mac_posix_sem.c revision 189503 
1221716Sattilio/*-
2221716Sattilio * Copyright (c) 2003-2006 SPARTA, Inc.
3221716Sattilio * Copyright (c) 2009 Robert N. M. Watson
4221716Sattilio * All rights reserved.
5221716Sattilio *
6221716Sattilio * This software was developed for the FreeBSD Project in part by Network
7221716Sattilio * Associates Laboratories, the Security Research Division of Network
8221716Sattilio * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
9221716Sattilio * as part of the DARPA CHATS research program.
10221716Sattilio *
11221716Sattilio * This software was enhanced by SPARTA ISSO under SPAWAR contract
12221716Sattilio * N66001-04-C-6019 ("SEFOS").
13221716Sattilio *
14221716Sattilio * This software was developed at the University of Cambridge Computer
15221716Sattilio * Laboratory with support from a grant from Google, Inc.
16221716Sattilio *
17221716Sattilio * Redistribution and use in source and binary forms, with or without
18221716Sattilio * modification, are permitted provided that the following conditions
19221716Sattilio * are met:
20221716Sattilio * 1. Redistributions of source code must retain the above copyright
21221716Sattilio *    notice, this list of conditions and the following disclaimer.
22221716Sattilio * 2. Redistributions in binary form must reproduce the above copyright
23221716Sattilio *    notice, this list of conditions and the following disclaimer in the
24221716Sattilio *    documentation and/or other materials provided with the distribution.
25221716Sattilio *
26221716Sattilio * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27221716Sattilio * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28221716Sattilio * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29221716Sattilio * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30221716Sattilio * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31221716Sattilio * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32221716Sattilio * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33221716Sattilio * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34221716Sattilio * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35221716Sattilio * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36221716Sattilio * SUCH DAMAGE.
37221716Sattilio */
38221716Sattilio
39221716Sattilio#include <sys/cdefs.h>
40221716Sattilio__FBSDID("$FreeBSD: head/sys/security/mac/mac_posix_sem.c 189503 2009-03-08 00:50:37Z rwatson $");
41221716Sattilio
42221716Sattilio#include "opt_kdtrace.h"
43221716Sattilio#include "opt_mac.h"
44221716Sattilio#include "opt_posix.h"
45221716Sattilio
46221716Sattilio#include <sys/param.h>
47221716Sattilio#include <sys/kernel.h>
48221716Sattilio#include <sys/ksem.h>
49221716Sattilio#include <sys/malloc.h>
50221716Sattilio#include <sys/module.h>
51221716Sattilio#include <sys/sdt.h>
52221716Sattilio#include <sys/systm.h>
53221716Sattilio#include <sys/sysctl.h>
54221716Sattilio
55221716Sattilio#include <security/mac/mac_framework.h>
56221716Sattilio#include <security/mac/mac_internal.h>
57221716Sattilio#include <security/mac/mac_policy.h>
58221716Sattilio
59221716Sattiliostatic struct label *
60221716Sattiliomac_posixsem_label_alloc(void)
61221716Sattilio{
62221716Sattilio	struct label *label;
63221716Sattilio
64221716Sattilio	label = mac_labelzone_alloc(M_WAITOK);
65221716Sattilio	MAC_PERFORM(posixsem_init_label, label);
66221716Sattilio	return (label);
67221716Sattilio}
68221716Sattilio
69221716Sattiliovoid
70221716Sattiliomac_posixsem_init(struct ksem *ks)
71221716Sattilio{
72221716Sattilio
73221716Sattilio	if (mac_labeled & MPC_OBJECT_POSIXSEM)
