mac_biba.c revision 172850
1101099Srwatson/*- 2166533Srwatson * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3140628Srwatson * Copyright (c) 2001-2005 McAfee, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8140628Srwatson * This software was developed for the FreeBSD Project in part by McAfee 9140628Srwatson * Research, the Security Research Division of McAfee, Inc. under 10140628Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11140628Srwatson * CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32101099Srwatson * SUCH DAMAGE. 33101099Srwatson * 34101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 172850 2007-10-21 11:11:07Z rwatson $ 35101099Srwatson */ 36101099Srwatson 37101099Srwatson/* 38101099Srwatson * Developed by the TrustedBSD Project. 39168951Srwatson * 40101099Srwatson * Biba fixed label mandatory integrity policy. 41101099Srwatson */ 42101099Srwatson 43101099Srwatson#include <sys/param.h> 44101099Srwatson#include <sys/conf.h> 45105988Srwatson#include <sys/extattr.h> 46101099Srwatson#include <sys/kernel.h> 47164184Strhodes#include <sys/ksem.h> 48103183Sbde#include <sys/malloc.h> 49145076Scsjp#include <sys/mman.h> 50101099Srwatson#include <sys/mount.h> 51168951Srwatson#include <sys/priv.h> 52101099Srwatson#include <sys/proc.h> 53115497Srwatson#include <sys/sbuf.h> 54101099Srwatson#include <sys/systm.h> 55101099Srwatson#include <sys/sysproto.h> 56101099Srwatson#include <sys/sysent.h> 57105696Srwatson#include <sys/systm.h> 58101099Srwatson#include <sys/vnode.h> 59101099Srwatson#include <sys/file.h> 60101099Srwatson#include <sys/socket.h> 61101099Srwatson#include <sys/socketvar.h> 62101099Srwatson#include <sys/pipe.h> 63150340Sphk#include <sys/sx.h> 64101099Srwatson#include <sys/sysctl.h> 65140628Srwatson#include <sys/msg.h> 66140628Srwatson#include <sys/sem.h> 67140628Srwatson#include <sys/shm.h> 68101099Srwatson 69101099Srwatson#include <fs/devfs/devfs.h> 70101099Srwatson 71101099Srwatson#include <net/bpfdesc.h> 72101099Srwatson#include <net/if.h> 73101099Srwatson#include <net/if_types.h> 74101099Srwatson#include <net/if_var.h> 75101099Srwatson 76101099Srwatson#include <netinet/in.h> 77122875Srwatson#include <netinet/in_pcb.h> 78101099Srwatson#include <netinet/ip_var.h> 79101099Srwatson 80122879Srwatson#include <vm/uma.h> 81101099Srwatson#include <vm/vm.h> 82101099Srwatson 83165469Srwatson#include <security/mac/mac_policy.h> 84101099Srwatson#include <security/mac_biba/mac_biba.h> 85101099Srwatson 86101099SrwatsonSYSCTL_DECL(_security_mac); 87101099Srwatson 88101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 89101099Srwatson "TrustedBSD mac_biba policy controls"); 90101099Srwatson 91105988Srwatsonstatic int mac_biba_label_size = sizeof(struct mac_biba); 92105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 93105988Srwatson &mac_biba_label_size, 0, "Size of struct mac_biba"); 94105988Srwatson 95107731Srwatsonstatic int mac_biba_enabled = 1; 96101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 97101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 98102980SrwatsonTUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 99101099Srwatson 100101099Srwatsonstatic int destroyed_not_inited; 101101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 102101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 103101099Srwatson 104101099Srwatsonstatic int trust_all_interfaces = 0; 105101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 106101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 107101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 108101099Srwatson 109101099Srwatsonstatic char trusted_interfaces[128]; 110101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 111101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 112101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 113101099Srwatson sizeof(trusted_interfaces)); 114101099Srwatson 115105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 116105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 117105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 118105643Srwatson 119105606Srwatsonstatic int ptys_equal = 0; 120105606SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, 121105606Srwatson &ptys_equal, 0, "Label pty devices as biba/equal on create"); 122105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 123105606Srwatson 124153927Scsjpstatic int interfaces_equal; 125153927ScsjpSYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, 126153927Scsjp &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); 127153927ScsjpTUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal); 128153927Scsjp 129105637Srwatsonstatic int revocation_enabled = 0; 130101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 131105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 132105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 133101099Srwatson 134101099Srwatsonstatic int mac_biba_slot; 135166533Srwatson#define SLOT(l) ((struct mac_biba *)mac_label_get((l), mac_biba_slot)) 136166533Srwatson#define SLOT_SET(l, val) mac_label_set((l), mac_biba_slot, (uintptr_t)(val)) 137101099Srwatson 138122879Srwatsonstatic uma_zone_t zone_biba; 139101099Srwatson 140105643Srwatsonstatic __inline int 141105643Srwatsonbiba_bit_set_empty(u_char *set) { 142105643Srwatson int i; 143105643Srwatson 144105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 145105643Srwatson if (set[i] != 0) 146105643Srwatson return (0); 147105643Srwatson return (1); 148105643Srwatson} 149105643Srwatson 150101099Srwatsonstatic struct mac_biba * 151104514Srwatsonbiba_alloc(int flag) 152101099Srwatson{ 153101099Srwatson 154122879Srwatson return (uma_zalloc(zone_biba, flag | M_ZERO)); 155101099Srwatson} 156101099Srwatson 157101099Srwatsonstatic void 158101099Srwatsonbiba_free(struct mac_biba *mac_biba) 159101099Srwatson{ 160101099Srwatson 161101099Srwatson if (mac_biba != NULL) 162122879Srwatson uma_zfree(zone_biba, mac_biba); 163101099Srwatson else 164101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 165101099Srwatson} 166101099Srwatson 167101099Srwatsonstatic int 168105634Srwatsonbiba_atmostflags(struct mac_biba *mac_biba, int flags) 169105634Srwatson{ 170105634Srwatson 171105634Srwatson if ((mac_biba->mb_flags & flags) != mac_biba->mb_flags) 172105634Srwatson return (EINVAL); 173105634Srwatson return (0); 174105634Srwatson} 175105634Srwatson 176105634Srwatsonstatic int 177101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 178101099Srwatson struct mac_biba_element *b) 179101099Srwatson{ 180105643Srwatson int bit; 181101099Srwatson 182105736Srwatson switch (a->mbe_type) { 183101099Srwatson case MAC_BIBA_TYPE_EQUAL: 184101099Srwatson case MAC_BIBA_TYPE_HIGH: 185101099Srwatson return (1); 186101099Srwatson 187101099Srwatson case MAC_BIBA_TYPE_LOW: 188101099Srwatson switch (b->mbe_type) { 189101099Srwatson case MAC_BIBA_TYPE_GRADE: 190101099Srwatson case MAC_BIBA_TYPE_HIGH: 191101099Srwatson return (0); 192101099Srwatson 193101099Srwatson case MAC_BIBA_TYPE_EQUAL: 194101099Srwatson case MAC_BIBA_TYPE_LOW: 195101099Srwatson return (1); 196101099Srwatson 197101099Srwatson default: 198101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 199101099Srwatson } 200101099Srwatson 201101099Srwatson case MAC_BIBA_TYPE_GRADE: 202101099Srwatson switch (b->mbe_type) { 203101099Srwatson case MAC_BIBA_TYPE_EQUAL: 204101099Srwatson case MAC_BIBA_TYPE_LOW: 205101099Srwatson return (1); 206101099Srwatson 207101099Srwatson case MAC_BIBA_TYPE_HIGH: 208101099Srwatson return (0); 209101099Srwatson 210101099Srwatson case MAC_BIBA_TYPE_GRADE: 211105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 212105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 213105643Srwatson a->mbe_compartments) && 214105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 215105643Srwatson return (0); 216101099Srwatson return (a->mbe_grade >= b->mbe_grade); 217101099Srwatson 218101099Srwatson default: 219101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 220101099Srwatson } 221101099Srwatson 222101099Srwatson default: 223101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 224101099Srwatson } 225101099Srwatson 226101099Srwatson return (0); 227101099Srwatson} 228101099Srwatson 229101099Srwatsonstatic int 230105988Srwatsonmac_biba_subject_dominate_high(struct mac_biba *mac_biba) 231105988Srwatson{ 232105988Srwatson struct mac_biba_element *element; 233105988Srwatson 234132232Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 235132232Srwatson ("mac_biba_effective_in_range: mac_biba not effective")); 236132232Srwatson element = &mac_biba->mb_effective; 237105988Srwatson 238105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 239105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 240105988Srwatson} 241105988Srwatson 242105988Srwatsonstatic int 243101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 244101099Srwatson{ 245101099Srwatson 246101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 247101099Srwatson &rangea->mb_rangehigh) && 248101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 249101099Srwatson &rangeb->mb_rangelow)); 250101099Srwatson} 251101099Srwatson 252101099Srwatsonstatic int 253136774Srwatsonmac_biba_effective_in_range(struct mac_biba *effective, 254136774Srwatson struct mac_biba *range) 255101099Srwatson{ 256101099Srwatson 257132232Srwatson KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 258132232Srwatson ("mac_biba_effective_in_range: a not effective")); 259103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 260132232Srwatson ("mac_biba_effective_in_range: b not range")); 261101099Srwatson 262101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 263132232Srwatson &effective->mb_effective) && 264132232Srwatson mac_biba_dominate_element(&effective->mb_effective, 265101099Srwatson &range->mb_rangelow)); 266101099Srwatson 267101099Srwatson return (1); 268101099Srwatson} 269101099Srwatson 270101099Srwatsonstatic int 271132232Srwatsonmac_biba_dominate_effective(struct mac_biba *a, struct mac_biba *b) 272101099Srwatson{ 273132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 274132232Srwatson ("mac_biba_dominate_effective: a not effective")); 275132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 276132232Srwatson ("mac_biba_dominate_effective: b not effective")); 277101099Srwatson 278132232Srwatson return (mac_biba_dominate_element(&a->mb_effective, &b->mb_effective)); 279101099Srwatson} 280101099Srwatson 281101099Srwatsonstatic int 282101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 283101099Srwatson{ 284101099Srwatson 285101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 286101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 287101099Srwatson return (1); 288101099Srwatson 289101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 290101099Srwatson} 291101099Srwatson 292101099Srwatsonstatic int 293132232Srwatsonmac_biba_equal_effective(struct mac_biba *a, struct mac_biba *b) 294101099Srwatson{ 295101099Srwatson 296132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 297132232Srwatson ("mac_biba_equal_effective: a not effective")); 298132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 299132232Srwatson ("mac_biba_equal_effective: b not effective")); 300101099Srwatson 301132232Srwatson return (mac_biba_equal_element(&a->mb_effective, &b->mb_effective)); 302101099Srwatson} 303101099Srwatson 304101099Srwatsonstatic int 305105634Srwatsonmac_biba_contains_equal(struct mac_biba *mac_biba) 306105634Srwatson{ 307105634Srwatson 308132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 309132232Srwatson if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 310105634Srwatson return (1); 311105634Srwatson 312105634Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 313105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 314105634Srwatson return (1); 315105634Srwatson if (mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 316105637Srwatson return (1); 317105634Srwatson } 318105634Srwatson 319105634Srwatson return (0); 320105634Srwatson} 321105634Srwatson 322105634Srwatsonstatic int 323106090Srwatsonmac_biba_subject_privileged(struct mac_biba *mac_biba) 324105634Srwatson{ 325105634Srwatson 326105634Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) == 327105634Srwatson MAC_BIBA_FLAGS_BOTH, 328106090Srwatson ("mac_biba_subject_privileged: subject doesn't have both labels")); 329105634Srwatson 330132232Srwatson /* If the effective is EQUAL, it's ok. */ 331132232Srwatson if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 332105634Srwatson return (0); 333105634Srwatson 334105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 335105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 336105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 337105634Srwatson return (0); 338105634Srwatson 339105634Srwatson /* If the range is low-high, it's ok. */ 340105634Srwatson if (mac_biba->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 341105634Srwatson mac_biba->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 342105634Srwatson return (0); 343105634Srwatson 344105634Srwatson /* It's not ok. */ 345105634Srwatson return (EPERM); 346105634Srwatson} 347105634Srwatson 348106091Srwatsonstatic int 349132232Srwatsonmac_biba_high_effective(struct mac_biba *mac_biba) 350105988Srwatson{ 351105988Srwatson 352132232Srwatson KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 353132232Srwatson ("mac_biba_equal_effective: mac_biba not effective")); 354105988Srwatson 355132232Srwatson return (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); 356105988Srwatson} 357105988Srwatson 358105634Srwatsonstatic int 359101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 360101099Srwatson{ 361101099Srwatson 362132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 363132232Srwatson switch (mac_biba->mb_effective.mbe_type) { 364101099Srwatson case MAC_BIBA_TYPE_GRADE: 365101099Srwatson break; 366101099Srwatson 367101099Srwatson case MAC_BIBA_TYPE_EQUAL: 368101099Srwatson case MAC_BIBA_TYPE_HIGH: 369101099Srwatson case MAC_BIBA_TYPE_LOW: 370132232Srwatson if (mac_biba->mb_effective.mbe_grade != 0 || 371105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 372132232Srwatson mac_biba->mb_effective.mbe_compartments)) 373101099Srwatson return (EINVAL); 374101099Srwatson break; 375101099Srwatson 376101099Srwatson default: 377101099Srwatson return (EINVAL); 378101099Srwatson } 379101099Srwatson } else { 380132232Srwatson if (mac_biba->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) 381101099Srwatson return (EINVAL); 382101099Srwatson } 383101099Srwatson 384101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 385101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 386101099Srwatson case MAC_BIBA_TYPE_GRADE: 387101099Srwatson break; 388101099Srwatson 389101099Srwatson case MAC_BIBA_TYPE_EQUAL: 390101099Srwatson case MAC_BIBA_TYPE_HIGH: 391101099Srwatson case MAC_BIBA_TYPE_LOW: 392105643Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0 || 393105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 394105643Srwatson mac_biba->mb_rangelow.mbe_compartments)) 395101099Srwatson return (EINVAL); 396101099Srwatson break; 397101099Srwatson 398101099Srwatson default: 399101099Srwatson return (EINVAL); 400101099Srwatson } 401101099Srwatson 402101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 403101099Srwatson case MAC_BIBA_TYPE_GRADE: 404101099Srwatson break; 405101099Srwatson 406101099Srwatson case MAC_BIBA_TYPE_EQUAL: 407101099Srwatson case MAC_BIBA_TYPE_HIGH: 408101099Srwatson case MAC_BIBA_TYPE_LOW: 409105643Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0 || 410105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 411105643Srwatson mac_biba->mb_rangehigh.mbe_compartments)) 412101099Srwatson return (EINVAL); 413101099Srwatson break; 414101099Srwatson 415101099Srwatson default: 416101099Srwatson return (EINVAL); 417101099Srwatson } 418101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 419101099Srwatson &mac_biba->mb_rangelow)) 420101099Srwatson return (EINVAL); 421101099Srwatson } else { 422101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 423101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 424101099Srwatson return (EINVAL); 425101099Srwatson } 426101099Srwatson 427101099Srwatson return (0); 428101099Srwatson} 429101099Srwatson 430101099Srwatsonstatic void 431101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 432105643Srwatson u_short gradelow, u_char *compartmentslow, u_short typehigh, 433105643Srwatson u_short gradehigh, u_char *compartmentshigh) 434101099Srwatson{ 435101099Srwatson 436101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 437101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 438105643Srwatson if (compartmentslow != NULL) 439105643Srwatson memcpy(mac_biba->mb_rangelow.mbe_compartments, 440105643Srwatson compartmentslow, 441105643Srwatson sizeof(mac_biba->mb_rangelow.mbe_compartments)); 442101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 443101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 444105643Srwatson if (compartmentshigh != NULL) 445105643Srwatson memcpy(mac_biba->mb_rangehigh.mbe_compartments, 446105643Srwatson compartmentshigh, 447105643Srwatson sizeof(mac_biba->mb_rangehigh.mbe_compartments)); 448101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 449101099Srwatson} 450101099Srwatson 451101099Srwatsonstatic void 452132232Srwatsonmac_biba_set_effective(struct mac_biba *mac_biba, u_short type, u_short grade, 453105643Srwatson u_char *compartments) 454101099Srwatson{ 455101099Srwatson 456132232Srwatson mac_biba->mb_effective.mbe_type = type; 457132232Srwatson mac_biba->mb_effective.mbe_grade = grade; 458105643Srwatson if (compartments != NULL) 459132232Srwatson memcpy(mac_biba->mb_effective.mbe_compartments, compartments, 460132232Srwatson sizeof(mac_biba->mb_effective.mbe_compartments)); 461132232Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 462101099Srwatson} 463101099Srwatson 464101099Srwatsonstatic void 465101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 466101099Srwatson{ 467105643Srwatson 468101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 469101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 470101099Srwatson 471101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 472101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 473101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 474101099Srwatson} 475101099Srwatson 476101099Srwatsonstatic void 477132232Srwatsonmac_biba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) 478101099Srwatson{ 479101099Srwatson 480132232Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 481132232Srwatson ("mac_biba_copy_effective: labelfrom not effective")); 482101099Srwatson 483132232Srwatson labelto->mb_effective = labelfrom->mb_effective; 484132232Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 485101099Srwatson} 486101099Srwatson 487105656Srwatsonstatic void 488105656Srwatsonmac_biba_copy(struct mac_biba *source, struct mac_biba *dest) 489105656Srwatson{ 490105656Srwatson 491132232Srwatson if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 492132232Srwatson mac_biba_copy_effective(source, dest); 493105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 494105656Srwatson mac_biba_copy_range(source, dest); 495105656Srwatson} 496105656Srwatson 497101099Srwatson/* 498101099Srwatson * Policy module operations. 499101099Srwatson */ 500101099Srwatsonstatic void 501101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 502101099Srwatson{ 503101099Srwatson 504122879Srwatson zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 505122879Srwatson NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 506101099Srwatson} 507101099Srwatson 508101099Srwatson/* 509101099Srwatson * Label operations. 510101099Srwatson */ 511101099Srwatsonstatic void 512104514Srwatsonmac_biba_init_label(struct label *label) 513101099Srwatson{ 514101099Srwatson 515132781Skan SLOT_SET(label, biba_alloc(M_WAITOK)); 516101099Srwatson} 517101099Srwatson 518101099Srwatsonstatic int 519104514Srwatsonmac_biba_init_label_waitcheck(struct label *label, int flag) 520101099Srwatson{ 521101099Srwatson 522132781Skan SLOT_SET(label, biba_alloc(flag)); 523101099Srwatson if (SLOT(label) == NULL) 524101099Srwatson return (ENOMEM); 525101099Srwatson 526101099Srwatson return (0); 527101099Srwatson} 528101099Srwatson 529101099Srwatsonstatic void 530104514Srwatsonmac_biba_destroy_label(struct label *label) 531101099Srwatson{ 532101099Srwatson 533101099Srwatson biba_free(SLOT(label)); 534132781Skan SLOT_SET(label, NULL); 535101099Srwatson} 536101099Srwatson 537105696Srwatson/* 538115497Srwatson * mac_biba_element_to_string() accepts an sbuf and Biba element. It 539115497Srwatson * converts the Biba element to a string and stores the result in the 540115497Srwatson * sbuf; if there isn't space in the sbuf, -1 is returned. 541105696Srwatson */ 542115497Srwatsonstatic int 543115497Srwatsonmac_biba_element_to_string(struct sbuf *sb, struct mac_biba_element *element) 544105696Srwatson{ 545115497Srwatson int i, first; 546105696Srwatson 547105696Srwatson switch (element->mbe_type) { 548105696Srwatson case MAC_BIBA_TYPE_HIGH: 549115497Srwatson return (sbuf_printf(sb, "high")); 550105696Srwatson 551105696Srwatson case MAC_BIBA_TYPE_LOW: 552115497Srwatson return (sbuf_printf(sb, "low")); 553105696Srwatson 554105696Srwatson case MAC_BIBA_TYPE_EQUAL: 555115497Srwatson return (sbuf_printf(sb, "equal")); 556105696Srwatson 557105696Srwatson case MAC_BIBA_TYPE_GRADE: 558115497Srwatson if (sbuf_printf(sb, "%d", element->mbe_grade) == -1) 559115497Srwatson return (-1); 560115497Srwatson 561115497Srwatson first = 1; 562115497Srwatson for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) { 563115497Srwatson if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) { 564115497Srwatson if (first) { 565115497Srwatson if (sbuf_putc(sb, ':') == -1) 566115497Srwatson return (-1); 567115497Srwatson if (sbuf_printf(sb, "%d", i) == -1) 568115497Srwatson return (-1); 569115497Srwatson first = 0; 570115497Srwatson } else { 571115497Srwatson if (sbuf_printf(sb, "+%d", i) == -1) 572115497Srwatson return (-1); 573115497Srwatson } 574115497Srwatson } 575105696Srwatson } 576115497Srwatson return (0); 577105696Srwatson 578105696Srwatson default: 579105696Srwatson panic("mac_biba_element_to_string: invalid type (%d)", 580105696Srwatson element->mbe_type); 581105696Srwatson } 582105696Srwatson} 583105696Srwatson 584115497Srwatson/* 585116701Srwatson * mac_biba_to_string() converts a Biba label to a string, and places 586116701Srwatson * the results in the passed sbuf. It returns 0 on success, or EINVAL 587116701Srwatson * if there isn't room in the sbuf. Note: the sbuf will be modified 588116701Srwatson * even in a failure case, so the caller may need to revert the sbuf 589116701Srwatson * by restoring the offset if that's undesired. 590115497Srwatson */ 591101099Srwatsonstatic int 592116701Srwatsonmac_biba_to_string(struct sbuf *sb, struct mac_biba *mac_biba) 593101099Srwatson{ 594105696Srwatson 595132232Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 596132232Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_effective) 597115497Srwatson == -1) 598105696Srwatson return (EINVAL); 599105696Srwatson } 600105696Srwatson 601105696Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 602116701Srwatson if (sbuf_putc(sb, '(') == -1) 603105696Srwatson return (EINVAL); 604105696Srwatson 605116701Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_rangelow) 606115497Srwatson == -1) 607105696Srwatson return (EINVAL); 608105696Srwatson 609116701Srwatson if (sbuf_putc(sb, '-') == -1) 610105696Srwatson return (EINVAL); 611105696Srwatson 612116701Srwatson if (mac_biba_element_to_string(sb, &mac_biba->mb_rangehigh) 613115497Srwatson == -1) 614105696Srwatson return (EINVAL); 615105696Srwatson 616116701Srwatson if (sbuf_putc(sb, ')') == -1) 617105696Srwatson return (EINVAL); 618105696Srwatson } 619105696Srwatson 620105696Srwatson return (0); 621105696Srwatson} 622105696Srwatson 623105696Srwatsonstatic int 624105696Srwatsonmac_biba_externalize_label(struct label *label, char *element_name, 625116701Srwatson struct sbuf *sb, int *claimed) 626105696Srwatson{ 627101099Srwatson struct mac_biba *mac_biba; 628101099Srwatson 629105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 630105696Srwatson return (0); 631105696Srwatson 632105696Srwatson (*claimed)++; 633105696Srwatson 634101099Srwatson mac_biba = SLOT(label); 635116701Srwatson return (mac_biba_to_string(sb, mac_biba)); 636105696Srwatson} 637105696Srwatson 638105696Srwatsonstatic int 639105696Srwatsonmac_biba_parse_element(struct mac_biba_element *element, char *string) 640101099Srwatson{ 641115395Srwatson char *compartment, *end, *grade; 642115395Srwatson int value; 643105696Srwatson 644105696Srwatson if (strcmp(string, "high") == 0 || 645105696Srwatson strcmp(string, "hi") == 0) { 646105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 647105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 648105696Srwatson } else if (strcmp(string, "low") == 0 || 649105696Srwatson strcmp(string, "lo") == 0) { 650105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 651105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 652105696Srwatson } else if (strcmp(string, "equal") == 0 || 653105696Srwatson strcmp(string, "eq") == 0) { 654105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 655105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 656105696Srwatson } else { 657115395Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 658105696Srwatson 659115395Srwatson /* 660115395Srwatson * Numeric grade piece of the element. 661115395Srwatson */ 662115395Srwatson grade = strsep(&string, ":"); 663115395Srwatson value = strtol(grade, &end, 10); 664115395Srwatson if (end == grade || *end != '\0') 665105696Srwatson return (EINVAL); 666115395Srwatson if (value < 0 || value > 65535) 667115395Srwatson return (EINVAL); 668115395Srwatson element->mbe_grade = value; 669105696Srwatson 670115395Srwatson /* 671115395Srwatson * Optional compartment piece of the element. If none 672115395Srwatson * are included, we assume that the label has no 673115395Srwatson * compartments. 674115395Srwatson */ 675115395Srwatson if (string == NULL) 676115395Srwatson return (0); 677115395Srwatson if (*string == '\0') 678115395Srwatson return (0); 679105696Srwatson 680115395Srwatson while ((compartment = strsep(&string, "+")) != NULL) { 681115395Srwatson value = strtol(compartment, &end, 10); 682115395Srwatson if (compartment == end || *end != '\0') 683105696Srwatson return (EINVAL); 684115395Srwatson if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) 685105696Srwatson return (EINVAL); 686115395Srwatson MAC_BIBA_BIT_SET(value, element->mbe_compartments); 687105696Srwatson } 688105696Srwatson } 689105696Srwatson 690105696Srwatson return (0); 691105696Srwatson} 692105696Srwatson 693105696Srwatson/* 694105696Srwatson * Note: destructively consumes the string, make a local copy before 695105696Srwatson * calling if that's a problem. 696105696Srwatson */ 697105696Srwatsonstatic int 698105696Srwatsonmac_biba_parse(struct mac_biba *mac_biba, char *string) 699105696Srwatson{ 700132232Srwatson char *rangehigh, *rangelow, *effective; 701101099Srwatson int error; 702101099Srwatson 703132232Srwatson effective = strsep(&string, "("); 704132232Srwatson if (*effective == '\0') 705132232Srwatson effective = NULL; 706115395Srwatson 707115395Srwatson if (string != NULL) { 708115395Srwatson rangelow = strsep(&string, "-"); 709115395Srwatson if (string == NULL) 710105696Srwatson return (EINVAL); 711115395Srwatson rangehigh = strsep(&string, ")"); 712115395Srwatson if (string == NULL) 713105696Srwatson return (EINVAL); 714115395Srwatson if (*string != '\0') 715105696Srwatson return (EINVAL); 716115395Srwatson } else { 717115395Srwatson rangelow = NULL; 718115395Srwatson rangehigh = NULL; 719105696Srwatson } 720115395Srwatson 721105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 722105696Srwatson (rangelow == NULL && rangehigh == NULL), 723115395Srwatson ("mac_biba_parse: range mismatch")); 724101099Srwatson 725105696Srwatson bzero(mac_biba, sizeof(*mac_biba)); 726132232Srwatson if (effective != NULL) { 727132232Srwatson error = mac_biba_parse_element(&mac_biba->mb_effective, effective); 728105696Srwatson if (error) 729105696Srwatson return (error); 730132232Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 731105696Srwatson } 732105696Srwatson 733105696Srwatson if (rangelow != NULL) { 734105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangelow, 735105696Srwatson rangelow); 736105696Srwatson if (error) 737105696Srwatson return (error); 738105696Srwatson error = mac_biba_parse_element(&mac_biba->mb_rangehigh, 739105696Srwatson rangehigh); 740105696Srwatson if (error) 741105696Srwatson return (error); 742105696Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 743105696Srwatson } 744105696Srwatson 745101099Srwatson error = mac_biba_valid(mac_biba); 746101099Srwatson if (error) 747101099Srwatson return (error); 748101099Srwatson 749105696Srwatson return (0); 750105696Srwatson} 751101099Srwatson 752105696Srwatsonstatic int 753105696Srwatsonmac_biba_internalize_label(struct label *label, char *element_name, 754105696Srwatson char *element_data, int *claimed) 755105696Srwatson{ 756105696Srwatson struct mac_biba *mac_biba, mac_biba_temp; 757105696Srwatson int error; 758105696Srwatson 759105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 760105696Srwatson return (0); 761105696Srwatson 762105696Srwatson (*claimed)++; 763105696Srwatson 764105696Srwatson error = mac_biba_parse(&mac_biba_temp, element_data); 765105696Srwatson if (error) 766105696Srwatson return (error); 767105696Srwatson 768105696Srwatson mac_biba = SLOT(label); 769105696Srwatson *mac_biba = mac_biba_temp; 770105696Srwatson 771101099Srwatson return (0); 772101099Srwatson} 773101099Srwatson 774105696Srwatsonstatic void 775105696Srwatsonmac_biba_copy_label(struct label *src, struct label *dest) 776105696Srwatson{ 777105696Srwatson 778105696Srwatson *SLOT(dest) = *SLOT(src); 779105696Srwatson} 780105696Srwatson 781101099Srwatson/* 782101099Srwatson * Labeling event operations: file system objects, and things that look 783101099Srwatson * a lot like file system objects. 784101099Srwatson */ 785101099Srwatsonstatic void 786147982Srwatsonmac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, 787168976Srwatson struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 788101099Srwatson{ 789101099Srwatson struct mac_biba *mac_biba; 790101099Srwatson int biba_type; 791101099Srwatson 792168976Srwatson mac_biba = SLOT(delabel); 793101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 794101099Srwatson strcmp(dev->si_name, "zero") == 0 || 795101099Srwatson strcmp(dev->si_name, "random") == 0 || 796101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 797101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 798105606Srwatson else if (ptys_equal && 799105606Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 800105606Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 801105606Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 802101099Srwatson else 803101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 804132232Srwatson mac_biba_set_effective(mac_biba, biba_type, 0, NULL); 805101099Srwatson} 806101099Srwatson 807101099Srwatsonstatic void 808107698Srwatsonmac_biba_create_devfs_directory(struct mount *mp, char *dirname, 809168976Srwatson int dirnamelen, struct devfs_dirent *de, struct label *delabel) 810101099Srwatson{ 811101099Srwatson struct mac_biba *mac_biba; 812101099Srwatson 813168976Srwatson mac_biba = SLOT(delabel); 814132232Srwatson mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); 815101099Srwatson} 816101099Srwatson 817101099Srwatsonstatic void 818107698Srwatsonmac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, 819107698Srwatson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 820122563Srwatson struct label *delabel) 821104535Srwatson{ 822104535Srwatson struct mac_biba *source, *dest; 823104535Srwatson 824122524Srwatson source = SLOT(cred->cr_label); 825104535Srwatson dest = SLOT(delabel); 826104535Srwatson 827132232Srwatson mac_biba_copy_effective(source, dest); 828104535Srwatson} 829104535Srwatson 830104535Srwatsonstatic void 831101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 832168976Srwatson struct label *mplabel) 833101099Srwatson{ 834101099Srwatson struct mac_biba *source, *dest; 835101099Srwatson 836122524Srwatson source = SLOT(cred->cr_label); 837168976Srwatson dest = SLOT(mplabel); 838132232Srwatson mac_biba_copy_effective(source, dest); 839101099Srwatson} 840101099Srwatson 841101099Srwatsonstatic void 842101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 843168976Srwatson struct label *vplabel, struct label *newlabel) 844101099Srwatson{ 845101099Srwatson struct mac_biba *source, *dest; 846101099Srwatson 847168976Srwatson source = SLOT(newlabel); 848168976Srwatson dest = SLOT(vplabel); 849101099Srwatson 850105656Srwatson mac_biba_copy(source, dest); 851101099Srwatson} 852101099Srwatson 853101099Srwatsonstatic void 854168977Srwatsonmac_biba_update_devfs(struct mount *mp, struct devfs_dirent *de, 855168976Srwatson struct label *delabel, struct vnode *vp, struct label *vplabel) 856101099Srwatson{ 857101099Srwatson struct mac_biba *source, *dest; 858101099Srwatson 859168976Srwatson source = SLOT(vplabel); 