mac_biba.c revision 104514
1101099Srwatson/*- 2101099Srwatson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3101099Srwatson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4101099Srwatson * All rights reserved. 5101099Srwatson * 6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 7101099Srwatson * 8101099Srwatson * This software was developed for the FreeBSD Project in part by NAI Labs, 9101099Srwatson * the Security Research Division of Network Associates, Inc. under 10101099Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11101099Srwatson * CHATS research program. 12101099Srwatson * 13101099Srwatson * Redistribution and use in source and binary forms, with or without 14101099Srwatson * modification, are permitted provided that the following conditions 15101099Srwatson * are met: 16101099Srwatson * 1. Redistributions of source code must retain the above copyright 17101099Srwatson * notice, this list of conditions and the following disclaimer. 18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 19101099Srwatson * notice, this list of conditions and the following disclaimer in the 20101099Srwatson * documentation and/or other materials provided with the distribution. 21101099Srwatson * 3. The names of the authors may not be used to endorse or promote 22101099Srwatson * products derived from this software without specific prior written 23101099Srwatson * permission. 24101099Srwatson * 25101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35101099Srwatson * SUCH DAMAGE. 36101099Srwatson * 37101099Srwatson * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 104514 2002-10-05 15:10:00Z rwatson $ 38101099Srwatson */ 39101099Srwatson 40101099Srwatson/* 41101099Srwatson * Developed by the TrustedBSD Project. 42101099Srwatson * Biba fixed label mandatory integrity policy. 43101099Srwatson */ 44101099Srwatson 45101099Srwatson#include <sys/types.h> 46101099Srwatson#include <sys/param.h> 47101099Srwatson#include <sys/acl.h> 48101099Srwatson#include <sys/conf.h> 49101099Srwatson#include <sys/kernel.h> 50101099Srwatson#include <sys/mac.h> 51103183Sbde#include <sys/malloc.h> 52101099Srwatson#include <sys/mount.h> 53101099Srwatson#include <sys/proc.h> 54101099Srwatson#include <sys/systm.h> 55101099Srwatson#include <sys/sysproto.h> 56101099Srwatson#include <sys/sysent.h> 57101099Srwatson#include <sys/vnode.h> 58101099Srwatson#include <sys/file.h> 59101099Srwatson#include <sys/socket.h> 60101099Srwatson#include <sys/socketvar.h> 61101099Srwatson#include <sys/pipe.h> 62101099Srwatson#include <sys/sysctl.h> 63101099Srwatson 64101099Srwatson#include <fs/devfs/devfs.h> 65101099Srwatson 66101099Srwatson#include <net/bpfdesc.h> 67101099Srwatson#include <net/if.h> 68101099Srwatson#include <net/if_types.h> 69101099Srwatson#include <net/if_var.h> 70101099Srwatson 71101099Srwatson#include <netinet/in.h> 72101099Srwatson#include <netinet/ip_var.h> 73101099Srwatson 74101099Srwatson#include <vm/vm.h> 75101099Srwatson 76101099Srwatson#include <sys/mac_policy.h> 77101099Srwatson 78101099Srwatson#include <security/mac_biba/mac_biba.h> 79101099Srwatson 80101099SrwatsonSYSCTL_DECL(_security_mac); 81101099Srwatson 82101099SrwatsonSYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 83101099Srwatson "TrustedBSD mac_biba policy controls"); 84101099Srwatson 85101099Srwatsonstatic int mac_biba_enabled = 0; 86101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, 87101099Srwatson &mac_biba_enabled, 0, "Enforce MAC/Biba policy"); 88102980SrwatsonTUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled); 89101099Srwatson 90101099Srwatsonstatic int destroyed_not_inited; 91101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 92101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 93101099Srwatson 94101099Srwatsonstatic int trust_all_interfaces = 0; 95101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 96101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 97101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 98101099Srwatson 99101099Srwatsonstatic char trusted_interfaces[128]; 100101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 101101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 102101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 103101099Srwatson sizeof(trusted_interfaces)); 104101099Srwatson 105101099Srwatsonstatic int mac_biba_revocation_enabled = 0; 106101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 107101099Srwatson &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel"); 108101099SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", 109101099Srwatson &mac_biba_revocation_enabled); 110101099Srwatson 111101099Srwatsonstatic int mac_biba_slot; 112101099Srwatson#define SLOT(l) ((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr) 113101099Srwatson 114101099SrwatsonMALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels"); 115101099Srwatson 116101099Srwatsonstatic int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 117101099Srwatson struct label *vnodelabel, mode_t acc_mode); 118101099Srwatson 119101099Srwatsonstatic struct mac_biba * 120104514Srwatsonbiba_alloc(int flag) 121101099Srwatson{ 122101099Srwatson struct mac_biba *mac_biba; 123101099Srwatson 124104514Srwatson mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | flag); 125101099Srwatson 126101099Srwatson return (mac_biba); 127101099Srwatson} 128101099Srwatson 129101099Srwatsonstatic void 130101099Srwatsonbiba_free(struct mac_biba *mac_biba) 131101099Srwatson{ 132101099Srwatson 133101099Srwatson if (mac_biba != NULL) 134101099Srwatson free(mac_biba, M_MACBIBA); 135101099Srwatson else 136101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 137101099Srwatson} 138101099Srwatson 139101099Srwatsonstatic int 140101099Srwatsonmac_biba_dominate_element(struct mac_biba_element *a, 141101099Srwatson struct mac_biba_element *b) 142101099Srwatson{ 143101099Srwatson 144101099Srwatson switch(a->mbe_type) { 145101099Srwatson case MAC_BIBA_TYPE_EQUAL: 146101099Srwatson case MAC_BIBA_TYPE_HIGH: 147101099Srwatson return (1); 148101099Srwatson 149101099Srwatson case MAC_BIBA_TYPE_LOW: 150101099Srwatson switch (b->mbe_type) { 151101099Srwatson case MAC_BIBA_TYPE_GRADE: 152101099Srwatson case MAC_BIBA_TYPE_HIGH: 153101099Srwatson return (0); 154101099Srwatson 155101099Srwatson case MAC_BIBA_TYPE_EQUAL: 156101099Srwatson case MAC_BIBA_TYPE_LOW: 157101099Srwatson return (1); 158101099Srwatson 159101099Srwatson default: 160101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 161101099Srwatson } 162101099Srwatson 163101099Srwatson case MAC_BIBA_TYPE_GRADE: 164101099Srwatson switch (b->mbe_type) { 165101099Srwatson case MAC_BIBA_TYPE_EQUAL: 166101099Srwatson case MAC_BIBA_TYPE_LOW: 167101099Srwatson return (1); 168101099Srwatson 169101099Srwatson case MAC_BIBA_TYPE_HIGH: 170101099Srwatson return (0); 171101099Srwatson 172101099Srwatson case MAC_BIBA_TYPE_GRADE: 173101099Srwatson return (a->mbe_grade >= b->mbe_grade); 174101099Srwatson 175101099Srwatson default: 176101099Srwatson panic("mac_biba_dominate_element: b->mbe_type invalid"); 177101099Srwatson } 178101099Srwatson 179101099Srwatson default: 180101099Srwatson panic("mac_biba_dominate_element: a->mbe_type invalid"); 181101099Srwatson } 182101099Srwatson 183101099Srwatson return (0); 184101099Srwatson} 185101099Srwatson 186101099Srwatsonstatic int 187101099Srwatsonmac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 188101099Srwatson{ 189101099Srwatson 190101099Srwatson return (mac_biba_dominate_element(&rangeb->mb_rangehigh, 191101099Srwatson &rangea->mb_rangehigh) && 192101099Srwatson mac_biba_dominate_element(&rangea->mb_rangelow, 193101099Srwatson &rangeb->mb_rangelow)); 194101099Srwatson} 195101099Srwatson 196101099Srwatsonstatic int 197101099Srwatsonmac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) 198101099Srwatson{ 199101099Srwatson 200103750Srwatson KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 201101099Srwatson ("mac_biba_single_in_range: a not single")); 202103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 203101099Srwatson ("mac_biba_single_in_range: b not range")); 204101099Srwatson 205101099Srwatson return (mac_biba_dominate_element(&range->mb_rangehigh, 206101099Srwatson &single->mb_single) && 207101099Srwatson mac_biba_dominate_element(&single->mb_single, 208101099Srwatson &range->mb_rangelow)); 209101099Srwatson 210101099Srwatson return (1); 211101099Srwatson} 212101099Srwatson 213101099Srwatsonstatic int 214101099Srwatsonmac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) 215101099Srwatson{ 216101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 217101099Srwatson ("mac_biba_dominate_single: a not single")); 218101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 219101099Srwatson ("mac_biba_dominate_single: b not single")); 220101099Srwatson 221101099Srwatson return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); 222101099Srwatson} 223101099Srwatson 224101099Srwatsonstatic int 225101099Srwatsonmac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 226101099Srwatson{ 227101099Srwatson 228101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 229101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 230101099Srwatson return (1); 231101099Srwatson 232101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 233101099Srwatson} 234101099Srwatson 235101099Srwatsonstatic int 236101099Srwatsonmac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) 237101099Srwatson{ 238101099Srwatson 239101099Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 240101099Srwatson ("mac_biba_equal_single: a not single")); 241101099Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 242101099Srwatson ("mac_biba_equal_single: b not single")); 243101099Srwatson 244101099Srwatson return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); 245101099Srwatson} 246101099Srwatson 247101099Srwatsonstatic int 248101099Srwatsonmac_biba_valid(struct mac_biba *mac_biba) 249101099Srwatson{ 250101099Srwatson 251101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { 252101099Srwatson switch (mac_biba->mb_single.mbe_type) { 253101099Srwatson case MAC_BIBA_TYPE_GRADE: 254101099Srwatson break; 255101099Srwatson 256101099Srwatson case MAC_BIBA_TYPE_EQUAL: 257101099Srwatson case MAC_BIBA_TYPE_HIGH: 258101099Srwatson case MAC_BIBA_TYPE_LOW: 259101099Srwatson