ugidfw_vnode.c revision 106393
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8106393Srwatson * This software was developed for the FreeBSD Project in part by Network 9106393Srwatson * Associates Laboratories, the Security Research Division of Network 10106393Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11106393Srwatson * as part of the DARPA CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32101099Srwatson * SUCH DAMAGE. 33101099Srwatson * 34101099Srwatson * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 106393 2002-11-04 01:53:12Z rwatson $ 35101099Srwatson */ 36101099Srwatson/* 37101099Srwatson * Developed by the TrustedBSD Project. 38101099Srwatson * "BSD Extended" MAC policy, allowing the administrator to impose 39101099Srwatson * mandatory rules regarding users and some system objects. 40101099Srwatson * 41101099Srwatson * XXX: Much locking support required here. 42101099Srwatson */ 43101099Srwatson 44101099Srwatson#include <sys/types.h> 45101099Srwatson#include <sys/param.h> 46101099Srwatson#include <sys/acl.h> 47101099Srwatson#include <sys/conf.h> 48101099Srwatson#include <sys/kernel.h> 49101099Srwatson#include <sys/mac.h> 50101099Srwatson#include <sys/malloc.h> 51101099Srwatson#include <sys/mount.h> 52101099Srwatson#include <sys/proc.h> 53101099Srwatson#include <sys/systm.h> 54101099Srwatson#include <sys/sysproto.h> 55101099Srwatson#include <sys/sysent.h> 56101099Srwatson#include <sys/vnode.h> 57101099Srwatson#include <sys/file.h> 58101099Srwatson#include <sys/socket.h> 59101099Srwatson#include <sys/socketvar.h> 60101099Srwatson#include <sys/sysctl.h> 61101099Srwatson 62101099Srwatson#include <net/bpfdesc.h> 63101099Srwatson#include <net/if.h> 64101099Srwatson#include <net/if_types.h> 65101099Srwatson#include <net/if_var.h> 66101099Srwatson 67101099Srwatson#include <vm/vm.h> 68101099Srwatson 69101099Srwatson#include <sys/mac_policy.h> 70101099Srwatson 71101099Srwatson#include <security/mac_bsdextended/mac_bsdextended.h> 72101099Srwatson 73101099SrwatsonSYSCTL_DECL(_security_mac); 74101099Srwatson 75101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW, 0, 76101099Srwatson "TrustedBSD extended BSD MAC policy controls"); 77101099Srwatson 78101099Srwatsonstatic int mac_bsdextended_enabled = 1; 79101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, enabled, CTLFLAG_RW, 80101099Srwatson &mac_bsdextended_enabled, 0, "Enforce extended BSD policy"); 81101099SrwatsonTUNABLE_INT("security.mac.bsdextended.enabled", &mac_bsdextended_enabled); 82101099Srwatson 83101099SrwatsonMALLOC_DEFINE(M_MACBSDEXTENDED, "mac_bsdextended", "BSD Extended MAC rule"); 84101099Srwatson 85101099Srwatson#define MAC_BSDEXTENDED_MAXRULES 250 86101099Srwatsonstatic struct mac_bsdextended_rule *rules[MAC_BSDEXTENDED_MAXRULES]; 87101099Srwatsonstatic int rule_count = 0; 88101099Srwatsonstatic int rule_slots = 0; 89101099Srwatson 90101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 91101099Srwatson &rule_count, 0, "Number of defined rules\n"); 92101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 93101099Srwatson &rule_slots, 0, "Number of used rule slots\n"); 94101099Srwatson 95101099Srwatsonstatic int mac_bsdextended_debugging; 96101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, debugging, CTLFLAG_RW, 97101099Srwatson &mac_bsdextended_debugging, 0, "Enable debugging on failure"); 98101099Srwatson 99101099Srwatsonstatic int 100101099Srwatsonmac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 101101099Srwatson{ 102101099Srwatson 103101099Srwatson if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 104101099Srwatson return (EINVAL); 105101099Srwatson 106101099Srwatson if ((rule->mbr_object.mbi_flags | MBI_BITS) != MBI_BITS) 107101099Srwatson return (EINVAL); 108101099Srwatson 109101099Srwatson if ((rule->mbr_mode | VALLPERM) != VALLPERM) 110101099Srwatson return (EINVAL); 111101099Srwatson 112101099Srwatson return (0); 113101099Srwatson} 114101099Srwatson 115101099Srwatsonstatic int 116101099Srwatsonsysctl_rule(SYSCTL_HANDLER_ARGS) 117101099Srwatson{ 118101099Srwatson struct mac_bsdextended_rule temprule, *ruleptr; 119101099Srwatson u_int namelen; 120101099Srwatson int error, index, *name; 121101099Srwatson 122101099Srwatson name = (int *)arg1; 123101099Srwatson namelen = arg2; 124101099Srwatson 125101099Srwatson /* printf("bsdextended sysctl handler (namelen %d)\n", namelen); */ 126101099Srwatson 127101099Srwatson if (namelen != 1) 128101099Srwatson return (EINVAL); 129101099Srwatson 130101099Srwatson index = name[0]; 131101099Srwatson if (index < 0 || index > rule_slots + 1) 132101099Srwatson return (ENOENT); 133101099Srwatson if (rule_slots >= MAC_BSDEXTENDED_MAXRULES) 134101099Srwatson