mac_biba.c revision 102980
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 102980 2002-09-05 18:52:52Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Biba fixed label mandatory integrity policy. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/ip_var.h> 72 73#include <vm/vm.h> 74 75#include <sys/mac_policy.h> 76 77#include <security/mac_biba/mac_biba.h> 78 79SYSCTL_DECL(_security_mac); 80 81SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 82 "TrustedBSD mac_biba policy controls"); 83 84static int mac_biba_enabled = 0; 85SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 86 &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 87TUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 88 89static int destroyed_not_inited; 90SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 91 &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 92 93static int trust_all_interfaces = 0; 94SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 95 &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 96TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 97 98static char trusted_interfaces[128]; 99SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 100 trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 101TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 102 sizeof(trusted_interfaces)); 103 104static int mac_biba_revocation_enabled = 0; 105SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 106 &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 107TUNABLE_INT("security.mac.biba.revocation_enabled", 108 &mac_biba_revocation_enabled); 109 110static int mac_biba_slot; 111#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 112 113MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 114 115static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 116 struct label *vnodelabel, mode_t acc_mode); 117 118static struct mac_biba * 119biba_alloc(int how) 120{ 121 struct mac_biba *mac_biba; 122 123 mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how); 124 125 return (mac_biba); 126} 127 128static void 129biba_free(struct mac_biba *mac_biba) 130{ 131 132 if (mac_biba != NULL) 133 free(mac_biba, M_MACBIBA); 134 else 135 atomic_add_int(&destroyed_not_inited, 1); 136} 137 138static int 139mac_biba_dominate_element(struct mac_biba_element *a, 140 struct mac_biba_element *b) 141{ 142 143 switch(a->mbe_type) { 144 case MAC_BIBA_TYPE_EQUAL: 145 case MAC_BIBA_TYPE_HIGH: 146 return (1); 147 148 case MAC_BIBA_TYPE_LOW: 149 switch (b->mbe_type) { 150 case MAC_BIBA_TYPE_GRADE: 151 case MAC_BIBA_TYPE_HIGH: 152 return (0); 153 154 case MAC_BIBA_TYPE_EQUAL: 155 case MAC_BIBA_TYPE_LOW: 156 return (1); 157 158 default: 159 panic("mac_biba_dominate_element: b->mbe_type invalid"); 160 } 161 162 case MAC_BIBA_TYPE_GRADE: 163 switch (b->mbe_type) { 164 case MAC_BIBA_TYPE_EQUAL: 165 case MAC_BIBA_TYPE_LOW: 166 return (1); 167 168 case MAC_BIBA_TYPE_HIGH: 169 return (0); 170 171 case MAC_BIBA_TYPE_GRADE: 172 return (a->mbe_grade >= b->mbe_grade); 173 174 default: 175 panic("mac_biba_dominate_element: b->mbe_type invalid"); 176 } 177 178 default: 179 panic("mac_biba_dominate_element: a->mbe_type invalid"); 180 } 181 182 return (0); 183} 184 185static int 186mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 187{ 188 189 return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 190 &rangea->mb_rangehigh) && 191 mac_biba_dominate_element(&rangea->mb_rangelow, 192 &rangeb->mb_rangelow)); 193} 194 195static int 196mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 197{ 198 199 KASSERT((single->mb_flag & MAC_BIBA_FLAG_SINGLE) != 0, 200 ("mac_biba_single_in_range: a not single")); 201 KASSERT((range->mb_flag & MAC_BIBA_FLAG_RANGE) != 0, 202 ("mac_biba_single_in_range: b not range")); 203 204 return (mac_biba_dominate_element(&range->mb_rangehigh, 205 &single->mb_single) && 206 mac_biba_dominate_element(&single->mb_single, 207 &range->mb_rangelow)); 208 209 return (1); 210} 211 212static int 213mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 214{ 215 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 216 ("mac_biba_dominate_single: a not single")); 217 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 218 ("mac_biba_dominate_single: b not single")); 219 220 return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 221} 222 223static int 224mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 225{ 226 227 if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 228 b->mbe_type == MAC_BIBA_TYPE_EQUAL) 229 return (1); 230 231 return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 232} 233 234static int 235mac_biba_equal_range(struct mac_biba *a, struct mac_biba *b) 236{ 237 238 KASSERT((a->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 239 ("mac_biba_equal_range: a not range")); 240 KASSERT((b->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 241 ("mac_biba_equal_range: b not range")); 242 243 return (mac_biba_equal_element(&a->mb_rangelow, &b->mb_rangelow) && 244 mac_biba_equal_element(&a->mb_rangehigh, &b->mb_rangehigh)); 245} 246 247static int 248mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 249{ 250 251 KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 252 ("mac_biba_equal_single: a not single")); 253 KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 254 ("mac_biba_equal_single: b not single")); 255 256 return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 257} 258 259static int 260mac_biba_high_single(struct mac_biba *mac_biba) 261{ 262 263 return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); 264} 265 266static int 267mac_biba_valid(struct mac_biba *mac_biba) 268{ 269 270 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 271 switch (mac_biba->mb_single.mbe_type) { 272 case MAC_BIBA_TYPE_GRADE: 273 break; 274 275 case MAC_BIBA_TYPE_EQUAL: 276 case MAC_BIBA_TYPE_HIGH: 277 case MAC_BIBA_TYPE_LOW: 278 if (mac_biba->mb_single.mbe_grade != 0) 279 return (EINVAL); 280 break; 281 282 default: 283 return (EINVAL); 284 } 285 } else { 286 if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 287 return (EINVAL); 288 } 289 290 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 291 switch (mac_biba->mb_rangelow.mbe_type) { 292 case MAC_BIBA_TYPE_GRADE: 293 break; 294 295 case MAC_BIBA_TYPE_EQUAL: 296 case MAC_BIBA_TYPE_HIGH: 297 case MAC_BIBA_TYPE_LOW: 298 if (mac_biba->mb_rangelow.mbe_grade != 0) 299 return (EINVAL); 300 break; 301 302 default: 303 return (EINVAL); 304 } 305 306 switch (mac_biba->mb_rangehigh.mbe_type) { 307 case MAC_BIBA_TYPE_GRADE: 308 break; 309 310 case MAC_BIBA_TYPE_EQUAL: 311 case MAC_BIBA_TYPE_HIGH: 312 case MAC_BIBA_TYPE_LOW: 313 if (mac_biba->mb_rangehigh.mbe_grade != 0) 314 return (EINVAL); 315 break; 316 317 default: 318 return (EINVAL); 319 } 320 if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 321 &mac_biba->mb_rangelow)) 322 return (EINVAL); 323 } else { 324 if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 325 mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 326 return (EINVAL); 327 } 328 329 return (0); 330} 331 332static void 333mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 334 u_short gradelow, u_short typehigh, u_short gradehigh) 335{ 336 337 mac_biba->mb_rangelow.mbe_type = typelow; 338 mac_biba->mb_rangelow.mbe_grade = gradelow; 339 mac_biba->mb_rangehigh.mbe_type = typehigh; 340 mac_biba->mb_rangehigh.mbe_grade = gradehigh; 341 mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 342} 343 344static void 345mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) 346{ 347 348 mac_biba->mb_single.mbe_type = type; 349 mac_biba->mb_single.mbe_grade = grade; 350 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 351} 352 353static void 354mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 355{ 356 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 357 ("mac_biba_copy_range: labelfrom not range")); 358 359 labelto->mb_rangelow = labelfrom->mb_rangelow; 360 labelto->mb_rangehigh = labelfrom->mb_rangehigh; 361 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 362} 363 364static void 365mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 366{ 367 368 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 369 ("mac_biba_copy_single: labelfrom not single")); 370 371 labelto->mb_single = labelfrom->mb_single; 372 labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 373} 374 375static void 376mac_biba_copy_single_to_range(struct mac_biba *labelfrom, 377 struct mac_biba *labelto) 378{ 379 380 KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 381 ("mac_biba_copy_single_to_range: labelfrom not single")); 382 383 labelto->mb_rangelow = labelfrom->mb_single; 384 labelto->mb_rangehigh = labelfrom->mb_single; 385 labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 386} 387 388/* 389 * Policy module operations. 390 */ 391static void 392mac_biba_destroy(struct mac_policy_conf *conf) 393{ 394 395} 396 397static void 398mac_biba_init(struct mac_policy_conf *conf) 399{ 400 401} 402 403/* 404 * Label operations. 405 */ 406static void 407mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 408{ 409 410 SLOT(label) = biba_alloc(M_WAITOK); 411} 412 413static void 414mac_biba_init_cred(struct ucred *ucred, struct label *label) 415{ 416 417 SLOT(label) = biba_alloc(M_WAITOK); 418} 419 420static void 421mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent, 422 struct label *label) 423{ 424 425 SLOT(label) = biba_alloc(M_WAITOK); 426} 427 428static void 429mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label) 430{ 431 432 SLOT(label) = biba_alloc(M_WAITOK); 433} 434 435static void 436mac_biba_init_ipq(struct ipq *ipq, struct label *label) 437{ 438 439 SLOT(label) = biba_alloc(M_WAITOK); 440} 441 442static int 443mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 444{ 445 446 SLOT(label) = biba_alloc(how); 447 if (SLOT(label) == NULL) 448 return (ENOMEM); 449 450 return (0); 451} 452 453static void 454mac_biba_init_mount(struct mount *mount, struct label *mntlabel, 455 struct label *fslabel) 456{ 457 458 SLOT(mntlabel) = biba_alloc(M_WAITOK); 459 SLOT(fslabel) = biba_alloc(M_WAITOK); 460} 461 462static void 463mac_biba_init_socket(struct socket *socket, struct label *label, 464 struct label *peerlabel) 465{ 466 467 SLOT(label) = biba_alloc(M_WAITOK); 468 SLOT(peerlabel) = biba_alloc(M_WAITOK); 469} 470 471static void 472mac_biba_init_pipe(struct pipe *pipe, struct label *label) 473{ 474 475 SLOT(label) = biba_alloc(M_WAITOK); 476} 477 478static void 479mac_biba_init_temp(struct label *label) 480{ 481 482 SLOT(label) = biba_alloc(M_WAITOK); 483} 484 485static void 486mac_biba_init_vnode(struct vnode *vp, struct label *label) 487{ 488 489 SLOT(label) = biba_alloc(M_WAITOK); 490} 491 492static void 493mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 494{ 495 496 biba_free(SLOT(label)); 497 SLOT(label) = NULL; 498} 499 500static void 501mac_biba_destroy_cred(struct ucred *ucred, struct label *label) 502{ 503 504 biba_free(SLOT(label)); 505 SLOT(label) = NULL; 506} 507 508static void 509mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 510 struct label *label) 511{ 512 513 biba_free(SLOT(label)); 514 SLOT(label) = NULL; 515} 516 517static void 518mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label) 519{ 520 521 biba_free(SLOT(label)); 522 SLOT(label) = NULL; 523} 524 525static void 526mac_biba_destroy_ipq(struct ipq *ipq, struct label *label) 527{ 528 529 biba_free(SLOT(label)); 530 SLOT(label) = NULL; 531} 532 533static void 534mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label) 535{ 536 537 biba_free(SLOT(label)); 538 SLOT(label) = NULL; 539} 540 541static void 542mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel, 543 struct label *fslabel) 544{ 545 546 biba_free(SLOT(mntlabel)); 547 SLOT(mntlabel) = NULL; 548 biba_free(SLOT(fslabel)); 549 SLOT(fslabel) = NULL; 550} 551 552static void 553mac_biba_destroy_socket(struct socket *socket, struct label *label, 554 struct label *peerlabel) 555{ 556 557 biba_free(SLOT(label)); 558 SLOT(label) = NULL; 559 biba_free(SLOT(peerlabel)); 560 SLOT(peerlabel) = NULL; 561} 562 563static void 564mac_biba_destroy_pipe(struct pipe *pipe, struct label *label) 565{ 566 567 biba_free(SLOT(label)); 568 SLOT(label) = NULL; 569} 570 571static void 572mac_biba_destroy_temp(struct label *label) 573{ 574 575 biba_free(SLOT(label)); 576 SLOT(label) = NULL; 577} 578 579static void 580mac_biba_destroy_vnode(struct vnode *vp, struct label *label) 581{ 582 583 biba_free(SLOT(label)); 584 SLOT(label) = NULL; 585} 586 587static int 588mac_biba_externalize(struct label *label, struct mac *extmac) 589{ 590 struct mac_biba *mac_biba; 591 592 mac_biba = SLOT(label); 593 594 if (mac_biba == NULL) { 595 printf("mac_biba_externalize: NULL pointer\n"); 596 return (0); 597 } 598 599 extmac->m_biba = *mac_biba; 600 601 return (0); 602} 603 604static int 605mac_biba_internalize(struct label *label, struct mac *extmac) 606{ 607 struct mac_biba *mac_biba; 608 int error; 609 610 mac_biba = SLOT(label); 611 612 error = mac_biba_valid(mac_biba); 613 if (error) 614 return (error); 615 616 *mac_biba = extmac->m_biba; 617 618 return (0); 619} 620 621/* 622 * Labeling event operations: file system objects, and things that look 623 * a lot like file system objects. 