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 414101099Srwatson &mac_biba->mb_rangelow)) 415101099Srwatson return (EINVAL); 416101099Srwatson } else { 417101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 418101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 419101099Srwatson return (EINVAL); 420101099Srwatson } 421101099Srwatson 422101099Srwatson return (0); 423101099Srwatson} 424101099Srwatson 425101099Srwatsonstatic void 426101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 427105643Srwatson u_short gradelow, u_char *compartmentslow, u_short typehigh, 428105643Srwatson u_short gradehigh, u_char *compartmentshigh) 429101099Srwatson{ 430101099Srwatson 431101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 432101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 433105643Srwatson if (compartmentslow != NULL) 434105643Srwatson memcpy(mac_biba->mb_rangelow.mbe_compartments, 435105643Srwatson compartmentslow, 436105643Srwatson sizeof(mac_biba->mb_rangelow.mbe_compartments)); 437101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 438101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 439105643Srwatson if (compartmentshigh != NULL) 440105643Srwatson memcpy(mac_biba->mb_rangehigh.mbe_compartments, 441105643Srwatson compartmentshigh, 442105643Srwatson sizeof(mac_biba->mb_rangehigh.mbe_compartments)); 443101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 444101099Srwatson} 445101099Srwatson 446101099Srwatsonstatic void 447132232Srwatsonmac_biba_set_effective(struct mac_biba *mac_biba, u_short type, u_short grade, 448105643Srwatson u_char *compartments) 449101099Srwatson{ 450101099Srwatson 451132232Srwatson mac_biba->mb_effective.mbe_type = type; 452132232Srwatson mac_biba->mb_effective.mbe_grade = grade; 453105643Srwatson if (compartments != NULL) 454132232Srwatson memcpy(mac_biba->mb_effective.mbe_compartments, compartments, 455132232Srwatson sizeof(mac_biba->mb_effective.mbe_compartments)); 456132232Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 457101099Srwatson} 458101099Srwatson 459101099Srwatsonstatic void 460101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 461101099Srwatson{ 462105643Srwatson 463101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 464101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 465101099Srwatson 466101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 467101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 468101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 469101099Srwatson} 470101099Srwatson 471101099Srwatsonstatic void 472132232Srwatsonmac_biba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) 473101099Srwatson{ 474101099Srwatson 475132232Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 476132232Srwatson ("mac_biba_copy_effective: labelfrom not effective")); 477101099Srwatson 478132232Srwatson labelto->mb_effective = labelfrom->mb_effective; 479132232Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 480101099Srwatson} 481101099Srwatson 482105656Srwatsonstatic void 483105656Srwatsonmac_biba_copy(struct mac_biba *source, struct mac_biba *dest) 484105656Srwatson{ 485105656Srwatson 486132232Srwatson if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 487132232Srwatson mac_biba_copy_effective(source, dest); 488105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 489105656Srwatson mac_biba_copy_range(source, dest); 490105656Srwatson} 491105656Srwatson 492101099Srwatson/* 493101099Srwatson * Policy module operations. 494101099Srwatson */ 495101099Srwatsonstatic void 496101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 497101099Srwatson{ 498101099Srwatson 499122879Srwatson zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 500122879Srwatson NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 501101099Srwatson} 502101099Srwatson 503101099Srwatson/* 504101099Srwatson * Label operations. 505101099Srwatson */ 506101099Srwatsonstatic void 507104514Srwatsonmac_biba_init_label(struct label *label) 508101099Srwatson{ 509101099Srwatson 510132781Skan SLOT_SET(label, biba_alloc(M_WAITOK)); 511101099Srwatson} 512101099Srwatson 513101099Srwatsonstatic int 514104514Srwatsonmac_biba_init_label_waitcheck(struct label *label, int flag) 515101099Srwatson{ 516101099Srwatson 517132781Skan SLOT_SET(label, biba_alloc(flag)); 518101099Srwatson if (SLOT(label) == NULL) 519101099Srwatson return (ENOMEM); 520101099Srwatson 521101099Srwatson return (0); 522101099Srwatson} 523101099Srwatson 524101099Srwatsonstatic void 525104514Srwatsonmac_biba_destroy_label(struct label *label) 526101099Srwatson{ 527101099Srwatson 528101099Srwatson biba_free(SLOT(label)); 529132781Skan SLOT_SET(label, NULL); 530101099Srwatson} 531101099Srwatson 532105696Srwatson/* 533115497Srwatson * mac_biba_element_to_string() accepts an sbuf and Biba element. It 534115497Srwatson * converts the Biba element to a string and stores the result in the 535115497Srwatson * sbuf; if there isn't space in the sbuf, -1 is returned. 536105696Srwatson */ 537115497Srwatsonstatic int 538115497Srwatsonmac_biba_element_to_string(struct sbuf *sb, struct mac_biba_element *element) 539105696Srwatson{ 540115497Srwatson int i, first; 541105696Srwatson 542105696Srwatson switch (element->mbe_type) { 543105696Srwatson case MAC_BIBA_TYPE_HIGH: 544115497Srwatson return (sbuf_printf(sb, "high")); 545105696Srwatson 546105696Srwatson case MAC_BIBA_TYPE_LOW: 547115497Srwatson return (sbuf_printf(sb, "low")); 548105696Srwatson 549105696Srwatson case MAC_BIBA_TYPE_EQUAL: 550115497Srwatson return (sbuf_printf(sb, "equal")); 551105696Srwatson 552105696Srwatson case MAC_BIBA_TYPE_GRADE: 553115497Srwatson if (sbuf_printf(sb, "%d", element->mbe_grade) == -1) 554115497Srwatson return (-1); 555115497Srwatson 556115497Srwatson first = 1; 557115497Srwatson for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) { 558115497Srwatson if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) { 559115497Srwatson if (first) { 560115497Srwatson if (sbuf_putc(sb, ':') == -1) 561115497Srwatson return (-1); 562115497Srwatson if (sbuf_printf(sb, "%d", i) == -1) 563115497Srwatson return (-1); 564115497Srwatson first = 0; 565115497Srwatson } else { 566115497Srwatson if (sbuf_printf(sb, "+%d", i) == -1) 567115497Srwatson return (-1); 568115497Srwatson } 569115497Srwatson } 570105696Srwatson } 571115497Srwatson return (0); 572105696Srwatson 573105696Srwatson default: 574105696Srwatson panic("mac_biba_element_to_string: invalid type (%d)", 575105696Srwatson element->mbe_type); 576105696Srwatson } 577105696Srwatson} 578105696Srwatson 579115497Srwatson/* 580116701Srwatson * mac_biba_to_string() converts a Biba label to a string, and places 581116701Srwatson * the results in the passed sbuf. It returns 0 on success, or EINVAL 582116701Srwatson * if there isn't room in the sbuf. Note: the sbuf will be modified 583116701Srwatson * even in a failure case, so the caller may need to revert the sbuf 584116701Srwatson * by restoring the offset if that's undesired. 585115497Srwatson */ 586101099Srwatsonstatic int 587116701Srwatsonmac_biba_to_string(struct sbuf *sb, struct mac_biba *mac_biba) 588101099Srwatson{ 589105696Srwatson 590132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 591132232Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_effective) 592115497Srwatson == -1) 593105696Srwatson return (EINVAL); 594105696Srwatson } 595105696Srwatson 596105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 597116701Srwatson if (sbuf_putc(sb, '(') == -1) 598105696Srwatson return (EINVAL); 599105696Srwatson 600116701Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_rangelow) 601115497Srwatson == -1) 602105696Srwatson return (EINVAL); 603105696Srwatson 604116701Srwatson if (sbuf_putc(sb, '-') == -1) 605105696Srwatson return (EINVAL); 606105696Srwatson 607116701Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_rangehigh) 608115497Srwatson == -1) 609105696Srwatson return (EINVAL); 610105696Srwatson 611116701Srwatson if (sbuf_putc(sb, ')') == -1) 612105696Srwatson return (EINVAL); 613105696Srwatson } 614105696Srwatson 615105696Srwatson return (0); 616105696Srwatson} 617105696Srwatson 618105696Srwatsonstatic int 619105696Srwatsonmac_biba_externalize_label(struct label *label, char *element_name, 620116701Srwatson struct sbuf *sb, int *claimed) 621105696Srwatson{ 622101099Srwatson struct mac_biba *mac_biba; 623101099Srwatson 624105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 625105696Srwatson return (0); 626105696Srwatson 627105696Srwatson (*claimed)++; 628105696Srwatson 629101099Srwatson mac_biba = SLOT(label); 630116701Srwatson return (mac_biba_to_string(sb, mac_biba)); 631105696Srwatson} 632105696Srwatson 633105696Srwatsonstatic int 634105696Srwatsonmac_biba_parse_element(struct mac_biba_element *element, char *string) 635101099Srwatson{ 636115395Srwatson char *compartment, *end, *grade; 637115395Srwatson int value; 638105696Srwatson 639105696Srwatson if (strcmp(string, "high") == 0 || 640105696Srwatson strcmp(string, "hi") == 0) { 641105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 642105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 643105696Srwatson } else if (strcmp(string, "low") == 0 || 644105696Srwatson strcmp(string, "lo") == 0) { 645105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 646105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 647105696Srwatson } else if (strcmp(string, "equal") == 0 || 648105696Srwatson strcmp(string, "eq") == 0) { 649105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 650105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 651105696Srwatson } else { 652115395Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 653105696Srwatson 654115395Srwatson /* 655115395Srwatson * Numeric grade piece of the element. 656115395Srwatson */ 657115395Srwatson grade = strsep(&string, ":"); 658115395Srwatson value = strtol(grade, &end, 10); 659115395Srwatson if (end == grade || *end != '\0') 660105696Srwatson return (EINVAL); 661115395Srwatson if (value < 0 || value > 65535) 662115395Srwatson return (EINVAL); 663115395Srwatson element->mbe_grade = value; 664105696Srwatson 665115395Srwatson /* 666115395Srwatson * Optional compartment piece of the element. If none 667115395Srwatson * are included, we assume that the label has no 668115395Srwatson * compartments. 669115395Srwatson */ 670115395Srwatson if (string == NULL) 671115395Srwatson return (0); 672115395Srwatson if (*string == '\0') 673115395Srwatson return (0); 674105696Srwatson 675115395Srwatson while ((compartment = strsep(&string, "+")) != NULL) { 676115395Srwatson value = strtol(compartment, &end, 10); 677115395Srwatson if (compartment == end || *end != '\0') 678105696Srwatson return (EINVAL); 679115395Srwatson if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) 680105696Srwatson return (EINVAL); 681115395Srwatson MAC_BIBA_BIT_SET(value, element->mbe_compartments); 682105696Srwatson } 683105696Srwatson } 684105696Srwatson 685105696Srwatson return (0); 686105696Srwatson} 687105696Srwatson 688105696Srwatson/* 689105696Srwatson * Note: destructively consumes the string, make a local copy before 690105696Srwatson * calling if that's a problem. 691105696Srwatson */ 692105696Srwatsonstatic int 693105696Srwatsonmac_biba_parse(struct mac_biba *mac_biba, char *string) 694105696Srwatson{ 695132232Srwatson char *rangehigh, *rangelow, *effective; 696101099Srwatson int error; 697101099Srwatson 698132232Srwatson effective = strsep(&string, "("); 699132232Srwatson if (*effective == '\0') 700132232Srwatson effective = NULL; 701115395Srwatson 702115395Srwatson if (string != NULL) { 703115395Srwatson rangelow = strsep(&string, "-"); 704115395Srwatson if (string == NULL) 705105696Srwatson return (EINVAL); 706115395Srwatson rangehigh = strsep(&string, ")"); 707115395Srwatson if (string == NULL) 708105696Srwatson return (EINVAL); 709115395Srwatson if (*string != '\0') 710105696Srwatson return (EINVAL); 711115395Srwatson } else { 712115395Srwatson rangelow = NULL; 713115395Srwatson rangehigh = NULL; 714105696Srwatson } 715115395Srwatson 716105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 717105696Srwatson (rangelow == NULL && rangehigh == NULL), 718115395Srwatson ("mac_biba_parse: range mismatch")); 719101099Srwatson 720105696Srwatson bzero(mac_biba, sizeof(*mac_biba)); 721132232Srwatson if (effective != NULL) { 722132232Srwatson error = mac_biba_parse_element(&mac_biba->mb_effective, effective); 723105696Srwatson if (error) 724105696Srwatson return (error); 725132232Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 726105696Srwatson } 727105696Srwatson 728105696Srwatson if (rangelow != NULL) { 729105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangelow, 730105696Srwatson rangelow); 731105696Srwatson if (error) 732105696Srwatson return (error); 733105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangehigh, 734105696Srwatson rangehigh); 735105696Srwatson if (error) 736105696Srwatson return (error); 737105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 738105696Srwatson } 739105696Srwatson 740101099Srwatson error = mac_biba_valid(mac_biba); 741101099Srwatson if (error) 742101099Srwatson return (error); 743101099Srwatson 744105696Srwatson return (0); 745105696Srwatson} 746101099Srwatson 747105696Srwatsonstatic int 748105696Srwatsonmac_biba_internalize_label(struct label *label, char *element_name, 749105696Srwatson char *element_data, int *claimed) 750105696Srwatson{ 751105696Srwatson struct mac_biba *mac_biba, mac_biba_temp; 752105696Srwatson int error; 753105696Srwatson 754105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 755105696Srwatson return (0); 756105696Srwatson 757105696Srwatson (*claimed)++; 758105696Srwatson 759105696Srwatson error = mac_biba_parse(&mac_biba_temp, element_data); 760105696Srwatson if (error) 761105696Srwatson return (error); 762105696Srwatson 763105696Srwatson mac_biba = SLOT(label); 764105696Srwatson *mac_biba = mac_biba_temp; 765105696Srwatson 766101099Srwatson return (0); 767101099Srwatson} 768101099Srwatson 769105696Srwatsonstatic void 770105696Srwatsonmac_biba_copy_label(struct label *src, struct label *dest) 771105696Srwatson{ 772105696Srwatson 773105696Srwatson *SLOT(dest) = *SLOT(src); 774105696Srwatson} 775105696Srwatson 776101099Srwatson/* 777101099Srwatson * Labeling event operations: file system objects, and things that look 778101099Srwatson * a lot like file system objects. 