1101099Srwatson/*- 2225344Srwatson * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3140628Srwatson * Copyright (c) 2001-2005 McAfee, Inc. 4172930Srwatson * Copyright (c) 2006 SPARTA, Inc. 5101099Srwatson * All rights reserved. 6101099Srwatson * 7101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8101099Srwatson * 9140628Srwatson * This software was developed for the FreeBSD Project in part by McAfee 10140628Srwatson * Research, the Security Research Division of McAfee, Inc. under 11140628Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12140628Srwatson * CHATS research program. 13101099Srwatson * 14172930Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 15172930Srwatson * N66001-04-C-6019 ("SEFOS"). 16172930Srwatson * 17225344Srwatson * This software was developed at the University of Cambridge Computer 18225344Srwatson * Laboratory with support from a grant from Google, Inc. 19225344Srwatson * 20101099Srwatson * Redistribution and use in source and binary forms, with or without 21101099Srwatson * modification, are permitted provided that the following conditions 22101099Srwatson * are met: 23101099Srwatson * 1. Redistributions of source code must retain the above copyright 24101099Srwatson * notice, this list of conditions and the following disclaimer. 25101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright 26101099Srwatson * notice, this list of conditions and the following disclaimer in the 27101099Srwatson * documentation and/or other materials provided with the distribution. 28101099Srwatson * 29101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 30101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 31101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 32101099Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 33101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 34101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 35101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 36101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 37101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 38101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 39101099Srwatson * SUCH DAMAGE. 40101099Srwatson * 41101099Srwatson * $FreeBSD$ 42101099Srwatson */ 43101099Srwatson 44101099Srwatson/* 45101099Srwatson * Developed by the TrustedBSD Project. 46168951Srwatson * 47101099Srwatson * Biba fixed label mandatory integrity policy. 48101099Srwatson */ 49101099Srwatson 50101099Srwatson#include <sys/param.h> 51101099Srwatson#include <sys/conf.h> 52105988Srwatson#include <sys/extattr.h> 53101099Srwatson#include <sys/kernel.h> 54164184Strhodes#include <sys/ksem.h> 55103183Sbde#include <sys/malloc.h> 56145076Scsjp#include <sys/mman.h> 57101099Srwatson#include <sys/mount.h> 58168951Srwatson#include <sys/priv.h> 59101099Srwatson#include <sys/proc.h> 60115497Srwatson#include <sys/sbuf.h> 61101099Srwatson#include <sys/systm.h> 62101099Srwatson#include <sys/sysproto.h> 63101099Srwatson#include <sys/sysent.h> 64105696Srwatson#include <sys/systm.h> 65101099Srwatson#include <sys/vnode.h> 66101099Srwatson#include <sys/file.h> 67101099Srwatson#include <sys/socket.h> 68101099Srwatson#include <sys/socketvar.h> 69101099Srwatson#include <sys/pipe.h> 70150340Sphk#include <sys/sx.h> 71101099Srwatson#include <sys/sysctl.h> 72140628Srwatson#include <sys/msg.h> 73140628Srwatson#include <sys/sem.h> 74140628Srwatson#include <sys/shm.h> 75101099Srwatson 76101099Srwatson#include <fs/devfs/devfs.h> 77101099Srwatson 78101099Srwatson#include <net/bpfdesc.h> 79101099Srwatson#include <net/if.h> 80101099Srwatson#include <net/if_types.h> 81101099Srwatson#include <net/if_var.h> 82101099Srwatson 83101099Srwatson#include <netinet/in.h> 84122875Srwatson#include <netinet/in_pcb.h> 85101099Srwatson#include <netinet/ip_var.h> 86101099Srwatson 87122879Srwatson#include <vm/uma.h> 88101099Srwatson#include <vm/vm.h> 89101099Srwatson 90165469Srwatson#include <security/mac/mac_policy.h> 91101099Srwatson#include <security/mac_biba/mac_biba.h> 92101099Srwatson 93101099SrwatsonSYSCTL_DECL(_security_mac); 94101099Srwatson 95227309Sedstatic SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0, 96101099Srwatson "TrustedBSD mac_biba policy controls"); 97101099Srwatson 98172955Srwatsonstatic int biba_label_size = sizeof(struct mac_biba); 99105988SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD, 100172955Srwatson &biba_label_size, 0, "Size of struct mac_biba"); 101105988Srwatson 102172955Srwatsonstatic int biba_enabled = 1; 103172955SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled, 104172955Srwatson 0, "Enforce MAC/Biba policy"); 105172955SrwatsonTUNABLE_INT("security.mac.biba.enabled", &biba_enabled); 106101099Srwatson 107101099Srwatsonstatic int destroyed_not_inited; 108101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, 109101099Srwatson &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); 110101099Srwatson 111101099Srwatsonstatic int trust_all_interfaces = 0; 112101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD, 113101099Srwatson &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba"); 114101099SrwatsonTUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces); 115101099Srwatson 116101099Srwatsonstatic char trusted_interfaces[128]; 117101099SrwatsonSYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD, 118101099Srwatson trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba"); 119101099SrwatsonTUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces, 120101099Srwatson sizeof(trusted_interfaces)); 121101099Srwatson 122105643Srwatsonstatic int max_compartments = MAC_BIBA_MAX_COMPARTMENTS; 123105643SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD, 124105643Srwatson &max_compartments, 0, "Maximum supported compartments"); 125105643Srwatson 126105606Srwatsonstatic int ptys_equal = 0; 127181217SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 128181217Srwatson 0, "Label pty devices as biba/equal on create"); 129105606SrwatsonTUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); 130105606Srwatson 131193371Srwatsonstatic int interfaces_equal = 1; 132153927ScsjpSYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, 133153927Scsjp &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); 134153927ScsjpTUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal); 135153927Scsjp 136105637Srwatsonstatic int revocation_enabled = 0; 137101099SrwatsonSYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, 138105637Srwatson &revocation_enabled, 0, "Revoke access to objects on relabel"); 139105637SrwatsonTUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled); 140101099Srwatson 141172955Srwatsonstatic int biba_slot; 142172955Srwatson#define SLOT(l) ((struct mac_biba *)mac_label_get((l), biba_slot)) 143172955Srwatson#define SLOT_SET(l, val) mac_label_set((l), biba_slot, (uintptr_t)(val)) 144101099Srwatson 145122879Srwatsonstatic uma_zone_t zone_biba; 146101099Srwatson 147105643Srwatsonstatic __inline int 148105643Srwatsonbiba_bit_set_empty(u_char *set) { 149105643Srwatson int i; 150105643Srwatson 151105643Srwatson for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++) 152105643Srwatson if (set[i] != 0) 153105643Srwatson return (0); 154105643Srwatson return (1); 155105643Srwatson} 156105643Srwatson 157101099Srwatsonstatic struct mac_biba * 158104514Srwatsonbiba_alloc(int flag) 159101099Srwatson{ 160101099Srwatson 161122879Srwatson return (uma_zalloc(zone_biba, flag | M_ZERO)); 162101099Srwatson} 163101099Srwatson 164101099Srwatsonstatic void 165172955Srwatsonbiba_free(struct mac_biba *mb) 166101099Srwatson{ 167101099Srwatson 168172955Srwatson if (mb != NULL) 169172955Srwatson uma_zfree(zone_biba, mb); 170101099Srwatson else 171101099Srwatson atomic_add_int(&destroyed_not_inited, 1); 172101099Srwatson} 173101099Srwatson 174101099Srwatsonstatic int 175172955Srwatsonbiba_atmostflags(struct mac_biba *mb, int flags) 176105634Srwatson{ 177105634Srwatson 178172955Srwatson if ((mb->mb_flags & flags) != mb->mb_flags) 179105634Srwatson return (EINVAL); 180105634Srwatson return (0); 181105634Srwatson} 182105634Srwatson 183105634Srwatsonstatic int 184172955Srwatsonbiba_dominate_element(struct mac_biba_element *a, struct mac_biba_element *b) 185101099Srwatson{ 186105643Srwatson int bit; 187101099Srwatson 188105736Srwatson switch (a->mbe_type) { 189101099Srwatson case MAC_BIBA_TYPE_EQUAL: 190101099Srwatson case MAC_BIBA_TYPE_HIGH: 191101099Srwatson return (1); 192101099Srwatson 193101099Srwatson case MAC_BIBA_TYPE_LOW: 194101099Srwatson switch (b->mbe_type) { 195101099Srwatson case MAC_BIBA_TYPE_GRADE: 196101099Srwatson case MAC_BIBA_TYPE_HIGH: 197101099Srwatson return (0); 198101099Srwatson 199101099Srwatson case MAC_BIBA_TYPE_EQUAL: 200101099Srwatson case MAC_BIBA_TYPE_LOW: 201101099Srwatson return (1); 202101099Srwatson 203101099Srwatson default: 204172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 205101099Srwatson } 206101099Srwatson 207101099Srwatson case MAC_BIBA_TYPE_GRADE: 208101099Srwatson switch (b->mbe_type) { 209101099Srwatson case MAC_BIBA_TYPE_EQUAL: 210101099Srwatson case MAC_BIBA_TYPE_LOW: 211101099Srwatson return (1); 212101099Srwatson 213101099Srwatson case MAC_BIBA_TYPE_HIGH: 214101099Srwatson return (0); 215101099Srwatson 216101099Srwatson case MAC_BIBA_TYPE_GRADE: 217105643Srwatson for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) 218105643Srwatson if (!MAC_BIBA_BIT_TEST(bit, 219105643Srwatson a->mbe_compartments) && 220105643Srwatson MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) 221105643Srwatson return (0); 222101099Srwatson return (a->mbe_grade >= b->mbe_grade); 223101099Srwatson 224101099Srwatson default: 225172955Srwatson panic("biba_dominate_element: b->mbe_type invalid"); 226101099Srwatson } 227101099Srwatson 228101099Srwatson default: 229172955Srwatson panic("biba_dominate_element: a->mbe_type invalid"); 230101099Srwatson } 231101099Srwatson 232101099Srwatson return (0); 233101099Srwatson} 234101099Srwatson 235101099Srwatsonstatic int 236172955Srwatsonbiba_subject_dominate_high(struct mac_biba *mb) 237105988Srwatson{ 238105988Srwatson struct mac_biba_element *element; 239105988Srwatson 240172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 241172955Srwatson ("biba_effective_in_range: mb not effective")); 242172955Srwatson element = &mb->mb_effective; 243105988Srwatson 244105988Srwatson return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || 245105988Srwatson element->mbe_type == MAC_BIBA_TYPE_HIGH); 246105988Srwatson} 247105988Srwatson 248105988Srwatsonstatic int 249172955Srwatsonbiba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) 250101099Srwatson{ 251101099Srwatson 252172955Srwatson return (biba_dominate_element(&rangeb->mb_rangehigh, 253101099Srwatson &rangea->mb_rangehigh) && 254172955Srwatson biba_dominate_element(&rangea->mb_rangelow, 255101099Srwatson &rangeb->mb_rangelow)); 256101099Srwatson} 257101099Srwatson 258101099Srwatsonstatic int 259172955Srwatsonbiba_effective_in_range(struct mac_biba *effective, struct mac_biba *range) 260101099Srwatson{ 261101099Srwatson 262132232Srwatson KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 