return (ENOENT); 135101099Srwatson 136101099Srwatson if (req->oldptr) { 137101099Srwatson if (rules[index] == NULL) 138101099Srwatson return (ENOENT); 139101099Srwatson 140101099Srwatson error = SYSCTL_OUT(req, rules[index], sizeof(*rules[index])); 141101099Srwatson if (error) 142101099Srwatson return (error); 143101099Srwatson } 144101099Srwatson 145101099Srwatson if (req->newptr) { 146101099Srwatson if (req->newlen == 0) { 147101099Srwatson /* printf("deletion\n"); */ 148101099Srwatson ruleptr = rules[index]; 149101099Srwatson if (ruleptr == NULL) 150101099Srwatson return (ENOENT); 151101099Srwatson rule_count--; 152101099Srwatson rules[index] = NULL; 153101099Srwatson FREE(ruleptr, M_MACBSDEXTENDED); 154101099Srwatson return(0); 155101099Srwatson } 156101099Srwatson error = SYSCTL_IN(req, &temprule, sizeof(temprule)); 157101099Srwatson if (error) 158101099Srwatson return (error); 159101099Srwatson 160101099Srwatson error = mac_bsdextended_rule_valid(&temprule); 161101099Srwatson if (error) 162101099Srwatson return (error); 163101099Srwatson 164101099Srwatson if (rules[index] == NULL) { 165101099Srwatson /* printf("addition\n"); */ 166101099Srwatson MALLOC(ruleptr, struct mac_bsdextended_rule *, 167101099Srwatson sizeof(*ruleptr), M_MACBSDEXTENDED, M_WAITOK | 168101099Srwatson M_ZERO); 169101099Srwatson *ruleptr = temprule; 170101099Srwatson rules[index] = ruleptr; 171101099Srwatson if (index+1 > rule_slots) 172101099Srwatson rule_slots = index+1; 173101099Srwatson rule_count++; 174101099Srwatson } else { 175101099Srwatson /* printf("replacement\n"); */ 176101099Srwatson *rules[index] = temprule; 177101099Srwatson } 178101099Srwatson } 179101099Srwatson 180101099Srwatson return (0); 181101099Srwatson} 182101099Srwatson 183101099SrwatsonSYSCTL_NODE(_security_mac_bsdextended, OID_AUTO, rules, 184101099Srwatson CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules"); 185101099Srwatson 186101099Srwatsonstatic void 187101099Srwatsonmac_bsdextended_init(struct mac_policy_conf *mpc) 188101099Srwatson{ 189101099Srwatson 190101099Srwatson /* Initialize ruleset lock. */ 191101099Srwatson /* Register dynamic sysctl's for rules. */ 192101099Srwatson} 193101099Srwatson 194101099Srwatsonstatic void 195101099Srwatsonmac_bsdextended_destroy(struct mac_policy_conf *mpc) 196101099Srwatson{ 197101099Srwatson 198101099Srwatson /* Tear down sysctls. */ 199101099Srwatson /* Destroy ruleset lock. */ 200101099Srwatson} 201101099Srwatson 202101099Srwatsonstatic int 203101099Srwatsonmac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, 204106212Srwatson struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode) 205101099Srwatson{ 206101099Srwatson int match; 207101099Srwatson 208101099Srwatson /* 209101099Srwatson * Is there a subject match? 210101099Srwatson */ 211101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_UID_DEFINED) { 212101099Srwatson match = (rule->mbr_subject.mbi_uid == cred->cr_uid || 213101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_ruid || 214101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_svuid); 215101099Srwatson 216101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 217101099Srwatson match = !match; 218101099Srwatson 219101099Srwatson if (!match) 220101099Srwatson return (0); 221101099Srwatson } 222101099Srwatson 223101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_GID_DEFINED) { 224101099Srwatson match = (groupmember(rule->mbr_subject.mbi_gid, cred) || 225101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_rgid || 226101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_svgid); 227101099Srwatson 228101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 229101099Srwatson match = !match; 230101099Srwatson 231101099Srwatson if (!match) 232101099Srwatson return (0); 233101099Srwatson } 234101099Srwatson 235101099Srwatson /* 236101099Srwatson * Is there an object match? 237101099Srwatson */ 238101099Srwatson if (rule->mbr_object.mbi_flags & MBI_UID_DEFINED) { 239101099Srwatson match = (rule->mbr_object.mbi_uid == object_uid); 240101099Srwatson 241101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 242101099Srwatson match = !match; 243101099Srwatson 244101099Srwatson if (!match) 245101099Srwatson return (0); 246101099Srwatson } 247101099Srwatson 248101099Srwatson if (rule->mbr_object.mbi_flags & MBI_GID_DEFINED) { 249101099Srwatson match = (rule->mbr_object.mbi_gid == object_gid); 250101099Srwatson 251101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 252101099Srwatson match = !match; 253101099Srwatson 254101099Srwatson if (!match) 255101099Srwatson return (0); 256101099Srwatson } 257101099Srwatson 258101099Srwatson /* 259101099Srwatson * Is the access permitted? 