624 */ 625static void 626mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 627 struct label *label) 628{ 629 struct mac_biba *mac_biba; 630 int biba_type; 631 632 mac_biba = SLOT(label); 633 if (strcmp(dev->si_name, "null") == 0 || 634 strcmp(dev->si_name, "zero") == 0 || 635 strcmp(dev->si_name, "random") == 0 || 636 strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 637 biba_type = MAC_BIBA_TYPE_EQUAL; 638 else 639 biba_type = MAC_BIBA_TYPE_HIGH; 640 mac_biba_set_single(mac_biba, biba_type, 0); 641} 642 643static void 644mac_biba_create_devfs_directory(char *dirname, int dirnamelen, 645 struct devfs_dirent *devfs_dirent, struct label *label) 646{ 647 struct mac_biba *mac_biba; 648 649 mac_biba = SLOT(label); 650 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 651} 652 653static void 654mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 655 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 656{ 657 struct mac_biba *source, *dest; 658 659 source = SLOT(direntlabel); 660 dest = SLOT(vnodelabel); 661 mac_biba_copy_single(source, dest); 662} 663 664static void 665mac_biba_create_vnode(struct ucred *cred, struct vnode *parent, 666 struct label *parentlabel, struct vnode *child, struct label *childlabel) 667{ 668 struct mac_biba *source, *dest; 669 670 source = SLOT(&cred->cr_label); 671 dest = SLOT(childlabel); 672 673 mac_biba_copy_single(source, dest); 674} 675 676static void 677mac_biba_create_mount(struct ucred *cred, struct mount *mp, 678 struct label *mntlabel, struct label *fslabel) 679{ 680 struct mac_biba *source, *dest; 681 682 source = SLOT(&cred->cr_label); 683 dest = SLOT(mntlabel); 684 mac_biba_copy_single(source, dest); 685 dest = SLOT(fslabel); 686 mac_biba_copy_single(source, dest); 687} 688 689static void 690mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 691 struct label *mntlabel, struct label *fslabel) 692{ 693 struct mac_biba *mac_biba; 694 695 /* Always mount root as high integrity. */ 696 mac_biba = SLOT(fslabel); 697 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 698 mac_biba = SLOT(mntlabel); 699 mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 700} 701 702static void 703mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 704 struct label *vnodelabel, struct label *label) 705{ 706 struct mac_biba *source, *dest; 707 708 source = SLOT(label); 709 dest = SLOT(vnodelabel); 710 711 mac_biba_copy_single(source, dest); 712} 713 714static void 715mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 716 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 717{ 718 struct mac_biba *source, *dest; 719 720 source = SLOT(vnodelabel); 721 dest = SLOT(direntlabel); 722 723 mac_biba_copy_single(source, dest); 724} 725 726static void 727mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 728 struct ucred *cred) 729{ 730 struct mac_biba *source, *dest; 731 732 source = SLOT(&cred->cr_label); 733 dest = SLOT(vnodelabel); 734 735 /* 736 * Only copy the single, not the range, since vnodes only have 737 * a single. 738 */ 739 mac_biba_copy_single(source, dest); 740} 741 742static int 743mac_biba_update_vnode_from_externalized(struct vnode *vp, 744 struct label *vnodelabel, struct mac *extmac) 745{ 746 struct mac_biba *source, *dest; 747 int error; 748 749 source = &extmac->m_biba; 750 dest = SLOT(vnodelabel); 751 752 error = mac_biba_valid(source); 753 if (error) 754 return (error); 755 756 if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 757 return (EINVAL); 758 759 mac_biba_copy_single(source, dest); 760 761 return (0); 762} 763 764static void 765mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 766 struct mount *mp, struct label *fslabel) 767{ 768 struct mac_biba *source, *dest; 769 770 source = SLOT(fslabel); 771 dest = SLOT(vnodelabel); 772 773 mac_biba_copy_single(source, dest); 774} 775 776/* 777 * Labeling event operations: IPC object. 778 */ 779static void 780mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 781 struct mbuf *m, struct label *mbuflabel) 782{ 783 struct mac_biba *source, *dest; 784 785 source = SLOT(socketlabel); 786 dest = SLOT(mbuflabel); 787 788 mac_biba_copy_single(source, dest); 789} 790 791static void 792mac_biba_create_socket(struct ucred *cred, struct socket *socket, 793 struct label *socketlabel) 794{ 795 struct mac_biba *source, *dest; 796 797 source = SLOT(&cred->cr_label); 798 dest = SLOT(socketlabel); 799 800 mac_biba_copy_single(source, dest); 801 mac_biba_copy_single_to_range(source, dest); 802} 803 804static void 805mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 806 struct label *pipelabel) 807{ 808 struct mac_biba *source, *dest; 809 810 source = SLOT(&cred->cr_label); 811 dest = SLOT(pipelabel); 812 813 mac_biba_copy_single(source, dest); 814} 815 816static void 817mac_biba_create_socket_from_socket(struct socket *oldsocket, 818 struct label *oldsocketlabel, struct socket *newsocket, 819 struct label *newsocketlabel) 820{ 821 struct mac_biba *source, *dest; 822 823 source = SLOT(oldsocketlabel); 824 dest = SLOT(newsocketlabel); 825 826 mac_biba_copy_single(source, dest); 827 mac_biba_copy_range(source, dest); 828} 829 830static void 831mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 832 struct label *socketlabel, struct label *newlabel) 833{ 834 struct mac_biba *source, *dest; 835 836 source = SLOT(newlabel); 837 dest = SLOT(socketlabel); 838 839 mac_biba_copy_single(source, dest); 840 mac_biba_copy_range(source, dest); 841} 842 843static void 844mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 845 struct label *pipelabel, struct label *newlabel) 846{ 847 struct mac_biba *source, *dest; 848 849 source = SLOT(newlabel); 850 dest = SLOT(pipelabel); 851 852 mac_biba_copy_single(source, dest); 853} 854 855static void 856mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 857 struct socket *socket, struct label *socketpeerlabel) 858{ 859 struct mac_biba *source, *dest; 860 861 source = SLOT(mbuflabel); 862 dest = SLOT(socketpeerlabel); 863 864 mac_biba_copy_single(source, dest); 865} 866 867/* 868 * Labeling event operations: network objects. 869 */ 870static void 871mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 872 struct label *oldsocketlabel, struct socket *newsocket, 873 struct label *newsocketpeerlabel) 874{ 875 struct mac_biba *source, *dest; 876 877 source = SLOT(oldsocketlabel); 878 dest = SLOT(newsocketpeerlabel); 879 880 mac_biba_copy_single(source, dest); 881} 882 883static void 884mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 885 struct label *bpflabel) 886{ 887 struct mac_biba *source, *dest; 888 889 source = SLOT(&cred->cr_label); 890 dest = SLOT(bpflabel); 891 892 mac_biba_copy_single(source, dest); 893} 894 895static void 896mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 897{ 898 char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 899 char tiflist[sizeof(trusted_interfaces)]; 900 struct mac_biba *dest; 901 int len, grade; 902 903 dest = SLOT(ifnetlabel); 904 905 if (ifnet->if_type == IFT_LOOP) { 906 grade = MAC_BIBA_TYPE_EQUAL; 907 goto set; 908 } 909 910 if (trust_all_interfaces) { 911 grade = MAC_BIBA_TYPE_HIGH; 912 goto set; 913 } 914 915 grade = MAC_BIBA_TYPE_LOW; 916 917 if (trusted_interfaces[0] == '\0' || 918 !