860168976Srwatson dest = SLOT(delabel); 861101099Srwatson 862105656Srwatson mac_biba_copy(source, dest); 863101099Srwatson} 864101099Srwatson 865101099Srwatsonstatic void 866168954Srwatsonmac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, 867105988Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 868168976Srwatson struct label *vplabel) 869101099Srwatson{ 870101099Srwatson struct mac_biba *source, *dest; 871101099Srwatson 872105988Srwatson source = SLOT(delabel); 873168976Srwatson dest = SLOT(vplabel); 874101099Srwatson 875132232Srwatson mac_biba_copy_effective(source, dest); 876101099Srwatson} 877101099Srwatson 878101099Srwatsonstatic int 879168976Srwatsonmac_biba_associate_vnode_extattr(struct mount *mp, struct label *mplabel, 880168976Srwatson struct vnode *vp, struct label *vplabel) 881101099Srwatson{ 882105988Srwatson struct mac_biba temp, *source, *dest; 883106354Smux int buflen, error; 884101099Srwatson 885168976Srwatson source = SLOT(mplabel); 886168976Srwatson dest = SLOT(vplabel); 887101099Srwatson 888105988Srwatson buflen = sizeof(temp); 889105988Srwatson bzero(&temp, buflen); 890105988Srwatson 891105988Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 892105988Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); 893105988Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 894168954Srwatson /* Fall back to the mntlabel. */ 895132232Srwatson mac_biba_copy_effective(source, dest); 896105988Srwatson return (0); 897105988Srwatson } else if (error) 898101099Srwatson return (error); 899101099Srwatson 900105988Srwatson if (buflen != sizeof(temp)) { 901105988Srwatson printf("mac_biba_associate_vnode_extattr: bad size %d\n", 902105988Srwatson buflen); 903105988Srwatson return (EPERM); 904105988Srwatson } 905105988Srwatson if (mac_biba_valid(&temp) != 0) { 906105988Srwatson printf("mac_biba_associate_vnode_extattr: invalid\n"); 907105988Srwatson return (EPERM); 908105988Srwatson } 909132232Srwatson if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_EFFECTIVE) { 910132232Srwatson printf("mac_biba_associate_vnode_extattr: not effective\n"); 911105988Srwatson return (EPERM); 912105988Srwatson } 913101099Srwatson 914132232Srwatson mac_biba_copy_effective(&temp, dest); 915101099Srwatson return (0); 916101099Srwatson} 917101099Srwatson 918101099Srwatsonstatic void 919105988Srwatsonmac_biba_associate_vnode_singlelabel(struct mount *mp, 920168976Srwatson struct label *mplabel, struct vnode *vp, struct label *vplabel) 921101099Srwatson{ 922101099Srwatson struct mac_biba *source, *dest; 923101099Srwatson 924168976Srwatson source = SLOT(mplabel); 925168976Srwatson dest = SLOT(vplabel); 926101099Srwatson 927132232Srwatson mac_biba_copy_effective(source, dest); 928101099Srwatson} 929101099Srwatson 930105988Srwatsonstatic int 931105988Srwatsonmac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, 932168976Srwatson struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 933168976Srwatson struct vnode *vp, struct label *vplabel, struct componentname *cnp) 934105988Srwatson{ 935105988Srwatson struct mac_biba *source, *dest, temp; 936105988Srwatson size_t buflen; 937105988Srwatson int error; 938105988Srwatson 939105988Srwatson buflen = sizeof(temp); 940105988Srwatson bzero(&temp, buflen); 941105988Srwatson 942122524Srwatson source = SLOT(cred->cr_label); 943168976Srwatson dest = SLOT(vplabel); 944132232Srwatson mac_biba_copy_effective(source, &temp); 945105988Srwatson 946105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 947105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 948105988Srwatson if (error == 0) 949132232Srwatson mac_biba_copy_effective(source, dest); 950105988Srwatson return (error); 951105988Srwatson} 952105988Srwatson 953105988Srwatsonstatic int 954105988Srwatsonmac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 955168976Srwatson struct label *vplabel, struct label *intlabel) 956105988Srwatson{ 957105988Srwatson struct mac_biba *source, temp; 958105988Srwatson size_t buflen; 959105988Srwatson int error; 960105988Srwatson 961105988Srwatson buflen = sizeof(temp); 962105988Srwatson bzero(&temp, buflen); 963105988Srwatson 964105988Srwatson source = SLOT(intlabel); 965132232Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 966105988Srwatson return (0); 967105988Srwatson 968132232Srwatson mac_biba_copy_effective(source, &temp); 969105988Srwatson 970105988Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 971105988Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); 972105988Srwatson return (error); 973105988Srwatson} 974105988Srwatson 975101099Srwatson/* 976101099Srwatson * Labeling event operations: IPC object. 977101099Srwatson */ 978101099Srwatsonstatic void 979122875Srwatsonmac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, 980122875Srwatson struct inpcb *inp, struct label *inplabel) 981122875Srwatson{ 982122875Srwatson struct mac_biba *source, *dest; 983122875Srwatson 984122875Srwatson source = SLOT(solabel); 985122875Srwatson dest = SLOT(inplabel); 986122875Srwatson 987132232Srwatson mac_biba_copy_effective(source, dest); 988122875Srwatson} 989122875Srwatson 990122875Srwatsonstatic void 991168976Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *solabel, 992168976Srwatson struct mbuf *m, struct label *mlabel) 993101099Srwatson{ 994101099Srwatson struct mac_biba *source, *dest; 995101099Srwatson 996168976Srwatson source = SLOT(solabel); 997168976Srwatson dest = SLOT(mlabel); 998101099Srwatson 999132232Srwatson mac_biba_copy_effective(source, dest); 1000101099Srwatson} 1001101099Srwatson 1002101099Srwatsonstatic void 1003168976Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *so, 1004168976Srwatson struct label *solabel) 1005101099Srwatson{ 1006101099Srwatson struct mac_biba *source, *dest; 1007101099Srwatson 1008122524Srwatson source = SLOT(cred->cr_label); 1009168976Srwatson dest = SLOT(solabel); 1010101099Srwatson 1011132232Srwatson mac_biba_copy_effective(source, dest); 1012101099Srwatson} 1013101099Srwatson 1014101099Srwatsonstatic void 1015125293Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, 1016168976Srwatson struct label *pplabel) 1017101099Srwatson{ 1018101099Srwatson struct mac_biba *source, *dest; 1019101099Srwatson 1020122524Srwatson source = SLOT(cred->cr_label); 1021168976Srwatson dest = SLOT(pplabel); 1022101099Srwatson 1023132232Srwatson mac_biba_copy_effective(source, dest); 1024101099Srwatson} 1025101099Srwatson 1026101099Srwatsonstatic void 1027172850Srwatsonmac_biba_create_posix_sem(struct ucred *cred, struct ksem *ks, 1028172850Srwatson struct label *kslabel) 1029145855Srwatson{ 1030145855Srwatson struct mac_biba *source, *dest; 1031145855Srwatson 1032145855Srwatson source = SLOT(cred->cr_label); 1033172850Srwatson dest = SLOT(kslabel); 1034145855Srwatson 1035145855Srwatson mac_biba_copy_effective(source, dest); 1036145855Srwatson} 1037145855Srwatson 1038145855Srwatsonstatic void 1039168976Srwatsonmac_biba_create_socket_from_socket(struct socket *oldso, 1040168976Srwatson struct label *oldsolabel, struct socket *newso, struct label *newsolabel) 1041101099Srwatson{ 1042101099Srwatson struct mac_biba *source, *dest; 1043101099Srwatson 1044168976Srwatson source = SLOT(oldsolabel); 1045168976Srwatson dest = SLOT(newsolabel); 1046101099Srwatson 1047132232Srwatson mac_biba_copy_effective(source, dest); 1048101099Srwatson} 1049101099Srwatson 1050101099Srwatsonstatic void 1051168976Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *so, 1052168976Srwatson struct label *solabel, struct label *newlabel) 1053101099Srwatson{ 1054101099Srwatson struct mac_biba *source, *dest; 1055101099Srwatson 1056101099Srwatson source = SLOT(newlabel); 1057168976Srwatson dest = SLOT(solabel); 1058101099Srwatson 1059105656Srwatson mac_biba_copy(source, dest); 1060101099Srwatson} 1061101099Srwatson 1062101099Srwatsonstatic void 1063125293Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp, 1064168976Srwatson struct label *pplabel, struct label *newlabel) 1065101099Srwatson{ 1066101099Srwatson struct mac_biba *source, *dest; 1067101099Srwatson 1068101099Srwatson source = SLOT(newlabel); 1069168976Srwatson dest = SLOT(pplabel); 1070101099Srwatson 1071105656Srwatson mac_biba_copy(source, dest); 1072101099Srwatson} 1073101099Srwatson 1074101099Srwatsonstatic void 1075168976Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, 1076168976Srwatson struct socket *so, struct label *sopeerlabel) 1077101099Srwatson{ 1078101099Srwatson struct mac_biba *source, *dest; 1079101099Srwatson 1080168976Srwatson source = SLOT(mlabel); 1081168976Srwatson dest = SLOT(sopeerlabel); 1082101099Srwatson 1083132232Srwatson mac_biba_copy_effective(source, dest); 1084101099Srwatson} 1085101099Srwatson 1086101099Srwatson/* 1087140628Srwatson * Labeling event operations: System V IPC objects. 1088140628Srwatson */ 1089140628Srwatsonstatic void 1090140628Srwatsonmac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 1091140628Srwatson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1092140628Srwatson{ 1093140628Srwatson struct mac_biba *source, *dest; 1094140628Srwatson 1095140628Srwatson /* Ignore the msgq label */ 1096140628Srwatson source = SLOT(cred->cr_label); 1097140628Srwatson dest = SLOT(msglabel); 1098140628Srwatson 1099140628Srwatson mac_biba_copy_effective(source, dest); 1100140628Srwatson} 1101140628Srwatson 1102140628Srwatsonstatic void 1103140628Srwatsonmac_biba_create_sysv_msgqueue(struct ucred *cred, 1104140628Srwatson struct msqid_kernel *msqkptr, struct label *msqlabel) 1105140628Srwatson{ 1106140628Srwatson struct mac_biba *source, *dest; 1107140628Srwatson 1108140628Srwatson source = SLOT(cred->cr_label); 1109140628Srwatson dest = SLOT(msqlabel); 1110140628Srwatson 1111140628Srwatson mac_biba_copy_effective(source, dest); 1112140628Srwatson} 1113140628Srwatson 1114140628Srwatsonstatic void 1115147091Srwatsonmac_biba_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr, 1116140628Srwatson struct label *semalabel) 1117140628Srwatson{ 1118140628Srwatson struct mac_biba *source, *dest; 1119140628Srwatson 1120140628Srwatson source = SLOT(cred->cr_label); 1121140628Srwatson dest = SLOT(semalabel); 1122140628Srwatson 1123140628Srwatson mac_biba_copy_effective(source, dest); 1124140628Srwatson} 1125140628Srwatson 1126140628Srwatsonstatic void 1127140628Srwatsonmac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, 1128140628Srwatson struct label *shmlabel) 1129140628Srwatson{ 1130140628Srwatson struct mac_biba *source, *dest; 1131140628Srwatson 1132140628Srwatson source = SLOT(cred->cr_label); 1133140628Srwatson dest = SLOT(shmlabel); 1134140628Srwatson 1135140628Srwatson mac_biba_copy_effective(source, dest); 1136140628Srwatson} 1137140628Srwatson 1138140628Srwatson/* 1139101099Srwatson * Labeling event operations: network objects. 1140101099Srwatson */ 1141101099Srwatsonstatic void 1142168976Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldso, 1143168976Srwatson struct label *oldsolabel, struct socket *newso, 1144168976Srwatson struct label *newsopeerlabel) 1145101099Srwatson{ 1146101099Srwatson struct mac_biba *source, *dest; 1147101099Srwatson 1148168976Srwatson source = SLOT(oldsolabel); 1149168976Srwatson dest = SLOT(newsopeerlabel); 1150101099Srwatson 1151132232Srwatson mac_biba_copy_effective(source, dest); 1152101099Srwatson} 1153101099Srwatson 1154101099Srwatsonstatic void 1155168976Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *d, 1156168976Srwatson struct label *dlabel) 1157101099Srwatson{ 1158101099Srwatson struct mac_biba *source, *dest; 1159101099Srwatson 1160122524Srwatson source = SLOT(cred->cr_label); 1161168976Srwatson dest = SLOT(dlabel); 1162101099Srwatson 1163132232Srwatson mac_biba_copy_effective(source, dest); 1164101099Srwatson} 1165101099Srwatson 1166101099Srwatsonstatic void 1167168976Srwatsonmac_biba_create_ifnet(struct ifnet *ifp, struct label *ifplabel) 1168101099Srwatson{ 1169121816Sbrooks char tifname[IFNAMSIZ], *p, *q; 1170101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1171101099Srwatson struct mac_biba *dest; 1172110350Srwatson int len, type; 1173101099Srwatson 1174168976Srwatson dest = SLOT(ifplabel); 1175101099Srwatson 1176168976Srwatson if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { 1177110350Srwatson type = MAC_BIBA_TYPE_EQUAL; 1178101099Srwatson goto set; 1179101099Srwatson } 1180101099Srwatson 1181101099Srwatson if (trust_all_interfaces) { 1182110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1183101099Srwatson goto set; 1184101099Srwatson } 1185101099Srwatson 1186110350Srwatson type = MAC_BIBA_TYPE_LOW; 1187101099Srwatson 1188101099Srwatson if (trusted_interfaces[0] == '\0' || 1189101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1190101099Srwatson goto set; 1191101099Srwatson 1192106089Srwatson bzero(tiflist, sizeof(tiflist)); 1193101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1194101099Srwatson if(*p != ' ' && *p != '\t') 1195101099Srwatson *q = *p; 1196101099Srwatson 1197101099Srwatson for (p = q = tiflist;; p++) { 1198101099Srwatson if (*p == ',' || *p == '\0') { 1199101099Srwatson len = p - q; 1200101099Srwatson if (len < IFNAMSIZ) { 1201101099Srwatson bzero(tifname, sizeof(tifname)); 1202101099Srwatson bcopy(q, tifname, len); 1203168976Srwatson if (strcmp(tifname, ifp->if_xname) == 0) { 1204110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1205101099Srwatson break; 1206101099Srwatson } 1207106089Srwatson } else { 1208106089Srwatson *p = '\0'; 1209106089Srwatson printf("mac_biba warning: interface name " 1210106089Srwatson "\"%s\" is too long (must be < %d)\n", 1211106089Srwatson q, IFNAMSIZ); 1212101099Srwatson } 1213101099Srwatson if (*p == '\0') 1214101099Srwatson break; 1215101099Srwatson q = p + 1; 1216101099Srwatson } 1217101099Srwatson } 1218101099Srwatsonset: 1219132232Srwatson mac_biba_set_effective(dest, type, 0, NULL); 1220110350Srwatson mac_biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1221101099Srwatson} 1222101099Srwatson 1223101099Srwatsonstatic void 1224168976Srwatsonmac_biba_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, 1225168976Srwatson struct label *ipqlabel) 1226101099Srwatson{ 1227101099Srwatson struct mac_biba *source, *dest; 1228101099Srwatson 1229168976Srwatson source = SLOT(mlabel); 1230101099Srwatson dest = SLOT(ipqlabel); 1231101099Srwatson 1232132232Srwatson mac_biba_copy_effective(source, dest); 1233101099Srwatson} 1234101099Srwatson 1235101099Srwatsonstatic void 1236101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1237168976Srwatson struct mbuf *m, struct label *mlabel) 1238101099Srwatson{ 1239101099Srwatson struct mac_biba *source, *dest; 1240101099Srwatson 1241101099Srwatson source = SLOT(ipqlabel); 1242168976Srwatson dest = SLOT(mlabel); 1243101099Srwatson 1244101099Srwatson /* Just use the head, since we require them all to match. */ 1245132232Srwatson mac_biba_copy_effective(source, dest); 1246101099Srwatson} 1247101099Srwatson 1248101099Srwatsonstatic void 1249168976Srwatsonmac_biba_create_fragment(struct mbuf *m, struct label *mlabel, 1250168976Srwatson struct mbuf *frag, struct label *fraglabel) 1251101099Srwatson{ 1252101099Srwatson struct mac_biba *source, *dest; 1253101099Srwatson 1254168976Srwatson source = SLOT(mlabel); 1255168976Srwatson dest = SLOT(fraglabel); 1256101099Srwatson 1257132232Srwatson mac_biba_copy_effective(source, dest); 1258101099Srwatson} 1259101099Srwatson 1260101099Srwatsonstatic void 1261123607Srwatsonmac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 1262123607Srwatson struct mbuf *m, struct label *mlabel) 1263123607Srwatson{ 1264123607Srwatson struct mac_biba *source, *dest; 1265123607Srwatson 1266123607Srwatson source = SLOT(inplabel); 1267123607Srwatson dest = SLOT(mlabel); 1268123607Srwatson 1269132232Srwatson mac_biba_copy_effective(source, dest); 1270123607Srwatson} 1271123607Srwatson 1272123607Srwatsonstatic void 1273168976Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, 1274168976Srwatson struct mbuf *m, struct label *mlabel) 1275101099Srwatson{ 1276101099Srwatson struct mac_biba *dest; 1277101099Srwatson 1278168976Srwatson dest = SLOT(mlabel); 1279101099Srwatson 1280132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1281101099Srwatson} 1282101099Srwatson 1283101099Srwatsonstatic void 1284168976Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, 1285168976Srwatson struct mbuf *m, struct label *mlabel) 1286101099Srwatson{ 1287101099Srwatson struct mac_biba *source, *dest; 1288101099Srwatson 1289168976Srwatson source = SLOT(dlabel); 1290168976Srwatson dest = SLOT(mlabel); 1291101099Srwatson 1292132232Srwatson mac_biba_copy_effective(source, dest); 1293101099Srwatson} 1294101099Srwatson 1295101099Srwatsonstatic void 1296168976Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, 