ugidfw_vnode.c revision 156300
1101099Srwatson/*- 2145412Strhodes * Copyright (c) 2005 Tom Rhodes 3126097Srwatson * Copyright (c) 1999-2002 Robert N. M. Watson 4145412Strhodes * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 5101099Srwatson * All rights reserved. 6101099Srwatson * 7101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8145412Strhodes * It was later enhanced by Tom Rhodes for the TrustedBSD Project. 9101099Srwatson * 10106393Srwatson * This software was developed for the FreeBSD Project in part by Network 11106393Srwatson * Associates Laboratories, the Security Research Division of Network 12106393Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 13106393Srwatson * as part of the DARPA CHATS research program. 14101099Srwatson * 15101099Srwatson * Redistribution and use in source and binary forms, with or without 16101099Srwatson * modification, are permitted provided that the following conditions 17101099Srwatson * are met: 18101099Srwatson * 1. Redistributions of source code must retain the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer. 20101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 21101099Srwatson * notice, this list of conditions and the following disclaimer in the 22101099Srwatson * documentation and/or other materials provided with the distribution. 23101099Srwatson * 24101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 25101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34101099Srwatson * SUCH DAMAGE. 35101099Srwatson * 36101099Srwatson * $FreeBSD: head/sys/security/mac_bsdextended/mac_bsdextended.c 156300 2006-03-04 20:47:19Z dwmalone $ 37101099Srwatson */ 38136774Srwatson 39101099Srwatson/* 40101099Srwatson * Developed by the TrustedBSD Project. 41101099Srwatson * "BSD Extended" MAC policy, allowing the administrator to impose 42101099Srwatson * mandatory rules regarding users and some system objects. 43101099Srwatson */ 44101099Srwatson 45101099Srwatson#include <sys/types.h> 46101099Srwatson#include <sys/param.h> 47101099Srwatson#include <sys/acl.h> 48101099Srwatson#include <sys/conf.h> 49101099Srwatson#include <sys/kernel.h> 50145412Strhodes#include <sys/lock.h> 51101099Srwatson#include <sys/mac.h> 52101099Srwatson#include <sys/malloc.h> 53101099Srwatson#include <sys/mount.h> 54145412Strhodes#include <sys/mutex.h> 55101099Srwatson#include <sys/proc.h> 56101099Srwatson#include <sys/systm.h> 57101099Srwatson#include <sys/sysproto.h> 58101099Srwatson#include <sys/sysent.h> 59101099Srwatson#include <sys/vnode.h> 60101099Srwatson#include <sys/file.h> 61101099Srwatson#include <sys/socket.h> 62101099Srwatson#include <sys/socketvar.h> 63101099Srwatson#include <sys/sysctl.h> 64134132Strhodes#include <sys/syslog.h> 65101099Srwatson 66101099Srwatson#include <net/bpfdesc.h> 67101099Srwatson#include <net/if.h> 68101099Srwatson#include <net/if_types.h> 69101099Srwatson#include <net/if_var.h> 70101099Srwatson 71101099Srwatson#include <vm/vm.h> 72101099Srwatson 73101099Srwatson#include <sys/mac_policy.h> 74101099Srwatson 75101099Srwatson#include <security/mac_bsdextended/mac_bsdextended.h> 76101099Srwatson 77145412Strhodesstatic struct mtx mac_bsdextended_mtx; 78145412Strhodes 79101099SrwatsonSYSCTL_DECL(_security_mac); 80101099Srwatson 81101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW, 0, 82101099Srwatson "TrustedBSD extended BSD MAC policy controls"); 83101099Srwatson 84101099Srwatsonstatic int mac_bsdextended_enabled = 1; 85101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, enabled, CTLFLAG_RW, 86101099Srwatson &mac_bsdextended_enabled, 0, "Enforce extended BSD policy"); 87101099SrwatsonTUNABLE_INT("security.mac.bsdextended.enabled", &mac_bsdextended_enabled); 88101099Srwatson 89101099SrwatsonMALLOC_DEFINE(M_MACBSDEXTENDED, "mac_bsdextended", "BSD Extended MAC rule"); 90101099Srwatson 91101099Srwatson#define MAC_BSDEXTENDED_MAXRULES 250 92101099Srwatsonstatic struct mac_bsdextended_rule *rules[MAC_BSDEXTENDED_MAXRULES]; 93101099Srwatsonstatic int rule_count = 0; 94101099Srwatsonstatic int rule_slots = 0; 95101099Srwatson 96101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 97101099Srwatson &rule_count, 0, "Number of defined rules\n"); 98101099SrwatsonSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 99101099Srwatson &rule_slots, 0, "Number of used rule slots\n"); 100101099Srwatson 101134132Strhodes/* 102145412Strhodes * This is just used for logging purposes, eventually we would like 103134132Strhodes * to log much more then failed requests. 