if (mac_biba->mb_single.mbe_grade != 0) 260101099Srwatson return (EINVAL); 261101099Srwatson break; 262101099Srwatson 263101099Srwatson default: 264101099Srwatson return (EINVAL); 265101099Srwatson } 266101099Srwatson } else { 267101099Srwatson if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) 268101099Srwatson return (EINVAL); 269101099Srwatson } 270101099Srwatson 271101099Srwatson if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { 272101099Srwatson switch (mac_biba->mb_rangelow.mbe_type) { 273101099Srwatson case MAC_BIBA_TYPE_GRADE: 274101099Srwatson break; 275101099Srwatson 276101099Srwatson case MAC_BIBA_TYPE_EQUAL: 277101099Srwatson case MAC_BIBA_TYPE_HIGH: 278101099Srwatson case MAC_BIBA_TYPE_LOW: 279101099Srwatson if (mac_biba->mb_rangelow.mbe_grade != 0) 280101099Srwatson return (EINVAL); 281101099Srwatson break; 282101099Srwatson 283101099Srwatson default: 284101099Srwatson return (EINVAL); 285101099Srwatson } 286101099Srwatson 287101099Srwatson switch (mac_biba->mb_rangehigh.mbe_type) { 288101099Srwatson case MAC_BIBA_TYPE_GRADE: 289101099Srwatson break; 290101099Srwatson 291101099Srwatson case MAC_BIBA_TYPE_EQUAL: 292101099Srwatson case MAC_BIBA_TYPE_HIGH: 293101099Srwatson case MAC_BIBA_TYPE_LOW: 294101099Srwatson if (mac_biba->mb_rangehigh.mbe_grade != 0) 295101099Srwatson return (EINVAL); 296101099Srwatson break; 297101099Srwatson 298101099Srwatson default: 299101099Srwatson return (EINVAL); 300101099Srwatson } 301101099Srwatson if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh, 302101099Srwatson &mac_biba->mb_rangelow)) 303101099Srwatson return (EINVAL); 304101099Srwatson } else { 305101099Srwatson if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 306101099Srwatson mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 307101099Srwatson return (EINVAL); 308101099Srwatson } 309101099Srwatson 310101099Srwatson return (0); 311101099Srwatson} 312101099Srwatson 313101099Srwatsonstatic void 314101099Srwatsonmac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, 315101099Srwatson u_short gradelow, u_short typehigh, u_short gradehigh) 316101099Srwatson{ 317101099Srwatson 318101099Srwatson mac_biba->mb_rangelow.mbe_type = typelow; 319101099Srwatson mac_biba->mb_rangelow.mbe_grade = gradelow; 320101099Srwatson mac_biba->mb_rangehigh.mbe_type = typehigh; 321101099Srwatson mac_biba->mb_rangehigh.mbe_grade = gradehigh; 322101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; 323101099Srwatson} 324101099Srwatson 325101099Srwatsonstatic void 326101099Srwatsonmac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade) 327101099Srwatson{ 328101099Srwatson 329101099Srwatson mac_biba->mb_single.mbe_type = type; 330101099Srwatson mac_biba->mb_single.mbe_grade = grade; 331101099Srwatson mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 332101099Srwatson} 333101099Srwatson 334101099Srwatsonstatic void 335101099Srwatsonmac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 336101099Srwatson{ 337101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 338101099Srwatson ("mac_biba_copy_range: labelfrom not range")); 339101099Srwatson 340101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 341101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 342101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 343101099Srwatson} 344101099Srwatson 345101099Srwatsonstatic void 346101099Srwatsonmac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) 347101099Srwatson{ 348101099Srwatson 349101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 350101099Srwatson ("mac_biba_copy_single: labelfrom not single")); 351101099Srwatson 352101099Srwatson labelto->mb_single = labelfrom->mb_single; 353101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; 354101099Srwatson} 355101099Srwatson 356101099Srwatsonstatic void 357101099Srwatsonmac_biba_copy_single_to_range(struct mac_biba *labelfrom, 358101099Srwatson struct mac_biba *labelto) 359101099Srwatson{ 360101099Srwatson 361101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, 362101099Srwatson ("mac_biba_copy_single_to_range: labelfrom not single")); 363101099Srwatson 364101099Srwatson labelto->mb_rangelow = labelfrom->mb_single; 365101099Srwatson labelto->mb_rangehigh = labelfrom->mb_single; 366101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 367101099Srwatson} 368101099Srwatson 369101099Srwatson/* 370101099Srwatson * Policy module operations. 371101099Srwatson */ 372101099Srwatsonstatic void 373101099Srwatsonmac_biba_destroy(struct mac_policy_conf *conf) 374101099Srwatson{ 375101099Srwatson 376101099Srwatson} 377101099Srwatson 378101099Srwatsonstatic void 379101099Srwatsonmac_biba_init(struct mac_policy_conf *conf) 380101099Srwatson{ 381101099Srwatson 382101099Srwatson} 383101099Srwatson 384101099Srwatson/* 385101099Srwatson * Label operations. 386101099Srwatson */ 387101099Srwatsonstatic void 388104514Srwatsonmac_biba_init_label(struct label *label) 389101099Srwatson{ 390101099Srwatson 391101099Srwatson SLOT(label) = biba_alloc(M_WAITOK); 392101099Srwatson} 393101099Srwatson 394101099Srwatsonstatic int 395104514Srwatsonmac_biba_init_label_waitcheck(struct label *label, int flag) 396101099Srwatson{ 397101099Srwatson 398104514Srwatson SLOT(label) = biba_alloc(flag); 399101099Srwatson if (SLOT(label) == NULL) 400101099Srwatson return (ENOMEM); 401101099Srwatson 402101099Srwatson return (0); 403101099Srwatson} 404101099Srwatson 405101099Srwatsonstatic void 406104514Srwatsonmac_biba_destroy_label(struct label *label) 407101099Srwatson{ 408101099Srwatson 409101099Srwatson biba_free(SLOT(label)); 410101099Srwatson SLOT(label) = NULL; 411101099Srwatson} 412101099Srwatson 413101099Srwatsonstatic int 414101099Srwatsonmac_biba_externalize(struct label *label, struct mac *extmac) 415101099Srwatson{ 416101099Srwatson struct mac_biba *mac_biba; 417101099Srwatson 418101099Srwatson mac_biba = SLOT(label); 419101099Srwatson 420101099Srwatson if (mac_biba == NULL) { 421101099Srwatson printf("mac_biba_externalize: NULL pointer\n"); 422101099Srwatson return (0); 423101099Srwatson } 424101099Srwatson 425101099Srwatson extmac->m_biba = *mac_biba; 426101099Srwatson 427101099Srwatson return (0); 428101099Srwatson} 429101099Srwatson 430101099Srwatsonstatic int 431101099Srwatsonmac_biba_internalize(struct label *label, struct mac *extmac) 432101099Srwatson{ 433101099Srwatson struct mac_biba *mac_biba; 434101099Srwatson int error; 435101099Srwatson 436101099Srwatson mac_biba = SLOT(label); 437101099Srwatson 438101099Srwatson error = mac_biba_valid(mac_biba); 439101099Srwatson if (error) 440101099Srwatson return (error); 441101099Srwatson 442101099Srwatson *mac_biba = extmac->m_biba; 443101099Srwatson 444101099Srwatson return (0); 445101099Srwatson} 446101099Srwatson 447101099Srwatson/* 448101099Srwatson * Labeling event operations: file system objects, and things that look 449101099Srwatson * a lot like file system objects. 450101099Srwatson */ 451101099Srwatsonstatic void 452101099Srwatsonmac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 453101099Srwatson struct label *label) 454101099Srwatson{ 455101099Srwatson struct mac_biba *mac_biba; 456101099Srwatson int biba_type; 457101099Srwatson 458101099Srwatson mac_biba = SLOT(label); 459101099Srwatson if (strcmp(dev->si_name, "null") == 0 || 460101099Srwatson strcmp(dev->si_name, "zero") == 0 || 461101099Srwatson strcmp(dev->si_name, "random") == 0 || 462101099Srwatson strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) 463101099Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 464101099Srwatson else 465101099Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 466101099Srwatson mac_biba_set_single(mac_biba, biba_type, 0); 467101099Srwatson} 468101099Srwatson 469101099Srwatsonstatic void 470101099Srwatsonmac_biba_create_devfs_directory(char *dirname, int dirnamelen, 471101099Srwatson struct devfs_dirent *devfs_dirent, struct label *label) 472101099Srwatson{ 473101099Srwatson struct mac_biba *mac_biba; 474101099Srwatson 475101099Srwatson mac_biba = SLOT(label); 476101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 477101099Srwatson} 478101099Srwatson 479101099Srwatsonstatic void 480101099Srwatsonmac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 481101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 482101099Srwatson{ 483101099Srwatson struct mac_biba *source, *dest; 484101099Srwatson 485101099Srwatson source = SLOT(direntlabel); 486101099Srwatson dest = SLOT(vnodelabel); 487101099Srwatson mac_biba_copy_single(source, dest); 488101099Srwatson} 489101099Srwatson 490101099Srwatsonstatic void 491101099Srwatsonmac_biba_create_vnode(struct ucred *cred, struct vnode *parent, 492101099Srwatson struct label *parentlabel, struct vnode *child, struct label *childlabel) 493101099Srwatson{ 494101099Srwatson struct mac_biba *source, *dest; 495101099Srwatson 496101099Srwatson source = SLOT(&cred->cr_label); 497101099Srwatson dest = SLOT(childlabel); 498101099Srwatson 499101099Srwatson mac_biba_copy_single(source, dest); 500101099Srwatson} 501101099Srwatson 502101099Srwatsonstatic void 503101099Srwatsonmac_biba_create_mount(struct ucred *cred, struct mount *mp, 504101099Srwatson struct label *mntlabel, struct label *fslabel) 505101099Srwatson{ 506101099Srwatson struct mac_biba *source, *dest; 507101099Srwatson 508101099Srwatson source = SLOT(&cred->cr_label); 509101099Srwatson dest = SLOT(mntlabel); 510101099Srwatson mac_biba_copy_single(source, dest); 511101099Srwatson dest = SLOT(fslabel); 512101099Srwatson mac_biba_copy_single(source, dest); 513101099Srwatson} 514101099Srwatson 515101099Srwatsonstatic void 516101099Srwatsonmac_biba_create_root_mount(struct ucred *cred, struct mount *mp, 517101099Srwatson struct label *mntlabel, struct label *fslabel) 518101099Srwatson{ 519101099Srwatson struct mac_biba *mac_biba; 520101099Srwatson 521101099Srwatson /* Always mount root as high integrity. */ 522101099Srwatson mac_biba = SLOT(fslabel); 523101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 524101099Srwatson mac_biba = SLOT(mntlabel); 525101099Srwatson mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0); 526101099Srwatson} 527101099Srwatson 528101099Srwatsonstatic void 529101099Srwatsonmac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, 530101099Srwatson struct label *vnodelabel, struct label *label) 531101099Srwatson{ 532101099Srwatson struct mac_biba *source, *dest; 533101099Srwatson 534101099Srwatson source = SLOT(label); 535101099Srwatson dest = SLOT(vnodelabel); 536101099Srwatson 537101099Srwatson mac_biba_copy_single(source, dest); 538101099Srwatson} 539101099Srwatson 540101099Srwatsonstatic void 541101099Srwatsonmac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, 542101099Srwatson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 543101099Srwatson{ 544101099Srwatson struct mac_biba *source, *dest; 545101099Srwatson 546101099Srwatson source = SLOT(vnodelabel); 547101099Srwatson dest = SLOT(direntlabel); 548101099Srwatson 549101099Srwatson mac_biba_copy_single(source, dest); 550101099Srwatson} 551101099Srwatson 552101099Srwatsonstatic void 553101099Srwatsonmac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 554101099Srwatson struct ucred *cred) 555101099Srwatson{ 556101099Srwatson struct mac_biba *source, *dest; 557101099Srwatson 558101099Srwatson source = SLOT(&cred->cr_label); 559101099Srwatson dest = SLOT(vnodelabel); 560101099Srwatson 561101099Srwatson /* 562101099Srwatson * Only copy the single, not the range, since vnodes only have 563101099Srwatson * a single. 