1297168976Srwatson struct mbuf *m, struct label *mlabel) 1298101099Srwatson{ 1299101099Srwatson struct mac_biba *source, *dest; 1300101099Srwatson 1301168976Srwatson source = SLOT(ifplabel); 1302168976Srwatson dest = SLOT(mlabel); 1303101099Srwatson 1304132232Srwatson mac_biba_copy_effective(source, dest); 1305101099Srwatson} 1306101099Srwatson 1307101099Srwatsonstatic void 1308168976Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, 1309168976Srwatson struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, 1310168976Srwatson struct label *mnewlabel) 1311101099Srwatson{ 1312101099Srwatson struct mac_biba *source, *dest; 1313101099Srwatson 1314168976Srwatson source = SLOT(mlabel); 1315168976Srwatson dest = SLOT(mnewlabel); 1316101099Srwatson 1317132232Srwatson mac_biba_copy_effective(source, dest); 1318101099Srwatson} 1319101099Srwatson 1320101099Srwatsonstatic void 1321168976Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, 1322168976Srwatson struct mbuf *newm, struct label *mnewlabel) 1323101099Srwatson{ 1324101099Srwatson struct mac_biba *source, *dest; 1325101099Srwatson 1326168976Srwatson source = SLOT(mlabel); 1327168976Srwatson dest = SLOT(mnewlabel); 1328101099Srwatson 1329132232Srwatson mac_biba_copy_effective(source, dest); 1330101099Srwatson} 1331101099Srwatson 1332101099Srwatsonstatic int 1333168976Srwatsonmac_biba_fragment_match(struct mbuf *m, struct label *mlabel, 1334101099Srwatson struct ipq *ipq, struct label *ipqlabel) 1335101099Srwatson{ 1336101099Srwatson struct mac_biba *a, *b; 1337101099Srwatson 1338101099Srwatson a = SLOT(ipqlabel); 1339168976Srwatson b = SLOT(mlabel); 1340101099Srwatson 1341132232Srwatson return (mac_biba_equal_effective(a, b)); 1342101099Srwatson} 1343101099Srwatson 1344101099Srwatsonstatic void 1345168976Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, 1346168976Srwatson struct label *ifplabel, struct label *newlabel) 1347101099Srwatson{ 1348101099Srwatson struct mac_biba *source, *dest; 1349101099Srwatson 1350101099Srwatson source = SLOT(newlabel); 1351168976Srwatson dest = SLOT(ifplabel); 1352101099Srwatson 1353105656Srwatson mac_biba_copy(source, dest); 1354101099Srwatson} 1355101099Srwatson 1356101099Srwatsonstatic void 1357168976Srwatsonmac_biba_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, 1358168976Srwatson struct label *ipqlabel) 1359101099Srwatson{ 1360101099Srwatson 1361101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1362101099Srwatson} 1363101099Srwatson 1364122875Srwatsonstatic void 1365122875Srwatsonmac_biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1366122875Srwatson struct inpcb *inp, struct label *inplabel) 1367122875Srwatson{ 1368122875Srwatson struct mac_biba *source, *dest; 1369122875Srwatson 1370122875Srwatson source = SLOT(solabel); 1371122875Srwatson dest = SLOT(inplabel); 1372122875Srwatson 1373122875Srwatson mac_biba_copy(source, dest); 1374122875Srwatson} 1375122875Srwatson 1376162238Scsjpstatic void 1377162238Scsjpmac_biba_create_mbuf_from_firewall(struct mbuf *m, struct label *label) 1378162238Scsjp{ 1379162238Scsjp struct mac_biba *dest; 1380162238Scsjp 1381162238Scsjp dest = SLOT(label); 1382162238Scsjp 1383162238Scsjp /* XXX: where is the label for the firewall really comming from? */ 1384162238Scsjp mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1385162238Scsjp} 1386162238Scsjp 1387101099Srwatson/* 1388101099Srwatson * Labeling event operations: processes. 1389101099Srwatson */ 1390101099Srwatsonstatic void 1391101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 1392101099Srwatson{ 1393101099Srwatson struct mac_biba *dest; 1394101099Srwatson 1395122524Srwatson dest = SLOT(cred->cr_label); 1396101099Srwatson 1397132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1398105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1399105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1400101099Srwatson} 1401101099Srwatson 1402101099Srwatsonstatic void 1403101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 1404101099Srwatson{ 1405101099Srwatson struct mac_biba *dest; 1406101099Srwatson 1407122524Srwatson dest = SLOT(cred->cr_label); 1408101099Srwatson 1409132232Srwatson mac_biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1410105643Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, 1411105643Srwatson MAC_BIBA_TYPE_HIGH, 0, NULL); 1412101099Srwatson} 1413101099Srwatson 1414101099Srwatsonstatic void 1415101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1416101099Srwatson{ 1417101099Srwatson struct mac_biba *source, *dest; 1418101099Srwatson 1419101099Srwatson source = SLOT(newlabel); 1420122524Srwatson dest = SLOT(cred->cr_label); 1421101099Srwatson 1422105656Srwatson mac_biba_copy(source, dest); 1423101099Srwatson} 1424101099Srwatson 1425101099Srwatson/* 1426140628Srwatson * Label cleanup/flush operations 1427140628Srwatson */ 1428140628Srwatsonstatic void 1429140628Srwatsonmac_biba_cleanup_sysv_msgmsg(struct label *msglabel) 1430140628Srwatson{ 1431140628Srwatson 1432140628Srwatson bzero(SLOT(msglabel), sizeof(struct mac_biba)); 1433140628Srwatson} 1434140628Srwatson 1435140628Srwatsonstatic void 1436140628Srwatsonmac_biba_cleanup_sysv_msgqueue(struct label *msqlabel) 1437140628Srwatson{ 1438140628Srwatson 1439140628Srwatson bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 1440140628Srwatson} 1441140628Srwatson 1442140628Srwatsonstatic void 1443147091Srwatsonmac_biba_cleanup_sysv_sem(struct label *semalabel) 1444140628Srwatson{ 1445140628Srwatson 1446140628Srwatson bzero(SLOT(semalabel), sizeof(struct mac_biba)); 1447140628Srwatson} 1448140628Srwatson 1449140628Srwatsonstatic void 1450140628Srwatsonmac_biba_cleanup_sysv_shm(struct label *shmlabel) 1451140628Srwatson{ 1452140628Srwatson bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 1453140628Srwatson} 1454140628Srwatson 1455140628Srwatson/* 1456101099Srwatson * Access control checks. 1457101099Srwatson */ 1458101099Srwatsonstatic int 1459168976Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, 1460168976Srwatson struct ifnet *ifp, struct label *ifplabel) 1461101099Srwatson{ 1462101099Srwatson struct mac_biba *a, *b; 1463101099Srwatson 1464101099Srwatson if (!mac_biba_enabled) 1465101099Srwatson return (0); 1466101099Srwatson 1467168976Srwatson a = SLOT(dlabel); 1468168976Srwatson b = SLOT(ifplabel); 1469101099Srwatson 1470132232Srwatson if (mac_biba_equal_effective(a, b)) 1471101099Srwatson return (0); 1472101099Srwatson return (EACCES); 1473101099Srwatson} 1474101099Srwatson 1475101099Srwatsonstatic int 1476101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1477101099Srwatson{ 1478101099Srwatson struct mac_biba *subj, *new; 1479105634Srwatson int error; 1480101099Srwatson 1481122524Srwatson subj = SLOT(cred->cr_label); 1482101099Srwatson new = SLOT(newlabel); 1483101099Srwatson 1484101099Srwatson /* 1485105634Srwatson * If there is a Biba label update for the credential, it may 1486132232Srwatson * be an update of the effective, range, or both. 1487101099Srwatson */ 1488105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1489105634Srwatson if (error) 1490105634Srwatson return (error); 1491101099Srwatson 1492101099Srwatson /* 1493105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1494101099Srwatson */ 1495105634Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1496105634Srwatson /* 1497110351Srwatson * If the change request modifies both the Biba label 1498132232Srwatson * effective and range, check that the new effective will be 1499110351Srwatson * in the new range. 1500110351Srwatson */ 1501110351Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 1502110351Srwatson MAC_BIBA_FLAGS_BOTH && 1503132232Srwatson !mac_biba_effective_in_range(new, new)) 1504110351Srwatson return (EINVAL); 1505110351Srwatson 1506110351Srwatson /* 1507132232Srwatson * To change the Biba effective label on a credential, the 1508132232Srwatson * new effective label must be in the current range. 1509105634Srwatson */ 1510132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 1511132232Srwatson !mac_biba_effective_in_range(new, subj)) 1512105634Srwatson return (EPERM); 1513101099Srwatson 1514105634Srwatson /* 1515105634Srwatson * To change the Biba range on a credential, the new 1516105634Srwatson * range label must be in the current range. 1517105634Srwatson */ 1518105634Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 1519105634Srwatson !mac_biba_range_in_range(new, subj)) 1520105634Srwatson return (EPERM); 1521101099Srwatson 1522105634Srwatson /* 1523105634Srwatson * To have EQUAL in any component of the new credential 1524105634Srwatson * Biba label, the subject must already have EQUAL in 1525105634Srwatson * their label. 1526105634Srwatson */ 1527105634Srwatson if (mac_biba_contains_equal(new)) { 1528106090Srwatson error = mac_biba_subject_privileged(subj); 1529105634Srwatson if (error) 1530105634Srwatson return (error); 1531105634Srwatson } 1532105634Srwatson } 1533105634Srwatson 1534101099Srwatson return (0); 1535101099Srwatson} 1536101099Srwatson 1537101099Srwatsonstatic int 1538101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1539101099Srwatson{ 1540101099Srwatson struct mac_biba *subj, *obj; 1541101099Srwatson 1542101099Srwatson if (!mac_biba_enabled) 1543101099Srwatson return (0); 1544101099Srwatson 1545122524Srwatson subj = SLOT(u1->cr_label); 1546122524Srwatson obj = SLOT(u2->cr_label); 1547101099Srwatson 1548101099Srwatson /* XXX: range */ 1549132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1550101099Srwatson return (ESRCH); 1551101099Srwatson 1552101099Srwatson return (0); 1553101099Srwatson} 1554101099Srwatson 1555101099Srwatsonstatic int 1556168976Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 1557168976Srwatson struct label *ifplabel, struct label *newlabel) 1558101099Srwatson{ 1559101099Srwatson struct mac_biba *subj, *new; 1560105634Srwatson int error; 1561101099Srwatson 1562122524Srwatson subj = SLOT(cred->cr_label); 1563101099Srwatson new = SLOT(newlabel); 1564101099Srwatson 1565105634Srwatson /* 1566105634Srwatson * If there is a Biba label update for the interface, it may 1567132232Srwatson * be an update of the effective, range, or both. 1568105634Srwatson */ 1569105634Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1570105634Srwatson if (error) 1571105634Srwatson return (error); 1572101099Srwatson 1573105634Srwatson /* 1574106160Srwatson * Relabling network interfaces requires Biba privilege. 1575106160Srwatson */ 1576106160Srwatson error = mac_biba_subject_privileged(subj); 1577106160Srwatson if (error) 1578106160Srwatson return (error); 1579106160Srwatson 1580105634Srwatson return (0); 1581101099Srwatson} 1582101099Srwatson 1583103759Srwatsonstatic int 1584168976Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, 1585168976Srwatson struct mbuf *m, struct label *mlabel) 1586101099Srwatson{ 1587101099Srwatson struct mac_biba *p, *i; 1588103761Srwatson 1589101099Srwatson if (!mac_biba_enabled) 1590101099Srwatson return (0); 1591101099Srwatson 1592168976Srwatson p = SLOT(mlabel); 1593168976Srwatson i = SLOT(ifplabel); 1594103759Srwatson 1595132232Srwatson return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); 1596101099Srwatson} 1597101099Srwatson 1598101099Srwatsonstatic int 1599122875Srwatsonmac_biba_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 1600122875Srwatson struct mbuf *m, struct label *mlabel) 1601122875Srwatson{ 1602122875Srwatson struct mac_biba *p, *i; 1603122875Srwatson 1604122875Srwatson if (!mac_biba_enabled) 1605122875Srwatson return (0); 1606122875Srwatson 1607122875Srwatson p = SLOT(mlabel); 1608122875Srwatson i = SLOT(inplabel); 1609122875Srwatson 1610132232Srwatson return (mac_biba_equal_effective(p, i) ? 0 : EACCES); 1611122875Srwatson} 1612122875Srwatson 1613122875Srwatsonstatic int 1614140628Srwatsonmac_biba_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, 1615140628Srwatson struct label *msglabel) 1616140628Srwatson{ 1617140628Srwatson struct mac_biba *subj, *obj; 1618140628Srwatson 1619140628Srwatson if (!mac_biba_enabled) 1620140628Srwatson return (0); 1621140628Srwatson 1622140628Srwatson subj = SLOT(cred->cr_label); 1623140628Srwatson obj = SLOT(msglabel); 1624140628Srwatson 1625140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1626140628Srwatson return (EACCES); 1627140628Srwatson 1628140628Srwatson return (0); 1629140628Srwatson} 1630140628Srwatson 1631140628Srwatsonstatic int 1632140628Srwatsonmac_biba_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, 1633140628Srwatson struct label *msglabel) 1634140628Srwatson{ 1635140628Srwatson struct mac_biba *subj, *obj; 1636140628Srwatson 1637140628Srwatson if (!mac_biba_enabled) 1638140628Srwatson return (0); 1639140628Srwatson 1640140628Srwatson subj = SLOT(cred->cr_label); 1641140628Srwatson obj = SLOT(msglabel); 1642140628Srwatson 1643140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1644140628Srwatson return (EACCES); 1645140628Srwatson 1646140628Srwatson return (0); 1647140628Srwatson} 1648140628Srwatson 1649140628Srwatsonstatic int 1650140628Srwatsonmac_biba_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 1651140628Srwatson struct label *msqklabel) 1652140628Srwatson{ 1653140628Srwatson struct mac_biba *subj, *obj; 1654140628Srwatson 1655140628Srwatson if (!mac_biba_enabled) 1656140628Srwatson return (0); 1657140628Srwatson 1658140628Srwatson subj = SLOT(cred->cr_label); 1659140628Srwatson obj = SLOT(msqklabel); 1660140628Srwatson 1661140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1662140628Srwatson return (EACCES); 1663140628Srwatson 1664140628Srwatson return (0); 1665140628Srwatson} 1666140628Srwatson 1667140628Srwatsonstatic int 1668140628Srwatsonmac_biba_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 1669140628Srwatson struct label *msqklabel) 1670140628Srwatson{ 1671140628Srwatson struct mac_biba *subj, *obj; 1672140628Srwatson 1673140628Srwatson if (!mac_biba_enabled) 1674140628Srwatson return (0); 1675140628Srwatson 1676140628Srwatson subj = SLOT(cred->cr_label); 1677140628Srwatson obj = SLOT(msqklabel); 1678140628Srwatson 1679140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1680140628Srwatson return (EACCES); 1681140628Srwatson 1682140628Srwatson return (0); 1683140628Srwatson} 1684140628Srwatson 1685140628Srwatsonstatic int 1686140628Srwatsonmac_biba_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 1687140628Srwatson struct label *msqklabel) 1688140628Srwatson{ 1689140628Srwatson struct mac_biba *subj, *obj; 1690140628Srwatson 1691140628Srwatson if (!mac_biba_enabled) 1692140628Srwatson return (0); 1693140628Srwatson 1694140628Srwatson subj = SLOT(cred->cr_label); 1695140628Srwatson obj = SLOT(msqklabel); 1696140628Srwatson 1697140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1698140628Srwatson return (EACCES); 1699140628Srwatson 1700140628Srwatson return (0); 1701140628Srwatson} 1702140628Srwatson 1703140628Srwatson 1704140628Srwatsonstatic int 1705140628Srwatsonmac_biba_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 1706140628Srwatson struct label *msqklabel, int cmd) 1707140628Srwatson{ 1708140628Srwatson struct mac_biba *subj, *obj; 1709140628Srwatson 1710140628Srwatson if (!mac_biba_enabled) 1711140628Srwatson return (0); 1712140628Srwatson 1713140628Srwatson subj = SLOT(cred->cr_label); 1714140628Srwatson obj = SLOT(msqklabel); 1715140628Srwatson 1716140628Srwatson switch(cmd) { 1717140628Srwatson case IPC_RMID: 1718140628Srwatson case IPC_SET: 1719140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1720140628Srwatson return (EACCES); 1721140628Srwatson break; 1722140628Srwatson 1723140628Srwatson case IPC_STAT: 1724140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1725140628Srwatson return (EACCES); 1726140628Srwatson break; 1727140628Srwatson 1728140628Srwatson default: 1729140628Srwatson return (EACCES); 1730140628Srwatson } 1731140628Srwatson 1732140628Srwatson return (0); 1733140628Srwatson} 1734140628Srwatson 1735140628Srwatsonstatic int 1736140628Srwatsonmac_biba_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, 1737140628Srwatson struct label *semaklabel, int cmd) 1738140628Srwatson{ 1739140628Srwatson struct mac_biba *subj, *obj; 1740140628Srwatson 1741140628Srwatson if (!mac_biba_enabled) 1742140628Srwatson return (0); 1743140628Srwatson 1744140628Srwatson subj = SLOT(cred->cr_label); 1745140628Srwatson obj = SLOT(semaklabel); 1746140628Srwatson 1747140628Srwatson switch(cmd) { 1748140628Srwatson case IPC_RMID: 1749140628Srwatson case IPC_SET: 1750140628Srwatson case SETVAL: 1751140628Srwatson case SETALL: 1752140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1753140628Srwatson return (EACCES); 1754140628Srwatson break; 1755140628Srwatson 1756140628Srwatson case IPC_STAT: 