1137817Srwatson/*-
2137817Srwatson * Copyright (c) 2003-2004 Networks Associates Technology, Inc.
3172930Srwatson * Copyright (c) 2006 SPARTA, Inc.
4189503Srwatson * Copyright (c) 2009 Robert N. M. Watson
5137817Srwatson * All rights reserved.
6137817Srwatson *
7137817Srwatson * This software was developed for the FreeBSD Project in part by Network
8137817Srwatson * Associates Laboratories, the Security Research Division of Network
9137817Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
10137817Srwatson * as part of the DARPA CHATS research program.
11137817Srwatson *
12172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract
13172930Srwatson * N66001-04-C-6019 ("SEFOS").
14172930Srwatson *
15189503Srwatson * This software was developed at the University of Cambridge Computer
16189503Srwatson * Laboratory with support from a grant from Google, Inc.
17189503Srwatson *
18137817Srwatson * Redistribution and use in source and binary forms, with or without
19137817Srwatson * modification, are permitted provided that the following conditions
20137817Srwatson * are met:
21137817Srwatson * 1. Redistributions of source code must retain the above copyright
22137817Srwatson *    notice, this list of conditions and the following disclaimer.
23137817Srwatson * 2. Redistributions in binary form must reproduce the above copyright
24137817Srwatson *    notice, this list of conditions and the following disclaimer in the
25137817Srwatson *    documentation and/or other materials provided with the distribution.
26137817Srwatson *
27137817Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28137817Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29137817Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30137817Srwatson * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31137817Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32137817Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33137817Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34137817Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35137817Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36137817Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37137817Srwatson * SUCH DAMAGE.
38137817Srwatson */
39137817Srwatson
40137817Srwatson#include <sys/cdefs.h>
41137817Srwatson__FBSDID("$FreeBSD$");
42137817Srwatson
43189503Srwatson#include "opt_kdtrace.h"
44137817Srwatson#include "opt_mac.h"
45137817Srwatson
46137817Srwatson#include <sys/param.h>
47137817Srwatson#include <sys/kernel.h>
48137817Srwatson#include <sys/lock.h>
49137817Srwatson#include <sys/malloc.h>
50137817Srwatson#include <sys/mutex.h>
51137817Srwatson#include <sys/sbuf.h>
52137817Srwatson#include <sys/systm.h>
53137817Srwatson#include <sys/vnode.h>
54137817Srwatson#include <sys/mount.h>
55137817Srwatson#include <sys/file.h>
56137817Srwatson#include <sys/namei.h>
57189503Srwatson#include <sys/sdt.h>
58137817Srwatson#include <sys/sysctl.h>
59137817Srwatson#include <sys/shm.h>
60137817Srwatson
61163606Srwatson#include <security/mac/mac_framework.h>
62137817Srwatson#include <security/mac/mac_internal.h>
63165469Srwatson#include <security/mac/mac_policy.h>
64137817Srwatson
65137817Srwatsonstatic struct label *
66137817Srwatsonmac_sysv_shm_label_alloc(void)
67137817Srwatson{
68137817Srwatson	struct label *label;
69137817Srwatson
70137817Srwatson	label = mac_labelzone_alloc(M_WAITOK);
71191731Srwatson	MAC_POLICY_PERFORM(sysvshm_init_label, label);
72137817Srwatson	return (label);
73137817Srwatson}
74137817Srwatson
75137817Srwatsonvoid
76172930Srwatsonmac_sysvshm_init(struct shmid_kernel *shmsegptr)
77137817Srwatson{
78137817Srwatson
79182063Srwatson	if (mac_labeled & MPC_OBJECT_SYSVSHM)
80182063Srwatson		shmsegptr->label = mac_sysv_shm_label_alloc();
81182063Srwatson	else