263172955Srwatson ("biba_effective_in_range: a not effective")); 264103750Srwatson KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 265172955Srwatson ("biba_effective_in_range: b not range")); 266101099Srwatson 267172955Srwatson return (biba_dominate_element(&range->mb_rangehigh, 268132232Srwatson &effective->mb_effective) && 269172955Srwatson biba_dominate_element(&effective->mb_effective, 270101099Srwatson &range->mb_rangelow)); 271101099Srwatson 272101099Srwatson return (1); 273101099Srwatson} 274101099Srwatson 275101099Srwatsonstatic int 276172955Srwatsonbiba_dominate_effective(struct mac_biba *a, struct mac_biba *b) 277101099Srwatson{ 278132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 279172955Srwatson ("biba_dominate_effective: a not effective")); 280132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 281172955Srwatson ("biba_dominate_effective: b not effective")); 282101099Srwatson 283172955Srwatson return (biba_dominate_element(&a->mb_effective, &b->mb_effective)); 284101099Srwatson} 285101099Srwatson 286101099Srwatsonstatic int 287172955Srwatsonbiba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) 288101099Srwatson{ 289101099Srwatson 290101099Srwatson if (a->mbe_type == MAC_BIBA_TYPE_EQUAL || 291101099Srwatson b->mbe_type == MAC_BIBA_TYPE_EQUAL) 292101099Srwatson return (1); 293101099Srwatson 294101099Srwatson return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade); 295101099Srwatson} 296101099Srwatson 297101099Srwatsonstatic int 298172955Srwatsonbiba_equal_effective(struct mac_biba *a, struct mac_biba *b) 299101099Srwatson{ 300101099Srwatson 301132232Srwatson KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 302172955Srwatson ("biba_equal_effective: a not effective")); 303132232Srwatson KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 304172955Srwatson ("biba_equal_effective: b not effective")); 305101099Srwatson 306172955Srwatson return (biba_equal_element(&a->mb_effective, &b->mb_effective)); 307101099Srwatson} 308101099Srwatson 309101099Srwatsonstatic int 310172955Srwatsonbiba_contains_equal(struct mac_biba *mb) 311105634Srwatson{ 312105634Srwatson 313172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 314172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 315105634Srwatson return (1); 316172955Srwatson } 317105634Srwatson 318172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 319172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL) 320105634Srwatson return (1); 321172955Srwatson if (mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 322105637Srwatson return (1); 323105634Srwatson } 324105634Srwatson 325105634Srwatson return (0); 326105634Srwatson} 327105634Srwatson 328105634Srwatsonstatic int 329172955Srwatsonbiba_subject_privileged(struct mac_biba *mb) 330105634Srwatson{ 331105634Srwatson 332172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH, 333172955Srwatson ("biba_subject_privileged: subject doesn't have both labels")); 334105634Srwatson 335132232Srwatson /* If the effective is EQUAL, it's ok. */ 336172955Srwatson if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) 337105634Srwatson return (0); 338105634Srwatson 339105634Srwatson /* If either range endpoint is EQUAL, it's ok. */ 340172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL || 341172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL) 342105634Srwatson return (0); 343105634Srwatson 344105634Srwatson /* If the range is low-high, it's ok. */ 345172955Srwatson if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW && 346172955Srwatson mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH) 347105634Srwatson return (0); 348105634Srwatson 349105634Srwatson /* It's not ok. */ 350105634Srwatson return (EPERM); 351105634Srwatson} 352105634Srwatson 353106091Srwatsonstatic int 354172955Srwatsonbiba_high_effective(struct mac_biba *mb) 355105988Srwatson{ 356105988Srwatson 357172955Srwatson KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 358172955Srwatson ("biba_equal_effective: mb not effective")); 359105988Srwatson 360172955Srwatson return (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); 361105988Srwatson} 362105988Srwatson 363105634Srwatsonstatic int 364172955Srwatsonbiba_valid(struct mac_biba *mb) 365101099Srwatson{ 366101099Srwatson 367172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 368172955Srwatson switch (mb->mb_effective.mbe_type) { 369101099Srwatson case MAC_BIBA_TYPE_GRADE: 370101099Srwatson break; 371101099Srwatson 372101099Srwatson case MAC_BIBA_TYPE_EQUAL: 373101099Srwatson case MAC_BIBA_TYPE_HIGH: 374101099Srwatson case MAC_BIBA_TYPE_LOW: 375172955Srwatson if (mb->mb_effective.mbe_grade != 0 || 376105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 377172955Srwatson mb->mb_effective.mbe_compartments)) 378101099Srwatson return (EINVAL); 379101099Srwatson break; 380101099Srwatson 381101099Srwatson default: 382101099Srwatson return (EINVAL); 383101099Srwatson } 384101099Srwatson } else { 385172955Srwatson if (mb->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) 386101099Srwatson return (EINVAL); 387101099Srwatson } 388101099Srwatson 389172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 390172955Srwatson switch (mb->mb_rangelow.mbe_type) { 391101099Srwatson case MAC_BIBA_TYPE_GRADE: 392101099Srwatson break; 393101099Srwatson 394101099Srwatson case MAC_BIBA_TYPE_EQUAL: 395101099Srwatson case MAC_BIBA_TYPE_HIGH: 396101099Srwatson case MAC_BIBA_TYPE_LOW: 397172955Srwatson if (mb->mb_rangelow.mbe_grade != 0 || 398105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 399172955Srwatson mb->mb_rangelow.mbe_compartments)) 400101099Srwatson return (EINVAL); 401101099Srwatson break; 402101099Srwatson 403101099Srwatson default: 404101099Srwatson return (EINVAL); 405101099Srwatson } 406101099Srwatson 407172955Srwatson switch (mb->mb_rangehigh.mbe_type) { 408101099Srwatson case MAC_BIBA_TYPE_GRADE: 409101099Srwatson break; 410101099Srwatson 411101099Srwatson case MAC_BIBA_TYPE_EQUAL: 412101099Srwatson case MAC_BIBA_TYPE_HIGH: 413101099Srwatson case MAC_BIBA_TYPE_LOW: 414172955Srwatson if (mb->mb_rangehigh.mbe_grade != 0 || 415105643Srwatson !MAC_BIBA_BIT_SET_EMPTY( 416172955Srwatson mb->mb_rangehigh.mbe_compartments)) 417101099Srwatson return (EINVAL); 418101099Srwatson break; 419101099Srwatson 420101099Srwatson default: 421101099Srwatson return (EINVAL); 422101099Srwatson } 423172955Srwatson if (!biba_dominate_element(&mb->mb_rangehigh, 424172955Srwatson &mb->mb_rangelow)) 425101099Srwatson return (EINVAL); 426101099Srwatson } else { 427172955Srwatson if (mb->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF || 428172955Srwatson mb->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF) 429101099Srwatson return (EINVAL); 430101099Srwatson } 431101099Srwatson 432101099Srwatson return (0); 433101099Srwatson} 434101099Srwatson 435101099Srwatsonstatic void 436172955Srwatsonbiba_set_range(struct mac_biba *mb, u_short typelow, u_short gradelow, 437172955Srwatson u_char *compartmentslow, u_short typehigh, u_short gradehigh, 438172955Srwatson u_char *compartmentshigh) 439101099Srwatson{ 440101099Srwatson 441172955Srwatson mb->mb_rangelow.mbe_type = typelow; 442172955Srwatson mb->mb_rangelow.mbe_grade = gradelow; 443105643Srwatson if (compartmentslow != NULL) 444172955Srwatson memcpy(mb->mb_rangelow.mbe_compartments, compartmentslow, 445172955Srwatson sizeof(mb->mb_rangelow.mbe_compartments)); 446172955Srwatson mb->mb_rangehigh.mbe_type = typehigh; 447172955Srwatson mb->mb_rangehigh.mbe_grade = gradehigh; 448105643Srwatson if (compartmentshigh != NULL) 449172955Srwatson memcpy(mb->mb_rangehigh.mbe_compartments, compartmentshigh, 450172955Srwatson sizeof(mb->mb_rangehigh.mbe_compartments)); 451172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 452101099Srwatson} 453101099Srwatson 454101099Srwatsonstatic void 455172955Srwatsonbiba_set_effective(struct mac_biba *mb, u_short type, u_short grade, 456105643Srwatson u_char *compartments) 457101099Srwatson{ 458101099Srwatson 459172955Srwatson mb->mb_effective.mbe_type = type; 460172955Srwatson mb->mb_effective.mbe_grade = grade; 461105643Srwatson if (compartments != NULL) 462172955Srwatson memcpy(mb->mb_effective.mbe_compartments, compartments, 463172955Srwatson sizeof(mb->mb_effective.mbe_compartments)); 464172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 465101099Srwatson} 466101099Srwatson 467101099Srwatsonstatic void 468172955Srwatsonbiba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) 469101099Srwatson{ 470105643Srwatson 471101099Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, 472172955Srwatson ("biba_copy_range: labelfrom not range")); 473101099Srwatson 474101099Srwatson labelto->mb_rangelow = labelfrom->mb_rangelow; 475101099Srwatson labelto->mb_rangehigh = labelfrom->mb_rangehigh; 476101099Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_RANGE; 477101099Srwatson} 478101099Srwatson 479101099Srwatsonstatic void 480172955Srwatsonbiba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) 481101099Srwatson{ 482101099Srwatson 483132232Srwatson KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, 484172955Srwatson ("biba_copy_effective: labelfrom not effective")); 485101099Srwatson 486132232Srwatson labelto->mb_effective = labelfrom->mb_effective; 487132232Srwatson labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 488101099Srwatson} 489101099Srwatson 490105656Srwatsonstatic void 491172955Srwatsonbiba_copy(struct mac_biba *source, struct mac_biba *dest) 492105656Srwatson{ 493105656Srwatson 494132232Srwatson if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) 495172955Srwatson biba_copy_effective(source, dest); 496105656Srwatson if (source->mb_flags & MAC_BIBA_FLAG_RANGE) 497172955Srwatson biba_copy_range(source, dest); 498105656Srwatson} 499105656Srwatson 500101099Srwatson/* 501101099Srwatson * Policy module operations. 502101099Srwatson */ 503101099Srwatsonstatic void 504172955Srwatsonbiba_init(struct mac_policy_conf *conf) 505101099Srwatson{ 506101099Srwatson 507122879Srwatson zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL, 508122879Srwatson NULL, NULL, NULL, UMA_ALIGN_PTR, 0); 509101099Srwatson} 510101099Srwatson 511101099Srwatson/* 512101099Srwatson * Label operations. 513101099Srwatson */ 514101099Srwatsonstatic void 515172955Srwatsonbiba_init_label(struct label *label) 516101099Srwatson{ 517101099Srwatson 518132781Skan SLOT_SET(label, biba_alloc(M_WAITOK)); 519101099Srwatson} 520101099Srwatson 521101099Srwatsonstatic int 522172955Srwatsonbiba_init_label_waitcheck(struct label *label, int flag) 523101099Srwatson{ 524101099Srwatson 525132781Skan SLOT_SET(label, biba_alloc(flag)); 526101099Srwatson if (SLOT(label) == NULL) 527101099Srwatson return (ENOMEM); 528101099Srwatson 529101099Srwatson return (0); 530101099Srwatson} 531101099Srwatson 532101099Srwatsonstatic void 533172955Srwatsonbiba_destroy_label(struct label *label) 534101099Srwatson{ 535101099Srwatson 536101099Srwatson biba_free(SLOT(label)); 537132781Skan SLOT_SET(label, NULL); 538101099Srwatson} 539101099Srwatson 540105696Srwatson/* 541172955Srwatson * biba_element_to_string() accepts an sbuf and Biba element. It converts 542172955Srwatson * the Biba element to a string and stores the result in the sbuf; if there 543172955Srwatson * isn't space in the sbuf, -1 is returned. 