779101099Srwatson */ 780101099Srwatsonstatic void 781130585Sphkmac_biba_create_devfs_device(struct mount *mp, struct cdev *dev, 782107698Srwatson struct devfs_dirent *devfs_dirent, struct label *label) 783101099Srwatson{ 784101099Srwatson struct mac_biba *mac_biba; 785101099Srwatson int biba_type; 786101099Srwatson 787101099Srwatson mac_biba = SLOT(label); 788101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 789101099Srwatson strcmp(dev->si_name, "zero") == 0 || 790101099Srwatson strcmp(dev->si_name, "random") == 0 || 791101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 792101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 793105606Srwatson else if (ptys_equal && 794105606Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 795105606Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 796105606Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 797101099Srwatson else 798101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 799132232Srwatson mac_biba_set_effective(mac_biba, biba_type, 0, NULL); 800101099Srwatson} 801101099Srwatson 802101099Srwatsonstatic void 803107698Srwatsonmac_biba_create_devfs_directory(struct mount *mp, char *dirname, 804107698Srwatson int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 805101099Srwatson{ 806101099Srwatson struct mac_biba *mac_biba; 807101099Srwatson 808101099Srwatson mac_biba = SLOT(label); 809132232Srwatson mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 810101099Srwatson} 811101099Srwatson 812101099Srwatsonstatic void 813107698Srwatsonmac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, 814107698Srwatson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 815122563Srwatson struct label *delabel) 816104535Srwatson{ 817104535Srwatson struct mac_biba *source, *dest; 818104535Srwatson 819122524Srwatson source = SLOT(cred->cr_label); 820104535Srwatson dest = SLOT(delabel); 821104535Srwatson 822132232Srwatson mac_biba_copy_effective(source, dest); 823104535Srwatson} 824104535Srwatson 825104535Srwatsonstatic void 826101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 827101099Srwatson struct label *mntlabel, struct label *fslabel) 828101099Srwatson{ 829101099Srwatson struct mac_biba *source, *dest; 830101099Srwatson 831122524Srwatson source = SLOT(cred->cr_label); 832101099Srwatson dest = SLOT(mntlabel); 833132232Srwatson mac_biba_copy_effective(source, dest); 834101099Srwatson dest = SLOT(fslabel); 835132232Srwatson mac_biba_copy_effective(source, dest); 836101099Srwatson} 837101099Srwatson 838101099Srwatsonstatic void 839101099Srwatsonmac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 840101099Srwatson struct label *mntlabel, struct label *fslabel) 841101099Srwatson{ 842101099Srwatson struct mac_biba *mac_biba; 843101099Srwatson 844101099Srwatson /* Always mount root as high integrity. */ 845101099Srwatson mac_biba = SLOT(fslabel); 846132232Srwatson mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 847101099Srwatson mac_biba = SLOT(mntlabel); 848132232Srwatson mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 849101099Srwatson} 850101099Srwatson 851101099Srwatsonstatic void 852101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 853101099Srwatson struct label *vnodelabel, struct label *label) 854101099Srwatson{ 855101099Srwatson struct mac_biba *source, *dest; 856101099Srwatson 857101099Srwatson source = SLOT(label); 858101099Srwatson dest = SLOT(vnodelabel); 859101099Srwatson 860105656Srwatson mac_biba_copy(source, dest); 861101099Srwatson} 862101099Srwatson 863101099Srwatsonstatic void 864107698Srwatsonmac_biba_update_devfsdirent(struct mount *mp, 865107698Srwatson struct devfs_dirent *devfs_dirent, struct label *direntlabel, 866107698Srwatson struct vnode *vp, struct label *vnodelabel) 867101099Srwatson{ 868101099Srwatson struct mac_biba *source, *dest; 869101099Srwatson 870101099Srwatson source = SLOT(vnodelabel); 871101099Srwatson dest = SLOT(direntlabel); 872101099Srwatson 873105656Srwatson mac_biba_copy(source, dest); 874101099Srwatson} 875101099Srwatson 876101099Srwatsonstatic void 877105988Srwatsonmac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 878105988Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 879105988Srwatson struct label *vlabel) 880101099Srwatson{ 881101099Srwatson struct mac_biba *source, *dest; 882101099Srwatson 883105988Srwatson source = SLOT(delabel); 884105988Srwatson dest = SLOT(vlabel); 885101099Srwatson 886132232Srwatson mac_biba_copy_effective(source, dest); 887101099Srwatson} 888101099Srwatson 889101099Srwatsonstatic int 890105988Srwatsonmac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 891105988Srwatson struct vnode *vp, struct label *vlabel) 892101099Srwatson{ 893105988Srwatson struct mac_biba temp, *source, *dest; 894106354Smux int buflen, error; 895101099Srwatson 896105988Srwatson source = SLOT(fslabel); 897105988Srwatson dest = SLOT(vlabel); 898101099Srwatson 899105988Srwatson buflen = sizeof(temp); 900105988Srwatson bzero(&temp, buflen); 901105988Srwatson 902105988Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 903105988Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 904105988Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 905105988Srwatson /* Fall back to the fslabel. */ 906132232Srwatson mac_biba_copy_effective(source, dest); 907105988Srwatson return (0); 908105988Srwatson } else if (error) 909101099Srwatson return (error); 910101099Srwatson 911105988Srwatson if (buflen != sizeof(temp)) { 912105988Srwatson printf("mac_biba_associate_vnode_extattr: bad size %d\n", 913105988Srwatson buflen); 914105988Srwatson return (EPERM); 915105988Srwatson } 916105988Srwatson if (mac_biba_valid(&temp) != 0) { 917105988Srwatson printf("mac_biba_associate_vnode_extattr: invalid\n"); 918105988Srwatson return (EPERM); 919105988Srwatson } 920132232Srwatson if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_EFFECTIVE) { 921132232Srwatson printf("mac_biba_associate_vnode_extattr: not effective\n"); 922105988Srwatson return (EPERM); 923105988Srwatson } 924101099Srwatson 925132232Srwatson mac_biba_copy_effective(&temp, dest); 926101099Srwatson return (0); 927101099Srwatson} 928101099Srwatson 929101099Srwatsonstatic void 930105988Srwatsonmac_biba_associate_vnode_singlelabel(struct mount *mp, 931105988Srwatson struct label *fslabel, struct vnode *vp, struct label *vlabel) 932101099Srwatson{ 933101099Srwatson struct mac_biba *source, *dest; 934101099Srwatson 935101099Srwatson source = SLOT(fslabel); 936105988Srwatson dest = SLOT(vlabel); 937101099Srwatson 938132232Srwatson mac_biba_copy_effective(source, dest); 939101099Srwatson} 940101099Srwatson 941105988Srwatsonstatic int 942105988Srwatsonmac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, 943105988Srwatson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 944105988Srwatson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 945105988Srwatson{ 946105988Srwatson struct mac_biba *source, *dest, temp; 947105988Srwatson size_t buflen; 948105988Srwatson int error; 949105988Srwatson 950105988Srwatson buflen = sizeof(temp); 951105988Srwatson bzero(&temp, buflen); 952105988Srwatson 953122524Srwatson source = SLOT(cred->cr_label); 954105988Srwatson dest = SLOT(vlabel); 955132232Srwatson mac_biba_copy_effective(source, &temp); 956105988Srwatson 957105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 958105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 959105988Srwatson if (error == 0) 960132232Srwatson mac_biba_copy_effective(source, dest); 961105988Srwatson return (error); 962105988Srwatson} 963105988Srwatson 964105988Srwatsonstatic int 965105988Srwatsonmac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 966105988Srwatson struct label *vlabel, struct label *intlabel) 967105988Srwatson{ 968105988Srwatson struct mac_biba *source, temp; 969105988Srwatson size_t buflen; 970105988Srwatson int error; 971105988Srwatson 972105988Srwatson buflen = sizeof(temp); 973105988Srwatson bzero(&temp, buflen); 974105988Srwatson 975105988Srwatson source = SLOT(intlabel); 976132232Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 977105988Srwatson return (0); 978105988Srwatson 979132232Srwatson mac_biba_copy_effective(source, &temp); 980105988Srwatson 981105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 982105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 983105988Srwatson return (error); 984105988Srwatson} 985105988Srwatson 986101099Srwatson/* 987101099Srwatson * Labeling event operations: IPC object. 988101099Srwatson */ 989101099Srwatsonstatic void 990122875Srwatsonmac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, 991122875Srwatson struct inpcb *inp, struct label *inplabel) 992122875Srwatson{ 993122875Srwatson struct mac_biba *source, *dest; 994122875Srwatson 995122875Srwatson source = SLOT(solabel); 996122875Srwatson dest = SLOT(inplabel); 997122875Srwatson 998132232Srwatson mac_biba_copy_effective(source, dest); 999122875Srwatson} 1000122875Srwatson 1001122875Srwatsonstatic void 1002101099Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 1003101099Srwatson struct mbuf *m, struct label *mbuflabel) 1004101099Srwatson{ 1005101099Srwatson struct mac_biba *source, *dest; 1006101099Srwatson 1007101099Srwatson source = SLOT(socketlabel); 1008101099Srwatson dest = SLOT(mbuflabel); 1009101099Srwatson 1010132232Srwatson mac_biba_copy_effective(source, dest); 1011101099Srwatson} 1012101099Srwatson 1013101099Srwatsonstatic void 1014101099Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *socket, 1015101099Srwatson struct label *socketlabel) 1016101099Srwatson{ 1017101099Srwatson struct mac_biba *source, *dest; 1018101099Srwatson 1019122524Srwatson source = SLOT(cred->cr_label); 1020101099Srwatson dest = SLOT(socketlabel); 1021101099Srwatson 1022132232Srwatson mac_biba_copy_effective(source, dest); 1023101099Srwatson} 1024101099Srwatson 1025101099Srwatsonstatic void 1026125293Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, 1027101099Srwatson struct label *pipelabel) 1028101099Srwatson{ 1029101099Srwatson struct mac_biba *source, *dest; 1030101099Srwatson 1031122524Srwatson source = SLOT(cred->cr_label); 1032101099Srwatson dest = SLOT(pipelabel); 1033101099Srwatson 1034132232Srwatson mac_biba_copy_effective(source, dest); 1035101099Srwatson} 1036101099Srwatson 1037101099Srwatsonstatic void 1038101099Srwatsonmac_biba_create_socket_from_socket(struct socket *oldsocket, 1039101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1040101099Srwatson struct label *newsocketlabel) 1041101099Srwatson{ 1042101099Srwatson struct mac_biba *source, *dest; 1043101099Srwatson 1044101099Srwatson source = SLOT(oldsocketlabel); 1045101099Srwatson dest = SLOT(newsocketlabel); 1046101099Srwatson 1047132232Srwatson mac_biba_copy_effective(source, dest); 1048101099Srwatson} 1049101099Srwatson 1050101099Srwatsonstatic void 1051101099Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 1052101099Srwatson struct label *socketlabel, struct label *newlabel) 1053101099Srwatson{ 1054101099Srwatson struct mac_biba *source, *dest; 1055101099Srwatson 1056101099Srwatson source = SLOT(newlabel); 1057101099Srwatson dest = SLOT(socketlabel); 1058101099Srwatson 1059105656Srwatson mac_biba_copy(source, dest); 1060101099Srwatson} 1061101099Srwatson 1062101099Srwatsonstatic void 1063125293Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp, 1064101099Srwatson struct label *pipelabel, struct label *newlabel) 1065101099Srwatson{ 1066101099Srwatson struct mac_biba *source, *dest; 1067101099Srwatson 1068101099Srwatson source = SLOT(newlabel); 1069101099Srwatson dest = SLOT(pipelabel); 1070101099Srwatson 1071105656Srwatson mac_biba_copy(source, dest); 1072101099Srwatson} 1073101099Srwatson 1074101099Srwatsonstatic void 1075101099Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1076101099Srwatson struct socket *socket, struct label *socketpeerlabel) 1077101099Srwatson{ 1078101099Srwatson struct mac_biba *source, *dest; 1079101099Srwatson 1080101099Srwatson source = SLOT(mbuflabel); 1081101099Srwatson dest = SLOT(socketpeerlabel); 1082101099Srwatson 1083132232Srwatson mac_biba_copy_effective(source, dest); 1084101099Srwatson} 1085101099Srwatson 1086101099Srwatson/* 1087140628Srwatson * Labeling event operations: System V IPC objects. 