ugidfw_vnode.c revision 106648
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8106393Srwatson * This software was developed for the FreeBSD Project in part by Network 9106393Srwatson * Associates Laboratories, the Security Research Division of Network 10106393Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11106393Srwatson * as part of the DARPA CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32101099Srwatson * SUCH DAMAGE. 33101099Srwatson * 34101099Srwatson * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 106648 2002-11-08 18:04:36Z rwatson $ 35101099Srwatson */ 36101099Srwatson/* 37101099Srwatson * Developed by the TrustedBSD Project. 38101099Srwatson * "BSD Extended" MAC policy, allowing the administrator to impose 39101099Srwatson * mandatory rules regarding users and some system objects. 40101099Srwatson * 41101099Srwatson * XXX: Much locking support required here. 42101099Srwatson */ 43101099Srwatson 44101099Srwatson#include <sys/types.h> 45101099Srwatson#include <sys/param.h> 46101099Srwatson#include <sys/acl.h> 47101099Srwatson#include <sys/conf.h> 48101099Srwatson#include <sys/kernel.h> 49101099Srwatson#include <sys/mac.h> 50101099Srwatson#include <sys/malloc.h> 51101099Srwatson#include <sys/mount.h> 52101099Srwatson#include <sys/proc.h> 53101099Srwatson#include <sys/systm.h> 54101099Srwatson#include <sys/sysproto.h> 55101099Srwatson#include <sys/sysent.h> 56101099Srwatson#include <sys/vnode.h> 57101099Srwatson#include <sys/file.h> 58101099Srwatson#include <sys/socket.h> 59101099Srwatson#include <sys/socketvar.h> 60101099Srwatson#include <sys/sysctl.h> 61101099Srwatson 62101099Srwatson#include <net/bpfdesc.h> 63101099Srwatson#include <net/if.h> 64101099Srwatson#include <net/if_types.h> 65101099Srwatson#include <net/if_var.h> 66101099Srwatson 67101099Srwatson#include <vm/vm.h> 68101099Srwatson 69101099Srwatson#include <sys/mac_policy.h> 70101099Srwatson 71101099Srwatson#include <security/mac_bsdextended/mac_bsdextended.h> 72101099Srwatson 73101099SrwatsonSYSCTL_DECL(_security_mac); 74101099Srwatson 75101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW, 0, 76101099Srwatson "TrustedBSD extended BSD MAC policy controls"); 77101099Srwatson 78101099Srwatsonstatic int mac_bsdextended_enabled = 1; 79101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, enabled, CTLFLAG_RW, 80101099Srwatson &mac_bsdextended_enabled, 0, "Enforce extended BSD policy"); 81101099SrwatsonTUNABLE_INT("security.mac.bsdextended.enabled", &mac_bsdextended_enabled); 82101099Srwatson 83101099SrwatsonMALLOC_DEFINE(M_MACBSDEXTENDED, "mac_bsdextended", "BSD Extended MAC rule"); 84101099Srwatson 85101099Srwatson#define MAC_BSDEXTENDED_MAXRULES 250 86101099Srwatsonstatic struct mac_bsdextended_rule *rules[MAC_BSDEXTENDED_MAXRULES]; 87101099Srwatsonstatic int rule_count = 0; 88101099Srwatsonstatic int rule_slots = 0; 89101099Srwatson 90101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 91101099Srwatson &rule_count, 0, "Number of defined rules\n"); 92101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 93101099Srwatson &rule_slots, 0, "Number of used rule slots\n"); 94101099Srwatson 95101099Srwatsonstatic int mac_bsdextended_debugging; 96101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, debugging, CTLFLAG_RW, 97101099Srwatson &mac_bsdextended_debugging, 0, "Enable debugging on failure"); 98101099Srwatson 99101099Srwatsonstatic int 100101099Srwatsonmac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 101101099Srwatson{ 102101099Srwatson 103101099Srwatson if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 104101099Srwatson return (EINVAL); 105101099Srwatson 106101099Srwatson if ((rule->mbr_object.mbi_flags | MBI_BITS) != MBI_BITS) 107101099Srwatson return (EINVAL); 108101099Srwatson 109101099Srwatson if ((rule->mbr_mode | VALLPERM) != VALLPERM) 110101099Srwatson return (EINVAL); 111101099Srwatson 112101099Srwatson return (0); 113101099Srwatson} 114101099Srwatson 115101099Srwatsonstatic int 116101099Srwatsonsysctl_rule(SYSCTL_HANDLER_ARGS) 117101099Srwatson{ 118101099Srwatson struct mac_bsdextended_rule temprule, *ruleptr; 119101099Srwatson u_int namelen; 120101099Srwatson int error, index, *name; 121101099Srwatson 122101099Srwatson name = (int *)arg1; 123101099Srwatson namelen = arg2; 124101099Srwatson 125101099Srwatson /* printf("bsdextended sysctl handler (namelen %d)\n", namelen); */ 126101099Srwatson 127101099Srwatson if (namelen != 1) 128101099Srwatson return (EINVAL); 129101099Srwatson 130101099Srwatson index = name[0]; 131101099Srwatson if (index < 0 || index > rule_slots + 1) 132101099Srwatson return (ENOENT); 133101099Srwatson if (rule_slots >= MAC_BSDEXTENDED_MAXRULES) 134101099Srwatson return (ENOENT); 135101099Srwatson 136101099Srwatson if (req->oldptr) { 137101099Srwatson if (rules[index] == NULL) 138101099Srwatson return (ENOENT); 139101099Srwatson 140101099Srwatson error = SYSCTL_OUT(req, rules[index], sizeof(*rules[index])); 141101099Srwatson if (error) 142101099Srwatson return (error); 143101099Srwatson } 144101099Srwatson 145101099Srwatson if (req->newptr) { 146101099Srwatson if (req->newlen == 0) { 147101099Srwatson /* printf("deletion\n"); */ 148101099Srwatson ruleptr = rules[index]; 149101099Srwatson if (ruleptr == NULL) 150101099Srwatson return (ENOENT); 151101099Srwatson rule_count--; 152101099Srwatson rules[index] = NULL; 153101099Srwatson FREE(ruleptr, M_MACBSDEXTENDED); 154101099Srwatson return(0); 155101099Srwatson } 156101099Srwatson error = SYSCTL_IN(req, &temprule, sizeof(temprule)); 157101099Srwatson if (error) 158101099Srwatson return (error); 159101099Srwatson 160101099Srwatson error = mac_bsdextended_rule_valid(&temprule); 161101099Srwatson if (error) 162101099Srwatson return (error); 163101099Srwatson 164101099Srwatson if (rules[index] == NULL) { 165101099Srwatson /* printf("addition\n"); */ 166101099Srwatson MALLOC(ruleptr, struct mac_bsdextended_rule *, 167101099Srwatson sizeof(*ruleptr), M_MACBSDEXTENDED, M_WAITOK | 168101099Srwatson M_ZERO); 169101099Srwatson *ruleptr = temprule; 170101099Srwatson rules[index] = ruleptr; 171101099Srwatson if (index+1 > rule_slots) 172101099Srwatson rule_slots = index+1; 173101099Srwatson rule_count++; 174101099Srwatson } else { 175101099Srwatson /* printf("replacement\n"); */ 176101099Srwatson *rules[index] = temprule; 177101099Srwatson } 178101099Srwatson } 179101099Srwatson 180101099Srwatson return (0); 181101099Srwatson} 182101099Srwatson 183101099SrwatsonSYSCTL_NODE(_security_mac_bsdextended, OID_AUTO, rules, 184101099Srwatson CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules"); 185101099Srwatson 186101099Srwatsonstatic void 187101099Srwatsonmac_bsdextended_init(struct mac_policy_conf *mpc) 188101099Srwatson{ 189101099Srwatson 190101099Srwatson /* Initialize ruleset lock. */ 191101099Srwatson /* Register dynamic sysctl's for rules. */ 192101099Srwatson} 193101099Srwatson 194101099Srwatsonstatic void 195101099Srwatsonmac_bsdextended_destroy(struct mac_policy_conf *mpc) 196101099Srwatson{ 197101099Srwatson 198101099Srwatson /* Tear down sysctls. */ 199101099Srwatson /* Destroy ruleset lock. */ 200101099Srwatson} 201101099Srwatson 202101099Srwatsonstatic int 203101099Srwatsonmac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, 204106212Srwatson struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode) 205101099Srwatson{ 206101099Srwatson int match; 207101099Srwatson 208101099Srwatson /* 209101099Srwatson * Is there a subject match? 210101099Srwatson */ 211101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_UID_DEFINED) { 212101099Srwatson match = (rule->mbr_subject.mbi_uid == cred->cr_uid || 213101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_ruid || 214101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_svuid); 215101099Srwatson 216101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 217101099Srwatson match = !match; 218101099Srwatson 219101099Srwatson if (!match) 220101099Srwatson return (0); 221101099Srwatson } 222101099Srwatson 223101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_GID_DEFINED) { 224101099Srwatson match = (groupmember(rule->mbr_subject.mbi_gid, cred) || 225101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_rgid || 226101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_svgid); 227101099Srwatson 228101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 229101099Srwatson match = !match; 230101099Srwatson 231101099Srwatson if (!match) 232101099Srwatson return (0); 233101099Srwatson } 234101099Srwatson 235101099Srwatson /* 236101099Srwatson * Is there an object match? 237101099Srwatson */ 238101099Srwatson if (rule->mbr_object.mbi_flags & MBI_UID_DEFINED) { 239101099Srwatson match = (rule->mbr_object.mbi_uid == object_uid); 240101099Srwatson 241101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 242101099Srwatson match = !match; 243101099Srwatson 244101099Srwatson if (!match) 245101099Srwatson return (0); 246101099Srwatson } 247101099Srwatson 248101099Srwatson if (rule->mbr_object.mbi_flags & MBI_GID_DEFINED) { 249101099Srwatson match = (rule->mbr_object.mbi_gid == object_gid); 250101099Srwatson 251101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 252101099Srwatson match = !match; 253101099Srwatson 254101099Srwatson if (!match) 255101099Srwatson return (0); 256101099Srwatson } 257101099Srwatson 258101099Srwatson /* 259101099Srwatson * Is the access permitted? 