74221716Sattilio		ks->ks_label = mac_posixsem_label_alloc();
75221716Sattilio	else
76221716Sattilio		ks->ks_label = NULL;
77221716Sattilio}
78221716Sattilio
79221716Sattiliostatic void
80221716Sattiliomac_posixsem_label_free(struct label *label)
81221716Sattilio{
82221716Sattilio
83221716Sattilio	MAC_PERFORM(posixsem_destroy_label, label);
84221716Sattilio	mac_labelzone_free(label);
85221716Sattilio}
86221716Sattilio
87221716Sattiliovoid
88221716Sattiliomac_posixsem_destroy(struct ksem *ks)
89221716Sattilio{
90221716Sattilio
91221716Sattilio	if (ks->ks_label != NULL) {
92221716Sattilio		mac_posixsem_label_free(ks->ks_label);
93221716Sattilio		ks->ks_label = NULL;
94221716Sattilio	}
95221716Sattilio}
96221716Sattilio
97221716Sattiliovoid
98221716Sattiliomac_posixsem_create(struct ucred *cred, struct ksem *ks)
99221716Sattilio{
100221716Sattilio
101221716Sattilio	MAC_PERFORM(posixsem_create, cred, ks, ks->ks_label);
102221716Sattilio}
103221716Sattilio
104221716SattilioMAC_CHECK_PROBE_DEFINE2(posixsem_check_open, "struct ucred *",
105221716Sattilio    "struct ksem *");
106221716Sattilio
107221716Sattilioint
108221716Sattiliomac_posixsem_check_open(struct ucred *cred, struct ksem *ks)
109221716Sattilio{
110221716Sattilio	int error;
111221716Sattilio
112221716Sattilio	MAC_CHECK(posixsem_check_open, cred, ks, ks->ks_label);
113221716Sattilio	MAC_CHECK_PROBE2(posixsem_check_open, error, cred, ks);
114221716Sattilio
115221716Sattilio	return (error);
116221716Sattilio}
117221716Sattilio
118221716SattilioMAC_CHECK_PROBE_DEFINE3(posixsem_check_getvalue, "struct ucred *",
119221716Sattilio    "struct ucred *", "struct ksem *");
120221716Sattilio
121int
122mac_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred,
123    struct ksem *ks)
124{
125	int error;
126
127	MAC_CHECK(posixsem_check_getvalue, active_cred, file_cred, ks,
128	    ks->ks_label);
129	MAC_CHECK_PROBE3(posixsem_check_getvalue, error, active_cred,
130	    file_cred, ks);
131
132	return (error);
133}
134
135MAC_CHECK_PROBE_DEFINE3(posixsem_check_post, "struct ucred *",
136    "struct ucred *", "struct ksem *");
137
138int
139mac_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred,
140    struct ksem *ks)
141{
142	int error;
143
144	MAC_CHECK(posixsem_check_post, active_cred, file_cred, ks,
145	    ks->ks_label);
146	MAC_CHECK_PROBE3(posixsem_check_post, error, active_cred, file_cred,
147	    ks);
148
149	return (error);
150}
151
152MAC_CHECK_PROBE_DEFINE3(posixsem_check_stat, "struct ucred *",
153    "struct ucred *", "struct ksem *");
154
155int
156mac_posixsem_check_stat(struct ucred *active_cred, struct ucred *file_cred,
157    struct ksem *ks)
158{
159	int error;
160
161	MAC_CHECK(posixsem_check_stat, active_cred, file_cred, ks,
162	    ks->ks_label);
163	MAC_CHECK_PROBE3(posixsem_check_stat, error, active_cred, file_cred,
164	    ks);
165
166	return (error);
167}
168
169MAC_CHECK_PROBE_DEFINE2(posixsem_check_unlink, "struct ucred *",
170    "struct ksem *");
171
172int
173mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks)
174{
175	int error;
176
177	MAC_CHECK(posixsem_check_unlink, cred, ks, ks->ks_label);
178	MAC_CHECK_PROBE2(posixsem_check_unlink, error, cred, ks);
179
180	return (error);
181}
182
183MAC_CHECK_PROBE_DEFINE3(posixsem_check_wait, "struct ucred *",
184    "struct ucred *", "struct ksem *");
185
186int
187mac_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred,
188    struct ksem *ks)
189{
190	int error;
191
192	MAC_CHECK(posixsem_check_wait, active_cred, file_cred, ks,
193	    ks->ks_label);
194	MAC_CHECK_PROBE3(posixsem_check_wait, error, active_cred, file_cred,
195	    ks);
196
197	return (error);
198}
199