mac_biba.c revision 189533
1101099Srwatson/*- 2184308Srwatson * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson 3140628Srwatson * Copyright (c) 2001-2005 McAfee, Inc. 4172930Srwatson * Copyright (c) 2006 SPARTA, Inc. 5101099Srwatson * All rights reserved. 6101099Srwatson * 7101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8101099Srwatson * 9140628Srwatson * This software was developed for the FreeBSD Project in part by McAfee 10140628Srwatson * Research, the Security Research Division of McAfee, Inc. under 11140628Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12140628Srwatson * CHATS research program. 13101099Srwatson * 14172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 15172930Srwatson * N66001-04-C-6019 ("SEFOS"). 16172930Srwatson * 17101099Srwatson * Redistribution and use in source and binary forms, with or without 18101099Srwatson * modification, are permitted provided that the following conditions 19101099Srwatson * are met: 20101099Srwatson * 1. Redistributions of source code must retain the above copyright 21101099Srwatson * notice, this list of conditions and the following disclaimer. 22101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 23101099Srwatson * notice, this list of conditions and the following disclaimer in the 24101099Srwatson * documentation and/or other materials provided with the distribution. 25101099Srwatson * 26101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36101099Srwatson * SUCH DAMAGE. 37101099Srwatson * 38101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 189533 2009-03-08 12:32:06Z rwatson $ 39101099Srwatson */ 40101099Srwatson 41101099Srwatson/* 42101099Srwatson * Developed by the TrustedBSD Project. 43168951Srwatson * 44101099Srwatson * Biba fixed label mandatory integrity policy. 45101099Srwatson */ 46101099Srwatson 47101099Srwatson#include <sys/param.h> 48101099Srwatson#include <sys/conf.h> 49105988Srwatson#include <sys/extattr.h> 50101099Srwatson#include <sys/kernel.h> 51164184Strhodes#include <sys/ksem.h> 52103183Sbde#include <sys/malloc.h> 53145076Scsjp#include <sys/mman.h> 54101099Srwatson#include <sys/mount.h> 55168951Srwatson#include <sys/priv.h> 56101099Srwatson#include <sys/proc.h> 57115497Srwatson#include <sys/sbuf.h> 58101099Srwatson#include <sys/systm.h> 59101099Srwatson#include <sys/sysproto.h> 60101099Srwatson#include <sys/sysent.h> 61105696Srwatson#include <sys/systm.h> 62101099Srwatson#include <sys/vnode.h> 63101099Srwatson#include <sys/file.h> 64101099Srwatson#include <sys/socket.h> 65101099Srwatson#include <sys/socketvar.h> 66101099Srwatson#include <sys/pipe.h> 67150340Sphk#include <sys/sx.h> 68101099Srwatson#include <sys/sysctl.h> 69140628Srwatson#include <sys/msg.h> 70140628Srwatson#include <sys/sem.h> 71140628Srwatson#include <sys/shm.h> 72101099Srwatson 73101099Srwatson#include <fs/devfs/devfs.h> 74101099Srwatson 75101099Srwatson#include <net/bpfdesc.h> 76101099Srwatson#include <net/if.h> 77101099Srwatson#include <net/if_types.h> 78101099Srwatson#include <net/if_var.h> 79101099Srwatson 80101099Srwatson#include <netinet/in.h> 81122875Srwatson#include <netinet/in_pcb.h> 82101099Srwatson#include <netinet/ip_var.h> 83101099Srwatson 84122879Srwatson#include <vm/uma.h> 85101099Srwatson#include <vm/vm.h> 86101099Srwatson 87165469Srwatson#include <security/mac/mac_policy.h> 88101099Srwatson#include <security/mac_biba/mac_biba.h> 89101099Srwatson 90101099SrwatsonSYSCTL_DECL(_security_mac); 91101099Srwatson 92101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 93101099Srwatson "TrustedBSD mac_biba policy controls"); 94101099Srwatson 95172955Srwatsonstatic int biba_label_size = sizeof(struct mac_biba); 96105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 97172955Srwatson &biba_label_size, 0, "Size of struct mac_biba"); 98105988Srwatson 99172955Srwatsonstatic int biba_enabled = 1; 100172955SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled, 101172955Srwatson 0, "Enforce MAC/Biba policy"); 102172955SrwatsonTUNABLE_INT("security.mac.biba.enabled", &biba_enabled); 103101099Srwatson 104101099Srwatsonstatic int destroyed_not_inited; 105101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 106101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 107101099Srwatson 108101099Srwatsonstatic int trust_all_interfaces = 0; 109101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 110101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 111101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 112101099Srwatson 113101099Srwatsonstatic char trusted_interfaces[128]; 114101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 115101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 116101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 117101099Srwatson sizeof(trusted_interfaces)); 118101099Srwatson 119105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 120105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 121105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 122105643Srwatson 123105606Srwatsonstatic int ptys_equal = 0; 124181217SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 125181217Srwatson 0, "Label pty devices as biba/equal on create"); 126105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 127105606Srwatson 128153927Scsjpstatic int interfaces_equal; 129153927ScsjpSYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, 130153927Scsjp &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); 131153927ScsjpTUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal); 132153927Scsjp 133105637Srwatsonstatic int revocation_enabled = 0; 134101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 135105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 136105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 137101099Srwatson 138172955Srwatsonstatic int biba_slot; 139172955Srwatson#define SLOT(l) ((struct mac_biba *)mac_label_get((l), biba_slot)) 140172955Srwatson#define SLOT_SET(l, val) mac_label_set((l), biba_slot, (uintptr_t)(val)) 141101099Srwatson 142122879Srwatsonstatic uma_zone_t zone_biba; 143101099Srwatson 144105643Srwatsonstatic __inline int 145105643Srwatsonbiba_bit_set_empty(u_char *set) { 146105643Srwatson int i; 147105643Srwatson 148105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 149105643Srwatson if (set[i] != 0) 150105643Srwatson return (0); 151105643Srwatson return (1); 152105643Srwatson} 153105643Srwatson 154101099Srwatsonstatic struct mac_biba * 155104514Srwatsonbiba_alloc(int flag) 156101099Srwatson{ 157101099Srwatson 158122879Srwatson return (uma_zalloc(zone_biba, flag | M_ZERO)); 159101099Srwatson} 160101099Srwatson 161101099Srwatsonstatic void 162172955Srwatsonbiba_free(struct mac_biba *mb) 163101099Srwatson{ 164101099Srwatson 165172955Srwatson if (mb != NULL) 166172955Srwatson uma_zfree(zone_biba, mb); 167101099Srwatson else 168101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 169101099Srwatson} 170101099Srwatson 171101099Srwatsonstatic int 172172955Srwatsonbiba_atmostflags(struct mac_biba *mb, int flags) 173105634Srwatson{ 174105634Srwatson 175172955Srwatson if ((mb->mb_flags & flags) != mb->mb_flags) 176105634Srwatson return (EINVAL); 177105634Srwatson return (0); 178105634Srwatson} 179105634Srwatson 180105634Srwatsonstatic int 181172955Srwatsonbiba_dominate_element(struct mac_biba_element *a, struct mac_biba_element *b) 182101099Srwatson{ 183105643Srwatson int bit; 184101099Srwatson 185105736Srwatson switch (a->mbe_type) { 186101099Srwatson case MAC_BIBA_TYPE_EQUAL: 187101099Srwatson case MAC_BIBA_TYPE_HIGH: 188101099Srwatson return (1); 189101099Srwatson 190101099Srwatson case MAC_BIBA_TYPE_LOW: 191101099Srwatson switch (b->mbe_type) { 192101099Srwatson case MAC_BIBA_TYPE_GRADE: 193101099Srwatson case MAC_BIBA_TYPE_HIGH: 194101099Srwatson return (0); 195101099Srwatson 196101099Srwatson case MAC_BIBA_TYPE_EQUAL: 197101099Srwatson case MAC_BIBA_TYPE_LOW: 198101099Srwatson return (1); 199101099Srwatson 200101099Srwatson default: 201172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 202101099Srwatson } 203101099Srwatson 204101099Srwatson case MAC_BIBA_TYPE_GRADE: 205101099Srwatson switch (b->mbe_type) { 206101099Srwatson case MAC_BIBA_TYPE_EQUAL: 207101099Srwatson case MAC_BIBA_TYPE_LOW: 208101099Srwatson return (1); 209101099Srwatson 210101099Srwatson case MAC_BIBA_TYPE_HIGH: 211101099Srwatson return (0); 212101099Srwatson 213101099Srwatson case MAC_BIBA_TYPE_GRADE: 214105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 215105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 216105643Srwatson a->mbe_compartments) && 217105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 218105643Srwatson return (0); 219101099Srwatson return (a->mbe_grade >= b->mbe_grade); 220101099Srwatson 221101099Srwatson default: 222172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 223101099Srwatson } 224101099Srwatson 225101099Srwatson default: 226172955Srwatson panic("biba_dominate_element: a->mbe_type invalid"); 227101099Srwatson } 228101099Srwatson 229101099Srwatson return (0); 230101099Srwatson} 231101099Srwatson 232101099Srwatsonstatic int 233172955Srwatsonbiba_subject_dominate_high(struct mac_biba *mb) 234105988Srwatson{ 235105988Srwatson struct mac_biba_element *element; 236105988Srwatson 237172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 238172955Srwatson ("biba_effective_in_range: mb not effective")); 239172955Srwatson element = &mb->mb_effective; 240105988Srwatson 241105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 242105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 243105988Srwatson} 244105988Srwatson 245105988Srwatsonstatic int 246172955Srwatsonbiba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 247101099Srwatson{ 248101099Srwatson 249172955Srwatson return (biba_dominate_element(&rangeb->mb_rangehigh, 250101099Srwatson &rangea->mb_rangehigh) && 251172955Srwatson biba_dominate_element(&rangea->mb_rangelow, 252101099Srwatson &rangeb->mb_rangelow)); 253101099Srwatson} 254101099Srwatson 255101099Srwatsonstatic int 256172955Srwatsonbiba_effective_in_range(struct mac_biba *effective, struct mac_biba *range) 257101099Srwatson{ 258101099Srwatson 259132232Srwatson KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 260172955Srwatson ("biba_effective_in_range: a not effective")); 261103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 262172955Srwatson ("biba_effective_in_range: b not range")); 263101099Srwatson 264172955Srwatson return (biba_dominate_element(&range->mb_rangehigh, 265132232Srwatson &effective->mb_effective) && 266172955Srwatson biba_dominate_element(&effective->mb_effective, 267101099Srwatson &range->mb_rangelow)); 268101099Srwatson 269101099Srwatson return (1); 270101099Srwatson} 271101099Srwatson 272101099Srwatsonstatic int 273172955Srwatsonbiba_dominate_effective(struct mac_biba *a, struct mac_biba *b) 274101099Srwatson{ 275132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 276172955Srwatson ("biba_dominate_effective: a not effective")); 277132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 278172955Srwatson ("biba_dominate_effective: b not effective")); 279101099Srwatson 280172955Srwatson return (biba_dominate_element(&a->mb_effective, &b->mb_effective)); 281101099Srwatson} 282101099Srwatson 283101099Srwatsonstatic int 284172955Srwatsonbiba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 285101099Srwatson{ 286101099Srwatson 287101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 288101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 289101099Srwatson return (1); 290101099Srwatson 291101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 292101099Srwatson} 293101099Srwatson 294101099Srwatsonstatic int 295172955Srwatsonbiba_equal_effective(struct mac_biba *a, struct mac_biba *b) 296101099Srwatson{ 297101099Srwatson 298132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 299172955Srwatson ("biba_equal_effective: a not effective")); 300132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 301172955Srwatson ("biba_equal_effective: b not effective")); 302101099Srwatson 303172955Srwatson return (biba_equal_element(&a->mb_effective, &b->mb_effective)); 304101099Srwatson} 305101099Srwatson 306101099Srwatsonstatic int 307172955Srwatsonbiba_contains_equal(struct mac_biba *mb) 308105634Srwatson{ 309105634Srwatson 310172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 311172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 312105634Srwatson return (1); 313172955Srwatson } 314105634Srwatson 315172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 316172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 317105634Srwatson return (1); 318172955Srwatson if (mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 319105637Srwatson return (1); 320105634Srwatson } 321105634Srwatson 322105634Srwatson return (0); 323105634Srwatson} 324105634Srwatson 325105634Srwatsonstatic int 326172955Srwatsonbiba_subject_privileged(struct mac_biba *mb) 327105634Srwatson{ 328105634Srwatson 329172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH, 330172955Srwatson ("biba_subject_privileged: subject doesn't have both labels")); 331105634Srwatson 332132232Srwatson /* If the effective is EQUAL, it's ok. */ 333172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 334105634Srwatson return (0); 335105634Srwatson 336105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 337172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 338172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 339105634Srwatson return (0); 340105634Srwatson 341105634Srwatson /* If the range is low-high, it's ok. */ 342172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 343172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 344105634Srwatson return (0); 345105634Srwatson 346105634Srwatson /* It's not ok. */ 347105634Srwatson return (EPERM); 348105634Srwatson} 349105634Srwatson 350106091Srwatsonstatic int 351172955Srwatsonbiba_high_effective(struct mac_biba *mb) 352105988Srwatson{ 353105988Srwatson 354172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 355172955Srwatson ("biba_equal_effective: mb not effective")); 356105988Srwatson 357172955Srwatson return (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); 358105988Srwatson} 359105988Srwatson 360105634Srwatsonstatic int 361172955Srwatsonbiba_valid(struct mac_biba *mb) 362101099Srwatson{ 363101099Srwatson 364172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 365172955Srwatson switch (mb->mb_effective.mbe_type) { 366101099Srwatson case MAC_BIBA_TYPE_GRADE: 367101099Srwatson break; 368101099Srwatson 369101099Srwatson case MAC_BIBA_TYPE_EQUAL: 370101099Srwatson case MAC_BIBA_TYPE_HIGH: 371101099Srwatson case MAC_BIBA_TYPE_LOW: 372172955Srwatson if (mb->mb_effective.mbe_grade != 0 || 373105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 374172955Srwatson mb->mb_effective.mbe_compartments)) 375101099Srwatson return (EINVAL); 376101099Srwatson break; 377101099Srwatson 378101099Srwatson default: 379101099Srwatson return (EINVAL); 380101099Srwatson } 381101099Srwatson } else { 382172955Srwatson if (mb->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) 383101099Srwatson return (EINVAL); 384101099Srwatson } 385101099Srwatson 386172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 387172955Srwatson switch (mb->mb_rangelow.mbe_type) { 388101099Srwatson case MAC_BIBA_TYPE_GRADE: 389101099Srwatson break; 390101099Srwatson 391101099Srwatson case MAC_BIBA_TYPE_EQUAL: 392101099Srwatson case MAC_BIBA_TYPE_HIGH: 393101099Srwatson case MAC_BIBA_TYPE_LOW: 394172955Srwatson if (mb->mb_rangelow.mbe_grade != 0 || 395105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 396172955Srwatson mb->mb_rangelow.mbe_compartments)) 397101099Srwatson return (EINVAL); 398101099Srwatson break; 399101099Srwatson 400101099Srwatson default: 401101099Srwatson return (EINVAL); 402101099Srwatson } 403101099Srwatson 404172955Srwatson switch (mb->mb_rangehigh.mbe_type) { 405101099Srwatson case MAC_BIBA_TYPE_GRADE: 406101099Srwatson break; 407101099Srwatson 408101099Srwatson case MAC_BIBA_TYPE_EQUAL: 409101099Srwatson case MAC_BIBA_TYPE_HIGH: 410101099Srwatson case MAC_BIBA_TYPE_LOW: 411172955Srwatson if (mb->mb_rangehigh.mbe_grade != 0 || 412105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 413172955Srwatson mb->mb_rangehigh.mbe_compartments)) 414101099Srwatson return (EINVAL); 415101099Srwatson break; 416101099Srwatson 417101099Srwatson default: 418101099Srwatson return (EINVAL); 419101099Srwatson } 420172955Srwatson if (!biba_dominate_element(&mb->mb_rangehigh, 421172955Srwatson &mb->mb_rangelow)) 422101099Srwatson return (EINVAL); 423101099Srwatson } else { 424172955Srwatson if (mb->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 425172955Srwatson mb->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 426101099Srwatson return (EINVAL); 427101099Srwatson } 428101099Srwatson 429101099Srwatson return (0); 430101099Srwatson} 431101099Srwatson 432101099Srwatsonstatic void 433172955Srwatsonbiba_set_range(struct mac_biba *mb, u_short typelow, u_short gradelow, 434172955Srwatson u_char *compartmentslow, u_short typehigh, u_short gradehigh, 435172955Srwatson u_char *compartmentshigh) 436101099Srwatson{ 