1757140628Srwatson case GETVAL: 1758140628Srwatson case GETPID: 1759140628Srwatson case GETNCNT: 1760140628Srwatson case GETZCNT: 1761140628Srwatson case GETALL: 1762140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1763140628Srwatson return (EACCES); 1764140628Srwatson break; 1765140628Srwatson 1766140628Srwatson default: 1767140628Srwatson return (EACCES); 1768140628Srwatson } 1769140628Srwatson 1770140628Srwatson return (0); 1771140628Srwatson} 1772140628Srwatson 1773140628Srwatsonstatic int 1774140628Srwatsonmac_biba_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, 1775140628Srwatson struct label *semaklabel) 1776140628Srwatson{ 1777140628Srwatson struct mac_biba *subj, *obj; 1778140628Srwatson 1779140628Srwatson if (!mac_biba_enabled) 1780140628Srwatson return (0); 1781140628Srwatson 1782140628Srwatson subj = SLOT(cred->cr_label); 1783140628Srwatson obj = SLOT(semaklabel); 1784140628Srwatson 1785140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1786140628Srwatson return (EACCES); 1787140628Srwatson 1788140628Srwatson return (0); 1789140628Srwatson} 1790140628Srwatson 1791140628Srwatson 1792140628Srwatsonstatic int 1793140628Srwatsonmac_biba_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, 1794140628Srwatson struct label *semaklabel, size_t accesstype) 1795140628Srwatson{ 1796140628Srwatson struct mac_biba *subj, *obj; 1797140628Srwatson 1798140628Srwatson if (!mac_biba_enabled) 1799140628Srwatson return (0); 1800140628Srwatson 1801140628Srwatson subj = SLOT(cred->cr_label); 1802140628Srwatson obj = SLOT(semaklabel); 1803140628Srwatson 1804140628Srwatson if (accesstype & SEM_R) 1805140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1806140628Srwatson return (EACCES); 1807140628Srwatson 1808140628Srwatson if (accesstype & SEM_A) 1809140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1810140628Srwatson return (EACCES); 1811140628Srwatson 1812140628Srwatson return (0); 1813140628Srwatson} 1814140628Srwatson 1815140628Srwatsonstatic int 1816140628Srwatsonmac_biba_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 1817140628Srwatson struct label *shmseglabel, int shmflg) 1818140628Srwatson{ 1819140628Srwatson struct mac_biba *subj, *obj; 1820140628Srwatson 1821140628Srwatson if (!mac_biba_enabled) 1822140628Srwatson return (0); 1823140628Srwatson 1824140628Srwatson subj = SLOT(cred->cr_label); 1825140628Srwatson obj = SLOT(shmseglabel); 1826140628Srwatson 1827140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1828140628Srwatson return (EACCES); 1829140628Srwatson if ((shmflg & SHM_RDONLY) == 0) { 1830140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1831140628Srwatson return (EACCES); 1832140628Srwatson } 1833140628Srwatson 1834140628Srwatson return (0); 1835140628Srwatson} 1836140628Srwatson 1837140628Srwatsonstatic int 1838140628Srwatsonmac_biba_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 1839140628Srwatson struct label *shmseglabel, int cmd) 1840140628Srwatson{ 1841140628Srwatson struct mac_biba *subj, *obj; 1842140628Srwatson 1843140628Srwatson if (!mac_biba_enabled) 1844140628Srwatson return (0); 1845140628Srwatson 1846140628Srwatson subj = SLOT(cred->cr_label); 1847140628Srwatson obj = SLOT(shmseglabel); 1848140628Srwatson 1849140628Srwatson switch(cmd) { 1850140628Srwatson case IPC_RMID: 1851140628Srwatson case IPC_SET: 1852140628Srwatson if (!mac_biba_dominate_effective(subj, obj)) 1853140628Srwatson return (EACCES); 1854140628Srwatson break; 1855140628Srwatson 1856140628Srwatson case IPC_STAT: 1857140628Srwatson case SHM_STAT: 1858140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1859140628Srwatson return (EACCES); 1860140628Srwatson break; 1861140628Srwatson 1862140628Srwatson default: 1863140628Srwatson return (EACCES); 1864140628Srwatson } 1865140628Srwatson 1866140628Srwatson return (0); 1867140628Srwatson} 1868140628Srwatson 1869140628Srwatsonstatic int 1870140628Srwatsonmac_biba_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 1871140628Srwatson struct label *shmseglabel, int shmflg) 1872140628Srwatson{ 1873140628Srwatson struct mac_biba *subj, *obj; 1874140628Srwatson 1875140628Srwatson if (!mac_biba_enabled) 1876140628Srwatson return (0); 1877140628Srwatson 1878140628Srwatson subj = SLOT(cred->cr_label); 1879140628Srwatson obj = SLOT(shmseglabel); 1880140628Srwatson 1881140628Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1882140628Srwatson return (EACCES); 1883140628Srwatson 1884140628Srwatson return (0); 1885140628Srwatson} 1886140628Srwatson 1887140628Srwatsonstatic int 1888110354Srwatsonmac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, 1889168976Srwatson struct label *vplabel) 1890110354Srwatson{ 1891110354Srwatson struct mac_biba *subj, *obj; 1892110354Srwatson int error; 1893110354Srwatson 1894110354Srwatson if (!mac_biba_enabled) 1895110354Srwatson return (0); 1896110354Srwatson 1897122524Srwatson subj = SLOT(cred->cr_label); 1898110354Srwatson 1899110354Srwatson error = mac_biba_subject_privileged(subj); 1900110354Srwatson if (error) 1901110354Srwatson return (error); 1902110354Srwatson 1903168976Srwatson obj = SLOT(vplabel); 1904132232Srwatson if (!mac_biba_high_effective(obj)) 1905110354Srwatson return (EACCES); 1906110354Srwatson 1907110354Srwatson return (0); 1908110354Srwatson} 1909110354Srwatson 1910110354Srwatsonstatic int 1911101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1912168976Srwatson struct label *mplabel) 1913101099Srwatson{ 1914101099Srwatson struct mac_biba *subj, *obj; 1915101099Srwatson 1916101099Srwatson if (!mac_biba_enabled) 1917101099Srwatson return (0); 1918101099Srwatson 1919122524Srwatson subj = SLOT(cred->cr_label); 1920168976Srwatson obj = SLOT(mplabel); 1921101099Srwatson 1922132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1923101099Srwatson return (EACCES); 1924101099Srwatson 1925101099Srwatson return (0); 1926101099Srwatson} 1927101099Srwatson 1928101099Srwatsonstatic int 1929125293Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 1930168976Srwatson struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1931101099Srwatson{ 1932103759Srwatson 1933101099Srwatson if(!mac_biba_enabled) 1934101099Srwatson return (0); 1935101099Srwatson 1936101099Srwatson /* XXX: This will be implemented soon... */ 1937101099Srwatson 1938101099Srwatson return (0); 1939101099Srwatson} 1940101099Srwatson 1941101099Srwatsonstatic int 1942125293Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 1943168976Srwatson struct label *pplabel) 1944101099Srwatson{ 1945101099Srwatson struct mac_biba *subj, *obj; 1946101099Srwatson 1947101099Srwatson if (!mac_biba_enabled) 1948101099Srwatson return (0); 1949101099Srwatson 1950122524Srwatson subj = SLOT(cred->cr_label); 1951168976Srwatson obj = SLOT(pplabel); 1952101099Srwatson 1953132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1954102115Srwatson return (EACCES); 1955101099Srwatson 1956101099Srwatson return (0); 1957101099Srwatson} 1958101099Srwatson 1959101099Srwatsonstatic int 1960125293Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, 1961168976Srwatson struct label *pplabel) 1962102115Srwatson{ 1963102115Srwatson struct mac_biba *subj, *obj; 1964102115Srwatson 1965102115Srwatson if (!mac_biba_enabled) 1966102115Srwatson return (0); 1967102115Srwatson 1968122524Srwatson subj = SLOT(cred->cr_label); 1969168976Srwatson obj = SLOT(pplabel); 1970102115Srwatson 1971132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 1972102115Srwatson return (EACCES); 1973102115Srwatson 1974102115Srwatson return (0); 1975102115Srwatson} 1976102115Srwatson 1977102115Srwatsonstatic int 1978125293Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1979168976Srwatson struct label *pplabel, struct label *newlabel) 1980101099Srwatson{ 1981101099Srwatson struct mac_biba *subj, *obj, *new; 1982105634Srwatson int error; 1983101099Srwatson 1984101099Srwatson new = SLOT(newlabel); 1985122524Srwatson subj = SLOT(cred->cr_label); 1986168976Srwatson obj = SLOT(pplabel); 1987101099Srwatson 1988101099Srwatson /* 1989105634Srwatson * If there is a Biba label update for a pipe, it must be a 1990132232Srwatson * effective update. 1991101099Srwatson */ 1992132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1993105634Srwatson if (error) 1994105634Srwatson return (error); 1995101099Srwatson 1996101099Srwatson /* 1997105634Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1998105634Srwatson * authorize the relabel. 1999101099Srwatson */ 2000132232Srwatson if (!mac_biba_effective_in_range(obj, subj)) 2001101099Srwatson return (EPERM); 2002101099Srwatson 2003101099Srwatson /* 2004105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2005101099Srwatson */ 2006132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2007105634Srwatson /* 2008105634Srwatson * To change the Biba label on a pipe, the new pipe label 2009105634Srwatson * must be in the subject range. 2010105634Srwatson */ 2011132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2012105634Srwatson return (EPERM); 2013101099Srwatson 2014105634Srwatson /* 2015105634Srwatson * To change the Biba label on a pipe to be EQUAL, the 2016105634Srwatson * subject must have appropriate privilege. 2017105634Srwatson */ 2018105634Srwatson if (mac_biba_contains_equal(new)) { 2019106090Srwatson error = mac_biba_subject_privileged(subj); 2020105634Srwatson if (error) 2021105634Srwatson return (error); 2022105634Srwatson } 2023105634Srwatson } 2024105634Srwatson 2025101099Srwatson return (0); 2026101099Srwatson} 2027101099Srwatson 2028101099Srwatsonstatic int 2029125293Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 2030168976Srwatson struct label *pplabel) 2031102115Srwatson{ 2032102115Srwatson struct mac_biba *subj, *obj; 2033102115Srwatson 2034102115Srwatson if (!mac_biba_enabled) 2035102115Srwatson return (0); 2036102115Srwatson 2037122524Srwatson subj = SLOT(cred->cr_label); 2038168976Srwatson obj = SLOT(pplabel); 2039102115Srwatson 2040132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2041102115Srwatson return (EACCES); 2042102115Srwatson 2043102115Srwatson return (0); 2044102115Srwatson} 2045102115Srwatson 2046102115Srwatsonstatic int 2047125293Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, 2048168976Srwatson struct label *pplabel) 2049102115Srwatson{ 2050102115Srwatson struct mac_biba *subj, *obj; 2051102115Srwatson 2052102115Srwatson if (!mac_biba_enabled) 2053102115Srwatson return (0); 2054102115Srwatson 2055122524Srwatson subj = SLOT(cred->cr_label); 2056168976Srwatson obj = SLOT(pplabel); 2057102115Srwatson 2058132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2059102115Srwatson return (EACCES); 2060102115Srwatson 2061102115Srwatson return (0); 2062102115Srwatson} 2063102115Srwatson 2064102115Srwatsonstatic int 2065172850Srwatsonmac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ks, 2066172850Srwatson struct label *kslabel) 2067145855Srwatson{ 2068145855Srwatson struct mac_biba *subj, *obj; 2069145855Srwatson 2070145855Srwatson if (!mac_biba_enabled) 2071145855Srwatson return (0); 2072145855Srwatson 2073145855Srwatson subj = SLOT(cred->cr_label); 2074172850Srwatson obj = SLOT(kslabel); 2075145855Srwatson 2076145855Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2077145855Srwatson return (EACCES); 2078145855Srwatson 2079145855Srwatson return (0); 2080145855Srwatson} 2081145855Srwatson 2082145855Srwatsonstatic int 2083172850Srwatsonmac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ks, 2084172850Srwatson struct label *kslabel) 2085145855Srwatson{ 2086145855Srwatson struct mac_biba *subj, *obj; 2087145855Srwatson 2088145855Srwatson if (!mac_biba_enabled) 2089145855Srwatson return (0); 2090145855Srwatson 2091145855Srwatson subj = SLOT(cred->cr_label); 2092172850Srwatson obj = SLOT(kslabel); 2093145855Srwatson 2094145855Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2095145855Srwatson return (EACCES); 2096145855Srwatson 2097145855Srwatson return (0); 2098145855Srwatson} 2099145855Srwatson 2100145855Srwatsonstatic int 2101168976Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *p) 2102101099Srwatson{ 2103101099Srwatson struct mac_biba *subj, *obj; 2104101099Srwatson 2105101099Srwatson if (!mac_biba_enabled) 2106101099Srwatson return (0); 2107101099Srwatson 2108122524Srwatson subj = SLOT(cred->cr_label); 2109168976Srwatson obj = SLOT(p->p_ucred->cr_label); 2110101099Srwatson 2111101099Srwatson /* XXX: range checks */ 2112132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2113101099Srwatson return (ESRCH); 2114132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2115101099Srwatson return (EACCES); 2116101099Srwatson 2117101099Srwatson return (0); 2118101099Srwatson} 2119101099Srwatson 2120101099Srwatsonstatic int 2121168976Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *p) 2122101099Srwatson{ 2123101099Srwatson struct mac_biba *subj, *obj; 2124103759Srwatson 2125101099Srwatson if (!mac_biba_enabled) 2126101099Srwatson return (0); 2127101099Srwatson 2128122524Srwatson subj = SLOT(cred->cr_label); 2129168976Srwatson obj = SLOT(p->p_ucred->cr_label); 2130103759Srwatson 2131101099Srwatson /* XXX: range checks */ 2132132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2133101099Srwatson return (ESRCH); 2134132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2135101099Srwatson return (EACCES); 2136101099Srwatson 2137101099Srwatson return (0); 2138101099Srwatson} 2139101099Srwatson 2140101099Srwatsonstatic int 2141168976Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *p, int signum) 2142101099Srwatson{ 2143101099Srwatson struct mac_biba *subj, *obj; 2144103759Srwatson 2145101099Srwatson if (!mac_biba_enabled) 2146101099Srwatson return (0); 2147101099Srwatson 2148122524Srwatson subj = SLOT(cred->cr_label); 2149168976Srwatson obj = SLOT(p->p_ucred->cr_label); 2150103759Srwatson 2151101099Srwatson /* XXX: range checks */ 2152132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2153101099Srwatson return (ESRCH); 2154132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2155101099Srwatson return (EACCES); 2156101099Srwatson 2157101099Srwatson return (0); 2158101099Srwatson} 2159101099Srwatson 2160101099Srwatsonstatic int 2161168976Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *solabel, 2162168976Srwatson struct mbuf *m, struct label *mlabel) 2163101099Srwatson{ 2164101099Srwatson struct mac_biba *p, *s; 2165101099Srwatson 2166101099Srwatson if (!mac_biba_enabled) 2167101099Srwatson return (0); 2168101099Srwatson 2169168976Srwatson p = SLOT(mlabel); 2170168976Srwatson s = SLOT(solabel); 2171101099Srwatson 2172132232Srwatson return (mac_biba_equal_effective(p, s) ? 0 : EACCES); 2173101099Srwatson} 2174101099Srwatson 2175101099Srwatsonstatic int 2176106214Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, 2177168976Srwatson struct label *solabel, struct label *newlabel) 2178101099Srwatson{ 2179101099Srwatson struct mac_biba *subj, *obj, *new; 2180105634Srwatson int error; 2181101099Srwatson 2182101099Srwatson new = SLOT(newlabel); 2183122524Srwatson subj = SLOT(cred->cr_label); 2184168976Srwatson obj = SLOT(solabel); 2185101099Srwatson 2186101099Srwatson /* 2187105634Srwatson * If there is a Biba label update for the socket, it may be 2188132232Srwatson * an update of effective. 2189101099Srwatson */ 2190132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2191105634Srwatson if (error) 2192105634Srwatson return (error); 2193101099Srwatson 2194101099Srwatson /* 2195132232Srwatson * To relabel a socket, the old socket effective must be in the subject 2196101099Srwatson * range. 2197101099Srwatson */ 2198132232Srwatson if (!mac_biba_effective_in_range(obj, subj)) 2199101099Srwatson return (EPERM); 2200101099Srwatson 2201101099Srwatson /* 2202105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2203101099Srwatson */ 2204132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2205105634Srwatson /* 2206132232Srwatson * To relabel a socket, the new socket effective must be in 2207105634Srwatson * the subject range. 2208105634Srwatson */ 2209132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2210105634Srwatson return (EPERM); 2211101099Srwatson 2212105634Srwatson /* 2213105634Srwatson * To change the Biba label on the socket to contain EQUAL, 2214105634Srwatson * the subject must have appropriate privilege. 