544105696Srwatson */ 545115497Srwatsonstatic int 546172955Srwatsonbiba_element_to_string(struct sbuf *sb, struct mac_biba_element *element) 547105696Srwatson{ 548115497Srwatson int i, first; 549105696Srwatson 550105696Srwatson switch (element->mbe_type) { 551105696Srwatson case MAC_BIBA_TYPE_HIGH: 552115497Srwatson return (sbuf_printf(sb, "high")); 553105696Srwatson 554105696Srwatson case MAC_BIBA_TYPE_LOW: 555115497Srwatson return (sbuf_printf(sb, "low")); 556105696Srwatson 557105696Srwatson case MAC_BIBA_TYPE_EQUAL: 558115497Srwatson return (sbuf_printf(sb, "equal")); 559105696Srwatson 560105696Srwatson case MAC_BIBA_TYPE_GRADE: 561115497Srwatson if (sbuf_printf(sb, "%d", element->mbe_grade) == -1) 562115497Srwatson return (-1); 563115497Srwatson 564115497Srwatson first = 1; 565115497Srwatson for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) { 566115497Srwatson if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) { 567115497Srwatson if (first) { 568115497Srwatson if (sbuf_putc(sb, ':') == -1) 569115497Srwatson return (-1); 570115497Srwatson if (sbuf_printf(sb, "%d", i) == -1) 571115497Srwatson return (-1); 572115497Srwatson first = 0; 573115497Srwatson } else { 574115497Srwatson if (sbuf_printf(sb, "+%d", i) == -1) 575115497Srwatson return (-1); 576115497Srwatson } 577115497Srwatson } 578105696Srwatson } 579115497Srwatson return (0); 580105696Srwatson 581105696Srwatson default: 582172955Srwatson panic("biba_element_to_string: invalid type (%d)", 583105696Srwatson element->mbe_type); 584105696Srwatson } 585105696Srwatson} 586105696Srwatson 587115497Srwatson/* 588172955Srwatson * biba_to_string() converts a Biba label to a string, and places the results 589172955Srwatson * in the passed sbuf. It returns 0 on success, or EINVAL if there isn't 590172955Srwatson * room in the sbuf. Note: the sbuf will be modified even in a failure case, 591172955Srwatson * so the caller may need to revert the sbuf by restoring the offset if 592172955Srwatson * that's undesired. 593115497Srwatson */ 594101099Srwatsonstatic int 595172955Srwatsonbiba_to_string(struct sbuf *sb, struct mac_biba *mb) 596101099Srwatson{ 597105696Srwatson 598172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 599172955Srwatson if (biba_element_to_string(sb, &mb->mb_effective) == -1) 600105696Srwatson return (EINVAL); 601105696Srwatson } 602105696Srwatson 603172955Srwatson if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) { 604116701Srwatson if (sbuf_putc(sb, '(') == -1) 605105696Srwatson return (EINVAL); 606105696Srwatson 607172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangelow) == -1) 608105696Srwatson return (EINVAL); 609105696Srwatson 610116701Srwatson if (sbuf_putc(sb, '-') == -1) 611105696Srwatson return (EINVAL); 612105696Srwatson 613172955Srwatson if (biba_element_to_string(sb, &mb->mb_rangehigh) == -1) 614105696Srwatson return (EINVAL); 615105696Srwatson 616116701Srwatson if (sbuf_putc(sb, ')') == -1) 617105696Srwatson return (EINVAL); 618105696Srwatson } 619105696Srwatson 620105696Srwatson return (0); 621105696Srwatson} 622105696Srwatson 623105696Srwatsonstatic int 624172955Srwatsonbiba_externalize_label(struct label *label, char *element_name, 625116701Srwatson struct sbuf *sb, int *claimed) 626105696Srwatson{ 627172955Srwatson struct mac_biba *mb; 628101099Srwatson 629105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 630105696Srwatson return (0); 631105696Srwatson 632105696Srwatson (*claimed)++; 633105696Srwatson 634172955Srwatson mb = SLOT(label); 635172955Srwatson return (biba_to_string(sb, mb)); 636105696Srwatson} 637105696Srwatson 638105696Srwatsonstatic int 639172955Srwatsonbiba_parse_element(struct mac_biba_element *element, char *string) 640101099Srwatson{ 641115395Srwatson char *compartment, *end, *grade; 642115395Srwatson int value; 643105696Srwatson 644181217Srwatson if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) { 645105696Srwatson element->mbe_type = MAC_BIBA_TYPE_HIGH; 646105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 647181217Srwatson } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) { 648105696Srwatson element->mbe_type = MAC_BIBA_TYPE_LOW; 649105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 650105696Srwatson } else if (strcmp(string, "equal") == 0 || 651105696Srwatson strcmp(string, "eq") == 0) { 652105696Srwatson element->mbe_type = MAC_BIBA_TYPE_EQUAL; 653105696Srwatson element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 654105696Srwatson } else { 655115395Srwatson element->mbe_type = MAC_BIBA_TYPE_GRADE; 656105696Srwatson 657115395Srwatson /* 658115395Srwatson * Numeric grade piece of the element. 659115395Srwatson */ 660115395Srwatson grade = strsep(&string, ":"); 661115395Srwatson value = strtol(grade, &end, 10); 662115395Srwatson if (end == grade || *end != '\0') 663105696Srwatson return (EINVAL); 664115395Srwatson if (value < 0 || value > 65535) 665115395Srwatson return (EINVAL); 666115395Srwatson element->mbe_grade = value; 667105696Srwatson 668115395Srwatson /* 669181217Srwatson * Optional compartment piece of the element. If none are 670181217Srwatson * included, we assume that the label has no compartments. 671115395Srwatson */ 672115395Srwatson if (string == NULL) 673115395Srwatson return (0); 674115395Srwatson if (*string == '\0') 675115395Srwatson return (0); 676105696Srwatson 677115395Srwatson while ((compartment = strsep(&string, "+")) != NULL) { 678115395Srwatson value = strtol(compartment, &end, 10); 679115395Srwatson if (compartment == end || *end != '\0') 680105696Srwatson return (EINVAL); 681115395Srwatson if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) 682105696Srwatson return (EINVAL); 683115395Srwatson MAC_BIBA_BIT_SET(value, element->mbe_compartments); 684105696Srwatson } 685105696Srwatson } 686105696Srwatson 687105696Srwatson return (0); 688105696Srwatson} 689105696Srwatson 690105696Srwatson/* 691181217Srwatson * Note: destructively consumes the string, make a local copy before calling 692181217Srwatson * if that's a problem. 693105696Srwatson */ 694105696Srwatsonstatic int 695172955Srwatsonbiba_parse(struct mac_biba *mb, char *string) 696105696Srwatson{ 697132232Srwatson char *rangehigh, *rangelow, *effective; 698101099Srwatson int error; 699101099Srwatson 700132232Srwatson effective = strsep(&string, "("); 701132232Srwatson if (*effective == '\0') 702132232Srwatson effective = NULL; 703115395Srwatson 704115395Srwatson if (string != NULL) { 705115395Srwatson rangelow = strsep(&string, "-"); 706115395Srwatson if (string == NULL) 707105696Srwatson return (EINVAL); 708115395Srwatson rangehigh = strsep(&string, ")"); 709115395Srwatson if (string == NULL) 710105696Srwatson return (EINVAL); 711115395Srwatson if (*string != '\0') 712105696Srwatson return (EINVAL); 713115395Srwatson } else { 714115395Srwatson rangelow = NULL; 715115395Srwatson rangehigh = NULL; 716105696Srwatson } 717115395Srwatson 718105696Srwatson KASSERT((rangelow != NULL && rangehigh != NULL) || 719105696Srwatson (rangelow == NULL && rangehigh == NULL), 720172955Srwatson ("biba_parse: range mismatch")); 721101099Srwatson 722172955Srwatson bzero(mb, sizeof(*mb)); 723132232Srwatson if (effective != NULL) { 724172955Srwatson error = biba_parse_element(&mb->mb_effective, effective); 725105696Srwatson if (error) 726105696Srwatson return (error); 727172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; 728105696Srwatson } 729105696Srwatson 730105696Srwatson if (rangelow != NULL) { 731172955Srwatson error = biba_parse_element(&mb->mb_rangelow, rangelow); 732105696Srwatson if (error) 733105696Srwatson return (error); 734172955Srwatson error = biba_parse_element(&mb->mb_rangehigh, rangehigh); 735105696Srwatson if (error) 736105696Srwatson return (error); 737172955Srwatson mb->mb_flags |= MAC_BIBA_FLAG_RANGE; 738105696Srwatson } 739105696Srwatson 740172955Srwatson error = biba_valid(mb); 741101099Srwatson if (error) 742101099Srwatson return (error); 743101099Srwatson 744105696Srwatson return (0); 745105696Srwatson} 746101099Srwatson 747105696Srwatsonstatic int 748172955Srwatsonbiba_internalize_label(struct label *label, char *element_name, 749105696Srwatson char *element_data, int *claimed) 750105696Srwatson{ 751172955Srwatson struct mac_biba *mb, mb_temp; 752105696Srwatson int error; 753105696Srwatson 754105696Srwatson if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 755105696Srwatson return (0); 756105696Srwatson 757105696Srwatson (*claimed)++; 758105696Srwatson 759172955Srwatson error = biba_parse(&mb_temp, element_data); 760105696Srwatson if (error) 761105696Srwatson return (error); 762105696Srwatson 763172955Srwatson mb = SLOT(label); 764172955Srwatson *mb = mb_temp; 765105696Srwatson 766101099Srwatson return (0); 767101099Srwatson} 768101099Srwatson 769105696Srwatsonstatic void 770172955Srwatsonbiba_copy_label(struct label *src, struct label *dest) 771105696Srwatson{ 772105696Srwatson 773105696Srwatson *SLOT(dest) = *SLOT(src); 774105696Srwatson} 775105696Srwatson 776101099Srwatson/* 777173138Srwatson * Object-specific entry point implementations are sorted alphabetically by 778173138Srwatson * object type name and then by operation. 779101099Srwatson */ 780173138Srwatsonstatic int 781173138Srwatsonbiba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 782173138Srwatson struct ifnet *ifp, struct label *ifplabel) 783101099Srwatson{ 784173138Srwatson struct mac_biba *a, *b; 785101099Srwatson 786173138Srwatson if (!biba_enabled) 787173138Srwatson return (0); 788101099Srwatson 789173138Srwatson a = SLOT(dlabel); 790173138Srwatson b = SLOT(ifplabel); 791101099Srwatson 792173138Srwatson if (biba_equal_effective(a, b)) 793173138Srwatson return (0); 794173138Srwatson return (EACCES); 795101099Srwatson} 796101099Srwatson 797101099Srwatsonstatic void 798173138Srwatsonbiba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 799173138Srwatson struct label *dlabel) 800104535Srwatson{ 801104535Srwatson struct mac_biba *source, *dest; 802104535Srwatson 803122524Srwatson source = SLOT(cred->cr_label); 804173138Srwatson dest = SLOT(dlabel); 805104535Srwatson 806172955Srwatson biba_copy_effective(source, dest); 807104535Srwatson} 808104535Srwatson 809104535Srwatsonstatic void 810173138Srwatsonbiba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 811173138Srwatson struct mbuf *m, struct label *mlabel) 812101099Srwatson{ 813101099Srwatson struct mac_biba *source, *dest; 814101099Srwatson 815173138Srwatson source = SLOT(dlabel); 816173138Srwatson dest = SLOT(mlabel); 817172955Srwatson 818172955Srwatson biba_copy_effective(source, dest); 819101099Srwatson} 820101099Srwatson 821184407Srwatsonstatic void 822184407Srwatsonbiba_cred_associate_nfsd(struct ucred *cred) 823184407Srwatson{ 824184407Srwatson struct mac_biba *label; 825184407Srwatson 826184407Srwatson label = SLOT(cred->cr_label); 827184407Srwatson biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); 828184407Srwatson biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 829184407Srwatson 0, NULL); 830184407Srwatson} 831184407Srwatson 832173138Srwatsonstatic int 833173138Srwatsonbiba_cred_check_relabel(struct ucred *cred, struct label *newlabel) 834101099Srwatson{ 835173138Srwatson struct mac_biba *subj, *new; 836173138Srwatson int error; 837101099Srwatson 838173138Srwatson subj = SLOT(cred->cr_label); 839173138Srwatson new = SLOT(newlabel); 840101099Srwatson 841173138Srwatson /* 842173138Srwatson * If there is a Biba label update for the credential, it may 843173138Srwatson * be an update of the effective, range, or both. 844173138Srwatson */ 845173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 846173138Srwatson if (error) 847173138Srwatson return (error); 848101099Srwatson 849173138Srwatson /* 850173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 851173138Srwatson */ 852173138Srwatson if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 853173138Srwatson /* 854173138Srwatson * If the change request modifies both the Biba label 855173138Srwatson * effective and range, check that the new effective will be 856173138Srwatson * in the new range. 