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 919 goto set; 920 921 for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 922 if(*p != ' ' && *p != '\t') 923 *q = *p; 924 925 snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 926 927 for (p = q = tiflist;; p++) { 928 if (*p == ',' || *p == '\0') { 929 len = p - q; 930 if (len < IFNAMSIZ) { 931 bzero(tifname, sizeof(tifname)); 932 bcopy(q, tifname, len); 933 if (strcmp(tifname, ifname) == 0) { 934 grade = MAC_BIBA_TYPE_HIGH; 935 break; 936 } 937 } 938 if (*p == '\0') 939 break; 940 q = p + 1; 941 } 942 } 943set: 944 mac_biba_set_single(dest, grade, 0); 945 mac_biba_set_range(dest, grade, 0, grade, 0); 946} 947 948static void 949mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 950 struct ipq *ipq, struct label *ipqlabel) 951{ 952 struct mac_biba *source, *dest; 953 954 source = SLOT(fragmentlabel); 955 dest = SLOT(ipqlabel); 956 957 mac_biba_copy_single(source, dest); 958} 959 960static void 961mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 962 struct mbuf *datagram, struct label *datagramlabel) 963{ 964 struct mac_biba *source, *dest; 965 966 source = SLOT(ipqlabel); 967 dest = SLOT(datagramlabel); 968 969 /* Just use the head, since we require them all to match. */ 970 mac_biba_copy_single(source, dest); 971} 972 973static void 974mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 975 struct mbuf *fragment, struct label *fragmentlabel) 976{ 977 struct mac_biba *source, *dest; 978 979 source = SLOT(datagramlabel); 980 dest = SLOT(fragmentlabel); 981 982 mac_biba_copy_single(source, dest); 983} 984 985static void 986mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 987 struct label *oldmbuflabel, struct mbuf *newmbuf, 988 struct label *newmbuflabel) 989{ 990 struct mac_biba *source, *dest; 991 992 source = SLOT(oldmbuflabel); 993 dest = SLOT(newmbuflabel); 994 995 mac_biba_copy_single(source, dest); 996} 997 998static void 999mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1000 struct mbuf *mbuf, struct label *mbuflabel) 1001{ 1002 struct mac_biba *dest; 1003 1004 dest = SLOT(mbuflabel); 1005 1006 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1007} 1008 1009static void 1010mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1011 struct mbuf *mbuf, struct label *mbuflabel) 1012{ 1013 struct mac_biba *source, *dest; 1014 1015 source = SLOT(bpflabel); 1016 dest = SLOT(mbuflabel); 1017 1018 mac_biba_copy_single(source, dest); 1019} 1020 1021static void 1022mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1023 struct mbuf *m, struct label *mbuflabel) 1024{ 1025 struct mac_biba *source, *dest; 1026 1027 source = SLOT(ifnetlabel); 1028 dest = SLOT(mbuflabel); 1029 1030 mac_biba_copy_single(source, dest); 1031} 1032 1033static void 1034mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1035 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1036 struct mbuf *newmbuf, struct label *newmbuflabel) 1037{ 1038 struct mac_biba *source, *dest; 1039 1040 source = SLOT(oldmbuflabel); 1041 dest = SLOT(newmbuflabel); 1042 1043 mac_biba_copy_single(source, dest); 1044} 1045 1046static void 1047mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 1048 struct mbuf *newmbuf, struct label *newmbuflabel) 1049{ 1050 struct mac_biba *source, *dest; 1051 1052 source = SLOT(oldmbuflabel); 1053 dest = SLOT(newmbuflabel); 1054 1055 mac_biba_copy_single(source, dest); 1056} 1057 1058static int 1059mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1060 struct ipq *ipq, struct label *ipqlabel) 1061{ 1062 struct mac_biba *a, *b; 1063 1064 a = SLOT(ipqlabel); 1065 b = SLOT(fragmentlabel); 1066 1067 return (mac_biba_equal_single(a, b)); 1068} 1069 1070static void 1071mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1072 struct label *ifnetlabel, struct label *newlabel) 1073{ 1074 struct mac_biba *source, *dest; 1075 1076 source = SLOT(newlabel); 1077 dest = SLOT(ifnetlabel); 1078 1079 mac_biba_copy_single(source, dest); 1080 mac_biba_copy_range(source, dest); 1081} 1082 1083static void 1084mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1085 struct ipq *ipq, struct label *ipqlabel) 1086{ 1087 1088 /* NOOP: we only accept matching labels, so no need to update */ 1089} 1090 1091/* 1092 * Labeling event operations: processes. 1093 */ 1094static void 1095mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 1096{ 1097 struct mac_biba *source, *dest; 1098 1099 source = SLOT(&cred_parent->cr_label); 1100 dest = SLOT(&cred_child->cr_label); 1101 1102 mac_biba_copy_single(source, dest); 1103 mac_biba_copy_range(source, dest); 1104} 1105 1106static void 1107mac_biba_execve_transition(struct ucred *old, struct ucred *new, 1108 struct vnode *vp, struct mac *vnodelabel) 1109{ 1110 struct mac_biba *source, *dest; 1111 1112 source = SLOT(&old->cr_label); 1113 dest = SLOT(&new->cr_label); 1114 1115 mac_biba_copy_single(source, dest); 1116 mac_biba_copy_range(source, dest); 1117} 1118 1119static int 1120mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 1121 struct mac *vnodelabel) 1122{ 1123 1124 return (0); 1125} 1126 1127static void 1128mac_biba_create_proc0(struct ucred *cred) 1129{ 1130 struct mac_biba *dest; 1131 1132 dest = SLOT(&cred->cr_label); 1133 1134 mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 1135 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1136} 1137 1138static void 1139mac_biba_create_proc1(struct ucred *cred) 1140{ 1141 struct mac_biba *dest; 1142 1143 dest = SLOT(&cred->cr_label); 1144 1145 mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); 1146 mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 1147} 1148 1149static void 1150mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 1151{ 1152 struct mac_biba *source, *dest; 1153 1154 source = SLOT(newlabel); 1155 dest = SLOT(&cred->cr_label); 1156 1157 mac_biba_copy_single(source, dest); 1158 mac_biba_copy_range(source, dest); 1159} 1160 1161/* 1162 * Access control checks. 1163 */ 1164static int 1165mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1166 struct ifnet *ifnet, struct label *ifnetlabel) 1167{ 1168 struct mac_biba *a, *b; 1169 1170 if (!mac_biba_enabled) 1171 return (0); 1172 1173 a = SLOT(bpflabel); 1174 b = SLOT(ifnetlabel); 1175 1176 if (mac_biba_equal_single(a, b)) 1177 return (0); 1178 return (EACCES); 1179} 1180 1181static int 1182mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1183{ 1184 struct mac_biba *subj, *new; 1185 1186 subj = SLOT(&cred->cr_label); 1187 new = SLOT(newlabel); 1188 1189 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1190 return (EINVAL); 1191 1192 /* 1193 * XXX: Allow processes with root privilege to set labels outside 1194 * their range, so suid things like "su" work. This WILL go away 1195 * when we figure out the 'correct' solution... 1196 */ 1197 if (!suser_cred(cred, 0)) 1198 return (0); 1199 1200 /* 1201 * The new single must be in the old range. 1202 */ 1203 if (!mac_biba_single_in_range(new, subj)) 1204 return (EPERM); 1205 1206 /* 1207 * The new range must be in the old range. 