2215105634Srwatson */ 2216105634Srwatson if (mac_biba_contains_equal(new)) { 2217106090Srwatson error = mac_biba_subject_privileged(subj); 2218105634Srwatson if (error) 2219105634Srwatson return (error); 2220105634Srwatson } 2221105634Srwatson } 2222105634Srwatson 2223101099Srwatson return (0); 2224101099Srwatson} 2225101099Srwatson 2226101099Srwatsonstatic int 2227168976Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *so, 2228168976Srwatson struct label *solabel) 2229101099Srwatson{ 2230101099Srwatson struct mac_biba *subj, *obj; 2231101099Srwatson 2232105722Srwatson if (!mac_biba_enabled) 2233105722Srwatson return (0); 2234105722Srwatson 2235122524Srwatson subj = SLOT(cred->cr_label); 2236168976Srwatson obj = SLOT(solabel); 2237101099Srwatson 2238132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2239101099Srwatson return (ENOENT); 2240101099Srwatson 2241101099Srwatson return (0); 2242101099Srwatson} 2243101099Srwatson 2244168951Srwatson/* 2245168951Srwatson * Some system privileges are allowed regardless of integrity grade; others 2246168951Srwatson * are allowed only when running with privilege with respect to the Biba 2247168951Srwatson * policy as they might otherwise allow bypassing of the integrity policy. 2248168951Srwatson */ 2249101099Srwatsonstatic int 2250168951Srwatsonmac_biba_priv_check(struct ucred *cred, int priv) 2251112574Srwatson{ 2252112574Srwatson struct mac_biba *subj; 2253112574Srwatson int error; 2254112574Srwatson 2255112574Srwatson if (!mac_biba_enabled) 2256112574Srwatson return (0); 2257112574Srwatson 2258168951Srwatson /* 2259168951Srwatson * Exempt only specific privileges from the Biba integrity policy. 2260168951Srwatson */ 2261168951Srwatson switch (priv) { 2262168951Srwatson case PRIV_KTRACE: 2263168951Srwatson case PRIV_MSGBUF: 2264112574Srwatson 2265168951Srwatson /* 2266168951Srwatson * Allow processes to manipulate basic process audit properties, and 2267168951Srwatson * to submit audit records. 2268168951Srwatson */ 2269168951Srwatson case PRIV_AUDIT_GETAUDIT: 2270168951Srwatson case PRIV_AUDIT_SETAUDIT: 2271168951Srwatson case PRIV_AUDIT_SUBMIT: 2272112574Srwatson 2273168951Srwatson /* 2274168951Srwatson * Allow processes to manipulate their regular UNIX credentials. 2275168951Srwatson */ 2276168951Srwatson case PRIV_CRED_SETUID: 2277168951Srwatson case PRIV_CRED_SETEUID: 2278168951Srwatson case PRIV_CRED_SETGID: 2279168951Srwatson case PRIV_CRED_SETEGID: 2280168951Srwatson case PRIV_CRED_SETGROUPS: 2281168951Srwatson case PRIV_CRED_SETREUID: 2282168951Srwatson case PRIV_CRED_SETREGID: 2283168951Srwatson case PRIV_CRED_SETRESUID: 2284168951Srwatson case PRIV_CRED_SETRESGID: 2285168951Srwatson 2286168951Srwatson /* 2287168951Srwatson * Allow processes to perform system monitoring. 2288168951Srwatson */ 2289168951Srwatson case PRIV_SEEOTHERGIDS: 2290168951Srwatson case PRIV_SEEOTHERUIDS: 2291168951Srwatson break; 2292168951Srwatson 2293168951Srwatson /* 2294168951Srwatson * Allow access to general process debugging facilities. We 2295168951Srwatson * separately control debugging based on MAC label. 2296168951Srwatson */ 2297168951Srwatson case PRIV_DEBUG_DIFFCRED: 2298168951Srwatson case PRIV_DEBUG_SUGID: 2299168951Srwatson case PRIV_DEBUG_UNPRIV: 2300168951Srwatson 2301168951Srwatson /* 2302168951Srwatson * Allow manipulating jails. 2303168951Srwatson */ 2304168951Srwatson case PRIV_JAIL_ATTACH: 2305168951Srwatson 2306168951Srwatson /* 2307168951Srwatson * Allow privilege with respect to the Partition policy, but not the 2308168951Srwatson * Privs policy. 2309168951Srwatson */ 2310168951Srwatson case PRIV_MAC_PARTITION: 2311168951Srwatson 2312168951Srwatson /* 2313168951Srwatson * Allow privilege with respect to process resource limits and login 2314168951Srwatson * context. 2315168951Srwatson */ 2316168951Srwatson case PRIV_PROC_LIMIT: 2317168951Srwatson case PRIV_PROC_SETLOGIN: 2318168951Srwatson case PRIV_PROC_SETRLIMIT: 2319168951Srwatson 2320168951Srwatson /* 2321168951Srwatson * Allow System V and POSIX IPC privileges. 2322168951Srwatson */ 2323168951Srwatson case PRIV_IPC_READ: 2324168951Srwatson case PRIV_IPC_WRITE: 2325168951Srwatson case PRIV_IPC_ADMIN: 2326168951Srwatson case PRIV_IPC_MSGSIZE: 2327168951Srwatson case PRIV_MQ_ADMIN: 2328168951Srwatson 2329168951Srwatson /* 2330168951Srwatson * Allow certain scheduler manipulations -- possibly this should be 2331168951Srwatson * controlled by more fine-grained policy, as potentially low 2332168951Srwatson * integrity processes can deny CPU to higher integrity ones. 2333168951Srwatson */ 2334168951Srwatson case PRIV_SCHED_DIFFCRED: 2335168951Srwatson case PRIV_SCHED_SETPRIORITY: 2336168951Srwatson case PRIV_SCHED_RTPRIO: 2337168951Srwatson case PRIV_SCHED_SETPOLICY: 2338168951Srwatson case PRIV_SCHED_SET: 2339168951Srwatson case PRIV_SCHED_SETPARAM: 2340168951Srwatson 2341168951Srwatson /* 2342168951Srwatson * More IPC privileges. 2343168951Srwatson */ 2344168951Srwatson case PRIV_SEM_WRITE: 2345168951Srwatson 2346168951Srwatson /* 2347168951Srwatson * Allow signaling privileges subject to integrity policy. 2348168951Srwatson */ 2349168951Srwatson case PRIV_SIGNAL_DIFFCRED: 2350168951Srwatson case PRIV_SIGNAL_SUGID: 2351168951Srwatson 2352168951Srwatson /* 2353168951Srwatson * Allow access to only limited sysctls from lower integrity levels; 2354168951Srwatson * piggy-back on the Jail definition. 2355168951Srwatson */ 2356168951Srwatson case PRIV_SYSCTL_WRITEJAIL: 2357168951Srwatson 2358168951Srwatson /* 2359168951Srwatson * Allow TTY-based privileges, subject to general device access using 2360168951Srwatson * labels on TTY device nodes, but not console privilege. 2361168951Srwatson */ 2362168951Srwatson case PRIV_TTY_DRAINWAIT: 2363168951Srwatson case PRIV_TTY_DTRWAIT: 2364168951Srwatson case PRIV_TTY_EXCLUSIVE: 2365168951Srwatson case PRIV_TTY_PRISON: 2366168951Srwatson case PRIV_TTY_STI: 2367168951Srwatson case PRIV_TTY_SETA: 2368168951Srwatson 2369168951Srwatson /* 2370168951Srwatson * Grant most VFS privileges, as almost all are in practice bounded 2371168951Srwatson * by more specific checks using labels. 2372168951Srwatson */ 2373168951Srwatson case PRIV_VFS_READ: 2374168951Srwatson case PRIV_VFS_WRITE: 2375168951Srwatson case PRIV_VFS_ADMIN: 2376168951Srwatson case PRIV_VFS_EXEC: 2377168951Srwatson case PRIV_VFS_LOOKUP: 2378168951Srwatson case PRIV_VFS_CHFLAGS_DEV: 2379168951Srwatson case PRIV_VFS_CHOWN: 2380168951Srwatson case PRIV_VFS_CHROOT: 2381168951Srwatson case PRIV_VFS_RETAINSUGID: 2382168951Srwatson case PRIV_VFS_EXCEEDQUOTA: 2383168951Srwatson case PRIV_VFS_FCHROOT: 2384168951Srwatson case PRIV_VFS_FHOPEN: 2385168951Srwatson case PRIV_VFS_FHSTATFS: 2386168951Srwatson case PRIV_VFS_GENERATION: 2387168951Srwatson case PRIV_VFS_GETFH: 2388168951Srwatson case PRIV_VFS_GETQUOTA: 2389168951Srwatson case PRIV_VFS_LINK: 2390168951Srwatson case PRIV_VFS_MOUNT: 2391168951Srwatson case PRIV_VFS_MOUNT_OWNER: 2392168951Srwatson case PRIV_VFS_MOUNT_PERM: 2393168951Srwatson case PRIV_VFS_MOUNT_SUIDDIR: 2394168951Srwatson case PRIV_VFS_MOUNT_NONUSER: 2395168951Srwatson case PRIV_VFS_SETGID: 2396168951Srwatson case PRIV_VFS_STICKYFILE: 2397168951Srwatson case PRIV_VFS_SYSFLAGS: 2398168951Srwatson case PRIV_VFS_UNMOUNT: 2399168951Srwatson 2400168951Srwatson /* 2401168951Srwatson * Allow VM privileges; it would be nice if these were subject to 2402168951Srwatson * resource limits. 2403168951Srwatson */ 2404168951Srwatson case PRIV_VM_MADV_PROTECT: 2405168951Srwatson case PRIV_VM_MLOCK: 2406168951Srwatson case PRIV_VM_MUNLOCK: 2407168951Srwatson 2408168951Srwatson /* 2409168951Srwatson * Allow some but not all network privileges. In general, dont allow 2410168951Srwatson * reconfiguring the network stack, just normal use. 2411168951Srwatson */ 2412168951Srwatson case PRIV_NETATALK_RESERVEDPORT: 2413168951Srwatson case PRIV_NETINET_RESERVEDPORT: 2414168951Srwatson case PRIV_NETINET_RAW: 2415168951Srwatson case PRIV_NETINET_REUSEPORT: 2416168951Srwatson case PRIV_NETIPX_RESERVEDPORT: 2417168951Srwatson case PRIV_NETIPX_RAW: 2418168951Srwatson break; 2419168951Srwatson 2420168951Srwatson /* 2421168951Srwatson * All remaining system privileges are allow only if the process 2422168951Srwatson * holds privilege with respect to the Biba policy. 2423168951Srwatson */ 2424168951Srwatson default: 2425168951Srwatson subj = SLOT(cred->cr_label); 2426168951Srwatson error = mac_biba_subject_privileged(subj); 2427168951Srwatson if (error) 2428168951Srwatson return (error); 2429168951Srwatson } 2430112574Srwatson return (0); 2431112574Srwatson} 2432112574Srwatson 2433112574Srwatsonstatic int 2434106418Srwatsonmac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, 2435168976Srwatson struct label *vplabel) 2436106418Srwatson{ 2437106418Srwatson struct mac_biba *subj, *obj; 2438106418Srwatson int error; 2439106418Srwatson 2440106418Srwatson if (!mac_biba_enabled) 2441106418Srwatson return (0); 2442106418Srwatson 2443122524Srwatson subj = SLOT(cred->cr_label); 2444106418Srwatson 2445106418Srwatson error = mac_biba_subject_privileged(subj); 2446106418Srwatson if (error) 2447106418Srwatson return (error); 2448106418Srwatson 2449168976Srwatson if (vplabel == NULL) 2450106418Srwatson return (0); 2451106418Srwatson 2452168976Srwatson obj = SLOT(vplabel); 2453132232Srwatson if (!mac_biba_high_effective(obj)) 2454106418Srwatson return (EACCES); 2455106418Srwatson 2456106418Srwatson return (0); 2457106418Srwatson} 2458106418Srwatson 2459106418Srwatsonstatic int 2460168933Srwatsonmac_biba_check_system_auditctl(struct ucred *cred, struct vnode *vp, 2461168933Srwatson struct label *vplabel) 2462168933Srwatson{ 2463168933Srwatson struct mac_biba *subj, *obj; 2464168933Srwatson int error; 2465168933Srwatson 2466168933Srwatson if (!mac_biba_enabled) 2467168933Srwatson return (0); 2468168933Srwatson 2469168933Srwatson subj = SLOT(cred->cr_label); 2470168933Srwatson 2471168933Srwatson error = mac_biba_subject_privileged(subj); 2472168933Srwatson if (error) 2473168933Srwatson return (error); 2474168933Srwatson 2475168933Srwatson if (vplabel == NULL) 2476168933Srwatson return (0); 2477168933Srwatson 2478168933Srwatson obj = SLOT(vplabel); 2479168933Srwatson if (!mac_biba_high_effective(obj)) 2480168933Srwatson return (EACCES); 2481168933Srwatson 2482168933Srwatson return (0); 2483168933Srwatson} 2484168933Srwatson 2485168933Srwatsonstatic int 2486168933Srwatsonmac_biba_check_system_auditon(struct ucred *cred, int cmd) 2487168933Srwatson{ 2488168933Srwatson struct mac_biba *subj; 2489168933Srwatson int error; 2490168933Srwatson 2491168933Srwatson if (!mac_biba_enabled) 2492168933Srwatson return (0); 2493168933Srwatson 2494168933Srwatson subj = SLOT(cred->cr_label); 2495168933Srwatson 2496168933Srwatson error = mac_biba_subject_privileged(subj); 2497168933Srwatson if (error) 2498168933Srwatson return (error); 2499168933Srwatson 2500168933Srwatson return (0); 2501168933Srwatson} 2502168933Srwatson 2503168933Srwatsonstatic int 2504106161Srwatsonmac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, 2505168976Srwatson struct label *vplabel) 2506106161Srwatson{ 2507106161Srwatson struct mac_biba *subj, *obj; 2508106416Srwatson int error; 2509106161Srwatson 2510106161Srwatson if (!mac_biba_enabled) 2511106161Srwatson return (0); 2512106161Srwatson 2513122524Srwatson subj = SLOT(cred->cr_label); 2514168976Srwatson obj = SLOT(vplabel); 2515106161Srwatson 2516106416Srwatson error = mac_biba_subject_privileged(subj); 2517106416Srwatson if (error) 2518106416Srwatson return (error); 2519106161Srwatson 2520132232Srwatson if (!mac_biba_high_effective(obj)) 2521106161Srwatson return (EACCES); 2522106161Srwatson 2523106161Srwatson return (0); 2524106161Srwatson} 2525106161Srwatson 2526106161Srwatsonstatic int 2527112574Srwatsonmac_biba_check_system_swapoff(struct ucred *cred, struct vnode *vp, 2528112574Srwatson struct label *label) 2529112574Srwatson{ 2530166617Srwatson struct mac_biba *subj; 2531112574Srwatson int error; 2532112574Srwatson 2533112574Srwatson if (!mac_biba_enabled) 2534112574Srwatson return (0); 2535112574Srwatson 2536122524Srwatson subj = SLOT(cred->cr_label); 2537112574Srwatson 2538112574Srwatson error = mac_biba_subject_privileged(subj); 2539112574Srwatson if (error) 2540112574Srwatson return (error); 2541112574Srwatson 2542112574Srwatson return (0); 2543112574Srwatson} 2544112574Srwatson 2545112574Srwatsonstatic int 2546126121Spjdmac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2547126121Spjd void *arg1, int arg2, struct sysctl_req *req) 2548106161Srwatson{ 2549106161Srwatson struct mac_biba *subj; 2550106161Srwatson int error; 2551106161Srwatson 2552106161Srwatson if (!mac_biba_enabled) 2553106161Srwatson return (0); 2554106161Srwatson 2555122524Srwatson subj = SLOT(cred->cr_label); 2556106161Srwatson 2557106161Srwatson /* 2558126121Spjd * Treat sysctl variables without CTLFLAG_ANYBODY flag as 2559126121Spjd * biba/high, but also require privilege to change them. 2560106161Srwatson */ 2561126121Spjd if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2562106161Srwatson if (!mac_biba_subject_dominate_high(subj)) 2563106161Srwatson return (EACCES); 2564106161Srwatson 2565106161Srwatson error = mac_biba_subject_privileged(subj); 2566106161Srwatson if (error) 2567106161Srwatson return (error); 2568106161Srwatson } 2569106161Srwatson 2570106161Srwatson return (0); 2571106161Srwatson} 2572106161Srwatson 2573106161Srwatsonstatic int 2574101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 2575168976Srwatson struct label *dvplabel) 2576101099Srwatson{ 2577101099Srwatson struct mac_biba *subj, *obj; 2578101099Srwatson 2579101099Srwatson if (!mac_biba_enabled) 2580101099Srwatson return (0); 2581101099Srwatson 2582122524Srwatson subj = SLOT(cred->cr_label); 2583168976Srwatson obj = SLOT(dvplabel); 2584101099Srwatson 2585132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2586101099Srwatson return (EACCES); 2587101099Srwatson 2588101099Srwatson return (0); 2589101099Srwatson} 2590101099Srwatson 2591101099Srwatsonstatic int 2592101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 2593168976Srwatson struct label *dvplabel) 2594101099Srwatson{ 2595101099Srwatson struct mac_biba *subj, *obj; 2596101099Srwatson 2597101099Srwatson if (!mac_biba_enabled) 2598101099Srwatson return (0); 2599101099Srwatson 2600122524Srwatson subj = SLOT(cred->cr_label); 2601168976Srwatson obj = SLOT(dvplabel); 2602101099Srwatson 2603132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2604101099Srwatson return (EACCES); 2605101099Srwatson 2606101099Srwatson return (0); 2607101099Srwatson} 2608101099Srwatson 2609101099Srwatsonstatic int 2610101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 2611168976Srwatson struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2612101099Srwatson{ 2613101099Srwatson struct mac_biba *subj, *obj; 2614101099Srwatson 2615101099Srwatson if (!mac_biba_enabled) 2616101099Srwatson return (0); 2617101099Srwatson 2618122524Srwatson subj = SLOT(cred->cr_label); 2619168976Srwatson obj = SLOT(dvplabel); 2620101099Srwatson 2621132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2622101099Srwatson return (EACCES); 2623101099Srwatson 2624101099Srwatson return (0); 2625101099Srwatson} 2626101099Srwatson 2627101099Srwatsonstatic int 2628101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 2629168976Srwatson struct label *vplabel, acl_type_t type) 2630101099Srwatson{ 2631101099Srwatson struct mac_biba *subj, *obj; 2632101099Srwatson 2633101099Srwatson if (!mac_biba_enabled) 2634101099Srwatson return (0); 2635101099Srwatson 2636122524Srwatson subj = SLOT(cred->cr_label); 2637168976Srwatson obj = SLOT(vplabel); 2638101099Srwatson 2639132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2640101099Srwatson return (EACCES); 2641101099Srwatson 2642101099Srwatson return (0); 2643101099Srwatson} 2644101099Srwatson 2645101099Srwatsonstatic int 2646119202Srwatsonmac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 2647168976Srwatson struct label *vplabel, int attrnamespace, const char *name) 2648119202Srwatson{ 2649119202Srwatson struct mac_biba *subj, *obj; 2650119202Srwatson 2651119202Srwatson if (!mac_biba_enabled) 2652119202Srwatson return (0); 2653119202Srwatson 2654122524Srwatson subj = SLOT(cred->cr_label); 2655168976Srwatson obj = SLOT(vplabel); 2656119202Srwatson 2657132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2658119202Srwatson return (EACCES); 2659119202Srwatson 2660119202Srwatson return (0); 2661119202Srwatson} 2662119202Srwatson 2663119202Srwatsonstatic int 2664101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 2665168976Srwatson struct label *vplabel, struct image_params *imgp, 2666106648Srwatson struct label *execlabel) 2667101099Srwatson{ 2668106648Srwatson struct mac_biba *subj, *obj, *exec; 2669106648Srwatson int error; 2670101099Srwatson 2671106648Srwatson if (execlabel != NULL) { 2672106648Srwatson /* 2673106648Srwatson * We currently don't permit labels to be changed at 2674106648Srwatson * exec-time as part of Biba, so disallow non-NULL 2675106648Srwatson * Biba label elements in the execlabel. 