564101099Srwatson */ 565101099Srwatson mac_biba_copy_single(source, dest); 566101099Srwatson} 567101099Srwatson 568101099Srwatsonstatic int 569101099Srwatsonmac_biba_update_vnode_from_externalized(struct vnode *vp, 570101099Srwatson struct label *vnodelabel, struct mac *extmac) 571101099Srwatson{ 572101099Srwatson struct mac_biba *source, *dest; 573101099Srwatson int error; 574101099Srwatson 575101099Srwatson source = &extmac->m_biba; 576101099Srwatson dest = SLOT(vnodelabel); 577101099Srwatson 578101099Srwatson error = mac_biba_valid(source); 579101099Srwatson if (error) 580101099Srwatson return (error); 581101099Srwatson 582101099Srwatson if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 583101099Srwatson return (EINVAL); 584101099Srwatson 585101099Srwatson mac_biba_copy_single(source, dest); 586101099Srwatson 587101099Srwatson return (0); 588101099Srwatson} 589101099Srwatson 590101099Srwatsonstatic void 591101099Srwatsonmac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 592101099Srwatson struct mount *mp, struct label *fslabel) 593101099Srwatson{ 594101099Srwatson struct mac_biba *source, *dest; 595101099Srwatson 596101099Srwatson source = SLOT(fslabel); 597101099Srwatson dest = SLOT(vnodelabel); 598101099Srwatson 599101099Srwatson mac_biba_copy_single(source, dest); 600101099Srwatson} 601101099Srwatson 602101099Srwatson/* 603101099Srwatson * Labeling event operations: IPC object. 604101099Srwatson */ 605101099Srwatsonstatic void 606101099Srwatsonmac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 607101099Srwatson struct mbuf *m, struct label *mbuflabel) 608101099Srwatson{ 609101099Srwatson struct mac_biba *source, *dest; 610101099Srwatson 611101099Srwatson source = SLOT(socketlabel); 612101099Srwatson dest = SLOT(mbuflabel); 613101099Srwatson 614101099Srwatson mac_biba_copy_single(source, dest); 615101099Srwatson} 616101099Srwatson 617101099Srwatsonstatic void 618101099Srwatsonmac_biba_create_socket(struct ucred *cred, struct socket *socket, 619101099Srwatson struct label *socketlabel) 620101099Srwatson{ 621101099Srwatson struct mac_biba *source, *dest; 622101099Srwatson 623101099Srwatson source = SLOT(&cred->cr_label); 624101099Srwatson dest = SLOT(socketlabel); 625101099Srwatson 626101099Srwatson mac_biba_copy_single(source, dest); 627101099Srwatson mac_biba_copy_single_to_range(source, dest); 628101099Srwatson} 629101099Srwatson 630101099Srwatsonstatic void 631101099Srwatsonmac_biba_create_pipe(struct ucred *cred, struct pipe *pipe, 632101099Srwatson struct label *pipelabel) 633101099Srwatson{ 634101099Srwatson struct mac_biba *source, *dest; 635101099Srwatson 636101099Srwatson source = SLOT(&cred->cr_label); 637101099Srwatson dest = SLOT(pipelabel); 638101099Srwatson 639101099Srwatson mac_biba_copy_single(source, dest); 640101099Srwatson} 641101099Srwatson 642101099Srwatsonstatic void 643101099Srwatsonmac_biba_create_socket_from_socket(struct socket *oldsocket, 644101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 645101099Srwatson struct label *newsocketlabel) 646101099Srwatson{ 647101099Srwatson struct mac_biba *source, *dest; 648101099Srwatson 649101099Srwatson source = SLOT(oldsocketlabel); 650101099Srwatson dest = SLOT(newsocketlabel); 651101099Srwatson 652101099Srwatson mac_biba_copy_single(source, dest); 653101099Srwatson mac_biba_copy_range(source, dest); 654101099Srwatson} 655101099Srwatson 656101099Srwatsonstatic void 657101099Srwatsonmac_biba_relabel_socket(struct ucred *cred, struct socket *socket, 658101099Srwatson struct label *socketlabel, struct label *newlabel) 659101099Srwatson{ 660101099Srwatson struct mac_biba *source, *dest; 661101099Srwatson 662101099Srwatson source = SLOT(newlabel); 663101099Srwatson dest = SLOT(socketlabel); 664101099Srwatson 665101099Srwatson mac_biba_copy_single(source, dest); 666101099Srwatson mac_biba_copy_range(source, dest); 667101099Srwatson} 668101099Srwatson 669101099Srwatsonstatic void 670101099Srwatsonmac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe, 671101099Srwatson struct label *pipelabel, struct label *newlabel) 672101099Srwatson{ 673101099Srwatson struct mac_biba *source, *dest; 674101099Srwatson 675101099Srwatson source = SLOT(newlabel); 676101099Srwatson dest = SLOT(pipelabel); 677101099Srwatson 678101099Srwatson mac_biba_copy_single(source, dest); 679101099Srwatson} 680101099Srwatson 681101099Srwatsonstatic void 682101099Srwatsonmac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 683101099Srwatson struct socket *socket, struct label *socketpeerlabel) 684101099Srwatson{ 685101099Srwatson struct mac_biba *source, *dest; 686101099Srwatson 687101099Srwatson source = SLOT(mbuflabel); 688101099Srwatson dest = SLOT(socketpeerlabel); 689101099Srwatson 690101099Srwatson mac_biba_copy_single(source, dest); 691101099Srwatson} 692101099Srwatson 693101099Srwatson/* 694101099Srwatson * Labeling event operations: network objects. 695101099Srwatson */ 696101099Srwatsonstatic void 697101099Srwatsonmac_biba_set_socket_peer_from_socket(struct socket *oldsocket, 698101099Srwatson struct label *oldsocketlabel, struct socket *newsocket, 699101099Srwatson struct label *newsocketpeerlabel) 700101099Srwatson{ 701101099Srwatson struct mac_biba *source, *dest; 702101099Srwatson 703101099Srwatson source = SLOT(oldsocketlabel); 704101099Srwatson dest = SLOT(newsocketpeerlabel); 705101099Srwatson 706101099Srwatson mac_biba_copy_single(source, dest); 707101099Srwatson} 708101099Srwatson 709101099Srwatsonstatic void 710101099Srwatsonmac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 711101099Srwatson struct label *bpflabel) 712101099Srwatson{ 713101099Srwatson struct mac_biba *source, *dest; 714101099Srwatson 715101099Srwatson source = SLOT(&cred->cr_label); 716101099Srwatson dest = SLOT(bpflabel); 717101099Srwatson 718101099Srwatson mac_biba_copy_single(source, dest); 719101099Srwatson} 720101099Srwatson 721101099Srwatsonstatic void 722101099Srwatsonmac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 723101099Srwatson{ 724101099Srwatson char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q; 725101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 726101099Srwatson struct mac_biba *dest; 727101099Srwatson int len, grade; 728101099Srwatson 729101099Srwatson dest = SLOT(ifnetlabel); 730101099Srwatson 731101099Srwatson if (ifnet->if_type == IFT_LOOP) { 732101099Srwatson grade = MAC_BIBA_TYPE_EQUAL; 733101099Srwatson goto set; 734101099Srwatson } 735101099Srwatson 736101099Srwatson if (trust_all_interfaces) { 737101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 738101099Srwatson goto set; 739101099Srwatson } 740101099Srwatson 741101099Srwatson grade = MAC_BIBA_TYPE_LOW; 742101099Srwatson 743101099Srwatson if (trusted_interfaces[0] == '\0' || 744101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 745101099Srwatson goto set; 746101099Srwatson 747101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 748101099Srwatson if(*p != ' ' && *p != '\t') 749101099Srwatson *q = *p; 750101099Srwatson 751101099Srwatson snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit); 752101099Srwatson 753101099Srwatson for (p = q = tiflist;; p++) { 754101099Srwatson if (*p == ',' || *p == '\0') { 755101099Srwatson len = p - q; 756101099Srwatson if (len < IFNAMSIZ) { 757101099Srwatson bzero(tifname, sizeof(tifname)); 758101099Srwatson bcopy(q, tifname, len); 759101099Srwatson if (strcmp(tifname, ifname) == 0) { 760101099Srwatson grade = MAC_BIBA_TYPE_HIGH; 761101099Srwatson break; 762101099Srwatson } 763101099Srwatson } 764101099Srwatson if (*p == '\0') 765101099Srwatson break; 766101099Srwatson q = p + 1; 767101099Srwatson } 768101099Srwatson } 769101099Srwatsonset: 770101099Srwatson mac_biba_set_single(dest, grade, 0); 771101099Srwatson mac_biba_set_range(dest, grade, 0, grade, 0); 772101099Srwatson} 773101099Srwatson 774101099Srwatsonstatic void 775101099Srwatsonmac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 776101099Srwatson struct ipq *ipq, struct label *ipqlabel) 777101099Srwatson{ 778101099Srwatson struct mac_biba *source, *dest; 779101099Srwatson 780101099Srwatson source = SLOT(fragmentlabel); 781101099Srwatson dest = SLOT(ipqlabel); 782101099Srwatson 783101099Srwatson mac_biba_copy_single(source, dest); 784101099Srwatson} 785101099Srwatson 786101099Srwatsonstatic void 787101099Srwatsonmac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 788101099Srwatson struct mbuf *datagram, struct label *datagramlabel) 789101099Srwatson{ 790101099Srwatson struct mac_biba *source, *dest; 791101099Srwatson 792101099Srwatson source = SLOT(ipqlabel); 793101099Srwatson dest = SLOT(datagramlabel); 794101099Srwatson 795101099Srwatson /* Just use the head, since we require them all to match. */ 796101099Srwatson mac_biba_copy_single(source, dest); 797101099Srwatson} 798101099Srwatson 799101099Srwatsonstatic void 800101099Srwatsonmac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 801101099Srwatson struct mbuf *fragment, struct label *fragmentlabel) 802101099Srwatson{ 803101099Srwatson struct mac_biba *source, *dest; 804101099Srwatson 805101099Srwatson source = SLOT(datagramlabel); 