1208 */ 1209 if (!mac_biba_range_in_range(new, subj)) 1210 return (EPERM); 1211 1212 /* 1213 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1214 */ 1215 1216 return (0); 1217} 1218 1219static int 1220mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1221{ 1222 struct mac_biba *subj, *obj; 1223 1224 if (!mac_biba_enabled) 1225 return (0); 1226 1227 subj = SLOT(&u1->cr_label); 1228 obj = SLOT(&u2->cr_label); 1229 1230 /* XXX: range */ 1231 if (!mac_biba_dominate_single(obj, subj)) 1232 return (ESRCH); 1233 1234 return (0); 1235} 1236 1237static int 1238mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1239 struct label *ifnetlabel, struct label *newlabel) 1240{ 1241 struct mac_biba *subj, *new; 1242 1243 subj = SLOT(&cred->cr_label); 1244 new = SLOT(newlabel); 1245 1246 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1247 return (EINVAL); 1248 1249 /* 1250 * XXX: Only Biba HIGH subjects may relabel interfaces. */ 1251 if (!mac_biba_high_single(subj)) 1252 return (EPERM); 1253 1254 return (suser_cred(cred, 0)); 1255} 1256 1257static int 1258mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1259 struct mbuf *m, struct label *mbuflabel) 1260{ 1261 struct mac_biba *p, *i; 1262 1263 if (!mac_biba_enabled) 1264 return (0); 1265 1266 p = SLOT(mbuflabel); 1267 i = SLOT(ifnetlabel); 1268 1269 return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1270} 1271 1272static int 1273mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1274 struct label *mntlabel) 1275{ 1276 struct mac_biba *subj, *obj; 1277 1278 if (!mac_biba_enabled) 1279 return (0); 1280 1281 subj = SLOT(&cred->cr_label); 1282 obj = SLOT(mntlabel); 1283 1284 if (!mac_biba_dominate_single(obj, subj)) 1285 return (EACCES); 1286 1287 return (0); 1288} 1289 1290static int 1291mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1292 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1293{ 1294 1295 if(!mac_biba_enabled) 1296 return (0); 1297 1298 /* XXX: This will be implemented soon... */ 1299 1300 return (0); 1301} 1302 1303static int 1304mac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1305 struct label *pipelabel) 1306{ 1307 struct mac_biba *subj, *obj; 1308 1309 if (!mac_biba_enabled) 1310 return (0); 1311 1312 subj = SLOT(&cred->cr_label); 1313 obj = SLOT((pipelabel)); 1314 1315 if (!mac_biba_dominate_single(obj, subj)) 1316 return (EACCES); 1317 1318 return (0); 1319} 1320 1321static int 1322mac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1323 struct label *pipelabel) 1324{ 1325 struct mac_biba *subj, *obj; 1326 1327 if (!mac_biba_enabled) 1328 return (0); 1329 1330 subj = SLOT(&cred->cr_label); 1331 obj = SLOT((pipelabel)); 1332 1333 if (!mac_biba_dominate_single(obj, subj)) 1334 return (EACCES); 1335 1336 return (0); 1337} 1338 1339static int 1340mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1341 struct label *pipelabel, struct label *newlabel) 1342{ 1343 struct mac_biba *subj, *obj, *new; 1344 1345 new = SLOT(newlabel); 1346 subj = SLOT(&cred->cr_label); 1347 obj = SLOT(pipelabel); 1348 1349 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1350 return (EINVAL); 1351 1352 /* 1353 * To relabel a pipe, the old pipe label must be in the subject 1354 * range. 1355 */ 1356 if (!mac_biba_single_in_range(obj, subj)) 1357 return (EPERM); 1358 1359 /* 1360 * To relabel a pipe, the new pipe label must be in the subject 1361 * range. 1362 */ 1363 if (!mac_biba_single_in_range(new, subj)) 1364 return (EPERM); 1365 1366 /* 1367 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1368 */ 1369 1370 return (0); 1371} 1372 1373static int 1374mac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1375 struct label *pipelabel) 1376{ 1377 struct mac_biba *subj, *obj; 1378 1379 if (!mac_biba_enabled) 1380 return (0); 1381 1382 subj = SLOT(&cred->cr_label); 1383 obj = SLOT((pipelabel)); 1384 1385 if (!mac_biba_dominate_single(obj, subj)) 1386 return (EACCES); 1387 1388 return (0); 1389} 1390 1391static int 1392mac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1393 struct label *pipelabel) 1394{ 1395 struct mac_biba *subj, *obj; 1396 1397 if (!mac_biba_enabled) 1398 return (0); 1399 1400 subj = SLOT(&cred->cr_label); 1401 obj = SLOT((pipelabel)); 1402 1403 if (!mac_biba_dominate_single(subj, obj)) 1404 return (EACCES); 1405 1406 return (0); 1407} 1408 1409static int 1410mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1411{ 1412 struct mac_biba *subj, *obj; 1413 1414 if (!mac_biba_enabled) 1415 return (0); 1416 1417 subj = SLOT(&cred->cr_label); 1418 obj = SLOT(&proc->p_ucred->cr_label); 1419 1420 /* XXX: range checks */ 1421 if (!mac_biba_dominate_single(obj, subj)) 1422 return (ESRCH); 1423 if (!mac_biba_dominate_single(subj, obj)) 1424 return (EACCES); 1425 1426 return (0); 1427} 1428 1429static int 1430mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1431{ 1432 struct mac_biba *subj, *obj; 1433 1434 if (!mac_biba_enabled) 1435 return (0); 1436 1437 subj = SLOT(&cred->cr_label); 1438 obj = SLOT(&proc->p_ucred->cr_label); 1439 1440 /* XXX: range checks */ 1441 if (!mac_biba_dominate_single(obj, subj)) 1442 return (ESRCH); 1443 if (!mac_biba_dominate_single(subj, obj)) 1444 return (EACCES); 1445 1446 return (0); 1447} 1448 1449static int 1450mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1451{ 1452 struct mac_biba *subj, *obj; 1453 1454 if (!mac_biba_enabled) 1455 return (0); 1456 1457 subj = SLOT(&cred->cr_label); 1458 obj = SLOT(&proc->p_ucred->cr_label); 1459 1460 /* XXX: range checks */ 1461 if (!mac_biba_dominate_single(obj, subj)) 1462 return (ESRCH); 1463 if (!mac_biba_dominate_single(subj, obj)) 1464 return (EACCES); 1465 1466 return (0); 1467} 1468 1469static int 1470mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1471 struct mbuf *m, struct label *mbuflabel) 1472{ 1473 struct mac_biba *p, *s; 1474 1475 if (!mac_biba_enabled) 1476 return (0); 1477 1478 p = SLOT(mbuflabel); 1479 s = SLOT(socketlabel); 1480 1481 return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1482} 1483 1484static int 1485mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, 1486 struct label *socketlabel, struct label *newlabel) 1487{ 1488 struct mac_biba *subj, *obj, *new; 1489 1490 new = SLOT(newlabel); 1491 subj = SLOT(&cred->cr_label); 1492 obj = SLOT(socketlabel); 1493 1494 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1495 return (EINVAL); 1496 1497 /* 1498 * To relabel a socket, the old socket label must be in the subject 1499 * range. 1500 */ 1501 if (!mac_biba_single_in_range(obj, subj)) 1502 return (EPERM); 1503 1504 /* 1505 * To relabel a socket, the new socket label must be in the subject 1506 * range. 