437101099Srwatson 438172955Srwatson mb->mb_rangelow.mbe_type = typelow; 439172955Srwatson mb->mb_rangelow.mbe_grade = gradelow; 440105643Srwatson if (compartmentslow != NULL) 441172955Srwatson memcpy(mb->mb_rangelow.mbe_compartments, compartmentslow, 442172955Srwatson sizeof(mb->mb_rangelow.mbe_compartments)); 443172955Srwatson mb->mb_rangehigh.mbe_type = typehigh; 444172955Srwatson mb->mb_rangehigh.mbe_grade = gradehigh; 445105643Srwatson if (compartmentshigh != NULL) 446172955Srwatson memcpy(mb->mb_rangehigh.mbe_compartments, compartmentshigh, 447172955Srwatson sizeof(mb->mb_rangehigh.mbe_compartments)); 448172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 449101099Srwatson} 450101099Srwatson 451101099Srwatsonstatic void 452172955Srwatsonbiba_set_effective(struct mac_biba *mb, u_short type, u_short grade, 453105643Srwatson u_char *compartments) 454101099Srwatson{ 455101099Srwatson 456172955Srwatson mb->mb_effective.mbe_type = type; 457172955Srwatson mb->mb_effective.mbe_grade = grade; 458105643Srwatson if (compartments != NULL) 459172955Srwatson memcpy(mb->mb_effective.mbe_compartments, compartments, 460172955Srwatson sizeof(mb->mb_effective.mbe_compartments)); 461172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 462101099Srwatson} 463101099Srwatson 464101099Srwatsonstatic void 465172955Srwatsonbiba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 466101099Srwatson{ 467105643Srwatson 468101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 469172955Srwatson ("biba_copy_range: labelfrom not range")); 470101099Srwatson 471101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 472101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 473101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 474101099Srwatson} 475101099Srwatson 476101099Srwatsonstatic void 477172955Srwatsonbiba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) 478101099Srwatson{ 479101099Srwatson 480132232Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 481172955Srwatson ("biba_copy_effective: labelfrom not effective")); 482101099Srwatson 483132232Srwatson labelto->mb_effective = labelfrom->mb_effective; 484132232Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 485101099Srwatson} 486101099Srwatson 487105656Srwatsonstatic void 488172955Srwatsonbiba_copy(struct mac_biba *source, struct mac_biba *dest) 489105656Srwatson{ 490105656Srwatson 491132232Srwatson if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 492172955Srwatson biba_copy_effective(source, dest); 493105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 494172955Srwatson biba_copy_range(source, dest); 495105656Srwatson} 496105656Srwatson 497101099Srwatson/* 498101099Srwatson * Policy module operations. 499101099Srwatson */ 500101099Srwatsonstatic void 501172955Srwatsonbiba_init(struct mac_policy_conf *conf) 502101099Srwatson{ 503101099Srwatson 504122879Srwatson zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 505122879Srwatson NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 506101099Srwatson} 507101099Srwatson 508101099Srwatson/* 509101099Srwatson * Label operations. 510101099Srwatson */ 511101099Srwatsonstatic void 512172955Srwatsonbiba_init_label(struct label *label) 513101099Srwatson{ 514101099Srwatson 515132781Skan SLOT_SET(label, biba_alloc(M_WAITOK)); 516101099Srwatson} 517101099Srwatson 518101099Srwatsonstatic int 519172955Srwatsonbiba_init_label_waitcheck(struct label *label, int flag) 520101099Srwatson{ 521101099Srwatson 522132781Skan SLOT_SET(label, biba_alloc(flag)); 523101099Srwatson if (SLOT(label) == NULL) 524101099Srwatson return (ENOMEM); 525101099Srwatson 526101099Srwatson return (0); 527101099Srwatson} 528101099Srwatson 529101099Srwatsonstatic void 530172955Srwatsonbiba_destroy_label(struct label *label) 531101099Srwatson{ 532101099Srwatson 533101099Srwatson biba_free(SLOT(label)); 534132781Skan SLOT_SET(label, NULL); 535101099Srwatson} 536101099Srwatson 537105696Srwatson/* 538172955Srwatson * biba_element_to_string() accepts an sbuf and Biba element. It converts 539172955Srwatson * the Biba element to a string and stores the result in the sbuf; if there 540172955Srwatson * isn't space in the sbuf, -1 is returned. 541105696Srwatson */ 542115497Srwatsonstatic int 543172955Srwatsonbiba_element_to_string(struct sbuf *sb, struct mac_biba_element *element) 544105696Srwatson{ 545115497Srwatson int i, first; 546105696Srwatson 547105696Srwatson switch (element->mbe_type) { 548105696Srwatson case MAC_BIBA_TYPE_HIGH: 549115497Srwatson return (sbuf_printf(sb, "high")); 550105696Srwatson 551105696Srwatson case MAC_BIBA_TYPE_LOW: 552115497Srwatson return (sbuf_printf(sb, "low")); 553105696Srwatson 554105696Srwatson case MAC_BIBA_TYPE_EQUAL: 555115497Srwatson return (sbuf_printf(sb, "equal")); 556105696Srwatson 557105696Srwatson case MAC_BIBA_TYPE_GRADE: 558115497Srwatson if (sbuf_printf(sb, "%d", element->mbe_grade) == -1) 559115497Srwatson return (-1); 560115497Srwatson 561115497Srwatson first = 1; 562115497Srwatson for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) { 563115497Srwatson if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) { 564115497Srwatson if (first) { 565115497Srwatson if (sbuf_putc(sb, ':') == -1) 566115497Srwatson return (-1); 567115497Srwatson if (sbuf_printf(sb, "%d", i) == -1) 568115497Srwatson return (-1); 569115497Srwatson first = 0; 570115497Srwatson } else { 571115497Srwatson if (sbuf_printf(sb, "+%d", i) == -1) 572115497Srwatson return (-1); 573115497Srwatson } 574115497Srwatson } 575105696Srwatson } 576115497Srwatson return (0); 577105696Srwatson 578105696Srwatson default: 579172955Srwatson panic("biba_element_to_string: invalid type (%d)", 580105696Srwatson element->mbe_type); 581105696Srwatson } 582105696Srwatson} 583105696Srwatson 584115497Srwatson/* 585172955Srwatson * biba_to_string() converts a Biba label to a string, and places the results 586172955Srwatson * in the passed sbuf. It returns 0 on success, or EINVAL if there isn't 587172955Srwatson * room in the sbuf. Note: the sbuf will be modified even in a failure case, 588172955Srwatson * so the caller may need to revert the sbuf by restoring the offset if 589172955Srwatson * that's undesired. 590115497Srwatson */ 591101099Srwatsonstatic int 592172955Srwatsonbiba_to_string(struct sbuf *sb, struct mac_biba *mb) 593101099Srwatson{ 594105696Srwatson 595172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 596172955Srwatson if (biba_element_to_string(sb, &mb->mb_effective) == -1) 597105696Srwatson return (EINVAL); 598105696Srwatson } 599105696Srwatson 600172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 601116701Srwatson if (sbuf_putc(sb, '(') == -1) 602105696Srwatson return (EINVAL); 603105696Srwatson 604172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangelow) == -1) 605105696Srwatson return (EINVAL); 606105696Srwatson 607116701Srwatson if (sbuf_putc(sb, '-') == -1) 608105696Srwatson return (EINVAL); 609105696Srwatson 610172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangehigh) == -1) 611105696Srwatson return (EINVAL); 612105696Srwatson 613116701Srwatson if (sbuf_putc(sb, ')') == -1) 614105696Srwatson return (EINVAL); 615105696Srwatson } 616105696Srwatson 617105696Srwatson return (0); 618105696Srwatson} 619105696Srwatson 620105696Srwatsonstatic int 621172955Srwatsonbiba_externalize_label(struct label *label, char *element_name, 622116701Srwatson struct sbuf *sb, int *claimed) 623105696Srwatson{ 624172955Srwatson struct mac_biba *mb; 625101099Srwatson 626105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 627105696Srwatson return (0); 628105696Srwatson 629105696Srwatson (*claimed)++; 630105696Srwatson 631172955Srwatson mb = SLOT(label); 632172955Srwatson return (biba_to_string(sb, mb)); 633105696Srwatson} 634105696Srwatson 635105696Srwatsonstatic int 636172955Srwatsonbiba_parse_element(struct mac_biba_element *element, char *string) 637101099Srwatson{ 638115395Srwatson char *compartment, *end, *grade; 639115395Srwatson int value; 640105696Srwatson 641181217Srwatson if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) { 642105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 643105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 644181217Srwatson } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) { 645105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 646105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 647105696Srwatson } else if (strcmp(string, "equal") == 0 || 648105696Srwatson strcmp(string, "eq") == 0) { 649105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 650105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 651105696Srwatson } else { 652115395Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 653105696Srwatson 654115395Srwatson /* 655115395Srwatson * Numeric grade piece of the element. 656115395Srwatson */ 657115395Srwatson grade = strsep(&string, ":"); 658115395Srwatson value = strtol(grade, &end, 10); 659115395Srwatson if (end == grade || *end != '\0') 660105696Srwatson return (EINVAL); 661115395Srwatson if (value < 0 || value > 65535) 662115395Srwatson return (EINVAL); 663115395Srwatson element->mbe_grade = value; 664105696Srwatson 665115395Srwatson /* 666181217Srwatson * Optional compartment piece of the element. If none are 667181217Srwatson * included, we assume that the label has no compartments. 668115395Srwatson */ 669115395Srwatson if (string == NULL) 670115395Srwatson return (0); 671115395Srwatson if (*string == '\0') 672115395Srwatson return (0); 673105696Srwatson 674115395Srwatson while ((compartment = strsep(&string, "+")) != NULL) { 675115395Srwatson value = strtol(compartment, &end, 10); 676115395Srwatson if (compartment == end || *end != '\0') 677105696Srwatson return (EINVAL); 678115395Srwatson if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) 679105696Srwatson return (EINVAL); 680115395Srwatson MAC_BIBA_BIT_SET(value, element->mbe_compartments); 681105696Srwatson } 682105696Srwatson } 683105696Srwatson 684105696Srwatson return (0); 685105696Srwatson} 686105696Srwatson 687105696Srwatson/* 688181217Srwatson * Note: destructively consumes the string, make a local copy before calling 689181217Srwatson * if that's a problem. 690105696Srwatson */ 691105696Srwatsonstatic int 692172955Srwatsonbiba_parse(struct mac_biba *mb, char *string) 693105696Srwatson{ 694132232Srwatson char *rangehigh, *rangelow, *effective; 695101099Srwatson int error; 696101099Srwatson 697132232Srwatson effective = strsep(&string, "("); 698132232Srwatson if (*effective == '\0') 699132232Srwatson effective = NULL; 700115395Srwatson 701115395Srwatson if (string != NULL) { 702115395Srwatson rangelow = strsep(&string, "-"); 703115395Srwatson if (string == NULL) 704105696Srwatson return (EINVAL); 705115395Srwatson rangehigh = strsep(&string, ")"); 706115395Srwatson if (string == NULL) 707105696Srwatson return (EINVAL); 708115395Srwatson if (*string != '\0') 709105696Srwatson return (EINVAL); 710115395Srwatson } else { 711115395Srwatson rangelow = NULL; 712115395Srwatson rangehigh = NULL; 713105696Srwatson } 714115395Srwatson 715105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 716105696Srwatson (rangelow == NULL && rangehigh == NULL), 717172955Srwatson ("biba_parse: range mismatch")); 718101099Srwatson 719172955Srwatson bzero(mb, sizeof(*mb)); 720132232Srwatson if (effective != NULL) { 721172955Srwatson error = biba_parse_element(&mb->mb_effective, effective); 722105696Srwatson if (error) 723105696Srwatson return (error); 724172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 725105696Srwatson } 726105696Srwatson 727105696Srwatson if (rangelow != NULL) { 728172955Srwatson error = biba_parse_element(&mb->mb_rangelow, rangelow); 729105696Srwatson if (error) 730105696Srwatson return (error); 731172955Srwatson error = biba_parse_element(&mb->mb_rangehigh, rangehigh); 732105696Srwatson if (error) 733105696Srwatson return (error); 734172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 735105696Srwatson } 736105696Srwatson 737172955Srwatson error = biba_valid(mb); 738101099Srwatson if (error) 739101099Srwatson return (error); 740101099Srwatson 741105696Srwatson return (0); 742105696Srwatson} 743101099Srwatson 744105696Srwatsonstatic int 745172955Srwatsonbiba_internalize_label(struct label *label, char *element_name, 746105696Srwatson char *element_data, int *claimed) 747105696Srwatson{ 748172955Srwatson struct mac_biba *mb, mb_temp; 749105696Srwatson int error; 750105696Srwatson 751105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 752105696Srwatson return (0); 753105696Srwatson 754105696Srwatson (*claimed)++; 755105696Srwatson 756172955Srwatson error = biba_parse(&mb_temp, element_data); 757105696Srwatson if (error) 758105696Srwatson return (error); 759105696Srwatson 760172955Srwatson mb = SLOT(label); 761172955Srwatson *mb = mb_temp; 762105696Srwatson 763101099Srwatson return (0); 764101099Srwatson} 765101099Srwatson 766105696Srwatsonstatic void 767172955Srwatsonbiba_copy_label(struct label *src, struct label *dest) 768105696Srwatson{ 769105696Srwatson 770105696Srwatson *SLOT(dest) = *SLOT(src); 771105696Srwatson} 772105696Srwatson 773101099Srwatson/* 774173138Srwatson * Object-specific entry point implementations are sorted alphabetically by 775173138Srwatson * object type name and then by operation. 776101099Srwatson */ 777173138Srwatsonstatic int 778173138Srwatsonbiba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 779173138Srwatson struct ifnet *ifp, struct label *ifplabel) 780101099Srwatson{ 781173138Srwatson struct mac_biba *a, *b; 782101099Srwatson 783173138Srwatson if (!biba_enabled) 784173138Srwatson return (0); 785101099Srwatson 786173138Srwatson a = SLOT(dlabel); 787173138Srwatson b = SLOT(ifplabel); 788101099Srwatson 789173138Srwatson if (biba_equal_effective(a, b)) 790173138Srwatson return (0); 791173138Srwatson return (EACCES); 792101099Srwatson} 793101099Srwatson 794101099Srwatsonstatic void 795173138Srwatsonbiba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 796173138Srwatson struct label *dlabel) 797104535Srwatson{ 798104535Srwatson struct mac_biba *source, *dest; 799104535Srwatson 800122524Srwatson source = SLOT(cred->cr_label); 801173138Srwatson dest = SLOT(dlabel); 802104535Srwatson 803172955Srwatson biba_copy_effective(source, dest); 804104535Srwatson} 805104535Srwatson 806104535Srwatsonstatic void 807173138Srwatsonbiba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 808173138Srwatson struct mbuf *m, struct label *mlabel) 809101099Srwatson{ 810101099Srwatson struct mac_biba *source, *dest; 811101099Srwatson 812173138Srwatson source = SLOT(dlabel); 813173138Srwatson dest = SLOT(mlabel); 814172955Srwatson 815172955Srwatson biba_copy_effective(source, dest); 816101099Srwatson} 817101099Srwatson 818184407Srwatsonstatic void 819184407Srwatsonbiba_cred_associate_nfsd(struct ucred *cred) 820184407Srwatson{ 821184407Srwatson struct mac_biba *label; 822184407Srwatson 823184407Srwatson label = SLOT(cred->cr_label); 824184407Srwatson biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 825184407Srwatson biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 826184407Srwatson 0, NULL); 827184407Srwatson} 828184407Srwatson 829173138Srwatsonstatic int 830173138Srwatsonbiba_cred_check_relabel(struct ucred *cred, struct label *newlabel) 831101099Srwatson{ 832173138Srwatson struct mac_biba *subj, *new; 833173138Srwatson int error; 834101099Srwatson 835173138Srwatson subj = SLOT(cred->cr_label); 836173138Srwatson new = SLOT(newlabel); 837101099Srwatson 838173138Srwatson /* 839173138Srwatson * If there is a Biba label update for the credential, it may 840173138Srwatson * be an update of the effective, range, or both. 841173138Srwatson */ 842173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 843173138Srwatson if (error) 844173138Srwatson return (error); 845101099Srwatson 846173138Srwatson /* 847173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 848173138Srwatson */ 849173138Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 850173138Srwatson /* 851173138Srwatson * If the change request modifies both the Biba label 852173138Srwatson * effective and range, check that the new effective will be 853173138Srwatson * in the new range. 854173138Srwatson */ 855173138Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 856173138Srwatson MAC_BIBA_FLAGS_BOTH && 857173138Srwatson !biba_effective_in_range(new, new)) 858173138Srwatson return (EINVAL); 859101099Srwatson 860173138Srwatson /* 861173138Srwatson * To change the Biba effective label on a credential, the 862173138Srwatson * new effective label must be in the current range. 863173138Srwatson */ 864173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 865173138Srwatson !biba_effective_in_range(new, subj)) 866173138Srwatson return (EPERM); 867101099Srwatson 868173138Srwatson /* 869173138Srwatson * To change the Biba range on a credential, the new range 870173138Srwatson * label must be in the current range. 871173138Srwatson */ 872173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 873173138Srwatson !biba_range_in_range(new, subj)) 874173138Srwatson return (EPERM); 875101099Srwatson 876173138Srwatson /* 877173138Srwatson * To have EQUAL in any component of the new credential Biba 878173138Srwatson * label, the subject must already have EQUAL in their label. 