806101099Srwatson dest = SLOT(fragmentlabel); 807101099Srwatson 808101099Srwatson mac_biba_copy_single(source, dest); 809101099Srwatson} 810101099Srwatson 811101099Srwatsonstatic void 812101099Srwatsonmac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 813101099Srwatson struct label *oldmbuflabel, struct mbuf *newmbuf, 814101099Srwatson struct label *newmbuflabel) 815101099Srwatson{ 816101099Srwatson struct mac_biba *source, *dest; 817101099Srwatson 818101099Srwatson source = SLOT(oldmbuflabel); 819101099Srwatson dest = SLOT(newmbuflabel); 820101099Srwatson 821101099Srwatson mac_biba_copy_single(source, dest); 822101099Srwatson} 823101099Srwatson 824101099Srwatsonstatic void 825101099Srwatsonmac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 826101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 827101099Srwatson{ 828101099Srwatson struct mac_biba *dest; 829101099Srwatson 830101099Srwatson dest = SLOT(mbuflabel); 831101099Srwatson 832101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 833101099Srwatson} 834101099Srwatson 835101099Srwatsonstatic void 836101099Srwatsonmac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 837101099Srwatson struct mbuf *mbuf, struct label *mbuflabel) 838101099Srwatson{ 839101099Srwatson struct mac_biba *source, *dest; 840101099Srwatson 841101099Srwatson source = SLOT(bpflabel); 842101099Srwatson dest = SLOT(mbuflabel); 843101099Srwatson 844101099Srwatson mac_biba_copy_single(source, dest); 845101099Srwatson} 846101099Srwatson 847101099Srwatsonstatic void 848101099Srwatsonmac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 849101099Srwatson struct mbuf *m, struct label *mbuflabel) 850101099Srwatson{ 851101099Srwatson struct mac_biba *source, *dest; 852101099Srwatson 853101099Srwatson source = SLOT(ifnetlabel); 854101099Srwatson dest = SLOT(mbuflabel); 855101099Srwatson 856101099Srwatson mac_biba_copy_single(source, dest); 857101099Srwatson} 858101099Srwatson 859101099Srwatsonstatic void 860101099Srwatsonmac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 861101099Srwatson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 862101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 863101099Srwatson{ 864101099Srwatson struct mac_biba *source, *dest; 865101099Srwatson 866101099Srwatson source = SLOT(oldmbuflabel); 867101099Srwatson dest = SLOT(newmbuflabel); 868101099Srwatson 869101099Srwatson mac_biba_copy_single(source, dest); 870101099Srwatson} 871101099Srwatson 872101099Srwatsonstatic void 873101099Srwatsonmac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, 874101099Srwatson struct mbuf *newmbuf, struct label *newmbuflabel) 875101099Srwatson{ 876101099Srwatson struct mac_biba *source, *dest; 877101099Srwatson 878101099Srwatson source = SLOT(oldmbuflabel); 879101099Srwatson dest = SLOT(newmbuflabel); 880101099Srwatson 881101099Srwatson mac_biba_copy_single(source, dest); 882101099Srwatson} 883101099Srwatson 884101099Srwatsonstatic int 885101099Srwatsonmac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 886101099Srwatson struct ipq *ipq, struct label *ipqlabel) 887101099Srwatson{ 888101099Srwatson struct mac_biba *a, *b; 889101099Srwatson 890101099Srwatson a = SLOT(ipqlabel); 891101099Srwatson b = SLOT(fragmentlabel); 892101099Srwatson 893101099Srwatson return (mac_biba_equal_single(a, b)); 894101099Srwatson} 895101099Srwatson 896101099Srwatsonstatic void 897101099Srwatsonmac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 898101099Srwatson struct label *ifnetlabel, struct label *newlabel) 899101099Srwatson{ 900101099Srwatson struct mac_biba *source, *dest; 901101099Srwatson 902101099Srwatson source = SLOT(newlabel); 903101099Srwatson dest = SLOT(ifnetlabel); 904101099Srwatson 905101099Srwatson mac_biba_copy_single(source, dest); 906101099Srwatson mac_biba_copy_range(source, dest); 907101099Srwatson} 908101099Srwatson 909101099Srwatsonstatic void 910101099Srwatsonmac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 911101099Srwatson struct ipq *ipq, struct label *ipqlabel) 912101099Srwatson{ 913101099Srwatson 914101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 915101099Srwatson} 916101099Srwatson 917101099Srwatson/* 918101099Srwatson * Labeling event operations: processes. 919101099Srwatson */ 920101099Srwatsonstatic void 921101099Srwatsonmac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 922101099Srwatson{ 923101099Srwatson struct mac_biba *source, *dest; 924101099Srwatson 925101099Srwatson source = SLOT(&cred_parent->cr_label); 926101099Srwatson dest = SLOT(&cred_child->cr_label); 927101099Srwatson 928101099Srwatson mac_biba_copy_single(source, dest); 929101099Srwatson mac_biba_copy_range(source, dest); 930101099Srwatson} 931101099Srwatson 932101099Srwatsonstatic void 933101099Srwatsonmac_biba_execve_transition(struct ucred *old, struct ucred *new, 934101099Srwatson struct vnode *vp, struct mac *vnodelabel) 935101099Srwatson{ 936101099Srwatson struct mac_biba *source, *dest; 937101099Srwatson 938101099Srwatson source = SLOT(&old->cr_label); 939101099Srwatson dest = SLOT(&new->cr_label); 940101099Srwatson 941101099Srwatson mac_biba_copy_single(source, dest); 942101099Srwatson mac_biba_copy_range(source, dest); 943101099Srwatson} 944101099Srwatson 945101099Srwatsonstatic int 946101099Srwatsonmac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, 947101099Srwatson struct mac *vnodelabel) 948101099Srwatson{ 949101099Srwatson 950101099Srwatson return (0); 951101099Srwatson} 952101099Srwatson 953101099Srwatsonstatic void 954101099Srwatsonmac_biba_create_proc0(struct ucred *cred) 955101099Srwatson{ 956101099Srwatson struct mac_biba *dest; 957101099Srwatson 958101099Srwatson dest = SLOT(&cred->cr_label); 959101099Srwatson 960101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0); 961101099Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 962101099Srwatson} 963101099Srwatson 964101099Srwatsonstatic void 965101099Srwatsonmac_biba_create_proc1(struct ucred *cred) 966101099Srwatson{ 967101099Srwatson struct mac_biba *dest; 968101099Srwatson 969101099Srwatson dest = SLOT(&cred->cr_label); 970101099Srwatson 971101099Srwatson mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0); 972101099Srwatson mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0); 973101099Srwatson} 974101099Srwatson 975101099Srwatsonstatic void 976101099Srwatsonmac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) 977101099Srwatson{ 978101099Srwatson struct mac_biba *source, *dest; 979101099Srwatson 980101099Srwatson source = SLOT(newlabel); 981101099Srwatson dest = SLOT(&cred->cr_label); 982101099Srwatson 983101099Srwatson mac_biba_copy_single(source, dest); 984101099Srwatson mac_biba_copy_range(source, dest); 985101099Srwatson} 986101099Srwatson 987101099Srwatson/* 988101099Srwatson * Access control checks. 989101099Srwatson */ 990101099Srwatsonstatic int 991101099Srwatsonmac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 992101099Srwatson struct ifnet *ifnet, struct label *ifnetlabel) 993101099Srwatson{ 994101099Srwatson struct mac_biba *a, *b; 995101099Srwatson 996101099Srwatson if (!mac_biba_enabled) 997101099Srwatson return (0); 998101099Srwatson 999101099Srwatson a = SLOT(bpflabel); 1000101099Srwatson b = SLOT(ifnetlabel); 1001101099Srwatson 1002101099Srwatson if (mac_biba_equal_single(a, b)) 1003101099Srwatson return (0); 1004101099Srwatson return (EACCES); 1005101099Srwatson} 1006101099Srwatson 1007101099Srwatsonstatic int 1008101099Srwatsonmac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1009101099Srwatson{ 1010101099Srwatson struct mac_biba *subj, *new; 1011101099Srwatson 1012101099Srwatson subj = SLOT(&cred->cr_label); 1013101099Srwatson new = SLOT(newlabel); 1014101099Srwatson 1015101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1016101099Srwatson return (EINVAL); 1017101099Srwatson 1018101099Srwatson /* 1019101099Srwatson * XXX: Allow processes with root privilege to set labels outside 1020101099Srwatson * their range, so suid things like "su" work. This WILL go away 1021101099Srwatson * when we figure out the 'correct' solution... 1022101099Srwatson */ 1023101099Srwatson if (!suser_cred(cred, 0)) 1024101099Srwatson return (0); 1025101099Srwatson 1026101099Srwatson /* 1027101099Srwatson * The new single must be in the old range. 1028101099Srwatson */ 1029101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1030101099Srwatson return (EPERM); 1031101099Srwatson 1032101099Srwatson /* 1033101099Srwatson * The new range must be in the old range. 1034101099Srwatson */ 1035101099Srwatson if (!mac_biba_range_in_range(new, subj)) 1036101099Srwatson return (EPERM); 1037101099Srwatson 1038101099Srwatson /* 1039101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1040101099Srwatson */ 1041101099Srwatson 1042101099Srwatson return (0); 1043101099Srwatson} 1044101099Srwatson 1045101099Srwatsonstatic int 1046101099Srwatsonmac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1047101099Srwatson{ 1048101099Srwatson struct mac_biba *subj, *obj; 1049101099Srwatson 1050101099Srwatson if (!mac_biba_enabled) 1051101099Srwatson return (0); 1052101099Srwatson 1053101099Srwatson subj = SLOT(&u1->cr_label); 1054101099Srwatson obj = SLOT(&u2->cr_label); 1055101099Srwatson 1056101099Srwatson /* XXX: range */ 1057101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1058101099Srwatson return (ESRCH); 1059101099Srwatson 1060101099Srwatson return (0); 1061101099Srwatson} 1062101099Srwatson 1063101099Srwatsonstatic int 1064101099Srwatsonmac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1065101099Srwatson struct label *ifnetlabel, struct label *newlabel) 1066101099Srwatson{ 1067101099Srwatson struct mac_biba *subj, *new; 1068101099Srwatson 1069101099Srwatson subj = SLOT(&cred->cr_label); 1070101099Srwatson new = SLOT(newlabel); 1071101099Srwatson 1072101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH) 1073101099Srwatson return (EINVAL); 1074101099Srwatson 1075101099Srwatson return (suser_cred(cred, 0)); 1076101099Srwatson} 1077101099Srwatson 1078103759Srwatsonstatic int 1079101099Srwatsonmac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1080101099Srwatson struct mbuf *m, struct label *mbuflabel) 1081101099Srwatson{ 1082101099Srwatson struct mac_biba *p, *i; 1083103761Srwatson 1084101099Srwatson if (!mac_biba_enabled) 1085101099Srwatson return (0); 1086101099Srwatson 1087101099Srwatson p = SLOT(mbuflabel); 1088101099Srwatson i = SLOT(ifnetlabel); 1089103759Srwatson 1090101099Srwatson return (mac_biba_single_in_range(p, i) ? 