104134132Strhodes */ 105134132Strhodesstatic int mac_bsdextended_logging; 106134132StrhodesSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, logging, CTLFLAG_RW, 107134132Strhodes &mac_bsdextended_logging, 0, "Log failed authorization requests"); 108134132Strhodes 109134132Strhodes/* 110134131Strhodes * This tunable is here for compatibility. It will allow the user 111134131Strhodes * to switch between the new mode (first rule matches) and the old 112134131Strhodes * functionality (all rules match). 113134131Strhodes */ 114101099Srwatsonstatic int 115134131Strhodesmac_bsdextended_firstmatch_enabled; 116134131StrhodesSYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled, 117135039Strhodes CTLFLAG_RW, &mac_bsdextended_firstmatch_enabled, 1, 118134131Strhodes "Disable/enable match first rule functionality"); 119134131Strhodes 120134131Strhodesstatic int 121101099Srwatsonmac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 122101099Srwatson{ 123101099Srwatson 124101099Srwatson if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 125101099Srwatson return (EINVAL); 126101099Srwatson 127101099Srwatson if ((rule->mbr_object.mbi_flags | MBI_BITS) != MBI_BITS) 128101099Srwatson return (EINVAL); 129101099Srwatson 130136739Srwatson if ((rule->mbr_mode | MBI_ALLPERM) != MBI_ALLPERM) 131101099Srwatson return (EINVAL); 132101099Srwatson 133101099Srwatson return (0); 134101099Srwatson} 135101099Srwatson 136101099Srwatsonstatic int 137101099Srwatsonsysctl_rule(SYSCTL_HANDLER_ARGS) 138101099Srwatson{ 139101099Srwatson struct mac_bsdextended_rule temprule, *ruleptr; 140101099Srwatson u_int namelen; 141101099Srwatson int error, index, *name; 142101099Srwatson 143145412Strhodes error = 0; 144101099Srwatson name = (int *)arg1; 145101099Srwatson namelen = arg2; 146101099Srwatson 147101099Srwatson /* printf("bsdextended sysctl handler (namelen %d)\n", namelen); */ 148101099Srwatson 149101099Srwatson if (namelen != 1) 150101099Srwatson return (EINVAL); 151101099Srwatson 152101099Srwatson index = name[0]; 153154386Scsjp if (index >= MAC_BSDEXTENDED_MAXRULES) 154101099Srwatson return (ENOENT); 155101099Srwatson 156145412Strhodes ruleptr = NULL; 157145412Strhodes if (req->newptr && req->newlen != 0) { 158145412Strhodes error = SYSCTL_IN(req, &temprule, sizeof(temprule)); 159101099Srwatson if (error) 160101099Srwatson return (error); 161145412Strhodes MALLOC(ruleptr, struct mac_bsdextended_rule *, 162145412Strhodes sizeof(*ruleptr), M_MACBSDEXTENDED, M_WAITOK | M_ZERO); 163101099Srwatson } 164101099Srwatson 165145412Strhodes mtx_lock(&mac_bsdextended_mtx); 166145412Strhodes 167145412Strhodes if (req->oldptr) { 168145412Strhodes if (index < 0 || index > rule_slots + 1) { 169145412Strhodes error = ENOENT; 170145412Strhodes goto out; 171101099Srwatson } 172145412Strhodes if (rules[index] == NULL) { 173145412Strhodes error = ENOENT; 174145412Strhodes goto out; 175145412Strhodes } 176145412Strhodes temprule = *rules[index]; 177145412Strhodes } 178101099Srwatson 179145412Strhodes if (req->newptr && req->newlen == 0) { 180145412Strhodes /* printf("deletion\n"); */ 181145412Strhodes KASSERT(ruleptr == NULL, ("sysctl_rule: ruleptr != NULL")); 182145412Strhodes ruleptr = rules[index]; 183145412Strhodes if (ruleptr == NULL) { 184145412Strhodes error = ENOENT; 185145412Strhodes goto out; 186145412Strhodes } 187145412Strhodes rule_count--; 188145412Strhodes rules[index] = NULL; 189145412Strhodes } else if (req->newptr) { 190101099Srwatson error = mac_bsdextended_rule_valid(&temprule); 191101099Srwatson if (error) 192145412Strhodes goto out; 193101099Srwatson 194101099Srwatson if (rules[index] == NULL) { 195101099Srwatson /* printf("addition\n"); */ 196101099Srwatson *ruleptr = temprule; 197101099Srwatson rules[index] = ruleptr; 198145412Strhodes ruleptr = NULL; 199145412Strhodes if (index + 1 > rule_slots) 200145412Strhodes rule_slots = index + 1; 201101099Srwatson rule_count++; 202101099Srwatson } else { 203101099Srwatson /* printf("replacement\n"); */ 204101099Srwatson *rules[index] = temprule; 205101099Srwatson } 206101099Srwatson } 207101099Srwatson 208145412Strhodesout: 209145412Strhodes mtx_unlock(&mac_bsdextended_mtx); 210145412Strhodes if (ruleptr != NULL) 211145412Strhodes FREE(ruleptr, M_MACBSDEXTENDED); 212148482Strhodes if (req->oldptr && error == 0) 213145412Strhodes error = SYSCTL_OUT(req, &temprule, sizeof(temprule)); 214145412Strhodes 215148482Strhodes