2676106648Srwatson */ 2677106648Srwatson exec = SLOT(execlabel); 2678106648Srwatson error = biba_atmostflags(exec, 0); 2679106648Srwatson if (error) 2680106648Srwatson return (error); 2681106648Srwatson } 2682106648Srwatson 2683101099Srwatson if (!mac_biba_enabled) 2684101099Srwatson return (0); 2685101099Srwatson 2686122524Srwatson subj = SLOT(cred->cr_label); 2687168976Srwatson obj = SLOT(vplabel); 2688101099Srwatson 2689132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2690101099Srwatson return (EACCES); 2691101099Srwatson 2692101099Srwatson return (0); 2693101099Srwatson} 2694101099Srwatson 2695101099Srwatsonstatic int 2696101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 2697168976Srwatson struct label *vplabel, acl_type_t type) 2698101099Srwatson{ 2699101099Srwatson struct mac_biba *subj, *obj; 2700101099Srwatson 2701101099Srwatson if (!mac_biba_enabled) 2702101099Srwatson return (0); 2703101099Srwatson 2704122524Srwatson subj = SLOT(cred->cr_label); 2705168976Srwatson obj = SLOT(vplabel); 2706101099Srwatson 2707132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2708101099Srwatson return (EACCES); 2709101099Srwatson 2710101099Srwatson return (0); 2711101099Srwatson} 2712101099Srwatson 2713101099Srwatsonstatic int 2714101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 2715168976Srwatson struct label *vplabel, int attrnamespace, const char *name, 2716168976Srwatson struct uio *uio) 2717101099Srwatson{ 2718101099Srwatson struct mac_biba *subj, *obj; 2719101099Srwatson 2720101099Srwatson if (!mac_biba_enabled) 2721101099Srwatson return (0); 2722101099Srwatson 2723122524Srwatson subj = SLOT(cred->cr_label); 2724168976Srwatson obj = SLOT(vplabel); 2725101099Srwatson 2726132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2727101099Srwatson return (EACCES); 2728101099Srwatson 2729101099Srwatson return (0); 2730101099Srwatson} 2731101099Srwatson 2732101099Srwatsonstatic int 2733104530Srwatsonmac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, 2734168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2735104530Srwatson struct componentname *cnp) 2736104530Srwatson{ 2737104530Srwatson struct mac_biba *subj, *obj; 2738104530Srwatson 2739104530Srwatson if (!mac_biba_enabled) 2740104530Srwatson return (0); 2741104530Srwatson 2742122524Srwatson subj = SLOT(cred->cr_label); 2743168976Srwatson obj = SLOT(dvplabel); 2744104530Srwatson 2745132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2746104530Srwatson return (EACCES); 2747104530Srwatson 2748168976Srwatson obj = SLOT(vplabel); 2749104530Srwatson 2750132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2751104530Srwatson return (EACCES); 2752104530Srwatson 2753104530Srwatson return (0); 2754104530Srwatson} 2755104530Srwatson 2756104530Srwatsonstatic int 2757119202Srwatsonmac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 2758168976Srwatson struct label *vplabel, int attrnamespace) 2759119202Srwatson{ 2760119202Srwatson struct mac_biba *subj, *obj; 2761119202Srwatson 2762119202Srwatson if (!mac_biba_enabled) 2763119202Srwatson return (0); 2764119202Srwatson 2765122524Srwatson subj = SLOT(cred->cr_label); 2766168976Srwatson obj = SLOT(vplabel); 2767119202Srwatson 2768132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2769119202Srwatson return (EACCES); 2770119202Srwatson 2771119202Srwatson return (0); 2772119202Srwatson} 2773119202Srwatson 2774119202Srwatsonstatic int 2775103759Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2776168976Srwatson struct label *dvplabel, struct componentname *cnp) 2777101099Srwatson{ 2778101099Srwatson struct mac_biba *subj, *obj; 2779103759Srwatson 2780101099Srwatson if (!mac_biba_enabled) 2781101099Srwatson return (0); 2782103759Srwatson 2783122524Srwatson subj = SLOT(cred->cr_label); 2784168976Srwatson obj = SLOT(dvplabel); 2785103759Srwatson 2786132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2787101099Srwatson return (EACCES); 2788101099Srwatson 2789103759Srwatson return (0); 2790101099Srwatson} 2791101099Srwatson 2792101099Srwatsonstatic int 2793104546Srwatsonmac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2794168976Srwatson struct label *vplabel, int prot, int flags) 2795104546Srwatson{ 2796104546Srwatson struct mac_biba *subj, *obj; 2797104546Srwatson 2798104546Srwatson /* 2799104546Srwatson * Rely on the use of open()-time protections to handle 2800104546Srwatson * non-revocation cases. 2801104546Srwatson */ 2802105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2803104546Srwatson return (0); 2804104546Srwatson 2805122524Srwatson subj = SLOT(cred->cr_label); 2806168976Srwatson obj = SLOT(vplabel); 2807104546Srwatson 2808104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2809132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2810104546Srwatson return (EACCES); 2811104546Srwatson } 2812145076Scsjp if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 2813132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2814104546Srwatson return (EACCES); 2815104546Srwatson } 2816104546Srwatson 2817104569Srwatson return (0); 2818104546Srwatson} 2819104546Srwatson 2820104546Srwatsonstatic int 2821101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 2822168976Srwatson struct label *vplabel, int acc_mode) 2823101099Srwatson{ 2824101099Srwatson struct mac_biba *subj, *obj; 2825101099Srwatson 2826101099Srwatson if (!mac_biba_enabled) 2827101099Srwatson return (0); 2828101099Srwatson 2829122524Srwatson subj = SLOT(cred->cr_label); 2830168976Srwatson obj = SLOT(vplabel); 2831101099Srwatson 2832101099Srwatson /* XXX privilege override for admin? */ 2833101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 2834132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2835101099Srwatson return (EACCES); 2836101099Srwatson } 2837101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 2838132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2839101099Srwatson return (EACCES); 2840101099Srwatson } 2841101099Srwatson 2842101099Srwatson return (0); 2843101099Srwatson} 2844101099Srwatson 2845101099Srwatsonstatic int 2846102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2847168976Srwatson struct vnode *vp, struct label *vplabel) 2848102112Srwatson{ 2849102112Srwatson struct mac_biba *subj, *obj; 2850102112Srwatson 2851105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2852102112Srwatson return (0); 2853102112Srwatson 2854122524Srwatson subj = SLOT(active_cred->cr_label); 2855168976Srwatson obj = SLOT(vplabel); 2856102112Srwatson 2857132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2858102112Srwatson return (EACCES); 2859102112Srwatson 2860102112Srwatson return (0); 2861102112Srwatson} 2862102112Srwatson 2863102112Srwatsonstatic int 2864102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2865168976Srwatson struct vnode *vp, struct label *vplabel) 2866102112Srwatson{ 2867102112Srwatson struct mac_biba *subj, *obj; 2868102112Srwatson 2869105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 2870102112Srwatson return (0); 2871102112Srwatson 2872122524Srwatson subj = SLOT(active_cred->cr_label); 2873168976Srwatson obj = SLOT(vplabel); 2874102112Srwatson 2875132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2876102112Srwatson return (EACCES); 2877102112Srwatson 2878102112Srwatson return (0); 2879102112Srwatson} 2880102112Srwatson 2881102112Srwatsonstatic int 2882101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2883168976Srwatson struct label *dvplabel) 2884101099Srwatson{ 2885101099Srwatson struct mac_biba *subj, *obj; 2886101099Srwatson 2887101099Srwatson if (!mac_biba_enabled) 2888101099Srwatson return (0); 2889101099Srwatson 2890122524Srwatson subj = SLOT(cred->cr_label); 2891168976Srwatson obj = SLOT(dvplabel); 2892101099Srwatson 2893132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2894101099Srwatson return (EACCES); 2895101099Srwatson 2896101099Srwatson return (0); 2897101099Srwatson} 2898101099Srwatson 2899101099Srwatsonstatic int 2900101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2901168976Srwatson struct label *vplabel) 2902101099Srwatson{ 2903101099Srwatson struct mac_biba *subj, *obj; 2904101099Srwatson 2905101099Srwatson if (!mac_biba_enabled) 2906101099Srwatson return (0); 2907101099Srwatson 2908122524Srwatson subj = SLOT(cred->cr_label); 2909168976Srwatson obj = SLOT(vplabel); 2910101099Srwatson 2911132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 2912101099Srwatson return (EACCES); 2913101099Srwatson 2914101099Srwatson return (0); 2915101099Srwatson} 2916101099Srwatson 2917101099Srwatsonstatic int 2918101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2919168976Srwatson struct label *vplabel, struct label *newlabel) 2920101099Srwatson{ 2921101099Srwatson struct mac_biba *old, *new, *subj; 2922105634Srwatson int error; 2923101099Srwatson 2924168976Srwatson old = SLOT(vplabel); 2925101099Srwatson new = SLOT(newlabel); 2926122524Srwatson subj = SLOT(cred->cr_label); 2927101099Srwatson 2928101099Srwatson /* 2929105634Srwatson * If there is a Biba label update for the vnode, it must be a 2930132232Srwatson * effective label. 2931101099Srwatson */ 2932132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2933105634Srwatson if (error) 2934105634Srwatson return (error); 2935101099Srwatson 2936101099Srwatson /* 2937105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 2938105634Srwatson * authorize the relabel. 2939101099Srwatson */ 2940132232Srwatson if (!mac_biba_effective_in_range(old, subj)) 2941101099Srwatson return (EPERM); 2942101099Srwatson 2943101099Srwatson /* 2944105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 2945101099Srwatson */ 2946132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2947105634Srwatson /* 2948105634Srwatson * To change the Biba label on a vnode, the new vnode label 2949105634Srwatson * must be in the subject range. 2950105634Srwatson */ 2951132232Srwatson if (!mac_biba_effective_in_range(new, subj)) 2952105634Srwatson return (EPERM); 2953101099Srwatson 2954105634Srwatson /* 2955105634Srwatson * To change the Biba label on the vnode to be EQUAL, 2956105634Srwatson * the subject must have appropriate privilege. 2957105634Srwatson */ 2958105634Srwatson if (mac_biba_contains_equal(new)) { 2959106090Srwatson error = mac_biba_subject_privileged(subj); 2960105634Srwatson if (error) 2961105634Srwatson return (error); 2962105634Srwatson } 2963105634Srwatson } 2964105634Srwatson 2965105634Srwatson return (0); 2966101099Srwatson} 2967101099Srwatson 2968101099Srwatsonstatic int 2969101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 2970168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2971101099Srwatson struct componentname *cnp) 2972101099Srwatson{ 2973101099Srwatson struct mac_biba *subj, *obj; 2974101099Srwatson 2975101099Srwatson if (!mac_biba_enabled) 2976101099Srwatson return (0); 2977101099Srwatson 2978122524Srwatson subj = SLOT(cred->cr_label); 2979168976Srwatson obj = SLOT(dvplabel); 2980101099Srwatson 2981132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2982101099Srwatson return (EACCES); 2983101099Srwatson 2984168976Srwatson obj = SLOT(vplabel); 2985101099Srwatson 2986132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 2987101099Srwatson return (EACCES); 2988101099Srwatson 2989101099Srwatson return (0); 2990101099Srwatson} 2991101099Srwatson 2992101099Srwatsonstatic int 2993101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2994168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2995168976Srwatson int samedir, struct componentname *cnp) 2996101099Srwatson{ 2997101099Srwatson struct mac_biba *subj, *obj; 2998101099Srwatson 2999101099Srwatson if (!mac_biba_enabled) 3000101099Srwatson return (0); 3001101099Srwatson 3002122524Srwatson subj = SLOT(cred->cr_label); 3003168976Srwatson obj = SLOT(dvplabel); 3004101099Srwatson 3005132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3006101099Srwatson return (EACCES); 3007101099Srwatson 3008101099Srwatson if (vp != NULL) { 3009168976Srwatson obj = SLOT(vplabel); 3010101099Srwatson 3011132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3012101099Srwatson return (EACCES); 3013101099Srwatson } 3014101099Srwatson 3015101099Srwatson return (0); 3016101099Srwatson} 3017101099Srwatson 3018101099Srwatsonstatic int 3019101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 3020168976Srwatson struct label *vplabel) 3021101099Srwatson{ 3022101099Srwatson struct mac_biba *subj, *obj; 3023101099Srwatson 3024101099Srwatson if (!mac_biba_enabled) 3025101099Srwatson return (0); 3026101099Srwatson 3027122524Srwatson subj = SLOT(cred->cr_label); 3028168976Srwatson obj = SLOT(vplabel); 3029101099Srwatson 3030132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3031101099Srwatson return (EACCES); 3032101099Srwatson 3033101099Srwatson return (0); 3034101099Srwatson} 3035101099Srwatson 3036101099Srwatsonstatic int 3037101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 3038168976Srwatson struct label *vplabel, acl_type_t type, struct acl *acl) 3039101099Srwatson{ 3040101099Srwatson struct mac_biba *subj, *obj; 3041101099Srwatson 3042101099Srwatson if (!mac_biba_enabled) 3043101099Srwatson return (0); 3044101099Srwatson 3045122524Srwatson subj = SLOT(cred->cr_label); 3046168976Srwatson obj = SLOT(vplabel); 3047101099Srwatson 3048132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3049101099Srwatson return (EACCES); 3050101099Srwatson 3051101099Srwatson return (0); 3052101099Srwatson} 3053101099Srwatson 3054101099Srwatsonstatic int 3055101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 3056168976Srwatson struct label *vplabel, int attrnamespace, const char *name, 3057101099Srwatson struct uio *uio) 3058101099Srwatson{ 3059101099Srwatson struct mac_biba *subj, *obj; 3060101099Srwatson 3061101099Srwatson if (!mac_biba_enabled) 3062101099Srwatson return (0); 3063101099Srwatson 3064122524Srwatson subj = SLOT(cred->cr_label); 3065168976Srwatson obj = SLOT(vplabel); 3066101099Srwatson 3067132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3068101099Srwatson return (EACCES); 3069101099Srwatson 3070101099Srwatson /* XXX: protect the MAC EA in a special way? */ 3071101099Srwatson 3072101099Srwatson return (0); 3073101099Srwatson} 3074101099Srwatson 3075101099Srwatsonstatic int 3076101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 3077168976Srwatson struct label *vplabel, u_long flags) 3078101099Srwatson{ 3079101099Srwatson struct mac_biba *subj, *obj; 3080101099Srwatson 3081101099Srwatson if (!mac_biba_enabled) 3082101099Srwatson return (0); 3083101099Srwatson 3084122524Srwatson subj = SLOT(cred->cr_label); 3085168976Srwatson obj = SLOT(vplabel); 3086101099Srwatson 3087132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3088101099Srwatson return (EACCES); 3089101099Srwatson 3090101099Srwatson return (0); 3091101099Srwatson} 3092101099Srwatson 3093101099Srwatsonstatic int 3094101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 3095168976Srwatson struct label *vplabel, mode_t mode) 3096101099Srwatson{ 3097101099Srwatson struct mac_biba *subj, *obj; 3098101099Srwatson 3099101099Srwatson if (!mac_biba_enabled) 3100101099Srwatson return (0); 3101101099Srwatson 3102122524Srwatson subj = SLOT(cred->cr_label); 3103168976Srwatson obj = SLOT(vplabel); 3104101099Srwatson 3105132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3106101099Srwatson return (EACCES); 3107101099Srwatson 3108101099Srwatson return (0); 3109101099Srwatson} 3110101099Srwatson 3111101099Srwatsonstatic int 3112101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 3113168976Srwatson struct label *vplabel, uid_t uid, gid_t gid) 3114101099Srwatson{ 3115101099Srwatson struct mac_biba *subj, *obj; 3116101099Srwatson 3117101099Srwatson if (!mac_biba_enabled) 3118101099Srwatson return (0); 3119101099Srwatson 3120122524Srwatson subj = SLOT(cred->cr_label); 3121168976Srwatson obj = SLOT(vplabel); 3122101099Srwatson 3123132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3124101099Srwatson return (EACCES); 3125101099Srwatson 3126101099Srwatson return (0); 3127101099Srwatson} 3128101099Srwatson 3129101099Srwatsonstatic int 3130101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 3131168976Srwatson struct label *vplabel, struct timespec atime, struct timespec mtime) 3132101099Srwatson{ 3133101099Srwatson struct mac_biba *subj, *obj; 3134101099Srwatson 3135101099Srwatson if (!mac_biba_enabled) 3136101099Srwatson return (0); 3137101099Srwatson 3138122524Srwatson subj = SLOT(cred->cr_label); 3139168976Srwatson obj = SLOT(vplabel); 3140101099Srwatson 3141132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3142101099Srwatson return (EACCES); 3143101099Srwatson 3144101099Srwatson return (0); 3145101099Srwatson} 3146101099Srwatson 3147101099Srwatsonstatic int 3148102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 3149168976Srwatson struct