0 : EACCES); 1091101099Srwatson} 1092101099Srwatson 1093101099Srwatsonstatic int 1094101099Srwatsonmac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, 1095101099Srwatson struct label *mntlabel) 1096101099Srwatson{ 1097101099Srwatson struct mac_biba *subj, *obj; 1098101099Srwatson 1099101099Srwatson if (!mac_biba_enabled) 1100101099Srwatson return (0); 1101101099Srwatson 1102101099Srwatson subj = SLOT(&cred->cr_label); 1103101099Srwatson obj = SLOT(mntlabel); 1104101099Srwatson 1105101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1106101099Srwatson return (EACCES); 1107101099Srwatson 1108101099Srwatson return (0); 1109101099Srwatson} 1110101099Srwatson 1111101099Srwatsonstatic int 1112101099Srwatsonmac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 1113101099Srwatson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1114101099Srwatson{ 1115103759Srwatson 1116101099Srwatson if(!mac_biba_enabled) 1117101099Srwatson return (0); 1118101099Srwatson 1119101099Srwatson /* XXX: This will be implemented soon... */ 1120101099Srwatson 1121101099Srwatson return (0); 1122101099Srwatson} 1123101099Srwatson 1124101099Srwatsonstatic int 1125102115Srwatsonmac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 1126102115Srwatson struct label *pipelabel) 1127101099Srwatson{ 1128101099Srwatson struct mac_biba *subj, *obj; 1129101099Srwatson 1130101099Srwatson if (!mac_biba_enabled) 1131101099Srwatson return (0); 1132101099Srwatson 1133101099Srwatson subj = SLOT(&cred->cr_label); 1134101099Srwatson obj = SLOT((pipelabel)); 1135101099Srwatson 1136102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1137102115Srwatson return (EACCES); 1138101099Srwatson 1139101099Srwatson return (0); 1140101099Srwatson} 1141101099Srwatson 1142101099Srwatsonstatic int 1143102115Srwatsonmac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe, 1144102115Srwatson struct label *pipelabel) 1145102115Srwatson{ 1146102115Srwatson struct mac_biba *subj, *obj; 1147102115Srwatson 1148102115Srwatson if (!mac_biba_enabled) 1149102115Srwatson return (0); 1150102115Srwatson 1151102115Srwatson subj = SLOT(&cred->cr_label); 1152102115Srwatson obj = SLOT((pipelabel)); 1153102115Srwatson 1154102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1155102115Srwatson return (EACCES); 1156102115Srwatson 1157102115Srwatson return (0); 1158102115Srwatson} 1159102115Srwatson 1160102115Srwatsonstatic int 1161101099Srwatsonmac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1162101099Srwatson struct label *pipelabel, struct label *newlabel) 1163101099Srwatson{ 1164101099Srwatson struct mac_biba *subj, *obj, *new; 1165101099Srwatson 1166101099Srwatson new = SLOT(newlabel); 1167101099Srwatson subj = SLOT(&cred->cr_label); 1168101099Srwatson obj = SLOT(pipelabel); 1169101099Srwatson 1170101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1171101099Srwatson return (EINVAL); 1172101099Srwatson 1173101099Srwatson /* 1174101099Srwatson * To relabel a pipe, the old pipe label must be in the subject 1175101099Srwatson * range. 1176101099Srwatson */ 1177101099Srwatson if (!mac_biba_single_in_range(obj, subj)) 1178101099Srwatson return (EPERM); 1179101099Srwatson 1180101099Srwatson /* 1181101099Srwatson * To relabel a pipe, the new pipe label must be in the subject 1182101099Srwatson * range. 1183101099Srwatson */ 1184101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1185101099Srwatson return (EPERM); 1186101099Srwatson 1187101099Srwatson /* 1188101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1189101099Srwatson */ 1190101099Srwatson 1191101099Srwatson return (0); 1192101099Srwatson} 1193101099Srwatson 1194101099Srwatsonstatic int 1195102115Srwatsonmac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1196102115Srwatson struct label *pipelabel) 1197102115Srwatson{ 1198102115Srwatson struct mac_biba *subj, *obj; 1199102115Srwatson 1200102115Srwatson if (!mac_biba_enabled) 1201102115Srwatson return (0); 1202102115Srwatson 1203102115Srwatson subj = SLOT(&cred->cr_label); 1204102115Srwatson obj = SLOT((pipelabel)); 1205102115Srwatson 1206102115Srwatson if (!mac_biba_dominate_single(obj, subj)) 1207102115Srwatson return (EACCES); 1208102115Srwatson 1209102115Srwatson return (0); 1210102115Srwatson} 1211102115Srwatson 1212102115Srwatsonstatic int 1213102115Srwatsonmac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe, 1214102115Srwatson struct label *pipelabel) 1215102115Srwatson{ 1216102115Srwatson struct mac_biba *subj, *obj; 1217102115Srwatson 1218102115Srwatson if (!mac_biba_enabled) 1219102115Srwatson return (0); 1220102115Srwatson 1221102115Srwatson subj = SLOT(&cred->cr_label); 1222102115Srwatson obj = SLOT((pipelabel)); 1223102115Srwatson 1224102115Srwatson if (!mac_biba_dominate_single(subj, obj)) 1225102115Srwatson return (EACCES); 1226102115Srwatson 1227102115Srwatson return (0); 1228102115Srwatson} 1229102115Srwatson 1230102115Srwatsonstatic int 1231101099Srwatsonmac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) 1232101099Srwatson{ 1233101099Srwatson struct mac_biba *subj, *obj; 1234101099Srwatson 1235101099Srwatson if (!mac_biba_enabled) 1236101099Srwatson return (0); 1237101099Srwatson 1238101099Srwatson subj = SLOT(&cred->cr_label); 1239101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1240101099Srwatson 1241101099Srwatson /* XXX: range checks */ 1242101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1243101099Srwatson return (ESRCH); 1244101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1245101099Srwatson return (EACCES); 1246101099Srwatson 1247101099Srwatson return (0); 1248101099Srwatson} 1249101099Srwatson 1250101099Srwatsonstatic int 1251101099Srwatsonmac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) 1252101099Srwatson{ 1253101099Srwatson struct mac_biba *subj, *obj; 1254103759Srwatson 1255101099Srwatson if (!mac_biba_enabled) 1256101099Srwatson return (0); 1257101099Srwatson 1258101099Srwatson subj = SLOT(&cred->cr_label); 1259101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1260103759Srwatson 1261101099Srwatson /* XXX: range checks */ 1262101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1263101099Srwatson return (ESRCH); 1264101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1265101099Srwatson return (EACCES); 1266101099Srwatson 1267101099Srwatson return (0); 1268101099Srwatson} 1269101099Srwatson 1270101099Srwatsonstatic int 1271101099Srwatsonmac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1272101099Srwatson{ 1273101099Srwatson struct mac_biba *subj, *obj; 1274103759Srwatson 1275101099Srwatson if (!mac_biba_enabled) 1276101099Srwatson return (0); 1277101099Srwatson 1278101099Srwatson subj = SLOT(&cred->cr_label); 1279101099Srwatson obj = SLOT(&proc->p_ucred->cr_label); 1280103759Srwatson 1281101099Srwatson /* XXX: range checks */ 1282101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1283101099Srwatson return (ESRCH); 1284101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1285101099Srwatson return (EACCES); 1286101099Srwatson 1287101099Srwatson return (0); 1288101099Srwatson} 1289101099Srwatson 1290101099Srwatsonstatic int 1291101934Srwatsonmac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, 1292101099Srwatson struct mbuf *m, struct label *mbuflabel) 1293101099Srwatson{ 1294101099Srwatson struct mac_biba *p, *s; 1295101099Srwatson 1296101099Srwatson if (!mac_biba_enabled) 1297101099Srwatson return (0); 1298101099Srwatson 1299101099Srwatson p = SLOT(mbuflabel); 1300101099Srwatson s = SLOT(socketlabel); 1301101099Srwatson 1302101099Srwatson return (mac_biba_equal_single(p, s) ? 0 : EACCES); 1303101099Srwatson} 1304101099Srwatson 1305101099Srwatsonstatic int 1306101099Srwatsonmac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket, 1307101099Srwatson struct label *socketlabel, struct label *newlabel) 1308101099Srwatson{ 1309101099Srwatson struct mac_biba *subj, *obj, *new; 1310101099Srwatson 1311101099Srwatson new = SLOT(newlabel); 1312101099Srwatson subj = SLOT(&cred->cr_label); 1313101099Srwatson obj = SLOT(socketlabel); 1314101099Srwatson 1315101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1316101099Srwatson return (EINVAL); 1317101099Srwatson 1318101099Srwatson /* 1319101099Srwatson * To relabel a socket, the old socket label must be in the subject 1320101099Srwatson * range. 1321101099Srwatson */ 1322101099Srwatson if (!mac_biba_single_in_range(obj, subj)) 1323101099Srwatson return (EPERM); 1324101099Srwatson 1325101099Srwatson /* 1326101099Srwatson * To relabel a socket, the new socket label must be in the subject 1327101099Srwatson * range. 1328101099Srwatson */ 1329101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1330101099Srwatson return (EPERM); 1331101099Srwatson 1332101099Srwatson /* 1333101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1334101099Srwatson */ 1335101099Srwatson 1336101099Srwatson return (0); 1337101099Srwatson} 1338101099Srwatson 1339101099Srwatsonstatic int 1340101099Srwatsonmac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, 1341101099Srwatson struct label *socketlabel) 1342101099Srwatson{ 1343101099Srwatson struct mac_biba *subj, *obj; 1344101099Srwatson 1345101099Srwatson subj = SLOT(&cred->cr_label); 1346101099Srwatson obj = SLOT(socketlabel); 1347101099Srwatson 1348101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1349101099Srwatson return (ENOENT); 1350101099Srwatson 1351101099Srwatson return (0); 1352101099Srwatson} 1353101099Srwatson 1354101099Srwatsonstatic int 1355101099Srwatsonmac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp, 1356101099Srwatson struct label *label, mode_t flags) 1357101099Srwatson{ 1358101099Srwatson 1359101099Srwatson return (mac_biba_check_vnode_open(cred, vp, label, flags)); 1360101099Srwatson} 1361101099Srwatson 1362101099Srwatsonstatic int 1363101099Srwatsonmac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1364101099Srwatson struct label *dlabel) 1365101099Srwatson{ 1366101099Srwatson struct mac_biba *subj, *obj; 1367101099Srwatson 1368101099Srwatson if (!mac_biba_enabled) 1369101099Srwatson return (0); 1370101099Srwatson 1371101099Srwatson subj = SLOT(&cred->cr_label); 1372101099Srwatson