return (error); 216101099Srwatson} 217101099Srwatson 218101099SrwatsonSYSCTL_NODE(_security_mac_bsdextended, OID_AUTO, rules, 219101099Srwatson CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules"); 220101099Srwatson 221101099Srwatsonstatic void 222101099Srwatsonmac_bsdextended_init(struct mac_policy_conf *mpc) 223101099Srwatson{ 224101099Srwatson 225101099Srwatson /* Initialize ruleset lock. */ 226145412Strhodes mtx_init(&mac_bsdextended_mtx, "mac_bsdextended lock", NULL, MTX_DEF); 227145412Strhodes 228101099Srwatson /* Register dynamic sysctl's for rules. */ 229101099Srwatson} 230101099Srwatson 231101099Srwatsonstatic void 232101099Srwatsonmac_bsdextended_destroy(struct mac_policy_conf *mpc) 233101099Srwatson{ 234101099Srwatson 235145412Strhodes /* Destroy ruleset lock. */ 236145412Strhodes mtx_destroy(&mac_bsdextended_mtx); 237145412Strhodes 238101099Srwatson /* Tear down sysctls. */ 239101099Srwatson} 240101099Srwatson 241101099Srwatsonstatic int 242101099Srwatsonmac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, 243106212Srwatson struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode) 244101099Srwatson{ 245101099Srwatson int match; 246101099Srwatson 247101099Srwatson /* 248101099Srwatson * Is there a subject match? 249101099Srwatson */ 250145412Strhodes mtx_assert(&mac_bsdextended_mtx, MA_OWNED); 251101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_UID_DEFINED) { 252101099Srwatson match = (rule->mbr_subject.mbi_uid == cred->cr_uid || 253101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_ruid || 254101099Srwatson rule->mbr_subject.mbi_uid == cred->cr_svuid); 255101099Srwatson 256101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 257101099Srwatson match = !match; 258101099Srwatson 259101099Srwatson if (!match) 260101099Srwatson return (0); 261101099Srwatson } 262101099Srwatson 263101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_GID_DEFINED) { 264101099Srwatson match = (groupmember(rule->mbr_subject.mbi_gid, cred) || 265101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_rgid || 266101099Srwatson rule->mbr_subject.mbi_gid == cred->cr_svgid); 267101099Srwatson 268101099Srwatson if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 269101099Srwatson match = !match; 270101099Srwatson 271101099Srwatson if (!match) 272101099Srwatson return (0); 273101099Srwatson } 274101099Srwatson 275101099Srwatson /* 276101099Srwatson * Is there an object match? 277101099Srwatson */ 278101099Srwatson if (rule->mbr_object.mbi_flags & MBI_UID_DEFINED) { 279101099Srwatson match = (rule->mbr_object.mbi_uid == object_uid); 280101099Srwatson 281101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 282101099Srwatson match = !match; 283101099Srwatson 284101099Srwatson if (!match) 285101099Srwatson return (0); 286101099Srwatson } 287101099Srwatson 288101099Srwatson if (rule->mbr_object.mbi_flags & MBI_GID_DEFINED) { 289101099Srwatson match = (rule->mbr_object.mbi_gid == object_gid); 290101099Srwatson 291101099Srwatson if (rule->mbr_object.mbi_flags & MBI_NEGATED) 292101099Srwatson match = !match; 293101099Srwatson 294101099Srwatson if (!match) 295101099Srwatson return (0); 296101099Srwatson } 297101099Srwatson 298101099Srwatson /* 299101099Srwatson * Is the access permitted? 300101099Srwatson */ 301101099Srwatson if ((rule->mbr_mode & acc_mode) != acc_mode) { 302134132Strhodes if (mac_bsdextended_logging) 303134132Strhodes log(LOG_AUTHPRIV, "mac_bsdextended: %d:%d request %d" 304134132Strhodes " on %d:%d failed. \n", cred->cr_ruid, 305134132Strhodes cred->cr_rgid, acc_mode, object_uid, object_gid); 306134132Strhodes return (EACCES); /* Matching rule denies access */ 307101099Srwatson } 308145412Strhodes 309134131Strhodes /* 310145412Strhodes * If the rule matched, permits access, and first match is enabled, 311145412Strhodes * return success. 312134131Strhodes */ 313134131Strhodes if (mac_bsdextended_firstmatch_enabled) 314134131Strhodes return (EJUSTRETURN); 315134131Strhodes else 316134131Strhodes return(0); 317101099Srwatson} 318101099Srwatson 319101099Srwatsonstatic int 320101099Srwatsonmac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, 321106212Srwatson int acc_mode) 322101099Srwatson{ 323101099Srwatson int error, i; 324101099Srwatson 325132563Srwatson if (suser_cred(cred, 0) == 0) 326132563Srwatson return (0); 327132563Srwatson 328145412Strhodes mtx_lock(&mac_bsdextended_mtx); 329101099Srwatson for (i = 0; i < rule_slots; i++) { 330101099Srwatson if (rules[i] == NULL) 331101099Srwatson continue; 332101099Srwatson 333108376Srwatson /* 334145412Strhodes * Since we do not separately handle append, map append to 335108376Srwatson * write. 