260101099Srwatson */ 261101099Srwatson if ((rule->mbr_mode & acc_mode) != acc_mode) { 262101099Srwatson if (mac_bsdextended_debugging) 263101099Srwatson printf("mac_bsdextended: %d:%d request %d on %d:%d" 264101099Srwatson " fails\n", cred->cr_ruid, cred->cr_rgid, 265101099Srwatson acc_mode, object_uid, object_gid); 266101099Srwatson return (EACCES); 267101099Srwatson } 268101099Srwatson 269101099Srwatson return (0); 270101099Srwatson} 271101099Srwatson 272101099Srwatsonstatic int 273101099Srwatsonmac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, 274106212Srwatson int acc_mode) 275101099Srwatson{ 276101099Srwatson int error, i; 277101099Srwatson 278101099Srwatson for (i = 0; i < rule_slots; i++) { 279101099Srwatson if (rules[i] == NULL) 280101099Srwatson continue; 281101099Srwatson 282101099Srwatson error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, 283101099Srwatson object_gid, acc_mode); 284101099Srwatson if (error) 285101099Srwatson return (error); 286101099Srwatson } 287101099Srwatson 288101099Srwatson return (0); 289101099Srwatson} 290101099Srwatson 291101099Srwatsonstatic int 292101099Srwatsonmac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 293106212Srwatson struct label *label, int acc_mode) 294101099Srwatson{ 295101099Srwatson struct vattr vap; 296101099Srwatson int error; 297101099Srwatson 298101099Srwatson if (!mac_bsdextended_enabled) 299101099Srwatson return (0); 300101099Srwatson 301101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 302101099Srwatson if (error) 303101099Srwatson return (error); 304106212Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); 305101099Srwatson} 306101099Srwatson 307101099Srwatsonstatic int 308101099Srwatsonmac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 309101099Srwatson struct label *dlabel) 310101099Srwatson{ 311101099Srwatson struct vattr vap; 312101099Srwatson int error; 313101099Srwatson 314101099Srwatson if (!mac_bsdextended_enabled) 315101099Srwatson return (0); 316101099Srwatson 317101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 318101099Srwatson if (error) 319101099Srwatson return (error); 320101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 321101099Srwatson} 322101099Srwatson 323101099Srwatsonstatic int 324101099Srwatsonmac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 325101099Srwatson struct label *dlabel) 326101099Srwatson{ 327101099Srwatson struct vattr vap; 328101099Srwatson int error; 329101099Srwatson 330101099Srwatson if (!mac_bsdextended_enabled) 331101099Srwatson return (0); 332101099Srwatson 333101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 334101099Srwatson if (error) 335101099Srwatson return (error); 336101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 337101099Srwatson} 338101099Srwatson 339101099Srwatsonstatic int 340101099Srwatsonmac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 341101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 342101099Srwatson{ 343101099Srwatson struct vattr dvap; 344101099Srwatson int error; 345101099Srwatson 346101099Srwatson if (!mac_bsdextended_enabled) 347101099Srwatson return (0); 348101099Srwatson 349101099Srwatson error = VOP_GETATTR(dvp, &dvap, cred, curthread); 350101099Srwatson if (error) 351101099Srwatson return (error); 352101099Srwatson return (mac_bsdextended_check(cred, dvap.va_uid, dvap.va_gid, VWRITE)); 353101099Srwatson} 354101099Srwatson 355101099Srwatsonstatic int 356101099Srwatsonmac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 357101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 358101099Srwatson struct componentname *cnp) 359101099Srwatson{ 360101099Srwatson struct vattr vap; 361101099Srwatson int error; 362101099Srwatson 363101099Srwatson if (!mac_bsdextended_enabled) 364101099Srwatson return (0); 365101099Srwatson 366101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 367101099Srwatson if (error) 368101099Srwatson return (error); 369101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 370101099Srwatson if (error) 371101099Srwatson return (error); 372101099Srwatson 373101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 374101099Srwatson if (error) 375101099Srwatson return (error); 376101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 377101099Srwatson} 378101099Srwatson 379101099Srwatsonstatic int 380101099Srwatsonmac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 381101099Srwatson struct label *label, acl_type_t type) 382101099Srwatson{ 383101099Srwatson struct vattr vap; 384101099Srwatson int error; 385101099Srwatson 386101099Srwatson if (!mac_bsdextended_enabled) 387101099Srwatson return (0); 388101099Srwatson 389101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 