vnode *vp, struct label *vplabel) 3150101099Srwatson{ 3151101099Srwatson struct mac_biba *subj, *obj; 3152101099Srwatson 3153101099Srwatson if (!mac_biba_enabled) 3154101099Srwatson return (0); 3155101099Srwatson 3156122524Srwatson subj = SLOT(active_cred->cr_label); 3157168976Srwatson obj = SLOT(vplabel); 3158101099Srwatson 3159132232Srwatson if (!mac_biba_dominate_effective(obj, subj)) 3160101099Srwatson return (EACCES); 3161101099Srwatson 3162101099Srwatson return (0); 3163101099Srwatson} 3164101099Srwatson 3165102112Srwatsonstatic int 3166172107Srwatsonmac_biba_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, 3167172107Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3168172107Srwatson struct componentname *cnp) 3169172107Srwatson{ 3170172107Srwatson struct mac_biba *subj, *obj; 3171172107Srwatson 3172172107Srwatson if (!mac_biba_enabled) 3173172107Srwatson return (0); 3174172107Srwatson 3175172107Srwatson subj = SLOT(cred->cr_label); 3176172107Srwatson obj = SLOT(dvplabel); 3177172107Srwatson 3178172107Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3179172107Srwatson return (EACCES); 3180172107Srwatson 3181172107Srwatson obj = SLOT(vplabel); 3182172107Srwatson 3183172107Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3184172107Srwatson return (EACCES); 3185172107Srwatson 3186172107Srwatson return (0); 3187172107Srwatson} 3188172107Srwatson 3189172107Srwatsonstatic int 3190102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 3191168976Srwatson struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3192102112Srwatson{ 3193102112Srwatson struct mac_biba *subj, *obj; 3194102112Srwatson 3195105637Srwatson if (!mac_biba_enabled || !revocation_enabled) 3196102112Srwatson return (0); 3197102112Srwatson 3198122524Srwatson subj = SLOT(active_cred->cr_label); 3199168976Srwatson obj = SLOT(vplabel); 3200102112Srwatson 3201132232Srwatson if (!mac_biba_dominate_effective(subj, obj)) 3202102112Srwatson return (EACCES); 3203102112Srwatson 3204102112Srwatson return (0); 3205102112Srwatson} 3206102112Srwatson 3207161026Srwatsonstatic void 3208160243Scsjpmac_biba_associate_nfsd_label(struct ucred *cred) 3209160243Scsjp{ 3210160243Scsjp struct mac_biba *label; 3211160243Scsjp 3212160243Scsjp label = SLOT(cred->cr_label); 3213160243Scsjp mac_biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 3214160243Scsjp mac_biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, 3215160243Scsjp MAC_BIBA_TYPE_HIGH, 0, NULL); 3216160243Scsjp} 3217160243Scsjp 3218165150Scsjpstatic void 3219165150Scsjpmac_biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) 3220165150Scsjp{ 3221165150Scsjp struct mac_biba *source, *dest; 3222165150Scsjp 3223165150Scsjp source = SLOT(inp->inp_label); 3224165150Scsjp dest = SLOT(label); 3225165150Scsjp mac_biba_copy_effective(source, dest); 3226165150Scsjp} 3227165150Scsjp 3228165150Scsjpstatic void 3229165150Scsjpmac_biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, 3230168976Srwatson struct label *mlabel) 3231165150Scsjp{ 3232165150Scsjp struct mac_biba *source, *dest; 3233165150Scsjp 3234165150Scsjp source = SLOT(sc_label); 3235168976Srwatson dest = SLOT(mlabel); 3236165150Scsjp mac_biba_copy_effective(source, dest); 3237165150Scsjp} 3238165150Scsjp 3239106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 3240101099Srwatson{ 3241106217Srwatson .mpo_init = mac_biba_init, 3242106217Srwatson .mpo_init_bpfdesc_label = mac_biba_init_label, 3243106217Srwatson .mpo_init_cred_label = mac_biba_init_label, 3244168977Srwatson .mpo_init_devfs_label = mac_biba_init_label, 3245106217Srwatson .mpo_init_ifnet_label = mac_biba_init_label, 3246122875Srwatson .mpo_init_inpcb_label = mac_biba_init_label_waitcheck, 3247165150Scsjp .mpo_init_syncache_label = mac_biba_init_label_waitcheck, 3248140628Srwatson .mpo_init_sysv_msgmsg_label = mac_biba_init_label, 3249140628Srwatson .mpo_init_sysv_msgqueue_label = mac_biba_init_label, 3250147091Srwatson .mpo_init_sysv_sem_label = mac_biba_init_label, 3251140628Srwatson .mpo_init_sysv_shm_label = mac_biba_init_label, 3252112675Srwatson .mpo_init_ipq_label = mac_biba_init_label_waitcheck, 3253106217Srwatson .mpo_init_mbuf_label = mac_biba_init_label_waitcheck, 3254106217Srwatson .mpo_init_mount_label = mac_biba_init_label, 3255106217Srwatson .mpo_init_pipe_label = mac_biba_init_label, 3256145855Srwatson .mpo_init_posix_sem_label = mac_biba_init_label, 3257106217Srwatson .mpo_init_socket_label = mac_biba_init_label_waitcheck, 3258106217Srwatson .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, 3259165150Scsjp .mpo_init_syncache_from_inpcb = mac_biba_init_syncache_from_inpcb, 3260106217Srwatson .mpo_init_vnode_label = mac_biba_init_label, 3261106217Srwatson .mpo_destroy_bpfdesc_label = mac_biba_destroy_label, 3262106217Srwatson .mpo_destroy_cred_label = mac_biba_destroy_label, 3263168977Srwatson .mpo_destroy_devfs_label = mac_biba_destroy_label, 3264106217Srwatson .mpo_destroy_ifnet_label = mac_biba_destroy_label, 3265122875Srwatson .mpo_destroy_inpcb_label = mac_biba_destroy_label, 3266165150Scsjp .mpo_destroy_syncache_label = mac_biba_destroy_label, 3267140628Srwatson .mpo_destroy_sysv_msgmsg_label = mac_biba_destroy_label, 3268140628Srwatson .mpo_destroy_sysv_msgqueue_label = mac_biba_destroy_label, 3269147091Srwatson .mpo_destroy_sysv_sem_label = mac_biba_destroy_label, 3270140628Srwatson .mpo_destroy_sysv_shm_label = mac_biba_destroy_label, 3271106217Srwatson .mpo_destroy_ipq_label = mac_biba_destroy_label, 3272106217Srwatson .mpo_destroy_mbuf_label = mac_biba_destroy_label, 3273106217Srwatson .mpo_destroy_mount_label = mac_biba_destroy_label, 3274106217Srwatson .mpo_destroy_pipe_label = mac_biba_destroy_label, 3275145855Srwatson .mpo_destroy_posix_sem_label = mac_biba_destroy_label, 3276106217Srwatson .mpo_destroy_socket_label = mac_biba_destroy_label, 3277106217Srwatson .mpo_destroy_socket_peer_label = mac_biba_destroy_label, 3278106217Srwatson .mpo_destroy_vnode_label = mac_biba_destroy_label, 3279123173Srwatson .mpo_copy_cred_label = mac_biba_copy_label, 3280131025Srwatson .mpo_copy_ifnet_label = mac_biba_copy_label, 3281115707Srwatson .mpo_copy_mbuf_label = mac_biba_copy_label, 3282106217Srwatson .mpo_copy_pipe_label = mac_biba_copy_label, 3283122820Srwatson .mpo_copy_socket_label = mac_biba_copy_label, 3284106217Srwatson .mpo_copy_vnode_label = mac_biba_copy_label, 3285106217Srwatson .mpo_externalize_cred_label = mac_biba_externalize_label, 3286106217Srwatson .mpo_externalize_ifnet_label = mac_biba_externalize_label, 3287106217Srwatson .mpo_externalize_pipe_label = mac_biba_externalize_label, 3288106217Srwatson .mpo_externalize_socket_label = mac_biba_externalize_label, 3289106217Srwatson .mpo_externalize_socket_peer_label = mac_biba_externalize_label, 3290106217Srwatson .mpo_externalize_vnode_label = mac_biba_externalize_label, 3291106217Srwatson .mpo_internalize_cred_label = mac_biba_internalize_label, 3292106217Srwatson .mpo_internalize_ifnet_label = mac_biba_internalize_label, 3293106217Srwatson .mpo_internalize_pipe_label = mac_biba_internalize_label, 3294106217Srwatson .mpo_internalize_socket_label = mac_biba_internalize_label, 3295106217Srwatson .mpo_internalize_vnode_label = mac_biba_internalize_label, 3296106217Srwatson .mpo_create_devfs_device = mac_biba_create_devfs_device, 3297106217Srwatson .mpo_create_devfs_directory = mac_biba_create_devfs_directory, 3298106217Srwatson .mpo_create_devfs_symlink = mac_biba_create_devfs_symlink, 3299106217Srwatson .mpo_create_mount = mac_biba_create_mount, 3300106217Srwatson .mpo_relabel_vnode = mac_biba_relabel_vnode, 3301168977Srwatson .mpo_update_devfs = mac_biba_update_devfs, 3302106217Srwatson .mpo_associate_vnode_devfs = mac_biba_associate_vnode_devfs, 3303106217Srwatson .mpo_associate_vnode_extattr = mac_biba_associate_vnode_extattr, 3304106217Srwatson .mpo_associate_vnode_singlelabel = mac_biba_associate_vnode_singlelabel, 3305106217Srwatson .mpo_create_vnode_extattr = mac_biba_create_vnode_extattr, 3306106217Srwatson .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, 3307106217Srwatson .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, 3308165150Scsjp .mpo_create_mbuf_from_syncache = mac_biba_create_mbuf_from_syncache, 3309106217Srwatson .mpo_create_pipe = mac_biba_create_pipe, 3310145855Srwatson .mpo_create_posix_sem = mac_biba_create_posix_sem, 3311106217Srwatson .mpo_create_socket = mac_biba_create_socket, 3312106217Srwatson .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, 3313106217Srwatson .mpo_relabel_pipe = mac_biba_relabel_pipe, 3314106217Srwatson .mpo_relabel_socket = mac_biba_relabel_socket, 3315106217Srwatson .mpo_set_socket_peer_from_mbuf = mac_biba_set_socket_peer_from_mbuf, 3316106217Srwatson .mpo_set_socket_peer_from_socket = mac_biba_set_socket_peer_from_socket, 3317106217Srwatson .mpo_create_bpfdesc = mac_biba_create_bpfdesc, 3318106217Srwatson .mpo_create_datagram_from_ipq = mac_biba_create_datagram_from_ipq, 3319106217Srwatson .mpo_create_fragment = mac_biba_create_fragment, 3320106217Srwatson .mpo_create_ifnet = mac_biba_create_ifnet, 3321122875Srwatson .mpo_create_inpcb_from_socket = mac_biba_create_inpcb_from_socket, 3322140628Srwatson .mpo_create_sysv_msgmsg = mac_biba_create_sysv_msgmsg, 3323140628Srwatson .mpo_create_sysv_msgqueue = mac_biba_create_sysv_msgqueue, 3324147091Srwatson .mpo_create_sysv_sem = mac_biba_create_sysv_sem, 3325140628Srwatson .mpo_create_sysv_shm = mac_biba_create_sysv_shm, 3326106217Srwatson .mpo_create_ipq = mac_biba_create_ipq, 3327123607Srwatson .mpo_create_mbuf_from_inpcb = mac_biba_create_mbuf_from_inpcb, 3328106217Srwatson .mpo_create_mbuf_linklayer = mac_biba_create_mbuf_linklayer, 3329106217Srwatson .mpo_create_mbuf_from_bpfdesc = mac_biba_create_mbuf_from_bpfdesc, 3330106217Srwatson .mpo_create_mbuf_from_ifnet = mac_biba_create_mbuf_from_ifnet, 3331106217Srwatson .mpo_create_mbuf_multicast_encap = mac_biba_create_mbuf_multicast_encap, 3332106217Srwatson .mpo_create_mbuf_netlayer = mac_biba_create_mbuf_netlayer, 3333106217Srwatson .mpo_fragment_match = mac_biba_fragment_match, 3334106217Srwatson .mpo_relabel_ifnet = mac_biba_relabel_ifnet, 3335106217Srwatson .mpo_update_ipq = mac_biba_update_ipq, 3336122875Srwatson .mpo_inpcb_sosetlabel = mac_biba_inpcb_sosetlabel, 3337106217Srwatson .mpo_create_proc0 = mac_biba_create_proc0, 3338106217Srwatson .mpo_create_proc1 = mac_biba_create_proc1, 3339106217Srwatson .mpo_relabel_cred = mac_biba_relabel_cred, 3340140628Srwatson .mpo_cleanup_sysv_msgmsg = mac_biba_cleanup_sysv_msgmsg, 3341140628Srwatson .mpo_cleanup_sysv_msgqueue = mac_biba_cleanup_sysv_msgqueue, 3342147091Srwatson .mpo_cleanup_sysv_sem = mac_biba_cleanup_sysv_sem, 3343140628Srwatson .mpo_cleanup_sysv_shm = mac_biba_cleanup_sysv_shm, 3344106217Srwatson .mpo_check_bpfdesc_receive = mac_biba_check_bpfdesc_receive, 3345106217Srwatson .mpo_check_cred_relabel = mac_biba_check_cred_relabel, 3346106217Srwatson .mpo_check_cred_visible = mac_biba_check_cred_visible, 3347106217Srwatson .mpo_check_ifnet_relabel = mac_biba_check_ifnet_relabel, 3348106217Srwatson .mpo_check_ifnet_transmit = mac_biba_check_ifnet_transmit, 3349122875Srwatson .mpo_check_inpcb_deliver = mac_biba_check_inpcb_deliver, 3350140628Srwatson .mpo_check_sysv_msgrcv = mac_biba_check_sysv_msgrcv, 3351140628Srwatson .mpo_check_sysv_msgrmid = mac_biba_check_sysv_msgrmid, 3352140628Srwatson .mpo_check_sysv_msqget = mac_biba_check_sysv_msqget, 3353140628Srwatson .mpo_check_sysv_msqsnd = mac_biba_check_sysv_msqsnd, 3354140628Srwatson .mpo_check_sysv_msqrcv = mac_biba_check_sysv_msqrcv, 3355140628Srwatson .mpo_check_sysv_msqctl = mac_biba_check_sysv_msqctl, 3356140628Srwatson .mpo_check_sysv_semctl = mac_biba_check_sysv_semctl, 3357140628Srwatson .mpo_check_sysv_semget = mac_biba_check_sysv_semget, 3358140628Srwatson .mpo_check_sysv_semop = mac_biba_check_sysv_semop, 3359140628Srwatson .mpo_check_sysv_shmat = mac_biba_check_sysv_shmat, 3360140628Srwatson .mpo_check_sysv_shmctl = mac_biba_check_sysv_shmctl, 3361140628Srwatson .mpo_check_sysv_shmget = mac_biba_check_sysv_shmget, 3362110354Srwatson .mpo_check_kld_load = mac_biba_check_kld_load, 3363106217Srwatson .mpo_check_mount_stat = mac_biba_check_mount_stat, 3364106217Srwatson .mpo_check_pipe_ioctl = mac_biba_check_pipe_ioctl, 3365106217Srwatson .mpo_check_pipe_poll = mac_biba_check_pipe_poll, 3366106217Srwatson .mpo_check_pipe_read = mac_biba_check_pipe_read, 3367106217Srwatson .mpo_check_pipe_relabel = mac_biba_check_pipe_relabel, 3368106217Srwatson .mpo_check_pipe_stat = mac_biba_check_pipe_stat, 3369106217Srwatson .mpo_check_pipe_write = mac_biba_check_pipe_write, 3370145855Srwatson .mpo_check_posix_sem_destroy = mac_biba_check_posix_sem_write, 3371145855Srwatson .mpo_check_posix_sem_getvalue = mac_biba_check_posix_sem_rdonly, 3372145855Srwatson .mpo_check_posix_sem_open = mac_biba_check_posix_sem_write, 3373145855Srwatson .mpo_check_posix_sem_post = mac_biba_check_posix_sem_write, 3374145855Srwatson .mpo_check_posix_sem_unlink = mac_biba_check_posix_sem_write, 3375145855Srwatson .mpo_check_posix_sem_wait = mac_biba_check_posix_sem_write, 3376106217Srwatson .mpo_check_proc_debug = mac_biba_check_proc_debug, 3377106217Srwatson .mpo_check_proc_sched = mac_biba_check_proc_sched, 3378106217Srwatson .mpo_check_proc_signal = mac_biba_check_proc_signal, 3379106217Srwatson .mpo_check_socket_deliver = mac_biba_check_socket_deliver, 3380106217Srwatson .mpo_check_socket_relabel = mac_biba_check_socket_relabel, 3381106217Srwatson .mpo_check_socket_visible = mac_biba_check_socket_visible, 3382106418Srwatson .mpo_check_system_acct = mac_biba_check_system_acct, 3383168933Srwatson .mpo_check_system_auditctl = mac_biba_check_system_auditctl, 3384168933Srwatson .mpo_check_system_auditon = mac_biba_check_system_auditon, 3385106217Srwatson .mpo_check_system_swapon = mac_biba_check_system_swapon, 3386112574Srwatson .mpo_check_system_swapoff = mac_biba_check_system_swapoff, 3387106217Srwatson .mpo_check_system_sysctl = mac_biba_check_system_sysctl, 3388106217Srwatson .mpo_check_vnode_access = mac_biba_check_vnode_open, 3389106217Srwatson .mpo_check_vnode_chdir = mac_biba_check_vnode_chdir, 3390106217Srwatson .mpo_check_vnode_chroot = mac_biba_check_vnode_chroot, 3391106217Srwatson .mpo_check_vnode_create = mac_biba_check_vnode_create, 3392106217Srwatson .mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl, 3393119202Srwatson .mpo_check_vnode_deleteextattr = mac_biba_check_vnode_deleteextattr, 3394106217Srwatson .mpo_check_vnode_exec = mac_biba_check_vnode_exec, 3395106217Srwatson .mpo_check_vnode_getacl = mac_biba_check_vnode_getacl, 3396106217Srwatson .mpo_check_vnode_getextattr = mac_biba_check_vnode_getextattr, 3397106217Srwatson .mpo_check_vnode_link = mac_biba_check_vnode_link, 3398119202Srwatson .mpo_check_vnode_listextattr = mac_biba_check_vnode_listextattr, 3399106217Srwatson .mpo_check_vnode_lookup = mac_biba_check_vnode_lookup, 3400106217Srwatson .mpo_check_vnode_mmap = mac_biba_check_vnode_mmap, 3401106217Srwatson .mpo_check_vnode_open = mac_biba_check_vnode_open, 3402106217Srwatson .mpo_check_vnode_poll = mac_biba_check_vnode_poll, 3403106217Srwatson .mpo_check_vnode_read = mac_biba_check_vnode_read, 3404106217Srwatson .mpo_check_vnode_readdir = mac_biba_check_vnode_readdir, 3405106217Srwatson .mpo_check_vnode_readlink = mac_biba_check_vnode_readlink, 3406106217Srwatson .mpo_check_vnode_relabel = mac_biba_check_vnode_relabel, 3407106217Srwatson .mpo_check_vnode_rename_from = mac_biba_check_vnode_rename_from, 3408106217Srwatson .mpo_check_vnode_rename_to = mac_biba_check_vnode_rename_to, 3409106217Srwatson .mpo_check_vnode_revoke = mac_biba_check_vnode_revoke, 3410106217Srwatson .mpo_check_vnode_setacl = mac_biba_check_vnode_setacl, 3411106217Srwatson .mpo_check_vnode_setextattr = mac_biba_check_vnode_setextattr, 3412106217Srwatson .mpo_check_vnode_setflags = mac_biba_check_vnode_setflags, 3413106217Srwatson .mpo_check_vnode_setmode = mac_biba_check_vnode_setmode, 3414106217Srwatson .mpo_check_vnode_setowner = mac_biba_check_vnode_setowner, 3415106217Srwatson .mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes, 3416106217Srwatson .mpo_check_vnode_stat = mac_biba_check_vnode_stat, 3417172107Srwatson .mpo_check_vnode_unlink = mac_biba_check_vnode_unlink, 3418106217Srwatson .mpo_check_vnode_write = mac_biba_check_vnode_write, 3419160243Scsjp .mpo_associate_nfsd_label = mac_biba_associate_nfsd_label, 3420162238Scsjp .mpo_create_mbuf_from_firewall = mac_biba_create_mbuf_from_firewall, 3421168951Srwatson .mpo_priv_check = mac_biba_priv_check, 3422101099Srwatson}; 3423101099Srwatson 3424112717SrwatsonMAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3425113531Srwatson MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mac_biba_slot); 3426