mac_posix_sem.c revision 145855
1285SN/A/*- 2367SN/A * Copyright (c) 2003-2005 SPARTA, Inc. 3285SN/A * All rights reserved. 4285SN/A * 5285SN/A * This software was developed for the FreeBSD Project in part by Network 6285SN/A * Associates Laboratories, the Security Research Division of Network 7285SN/A * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8285SN/A * as part of the DARPA CHATS research program. 9285SN/A * 10285SN/A * Redistribution and use in source and binary forms, with or without 11285SN/A * modification, are permitted provided that the following conditions 12285SN/A * are met: 13285SN/A * 1. Redistributions of source code must retain the above copyright 14285SN/A * notice, this list of conditions and the following disclaimer. 15285SN/A * 2. Redistributions in binary form must reproduce the above copyright 16285SN/A * notice, this list of conditions and the following disclaimer in the 17285SN/A * documentation and/or other materials provided with the distribution. 18285SN/A * 19285SN/A * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20285SN/A * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21285SN/A * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22285SN/A * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23285SN/A * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24285SN/A * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25285SN/A * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26285SN/A * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27285SN/A * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28285SN/A * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29285SN/A * SUCH DAMAGE. 30285SN/A */ 31285SN/A 32285SN/A#include <sys/cdefs.h> 33285SN/A__FBSDID("$FreeBSD: head/sys/security/mac/mac_posix_sem.c 145855 2005-05-04 10:39:15Z rwatson $"); 34285SN/A 35285SN/A#include "opt_mac.h" 36285SN/A#include "opt_posix.h" 37285SN/A 38285SN/A#include <sys/param.h> 39285SN/A#include <sys/kernel.h> 40285SN/A#include <sys/malloc.h> 41285SN/A#include <sys/mac.h> 42285SN/A#include <sys/module.h> 43285SN/A#include <sys/systm.h> 44285SN/A#include <sys/sysctl.h> 45285SN/A 46285SN/A#include <posix4/ksem.h> 47285SN/A 48285SN/A#include <sys/mac_policy.h> 49285SN/A 50285SN/A#include <security/mac/mac_internal.h> 51285SN/A 52285SN/Astatic int mac_enforce_posix_sem = 1; 53285SN/ASYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW, 54285SN/A &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores"); 55285SN/ATUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem); 56285SN/A 57367SN/A#ifdef MAC_DEBUG 58285SN/Astatic unsigned int nmacposixsems; 59285SN/ASYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_sems, CTLFLAG_RD, 60285SN/A &nmacposixsems, 0, "number of posix global semaphores inuse"); 61285SN/A#endif 62285SN/A 63285SN/Astatic struct label * 64285SN/Amac_posix_sem_label_alloc(void) 65285SN/A{ 66285SN/A struct label *label; 67285SN/A 68285SN/A label = mac_labelzone_alloc(M_WAITOK); 69367SN/A MAC_PERFORM(init_posix_sem_label, label); 70285SN/A MAC_DEBUG_COUNTER_INC(&nmacposixsems); 71285SN/A return (label); 72285SN/A} 73285SN/A 74285SN/Avoid 75285SN/Amac_init_posix_sem(struct ksem *ksemptr) 76285SN/A{ 77285SN/A 78367SN/A ksemptr->ks_label = mac_posix_sem_label_alloc(); 79285SN/A} 80285SN/A 81285SN/Astatic void 82285SN/Amac_posix_sem_label_free(struct label *label) 83285SN/A{ 84367SN/A 85285SN/A MAC_PERFORM(destroy_posix_sem_label, label); 86285SN/A MAC_DEBUG_COUNTER_DEC(&nmacposixsems); 87285SN/A} 88285SN/A 89285SN/Avoid 90285SN/Amac_destroy_posix_sem(struct ksem *ksemptr) 91367SN/A{ 92367SN/A 93285SN/A mac_posix_sem_label_free(ksemptr->ks_label); 94285SN/A ksemptr->ks_label = NULL; 95285SN/A} 96285SN/A 97285SN/Avoid 98285SN/Amac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr) 99285SN/A{ 100285SN/A 101285SN/A MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label); 102285SN/A} 103285SN/A 104285SN/Aint 105285SN/Amac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) 106285SN/A{ 107285SN/A int error; 108285SN/A 109285SN/A if (!mac_enforce_posix_sem) 110285SN/A return (0); 111285SN/A 112285SN/A MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label); 113285SN/A 114285SN/A return(error); 115285SN/A} 116285SN/A 117285SN/Aint 118285SN/Amac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr) 119285SN/A{ 120285SN/A int error; 121285SN/A 122285SN/A if (!mac_enforce_posix_sem) 123285SN/A return (0); 124285SN/A 125285SN/A MAC_CHECK(check_posix_sem_open, cred, ksemptr, ksemptr->ks_label); 126285SN/A 127285SN/A return(error); 128285SN/A} 129285SN/A 130285SN/Aint 131285SN/Amac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) 132285SN/A{ 133285SN/A int error; 134285SN/A 135285SN/A if (!mac_enforce_posix_sem) 136285SN/A return (0); 137285SN/A 138285SN/A MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr, 139285SN/A ksemptr->ks_label); 140285SN/A 141 return(error); 142} 143 144int 145mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) 146{ 147 int error; 148 149 if (!mac_enforce_posix_sem) 150 return (0); 151 152 MAC_CHECK(check_posix_sem_post, cred, ksemptr, ksemptr->ks_label); 153 154 return(error); 155} 156 157int 158mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) 159{ 160 int error; 161 162 if (!mac_enforce_posix_sem) 163 return (0); 164 165 MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, ksemptr->ks_label); 166 167 return(error); 168} 169 170int 171mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) 172{ 173 int error; 174 175 if (!mac_enforce_posix_sem) 176 return (0); 177 178 MAC_CHECK(check_posix_sem_wait, cred, ksemptr, ksemptr->ks_label); 179 180 return(error); 181} 182