mac_biba.c revision 184308
1101099Srwatson/*- 2184308Srwatson * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson 3140628Srwatson * Copyright (c) 2001-2005 McAfee, Inc. 4172930Srwatson * Copyright (c) 2006 SPARTA, Inc. 5101099Srwatson * All rights reserved. 6101099Srwatson * 7101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8101099Srwatson * 9140628Srwatson * This software was developed for the FreeBSD Project in part by McAfee 10140628Srwatson * Research, the Security Research Division of McAfee, Inc. under 11140628Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12140628Srwatson * CHATS research program. 13101099Srwatson * 14172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 15172930Srwatson * N66001-04-C-6019 ("SEFOS"). 16172930Srwatson * 17101099Srwatson * Redistribution and use in source and binary forms, with or without 18101099Srwatson * modification, are permitted provided that the following conditions 19101099Srwatson * are met: 20101099Srwatson * 1. Redistributions of source code must retain the above copyright 21101099Srwatson * notice, this list of conditions and the following disclaimer. 22101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 23101099Srwatson * notice, this list of conditions and the following disclaimer in the 24101099Srwatson * documentation and/or other materials provided with the distribution. 25101099Srwatson * 26101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36101099Srwatson * SUCH DAMAGE. 37101099Srwatson * 38101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 184308 2008-10-26 22:46:37Z rwatson $ 39101099Srwatson */ 40101099Srwatson 41101099Srwatson/* 42101099Srwatson * Developed by the TrustedBSD Project. 43168951Srwatson * 44101099Srwatson * Biba fixed label mandatory integrity policy. 45101099Srwatson */ 46101099Srwatson 47101099Srwatson#include <sys/param.h> 48101099Srwatson#include <sys/conf.h> 49105988Srwatson#include <sys/extattr.h> 50101099Srwatson#include <sys/kernel.h> 51164184Strhodes#include <sys/ksem.h> 52103183Sbde#include <sys/malloc.h> 53145076Scsjp#include <sys/mman.h> 54101099Srwatson#include <sys/mount.h> 55168951Srwatson#include <sys/priv.h> 56101099Srwatson#include <sys/proc.h> 57115497Srwatson#include <sys/sbuf.h> 58101099Srwatson#include <sys/systm.h> 59101099Srwatson#include <sys/sysproto.h> 60101099Srwatson#include <sys/sysent.h> 61105696Srwatson#include <sys/systm.h> 62101099Srwatson#include <sys/vnode.h> 63101099Srwatson#include <sys/file.h> 64101099Srwatson#include <sys/socket.h> 65101099Srwatson#include <sys/socketvar.h> 66101099Srwatson#include <sys/pipe.h> 67150340Sphk#include <sys/sx.h> 68101099Srwatson#include <sys/sysctl.h> 69140628Srwatson#include <sys/msg.h> 70140628Srwatson#include <sys/sem.h> 71140628Srwatson#include <sys/shm.h> 72101099Srwatson 73101099Srwatson#include <fs/devfs/devfs.h> 74101099Srwatson 75101099Srwatson#include <net/bpfdesc.h> 76101099Srwatson#include <net/if.h> 77101099Srwatson#include <net/if_types.h> 78101099Srwatson#include <net/if_var.h> 79101099Srwatson 80101099Srwatson#include <netinet/in.h> 81122875Srwatson#include <netinet/in_pcb.h> 82101099Srwatson#include <netinet/ip_var.h> 83101099Srwatson 84122879Srwatson#include <vm/uma.h> 85101099Srwatson#include <vm/vm.h> 86101099Srwatson 87165469Srwatson#include <security/mac/mac_policy.h> 88101099Srwatson#include <security/mac_biba/mac_biba.h> 89101099Srwatson 90101099SrwatsonSYSCTL_DECL(_security_mac); 91101099Srwatson 92101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 93101099Srwatson "TrustedBSD mac_biba policy controls"); 94101099Srwatson 95172955Srwatsonstatic int biba_label_size = sizeof(struct mac_biba); 96105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 97172955Srwatson &biba_label_size, 0, "Size of struct mac_biba"); 98105988Srwatson 99172955Srwatsonstatic int biba_enabled = 1; 100172955SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled, 101172955Srwatson 0, "Enforce MAC/Biba policy"); 102172955SrwatsonTUNABLE_INT("security.mac.biba.enabled", &biba_enabled); 103101099Srwatson 104101099Srwatsonstatic int destroyed_not_inited; 105101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 106101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 107101099Srwatson 108101099Srwatsonstatic int trust_all_interfaces = 0; 109101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 110101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 111101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 112101099Srwatson 113101099Srwatsonstatic char trusted_interfaces[128]; 114101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 115101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 116101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 117101099Srwatson sizeof(trusted_interfaces)); 118101099Srwatson 119105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 120105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 121105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 122105643Srwatson 123105606Srwatsonstatic int ptys_equal = 0; 124181217SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 125181217Srwatson 0, "Label pty devices as biba/equal on create"); 126105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 127105606Srwatson 128153927Scsjpstatic int interfaces_equal; 129153927ScsjpSYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, 130153927Scsjp &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); 131153927ScsjpTUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal); 132153927Scsjp 133105637Srwatsonstatic int revocation_enabled = 0; 134101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 135105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 136105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 137101099Srwatson 138172955Srwatsonstatic int biba_slot; 139172955Srwatson#define SLOT(l) ((struct mac_biba *)mac_label_get((l), biba_slot)) 140172955Srwatson#define SLOT_SET(l, val) mac_label_set((l), biba_slot, (uintptr_t)(val)) 141101099Srwatson 142122879Srwatsonstatic uma_zone_t zone_biba; 143101099Srwatson 144105643Srwatsonstatic __inline int 145105643Srwatsonbiba_bit_set_empty(u_char *set) { 146105643Srwatson int i; 147105643Srwatson 148105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 149105643Srwatson if (set[i] != 0) 150105643Srwatson return (0); 151105643Srwatson return (1); 152105643Srwatson} 153105643Srwatson 154101099Srwatsonstatic struct mac_biba * 155104514Srwatsonbiba_alloc(int flag) 156101099Srwatson{ 157101099Srwatson 158122879Srwatson return (uma_zalloc(zone_biba, flag | M_ZERO)); 159101099Srwatson} 160101099Srwatson 161101099Srwatsonstatic void 162172955Srwatsonbiba_free(struct mac_biba *mb) 163101099Srwatson{ 164101099Srwatson 165172955Srwatson if (mb != NULL) 166172955Srwatson uma_zfree(zone_biba, mb); 167101099Srwatson else 168101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 169101099Srwatson} 170101099Srwatson 171101099Srwatsonstatic int 172172955Srwatsonbiba_atmostflags(struct mac_biba *mb, int flags) 173105634Srwatson{ 174105634Srwatson 175172955Srwatson if ((mb->mb_flags & flags) != mb->mb_flags) 176105634Srwatson return (EINVAL); 177105634Srwatson return (0); 178105634Srwatson} 179105634Srwatson 180105634Srwatsonstatic int 181172955Srwatsonbiba_dominate_element(struct mac_biba_element *a, struct mac_biba_element *b) 182101099Srwatson{ 183105643Srwatson int bit; 184101099Srwatson 185105736Srwatson switch (a->mbe_type) { 186101099Srwatson case MAC_BIBA_TYPE_EQUAL: 187101099Srwatson case MAC_BIBA_TYPE_HIGH: 188101099Srwatson return (1); 189101099Srwatson 190101099Srwatson case MAC_BIBA_TYPE_LOW: 191101099Srwatson switch (b->mbe_type) { 192101099Srwatson case MAC_BIBA_TYPE_GRADE: 193101099Srwatson case MAC_BIBA_TYPE_HIGH: 194101099Srwatson return (0); 195101099Srwatson 196101099Srwatson case MAC_BIBA_TYPE_EQUAL: 197101099Srwatson case MAC_BIBA_TYPE_LOW: 198101099Srwatson return (1); 199101099Srwatson 200101099Srwatson default: 201172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 202101099Srwatson } 203101099Srwatson 204101099Srwatson case MAC_BIBA_TYPE_GRADE: 205101099Srwatson switch (b->mbe_type) { 206101099Srwatson case MAC_BIBA_TYPE_EQUAL: 207101099Srwatson case MAC_BIBA_TYPE_LOW: 208101099Srwatson return (1); 209101099Srwatson 210101099Srwatson case MAC_BIBA_TYPE_HIGH: 211101099Srwatson return (0); 212101099Srwatson 213101099Srwatson case MAC_BIBA_TYPE_GRADE: 214105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 215105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 216105643Srwatson a->mbe_compartments) && 217105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 218105643Srwatson return (0); 219101099Srwatson return (a->mbe_grade >= b->mbe_grade); 220101099Srwatson 221101099Srwatson default: 222172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 223101099Srwatson } 224101099Srwatson 225101099Srwatson default: 226172955Srwatson panic("biba_dominate_element: a->mbe_type invalid"); 227101099Srwatson } 228101099Srwatson 229101099Srwatson return (0); 230101099Srwatson} 231101099Srwatson 232101099Srwatsonstatic int 233172955Srwatsonbiba_subject_dominate_high(struct mac_biba *mb) 234105988Srwatson{ 235105988Srwatson struct mac_biba_element *element; 236105988Srwatson 237172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 238172955Srwatson ("biba_effective_in_range: mb not effective")); 239172955Srwatson element = &mb->mb_effective; 240105988Srwatson 241105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 242105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 243105988Srwatson} 244105988Srwatson 245105988Srwatsonstatic int 246172955Srwatsonbiba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 247101099Srwatson{ 248101099Srwatson 249172955Srwatson return (biba_dominate_element(&rangeb->mb_rangehigh, 250101099Srwatson &rangea->mb_rangehigh) && 251172955Srwatson biba_dominate_element(&rangea->mb_rangelow, 252101099Srwatson &rangeb->mb_rangelow)); 253101099Srwatson} 254101099Srwatson 255101099Srwatsonstatic int 256172955Srwatsonbiba_effective_in_range(struct mac_biba *effective, struct mac_biba *range) 257101099Srwatson{ 258101099Srwatson 259132232Srwatson KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 260172955Srwatson ("biba_effective_in_range: a not effective")); 261103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 262172955Srwatson ("biba_effective_in_range: b not range")); 263101099Srwatson 264172955Srwatson return (biba_dominate_element(&range->mb_rangehigh, 265132232Srwatson &effective->mb_effective) && 266172955Srwatson biba_dominate_element(&effective->mb_effective, 267101099Srwatson &range->mb_rangelow)); 268101099Srwatson 269101099Srwatson return (1); 270101099Srwatson} 271101099Srwatson 272101099Srwatsonstatic int 273172955Srwatsonbiba_dominate_effective(struct mac_biba *a, struct mac_biba *b) 274101099Srwatson{ 275132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 276172955Srwatson ("biba_dominate_effective: a not effective")); 277132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 278172955Srwatson ("biba_dominate_effective: b not effective")); 279101099Srwatson 280172955Srwatson return (biba_dominate_element(&a->mb_effective, &b->mb_effective)); 281101099Srwatson} 282101099Srwatson 283101099Srwatsonstatic int 284172955Srwatsonbiba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 285101099Srwatson{ 286101099Srwatson 287101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 288101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 289101099Srwatson return (1); 290101099Srwatson 291101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 292101099Srwatson} 293101099Srwatson 294101099Srwatsonstatic int 295172955Srwatsonbiba_equal_effective(struct mac_biba *a, struct mac_biba *b) 296101099Srwatson{ 297101099Srwatson 298132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 299172955Srwatson ("biba_equal_effective: a not effective")); 300132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 301172955Srwatson ("biba_equal_effective: b not effective")); 302101099Srwatson 303172955Srwatson return (biba_equal_element(&a->mb_effective, &b->mb_effective)); 304101099Srwatson} 305101099Srwatson 306101099Srwatsonstatic int 307172955Srwatsonbiba_contains_equal(struct mac_biba *mb) 308105634Srwatson{ 309105634Srwatson 310172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 311172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 312105634Srwatson return (1); 313172955Srwatson } 314105634Srwatson 315172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 316172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 317105634Srwatson return (1); 318172955Srwatson if (mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 319105637Srwatson return (1); 320105634Srwatson } 321105634Srwatson 322105634Srwatson return (0); 323105634Srwatson} 324105634Srwatson 325105634Srwatsonstatic int 326172955Srwatsonbiba_subject_privileged(struct mac_biba *mb) 327105634Srwatson{ 328105634Srwatson 329172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH, 330172955Srwatson ("biba_subject_privileged: subject doesn't have both labels")); 331105634Srwatson 332132232Srwatson /* If the effective is EQUAL, it's ok. */ 333172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 334105634Srwatson return (0); 335105634Srwatson 336105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 337172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 338172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 339105634Srwatson return (0); 340105634Srwatson 341105634Srwatson /* If the range is low-high, it's ok. */ 342172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 343172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 344105634Srwatson return (0); 345105634Srwatson 346105634Srwatson /* It's not ok. */ 347105634Srwatson return (EPERM); 348105634Srwatson} 349105634Srwatson 350106091Srwatsonstatic int 351172955Srwatsonbiba_high_effective(struct mac_biba *mb) 352105988Srwatson{ 353105988Srwatson 354172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 355172955Srwatson ("biba_equal_effective: mb not effective")); 356105988Srwatson 357172955Srwatson return (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); 358105988Srwatson} 359105988Srwatson 360105634Srwatsonstatic int 361172955Srwatsonbiba_valid(struct mac_biba *mb) 362101099Srwatson{ 363101099Srwatson 364172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 365172955Srwatson switch (mb->mb_effective.mbe_type) { 366101099Srwatson case MAC_BIBA_TYPE_GRADE: 367101099Srwatson break; 368101099Srwatson 369101099Srwatson case MAC_BIBA_TYPE_EQUAL: 370101099Srwatson case MAC_BIBA_TYPE_HIGH: 371101099Srwatson case MAC_BIBA_TYPE_LOW: 372172955Srwatson if (mb->mb_effective.mbe_grade != 0 || 373105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 374172955Srwatson mb->mb_effective.mbe_compartments)) 375101099Srwatson return (EINVAL); 376101099Srwatson break; 377101099Srwatson 378101099Srwatson default: 379101099Srwatson return (EINVAL); 380101099Srwatson } 381101099Srwatson } else { 382172955Srwatson if (mb->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) 383101099Srwatson return (EINVAL); 384101099Srwatson } 385101099Srwatson 386172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 387172955Srwatson switch (mb->mb_rangelow.mbe_type) { 388101099Srwatson case MAC_BIBA_TYPE_GRADE: 389101099Srwatson break; 390101099Srwatson 391101099Srwatson case MAC_BIBA_TYPE_EQUAL: 392101099Srwatson case MAC_BIBA_TYPE_HIGH: 393101099Srwatson case MAC_BIBA_TYPE_LOW: 394172955Srwatson if (mb->mb_rangelow.mbe_grade != 0 || 395105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 396172955Srwatson mb->mb_rangelow.mbe_compartments)) 397101099Srwatson return (EINVAL); 398101099Srwatson break; 399101099Srwatson 400101099Srwatson default: 401101099Srwatson return (EINVAL); 402101099Srwatson } 403101099Srwatson 404172955Srwatson switch (mb->mb_rangehigh.mbe_type) { 405101099Srwatson case MAC_BIBA_TYPE_GRADE: 406101099Srwatson break; 407101099Srwatson 408101099Srwatson case MAC_BIBA_TYPE_EQUAL: 409101099Srwatson case MAC_BIBA_TYPE_HIGH: 410101099Srwatson case MAC_BIBA_TYPE_LOW: 411172955Srwatson if (mb->mb_rangehigh.mbe_grade != 0 || 412105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 413172955Srwatson mb->mb_rangehigh.mbe_compartments)) 414101099Srwatson return (EINVAL); 415101099Srwatson break; 416101099Srwatson 417101099Srwatson default: 418101099Srwatson return (EINVAL); 419101099Srwatson } 420172955Srwatson if (!biba_dominate_element(&mb->mb_rangehigh, 421172955Srwatson &mb->mb_rangelow)) 422101099Srwatson return (EINVAL); 423101099Srwatson } else { 424172955Srwatson if (mb->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 425172955Srwatson mb->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 426101099Srwatson return (EINVAL); 427101099Srwatson } 428101099Srwatson 429101099Srwatson return (0); 430101099Srwatson} 431101099Srwatson 432101099Srwatsonstatic void 433172955Srwatsonbiba_set_range(struct mac_biba *mb, u_short typelow, u_short gradelow, 434172955Srwatson u_char *compartmentslow, u_short typehigh, u_short gradehigh, 435172955Srwatson u_char *compartmentshigh) 436101099Srwatson{ 437101099Srwatson 438172955Srwatson mb->mb_rangelow.mbe_type = typelow; 439172955Srwatson mb->mb_rangelow.mbe_grade = gradelow; 440105643Srwatson if (compartmentslow != NULL) 441172955Srwatson memcpy(mb->mb_rangelow.mbe_compartments, compartmentslow, 442172955Srwatson sizeof(mb->mb_rangelow.mbe_compartments)); 443172955Srwatson mb->mb_rangehigh.mbe_type = typehigh; 444172955Srwatson mb->mb_rangehigh.mbe_grade = gradehigh; 445105643Srwatson if (compartmentshigh != NULL) 446172955Srwatson memcpy(mb->mb_rangehigh.mbe_compartments, compartmentshigh, 447172955Srwatson sizeof(mb->mb_rangehigh.mbe_compartments)); 448172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 449101099Srwatson} 450101099Srwatson 451101099Srwatsonstatic void 452172955Srwatsonbiba_set_effective(struct mac_biba *mb, u_short type, u_short grade, 453105643Srwatson u_char *compartments) 454101099Srwatson{ 455101099Srwatson 456172955Srwatson mb->mb_effective.mbe_type = type; 457172955Srwatson mb->mb_effective.mbe_grade = grade; 458105643Srwatson if (compartments != NULL) 459172955Srwatson memcpy(mb->mb_effective.mbe_compartments, compartments, 460172955Srwatson sizeof(mb->mb_effective.mbe_compartments)); 461172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 462101099Srwatson} 463101099Srwatson 464101099Srwatsonstatic void 465172955Srwatsonbiba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 466101099Srwatson{ 467105643Srwatson 468101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 469172955Srwatson ("biba_copy_range: labelfrom not range")); 470101099Srwatson 471101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 472101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 473101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 474101099Srwatson} 475101099Srwatson 476101099Srwatsonstatic void 477172955Srwatsonbiba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) 478101099Srwatson{ 479101099Srwatson 480132232Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 481172955Srwatson ("biba_copy_effective: labelfrom not effective")); 482101099Srwatson 483132232Srwatson labelto->mb_effective = labelfrom->mb_effective; 484132232Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 485101099Srwatson} 486101099Srwatson 487105656Srwatsonstatic void 488172955Srwatsonbiba_copy(struct mac_biba *source, struct mac_biba *dest) 489105656Srwatson{ 490105656Srwatson 491132232Srwatson if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 492172955Srwatson biba_copy_effective(source, dest); 493105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 494172955Srwatson biba_copy_range(source, dest); 495105656Srwatson} 496105656Srwatson 497101099Srwatson/* 498101099Srwatson * Policy module operations. 499101099Srwatson */ 500101099Srwatsonstatic void 501172955Srwatsonbiba_init(struct mac_policy_conf *conf) 502101099Srwatson{ 503101099Srwatson 504122879Srwatson zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 505122879Srwatson NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 506101099Srwatson} 507101099Srwatson 508101099Srwatson/* 509101099Srwatson * Label operations. 510101099Srwatson */ 511101099Srwatsonstatic void 512172955Srwatsonbiba_init_label(struct label *label) 513101099Srwatson{ 514101099Srwatson 515132781Skan SLOT_SET(label, biba_alloc(M_WAITOK)); 516101099Srwatson} 517101099Srwatson 518101099Srwatsonstatic int 519172955Srwatsonbiba_init_label_waitcheck(struct label *label, int flag) 520101099Srwatson{ 521101099Srwatson 522132781Skan SLOT_SET(label, biba_alloc(flag)); 523101099Srwatson if (SLOT(label) == NULL) 524101099Srwatson return (ENOMEM); 525101099Srwatson 526101099Srwatson return (0); 527101099Srwatson} 528101099Srwatson 529101099Srwatsonstatic void 530172955Srwatsonbiba_destroy_label(struct label *label) 531101099Srwatson{ 532101099Srwatson 533101099Srwatson biba_free(SLOT(label)); 534132781Skan SLOT_SET(label, NULL); 535101099Srwatson} 536101099Srwatson 537105696Srwatson/* 538172955Srwatson * biba_element_to_string() accepts an sbuf and Biba element. It converts 539172955Srwatson * the Biba element to a string and stores the result in the sbuf; if there 540172955Srwatson * isn't space in the sbuf, -1 is returned. 541105696Srwatson */ 542115497Srwatsonstatic int 543172955Srwatsonbiba_element_to_string(struct sbuf *sb, struct mac_biba_element *element) 544105696Srwatson{ 545115497Srwatson int i, first; 546105696Srwatson 547105696Srwatson switch (element->mbe_type) { 548105696Srwatson case MAC_BIBA_TYPE_HIGH: 549115497Srwatson return (sbuf_printf(sb, "high")); 550105696Srwatson 551105696Srwatson case MAC_BIBA_TYPE_LOW: 552115497Srwatson return (sbuf_printf(sb, "low")); 553105696Srwatson 554105696Srwatson case MAC_BIBA_TYPE_EQUAL: 555115497Srwatson return (sbuf_printf(sb, "equal")); 556105696Srwatson 557105696Srwatson case MAC_BIBA_TYPE_GRADE: 558115497Srwatson if (sbuf_printf(sb, "%d", element->mbe_grade) == -1) 559115497Srwatson return (-1); 560115497Srwatson 561115497Srwatson first = 1; 562115497Srwatson for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) { 563115497Srwatson if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) { 564115497Srwatson if (first) { 565115497Srwatson if (sbuf_putc(sb, ':') == -1) 566115497Srwatson return (-1); 567115497Srwatson if (sbuf_printf(sb, "%d", i) == -1) 568115497Srwatson return (-1); 569115497Srwatson first = 0; 570115497Srwatson } else { 571115497Srwatson if (sbuf_printf(sb, "+%d", i) == -1) 572115497Srwatson return (-1); 573115497Srwatson } 574115497Srwatson } 575105696Srwatson } 576115497Srwatson return (0); 577105696Srwatson 578105696Srwatson default: 579172955Srwatson panic("biba_element_to_string: invalid type (%d)", 580105696Srwatson element->mbe_type); 581105696Srwatson } 582105696Srwatson} 583105696Srwatson 584115497Srwatson/* 585172955Srwatson * biba_to_string() converts a Biba label to a string, and places the results 586172955Srwatson * in the passed sbuf. It returns 0 on success, or EINVAL if there isn't 587172955Srwatson * room in the sbuf. Note: the sbuf will be modified even in a failure case, 588172955Srwatson * so the caller may need to revert the sbuf by restoring the offset if 589172955Srwatson * that's undesired. 590115497Srwatson */ 591101099Srwatsonstatic int 592172955Srwatsonbiba_to_string(struct sbuf *sb, struct mac_biba *mb) 593101099Srwatson{ 594105696Srwatson 595172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 596172955Srwatson if (biba_element_to_string(sb, &mb->mb_effective) == -1) 597105696Srwatson return (EINVAL); 598105696Srwatson } 599105696Srwatson 600172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 601116701Srwatson if (sbuf_putc(sb, '(') == -1) 602105696Srwatson return (EINVAL); 603105696Srwatson 604172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangelow) == -1) 605105696Srwatson return (EINVAL); 606105696Srwatson 607116701Srwatson if (sbuf_putc(sb, '-') == -1) 608105696Srwatson return (EINVAL); 609105696Srwatson 610172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangehigh) == -1) 611105696Srwatson return (EINVAL); 612105696Srwatson 613116701Srwatson if (sbuf_putc(sb, ')') == -1) 614105696Srwatson return (EINVAL); 615105696Srwatson } 616105696Srwatson 617105696Srwatson return (0); 618105696Srwatson} 619105696Srwatson 620105696Srwatsonstatic int 621172955Srwatsonbiba_externalize_label(struct label *label, char *element_name, 622116701Srwatson struct sbuf *sb, int *claimed) 623105696Srwatson{ 624172955Srwatson struct mac_biba *mb; 625101099Srwatson 626105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 627105696Srwatson return (0); 628105696Srwatson 629105696Srwatson (*claimed)++; 630105696Srwatson 631172955Srwatson mb = SLOT(label); 632172955Srwatson return (biba_to_string(sb, mb)); 633105696Srwatson} 634105696Srwatson 635105696Srwatsonstatic int 636172955Srwatsonbiba_parse_element(struct mac_biba_element *element, char *string) 637101099Srwatson{ 638115395Srwatson char *compartment, *end, *grade; 639115395Srwatson int value; 640105696Srwatson 641181217Srwatson if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) { 642105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 643105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 644181217Srwatson } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) { 645105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 646105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 647105696Srwatson } else if (strcmp(string, "equal") == 0 || 648105696Srwatson strcmp(string, "eq") == 0) { 649105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 650105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 651105696Srwatson } else { 652115395Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 653105696Srwatson 654115395Srwatson /* 655115395Srwatson * Numeric grade piece of the element. 656115395Srwatson */ 657115395Srwatson grade = strsep(&string, ":"); 658115395Srwatson value = strtol(grade, &end, 10); 659115395Srwatson if (end == grade || *end != '\0') 660105696Srwatson return (EINVAL); 661115395Srwatson if (value < 0 || value > 65535) 662115395Srwatson return (EINVAL); 663115395Srwatson element->mbe_grade = value; 664105696Srwatson 665115395Srwatson /* 666181217Srwatson * Optional compartment piece of the element. If none are 667181217Srwatson * included, we assume that the label has no compartments. 668115395Srwatson */ 669115395Srwatson if (string == NULL) 670115395Srwatson return (0); 671115395Srwatson if (*string == '\0') 672115395Srwatson return (0); 673105696Srwatson 674115395Srwatson while ((compartment = strsep(&string, "+")) != NULL) { 675115395Srwatson value = strtol(compartment, &end, 10); 676115395Srwatson if (compartment == end || *end != '\0') 677105696Srwatson return (EINVAL); 678115395Srwatson if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) 679105696Srwatson return (EINVAL); 680115395Srwatson MAC_BIBA_BIT_SET(value, element->mbe_compartments); 681105696Srwatson } 682105696Srwatson } 683105696Srwatson 684105696Srwatson return (0); 685105696Srwatson} 686105696Srwatson 687105696Srwatson/* 688181217Srwatson * Note: destructively consumes the string, make a local copy before calling 689181217Srwatson * if that's a problem. 690105696Srwatson */ 691105696Srwatsonstatic int 692172955Srwatsonbiba_parse(struct mac_biba *mb, char *string) 693105696Srwatson{ 694132232Srwatson char *rangehigh, *rangelow, *effective; 695101099Srwatson int error; 696101099Srwatson 697132232Srwatson effective = strsep(&string, "("); 698132232Srwatson if (*effective == '\0') 699132232Srwatson effective = NULL; 700115395Srwatson 701115395Srwatson if (string != NULL) { 702115395Srwatson rangelow = strsep(&string, "-"); 703115395Srwatson if (string == NULL) 704105696Srwatson return (EINVAL); 705115395Srwatson rangehigh = strsep(&string, ")"); 706115395Srwatson if (string == NULL) 707105696Srwatson return (EINVAL); 708115395Srwatson if (*string != '\0') 709105696Srwatson return (EINVAL); 710115395Srwatson } else { 711115395Srwatson rangelow = NULL; 712115395Srwatson rangehigh = NULL; 713105696Srwatson } 714115395Srwatson 715105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 716105696Srwatson (rangelow == NULL && rangehigh == NULL), 717172955Srwatson ("biba_parse: range mismatch")); 718101099Srwatson 719172955Srwatson bzero(mb, sizeof(*mb)); 720132232Srwatson if (effective != NULL) { 721172955Srwatson error = biba_parse_element(&mb->mb_effective, effective); 722105696Srwatson if (error) 723105696Srwatson return (error); 724172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 725105696Srwatson } 726105696Srwatson 727105696Srwatson if (rangelow != NULL) { 728172955Srwatson error = biba_parse_element(&mb->mb_rangelow, rangelow); 729105696Srwatson if (error) 730105696Srwatson return (error); 731172955Srwatson error = biba_parse_element(&mb->mb_rangehigh, rangehigh); 732105696Srwatson if (error) 733105696Srwatson return (error); 734172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 735105696Srwatson } 736105696Srwatson 737172955Srwatson error = biba_valid(mb); 738101099Srwatson if (error) 739101099Srwatson return (error); 740101099Srwatson 741105696Srwatson return (0); 742105696Srwatson} 743101099Srwatson 744105696Srwatsonstatic int 745172955Srwatsonbiba_internalize_label(struct label *label, char *element_name, 746105696Srwatson char *element_data, int *claimed) 747105696Srwatson{ 748172955Srwatson struct mac_biba *mb, mb_temp; 749105696Srwatson int error; 750105696Srwatson 751105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 752105696Srwatson return (0); 753105696Srwatson 754105696Srwatson (*claimed)++; 755105696Srwatson 756172955Srwatson error = biba_parse(&mb_temp, element_data); 757105696Srwatson if (error) 758105696Srwatson return (error); 759105696Srwatson 760172955Srwatson mb = SLOT(label); 761172955Srwatson *mb = mb_temp; 762105696Srwatson 763101099Srwatson return (0); 764101099Srwatson} 765101099Srwatson 766105696Srwatsonstatic void 767172955Srwatsonbiba_copy_label(struct label *src, struct label *dest) 768105696Srwatson{ 769105696Srwatson 770105696Srwatson *SLOT(dest) = *SLOT(src); 771105696Srwatson} 772105696Srwatson 773101099Srwatson/* 774173138Srwatson * Object-specific entry point implementations are sorted alphabetically by 775173138Srwatson * object type name and then by operation. 776101099Srwatson */ 777173138Srwatsonstatic int 778173138Srwatsonbiba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 779173138Srwatson struct ifnet *ifp, struct label *ifplabel) 780101099Srwatson{ 781173138Srwatson struct mac_biba *a, *b; 782101099Srwatson 783173138Srwatson if (!biba_enabled) 784173138Srwatson return (0); 785101099Srwatson 786173138Srwatson a = SLOT(dlabel); 787173138Srwatson b = SLOT(ifplabel); 788101099Srwatson 789173138Srwatson if (biba_equal_effective(a, b)) 790173138Srwatson return (0); 791173138Srwatson return (EACCES); 792101099Srwatson} 793101099Srwatson 794101099Srwatsonstatic void 795173138Srwatsonbiba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 796173138Srwatson struct label *dlabel) 797104535Srwatson{ 798104535Srwatson struct mac_biba *source, *dest; 799104535Srwatson 800122524Srwatson source = SLOT(cred->cr_label); 801173138Srwatson dest = SLOT(dlabel); 802104535Srwatson 803172955Srwatson biba_copy_effective(source, dest); 804104535Srwatson} 805104535Srwatson 806104535Srwatsonstatic void 807173138Srwatsonbiba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 808173138Srwatson struct mbuf *m, struct label *mlabel) 809101099Srwatson{ 810101099Srwatson struct mac_biba *source, *dest; 811101099Srwatson 812173138Srwatson source = SLOT(dlabel); 813173138Srwatson dest = SLOT(mlabel); 814172955Srwatson 815172955Srwatson biba_copy_effective(source, dest); 816101099Srwatson} 817101099Srwatson 818173138Srwatsonstatic int 819173138Srwatsonbiba_cred_check_relabel(struct ucred *cred, struct label *newlabel) 820101099Srwatson{ 821173138Srwatson struct mac_biba *subj, *new; 822173138Srwatson int error; 823101099Srwatson 824173138Srwatson subj = SLOT(cred->cr_label); 825173138Srwatson new = SLOT(newlabel); 826101099Srwatson 827173138Srwatson /* 828173138Srwatson * If there is a Biba label update for the credential, it may 829173138Srwatson * be an update of the effective, range, or both. 830173138Srwatson */ 831173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 832173138Srwatson if (error) 833173138Srwatson return (error); 834101099Srwatson 835173138Srwatson /* 836173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 837173138Srwatson */ 838173138Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 839173138Srwatson /* 840173138Srwatson * If the change request modifies both the Biba label 841173138Srwatson * effective and range, check that the new effective will be 842173138Srwatson * in the new range. 843173138Srwatson */ 844173138Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 845173138Srwatson MAC_BIBA_FLAGS_BOTH && 846173138Srwatson !biba_effective_in_range(new, new)) 847173138Srwatson return (EINVAL); 848101099Srwatson 849173138Srwatson /* 850173138Srwatson * To change the Biba effective label on a credential, the 851173138Srwatson * new effective label must be in the current range. 852173138Srwatson */ 853173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 854173138Srwatson !biba_effective_in_range(new, subj)) 855173138Srwatson return (EPERM); 856101099Srwatson 857173138Srwatson /* 858173138Srwatson * To change the Biba range on a credential, the new range 859173138Srwatson * label must be in the current range. 860173138Srwatson */ 861173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 862173138Srwatson !biba_range_in_range(new, subj)) 863173138Srwatson return (EPERM); 864101099Srwatson 865173138Srwatson /* 866173138Srwatson * To have EQUAL in any component of the new credential Biba 867173138Srwatson * label, the subject must already have EQUAL in their label. 