879173138Srwatson */ 880173138Srwatson if (biba_contains_equal(new)) { 881173138Srwatson error = biba_subject_privileged(subj); 882173138Srwatson if (error) 883173138Srwatson return (error); 884173138Srwatson } 885105988Srwatson } 886101099Srwatson 887101099Srwatson return (0); 888101099Srwatson} 889101099Srwatson 890105988Srwatsonstatic int 891173138Srwatsonbiba_cred_check_visible(struct ucred *u1, struct ucred *u2) 892105988Srwatson{ 893173138Srwatson struct mac_biba *subj, *obj; 894105988Srwatson 895173138Srwatson if (!biba_enabled) 896105988Srwatson return (0); 897105988Srwatson 898173138Srwatson subj = SLOT(u1->cr_label); 899173138Srwatson obj = SLOT(u2->cr_label); 900105988Srwatson 901173138Srwatson /* XXX: range */ 902173138Srwatson if (!biba_dominate_effective(obj, subj)) 903173138Srwatson return (ESRCH); 904105988Srwatson 905173138Srwatson return (0); 906122875Srwatson} 907122875Srwatson 908122875Srwatsonstatic void 909184407Srwatsonbiba_cred_create_init(struct ucred *cred) 910184407Srwatson{ 911184407Srwatson struct mac_biba *dest; 912184407Srwatson 913184407Srwatson dest = SLOT(cred->cr_label); 914184407Srwatson 915184407Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 916184407Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 917184407Srwatson 0, NULL); 918184407Srwatson} 919184407Srwatson 920184407Srwatsonstatic void 921184407Srwatsonbiba_cred_create_swapper(struct ucred *cred) 922184407Srwatson{ 923184407Srwatson struct mac_biba *dest; 924184407Srwatson 925184407Srwatson dest = SLOT(cred->cr_label); 926184407Srwatson 927184407Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 928184407Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 929184407Srwatson 0, NULL); 930184407Srwatson} 931184407Srwatson 932184407Srwatsonstatic void 933173138Srwatsonbiba_cred_relabel(struct ucred *cred, struct label *newlabel) 934101099Srwatson{ 935101099Srwatson struct mac_biba *source, *dest; 936101099Srwatson 937173138Srwatson source = SLOT(newlabel); 938173138Srwatson dest = SLOT(cred->cr_label); 939101099Srwatson 940173138Srwatson biba_copy(source, dest); 941101099Srwatson} 942101099Srwatson 943101099Srwatsonstatic void 944173138Srwatsonbiba_devfs_create_device(struct ucred *cred, struct mount *mp, 945173138Srwatson struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 946101099Srwatson{ 947173138Srwatson struct mac_biba *mb; 948173138Srwatson int biba_type; 949101099Srwatson 950173138Srwatson mb = SLOT(delabel); 951173138Srwatson if (strcmp(dev->si_name, "null") == 0 || 952173138Srwatson strcmp(dev->si_name, "zero") == 0 || 953173138Srwatson strcmp(dev->si_name, "random") == 0 || 954173138Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 955173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 956173138Srwatson else if (ptys_equal && 957173138Srwatson (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || 958173138Srwatson strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) 959173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 960173138Srwatson else 961173138Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 962173138Srwatson biba_set_effective(mb, biba_type, 0, NULL); 963101099Srwatson} 964101099Srwatson 965101099Srwatsonstatic void 966173138Srwatsonbiba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, 967173138Srwatson struct devfs_dirent *de, struct label *delabel) 968101099Srwatson{ 969173138Srwatson struct mac_biba *mb; 970101099Srwatson 971173138Srwatson mb = SLOT(delabel); 972101099Srwatson 973173138Srwatson biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); 974101099Srwatson} 975101099Srwatson 976101099Srwatsonstatic void 977173138Srwatsonbiba_devfs_create_symlink(struct ucred *cred, struct mount *mp, 978173138Srwatson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 979173138Srwatson struct label *delabel) 980145855Srwatson{ 981145855Srwatson struct mac_biba *source, *dest; 982145855Srwatson 983145855Srwatson source = SLOT(cred->cr_label); 984173138Srwatson dest = SLOT(delabel); 985145855Srwatson 986172955Srwatson biba_copy_effective(source, dest); 987145855Srwatson} 988145855Srwatson 989145855Srwatsonstatic void 990173138Srwatsonbiba_devfs_update(struct mount *mp, struct devfs_dirent *de, 991173138Srwatson struct label *delabel, struct vnode *vp, struct label *vplabel) 992101099Srwatson{ 993101099Srwatson struct mac_biba *source, *dest; 994101099Srwatson 995173138Srwatson source = SLOT(vplabel); 996173138Srwatson dest = SLOT(delabel); 997101099Srwatson 998172955Srwatson biba_copy(source, dest); 999101099Srwatson} 1000101099Srwatson 1001101099Srwatsonstatic void 1002173138Srwatsonbiba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, 1003173138Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 1004173138Srwatson struct label *vplabel) 1005101099Srwatson{ 1006101099Srwatson struct mac_biba *source, *dest; 1007101099Srwatson 1008173138Srwatson source = SLOT(delabel); 1009173138Srwatson dest = SLOT(vplabel); 1010101099Srwatson 1011172955Srwatson biba_copy_effective(source, dest); 1012101099Srwatson} 1013101099Srwatson 1014173138Srwatsonstatic int 1015173138Srwatsonbiba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 1016173138Srwatson struct label *ifplabel, struct label *newlabel) 1017140628Srwatson{ 1018173138Srwatson struct mac_biba *subj, *new; 1019173138Srwatson int error; 1020140628Srwatson 1021173138Srwatson subj = SLOT(cred->cr_label); 1022173138Srwatson new = SLOT(newlabel); 1023140628Srwatson 1024173138Srwatson /* 1025173138Srwatson * If there is a Biba label update for the interface, it may be an 1026173138Srwatson * update of the effective, range, or both. 1027173138Srwatson */ 1028173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1029173138Srwatson if (error) 1030173138Srwatson return (error); 1031140628Srwatson 1032173138Srwatson /* 1033173138Srwatson * Relabling network interfaces requires Biba privilege. 1034173138Srwatson */ 1035173138Srwatson error = biba_subject_privileged(subj); 1036173138Srwatson if (error) 1037173138Srwatson return (error); 1038140628Srwatson 1039173138Srwatson return (0); 1040140628Srwatson} 1041140628Srwatson 1042173138Srwatsonstatic int 1043173138Srwatsonbiba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 1044173138Srwatson struct mbuf *m, struct label *mlabel) 1045140628Srwatson{ 1046173138Srwatson struct mac_biba *p, *i; 1047140628Srwatson 1048173138Srwatson if (!biba_enabled) 1049173138Srwatson return (0); 1050140628Srwatson 1051173138Srwatson p = SLOT(mlabel); 1052173138Srwatson i = SLOT(ifplabel); 1053140628Srwatson 1054173138Srwatson return (biba_effective_in_range(p, i) ? 0 : EACCES); 1055140628Srwatson} 1056140628Srwatson 1057101099Srwatsonstatic void 1058172955Srwatsonbiba_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 1059101099Srwatson{ 1060121816Sbrooks char tifname[IFNAMSIZ], *p, *q; 1061101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1062101099Srwatson struct mac_biba *dest; 1063110350Srwatson int len, type; 1064101099Srwatson 1065168976Srwatson dest = SLOT(ifplabel); 1066101099Srwatson 1067168976Srwatson if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { 1068110350Srwatson type = MAC_BIBA_TYPE_EQUAL; 1069101099Srwatson goto set; 1070101099Srwatson } 1071101099Srwatson 1072101099Srwatson if (trust_all_interfaces) { 1073110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1074101099Srwatson goto set; 1075101099Srwatson } 1076101099Srwatson 1077110350Srwatson type = MAC_BIBA_TYPE_LOW; 1078101099Srwatson 1079101099Srwatson if (trusted_interfaces[0] == '\0' || 1080101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1081101099Srwatson goto set; 1082101099Srwatson 1083106089Srwatson bzero(tiflist, sizeof(tiflist)); 1084101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1085101099Srwatson if(*p != ' ' && *p != '\t') 1086101099Srwatson *q = *p; 1087101099Srwatson 1088101099Srwatson for (p = q = tiflist;; p++) { 1089101099Srwatson if (*p == ',' || *p == '\0') { 1090101099Srwatson len = p - q; 1091101099Srwatson if (len < IFNAMSIZ) { 1092101099Srwatson bzero(tifname, sizeof(tifname)); 1093101099Srwatson bcopy(q, tifname, len); 1094168976Srwatson if (strcmp(tifname, ifp->if_xname) == 0) { 1095110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1096101099Srwatson break; 1097101099Srwatson } 1098106089Srwatson } else { 1099106089Srwatson *p = '\0'; 1100106089Srwatson printf("mac_biba warning: interface name " 1101106089Srwatson "\"%s\" is too long (must be < %d)\n", 1102106089Srwatson q, IFNAMSIZ); 1103101099Srwatson } 1104101099Srwatson if (*p == '\0') 1105101099Srwatson break; 1106101099Srwatson q = p + 1; 1107101099Srwatson } 1108101099Srwatson } 1109101099Srwatsonset: 1110172955Srwatson biba_set_effective(dest, type, 0, NULL); 1111172955Srwatson biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1112101099Srwatson} 1113101099Srwatson 1114101099Srwatsonstatic void 1115173138Srwatsonbiba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 1116173138Srwatson struct mbuf *m, struct label *mlabel) 1117101099Srwatson{ 1118101099Srwatson struct mac_biba *source, *dest; 1119101099Srwatson 1120173138Srwatson source = SLOT(ifplabel); 1121173138Srwatson dest = SLOT(mlabel); 1122101099Srwatson 1123172955Srwatson biba_copy_effective(source, dest); 1124101099Srwatson} 1125101099Srwatson 1126101099Srwatsonstatic void 1127173138Srwatsonbiba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 1128173138Srwatson struct label *ifplabel, struct label *newlabel) 1129101099Srwatson{ 1130101099Srwatson struct mac_biba *source, *dest; 1131101099Srwatson 1132173138Srwatson source = SLOT(newlabel); 1133173138Srwatson dest = SLOT(ifplabel); 1134101099Srwatson 1135173138Srwatson biba_copy(source, dest); 1136101099Srwatson} 1137101099Srwatson 1138173138Srwatsonstatic int 1139173138Srwatsonbiba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 1140173138Srwatson struct mbuf *m, struct label *mlabel) 1141173138Srwatson{ 1142173138Srwatson struct mac_biba *p, *i; 1143173138Srwatson 1144173138Srwatson if (!biba_enabled) 1145173138Srwatson return (0); 1146173138Srwatson 1147173138Srwatson p = SLOT(mlabel); 1148173138Srwatson i = SLOT(inplabel); 1149173138Srwatson 1150173138Srwatson return (biba_equal_effective(p, i) ? 0 : EACCES); 1151173138Srwatson} 1152173138Srwatson 1153183980Sbzstatic int 1154183980Sbzbiba_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 1155183980Sbz struct label *inplabel) 1156183980Sbz{ 1157183980Sbz struct mac_biba *subj, *obj; 1158183980Sbz 1159183980Sbz if (!biba_enabled) 1160183980Sbz return (0); 1161183980Sbz 1162183980Sbz subj = SLOT(cred->cr_label); 1163183980Sbz obj = SLOT(inplabel); 1164183980Sbz 1165183980Sbz if (!biba_dominate_effective(obj, subj)) 1166183980Sbz return (ENOENT); 1167183980Sbz 1168183980Sbz return (0); 1169183980Sbz} 1170183980Sbz 1171101099Srwatsonstatic void 1172173138Srwatsonbiba_inpcb_create(struct socket *so, struct label *solabel, 1173173138Srwatson struct inpcb *inp, struct label *inplabel) 1174101099Srwatson{ 1175101099Srwatson struct mac_biba *source, *dest; 1176101099Srwatson 1177173138Srwatson source = SLOT(solabel); 1178173138Srwatson dest = SLOT(inplabel); 1179101099Srwatson 1180172955Srwatson biba_copy_effective(source, dest); 1181101099Srwatson} 1182101099Srwatson 1183101099Srwatsonstatic void 1184172955Srwatsonbiba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 1185123607Srwatson struct mbuf *m, struct label *mlabel) 1186123607Srwatson{ 1187123607Srwatson struct mac_biba *source, *dest; 1188123607Srwatson 1189123607Srwatson source = SLOT(inplabel); 1190123607Srwatson dest = SLOT(mlabel); 1191123607Srwatson 1192172955Srwatson biba_copy_effective(source, dest); 1193123607Srwatson} 1194123607Srwatson 1195123607Srwatsonstatic void 1196173138Srwatsonbiba_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1197173138Srwatson struct inpcb *inp, struct label *inplabel) 1198101099Srwatson{ 1199101099Srwatson struct mac_biba *source, *dest; 1200101099Srwatson 1201173138Srwatson source = SLOT(solabel); 1202173138Srwatson dest = SLOT(inplabel); 1203101099Srwatson 1204173138Srwatson biba_copy(source, dest); 1205101099Srwatson} 1206101099Srwatson 1207101099Srwatsonstatic void 1208184308Srwatsonbiba_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1209184308Srwatson struct label *q6label) 1210184308Srwatson{ 1211184308Srwatson struct mac_biba *source, *dest; 1212184308Srwatson 1213184308Srwatson source = SLOT(mlabel); 1214184308Srwatson dest = SLOT(q6label); 1215184308Srwatson 1216184308Srwatson biba_copy_effective(source, dest); 1217184308Srwatson} 1218184308Srwatson 1219184308Srwatsonstatic int 1220184308Srwatsonbiba_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1221184308Srwatson struct label *q6label) 1222184308Srwatson{ 1223184308Srwatson struct mac_biba *a, *b; 1224184308Srwatson 1225184308Srwatson a = SLOT(q6label); 1226184308Srwatson b = SLOT(mlabel); 1227184308Srwatson 1228184308Srwatson return (biba_equal_effective(a, b)); 1229184308Srwatson} 1230184308Srwatson 1231184308Srwatsonstatic void 1232184308Srwatsonbiba_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 1233184308Srwatson struct label *mlabel) 1234184308Srwatson{ 1235184308Srwatson struct mac_biba *source, *dest; 1236184308Srwatson 1237184308Srwatson source = SLOT(q6label); 1238184308Srwatson dest = SLOT(mlabel); 1239184308Srwatson 1240184308Srwatson /* Just use the head, since we require them all to match. */ 1241184308Srwatson biba_copy_effective(source, dest); 1242184308Srwatson} 1243184308Srwatson 1244184308Srwatsonstatic void 1245184308Srwatsonbiba_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1246184308Srwatson struct label *q6label) 1247184308Srwatson{ 1248184308Srwatson 1249184308Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1250184308Srwatson} 1251184308Srwatson 1252184308Srwatsonstatic void 1253179781Srwatsonbiba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, 1254179781Srwatson struct label *qlabel) 1255101099Srwatson{ 1256101099Srwatson struct mac_biba *source, *dest; 1257101099Srwatson 1258173138Srwatson source = SLOT(mlabel); 1259179781Srwatson dest = SLOT(qlabel); 1260101099Srwatson 1261172955Srwatson biba_copy_effective(source, dest); 1262101099Srwatson} 1263101099Srwatson 1264101099Srwatsonstatic int 1265179781Srwatsonbiba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, 1266179781Srwatson struct label *qlabel) 1267101099Srwatson{ 1268101099Srwatson struct mac_biba *a, *b; 1269101099Srwatson 1270179781Srwatson a = SLOT(qlabel); 1271168976Srwatson b = SLOT(mlabel); 1272101099Srwatson 1273172955Srwatson return (biba_equal_effective(a, b)); 1274101099Srwatson} 1275101099Srwatson 1276101099Srwatsonstatic void 1277179781Srwatsonbiba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 1278173138Srwatson struct label *mlabel) 1279101099Srwatson{ 1280101099Srwatson struct mac_biba *source, *dest; 1281101099Srwatson 1282179781Srwatson source = SLOT(qlabel); 1283173138Srwatson dest = SLOT(mlabel); 1284101099Srwatson 1285173138Srwatson /* Just use the head, since we require them all to match. */ 1286173138Srwatson biba_copy_effective(source, dest); 1287101099Srwatson} 1288101099Srwatson 1289101099Srwatsonstatic void 1290179781Srwatsonbiba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 1291179781Srwatson struct label *qlabel) 1292101099Srwatson{ 1293101099Srwatson 1294101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1295101099Srwatson} 1296101099Srwatson 1297173138Srwatsonstatic int 1298173138Srwatsonbiba_kld_check_load(struct ucred *cred, struct vnode *vp, 1299173138Srwatson struct label *vplabel) 1300173138Srwatson{ 1301173138Srwatson struct mac_biba *subj, *obj; 1302173138Srwatson int error; 1303173138Srwatson 1304173138Srwatson if (!biba_enabled) 1305173138Srwatson return (0); 1306173138Srwatson 1307173138Srwatson subj = SLOT(cred->cr_label); 1308173138Srwatson 1309173138Srwatson error = biba_subject_privileged(subj); 1310173138Srwatson if (error) 1311173138Srwatson return (error); 1312173138Srwatson 1313173138Srwatson obj = SLOT(vplabel); 1314173138Srwatson if (!biba_high_effective(obj)) 1315173138Srwatson return (EACCES); 1316173138Srwatson 1317173138Srwatson return (0); 1318173138Srwatson} 1319173138Srwatson 1320173138Srwatsonstatic int 1321173138Srwatsonbiba_mount_check_stat(struct ucred *cred, struct mount *mp, 1322173138Srwatson struct label *mplabel) 1323173138Srwatson{ 1324173138Srwatson struct mac_biba *subj, *obj; 1325173138Srwatson 1326173138Srwatson if (!biba_enabled) 1327173138Srwatson return (0); 1328173138Srwatson 1329173138Srwatson subj = SLOT(cred->cr_label); 1330173138Srwatson obj = SLOT(mplabel); 1331173138Srwatson 1332173138Srwatson if (!biba_dominate_effective(obj, subj)) 1333173138Srwatson return (EACCES); 1334173138Srwatson 1335173138Srwatson return (0); 1336173138Srwatson} 1337173138Srwatson 1338122875Srwatsonstatic void 1339173138Srwatsonbiba_mount_create(struct ucred *cred, struct mount *mp, 1340173138Srwatson struct label *mplabel) 1341122875Srwatson{ 1342122875Srwatson struct mac_biba *source, *dest; 1343122875Srwatson 