390101099Srwatson if (error) 391101099Srwatson return (error); 392101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 393101099Srwatson} 394101099Srwatson 395101099Srwatsonstatic int 396101099Srwatsonmac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 397101099Srwatson struct label *label) 398101099Srwatson{ 399101099Srwatson struct vattr vap; 400101099Srwatson int error; 401101099Srwatson 402101099Srwatson if (!mac_bsdextended_enabled) 403101099Srwatson return (0); 404101099Srwatson 405101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 406101099Srwatson if (error) 407101099Srwatson return (error); 408101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 409101099Srwatson VREAD|VEXEC)); 410101099Srwatson} 411101099Srwatson 412101099Srwatsonstatic int 413101099Srwatsonmac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 414101099Srwatson struct label *label, acl_type_t type) 415101099Srwatson{ 416101099Srwatson struct vattr vap; 417101099Srwatson int error; 418101099Srwatson 419101099Srwatson if (!mac_bsdextended_enabled) 420101099Srwatson return (0); 421101099Srwatson 422101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 423101099Srwatson if (error) 424101099Srwatson return (error); 425101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VSTAT)); 426101099Srwatson} 427101099Srwatson 428101099Srwatsonstatic int 429101099Srwatsonmac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 430101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 431101099Srwatson{ 432101099Srwatson struct vattr vap; 433101099Srwatson int error; 434101099Srwatson 435101099Srwatson if (!mac_bsdextended_enabled) 436101099Srwatson return (0); 437101099Srwatson 438101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 439101099Srwatson if (error) 440101099Srwatson return (error); 441101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 442101099Srwatson} 443101099Srwatson 444101099Srwatsonstatic int 445104530Srwatsonmac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, 446104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 447104530Srwatson struct componentname *cnp) 448104530Srwatson{ 449104530Srwatson struct vattr vap; 450104530Srwatson int error; 451104530Srwatson 452104530Srwatson if (!mac_bsdextended_enabled) 453104530Srwatson return (0); 454104530Srwatson 455104530Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 456104530Srwatson if (error) 457104530Srwatson return (error); 458104530Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 459106214Srwatson if (error) 460106214Srwatson return (error); 461104530Srwatson 462104530Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 463104530Srwatson if (error) 464104530Srwatson return (error); 465104530Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 466104530Srwatson if (error) 467104530Srwatson return (error); 468104530Srwatson return (0); 469104530Srwatson} 470104530Srwatson 471104530Srwatsonstatic int 472101099Srwatsonmac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 473101099Srwatson struct label *dlabel, struct componentname *cnp) 474101099Srwatson{ 475101099Srwatson struct vattr vap; 476101099Srwatson int error; 477101099Srwatson 478101099Srwatson if (!mac_bsdextended_enabled) 479101099Srwatson return (0); 480101099Srwatson 481101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 482101099Srwatson if (error) 483101099Srwatson return (error); 484101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 485101099Srwatson} 486101099Srwatson 487101099Srwatsonstatic int 488101099Srwatsonmac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, 489106212Srwatson struct label *filelabel, int acc_mode) 490101099Srwatson{ 491101099Srwatson struct vattr vap; 492101099Srwatson int error; 493101099Srwatson 494101099Srwatson if (!mac_bsdextended_enabled) 495101099Srwatson return (0); 496101099Srwatson 497101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 498101099Srwatson if (error) 499101099Srwatson return (error); 500101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); 501101099Srwatson} 502101099Srwatson 503101099Srwatsonstatic int 504101099Srwatsonmac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 505101099Srwatson struct label *dlabel) 506101099Srwatson{ 507101099Srwatson struct vattr vap; 508101099Srwatson int error; 509101099Srwatson 510101099Srwatson if (!mac_bsdextended_enabled) 511101099Srwatson return (0); 512101099Srwatson 513101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 514101099Srwatson if (error) 515101099Srwatson return (error); 516101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 517101099Srwatson} 518101099Srwatson 519101099Srwatsonstatic int 