868173138Srwatson */ 869173138Srwatson if (biba_contains_equal(new)) { 870173138Srwatson error = biba_subject_privileged(subj); 871173138Srwatson if (error) 872173138Srwatson return (error); 873173138Srwatson } 874105988Srwatson } 875101099Srwatson 876101099Srwatson return (0); 877101099Srwatson} 878101099Srwatson 879105988Srwatsonstatic int 880173138Srwatsonbiba_cred_check_visible(struct ucred *u1, struct ucred *u2) 881105988Srwatson{ 882173138Srwatson struct mac_biba *subj, *obj; 883105988Srwatson 884173138Srwatson if (!biba_enabled) 885105988Srwatson return (0); 886105988Srwatson 887173138Srwatson subj = SLOT(u1->cr_label); 888173138Srwatson obj = SLOT(u2->cr_label); 889105988Srwatson 890173138Srwatson /* XXX: range */ 891173138Srwatson if (!biba_dominate_effective(obj, subj)) 892173138Srwatson return (ESRCH); 893105988Srwatson 894173138Srwatson return (0); 895122875Srwatson} 896122875Srwatson 897122875Srwatsonstatic void 898173138Srwatsonbiba_cred_relabel(struct ucred *cred, struct label *newlabel) 899101099Srwatson{ 900101099Srwatson struct mac_biba *source, *dest; 901101099Srwatson 902173138Srwatson source = SLOT(newlabel); 903173138Srwatson dest = SLOT(cred->cr_label); 904101099Srwatson 905173138Srwatson biba_copy(source, dest); 906101099Srwatson} 907101099Srwatson 908101099Srwatsonstatic void 909173138Srwatsonbiba_devfs_create_device(struct ucred *cred, struct mount *mp, 910173138Srwatson struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 911101099Srwatson{ 912173138Srwatson struct mac_biba *mb; 913173138Srwatson int biba_type; 914101099Srwatson 915173138Srwatson mb = SLOT(delabel); 916173138Srwatson if (strcmp(dev->si_name, "null") == 0 || 917173138Srwatson strcmp(dev->si_name, "zero") == 0 || 918173138Srwatson strcmp(dev->si_name, "random") == 0 || 919173138Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 920173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 921173138Srwatson else if (ptys_equal && 922173138Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 923173138Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 924173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 925173138Srwatson else 926173138Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 927173138Srwatson biba_set_effective(mb, biba_type, 0, NULL); 928101099Srwatson} 929101099Srwatson 930101099Srwatsonstatic void 931173138Srwatsonbiba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, 932173138Srwatson struct devfs_dirent *de, struct label *delabel) 933101099Srwatson{ 934173138Srwatson struct mac_biba *mb; 935101099Srwatson 936173138Srwatson mb = SLOT(delabel); 937101099Srwatson 938173138Srwatson biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); 939101099Srwatson} 940101099Srwatson 941101099Srwatsonstatic void 942173138Srwatsonbiba_devfs_create_symlink(struct ucred *cred, struct mount *mp, 943173138Srwatson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 944173138Srwatson struct label *delabel) 945145855Srwatson{ 946145855Srwatson struct mac_biba *source, *dest; 947145855Srwatson 948145855Srwatson source = SLOT(cred->cr_label); 949173138Srwatson dest = SLOT(delabel); 950145855Srwatson 951172955Srwatson biba_copy_effective(source, dest); 952145855Srwatson} 953145855Srwatson 954145855Srwatsonstatic void 955173138Srwatsonbiba_devfs_update(struct mount *mp, struct devfs_dirent *de, 956173138Srwatson struct label *delabel, struct vnode *vp, struct label *vplabel) 957101099Srwatson{ 958101099Srwatson struct mac_biba *source, *dest; 959101099Srwatson 960173138Srwatson source = SLOT(vplabel); 961173138Srwatson dest = SLOT(delabel); 962101099Srwatson 963172955Srwatson biba_copy(source, dest); 964101099Srwatson} 965101099Srwatson 966101099Srwatsonstatic void 967173138Srwatsonbiba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, 968173138Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 969173138Srwatson struct label *vplabel) 970101099Srwatson{ 971101099Srwatson struct mac_biba *source, *dest; 972101099Srwatson 973173138Srwatson source = SLOT(delabel); 974173138Srwatson dest = SLOT(vplabel); 975101099Srwatson 976172955Srwatson biba_copy_effective(source, dest); 977101099Srwatson} 978101099Srwatson 979173138Srwatsonstatic int 980173138Srwatsonbiba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 981173138Srwatson struct label *ifplabel, struct label *newlabel) 982140628Srwatson{ 983173138Srwatson struct mac_biba *subj, *new; 984173138Srwatson int error; 985140628Srwatson 986173138Srwatson subj = SLOT(cred->cr_label); 987173138Srwatson new = SLOT(newlabel); 988140628Srwatson 989173138Srwatson /* 990173138Srwatson * If there is a Biba label update for the interface, it may be an 991173138Srwatson * update of the effective, range, or both. 992173138Srwatson */ 993173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 994173138Srwatson if (error) 995173138Srwatson return (error); 996140628Srwatson 997173138Srwatson /* 998173138Srwatson * Relabling network interfaces requires Biba privilege. 999173138Srwatson */ 1000173138Srwatson error = biba_subject_privileged(subj); 1001173138Srwatson if (error) 1002173138Srwatson return (error); 1003140628Srwatson 1004173138Srwatson return (0); 1005140628Srwatson} 1006140628Srwatson 1007173138Srwatsonstatic int 1008173138Srwatsonbiba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 1009173138Srwatson struct mbuf *m, struct label *mlabel) 1010140628Srwatson{ 1011173138Srwatson struct mac_biba *p, *i; 1012140628Srwatson 1013173138Srwatson if (!biba_enabled) 1014173138Srwatson return (0); 1015140628Srwatson 1016173138Srwatson p = SLOT(mlabel); 1017173138Srwatson i = SLOT(ifplabel); 1018140628Srwatson 1019173138Srwatson return (biba_effective_in_range(p, i) ? 0 : EACCES); 1020140628Srwatson} 1021140628Srwatson 1022101099Srwatsonstatic void 1023172955Srwatsonbiba_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 1024101099Srwatson{ 1025121816Sbrooks char tifname[IFNAMSIZ], *p, *q; 1026101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1027101099Srwatson struct mac_biba *dest; 1028110350Srwatson int len, type; 1029101099Srwatson 1030168976Srwatson dest = SLOT(ifplabel); 1031101099Srwatson 1032168976Srwatson if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { 1033110350Srwatson type = MAC_BIBA_TYPE_EQUAL; 1034101099Srwatson goto set; 1035101099Srwatson } 1036101099Srwatson 1037101099Srwatson if (trust_all_interfaces) { 1038110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1039101099Srwatson goto set; 1040101099Srwatson } 1041101099Srwatson 1042110350Srwatson type = MAC_BIBA_TYPE_LOW; 1043101099Srwatson 1044101099Srwatson if (trusted_interfaces[0] == '\0' || 1045101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1046101099Srwatson goto set; 1047101099Srwatson 1048106089Srwatson bzero(tiflist, sizeof(tiflist)); 1049101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1050101099Srwatson if(*p != ' ' && *p != '\t') 1051101099Srwatson *q = *p; 1052101099Srwatson 1053101099Srwatson for (p = q = tiflist;; p++) { 1054101099Srwatson if (*p == ',' || *p == '\0') { 1055101099Srwatson len = p - q; 1056101099Srwatson if (len < IFNAMSIZ) { 1057101099Srwatson bzero(tifname, sizeof(tifname)); 1058101099Srwatson bcopy(q, tifname, len); 1059168976Srwatson if (strcmp(tifname, ifp->if_xname) == 0) { 1060110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1061101099Srwatson break; 1062101099Srwatson } 1063106089Srwatson } else { 1064106089Srwatson *p = '\0'; 1065106089Srwatson printf("mac_biba warning: interface name " 1066106089Srwatson "\"%s\" is too long (must be < %d)\n", 1067106089Srwatson q, IFNAMSIZ); 1068101099Srwatson } 1069101099Srwatson if (*p == '\0') 1070101099Srwatson break; 1071101099Srwatson q = p + 1; 1072101099Srwatson } 1073101099Srwatson } 1074101099Srwatsonset: 1075172955Srwatson biba_set_effective(dest, type, 0, NULL); 1076172955Srwatson biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1077101099Srwatson} 1078101099Srwatson 1079101099Srwatsonstatic void 1080173138Srwatsonbiba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 1081173138Srwatson struct mbuf *m, struct label *mlabel) 1082101099Srwatson{ 1083101099Srwatson struct mac_biba *source, *dest; 1084101099Srwatson 1085173138Srwatson source = SLOT(ifplabel); 1086173138Srwatson dest = SLOT(mlabel); 1087101099Srwatson 1088172955Srwatson biba_copy_effective(source, dest); 1089101099Srwatson} 1090101099Srwatson 1091101099Srwatsonstatic void 1092173138Srwatsonbiba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 1093173138Srwatson struct label *ifplabel, struct label *newlabel) 1094101099Srwatson{ 1095101099Srwatson struct mac_biba *source, *dest; 1096101099Srwatson 1097173138Srwatson source = SLOT(newlabel); 1098173138Srwatson dest = SLOT(ifplabel); 1099101099Srwatson 1100173138Srwatson biba_copy(source, dest); 1101101099Srwatson} 1102101099Srwatson 1103173138Srwatsonstatic int 1104173138Srwatsonbiba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 1105173138Srwatson struct mbuf *m, struct label *mlabel) 1106173138Srwatson{ 1107173138Srwatson struct mac_biba *p, *i; 1108173138Srwatson 1109173138Srwatson if (!biba_enabled) 1110173138Srwatson return (0); 1111173138Srwatson 1112173138Srwatson p = SLOT(mlabel); 1113173138Srwatson i = SLOT(inplabel); 1114173138Srwatson 1115173138Srwatson return (biba_equal_effective(p, i) ? 0 : EACCES); 1116173138Srwatson} 1117173138Srwatson 1118183980Sbzstatic int 1119183980Sbzbiba_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 1120183980Sbz struct label *inplabel) 1121183980Sbz{ 1122183980Sbz struct mac_biba *subj, *obj; 1123183980Sbz 1124183980Sbz if (!biba_enabled) 1125183980Sbz return (0); 1126183980Sbz 1127183980Sbz subj = SLOT(cred->cr_label); 1128183980Sbz obj = SLOT(inplabel); 1129183980Sbz 1130183980Sbz if (!biba_dominate_effective(obj, subj)) 1131183980Sbz return (ENOENT); 1132183980Sbz 1133183980Sbz return (0); 1134183980Sbz} 1135183980Sbz 1136101099Srwatsonstatic void 1137173138Srwatsonbiba_inpcb_create(struct socket *so, struct label *solabel, 1138173138Srwatson struct inpcb *inp, struct label *inplabel) 1139101099Srwatson{ 1140101099Srwatson struct mac_biba *source, *dest; 1141101099Srwatson 1142173138Srwatson source = SLOT(solabel); 1143173138Srwatson dest = SLOT(inplabel); 1144101099Srwatson 1145172955Srwatson biba_copy_effective(source, dest); 1146101099Srwatson} 1147101099Srwatson 1148101099Srwatsonstatic void 1149172955Srwatsonbiba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 1150123607Srwatson struct mbuf *m, struct label *mlabel) 1151123607Srwatson{ 1152123607Srwatson struct mac_biba *source, *dest; 1153123607Srwatson 1154123607Srwatson source = SLOT(inplabel); 1155123607Srwatson dest = SLOT(mlabel); 1156123607Srwatson 1157172955Srwatson biba_copy_effective(source, dest); 1158123607Srwatson} 1159123607Srwatson 1160123607Srwatsonstatic void 1161173138Srwatsonbiba_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1162173138Srwatson struct inpcb *inp, struct label *inplabel) 1163101099Srwatson{ 1164101099Srwatson struct mac_biba *source, *dest; 1165101099Srwatson 1166173138Srwatson source = SLOT(solabel); 1167173138Srwatson dest = SLOT(inplabel); 1168101099Srwatson 1169173138Srwatson biba_copy(source, dest); 1170101099Srwatson} 1171101099Srwatson 1172101099Srwatsonstatic void 1173184308Srwatsonbiba_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1174184308Srwatson struct label *q6label) 1175184308Srwatson{ 1176184308Srwatson struct mac_biba *source, *dest; 1177184308Srwatson 1178184308Srwatson source = SLOT(mlabel); 1179184308Srwatson dest = SLOT(q6label); 1180184308Srwatson 1181184308Srwatson biba_copy_effective(source, dest); 1182184308Srwatson} 1183184308Srwatson 1184184308Srwatsonstatic int 1185184308Srwatsonbiba_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1186184308Srwatson struct label *q6label) 1187184308Srwatson{ 1188184308Srwatson struct mac_biba *a, *b; 1189184308Srwatson 1190184308Srwatson a = SLOT(q6label); 1191184308Srwatson b = SLOT(mlabel); 1192184308Srwatson 1193184308Srwatson return (biba_equal_effective(a, b)); 1194184308Srwatson} 1195184308Srwatson 1196184308Srwatsonstatic void 1197184308Srwatsonbiba_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 1198184308Srwatson struct label *mlabel) 1199184308Srwatson{ 1200184308Srwatson struct mac_biba *source, *dest; 1201184308Srwatson 1202184308Srwatson source = SLOT(q6label); 1203184308Srwatson dest = SLOT(mlabel); 1204184308Srwatson 1205184308Srwatson /* Just use the head, since we require them all to match. */ 1206184308Srwatson biba_copy_effective(source, dest); 1207184308Srwatson} 1208184308Srwatson 1209184308Srwatsonstatic void 1210184308Srwatsonbiba_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1211184308Srwatson struct label *q6label) 1212184308Srwatson{ 1213184308Srwatson 1214184308Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1215184308Srwatson} 1216184308Srwatson 1217184308Srwatsonstatic void 1218179781Srwatsonbiba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, 1219179781Srwatson struct label *qlabel) 1220101099Srwatson{ 1221101099Srwatson struct mac_biba *source, *dest; 1222101099Srwatson 1223173138Srwatson source = SLOT(mlabel); 1224179781Srwatson dest = SLOT(qlabel); 1225101099Srwatson 1226172955Srwatson biba_copy_effective(source, dest); 1227101099Srwatson} 1228101099Srwatson 1229101099Srwatsonstatic int 1230179781Srwatsonbiba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, 1231179781Srwatson struct label *qlabel) 1232101099Srwatson{ 1233101099Srwatson struct mac_biba *a, *b; 1234101099Srwatson 1235179781Srwatson a = SLOT(qlabel); 1236168976Srwatson b = SLOT(mlabel); 1237101099Srwatson 1238172955Srwatson return (biba_equal_effective(a, b)); 1239101099Srwatson} 1240101099Srwatson 1241101099Srwatsonstatic void 1242179781Srwatsonbiba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 1243173138Srwatson struct label *mlabel) 1244101099Srwatson{ 1245101099Srwatson struct mac_biba *source, *dest; 1246101099Srwatson 1247179781Srwatson source = SLOT(qlabel); 1248173138Srwatson dest = SLOT(mlabel); 1249101099Srwatson 1250173138Srwatson /* Just use the head, since we require them all to match. */ 1251173138Srwatson biba_copy_effective(source, dest); 1252101099Srwatson} 1253101099Srwatson 1254101099Srwatsonstatic void 1255179781Srwatsonbiba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 1256179781Srwatson struct label *qlabel) 1257101099Srwatson{ 1258101099Srwatson 1259101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1260101099Srwatson} 1261101099Srwatson 1262173138Srwatsonstatic int 1263173138Srwatsonbiba_kld_check_load(struct ucred *cred, struct vnode *vp, 1264173138Srwatson struct label *vplabel) 1265173138Srwatson{ 1266173138Srwatson struct mac_biba *subj, *obj; 1267173138Srwatson int error; 1268173138Srwatson 1269173138Srwatson if (!biba_enabled) 1270173138Srwatson return (0); 1271173138Srwatson 1272173138Srwatson subj = SLOT(cred->cr_label); 1273173138Srwatson 1274173138Srwatson error = biba_subject_privileged(subj); 1275173138Srwatson if (error) 1276173138Srwatson return (error); 1277173138Srwatson 1278173138Srwatson obj = SLOT(vplabel); 1279173138Srwatson if (!biba_high_effective(obj)) 1280173138Srwatson return (EACCES); 1281173138Srwatson 1282173138Srwatson return (0); 1283173138Srwatson} 1284173138Srwatson 1285173138Srwatsonstatic int 1286173138Srwatsonbiba_mount_check_stat(struct ucred *cred, struct mount *mp, 1287173138Srwatson struct label *mplabel) 1288173138Srwatson{ 1289173138Srwatson struct mac_biba *subj, *obj; 1290173138Srwatson 1291173138Srwatson if (!biba_enabled) 1292173138Srwatson return (0); 1293173138Srwatson 1294173138Srwatson subj = SLOT(cred->cr_label); 1295173138Srwatson obj = SLOT(mplabel); 1296173138Srwatson 1297173138Srwatson if (!biba_dominate_effective(obj, subj)) 1298173138Srwatson return (EACCES); 1299173138Srwatson 1300173138Srwatson return (0); 1301173138Srwatson} 1302173138Srwatson 1303122875Srwatsonstatic void 1304173138Srwatsonbiba_mount_create(struct ucred *cred, struct mount *mp, 1305173138Srwatson struct label *mplabel) 1306122875Srwatson{ 1307122875Srwatson struct mac_biba *source, *dest; 1308122875Srwatson 1309173138Srwatson source = SLOT(cred->cr_label); 1310173138Srwatson dest = SLOT(mplabel); 1311122875Srwatson 1312173138Srwatson biba_copy_effective(source, dest); 1313122875Srwatson} 1314122875Srwatson 1315162238Scsjpstatic void 1316173095Srwatsonbiba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1317173095Srwatson struct mbuf *m, struct label *mlabel) 1318173095Srwatson{ 1319173095Srwatson struct mac_biba *dest; 1320173095Srwatson 1321173095Srwatson dest = SLOT(mlabel); 1322173095Srwatson 1323173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1324173095Srwatson} 1325173095Srwatson 1326173095Srwatsonstatic void 1327173095Srwatsonbiba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1328173095Srwatson struct mbuf *m, struct label *mlabel) 1329173095Srwatson{ 1330173095Srwatson struct mac_biba *dest; 1331173095Srwatson 1332173095Srwatson dest = SLOT(mlabel); 1333173095Srwatson 1334173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1335173095Srwatson} 1336173095Srwatson 1337173095Srwatsonstatic void 1338173102Srwatsonbiba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1339173102Srwatson struct mbuf *msend, struct label *msendlabel) 1340173102Srwatson{ 1341173102Srwatson struct mac_biba *source, *dest; 1342173102Srwatson 1343173102Srwatson source = SLOT(mrecvlabel); 1344173102Srwatson dest = SLOT(msendlabel); 1345173102Srwatson 1346173102Srwatson biba_copy_effective(source, dest); 1347173102Srwatson} 1348173102Srwatson 1349173102Srwatsonstatic void 1350173018Srwatsonbiba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) 1351162238Scsjp{ 1352162238Scsjp struct mac_biba *dest; 1353162238Scsjp 1354173018Srwatson dest = SLOT(mlabel); 1355162238Scsjp 1356173018Srwatson /* XXX: where is the label for the firewall really coming from? */ 1357172955Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1358162238Scsjp} 1359162238Scsjp 1360173095Srwatsonstatic void 1361173138Srwatsonbiba_netinet_fragment(struct mbuf *m, struct label *mlabel, 1362173138Srwatson struct mbuf *frag, struct label *fraglabel) 1363173138Srwatson{ 1364173138Srwatson struct mac_biba *source, *dest; 1365173138Srwatson 1366173138Srwatson source = SLOT(mlabel); 1367173138Srwatson dest = SLOT(fraglabel); 1368173138Srwatson 1369173138Srwatson biba_copy_effective(source, dest); 1370173138Srwatson} 1371173138Srwatson 1372173138Srwatsonstatic void 1373173102Srwatsonbiba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1374173102Srwatson struct mbuf *msend, struct label *msendlabel) 1375173102Srwatson{ 1376173102Srwatson struct mac_biba *source, *dest; 1377173102Srwatson 1378173102Srwatson source = SLOT(mrecvlabel); 1379173102Srwatson dest = SLOT(msendlabel); 1380173102Srwatson 1381173102Srwatson biba_copy_effective(source, dest); 1382173102Srwatson} 1383173102Srwatson 1384173102Srwatsonstatic void 1385173095Srwatsonbiba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1386173095Srwatson struct mbuf *m, struct label *mlabel) 1387173095Srwatson{ 1388173095Srwatson struct mac_biba *dest; 1389173095Srwatson 1390173095Srwatson dest = SLOT(mlabel); 1391173095Srwatson 1392173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1393173095Srwatson} 1394173095Srwatson 1395173095Srwatsonstatic void 1396173095Srwatsonbiba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1397173095Srwatson struct mbuf *m, struct label *mlabel) 1398173095Srwatson{ 1399173095Srwatson struct mac_biba *dest; 1400173095Srwatson 1401173095Srwatson dest = SLOT(mlabel); 1402173095Srwatson 1403173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1404173095Srwatson} 1405173095Srwatson 1406173138Srwatsonstatic int 1407173138Srwatsonbiba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1408173138Srwatson struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1409101099Srwatson{ 1410101099Srwatson 1411173138Srwatson if(!biba_enabled) 1412173138Srwatson return (0); 1413101099Srwatson 1414173138Srwatson /* XXX: This will be implemented soon... */ 1415101099Srwatson 1416173138Srwatson return (0); 1417101099Srwatson} 1418101099Srwatson 1419173138Srwatsonstatic int 1420173138Srwatsonbiba_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1421173138Srwatson struct label *pplabel) 1422172957Srwatson{ 1423173138Srwatson struct mac_biba *subj, *obj; 1424172957Srwatson 1425173138Srwatson if (!biba_enabled) 1426173138Srwatson return (0); 1427172957Srwatson 1428173138Srwatson subj = SLOT(cred->cr_label); 1429173138Srwatson obj = SLOT(pplabel); 1430101099Srwatson 1431173138Srwatson if (!biba_dominate_effective(obj, subj)) 1432173138Srwatson return (EACCES); 1433101099Srwatson 1434173138Srwatson return (0); 1435101099Srwatson} 1436101099Srwatson 1437101099Srwatsonstatic int 1438173138Srwatsonbiba_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1439173138Srwatson struct label *pplabel) 1440101099Srwatson{ 1441173138Srwatson struct mac_biba *subj, *obj; 1442101099Srwatson 1443172955Srwatson if (!biba_enabled) 1444101099Srwatson return (0); 1445101099Srwatson 1446173138Srwatson subj = SLOT(cred->cr_label); 1447173138Srwatson obj = SLOT(pplabel); 1448101099Srwatson 1449173138Srwatson if (!biba_dominate_effective(obj, subj)) 1450173138Srwatson return (EACCES); 1451173138Srwatson 1452173138Srwatson return (0); 1453101099Srwatson} 1454101099Srwatson 1455101099Srwatsonstatic int 1456173138Srwatsonbiba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1457173138Srwatson struct label *pplabel, struct label *newlabel) 1458101099Srwatson{ 1459173138Srwatson struct mac_biba *subj, *obj, *new; 1460105634Srwatson int error; 1461101099Srwatson 1462173138Srwatson new = SLOT(newlabel); 1463122524Srwatson subj = SLOT(cred->cr_label); 1464173138Srwatson obj = SLOT(pplabel); 1465101099Srwatson 1466101099Srwatson /* 1467173138Srwatson * If there is a Biba label update for a pipe, it must be a effective 1468173138Srwatson * update. 1469101099Srwatson */ 1470173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1471105634Srwatson if (error) 1472105634Srwatson return (error); 1473101099Srwatson 1474101099Srwatson /* 1475173138Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1476173138Srwatson * authorize the relabel. 1477173138Srwatson */ 1478173138Srwatson if (!biba_effective_in_range(obj, subj)) 1479173138Srwatson return (EPERM); 1480173138Srwatson 1481173138Srwatson /* 1482105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1483101099Srwatson */ 1484173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1485105634Srwatson /* 1486173138Srwatson * To change the Biba label on a pipe, the new pipe label 1487173138Srwatson * must be in the subject range. 1488110351Srwatson */ 1489173138Srwatson if (!biba_effective_in_range(new, subj)) 1490105634Srwatson return (EPERM); 1491101099Srwatson 1492105634Srwatson /* 1493173138Srwatson * To change the Biba label on a pipe to be EQUAL, the 1494173138Srwatson * subject must have appropriate privilege. 1495105634Srwatson */ 1496172955Srwatson if (biba_contains_equal(new)) { 1497172955Srwatson error = biba_subject_privileged(subj); 1498105634Srwatson if (error) 1499105634Srwatson return (error); 1500105634Srwatson } 1501105634Srwatson } 1502105634Srwatson 1503101099Srwatson return (0); 1504101099Srwatson} 1505101099Srwatson 1506101099Srwatsonstatic int 1507173138Srwatsonbiba_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1508173138Srwatson struct label *pplabel) 1509101099Srwatson{ 1510101099Srwatson struct mac_biba *subj, *obj; 1511101099Srwatson 1512172955Srwatson if (!biba_enabled) 1513101099Srwatson return (0); 1514101099Srwatson 1515173138Srwatson subj = SLOT(cred->cr_label); 1516173138Srwatson obj = SLOT(pplabel); 1517101099Srwatson 1518172955Srwatson if (!biba_dominate_effective(obj, subj)) 1519173138Srwatson return (EACCES); 1520101099Srwatson 1521101099Srwatson return (0); 1522101099Srwatson} 1523101099Srwatson 1524101099Srwatsonstatic int 1525173138Srwatsonbiba_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1526173138Srwatson struct label *pplabel) 1527101099Srwatson{ 1528173138Srwatson struct mac_biba *subj, *obj; 1529101099Srwatson 1530173138Srwatson if (!biba_enabled) 1531173138Srwatson return (0); 1532173138Srwatson 1533122524Srwatson subj = SLOT(cred->cr_label); 1534173138Srwatson obj = SLOT(pplabel); 1535101099Srwatson 1536173138Srwatson if (!biba_dominate_effective(subj, obj)) 1537173138Srwatson return (EACCES); 1538101099Srwatson 1539105634Srwatson return (0); 1540101099Srwatson} 1541101099Srwatson 1542173138Srwatsonstatic void 1543173138Srwatsonbiba_pipe_create(struct ucred *cred, struct pipepair *pp, 1544173138Srwatson struct label *pplabel) 1545101099Srwatson{ 1546173138Srwatson struct mac_biba *source, *dest; 1547103761Srwatson 1548173138Srwatson source = SLOT(cred->cr_label); 1549173138Srwatson dest = SLOT(pplabel); 1550101099Srwatson 1551173138Srwatson biba_copy_effective(source, dest); 1552173138Srwatson} 1553103759Srwatson 1554173138Srwatsonstatic void 1555173138Srwatsonbiba_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1556173138Srwatson struct label *pplabel, struct label *newlabel) 1557173138Srwatson{ 1558173138Srwatson struct mac_biba *source, *dest; 1559173138Srwatson 1560173138Srwatson source = SLOT(newlabel); 1561173138Srwatson dest = SLOT(pplabel); 1562173138Srwatson 1563173138Srwatson biba_copy(source, dest); 1564101099Srwatson} 1565101099Srwatson 1566101099Srwatsonstatic int 1567180059Sjhbbiba_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks, 1568173138Srwatson struct label *kslabel) 1569122875Srwatson{ 1570173138Srwatson struct mac_biba *subj, *obj; 1571122875Srwatson 1572172955Srwatson if (!biba_enabled) 1573122875Srwatson return (0); 1574122875Srwatson 1575173138Srwatson subj = SLOT(cred->cr_label); 1576173138Srwatson obj = SLOT(kslabel); 1577122875Srwatson 1578173138Srwatson if (!biba_dominate_effective(subj, obj)) 1579173138Srwatson return (EACCES); 1580173138Srwatson 1581173138Srwatson return (0); 1582122875Srwatson} 1583122875Srwatson 1584122875Srwatsonstatic int 1585180059Sjhbbiba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1586180059Sjhb struct ksem *ks, struct label *kslabel) 1587140628Srwatson{ 1588140628Srwatson struct mac_biba *subj, *obj; 1589140628Srwatson 1590172955Srwatson if (!biba_enabled) 1591140628Srwatson return (0); 1592140628Srwatson 1593180059Sjhb subj = SLOT(active_cred->cr_label); 1594173138Srwatson obj = SLOT(kslabel); 1595140628Srwatson 1596180059Sjhb if (!biba_dominate_effective(subj, obj)) 1597180059Sjhb return (EACCES); 1598180059Sjhb 1599180059Sjhb return (0); 1600180059Sjhb} 1601180059Sjhb 1602180059Sjhbstatic int 1603180059Sjhbbiba_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred, 1604180059Sjhb struct ksem *ks, struct label *kslabel) 1605180059Sjhb{ 1606180059Sjhb struct mac_biba *subj, *obj; 1607180059Sjhb 1608180059Sjhb if (!biba_enabled) 1609180059Sjhb return (0); 1610180059Sjhb 1611180059Sjhb subj = SLOT(active_cred->cr_label); 1612180059Sjhb obj = SLOT(kslabel); 1613180059Sjhb 1614172955Srwatson if (!biba_dominate_effective(obj, subj)) 1615140628Srwatson return (EACCES); 1616140628Srwatson 1617140628Srwatson return (0); 1618140628Srwatson} 1619140628Srwatson 1620173138Srwatsonstatic void 1621173138Srwatsonbiba_posixsem_create(struct ucred *cred, struct ksem *ks, 1622173138Srwatson struct label *kslabel) 1623173138Srwatson{ 1624173138Srwatson struct mac_biba *source, *dest; 1625173138Srwatson 1626173138Srwatson source = SLOT(cred->cr_label); 1627173138Srwatson dest = SLOT(kslabel); 1628173138Srwatson 1629173138Srwatson biba_copy_effective(source, dest); 1630173138Srwatson} 1631173138Srwatson 1632173138Srwatson/* 1633173138Srwatson * Some system privileges are allowed regardless of integrity grade; others 1634173138Srwatson * are allowed only when running with privilege with respect to the Biba 1635173138Srwatson * policy as they might otherwise allow bypassing of the integrity policy. 1636173138Srwatson */ 1637140628Srwatsonstatic int 1638173138Srwatsonbiba_priv_check(struct ucred *cred, int priv) 1639140628Srwatson{ 1640173138Srwatson struct mac_biba *subj; 1641173138Srwatson int error; 1642140628Srwatson 1643172955Srwatson if (!biba_enabled) 1644140628Srwatson return (0); 1645140628Srwatson 1646173138Srwatson /* 1647173138Srwatson * Exempt only specific privileges from the Biba integrity policy. 1648173138Srwatson */ 1649173138Srwatson switch (priv) { 1650173138Srwatson case PRIV_KTRACE: 1651173138Srwatson case PRIV_MSGBUF: 1652140628Srwatson 1653173138Srwatson /* 1654173138Srwatson * Allow processes to manipulate basic process audit properties, and 1655173138Srwatson * to submit audit records. 1656173138Srwatson */ 1657173138Srwatson case PRIV_AUDIT_GETAUDIT: 1658173138Srwatson case PRIV_AUDIT_SETAUDIT: 1659173138Srwatson case PRIV_AUDIT_SUBMIT: 1660140628Srwatson 1661173138Srwatson /* 1662173138Srwatson * Allow processes to manipulate their regular UNIX credentials. 1663173138Srwatson */ 1664173138Srwatson case PRIV_CRED_SETUID: 1665173138Srwatson case PRIV_CRED_SETEUID: 1666173138Srwatson case PRIV_CRED_SETGID: 1667173138Srwatson case PRIV_CRED_SETEGID: 1668173138Srwatson case PRIV_CRED_SETGROUPS: 1669173138Srwatson case PRIV_CRED_SETREUID: 1670173138Srwatson case PRIV_CRED_SETREGID: 1671173138Srwatson case PRIV_CRED_SETRESUID: 1672173138Srwatson case PRIV_CRED_SETRESGID: 1673173138Srwatson 1674173138Srwatson /* 1675173138Srwatson * Allow processes to perform system monitoring. 1676173138Srwatson */ 1677173138Srwatson case PRIV_SEEOTHERGIDS: 1678173138Srwatson case PRIV_SEEOTHERUIDS: 1679173138Srwatson break; 1680173138Srwatson 1681173138Srwatson /* 1682173138Srwatson * Allow access to general process debugging facilities. We 1683173138Srwatson * separately control debugging based on MAC label. 1684173138Srwatson */ 1685173138Srwatson case PRIV_DEBUG_DIFFCRED: 1686173138Srwatson case PRIV_DEBUG_SUGID: 1687173138Srwatson case PRIV_DEBUG_UNPRIV: 1688173138Srwatson 1689173138Srwatson /* 1690173138Srwatson * Allow manipulating jails. 1691173138Srwatson */ 1692173138Srwatson case PRIV_JAIL_ATTACH: 1693173138Srwatson 1694173138Srwatson /* 1695173138Srwatson * Allow privilege with respect to the Partition policy, but not the 1696173138Srwatson * Privs policy. 1697173138Srwatson */ 1698173138Srwatson case PRIV_MAC_PARTITION: 1699173138Srwatson 1700173138Srwatson /* 1701173138Srwatson * Allow privilege with respect to process resource limits and login 1702173138Srwatson * context. 1703173138Srwatson */ 1704173138Srwatson case PRIV_PROC_LIMIT: 1705173138Srwatson case PRIV_PROC_SETLOGIN: 1706173138Srwatson case PRIV_PROC_SETRLIMIT: 1707173138Srwatson 1708173138Srwatson /* 1709173138Srwatson * Allow System V and POSIX IPC privileges. 1710173138Srwatson */ 1711173138Srwatson case PRIV_IPC_READ: 1712173138Srwatson case PRIV_IPC_WRITE: 1713173138Srwatson case PRIV_IPC_ADMIN: 1714173138Srwatson case PRIV_IPC_MSGSIZE: 1715173138Srwatson case PRIV_MQ_ADMIN: 1716173138Srwatson 1717173138Srwatson /* 1718173138Srwatson * Allow certain scheduler manipulations -- possibly this should be 1719173138Srwatson * controlled by more fine-grained policy, as potentially low 1720173138Srwatson * integrity processes can deny CPU to higher integrity ones. 1721173138Srwatson */ 1722173138Srwatson case PRIV_SCHED_DIFFCRED: 1723173138Srwatson case PRIV_SCHED_SETPRIORITY: 1724173138Srwatson case PRIV_SCHED_RTPRIO: 1725173138Srwatson case PRIV_SCHED_SETPOLICY: 1726173138Srwatson case PRIV_SCHED_SET: 1727173138Srwatson case PRIV_SCHED_SETPARAM: 1728173138Srwatson 1729173138Srwatson /* 1730173138Srwatson * More IPC privileges. 1731173138Srwatson */ 1732173138Srwatson case PRIV_SEM_WRITE: 1733173138Srwatson 1734173138Srwatson /* 1735173138Srwatson * Allow signaling privileges subject to integrity policy. 1736173138Srwatson */ 1737173138Srwatson case PRIV_SIGNAL_DIFFCRED: 1738173138Srwatson case PRIV_SIGNAL_SUGID: 1739173138Srwatson 1740173138Srwatson /* 1741173138Srwatson * Allow access to only limited sysctls from lower integrity levels; 1742173138Srwatson * piggy-back on the Jail definition. 1743173138Srwatson */ 1744173138Srwatson case PRIV_SYSCTL_WRITEJAIL: 1745173138Srwatson 1746173138Srwatson /* 1747173138Srwatson * Allow TTY-based privileges, subject to general device access using 1748173138Srwatson * labels on TTY device nodes, but not console privilege. 1749173138Srwatson */ 1750173138Srwatson case PRIV_TTY_DRAINWAIT: 1751173138Srwatson case PRIV_TTY_DTRWAIT: 1752173138Srwatson case PRIV_TTY_EXCLUSIVE: 1753173138Srwatson case PRIV_TTY_PRISON: 1754173138Srwatson case PRIV_TTY_STI: 1755173138Srwatson case PRIV_TTY_SETA: 1756173138Srwatson 1757173138Srwatson /* 1758173138Srwatson * Grant most VFS privileges, as almost all are in practice bounded 1759173138Srwatson * by more specific checks using labels. 1760173138Srwatson */ 1761173138Srwatson case PRIV_VFS_READ: 1762173138Srwatson case PRIV_VFS_WRITE: 1763173138Srwatson case PRIV_VFS_ADMIN: 1764173138Srwatson case PRIV_VFS_EXEC: 1765173138Srwatson case PRIV_VFS_LOOKUP: 1766173138Srwatson case PRIV_VFS_CHFLAGS_DEV: 1767173138Srwatson case PRIV_VFS_CHOWN: 1768173138Srwatson case PRIV_VFS_CHROOT: 1769173138Srwatson case PRIV_VFS_RETAINSUGID: 1770173138Srwatson case PRIV_VFS_EXCEEDQUOTA: 1771173138Srwatson case PRIV_VFS_FCHROOT: 1772173138Srwatson case PRIV_VFS_FHOPEN: 1773173138Srwatson case PRIV_VFS_FHSTATFS: 1774173138Srwatson case PRIV_VFS_GENERATION: 1775173138Srwatson case PRIV_VFS_GETFH: 1776173138Srwatson case PRIV_VFS_GETQUOTA: 1777173138Srwatson case PRIV_VFS_LINK: 1778173138Srwatson case PRIV_VFS_MOUNT: 1779173138Srwatson case PRIV_VFS_MOUNT_OWNER: 1780173138Srwatson case PRIV_VFS_MOUNT_PERM: 1781173138Srwatson case PRIV_VFS_MOUNT_SUIDDIR: 1782173138Srwatson case PRIV_VFS_MOUNT_NONUSER: 1783173138Srwatson case PRIV_VFS_SETGID: 1784173138Srwatson case PRIV_VFS_STICKYFILE: 1785173138Srwatson case PRIV_VFS_SYSFLAGS: 1786173138Srwatson case PRIV_VFS_UNMOUNT: 1787173138Srwatson 1788173138Srwatson /* 1789173138Srwatson * Allow VM privileges; it would be nice if these were subject to 1790173138Srwatson * resource limits. 1791173138Srwatson */ 1792173138Srwatson case PRIV_VM_MADV_PROTECT: 1793173138Srwatson case PRIV_VM_MLOCK: 1794173138Srwatson case PRIV_VM_MUNLOCK: 1795173138Srwatson 1796173138Srwatson /* 1797173138Srwatson * Allow some but not all network privileges. In general, dont allow 1798173138Srwatson * reconfiguring the network stack, just normal use. 1799173138Srwatson */ 1800173138Srwatson case PRIV_NETATALK_RESERVEDPORT: 1801173138Srwatson case PRIV_NETINET_RESERVEDPORT: 1802173138Srwatson case PRIV_NETINET_RAW: 1803173138Srwatson case PRIV_NETINET_REUSEPORT: 1804173138Srwatson case PRIV_NETIPX_RESERVEDPORT: 1805173138Srwatson case PRIV_NETIPX_RAW: 1806173138Srwatson break; 1807173138Srwatson 1808173138Srwatson /* 1809173138Srwatson * All remaining system privileges are allow only if the process 1810173138Srwatson * holds privilege with respect to the Biba policy. 