mac_internal.h revision 122524
12Sjlaskey/*- 26Sjlaskey * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 32Sjlaskey * Copyright (c) 2001 Ilmar S. Habibulin 4877Sattila * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 52Sjlaskey * All rights reserved. 62Sjlaskey * 72Sjlaskey * This software was developed by Robert Watson and Ilmar Habibulin for the 8877Sattila * TrustedBSD Project. 92Sjlaskey * 102Sjlaskey * This software was developed for the FreeBSD Project in part by Network 112Sjlaskey * Associates Laboratories, the Security Research Division of Network 122Sjlaskey * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 132Sjlaskey * as part of the DARPA CHATS research program. 14877Sattila * 152Sjlaskey * Redistribution and use in source and binary forms, with or without 162Sjlaskey * modification, are permitted provided that the following conditions 172Sjlaskey * are met: 18877Sattila * 1. Redistributions of source code must retain the above copyright 192Sjlaskey * notice, this list of conditions and the following disclaimer. 202Sjlaskey * 2. Redistributions in binary form must reproduce the above copyright 212Sjlaskey * notice, this list of conditions and the following disclaimer in the 222Sjlaskey * documentation and/or other materials provided with the distribution. 232Sjlaskey * 242Sjlaskey * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 252Sjlaskey * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 262Sjlaskey * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 272Sjlaskey * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28877Sattila * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 292Sjlaskey * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 302Sjlaskey * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 312Sjlaskey * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 322Sjlaskey * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 332Sjlaskey * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 342Sjlaskey * SUCH DAMAGE. 352Sjlaskey * 362Sjlaskey * $FreeBSD: head/sys/security/mac/mac_internal.h 122524 2003-11-12 03:14:31Z rwatson $ 372Sjlaskey */ 382Sjlaskey 392Sjlaskey/* 402Sjlaskey * MAC Framework sysctl namespace. 412Sjlaskey */ 422SjlaskeySYSCTL_DECL(_security); 432SjlaskeySYSCTL_DECL(_security_mac); 442Sjlaskey#ifdef MAC_DEBUG 452SjlaskeySYSCTL_DECL(_security_mac_debug); 462SjlaskeySYSCTL_DECL(_security_mac_debug_counters); 472Sjlaskey#endif 48 49/* 50 * MAC Framework global types and typedefs. 51 */ 52LIST_HEAD(mac_policy_list_head, mac_policy_conf); 53MALLOC_DECLARE(M_MACTEMP); 54 55/* 56 * MAC Framework global variables. 57 */ 58extern struct mac_policy_list_head mac_policy_list; 59extern struct mac_policy_list_head mac_static_policy_list; 60extern int mac_late; 61extern int mac_enforce_process; 62extern int mac_enforce_sysv; 63extern int mac_enforce_vm; 64#ifndef MAC_ALWAYS_LABEL_MBUF 65extern int mac_labelmbufs; 66#endif 67 68/* 69 * MAC Framework object/access counter primitives, conditionally 70 * compiled. 71 */ 72#ifdef MAC_DEBUG 73#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1); 74#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1); 75#else 76#define MAC_DEBUG_COUNTER_INC(x) 77#define MAC_DEBUG_COUNTER_DEC(x) 78#endif 79 80/* 81 * MAC Framework infrastructure functions. 82 */ 83int mac_error_select(int error1, int error2); 84 85void mac_policy_grab_exclusive(void); 86void mac_policy_assert_exclusive(void); 87void mac_policy_release_exclusive(void); 88void mac_policy_list_busy(void); 89int mac_policy_list_conditional_busy(void); 90void mac_policy_list_unbusy(void); 91 92struct label *mac_labelzone_alloc(int flags); 93void mac_labelzone_free(struct label *label); 94void mac_labelzone_init(void); 95 96void mac_init_label(struct label *label); 97void mac_destroy_label(struct label *label); 98int mac_check_structmac_consistent(struct mac *mac); 99int mac_allocate_slot(void); 100 101/* 102 * MAC Framework per-object type functions. It's not yet clear how 103 * the namespaces, etc, should work for these, so for now, sort by 104 * object type. 105 */ 106struct label *mac_pipe_label_alloc(void); 107void mac_pipe_label_free(struct label *label); 108 109int mac_check_cred_relabel(struct ucred *cred, struct label *newlabel); 110int mac_externalize_cred_label(struct label *label, char *elements, 111 char *outbuf, size_t outbuflen); 112int mac_internalize_cred_label(struct label *label, char *string); 113void mac_relabel_cred(struct ucred *cred, struct label *newlabel); 114 115void mac_copy_pipe_label(struct label *src, struct label *dest); 116int mac_externalize_pipe_label(struct label *label, char *elements, 117 char *outbuf, size_t outbuflen); 118int mac_internalize_pipe_label(struct label *label, char *string); 119 120int mac_externalize_vnode_label(struct label *label, char *elements, 121 char *outbuf, size_t outbuflen); 122int mac_internalize_vnode_label(struct label *label, char *string); 123void mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, 124 int *prot); 125int vn_setlabel(struct vnode *vp, struct label *intlabel, 126 struct ucred *cred); 127 128/* 129 * MAC_CHECK performs the designated check by walking the policy module 130 * list and checking with each as to how it feels about the request. 