520101099Srwatsonmac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, 521101099Srwatson struct label *label) 522101099Srwatson{ 523101099Srwatson struct vattr vap; 524101099Srwatson int error; 525101099Srwatson 526101099Srwatson if (!mac_bsdextended_enabled) 527101099Srwatson return (0); 528101099Srwatson 529101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 530101099Srwatson if (error) 531101099Srwatson return (error); 532101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 533101099Srwatson} 534101099Srwatson 535101099Srwatsonstatic int 536101099Srwatsonmac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 537101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 538101099Srwatson struct componentname *cnp) 539101099Srwatson{ 540101099Srwatson struct vattr vap; 541101099Srwatson int error; 542101099Srwatson 543101099Srwatson if (!mac_bsdextended_enabled) 544101099Srwatson return (0); 545101099Srwatson 546101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 547101099Srwatson if (error) 548101099Srwatson return (error); 549101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 550101099Srwatson if (error) 551101099Srwatson return (error); 552101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 553101099Srwatson if (error) 554101099Srwatson return (error); 555101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 556101099Srwatson 557101099Srwatson return (error); 558101099Srwatson} 559101099Srwatson 560101099Srwatsonstatic int 561101099Srwatsonmac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 562101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 563101099Srwatson struct componentname *cnp) 564101099Srwatson{ 565101099Srwatson struct vattr vap; 566101099Srwatson int error; 567101099Srwatson 568101099Srwatson if (!mac_bsdextended_enabled) 569101099Srwatson return (0); 570101099Srwatson 571101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 572101099Srwatson if (error) 573101099Srwatson return (error); 574101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 575101099Srwatson if (error) 576101099Srwatson return (error); 577101099Srwatson 578101099Srwatson if (vp != NULL) { 579101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 580101099Srwatson if (error) 581101099Srwatson return (error); 582101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 583101099Srwatson VWRITE); 584101099Srwatson } 585101099Srwatson 586101099Srwatson return (error); 587101099Srwatson} 588101099Srwatson 589101099Srwatsonstatic int 590101099Srwatsonmac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 591101099Srwatson struct label *label) 592101099Srwatson{ 593101099Srwatson struct vattr vap; 594101099Srwatson int error; 595101099Srwatson 596101099Srwatson if (!mac_bsdextended_enabled) 597101099Srwatson return (0); 598101099Srwatson 599101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 600101099Srwatson if (error) 601101099Srwatson return (error); 602101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 603101099Srwatson} 604101099Srwatson 605101099Srwatsonstatic int 606101099Srwatsonmac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, 607101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 608101099Srwatson{ 609101099Srwatson struct vattr vap; 610101099Srwatson int error; 611101099Srwatson 612101099Srwatson if (!mac_bsdextended_enabled) 613101099Srwatson return (0); 614101099Srwatson 615101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 616101099Srwatson if (error) 617101099Srwatson return (error); 618101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 619101099Srwatson} 620101099Srwatson 621101099Srwatsonstatic int 622101099Srwatsonmac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 623101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 624101099Srwatson{ 625101099Srwatson struct vattr vap; 626101099Srwatson int error; 627101099Srwatson 628101099Srwatson if (!mac_bsdextended_enabled) 629101099Srwatson return (0); 630101099Srwatson 631101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 632101099Srwatson if (error) 633101099Srwatson return (error); 634101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 635101099Srwatson} 636101099Srwatson 637101099Srwatsonstatic int 638101099Srwatsonmac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 639101099Srwatson struct label *label, u_long flags) 640101099Srwatson{ 641101099Srwatson struct vattr vap; 642101099Srwatson int error; 643101099Srwatson 644101099Srwatson if (!mac_bsdextended_enabled) 645101099Srwatson return (0); 646101099Srwatson 647101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 648101099Srwatson if (error) 649101099Srwatson return (error); 