1344173138Srwatson source = SLOT(cred->cr_label); 1345173138Srwatson dest = SLOT(mplabel); 1346122875Srwatson 1347173138Srwatson biba_copy_effective(source, dest); 1348122875Srwatson} 1349122875Srwatson 1350162238Scsjpstatic void 1351173095Srwatsonbiba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1352173095Srwatson struct mbuf *m, struct label *mlabel) 1353173095Srwatson{ 1354173095Srwatson struct mac_biba *dest; 1355173095Srwatson 1356173095Srwatson dest = SLOT(mlabel); 1357173095Srwatson 1358173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1359173095Srwatson} 1360173095Srwatson 1361173095Srwatsonstatic void 1362173095Srwatsonbiba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1363173095Srwatson struct mbuf *m, struct label *mlabel) 1364173095Srwatson{ 1365173095Srwatson struct mac_biba *dest; 1366173095Srwatson 1367173095Srwatson dest = SLOT(mlabel); 1368173095Srwatson 1369173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1370173095Srwatson} 1371173095Srwatson 1372173095Srwatsonstatic void 1373173102Srwatsonbiba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1374173102Srwatson struct mbuf *msend, struct label *msendlabel) 1375173102Srwatson{ 1376173102Srwatson struct mac_biba *source, *dest; 1377173102Srwatson 1378173102Srwatson source = SLOT(mrecvlabel); 1379173102Srwatson dest = SLOT(msendlabel); 1380173102Srwatson 1381173102Srwatson biba_copy_effective(source, dest); 1382173102Srwatson} 1383173102Srwatson 1384173102Srwatsonstatic void 1385173018Srwatsonbiba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) 1386162238Scsjp{ 1387162238Scsjp struct mac_biba *dest; 1388162238Scsjp 1389173018Srwatson dest = SLOT(mlabel); 1390162238Scsjp 1391173018Srwatson /* XXX: where is the label for the firewall really coming from? */ 1392172955Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1393162238Scsjp} 1394162238Scsjp 1395173095Srwatsonstatic void 1396173138Srwatsonbiba_netinet_fragment(struct mbuf *m, struct label *mlabel, 1397173138Srwatson struct mbuf *frag, struct label *fraglabel) 1398173138Srwatson{ 1399173138Srwatson struct mac_biba *source, *dest; 1400173138Srwatson 1401173138Srwatson source = SLOT(mlabel); 1402173138Srwatson dest = SLOT(fraglabel); 1403173138Srwatson 1404173138Srwatson biba_copy_effective(source, dest); 1405173138Srwatson} 1406173138Srwatson 1407173138Srwatsonstatic void 1408173102Srwatsonbiba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1409173102Srwatson struct mbuf *msend, struct label *msendlabel) 1410173102Srwatson{ 1411173102Srwatson struct mac_biba *source, *dest; 1412173102Srwatson 1413173102Srwatson source = SLOT(mrecvlabel); 1414173102Srwatson dest = SLOT(msendlabel); 1415173102Srwatson 1416173102Srwatson biba_copy_effective(source, dest); 1417173102Srwatson} 1418173102Srwatson 1419173102Srwatsonstatic void 1420173095Srwatsonbiba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1421173095Srwatson struct mbuf *m, struct label *mlabel) 1422173095Srwatson{ 1423173095Srwatson struct mac_biba *dest; 1424173095Srwatson 1425173095Srwatson dest = SLOT(mlabel); 1426173095Srwatson 1427173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1428173095Srwatson} 1429173095Srwatson 1430173095Srwatsonstatic void 1431173095Srwatsonbiba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1432173095Srwatson struct mbuf *m, struct label *mlabel) 1433173095Srwatson{ 1434173095Srwatson struct mac_biba *dest; 1435173095Srwatson 1436173095Srwatson dest = SLOT(mlabel); 1437173095Srwatson 1438173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1439173095Srwatson} 1440173095Srwatson 1441173138Srwatsonstatic int 1442173138Srwatsonbiba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1443173138Srwatson struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1444101099Srwatson{ 1445101099Srwatson 1446173138Srwatson if(!biba_enabled) 1447173138Srwatson return (0); 1448101099Srwatson 1449173138Srwatson /* XXX: This will be implemented soon... */ 1450101099Srwatson 1451173138Srwatson return (0); 1452101099Srwatson} 1453101099Srwatson 1454173138Srwatsonstatic int 1455173138Srwatsonbiba_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1456173138Srwatson struct label *pplabel) 1457172957Srwatson{ 1458173138Srwatson struct mac_biba *subj, *obj; 1459172957Srwatson 1460173138Srwatson if (!biba_enabled) 1461173138Srwatson return (0); 1462172957Srwatson 1463173138Srwatson subj = SLOT(cred->cr_label); 1464173138Srwatson obj = SLOT(pplabel); 1465101099Srwatson 1466173138Srwatson if (!biba_dominate_effective(obj, subj)) 1467173138Srwatson return (EACCES); 1468101099Srwatson 1469173138Srwatson return (0); 1470101099Srwatson} 1471101099Srwatson 1472101099Srwatsonstatic int 1473173138Srwatsonbiba_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1474173138Srwatson struct label *pplabel) 1475101099Srwatson{ 1476173138Srwatson struct mac_biba *subj, *obj; 1477101099Srwatson 1478172955Srwatson if (!biba_enabled) 1479101099Srwatson return (0); 1480101099Srwatson 1481173138Srwatson subj = SLOT(cred->cr_label); 1482173138Srwatson obj = SLOT(pplabel); 1483101099Srwatson 1484173138Srwatson if (!biba_dominate_effective(obj, subj)) 1485173138Srwatson return (EACCES); 1486173138Srwatson 1487173138Srwatson return (0); 1488101099Srwatson} 1489101099Srwatson 1490101099Srwatsonstatic int 1491173138Srwatsonbiba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1492173138Srwatson struct label *pplabel, struct label *newlabel) 1493101099Srwatson{ 1494173138Srwatson struct mac_biba *subj, *obj, *new; 1495105634Srwatson int error; 1496101099Srwatson 1497173138Srwatson new = SLOT(newlabel); 1498122524Srwatson subj = SLOT(cred->cr_label); 1499173138Srwatson obj = SLOT(pplabel); 1500101099Srwatson 1501101099Srwatson /* 1502173138Srwatson * If there is a Biba label update for a pipe, it must be a effective 1503173138Srwatson * update. 1504101099Srwatson */ 1505173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1506105634Srwatson if (error) 1507105634Srwatson return (error); 1508101099Srwatson 1509101099Srwatson /* 1510173138Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1511173138Srwatson * authorize the relabel. 1512173138Srwatson */ 1513173138Srwatson if (!biba_effective_in_range(obj, subj)) 1514173138Srwatson return (EPERM); 1515173138Srwatson 1516173138Srwatson /* 1517105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1518101099Srwatson */ 1519173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1520105634Srwatson /* 1521173138Srwatson * To change the Biba label on a pipe, the new pipe label 1522173138Srwatson * must be in the subject range. 1523110351Srwatson */ 1524173138Srwatson if (!biba_effective_in_range(new, subj)) 1525105634Srwatson return (EPERM); 1526101099Srwatson 1527105634Srwatson /* 1528173138Srwatson * To change the Biba label on a pipe to be EQUAL, the 1529173138Srwatson * subject must have appropriate privilege. 1530105634Srwatson */ 1531172955Srwatson if (biba_contains_equal(new)) { 1532172955Srwatson error = biba_subject_privileged(subj); 1533105634Srwatson if (error) 1534105634Srwatson return (error); 1535105634Srwatson } 1536105634Srwatson } 1537105634Srwatson 1538101099Srwatson return (0); 1539101099Srwatson} 1540101099Srwatson 1541101099Srwatsonstatic int 1542173138Srwatsonbiba_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1543173138Srwatson struct label *pplabel) 1544101099Srwatson{ 1545101099Srwatson struct mac_biba *subj, *obj; 1546101099Srwatson 1547172955Srwatson if (!biba_enabled) 1548101099Srwatson return (0); 1549101099Srwatson 1550173138Srwatson subj = SLOT(cred->cr_label); 1551173138Srwatson obj = SLOT(pplabel); 1552101099Srwatson 1553172955Srwatson if (!biba_dominate_effective(obj, subj)) 1554173138Srwatson return (EACCES); 1555101099Srwatson 1556101099Srwatson return (0); 1557101099Srwatson} 1558101099Srwatson 1559101099Srwatsonstatic int 1560173138Srwatsonbiba_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1561173138Srwatson struct label *pplabel) 1562101099Srwatson{ 1563173138Srwatson struct mac_biba *subj, *obj; 1564101099Srwatson 1565173138Srwatson if (!biba_enabled) 1566173138Srwatson return (0); 1567173138Srwatson 1568122524Srwatson subj = SLOT(cred->cr_label); 1569173138Srwatson obj = SLOT(pplabel); 1570101099Srwatson 1571173138Srwatson if (!biba_dominate_effective(subj, obj)) 1572173138Srwatson return (EACCES); 1573101099Srwatson 1574105634Srwatson return (0); 1575101099Srwatson} 1576101099Srwatson 1577173138Srwatsonstatic void 1578173138Srwatsonbiba_pipe_create(struct ucred *cred, struct pipepair *pp, 1579173138Srwatson struct label *pplabel) 1580101099Srwatson{ 1581173138Srwatson struct mac_biba *source, *dest; 1582103761Srwatson 1583173138Srwatson source = SLOT(cred->cr_label); 1584173138Srwatson dest = SLOT(pplabel); 1585101099Srwatson 1586173138Srwatson biba_copy_effective(source, dest); 1587173138Srwatson} 1588103759Srwatson 1589173138Srwatsonstatic void 1590173138Srwatsonbiba_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1591173138Srwatson struct label *pplabel, struct label *newlabel) 1592173138Srwatson{ 1593173138Srwatson struct mac_biba *source, *dest; 1594173138Srwatson 1595173138Srwatson source = SLOT(newlabel); 1596173138Srwatson dest = SLOT(pplabel); 1597173138Srwatson 1598173138Srwatson biba_copy(source, dest); 1599101099Srwatson} 1600101099Srwatson 1601101099Srwatsonstatic int 1602180059Sjhbbiba_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks, 1603173138Srwatson struct label *kslabel) 1604122875Srwatson{ 1605173138Srwatson struct mac_biba *subj, *obj; 1606122875Srwatson 1607172955Srwatson if (!biba_enabled) 1608122875Srwatson return (0); 1609122875Srwatson 1610173138Srwatson subj = SLOT(cred->cr_label); 1611173138Srwatson obj = SLOT(kslabel); 1612122875Srwatson 1613173138Srwatson if (!biba_dominate_effective(subj, obj)) 1614173138Srwatson return (EACCES); 1615173138Srwatson 1616173138Srwatson return (0); 1617122875Srwatson} 1618122875Srwatson 1619122875Srwatsonstatic int 1620180059Sjhbbiba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1621180059Sjhb struct ksem *ks, struct label *kslabel) 1622140628Srwatson{ 1623140628Srwatson struct mac_biba *subj, *obj; 1624140628Srwatson 1625172955Srwatson if (!biba_enabled) 1626140628Srwatson return (0); 1627140628Srwatson 1628180059Sjhb subj = SLOT(active_cred->cr_label); 1629173138Srwatson obj = SLOT(kslabel); 1630140628Srwatson 1631180059Sjhb if (!biba_dominate_effective(subj, obj)) 1632180059Sjhb return (EACCES); 1633180059Sjhb 1634180059Sjhb return (0); 1635180059Sjhb} 1636180059Sjhb 1637180059Sjhbstatic int 1638180059Sjhbbiba_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred, 1639180059Sjhb struct ksem *ks, struct label *kslabel) 1640180059Sjhb{ 1641180059Sjhb struct mac_biba *subj, *obj; 1642180059Sjhb 1643180059Sjhb if (!biba_enabled) 1644180059Sjhb return (0); 1645180059Sjhb 1646180059Sjhb subj = SLOT(active_cred->cr_label); 1647180059Sjhb obj = SLOT(kslabel); 1648180059Sjhb 1649172955Srwatson if (!biba_dominate_effective(obj, subj)) 1650140628Srwatson return (EACCES); 1651140628Srwatson 1652140628Srwatson return (0); 1653140628Srwatson} 1654140628Srwatson 1655173138Srwatsonstatic void 1656173138Srwatsonbiba_posixsem_create(struct ucred *cred, struct ksem *ks, 1657173138Srwatson struct label *kslabel) 1658173138Srwatson{ 1659173138Srwatson struct mac_biba *source, *dest; 1660173138Srwatson 1661173138Srwatson source = SLOT(cred->cr_label); 1662173138Srwatson dest = SLOT(kslabel); 1663173138Srwatson 1664173138Srwatson biba_copy_effective(source, dest); 1665173138Srwatson} 1666173138Srwatson 1667173138Srwatson/* 1668173138Srwatson * Some system privileges are allowed regardless of integrity grade; others 1669173138Srwatson * are allowed only when running with privilege with respect to the Biba 1670173138Srwatson * policy as they might otherwise allow bypassing of the integrity policy. 1671173138Srwatson */ 1672140628Srwatsonstatic int 1673173138Srwatsonbiba_priv_check(struct ucred *cred, int priv) 1674140628Srwatson{ 1675173138Srwatson struct mac_biba *subj; 1676173138Srwatson int error; 1677140628Srwatson 1678172955Srwatson if (!biba_enabled) 1679140628Srwatson return (0); 1680140628Srwatson 1681173138Srwatson /* 1682173138Srwatson * Exempt only specific privileges from the Biba integrity policy. 1683173138Srwatson */ 1684173138Srwatson switch (priv) { 1685173138Srwatson case PRIV_KTRACE: 1686173138Srwatson case PRIV_MSGBUF: 1687140628Srwatson 1688173138Srwatson /* 1689173138Srwatson * Allow processes to manipulate basic process audit properties, and 1690173138Srwatson * to submit audit records. 1691173138Srwatson */ 1692173138Srwatson case PRIV_AUDIT_GETAUDIT: 1693173138Srwatson case PRIV_AUDIT_SETAUDIT: 1694173138Srwatson case PRIV_AUDIT_SUBMIT: 1695140628Srwatson 1696173138Srwatson /* 1697173138Srwatson * Allow processes to manipulate their regular UNIX credentials. 1698173138Srwatson */ 1699173138Srwatson case PRIV_CRED_SETUID: 1700173138Srwatson case PRIV_CRED_SETEUID: 1701173138Srwatson case PRIV_CRED_SETGID: 1702173138Srwatson case PRIV_CRED_SETEGID: 1703173138Srwatson case PRIV_CRED_SETGROUPS: 1704173138Srwatson case PRIV_CRED_SETREUID: 1705173138Srwatson case PRIV_CRED_SETREGID: 1706173138Srwatson case PRIV_CRED_SETRESUID: 1707173138Srwatson case PRIV_CRED_SETRESGID: 1708173138Srwatson 1709173138Srwatson /* 1710173138Srwatson * Allow processes to perform system monitoring. 1711173138Srwatson */ 1712173138Srwatson case PRIV_SEEOTHERGIDS: 1713173138Srwatson case PRIV_SEEOTHERUIDS: 1714173138Srwatson break; 1715173138Srwatson 1716173138Srwatson /* 1717173138Srwatson * Allow access to general process debugging facilities. We 1718173138Srwatson * separately control debugging based on MAC label. 1719173138Srwatson */ 1720173138Srwatson case PRIV_DEBUG_DIFFCRED: 1721173138Srwatson case PRIV_DEBUG_SUGID: 1722173138Srwatson case PRIV_DEBUG_UNPRIV: 1723173138Srwatson 1724173138Srwatson /* 1725173138Srwatson * Allow manipulating jails. 1726173138Srwatson */ 1727173138Srwatson case PRIV_JAIL_ATTACH: 1728173138Srwatson 1729173138Srwatson /* 1730173138Srwatson * Allow privilege with respect to the Partition policy, but not the 1731173138Srwatson * Privs policy. 1732173138Srwatson */ 1733173138Srwatson case PRIV_MAC_PARTITION: 1734173138Srwatson 1735173138Srwatson /* 1736173138Srwatson * Allow privilege with respect to process resource limits and login 1737173138Srwatson * context. 1738173138Srwatson */ 1739173138Srwatson case PRIV_PROC_LIMIT: 1740173138Srwatson case PRIV_PROC_SETLOGIN: 1741173138Srwatson case PRIV_PROC_SETRLIMIT: 1742173138Srwatson 1743173138Srwatson /* 1744173138Srwatson * Allow System V and POSIX IPC privileges. 1745173138Srwatson */ 1746173138Srwatson case PRIV_IPC_READ: 1747173138Srwatson case PRIV_IPC_WRITE: 1748173138Srwatson case PRIV_IPC_ADMIN: 1749173138Srwatson case PRIV_IPC_MSGSIZE: 1750173138Srwatson case PRIV_MQ_ADMIN: 1751173138Srwatson 1752173138Srwatson /* 1753173138Srwatson * Allow certain scheduler manipulations -- possibly this should be 1754173138Srwatson * controlled by more fine-grained policy, as potentially low 1755173138Srwatson * integrity processes can deny CPU to higher integrity ones. 1756173138Srwatson */ 1757173138Srwatson case PRIV_SCHED_DIFFCRED: 1758173138Srwatson case PRIV_SCHED_SETPRIORITY: 1759173138Srwatson case PRIV_SCHED_RTPRIO: 1760173138Srwatson case PRIV_SCHED_SETPOLICY: 1761173138Srwatson case PRIV_SCHED_SET: 1762173138Srwatson case PRIV_SCHED_SETPARAM: 1763173138Srwatson 1764173138Srwatson /* 1765173138Srwatson * More IPC privileges. 1766173138Srwatson */ 1767173138Srwatson case PRIV_SEM_WRITE: 1768173138Srwatson 1769173138Srwatson /* 1770173138Srwatson * Allow signaling privileges subject to integrity policy. 1771173138Srwatson */ 1772173138Srwatson case PRIV_SIGNAL_DIFFCRED: 1773173138Srwatson case PRIV_SIGNAL_SUGID: 1774173138Srwatson 1775173138Srwatson /* 1776173138Srwatson * Allow access to only limited sysctls from lower integrity levels; 1777173138Srwatson * piggy-back on the Jail definition. 1778173138Srwatson */ 1779173138Srwatson case PRIV_SYSCTL_WRITEJAIL: 1780173138Srwatson 1781173138Srwatson /* 1782173138Srwatson * Allow TTY-based privileges, subject to general device access using 1783173138Srwatson * labels on TTY device nodes, but not console privilege. 1784173138Srwatson */ 1785173138Srwatson case PRIV_TTY_DRAINWAIT: 1786173138Srwatson case PRIV_TTY_DTRWAIT: 1787173138Srwatson case PRIV_TTY_EXCLUSIVE: 1788173138Srwatson case PRIV_TTY_PRISON: 1789173138Srwatson case PRIV_TTY_STI: 1790173138Srwatson case PRIV_TTY_SETA: 1791173138Srwatson 1792173138Srwatson /* 1793173138Srwatson * Grant most VFS privileges, as almost all are in practice bounded 1794173138Srwatson * by more specific checks using labels. 