336108376Srwatson */ 337136739Srwatson if (acc_mode & MBI_APPEND) { 338136739Srwatson acc_mode &= ~MBI_APPEND; 339136739Srwatson acc_mode |= MBI_WRITE; 340108376Srwatson } 341108376Srwatson 342101099Srwatson error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, 343101099Srwatson object_gid, acc_mode); 344134131Strhodes if (error == EJUSTRETURN) 345134131Strhodes break; 346145412Strhodes if (error) { 347145412Strhodes mtx_unlock(&mac_bsdextended_mtx); 348101099Srwatson return (error); 349145412Strhodes } 350101099Srwatson } 351145412Strhodes mtx_unlock(&mac_bsdextended_mtx); 352101099Srwatson return (0); 353101099Srwatson} 354101099Srwatson 355101099Srwatsonstatic int 356156300Sdwmalonemac_bsdextended_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode) 357112575Srwatson{ 358156300Sdwmalone int error; 359112575Srwatson struct vattr vap; 360112575Srwatson 361112575Srwatson if (!mac_bsdextended_enabled) 362112575Srwatson return (0); 363112575Srwatson 364112575Srwatson error = VOP_GETATTR(vp, &vap, cred, curthread); 365112575Srwatson if (error) 366112575Srwatson return (error); 367156300Sdwmalone 368136739Srwatson return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 369156300Sdwmalone acc_mode)); 370112575Srwatson} 371112575Srwatson 372112575Srwatsonstatic int 373156300Sdwmalonemac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp, 374156300Sdwmalone struct label *label) 375156300Sdwmalone{ 376156300Sdwmalone 377156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 378156300Sdwmalone} 379156300Sdwmalone 380156300Sdwmalonestatic int 381101099Srwatsonmac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 382106212Srwatson struct label *label, int acc_mode) 383101099Srwatson{ 384101099Srwatson 385156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, acc_mode)); 386101099Srwatson} 387101099Srwatson 388101099Srwatsonstatic int 389101099Srwatsonmac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 390101099Srwatson struct label *dlabel) 391101099Srwatson{ 392101099Srwatson 393156300Sdwmalone return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); 394101099Srwatson} 395101099Srwatson 396101099Srwatsonstatic int 397101099Srwatsonmac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 398101099Srwatson struct label *dlabel) 399101099Srwatson{ 400101099Srwatson 401156300Sdwmalone return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); 402101099Srwatson} 403101099Srwatson 404101099Srwatsonstatic int 405101099Srwatsonmac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 406101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 407101099Srwatson{ 408101099Srwatson 409156300Sdwmalone return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE)); 410101099Srwatson} 411101099Srwatson 412101099Srwatsonstatic int 413101099Srwatsonmac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 414101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 415101099Srwatson struct componentname *cnp) 416101099Srwatson{ 417101099Srwatson int error; 418101099Srwatson 419156300Sdwmalone error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 420101099Srwatson if (error) 421101099Srwatson return (error); 422101099Srwatson 423156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 424101099Srwatson} 425101099Srwatson 426101099Srwatsonstatic int 427101099Srwatsonmac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 428101099Srwatson struct label *label, acl_type_t type) 429101099Srwatson{ 430101099Srwatson 431156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 432101099Srwatson} 433101099Srwatson 434101099Srwatsonstatic int 435119202Srwatsonmac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 436119202Srwatson struct label *label, int attrnamespace, const char *name) 437119202Srwatson{ 438119202Srwatson 439156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 440119202Srwatson} 441119202Srwatson 442119202Srwatsonstatic int 443101099Srwatsonmac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 444106648Srwatson struct label *label, struct image_params *imgp, 445106648Srwatson struct label *execlabel) 446101099Srwatson{ 447101099Srwatson 448156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_READ|MBI_EXEC)); 449101099Srwatson} 450101099Srwatson 