1088140628Srwatson */ 1089140628Srwatson 1090140628Srwatsonstatic void 1091140628Srwatsonmac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 1092140628Srwatson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1093140628Srwatson{ 1094140628Srwatson struct mac_biba *source, *dest; 1095140628Srwatson 1096140628Srwatson /* Ignore the msgq label */ 1097140628Srwatson source = SLOT(cred->cr_label); 1098140628Srwatson dest = SLOT(msglabel); 1099140628Srwatson 1100140628Srwatson mac_biba_copy_effective(source, dest); 1101140628Srwatson} 1102140628Srwatson 1103140628Srwatsonstatic void 1104140628Srwatsonmac_biba_create_sysv_msgqueue(struct ucred *cred, 1105140628Srwatson struct msqid_kernel *msqkptr, struct label *msqlabel) 1106140628Srwatson{ 1107140628Srwatson struct mac_biba *source, *dest; 1108140628Srwatson 1109140628Srwatson source = SLOT(cred->cr_label); 1110140628Srwatson dest = SLOT(msqlabel); 1111140628Srwatson 1112140628Srwatson mac_biba_copy_effective(source, dest); 1113140628Srwatson} 1114140628Srwatson 1115140628Srwatsonstatic void 1116140628Srwatsonmac_biba_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr, 1117140628Srwatson struct label *semalabel) 1118140628Srwatson{ 1119140628Srwatson struct mac_biba *source, *dest; 1120140628Srwatson 1121140628Srwatson source = SLOT(cred->cr_label); 1122140628Srwatson dest = SLOT(semalabel); 1123140628Srwatson 1124140628Srwatson mac_biba_copy_effective(source, dest); 1125140628Srwatson} 1126140628Srwatson 1127140628Srwatsonstatic void 1128140628Srwatsonmac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, 1129140628Srwatson struct label *shmlabel) 1130140628Srwatson{ 1131140628Srwatson struct mac_biba *source, *dest; 1132140628Srwatson 1133140628Srwatson source = SLOT(cred->cr_label); 1134140628Srwatson dest = SLOT(shmlabel); 1135140628Srwatson 1136140628Srwatson mac_biba_copy_effective(source, dest); 1137140628Srwatson} 1138140628Srwatson 1139140628Srwatson/* 1140101099Srwatson * Labeling event operations: network objects. 1141101099Srwatson */ 1142101099Srwatsonstatic void 1143101099Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 1144101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 1145101099Srwatson struct label *newsocketpeerlabel) 1146101099Srwatson{ 1147101099Srwatson struct mac_biba *source, *dest; 1148101099Srwatson 1149101099Srwatson source = SLOT(oldsocketlabel); 1150101099Srwatson dest = SLOT(newsocketpeerlabel); 1151101099Srwatson 1152132232Srwatson mac_biba_copy_effective(source, dest); 1153101099Srwatson} 1154101099Srwatson 1155101099Srwatsonstatic void 1156101099Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1157101099Srwatson struct label *bpflabel) 1158101099Srwatson{ 1159101099Srwatson struct mac_biba *source, *dest; 1160101099Srwatson 1161122524Srwatson source = SLOT(cred->cr_label); 1162101099Srwatson dest = SLOT(bpflabel); 1163101099Srwatson 1164132232Srwatson mac_biba_copy_effective(source, dest); 1165101099Srwatson} 1166101099Srwatson 1167101099Srwatsonstatic void 1168101099Srwatsonmac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1169101099Srwatson{ 1170121816Sbrooks char tifname[IFNAMSIZ], *p, *q; 1171101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1172101099Srwatson struct mac_biba *dest; 1173110350Srwatson int len, type; 1174101099Srwatson 1175101099Srwatson dest = SLOT(ifnetlabel); 1176101099Srwatson 1177101099Srwatson if (ifnet->if_type == IFT_LOOP) { 1178110350Srwatson type = MAC_BIBA_TYPE_EQUAL; 1179101099Srwatson goto set; 1180101099Srwatson } 1181101099Srwatson 1182101099Srwatson if (trust_all_interfaces) { 1183110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1184101099Srwatson goto set; 1185101099Srwatson } 1186101099Srwatson 1187110350Srwatson type = MAC_BIBA_TYPE_LOW; 1188101099Srwatson 1189101099Srwatson if (trusted_interfaces[0] == '\0' || 1190101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1191101099Srwatson goto set; 1192101099Srwatson 1193106089Srwatson bzero(tiflist, sizeof(tiflist)); 1194101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1195101099Srwatson if(*p != ' ' && *p != '\t') 1196101099Srwatson *q = *p; 1197101099Srwatson 1198101099Srwatson for (p = q = tiflist;; p++) { 1199101099Srwatson if (*p == ',' || *p == '\0') { 1200101099Srwatson len = p - q; 1201101099Srwatson if (len < IFNAMSIZ) { 1202101099Srwatson bzero(tifname, sizeof(tifname)); 1203101099Srwatson bcopy(q, tifname, len); 1204121816Sbrooks if (strcmp(tifname, ifnet->if_xname) == 0) { 1205110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1206101099Srwatson break; 1207101099Srwatson } 1208106089Srwatson } else { 1209106089Srwatson *p = '\0'; 1210106089Srwatson printf("mac_biba warning: interface name " 1211106089Srwatson "\"%s\" is too long (must be < %d)\n", 1212106089Srwatson q, IFNAMSIZ); 1213101099Srwatson } 1214101099Srwatson if (*p == '\0') 1215101099Srwatson break; 1216101099Srwatson q = p + 1; 1217101099Srwatson } 1218101099Srwatson } 1219101099Srwatsonset: 1220132232Srwatson mac_biba_set_effective(dest, type, 0, NULL); 1221110350Srwatson mac_biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1222101099Srwatson} 1223101099Srwatson 1224101099Srwatsonstatic void 1225101099Srwatsonmac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1226101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1227101099Srwatson{ 1228101099Srwatson struct mac_biba *source, *dest; 1229101099Srwatson 1230101099Srwatson source = SLOT(fragmentlabel); 1231101099Srwatson dest = SLOT(ipqlabel); 1232101099Srwatson 1233132232Srwatson mac_biba_copy_effective(source, dest); 1234101099Srwatson} 1235101099Srwatson 1236101099Srwatsonstatic void 1237101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1238101099Srwatson struct mbuf *datagram, struct label *datagramlabel) 1239101099Srwatson{ 1240101099Srwatson struct mac_biba *source, *dest; 1241101099Srwatson 1242101099Srwatson source = SLOT(ipqlabel); 1243101099Srwatson dest = SLOT(datagramlabel); 1244101099Srwatson 1245101099Srwatson /* Just use the head, since we require them all to match. */ 1246132232Srwatson mac_biba_copy_effective(source, dest); 1247101099Srwatson} 1248101099Srwatson 1249101099Srwatsonstatic void 1250101099Srwatsonmac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1251101099Srwatson struct mbuf *fragment, struct label *fragmentlabel) 1252101099Srwatson{ 1253101099Srwatson struct mac_biba *source, *dest; 1254101099Srwatson 1255101099Srwatson source = SLOT(datagramlabel); 1256101099Srwatson dest = SLOT(fragmentlabel); 1257101099Srwatson 1258132232Srwatson mac_biba_copy_effective(source, dest); 1259101099Srwatson} 1260101099Srwatson 1261101099Srwatsonstatic void 1262123607Srwatsonmac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 1263123607Srwatson struct mbuf *m, struct label *mlabel) 1264123607Srwatson{ 1265123607Srwatson struct mac_biba *source, *dest; 1266123607Srwatson 1267123607Srwatson source = SLOT(inplabel); 1268123607Srwatson dest = SLOT(mlabel); 1269123607Srwatson 1270132232Srwatson mac_biba_copy_effective(source, dest); 1271123607Srwatson} 1272123607Srwatson 1273123607Srwatsonstatic void 1274101099Srwatsonmac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1275101099Srwatson struct label *oldmbuflabel, struct mbuf *newmbuf, 1276101099Srwatson struct label *newmbuflabel) 1277101099Srwatson{ 1278101099Srwatson struct mac_biba *source, *dest; 1279101099Srwatson 1280101099Srwatson source = SLOT(oldmbuflabel); 1281101099Srwatson dest = SLOT(newmbuflabel); 1282101099Srwatson 1283105656Srwatson /* 1284105656Srwatson * Because the source mbuf may not yet have been "created", 1285105696Srwatson * just initialized, we do a conditional copy. Since we don't 1286105656Srwatson * allow mbufs to have ranges, do a KASSERT to make sure that 1287105656Srwatson * doesn't happen. 1288105656Srwatson */ 1289105656Srwatson KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) == 0, 1290105656Srwatson ("mac_biba_create_mbuf_from_mbuf: source mbuf has range")); 1291105656Srwatson mac_biba_copy(source, dest); 1292101099Srwatson} 1293101099Srwatson 1294101099Srwatsonstatic void 1295101099Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1296101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1297101099Srwatson{ 1298101099Srwatson struct mac_biba *dest; 1299101099Srwatson 1300101099Srwatson dest = SLOT(mbuflabel); 1301101099Srwatson 1302132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1303101099Srwatson} 1304101099Srwatson 1305101099Srwatsonstatic void 1306101099Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1307101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 1308101099Srwatson{ 1309101099Srwatson struct mac_biba *source, *dest; 1310101099Srwatson 1311101099Srwatson source = SLOT(bpflabel); 1312101099Srwatson dest = SLOT(mbuflabel); 1313101099Srwatson 1314132232Srwatson mac_biba_copy_effective(source, dest); 1315101099Srwatson} 1316101099Srwatson 1317101099Srwatsonstatic void 1318101099Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1319101099Srwatson struct mbuf *m, struct label *mbuflabel) 1320101099Srwatson{ 1321101099Srwatson struct mac_biba *source, *dest; 1322101099Srwatson 1323101099Srwatson source = SLOT(ifnetlabel); 1324101099Srwatson dest = SLOT(mbuflabel); 1325101099Srwatson 1326132232Srwatson mac_biba_copy_effective(source, dest); 1327101099Srwatson} 1328101099Srwatson 1329101099Srwatsonstatic void 1330101099Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1331101099Srwatson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1332101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1333101099Srwatson{ 1334101099Srwatson struct mac_biba *source, *dest; 1335101099Srwatson 1336101099Srwatson source = SLOT(oldmbuflabel); 1337101099Srwatson dest = SLOT(newmbuflabel); 1338101099Srwatson 1339132232Srwatson mac_biba_copy_effective(source, dest); 1340101099Srwatson} 1341101099Srwatson 1342101099Srwatsonstatic void 1343101099Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1344101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 1345101099Srwatson{ 1346101099Srwatson struct mac_biba *source, *dest; 1347101099Srwatson 1348101099Srwatson source = SLOT(oldmbuflabel); 1349101099Srwatson dest = SLOT(newmbuflabel); 1350101099Srwatson 1351132232Srwatson mac_biba_copy_effective(source, dest); 1352101099Srwatson} 1353101099Srwatson 1354101099Srwatsonstatic int 1355101099Srwatsonmac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1356101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1357101099Srwatson{ 1358101099Srwatson struct mac_biba *a, *b; 1359101099Srwatson 1360101099Srwatson a = SLOT(ipqlabel); 1361101099Srwatson b = SLOT(fragmentlabel); 1362101099Srwatson 1363132232Srwatson return (mac_biba_equal_effective(a, b)); 1364101099Srwatson} 1365101099Srwatson 1366101099Srwatsonstatic void 1367101099Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1368101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1369101099Srwatson{ 1370101099Srwatson struct mac_biba *source, *dest; 1371101099Srwatson 1372101099Srwatson source = SLOT(newlabel); 1373101099Srwatson dest = SLOT(ifnetlabel); 1374101099Srwatson 1375105656Srwatson mac_biba_copy(source, dest); 1376101099Srwatson} 1377101099Srwatson 1378101099Srwatsonstatic void 1379101099Srwatsonmac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1380101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1381101099Srwatson{ 1382101099Srwatson 1383101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1384101099Srwatson} 1385101099Srwatson 1386122875Srwatsonstatic void 1387122875Srwatsonmac_biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1388122875Srwatson struct inpcb *inp, struct label *inplabel) 1389122875Srwatson{ 1390122875Srwatson struct mac_biba *source, *dest; 1391122875Srwatson 1392122875Srwatson source = SLOT(solabel); 1393122875Srwatson dest = SLOT(inplabel); 1394122875Srwatson 1395122875Srwatson mac_biba_copy(source, dest); 1396122875Srwatson} 1397122875Srwatson 1398101099Srwatson/* 1399101099Srwatson * Labeling event operations: processes. 1400101099Srwatson */ 1401101099Srwatsonstatic void 1402101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 1403101099Srwatson{ 1404101099Srwatson struct mac_biba *dest; 1405101099Srwatson 1406122524Srwatson dest = SLOT(cred->cr_label); 1407101099Srwatson 1408132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1409105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1410105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1411101099Srwatson} 1412101099Srwatson 1413101099Srwatsonstatic void 1414101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 1415101099Srwatson{ 1416101099Srwatson struct mac_biba *dest; 1417101099Srwatson 1418122524Srwatson dest = SLOT(cred->cr_label); 1419101099Srwatson 1420132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1421105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1422105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1423101099Srwatson} 1424101099Srwatson 1425101099Srwatsonstatic void 1426101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1427101099Srwatson{ 1428101099Srwatson struct mac_biba *source, *dest; 1429101099Srwatson 1430101099Srwatson source = SLOT(newlabel); 1431122524Srwatson dest = SLOT(cred->cr_label); 1432101099Srwatson 1433105656Srwatson mac_biba_copy(source, dest); 1434101099Srwatson} 1435101099Srwatson 1436101099Srwatson/* 1437140628Srwatson * Label cleanup/flush operations 1438140628Srwatson */ 1439140628Srwatsonstatic void 1440140628Srwatsonmac_biba_cleanup_sysv_msgmsg(struct label *msglabel) 1441140628Srwatson{ 1442140628Srwatson 1443140628Srwatson bzero(SLOT(msglabel), sizeof(struct mac_biba)); 1444140628Srwatson} 1445140628Srwatson 1446140628Srwatsonstatic void 1447140628Srwatsonmac_biba_cleanup_sysv_msgqueue(struct label *msqlabel) 1448140628Srwatson{ 1449140628Srwatson 1450140628Srwatson bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 1451140628Srwatson} 1452140628Srwatson 1453140628Srwatsonstatic void 1454140628Srwatsonmac_biba_cleanup_sysv_sema(struct label *semalabel) 1455140628Srwatson{ 1456140628Srwatson 1457140628Srwatson bzero(SLOT(semalabel), sizeof(struct mac_biba)); 1458140628Srwatson} 1459140628Srwatson 1460140628Srwatsonstatic void 1461140628Srwatsonmac_biba_cleanup_sysv_shm(struct label *shmlabel) 1462140628Srwatson{ 1463140628Srwatson bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 1464140628Srwatson} 1465140628Srwatson 1466140628Srwatson/* 1467101099Srwatson * Access control checks. 