1795173138Srwatson */ 1796173138Srwatson case PRIV_VFS_READ: 1797173138Srwatson case PRIV_VFS_WRITE: 1798173138Srwatson case PRIV_VFS_ADMIN: 1799173138Srwatson case PRIV_VFS_EXEC: 1800173138Srwatson case PRIV_VFS_LOOKUP: 1801173138Srwatson case PRIV_VFS_CHFLAGS_DEV: 1802173138Srwatson case PRIV_VFS_CHOWN: 1803173138Srwatson case PRIV_VFS_CHROOT: 1804173138Srwatson case PRIV_VFS_RETAINSUGID: 1805173138Srwatson case PRIV_VFS_EXCEEDQUOTA: 1806173138Srwatson case PRIV_VFS_FCHROOT: 1807173138Srwatson case PRIV_VFS_FHOPEN: 1808173138Srwatson case PRIV_VFS_FHSTATFS: 1809173138Srwatson case PRIV_VFS_GENERATION: 1810173138Srwatson case PRIV_VFS_GETFH: 1811173138Srwatson case PRIV_VFS_GETQUOTA: 1812173138Srwatson case PRIV_VFS_LINK: 1813173138Srwatson case PRIV_VFS_MOUNT: 1814173138Srwatson case PRIV_VFS_MOUNT_OWNER: 1815173138Srwatson case PRIV_VFS_MOUNT_PERM: 1816173138Srwatson case PRIV_VFS_MOUNT_SUIDDIR: 1817173138Srwatson case PRIV_VFS_MOUNT_NONUSER: 1818173138Srwatson case PRIV_VFS_SETGID: 1819173138Srwatson case PRIV_VFS_STICKYFILE: 1820173138Srwatson case PRIV_VFS_SYSFLAGS: 1821173138Srwatson case PRIV_VFS_UNMOUNT: 1822173138Srwatson 1823173138Srwatson /* 1824173138Srwatson * Allow VM privileges; it would be nice if these were subject to 1825173138Srwatson * resource limits. 1826173138Srwatson */ 1827173138Srwatson case PRIV_VM_MADV_PROTECT: 1828173138Srwatson case PRIV_VM_MLOCK: 1829173138Srwatson case PRIV_VM_MUNLOCK: 1830173138Srwatson 1831173138Srwatson /* 1832173138Srwatson * Allow some but not all network privileges. In general, dont allow 1833173138Srwatson * reconfiguring the network stack, just normal use. 1834173138Srwatson */ 1835173138Srwatson case PRIV_NETATALK_RESERVEDPORT: 1836173138Srwatson case PRIV_NETINET_RESERVEDPORT: 1837173138Srwatson case PRIV_NETINET_RAW: 1838173138Srwatson case PRIV_NETINET_REUSEPORT: 1839173138Srwatson case PRIV_NETIPX_RESERVEDPORT: 1840173138Srwatson case PRIV_NETIPX_RAW: 1841173138Srwatson break; 1842173138Srwatson 1843173138Srwatson /* 1844173138Srwatson * All remaining system privileges are allow only if the process 1845173138Srwatson * holds privilege with respect to the Biba policy. 1846173138Srwatson */ 1847173138Srwatson default: 1848173138Srwatson subj = SLOT(cred->cr_label); 1849173138Srwatson error = biba_subject_privileged(subj); 1850173138Srwatson if (error) 1851173138Srwatson return (error); 1852173138Srwatson } 1853140628Srwatson return (0); 1854140628Srwatson} 1855140628Srwatson 1856140628Srwatsonstatic int 1857173138Srwatsonbiba_proc_check_debug(struct ucred *cred, struct proc *p) 1858140628Srwatson{ 1859140628Srwatson struct mac_biba *subj, *obj; 1860140628Srwatson 1861172955Srwatson if (!biba_enabled) 1862140628Srwatson return (0); 1863140628Srwatson 1864140628Srwatson subj = SLOT(cred->cr_label); 1865173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1866140628Srwatson 1867173138Srwatson /* XXX: range checks */ 1868172955Srwatson if (!biba_dominate_effective(obj, subj)) 1869173138Srwatson return (ESRCH); 1870173138Srwatson if (!biba_dominate_effective(subj, obj)) 1871140628Srwatson return (EACCES); 1872140628Srwatson 1873140628Srwatson return (0); 1874140628Srwatson} 1875140628Srwatson 1876140628Srwatsonstatic int 1877173138Srwatsonbiba_proc_check_sched(struct ucred *cred, struct proc *p) 1878140628Srwatson{ 1879140628Srwatson struct mac_biba *subj, *obj; 1880140628Srwatson 1881172955Srwatson if (!biba_enabled) 1882140628Srwatson return (0); 1883140628Srwatson 1884140628Srwatson subj = SLOT(cred->cr_label); 1885173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1886140628Srwatson 1887173138Srwatson /* XXX: range checks */ 1888173138Srwatson if (!biba_dominate_effective(obj, subj)) 1889173138Srwatson return (ESRCH); 1890172955Srwatson if (!biba_dominate_effective(subj, obj)) 1891140628Srwatson return (EACCES); 1892140628Srwatson 1893140628Srwatson return (0); 1894140628Srwatson} 1895140628Srwatson 1896140628Srwatsonstatic int 1897173138Srwatsonbiba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1898140628Srwatson{ 1899140628Srwatson struct mac_biba *subj, *obj; 1900140628Srwatson 1901172955Srwatson if (!biba_enabled) 1902140628Srwatson return (0); 1903140628Srwatson 1904140628Srwatson subj = SLOT(cred->cr_label); 1905173138Srwatson obj = SLOT(p->p_ucred->cr_label); 1906140628Srwatson 1907173138Srwatson /* XXX: range checks */ 1908172955Srwatson if (!biba_dominate_effective(obj, subj)) 1909173138Srwatson return (ESRCH); 1910173138Srwatson if (!biba_dominate_effective(subj, obj)) 1911140628Srwatson return (EACCES); 1912140628Srwatson 1913140628Srwatson return (0); 1914140628Srwatson} 1915140628Srwatson 1916140628Srwatsonstatic int 1917173138Srwatsonbiba_socket_check_deliver(struct socket *so, struct label *solabel, 1918173138Srwatson struct mbuf *m, struct label *mlabel) 1919140628Srwatson{ 1920173138Srwatson struct mac_biba *p, *s; 1921140628Srwatson 1922172955Srwatson if (!biba_enabled) 1923140628Srwatson return (0); 1924140628Srwatson 1925173138Srwatson p = SLOT(mlabel); 1926173138Srwatson s = SLOT(solabel); 1927140628Srwatson 1928173138Srwatson return (biba_equal_effective(p, s) ? 0 : EACCES); 1929173138Srwatson} 1930140628Srwatson 1931140628Srwatsonstatic int 1932173138Srwatsonbiba_socket_check_relabel(struct ucred *cred, struct socket *so, 1933173138Srwatson struct label *solabel, struct label *newlabel) 1934140628Srwatson{ 1935173138Srwatson struct mac_biba *subj, *obj, *new; 1936173138Srwatson int error; 1937140628Srwatson 1938173138Srwatson new = SLOT(newlabel); 1939140628Srwatson subj = SLOT(cred->cr_label); 1940173138Srwatson obj = SLOT(solabel); 1941140628Srwatson 1942173138Srwatson /* 1943173138Srwatson * If there is a Biba label update for the socket, it may be an 1944173138Srwatson * update of effective. 1945173138Srwatson */ 1946173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1947173138Srwatson if (error) 1948173138Srwatson return (error); 1949140628Srwatson 1950173138Srwatson /* 1951173138Srwatson * To relabel a socket, the old socket effective must be in the 1952173138Srwatson * subject range. 1953173138Srwatson */ 1954173138Srwatson if (!biba_effective_in_range(obj, subj)) 1955173138Srwatson return (EPERM); 1956140628Srwatson 1957173138Srwatson /* 1958173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 1959173138Srwatson */ 1960173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1961173138Srwatson /* 1962173138Srwatson * To relabel a socket, the new socket effective must be in 1963173138Srwatson * the subject range. 1964173138Srwatson */ 1965173138Srwatson if (!biba_effective_in_range(new, subj)) 1966173138Srwatson return (EPERM); 1967173138Srwatson 1968173138Srwatson /* 1969173138Srwatson * To change the Biba label on the socket to contain EQUAL, 1970173138Srwatson * the subject must have appropriate privilege. 1971173138Srwatson */ 1972173138Srwatson if (biba_contains_equal(new)) { 1973173138Srwatson error = biba_subject_privileged(subj); 1974173138Srwatson if (error) 1975173138Srwatson return (error); 1976173138Srwatson } 1977140628Srwatson } 1978140628Srwatson 1979140628Srwatson return (0); 1980140628Srwatson} 1981140628Srwatson 1982140628Srwatsonstatic int 1983173138Srwatsonbiba_socket_check_visible(struct ucred *cred, struct socket *so, 1984173138Srwatson struct label *solabel) 1985140628Srwatson{ 1986140628Srwatson struct mac_biba *subj, *obj; 1987140628Srwatson 1988172955Srwatson if (!biba_enabled) 1989140628Srwatson return (0); 1990140628Srwatson 1991140628Srwatson subj = SLOT(cred->cr_label); 1992173138Srwatson obj = SLOT(solabel); 1993140628Srwatson 1994172955Srwatson if (!biba_dominate_effective(obj, subj)) 1995173138Srwatson return (ENOENT); 1996140628Srwatson 1997140628Srwatson return (0); 1998140628Srwatson} 1999140628Srwatson 2000173138Srwatsonstatic void 2001173138Srwatsonbiba_socket_create(struct ucred *cred, struct socket *so, 2002173138Srwatson struct label *solabel) 2003140628Srwatson{ 2004173138Srwatson struct mac_biba *source, *dest; 2005140628Srwatson 2006173138Srwatson source = SLOT(cred->cr_label); 2007173138Srwatson dest = SLOT(solabel); 2008140628Srwatson 2009173138Srwatson biba_copy_effective(source, dest); 2010173138Srwatson} 2011140628Srwatson 2012173138Srwatsonstatic void 2013173138Srwatsonbiba_socket_create_mbuf(struct socket *so, struct label *solabel, 2014173138Srwatson struct mbuf *m, struct label *mlabel) 2015173138Srwatson{ 2016173138Srwatson struct mac_biba *source, *dest; 2017140628Srwatson 2018173138Srwatson source = SLOT(solabel); 2019173138Srwatson dest = SLOT(mlabel); 2020140628Srwatson 2021173138Srwatson biba_copy_effective(source, dest); 2022140628Srwatson} 2023140628Srwatson 2024173138Srwatsonstatic void 2025173138Srwatsonbiba_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2026173138Srwatson struct socket *newso, struct label *newsolabel) 2027140628Srwatson{ 2028173138Srwatson struct mac_biba *source, *dest; 2029140628Srwatson 2030173138Srwatson source = SLOT(oldsolabel); 2031173138Srwatson dest = SLOT(newsolabel); 2032140628Srwatson 2033173138Srwatson biba_copy_effective(source, dest); 2034140628Srwatson} 2035140628Srwatson 2036173138Srwatsonstatic void 2037173138Srwatsonbiba_socket_relabel(struct ucred *cred, struct socket *so, 2038173138Srwatson struct label *solabel, struct label *newlabel) 2039140628Srwatson{ 2040173138Srwatson struct mac_biba *source, *dest; 2041140628Srwatson 2042173138Srwatson source = SLOT(newlabel); 2043173138Srwatson dest = SLOT(solabel); 2044140628Srwatson 2045173138Srwatson biba_copy(source, dest); 2046173138Srwatson} 2047140628Srwatson 2048173138Srwatsonstatic void 2049173138Srwatsonbiba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2050173138Srwatson struct socket *so, struct label *sopeerlabel) 2051173138Srwatson{ 2052173138Srwatson struct mac_biba *source, *dest; 2053140628Srwatson 2054173138Srwatson source = SLOT(mlabel); 2055173138Srwatson dest = SLOT(sopeerlabel); 2056140628Srwatson 2057173138Srwatson biba_copy_effective(source, dest); 2058140628Srwatson} 2059140628Srwatson 2060173138Srwatsonstatic void 2061173138Srwatsonbiba_socketpeer_set_from_socket(struct socket *oldso, 2062173138Srwatson struct label *oldsolabel, struct socket *newso, 2063173138Srwatson struct label *newsopeerlabel) 2064140628Srwatson{ 2065173138Srwatson struct mac_biba *source, *dest; 2066140628Srwatson 2067173138Srwatson source = SLOT(oldsolabel); 2068173138Srwatson dest = SLOT(newsopeerlabel); 2069140628Srwatson 2070173138Srwatson biba_copy_effective(source, dest); 2071173138Srwatson} 2072140628Srwatson 2073173138Srwatsonstatic void 2074173138Srwatsonbiba_syncache_create(struct label *label, struct inpcb *inp) 2075173138Srwatson{ 2076173138Srwatson struct mac_biba *source, *dest; 2077140628Srwatson 2078173138Srwatson source = SLOT(inp->inp_label); 2079173138Srwatson dest = SLOT(label); 2080173138Srwatson biba_copy_effective(source, dest); 2081140628Srwatson} 2082140628Srwatson 2083173138Srwatsonstatic void 2084173138Srwatsonbiba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2085173138Srwatson struct label *mlabel) 2086173138Srwatson{ 2087173138Srwatson struct mac_biba *source, *dest; 2088173138Srwatson 2089173138Srwatson source = SLOT(sc_label); 2090173138Srwatson dest = SLOT(mlabel); 2091173138Srwatson biba_copy_effective(source, dest); 2092173138Srwatson} 2093173138Srwatson 2094140628Srwatsonstatic int 2095173138Srwatsonbiba_system_check_acct(struct ucred *cred, struct vnode *vp, 2096168976Srwatson struct label *vplabel) 2097110354Srwatson{ 2098110354Srwatson struct mac_biba *subj, *obj; 2099110354Srwatson int error; 2100110354Srwatson 2101172955Srwatson if (!biba_enabled) 2102110354Srwatson return (0); 2103110354Srwatson 2104122524Srwatson subj = SLOT(cred->cr_label); 2105110354Srwatson 2106172955Srwatson error = biba_subject_privileged(subj); 2107110354Srwatson if (error) 2108110354Srwatson return (error); 2109110354Srwatson 2110173138Srwatson if (vplabel == NULL) 2111173138Srwatson return (0); 2112173138Srwatson 2113168976Srwatson obj = SLOT(vplabel); 2114172955Srwatson if (!biba_high_effective(obj)) 2115110354Srwatson return (EACCES); 2116110354Srwatson 2117110354Srwatson return (0); 2118110354Srwatson} 2119110354Srwatson 2120110354Srwatsonstatic int 2121173138Srwatsonbiba_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2122173138Srwatson struct label *vplabel) 2123101099Srwatson{ 2124101099Srwatson struct mac_biba *subj, *obj; 2125173138Srwatson int error; 2126101099Srwatson 2127172955Srwatson if (!biba_enabled) 2128101099Srwatson return (0); 2129101099Srwatson 2130122524Srwatson subj = SLOT(cred->cr_label); 2131101099Srwatson 2132173138Srwatson error = biba_subject_privileged(subj); 2133173138Srwatson if (error) 2134173138Srwatson return (error); 2135173138Srwatson 2136173138Srwatson if (vplabel == NULL) 2137173138Srwatson return (0); 2138173138Srwatson 2139173138Srwatson obj = SLOT(vplabel); 2140173138Srwatson if (!biba_high_effective(obj)) 2141101099Srwatson return (EACCES); 2142101099Srwatson 2143101099Srwatson return (0); 2144101099Srwatson} 2145101099Srwatson 2146101099Srwatsonstatic int 2147173138Srwatsonbiba_system_check_auditon(struct ucred *cred, int cmd) 2148101099Srwatson{ 2149173138Srwatson struct mac_biba *subj; 2150173138Srwatson int error; 2151103759Srwatson 2152173138Srwatson if (!biba_enabled) 2153101099Srwatson return (0); 2154101099Srwatson 2155173138Srwatson subj = SLOT(cred->cr_label); 2156101099Srwatson 2157173138Srwatson error = biba_subject_privileged(subj); 2158173138Srwatson if (error) 2159173138Srwatson return (error); 2160173138Srwatson 2161101099Srwatson return (0); 2162101099Srwatson} 2163101099Srwatson 2164101099Srwatsonstatic int 2165173138Srwatsonbiba_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2166173138Srwatson struct label *label) 2167101099Srwatson{ 2168173138Srwatson struct mac_biba *subj; 2169173138Srwatson int error; 2170101099Srwatson 2171172955Srwatson if (!biba_enabled) 2172101099Srwatson return (0); 2173101099Srwatson 2174122524Srwatson subj = SLOT(cred->cr_label); 2175101099Srwatson 2176173138Srwatson error = biba_subject_privileged(subj); 2177173138Srwatson if (error) 2178173138Srwatson return (error); 2179101099Srwatson 2180101099Srwatson return (0); 2181101099Srwatson} 2182101099Srwatson 2183101099Srwatsonstatic int 2184173138Srwatsonbiba_system_check_swapon(struct ucred *cred, struct vnode *vp, 2185173138Srwatson struct label *vplabel) 2186102115Srwatson{ 2187102115Srwatson struct mac_biba *subj, *obj; 2188173138Srwatson int error; 2189102115Srwatson 2190172955Srwatson if (!biba_enabled) 2191102115Srwatson return (0); 2192102115Srwatson 2193122524Srwatson subj = SLOT(cred->cr_label); 2194173138Srwatson obj = SLOT(vplabel); 2195102115Srwatson 2196173138Srwatson error = biba_subject_privileged(subj); 2197173138Srwatson if (error) 2198173138Srwatson return (error); 2199173138Srwatson 2200173138Srwatson if (!biba_high_effective(obj)) 2201102115Srwatson return (EACCES); 2202102115Srwatson 2203102115Srwatson return (0); 2204102115Srwatson} 2205102115Srwatson 2206102115Srwatsonstatic int 2207173138Srwatsonbiba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2208173138Srwatson void *arg1, int arg2, struct sysctl_req *req) 2209101099Srwatson{ 2210173138Srwatson struct mac_biba *subj; 2211105634Srwatson int error; 2212101099Srwatson 2213173138Srwatson if (!biba_enabled) 2214173138Srwatson return (0); 2215173138Srwatson 2216122524Srwatson subj = SLOT(cred->cr_label); 2217101099Srwatson 2218101099Srwatson /* 2219173138Srwatson * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, 2220173138Srwatson * but also require privilege to change them. 2221101099Srwatson */ 2222173138Srwatson if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2223173138Srwatson if (!biba_subject_dominate_high(subj)) 2224173138Srwatson return (EACCES); 2225101099Srwatson 2226173138Srwatson error = biba_subject_privileged(subj); 2227173138Srwatson if (error) 2228173138Srwatson return (error); 2229105634Srwatson } 2230105634Srwatson 2231101099Srwatson return (0); 2232101099Srwatson} 2233101099Srwatson 2234173138Srwatsonstatic void 2235173138Srwatsonbiba_sysvmsg_cleanup(struct label *msglabel) 2236102115Srwatson{ 2237102115Srwatson 2238173138Srwatson bzero(SLOT(msglabel), sizeof(struct mac_biba)); 2239173138Srwatson} 2240102115Srwatson 2241173138Srwatsonstatic void 2242173138Srwatsonbiba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2243173138Srwatson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2244173138Srwatson{ 2245173138Srwatson struct mac_biba *source, *dest; 2246102115Srwatson 2247173138Srwatson /* Ignore the msgq label */ 2248173138Srwatson source = SLOT(cred->cr_label); 2249173138Srwatson dest = SLOT(msglabel); 2250102115Srwatson 2251173138Srwatson biba_copy_effective(source, dest); 2252102115Srwatson} 2253102115Srwatson 2254102115Srwatsonstatic int 2255173138Srwatsonbiba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2256173138Srwatson struct label *msglabel) 2257102115Srwatson{ 2258102115Srwatson struct mac_biba *subj, *obj; 2259102115Srwatson 2260172955Srwatson if (!biba_enabled) 2261102115Srwatson return (0); 2262102115Srwatson 2263122524Srwatson subj = SLOT(cred->cr_label); 2264173138Srwatson obj = SLOT(msglabel); 2265102115Srwatson 2266173138Srwatson if (!biba_dominate_effective(obj, subj)) 2267102115Srwatson return (EACCES); 2268102115Srwatson 2269102115Srwatson return (0); 2270102115Srwatson} 2271102115Srwatson 2272102115Srwatsonstatic int 2273173138Srwatsonbiba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2274173138Srwatson struct label *msglabel) 2275145855Srwatson{ 