1/*- 2 * Copyright (c) 2002, 2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2006 SPARTA, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project in part by Network 7 * Associates Laboratories, the Security Research Division of Network 8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 9 * as part of the DARPA CHATS research program. 10 * 11 * This software was enhanced by SPARTA ISSO under SPAWAR contract 12 * N66001-04-C-6019 ("SEFOS"). 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <sys/param.h> 37#include <sys/kernel.h> 38#include <sys/lock.h> 39#include <sys/malloc.h> 40#include <sys/proc.h> 41#include <sys/sbuf.h> 42#include <sys/systm.h> 43#include <sys/vnode.h> 44#include <sys/vnode_internal.h> 45#include <sys/file.h> 46#include <sys/file_internal.h> 47 48#include <security/mac_internal.h> 49 50 51static struct label * 52mac_file_label_alloc(void) 53{ 54 struct label *label; 55 56 label = mac_labelzone_alloc(MAC_WAITOK); 57 if (label == NULL) 58 return (NULL); 59 MAC_PERFORM(file_label_init, label); 60 return (label); 61} 62 63void 64mac_file_label_init(struct fileglob *fg) 65{ 66 67 fg->fg_label = mac_file_label_alloc(); 68} 69 70static void 71mac_file_label_free(struct label *label) 72{ 73 74 MAC_PERFORM(file_label_destroy, label); 75 mac_labelzone_free(label); 76} 77 78void 79mac_file_label_associate(struct ucred *cred, struct fileglob *fg) 80{ 81 82 MAC_PERFORM(file_label_associate, cred, fg, fg->fg_label); 83} 84 85void 86mac_file_label_destroy(struct fileglob *fg) 87{ 88 89 mac_file_label_free(fg->fg_label); 90 fg->fg_label = NULL; 91} 92 93int 94mac_file_check_create(struct ucred *cred) 95{ 96 int error; 97 98 MAC_CHECK(file_check_create, cred); 99 return (error); 100} 101 102int 103mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd) 104{ 105 int error; 106 107 MAC_CHECK(file_check_dup, cred, fg, fg->fg_label, newfd); 108 return (error); 109} 110 111int 112mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd, 113 user_long_t arg) 114{ 115 int error; 116 117 MAC_CHECK(file_check_fcntl, cred, fg, fg->fg_label, cmd, arg); 118 return (error); 119} 120 121int 122mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_int cmd) 123{ 124 int error; 125 126 MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd); 127 return (error); 128} 129 130int 131mac_file_check_inherit(struct ucred *cred, struct fileglob *fg) 132{ 133 int error; 134 135 MAC_CHECK(file_check_inherit, cred, fg, fg->fg_label); 136 return (error); 137} 138 139int 140mac_file_check_receive(struct ucred *cred, struct fileglob *fg) 141{ 142 int error; 143 144 MAC_CHECK(file_check_receive, cred, fg, fg->fg_label); 145 return (error); 146} 147 148int 149mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg) 150{ 151 int error; 152 153 MAC_CHECK(file_check_get_offset, cred, fg, fg->fg_label); 154 return (error); 155} 156 157int 158mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg) 159{ 160 int error; 161 162 MAC_CHECK(file_check_change_offset, cred, fg, fg->fg_label); 163 return (error); 164} 165 166int 167mac_file_check_get(struct ucred *cred, struct fileglob *fg, char *elements, 168 int len) 169{ 170 int error; 171 172 MAC_CHECK(file_check_get, cred, fg, elements, len); 173 return (error); 174} 175 176int 177mac_file_check_set(struct ucred *cred, struct fileglob *fg, char *buf, 178 int buflen) 179{ 180 int error; 181 182 MAC_CHECK(file_check_set, cred, fg, buf, buflen); 183 return (error); 184} 185 186int 187mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op, 188 struct flock *fl) 189{ 190 int error; 191 192 MAC_CHECK(file_check_lock, cred, fg, fg->fg_label, op, fl); 193 return (error); 194} 195 196/* 197 * On some platforms, VM_PROT_READ implies VM_PROT_EXECUTE. If that is true, 198 * both prot and maxprot will have VM_PROT_EXECUTE set after file_check_mmap 199 * if VM_PROT_READ is set. 200 * 201 * The type of maxprot in file_check_mmap must be equivalent to vm_prot_t * 202 * (defined in <mach/vm_prot.h>). mac_policy.h does not include any header 203 * files, so cannot use the typedef itself. 204 */ 205int 206mac_file_check_mmap(struct ucred *cred, struct fileglob *fg, int prot, 207 int flags, int *maxprot) 208{ 209 int error; 210 int maxp; 211 212 maxp = *maxprot; 213 MAC_CHECK(file_check_mmap, cred, fg, fg->fg_label, prot, flags, &maxp); 214 if ((maxp | *maxprot) != *maxprot) 215 panic("file_check_mmap increased max protections"); 216 *maxprot = maxp; 217 return (error); 218} 219 220void 221mac_file_check_mmap_downgrade(struct ucred *cred, struct fileglob *fg, 222 int *prot) 223{ 224 int result = *prot; 225 226 MAC_PERFORM(file_check_mmap_downgrade, cred, fg, fg->fg_label, 227 &result); 228 229 *prot = result; 230} 231