131 * Note that it returns its value via 'error' in the scope of the caller. 132 */ 133#define MAC_CHECK(check, args...) do { \ 134 struct mac_policy_conf *mpc; \ 135 int entrycount; \ 136 \ 137 error = 0; \ 138 LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { \ 139 if (mpc->mpc_ops->mpo_ ## check != NULL) \ 140 error = mac_error_select( \ 141 mpc->mpc_ops->mpo_ ## check (args), \ 142 error); \ 143 } \ 144 if ((entrycount = mac_policy_list_conditional_busy()) != 0) { \ 145 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ 146 if (mpc->mpc_ops->mpo_ ## check != NULL) \ 147 error = mac_error_select( \ 148 mpc->mpc_ops->mpo_ ## check (args), \ 149 error); \ 150 } \ 151 mac_policy_list_unbusy(); \ 152 } \ 153} while (0) 154 155/* 156 * MAC_BOOLEAN performs the designated boolean composition by walking 157 * the module list, invoking each instance of the operation, and 158 * combining the results using the passed C operator. Note that it 159 * returns its value via 'result' in the scope of the caller, which 160 * should be initialized by the caller in a meaningful way to get 161 * a meaningful result. 162 */ 163#define MAC_BOOLEAN(operation, composition, args...) do { \ 164 struct mac_policy_conf *mpc; \ 165 int entrycount; \ 166 \ 167 LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { \ 168 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 169 result = result composition \ 170 mpc->mpc_ops->mpo_ ## operation (args); \ 171 } \ 172 if ((entrycount = mac_policy_list_conditional_busy()) != 0) { \ 173 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ 174 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 175 result = result composition \ 176 mpc->mpc_ops->mpo_ ## operation \ 177 (args); \ 178 } \ 179 mac_policy_list_unbusy(); \ 180 } \ 181} while (0) 182 183#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \ 184 outbuflen) do { \ 185 int claimed, first, ignorenotfound, savedlen; \ 186 char *element_name, *element_temp; \ 187 struct sbuf sb; \ 188 \ 189 error = 0; \ 190 first = 1; \ 191 sbuf_new(&sb, outbuf, outbuflen, SBUF_FIXEDLEN); \ 192 element_temp = elementlist; \ 193 while ((element_name = strsep(&element_temp, ",")) != NULL) { \ 194 if (element_name[0] == '?') { \ 195 element_name++; \ 196 ignorenotfound = 1; \ 197 } else \ 198 ignorenotfound = 0; \ 199 savedlen = sbuf_len(&sb); \ 200 if (first) \ 201 error = sbuf_printf(&sb, "%s/", element_name); \ 202 else \ 203 error = sbuf_printf(&sb, ",%s/", element_name); \ 204 if (error == -1) { \ 205 error = EINVAL; /* XXX: E2BIG? */ \ 206 break; \ 207 } \ 208 claimed = 0; \ 209 MAC_CHECK(externalize_ ## type ## _label, label, \ 210 element_name, &sb, &claimed); \ 211 if (error) \ 212 break; \ 213 if (claimed == 0 && ignorenotfound) { \ 214 /* Revert last label name. */ \ 215 sbuf_setpos(&sb, savedlen); \ 216 } else if (claimed != 1) { \ 217 error = EINVAL; /* XXX: ENOLABEL? */ \ 218 break; \ 219 } else { \ 220 first = 0; \ 221 } \ 222 } \ 223 sbuf_finish(&sb); \ 224} while (0) 225 226#define MAC_INTERNALIZE(type, label, instring) do { \ 227 char *element, *element_name, *element_data; \ 228 int claimed; \ 229 \ 230 error = 0; \ 231 element = instring; \ 232 while ((element_name = strsep(&element, ",")) != NULL) { \ 233 element_data = element_name; \ 234 element_name = strsep(&element_data, "/"); \ 235 if (element_data == NULL) { \ 236 error = EINVAL; \ 237 break; \ 238 } \ 239 claimed = 0; \ 240 MAC_CHECK(internalize_ ## type ## _label, label, \ 241 element_name, element_data, &claimed); \ 242 if (error) \ 243 break; \ 244 if (claimed != 1) { \ 245 /* XXXMAC: Another error here? */ \ 246 error = EINVAL; \ 247 break; \ 248 } \ 249 } \ 250} while (0) 251 252/* 253 * MAC_PERFORM performs the designated operation by walking the policy 254 * module list and invoking that operation for each policy. 255 */ 256#define MAC_PERFORM(operation, args...) do { \ 257 struct mac_policy_conf *mpc; \ 258 int entrycount; \ 259 \ 260 LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { \ 261 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 262 mpc->mpc_ops->mpo_ ## operation (args); \ 263 } \ 264 if ((entrycount = mac_policy_list_conditional_busy()) != 0) { \ 265 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ 266 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 267 mpc->mpc_ops->mpo_ ## operation (args); \ 268 } \ 269 mac_policy_list_unbusy(); \ 270 } \ 271} while (0) 272