1468101099Srwatson */ 1469101099Srwatsonstatic int 1470101099Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1471101099Srwatson struct ifnet *ifnet, struct label *ifnetlabel) 1472101099Srwatson{ 1473101099Srwatson struct mac_biba *a, *b; 1474101099Srwatson 1475101099Srwatson if (!mac_biba_enabled) 1476101099Srwatson return (0); 1477101099Srwatson 1478101099Srwatson a = SLOT(bpflabel); 1479101099Srwatson b = SLOT(ifnetlabel); 1480101099Srwatson 1481132232Srwatson if (mac_biba_equal_effective(a, b)) 1482101099Srwatson return (0); 1483101099Srwatson return (EACCES); 1484101099Srwatson} 1485101099Srwatson 1486101099Srwatsonstatic int 1487101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1488101099Srwatson{ 1489101099Srwatson struct mac_biba *subj, *new; 1490105634Srwatson int error; 1491101099Srwatson 1492122524Srwatson subj = SLOT(cred->cr_label); 1493101099Srwatson new = SLOT(newlabel); 1494101099Srwatson 1495101099Srwatson /* 1496105634Srwatson * If there is a Biba label update for the credential, it may 1497132232Srwatson * be an update of the effective, range, or both. 1498101099Srwatson */ 1499105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1500105634Srwatson if (error) 1501105634Srwatson return (error); 1502101099Srwatson 1503101099Srwatson /* 1504105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1505101099Srwatson */ 1506105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1507105634Srwatson /* 1508110351Srwatson * If the change request modifies both the Biba label 1509132232Srwatson * effective and range, check that the new effective will be 1510110351Srwatson * in the new range. 1511110351Srwatson */ 1512110351Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 1513110351Srwatson MAC_BIBA_FLAGS_BOTH && 1514132232Srwatson !mac_biba_effective_in_range(new, new)) 1515110351Srwatson return (EINVAL); 1516110351Srwatson 1517110351Srwatson /* 1518132232Srwatson * To change the Biba effective label on a credential, the 1519132232Srwatson * new effective label must be in the current range. 1520105634Srwatson */ 1521132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 1522132232Srwatson !mac_biba_effective_in_range(new, subj)) 1523105634Srwatson return (EPERM); 1524101099Srwatson 1525105634Srwatson /* 1526105634Srwatson * To change the Biba range on a credential, the new 1527105634Srwatson * range label must be in the current range. 1528105634Srwatson */ 1529105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 1530105634Srwatson !mac_biba_range_in_range(new, subj)) 1531105634Srwatson return (EPERM); 1532101099Srwatson 1533105634Srwatson /* 1534105634Srwatson * To have EQUAL in any component of the new credential 1535105634Srwatson * Biba label, the subject must already have EQUAL in 1536105634Srwatson * their label. 1537105634Srwatson */ 1538105634Srwatson if (mac_biba_contains_equal(new)) { 1539106090Srwatson error = mac_biba_subject_privileged(subj); 1540105634Srwatson if (error) 1541105634Srwatson return (error); 1542105634Srwatson } 1543105634Srwatson } 1544105634Srwatson 1545101099Srwatson return (0); 1546101099Srwatson} 1547101099Srwatson 1548101099Srwatsonstatic int 1549101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1550101099Srwatson{ 1551101099Srwatson struct mac_biba *subj, *obj; 1552101099Srwatson 1553101099Srwatson if (!mac_biba_enabled) 1554101099Srwatson return (0); 1555101099Srwatson 1556122524Srwatson subj = SLOT(u1->cr_label); 1557122524Srwatson obj = SLOT(u2->cr_label); 1558101099Srwatson 1559101099Srwatson /* XXX: range */ 1560132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1561101099Srwatson return (ESRCH); 1562101099Srwatson 1563101099Srwatson return (0); 1564101099Srwatson} 1565101099Srwatson 1566101099Srwatsonstatic int 1567101099Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1568101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1569101099Srwatson{ 1570101099Srwatson struct mac_biba *subj, *new; 1571105634Srwatson int error; 1572101099Srwatson 1573122524Srwatson subj = SLOT(cred->cr_label); 1574101099Srwatson new = SLOT(newlabel); 1575101099Srwatson 1576105634Srwatson /* 1577105634Srwatson * If there is a Biba label update for the interface, it may 1578132232Srwatson * be an update of the effective, range, or both. 1579105634Srwatson */ 1580105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1581105634Srwatson if (error) 1582105634Srwatson return (error); 1583101099Srwatson 1584105634Srwatson /* 1585106160Srwatson * Relabling network interfaces requires Biba privilege. 1586106160Srwatson */ 1587106160Srwatson error = mac_biba_subject_privileged(subj); 1588106160Srwatson if (error) 1589106160Srwatson return (error); 1590106160Srwatson 1591105634Srwatson return (0); 1592101099Srwatson} 1593101099Srwatson 1594103759Srwatsonstatic int 1595101099Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1596101099Srwatson struct mbuf *m, struct label *mbuflabel) 1597101099Srwatson{ 1598101099Srwatson struct mac_biba *p, *i; 1599103761Srwatson 1600101099Srwatson if (!mac_biba_enabled) 1601101099Srwatson return (0); 1602101099Srwatson 1603101099Srwatson p = SLOT(mbuflabel); 1604101099Srwatson i = SLOT(ifnetlabel); 1605103759Srwatson 1606132232Srwatson return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); 1607101099Srwatson} 1608101099Srwatson 1609101099Srwatsonstatic int 1610122875Srwatsonmac_biba_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 1611122875Srwatson struct mbuf *m, struct label *mlabel) 1612122875Srwatson{ 1613122875Srwatson struct mac_biba *p, *i; 1614122875Srwatson 1615122875Srwatson if (!mac_biba_enabled) 1616122875Srwatson return (0); 1617122875Srwatson 1618122875Srwatson p = SLOT(mlabel); 1619122875Srwatson i = SLOT(inplabel); 1620122875Srwatson 1621132232Srwatson return (mac_biba_equal_effective(p, i) ? 0 : EACCES); 1622122875Srwatson} 1623122875Srwatson 1624122875Srwatsonstatic int 1625140628Srwatsonmac_biba_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, 1626140628Srwatson struct label *msglabel) 1627140628Srwatson{ 1628140628Srwatson struct mac_biba *subj, *obj; 1629140628Srwatson 1630140628Srwatson if (!mac_biba_enabled) 1631140628Srwatson return (0); 1632140628Srwatson 1633140628Srwatson subj = SLOT(cred->cr_label); 1634140628Srwatson obj = SLOT(msglabel); 1635140628Srwatson 1636140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1637140628Srwatson return (EACCES); 1638140628Srwatson 1639140628Srwatson return (0); 1640140628Srwatson} 1641140628Srwatson 1642140628Srwatsonstatic int 1643140628Srwatsonmac_biba_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, 1644140628Srwatson struct label *msglabel) 1645140628Srwatson{ 1646140628Srwatson struct mac_biba *subj, *obj; 1647140628Srwatson 1648140628Srwatson if (!mac_biba_enabled) 1649140628Srwatson return (0); 1650140628Srwatson 1651140628Srwatson subj = SLOT(cred->cr_label); 1652140628Srwatson obj = SLOT(msglabel); 1653140628Srwatson 1654140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1655140628Srwatson return (EACCES); 1656140628Srwatson 1657140628Srwatson return (0); 1658140628Srwatson} 1659140628Srwatson 1660140628Srwatsonstatic int 1661140628Srwatsonmac_biba_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 1662140628Srwatson struct label *msqklabel) 1663140628Srwatson{ 1664140628Srwatson struct mac_biba *subj, *obj; 1665140628Srwatson 1666140628Srwatson if (!mac_biba_enabled) 1667140628Srwatson return (0); 1668140628Srwatson 1669140628Srwatson subj = SLOT(cred->cr_label); 1670140628Srwatson obj = SLOT(msqklabel); 1671140628Srwatson 1672140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1673140628Srwatson return (EACCES); 1674140628Srwatson 1675140628Srwatson return (0); 1676140628Srwatson} 1677140628Srwatson 1678140628Srwatsonstatic int 1679140628Srwatsonmac_biba_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 1680140628Srwatson struct label *msqklabel) 1681140628Srwatson{ 1682140628Srwatson struct mac_biba *subj, *obj; 1683140628Srwatson 1684140628Srwatson if (!mac_biba_enabled) 1685140628Srwatson return (0); 1686140628Srwatson 1687140628Srwatson subj = SLOT(cred->cr_label); 1688140628Srwatson obj = SLOT(msqklabel); 1689140628Srwatson 1690140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1691140628Srwatson return (EACCES); 1692140628Srwatson 1693140628Srwatson return (0); 1694140628Srwatson} 1695140628Srwatson 1696140628Srwatsonstatic int 1697140628Srwatsonmac_biba_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 1698140628Srwatson struct label *msqklabel) 1699140628Srwatson{ 1700140628Srwatson struct mac_biba *subj, *obj; 1701140628Srwatson 1702140628Srwatson if (!mac_biba_enabled) 1703140628Srwatson return (0); 1704140628Srwatson 1705140628Srwatson subj = SLOT(cred->cr_label); 1706140628Srwatson obj = SLOT(msqklabel); 1707140628Srwatson 1708140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1709140628Srwatson return (EACCES); 1710140628Srwatson 1711140628Srwatson return (0); 1712140628Srwatson} 1713140628Srwatson 1714140628Srwatson 1715140628Srwatsonstatic int 1716140628Srwatsonmac_biba_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 1717140628Srwatson struct label *msqklabel, int cmd) 1718140628Srwatson{ 1719140628Srwatson struct mac_biba *subj, *obj; 1720140628Srwatson 1721140628Srwatson if (!mac_biba_enabled) 1722140628Srwatson return (0); 1723140628Srwatson 1724140628Srwatson subj = SLOT(cred->cr_label); 1725140628Srwatson obj = SLOT(msqklabel); 1726140628Srwatson 1727140628Srwatson switch(cmd) { 1728140628Srwatson case IPC_RMID: 1729140628Srwatson case IPC_SET: 1730140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1731140628Srwatson return (EACCES); 1732140628Srwatson break; 1733140628Srwatson 1734140628Srwatson case IPC_STAT: 1735140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1736140628Srwatson return (EACCES); 1737140628Srwatson break; 1738140628Srwatson 1739140628Srwatson default: 1740140628Srwatson return (EACCES); 1741140628Srwatson } 1742140628Srwatson 1743140628Srwatson return (0); 1744140628Srwatson} 1745140628Srwatson 1746140628Srwatsonstatic int 1747140628Srwatsonmac_biba_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, 1748140628Srwatson struct label *semaklabel, int cmd) 1749140628Srwatson{ 1750140628Srwatson struct mac_biba *subj, *obj; 1751140628Srwatson 1752140628Srwatson if (!mac_biba_enabled) 1753140628Srwatson return (0); 1754140628Srwatson 1755140628Srwatson subj = SLOT(cred->cr_label); 1756140628Srwatson obj = SLOT(semaklabel); 1757140628Srwatson 1758140628Srwatson switch(cmd) { 1759140628Srwatson case IPC_RMID: 1760140628Srwatson case IPC_SET: 1761140628Srwatson case SETVAL: 1762140628Srwatson case SETALL: 1763140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1764140628Srwatson return (EACCES); 1765140628Srwatson break; 1766140628Srwatson 1767140628Srwatson case IPC_STAT: 1768140628Srwatson case GETVAL: 1769140628Srwatson case GETPID: 1770140628Srwatson case GETNCNT: 1771140628Srwatson case GETZCNT: 1772140628Srwatson case GETALL: 1773140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1774140628Srwatson return (EACCES); 1775140628Srwatson break; 1776140628Srwatson 1777140628Srwatson default: 1778140628Srwatson return (EACCES); 1779140628Srwatson } 1780140628Srwatson 1781140628Srwatson return (0); 1782140628Srwatson} 1783140628Srwatson 1784140628Srwatson 1785140628Srwatsonstatic int 1786140628Srwatsonmac_biba_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, 1787140628Srwatson struct label *semaklabel) 1788140628Srwatson{ 1789140628Srwatson struct mac_biba *subj, *obj; 1790140628Srwatson 1791140628Srwatson if (!mac_biba_enabled) 1792140628Srwatson return (0); 1793140628Srwatson 1794140628Srwatson subj = SLOT(cred->cr_label); 1795140628Srwatson obj = SLOT(semaklabel); 1796140628Srwatson 1797140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1798140628Srwatson return (EACCES); 1799140628Srwatson 1800140628Srwatson return (0); 1801140628Srwatson} 1802140628Srwatson 1803140628Srwatson 1804140628Srwatsonstatic int 1805140628Srwatsonmac_biba_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, 1806140628Srwatson struct label *semaklabel, size_t accesstype) 1807140628Srwatson{ 1808140628Srwatson struct mac_biba *subj, *obj; 1809140628Srwatson 1810140628Srwatson if (!mac_biba_enabled) 1811140628Srwatson return (0); 1812140628Srwatson 1813140628Srwatson subj = SLOT(cred->cr_label); 1814140628Srwatson obj = SLOT(semaklabel); 1815140628Srwatson 1816140628Srwatson if (accesstype & SEM_R) 1817140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1818140628Srwatson return (EACCES); 1819140628Srwatson 1820140628Srwatson if (accesstype & SEM_A) 1821140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1822140628Srwatson return (EACCES); 1823140628Srwatson 1824140628Srwatson return (0); 1825140628Srwatson} 1826140628Srwatson 1827140628Srwatsonstatic int 