451101099Srwatsonstatic int 452101099Srwatsonmac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 453101099Srwatson struct label *label, acl_type_t type) 454101099Srwatson{ 455101099Srwatson 456156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_STAT)); 457101099Srwatson} 458101099Srwatson 459101099Srwatsonstatic int 460101099Srwatsonmac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 461101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 462101099Srwatson{ 463101099Srwatson 464156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); 465101099Srwatson} 466101099Srwatson 467101099Srwatsonstatic int 468104530Srwatsonmac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, 469104530Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 470104530Srwatson struct componentname *cnp) 471104530Srwatson{ 472104530Srwatson int error; 473104530Srwatson 474156300Sdwmalone error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 475104530Srwatson if (error) 476104530Srwatson return (error); 477104530Srwatson 478156300Sdwmalone error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE); 479104530Srwatson if (error) 480104530Srwatson return (error); 481104530Srwatson return (0); 482104530Srwatson} 483104530Srwatson 484104530Srwatsonstatic int 485119202Srwatsonmac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 486119202Srwatson struct label *label, int attrnamespace) 487119202Srwatson{ 488119202Srwatson 489156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); 490119202Srwatson} 491119202Srwatson 492119202Srwatsonstatic int 493101099Srwatsonmac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 494101099Srwatson struct label *dlabel, struct componentname *cnp) 495101099Srwatson{ 496117247Srwatson 497156300Sdwmalone return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); 498101099Srwatson} 499101099Srwatson 500101099Srwatsonstatic int 501101099Srwatsonmac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, 502106212Srwatson struct label *filelabel, int acc_mode) 503101099Srwatson{ 504101099Srwatson 505156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, acc_mode)); 506101099Srwatson} 507101099Srwatson 508101099Srwatsonstatic int 509101099Srwatsonmac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 510101099Srwatson struct label *dlabel) 511101099Srwatson{ 512101099Srwatson 513156300Sdwmalone return (mac_bsdextended_check_vp(cred, dvp, MBI_READ)); 514101099Srwatson} 515101099Srwatson 516101099Srwatsonstatic int 517101099Srwatsonmac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, 518101099Srwatson struct label *label) 519101099Srwatson{ 520101099Srwatson 521156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); 522101099Srwatson} 523101099Srwatson 524101099Srwatsonstatic int 525101099Srwatsonmac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 526101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 527101099Srwatson struct componentname *cnp) 528101099Srwatson{ 529101099Srwatson int error; 530101099Srwatson 531156300Sdwmalone error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 532101099Srwatson if (error) 533101099Srwatson return (error); 534156300Sdwmalone error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE); 535101099Srwatson 536101099Srwatson return (error); 537101099Srwatson} 538101099Srwatson 539101099Srwatsonstatic int 540101099Srwatsonmac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 541101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 542101099Srwatson struct componentname *cnp) 543101099Srwatson{ 544101099Srwatson int error; 545101099Srwatson 546156300Sdwmalone error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE); 547101099Srwatson if (error) 548101099Srwatson return (error); 549101099Srwatson 550156300Sdwmalone if (vp != NULL) 551156300Sdwmalone error = mac_bsdextended_check_vp(cred, vp, MBI_WRITE); 552101099Srwatson 553101099Srwatson return (error); 554101099Srwatson} 555101099Srwatson 556101099Srwatsonstatic int 557101099Srwatsonmac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 558101099Srwatson struct label *label) 559101099Srwatson{ 560101099Srwatson 561156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 562101099Srwatson} 563101099Srwatson 564101099Srwatsonstatic int 565101099Srwatsonmac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, 566101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 567101099Srwatson{ 568101099Srwatson 569156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 