obj = SLOT(dlabel); 1373101099Srwatson 1374101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1375101099Srwatson return (EACCES); 1376101099Srwatson 1377101099Srwatson return (0); 1378101099Srwatson} 1379101099Srwatson 1380101099Srwatsonstatic int 1381101099Srwatsonmac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1382101099Srwatson struct label *dlabel) 1383101099Srwatson{ 1384101099Srwatson struct mac_biba *subj, *obj; 1385101099Srwatson 1386101099Srwatson if (!mac_biba_enabled) 1387101099Srwatson return (0); 1388101099Srwatson 1389101099Srwatson subj = SLOT(&cred->cr_label); 1390101099Srwatson obj = SLOT(dlabel); 1391101099Srwatson 1392101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1393101099Srwatson return (EACCES); 1394101099Srwatson 1395101099Srwatson return (0); 1396101099Srwatson} 1397101099Srwatson 1398101099Srwatsonstatic int 1399101099Srwatsonmac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1400101099Srwatson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 1401101099Srwatson{ 1402101099Srwatson struct mac_biba *subj, *obj; 1403101099Srwatson 1404101099Srwatson if (!mac_biba_enabled) 1405101099Srwatson return (0); 1406101099Srwatson 1407101099Srwatson subj = SLOT(&cred->cr_label); 1408101099Srwatson obj = SLOT(dlabel); 1409101099Srwatson 1410101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1411101099Srwatson return (EACCES); 1412101099Srwatson 1413101099Srwatson return (0); 1414101099Srwatson} 1415101099Srwatson 1416101099Srwatsonstatic int 1417101099Srwatsonmac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 1418101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1419101099Srwatson struct componentname *cnp) 1420101099Srwatson{ 1421101099Srwatson struct mac_biba *subj, *obj; 1422101099Srwatson 1423101099Srwatson if (!mac_biba_enabled) 1424101099Srwatson return (0); 1425101099Srwatson 1426101099Srwatson subj = SLOT(&cred->cr_label); 1427101099Srwatson obj = SLOT(dlabel); 1428101099Srwatson 1429101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1430101099Srwatson return (EACCES); 1431101099Srwatson 1432101099Srwatson obj = SLOT(label); 1433101099Srwatson 1434101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1435101099Srwatson return (EACCES); 1436101099Srwatson 1437101099Srwatson return (0); 1438101099Srwatson} 1439101099Srwatson 1440101099Srwatsonstatic int 1441101099Srwatsonmac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1442101099Srwatson struct label *label, acl_type_t type) 1443101099Srwatson{ 1444101099Srwatson struct mac_biba *subj, *obj; 1445101099Srwatson 1446101099Srwatson if (!mac_biba_enabled) 1447101099Srwatson return (0); 1448101099Srwatson 1449101099Srwatson subj = SLOT(&cred->cr_label); 1450101099Srwatson obj = SLOT(label); 1451101099Srwatson 1452101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1453101099Srwatson return (EACCES); 1454101099Srwatson 1455101099Srwatson return (0); 1456101099Srwatson} 1457101099Srwatson 1458101099Srwatsonstatic int 1459101099Srwatsonmac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1460101099Srwatson struct label *label) 1461101099Srwatson{ 1462101099Srwatson struct mac_biba *subj, *obj; 1463101099Srwatson 1464101099Srwatson if (!mac_biba_enabled) 1465101099Srwatson return (0); 1466101099Srwatson 1467101099Srwatson subj = SLOT(&cred->cr_label); 1468101099Srwatson obj = SLOT(label); 1469101099Srwatson 1470101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1471101099Srwatson return (EACCES); 1472101099Srwatson 1473101099Srwatson return (0); 1474101099Srwatson} 1475101099Srwatson 1476101099Srwatsonstatic int 1477101099Srwatsonmac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1478101099Srwatson struct label *label, acl_type_t type) 1479101099Srwatson{ 1480101099Srwatson struct mac_biba *subj, *obj; 1481101099Srwatson 1482101099Srwatson if (!mac_biba_enabled) 1483101099Srwatson return (0); 1484101099Srwatson 1485101099Srwatson subj = SLOT(&cred->cr_label); 1486101099Srwatson obj = SLOT(label); 1487101099Srwatson 1488101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1489101099Srwatson return (EACCES); 1490101099Srwatson 1491101099Srwatson return (0); 1492101099Srwatson} 1493101099Srwatson 1494101099Srwatsonstatic int 1495101099Srwatsonmac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1496101099Srwatson struct label *label, int attrnamespace, const char *name, struct uio *uio) 1497101099Srwatson{ 1498101099Srwatson struct mac_biba *subj, *obj; 1499101099Srwatson 1500101099Srwatson if (!mac_biba_enabled) 1501101099Srwatson return (0); 1502101099Srwatson 1503101099Srwatson subj = SLOT(&cred->cr_label); 1504101099Srwatson obj = SLOT(label); 1505101099Srwatson 1506101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1507101099Srwatson return (EACCES); 1508101099Srwatson 1509101099Srwatson return (0); 1510101099Srwatson} 1511101099Srwatson 1512101099Srwatsonstatic int 1513103759Srwatsonmac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1514101099Srwatson struct label *dlabel, struct componentname *cnp) 1515101099Srwatson{ 1516101099Srwatson struct mac_biba *subj, *obj; 1517103759Srwatson 1518101099Srwatson if (!mac_biba_enabled) 1519101099Srwatson return (0); 1520103759Srwatson 1521101099Srwatson subj = SLOT(&cred->cr_label); 1522101099Srwatson obj = SLOT(dlabel); 1523103759Srwatson 1524101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1525101099Srwatson return (EACCES); 1526101099Srwatson 1527103759Srwatson return (0); 1528101099Srwatson} 1529101099Srwatson 1530101099Srwatsonstatic int 1531101099Srwatsonmac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, 1532101099Srwatson struct label *vnodelabel, mode_t acc_mode) 1533101099Srwatson{ 1534101099Srwatson struct mac_biba *subj, *obj; 1535101099Srwatson 1536101099Srwatson if (!mac_biba_enabled) 1537101099Srwatson return (0); 1538101099Srwatson 1539101099Srwatson subj = SLOT(&cred->cr_label); 1540101099Srwatson obj = SLOT(vnodelabel); 1541101099Srwatson 1542101099Srwatson /* XXX privilege override for admin? */ 1543101099Srwatson if (acc_mode & (VREAD | VEXEC | VSTAT)) { 1544101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1545101099Srwatson return (EACCES); 1546101099Srwatson } 1547101099Srwatson if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { 1548101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1549101099Srwatson return (EACCES); 1550101099Srwatson } 1551101099Srwatson 1552101099Srwatson return (0); 1553101099Srwatson} 1554101099Srwatson 1555101099Srwatsonstatic int 1556102129Srwatsonmac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1557102129Srwatson struct vnode *vp, struct label *label) 1558102112Srwatson{ 1559102112Srwatson struct mac_biba *subj, *obj; 1560102112Srwatson 1561102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1562102112Srwatson return (0); 1563102112Srwatson 1564102129Srwatson subj = SLOT(&active_cred->cr_label); 1565102112Srwatson obj = SLOT(label); 1566102112Srwatson 1567102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 1568102112Srwatson return (EACCES); 1569102112Srwatson 1570102112Srwatson return (0); 1571102112Srwatson} 1572102112Srwatson 1573102112Srwatsonstatic int 1574102129Srwatsonmac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1575102129Srwatson struct vnode *vp, struct label *label) 1576102112Srwatson{ 1577102112Srwatson struct mac_biba *subj, *obj; 1578102112Srwatson 1579102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1580102112Srwatson return (0); 1581102112Srwatson 1582102129Srwatson subj = SLOT(&active_cred->cr_label); 1583102112Srwatson obj = SLOT(label); 1584102112Srwatson 1585102112Srwatson if (!mac_biba_dominate_single(obj, subj)) 1586102112Srwatson return (EACCES); 1587102112Srwatson 1588102112Srwatson return (0); 1589102112Srwatson} 1590102112Srwatson 1591102112Srwatsonstatic int 1592101099Srwatsonmac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 1593101099Srwatson struct label *dlabel) 1594101099Srwatson{ 1595101099Srwatson struct mac_biba *subj, *obj; 1596101099Srwatson 1597101099Srwatson if (!mac_biba_enabled) 1598101099Srwatson return (0); 1599101099Srwatson 1600101099Srwatson subj = SLOT(&cred->cr_label); 1601101099Srwatson obj = SLOT(dlabel); 1602101099Srwatson 1603101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1604101099Srwatson return (EACCES); 1605101099Srwatson 1606101099Srwatson return (0); 1607101099Srwatson} 1608101099Srwatson 1609101099Srwatsonstatic int 1610101099Srwatsonmac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1611101099Srwatson struct label *label) 1612101099Srwatson{ 1613101099Srwatson struct mac_biba *subj, *obj; 1614101099Srwatson 1615101099Srwatson if (!mac_biba_enabled) 1616101099Srwatson return (0); 1617101099Srwatson 1618101099Srwatson subj = SLOT(&cred->cr_label); 1619101099Srwatson obj = SLOT(label); 1620101099Srwatson 1621101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1622101099Srwatson return (EACCES); 1623101099Srwatson 1624101099Srwatson return (0); 1625101099Srwatson} 1626101099Srwatson 1627101099Srwatsonstatic int 1628101099Srwatsonmac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1629101099Srwatson struct label *vnodelabel, struct label *newlabel) 1630101099Srwatson{ 1631101099Srwatson struct mac_biba *old, *new, *subj; 1632101099Srwatson 1633101099Srwatson old = SLOT(vnodelabel); 1634101099Srwatson new = SLOT(newlabel); 1635101099Srwatson subj = SLOT(&cred->cr_label); 1636101099Srwatson 1637101099Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) 1638101099Srwatson return (EINVAL); 1639101099Srwatson 1640101099Srwatson /* 1641101099Srwatson * To relabel a vnode, the old vnode label must be in the subject 1642101099Srwatson * range. 1643101099Srwatson */ 1644101099Srwatson if (!mac_biba_single_in_range(old, subj)) 1645101099Srwatson return (EPERM); 1646101099Srwatson 1647101099Srwatson /* 1648101099Srwatson * To relabel a vnode, the new vnode label must be in the subject 1649101099Srwatson * range. 