1507 */ 1508 if (!mac_biba_single_in_range(new, subj)) 1509 return (EPERM); 1510 1511 /* 1512 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1513 */ 1514 1515 return (0); 1516} 1517 1518static int 1519mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1520 struct label *socketlabel) 1521{ 1522 struct mac_biba *subj, *obj; 1523 1524 subj = SLOT(&cred->cr_label); 1525 obj = SLOT(socketlabel); 1526 1527 if (!mac_biba_dominate_single(obj, subj)) 1528 return (ENOENT); 1529 1530 return (0); 1531} 1532 1533static int 1534mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp, 1535 struct label *label, mode_t flags) 1536{ 1537 1538 return (mac_biba_check_vnode_open(cred, vp, label, flags)); 1539} 1540 1541static int 1542mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1543 struct label *dlabel) 1544{ 1545 struct mac_biba *subj, *obj; 1546 1547 if (!mac_biba_enabled) 1548 return (0); 1549 1550 subj = SLOT(&cred->cr_label); 1551 obj = SLOT(dlabel); 1552 1553 if (!mac_biba_dominate_single(obj, subj)) 1554 return (EACCES); 1555 1556 return (0); 1557} 1558 1559static int 1560mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1561 struct label *dlabel) 1562{ 1563 struct mac_biba *subj, *obj; 1564 1565 if (!mac_biba_enabled) 1566 return (0); 1567 1568 subj = SLOT(&cred->cr_label); 1569 obj = SLOT(dlabel); 1570 1571 if (!mac_biba_dominate_single(obj, subj)) 1572 return (EACCES); 1573 1574 return (0); 1575} 1576 1577static int 1578mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1579 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1580{ 1581 struct mac_biba *subj, *obj; 1582 1583 if (!mac_biba_enabled) 1584 return (0); 1585 1586 subj = SLOT(&cred->cr_label); 1587 obj = SLOT(dlabel); 1588 1589 if (!mac_biba_dominate_single(subj, obj)) 1590 return (EACCES); 1591 1592 return (0); 1593} 1594 1595static int 1596mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1597 struct label *dlabel, struct vnode *vp, struct label *label, 1598 struct componentname *cnp) 1599{ 1600 struct mac_biba *subj, *obj; 1601 1602 if (!mac_biba_enabled) 1603 return (0); 1604 1605 subj = SLOT(&cred->cr_label); 1606 obj = SLOT(dlabel); 1607 1608 if (!mac_biba_dominate_single(subj, obj)) 1609 return (EACCES); 1610 1611 obj = SLOT(label); 1612 1613 if (!mac_biba_dominate_single(subj, obj)) 1614 return (EACCES); 1615 1616 return (0); 1617} 1618 1619static int 1620mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1621 struct label *label, acl_type_t type) 1622{ 1623 struct mac_biba *subj, *obj; 1624 1625 if (!mac_biba_enabled) 1626 return (0); 1627 1628 subj = SLOT(&cred->cr_label); 1629 obj = SLOT(label); 1630 1631 if (!mac_biba_dominate_single(subj, obj)) 1632 return (EACCES); 1633 1634 return (0); 1635} 1636 1637static int 1638mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1639 struct label *label) 1640{ 1641 struct mac_biba *subj, *obj; 1642 1643 if (!mac_biba_enabled) 1644 return (0); 1645 1646 subj = SLOT(&cred->cr_label); 1647 obj = SLOT(label); 1648 1649 if (!mac_biba_dominate_single(obj, subj)) 1650 return (EACCES); 1651 1652 return (0); 1653} 1654 1655static int 1656mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1657 struct label *label, acl_type_t type) 1658{ 1659 struct mac_biba *subj, *obj; 1660 1661 if (!mac_biba_enabled) 1662 return (0); 1663 1664 subj = SLOT(&cred->cr_label); 1665 obj = SLOT(label); 1666 1667 if (!mac_biba_dominate_single(obj, subj)) 1668 return (EACCES); 1669 1670 return (0); 1671} 1672 1673static int 1674mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1675 struct label *label, int attrnamespace, const char *name, struct uio *uio) 1676{ 1677 struct mac_biba *subj, *obj; 1678 1679 if (!mac_biba_enabled) 1680 return (0); 1681 1682 subj = SLOT(&cred->cr_label); 1683 obj = SLOT(label); 1684 1685 if (!mac_biba_dominate_single(obj, subj)) 1686 return (EACCES); 1687 1688 return (0); 1689} 1690 1691static int 1692mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1693 struct label *dlabel, struct componentname *cnp) 1694{ 1695 struct mac_biba *subj, *obj; 1696 1697 if (!mac_biba_enabled) 1698 return (0); 1699 1700 subj = SLOT(&cred->cr_label); 1701 obj = SLOT(dlabel); 1702 1703 if (!mac_biba_dominate_single(obj, subj)) 1704 return (EACCES); 1705 1706 return (0); 1707} 1708 1709static int 1710mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 1711 struct label *vnodelabel, mode_t acc_mode) 1712{ 1713 struct mac_biba *subj, *obj; 1714 1715 if (!mac_biba_enabled) 1716 return (0); 1717 1718 subj = SLOT(&cred->cr_label); 1719 obj = SLOT(vnodelabel); 1720 1721 /* XXX privilege override for admin? */ 1722 if (acc_mode & (VREAD | VEXEC | VSTAT)) { 1723 if (!mac_biba_dominate_single(obj, subj)) 1724 return (EACCES); 1725 } 1726 if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 1727 if (!mac_biba_dominate_single(subj, obj)) 1728 return (EACCES); 1729 } 1730 1731 return (0); 1732} 1733 1734static int 1735mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1736 struct vnode *vp, struct label *label) 1737{ 1738 struct mac_biba *subj, *obj; 1739 1740 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1741 return (0); 1742 1743 subj = SLOT(&active_cred->cr_label); 1744 obj = SLOT(label); 1745 1746 if (!mac_biba_dominate_single(obj, subj)) 1747 return (EACCES); 1748 1749 return (0); 1750} 1751 1752static int 1753mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1754 struct vnode *vp, struct label *label) 1755{ 1756 struct mac_biba *subj, *obj; 1757 1758 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1759 return (0); 1760 1761 subj = SLOT(&active_cred->cr_label); 1762 obj = SLOT(label); 1763 1764 if (!mac_biba_dominate_single(obj, subj)) 1765 return (EACCES); 1766 1767 return (0); 1768} 1769 1770static int 1771mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 1772 struct label *dlabel) 1773{ 1774 struct mac_biba *subj, *obj; 1775 1776 if (!mac_biba_enabled) 1777 return (0); 1778 1779 subj = SLOT(&cred->cr_label); 1780 obj = SLOT(dlabel); 1781 1782 if (!mac_biba_dominate_single(obj, subj)) 1783 return (EACCES); 1784 1785 return (0); 1786} 1787 1788static int 1789mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1790 struct label *label) 1791{ 1792 struct mac_biba *subj, *obj; 1793 1794 if (!mac_biba_enabled) 1795 return (0); 1796 1797 subj = SLOT(&cred->cr_label); 1798 obj = SLOT(label); 1799 1800 if (!mac_biba_dominate_single(obj, subj)) 1801 return (EACCES); 1802 1803 return (0); 1804} 1805 1806static int 1807mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1808 struct label *vnodelabel, struct label *newlabel) 1809{ 1810 struct mac_biba *old, *new, *subj; 1811 1812 old = SLOT(vnodelabel); 1813 new = SLOT(newlabel); 1814 subj = SLOT(&cred->cr_label); 1815 1816 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1817 return (EINVAL); 1818 1819 /* 1820 * To relabel a vnode, the old vnode label must be in the subject 1821 * range. 1822 */ 1823 if (!mac_biba_single_in_range(old, subj)) 1824 return (EPERM); 1825 1826 /* 1827 * To relabel a vnode, the new vnode label must be in the subject 1828 * range. 