260101099Srwatson */ 261101099Srwatson if ((rule->mbr_mode & acc_mode) != acc_mode) { 262101099Srwatson if (mac_bsdextended_debugging) 263101099Srwatson printf("mac_bsdextended: %d:%d request %d on %d:%d" 264101099Srwatson " fails\n", cred->cr_ruid, cred->cr_rgid, 265101099Srwatson acc_mode, object_uid, object_gid); 266101099Srwatson return (EACCES); 267101099Srwatson } 268101099Srwatson 269101099Srwatson return (0); 270101099Srwatson} 271101099Srwatson 272101099Srwatsonstatic int 273101099Srwatsonmac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, 274106212Srwatson int acc_mode) 275101099Srwatson{ 276101099Srwatson int error, i; 277101099Srwatson 278101099Srwatson for (i = 0; i < rule_slots; i++) { 279101099Srwatson if (rules[i] == NULL) 280101099Srwatson continue; 281101099Srwatson 282101099Srwatson error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, 283101099Srwatson object_gid, acc_mode); 284101099Srwatson if (error) 285101099Srwatson return (error); 286101099Srwatson } 287101099Srwatson 288101099Srwatson return (0); 289101099Srwatson} 290101099Srwatson 291101099Srwatsonstatic int 292101099Srwatsonmac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 293106212Srwatson struct label *label, int acc_mode) 294101099Srwatson{ 295101099Srwatson struct vattr vap; 296101099Srwatson int error; 297101099Srwatson 298101099Srwatson if (!mac_bsdextended_enabled) 299101099Srwatson return (0); 300101099Srwatson 301101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 302101099Srwatson if (error) 303101099Srwatson return (error); 304106212Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); 305101099Srwatson} 306101099Srwatson 307101099Srwatsonstatic int 308101099Srwatsonmac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 309101099Srwatson struct label *dlabel) 310101099Srwatson{ 311101099Srwatson struct vattr vap; 312101099Srwatson int error; 313101099Srwatson 314101099Srwatson if (!mac_bsdextended_enabled) 315101099Srwatson return (0); 316101099Srwatson 317101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 318101099Srwatson if (error) 319101099Srwatson return (error); 320101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 321101099Srwatson} 322101099Srwatson 323101099Srwatsonstatic int 324101099Srwatsonmac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 325101099Srwatson struct label *dlabel) 326101099Srwatson{ 327101099Srwatson struct vattr vap; 328101099Srwatson int error; 329101099Srwatson 330101099Srwatson if (!mac_bsdextended_enabled) 331101099Srwatson return (0); 332101099Srwatson 333101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 334101099Srwatson if (error) 335101099Srwatson return (error); 336101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 337101099Srwatson} 338101099Srwatson 339101099Srwatsonstatic int 340101099Srwatsonmac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 341101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 342101099Srwatson{ 343101099Srwatson struct vattr dvap; 344101099Srwatson int error; 345101099Srwatson 346101099Srwatson if (!mac_bsdextended_enabled) 347101099Srwatson return (0); 348101099Srwatson 349101099Srwatson error = VOP_GETATTR(dvp, &dvap, cred, curthread); 350101099Srwatson if (error) 351101099Srwatson return (error); 352101099Srwatson return (mac_bsdextended_check(cred, dvap.va_uid, dvap.va_gid, VWRITE)); 353101099Srwatson} 354101099Srwatson 355101099Srwatsonstatic int 356101099Srwatsonmac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 357101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 358101099Srwatson struct componentname *cnp) 359101099Srwatson{ 360101099Srwatson struct vattr vap; 361101099Srwatson int error; 362101099Srwatson 363101099Srwatson if (!mac_bsdextended_enabled) 364101099Srwatson return (0); 365101099Srwatson 366101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 367101099Srwatson if (error) 368101099Srwatson return (error); 369101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 370101099Srwatson if (error) 371101099Srwatson return (error); 372101099Srwatson 373101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 374101099Srwatson if (error) 375101099Srwatson return (error); 376101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 377101099Srwatson} 378101099Srwatson 379101099Srwatsonstatic int 380101099Srwatsonmac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 381101099Srwatson struct label *label, acl_type_t type) 382101099Srwatson{ 383101099Srwatson struct vattr vap; 384101099Srwatson int error; 385101099Srwatson 386101099Srwatson if (!mac_bsdextended_enabled) 387101099Srwatson return (0); 388101099Srwatson 389101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 390101099Srwatson if (error) 391101099Srwatson return (error); 392101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 393101099Srwatson} 394101099Srwatson 395101099Srwatsonstatic int 396101099Srwatsonmac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 397106648Srwatson struct label *label, struct image_params *imgp, 398106648Srwatson struct label *execlabel) 399101099Srwatson{ 400101099Srwatson struct vattr vap; 401101099Srwatson int error; 402101099Srwatson 403101099Srwatson if (!mac_bsdextended_enabled) 404101099Srwatson return (0); 405101099Srwatson 406101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 407101099Srwatson if (error) 408101099Srwatson return (error); 409101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 410101099Srwatson VREAD|VEXEC)); 411101099Srwatson} 412101099Srwatson 413101099Srwatsonstatic int 414101099Srwatsonmac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 415101099Srwatson struct label *label, acl_type_t type) 416101099Srwatson{ 417101099Srwatson struct vattr vap; 418101099Srwatson int error; 419101099Srwatson 420101099Srwatson if (!mac_bsdextended_enabled) 421101099Srwatson return (0); 422101099Srwatson 423101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 424101099Srwatson if (error) 425101099Srwatson return (error); 426101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VSTAT)); 427101099Srwatson} 428101099Srwatson 429101099Srwatsonstatic int 430101099Srwatsonmac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 431101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 432101099Srwatson{ 433101099Srwatson struct vattr vap; 434101099Srwatson int error; 435101099Srwatson 436101099Srwatson if (!mac_bsdextended_enabled) 437101099Srwatson return (0); 438101099Srwatson 439101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 440101099Srwatson if (error) 441101099Srwatson return (error); 442101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 443101099Srwatson} 444101099Srwatson 445101099Srwatsonstatic int 446104530Srwatsonmac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, 447104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 448104530Srwatson struct componentname *cnp) 449104530Srwatson{ 450104530Srwatson struct vattr vap; 451104530Srwatson int error; 452104530Srwatson 453104530Srwatson if (!mac_bsdextended_enabled) 454104530Srwatson return (0); 455104530Srwatson 456104530Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 457104530Srwatson if (error) 458104530Srwatson return (error); 459104530Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 460106214Srwatson if (error) 461106214Srwatson return (error); 462104530Srwatson 463104530Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 464104530Srwatson if (error) 465104530Srwatson return (error); 466104530Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 467104530Srwatson if (error) 468104530Srwatson return (error); 469104530Srwatson return (0); 470104530Srwatson} 471104530Srwatson 472104530Srwatsonstatic int 473101099Srwatsonmac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 474101099Srwatson struct label *dlabel, struct componentname *cnp) 475101099Srwatson{ 476101099Srwatson struct vattr vap; 477101099Srwatson int error; 478101099Srwatson 479101099Srwatson if (!mac_bsdextended_enabled) 480101099Srwatson return (0); 481101099Srwatson 482101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 483101099Srwatson if (error) 484101099Srwatson return (error); 485101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 486101099Srwatson} 487101099Srwatson 488101099Srwatsonstatic int 489101099Srwatsonmac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, 490106212Srwatson struct label *filelabel, int acc_mode) 491101099Srwatson{ 492101099Srwatson struct vattr vap; 493101099Srwatson int error; 494101099Srwatson 495101099Srwatson if (!mac_bsdextended_enabled) 496101099Srwatson return (0); 497101099Srwatson 498101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 499101099Srwatson if (error) 500101099Srwatson return (error); 501101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); 502101099Srwatson} 503101099Srwatson 504101099Srwatsonstatic int 505101099Srwatsonmac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 506101099Srwatson struct label *dlabel) 507101099Srwatson{ 508101099Srwatson struct vattr vap; 509101099Srwatson int error; 510101099Srwatson 511101099Srwatson if (!mac_bsdextended_enabled) 512101099Srwatson return (0); 513101099Srwatson 514101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 515101099Srwatson if (error) 516101099Srwatson return (error); 517101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 518101099Srwatson} 519101099Srwatson 520101099Srwatsonstatic int 