857173138Srwatson */ 858173138Srwatson if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 859173138Srwatson MAC_BIBA_FLAGS_BOTH && 860173138Srwatson !biba_effective_in_range(new, new)) 861173138Srwatson return (EINVAL); 862101099Srwatson 863173138Srwatson /* 864173138Srwatson * To change the Biba effective label on a credential, the 865173138Srwatson * new effective label must be in the current range. 866173138Srwatson */ 867173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && 868173138Srwatson !biba_effective_in_range(new, subj)) 869173138Srwatson return (EPERM); 870101099Srwatson 871173138Srwatson /* 872173138Srwatson * To change the Biba range on a credential, the new range 873173138Srwatson * label must be in the current range. 874173138Srwatson */ 875173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_RANGE && 876173138Srwatson !biba_range_in_range(new, subj)) 877173138Srwatson return (EPERM); 878101099Srwatson 879173138Srwatson /* 880173138Srwatson * To have EQUAL in any component of the new credential Biba 881173138Srwatson * label, the subject must already have EQUAL in their label. 882173138Srwatson */ 883173138Srwatson if (biba_contains_equal(new)) { 884173138Srwatson error = biba_subject_privileged(subj); 885173138Srwatson if (error) 886173138Srwatson return (error); 887173138Srwatson } 888105988Srwatson } 889101099Srwatson 890101099Srwatson return (0); 891101099Srwatson} 892101099Srwatson 893105988Srwatsonstatic int 894173138Srwatsonbiba_cred_check_visible(struct ucred *u1, struct ucred *u2) 895105988Srwatson{ 896173138Srwatson struct mac_biba *subj, *obj; 897105988Srwatson 898173138Srwatson if (!biba_enabled) 899105988Srwatson return (0); 900105988Srwatson 901173138Srwatson subj = SLOT(u1->cr_label); 902173138Srwatson obj = SLOT(u2->cr_label); 903105988Srwatson 904173138Srwatson /* XXX: range */ 905173138Srwatson if (!biba_dominate_effective(obj, subj)) 906173138Srwatson return (ESRCH); 907105988Srwatson 908173138Srwatson return (0); 909122875Srwatson} 910122875Srwatson 911122875Srwatsonstatic void 912184407Srwatsonbiba_cred_create_init(struct ucred *cred) 913184407Srwatson{ 914184407Srwatson struct mac_biba *dest; 915184407Srwatson 916184407Srwatson dest = SLOT(cred->cr_label); 917184407Srwatson 918184407Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); 919184407Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 920184407Srwatson 0, NULL); 921184407Srwatson} 922184407Srwatson 923184407Srwatsonstatic void 924184407Srwatsonbiba_cred_create_swapper(struct ucred *cred) 925184407Srwatson{ 926184407Srwatson struct mac_biba *dest; 927184407Srwatson 928184407Srwatson dest = SLOT(cred->cr_label); 929184407Srwatson 930184407Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 931184407Srwatson biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 932184407Srwatson 0, NULL); 933184407Srwatson} 934184407Srwatson 935184407Srwatsonstatic void 936173138Srwatsonbiba_cred_relabel(struct ucred *cred, struct label *newlabel) 937101099Srwatson{ 938101099Srwatson struct mac_biba *source, *dest; 939101099Srwatson 940173138Srwatson source = SLOT(newlabel); 941173138Srwatson dest = SLOT(cred->cr_label); 942101099Srwatson 943173138Srwatson biba_copy(source, dest); 944101099Srwatson} 945101099Srwatson 946101099Srwatsonstatic void 947173138Srwatsonbiba_devfs_create_device(struct ucred *cred, struct mount *mp, 948173138Srwatson struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 949101099Srwatson{ 950173138Srwatson struct mac_biba *mb; 951231378Sed const char *dn; 952173138Srwatson int biba_type; 953101099Srwatson 954173138Srwatson mb = SLOT(delabel); 955231378Sed dn = devtoname(dev); 956231378Sed if (strcmp(dn, "null") == 0 || 957231378Sed strcmp(dn, "zero") == 0 || 958231378Sed strcmp(dn, "random") == 0 || 959231378Sed strncmp(dn, "fd/", strlen("fd/")) == 0) 960173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 961173138Srwatson else if (ptys_equal && 962231378Sed (strncmp(dn, "ttyp", strlen("ttyp")) == 0 || 963231378Sed strncmp(dn, "pts/", strlen("pts/")) == 0 || 964231378Sed strncmp(dn, "ptyp", strlen("ptyp")) == 0)) 965173138Srwatson biba_type = MAC_BIBA_TYPE_EQUAL; 966173138Srwatson else 967173138Srwatson biba_type = MAC_BIBA_TYPE_HIGH; 968173138Srwatson biba_set_effective(mb, biba_type, 0, NULL); 969101099Srwatson} 970101099Srwatson 971101099Srwatsonstatic void 972173138Srwatsonbiba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, 973173138Srwatson struct devfs_dirent *de, struct label *delabel) 974101099Srwatson{ 975173138Srwatson struct mac_biba *mb; 976101099Srwatson 977173138Srwatson mb = SLOT(delabel); 978101099Srwatson 979173138Srwatson biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); 980101099Srwatson} 981101099Srwatson 982101099Srwatsonstatic void 983173138Srwatsonbiba_devfs_create_symlink(struct ucred *cred, struct mount *mp, 984173138Srwatson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 985173138Srwatson struct label *delabel) 986145855Srwatson{ 987145855Srwatson struct mac_biba *source, *dest; 988145855Srwatson 989145855Srwatson source = SLOT(cred->cr_label); 990173138Srwatson dest = SLOT(delabel); 991145855Srwatson 992172955Srwatson biba_copy_effective(source, dest); 993145855Srwatson} 994145855Srwatson 995145855Srwatsonstatic void 996173138Srwatsonbiba_devfs_update(struct mount *mp, struct devfs_dirent *de, 997173138Srwatson struct label *delabel, struct vnode *vp, struct label *vplabel) 998101099Srwatson{ 999101099Srwatson struct mac_biba *source, *dest; 1000101099Srwatson 1001173138Srwatson source = SLOT(vplabel); 1002173138Srwatson dest = SLOT(delabel); 1003101099Srwatson 1004172955Srwatson biba_copy(source, dest); 1005101099Srwatson} 1006101099Srwatson 1007101099Srwatsonstatic void 1008173138Srwatsonbiba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, 1009173138Srwatson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 1010173138Srwatson struct label *vplabel) 1011101099Srwatson{ 1012101099Srwatson struct mac_biba *source, *dest; 1013101099Srwatson 1014173138Srwatson source = SLOT(delabel); 1015173138Srwatson dest = SLOT(vplabel); 1016101099Srwatson 1017172955Srwatson biba_copy_effective(source, dest); 1018101099Srwatson} 1019101099Srwatson 1020173138Srwatsonstatic int 1021173138Srwatsonbiba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 1022173138Srwatson struct label *ifplabel, struct label *newlabel) 1023140628Srwatson{ 1024173138Srwatson struct mac_biba *subj, *new; 1025173138Srwatson int error; 1026140628Srwatson 1027173138Srwatson subj = SLOT(cred->cr_label); 1028173138Srwatson new = SLOT(newlabel); 1029140628Srwatson 1030173138Srwatson /* 1031173138Srwatson * If there is a Biba label update for the interface, it may be an 1032173138Srwatson * update of the effective, range, or both. 1033173138Srwatson */ 1034173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); 1035173138Srwatson if (error) 1036173138Srwatson return (error); 1037140628Srwatson 1038173138Srwatson /* 1039173138Srwatson * Relabling network interfaces requires Biba privilege. 1040173138Srwatson */ 1041173138Srwatson error = biba_subject_privileged(subj); 1042173138Srwatson if (error) 1043173138Srwatson return (error); 1044140628Srwatson 1045173138Srwatson return (0); 1046140628Srwatson} 1047140628Srwatson 1048173138Srwatsonstatic int 1049173138Srwatsonbiba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 1050173138Srwatson struct mbuf *m, struct label *mlabel) 1051140628Srwatson{ 1052173138Srwatson struct mac_biba *p, *i; 1053140628Srwatson 1054173138Srwatson if (!biba_enabled) 1055173138Srwatson return (0); 1056140628Srwatson 1057173138Srwatson p = SLOT(mlabel); 1058173138Srwatson i = SLOT(ifplabel); 1059140628Srwatson 1060173138Srwatson return (biba_effective_in_range(p, i) ? 0 : EACCES); 1061140628Srwatson} 1062140628Srwatson 1063101099Srwatsonstatic void 1064172955Srwatsonbiba_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 1065101099Srwatson{ 1066121816Sbrooks char tifname[IFNAMSIZ], *p, *q; 1067101099Srwatson char tiflist[sizeof(trusted_interfaces)]; 1068101099Srwatson struct mac_biba *dest; 1069110350Srwatson int len, type; 1070101099Srwatson 1071168976Srwatson dest = SLOT(ifplabel); 1072101099Srwatson 1073168976Srwatson if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { 1074110350Srwatson type = MAC_BIBA_TYPE_EQUAL; 1075101099Srwatson goto set; 1076101099Srwatson } 1077101099Srwatson 1078101099Srwatson if (trust_all_interfaces) { 1079110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1080101099Srwatson goto set; 1081101099Srwatson } 1082101099Srwatson 1083110350Srwatson type = MAC_BIBA_TYPE_LOW; 1084101099Srwatson 1085101099Srwatson if (trusted_interfaces[0] == '\0' || 1086101099Srwatson !