1650101099Srwatson */ 1651101099Srwatson if (!mac_biba_single_in_range(new, subj)) 1652101099Srwatson return (EPERM); 1653101099Srwatson 1654101099Srwatson /* 1655101099Srwatson * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1656101099Srwatson */ 1657101099Srwatson 1658101099Srwatson return (suser_cred(cred, 0)); 1659101099Srwatson} 1660101099Srwatson 1661101099Srwatsonstatic int 1662101099Srwatsonmac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1663101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, 1664101099Srwatson struct componentname *cnp) 1665101099Srwatson{ 1666101099Srwatson struct mac_biba *subj, *obj; 1667101099Srwatson 1668101099Srwatson if (!mac_biba_enabled) 1669101099Srwatson return (0); 1670101099Srwatson 1671101099Srwatson subj = SLOT(&cred->cr_label); 1672101099Srwatson obj = SLOT(dlabel); 1673101099Srwatson 1674101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1675101099Srwatson return (EACCES); 1676101099Srwatson 1677101099Srwatson obj = SLOT(label); 1678101099Srwatson 1679101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1680101099Srwatson return (EACCES); 1681101099Srwatson 1682101099Srwatson return (0); 1683101099Srwatson} 1684101099Srwatson 1685101099Srwatsonstatic int 1686101099Srwatsonmac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1687101099Srwatson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 1688101099Srwatson struct componentname *cnp) 1689101099Srwatson{ 1690101099Srwatson struct mac_biba *subj, *obj; 1691101099Srwatson 1692101099Srwatson if (!mac_biba_enabled) 1693101099Srwatson return (0); 1694101099Srwatson 1695101099Srwatson subj = SLOT(&cred->cr_label); 1696101099Srwatson obj = SLOT(dlabel); 1697101099Srwatson 1698101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1699101099Srwatson return (EACCES); 1700101099Srwatson 1701101099Srwatson if (vp != NULL) { 1702101099Srwatson obj = SLOT(label); 1703101099Srwatson 1704101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1705101099Srwatson return (EACCES); 1706101099Srwatson } 1707101099Srwatson 1708101099Srwatson return (0); 1709101099Srwatson} 1710101099Srwatson 1711101099Srwatsonstatic int 1712101099Srwatsonmac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1713101099Srwatson struct label *label) 1714101099Srwatson{ 1715101099Srwatson struct mac_biba *subj, *obj; 1716101099Srwatson 1717101099Srwatson if (!mac_biba_enabled) 1718101099Srwatson return (0); 1719101099Srwatson 1720101099Srwatson subj = SLOT(&cred->cr_label); 1721101099Srwatson obj = SLOT(label); 1722101099Srwatson 1723101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1724101099Srwatson return (EACCES); 1725101099Srwatson 1726101099Srwatson return (0); 1727101099Srwatson} 1728101099Srwatson 1729101099Srwatsonstatic int 1730101099Srwatsonmac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1731101099Srwatson struct label *label, acl_type_t type, struct acl *acl) 1732101099Srwatson{ 1733101099Srwatson struct mac_biba *subj, *obj; 1734101099Srwatson 1735101099Srwatson if (!mac_biba_enabled) 1736101099Srwatson return (0); 1737101099Srwatson 1738101099Srwatson subj = SLOT(&cred->cr_label); 1739101099Srwatson obj = SLOT(label); 1740101099Srwatson 1741101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1742101099Srwatson return (EACCES); 1743101099Srwatson 1744101099Srwatson return (0); 1745101099Srwatson} 1746101099Srwatson 1747101099Srwatsonstatic int 1748101099Srwatsonmac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1749101099Srwatson struct label *vnodelabel, int attrnamespace, const char *name, 1750101099Srwatson struct uio *uio) 1751101099Srwatson{ 1752101099Srwatson struct mac_biba *subj, *obj; 1753101099Srwatson 1754101099Srwatson if (!mac_biba_enabled) 1755101099Srwatson return (0); 1756101099Srwatson 1757101099Srwatson subj = SLOT(&cred->cr_label); 1758101099Srwatson obj = SLOT(vnodelabel); 1759101099Srwatson 1760101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1761101099Srwatson return (EACCES); 1762101099Srwatson 1763101099Srwatson /* XXX: protect the MAC EA in a special way? */ 1764101099Srwatson 1765101099Srwatson return (0); 1766101099Srwatson} 1767101099Srwatson 1768101099Srwatsonstatic int 1769101099Srwatsonmac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1770101099Srwatson struct label *vnodelabel, u_long flags) 1771101099Srwatson{ 1772101099Srwatson struct mac_biba *subj, *obj; 1773101099Srwatson 1774101099Srwatson if (!mac_biba_enabled) 1775101099Srwatson return (0); 1776101099Srwatson 1777101099Srwatson subj = SLOT(&cred->cr_label); 1778101099Srwatson obj = SLOT(vnodelabel); 1779101099Srwatson 1780101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1781101099Srwatson return (EACCES); 1782101099Srwatson 1783101099Srwatson return (0); 1784101099Srwatson} 1785101099Srwatson 1786101099Srwatsonstatic int 1787101099Srwatsonmac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1788101099Srwatson struct label *vnodelabel, mode_t mode) 1789101099Srwatson{ 1790101099Srwatson struct mac_biba *subj, *obj; 1791101099Srwatson 1792101099Srwatson if (!mac_biba_enabled) 1793101099Srwatson return (0); 1794101099Srwatson 1795101099Srwatson subj = SLOT(&cred->cr_label); 1796101099Srwatson obj = SLOT(vnodelabel); 1797101099Srwatson 1798101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1799101099Srwatson return (EACCES); 1800101099Srwatson 1801101099Srwatson return (0); 1802101099Srwatson} 1803101099Srwatson 1804101099Srwatsonstatic int 1805101099Srwatsonmac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1806101099Srwatson struct label *vnodelabel, uid_t uid, gid_t gid) 1807101099Srwatson{ 1808101099Srwatson struct mac_biba *subj, *obj; 1809101099Srwatson 1810101099Srwatson if (!mac_biba_enabled) 1811101099Srwatson return (0); 1812101099Srwatson 1813101099Srwatson subj = SLOT(&cred->cr_label); 1814101099Srwatson obj = SLOT(vnodelabel); 1815101099Srwatson 1816101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1817101099Srwatson return (EACCES); 1818101099Srwatson 1819101099Srwatson return (0); 1820101099Srwatson} 1821101099Srwatson 1822101099Srwatsonstatic int 1823101099Srwatsonmac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1824101099Srwatson struct label *vnodelabel, struct timespec atime, struct timespec mtime) 1825101099Srwatson{ 1826101099Srwatson struct mac_biba *subj, *obj; 1827101099Srwatson 1828101099Srwatson if (!mac_biba_enabled) 1829101099Srwatson return (0); 1830101099Srwatson 1831101099Srwatson subj = SLOT(&cred->cr_label); 1832101099Srwatson obj = SLOT(vnodelabel); 1833101099Srwatson 1834101099Srwatson if (!mac_biba_dominate_single(subj, obj)) 1835101099Srwatson return (EACCES); 1836101099Srwatson 1837101099Srwatson return (0); 1838101099Srwatson} 1839101099Srwatson 1840101099Srwatsonstatic int 1841102129Srwatsonmac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1842102129Srwatson struct vnode *vp, struct label *vnodelabel) 1843101099Srwatson{ 1844101099Srwatson struct mac_biba *subj, *obj; 1845101099Srwatson 1846101099Srwatson if (!mac_biba_enabled) 1847101099Srwatson return (0); 1848101099Srwatson 1849102129Srwatson subj = SLOT(&active_cred->cr_label); 1850101099Srwatson obj = SLOT(vnodelabel); 1851101099Srwatson 1852101099Srwatson if (!mac_biba_dominate_single(obj, subj)) 1853101099Srwatson return (EACCES); 1854101099Srwatson 1855101099Srwatson return (0); 1856101099Srwatson} 1857101099Srwatson 1858102112Srwatsonstatic int 1859102129Srwatsonmac_biba_check_vnode_write(struct ucred *active_cred, 1860102129Srwatson struct ucred *file_cred, struct vnode *vp, struct label *label) 1861102112Srwatson{ 1862102112Srwatson struct mac_biba *subj, *obj; 1863102112Srwatson 1864102112Srwatson if (!mac_biba_enabled || !mac_biba_revocation_enabled) 1865102112Srwatson return (0); 1866102112Srwatson 1867102129Srwatson subj = SLOT(&active_cred->cr_label); 1868102112Srwatson obj = SLOT(label); 1869102112Srwatson 1870102112Srwatson if (!mac_biba_dominate_single(subj, obj)) 1871102112Srwatson return (EACCES); 1872102112Srwatson 1873102112Srwatson return (0); 1874102112Srwatson} 1875102112Srwatson 1876101099Srwatsonstatic vm_prot_t 1877101099Srwatsonmac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp, 1878101099Srwatson struct label *label, int newmapping) 1879101099Srwatson{ 1880101099Srwatson struct mac_biba *subj, *obj; 1881101099Srwatson vm_prot_t prot = 0; 1882101099Srwatson 1883101099Srwatson if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping)) 1884101099Srwatson return (VM_PROT_ALL); 1885101099Srwatson 1886101099Srwatson subj = SLOT(&cred->cr_label); 1887101099Srwatson obj = SLOT(label); 1888101099Srwatson 1889101099Srwatson if (mac_biba_dominate_single(obj, subj)) 1890101099Srwatson prot |= VM_PROT_READ | VM_PROT_EXECUTE; 1891101099Srwatson if (mac_biba_dominate_single(subj, obj)) 1892101099Srwatson prot |= VM_PROT_WRITE; 1893101099Srwatson return (prot); 1894101099Srwatson} 1895101099Srwatson 1896101099Srwatsonstatic struct mac_policy_op_entry mac_biba_ops[] = 1897101099Srwatson{ 1898101099Srwatson { MAC_DESTROY, 1899101099Srwatson (macop_t)mac_biba_destroy }, 1900101099Srwatson { MAC_INIT, 1901101099Srwatson (macop_t)mac_biba_init }, 1902104514Srwatson { MAC_INIT_BPFDESC_LABEL, 1903104514Srwatson (macop_t)mac_biba_init_label }, 1904104514Srwatson { MAC_INIT_CRED_LABEL, 1905104514Srwatson (macop_t)mac_biba_init_label }, 1906104514Srwatson { MAC_INIT_DEVFSDIRENT_LABEL, 1907104514Srwatson (macop_t)mac_biba_init_label }, 1908104514Srwatson { MAC_INIT_IFNET_LABEL, 1909104514Srwatson (macop_t)mac_biba_init_label }, 1910104514Srwatson { MAC_INIT_IPQ_LABEL, 1911104514Srwatson (macop_t)mac_biba_init_label }, 1912104514Srwatson { MAC_INIT_MBUF_LABEL, 1913104514Srwatson (macop_t)mac_biba_init_label_waitcheck }, 1914104514Srwatson { MAC_INIT_MOUNT_LABEL, 1915104514Srwatson (macop_t)mac_biba_init_label }, 1916104514Srwatson { MAC_INIT_MOUNT_FS_LABEL, 1917104514Srwatson (macop_t)mac_biba_init_label }, 1918104514Srwatson { MAC_INIT_PIPE_LABEL, 1919104514Srwatson (macop_t)mac_biba_init_label }, 1920104514Srwatson { MAC_INIT_SOCKET_LABEL, 1921104514Srwatson (macop_t)mac_biba_init_label }, 1922104514Srwatson { MAC_INIT_SOCKET_PEER_LABEL, 1923104514Srwatson (macop_t)mac_biba_init_label }, 1924104514Srwatson { MAC_INIT_TEMP_LABEL, 1925104514Srwatson (macop_t)mac_biba_init_label }, 1926104514Srwatson { MAC_INIT_VNODE_LABEL, 1927104514Srwatson (macop_t)mac_biba_init_label }, 1928104514Srwatson { MAC_DESTROY_BPFDESC_LABEL, 1929104514Srwatson (macop_t)mac_biba_destroy_label }, 1930104514Srwatson { MAC_DESTROY_CRED_LABEL, 1931104514Srwatson (macop_t)mac_biba_destroy_label }, 1932104514Srwatson { MAC_DESTROY_DEVFSDIRENT_LABEL, 1933104514Srwatson (macop_t)mac_biba_destroy_label }, 1934104514Srwatson { MAC_DESTROY_IFNET_LABEL, 1935104514Srwatson (macop_t)mac_biba_destroy_label }, 1936104514Srwatson { MAC_DESTROY_IPQ_LABEL, 1937104514Srwatson (macop_t)mac_biba_destroy_label }, 1938104514Srwatson { MAC_DESTROY_MBUF_LABEL, 1939104514Srwatson (macop_t)mac_biba_destroy_label }, 1940104514Srwatson { MAC_DESTROY_MOUNT_LABEL, 1941104514Srwatson (macop_t)mac_biba_destroy_label }, 1942104514Srwatson { MAC_DESTROY_MOUNT_FS_LABEL, 1943104514Srwatson (macop_t)mac_biba_destroy_label }, 1944104514Srwatson { MAC_DESTROY_PIPE_LABEL, 1945104514Srwatson (macop_t)mac_biba_destroy_label }, 1946104514Srwatson { MAC_DESTROY_SOCKET_LABEL, 1947104514Srwatson (macop_t)mac_biba_destroy_label }, 1948104514Srwatson { MAC_DESTROY_SOCKET_PEER_LABEL, 1949104514Srwatson (macop_t)mac_biba_destroy_label }, 1950104514Srwatson { MAC_DESTROY_TEMP_LABEL, 1951104514Srwatson (macop_t)mac_biba_destroy_label }, 1952104514Srwatson { MAC_DESTROY_VNODE_LABEL, 1953104514Srwatson (macop_t)mac_biba_destroy_label }, 1954101099Srwatson { MAC_EXTERNALIZE, 1955101099Srwatson (macop_t)mac_biba_externalize }, 1956101099Srwatson { MAC_INTERNALIZE, 1957101099Srwatson (macop_t)mac_biba_internalize }, 1958101099Srwatson { MAC_CREATE_DEVFS_DEVICE, 1959101099Srwatson (macop_t)mac_biba_create_devfs_device }, 1960101099Srwatson { MAC_CREATE_DEVFS_DIRECTORY, 1961101099Srwatson (macop_t)mac_biba_create_devfs_directory }, 1962101099Srwatson { MAC_CREATE_DEVFS_VNODE, 1963101099Srwatson (macop_t)mac_biba_create_devfs_vnode }, 1964101099Srwatson { MAC_CREATE_VNODE, 1965101099Srwatson (macop_t)mac_biba_create_vnode }, 1966101099Srwatson { MAC_CREATE_MOUNT, 1967101099Srwatson (macop_t)mac_biba_create_mount }, 1968101099Srwatson { MAC_CREATE_ROOT_MOUNT, 1969101099Srwatson (macop_t)mac_biba_create_root_mount }, 1970101099Srwatson { MAC_RELABEL_VNODE, 1971101099Srwatson (macop_t)mac_biba_relabel_vnode }, 1972101099Srwatson { MAC_UPDATE_DEVFSDIRENT, 1973101099Srwatson (macop_t)mac_biba_update_devfsdirent }, 1974101099Srwatson { MAC_UPDATE_PROCFSVNODE, 1975101099Srwatson (macop_t)mac_biba_update_procfsvnode }, 1976101099Srwatson { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1977101099Srwatson (macop_t)mac_biba_update_vnode_from_externalized }, 1978101099Srwatson { MAC_UPDATE_VNODE_FROM_MOUNT, 1979101099Srwatson (macop_t)mac_biba_update_vnode_from_mount }, 1980101099Srwatson { MAC_CREATE_MBUF_FROM_SOCKET, 1981101099Srwatson (macop_t)mac_biba_create_mbuf_from_socket }, 1982101099Srwatson { MAC_CREATE_PIPE, 1983101099Srwatson (macop_t)mac_biba_create_pipe }, 1984101099Srwatson { MAC_CREATE_SOCKET, 1985101099Srwatson (macop_t)mac_biba_create_socket }, 1986101099Srwatson { MAC_CREATE_SOCKET_FROM_SOCKET, 1987101099Srwatson (macop_t)mac_biba_create_socket_from_socket }, 1988101099Srwatson { MAC_RELABEL_PIPE, 1989101099Srwatson (macop_t)mac_biba_relabel_pipe }, 1990101099Srwatson { MAC_RELABEL_SOCKET, 1991101099Srwatson (macop_t)mac_biba_relabel_socket }, 1992101099Srwatson { MAC_SET_SOCKET_PEER_FROM_MBUF, 1993101099Srwatson (macop_t)mac_biba_set_socket_peer_from_mbuf }, 1994101099Srwatson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1995101099Srwatson (macop_t)mac_biba_set_socket_peer_from_socket }, 1996101099Srwatson { MAC_CREATE_BPFDESC, 1997101099Srwatson (macop_t)mac_biba_create_bpfdesc }, 1998101099Srwatson { MAC_CREATE_DATAGRAM_FROM_IPQ, 1999101099Srwatson (macop_t)mac_biba_create_datagram_from_ipq }, 2000101099Srwatson { MAC_CREATE_FRAGMENT, 2001101099Srwatson (macop_t)mac_biba_create_fragment }, 2002101099Srwatson { MAC_CREATE_IFNET, 2003101099Srwatson (macop_t)mac_biba_create_ifnet }, 2004101099Srwatson { MAC_CREATE_IPQ, 2005101099Srwatson (macop_t)mac_biba_create_ipq }, 2006101099Srwatson { MAC_CREATE_MBUF_FROM_MBUF, 2007101099Srwatson (macop_t)mac_biba_create_mbuf_from_mbuf }, 2008101099Srwatson { MAC_CREATE_MBUF_LINKLAYER, 2009101099Srwatson (macop_t)mac_biba_create_mbuf_linklayer }, 2010101099Srwatson { MAC_CREATE_MBUF_FROM_BPFDESC, 2011101099Srwatson (macop_t)mac_biba_create_mbuf_from_bpfdesc }, 2012101099Srwatson { MAC_CREATE_MBUF_FROM_IFNET, 2013101099Srwatson (macop_t)mac_biba_create_mbuf_from_ifnet }, 2014101099Srwatson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 2015101099Srwatson (macop_t)mac_biba_create_mbuf_multicast_encap }, 2016101099Srwatson { MAC_CREATE_MBUF_NETLAYER, 2017101099Srwatson (macop_t)mac_biba_create_mbuf_netlayer }, 2018101099Srwatson { MAC_FRAGMENT_MATCH, 2019101099Srwatson (macop_t)mac_biba_fragment_match }, 2020101099Srwatson { MAC_RELABEL_IFNET, 2021101099Srwatson (macop_t)mac_biba_relabel_ifnet }, 2022101099Srwatson { MAC_UPDATE_IPQ, 2023101099Srwatson (macop_t)mac_biba_update_ipq }, 2024101099Srwatson { MAC_CREATE_CRED, 2025101099Srwatson (macop_t)mac_biba_create_cred }, 2026101099Srwatson { MAC_EXECVE_TRANSITION, 2027101099Srwatson (macop_t)mac_biba_execve_transition }, 2028101099Srwatson { MAC_EXECVE_WILL_TRANSITION, 2029101099Srwatson (macop_t)mac_biba_execve_will_transition }, 2030101099Srwatson { MAC_CREATE_PROC0, 2031101099Srwatson (macop_t)mac_biba_create_proc0 }, 2032101099Srwatson { MAC_CREATE_PROC1, 2033101099Srwatson (macop_t)mac_biba_create_proc1 }, 2034101099Srwatson { MAC_RELABEL_CRED, 2035101099Srwatson (macop_t)mac_biba_relabel_cred }, 2036101099Srwatson { MAC_CHECK_BPFDESC_RECEIVE, 2037101099Srwatson (macop_t)mac_biba_check_bpfdesc_receive }, 2038101099Srwatson { MAC_CHECK_CRED_RELABEL, 2039101099Srwatson (macop_t)mac_biba_check_cred_relabel }, 2040101099Srwatson { MAC_CHECK_CRED_VISIBLE, 2041101099Srwatson (macop_t)mac_biba_check_cred_visible }, 2042101099Srwatson { MAC_CHECK_IFNET_RELABEL, 2043101099Srwatson (macop_t)mac_biba_check_ifnet_relabel }, 2044101099Srwatson { MAC_CHECK_IFNET_TRANSMIT, 2045101099Srwatson (macop_t)mac_biba_check_ifnet_transmit }, 2046101099Srwatson { MAC_CHECK_MOUNT_STAT, 2047101099Srwatson (macop_t)mac_biba_check_mount_stat }, 2048101099Srwatson { MAC_CHECK_PIPE_IOCTL, 2049101099Srwatson (macop_t)mac_biba_check_pipe_ioctl }, 2050102115Srwatson { MAC_CHECK_PIPE_POLL, 2051102115Srwatson (macop_t)mac_biba_check_pipe_poll }, 2052102115Srwatson { MAC_CHECK_PIPE_READ, 2053102115Srwatson (macop_t)mac_biba_check_pipe_read }, 2054101099Srwatson { MAC_CHECK_PIPE_RELABEL, 2055101099Srwatson (macop_t)mac_biba_check_pipe_relabel }, 2056102115Srwatson { MAC_CHECK_PIPE_STAT, 2057102115Srwatson (macop_t)mac_biba_check_pipe_stat }, 2058102115Srwatson { MAC_CHECK_PIPE_WRITE, 2059102115Srwatson (macop_t)mac_biba_check_pipe_write }, 2060101099Srwatson { MAC_CHECK_PROC_DEBUG, 2061101099Srwatson (macop_t)mac_biba_check_proc_debug }, 2062101099Srwatson { MAC_CHECK_PROC_SCHED, 2063101099Srwatson (macop_t)mac_biba_check_proc_sched }, 2064101099Srwatson { MAC_CHECK_PROC_SIGNAL, 2065101099Srwatson (macop_t)mac_biba_check_proc_signal }, 2066101934Srwatson { MAC_CHECK_SOCKET_DELIVER, 2067101934Srwatson (macop_t)mac_biba_check_socket_deliver }, 2068101099Srwatson { MAC_CHECK_SOCKET_RELABEL, 2069101099Srwatson (macop_t)mac_biba_check_socket_relabel }, 2070101099Srwatson { MAC_CHECK_SOCKET_VISIBLE, 2071101099Srwatson (macop_t)mac_biba_check_socket_visible }, 2072101099Srwatson { MAC_CHECK_VNODE_ACCESS, 2073101099Srwatson (macop_t)mac_biba_check_vnode_access }, 2074101099Srwatson { MAC_CHECK_VNODE_CHDIR, 2075101099Srwatson (macop_t)mac_biba_check_vnode_chdir }, 2076101099Srwatson { MAC_CHECK_VNODE_CHROOT, 2077101099Srwatson (macop_t)mac_biba_check_vnode_chroot }, 2078101099Srwatson { MAC_CHECK_VNODE_CREATE, 2079101099Srwatson (macop_t)mac_biba_check_vnode_create }, 2080101099Srwatson { MAC_CHECK_VNODE_DELETE, 2081101099Srwatson (macop_t)mac_biba_check_vnode_delete }, 2082101099Srwatson { MAC_CHECK_VNODE_DELETEACL, 2083101099Srwatson (macop_t)mac_biba_check_vnode_deleteacl }, 2084101099Srwatson { MAC_CHECK_VNODE_EXEC, 2085101099Srwatson (macop_t)mac_biba_check_vnode_exec }, 2086101099Srwatson { MAC_CHECK_VNODE_GETACL, 2087101099Srwatson (macop_t)mac_biba_check_vnode_getacl }, 2088101099Srwatson { MAC_CHECK_VNODE_GETEXTATTR, 2089101099Srwatson (macop_t)mac_biba_check_vnode_getextattr }, 2090101099Srwatson { MAC_CHECK_VNODE_LOOKUP, 2091101099Srwatson (macop_t)mac_biba_check_vnode_lookup }, 2092101099Srwatson { MAC_CHECK_VNODE_OPEN, 2093101099Srwatson (macop_t)mac_biba_check_vnode_open }, 2094102112Srwatson { MAC_CHECK_VNODE_POLL, 2095102112Srwatson (macop_t)mac_biba_check_vnode_poll }, 2096102112Srwatson { MAC_CHECK_VNODE_READ, 2097102112Srwatson (macop_t)mac_biba_check_vnode_read }, 2098101099Srwatson { MAC_CHECK_VNODE_READDIR, 2099101099Srwatson (macop_t)mac_biba_check_vnode_readdir }, 2100101099Srwatson { MAC_CHECK_VNODE_READLINK, 2101101099Srwatson (macop_t)mac_biba_check_vnode_readlink }, 2102101099Srwatson { MAC_CHECK_VNODE_RELABEL, 2103101099Srwatson (macop_t)mac_biba_check_vnode_relabel }, 2104101099Srwatson { MAC_CHECK_VNODE_RENAME_FROM, 2105101099Srwatson (macop_t)mac_biba_check_vnode_rename_from }, 2106101099Srwatson { MAC_CHECK_VNODE_RENAME_TO, 2107101099Srwatson (macop_t)mac_biba_check_vnode_rename_to }, 2108101099Srwatson { MAC_CHECK_VNODE_REVOKE, 2109101099Srwatson (macop_t)mac_biba_check_vnode_revoke }, 2110101099Srwatson { MAC_CHECK_VNODE_SETACL, 2111101099Srwatson (macop_t)mac_biba_check_vnode_setacl }, 2112101099Srwatson { MAC_CHECK_VNODE_SETEXTATTR, 2113101099Srwatson (macop_t)mac_biba_check_vnode_setextattr }, 2114101099Srwatson { MAC_CHECK_VNODE_SETFLAGS, 2115101099Srwatson (macop_t)mac_biba_check_vnode_setflags }, 2116101099Srwatson { MAC_CHECK_VNODE_SETMODE, 2117101099Srwatson (macop_t)mac_biba_check_vnode_setmode }, 2118101099Srwatson { MAC_CHECK_VNODE_SETOWNER, 2119101099Srwatson (macop_t)mac_biba_check_vnode_setowner }, 2120101099Srwatson { MAC_CHECK_VNODE_SETUTIMES, 2121101099Srwatson (macop_t)mac_biba_check_vnode_setutimes }, 2122101099Srwatson { MAC_CHECK_VNODE_STAT, 2123101099Srwatson (macop_t)mac_biba_check_vnode_stat }, 2124102112Srwatson { MAC_CHECK_VNODE_WRITE, 2125102112Srwatson (macop_t)mac_biba_check_vnode_write }, 2126101099Srwatson { MAC_CHECK_VNODE_MMAP_PERMS, 2127101099Srwatson (macop_t)mac_biba_check_vnode_mmap_perms }, 2128101099Srwatson { MAC_OP_LAST, NULL } 2129101099Srwatson}; 2130101099Srwatson 2131101099SrwatsonMAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 2132101099Srwatson MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot); 2133