2276145855Srwatson struct mac_biba *subj, *obj; 2277145855Srwatson 2278172955Srwatson if (!biba_enabled) 2279145855Srwatson return (0); 2280145855Srwatson 2281145855Srwatson subj = SLOT(cred->cr_label); 2282173138Srwatson obj = SLOT(msglabel); 2283145855Srwatson 2284172955Srwatson if (!biba_dominate_effective(subj, obj)) 2285145855Srwatson return (EACCES); 2286145855Srwatson 2287145855Srwatson return (0); 2288145855Srwatson} 2289145855Srwatson 2290145855Srwatsonstatic int 2291173138Srwatsonbiba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 2292173138Srwatson struct label *msqklabel) 2293145855Srwatson{ 2294145855Srwatson struct mac_biba *subj, *obj; 2295145855Srwatson 2296172955Srwatson if (!biba_enabled) 2297145855Srwatson return (0); 2298145855Srwatson 2299145855Srwatson subj = SLOT(cred->cr_label); 2300173138Srwatson obj = SLOT(msqklabel); 2301145855Srwatson 2302172955Srwatson if (!biba_dominate_effective(obj, subj)) 2303145855Srwatson return (EACCES); 2304145855Srwatson 2305145855Srwatson return (0); 2306145855Srwatson} 2307145855Srwatson 2308145855Srwatsonstatic int 2309173138Srwatsonbiba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 2310173138Srwatson struct label *msqklabel) 2311101099Srwatson{ 2312101099Srwatson struct mac_biba *subj, *obj; 2313101099Srwatson 2314172955Srwatson if (!biba_enabled) 2315101099Srwatson return (0); 2316101099Srwatson 2317122524Srwatson subj = SLOT(cred->cr_label); 2318173138Srwatson obj = SLOT(msqklabel); 2319101099Srwatson 2320172955Srwatson if (!biba_dominate_effective(subj, obj)) 2321101099Srwatson return (EACCES); 2322101099Srwatson 2323101099Srwatson return (0); 2324101099Srwatson} 2325101099Srwatson 2326101099Srwatsonstatic int 2327173138Srwatsonbiba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 2328173138Srwatson struct label *msqklabel) 2329101099Srwatson{ 2330101099Srwatson struct mac_biba *subj, *obj; 2331103759Srwatson 2332172955Srwatson if (!biba_enabled) 2333101099Srwatson return (0); 2334101099Srwatson 2335122524Srwatson subj = SLOT(cred->cr_label); 2336173138Srwatson obj = SLOT(msqklabel); 2337103759Srwatson 2338172955Srwatson if (!biba_dominate_effective(obj, subj)) 2339101099Srwatson return (EACCES); 2340101099Srwatson 2341101099Srwatson return (0); 2342101099Srwatson} 2343101099Srwatson 2344101099Srwatsonstatic int 2345173138Srwatsonbiba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 2346173138Srwatson struct label *msqklabel, int cmd) 2347101099Srwatson{ 2348101099Srwatson struct mac_biba *subj, *obj; 2349103759Srwatson 2350172955Srwatson if (!biba_enabled) 2351101099Srwatson return (0); 2352101099Srwatson 2353122524Srwatson subj = SLOT(cred->cr_label); 2354173138Srwatson obj = SLOT(msqklabel); 2355103759Srwatson 2356173138Srwatson switch(cmd) { 2357173138Srwatson case IPC_RMID: 2358173138Srwatson case IPC_SET: 2359173138Srwatson if (!biba_dominate_effective(subj, obj)) 2360173138Srwatson return (EACCES); 2361173138Srwatson break; 2362173138Srwatson 2363173138Srwatson case IPC_STAT: 2364173138Srwatson if (!biba_dominate_effective(obj, subj)) 2365173138Srwatson return (EACCES); 2366173138Srwatson break; 2367173138Srwatson 2368173138Srwatson default: 2369101099Srwatson return (EACCES); 2370173138Srwatson } 2371101099Srwatson 2372101099Srwatson return (0); 2373101099Srwatson} 2374101099Srwatson 2375173138Srwatsonstatic void 2376173138Srwatsonbiba_sysvmsq_cleanup(struct label *msqlabel) 2377101099Srwatson{ 2378101099Srwatson 2379173138Srwatson bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 2380173138Srwatson} 2381101099Srwatson 2382173138Srwatsonstatic void 2383173138Srwatsonbiba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2384173138Srwatson struct label *msqlabel) 2385173138Srwatson{ 2386173138Srwatson struct mac_biba *source, *dest; 2387101099Srwatson 2388173138Srwatson source = SLOT(cred->cr_label); 2389173138Srwatson dest = SLOT(msqlabel); 2390173138Srwatson 2391173138Srwatson biba_copy_effective(source, dest); 2392101099Srwatson} 2393101099Srwatson 2394101099Srwatsonstatic int 2395173138Srwatsonbiba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 2396173138Srwatson struct label *semaklabel, int cmd) 2397101099Srwatson{ 2398173138Srwatson struct mac_biba *subj, *obj; 2399101099Srwatson 2400173138Srwatson if (!biba_enabled) 2401173138Srwatson return (0); 2402173138Srwatson 2403122524Srwatson subj = SLOT(cred->cr_label); 2404173138Srwatson obj = SLOT(semaklabel); 2405101099Srwatson 2406173138Srwatson switch(cmd) { 2407173138Srwatson case IPC_RMID: 2408173138Srwatson case IPC_SET: 2409173138Srwatson case SETVAL: 2410173138Srwatson case SETALL: 2411173138Srwatson if (!biba_dominate_effective(subj, obj)) 2412173138Srwatson return (EACCES); 2413173138Srwatson break; 2414101099Srwatson 2415173138Srwatson case IPC_STAT: 2416173138Srwatson case GETVAL: 2417173138Srwatson case GETPID: 2418173138Srwatson case GETNCNT: 2419173138Srwatson case GETZCNT: 2420173138Srwatson case GETALL: 2421173138Srwatson if (!biba_dominate_effective(obj, subj)) 2422173138Srwatson return (EACCES); 2423173138Srwatson break; 2424101099Srwatson 2425173138Srwatson default: 2426173138Srwatson return (EACCES); 2427105634Srwatson } 2428105634Srwatson 2429101099Srwatson return (0); 2430101099Srwatson} 2431101099Srwatson 2432101099Srwatsonstatic int 2433173138Srwatsonbiba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, 2434173138Srwatson struct label *semaklabel) 2435101099Srwatson{ 2436101099Srwatson struct mac_biba *subj, *obj; 2437101099Srwatson 2438172955Srwatson if (!biba_enabled) 2439105722Srwatson return (0); 2440105722Srwatson 2441122524Srwatson subj = SLOT(cred->cr_label); 2442173138Srwatson obj = SLOT(semaklabel); 2443101099Srwatson 2444172955Srwatson if (!biba_dominate_effective(obj, subj)) 2445173138Srwatson return (EACCES); 2446101099Srwatson 2447101099Srwatson return (0); 2448101099Srwatson} 2449101099Srwatson 2450101099Srwatsonstatic int 2451173138Srwatsonbiba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 2452173138Srwatson struct label *semaklabel, size_t accesstype) 2453112574Srwatson{ 2454173138Srwatson struct mac_biba *subj, *obj; 2455112574Srwatson 2456172955Srwatson if (!biba_enabled) 2457112574Srwatson return (0); 2458112574Srwatson 2459173138Srwatson subj = SLOT(cred->cr_label); 2460173138Srwatson obj = SLOT(semaklabel); 2461112574Srwatson 2462173138Srwatson if (accesstype & SEM_R) 2463173138Srwatson if (!biba_dominate_effective(obj, subj)) 2464173138Srwatson return (EACCES); 2465112574Srwatson 2466173138Srwatson if (accesstype & SEM_A) 2467173138Srwatson if (!biba_dominate_effective(subj, obj)) 2468173138Srwatson return (EACCES); 2469168951Srwatson 2470173138Srwatson return (0); 2471173138Srwatson} 2472168951Srwatson 2473173138Srwatsonstatic void 2474173138Srwatsonbiba_sysvsem_cleanup(struct label *semalabel) 2475173138Srwatson{ 2476168951Srwatson 2477173138Srwatson bzero(SLOT(semalabel), sizeof(struct mac_biba)); 2478173138Srwatson} 2479168951Srwatson 2480173138Srwatsonstatic void 2481173138Srwatsonbiba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2482173138Srwatson struct label *semalabel) 2483173138Srwatson{ 2484173138Srwatson struct mac_biba *source, *dest; 2485168951Srwatson 2486173138Srwatson source = SLOT(cred->cr_label); 2487173138Srwatson dest = SLOT(semalabel); 2488168951Srwatson 2489173138Srwatson biba_copy_effective(source, dest); 2490112574Srwatson} 2491112574Srwatson 2492112574Srwatsonstatic int 2493173138Srwatsonbiba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 2494173138Srwatson struct label *shmseglabel, int shmflg) 2495106418Srwatson{ 2496106418Srwatson struct mac_biba *subj, *obj; 2497106418Srwatson 2498172955Srwatson if (!biba_enabled) 2499106418Srwatson return (0); 2500106418Srwatson 2501122524Srwatson subj = SLOT(cred->cr_label); 2502173138Srwatson obj = SLOT(shmseglabel); 2503106418Srwatson 2504173138Srwatson if (!biba_dominate_effective(obj, subj)) 2505106418Srwatson return (EACCES); 2506173138Srwatson if ((shmflg & SHM_RDONLY) == 0) { 2507173138Srwatson if (!biba_dominate_effective(subj, obj)) 2508173138Srwatson return (EACCES); 2509173138Srwatson } 2510173138Srwatson 2511106418Srwatson return (0); 2512106418Srwatson} 2513106418Srwatson 2514106418Srwatsonstatic int 2515173138Srwatsonbiba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 2516173138Srwatson struct label *shmseglabel, int cmd) 2517168933Srwatson{ 2518168933Srwatson struct mac_biba *subj, *obj; 2519168933Srwatson 2520172955Srwatson if (!biba_enabled) 2521168933Srwatson return (0); 2522168933Srwatson 2523168933Srwatson subj = SLOT(cred->cr_label); 2524173138Srwatson obj = SLOT(shmseglabel); 2525168933Srwatson 2526173138Srwatson switch(cmd) { 2527173138Srwatson case IPC_RMID: 2528173138Srwatson case IPC_SET: 2529173138Srwatson if (!biba_dominate_effective(subj, obj)) 2530173138Srwatson return (EACCES); 2531173138Srwatson break; 2532168933Srwatson 2533173138Srwatson case IPC_STAT: 2534173138Srwatson case SHM_STAT: 2535173138Srwatson if (!biba_dominate_effective(obj, subj)) 2536173138Srwatson return (EACCES); 2537173138Srwatson break; 2538168933Srwatson 2539173138Srwatson default: 2540168933Srwatson return (EACCES); 2541173138Srwatson } 2542168933Srwatson 2543168933Srwatson return (0); 2544168933Srwatson} 2545168933Srwatson 2546168933Srwatsonstatic int 2547173138Srwatsonbiba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 2548173138Srwatson struct label *shmseglabel, int shmflg) 2549168933Srwatson{ 2550173138Srwatson struct mac_biba *subj, *obj; 2551168933Srwatson 2552172955Srwatson if (!biba_enabled) 2553168933Srwatson return (0); 2554168933Srwatson 2555168933Srwatson subj = SLOT(cred->cr_label); 2556173138Srwatson obj = SLOT(shmseglabel); 2557168933Srwatson 2558173138Srwatson if (!biba_dominate_effective(obj, subj)) 2559173138Srwatson return (EACCES); 2560168933Srwatson 2561168933Srwatson return (0); 2562168933Srwatson} 2563168933Srwatson 2564173138Srwatsonstatic void 2565173138Srwatsonbiba_sysvshm_cleanup(struct label *shmlabel) 2566106161Srwatson{ 2567106161Srwatson 2568173138Srwatson bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 2569173138Srwatson} 2570106161Srwatson 2571173138Srwatsonstatic void 2572173138Srwatsonbiba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2573173138Srwatson struct label *shmlabel) 2574173138Srwatson{ 2575173138Srwatson struct mac_biba *source, *dest; 2576106161Srwatson 2577173138Srwatson source = SLOT(cred->cr_label); 2578173138Srwatson dest = SLOT(shmlabel); 2579106161Srwatson 2580173138Srwatson biba_copy_effective(source, dest); 2581106161Srwatson} 2582106161Srwatson 2583106161Srwatsonstatic int 2584173138Srwatsonbiba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2585173138Srwatson struct vnode *vp, struct label *vplabel) 2586112574Srwatson{ 2587173138Srwatson struct mac_biba mb_temp, *source, *dest; 2588173138Srwatson int buflen, error; 2589112574Srwatson 2590173138Srwatson source = SLOT(mplabel); 2591173138Srwatson dest = SLOT(vplabel); 2592112574Srwatson 2593173138Srwatson buflen = sizeof(mb_temp); 2594173138Srwatson bzero(&mb_temp, buflen); 2595112574Srwatson 2596173138Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 2597173138Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); 2598173138Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 2599173138Srwatson /* Fall back to the mntlabel. */ 2600173138Srwatson biba_copy_effective(source, dest); 2601173138Srwatson return (0); 2602173138Srwatson } else if (error) 2603112574Srwatson return (error); 2604112574Srwatson 2605173138Srwatson if (buflen != sizeof(mb_temp)) { 2606173138Srwatson printf("biba_vnode_associate_extattr: bad size %d\n", 2607173138Srwatson buflen); 2608173138Srwatson return (EPERM); 2609173138Srwatson } 2610173138Srwatson if (biba_valid(&mb_temp) != 0) { 2611173138Srwatson printf("biba_vnode_associate_extattr: invalid\n"); 2612173138Srwatson return (EPERM); 2613173138Srwatson } 2614173138Srwatson if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != 2615173138Srwatson MAC_BIBA_FLAG_EFFECTIVE) { 2616173138Srwatson printf("biba_vnode_associate_extattr: not effective\n"); 2617173138Srwatson return (EPERM); 2618173138Srwatson } 2619173138Srwatson 2620173138Srwatson biba_copy_effective(&mb_temp, dest); 2621112574Srwatson return (0); 2622112574Srwatson} 2623112574Srwatson 2624173138Srwatsonstatic void 2625173138Srwatsonbiba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2626173138Srwatson struct vnode *vp, struct label *vplabel) 2627106161Srwatson{ 2628173138Srwatson struct mac_biba *source, *dest; 2629106161Srwatson 2630173138Srwatson source = SLOT(mplabel); 2631173138Srwatson dest = SLOT(vplabel); 2632106161Srwatson 2633173138Srwatson biba_copy_effective(source, dest); 2634106161Srwatson} 2635106161Srwatson 2636106161Srwatsonstatic int 2637172955Srwatsonbiba_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2638168976Srwatson struct label *dvplabel) 2639101099Srwatson{ 2640101099Srwatson struct mac_biba *subj, *obj; 2641101099Srwatson 2642172955Srwatson if (!biba_enabled) 2643101099Srwatson return (0); 2644101099Srwatson 2645122524Srwatson subj = SLOT(cred->cr_label); 2646168976Srwatson obj = SLOT(dvplabel); 2647101099Srwatson 2648172955Srwatson if (!biba_dominate_effective(obj, subj)) 2649101099Srwatson return (EACCES); 2650101099Srwatson 2651101099Srwatson return (0); 2652101099Srwatson} 2653101099Srwatson 2654101099Srwatsonstatic int 2655172955Srwatsonbiba_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2656168976Srwatson struct label *dvplabel) 2657101099Srwatson{ 2658101099Srwatson struct mac_biba *subj, *obj; 2659101099Srwatson 2660172955Srwatson if (!biba_enabled) 2661101099Srwatson return (0); 2662101099Srwatson 2663122524Srwatson subj = SLOT(cred->cr_label); 2664168976Srwatson obj = SLOT(dvplabel); 2665101099Srwatson 2666172955Srwatson if (!biba_dominate_effective(obj, subj)) 2667101099Srwatson return (EACCES); 2668101099Srwatson 2669101099Srwatson return (0); 2670101099Srwatson} 2671101099Srwatson 2672101099Srwatsonstatic int 2673172955Srwatsonbiba_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2674168976Srwatson struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2675101099Srwatson{ 2676101099Srwatson struct mac_biba *subj, *obj; 2677101099Srwatson 2678172955Srwatson if (!biba_enabled) 2679101099Srwatson return (0); 2680101099Srwatson 2681122524Srwatson subj = SLOT(cred->cr_label); 2682168976Srwatson obj = SLOT(dvplabel); 2683101099Srwatson 2684172955Srwatson if (!biba_dominate_effective(subj, obj)) 2685101099Srwatson return (EACCES); 2686101099Srwatson 2687101099Srwatson return (0); 2688101099Srwatson} 2689101099Srwatson 2690101099Srwatsonstatic int 2691172955Srwatsonbiba_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2692168976Srwatson struct label *vplabel, acl_type_t type) 2693101099Srwatson{ 2694101099Srwatson struct mac_biba *subj, *obj; 2695101099Srwatson 2696172955Srwatson if (!biba_enabled) 2697101099Srwatson return (0); 2698101099Srwatson 2699122524Srwatson subj = SLOT(cred->cr_label); 2700168976Srwatson obj = SLOT(vplabel); 2701101099Srwatson 2702172955Srwatson if (!biba_dominate_effective(subj, obj)) 2703101099Srwatson return (EACCES); 2704101099Srwatson 2705101099Srwatson return (0); 2706101099Srwatson} 2707101099Srwatson 2708101099Srwatsonstatic int 2709172955Srwatsonbiba_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2710168976Srwatson struct label *vplabel, int attrnamespace, const char *name) 2711119202Srwatson{ 2712119202Srwatson struct mac_biba *subj, *obj; 2713119202Srwatson 2714172955Srwatson if (!biba_enabled) 2715119202Srwatson return (0); 2716119202Srwatson 2717122524Srwatson subj = SLOT(cred->cr_label); 2718168976Srwatson obj = SLOT(vplabel); 2719119202Srwatson 2720172955Srwatson if (!biba_dominate_effective(subj, obj)) 2721119202Srwatson return (EACCES); 2722119202Srwatson 2723119202Srwatson return (0); 2724119202Srwatson} 2725119202Srwatson 2726119202Srwatsonstatic int 2727172955Srwatsonbiba_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2728168976Srwatson struct label *vplabel, struct image_params *imgp, 2729106648Srwatson struct label *execlabel) 2730101099Srwatson{ 2731106648Srwatson struct mac_biba *subj, *obj, *exec; 2732106648Srwatson int error; 2733101099Srwatson 2734106648Srwatson if (execlabel != NULL) { 2735106648Srwatson /* 2736106648Srwatson * We currently don't permit labels to be changed at 2737172955Srwatson * exec-time as part of Biba, so disallow non-NULL Biba label 2738172955Srwatson * elements in the execlabel. 