570101099Srwatson} 571101099Srwatson 572101099Srwatsonstatic int 573101099Srwatsonmac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 574101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 575101099Srwatson{ 576101099Srwatson 577156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); 578101099Srwatson} 579101099Srwatson 580101099Srwatsonstatic int 581101099Srwatsonmac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 582101099Srwatson struct label *label, u_long flags) 583101099Srwatson{ 584101099Srwatson 585156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 586101099Srwatson} 587101099Srwatson 588101099Srwatsonstatic int 589101099Srwatsonmac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 590101099Srwatson struct label *label, mode_t mode) 591101099Srwatson{ 592101099Srwatson 593156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 594101099Srwatson} 595101099Srwatson 596101099Srwatsonstatic int 597101099Srwatsonmac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 598101099Srwatson struct label *label, uid_t uid, gid_t gid) 599101099Srwatson{ 600101099Srwatson 601156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 602101099Srwatson} 603101099Srwatson 604101099Srwatsonstatic int 605101099Srwatsonmac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 606101099Srwatson struct label *label, struct timespec atime, struct timespec utime) 607101099Srwatson{ 608101099Srwatson 609156300Sdwmalone return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); 610101099Srwatson} 611101099Srwatson 612101099Srwatsonstatic int 613102129Srwatsonmac_bsdextended_check_vnode_stat(struct ucred *active_cred, 614102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 615101099Srwatson{ 616101099Srwatson 617156300Sdwmalone return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT)); 618101099Srwatson} 619101099Srwatson 620106217Srwatsonstatic struct mac_policy_ops mac_bsdextended_ops = 621101099Srwatson{ 622106217Srwatson .mpo_destroy = mac_bsdextended_destroy, 623106217Srwatson .mpo_init = mac_bsdextended_init, 624112575Srwatson .mpo_check_system_swapon = mac_bsdextended_check_system_swapon, 625106217Srwatson .mpo_check_vnode_access = mac_bsdextended_check_vnode_access, 626106217Srwatson .mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir, 627106217Srwatson .mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot, 628106217Srwatson .mpo_check_vnode_create = mac_bsdextended_check_create_vnode, 629106217Srwatson .mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete, 630106217Srwatson .mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl, 631119202Srwatson .mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr, 632106217Srwatson .mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec, 633106217Srwatson .mpo_check_vnode_getacl = mac_bsdextended_check_vnode_getacl, 634106217Srwatson .mpo_check_vnode_getextattr = mac_bsdextended_check_vnode_getextattr, 635106217Srwatson .mpo_check_vnode_link = mac_bsdextended_check_vnode_link, 636119202Srwatson .mpo_check_vnode_listextattr = mac_bsdextended_check_vnode_listextattr, 637106217Srwatson .mpo_check_vnode_lookup = mac_bsdextended_check_vnode_lookup, 638106217Srwatson .mpo_check_vnode_open = mac_bsdextended_check_vnode_open, 639106217Srwatson .mpo_check_vnode_readdir = mac_bsdextended_check_vnode_readdir, 640106217Srwatson .mpo_check_vnode_readlink = mac_bsdextended_check_vnode_readdlink, 641106217Srwatson .mpo_check_vnode_rename_from = mac_bsdextended_check_vnode_rename_from, 642106217Srwatson .mpo_check_vnode_rename_to = mac_bsdextended_check_vnode_rename_to, 643106217Srwatson .mpo_check_vnode_revoke = mac_bsdextended_check_vnode_revoke, 644106217Srwatson .mpo_check_vnode_setacl = mac_bsdextended_check_setacl_vnode, 645106217Srwatson .mpo_check_vnode_setextattr = mac_bsdextended_check_vnode_setextattr, 646106217Srwatson .mpo_check_vnode_setflags = mac_bsdextended_check_vnode_setflags, 647106217Srwatson .mpo_check_vnode_setmode = mac_bsdextended_check_vnode_setmode, 648106217Srwatson .mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner, 649106217Srwatson .mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes, 650106217Srwatson .mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat, 651101099Srwatson}; 652101099Srwatson 653112717SrwatsonMAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended, 654101099Srwatson "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); 655