1811173138Srwatson */ 1812173138Srwatson default: 1813173138Srwatson subj = SLOT(cred->cr_label); 1814173138Srwatson error = biba_subject_privileged(subj); 1815173138Srwatson if (error) 1816173138Srwatson return (error); 1817173138Srwatson } 1818140628Srwatson return (0); 1819140628Srwatson} 1820140628Srwatson 1821173138Srwatsonstatic void 1822173138Srwatsonbiba_proc_associate_nfsd(struct ucred *cred) 1823173138Srwatson{ 1824173138Srwatson struct mac_biba *label; 1825173138Srwatson 1826173138Srwatson label = SLOT(cred->cr_label); 1827173138Srwatson biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 1828173138Srwatson biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1829173138Srwatson 0, NULL); 1830173138Srwatson} 1831173138Srwatson 1832140628Srwatsonstatic int 1833173138Srwatsonbiba_proc_check_debug(struct ucred *cred, struct proc *p) 1834140628Srwatson{ 1835140628Srwatson struct mac_biba *subj, *obj; 1836140628Srwatson 1837172955Srwatson if (!biba_enabled) 1838140628Srwatson return (0); 1839140628Srwatson 1840140628Srwatson subj = SLOT(cred->cr_label); 1841173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1842140628Srwatson 1843173138Srwatson /* XXX: range checks */ 1844172955Srwatson if (!biba_dominate_effective(obj, subj)) 1845173138Srwatson return (ESRCH); 1846173138Srwatson if (!biba_dominate_effective(subj, obj)) 1847140628Srwatson return (EACCES); 1848140628Srwatson 1849140628Srwatson return (0); 1850140628Srwatson} 1851140628Srwatson 1852140628Srwatsonstatic int 1853173138Srwatsonbiba_proc_check_sched(struct ucred *cred, struct proc *p) 1854140628Srwatson{ 1855140628Srwatson struct mac_biba *subj, *obj; 1856140628Srwatson 1857172955Srwatson if (!biba_enabled) 1858140628Srwatson return (0); 1859140628Srwatson 1860140628Srwatson subj = SLOT(cred->cr_label); 1861173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1862140628Srwatson 1863173138Srwatson /* XXX: range checks */ 1864173138Srwatson if (!biba_dominate_effective(obj, subj)) 1865173138Srwatson return (ESRCH); 1866172955Srwatson if (!biba_dominate_effective(subj, obj)) 1867140628Srwatson return (EACCES); 1868140628Srwatson 1869140628Srwatson return (0); 1870140628Srwatson} 1871140628Srwatson 1872140628Srwatsonstatic int 1873173138Srwatsonbiba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1874140628Srwatson{ 1875140628Srwatson struct mac_biba *subj, *obj; 1876140628Srwatson 1877172955Srwatson if (!biba_enabled) 1878140628Srwatson return (0); 1879140628Srwatson 1880140628Srwatson subj = SLOT(cred->cr_label); 1881173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1882140628Srwatson 1883173138Srwatson /* XXX: range checks */ 1884172955Srwatson if (!biba_dominate_effective(obj, subj)) 1885173138Srwatson return (ESRCH); 1886173138Srwatson if (!biba_dominate_effective(subj, obj)) 1887140628Srwatson return (EACCES); 1888140628Srwatson 1889140628Srwatson return (0); 1890140628Srwatson} 1891140628Srwatson 1892140628Srwatsonstatic int 1893173138Srwatsonbiba_socket_check_deliver(struct socket *so, struct label *solabel, 1894173138Srwatson struct mbuf *m, struct label *mlabel) 1895140628Srwatson{ 1896173138Srwatson struct mac_biba *p, *s; 1897140628Srwatson 1898172955Srwatson if (!biba_enabled) 1899140628Srwatson return (0); 1900140628Srwatson 1901173138Srwatson p = SLOT(mlabel); 1902173138Srwatson s = SLOT(solabel); 1903140628Srwatson 1904173138Srwatson return (biba_equal_effective(p, s) ? 0 : EACCES); 1905173138Srwatson} 1906140628Srwatson 1907173138Srwatsonstatic void 1908173138Srwatsonbiba_proc_create_init(struct ucred *cred) 1909173138Srwatson{ 1910173138Srwatson struct mac_biba *dest; 1911140628Srwatson 1912173138Srwatson dest = SLOT(cred->cr_label); 1913140628Srwatson 1914173138Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 1915173138Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1916173138Srwatson 0, NULL); 1917140628Srwatson} 1918140628Srwatson 1919173138Srwatsonstatic void 1920173138Srwatsonbiba_proc_create_swapper(struct ucred *cred) 1921173138Srwatson{ 1922173138Srwatson struct mac_biba *dest; 1923173138Srwatson 1924173138Srwatson dest = SLOT(cred->cr_label); 1925173138Srwatson 1926173138Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1927173138Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 1928173138Srwatson 0, NULL); 1929173138Srwatson} 1930173138Srwatson 1931140628Srwatsonstatic int 1932173138Srwatsonbiba_socket_check_relabel(struct ucred *cred, struct socket *so, 1933173138Srwatson struct label *solabel, struct label *newlabel) 1934140628Srwatson{ 1935173138Srwatson struct mac_biba *subj, *obj, *new; 1936173138Srwatson int error; 1937140628Srwatson 1938173138Srwatson new = SLOT(newlabel); 1939140628Srwatson subj = SLOT(cred->cr_label); 1940173138Srwatson obj = SLOT(solabel); 1941140628Srwatson 1942173138Srwatson /* 1943173138Srwatson * If there is a Biba label update for the socket, it may be an 1944173138Srwatson * update of effective. 1945173138Srwatson */ 1946173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1947173138Srwatson if (error) 1948173138Srwatson return (error); 1949140628Srwatson 1950173138Srwatson /* 1951173138Srwatson * To relabel a socket, the old socket effective must be in the 1952173138Srwatson * subject range. 1953173138Srwatson */ 1954173138Srwatson if (!biba_effective_in_range(obj, subj)) 1955173138Srwatson return (EPERM); 1956140628Srwatson 1957173138Srwatson /* 1958173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 1959173138Srwatson */ 1960173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1961173138Srwatson /* 1962173138Srwatson * To relabel a socket, the new socket effective must be in 1963173138Srwatson * the subject range. 1964173138Srwatson */ 1965173138Srwatson if (!biba_effective_in_range(new, subj)) 1966173138Srwatson return (EPERM); 1967173138Srwatson 1968173138Srwatson /* 1969173138Srwatson * To change the Biba label on the socket to contain EQUAL, 1970173138Srwatson * the subject must have appropriate privilege. 1971173138Srwatson */ 1972173138Srwatson if (biba_contains_equal(new)) { 1973173138Srwatson error = biba_subject_privileged(subj); 1974173138Srwatson if (error) 1975173138Srwatson return (error); 1976173138Srwatson } 1977140628Srwatson } 1978140628Srwatson 1979140628Srwatson return (0); 1980140628Srwatson} 1981140628Srwatson 1982140628Srwatsonstatic int 1983173138Srwatsonbiba_socket_check_visible(struct ucred *cred, struct socket *so, 1984173138Srwatson struct label *solabel) 1985140628Srwatson{ 1986140628Srwatson struct mac_biba *subj, *obj; 1987140628Srwatson 1988172955Srwatson if (!biba_enabled) 1989140628Srwatson return (0); 1990140628Srwatson 1991140628Srwatson subj = SLOT(cred->cr_label); 1992173138Srwatson obj = SLOT(solabel); 1993140628Srwatson 1994172955Srwatson if (!biba_dominate_effective(obj, subj)) 1995173138Srwatson return (ENOENT); 1996140628Srwatson 1997140628Srwatson return (0); 1998140628Srwatson} 1999140628Srwatson 2000173138Srwatsonstatic void 2001173138Srwatsonbiba_socket_create(struct ucred *cred, struct socket *so, 2002173138Srwatson struct label *solabel) 2003140628Srwatson{ 2004173138Srwatson struct mac_biba *source, *dest; 2005140628Srwatson 2006173138Srwatson source = SLOT(cred->cr_label); 2007173138Srwatson dest = SLOT(solabel); 2008140628Srwatson 2009173138Srwatson biba_copy_effective(source, dest); 2010173138Srwatson} 2011140628Srwatson 2012173138Srwatsonstatic void 2013173138Srwatsonbiba_socket_create_mbuf(struct socket *so, struct label *solabel, 2014173138Srwatson struct mbuf *m, struct label *mlabel) 2015173138Srwatson{ 2016173138Srwatson struct mac_biba *source, *dest; 2017140628Srwatson 2018173138Srwatson source = SLOT(solabel); 2019173138Srwatson dest = SLOT(mlabel); 2020140628Srwatson 2021173138Srwatson biba_copy_effective(source, dest); 2022140628Srwatson} 2023140628Srwatson 2024173138Srwatsonstatic void 2025173138Srwatsonbiba_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2026173138Srwatson struct socket *newso, struct label *newsolabel) 2027140628Srwatson{ 2028173138Srwatson struct mac_biba *source, *dest; 2029140628Srwatson 2030173138Srwatson source = SLOT(oldsolabel); 2031173138Srwatson dest = SLOT(newsolabel); 2032140628Srwatson 2033173138Srwatson biba_copy_effective(source, dest); 2034140628Srwatson} 2035140628Srwatson 2036173138Srwatsonstatic void 2037173138Srwatsonbiba_socket_relabel(struct ucred *cred, struct socket *so, 2038173138Srwatson struct label *solabel, struct label *newlabel) 2039140628Srwatson{ 2040173138Srwatson struct mac_biba *source, *dest; 2041140628Srwatson 2042173138Srwatson source = SLOT(newlabel); 2043173138Srwatson dest = SLOT(solabel); 2044140628Srwatson 2045173138Srwatson biba_copy(source, dest); 2046173138Srwatson} 2047140628Srwatson 2048173138Srwatsonstatic void 2049173138Srwatsonbiba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2050173138Srwatson struct socket *so, struct label *sopeerlabel) 2051173138Srwatson{ 2052173138Srwatson struct mac_biba *source, *dest; 2053140628Srwatson 2054173138Srwatson source = SLOT(mlabel); 2055173138Srwatson dest = SLOT(sopeerlabel); 2056140628Srwatson 2057173138Srwatson biba_copy_effective(source, dest); 2058140628Srwatson} 2059140628Srwatson 2060173138Srwatsonstatic void 2061173138Srwatsonbiba_socketpeer_set_from_socket(struct socket *oldso, 2062173138Srwatson struct label *oldsolabel, struct socket *newso, 2063173138Srwatson struct label *newsopeerlabel) 2064140628Srwatson{ 2065173138Srwatson struct mac_biba *source, *dest; 2066140628Srwatson 2067173138Srwatson source = SLOT(oldsolabel); 2068173138Srwatson dest = SLOT(newsopeerlabel); 2069140628Srwatson 2070173138Srwatson biba_copy_effective(source, dest); 2071173138Srwatson} 2072140628Srwatson 2073173138Srwatsonstatic void 2074173138Srwatsonbiba_syncache_create(struct label *label, struct inpcb *inp) 2075173138Srwatson{ 2076173138Srwatson struct mac_biba *source, *dest; 2077140628Srwatson 2078173138Srwatson source = SLOT(inp->inp_label); 2079173138Srwatson dest = SLOT(label); 2080173138Srwatson biba_copy_effective(source, dest); 2081140628Srwatson} 2082140628Srwatson 2083173138Srwatsonstatic void 2084173138Srwatsonbiba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2085173138Srwatson struct label *mlabel) 2086173138Srwatson{ 2087173138Srwatson struct mac_biba *source, *dest; 2088173138Srwatson 2089173138Srwatson source = SLOT(sc_label); 2090173138Srwatson dest = SLOT(mlabel); 2091173138Srwatson biba_copy_effective(source, dest); 2092173138Srwatson} 2093173138Srwatson 2094140628Srwatsonstatic int 2095173138Srwatsonbiba_system_check_acct(struct ucred *cred, struct vnode *vp, 2096168976Srwatson struct label *vplabel) 2097110354Srwatson{ 2098110354Srwatson struct mac_biba *subj, *obj; 2099110354Srwatson int error; 2100110354Srwatson 2101172955Srwatson if (!biba_enabled) 2102110354Srwatson return (0); 2103110354Srwatson 2104122524Srwatson subj = SLOT(cred->cr_label); 2105110354Srwatson 2106172955Srwatson error = biba_subject_privileged(subj); 2107110354Srwatson if (error) 2108110354Srwatson return (error); 2109110354Srwatson 2110173138Srwatson if (vplabel == NULL) 2111173138Srwatson return (0); 2112173138Srwatson 2113168976Srwatson obj = SLOT(vplabel); 2114172955Srwatson if (!biba_high_effective(obj)) 2115110354Srwatson return (EACCES); 2116110354Srwatson 2117110354Srwatson return (0); 2118110354Srwatson} 2119110354Srwatson 2120110354Srwatsonstatic int 2121173138Srwatsonbiba_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2122173138Srwatson struct label *vplabel) 2123101099Srwatson{ 2124101099Srwatson struct mac_biba *subj, *obj; 2125173138Srwatson int error; 2126101099Srwatson 2127172955Srwatson if (!biba_enabled) 2128101099Srwatson return (0); 2129101099Srwatson 2130122524Srwatson subj = SLOT(cred->cr_label); 2131101099Srwatson 2132173138Srwatson error = biba_subject_privileged(subj); 2133173138Srwatson if (error) 2134173138Srwatson return (error); 2135173138Srwatson 2136173138Srwatson if (vplabel == NULL) 2137173138Srwatson return (0); 2138173138Srwatson 2139173138Srwatson obj = SLOT(vplabel); 2140173138Srwatson if (!biba_high_effective(obj)) 2141101099Srwatson return (EACCES); 2142101099Srwatson 2143101099Srwatson return (0); 2144101099Srwatson} 2145101099Srwatson 2146101099Srwatsonstatic int 2147173138Srwatsonbiba_system_check_auditon(struct ucred *cred, int cmd) 2148101099Srwatson{ 2149173138Srwatson struct mac_biba *subj; 2150173138Srwatson int error; 2151103759Srwatson 2152173138Srwatson if (!biba_enabled) 2153101099Srwatson return (0); 2154101099Srwatson 2155173138Srwatson subj = SLOT(cred->cr_label); 2156101099Srwatson 2157173138Srwatson error = biba_subject_privileged(subj); 2158173138Srwatson if (error) 2159173138Srwatson return (error); 2160173138Srwatson 2161101099Srwatson return (0); 2162101099Srwatson} 2163101099Srwatson 2164101099Srwatsonstatic int 2165173138Srwatsonbiba_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2166173138Srwatson struct label *label) 2167101099Srwatson{ 2168173138Srwatson struct mac_biba *subj; 2169173138Srwatson int error; 2170101099Srwatson 2171172955Srwatson if (!biba_enabled) 2172101099Srwatson return (0); 2173101099Srwatson 2174122524Srwatson subj = SLOT(cred->cr_label); 2175101099Srwatson 2176173138Srwatson error = biba_subject_privileged(subj); 2177173138Srwatson if (error) 2178173138Srwatson return (error); 2179101099Srwatson 2180101099Srwatson return (0); 2181101099Srwatson} 2182101099Srwatson 2183101099Srwatsonstatic int 2184173138Srwatsonbiba_system_check_swapon(struct ucred *cred, struct vnode *vp, 2185173138Srwatson struct label *vplabel) 2186102115Srwatson{ 2187102115Srwatson struct mac_biba *subj, *obj; 2188173138Srwatson int error; 2189102115Srwatson 2190172955Srwatson if (!biba_enabled) 2191102115Srwatson return (0); 2192102115Srwatson 2193122524Srwatson subj = SLOT(cred->cr_label); 2194173138Srwatson obj = SLOT(vplabel); 2195102115Srwatson 2196173138Srwatson error = biba_subject_privileged(subj); 2197173138Srwatson if (error) 2198173138Srwatson return (error); 2199173138Srwatson 2200173138Srwatson if (!biba_high_effective(obj)) 2201102115Srwatson return (EACCES); 2202102115Srwatson 2203102115Srwatson return (0); 2204102115Srwatson} 2205102115Srwatson 2206102115Srwatsonstatic int 2207173138Srwatsonbiba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2208173138Srwatson void *arg1, int arg2, struct sysctl_req *req) 2209101099Srwatson{ 2210173138Srwatson struct mac_biba *subj; 2211105634Srwatson int error; 2212101099Srwatson 2213173138Srwatson if (!biba_enabled) 2214173138Srwatson return (0); 2215173138Srwatson 2216122524Srwatson subj = SLOT(cred->cr_label); 2217101099Srwatson 2218101099Srwatson /* 2219173138Srwatson * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, 2220173138Srwatson * but also require privilege to change them. 2221101099Srwatson */ 2222173138Srwatson if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2223173138Srwatson if (!biba_subject_dominate_high(subj)) 2224173138Srwatson return (EACCES); 2225101099Srwatson 2226173138Srwatson error = biba_subject_privileged(subj); 2227173138Srwatson if (error) 2228173138Srwatson return (error); 2229105634Srwatson } 2230105634Srwatson 2231101099Srwatson return (0); 2232101099Srwatson} 2233101099Srwatson 2234173138Srwatsonstatic void 2235173138Srwatsonbiba_sysvmsg_cleanup(struct label *msglabel) 2236102115Srwatson{ 2237102115Srwatson 2238173138Srwatson bzero(SLOT(msglabel), sizeof(struct mac_biba)); 2239173138Srwatson} 2240102115Srwatson 2241173138Srwatsonstatic void 2242173138Srwatsonbiba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2243173138Srwatson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2244173138Srwatson{ 2245173138Srwatson struct mac_biba *source, *dest; 2246102115Srwatson 2247173138Srwatson /* Ignore the msgq label */ 2248173138Srwatson source = SLOT(cred->cr_label); 2249173138Srwatson dest = SLOT(msglabel); 2250102115Srwatson 2251173138Srwatson biba_copy_effective(source, dest); 2252102115Srwatson} 2253102115Srwatson 2254102115Srwatsonstatic int 2255173138Srwatsonbiba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2256173138Srwatson struct label *msglabel) 2257102115Srwatson{ 2258102115Srwatson struct mac_biba *subj, *obj; 2259102115Srwatson 2260172955Srwatson if (!biba_enabled) 2261102115Srwatson return (0); 2262102115Srwatson 2263122524Srwatson subj = SLOT(cred->cr_label); 2264173138Srwatson obj = SLOT(msglabel); 2265102115Srwatson 2266173138Srwatson if (!biba_dominate_effective(obj, subj)) 2267102115Srwatson return (EACCES); 2268102115Srwatson 2269102115Srwatson return (0); 2270102115Srwatson} 2271102115Srwatson 2272102115Srwatsonstatic int 2273173138Srwatsonbiba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2274173138Srwatson struct label *msglabel) 2275145855Srwatson{ 2276145855Srwatson struct mac_biba *subj, *obj; 2277145855Srwatson 2278172955Srwatson if (!biba_enabled) 2279145855Srwatson return (0); 2280145855Srwatson 2281145855Srwatson subj = SLOT(cred->cr_label); 2282173138Srwatson obj = SLOT(msglabel); 2283145855Srwatson 2284172955Srwatson if (!biba_dominate_effective(subj, obj)) 2285145855Srwatson return (EACCES); 2286145855Srwatson 2287145855Srwatson return (0); 2288145855Srwatson} 2289145855Srwatson 2290145855Srwatsonstatic int 2291173138Srwatsonbiba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 2292173138Srwatson struct label *msqklabel) 2293145855Srwatson{ 2294145855Srwatson struct mac_biba *subj, *obj; 2295145855Srwatson 2296172955Srwatson if (!biba_enabled) 2297145855Srwatson return (0); 2298145855Srwatson 2299145855Srwatson subj = SLOT(cred->cr_label); 2300173138Srwatson obj = SLOT(msqklabel); 2301145855Srwatson 2302172955Srwatson if (!biba_dominate_effective(obj, subj)) 2303145855Srwatson return (EACCES); 2304145855Srwatson 2305145855Srwatson return (0); 2306145855Srwatson} 2307145855Srwatson 2308145855Srwatsonstatic int 2309173138Srwatsonbiba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 2310173138Srwatson struct label *msqklabel) 2311101099Srwatson{ 2312101099Srwatson struct mac_biba *subj, *obj; 2313101099Srwatson 2314172955Srwatson if (!biba_enabled) 2315101099Srwatson return (0); 2316101099Srwatson 2317122524Srwatson subj = SLOT(cred->cr_label); 2318173138Srwatson obj = SLOT(msqklabel); 2319101099Srwatson 2320172955Srwatson if (!biba_dominate_effective(subj, obj)) 2321101099Srwatson return (EACCES); 2322101099Srwatson 2323101099Srwatson return (0); 2324101099Srwatson} 2325101099Srwatson 2326101099Srwatsonstatic int 2327173138Srwatsonbiba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 2328173138Srwatson struct label *msqklabel) 2329101099Srwatson{ 2330101099Srwatson struct mac_biba *subj, *obj; 2331103759Srwatson 2332172955Srwatson if (!biba_enabled) 2333101099Srwatson return (0); 2334101099Srwatson 2335122524Srwatson subj = SLOT(cred->cr_label); 2336173138Srwatson obj = SLOT(msqklabel); 2337103759Srwatson 2338172955Srwatson if (!biba_dominate_effective(obj, subj)) 2339101099Srwatson return (EACCES); 2340101099Srwatson 2341101099Srwatson return (0); 2342101099Srwatson} 2343101099Srwatson 2344101099Srwatsonstatic int 2345173138Srwatsonbiba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 2346173138Srwatson struct label *msqklabel, int cmd) 2347101099Srwatson{ 2348101099Srwatson struct mac_biba *subj, *obj; 2349103759Srwatson 2350172955Srwatson if (!biba_enabled) 2351101099Srwatson return (0); 2352101099Srwatson 2353122524Srwatson subj = SLOT(cred->cr_label); 2354173138Srwatson obj = SLOT(msqklabel); 2355103759Srwatson 2356173138Srwatson switch(cmd) { 2357173138Srwatson case IPC_RMID: 2358173138Srwatson case IPC_SET: 2359173138Srwatson if (!biba_dominate_effective(subj, obj)) 2360173138Srwatson return (EACCES); 2361173138Srwatson break; 2362173138Srwatson 2363173138Srwatson case IPC_STAT: 2364173138Srwatson if (!biba_dominate_effective(obj, subj)) 2365173138Srwatson return (EACCES); 2366173138Srwatson break; 2367173138Srwatson 2368173138Srwatson default: 2369101099Srwatson return (EACCES); 2370173138Srwatson } 2371101099Srwatson 2372101099Srwatson return (0); 2373101099Srwatson} 2374101099Srwatson 2375173138Srwatsonstatic void 2376173138Srwatsonbiba_sysvmsq_cleanup(struct label *msqlabel) 2377101099Srwatson{ 2378101099Srwatson 2379173138Srwatson bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 2380173138Srwatson} 2381101099Srwatson 2382173138Srwatsonstatic void 2383173138Srwatsonbiba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2384173138Srwatson struct label *msqlabel) 2385173138Srwatson{ 2386173138Srwatson struct mac_biba *source, *dest; 2387101099Srwatson 2388173138Srwatson source = SLOT(cred->cr_label); 2389173138Srwatson dest = SLOT(msqlabel); 2390173138Srwatson 2391173138Srwatson biba_copy_effective(source, dest); 2392101099Srwatson} 2393101099Srwatson 2394101099Srwatsonstatic int 2395173138Srwatsonbiba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 2396173138Srwatson struct label *semaklabel, int cmd) 2397101099Srwatson{ 2398173138Srwatson struct mac_biba *subj, *obj; 2399101099Srwatson 2400173138Srwatson if (!biba_enabled) 2401173138Srwatson return (0); 2402173138Srwatson 2403122524Srwatson subj = SLOT(cred->cr_label); 2404173138Srwatson obj = SLOT(semaklabel); 2405101099Srwatson 2406173138Srwatson switch(cmd) { 2407173138Srwatson case IPC_RMID: 2408173138Srwatson case IPC_SET: 2409173138Srwatson case SETVAL: 2410173138Srwatson case SETALL: 2411173138Srwatson if (!biba_dominate_effective(subj, obj)) 2412173138Srwatson return (EACCES); 2413173138Srwatson break; 2414101099Srwatson 2415173138Srwatson case IPC_STAT: 2416173138Srwatson case GETVAL: 2417173138Srwatson case GETPID: 2418173138Srwatson case GETNCNT: 2419173138Srwatson case GETZCNT: 2420173138Srwatson case GETALL: 2421173138Srwatson if (!biba_dominate_effective(obj, subj)) 2422173138Srwatson return (EACCES); 2423173138Srwatson break; 2424101099Srwatson 2425173138Srwatson default: 2426173138Srwatson return (EACCES); 2427105634Srwatson } 2428105634Srwatson 2429101099Srwatson return (0); 2430101099Srwatson} 2431101099Srwatson 2432101099Srwatsonstatic int 2433173138Srwatsonbiba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, 2434173138Srwatson struct label *semaklabel) 2435101099Srwatson{ 2436101099Srwatson struct mac_biba *subj, *obj; 2437101099Srwatson 2438172955Srwatson if (!biba_enabled) 2439105722Srwatson return (0); 2440105722Srwatson 2441122524Srwatson subj = SLOT(cred->cr_label); 2442173138Srwatson obj = SLOT(semaklabel); 2443101099Srwatson 2444172955Srwatson if (!biba_dominate_effective(obj, subj)) 2445173138Srwatson return (EACCES); 2446101099Srwatson 2447101099Srwatson return (0); 2448101099Srwatson} 2449101099Srwatson 2450101099Srwatsonstatic int 2451173138Srwatsonbiba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 2452173138Srwatson struct label *semaklabel, size_t accesstype) 2453112574Srwatson{ 2454173138Srwatson struct mac_biba *subj, *obj; 2455112574Srwatson 2456172955Srwatson if (!biba_enabled) 2457112574Srwatson return (0); 2458112574Srwatson 2459173138Srwatson subj = SLOT(cred->cr_label); 2460173138Srwatson obj = SLOT(semaklabel); 2461112574Srwatson 2462173138Srwatson if (accesstype & SEM_R) 2463173138Srwatson if (!biba_dominate_effective(obj, subj)) 2464173138Srwatson return (EACCES); 2465112574Srwatson 2466173138Srwatson if (accesstype & SEM_A) 2467173138Srwatson if (!biba_dominate_effective(subj, obj)) 2468173138Srwatson return (EACCES); 2469168951Srwatson 2470173138Srwatson return (0); 2471173138Srwatson} 2472168951Srwatson 2473173138Srwatsonstatic void 2474173138Srwatsonbiba_sysvsem_cleanup(struct label *semalabel) 2475173138Srwatson{ 2476168951Srwatson 2477173138Srwatson bzero(SLOT(semalabel), sizeof(struct mac_biba)); 2478173138Srwatson} 2479168951Srwatson 2480173138Srwatsonstatic void 2481173138Srwatsonbiba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2482173138Srwatson struct label *semalabel) 2483173138Srwatson{ 2484173138Srwatson struct mac_biba *source, *dest; 2485168951Srwatson 2486173138Srwatson source = SLOT(cred->cr_label); 2487173138Srwatson dest = SLOT(semalabel); 2488168951Srwatson 2489173138Srwatson biba_copy_effective(source, dest); 2490112574Srwatson} 2491112574Srwatson 2492112574Srwatsonstatic int 2493173138Srwatsonbiba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 2494173138Srwatson struct label *shmseglabel, int shmflg) 2495106418Srwatson{ 2496106418Srwatson struct mac_biba *subj, *obj; 2497106418Srwatson 2498172955Srwatson if (!biba_enabled) 2499106418Srwatson return (0); 2500106418Srwatson 2501122524Srwatson subj = SLOT(cred->cr_label); 2502173138Srwatson obj = SLOT(shmseglabel); 2503106418Srwatson 2504173138Srwatson if (!biba_dominate_effective(obj, subj)) 2505106418Srwatson return (EACCES); 2506173138Srwatson if ((shmflg & SHM_RDONLY) == 0) { 2507173138Srwatson if (!biba_dominate_effective(subj, obj)) 2508173138Srwatson return (EACCES); 2509173138Srwatson } 2510173138Srwatson 2511106418Srwatson return (0); 2512106418Srwatson} 2513106418Srwatson 2514106418Srwatsonstatic int 2515173138Srwatsonbiba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 2516173138Srwatson struct label *shmseglabel, int cmd) 2517168933Srwatson{ 2518168933Srwatson struct mac_biba *subj, *obj; 2519168933Srwatson 2520172955Srwatson if (!biba_enabled) 2521168933Srwatson return (0); 2522168933Srwatson 2523168933Srwatson subj = SLOT(cred->cr_label); 2524173138Srwatson obj = SLOT(shmseglabel); 2525168933Srwatson 2526173138Srwatson switch(cmd) { 2527173138Srwatson case IPC_RMID: 2528173138Srwatson case IPC_SET: 2529173138Srwatson if (!biba_dominate_effective(subj, obj)) 2530173138Srwatson return (EACCES); 2531173138Srwatson break; 2532168933Srwatson 2533173138Srwatson case IPC_STAT: 2534173138Srwatson case SHM_STAT: 2535173138Srwatson if (!biba_dominate_effective(obj, subj)) 2536173138Srwatson return (EACCES); 2537173138Srwatson break; 2538168933Srwatson 2539173138Srwatson default: 2540168933Srwatson return (EACCES); 2541173138Srwatson } 2542168933Srwatson 2543168933Srwatson return (0); 2544168933Srwatson} 2545168933Srwatson 2546168933Srwatsonstatic int 2547173138Srwatsonbiba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 2548173138Srwatson struct label *shmseglabel, int shmflg) 2549168933Srwatson{ 2550173138Srwatson struct mac_biba *subj, *obj; 2551168933Srwatson 2552172955Srwatson if (!biba_enabled) 2553168933Srwatson return (0); 2554168933Srwatson 2555168933Srwatson subj = SLOT(cred->cr_label); 2556173138Srwatson obj = SLOT(shmseglabel); 2557168933Srwatson 2558173138Srwatson if (!biba_dominate_effective(obj, subj)) 2559173138Srwatson return (EACCES); 2560168933Srwatson 2561168933Srwatson return (0); 2562168933Srwatson} 2563168933Srwatson 2564173138Srwatsonstatic void 2565173138Srwatsonbiba_sysvshm_cleanup(struct label *shmlabel) 2566106161Srwatson{ 2567106161Srwatson 2568173138Srwatson bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 2569173138Srwatson} 2570106161Srwatson 2571173138Srwatsonstatic void 2572173138Srwatsonbiba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2573173138Srwatson struct label *shmlabel) 2574173138Srwatson{ 2575173138Srwatson struct mac_biba *source, *dest; 2576106161Srwatson 2577173138Srwatson source = SLOT(cred->cr_label); 2578173138Srwatson dest = SLOT(shmlabel); 2579106161Srwatson 2580173138Srwatson biba_copy_effective(source, dest); 2581106161Srwatson} 2582106161Srwatson 2583106161Srwatsonstatic int 2584173138Srwatsonbiba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2585173138Srwatson struct vnode *vp, struct label *vplabel) 2586112574Srwatson{ 2587173138Srwatson struct mac_biba mb_temp, *source, *dest; 2588173138Srwatson int buflen, error; 2589112574Srwatson 2590173138Srwatson source = SLOT(mplabel); 2591173138Srwatson dest = SLOT(vplabel); 2592112574Srwatson 2593173138Srwatson buflen = sizeof(mb_temp); 2594173138Srwatson bzero(&mb_temp, buflen); 2595112574Srwatson 2596173138Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 2597173138Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); 2598173138Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 2599173138Srwatson /* Fall back to the mntlabel. */ 2600173138Srwatson biba_copy_effective(source, dest); 2601173138Srwatson return (0); 2602173138Srwatson } else if (error) 2603112574Srwatson return (error); 2604112574Srwatson 2605173138Srwatson if (buflen != sizeof(mb_temp)) { 2606173138Srwatson printf("biba_vnode_associate_extattr: bad size %d\n", 2607173138Srwatson buflen); 2608173138Srwatson return (EPERM); 2609173138Srwatson } 2610173138Srwatson if (biba_valid(&mb_temp) != 0) { 2611173138Srwatson printf("biba_vnode_associate_extattr: invalid\n"); 2612173138Srwatson return (EPERM); 2613173138Srwatson } 2614173138Srwatson if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != 2615173138Srwatson MAC_BIBA_FLAG_EFFECTIVE) { 2616173138Srwatson printf("biba_vnode_associate_extattr: not effective\n"); 2617173138Srwatson return (EPERM); 2618173138Srwatson } 2619173138Srwatson 2620173138Srwatson biba_copy_effective(&mb_temp, dest); 2621112574Srwatson return (0); 2622112574Srwatson} 2623112574Srwatson 2624173138Srwatsonstatic void 2625173138Srwatsonbiba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2626173138Srwatson struct vnode *vp, struct label *vplabel) 2627106161Srwatson{ 2628173138Srwatson struct mac_biba *source, *dest; 2629106161Srwatson 2630173138Srwatson source = SLOT(mplabel); 2631173138Srwatson dest = SLOT(vplabel); 2632106161Srwatson 2633173138Srwatson biba_copy_effective(source, dest); 2634106161Srwatson} 2635106161Srwatson 2636106161Srwatsonstatic int 2637172955Srwatsonbiba_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2638168976Srwatson struct label *dvplabel) 2639101099Srwatson{ 2640101099Srwatson struct mac_biba *subj, *obj; 2641101099Srwatson 2642172955Srwatson if (!biba_enabled) 2643101099Srwatson return (0); 2644101099Srwatson 2645122524Srwatson subj = SLOT(cred->cr_label); 2646168976Srwatson obj = SLOT(dvplabel); 2647101099Srwatson 2648172955Srwatson if (!biba_dominate_effective(obj, subj)) 2649101099Srwatson return (EACCES); 2650101099Srwatson 2651101099Srwatson return (0); 2652101099Srwatson} 2653101099Srwatson 2654101099Srwatsonstatic int 2655172955Srwatsonbiba_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2656168976Srwatson struct label *dvplabel) 2657101099Srwatson{ 2658101099Srwatson struct mac_biba *subj, *obj; 2659101099Srwatson 2660172955Srwatson if (!biba_enabled) 2661101099Srwatson return (0); 2662101099Srwatson 2663122524Srwatson subj = SLOT(cred->cr_label); 2664168976Srwatson obj = SLOT(dvplabel); 2665101099Srwatson 2666172955Srwatson if (!biba_dominate_effective(obj, subj)) 2667101099Srwatson return (EACCES); 2668101099Srwatson 2669101099Srwatson return (0); 2670101099Srwatson} 2671101099Srwatson 2672101099Srwatsonstatic int 2673172955Srwatsonbiba_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2674168976Srwatson struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2675101099Srwatson{ 2676101099Srwatson struct mac_biba *subj, *obj; 2677101099Srwatson 2678172955Srwatson if (!biba_enabled) 2679101099Srwatson return (0); 2680101099Srwatson 2681122524Srwatson subj = SLOT(cred->cr_label); 2682168976Srwatson obj = SLOT(dvplabel); 2683101099Srwatson 2684172955Srwatson if (!biba_dominate_effective(subj, obj)) 2685101099Srwatson return (EACCES); 2686101099Srwatson 2687101099Srwatson return (0); 2688101099Srwatson} 2689101099Srwatson 2690101099Srwatsonstatic int 2691172955Srwatsonbiba_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2692168976Srwatson struct label *vplabel, acl_type_t type) 2693101099Srwatson{ 2694101099Srwatson struct mac_biba *subj, *obj; 2695101099Srwatson 2696172955Srwatson if (!biba_enabled) 2697101099Srwatson return (0); 2698101099Srwatson 2699122524Srwatson subj = SLOT(cred->cr_label); 2700168976Srwatson obj = SLOT(vplabel); 2701101099Srwatson 2702172955Srwatson if (!biba_dominate_effective(subj, obj)) 2703101099Srwatson return (EACCES); 2704101099Srwatson 2705101099Srwatson return (0); 2706101099Srwatson} 2707101099Srwatson 2708101099Srwatsonstatic int 2709172955Srwatsonbiba_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2710168976Srwatson struct label *vplabel, int attrnamespace, const char *name) 2711119202Srwatson{ 2712119202Srwatson struct mac_biba *subj, *obj; 2713119202Srwatson 2714172955Srwatson if (!biba_enabled) 2715119202Srwatson return (0); 2716119202Srwatson 2717122524Srwatson subj = SLOT(cred->cr_label); 2718168976Srwatson obj = SLOT(vplabel); 2719119202Srwatson 2720172955Srwatson if (!biba_dominate_effective(subj, obj)) 2721119202Srwatson return (EACCES); 2722119202Srwatson 2723119202Srwatson return (0); 2724119202Srwatson} 2725119202Srwatson 2726119202Srwatsonstatic int 2727172955Srwatsonbiba_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2728168976Srwatson struct label *vplabel, struct image_params *imgp, 2729106648Srwatson struct label *execlabel) 2730101099Srwatson{ 2731106648Srwatson struct mac_biba *subj, *obj, *exec; 2732106648Srwatson int error; 2733101099Srwatson 2734106648Srwatson if (execlabel != NULL) { 2735106648Srwatson /* 2736106648Srwatson * We currently don't permit labels to be changed at 2737172955Srwatson * exec-time as part of Biba, so disallow non-NULL Biba label 2738172955Srwatson * elements in the execlabel. 