82182063Srwatson		shmsegptr->label = NULL;
83137817Srwatson}
84137817Srwatson
85137817Srwatsonstatic void
86137817Srwatsonmac_sysv_shm_label_free(struct label *label)
87137817Srwatson{
88137817Srwatson
89191731Srwatson	MAC_POLICY_PERFORM_NOSLEEP(sysvshm_destroy_label, label);
90137817Srwatson	mac_labelzone_free(label);
91137817Srwatson}
92137817Srwatson
93137817Srwatsonvoid
94172930Srwatsonmac_sysvshm_destroy(struct shmid_kernel *shmsegptr)
95137817Srwatson{
96137817Srwatson
97182063Srwatson	if (shmsegptr->label != NULL) {
98182063Srwatson		mac_sysv_shm_label_free(shmsegptr->label);
99182063Srwatson		shmsegptr->label = NULL;
100182063Srwatson	}
101137817Srwatson}
102137817Srwatson
103137817Srwatsonvoid
104172930Srwatsonmac_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr)
105137817Srwatson{
106137817Srwatson
107191731Srwatson	MAC_POLICY_PERFORM_NOSLEEP(sysvshm_create, cred, shmsegptr,
108189797Srwatson	    shmsegptr->label);
109137817Srwatson}
110137817Srwatson
111137817Srwatsonvoid
112172930Srwatsonmac_sysvshm_cleanup(struct shmid_kernel *shmsegptr)
113137817Srwatson{
114137817Srwatson
115191731Srwatson	MAC_POLICY_PERFORM_NOSLEEP(sysvshm_cleanup, shmsegptr->label);
116137817Srwatson}
117137817Srwatson
118189503SrwatsonMAC_CHECK_PROBE_DEFINE3(sysvshm_check_shmat, "struct ucred *",
119189503Srwatson    "struct shmid_kernel *", "int");
120189503Srwatson
121137817Srwatsonint
122172930Srwatsonmac_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
123137817Srwatson    int shmflg)
124137817Srwatson{
125137817Srwatson	int error;
126137817Srwatson
127191731Srwatson	MAC_POLICY_CHECK_NOSLEEP(sysvshm_check_shmat, cred, shmsegptr,
128189797Srwatson	    shmsegptr->label, shmflg);
129189503Srwatson	MAC_CHECK_PROBE3(sysvshm_check_shmat, error, cred, shmsegptr,
130189503Srwatson	    shmflg);
131137817Srwatson
132165434Srwatson	return (error);
133137817Srwatson}
134137817Srwatson
135189503SrwatsonMAC_CHECK_PROBE_DEFINE3(sysvshm_check_shmctl, "struct ucred *",
136189503Srwatson    "struct shmid_kernel *", "int");
137189503Srwatson
138137817Srwatsonint
139172930Srwatsonmac_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
140137817Srwatson    int cmd)
141137817Srwatson{
142137817Srwatson	int error;
143137817Srwatson
144191731Srwatson	MAC_POLICY_CHECK_NOSLEEP(sysvshm_check_shmctl, cred, shmsegptr,
145189797Srwatson	    shmsegptr->label, cmd);
146189503Srwatson	MAC_CHECK_PROBE3(sysvshm_check_shmctl, error, cred, shmsegptr, cmd);
147137817Srwatson
148165434Srwatson	return (error);
149137817Srwatson}
150137817Srwatson
151189503SrwatsonMAC_CHECK_PROBE_DEFINE2(sysvshm_check_shmdt, "struct ucred *",
152189503Srwatson    "struct shmid *");
153189503Srwatson
154137817Srwatsonint
155172930Srwatsonmac_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr)
156137817Srwatson{
157137817Srwatson	int error;
158137817Srwatson
159191731Srwatson	MAC_POLICY_CHECK_NOSLEEP(sysvshm_check_shmdt, cred, shmsegptr,
160189797Srwatson	    shmsegptr->label);
161189503Srwatson	MAC_CHECK_PROBE2(sysvshm_check_shmdt, error, cred, shmsegptr);
162137817Srwatson
163165434Srwatson	return (error);
164137817Srwatson}
165137817Srwatson
166189503SrwatsonMAC_CHECK_PROBE_DEFINE3(sysvshm_check_shmget, "struct ucred *",
167189503Srwatson    "struct shmid_kernel *", "int");
168189503Srwatson
169137817Srwatsonint
170172930Srwatsonmac_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
171137817Srwatson    int shmflg)
172137817Srwatson{
173137817Srwatson	int error;
174137817Srwatson
175191731Srwatson	MAC_POLICY_CHECK_NOSLEEP(sysvshm_check_shmget, cred, shmsegptr,
176189797Srwatson	    shmsegptr->label, shmflg);
177189503Srwatson	MAC_CHECK_PROBE3(sysvshm_check_shmget, error, cred, shmsegptr,
178189503Srwatson	    shmflg);
179137817Srwatson
180165434Srwatson	return (error);
181137817Srwatson}
182