650101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 651101099Srwatson} 652101099Srwatson 653101099Srwatsonstatic int 654101099Srwatsonmac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 655101099Srwatson struct label *label, mode_t mode) 656101099Srwatson{ 657101099Srwatson struct vattr vap; 658101099Srwatson int error; 659101099Srwatson 660101099Srwatson if (!mac_bsdextended_enabled) 661101099Srwatson return (0); 662101099Srwatson 663101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 664101099Srwatson if (error) 665101099Srwatson return (error); 666101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 667101099Srwatson} 668101099Srwatson 669101099Srwatsonstatic int 670101099Srwatsonmac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 671101099Srwatson struct label *label, uid_t uid, gid_t gid) 672101099Srwatson{ 673101099Srwatson struct vattr vap; 674101099Srwatson int error; 675101099Srwatson 676101099Srwatson if (!mac_bsdextended_enabled) 677101099Srwatson return (0); 678101099Srwatson 679101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 680101099Srwatson if (error) 681101099Srwatson return (error); 682101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 683101099Srwatson} 684101099Srwatson 685101099Srwatsonstatic int 686101099Srwatsonmac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 687101099Srwatson struct label *label, struct timespec atime, struct timespec utime) 688101099Srwatson{ 689101099Srwatson struct vattr vap; 690101099Srwatson int error; 691101099Srwatson 692101099Srwatson if (!mac_bsdextended_enabled) 693101099Srwatson return (0); 694101099Srwatson 695101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 696101099Srwatson if (error) 697101099Srwatson return (error); 698101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 699101099Srwatson} 700101099Srwatson 701101099Srwatsonstatic int 702102129Srwatsonmac_bsdextended_check_vnode_stat(struct ucred *active_cred, 703102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 704101099Srwatson{ 705101099Srwatson struct vattr vap; 706101099Srwatson int error; 707101099Srwatson 708101099Srwatson if (!mac_bsdextended_enabled) 709101099Srwatson return (0); 710101099Srwatson 711102129Srwatson error = VOP_GETATTR(vp, &vap, active_cred, curthread); 712101099Srwatson if (error) 713101099Srwatson return (error); 714102129Srwatson return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 715102129Srwatson VSTAT)); 716101099Srwatson} 717101099Srwatson 718106217Srwatsonstatic struct mac_policy_ops mac_bsdextended_ops = 719101099Srwatson{ 720106217Srwatson .mpo_destroy = mac_bsdextended_destroy, 721106217Srwatson .mpo_init = mac_bsdextended_init, 722106217Srwatson .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 723106217Srwatson .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 724106217Srwatson .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 725106217Srwatson .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, 726106217Srwatson .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, 727106217Srwatson .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 728106217Srwatson .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 729106217Srwatson .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, 730106217Srwatson .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, 731106217Srwatson .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, 732106217Srwatson .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, 733106217Srwatson .mpo_check_vnode_open = mac_bsdextended_check_vnode_open, 734106217Srwatson .mpo_check_vnode_readdir = mac_bsdextended_check_vnode_readdir, 735106217Srwatson .mpo_check_vnode_readlink = mac_bsdextended_check_vnode_readdlink, 736106217Srwatson .mpo_check_vnode_rename_from = mac_bsdextended_check_vnode_rename_from, 737106217Srwatson .mpo_check_vnode_rename_to = mac_bsdextended_check_vnode_rename_to, 738106217Srwatson .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke, 739106217Srwatson .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode, 740106217Srwatson .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr, 741106217Srwatson .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags, 742106217Srwatson .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode, 743106217Srwatson .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner, 744106217Srwatson .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes, 745106217Srwatson .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat, 746101099Srwatson}; 747101099Srwatson 748106217SrwatsonMAC_POLICY_SET(&mac_bsdextended_ops, trustedbsd_mac_bsdextended, 749101099Srwatson "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); 750