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) 1087101099Srwatson goto set; 1088101099Srwatson 1089106089Srwatson bzero(tiflist, sizeof(tiflist)); 1090101099Srwatson for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) 1091101099Srwatson if(*p != ' ' && *p != '\t') 1092101099Srwatson *q = *p; 1093101099Srwatson 1094101099Srwatson for (p = q = tiflist;; p++) { 1095101099Srwatson if (*p == ',' || *p == '\0') { 1096101099Srwatson len = p - q; 1097101099Srwatson if (len < IFNAMSIZ) { 1098101099Srwatson bzero(tifname, sizeof(tifname)); 1099101099Srwatson bcopy(q, tifname, len); 1100168976Srwatson if (strcmp(tifname, ifp->if_xname) == 0) { 1101110350Srwatson type = MAC_BIBA_TYPE_HIGH; 1102101099Srwatson break; 1103101099Srwatson } 1104106089Srwatson } else { 1105106089Srwatson *p = '\0'; 1106106089Srwatson printf("mac_biba warning: interface name " 1107106089Srwatson "\"%s\" is too long (must be < %d)\n", 1108106089Srwatson q, IFNAMSIZ); 1109101099Srwatson } 1110101099Srwatson if (*p == '\0') 1111101099Srwatson break; 1112101099Srwatson q = p + 1; 1113101099Srwatson } 1114101099Srwatson } 1115101099Srwatsonset: 1116172955Srwatson biba_set_effective(dest, type, 0, NULL); 1117172955Srwatson biba_set_range(dest, type, 0, NULL, type, 0, NULL); 1118101099Srwatson} 1119101099Srwatson 1120101099Srwatsonstatic void 1121173138Srwatsonbiba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 1122173138Srwatson struct mbuf *m, struct label *mlabel) 1123101099Srwatson{ 1124101099Srwatson struct mac_biba *source, *dest; 1125101099Srwatson 1126173138Srwatson source = SLOT(ifplabel); 1127173138Srwatson dest = SLOT(mlabel); 1128101099Srwatson 1129172955Srwatson biba_copy_effective(source, dest); 1130101099Srwatson} 1131101099Srwatson 1132101099Srwatsonstatic void 1133173138Srwatsonbiba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 1134173138Srwatson struct label *ifplabel, struct label *newlabel) 1135101099Srwatson{ 1136101099Srwatson struct mac_biba *source, *dest; 1137101099Srwatson 1138173138Srwatson source = SLOT(newlabel); 1139173138Srwatson dest = SLOT(ifplabel); 1140101099Srwatson 1141173138Srwatson biba_copy(source, dest); 1142101099Srwatson} 1143101099Srwatson 1144173138Srwatsonstatic int 1145173138Srwatsonbiba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 1146173138Srwatson struct mbuf *m, struct label *mlabel) 1147173138Srwatson{ 1148173138Srwatson struct mac_biba *p, *i; 1149173138Srwatson 1150173138Srwatson if (!biba_enabled) 1151173138Srwatson return (0); 1152173138Srwatson 1153173138Srwatson p = SLOT(mlabel); 1154173138Srwatson i = SLOT(inplabel); 1155173138Srwatson 1156173138Srwatson return (biba_equal_effective(p, i) ? 0 : EACCES); 1157173138Srwatson} 1158173138Srwatson 1159183980Sbzstatic int 1160183980Sbzbiba_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 1161183980Sbz struct label *inplabel) 1162183980Sbz{ 1163183980Sbz struct mac_biba *subj, *obj; 1164183980Sbz 1165183980Sbz if (!biba_enabled) 1166183980Sbz return (0); 1167183980Sbz 1168183980Sbz subj = SLOT(cred->cr_label); 1169183980Sbz obj = SLOT(inplabel); 1170183980Sbz 1171183980Sbz if (!biba_dominate_effective(obj, subj)) 1172183980Sbz return (ENOENT); 1173183980Sbz 1174183980Sbz return (0); 1175183980Sbz} 1176183980Sbz 1177101099Srwatsonstatic void 1178173138Srwatsonbiba_inpcb_create(struct socket *so, struct label *solabel, 1179173138Srwatson struct inpcb *inp, struct label *inplabel) 1180101099Srwatson{ 1181101099Srwatson struct mac_biba *source, *dest; 1182101099Srwatson 1183173138Srwatson source = SLOT(solabel); 1184173138Srwatson dest = SLOT(inplabel); 1185101099Srwatson 1186193391Srwatson SOCK_LOCK(so); 1187172955Srwatson biba_copy_effective(source, dest); 1188193391Srwatson SOCK_UNLOCK(so); 1189101099Srwatson} 1190101099Srwatson 1191101099Srwatsonstatic void 1192172955Srwatsonbiba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 1193123607Srwatson struct mbuf *m, struct label *mlabel) 1194123607Srwatson{ 1195123607Srwatson struct mac_biba *source, *dest; 1196123607Srwatson 1197123607Srwatson source = SLOT(inplabel); 1198123607Srwatson dest = SLOT(mlabel); 1199123607Srwatson 1200172955Srwatson biba_copy_effective(source, dest); 1201123607Srwatson} 1202123607Srwatson 1203123607Srwatsonstatic void 1204173138Srwatsonbiba_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1205173138Srwatson struct inpcb *inp, struct label *inplabel) 1206101099Srwatson{ 1207101099Srwatson struct mac_biba *source, *dest; 1208101099Srwatson 1209193391Srwatson SOCK_LOCK_ASSERT(so); 1210193391Srwatson 1211173138Srwatson source = SLOT(solabel); 1212173138Srwatson dest = SLOT(inplabel); 1213101099Srwatson 1214173138Srwatson biba_copy(source, dest); 1215101099Srwatson} 1216101099Srwatson 1217101099Srwatsonstatic void 1218184308Srwatsonbiba_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1219184308Srwatson struct label *q6label) 1220184308Srwatson{ 1221184308Srwatson struct mac_biba *source, *dest; 1222184308Srwatson 1223184308Srwatson source = SLOT(mlabel); 1224184308Srwatson dest = SLOT(q6label); 1225184308Srwatson 1226184308Srwatson biba_copy_effective(source, dest); 1227184308Srwatson} 1228184308Srwatson 1229184308Srwatsonstatic int 1230184308Srwatsonbiba_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1231184308Srwatson struct label *q6label) 1232184308Srwatson{ 1233184308Srwatson struct mac_biba *a, *b; 1234184308Srwatson 1235184308Srwatson a = SLOT(q6label); 1236184308Srwatson b = SLOT(mlabel); 1237184308Srwatson 1238184308Srwatson return (biba_equal_effective(a, b)); 1239184308Srwatson} 1240184308Srwatson 1241184308Srwatsonstatic void 1242184308Srwatsonbiba_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 1243184308Srwatson struct label *mlabel) 1244184308Srwatson{ 1245184308Srwatson struct mac_biba *source, *dest; 1246184308Srwatson 1247184308Srwatson source = SLOT(q6label); 1248184308Srwatson dest = SLOT(mlabel); 1249184308Srwatson 1250184308Srwatson /* Just use the head, since we require them all to match. */ 1251184308Srwatson biba_copy_effective(source, dest); 1252184308Srwatson} 1253184308Srwatson 1254184308Srwatsonstatic void 1255184308Srwatsonbiba_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 1256184308Srwatson struct label *q6label) 1257184308Srwatson{ 1258184308Srwatson 1259184308Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1260184308Srwatson} 1261184308Srwatson 1262184308Srwatsonstatic void 1263179781Srwatsonbiba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, 1264179781Srwatson struct label *qlabel) 1265101099Srwatson{ 1266101099Srwatson struct mac_biba *source, *dest; 1267101099Srwatson 1268173138Srwatson source = SLOT(mlabel); 1269179781Srwatson dest = SLOT(qlabel); 1270101099Srwatson 1271172955Srwatson biba_copy_effective(source, dest); 1272101099Srwatson} 1273101099Srwatson 1274101099Srwatsonstatic int 1275179781Srwatsonbiba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, 1276179781Srwatson struct label *qlabel) 1277101099Srwatson{ 1278101099Srwatson struct mac_biba *a, *b; 1279101099Srwatson 1280179781Srwatson a = SLOT(qlabel); 1281168976Srwatson b = SLOT(mlabel); 1282101099Srwatson 1283172955Srwatson return (biba_equal_effective(a, b)); 1284101099Srwatson} 1285101099Srwatson 1286101099Srwatsonstatic void 1287179781Srwatsonbiba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 1288173138Srwatson struct label *mlabel) 1289101099Srwatson{ 1290101099Srwatson struct mac_biba *source, *dest; 1291101099Srwatson 1292179781Srwatson source = SLOT(qlabel); 1293173138Srwatson dest = SLOT(mlabel); 1294101099Srwatson 1295173138Srwatson /* Just use the head, since we require them all to match. */ 1296173138Srwatson biba_copy_effective(source, dest); 1297101099Srwatson} 1298101099Srwatson 1299101099Srwatsonstatic void 1300179781Srwatsonbiba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 1301179781Srwatson struct label *qlabel) 1302101099Srwatson{ 1303101099Srwatson 1304101099Srwatson /* NOOP: we only accept matching labels, so no need to update */ 1305101099Srwatson} 1306101099Srwatson 1307173138Srwatsonstatic int 1308173138Srwatsonbiba_kld_check_load(struct ucred *cred, struct vnode *vp, 1309173138Srwatson struct label *vplabel) 1310173138Srwatson{ 1311173138Srwatson struct mac_biba *subj, *obj; 1312173138Srwatson int error; 1313173138Srwatson 1314173138Srwatson if (!biba_enabled) 1315173138Srwatson return (0); 1316173138Srwatson 1317173138Srwatson subj = SLOT(cred->cr_label); 1318173138Srwatson 1319173138Srwatson error = biba_subject_privileged(subj); 1320173138Srwatson if (error) 1321173138Srwatson return (error); 1322173138Srwatson 1323173138Srwatson obj = SLOT(vplabel); 1324173138Srwatson if (!biba_high_effective(obj)) 1325173138Srwatson return (EACCES); 1326173138Srwatson 1327173138Srwatson return (0); 1328173138Srwatson} 1329173138Srwatson 1330173138Srwatsonstatic int 1331173138Srwatsonbiba_mount_check_stat(struct ucred *cred, struct mount *mp, 1332173138Srwatson struct label *mplabel) 1333173138Srwatson{ 1334173138Srwatson struct mac_biba *subj, *obj; 1335173138Srwatson 1336173138Srwatson if (!biba_enabled) 1337173138Srwatson return (0); 1338173138Srwatson 1339173138Srwatson subj = SLOT(cred->cr_label); 1340173138Srwatson obj = SLOT(mplabel); 1341173138Srwatson 1342173138Srwatson if (!biba_dominate_effective(obj, subj)) 1343173138Srwatson return (EACCES); 1344173138Srwatson 1345173138Srwatson return (0); 1346173138Srwatson} 1347173138Srwatson 1348122875Srwatsonstatic void 1349173138Srwatsonbiba_mount_create(struct ucred *cred, struct mount *mp, 1350173138Srwatson struct label *mplabel) 1351122875Srwatson{ 1352122875Srwatson struct mac_biba *source, *dest; 1353122875Srwatson 1354173138Srwatson source = SLOT(cred->cr_label); 1355173138Srwatson dest = SLOT(mplabel); 1356122875Srwatson 1357173138Srwatson biba_copy_effective(source, dest); 1358122875Srwatson} 1359122875Srwatson 1360162238Scsjpstatic void 1361173095Srwatsonbiba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1362173095Srwatson struct mbuf *m, struct label *mlabel) 1363173095Srwatson{ 1364173095Srwatson struct mac_biba *dest; 1365173095Srwatson 1366173095Srwatson dest = SLOT(mlabel); 1367173095Srwatson 1368173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1369173095Srwatson} 1370173095Srwatson 1371173095Srwatsonstatic void 1372173095Srwatsonbiba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1373173095Srwatson struct mbuf *m, struct label *mlabel) 1374173095Srwatson{ 1375173095Srwatson struct mac_biba *dest; 1376173095Srwatson 1377173095Srwatson dest = SLOT(mlabel); 1378173095Srwatson 1379173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1380173095Srwatson} 1381173095Srwatson 1382173095Srwatsonstatic void 1383173102Srwatsonbiba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1384173102Srwatson struct mbuf *msend, struct label *msendlabel) 1385173102Srwatson{ 1386173102Srwatson struct mac_biba *source, *dest; 1387173102Srwatson 1388173102Srwatson source = SLOT(mrecvlabel); 1389173102Srwatson dest = SLOT(msendlabel); 1390173102Srwatson 1391173102Srwatson biba_copy_effective(source, dest); 1392173102Srwatson} 1393173102Srwatson 1394173102Srwatsonstatic void 1395173018Srwatsonbiba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) 1396162238Scsjp{ 1397162238Scsjp struct mac_biba *dest; 1398162238Scsjp 1399173018Srwatson dest = SLOT(mlabel); 1400162238Scsjp 1401173018Srwatson /* XXX: where is the label for the firewall really coming from? */ 1402172955Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1403162238Scsjp} 1404162238Scsjp 1405173095Srwatsonstatic void 1406173138Srwatsonbiba_netinet_fragment(struct mbuf *m, struct label *mlabel, 1407173138Srwatson struct mbuf *frag, struct label *fraglabel) 1408173138Srwatson{ 1409173138Srwatson struct mac_biba *source, *dest; 1410173138Srwatson 1411173138Srwatson source = SLOT(mlabel); 1412173138Srwatson dest = SLOT(fraglabel); 1413173138Srwatson 1414173138Srwatson biba_copy_effective(source, dest); 1415173138Srwatson} 1416173138Srwatson 1417173138Srwatsonstatic void 1418173102Srwatsonbiba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1419173102Srwatson struct mbuf *msend, struct label *msendlabel) 1420173102Srwatson{ 1421173102Srwatson struct mac_biba *source, *dest; 1422173102Srwatson 1423173102Srwatson source = SLOT(mrecvlabel); 1424173102Srwatson dest = SLOT(msendlabel); 