1828140628Srwatsonmac_biba_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 1829140628Srwatson struct label *shmseglabel, int shmflg) 1830140628Srwatson{ 1831140628Srwatson struct mac_biba *subj, *obj; 1832140628Srwatson 1833140628Srwatson if (!mac_biba_enabled) 1834140628Srwatson return (0); 1835140628Srwatson 1836140628Srwatson subj = SLOT(cred->cr_label); 1837140628Srwatson obj = SLOT(shmseglabel); 1838140628Srwatson 1839140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1840140628Srwatson return (EACCES); 1841140628Srwatson if ((shmflg & SHM_RDONLY) == 0) { 1842140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1843140628Srwatson return (EACCES); 1844140628Srwatson } 1845140628Srwatson 1846140628Srwatson return (0); 1847140628Srwatson} 1848140628Srwatson 1849140628Srwatsonstatic int 1850140628Srwatsonmac_biba_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 1851140628Srwatson struct label *shmseglabel, int cmd) 1852140628Srwatson{ 1853140628Srwatson struct mac_biba *subj, *obj; 1854140628Srwatson 1855140628Srwatson if (!mac_biba_enabled) 1856140628Srwatson return (0); 1857140628Srwatson 1858140628Srwatson subj = SLOT(cred->cr_label); 1859140628Srwatson obj = SLOT(shmseglabel); 1860140628Srwatson 1861140628Srwatson switch(cmd) { 1862140628Srwatson case IPC_RMID: 1863140628Srwatson case IPC_SET: 1864140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1865140628Srwatson return (EACCES); 1866140628Srwatson break; 1867140628Srwatson 1868140628Srwatson case IPC_STAT: 1869140628Srwatson case SHM_STAT: 1870140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1871140628Srwatson return (EACCES); 1872140628Srwatson break; 1873140628Srwatson 1874140628Srwatson default: 1875140628Srwatson return (EACCES); 1876140628Srwatson } 1877140628Srwatson 1878140628Srwatson return (0); 1879140628Srwatson} 1880140628Srwatson 1881140628Srwatsonstatic int 1882140628Srwatsonmac_biba_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 1883140628Srwatson struct label *shmseglabel, int shmflg) 1884140628Srwatson{ 1885140628Srwatson struct mac_biba *subj, *obj; 1886140628Srwatson 1887140628Srwatson if (!mac_biba_enabled) 1888140628Srwatson return (0); 1889140628Srwatson 1890140628Srwatson subj = SLOT(cred->cr_label); 1891140628Srwatson obj = SLOT(shmseglabel); 1892140628Srwatson 1893140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1894140628Srwatson return (EACCES); 1895140628Srwatson 1896140628Srwatson return (0); 1897140628Srwatson} 1898140628Srwatson 1899140628Srwatsonstatic int 1900110354Srwatsonmac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, 1901110354Srwatson struct label *label) 1902110354Srwatson{ 1903110354Srwatson struct mac_biba *subj, *obj; 1904110354Srwatson int error; 1905110354Srwatson 1906110354Srwatson if (!mac_biba_enabled) 1907110354Srwatson return (0); 1908110354Srwatson 1909122524Srwatson subj = SLOT(cred->cr_label); 1910110354Srwatson 1911110354Srwatson error = mac_biba_subject_privileged(subj); 1912110354Srwatson if (error) 1913110354Srwatson return (error); 1914110354Srwatson 1915110354Srwatson obj = SLOT(label); 1916132232Srwatson if (!mac_biba_high_effective(obj)) 1917110354Srwatson return (EACCES); 1918110354Srwatson 1919110354Srwatson return (0); 1920110354Srwatson} 1921110354Srwatson 1922110354Srwatson 1923110354Srwatsonstatic int 1924110354Srwatsonmac_biba_check_kld_unload(struct ucred *cred) 1925110354Srwatson{ 1926110354Srwatson struct mac_biba *subj; 1927110354Srwatson 1928110354Srwatson if (!mac_biba_enabled) 1929110354Srwatson return (0); 1930110354Srwatson 1931122524Srwatson subj = SLOT(cred->cr_label); 1932110354Srwatson 1933110354Srwatson return (mac_biba_subject_privileged(subj)); 1934110354Srwatson} 1935110354Srwatson 1936110354Srwatsonstatic int 1937101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1938101099Srwatson struct label *mntlabel) 1939101099Srwatson{ 1940101099Srwatson struct mac_biba *subj, *obj; 1941101099Srwatson 1942101099Srwatson if (!mac_biba_enabled) 1943101099Srwatson return (0); 1944101099Srwatson 1945122524Srwatson subj = SLOT(cred->cr_label); 1946101099Srwatson obj = SLOT(mntlabel); 1947101099Srwatson 1948132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1949101099Srwatson return (EACCES); 1950101099Srwatson 1951101099Srwatson return (0); 1952101099Srwatson} 1953101099Srwatson 1954101099Srwatsonstatic int 1955125293Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 1956101099Srwatson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1957101099Srwatson{ 1958103759Srwatson 1959101099Srwatson if(!mac_biba_enabled) 1960101099Srwatson return (0); 1961101099Srwatson 1962101099Srwatson /* XXX: This will be implemented soon... */ 1963101099Srwatson 1964101099Srwatson return (0); 1965101099Srwatson} 1966101099Srwatson 1967101099Srwatsonstatic int 1968125293Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 1969102115Srwatson struct label *pipelabel) 1970101099Srwatson{ 1971101099Srwatson struct mac_biba *subj, *obj; 1972101099Srwatson 1973101099Srwatson if (!mac_biba_enabled) 1974101099Srwatson return (0); 1975101099Srwatson 1976122524Srwatson subj = SLOT(cred->cr_label); 1977101099Srwatson obj = SLOT((pipelabel)); 1978101099Srwatson 1979132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1980102115Srwatson return (EACCES); 1981101099Srwatson 1982101099Srwatson return (0); 1983101099Srwatson} 1984101099Srwatson 1985101099Srwatsonstatic int 1986125293Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, 1987102115Srwatson struct label *pipelabel) 1988102115Srwatson{ 1989102115Srwatson struct mac_biba *subj, *obj; 1990102115Srwatson 1991102115Srwatson if (!mac_biba_enabled) 1992102115Srwatson return (0); 1993102115Srwatson 1994122524Srwatson subj = SLOT(cred->cr_label); 1995102115Srwatson obj = SLOT((pipelabel)); 1996102115Srwatson 1997132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1998102115Srwatson return (EACCES); 1999102115Srwatson 2000102115Srwatson return (0); 2001102115Srwatson} 2002102115Srwatson 2003102115Srwatsonstatic int 2004125293Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 2005101099Srwatson struct label *pipelabel, struct label *newlabel) 2006101099Srwatson{ 2007101099Srwatson struct mac_biba *subj, *obj, *new; 2008105634Srwatson int error; 2009101099Srwatson 2010101099Srwatson new = SLOT(newlabel); 2011122524Srwatson subj = SLOT(cred->cr_label); 2012101099Srwatson obj = SLOT(pipelabel); 2013101099Srwatson 2014101099Srwatson /* 2015105634Srwatson * If there is a Biba label update for a pipe, it must be a 2016132232Srwatson * effective update. 2017101099Srwatson */ 2018132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2019105634Srwatson if (error) 2020105634Srwatson return (error); 2021101099Srwatson 2022101099Srwatson /* 2023105634Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 2024105634Srwatson * authorize the relabel. 2025101099Srwatson */ 2026132232Srwatson if (!mac_biba_effective_in_range(obj, subj)) 2027101099Srwatson return (EPERM); 2028101099Srwatson 2029101099Srwatson /* 2030105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2031101099Srwatson */ 2032132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2033105634Srwatson /* 2034105634Srwatson * To change the Biba label on a pipe, the new pipe label 2035105634Srwatson * must be in the subject range. 2036105634Srwatson */ 2037132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2038105634Srwatson return (EPERM); 2039101099Srwatson 2040105634Srwatson /* 2041105634Srwatson * To change the Biba label on a pipe to be EQUAL, the 2042105634Srwatson * subject must have appropriate privilege. 2043105634Srwatson */ 2044105634Srwatson if (mac_biba_contains_equal(new)) { 2045106090Srwatson error = mac_biba_subject_privileged(subj); 2046105634Srwatson if (error) 2047105634Srwatson return (error); 2048105634Srwatson } 2049105634Srwatson } 2050105634Srwatson 2051101099Srwatson return (0); 2052101099Srwatson} 2053101099Srwatson 2054101099Srwatsonstatic int 2055125293Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 2056102115Srwatson struct label *pipelabel) 2057102115Srwatson{ 2058102115Srwatson struct mac_biba *subj, *obj; 2059102115Srwatson 2060102115Srwatson if (!mac_biba_enabled) 2061102115Srwatson return (0); 2062102115Srwatson 2063122524Srwatson subj = SLOT(cred->cr_label); 2064102115Srwatson obj = SLOT((pipelabel)); 2065102115Srwatson 2066132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2067102115Srwatson return (EACCES); 2068102115Srwatson 2069102115Srwatson return (0); 2070102115Srwatson} 2071102115Srwatson 2072102115Srwatsonstatic int 2073125293Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, 2074102115Srwatson struct label *pipelabel) 2075102115Srwatson{ 2076102115Srwatson struct mac_biba *subj, *obj; 2077102115Srwatson 2078102115Srwatson if (!mac_biba_enabled) 2079102115Srwatson return (0); 2080102115Srwatson 2081122524Srwatson subj = SLOT(cred->cr_label); 2082102115Srwatson obj = SLOT((pipelabel)); 2083102115Srwatson 2084132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2085102115Srwatson return (EACCES); 2086102115Srwatson 2087102115Srwatson return (0); 2088102115Srwatson} 2089102115Srwatson 2090102115Srwatsonstatic int 2091101099Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 2092101099Srwatson{ 2093101099Srwatson struct mac_biba *subj, *obj; 2094101099Srwatson 2095101099Srwatson if (!mac_biba_enabled) 2096101099Srwatson return (0); 2097101099Srwatson 2098122524Srwatson subj = SLOT(cred->cr_label); 2099122524Srwatson obj = SLOT(proc->p_ucred->cr_label); 2100101099Srwatson 2101101099Srwatson /* XXX: range checks */ 2102132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2103101099Srwatson return (ESRCH); 2104132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2105101099Srwatson return (EACCES); 2106101099Srwatson 2107101099Srwatson return (0); 2108101099Srwatson} 2109101099Srwatson 2110101099Srwatsonstatic int 2111101099Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 2112101099Srwatson{ 2113101099Srwatson struct mac_biba *subj, *obj; 2114103759Srwatson 2115101099Srwatson if (!mac_biba_enabled) 2116101099Srwatson return (0); 2117101099Srwatson 2118122524Srwatson subj = SLOT(cred->cr_label); 2119122524Srwatson obj = SLOT(proc->p_ucred->cr_label); 2120103759Srwatson 2121101099Srwatson /* XXX: range checks */ 2122132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2123101099Srwatson return (ESRCH); 2124132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2125101099Srwatson return (EACCES); 2126101099Srwatson 2127101099Srwatson return (0); 2128101099Srwatson} 2129101099Srwatson 2130101099Srwatsonstatic int 2131101099Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 2132101099Srwatson{ 2133101099Srwatson struct mac_biba *subj, *obj; 2134103759Srwatson 2135101099Srwatson if (!mac_biba_enabled) 2136101099Srwatson return (0); 2137101099Srwatson 2138122524Srwatson subj = SLOT(cred->cr_label); 2139122524Srwatson obj = SLOT(proc->p_ucred->cr_label); 2140103759Srwatson 2141101099Srwatson /* XXX: range checks */ 2142132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2143101099Srwatson return (ESRCH); 2144132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2145101099Srwatson return (EACCES); 2146101099Srwatson 2147101099Srwatson return (0); 2148101099Srwatson} 2149101099Srwatson 2150101099Srwatsonstatic int 2151101934Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 2152101099Srwatson struct mbuf *m, struct label *mbuflabel) 2153101099Srwatson{ 2154101099Srwatson struct mac_biba *p, *s; 2155101099Srwatson 2156101099Srwatson if (!mac_biba_enabled) 2157101099Srwatson return (0); 2158101099Srwatson 2159101099Srwatson p = SLOT(mbuflabel); 2160101099Srwatson s = SLOT(socketlabel); 2161101099Srwatson 2162132232Srwatson return (mac_biba_equal_effective(p, s) ? 0 : EACCES); 2163101099Srwatson} 2164101099Srwatson 2165101099Srwatsonstatic int 2166106214Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, 2167101099Srwatson struct label *socketlabel, struct label *newlabel) 2168101099Srwatson{ 2169101099Srwatson struct mac_biba *subj, *obj, *new; 2170105634Srwatson int error; 2171101099Srwatson 2172101099Srwatson new = SLOT(newlabel); 2173122524Srwatson subj = SLOT(cred->cr_label); 2174101099Srwatson obj = SLOT(socketlabel); 2175101099Srwatson 2176101099Srwatson /* 2177105634Srwatson * If there is a Biba label update for the socket, it may be 2178132232Srwatson * an update of effective. 2179101099Srwatson */ 2180132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2181105634Srwatson if (error) 2182105634Srwatson return (error); 2183101099Srwatson 2184101099Srwatson /* 2185132232Srwatson * To relabel a socket, the old socket effective must be in the subject 2186101099Srwatson * range. 2187101099Srwatson */ 2188132232Srwatson if (!mac_biba_effective_in_range(obj, subj)) 2189101099Srwatson return (EPERM); 2190101099Srwatson 2191101099Srwatson /* 2192105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2193101099Srwatson */ 2194132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2195105634Srwatson /* 2196132232Srwatson * To relabel a socket, the new socket effective must be in 2197105634Srwatson * the subject range. 2198105634Srwatson */ 2199132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2200105634Srwatson return (EPERM); 2201101099Srwatson 2202105634Srwatson /* 2203105634Srwatson * To change the Biba label on the socket to contain EQUAL, 2204105634Srwatson * the subject must have appropriate privilege. 