2739106648Srwatson */ 2740106648Srwatson exec = SLOT(execlabel); 2741106648Srwatson error = biba_atmostflags(exec, 0); 2742106648Srwatson if (error) 2743106648Srwatson return (error); 2744106648Srwatson } 2745106648Srwatson 2746172955Srwatson if (!biba_enabled) 2747101099Srwatson return (0); 2748101099Srwatson 2749122524Srwatson subj = SLOT(cred->cr_label); 2750168976Srwatson obj = SLOT(vplabel); 2751101099Srwatson 2752172955Srwatson if (!biba_dominate_effective(obj, subj)) 2753101099Srwatson return (EACCES); 2754101099Srwatson 2755101099Srwatson return (0); 2756101099Srwatson} 2757101099Srwatson 2758101099Srwatsonstatic int 2759172955Srwatsonbiba_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2760168976Srwatson struct label *vplabel, acl_type_t type) 2761101099Srwatson{ 2762101099Srwatson struct mac_biba *subj, *obj; 2763101099Srwatson 2764172955Srwatson if (!biba_enabled) 2765101099Srwatson return (0); 2766101099Srwatson 2767122524Srwatson subj = SLOT(cred->cr_label); 2768168976Srwatson obj = SLOT(vplabel); 2769101099Srwatson 2770172955Srwatson if (!biba_dominate_effective(obj, subj)) 2771101099Srwatson return (EACCES); 2772101099Srwatson 2773101099Srwatson return (0); 2774101099Srwatson} 2775101099Srwatson 2776101099Srwatsonstatic int 2777172955Srwatsonbiba_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2778168976Srwatson struct label *vplabel, int attrnamespace, const char *name, 2779168976Srwatson struct uio *uio) 2780101099Srwatson{ 2781101099Srwatson struct mac_biba *subj, *obj; 2782101099Srwatson 2783172955Srwatson if (!biba_enabled) 2784101099Srwatson return (0); 2785101099Srwatson 2786122524Srwatson subj = SLOT(cred->cr_label); 2787168976Srwatson obj = SLOT(vplabel); 2788101099Srwatson 2789172955Srwatson if (!biba_dominate_effective(obj, subj)) 2790101099Srwatson return (EACCES); 2791101099Srwatson 2792101099Srwatson return (0); 2793101099Srwatson} 2794101099Srwatson 2795101099Srwatsonstatic int 2796172955Srwatsonbiba_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2797168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2798104530Srwatson struct componentname *cnp) 2799104530Srwatson{ 2800104530Srwatson struct mac_biba *subj, *obj; 2801104530Srwatson 2802172955Srwatson if (!biba_enabled) 2803104530Srwatson return (0); 2804104530Srwatson 2805122524Srwatson subj = SLOT(cred->cr_label); 2806168976Srwatson obj = SLOT(dvplabel); 2807104530Srwatson 2808172955Srwatson if (!biba_dominate_effective(subj, obj)) 2809104530Srwatson return (EACCES); 2810104530Srwatson 2811168976Srwatson obj = SLOT(vplabel); 2812104530Srwatson 2813172955Srwatson if (!biba_dominate_effective(subj, obj)) 2814104530Srwatson return (EACCES); 2815104530Srwatson 2816104530Srwatson return (0); 2817104530Srwatson} 2818104530Srwatson 2819104530Srwatsonstatic int 2820172955Srwatsonbiba_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2821168976Srwatson struct label *vplabel, int attrnamespace) 2822119202Srwatson{ 2823119202Srwatson struct mac_biba *subj, *obj; 2824119202Srwatson 2825172955Srwatson if (!biba_enabled) 2826119202Srwatson return (0); 2827119202Srwatson 2828122524Srwatson subj = SLOT(cred->cr_label); 2829168976Srwatson obj = SLOT(vplabel); 2830119202Srwatson 2831172955Srwatson if (!biba_dominate_effective(obj, subj)) 2832119202Srwatson return (EACCES); 2833119202Srwatson 2834119202Srwatson return (0); 2835119202Srwatson} 2836119202Srwatson 2837119202Srwatsonstatic int 2838172955Srwatsonbiba_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2839168976Srwatson struct label *dvplabel, struct componentname *cnp) 2840101099Srwatson{ 2841101099Srwatson struct mac_biba *subj, *obj; 2842103759Srwatson 2843172955Srwatson if (!biba_enabled) 2844101099Srwatson return (0); 2845103759Srwatson 2846122524Srwatson subj = SLOT(cred->cr_label); 2847168976Srwatson obj = SLOT(dvplabel); 2848103759Srwatson 2849172955Srwatson if (!biba_dominate_effective(obj, subj)) 2850101099Srwatson return (EACCES); 2851101099Srwatson 2852103759Srwatson return (0); 2853101099Srwatson} 2854101099Srwatson 2855101099Srwatsonstatic int 2856172955Srwatsonbiba_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2857168976Srwatson struct label *vplabel, int prot, int flags) 2858104546Srwatson{ 2859104546Srwatson struct mac_biba *subj, *obj; 2860104546Srwatson 2861104546Srwatson /* 2862104546Srwatson * Rely on the use of open()-time protections to handle 2863104546Srwatson * non-revocation cases. 2864104546Srwatson */ 2865172955Srwatson if (!biba_enabled || !revocation_enabled) 2866104546Srwatson return (0); 2867104546Srwatson 2868122524Srwatson subj = SLOT(cred->cr_label); 2869168976Srwatson obj = SLOT(vplabel); 2870104546Srwatson 2871104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2872172955Srwatson if (!biba_dominate_effective(obj, subj)) 2873104546Srwatson return (EACCES); 2874104546Srwatson } 2875145076Scsjp if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 2876172955Srwatson if (!biba_dominate_effective(subj, obj)) 2877104546Srwatson return (EACCES); 2878104546Srwatson } 2879104546Srwatson 2880104569Srwatson return (0); 2881104546Srwatson} 2882104546Srwatson 2883104546Srwatsonstatic int 2884172955Srwatsonbiba_vnode_check_open(struct ucred *cred, struct vnode *vp, 2885168976Srwatson struct label *vplabel, int acc_mode) 2886101099Srwatson{ 2887101099Srwatson struct mac_biba *subj, *obj; 2888101099Srwatson 2889172955Srwatson if (!biba_enabled) 2890101099Srwatson return (0); 2891101099Srwatson 2892122524Srwatson subj = SLOT(cred->cr_label); 2893168976Srwatson obj = SLOT(vplabel); 2894101099Srwatson 2895101099Srwatson /* XXX privilege override for admin? */ 2896101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 2897172955Srwatson if (!biba_dominate_effective(obj, subj)) 2898101099Srwatson return (EACCES); 2899101099Srwatson } 2900101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 2901172955Srwatson if (!biba_dominate_effective(subj, obj)) 2902101099Srwatson return (EACCES); 2903101099Srwatson } 2904101099Srwatson 2905101099Srwatson return (0); 2906101099Srwatson} 2907101099Srwatson 2908101099Srwatsonstatic int 2909172955Srwatsonbiba_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2910168976Srwatson struct vnode *vp, struct label *vplabel) 2911102112Srwatson{ 2912102112Srwatson struct mac_biba *subj, *obj; 2913102112Srwatson 2914172955Srwatson if (!biba_enabled || !revocation_enabled) 2915102112Srwatson return (0); 2916102112Srwatson 2917122524Srwatson subj = SLOT(active_cred->cr_label); 2918168976Srwatson obj = SLOT(vplabel); 2919102112Srwatson 2920172955Srwatson if (!biba_dominate_effective(obj, subj)) 2921102112Srwatson return (EACCES); 2922102112Srwatson 2923102112Srwatson return (0); 2924102112Srwatson} 2925102112Srwatson 2926102112Srwatsonstatic int 2927172955Srwatsonbiba_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2928168976Srwatson struct vnode *vp, struct label *vplabel) 2929102112Srwatson{ 2930102112Srwatson struct mac_biba *subj, *obj; 2931102112Srwatson 2932172955Srwatson if (!biba_enabled || !revocation_enabled) 2933102112Srwatson return (0); 2934102112Srwatson 2935122524Srwatson subj = SLOT(active_cred->cr_label); 2936168976Srwatson obj = SLOT(vplabel); 2937102112Srwatson 2938172955Srwatson if (!biba_dominate_effective(obj, subj)) 2939102112Srwatson return (EACCES); 2940102112Srwatson 2941102112Srwatson return (0); 2942102112Srwatson} 2943102112Srwatson 2944102112Srwatsonstatic int 2945172955Srwatsonbiba_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2946168976Srwatson struct label *dvplabel) 2947101099Srwatson{ 2948101099Srwatson struct mac_biba *subj, *obj; 2949101099Srwatson 2950172955Srwatson if (!biba_enabled) 2951101099Srwatson return (0); 2952101099Srwatson 2953122524Srwatson subj = SLOT(cred->cr_label); 2954168976Srwatson obj = SLOT(dvplabel); 2955101099Srwatson 2956172955Srwatson if (!biba_dominate_effective(obj, subj)) 2957101099Srwatson return (EACCES); 2958101099Srwatson 2959101099Srwatson return (0); 2960101099Srwatson} 2961101099Srwatson 2962101099Srwatsonstatic int 2963172955Srwatsonbiba_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2964168976Srwatson struct label *vplabel) 2965101099Srwatson{ 2966101099Srwatson struct mac_biba *subj, *obj; 2967101099Srwatson 2968172955Srwatson if (!biba_enabled) 2969101099Srwatson return (0); 2970101099Srwatson 2971122524Srwatson subj = SLOT(cred->cr_label); 2972168976Srwatson obj = SLOT(vplabel); 2973101099Srwatson 2974172955Srwatson if (!biba_dominate_effective(obj, subj)) 2975101099Srwatson return (EACCES); 2976101099Srwatson 2977101099Srwatson return (0); 2978101099Srwatson} 2979101099Srwatson 2980101099Srwatsonstatic int 2981172955Srwatsonbiba_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2982168976Srwatson struct label *vplabel, struct label *newlabel) 2983101099Srwatson{ 2984101099Srwatson struct mac_biba *old, *new, *subj; 2985105634Srwatson int error; 2986101099Srwatson 2987168976Srwatson old = SLOT(vplabel); 2988101099Srwatson new = SLOT(newlabel); 2989122524Srwatson subj = SLOT(cred->cr_label); 2990101099Srwatson 2991101099Srwatson /* 2992105634Srwatson * If there is a Biba label update for the vnode, it must be a 2993132232Srwatson * effective label. 2994101099Srwatson */ 2995132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2996105634Srwatson if (error) 2997105634Srwatson return (error); 2998101099Srwatson 2999101099Srwatson /* 3000105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 3001105634Srwatson * authorize the relabel. 3002101099Srwatson */ 3003172955Srwatson if (!biba_effective_in_range(old, subj)) 3004101099Srwatson return (EPERM); 3005101099Srwatson 3006101099Srwatson /* 3007105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 3008101099Srwatson */ 3009132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 3010105634Srwatson /* 3011105634Srwatson * To change the Biba label on a vnode, the new vnode label 3012105634Srwatson * must be in the subject range. 3013105634Srwatson */ 3014172955Srwatson if (!biba_effective_in_range(new, subj)) 3015105634Srwatson return (EPERM); 3016101099Srwatson 3017105634Srwatson /* 3018172955Srwatson * To change the Biba label on the vnode to be EQUAL, the 3019172955Srwatson * subject must have appropriate privilege. 3020105634Srwatson */ 3021172955Srwatson if (biba_contains_equal(new)) { 3022172955Srwatson error = biba_subject_privileged(subj); 3023105634Srwatson if (error) 3024105634Srwatson return (error); 3025105634Srwatson } 3026105634Srwatson } 3027105634Srwatson 3028105634Srwatson return (0); 3029101099Srwatson} 3030101099Srwatson 3031101099Srwatsonstatic int 3032172955Srwatsonbiba_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 3033168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3034101099Srwatson struct componentname *cnp) 3035101099Srwatson{ 3036101099Srwatson struct mac_biba *subj, *obj; 3037101099Srwatson 3038172955Srwatson if (!biba_enabled) 3039101099Srwatson return (0); 3040101099Srwatson 3041122524Srwatson subj = SLOT(cred->cr_label); 3042168976Srwatson obj = SLOT(dvplabel); 3043101099Srwatson 3044172955Srwatson if (!biba_dominate_effective(subj, obj)) 3045101099Srwatson return (EACCES); 3046101099Srwatson 3047168976Srwatson obj = SLOT(vplabel); 3048101099Srwatson 3049172955Srwatson if (!biba_dominate_effective(subj, obj)) 3050101099Srwatson return (EACCES); 3051101099Srwatson 3052101099Srwatson return (0); 3053101099Srwatson} 3054101099Srwatson 3055101099Srwatsonstatic int 3056172955Srwatsonbiba_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 3057168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3058168976Srwatson int samedir, struct componentname *cnp) 3059101099Srwatson{ 3060101099Srwatson struct mac_biba *subj, *obj; 3061101099Srwatson 3062172955Srwatson if (!biba_enabled) 3063101099Srwatson return (0); 3064101099Srwatson 3065122524Srwatson subj = SLOT(cred->cr_label); 3066168976Srwatson obj = SLOT(dvplabel); 3067101099Srwatson 3068172955Srwatson if (!biba_dominate_effective(subj, obj)) 3069101099Srwatson return (EACCES); 3070101099Srwatson 3071101099Srwatson if (vp != NULL) { 3072168976Srwatson obj = SLOT(vplabel); 3073101099Srwatson 3074172955Srwatson if (!biba_dominate_effective(subj, obj)) 3075101099Srwatson return (EACCES); 3076101099Srwatson } 3077101099Srwatson 3078101099Srwatson return (0); 3079101099Srwatson} 3080101099Srwatson 3081101099Srwatsonstatic int 3082172955Srwatsonbiba_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 3083168976Srwatson struct label *vplabel) 3084101099Srwatson{ 3085101099Srwatson struct mac_biba *subj, *obj; 3086101099Srwatson 3087172955Srwatson if (!biba_enabled) 3088101099Srwatson return (0); 3089101099Srwatson 3090122524Srwatson subj = SLOT(cred->cr_label); 3091168976Srwatson obj = SLOT(vplabel); 3092101099Srwatson 3093172955Srwatson if (!biba_dominate_effective(subj, obj)) 3094101099Srwatson return (EACCES); 3095101099Srwatson 3096101099Srwatson return (0); 3097101099Srwatson} 3098101099Srwatson 3099101099Srwatsonstatic int 3100172955Srwatsonbiba_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 3101168976Srwatson struct label *vplabel, acl_type_t type, struct acl *acl) 3102101099Srwatson{ 3103101099Srwatson struct mac_biba *subj, *obj; 3104101099Srwatson 3105172955Srwatson if (!biba_enabled) 3106101099Srwatson return (0); 3107101099Srwatson 3108122524Srwatson subj = SLOT(cred->cr_label); 3109168976Srwatson obj = SLOT(vplabel); 3110101099Srwatson 3111172955Srwatson if (!biba_dominate_effective(subj, obj)) 3112101099Srwatson return (EACCES); 3113101099Srwatson 3114101099Srwatson return (0); 3115101099Srwatson} 3116101099Srwatson 3117101099Srwatsonstatic int 3118172955Srwatsonbiba_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 3119168976Srwatson struct label *vplabel, int attrnamespace, const char *name, 3120101099Srwatson struct uio *uio) 3121101099Srwatson{ 3122101099Srwatson struct mac_biba *subj, *obj; 3123101099Srwatson 3124172955Srwatson if (!biba_enabled) 3125101099Srwatson return (0); 3126101099Srwatson 3127122524Srwatson subj = SLOT(cred->cr_label); 3128168976Srwatson obj = SLOT(vplabel); 3129101099Srwatson 3130172955Srwatson if (!biba_dominate_effective(subj, obj)) 3131101099Srwatson return (EACCES); 3132101099Srwatson 3133101099Srwatson /* XXX: protect the MAC EA in a special way? */ 3134101099Srwatson 3135101099Srwatson return (0); 3136101099Srwatson} 3137101099Srwatson 3138101099Srwatsonstatic int 3139172955Srwatsonbiba_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 3140168976Srwatson struct label *vplabel, u_long flags) 3141101099Srwatson{ 3142101099Srwatson struct mac_biba *subj, *obj; 3143101099Srwatson 3144172955Srwatson if (!biba_enabled) 3145101099Srwatson return (0); 3146101099Srwatson 3147122524Srwatson subj = SLOT(cred->cr_label); 3148168976Srwatson obj = SLOT(vplabel); 3149101099Srwatson 3150172955Srwatson if (!biba_dominate_effective(subj, obj)) 3151101099Srwatson return (EACCES); 3152101099Srwatson 3153101099Srwatson return (0); 3154101099Srwatson} 3155101099Srwatson 3156101099Srwatsonstatic int 3157172955Srwatsonbiba_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3158168976Srwatson struct label *vplabel, mode_t mode) 3159101099Srwatson{ 3160101099Srwatson struct mac_biba *subj, *obj; 3161101099Srwatson 3162172955Srwatson if (!biba_enabled) 3163101099Srwatson return (0); 3164101099Srwatson 3165122524Srwatson subj = SLOT(cred->cr_label); 3166168976Srwatson obj = SLOT(vplabel); 3167101099Srwatson 3168172955Srwatson if (!biba_dominate_effective(subj, obj)) 3169101099Srwatson return (EACCES); 3170101099Srwatson 3171101099Srwatson return (0); 3172101099Srwatson} 3173101099Srwatson 3174101099Srwatsonstatic int 3175172955Srwatsonbiba_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3176168976Srwatson struct label *vplabel, uid_t uid, gid_t gid) 3177101099Srwatson{ 3178101099Srwatson struct mac_biba *subj, *obj; 3179101099Srwatson 3180172955Srwatson if (!biba_enabled) 3181101099Srwatson return (0); 3182101099Srwatson 3183122524Srwatson subj = SLOT(cred->cr_label); 3184168976Srwatson obj = SLOT(vplabel); 3185101099Srwatson 3186172955Srwatson if (!biba_dominate_effective(subj, obj)) 3187101099Srwatson return (EACCES); 3188101099Srwatson 3189101099Srwatson return (0); 3190101099Srwatson} 3191101099Srwatson 3192101099Srwatsonstatic int 3193172955Srwatsonbiba_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3194168976Srwatson struct label *vplabel, struct timespec atime, struct timespec mtime) 3195101099Srwatson{ 3196101099Srwatson struct mac_biba *subj, *obj; 3197101099Srwatson 3198172955Srwatson if (!biba_enabled) 3199101099Srwatson return (0); 3200101099Srwatson 3201122524Srwatson subj = SLOT(cred->cr_label); 3202168976Srwatson obj = SLOT(vplabel); 3203101099Srwatson 3204172955Srwatson if (!biba_dominate_effective(subj, obj)) 3205101099Srwatson return (EACCES); 3206101099Srwatson 3207101099Srwatson return (0); 3208101099Srwatson} 3209101099Srwatson 3210101099Srwatsonstatic int 3211172955Srwatsonbiba_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3212168976Srwatson struct vnode *vp, struct label *vplabel) 3213101099Srwatson{ 3214101099Srwatson struct mac_biba *subj, *obj; 3215101099Srwatson 3216172955Srwatson if (!biba_enabled) 3217101099Srwatson return (0); 3218101099Srwatson 3219122524Srwatson subj = SLOT(active_cred->cr_label); 3220168976Srwatson obj = SLOT(vplabel); 3221101099Srwatson 3222172955Srwatson if (!biba_dominate_effective(obj, subj)) 3223101099Srwatson return (EACCES); 3224101099Srwatson 3225101099Srwatson return (0); 3226101099Srwatson} 3227101099Srwatson 3228102112Srwatsonstatic int 3229172955Srwatsonbiba_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3230172107Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3231172107Srwatson struct componentname *cnp) 3232172107Srwatson{ 3233172107Srwatson struct mac_biba *subj, *obj; 3234172107Srwatson 3235172955Srwatson if (!biba_enabled) 3236172107Srwatson return (0); 3237172107Srwatson 3238172107Srwatson subj = SLOT(cred->cr_label); 3239172107Srwatson obj = SLOT(dvplabel); 3240172107Srwatson 3241172955Srwatson if (!biba_dominate_effective(subj, obj)) 3242172107Srwatson return (EACCES); 3243172107Srwatson 3244172107Srwatson obj = SLOT(vplabel); 3245172107Srwatson 3246172955Srwatson if (!biba_dominate_effective(subj, obj)) 3247172107Srwatson return (EACCES); 3248172107Srwatson 3249172107Srwatson return (0); 3250172107Srwatson} 3251172107Srwatson 3252172107Srwatsonstatic int 3253172955Srwatsonbiba_vnode_check_write(struct ucred *active_cred, 3254168976Srwatson struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3255102112Srwatson{ 3256102112Srwatson struct mac_biba *subj, *obj; 