521101099Srwatsonmac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, 522101099Srwatson struct label *label) 523101099Srwatson{ 524101099Srwatson struct vattr vap; 525101099Srwatson int error; 526101099Srwatson 527101099Srwatson if (!mac_bsdextended_enabled) 528101099Srwatson return (0); 529101099Srwatson 530101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 531101099Srwatson if (error) 532101099Srwatson return (error); 533101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 534101099Srwatson} 535101099Srwatson 536101099Srwatsonstatic int 537101099Srwatsonmac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 538101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 539101099Srwatson struct componentname *cnp) 540101099Srwatson{ 541101099Srwatson struct vattr vap; 542101099Srwatson int error; 543101099Srwatson 544101099Srwatson if (!mac_bsdextended_enabled) 545101099Srwatson return (0); 546101099Srwatson 547101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 548101099Srwatson if (error) 549101099Srwatson return (error); 550101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 551101099Srwatson if (error) 552101099Srwatson return (error); 553101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 554101099Srwatson if (error) 555101099Srwatson return (error); 556101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 557101099Srwatson 558101099Srwatson return (error); 559101099Srwatson} 560101099Srwatson 561101099Srwatsonstatic int 562101099Srwatsonmac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 563101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 564101099Srwatson struct componentname *cnp) 565101099Srwatson{ 566101099Srwatson struct vattr vap; 567101099Srwatson int error; 568101099Srwatson 569101099Srwatson if (!mac_bsdextended_enabled) 570101099Srwatson return (0); 571101099Srwatson 572101099Srwatson error = VOP_GETATTR(dvp, &vap, cred, curthread); 573101099Srwatson if (error) 574101099Srwatson return (error); 575101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 576101099Srwatson if (error) 577101099Srwatson return (error); 578101099Srwatson 579101099Srwatson if (vp != NULL) { 580101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 581101099Srwatson if (error) 582101099Srwatson return (error); 583101099Srwatson error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 584101099Srwatson VWRITE); 585101099Srwatson } 586101099Srwatson 587101099Srwatson return (error); 588101099Srwatson} 589101099Srwatson 590101099Srwatsonstatic int 591101099Srwatsonmac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 592101099Srwatson struct label *label) 593101099Srwatson{ 594101099Srwatson struct vattr vap; 595101099Srwatson int error; 596101099Srwatson 597101099Srwatson if (!mac_bsdextended_enabled) 598101099Srwatson return (0); 599101099Srwatson 600101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 601101099Srwatson if (error) 602101099Srwatson return (error); 603101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 604101099Srwatson} 605101099Srwatson 606101099Srwatsonstatic int 607101099Srwatsonmac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, 608101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 609101099Srwatson{ 610101099Srwatson struct vattr vap; 611101099Srwatson int error; 612101099Srwatson 613101099Srwatson if (!mac_bsdextended_enabled) 614101099Srwatson return (0); 615101099Srwatson 616101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 617101099Srwatson if (error) 618101099Srwatson return (error); 619101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 620101099Srwatson} 621101099Srwatson 622101099Srwatsonstatic int 623101099Srwatsonmac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 624101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 625101099Srwatson{ 626101099Srwatson struct vattr vap; 627101099Srwatson int error; 628101099Srwatson 629101099Srwatson if (!mac_bsdextended_enabled) 630101099Srwatson return (0); 631101099Srwatson 632101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 633101099Srwatson if (error) 634101099Srwatson return (error); 635101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 636101099Srwatson} 637101099Srwatson 638101099Srwatsonstatic int 639101099Srwatsonmac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 640101099Srwatson struct label *label, u_long flags) 641101099Srwatson{ 642101099Srwatson struct vattr vap; 643101099Srwatson int error; 644101099Srwatson 645101099Srwatson if (!mac_bsdextended_enabled) 646101099Srwatson return (0); 647101099Srwatson 648101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 649101099Srwatson if (error) 650101099Srwatson return (error); 