2205105634Srwatson */ 2206105634Srwatson if (mac_biba_contains_equal(new)) { 2207106090Srwatson error = mac_biba_subject_privileged(subj); 2208105634Srwatson if (error) 2209105634Srwatson return (error); 2210105634Srwatson } 2211105634Srwatson } 2212105634Srwatson 2213101099Srwatson return (0); 2214101099Srwatson} 2215101099Srwatson 2216101099Srwatsonstatic int 2217101099Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 2218101099Srwatson struct label *socketlabel) 2219101099Srwatson{ 2220101099Srwatson struct mac_biba *subj, *obj; 2221101099Srwatson 2222105722Srwatson if (!mac_biba_enabled) 2223105722Srwatson return (0); 2224105722Srwatson 2225122524Srwatson subj = SLOT(cred->cr_label); 2226101099Srwatson obj = SLOT(socketlabel); 2227101099Srwatson 2228132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2229101099Srwatson return (ENOENT); 2230101099Srwatson 2231101099Srwatson return (0); 2232101099Srwatson} 2233101099Srwatson 2234101099Srwatsonstatic int 2235112574Srwatsonmac_biba_check_sysarch_ioperm(struct ucred *cred) 2236112574Srwatson{ 2237112574Srwatson struct mac_biba *subj; 2238112574Srwatson int error; 2239112574Srwatson 2240112574Srwatson if (!mac_biba_enabled) 2241112574Srwatson return (0); 2242112574Srwatson 2243122524Srwatson subj = SLOT(cred->cr_label); 2244112574Srwatson 2245112574Srwatson error = mac_biba_subject_privileged(subj); 2246112574Srwatson if (error) 2247112574Srwatson return (error); 2248112574Srwatson 2249112574Srwatson return (0); 2250112574Srwatson} 2251112574Srwatson 2252112574Srwatsonstatic int 2253106418Srwatsonmac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, 2254106418Srwatson struct label *label) 2255106418Srwatson{ 2256106418Srwatson struct mac_biba *subj, *obj; 2257106418Srwatson int error; 2258106418Srwatson 2259106418Srwatson if (!mac_biba_enabled) 2260106418Srwatson return (0); 2261106418Srwatson 2262122524Srwatson subj = SLOT(cred->cr_label); 2263106418Srwatson 2264106418Srwatson error = mac_biba_subject_privileged(subj); 2265106418Srwatson if (error) 2266106418Srwatson return (error); 2267106418Srwatson 2268106418Srwatson if (label == NULL) 2269106418Srwatson return (0); 2270106418Srwatson 2271106418Srwatson obj = SLOT(label); 2272132232Srwatson if (!mac_biba_high_effective(obj)) 2273106418Srwatson return (EACCES); 2274106418Srwatson 2275106418Srwatson return (0); 2276106418Srwatson} 2277106418Srwatson 2278106418Srwatsonstatic int 2279106418Srwatsonmac_biba_check_system_settime(struct ucred *cred) 2280106418Srwatson{ 2281106418Srwatson struct mac_biba *subj; 2282106418Srwatson int error; 2283106418Srwatson 2284106418Srwatson if (!mac_biba_enabled) 2285106418Srwatson return (0); 2286106418Srwatson 2287122524Srwatson subj = SLOT(cred->cr_label); 2288106418Srwatson 2289106418Srwatson error = mac_biba_subject_privileged(subj); 2290106418Srwatson if (error) 2291106418Srwatson return (error); 2292106418Srwatson 2293106418Srwatson return (0); 2294106418Srwatson} 2295106418Srwatson 2296106418Srwatsonstatic int 2297106161Srwatsonmac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 2298106161Srwatson struct label *label) 2299106161Srwatson{ 2300106161Srwatson struct mac_biba *subj, *obj; 2301106416Srwatson int error; 2302106161Srwatson 2303106161Srwatson if (!mac_biba_enabled) 2304106161Srwatson return (0); 2305106161Srwatson 2306122524Srwatson subj = SLOT(cred->cr_label); 2307106161Srwatson obj = SLOT(label); 2308106161Srwatson 2309106416Srwatson error = mac_biba_subject_privileged(subj); 2310106416Srwatson if (error) 2311106416Srwatson return (error); 2312106161Srwatson 2313132232Srwatson if (!mac_biba_high_effective(obj)) 2314106161Srwatson return (EACCES); 2315106161Srwatson 2316106161Srwatson return (0); 2317106161Srwatson} 2318106161Srwatson 2319106161Srwatsonstatic int 2320112574Srwatsonmac_biba_check_system_swapoff(struct ucred *cred, struct vnode *vp, 2321112574Srwatson struct label *label) 2322112574Srwatson{ 2323112574Srwatson struct mac_biba *subj, *obj; 2324112574Srwatson int error; 2325112574Srwatson 2326112574Srwatson if (!mac_biba_enabled) 2327112574Srwatson return (0); 2328112574Srwatson 2329122524Srwatson subj = SLOT(cred->cr_label); 2330112574Srwatson obj = SLOT(label); 2331112574Srwatson 2332112574Srwatson error = mac_biba_subject_privileged(subj); 2333112574Srwatson if (error) 2334112574Srwatson return (error); 2335112574Srwatson 2336112574Srwatson return (0); 2337112574Srwatson} 2338112574Srwatson 2339112574Srwatsonstatic int 2340126121Spjdmac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2341126121Spjd void *arg1, int arg2, struct sysctl_req *req) 2342106161Srwatson{ 2343106161Srwatson struct mac_biba *subj; 2344106161Srwatson int error; 2345106161Srwatson 2346106161Srwatson if (!mac_biba_enabled) 2347106161Srwatson return (0); 2348106161Srwatson 2349122524Srwatson subj = SLOT(cred->cr_label); 2350106161Srwatson 2351106161Srwatson /* 2352126121Spjd * Treat sysctl variables without CTLFLAG_ANYBODY flag as 2353126121Spjd * biba/high, but also require privilege to change them. 2354106161Srwatson */ 2355126121Spjd if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2356106161Srwatson if (!mac_biba_subject_dominate_high(subj)) 2357106161Srwatson return (EACCES); 2358106161Srwatson 2359106161Srwatson error = mac_biba_subject_privileged(subj); 2360106161Srwatson if (error) 2361106161Srwatson return (error); 2362106161Srwatson } 2363106161Srwatson 2364106161Srwatson return (0); 2365106161Srwatson} 2366106161Srwatson 2367106161Srwatsonstatic int 2368101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 2369101099Srwatson struct label *dlabel) 2370101099Srwatson{ 2371101099Srwatson struct mac_biba *subj, *obj; 2372101099Srwatson 2373101099Srwatson if (!mac_biba_enabled) 2374101099Srwatson return (0); 2375101099Srwatson 2376122524Srwatson subj = SLOT(cred->cr_label); 2377101099Srwatson obj = SLOT(dlabel); 2378101099Srwatson 2379132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2380101099Srwatson return (EACCES); 2381101099Srwatson 2382101099Srwatson return (0); 2383101099Srwatson} 2384101099Srwatson 2385101099Srwatsonstatic int 2386101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 2387101099Srwatson struct label *dlabel) 2388101099Srwatson{ 2389101099Srwatson struct mac_biba *subj, *obj; 2390101099Srwatson 2391101099Srwatson if (!mac_biba_enabled) 2392101099Srwatson return (0); 2393101099Srwatson 2394122524Srwatson subj = SLOT(cred->cr_label); 2395101099Srwatson obj = SLOT(dlabel); 2396101099Srwatson 2397132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2398101099Srwatson return (EACCES); 2399101099Srwatson 2400101099Srwatson return (0); 2401101099Srwatson} 2402101099Srwatson 2403101099Srwatsonstatic int 2404101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 2405101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 2406101099Srwatson{ 2407101099Srwatson struct mac_biba *subj, *obj; 2408101099Srwatson 2409101099Srwatson if (!mac_biba_enabled) 2410101099Srwatson return (0); 2411101099Srwatson 2412122524Srwatson subj = SLOT(cred->cr_label); 2413101099Srwatson obj = SLOT(dlabel); 2414101099Srwatson 2415132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2416101099Srwatson return (EACCES); 2417101099Srwatson 2418101099Srwatson return (0); 2419101099Srwatson} 2420101099Srwatson 2421101099Srwatsonstatic int 2422101099Srwatsonmac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 2423101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2424101099Srwatson struct componentname *cnp) 2425101099Srwatson{ 2426101099Srwatson struct mac_biba *subj, *obj; 2427101099Srwatson 2428101099Srwatson if (!mac_biba_enabled) 2429101099Srwatson return (0); 2430101099Srwatson 2431122524Srwatson subj = SLOT(cred->cr_label); 2432101099Srwatson obj = SLOT(dlabel); 2433101099Srwatson 2434132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2435101099Srwatson return (EACCES); 2436101099Srwatson 2437101099Srwatson obj = SLOT(label); 2438101099Srwatson 2439132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2440101099Srwatson return (EACCES); 2441101099Srwatson 2442101099Srwatson return (0); 2443101099Srwatson} 2444101099Srwatson 2445101099Srwatsonstatic int 2446101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 2447101099Srwatson struct label *label, acl_type_t type) 2448101099Srwatson{ 2449101099Srwatson struct mac_biba *subj, *obj; 2450101099Srwatson 2451101099Srwatson if (!mac_biba_enabled) 2452101099Srwatson return (0); 2453101099Srwatson 2454122524Srwatson subj = SLOT(cred->cr_label); 2455101099Srwatson obj = SLOT(label); 2456101099Srwatson 2457132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2458101099Srwatson return (EACCES); 2459101099Srwatson 2460101099Srwatson return (0); 2461101099Srwatson} 2462101099Srwatson 2463101099Srwatsonstatic int 2464119202Srwatsonmac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 2465119202Srwatson struct label *label, int attrnamespace, const char *name) 2466119202Srwatson{ 2467119202Srwatson struct mac_biba *subj, *obj; 2468119202Srwatson 2469119202Srwatson if (!mac_biba_enabled) 2470119202Srwatson return (0); 2471119202Srwatson 2472122524Srwatson subj = SLOT(cred->cr_label); 2473119202Srwatson obj = SLOT(label); 2474119202Srwatson 2475132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2476119202Srwatson return (EACCES); 2477119202Srwatson 2478119202Srwatson return (0); 2479119202Srwatson} 2480119202Srwatson 2481119202Srwatsonstatic int 2482101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 2483106648Srwatson struct label *label, struct image_params *imgp, 2484106648Srwatson struct label *execlabel) 2485101099Srwatson{ 2486106648Srwatson struct mac_biba *subj, *obj, *exec; 2487106648Srwatson int error; 2488101099Srwatson 2489106648Srwatson if (execlabel != NULL) { 2490106648Srwatson /* 2491106648Srwatson * We currently don't permit labels to be changed at 2492106648Srwatson * exec-time as part of Biba, so disallow non-NULL 2493106648Srwatson * Biba label elements in the execlabel. 2494106648Srwatson */ 2495106648Srwatson exec = SLOT(execlabel); 2496106648Srwatson error = biba_atmostflags(exec, 0); 2497106648Srwatson if (error) 2498106648Srwatson return (error); 2499106648Srwatson } 2500106648Srwatson 2501101099Srwatson if (!mac_biba_enabled) 2502101099Srwatson return (0); 2503101099Srwatson 2504122524Srwatson subj = SLOT(cred->cr_label); 2505101099Srwatson obj = SLOT(label); 2506101099Srwatson 2507132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2508101099Srwatson return (EACCES); 2509101099Srwatson 2510101099Srwatson return (0); 2511101099Srwatson} 2512101099Srwatson 2513101099Srwatsonstatic int 2514101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 2515101099Srwatson struct label *label, acl_type_t type) 2516101099Srwatson{ 2517101099Srwatson struct mac_biba *subj, *obj; 2518101099Srwatson 2519101099Srwatson if (!mac_biba_enabled) 2520101099Srwatson return (0); 2521101099Srwatson 2522122524Srwatson subj = SLOT(cred->cr_label); 2523101099Srwatson obj = SLOT(label); 2524101099Srwatson 2525132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2526101099Srwatson return (EACCES); 2527101099Srwatson 2528101099Srwatson return (0); 2529101099Srwatson} 2530101099Srwatson 2531101099Srwatsonstatic int 2532101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 2533101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 2534101099Srwatson{ 2535101099Srwatson struct mac_biba *subj, *obj; 2536101099Srwatson 2537101099Srwatson if (!mac_biba_enabled) 2538101099Srwatson return (0); 2539101099Srwatson 2540122524Srwatson subj = SLOT(cred->cr_label); 2541101099Srwatson obj = SLOT(label); 2542101099Srwatson 2543132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2544101099Srwatson return (EACCES); 2545101099Srwatson 2546101099Srwatson return (0); 2547101099Srwatson} 2548101099Srwatson 2549101099Srwatsonstatic int 2550104530Srwatsonmac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, 2551104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2552104530Srwatson struct componentname *cnp) 2553104530Srwatson{ 2554104530Srwatson struct mac_biba *subj, *obj; 2555104530Srwatson 2556104530Srwatson if (!mac_biba_enabled) 2557104530Srwatson return (0); 2558104530Srwatson 2559122524Srwatson subj = SLOT(cred->cr_label); 2560104530Srwatson obj = SLOT(dlabel); 2561104530Srwatson 2562132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2563104530Srwatson return (EACCES); 2564104530Srwatson 2565104530Srwatson obj = SLOT(label); 2566104530Srwatson 2567132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2568104530Srwatson return (EACCES); 2569104530Srwatson 2570104530Srwatson return (0); 2571104530Srwatson} 2572104530Srwatson 2573104530Srwatsonstatic int 2574119202Srwatsonmac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 2575119202Srwatson struct label *label, int attrnamespace) 2576119202Srwatson{ 2577119202Srwatson struct mac_biba *subj, *obj; 2578119202Srwatson 2579119202Srwatson if (!mac_biba_enabled) 2580119202Srwatson return (0); 2581119202Srwatson 2582122524Srwatson subj = SLOT(cred->cr_label); 2583119202Srwatson obj = SLOT(label); 2584119202Srwatson 2585132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2586119202Srwatson return (EACCES); 2587119202Srwatson 2588119202Srwatson return (0); 2589119202Srwatson} 2590119202Srwatson 2591119202Srwatsonstatic int 2592103759Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2593101099Srwatson struct label *dlabel, struct componentname *cnp) 2594101099Srwatson{ 2595101099Srwatson struct mac_biba *subj, *obj; 2596103759Srwatson 2597101099Srwatson if (!mac_biba_enabled) 2598101099Srwatson return (0); 2599103759Srwatson 2600122524Srwatson subj = SLOT(cred->cr_label); 2601101099Srwatson obj = SLOT(dlabel); 2602103759Srwatson 2603132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2604101099Srwatson return (EACCES); 2605101099Srwatson 2606103759Srwatson return (0); 2607101099Srwatson} 2608101099Srwatson 2609101099Srwatsonstatic int 2610104546Srwatsonmac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2611145076Scsjp struct label *label, int prot, int flags) 2612104546Srwatson{ 2613104546Srwatson struct mac_biba *subj, *obj; 2614104546Srwatson 2615104546Srwatson /* 2616104546Srwatson * Rely on the use of open()-time protections to handle 2617104546Srwatson * non-revocation cases. 