1425173102Srwatson 1426173102Srwatson biba_copy_effective(source, dest); 1427173102Srwatson} 1428173102Srwatson 1429173102Srwatsonstatic void 1430173095Srwatsonbiba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1431173095Srwatson struct mbuf *m, struct label *mlabel) 1432173095Srwatson{ 1433173095Srwatson struct mac_biba *dest; 1434173095Srwatson 1435173095Srwatson dest = SLOT(mlabel); 1436173095Srwatson 1437173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1438173095Srwatson} 1439173095Srwatson 1440173095Srwatsonstatic void 1441173095Srwatsonbiba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1442173095Srwatson struct mbuf *m, struct label *mlabel) 1443173095Srwatson{ 1444173095Srwatson struct mac_biba *dest; 1445173095Srwatson 1446173095Srwatson dest = SLOT(mlabel); 1447173095Srwatson 1448173095Srwatson biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); 1449173095Srwatson} 1450173095Srwatson 1451173138Srwatsonstatic int 1452173138Srwatsonbiba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1453173138Srwatson struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1454101099Srwatson{ 1455101099Srwatson 1456173138Srwatson if(!biba_enabled) 1457173138Srwatson return (0); 1458101099Srwatson 1459173138Srwatson /* XXX: This will be implemented soon... */ 1460101099Srwatson 1461173138Srwatson return (0); 1462101099Srwatson} 1463101099Srwatson 1464173138Srwatsonstatic int 1465173138Srwatsonbiba_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1466173138Srwatson struct label *pplabel) 1467172957Srwatson{ 1468173138Srwatson struct mac_biba *subj, *obj; 1469172957Srwatson 1470173138Srwatson if (!biba_enabled) 1471173138Srwatson return (0); 1472172957Srwatson 1473173138Srwatson subj = SLOT(cred->cr_label); 1474173138Srwatson obj = SLOT(pplabel); 1475101099Srwatson 1476173138Srwatson if (!biba_dominate_effective(obj, subj)) 1477173138Srwatson return (EACCES); 1478101099Srwatson 1479173138Srwatson return (0); 1480101099Srwatson} 1481101099Srwatson 1482101099Srwatsonstatic int 1483173138Srwatsonbiba_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1484173138Srwatson struct label *pplabel) 1485101099Srwatson{ 1486173138Srwatson struct mac_biba *subj, *obj; 1487101099Srwatson 1488172955Srwatson if (!biba_enabled) 1489101099Srwatson return (0); 1490101099Srwatson 1491173138Srwatson subj = SLOT(cred->cr_label); 1492173138Srwatson obj = SLOT(pplabel); 1493101099Srwatson 1494173138Srwatson if (!biba_dominate_effective(obj, subj)) 1495173138Srwatson return (EACCES); 1496173138Srwatson 1497173138Srwatson return (0); 1498101099Srwatson} 1499101099Srwatson 1500101099Srwatsonstatic int 1501173138Srwatsonbiba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1502173138Srwatson struct label *pplabel, struct label *newlabel) 1503101099Srwatson{ 1504173138Srwatson struct mac_biba *subj, *obj, *new; 1505105634Srwatson int error; 1506101099Srwatson 1507173138Srwatson new = SLOT(newlabel); 1508122524Srwatson subj = SLOT(cred->cr_label); 1509173138Srwatson obj = SLOT(pplabel); 1510101099Srwatson 1511101099Srwatson /* 1512173138Srwatson * If there is a Biba label update for a pipe, it must be a effective 1513173138Srwatson * update. 1514101099Srwatson */ 1515173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 1516105634Srwatson if (error) 1517105634Srwatson return (error); 1518101099Srwatson 1519101099Srwatson /* 1520173138Srwatson * To perform a relabel of a pipe (Biba label or not), Biba must 1521173138Srwatson * authorize the relabel. 1522173138Srwatson */ 1523173138Srwatson if (!biba_effective_in_range(obj, subj)) 1524173138Srwatson return (EPERM); 1525173138Srwatson 1526173138Srwatson /* 1527105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 1528101099Srwatson */ 1529173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 1530105634Srwatson /* 1531173138Srwatson * To change the Biba label on a pipe, the new pipe label 1532173138Srwatson * must be in the subject range. 1533110351Srwatson */ 1534173138Srwatson if (!biba_effective_in_range(new, subj)) 1535105634Srwatson return (EPERM); 1536101099Srwatson 1537105634Srwatson /* 1538173138Srwatson * To change the Biba label on a pipe to be EQUAL, the 1539173138Srwatson * subject must have appropriate privilege. 1540105634Srwatson */ 1541172955Srwatson if (biba_contains_equal(new)) { 1542172955Srwatson error = biba_subject_privileged(subj); 1543105634Srwatson if (error) 1544105634Srwatson return (error); 1545105634Srwatson } 1546105634Srwatson } 1547105634Srwatson 1548101099Srwatson return (0); 1549101099Srwatson} 1550101099Srwatson 1551101099Srwatsonstatic int 1552173138Srwatsonbiba_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1553173138Srwatson struct label *pplabel) 1554101099Srwatson{ 1555101099Srwatson struct mac_biba *subj, *obj; 1556101099Srwatson 1557172955Srwatson if (!biba_enabled) 1558101099Srwatson return (0); 1559101099Srwatson 1560173138Srwatson subj = SLOT(cred->cr_label); 1561173138Srwatson obj = SLOT(pplabel); 1562101099Srwatson 1563172955Srwatson if (!biba_dominate_effective(obj, subj)) 1564173138Srwatson return (EACCES); 1565101099Srwatson 1566101099Srwatson return (0); 1567101099Srwatson} 1568101099Srwatson 1569101099Srwatsonstatic int 1570173138Srwatsonbiba_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1571173138Srwatson struct label *pplabel) 1572101099Srwatson{ 1573173138Srwatson struct mac_biba *subj, *obj; 1574101099Srwatson 1575173138Srwatson if (!biba_enabled) 1576173138Srwatson return (0); 1577173138Srwatson 1578122524Srwatson subj = SLOT(cred->cr_label); 1579173138Srwatson obj = SLOT(pplabel); 1580101099Srwatson 1581173138Srwatson if (!biba_dominate_effective(subj, obj)) 1582173138Srwatson return (EACCES); 1583101099Srwatson 1584105634Srwatson return (0); 1585101099Srwatson} 1586101099Srwatson 1587173138Srwatsonstatic void 1588173138Srwatsonbiba_pipe_create(struct ucred *cred, struct pipepair *pp, 1589173138Srwatson struct label *pplabel) 1590101099Srwatson{ 1591173138Srwatson struct mac_biba *source, *dest; 1592103761Srwatson 1593173138Srwatson source = SLOT(cred->cr_label); 1594173138Srwatson dest = SLOT(pplabel); 1595101099Srwatson 1596173138Srwatson biba_copy_effective(source, dest); 1597173138Srwatson} 1598103759Srwatson 1599173138Srwatsonstatic void 1600173138Srwatsonbiba_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1601173138Srwatson struct label *pplabel, struct label *newlabel) 1602173138Srwatson{ 1603173138Srwatson struct mac_biba *source, *dest; 1604173138Srwatson 1605173138Srwatson source = SLOT(newlabel); 1606173138Srwatson dest = SLOT(pplabel); 1607173138Srwatson 1608173138Srwatson biba_copy(source, dest); 1609101099Srwatson} 1610101099Srwatson 1611101099Srwatsonstatic int 1612180059Sjhbbiba_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks, 1613173138Srwatson struct label *kslabel) 1614122875Srwatson{ 1615173138Srwatson struct mac_biba *subj, *obj; 1616122875Srwatson 1617172955Srwatson if (!biba_enabled) 1618122875Srwatson return (0); 1619122875Srwatson 1620173138Srwatson subj = SLOT(cred->cr_label); 1621173138Srwatson obj = SLOT(kslabel); 1622122875Srwatson 1623173138Srwatson if (!biba_dominate_effective(subj, obj)) 1624173138Srwatson return (EACCES); 1625173138Srwatson 1626173138Srwatson return (0); 1627122875Srwatson} 1628122875Srwatson 1629122875Srwatsonstatic int 1630225344Srwatsonbiba_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1631225344Srwatson struct label *kslabel, mode_t mode) 1632225344Srwatson{ 1633225344Srwatson struct mac_biba *subj, *obj; 1634225344Srwatson 1635225344Srwatson if (!biba_enabled) 1636225344Srwatson return (0); 1637225344Srwatson 1638225344Srwatson subj = SLOT(cred->cr_label); 1639225344Srwatson obj = SLOT(kslabel); 1640225344Srwatson 1641225344Srwatson if (!biba_dominate_effective(subj, obj)) 1642225344Srwatson return (EACCES); 1643225344Srwatson 1644225344Srwatson return (0); 1645225344Srwatson} 1646225344Srwatson 1647225344Srwatsonstatic int 1648225344Srwatsonbiba_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1649225344Srwatson struct label *kslabel, uid_t uid, gid_t gid) 1650225344Srwatson{ 1651225344Srwatson struct mac_biba *subj, *obj; 1652225344Srwatson 1653225344Srwatson if (!biba_enabled) 1654225344Srwatson return (0); 1655225344Srwatson 1656225344Srwatson subj = SLOT(cred->cr_label); 1657225344Srwatson obj = SLOT(kslabel); 1658225344Srwatson 1659225344Srwatson if (!biba_dominate_effective(subj, obj)) 1660225344Srwatson return (EACCES); 1661225344Srwatson 1662225344Srwatson return (0); 1663225344Srwatson} 1664225344Srwatson 1665225344Srwatsonstatic int 1666180059Sjhbbiba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1667180059Sjhb struct ksem *ks, struct label *kslabel) 1668140628Srwatson{ 1669140628Srwatson struct mac_biba *subj, *obj; 1670140628Srwatson 1671172955Srwatson if (!biba_enabled) 1672140628Srwatson return (0); 1673140628Srwatson 1674180059Sjhb subj = SLOT(active_cred->cr_label); 1675173138Srwatson obj = SLOT(kslabel); 1676140628Srwatson 1677180059Sjhb if (!biba_dominate_effective(subj, obj)) 1678180059Sjhb return (EACCES); 1679180059Sjhb 1680180059Sjhb return (0); 1681180059Sjhb} 1682180059Sjhb 1683180059Sjhbstatic int 1684180059Sjhbbiba_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred, 1685180059Sjhb struct ksem *ks, struct label *kslabel) 1686180059Sjhb{ 1687180059Sjhb struct mac_biba *subj, *obj; 1688180059Sjhb 1689180059Sjhb if (!biba_enabled) 1690180059Sjhb return (0); 1691180059Sjhb 1692180059Sjhb subj = SLOT(active_cred->cr_label); 1693180059Sjhb obj = SLOT(kslabel); 1694180059Sjhb 1695172955Srwatson if (!biba_dominate_effective(obj, subj)) 1696140628Srwatson return (EACCES); 1697140628Srwatson 1698140628Srwatson return (0); 1699140628Srwatson} 1700140628Srwatson 1701173138Srwatsonstatic void 1702173138Srwatsonbiba_posixsem_create(struct ucred *cred, struct ksem *ks, 1703173138Srwatson struct label *kslabel) 1704173138Srwatson{ 1705173138Srwatson struct mac_biba *source, *dest; 1706173138Srwatson 1707173138Srwatson source = SLOT(cred->cr_label); 1708173138Srwatson dest = SLOT(kslabel); 1709173138Srwatson 1710173138Srwatson biba_copy_effective(source, dest); 1711173138Srwatson} 1712173138Srwatson 1713225344Srwatsonstatic int 1714225344Srwatsonbiba_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1715225344Srwatson struct label *shmlabel, int prot, int flags) 1716225344Srwatson{ 1717225344Srwatson struct mac_biba *subj, *obj; 1718225344Srwatson 1719225344Srwatson if (!biba_enabled || !revocation_enabled) 1720225344Srwatson return (0); 1721225344Srwatson 1722225344Srwatson subj = SLOT(cred->cr_label); 1723225344Srwatson obj = SLOT(shmlabel); 1724225344Srwatson 1725225344Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 1726225344Srwatson if (!biba_dominate_effective(obj, subj)) 1727225344Srwatson return (EACCES); 1728225344Srwatson } 1729225344Srwatson if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 1730225344Srwatson if (!biba_dominate_effective(subj, obj)) 1731225344Srwatson return (EACCES); 1732225344Srwatson } 1733225344Srwatson 1734225344Srwatson return (0); 1735225344Srwatson} 