2739106648Srwatson */ 2740106648Srwatson exec = SLOT(execlabel); 2741106648Srwatson error = biba_atmostflags(exec, 0); 2742106648Srwatson if (error) 2743106648Srwatson return (error); 2744106648Srwatson } 2745106648Srwatson 2746172955Srwatson if (!biba_enabled) 2747101099Srwatson return (0); 2748101099Srwatson 2749122524Srwatson subj = SLOT(cred->cr_label); 2750168976Srwatson obj = SLOT(vplabel); 2751101099Srwatson 2752172955Srwatson if (!biba_dominate_effective(obj, subj)) 2753101099Srwatson return (EACCES); 2754101099Srwatson 2755101099Srwatson return (0); 2756101099Srwatson} 2757101099Srwatson 2758101099Srwatsonstatic int 2759172955Srwatsonbiba_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2760168976Srwatson struct label *vplabel, acl_type_t type) 2761101099Srwatson{ 2762101099Srwatson struct mac_biba *subj, *obj; 2763101099Srwatson 2764172955Srwatson if (!biba_enabled) 2765101099Srwatson return (0); 2766101099Srwatson 2767122524Srwatson subj = SLOT(cred->cr_label); 2768168976Srwatson obj = SLOT(vplabel); 2769101099Srwatson 2770172955Srwatson if (!biba_dominate_effective(obj, subj)) 2771101099Srwatson return (EACCES); 2772101099Srwatson 2773101099Srwatson return (0); 2774101099Srwatson} 2775101099Srwatson 2776101099Srwatsonstatic int 2777172955Srwatsonbiba_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2778189533Srwatson struct label *vplabel, int attrnamespace, const char *name) 2779101099Srwatson{ 2780101099Srwatson struct mac_biba *subj, *obj; 2781101099Srwatson 2782172955Srwatson if (!biba_enabled) 2783101099Srwatson return (0); 2784101099Srwatson 2785122524Srwatson subj = SLOT(cred->cr_label); 2786168976Srwatson obj = SLOT(vplabel); 2787101099Srwatson 2788172955Srwatson if (!biba_dominate_effective(obj, subj)) 2789101099Srwatson return (EACCES); 2790101099Srwatson 2791101099Srwatson return (0); 2792101099Srwatson} 2793101099Srwatson 2794101099Srwatsonstatic int 2795172955Srwatsonbiba_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2796168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2797104530Srwatson struct componentname *cnp) 2798104530Srwatson{ 2799104530Srwatson struct mac_biba *subj, *obj; 2800104530Srwatson 2801172955Srwatson if (!biba_enabled) 2802104530Srwatson return (0); 2803104530Srwatson 2804122524Srwatson subj = SLOT(cred->cr_label); 2805168976Srwatson obj = SLOT(dvplabel); 2806104530Srwatson 2807172955Srwatson if (!biba_dominate_effective(subj, obj)) 2808104530Srwatson return (EACCES); 2809104530Srwatson 2810168976Srwatson obj = SLOT(vplabel); 2811104530Srwatson 2812172955Srwatson if (!biba_dominate_effective(subj, obj)) 2813104530Srwatson return (EACCES); 2814104530Srwatson 2815104530Srwatson return (0); 2816104530Srwatson} 2817104530Srwatson 2818104530Srwatsonstatic int 2819172955Srwatsonbiba_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2820168976Srwatson struct label *vplabel, int attrnamespace) 2821119202Srwatson{ 2822119202Srwatson struct mac_biba *subj, *obj; 2823119202Srwatson 2824172955Srwatson if (!biba_enabled) 2825119202Srwatson return (0); 2826119202Srwatson 2827122524Srwatson subj = SLOT(cred->cr_label); 2828168976Srwatson obj = SLOT(vplabel); 2829119202Srwatson 2830172955Srwatson if (!biba_dominate_effective(obj, subj)) 2831119202Srwatson return (EACCES); 2832119202Srwatson 2833119202Srwatson return (0); 2834119202Srwatson} 2835119202Srwatson 2836119202Srwatsonstatic int 2837172955Srwatsonbiba_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2838168976Srwatson struct label *dvplabel, struct componentname *cnp) 2839101099Srwatson{ 2840101099Srwatson struct mac_biba *subj, *obj; 2841103759Srwatson 2842172955Srwatson if (!biba_enabled) 2843101099Srwatson return (0); 2844103759Srwatson 2845122524Srwatson subj = SLOT(cred->cr_label); 2846168976Srwatson obj = SLOT(dvplabel); 2847103759Srwatson 2848172955Srwatson if (!biba_dominate_effective(obj, subj)) 2849101099Srwatson return (EACCES); 2850101099Srwatson 2851103759Srwatson return (0); 2852101099Srwatson} 2853101099Srwatson 2854101099Srwatsonstatic int 2855172955Srwatsonbiba_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2856168976Srwatson struct label *vplabel, int prot, int flags) 2857104546Srwatson{ 2858104546Srwatson struct mac_biba *subj, *obj; 2859104546Srwatson 2860104546Srwatson /* 2861104546Srwatson * Rely on the use of open()-time protections to handle 2862104546Srwatson * non-revocation cases. 2863104546Srwatson */ 2864172955Srwatson if (!biba_enabled || !revocation_enabled) 2865104546Srwatson return (0); 2866104546Srwatson 2867122524Srwatson subj = SLOT(cred->cr_label); 2868168976Srwatson obj = SLOT(vplabel); 2869104546Srwatson 2870104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 2871172955Srwatson if (!biba_dominate_effective(obj, subj)) 2872104546Srwatson return (EACCES); 2873104546Srwatson } 2874145076Scsjp if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 2875172955Srwatson if (!biba_dominate_effective(subj, obj)) 2876104546Srwatson return (EACCES); 2877104546Srwatson } 2878104546Srwatson 2879104569Srwatson return (0); 2880104546Srwatson} 2881104546Srwatson 2882104546Srwatsonstatic int 2883172955Srwatsonbiba_vnode_check_open(struct ucred *cred, struct vnode *vp, 2884184413Strasz struct label *vplabel, accmode_t accmode) 2885101099Srwatson{ 2886101099Srwatson struct mac_biba *subj, *obj; 2887101099Srwatson 2888172955Srwatson if (!biba_enabled) 2889101099Srwatson return (0); 2890101099Srwatson 2891122524Srwatson subj = SLOT(cred->cr_label); 2892168976Srwatson obj = SLOT(vplabel); 2893101099Srwatson 2894101099Srwatson /* XXX privilege override for admin? */ 2895184413Strasz if (accmode & (VREAD | VEXEC | VSTAT)) { 2896172955Srwatson if (!biba_dominate_effective(obj, subj)) 2897101099Srwatson return (EACCES); 2898101099Srwatson } 2899184413Strasz if (accmode & (VWRITE | VAPPEND | VADMIN)) { 2900172955Srwatson if (!biba_dominate_effective(subj, obj)) 2901101099Srwatson return (EACCES); 2902101099Srwatson } 2903101099Srwatson 2904101099Srwatson return (0); 2905101099Srwatson} 2906101099Srwatson 2907101099Srwatsonstatic int 2908172955Srwatsonbiba_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2909168976Srwatson struct vnode *vp, struct label *vplabel) 2910102112Srwatson{ 2911102112Srwatson struct mac_biba *subj, *obj; 2912102112Srwatson 2913172955Srwatson if (!biba_enabled || !revocation_enabled) 2914102112Srwatson return (0); 2915102112Srwatson 2916122524Srwatson subj = SLOT(active_cred->cr_label); 2917168976Srwatson obj = SLOT(vplabel); 2918102112Srwatson 2919172955Srwatson if (!biba_dominate_effective(obj, subj)) 2920102112Srwatson return (EACCES); 2921102112Srwatson 2922102112Srwatson return (0); 2923102112Srwatson} 2924102112Srwatson 2925102112Srwatsonstatic int 2926172955Srwatsonbiba_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2927168976Srwatson struct vnode *vp, struct label *vplabel) 2928102112Srwatson{ 2929102112Srwatson struct mac_biba *subj, *obj; 2930102112Srwatson 2931172955Srwatson if (!biba_enabled || !revocation_enabled) 2932102112Srwatson return (0); 2933102112Srwatson 2934122524Srwatson subj = SLOT(active_cred->cr_label); 2935168976Srwatson obj = SLOT(vplabel); 2936102112Srwatson 2937172955Srwatson if (!biba_dominate_effective(obj, subj)) 2938102112Srwatson return (EACCES); 2939102112Srwatson 2940102112Srwatson return (0); 2941102112Srwatson} 2942102112Srwatson 2943102112Srwatsonstatic int 2944172955Srwatsonbiba_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2945168976Srwatson struct label *dvplabel) 2946101099Srwatson{ 2947101099Srwatson struct mac_biba *subj, *obj; 2948101099Srwatson 2949172955Srwatson if (!biba_enabled) 2950101099Srwatson return (0); 2951101099Srwatson 2952122524Srwatson subj = SLOT(cred->cr_label); 2953168976Srwatson obj = SLOT(dvplabel); 2954101099Srwatson 2955172955Srwatson if (!biba_dominate_effective(obj, subj)) 2956101099Srwatson return (EACCES); 2957101099Srwatson 2958101099Srwatson return (0); 2959101099Srwatson} 2960101099Srwatson 2961101099Srwatsonstatic int 2962172955Srwatsonbiba_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2963168976Srwatson struct label *vplabel) 2964101099Srwatson{ 2965101099Srwatson struct mac_biba *subj, *obj; 2966101099Srwatson 2967172955Srwatson if (!biba_enabled) 2968101099Srwatson return (0); 2969101099Srwatson 2970122524Srwatson subj = SLOT(cred->cr_label); 2971168976Srwatson obj = SLOT(vplabel); 2972101099Srwatson 2973172955Srwatson if (!biba_dominate_effective(obj, subj)) 2974101099Srwatson return (EACCES); 2975101099Srwatson 2976101099Srwatson return (0); 2977101099Srwatson} 2978101099Srwatson 2979101099Srwatsonstatic int 2980172955Srwatsonbiba_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2981168976Srwatson struct label *vplabel, struct label *newlabel) 2982101099Srwatson{ 2983101099Srwatson struct mac_biba *old, *new, *subj; 2984105634Srwatson int error; 2985101099Srwatson 2986168976Srwatson old = SLOT(vplabel); 2987101099Srwatson new = SLOT(newlabel); 2988122524Srwatson subj = SLOT(cred->cr_label); 2989101099Srwatson 2990101099Srwatson /* 2991105634Srwatson * If there is a Biba label update for the vnode, it must be a 2992132232Srwatson * effective label. 2993101099Srwatson */ 2994132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2995105634Srwatson if (error) 2996105634Srwatson return (error); 2997101099Srwatson 2998101099Srwatson /* 2999105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 3000105634Srwatson * authorize the relabel. 3001101099Srwatson */ 3002172955Srwatson if (!biba_effective_in_range(old, subj)) 3003101099Srwatson return (EPERM); 3004101099Srwatson 3005101099Srwatson /* 3006105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 3007101099Srwatson */ 3008132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 3009105634Srwatson /* 3010105634Srwatson * To change the Biba label on a vnode, the new vnode label 3011105634Srwatson * must be in the subject range. 3012105634Srwatson */ 3013172955Srwatson if (!biba_effective_in_range(new, subj)) 3014105634Srwatson return (EPERM); 3015101099Srwatson 3016105634Srwatson /* 3017172955Srwatson * To change the Biba label on the vnode to be EQUAL, the 3018172955Srwatson * subject must have appropriate privilege. 3019105634Srwatson */ 3020172955Srwatson if (biba_contains_equal(new)) { 3021172955Srwatson error = biba_subject_privileged(subj); 3022105634Srwatson if (error) 3023105634Srwatson return (error); 3024105634Srwatson } 3025105634Srwatson } 3026105634Srwatson 3027105634Srwatson return (0); 3028101099Srwatson} 3029101099Srwatson 3030101099Srwatsonstatic int 3031172955Srwatsonbiba_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 3032168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3033101099Srwatson struct componentname *cnp) 3034101099Srwatson{ 3035101099Srwatson struct mac_biba *subj, *obj; 3036101099Srwatson 3037172955Srwatson if (!biba_enabled) 3038101099Srwatson return (0); 3039101099Srwatson 3040122524Srwatson subj = SLOT(cred->cr_label); 3041168976Srwatson obj = SLOT(dvplabel); 3042101099Srwatson 3043172955Srwatson if (!biba_dominate_effective(subj, obj)) 3044101099Srwatson return (EACCES); 3045101099Srwatson 3046168976Srwatson obj = SLOT(vplabel); 3047101099Srwatson 3048172955Srwatson if (!biba_dominate_effective(subj, obj)) 3049101099Srwatson return (EACCES); 3050101099Srwatson 3051101099Srwatson return (0); 3052101099Srwatson} 3053101099Srwatson 3054101099Srwatsonstatic int 3055172955Srwatsonbiba_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 3056168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3057168976Srwatson int samedir, struct componentname *cnp) 3058101099Srwatson{ 3059101099Srwatson struct mac_biba *subj, *obj; 3060101099Srwatson 3061172955Srwatson if (!biba_enabled) 3062101099Srwatson return (0); 3063101099Srwatson 3064122524Srwatson subj = SLOT(cred->cr_label); 3065168976Srwatson obj = SLOT(dvplabel); 3066101099Srwatson 3067172955Srwatson if (!biba_dominate_effective(subj, obj)) 3068101099Srwatson return (EACCES); 3069101099Srwatson 3070101099Srwatson if (vp != NULL) { 3071168976Srwatson obj = SLOT(vplabel); 3072101099Srwatson 3073172955Srwatson if (!biba_dominate_effective(subj, obj)) 3074101099Srwatson return (EACCES); 3075101099Srwatson } 3076101099Srwatson 3077101099Srwatson return (0); 3078101099Srwatson} 3079101099Srwatson 3080101099Srwatsonstatic int 3081172955Srwatsonbiba_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 3082168976Srwatson struct label *vplabel) 3083101099Srwatson{ 3084101099Srwatson struct mac_biba *subj, *obj; 3085101099Srwatson 3086172955Srwatson if (!biba_enabled) 3087101099Srwatson return (0); 3088101099Srwatson 3089122524Srwatson subj = SLOT(cred->cr_label); 3090168976Srwatson obj = SLOT(vplabel); 3091101099Srwatson 3092172955Srwatson if (!biba_dominate_effective(subj, obj)) 3093101099Srwatson return (EACCES); 3094101099Srwatson 3095101099Srwatson return (0); 3096101099Srwatson} 3097101099Srwatson 3098101099Srwatsonstatic int 3099172955Srwatsonbiba_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 3100168976Srwatson struct label *vplabel, acl_type_t type, struct acl *acl) 3101101099Srwatson{ 3102101099Srwatson struct mac_biba *subj, *obj; 3103101099Srwatson 3104172955Srwatson if (!biba_enabled) 3105101099Srwatson return (0); 3106101099Srwatson 3107122524Srwatson subj = SLOT(cred->cr_label); 3108168976Srwatson obj = SLOT(vplabel); 3109101099Srwatson 3110172955Srwatson if (!biba_dominate_effective(subj, obj)) 3111101099Srwatson return (EACCES); 3112101099Srwatson 3113101099Srwatson return (0); 3114101099Srwatson} 3115101099Srwatson 3116101099Srwatsonstatic int 3117172955Srwatsonbiba_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 3118189533Srwatson struct label *vplabel, int attrnamespace, const char *name) 3119101099Srwatson{ 3120101099Srwatson struct mac_biba *subj, *obj; 3121101099Srwatson 3122172955Srwatson if (!biba_enabled) 3123101099Srwatson return (0); 3124101099Srwatson 3125122524Srwatson subj = SLOT(cred->cr_label); 3126168976Srwatson obj = SLOT(vplabel); 3127101099Srwatson 3128172955Srwatson if (!biba_dominate_effective(subj, obj)) 3129101099Srwatson return (EACCES); 3130101099Srwatson 3131101099Srwatson /* XXX: protect the MAC EA in a special way? */ 3132101099Srwatson 3133101099Srwatson return (0); 3134101099Srwatson} 3135101099Srwatson 3136101099Srwatsonstatic int 3137172955Srwatsonbiba_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 3138168976Srwatson struct label *vplabel, u_long flags) 3139101099Srwatson{ 3140101099Srwatson struct mac_biba *subj, *obj; 3141101099Srwatson 3142172955Srwatson if (!biba_enabled) 3143101099Srwatson return (0); 3144101099Srwatson 3145122524Srwatson subj = SLOT(cred->cr_label); 3146168976Srwatson obj = SLOT(vplabel); 3147101099Srwatson 3148172955Srwatson if (!biba_dominate_effective(subj, obj)) 3149101099Srwatson return (EACCES); 3150101099Srwatson 3151101099Srwatson return (0); 3152101099Srwatson} 3153101099Srwatson 3154101099Srwatsonstatic int 3155172955Srwatsonbiba_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3156168976Srwatson struct label *vplabel, mode_t mode) 3157101099Srwatson{ 3158101099Srwatson struct mac_biba *subj, *obj; 3159101099Srwatson 3160172955Srwatson if (!biba_enabled) 3161101099Srwatson return (0); 3162101099Srwatson 3163122524Srwatson subj = SLOT(cred->cr_label); 3164168976Srwatson obj = SLOT(vplabel); 3165101099Srwatson 3166172955Srwatson if (!biba_dominate_effective(subj, obj)) 3167101099Srwatson return (EACCES); 3168101099Srwatson 3169101099Srwatson return (0); 3170101099Srwatson} 3171101099Srwatson 3172101099Srwatsonstatic int 3173172955Srwatsonbiba_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3174168976Srwatson struct label *vplabel, uid_t uid, gid_t gid) 3175101099Srwatson{ 3176101099Srwatson struct mac_biba *subj, *obj; 3177101099Srwatson 3178172955Srwatson if (!biba_enabled) 3179101099Srwatson return (0); 3180101099Srwatson 3181122524Srwatson subj = SLOT(cred->cr_label); 3182168976Srwatson obj = SLOT(vplabel); 3183101099Srwatson 3184172955Srwatson if (!biba_dominate_effective(subj, obj)) 3185101099Srwatson return (EACCES); 3186101099Srwatson 3187101099Srwatson return (0); 3188101099Srwatson} 3189101099Srwatson 3190101099Srwatsonstatic int 3191172955Srwatsonbiba_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3192168976Srwatson struct label *vplabel, struct timespec atime, struct timespec mtime) 3193101099Srwatson{ 3194101099Srwatson struct mac_biba *subj, *obj; 3195101099Srwatson 3196172955Srwatson if (!biba_enabled) 3197101099Srwatson return (0); 3198101099Srwatson 3199122524Srwatson subj = SLOT(cred->cr_label); 3200168976Srwatson obj = SLOT(vplabel); 3201101099Srwatson 3202172955Srwatson if (!biba_dominate_effective(subj, obj)) 3203101099Srwatson return (EACCES); 3204101099Srwatson 3205101099Srwatson return (0); 3206101099Srwatson} 3207101099Srwatson 3208101099Srwatsonstatic int 3209172955Srwatsonbiba_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3210168976Srwatson struct vnode *vp, struct label *vplabel) 3211101099Srwatson{ 3212101099Srwatson struct mac_biba *subj, *obj; 3213101099Srwatson 3214172955Srwatson if (!biba_enabled) 3215101099Srwatson return (0); 3216101099Srwatson 3217122524Srwatson subj = SLOT(active_cred->cr_label); 3218168976Srwatson obj = SLOT(vplabel); 3219101099Srwatson 3220172955Srwatson if (!biba_dominate_effective(obj, subj)) 3221101099Srwatson return (EACCES); 3222101099Srwatson 3223101099Srwatson return (0); 3224101099Srwatson} 3225101099Srwatson 3226102112Srwatsonstatic int 3227172955Srwatsonbiba_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3228172107Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3229172107Srwatson struct componentname *cnp) 3230172107Srwatson{ 3231172107Srwatson struct mac_biba *subj, *obj; 3232172107Srwatson 3233172955Srwatson if (!biba_enabled) 3234172107Srwatson return (0); 