1829 */ 1830 if (!mac_biba_single_in_range(new, subj)) 1831 return (EPERM); 1832 1833 /* 1834 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1835 */ 1836 1837 return (suser_cred(cred, 0)); 1838} 1839 1840static int 1841mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1842 struct label *dlabel, struct vnode *vp, struct label *label, 1843 struct componentname *cnp) 1844{ 1845 struct mac_biba *subj, *obj; 1846 1847 if (!mac_biba_enabled) 1848 return (0); 1849 1850 subj = SLOT(&cred->cr_label); 1851 obj = SLOT(dlabel); 1852 1853 if (!mac_biba_dominate_single(subj, obj)) 1854 return (EACCES); 1855 1856 obj = SLOT(label); 1857 1858 if (!mac_biba_dominate_single(subj, obj)) 1859 return (EACCES); 1860 1861 return (0); 1862} 1863 1864static int 1865mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1866 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1867 struct componentname *cnp) 1868{ 1869 struct mac_biba *subj, *obj; 1870 1871 if (!mac_biba_enabled) 1872 return (0); 1873 1874 subj = SLOT(&cred->cr_label); 1875 obj = SLOT(dlabel); 1876 1877 if (!mac_biba_dominate_single(subj, obj)) 1878 return (EACCES); 1879 1880 if (vp != NULL) { 1881 obj = SLOT(label); 1882 1883 if (!mac_biba_dominate_single(subj, obj)) 1884 return (EACCES); 1885 } 1886 1887 return (0); 1888} 1889 1890static int 1891mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1892 struct label *label) 1893{ 1894 struct mac_biba *subj, *obj; 1895 1896 if (!mac_biba_enabled) 1897 return (0); 1898 1899 subj = SLOT(&cred->cr_label); 1900 obj = SLOT(label); 1901 1902 if (!mac_biba_dominate_single(subj, obj)) 1903 return (EACCES); 1904 1905 return (0); 1906} 1907 1908static int 1909mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1910 struct label *label, acl_type_t type, struct acl *acl) 1911{ 1912 struct mac_biba *subj, *obj; 1913 1914 if (!mac_biba_enabled) 1915 return (0); 1916 1917 subj = SLOT(&cred->cr_label); 1918 obj = SLOT(label); 1919 1920 if (!mac_biba_dominate_single(subj, obj)) 1921 return (EACCES); 1922 1923 return (0); 1924} 1925 1926static int 1927mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1928 struct label *vnodelabel, int attrnamespace, const char *name, 1929 struct uio *uio) 1930{ 1931 struct mac_biba *subj, *obj; 1932 1933 if (!mac_biba_enabled) 1934 return (0); 1935 1936 subj = SLOT(&cred->cr_label); 1937 obj = SLOT(vnodelabel); 1938 1939 if (!mac_biba_dominate_single(subj, obj)) 1940 return (EACCES); 1941 1942 /* XXX: protect the MAC EA in a special way? */ 1943 1944 return (0); 1945} 1946 1947static int 1948mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1949 struct label *vnodelabel, u_long flags) 1950{ 1951 struct mac_biba *subj, *obj; 1952 1953 if (!mac_biba_enabled) 1954 return (0); 1955 1956 subj = SLOT(&cred->cr_label); 1957 obj = SLOT(vnodelabel); 1958 1959 if (!mac_biba_dominate_single(subj, obj)) 1960 return (EACCES); 1961 1962 return (0); 1963} 1964 1965static int 1966mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1967 struct label *vnodelabel, mode_t mode) 1968{ 1969 struct mac_biba *subj, *obj; 1970 1971 if (!mac_biba_enabled) 1972 return (0); 1973 1974 subj = SLOT(&cred->cr_label); 1975 obj = SLOT(vnodelabel); 1976 1977 if (!mac_biba_dominate_single(subj, obj)) 1978 return (EACCES); 1979 1980 return (0); 1981} 1982 1983static int 1984mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1985 struct label *vnodelabel, uid_t uid, gid_t gid) 1986{ 1987 struct mac_biba *subj, *obj; 1988 1989 if (!mac_biba_enabled) 1990 return (0); 1991 1992 subj = SLOT(&cred->cr_label); 1993 obj = SLOT(vnodelabel); 1994 1995 if (!mac_biba_dominate_single(subj, obj)) 1996 return (EACCES); 1997 1998 return (0); 1999} 2000 2001static int 2002mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2003 struct label *vnodelabel, struct timespec atime, struct timespec mtime) 2004{ 2005 struct mac_biba *subj, *obj; 2006 2007 if (!mac_biba_enabled) 2008 return (0); 2009 2010 subj = SLOT(&cred->cr_label); 2011 obj = SLOT(vnodelabel); 2012 2013 if (!mac_biba_dominate_single(subj, obj)) 2014 return (EACCES); 2015 2016 return (0); 2017} 2018 2019static int 2020mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2021 struct vnode *vp, struct label *vnodelabel) 2022{ 2023 struct mac_biba *subj, *obj; 2024 2025 if (!mac_biba_enabled) 2026 return (0); 2027 2028 subj = SLOT(&active_cred->cr_label); 2029 obj = SLOT(vnodelabel); 2030 2031 if (!mac_biba_dominate_single(obj, subj)) 2032 return (EACCES); 2033 2034 return (0); 2035} 2036 2037static int 2038mac_biba_check_vnode_write(struct ucred *active_cred, 2039 struct ucred *file_cred, struct vnode *vp, struct label *label) 2040{ 2041 struct mac_biba *subj, *obj; 2042 2043 if (!mac_biba_enabled || !mac_biba_revocation_enabled) 2044 return (0); 2045 2046 subj = SLOT(&active_cred->cr_label); 2047 obj = SLOT(label); 2048 2049 if (!mac_biba_dominate_single(subj, obj)) 2050 return (EACCES); 2051 2052 return (0); 2053} 2054 2055static vm_prot_t 2056mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, 2057 struct label *label, int newmapping) 2058{ 2059 struct mac_biba *subj, *obj; 2060 vm_prot_t prot = 0; 2061 2062 if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) 2063 return (VM_PROT_ALL); 2064 2065 subj = SLOT(&cred->cr_label); 2066 obj = SLOT(label); 2067 2068 if (mac_biba_dominate_single(obj, subj)) 2069 prot |= VM_PROT_READ | VM_PROT_EXECUTE; 2070 if (mac_biba_dominate_single(subj, obj)) 2071 prot |= VM_PROT_WRITE; 2072 return (prot); 2073} 2074 2075static struct mac_policy_op_entry mac_biba_ops[] = 2076{ 2077 { MAC_DESTROY, 2078 (macop_t)mac_biba_destroy }, 2079 { MAC_INIT, 2080 (macop_t)mac_biba_init }, 2081 { MAC_INIT_BPFDESC, 2082 (macop_t)mac_biba_init_bpfdesc }, 2083 { MAC_INIT_CRED, 2084 (macop_t)mac_biba_init_cred }, 2085 { MAC_INIT_DEVFSDIRENT, 2086 (macop_t)mac_biba_init_devfsdirent }, 2087 { MAC_INIT_IFNET, 2088 (macop_t)mac_biba_init_ifnet }, 2089 { MAC_INIT_IPQ, 2090 (macop_t)mac_biba_init_ipq }, 2091 { MAC_INIT_MBUF, 2092 (macop_t)mac_biba_init_mbuf }, 2093 { MAC_INIT_MOUNT, 2094 (macop_t)mac_biba_init_mount }, 2095 { MAC_INIT_PIPE, 2096 (macop_t)mac_biba_init_pipe }, 2097 { MAC_INIT_SOCKET, 2098 (macop_t)mac_biba_init_socket }, 2099 { MAC_INIT_TEMP, 2100 (macop_t)mac_biba_init_temp }, 2101 { MAC_INIT_VNODE, 2102 (macop_t)mac_biba_init_vnode }, 2103 { MAC_DESTROY_BPFDESC, 2104 (macop_t)mac_biba_destroy_bpfdesc }, 2105 { MAC_DESTROY_CRED, 2106 (macop_t)mac_biba_destroy_cred }, 2107 { MAC_DESTROY_DEVFSDIRENT, 2108 (macop_t)mac_biba_destroy_devfsdirent }, 2109 { MAC_DESTROY_IFNET, 2110 (macop_t)mac_biba_destroy_ifnet }, 2111 { MAC_DESTROY_IPQ, 2112 (macop_t)mac_biba_destroy_ipq }, 2113 { MAC_DESTROY_MBUF, 2114 (macop_t)mac_biba_destroy_mbuf }, 2115 { MAC_DESTROY_MOUNT, 2116 (macop_t)mac_biba_destroy_mount }, 2117 { MAC_DESTROY_PIPE, 2118 (macop_t)mac_biba_destroy_pipe }, 2119 { MAC_DESTROY_SOCKET, 2120 (macop_t)mac_biba_destroy_socket }, 2121 { MAC_DESTROY_TEMP, 