1736225344Srwatson 1737225344Srwatsonstatic int 1738225344Srwatsonbiba_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1739225344Srwatson struct label *shmlabel, accmode_t accmode) 1740225344Srwatson{ 1741225344Srwatson struct mac_biba *subj, *obj; 1742225344Srwatson 1743225344Srwatson if (!biba_enabled) 1744225344Srwatson return (0); 1745225344Srwatson 1746225344Srwatson subj = SLOT(cred->cr_label); 1747225344Srwatson obj = SLOT(shmlabel); 1748225344Srwatson 1749225344Srwatson if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { 1750225344Srwatson if (!biba_dominate_effective(obj, subj)) 1751225344Srwatson return (EACCES); 1752225344Srwatson } 1753225344Srwatson if (accmode & VMODIFY_PERMS) { 1754225344Srwatson if (!biba_dominate_effective(subj, obj)) 1755225344Srwatson return (EACCES); 1756225344Srwatson } 1757225344Srwatson 1758225344Srwatson return (0); 1759225344Srwatson} 1760225344Srwatson 1761225344Srwatsonstatic int 1762254603Skibbiba_posixshm_check_read(struct ucred *active_cred, struct ucred *file_cred, 1763254603Skib struct shmfd *vp, struct label *shmlabel) 1764254603Skib{ 1765254603Skib struct mac_biba *subj, *obj; 1766254603Skib 1767254603Skib if (!biba_enabled || !revocation_enabled) 1768254603Skib return (0); 1769254603Skib 1770254603Skib subj = SLOT(active_cred->cr_label); 1771254603Skib obj = SLOT(shmlabel); 1772254603Skib 1773254603Skib if (!biba_dominate_effective(obj, subj)) 1774254603Skib return (EACCES); 1775254603Skib 1776254603Skib return (0); 1777254603Skib} 1778254603Skib 1779254603Skibstatic int 1780225344Srwatsonbiba_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1781225344Srwatson struct label *shmlabel, mode_t mode) 1782225344Srwatson{ 1783225344Srwatson struct mac_biba *subj, *obj; 1784225344Srwatson 1785225344Srwatson if (!biba_enabled) 1786225344Srwatson return (0); 1787225344Srwatson 1788225344Srwatson subj = SLOT(cred->cr_label); 1789225344Srwatson obj = SLOT(shmlabel); 1790225344Srwatson 1791225344Srwatson if (!biba_dominate_effective(subj, obj)) 1792225344Srwatson return (EACCES); 1793225344Srwatson 1794225344Srwatson return (0); 1795225344Srwatson} 1796225344Srwatson 1797225344Srwatsonstatic int 1798225344Srwatsonbiba_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1799225344Srwatson struct label *shmlabel, uid_t uid, gid_t gid) 1800225344Srwatson{ 1801225344Srwatson struct mac_biba *subj, *obj; 1802225344Srwatson 1803225344Srwatson if (!biba_enabled) 1804225344Srwatson return (0); 1805225344Srwatson 1806225344Srwatson subj = SLOT(cred->cr_label); 1807225344Srwatson obj = SLOT(shmlabel); 1808225344Srwatson 1809225344Srwatson if (!biba_dominate_effective(subj, obj)) 1810225344Srwatson return (EACCES); 1811225344Srwatson 1812225344Srwatson return (0); 1813225344Srwatson} 1814225344Srwatson 1815225344Srwatsonstatic int 1816225344Srwatsonbiba_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, 1817225344Srwatson struct shmfd *shmfd, struct label *shmlabel) 1818225344Srwatson{ 1819225344Srwatson struct mac_biba *subj, *obj; 1820225344Srwatson 1821225344Srwatson if (!biba_enabled) 1822225344Srwatson return (0); 1823225344Srwatson 1824225344Srwatson subj = SLOT(active_cred->cr_label); 1825225344Srwatson obj = SLOT(shmlabel); 1826225344Srwatson 1827225344Srwatson if (!biba_dominate_effective(obj, subj)) 1828225344Srwatson return (EACCES); 1829225344Srwatson 1830225344Srwatson return (0); 1831225344Srwatson} 1832225344Srwatson 1833225344Srwatsonstatic int 1834225344Srwatsonbiba_posixshm_check_truncate(struct ucred *active_cred, 1835225344Srwatson struct ucred *file_cred, struct shmfd *shmfd, struct label *shmlabel) 1836225344Srwatson{ 1837225344Srwatson struct mac_biba *subj, *obj; 1838225344Srwatson 1839225344Srwatson if (!biba_enabled) 1840225344Srwatson return (0); 1841225344Srwatson 1842225344Srwatson subj = SLOT(active_cred->cr_label); 1843225344Srwatson obj = SLOT(shmlabel); 1844225344Srwatson 1845225344Srwatson if (!biba_dominate_effective(subj, obj)) 1846225344Srwatson return (EACCES); 1847225344Srwatson 1848225344Srwatson return (0); 1849225344Srwatson} 1850225344Srwatson 1851225344Srwatsonstatic int 1852225344Srwatsonbiba_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1853225344Srwatson struct label *shmlabel) 1854225344Srwatson{ 1855225344Srwatson struct mac_biba *subj, *obj; 1856225344Srwatson 1857225344Srwatson if (!biba_enabled) 1858225344Srwatson return (0); 1859225344Srwatson 1860225344Srwatson subj = SLOT(cred->cr_label); 1861225344Srwatson obj = SLOT(shmlabel); 1862225344Srwatson 1863225344Srwatson if (!biba_dominate_effective(subj, obj)) 1864225344Srwatson return (EACCES); 1865225344Srwatson 1866225344Srwatson return (0); 1867225344Srwatson} 1868225344Srwatson 1869254603Skibstatic int 1870254603Skibbiba_posixshm_check_write(struct ucred *active_cred, struct ucred *file_cred, 1871254603Skib struct shmfd *vp, struct label *shmlabel) 1872254603Skib{ 1873254603Skib struct mac_biba *subj, *obj; 1874254603Skib 1875254603Skib if (!biba_enabled || !revocation_enabled) 1876254603Skib return (0); 1877254603Skib 1878254603Skib subj = SLOT(active_cred->cr_label); 1879254603Skib obj = SLOT(shmlabel); 1880254603Skib 1881254603Skib if (!biba_dominate_effective(obj, subj)) 1882254603Skib return (EACCES); 1883254603Skib 1884254603Skib return (0); 1885254603Skib} 1886254603Skib 1887225344Srwatsonstatic void 1888225344Srwatsonbiba_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1889225344Srwatson struct label *shmlabel) 1890225344Srwatson{ 1891225344Srwatson struct mac_biba *source, *dest; 1892225344Srwatson 1893225344Srwatson source = SLOT(cred->cr_label); 1894225344Srwatson dest = SLOT(shmlabel); 1895225344Srwatson 1896225344Srwatson biba_copy_effective(source, dest); 1897225344Srwatson} 1898225344Srwatson 1899173138Srwatson/* 1900173138Srwatson * Some system privileges are allowed regardless of integrity grade; others 1901173138Srwatson * are allowed only when running with privilege with respect to the Biba 1902173138Srwatson * policy as they might otherwise allow bypassing of the integrity policy. 1903173138Srwatson */ 1904140628Srwatsonstatic int 1905173138Srwatsonbiba_priv_check(struct ucred *cred, int priv) 1906140628Srwatson{ 1907173138Srwatson struct mac_biba *subj; 1908173138Srwatson int error; 1909140628Srwatson 1910172955Srwatson if (!biba_enabled) 1911140628Srwatson return (0); 1912140628Srwatson 1913173138Srwatson /* 1914173138Srwatson * Exempt only specific privileges from the Biba integrity policy. 1915173138Srwatson */ 1916173138Srwatson switch (priv) { 1917173138Srwatson case PRIV_KTRACE: 1918173138Srwatson case PRIV_MSGBUF: 1919140628Srwatson 1920173138Srwatson /* 1921173138Srwatson * Allow processes to manipulate basic process audit properties, and 1922173138Srwatson * to submit audit records. 1923173138Srwatson */ 1924173138Srwatson case PRIV_AUDIT_GETAUDIT: 1925173138Srwatson case PRIV_AUDIT_SETAUDIT: 1926173138Srwatson case PRIV_AUDIT_SUBMIT: 1927140628Srwatson 1928173138Srwatson /* 1929173138Srwatson * Allow processes to manipulate their regular UNIX credentials. 1930173138Srwatson */ 1931173138Srwatson case PRIV_CRED_SETUID: 1932173138Srwatson case PRIV_CRED_SETEUID: 1933173138Srwatson case PRIV_CRED_SETGID: 1934173138Srwatson case PRIV_CRED_SETEGID: 1935173138Srwatson case PRIV_CRED_SETGROUPS: 1936173138Srwatson case PRIV_CRED_SETREUID: 1937173138Srwatson case PRIV_CRED_SETREGID: 1938173138Srwatson case PRIV_CRED_SETRESUID: 1939173138Srwatson case PRIV_CRED_SETRESGID: 1940173138Srwatson 1941173138Srwatson /* 1942173138Srwatson * Allow processes to perform system monitoring. 1943173138Srwatson */ 1944173138Srwatson case PRIV_SEEOTHERGIDS: 1945173138Srwatson case PRIV_SEEOTHERUIDS: 1946173138Srwatson break; 1947173138Srwatson 1948173138Srwatson /* 1949173138Srwatson * Allow access to general process debugging facilities. We 1950173138Srwatson * separately control debugging based on MAC label. 1951173138Srwatson */ 1952173138Srwatson case PRIV_DEBUG_DIFFCRED: 1953173138Srwatson case PRIV_DEBUG_SUGID: 1954173138Srwatson case PRIV_DEBUG_UNPRIV: 1955173138Srwatson 1956173138Srwatson /* 1957173138Srwatson * Allow manipulating jails. 1958173138Srwatson */ 1959173138Srwatson case PRIV_JAIL_ATTACH: 1960173138Srwatson 1961173138Srwatson /* 1962173138Srwatson * Allow privilege with respect to the Partition policy, but not the 1963173138Srwatson * Privs policy. 1964173138Srwatson */ 1965173138Srwatson case PRIV_MAC_PARTITION: 1966173138Srwatson 1967173138Srwatson /* 1968173138Srwatson * Allow privilege with respect to process resource limits and login 1969173138Srwatson * context. 1970173138Srwatson */ 1971173138Srwatson case PRIV_PROC_LIMIT: 1972173138Srwatson case PRIV_PROC_SETLOGIN: 1973173138Srwatson case PRIV_PROC_SETRLIMIT: 1974173138Srwatson 1975173138Srwatson /* 1976173138Srwatson * Allow System V and POSIX IPC privileges. 1977173138Srwatson */ 1978173138Srwatson case PRIV_IPC_READ: 1979173138Srwatson case PRIV_IPC_WRITE: 1980173138Srwatson case PRIV_IPC_ADMIN: 1981173138Srwatson case PRIV_IPC_MSGSIZE: 1982173138Srwatson case PRIV_MQ_ADMIN: 1983173138Srwatson 1984173138Srwatson /* 1985173138Srwatson * Allow certain scheduler manipulations -- possibly this should be 1986173138Srwatson * controlled by more fine-grained policy, as potentially low 1987173138Srwatson * integrity processes can deny CPU to higher integrity ones. 1988173138Srwatson */ 1989173138Srwatson case PRIV_SCHED_DIFFCRED: 1990173138Srwatson case PRIV_SCHED_SETPRIORITY: 1991173138Srwatson case PRIV_SCHED_RTPRIO: 1992173138Srwatson case PRIV_SCHED_SETPOLICY: 1993173138Srwatson case PRIV_SCHED_SET: 1994173138Srwatson case PRIV_SCHED_SETPARAM: 1995173138Srwatson 1996173138Srwatson /* 1997173138Srwatson * More IPC privileges. 1998173138Srwatson */ 1999173138Srwatson case PRIV_SEM_WRITE: 2000173138Srwatson 2001173138Srwatson /* 2002173138Srwatson * Allow signaling privileges subject to integrity policy. 2003173138Srwatson */ 2004173138Srwatson case PRIV_SIGNAL_DIFFCRED: 2005173138Srwatson case PRIV_SIGNAL_SUGID: 2006173138Srwatson 2007173138Srwatson /* 2008173138Srwatson * Allow access to only limited sysctls from lower integrity levels; 2009173138Srwatson * piggy-back on the Jail definition. 2010173138Srwatson */ 2011173138Srwatson case PRIV_SYSCTL_WRITEJAIL: 2012173138Srwatson 2013173138Srwatson /* 2014173138Srwatson * Allow TTY-based privileges, subject to general device access using 2015173138Srwatson * labels on TTY device nodes, but not console privilege. 2016173138Srwatson */ 2017173138Srwatson case PRIV_TTY_DRAINWAIT: 2018173138Srwatson case PRIV_TTY_DTRWAIT: 2019173138Srwatson case PRIV_TTY_EXCLUSIVE: 2020173138Srwatson case PRIV_TTY_STI: 2021173138Srwatson case PRIV_TTY_SETA: 2022173138Srwatson 2023173138Srwatson /* 2024173138Srwatson * Grant most VFS privileges, as almost all are in practice bounded 2025173138Srwatson * by more specific checks using labels. 