2618104546Srwatson */ 2619105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2620104546Srwatson return (0); 2621104546Srwatson 2622122524Srwatson subj = SLOT(cred->cr_label); 2623104546Srwatson obj = SLOT(label); 2624104546Srwatson 2625104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2626132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2627104546Srwatson return (EACCES); 2628104546Srwatson } 2629145076Scsjp if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 2630132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2631104546Srwatson return (EACCES); 2632104546Srwatson } 2633104546Srwatson 2634104569Srwatson return (0); 2635104546Srwatson} 2636104546Srwatson 2637104546Srwatsonstatic int 2638101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 2639106212Srwatson struct label *vnodelabel, int acc_mode) 2640101099Srwatson{ 2641101099Srwatson struct mac_biba *subj, *obj; 2642101099Srwatson 2643101099Srwatson if (!mac_biba_enabled) 2644101099Srwatson return (0); 2645101099Srwatson 2646122524Srwatson subj = SLOT(cred->cr_label); 2647101099Srwatson obj = SLOT(vnodelabel); 2648101099Srwatson 2649101099Srwatson /* XXX privilege override for admin? */ 2650101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 2651132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2652101099Srwatson return (EACCES); 2653101099Srwatson } 2654101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 2655132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2656101099Srwatson return (EACCES); 2657101099Srwatson } 2658101099Srwatson 2659101099Srwatson return (0); 2660101099Srwatson} 2661101099Srwatson 2662101099Srwatsonstatic int 2663102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2664102129Srwatson struct vnode *vp, struct label *label) 2665102112Srwatson{ 2666102112Srwatson struct mac_biba *subj, *obj; 2667102112Srwatson 2668105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2669102112Srwatson return (0); 2670102112Srwatson 2671122524Srwatson subj = SLOT(active_cred->cr_label); 2672102112Srwatson obj = SLOT(label); 2673102112Srwatson 2674132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2675102112Srwatson return (EACCES); 2676102112Srwatson 2677102112Srwatson return (0); 2678102112Srwatson} 2679102112Srwatson 2680102112Srwatsonstatic int 2681102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2682102129Srwatson struct vnode *vp, struct label *label) 2683102112Srwatson{ 2684102112Srwatson struct mac_biba *subj, *obj; 2685102112Srwatson 2686105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2687102112Srwatson return (0); 2688102112Srwatson 2689122524Srwatson subj = SLOT(active_cred->cr_label); 2690102112Srwatson obj = SLOT(label); 2691102112Srwatson 2692132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2693102112Srwatson return (EACCES); 2694102112Srwatson 2695102112Srwatson return (0); 2696102112Srwatson} 2697102112Srwatson 2698102112Srwatsonstatic int 2699101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2700101099Srwatson struct label *dlabel) 2701101099Srwatson{ 2702101099Srwatson struct mac_biba *subj, *obj; 2703101099Srwatson 2704101099Srwatson if (!mac_biba_enabled) 2705101099Srwatson return (0); 2706101099Srwatson 2707122524Srwatson subj = SLOT(cred->cr_label); 2708101099Srwatson obj = SLOT(dlabel); 2709101099Srwatson 2710132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2711101099Srwatson return (EACCES); 2712101099Srwatson 2713101099Srwatson return (0); 2714101099Srwatson} 2715101099Srwatson 2716101099Srwatsonstatic int 2717101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2718101099Srwatson struct label *label) 2719101099Srwatson{ 2720101099Srwatson struct mac_biba *subj, *obj; 2721101099Srwatson 2722101099Srwatson if (!mac_biba_enabled) 2723101099Srwatson return (0); 2724101099Srwatson 2725122524Srwatson subj = SLOT(cred->cr_label); 2726101099Srwatson obj = SLOT(label); 2727101099Srwatson 2728132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2729101099Srwatson return (EACCES); 2730101099Srwatson 2731101099Srwatson return (0); 2732101099Srwatson} 2733101099Srwatson 2734101099Srwatsonstatic int 2735101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2736101099Srwatson struct label *vnodelabel, struct label *newlabel) 2737101099Srwatson{ 2738101099Srwatson struct mac_biba *old, *new, *subj; 2739105634Srwatson int error; 2740101099Srwatson 2741101099Srwatson old = SLOT(vnodelabel); 2742101099Srwatson new = SLOT(newlabel); 2743122524Srwatson subj = SLOT(cred->cr_label); 2744101099Srwatson 2745101099Srwatson /* 2746105634Srwatson * If there is a Biba label update for the vnode, it must be a 2747132232Srwatson * effective label. 2748101099Srwatson */ 2749132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2750105634Srwatson if (error) 2751105634Srwatson return (error); 2752101099Srwatson 2753101099Srwatson /* 2754105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 2755105634Srwatson * authorize the relabel. 2756101099Srwatson */ 2757132232Srwatson if (!mac_biba_effective_in_range(old, subj)) 2758101099Srwatson return (EPERM); 2759101099Srwatson 2760101099Srwatson /* 2761105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2762101099Srwatson */ 2763132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2764105634Srwatson /* 2765105634Srwatson * To change the Biba label on a vnode, the new vnode label 2766105634Srwatson * must be in the subject range. 2767105634Srwatson */ 2768132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2769105634Srwatson return (EPERM); 2770101099Srwatson 2771105634Srwatson /* 2772105634Srwatson * To change the Biba label on the vnode to be EQUAL, 2773105634Srwatson * the subject must have appropriate privilege. 2774105634Srwatson */ 2775105634Srwatson if (mac_biba_contains_equal(new)) { 2776106090Srwatson error = mac_biba_subject_privileged(subj); 2777105634Srwatson if (error) 2778105634Srwatson return (error); 2779105634Srwatson } 2780105634Srwatson } 2781105634Srwatson 2782105634Srwatson return (0); 2783101099Srwatson} 2784101099Srwatson 2785101099Srwatsonstatic int 2786101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 2787101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 2788101099Srwatson struct componentname *cnp) 2789101099Srwatson{ 2790101099Srwatson struct mac_biba *subj, *obj; 2791101099Srwatson 2792101099Srwatson if (!mac_biba_enabled) 2793101099Srwatson return (0); 2794101099Srwatson 2795122524Srwatson subj = SLOT(cred->cr_label); 2796101099Srwatson obj = SLOT(dlabel); 2797101099Srwatson 2798132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2799101099Srwatson return (EACCES); 2800101099Srwatson 2801101099Srwatson obj = SLOT(label); 2802101099Srwatson 2803132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2804101099Srwatson return (EACCES); 2805101099Srwatson 2806101099Srwatson return (0); 2807101099Srwatson} 2808101099Srwatson 2809101099Srwatsonstatic int 2810101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2811101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2812101099Srwatson struct componentname *cnp) 2813101099Srwatson{ 2814101099Srwatson struct mac_biba *subj, *obj; 2815101099Srwatson 2816101099Srwatson if (!mac_biba_enabled) 2817101099Srwatson return (0); 2818101099Srwatson 2819122524Srwatson subj = SLOT(cred->cr_label); 2820101099Srwatson obj = SLOT(dlabel); 2821101099Srwatson 2822132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2823101099Srwatson return (EACCES); 2824101099Srwatson 2825101099Srwatson if (vp != NULL) { 2826101099Srwatson obj = SLOT(label); 2827101099Srwatson 2828132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2829101099Srwatson return (EACCES); 2830101099Srwatson } 2831101099Srwatson 2832101099Srwatson return (0); 2833101099Srwatson} 2834101099Srwatson 2835101099Srwatsonstatic int 2836101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2837101099Srwatson struct label *label) 2838101099Srwatson{ 2839101099Srwatson struct mac_biba *subj, *obj; 2840101099Srwatson 2841101099Srwatson if (!mac_biba_enabled) 2842101099Srwatson return (0); 2843101099Srwatson 2844122524Srwatson subj = SLOT(cred->cr_label); 2845101099Srwatson obj = SLOT(label); 2846101099Srwatson 2847132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2848101099Srwatson return (EACCES); 2849101099Srwatson 2850101099Srwatson return (0); 2851101099Srwatson} 2852101099Srwatson 2853101099Srwatsonstatic int 2854101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2855101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 2856101099Srwatson{ 2857101099Srwatson struct mac_biba *subj, *obj; 2858101099Srwatson 2859101099Srwatson if (!mac_biba_enabled) 2860101099Srwatson return (0); 2861101099Srwatson 2862122524Srwatson subj = SLOT(cred->cr_label); 2863101099Srwatson obj = SLOT(label); 2864101099Srwatson 2865132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2866101099Srwatson return (EACCES); 2867101099Srwatson 2868101099Srwatson return (0); 2869101099Srwatson} 2870101099Srwatson 2871101099Srwatsonstatic int 2872101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2873101099Srwatson struct label *vnodelabel, int attrnamespace, const char *name, 2874101099Srwatson struct uio *uio) 2875101099Srwatson{ 2876101099Srwatson struct mac_biba *subj, *obj; 2877101099Srwatson 2878101099Srwatson if (!mac_biba_enabled) 2879101099Srwatson return (0); 2880101099Srwatson 2881122524Srwatson subj = SLOT(cred->cr_label); 2882101099Srwatson obj = SLOT(vnodelabel); 2883101099Srwatson 2884132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2885101099Srwatson return (EACCES); 2886101099Srwatson 2887101099Srwatson /* XXX: protect the MAC EA in a special way? */ 2888101099Srwatson 2889101099Srwatson return (0); 2890101099Srwatson} 2891101099Srwatson 2892101099Srwatsonstatic int 2893101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2894101099Srwatson struct label *vnodelabel, u_long flags) 2895101099Srwatson{ 2896101099Srwatson struct mac_biba *subj, *obj; 2897101099Srwatson 2898101099Srwatson if (!mac_biba_enabled) 2899101099Srwatson return (0); 2900101099Srwatson 2901122524Srwatson subj = SLOT(cred->cr_label); 2902101099Srwatson obj = SLOT(vnodelabel); 2903101099Srwatson 2904132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2905101099Srwatson return (EACCES); 2906101099Srwatson 2907101099Srwatson return (0); 2908101099Srwatson} 2909101099Srwatson 2910101099Srwatsonstatic int 2911101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2912101099Srwatson struct label *vnodelabel, mode_t mode) 2913101099Srwatson{ 2914101099Srwatson struct mac_biba *subj, *obj; 2915101099Srwatson 2916101099Srwatson if (!mac_biba_enabled) 2917101099Srwatson return (0); 2918101099Srwatson 2919122524Srwatson subj = SLOT(cred->cr_label); 2920101099Srwatson obj = SLOT(vnodelabel); 2921101099Srwatson 2922132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2923101099Srwatson return (EACCES); 2924101099Srwatson 2925101099Srwatson return (0); 2926101099Srwatson} 2927101099Srwatson 2928101099Srwatsonstatic int 2929101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2930101099Srwatson struct label *vnodelabel, uid_t uid, gid_t gid) 2931101099Srwatson{ 2932101099Srwatson struct mac_biba *subj, *obj; 2933101099Srwatson 2934101099Srwatson if (!mac_biba_enabled) 2935101099Srwatson return (0); 2936101099Srwatson 2937122524Srwatson subj = SLOT(cred->cr_label); 2938101099Srwatson obj = SLOT(vnodelabel); 2939101099Srwatson 2940132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2941101099Srwatson return (EACCES); 2942101099Srwatson 2943101099Srwatson return (0); 2944101099Srwatson} 2945101099Srwatson 2946101099Srwatsonstatic int 2947101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2948101099Srwatson struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2949101099Srwatson{ 2950101099Srwatson struct mac_biba *subj, *obj; 2951101099Srwatson 2952101099Srwatson if (!mac_biba_enabled) 2953101099Srwatson return (0); 2954101099Srwatson 2955122524Srwatson subj = SLOT(cred->cr_label); 2956101099Srwatson obj = SLOT(vnodelabel); 2957101099Srwatson 2958132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2959101099Srwatson return (EACCES); 2960101099Srwatson 2961101099Srwatson return (0); 2962101099Srwatson} 2963101099Srwatson 2964101099Srwatsonstatic int 2965102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2966102129Srwatson struct vnode *vp, struct label *vnodelabel) 2967101099Srwatson{ 2968101099Srwatson struct mac_biba *subj, *obj; 2969101099Srwatson 2970101099Srwatson if (!mac_biba_enabled) 2971101099Srwatson return (0); 2972101099Srwatson 2973122524Srwatson subj = SLOT(active_cred->cr_label); 2974101099Srwatson obj = SLOT(vnodelabel); 2975101099Srwatson 2976132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2977101099Srwatson return (EACCES); 2978101099Srwatson 2979101099Srwatson return (0); 2980101099Srwatson} 2981101099Srwatson 2982102112Srwatsonstatic int 2983102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 2984102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 2985102112Srwatson{ 2986102112Srwatson struct mac_biba *subj, *obj; 2987102112Srwatson 2988105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2989102112Srwatson return (0); 2990102112Srwatson 2991122524Srwatson subj = SLOT(active_cred->cr_label); 2992102112Srwatson obj = SLOT(label); 2993102112Srwatson 2994132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2995102112Srwatson return (EACCES); 2996102112Srwatson 2997102112Srwatson return (0); 2998102112Srwatson} 2999102112Srwatson 3000106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 3001101099Srwatson{ 3002106217Srwatson .mpo_init = mac_biba_init, 3003106217Srwatson .mpo_init_bpfdesc_label = mac_biba_init_label, 3004106217Srwatson .mpo_init_cred_label = mac_biba_init_label, 3005106217Srwatson .mpo_init_devfsdirent_label = mac_biba_init_label, 3006106217Srwatson .mpo_init_ifnet_label = mac_biba_init_label, 3007122875Srwatson .mpo_init_inpcb_label = mac_biba_init_label_waitcheck, 3008140628Srwatson .mpo_init_sysv_msgmsg_label = mac_biba_init_label, 3009140628Srwatson .mpo_init_sysv_msgqueue_label = mac_biba_init_label, 3010140628Srwatson .mpo_init_sysv_sema_label = mac_biba_init_label, 3011140628Srwatson .mpo_init_sysv_shm_label = mac_biba_init_label, 3012112675Srwatson .mpo_init_ipq_label = mac_biba_init_label_waitcheck, 3013106217Srwatson .mpo_init_mbuf_label = mac_biba_init_label_waitcheck, 3014106217Srwatson .mpo_init_mount_label = mac_biba_init_label, 3015106217Srwatson .mpo_init_mount_fs_label = mac_biba_init_label, 3016106217Srwatson .mpo_init_pipe_label = mac_biba_init_label, 3017106217Srwatson .mpo_init_socket_label = mac_biba_init_label_waitcheck, 3018106217Srwatson .