3235172107Srwatson 3236172107Srwatson subj = SLOT(cred->cr_label); 3237172107Srwatson obj = SLOT(dvplabel); 3238172107Srwatson 3239172955Srwatson if (!biba_dominate_effective(subj, obj)) 3240172107Srwatson return (EACCES); 3241172107Srwatson 3242172107Srwatson obj = SLOT(vplabel); 3243172107Srwatson 3244172955Srwatson if (!biba_dominate_effective(subj, obj)) 3245172107Srwatson return (EACCES); 3246172107Srwatson 3247172107Srwatson return (0); 3248172107Srwatson} 3249172107Srwatson 3250172107Srwatsonstatic int 3251172955Srwatsonbiba_vnode_check_write(struct ucred *active_cred, 3252168976Srwatson struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3253102112Srwatson{ 3254102112Srwatson struct mac_biba *subj, *obj; 3255102112Srwatson 3256172955Srwatson if (!biba_enabled || !revocation_enabled) 3257102112Srwatson return (0); 3258102112Srwatson 3259122524Srwatson subj = SLOT(active_cred->cr_label); 3260168976Srwatson obj = SLOT(vplabel); 3261102112Srwatson 3262172955Srwatson if (!biba_dominate_effective(subj, obj)) 3263102112Srwatson return (EACCES); 3264102112Srwatson 3265102112Srwatson return (0); 3266102112Srwatson} 3267102112Srwatson 3268173138Srwatsonstatic int 3269173138Srwatsonbiba_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3270173138Srwatson struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3271173138Srwatson struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3272165150Scsjp{ 3273173138Srwatson struct mac_biba *source, *dest, mb_temp; 3274173138Srwatson size_t buflen; 3275173138Srwatson int error; 3276165150Scsjp 3277173138Srwatson buflen = sizeof(mb_temp); 3278173138Srwatson bzero(&mb_temp, buflen); 3279173138Srwatson 3280173138Srwatson source = SLOT(cred->cr_label); 3281173138Srwatson dest = SLOT(vplabel); 3282173138Srwatson biba_copy_effective(source, &mb_temp); 3283173138Srwatson 3284173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3285173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3286173138Srwatson if (error == 0) 3287173138Srwatson biba_copy_effective(source, dest); 3288173138Srwatson return (error); 3289165150Scsjp} 3290165150Scsjp 3291165150Scsjpstatic void 3292173138Srwatsonbiba_vnode_relabel(struct ucred *cred, struct vnode *vp, 3293173138Srwatson struct label *vplabel, struct label *newlabel) 3294165150Scsjp{ 3295165150Scsjp struct mac_biba *source, *dest; 3296165150Scsjp 3297173138Srwatson source = SLOT(newlabel); 3298173138Srwatson dest = SLOT(vplabel); 3299173138Srwatson 3300173138Srwatson biba_copy(source, dest); 3301165150Scsjp} 3302165150Scsjp 3303173138Srwatsonstatic int 3304173138Srwatsonbiba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3305173138Srwatson struct label *vplabel, struct label *intlabel) 3306173138Srwatson{ 3307173138Srwatson struct mac_biba *source, mb_temp; 3308173138Srwatson size_t buflen; 3309173138Srwatson int error; 3310173138Srwatson 3311173138Srwatson buflen = sizeof(mb_temp); 3312173138Srwatson bzero(&mb_temp, buflen); 3313173138Srwatson 3314173138Srwatson source = SLOT(intlabel); 3315173138Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 3316173138Srwatson return (0); 3317173138Srwatson 3318173138Srwatson biba_copy_effective(source, &mb_temp); 3319173138Srwatson 3320173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3321173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3322173138Srwatson return (error); 3323173138Srwatson} 3324173138Srwatson 3325106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 3326101099Srwatson{ 3327172955Srwatson .mpo_init = biba_init, 3328173138Srwatson 3329173138Srwatson .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3330173138Srwatson .mpo_bpfdesc_create = biba_bpfdesc_create, 3331173138Srwatson .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3332173138Srwatson .mpo_bpfdesc_destroy_label = biba_destroy_label, 3333172955Srwatson .mpo_bpfdesc_init_label = biba_init_label, 3334173138Srwatson 3335184407Srwatson .mpo_cred_associate_nfsd = biba_cred_associate_nfsd, 3336173138Srwatson .mpo_cred_check_relabel = biba_cred_check_relabel, 3337173138Srwatson .mpo_cred_check_visible = biba_cred_check_visible, 3338173138Srwatson .mpo_cred_copy_label = biba_copy_label, 3339184407Srwatson .mpo_cred_create_init = biba_cred_create_init, 3340184407Srwatson .mpo_cred_create_swapper = biba_cred_create_swapper, 3341172955Srwatson .mpo_cred_destroy_label = biba_destroy_label, 3342172955Srwatson .mpo_cred_externalize_label = biba_externalize_label, 3343173138Srwatson .mpo_cred_init_label = biba_init_label, 3344172955Srwatson .mpo_cred_internalize_label = biba_internalize_label, 3345173138Srwatson .mpo_cred_relabel = biba_cred_relabel, 3346173138Srwatson 3347172955Srwatson .mpo_devfs_create_device = biba_devfs_create_device, 3348172955Srwatson .mpo_devfs_create_directory = biba_devfs_create_directory, 3349172955Srwatson .mpo_devfs_create_symlink = biba_devfs_create_symlink, 3350173138Srwatson .mpo_devfs_destroy_label = biba_destroy_label, 3351173138Srwatson .mpo_devfs_init_label = biba_init_label, 3352172955Srwatson .mpo_devfs_update = biba_devfs_update, 3353172955Srwatson .mpo_devfs_vnode_associate = biba_devfs_vnode_associate, 3354173138Srwatson 3355173138Srwatson .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, 3356173138Srwatson .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, 3357173138Srwatson .mpo_ifnet_copy_label = biba_copy_label, 3358172955Srwatson .mpo_ifnet_create = biba_ifnet_create, 3359173138Srwatson .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3360173138Srwatson .mpo_ifnet_destroy_label = biba_destroy_label, 3361173138Srwatson .mpo_ifnet_externalize_label = biba_externalize_label, 3362173138Srwatson .mpo_ifnet_init_label = biba_init_label, 3363173138Srwatson .mpo_ifnet_internalize_label = biba_internalize_label, 3364173138Srwatson .mpo_ifnet_relabel = biba_ifnet_relabel, 3365173138Srwatson 3366173138Srwatson .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, 3367183980Sbz .mpo_inpcb_check_visible = biba_inpcb_check_visible, 3368172955Srwatson .mpo_inpcb_create = biba_inpcb_create, 3369173138Srwatson .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, 3370173138Srwatson .mpo_inpcb_destroy_label = biba_destroy_label, 3371173138Srwatson .mpo_inpcb_init_label = biba_init_label_waitcheck, 3372173138Srwatson .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3373173138Srwatson 3374184308Srwatson .mpo_ip6q_create = biba_ip6q_create, 3375184308Srwatson .mpo_ip6q_destroy_label = biba_destroy_label, 3376184308Srwatson .mpo_ip6q_init_label = biba_init_label_waitcheck, 3377184308Srwatson .mpo_ip6q_match = biba_ip6q_match, 3378184308Srwatson .mpo_ip6q_reassemble = biba_ip6q_reassemble, 3379184308Srwatson .mpo_ip6q_update = biba_ip6q_update, 3380184308Srwatson 3381172955Srwatson .mpo_ipq_create = biba_ipq_create, 3382173138Srwatson .mpo_ipq_destroy_label = biba_destroy_label, 3383173138Srwatson .mpo_ipq_init_label = biba_init_label_waitcheck, 3384172955Srwatson .mpo_ipq_match = biba_ipq_match, 3385173138Srwatson .mpo_ipq_reassemble = biba_ipq_reassemble, 3386172955Srwatson .mpo_ipq_update = biba_ipq_update, 3387173138Srwatson 3388172955Srwatson .mpo_kld_check_load = biba_kld_check_load, 3389173138Srwatson 3390173138Srwatson .mpo_mbuf_copy_label = biba_copy_label, 3391173138Srwatson .mpo_mbuf_destroy_label = biba_destroy_label, 3392173138Srwatson .mpo_mbuf_init_label = biba_init_label_waitcheck, 3393173138Srwatson 3394172955Srwatson .mpo_mount_check_stat = biba_mount_check_stat, 3395173138Srwatson .mpo_mount_create = biba_mount_create, 3396173138Srwatson .mpo_mount_destroy_label = biba_destroy_label, 3397173138Srwatson .mpo_mount_init_label = biba_init_label, 3398173138Srwatson 3399173138Srwatson .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, 3400173138Srwatson 3401173138Srwatson .mpo_netinet_arp_send = biba_netinet_arp_send, 3402173138Srwatson .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, 3403173138Srwatson .mpo_netinet_firewall_send = biba_netinet_firewall_send, 3404173138Srwatson .mpo_netinet_fragment = biba_netinet_fragment, 3405173138Srwatson .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, 3406173138Srwatson .mpo_netinet_igmp_send = biba_netinet_igmp_send, 3407173138Srwatson 3408173138Srwatson .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, 3409173138Srwatson 3410172955Srwatson .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, 3411172955Srwatson .mpo_pipe_check_poll = biba_pipe_check_poll, 3412172955Srwatson .mpo_pipe_check_read = biba_pipe_check_read, 3413172955Srwatson .mpo_pipe_check_relabel = biba_pipe_check_relabel, 3414172955Srwatson .mpo_pipe_check_stat = biba_pipe_check_stat, 3415172955Srwatson .mpo_pipe_check_write = biba_pipe_check_write, 3416173138Srwatson .mpo_pipe_copy_label = biba_copy_label, 3417173138Srwatson .mpo_pipe_create = biba_pipe_create, 3418173138Srwatson .mpo_pipe_destroy_label = biba_destroy_label, 3419173138Srwatson .mpo_pipe_externalize_label = biba_externalize_label, 3420173138Srwatson .mpo_pipe_init_label = biba_init_label, 3421173138Srwatson .mpo_pipe_internalize_label = biba_internalize_label, 3422173138Srwatson .mpo_pipe_relabel = biba_pipe_relabel, 3423173138Srwatson 3424172955Srwatson .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3425180059Sjhb .mpo_posixsem_check_open = biba_posixsem_check_openunlink, 3426172955Srwatson .mpo_posixsem_check_post = biba_posixsem_check_write, 3427180059Sjhb .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3428180059Sjhb .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, 3429172955Srwatson .mpo_posixsem_check_wait = biba_posixsem_check_write, 3430173138Srwatson .mpo_posixsem_create = biba_posixsem_create, 3431173138Srwatson .mpo_posixsem_destroy_label = biba_destroy_label, 3432173138Srwatson .mpo_posixsem_init_label = biba_init_label, 3433173138Srwatson 3434173138Srwatson .mpo_priv_check = biba_priv_check, 3435173138Srwatson 3436172955Srwatson .mpo_proc_check_debug = biba_proc_check_debug, 3437172955Srwatson .mpo_proc_check_sched = biba_proc_check_sched, 3438172955Srwatson .mpo_proc_check_signal = biba_proc_check_signal, 3439173138Srwatson 3440172955Srwatson .mpo_socket_check_deliver = biba_socket_check_deliver, 3441172955Srwatson .mpo_socket_check_relabel = biba_socket_check_relabel, 3442172955Srwatson .mpo_socket_check_visible = biba_socket_check_visible, 3443173138Srwatson .mpo_socket_copy_label = biba_copy_label, 3444173138Srwatson .mpo_socket_create = biba_socket_create, 3445173138Srwatson .mpo_socket_create_mbuf = biba_socket_create_mbuf, 3446173138Srwatson .mpo_socket_destroy_label = biba_destroy_label, 3447173138Srwatson .mpo_socket_externalize_label = biba_externalize_label, 3448173138Srwatson .mpo_socket_init_label = biba_init_label_waitcheck, 3449173138Srwatson .mpo_socket_internalize_label = biba_internalize_label, 3450173138Srwatson .mpo_socket_newconn = biba_socket_newconn, 3451173138Srwatson .mpo_socket_relabel = biba_socket_relabel, 3452173138Srwatson 3453173138Srwatson .mpo_socketpeer_destroy_label = biba_destroy_label, 3454173138Srwatson .mpo_socketpeer_externalize_label = biba_externalize_label, 3455173138Srwatson .mpo_socketpeer_init_label = biba_init_label_waitcheck, 3456173138Srwatson .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, 3457173138Srwatson .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, 3458173138Srwatson 3459173138Srwatson .mpo_syncache_create = biba_syncache_create, 3460173138Srwatson .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, 3461173138Srwatson .mpo_syncache_destroy_label = biba_destroy_label, 3462173138Srwatson .mpo_syncache_init_label = biba_init_label_waitcheck, 3463173138Srwatson 3464172955Srwatson .mpo_system_check_acct = biba_system_check_acct, 3465172955Srwatson .mpo_system_check_auditctl = biba_system_check_auditctl, 3466172955Srwatson .mpo_system_check_auditon = biba_system_check_auditon, 3467173138Srwatson .mpo_system_check_swapoff = biba_system_check_swapoff, 3468172955Srwatson .mpo_system_check_swapon = biba_system_check_swapon, 3469172955Srwatson .mpo_system_check_sysctl = biba_system_check_sysctl, 3470173138Srwatson 3471173138Srwatson .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3472173138Srwatson .mpo_sysvmsg_create = biba_sysvmsg_create, 3473173138Srwatson .mpo_sysvmsg_destroy_label = biba_destroy_label, 3474173138Srwatson .mpo_sysvmsg_init_label = biba_init_label, 3475173138Srwatson 3476173138Srwatson .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, 3477173138Srwatson .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, 3478173138Srwatson .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, 3479173138Srwatson .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, 3480173138Srwatson .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, 3481173138Srwatson .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, 3482173138Srwatson .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3483173138Srwatson .mpo_sysvmsq_create = biba_sysvmsq_create, 3484173138Srwatson .mpo_sysvmsq_destroy_label = biba_destroy_label, 3485173138Srwatson .mpo_sysvmsq_init_label = biba_init_label, 3486173138Srwatson 3487173138Srwatson .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, 3488173138Srwatson .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, 3489173138Srwatson .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, 3490173138Srwatson .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3491173138Srwatson .mpo_sysvsem_create = biba_sysvsem_create, 3492173138Srwatson .mpo_sysvsem_destroy_label = biba_destroy_label, 3493173138Srwatson .mpo_sysvsem_init_label = biba_init_label, 3494173138Srwatson 3495173138Srwatson .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, 3496173138Srwatson .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, 3497173138Srwatson .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, 3498173138Srwatson .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3499173138Srwatson .mpo_sysvshm_create = biba_sysvshm_create, 3500173138Srwatson .mpo_sysvshm_destroy_label = biba_destroy_label, 3501173138Srwatson .mpo_sysvshm_init_label = biba_init_label, 3502173138Srwatson 3503173138Srwatson .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, 3504173138Srwatson .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, 3505172955Srwatson .mpo_vnode_check_access = biba_vnode_check_open, 3506172955Srwatson .mpo_vnode_check_chdir = biba_vnode_check_chdir, 3507172955Srwatson .mpo_vnode_check_chroot = biba_vnode_check_chroot, 3508172955Srwatson .mpo_vnode_check_create = biba_vnode_check_create, 3509172955Srwatson .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl, 3510172955Srwatson .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr, 3511172955Srwatson .mpo_vnode_check_exec = biba_vnode_check_exec, 3512172955Srwatson .mpo_vnode_check_getacl = biba_vnode_check_getacl, 3513172955Srwatson .mpo_vnode_check_getextattr = biba_vnode_check_getextattr, 3514172955Srwatson .mpo_vnode_check_link = biba_vnode_check_link, 3515172955Srwatson .mpo_vnode_check_listextattr = biba_vnode_check_listextattr, 3516172955Srwatson .mpo_vnode_check_lookup = biba_vnode_check_lookup, 3517172955Srwatson .mpo_vnode_check_mmap = biba_vnode_check_mmap, 3518172955Srwatson .mpo_vnode_check_open = biba_vnode_check_open, 3519172955Srwatson .mpo_vnode_check_poll = biba_vnode_check_poll, 3520172955Srwatson .mpo_vnode_check_read = biba_vnode_check_read, 3521172955Srwatson .mpo_vnode_check_readdir = biba_vnode_check_readdir, 3522172955Srwatson .mpo_vnode_check_readlink = biba_vnode_check_readlink, 3523172955Srwatson .mpo_vnode_check_relabel = biba_vnode_check_relabel, 3524172955Srwatson .mpo_vnode_check_rename_from = biba_vnode_check_rename_from, 3525172955Srwatson .mpo_vnode_check_rename_to = biba_vnode_check_rename_to, 3526172955Srwatson .mpo_vnode_check_revoke = biba_vnode_check_revoke, 3527172955Srwatson .mpo_vnode_check_setacl = biba_vnode_check_setacl, 3528172955Srwatson .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3529172955Srwatson .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3530172955Srwatson .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3531172955Srwatson .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3532172955Srwatson .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3533172955Srwatson .mpo_vnode_check_stat = biba_vnode_check_stat, 3534172955Srwatson .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3535172955Srwatson .mpo_vnode_check_write = biba_vnode_check_write, 3536173138Srwatson .mpo_vnode_create_extattr = biba_vnode_create_extattr, 3537173138Srwatson .mpo_vnode_copy_label = biba_copy_label, 3538173138Srwatson .mpo_vnode_destroy_label = biba_destroy_label, 3539173138Srwatson .mpo_vnode_externalize_label = biba_externalize_label, 3540173138Srwatson .mpo_vnode_init_label = biba_init_label, 3541173138Srwatson .mpo_vnode_internalize_label = biba_internalize_label, 3542173138Srwatson .mpo_vnode_relabel = biba_vnode_relabel, 3543173138Srwatson .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, 3544101099Srwatson}; 3545101099Srwatson 3546112717SrwatsonMAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3547187016Srwatson MPC_LOADTIME_FLAG_NOTLATE, &biba_slot); 3548