3257102112Srwatson 3258172955Srwatson if (!biba_enabled || !revocation_enabled) 3259102112Srwatson return (0); 3260102112Srwatson 3261122524Srwatson subj = SLOT(active_cred->cr_label); 3262168976Srwatson obj = SLOT(vplabel); 3263102112Srwatson 3264172955Srwatson if (!biba_dominate_effective(subj, obj)) 3265102112Srwatson return (EACCES); 3266102112Srwatson 3267102112Srwatson return (0); 3268102112Srwatson} 3269102112Srwatson 3270173138Srwatsonstatic int 3271173138Srwatsonbiba_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3272173138Srwatson struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3273173138Srwatson struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3274165150Scsjp{ 3275173138Srwatson struct mac_biba *source, *dest, mb_temp; 3276173138Srwatson size_t buflen; 3277173138Srwatson int error; 3278165150Scsjp 3279173138Srwatson buflen = sizeof(mb_temp); 3280173138Srwatson bzero(&mb_temp, buflen); 3281173138Srwatson 3282173138Srwatson source = SLOT(cred->cr_label); 3283173138Srwatson dest = SLOT(vplabel); 3284173138Srwatson biba_copy_effective(source, &mb_temp); 3285173138Srwatson 3286173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3287173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3288173138Srwatson if (error == 0) 3289173138Srwatson biba_copy_effective(source, dest); 3290173138Srwatson return (error); 3291165150Scsjp} 3292165150Scsjp 3293165150Scsjpstatic void 3294173138Srwatsonbiba_vnode_relabel(struct ucred *cred, struct vnode *vp, 3295173138Srwatson struct label *vplabel, struct label *newlabel) 3296165150Scsjp{ 3297165150Scsjp struct mac_biba *source, *dest; 3298165150Scsjp 3299173138Srwatson source = SLOT(newlabel); 3300173138Srwatson dest = SLOT(vplabel); 3301173138Srwatson 3302173138Srwatson biba_copy(source, dest); 3303165150Scsjp} 3304165150Scsjp 3305173138Srwatsonstatic int 3306173138Srwatsonbiba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3307173138Srwatson struct label *vplabel, struct label *intlabel) 3308173138Srwatson{ 3309173138Srwatson struct mac_biba *source, mb_temp; 3310173138Srwatson size_t buflen; 3311173138Srwatson int error; 3312173138Srwatson 3313173138Srwatson buflen = sizeof(mb_temp); 3314173138Srwatson bzero(&mb_temp, buflen); 3315173138Srwatson 3316173138Srwatson source = SLOT(intlabel); 3317173138Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 3318173138Srwatson return (0); 3319173138Srwatson 3320173138Srwatson biba_copy_effective(source, &mb_temp); 3321173138Srwatson 3322173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3323173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3324173138Srwatson return (error); 3325173138Srwatson} 3326173138Srwatson 3327106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 3328101099Srwatson{ 3329172955Srwatson .mpo_init = biba_init, 3330173138Srwatson 3331173138Srwatson .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3332173138Srwatson .mpo_bpfdesc_create = biba_bpfdesc_create, 3333173138Srwatson .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3334173138Srwatson .mpo_bpfdesc_destroy_label = biba_destroy_label, 3335172955Srwatson .mpo_bpfdesc_init_label = biba_init_label, 3336173138Srwatson 3337173138Srwatson .mpo_cred_check_relabel = biba_cred_check_relabel, 3338173138Srwatson .mpo_cred_check_visible = biba_cred_check_visible, 3339173138Srwatson .mpo_cred_copy_label = biba_copy_label, 3340172955Srwatson .mpo_cred_destroy_label = biba_destroy_label, 3341172955Srwatson .mpo_cred_externalize_label = biba_externalize_label, 3342173138Srwatson .mpo_cred_init_label = biba_init_label, 3343172955Srwatson .mpo_cred_internalize_label = biba_internalize_label, 3344173138Srwatson .mpo_cred_relabel = biba_cred_relabel, 3345173138Srwatson 3346172955Srwatson .mpo_devfs_create_device = biba_devfs_create_device, 3347172955Srwatson .mpo_devfs_create_directory = biba_devfs_create_directory, 3348172955Srwatson .mpo_devfs_create_symlink = biba_devfs_create_symlink, 3349173138Srwatson .mpo_devfs_destroy_label = biba_destroy_label, 3350173138Srwatson .mpo_devfs_init_label = biba_init_label, 3351172955Srwatson .mpo_devfs_update = biba_devfs_update, 3352172955Srwatson .mpo_devfs_vnode_associate = biba_devfs_vnode_associate, 3353173138Srwatson 3354173138Srwatson .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, 3355173138Srwatson .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, 3356173138Srwatson .mpo_ifnet_copy_label = biba_copy_label, 3357172955Srwatson .mpo_ifnet_create = biba_ifnet_create, 3358173138Srwatson .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3359173138Srwatson .mpo_ifnet_destroy_label = biba_destroy_label, 3360173138Srwatson .mpo_ifnet_externalize_label = biba_externalize_label, 3361173138Srwatson .mpo_ifnet_init_label = biba_init_label, 3362173138Srwatson .mpo_ifnet_internalize_label = biba_internalize_label, 3363173138Srwatson .mpo_ifnet_relabel = biba_ifnet_relabel, 3364173138Srwatson 3365173138Srwatson .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, 3366183980Sbz .mpo_inpcb_check_visible = biba_inpcb_check_visible, 3367172955Srwatson .mpo_inpcb_create = biba_inpcb_create, 3368173138Srwatson .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, 3369173138Srwatson .mpo_inpcb_destroy_label = biba_destroy_label, 3370173138Srwatson .mpo_inpcb_init_label = biba_init_label_waitcheck, 3371173138Srwatson .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3372173138Srwatson 3373184308Srwatson .mpo_ip6q_create = biba_ip6q_create, 3374184308Srwatson .mpo_ip6q_destroy_label = biba_destroy_label, 3375184308Srwatson .mpo_ip6q_init_label = biba_init_label_waitcheck, 3376184308Srwatson .mpo_ip6q_match = biba_ip6q_match, 3377184308Srwatson .mpo_ip6q_reassemble = biba_ip6q_reassemble, 3378184308Srwatson .mpo_ip6q_update = biba_ip6q_update, 3379184308Srwatson 3380172955Srwatson .mpo_ipq_create = biba_ipq_create, 3381173138Srwatson .mpo_ipq_destroy_label = biba_destroy_label, 3382173138Srwatson .mpo_ipq_init_label = biba_init_label_waitcheck, 3383172955Srwatson .mpo_ipq_match = biba_ipq_match, 3384173138Srwatson .mpo_ipq_reassemble = biba_ipq_reassemble, 3385172955Srwatson .mpo_ipq_update = biba_ipq_update, 3386173138Srwatson 3387172955Srwatson .mpo_kld_check_load = biba_kld_check_load, 3388173138Srwatson 3389173138Srwatson .mpo_mbuf_copy_label = biba_copy_label, 3390173138Srwatson .mpo_mbuf_destroy_label = biba_destroy_label, 3391173138Srwatson .mpo_mbuf_init_label = biba_init_label_waitcheck, 3392173138Srwatson 3393172955Srwatson .mpo_mount_check_stat = biba_mount_check_stat, 3394173138Srwatson .mpo_mount_create = biba_mount_create, 3395173138Srwatson .mpo_mount_destroy_label = biba_destroy_label, 3396173138Srwatson .mpo_mount_init_label = biba_init_label, 3397173138Srwatson 3398173138Srwatson .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, 3399173138Srwatson 3400173138Srwatson .mpo_netinet_arp_send = biba_netinet_arp_send, 3401173138Srwatson .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, 3402173138Srwatson .mpo_netinet_firewall_send = biba_netinet_firewall_send, 3403173138Srwatson .mpo_netinet_fragment = biba_netinet_fragment, 3404173138Srwatson .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, 3405173138Srwatson .mpo_netinet_igmp_send = biba_netinet_igmp_send, 3406173138Srwatson 3407173138Srwatson .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, 3408173138Srwatson 3409172955Srwatson .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, 3410172955Srwatson .mpo_pipe_check_poll = biba_pipe_check_poll, 3411172955Srwatson .mpo_pipe_check_read = biba_pipe_check_read, 3412172955Srwatson .mpo_pipe_check_relabel = biba_pipe_check_relabel, 3413172955Srwatson .mpo_pipe_check_stat = biba_pipe_check_stat, 3414172955Srwatson .mpo_pipe_check_write = biba_pipe_check_write, 3415173138Srwatson .mpo_pipe_copy_label = biba_copy_label, 3416173138Srwatson .mpo_pipe_create = biba_pipe_create, 3417173138Srwatson .mpo_pipe_destroy_label = biba_destroy_label, 3418173138Srwatson .mpo_pipe_externalize_label = biba_externalize_label, 3419173138Srwatson .mpo_pipe_init_label = biba_init_label, 3420173138Srwatson .mpo_pipe_internalize_label = biba_internalize_label, 3421173138Srwatson .mpo_pipe_relabel = biba_pipe_relabel, 3422173138Srwatson 3423172955Srwatson .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3424180059Sjhb .mpo_posixsem_check_open = biba_posixsem_check_openunlink, 3425172955Srwatson .mpo_posixsem_check_post = biba_posixsem_check_write, 3426180059Sjhb .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3427180059Sjhb .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, 3428172955Srwatson .mpo_posixsem_check_wait = biba_posixsem_check_write, 3429173138Srwatson .mpo_posixsem_create = biba_posixsem_create, 3430173138Srwatson .mpo_posixsem_destroy_label = biba_destroy_label, 3431173138Srwatson .mpo_posixsem_init_label = biba_init_label, 3432173138Srwatson 3433173138Srwatson .mpo_priv_check = biba_priv_check, 3434173138Srwatson 3435173138Srwatson .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, 3436172955Srwatson .mpo_proc_check_debug = biba_proc_check_debug, 3437172955Srwatson .mpo_proc_check_sched = biba_proc_check_sched, 3438172955Srwatson .mpo_proc_check_signal = biba_proc_check_signal, 3439173138Srwatson .mpo_proc_create_init = biba_proc_create_init, 3440173138Srwatson .mpo_proc_create_swapper = biba_proc_create_swapper, 3441173138Srwatson 3442172955Srwatson .mpo_socket_check_deliver = biba_socket_check_deliver, 3443172955Srwatson .mpo_socket_check_relabel = biba_socket_check_relabel, 3444172955Srwatson .mpo_socket_check_visible = biba_socket_check_visible, 3445173138Srwatson .mpo_socket_copy_label = biba_copy_label, 3446173138Srwatson .mpo_socket_create = biba_socket_create, 3447173138Srwatson .mpo_socket_create_mbuf = biba_socket_create_mbuf, 3448173138Srwatson .mpo_socket_destroy_label = biba_destroy_label, 3449173138Srwatson .mpo_socket_externalize_label = biba_externalize_label, 3450173138Srwatson .mpo_socket_init_label = biba_init_label_waitcheck, 3451173138Srwatson .mpo_socket_internalize_label = biba_internalize_label, 3452173138Srwatson .mpo_socket_newconn = biba_socket_newconn, 3453173138Srwatson .mpo_socket_relabel = biba_socket_relabel, 3454173138Srwatson 3455173138Srwatson .mpo_socketpeer_destroy_label = biba_destroy_label, 3456173138Srwatson .mpo_socketpeer_externalize_label = biba_externalize_label, 3457173138Srwatson .mpo_socketpeer_init_label = biba_init_label_waitcheck, 3458173138Srwatson .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, 3459173138Srwatson .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, 3460173138Srwatson 3461173138Srwatson .mpo_syncache_create = biba_syncache_create, 3462173138Srwatson .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, 3463173138Srwatson .mpo_syncache_destroy_label = biba_destroy_label, 3464173138Srwatson .mpo_syncache_init_label = biba_init_label_waitcheck, 3465173138Srwatson 3466172955Srwatson .mpo_system_check_acct = biba_system_check_acct, 3467172955Srwatson .mpo_system_check_auditctl = biba_system_check_auditctl, 3468172955Srwatson .mpo_system_check_auditon = biba_system_check_auditon, 3469173138Srwatson .mpo_system_check_swapoff = biba_system_check_swapoff, 3470172955Srwatson .mpo_system_check_swapon = biba_system_check_swapon, 3471172955Srwatson .mpo_system_check_sysctl = biba_system_check_sysctl, 3472173138Srwatson 3473173138Srwatson .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3474173138Srwatson .mpo_sysvmsg_create = biba_sysvmsg_create, 3475173138Srwatson .mpo_sysvmsg_destroy_label = biba_destroy_label, 3476173138Srwatson .mpo_sysvmsg_init_label = biba_init_label, 3477173138Srwatson 3478173138Srwatson .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, 3479173138Srwatson .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, 3480173138Srwatson .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, 3481173138Srwatson .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, 3482173138Srwatson .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, 3483173138Srwatson .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, 3484173138Srwatson .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3485173138Srwatson .mpo_sysvmsq_create = biba_sysvmsq_create, 3486173138Srwatson .mpo_sysvmsq_destroy_label = biba_destroy_label, 3487173138Srwatson .mpo_sysvmsq_init_label = biba_init_label, 3488173138Srwatson 3489173138Srwatson .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, 3490173138Srwatson .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, 3491173138Srwatson .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, 3492173138Srwatson .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3493173138Srwatson .mpo_sysvsem_create = biba_sysvsem_create, 3494173138Srwatson .mpo_sysvsem_destroy_label = biba_destroy_label, 3495173138Srwatson .mpo_sysvsem_init_label = biba_init_label, 3496173138Srwatson 3497173138Srwatson .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, 3498173138Srwatson .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, 3499173138Srwatson .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, 3500173138Srwatson .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3501173138Srwatson .mpo_sysvshm_create = biba_sysvshm_create, 3502173138Srwatson .mpo_sysvshm_destroy_label = biba_destroy_label, 3503173138Srwatson .mpo_sysvshm_init_label = biba_init_label, 3504173138Srwatson 3505173138Srwatson .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, 3506173138Srwatson .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, 3507172955Srwatson .mpo_vnode_check_access = biba_vnode_check_open, 3508172955Srwatson .mpo_vnode_check_chdir = biba_vnode_check_chdir, 3509172955Srwatson .mpo_vnode_check_chroot = biba_vnode_check_chroot, 3510172955Srwatson .mpo_vnode_check_create = biba_vnode_check_create, 3511172955Srwatson .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl, 3512172955Srwatson .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr, 3513172955Srwatson .mpo_vnode_check_exec = biba_vnode_check_exec, 3514172955Srwatson .mpo_vnode_check_getacl = biba_vnode_check_getacl, 3515172955Srwatson .mpo_vnode_check_getextattr = biba_vnode_check_getextattr, 3516172955Srwatson .mpo_vnode_check_link = biba_vnode_check_link, 3517172955Srwatson .mpo_vnode_check_listextattr = biba_vnode_check_listextattr, 3518172955Srwatson .mpo_vnode_check_lookup = biba_vnode_check_lookup, 3519172955Srwatson .mpo_vnode_check_mmap = biba_vnode_check_mmap, 3520172955Srwatson .mpo_vnode_check_open = biba_vnode_check_open, 3521172955Srwatson .mpo_vnode_check_poll = biba_vnode_check_poll, 3522172955Srwatson .mpo_vnode_check_read = biba_vnode_check_read, 3523172955Srwatson .mpo_vnode_check_readdir = biba_vnode_check_readdir, 3524172955Srwatson .mpo_vnode_check_readlink = biba_vnode_check_readlink, 3525172955Srwatson .mpo_vnode_check_relabel = biba_vnode_check_relabel, 3526172955Srwatson .mpo_vnode_check_rename_from = biba_vnode_check_rename_from, 3527172955Srwatson .mpo_vnode_check_rename_to = biba_vnode_check_rename_to, 3528172955Srwatson .mpo_vnode_check_revoke = biba_vnode_check_revoke, 3529172955Srwatson .mpo_vnode_check_setacl = biba_vnode_check_setacl, 3530172955Srwatson .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3531172955Srwatson .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3532172955Srwatson .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3533172955Srwatson .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3534172955Srwatson .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3535172955Srwatson .mpo_vnode_check_stat = biba_vnode_check_stat, 3536172955Srwatson .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3537172955Srwatson .mpo_vnode_check_write = biba_vnode_check_write, 3538173138Srwatson .mpo_vnode_create_extattr = biba_vnode_create_extattr, 3539173138Srwatson .mpo_vnode_copy_label = biba_copy_label, 3540173138Srwatson .mpo_vnode_destroy_label = biba_destroy_label, 3541173138Srwatson .mpo_vnode_externalize_label = biba_externalize_label, 3542173138Srwatson .mpo_vnode_init_label = biba_init_label, 3543173138Srwatson .mpo_vnode_internalize_label = biba_internalize_label, 3544173138Srwatson .mpo_vnode_relabel = biba_vnode_relabel, 3545173138Srwatson .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, 3546101099Srwatson}; 3547101099Srwatson 3548182063Srwatson#define BIBA_OBJECTS (MPC_OBJECT_CRED | \ 3549182063Srwatson /* MPC_OBJECT_PROC | */ \ 3550182063Srwatson MPC_OBJECT_VNODE | \ 3551182063Srwatson MPC_OBJECT_INPCB | \ 3552182063Srwatson MPC_OBJECT_SOCKET | \ 3553182063Srwatson MPC_OBJECT_DEVFS | \ 3554182063Srwatson MPC_OBJECT_MBUF | \ 3555182063Srwatson MPC_OBJECT_IPQ | \ 3556182063Srwatson MPC_OBJECT_IFNET | \ 3557182063Srwatson MPC_OBJECT_BPFDESC | \ 3558182063Srwatson MPC_OBJECT_PIPE | \ 3559182063Srwatson MPC_OBJECT_MOUNT | \ 3560182063Srwatson MPC_OBJECT_POSIXSEM | \ 3561182063Srwatson /* MPC_OBJECT_POSIXSHM | */ \ 3562182063Srwatson MPC_OBJECT_SYSVMSG | \ 3563182063Srwatson MPC_OBJECT_SYSVMSQ | \ 3564182063Srwatson MPC_OBJECT_SYSVSEM | \ 3565182063Srwatson MPC_OBJECT_SYSVSHM | \ 3566182063Srwatson MPC_OBJECT_SYNCACHE) 3567182063Srwatson 3568112717SrwatsonMAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3569182063Srwatson MPC_LOADTIME_FLAG_NOTLATE, &biba_slot, BIBA_OBJECTS); 3570