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, 3019106217Srwatson .mpo_init_vnode_label = mac_biba_init_label, 3020106217Srwatson .mpo_destroy_bpfdesc_label = mac_biba_destroy_label, 3021106217Srwatson .mpo_destroy_cred_label = mac_biba_destroy_label, 3022106217Srwatson .mpo_destroy_devfsdirent_label = mac_biba_destroy_label, 3023106217Srwatson .mpo_destroy_ifnet_label = mac_biba_destroy_label, 3024122875Srwatson .mpo_destroy_inpcb_label = mac_biba_destroy_label, 3025140628Srwatson .mpo_destroy_sysv_msgmsg_label = mac_biba_destroy_label, 3026140628Srwatson .mpo_destroy_sysv_msgqueue_label = mac_biba_destroy_label, 3027140628Srwatson .mpo_destroy_sysv_sema_label = mac_biba_destroy_label, 3028140628Srwatson .mpo_destroy_sysv_shm_label = mac_biba_destroy_label, 3029106217Srwatson .mpo_destroy_ipq_label = mac_biba_destroy_label, 3030106217Srwatson .mpo_destroy_mbuf_label = mac_biba_destroy_label, 3031106217Srwatson .mpo_destroy_mount_label = mac_biba_destroy_label, 3032106217Srwatson .mpo_destroy_mount_fs_label = mac_biba_destroy_label, 3033106217Srwatson .mpo_destroy_pipe_label = mac_biba_destroy_label, 3034106217Srwatson .mpo_destroy_socket_label = mac_biba_destroy_label, 3035106217Srwatson .mpo_destroy_socket_peer_label = mac_biba_destroy_label, 3036106217Srwatson .mpo_destroy_vnode_label = mac_biba_destroy_label, 3037123173Srwatson .mpo_copy_cred_label = mac_biba_copy_label, 3038131025Srwatson .mpo_copy_ifnet_label = mac_biba_copy_label, 3039115707Srwatson .mpo_copy_mbuf_label = mac_biba_copy_label, 3040106217Srwatson .mpo_copy_pipe_label = mac_biba_copy_label, 3041122820Srwatson .mpo_copy_socket_label = mac_biba_copy_label, 3042106217Srwatson .mpo_copy_vnode_label = mac_biba_copy_label, 3043106217Srwatson .mpo_externalize_cred_label = mac_biba_externalize_label, 3044106217Srwatson .mpo_externalize_ifnet_label = mac_biba_externalize_label, 3045106217Srwatson .mpo_externalize_pipe_label = mac_biba_externalize_label, 3046106217Srwatson .mpo_externalize_socket_label = mac_biba_externalize_label, 3047106217Srwatson .mpo_externalize_socket_peer_label = mac_biba_externalize_label, 3048106217Srwatson .mpo_externalize_vnode_label = mac_biba_externalize_label, 3049106217Srwatson .mpo_internalize_cred_label = mac_biba_internalize_label, 3050106217Srwatson .mpo_internalize_ifnet_label = mac_biba_internalize_label, 3051106217Srwatson .mpo_internalize_pipe_label = mac_biba_internalize_label, 3052106217Srwatson .mpo_internalize_socket_label = mac_biba_internalize_label, 3053106217Srwatson .mpo_internalize_vnode_label = mac_biba_internalize_label, 3054106217Srwatson .mpo_create_devfs_device = mac_biba_create_devfs_device, 3055106217Srwatson .mpo_create_devfs_directory = mac_biba_create_devfs_directory, 3056106217Srwatson .mpo_create_devfs_symlink = mac_biba_create_devfs_symlink, 3057106217Srwatson .mpo_create_mount = mac_biba_create_mount, 3058106217Srwatson .mpo_create_root_mount = mac_biba_create_root_mount, 3059106217Srwatson .mpo_relabel_vnode = mac_biba_relabel_vnode, 3060106217Srwatson .mpo_update_devfsdirent = mac_biba_update_devfsdirent, 3061106217Srwatson .mpo_associate_vnode_devfs = mac_biba_associate_vnode_devfs, 3062106217Srwatson .mpo_associate_vnode_extattr = mac_biba_associate_vnode_extattr, 3063106217Srwatson .mpo_associate_vnode_singlelabel = mac_biba_associate_vnode_singlelabel, 3064106217Srwatson .mpo_create_vnode_extattr = mac_biba_create_vnode_extattr, 3065106217Srwatson .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, 3066106217Srwatson .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, 3067106217Srwatson .mpo_create_pipe = mac_biba_create_pipe, 3068106217Srwatson .mpo_create_socket = mac_biba_create_socket, 3069106217Srwatson .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, 3070106217Srwatson .mpo_relabel_pipe = mac_biba_relabel_pipe, 3071106217Srwatson .mpo_relabel_socket = mac_biba_relabel_socket, 3072106217Srwatson .mpo_set_socket_peer_from_mbuf = mac_biba_set_socket_peer_from_mbuf, 3073106217Srwatson .mpo_set_socket_peer_from_socket = mac_biba_set_socket_peer_from_socket, 3074106217Srwatson .mpo_create_bpfdesc = mac_biba_create_bpfdesc, 3075106217Srwatson .mpo_create_datagram_from_ipq = mac_biba_create_datagram_from_ipq, 3076106217Srwatson .mpo_create_fragment = mac_biba_create_fragment, 3077106217Srwatson .mpo_create_ifnet = mac_biba_create_ifnet, 3078122875Srwatson .mpo_create_inpcb_from_socket = mac_biba_create_inpcb_from_socket, 3079140628Srwatson .mpo_create_sysv_msgmsg = mac_biba_create_sysv_msgmsg, 3080140628Srwatson .mpo_create_sysv_msgqueue = mac_biba_create_sysv_msgqueue, 3081140628Srwatson .mpo_create_sysv_sema = mac_biba_create_sysv_sema, 3082140628Srwatson .mpo_create_sysv_shm = mac_biba_create_sysv_shm, 3083106217Srwatson .mpo_create_ipq = mac_biba_create_ipq, 3084123607Srwatson .mpo_create_mbuf_from_inpcb = mac_biba_create_mbuf_from_inpcb, 3085106217Srwatson .mpo_create_mbuf_from_mbuf = mac_biba_create_mbuf_from_mbuf, 3086106217Srwatson .mpo_create_mbuf_linklayer = mac_biba_create_mbuf_linklayer, 3087106217Srwatson .mpo_create_mbuf_from_bpfdesc = mac_biba_create_mbuf_from_bpfdesc, 3088106217Srwatson .mpo_create_mbuf_from_ifnet = mac_biba_create_mbuf_from_ifnet, 3089106217Srwatson .mpo_create_mbuf_multicast_encap = mac_biba_create_mbuf_multicast_encap, 3090106217Srwatson .mpo_create_mbuf_netlayer = mac_biba_create_mbuf_netlayer, 3091106217Srwatson .mpo_fragment_match = mac_biba_fragment_match, 3092106217Srwatson .mpo_relabel_ifnet = mac_biba_relabel_ifnet, 3093106217Srwatson .mpo_update_ipq = mac_biba_update_ipq, 3094122875Srwatson .mpo_inpcb_sosetlabel = mac_biba_inpcb_sosetlabel, 3095106217Srwatson .mpo_create_proc0 = mac_biba_create_proc0, 3096106217Srwatson .mpo_create_proc1 = mac_biba_create_proc1, 3097106217Srwatson .mpo_relabel_cred = mac_biba_relabel_cred, 3098140628Srwatson .mpo_cleanup_sysv_msgmsg = mac_biba_cleanup_sysv_msgmsg, 3099140628Srwatson .mpo_cleanup_sysv_msgqueue = mac_biba_cleanup_sysv_msgqueue, 3100140628Srwatson .mpo_cleanup_sysv_sema = mac_biba_cleanup_sysv_sema, 3101140628Srwatson .mpo_cleanup_sysv_shm = mac_biba_cleanup_sysv_shm, 3102106217Srwatson .mpo_check_bpfdesc_receive = mac_biba_check_bpfdesc_receive, 3103106217Srwatson .mpo_check_cred_relabel = mac_biba_check_cred_relabel, 3104106217Srwatson .mpo_check_cred_visible = mac_biba_check_cred_visible, 3105106217Srwatson .mpo_check_ifnet_relabel = mac_biba_check_ifnet_relabel, 3106106217Srwatson .mpo_check_ifnet_transmit = mac_biba_check_ifnet_transmit, 3107122875Srwatson .mpo_check_inpcb_deliver = mac_biba_check_inpcb_deliver, 3108140628Srwatson .mpo_check_sysv_msgrcv = mac_biba_check_sysv_msgrcv, 3109140628Srwatson .mpo_check_sysv_msgrmid = mac_biba_check_sysv_msgrmid, 3110140628Srwatson .mpo_check_sysv_msqget = mac_biba_check_sysv_msqget, 3111140628Srwatson .mpo_check_sysv_msqsnd = mac_biba_check_sysv_msqsnd, 3112140628Srwatson .mpo_check_sysv_msqrcv = mac_biba_check_sysv_msqrcv, 3113140628Srwatson .mpo_check_sysv_msqctl = mac_biba_check_sysv_msqctl, 3114140628Srwatson .mpo_check_sysv_semctl = mac_biba_check_sysv_semctl, 3115140628Srwatson .mpo_check_sysv_semget = mac_biba_check_sysv_semget, 3116140628Srwatson .mpo_check_sysv_semop = mac_biba_check_sysv_semop, 3117140628Srwatson .mpo_check_sysv_shmat = mac_biba_check_sysv_shmat, 3118140628Srwatson .mpo_check_sysv_shmctl = mac_biba_check_sysv_shmctl, 3119140628Srwatson .mpo_check_sysv_shmget = mac_biba_check_sysv_shmget, 3120110354Srwatson .mpo_check_kld_load = mac_biba_check_kld_load, 3121110354Srwatson .mpo_check_kld_unload = mac_biba_check_kld_unload, 3122106217Srwatson .mpo_check_mount_stat = mac_biba_check_mount_stat, 3123106217Srwatson .mpo_check_pipe_ioctl = mac_biba_check_pipe_ioctl, 3124106217Srwatson .mpo_check_pipe_poll = mac_biba_check_pipe_poll, 3125106217Srwatson .mpo_check_pipe_read = mac_biba_check_pipe_read, 3126106217Srwatson .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, 3127106217Srwatson .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 3128106217Srwatson .mpo_check_pipe_write = mac_biba_check_pipe_write, 3129106217Srwatson .mpo_check_proc_debug = mac_biba_check_proc_debug, 3130106217Srwatson .mpo_check_proc_sched = mac_biba_check_proc_sched, 3131106217Srwatson .mpo_check_proc_signal = mac_biba_check_proc_signal, 3132106217Srwatson .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 3133106217Srwatson .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 3134106217Srwatson .mpo_check_socket_visible = mac_biba_check_socket_visible, 3135112574Srwatson .mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm, 3136106418Srwatson .mpo_check_system_acct = mac_biba_check_system_acct, 3137106418Srwatson .mpo_check_system_settime = mac_biba_check_system_settime, 3138106217Srwatson .mpo_check_system_swapon = mac_biba_check_system_swapon, 3139112574Srwatson .mpo_check_system_swapoff = mac_biba_check_system_swapoff, 3140106217Srwatson .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 3141106217Srwatson .mpo_check_vnode_access = mac_biba_check_vnode_open, 3142106217Srwatson .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 3143106217Srwatson .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 3144106217Srwatson .mpo_check_vnode_create = mac_biba_check_vnode_create, 3145106217Srwatson .mpo_check_vnode_delete = mac_biba_check_vnode_delete, 3146106217Srwatson .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 3147119202Srwatson .mpo_check_vnode_deleteextattr = mac_biba_check_vnode_deleteextattr, 3148106217Srwatson .mpo_check_vnode_exec = mac_biba_check_vnode_exec, 3149106217Srwatson .mpo_check_vnode_getacl = mac_biba_check_vnode_getacl, 3150106217Srwatson .mpo_check_vnode_getextattr = mac_biba_check_vnode_getextattr, 3151106217Srwatson .mpo_check_vnode_link = mac_biba_check_vnode_link, 3152119202Srwatson .mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr, 3153106217Srwatson .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, 3154106217Srwatson .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, 3155106217Srwatson .mpo_check_vnode_open = mac_biba_check_vnode_open, 3156106217Srwatson .mpo_check_vnode_poll = mac_biba_check_vnode_poll, 3157106217Srwatson .mpo_check_vnode_read = mac_biba_check_vnode_read, 3158106217Srwatson .mpo_check_vnode_readdir = mac_biba_check_vnode_readdir, 3159106217Srwatson .mpo_check_vnode_readlink = mac_biba_check_vnode_readlink, 3160106217Srwatson .mpo_check_vnode_relabel = mac_biba_check_vnode_relabel, 3161106217Srwatson .mpo_check_vnode_rename_from = mac_biba_check_vnode_rename_from, 3162106217Srwatson .mpo_check_vnode_rename_to = mac_biba_check_vnode_rename_to, 3163106217Srwatson .mpo_check_vnode_revoke = mac_biba_check_vnode_revoke, 3164106217Srwatson .mpo_check_vnode_setacl = mac_biba_check_vnode_setacl, 3165106217Srwatson .mpo_check_vnode_setextattr = mac_biba_check_vnode_setextattr, 3166106217Srwatson .mpo_check_vnode_setflags = mac_biba_check_vnode_setflags, 3167106217Srwatson .mpo_check_vnode_setmode = mac_biba_check_vnode_setmode, 3168106217Srwatson .mpo_check_vnode_setowner = mac_biba_check_vnode_setowner, 3169106217Srwatson .mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes, 3170106217Srwatson .mpo_check_vnode_stat = mac_biba_check_vnode_stat, 3171106217Srwatson .mpo_check_vnode_write = mac_biba_check_vnode_write, 3172101099Srwatson}; 3173101099Srwatson 3174112717SrwatsonMAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3175113531Srwatson MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mac_biba_slot); 3176