651101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 652101099Srwatson} 653101099Srwatson 654101099Srwatsonstatic int 655101099Srwatsonmac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 656101099Srwatson struct label *label, mode_t mode) 657101099Srwatson{ 658101099Srwatson struct vattr vap; 659101099Srwatson int error; 660101099Srwatson 661101099Srwatson if (!mac_bsdextended_enabled) 662101099Srwatson return (0); 663101099Srwatson 664101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 665101099Srwatson if (error) 666101099Srwatson return (error); 667101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 668101099Srwatson} 669101099Srwatson 670101099Srwatsonstatic int 671101099Srwatsonmac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 672101099Srwatson struct label *label, uid_t uid, gid_t gid) 673101099Srwatson{ 674101099Srwatson struct vattr vap; 675101099Srwatson int error; 676101099Srwatson 677101099Srwatson if (!mac_bsdextended_enabled) 678101099Srwatson return (0); 679101099Srwatson 680101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 681101099Srwatson if (error) 682101099Srwatson return (error); 683101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 684101099Srwatson} 685101099Srwatson 686101099Srwatsonstatic int 687101099Srwatsonmac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 688101099Srwatson struct label *label, struct timespec atime, struct timespec utime) 689101099Srwatson{ 690101099Srwatson struct vattr vap; 691101099Srwatson int error; 692101099Srwatson 693101099Srwatson if (!mac_bsdextended_enabled) 694101099Srwatson return (0); 695101099Srwatson 696101099Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 697101099Srwatson if (error) 698101099Srwatson return (error); 699101099Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 700101099Srwatson} 701101099Srwatson 702101099Srwatsonstatic int 703102129Srwatsonmac_bsdextended_check_vnode_stat(struct ucred *active_cred, 704102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 705101099Srwatson{ 706101099Srwatson struct vattr vap; 707101099Srwatson int error; 708101099Srwatson 709101099Srwatson if (!mac_bsdextended_enabled) 710101099Srwatson return (0); 711101099Srwatson 712102129Srwatson error = VOP_GETATTR(vp, &vap, active_cred, curthread); 713101099Srwatson if (error) 714101099Srwatson return (error); 715102129Srwatson return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 716102129Srwatson VSTAT)); 717101099Srwatson} 718101099Srwatson 719106217Srwatsonstatic struct mac_policy_ops mac_bsdextended_ops = 720101099Srwatson{ 721106217Srwatson .mpo_destroy = mac_bsdextended_destroy, 722106217Srwatson .mpo_init = mac_bsdextended_init, 723106217Srwatson .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 724106217Srwatson .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 725106217Srwatson .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 726106217Srwatson .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, 727106217Srwatson .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, 728106217Srwatson .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 729106217Srwatson .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 730106217Srwatson .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, 731106217Srwatson .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, 732106217Srwatson .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, 733106217Srwatson .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, 734106217Srwatson .mpo_check_vnode_open = mac_bsdextended_check_vnode_open, 735106217Srwatson .mpo_check_vnode_readdir = mac_bsdextended_check_vnode_readdir, 736106217Srwatson .mpo_check_vnode_readlink = mac_bsdextended_check_vnode_readdlink, 737106217Srwatson .mpo_check_vnode_rename_from = mac_bsdextended_check_vnode_rename_from, 738106217Srwatson .mpo_check_vnode_rename_to = mac_bsdextended_check_vnode_rename_to, 739106217Srwatson .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke, 740106217Srwatson .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode, 741106217Srwatson .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr, 742106217Srwatson .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags, 743106217Srwatson .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode, 744106217Srwatson .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner, 745106217Srwatson .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes, 746106217Srwatson .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat, 747101099Srwatson}; 748101099Srwatson 749106217SrwatsonMAC_POLICY_SET(&mac_bsdextended_ops, trustedbsd_mac_bsdextended, 750101099Srwatson "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); 751