2122 (macop_t)mac_biba_destroy_temp }, 2123 { MAC_DESTROY_VNODE, 2124 (macop_t)mac_biba_destroy_vnode }, 2125 { MAC_EXTERNALIZE, 2126 (macop_t)mac_biba_externalize }, 2127 { MAC_INTERNALIZE, 2128 (macop_t)mac_biba_internalize }, 2129 { MAC_CREATE_DEVFS_DEVICE, 2130 (macop_t)mac_biba_create_devfs_device }, 2131 { MAC_CREATE_DEVFS_DIRECTORY, 2132 (macop_t)mac_biba_create_devfs_directory }, 2133 { MAC_CREATE_DEVFS_VNODE, 2134 (macop_t)mac_biba_create_devfs_vnode }, 2135 { MAC_CREATE_VNODE, 2136 (macop_t)mac_biba_create_vnode }, 2137 { MAC_CREATE_MOUNT, 2138 (macop_t)mac_biba_create_mount }, 2139 { MAC_CREATE_ROOT_MOUNT, 2140 (macop_t)mac_biba_create_root_mount }, 2141 { MAC_RELABEL_VNODE, 2142 (macop_t)mac_biba_relabel_vnode }, 2143 { MAC_UPDATE_DEVFSDIRENT, 2144 (macop_t)mac_biba_update_devfsdirent }, 2145 { MAC_UPDATE_PROCFSVNODE, 2146 (macop_t)mac_biba_update_procfsvnode }, 2147 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 2148 (macop_t)mac_biba_update_vnode_from_externalized }, 2149 { MAC_UPDATE_VNODE_FROM_MOUNT, 2150 (macop_t)mac_biba_update_vnode_from_mount }, 2151 { MAC_CREATE_MBUF_FROM_SOCKET, 2152 (macop_t)mac_biba_create_mbuf_from_socket }, 2153 { MAC_CREATE_PIPE, 2154 (macop_t)mac_biba_create_pipe }, 2155 { MAC_CREATE_SOCKET, 2156 (macop_t)mac_biba_create_socket }, 2157 { MAC_CREATE_SOCKET_FROM_SOCKET, 2158 (macop_t)mac_biba_create_socket_from_socket }, 2159 { MAC_RELABEL_PIPE, 2160 (macop_t)mac_biba_relabel_pipe }, 2161 { MAC_RELABEL_SOCKET, 2162 (macop_t)mac_biba_relabel_socket }, 2163 { MAC_SET_SOCKET_PEER_FROM_MBUF, 2164 (macop_t)mac_biba_set_socket_peer_from_mbuf }, 2165 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 2166 (macop_t)mac_biba_set_socket_peer_from_socket }, 2167 { MAC_CREATE_BPFDESC, 2168 (macop_t)mac_biba_create_bpfdesc }, 2169 { MAC_CREATE_DATAGRAM_FROM_IPQ, 2170 (macop_t)mac_biba_create_datagram_from_ipq }, 2171 { MAC_CREATE_FRAGMENT, 2172 (macop_t)mac_biba_create_fragment }, 2173 { MAC_CREATE_IFNET, 2174 (macop_t)mac_biba_create_ifnet }, 2175 { MAC_CREATE_IPQ, 2176 (macop_t)mac_biba_create_ipq }, 2177 { MAC_CREATE_MBUF_FROM_MBUF, 2178 (macop_t)mac_biba_create_mbuf_from_mbuf }, 2179 { MAC_CREATE_MBUF_LINKLAYER, 2180 (macop_t)mac_biba_create_mbuf_linklayer }, 2181 { MAC_CREATE_MBUF_FROM_BPFDESC, 2182 (macop_t)mac_biba_create_mbuf_from_bpfdesc }, 2183 { MAC_CREATE_MBUF_FROM_IFNET, 2184 (macop_t)mac_biba_create_mbuf_from_ifnet }, 2185 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 2186 (macop_t)mac_biba_create_mbuf_multicast_encap }, 2187 { MAC_CREATE_MBUF_NETLAYER, 2188 (macop_t)mac_biba_create_mbuf_netlayer }, 2189 { MAC_FRAGMENT_MATCH, 2190 (macop_t)mac_biba_fragment_match }, 2191 { MAC_RELABEL_IFNET, 2192 (macop_t)mac_biba_relabel_ifnet }, 2193 { MAC_UPDATE_IPQ, 2194 (macop_t)mac_biba_update_ipq }, 2195 { MAC_CREATE_CRED, 2196 (macop_t)mac_biba_create_cred }, 2197 { MAC_EXECVE_TRANSITION, 2198 (macop_t)mac_biba_execve_transition }, 2199 { MAC_EXECVE_WILL_TRANSITION, 2200 (macop_t)mac_biba_execve_will_transition }, 2201 { MAC_CREATE_PROC0, 2202 (macop_t)mac_biba_create_proc0 }, 2203 { MAC_CREATE_PROC1, 2204 (macop_t)mac_biba_create_proc1 }, 2205 { MAC_RELABEL_CRED, 2206 (macop_t)mac_biba_relabel_cred }, 2207 { MAC_CHECK_BPFDESC_RECEIVE, 2208 (macop_t)mac_biba_check_bpfdesc_receive }, 2209 { MAC_CHECK_CRED_RELABEL, 2210 (macop_t)mac_biba_check_cred_relabel }, 2211 { MAC_CHECK_CRED_VISIBLE, 2212 (macop_t)mac_biba_check_cred_visible }, 2213 { MAC_CHECK_IFNET_RELABEL, 2214 (macop_t)mac_biba_check_ifnet_relabel }, 2215 { MAC_CHECK_IFNET_TRANSMIT, 2216 (macop_t)mac_biba_check_ifnet_transmit }, 2217 { MAC_CHECK_MOUNT_STAT, 2218 (macop_t)mac_biba_check_mount_stat }, 2219 { MAC_CHECK_PIPE_IOCTL, 2220 (macop_t)mac_biba_check_pipe_ioctl }, 2221 { MAC_CHECK_PIPE_POLL, 2222 (macop_t)mac_biba_check_pipe_poll }, 2223 { MAC_CHECK_PIPE_READ, 2224 (macop_t)mac_biba_check_pipe_read }, 2225 { MAC_CHECK_PIPE_RELABEL, 2226 (macop_t)mac_biba_check_pipe_relabel }, 2227 { MAC_CHECK_PIPE_STAT, 2228 (macop_t)mac_biba_check_pipe_stat }, 2229 { MAC_CHECK_PIPE_WRITE, 2230 (macop_t)mac_biba_check_pipe_write }, 2231 { MAC_CHECK_PROC_DEBUG, 2232 (macop_t)mac_biba_check_proc_debug }, 2233 { MAC_CHECK_PROC_SCHED, 2234 (macop_t)mac_biba_check_proc_sched }, 2235 { MAC_CHECK_PROC_SIGNAL, 2236 (macop_t)mac_biba_check_proc_signal }, 2237 { MAC_CHECK_SOCKET_DELIVER, 2238 (macop_t)mac_biba_check_socket_deliver }, 2239 { MAC_CHECK_SOCKET_RELABEL, 2240 (macop_t)mac_biba_check_socket_relabel }, 2241 { MAC_CHECK_SOCKET_VISIBLE, 2242 (macop_t)mac_biba_check_socket_visible }, 2243 { MAC_CHECK_VNODE_ACCESS, 2244 (macop_t)mac_biba_check_vnode_access }, 2245 { MAC_CHECK_VNODE_CHDIR, 2246 (macop_t)mac_biba_check_vnode_chdir }, 2247 { MAC_CHECK_VNODE_CHROOT, 2248 (macop_t)mac_biba_check_vnode_chroot }, 2249 { MAC_CHECK_VNODE_CREATE, 2250 (macop_t)mac_biba_check_vnode_create }, 2251 { MAC_CHECK_VNODE_DELETE, 2252 (macop_t)mac_biba_check_vnode_delete }, 2253 { MAC_CHECK_VNODE_DELETEACL, 2254 (macop_t)mac_biba_check_vnode_deleteacl }, 2255 { MAC_CHECK_VNODE_EXEC, 2256 (macop_t)mac_biba_check_vnode_exec }, 2257 { MAC_CHECK_VNODE_GETACL, 2258 (macop_t)mac_biba_check_vnode_getacl }, 2259 { MAC_CHECK_VNODE_GETEXTATTR, 2260 (macop_t)mac_biba_check_vnode_getextattr }, 2261 { MAC_CHECK_VNODE_LOOKUP, 2262 (macop_t)mac_biba_check_vnode_lookup }, 2263 { MAC_CHECK_VNODE_OPEN, 2264 (macop_t)mac_biba_check_vnode_open }, 2265 { MAC_CHECK_VNODE_POLL, 2266 (macop_t)mac_biba_check_vnode_poll }, 2267 { MAC_CHECK_VNODE_READ, 2268 (macop_t)mac_biba_check_vnode_read }, 2269 { MAC_CHECK_VNODE_READDIR, 2270 (macop_t)mac_biba_check_vnode_readdir }, 2271 { MAC_CHECK_VNODE_READLINK, 2272 (macop_t)mac_biba_check_vnode_readlink }, 2273 { MAC_CHECK_VNODE_RELABEL, 2274 (macop_t)mac_biba_check_vnode_relabel }, 2275 { MAC_CHECK_VNODE_RENAME_FROM, 2276 (macop_t)mac_biba_check_vnode_rename_from }, 2277 { MAC_CHECK_VNODE_RENAME_TO, 2278 (macop_t)mac_biba_check_vnode_rename_to }, 2279 { MAC_CHECK_VNODE_REVOKE, 2280 (macop_t)mac_biba_check_vnode_revoke }, 2281 { MAC_CHECK_VNODE_SETACL, 2282 (macop_t)mac_biba_check_vnode_setacl }, 2283 { MAC_CHECK_VNODE_SETEXTATTR, 2284 (macop_t)mac_biba_check_vnode_setextattr }, 2285 { MAC_CHECK_VNODE_SETFLAGS, 2286 (macop_t)mac_biba_check_vnode_setflags }, 2287 { MAC_CHECK_VNODE_SETMODE, 2288 (macop_t)mac_biba_check_vnode_setmode }, 2289 { MAC_CHECK_VNODE_SETOWNER, 2290 (macop_t)mac_biba_check_vnode_setowner }, 2291 { MAC_CHECK_VNODE_SETUTIMES, 2292 (macop_t)mac_biba_check_vnode_setutimes }, 2293 { MAC_CHECK_VNODE_STAT, 2294 (macop_t)mac_biba_check_vnode_stat }, 2295 { MAC_CHECK_VNODE_WRITE, 2296 (macop_t)mac_biba_check_vnode_write }, 2297 { MAC_CHECK_VNODE_MMAP_PERMS, 2298 (macop_t)mac_biba_check_vnode_mmap_perms }, 2299 { MAC_OP_LAST, NULL } 2300}; 2301 2302MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2303 MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2304