2026173138Srwatson */ 2027173138Srwatson case PRIV_VFS_READ: 2028173138Srwatson case PRIV_VFS_WRITE: 2029173138Srwatson case PRIV_VFS_ADMIN: 2030173138Srwatson case PRIV_VFS_EXEC: 2031173138Srwatson case PRIV_VFS_LOOKUP: 2032173138Srwatson case PRIV_VFS_CHFLAGS_DEV: 2033173138Srwatson case PRIV_VFS_CHOWN: 2034173138Srwatson case PRIV_VFS_CHROOT: 2035173138Srwatson case PRIV_VFS_RETAINSUGID: 2036173138Srwatson case PRIV_VFS_EXCEEDQUOTA: 2037173138Srwatson case PRIV_VFS_FCHROOT: 2038173138Srwatson case PRIV_VFS_FHOPEN: 2039173138Srwatson case PRIV_VFS_FHSTATFS: 2040173138Srwatson case PRIV_VFS_GENERATION: 2041173138Srwatson case PRIV_VFS_GETFH: 2042173138Srwatson case PRIV_VFS_GETQUOTA: 2043173138Srwatson case PRIV_VFS_LINK: 2044173138Srwatson case PRIV_VFS_MOUNT: 2045173138Srwatson case PRIV_VFS_MOUNT_OWNER: 2046173138Srwatson case PRIV_VFS_MOUNT_PERM: 2047173138Srwatson case PRIV_VFS_MOUNT_SUIDDIR: 2048173138Srwatson case PRIV_VFS_MOUNT_NONUSER: 2049173138Srwatson case PRIV_VFS_SETGID: 2050173138Srwatson case PRIV_VFS_STICKYFILE: 2051173138Srwatson case PRIV_VFS_SYSFLAGS: 2052173138Srwatson case PRIV_VFS_UNMOUNT: 2053173138Srwatson 2054173138Srwatson /* 2055173138Srwatson * Allow VM privileges; it would be nice if these were subject to 2056173138Srwatson * resource limits. 2057173138Srwatson */ 2058173138Srwatson case PRIV_VM_MADV_PROTECT: 2059173138Srwatson case PRIV_VM_MLOCK: 2060173138Srwatson case PRIV_VM_MUNLOCK: 2061194766Skib case PRIV_VM_SWAP_NOQUOTA: 2062194766Skib case PRIV_VM_SWAP_NORLIMIT: 2063173138Srwatson 2064173138Srwatson /* 2065173138Srwatson * Allow some but not all network privileges. In general, dont allow 2066173138Srwatson * reconfiguring the network stack, just normal use. 2067173138Srwatson */ 2068173138Srwatson case PRIV_NETATALK_RESERVEDPORT: 2069173138Srwatson case PRIV_NETINET_RESERVEDPORT: 2070173138Srwatson case PRIV_NETINET_RAW: 2071173138Srwatson case PRIV_NETINET_REUSEPORT: 2072173138Srwatson case PRIV_NETIPX_RESERVEDPORT: 2073173138Srwatson case PRIV_NETIPX_RAW: 2074173138Srwatson break; 2075173138Srwatson 2076173138Srwatson /* 2077173138Srwatson * All remaining system privileges are allow only if the process 2078173138Srwatson * holds privilege with respect to the Biba policy. 2079173138Srwatson */ 2080173138Srwatson default: 2081173138Srwatson subj = SLOT(cred->cr_label); 2082173138Srwatson error = biba_subject_privileged(subj); 2083173138Srwatson if (error) 2084173138Srwatson return (error); 2085173138Srwatson } 2086140628Srwatson return (0); 2087140628Srwatson} 2088140628Srwatson 2089140628Srwatsonstatic int 2090173138Srwatsonbiba_proc_check_debug(struct ucred *cred, struct proc *p) 2091140628Srwatson{ 2092140628Srwatson struct mac_biba *subj, *obj; 2093140628Srwatson 2094172955Srwatson if (!biba_enabled) 2095140628Srwatson return (0); 2096140628Srwatson 2097140628Srwatson subj = SLOT(cred->cr_label); 2098173138Srwatson obj = SLOT(p->p_ucred->cr_label); 2099140628Srwatson 2100173138Srwatson /* XXX: range checks */ 2101172955Srwatson if (!biba_dominate_effective(obj, subj)) 2102173138Srwatson return (ESRCH); 2103173138Srwatson if (!biba_dominate_effective(subj, obj)) 2104140628Srwatson return (EACCES); 2105140628Srwatson 2106140628Srwatson return (0); 2107140628Srwatson} 2108140628Srwatson 2109140628Srwatsonstatic int 2110173138Srwatsonbiba_proc_check_sched(struct ucred *cred, struct proc *p) 2111140628Srwatson{ 2112140628Srwatson struct mac_biba *subj, *obj; 2113140628Srwatson 2114172955Srwatson if (!biba_enabled) 2115140628Srwatson return (0); 2116140628Srwatson 2117140628Srwatson subj = SLOT(cred->cr_label); 2118173138Srwatson obj = SLOT(p->p_ucred->cr_label); 2119140628Srwatson 2120173138Srwatson /* XXX: range checks */ 2121173138Srwatson if (!biba_dominate_effective(obj, subj)) 2122173138Srwatson return (ESRCH); 2123172955Srwatson if (!biba_dominate_effective(subj, obj)) 2124140628Srwatson return (EACCES); 2125140628Srwatson 2126140628Srwatson return (0); 2127140628Srwatson} 2128140628Srwatson 2129140628Srwatsonstatic int 2130173138Srwatsonbiba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 2131140628Srwatson{ 2132140628Srwatson struct mac_biba *subj, *obj; 2133140628Srwatson 2134172955Srwatson if (!biba_enabled) 2135140628Srwatson return (0); 2136140628Srwatson 2137140628Srwatson subj = SLOT(cred->cr_label); 2138173138Srwatson obj = SLOT(p->p_ucred->cr_label); 2139140628Srwatson 2140173138Srwatson /* XXX: range checks */ 2141172955Srwatson if (!biba_dominate_effective(obj, subj)) 2142173138Srwatson return (ESRCH); 2143173138Srwatson if (!biba_dominate_effective(subj, obj)) 2144140628Srwatson return (EACCES); 2145140628Srwatson 2146140628Srwatson return (0); 2147140628Srwatson} 2148140628Srwatson 2149140628Srwatsonstatic int 2150173138Srwatsonbiba_socket_check_deliver(struct socket *so, struct label *solabel, 2151173138Srwatson struct mbuf *m, struct label *mlabel) 2152140628Srwatson{ 2153173138Srwatson struct mac_biba *p, *s; 2154193391Srwatson int error; 2155140628Srwatson 2156172955Srwatson if (!biba_enabled) 2157140628Srwatson return (0); 2158140628Srwatson 2159173138Srwatson p = SLOT(mlabel); 2160173138Srwatson s = SLOT(solabel); 2161140628Srwatson 2162193391Srwatson SOCK_LOCK(so); 2163193391Srwatson error = biba_equal_effective(p, s) ? 0 : EACCES; 2164193391Srwatson SOCK_UNLOCK(so); 2165193391Srwatson return (error); 2166173138Srwatson} 2167140628Srwatson 2168140628Srwatsonstatic int 2169173138Srwatsonbiba_socket_check_relabel(struct ucred *cred, struct socket *so, 2170173138Srwatson struct label *solabel, struct label *newlabel) 2171140628Srwatson{ 2172173138Srwatson struct mac_biba *subj, *obj, *new; 2173173138Srwatson int error; 2174140628Srwatson 2175193391Srwatson SOCK_LOCK_ASSERT(so); 2176193391Srwatson 2177173138Srwatson new = SLOT(newlabel); 2178140628Srwatson subj = SLOT(cred->cr_label); 2179173138Srwatson obj = SLOT(solabel); 2180140628Srwatson 2181173138Srwatson /* 2182173138Srwatson * If there is a Biba label update for the socket, it may be an 2183173138Srwatson * update of effective. 2184173138Srwatson */ 2185173138Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 2186173138Srwatson if (error) 2187173138Srwatson return (error); 2188140628Srwatson 2189173138Srwatson /* 2190173138Srwatson * To relabel a socket, the old socket effective must be in the 2191173138Srwatson * subject range. 2192173138Srwatson */ 2193173138Srwatson if (!biba_effective_in_range(obj, subj)) 2194173138Srwatson return (EPERM); 2195140628Srwatson 2196173138Srwatson /* 2197173138Srwatson * If the Biba label is to be changed, authorize as appropriate. 2198173138Srwatson */ 2199173138Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 2200173138Srwatson /* 2201173138Srwatson * To relabel a socket, the new socket effective must be in 2202173138Srwatson * the subject range. 2203173138Srwatson */ 2204173138Srwatson if (!biba_effective_in_range(new, subj)) 2205173138Srwatson return (EPERM); 2206173138Srwatson 2207173138Srwatson /* 2208173138Srwatson * To change the Biba label on the socket to contain EQUAL, 2209173138Srwatson * the subject must have appropriate privilege. 2210173138Srwatson */ 2211173138Srwatson if (biba_contains_equal(new)) { 2212173138Srwatson error = biba_subject_privileged(subj); 2213173138Srwatson if (error) 2214173138Srwatson return (error); 2215173138Srwatson } 2216140628Srwatson } 2217140628Srwatson 2218140628Srwatson return (0); 2219140628Srwatson} 2220140628Srwatson 2221140628Srwatsonstatic int 2222173138Srwatsonbiba_socket_check_visible(struct ucred *cred, struct socket *so, 2223173138Srwatson struct label *solabel) 2224140628Srwatson{ 2225140628Srwatson struct mac_biba *subj, *obj; 2226140628Srwatson 2227172955Srwatson if (!biba_enabled) 2228140628Srwatson return (0); 2229140628Srwatson 2230140628Srwatson subj = SLOT(cred->cr_label); 2231173138Srwatson obj = SLOT(solabel); 2232140628Srwatson 2233193391Srwatson SOCK_LOCK(so); 2234193391Srwatson if (!biba_dominate_effective(obj, subj)) { 2235193391Srwatson SOCK_UNLOCK(so); 2236173138Srwatson return (ENOENT); 2237193391Srwatson } 2238193391Srwatson SOCK_UNLOCK(so); 2239140628Srwatson 2240140628Srwatson return (0); 2241140628Srwatson} 2242140628Srwatson 2243173138Srwatsonstatic void 2244173138Srwatsonbiba_socket_create(struct ucred *cred, struct socket *so, 2245173138Srwatson struct label *solabel) 2246140628Srwatson{ 2247173138Srwatson struct mac_biba *source, *dest; 2248140628Srwatson 2249173138Srwatson source = SLOT(cred->cr_label); 2250173138Srwatson dest = SLOT(solabel); 2251140628Srwatson 2252173138Srwatson biba_copy_effective(source, dest); 2253173138Srwatson} 2254140628Srwatson 2255173138Srwatsonstatic void 2256173138Srwatsonbiba_socket_create_mbuf(struct socket *so, struct label *solabel, 2257173138Srwatson struct mbuf *m, struct label *mlabel) 2258173138Srwatson{ 2259173138Srwatson struct mac_biba *source, *dest; 2260140628Srwatson 2261173138Srwatson source = SLOT(solabel); 2262173138Srwatson dest = SLOT(mlabel); 2263140628Srwatson 2264193391Srwatson SOCK_LOCK(so); 2265173138Srwatson biba_copy_effective(source, dest); 2266193391Srwatson SOCK_UNLOCK(so); 2267140628Srwatson} 2268140628Srwatson 2269173138Srwatsonstatic void 2270173138Srwatsonbiba_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2271173138Srwatson struct socket *newso, struct label *newsolabel) 2272140628Srwatson{ 2273193391Srwatson struct mac_biba source, *dest; 2274140628Srwatson 2275193391Srwatson SOCK_LOCK(oldso); 2276193391Srwatson source = *SLOT(oldsolabel); 2277193391Srwatson SOCK_UNLOCK(oldso); 2278193391Srwatson 2279173138Srwatson dest = SLOT(newsolabel); 2280140628Srwatson 2281193391Srwatson SOCK_LOCK(newso); 2282193391Srwatson biba_copy_effective(&source, dest); 2283193391Srwatson SOCK_UNLOCK(newso); 2284140628Srwatson} 2285140628Srwatson 2286173138Srwatsonstatic void 2287173138Srwatsonbiba_socket_relabel(struct ucred *cred, struct socket *so, 2288173138Srwatson struct label *solabel, struct label *newlabel) 2289140628Srwatson{ 2290173138Srwatson struct mac_biba *source, *dest; 2291140628Srwatson 2292193391Srwatson SOCK_LOCK_ASSERT(so); 2293193391Srwatson 2294173138Srwatson source = SLOT(newlabel); 2295173138Srwatson dest = SLOT(solabel); 2296140628Srwatson 2297173138Srwatson biba_copy(source, dest); 2298173138Srwatson} 2299140628Srwatson 2300173138Srwatsonstatic void 2301173138Srwatsonbiba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2302173138Srwatson struct socket *so, struct label *sopeerlabel) 2303173138Srwatson{ 2304173138Srwatson struct mac_biba *source, *dest; 2305140628Srwatson 2306173138Srwatson source = SLOT(mlabel); 2307173138Srwatson dest = SLOT(sopeerlabel); 2308140628Srwatson 2309193391Srwatson SOCK_LOCK(so); 2310173138Srwatson biba_copy_effective(source, dest); 2311193391Srwatson SOCK_UNLOCK(so); 2312140628Srwatson} 2313140628Srwatson 2314173138Srwatsonstatic void 2315173138Srwatsonbiba_socketpeer_set_from_socket(struct socket *oldso, 2316173138Srwatson struct label *oldsolabel, struct socket *newso, 2317173138Srwatson struct label *newsopeerlabel) 2318140628Srwatson{ 2319193391Srwatson struct mac_biba source, *dest; 2320140628Srwatson 2321193391Srwatson SOCK_LOCK(oldso); 2322193391Srwatson source = *SLOT(oldsolabel); 2323193391Srwatson SOCK_UNLOCK(oldso); 2324173138Srwatson dest = SLOT(newsopeerlabel); 2325140628Srwatson 2326193391Srwatson SOCK_LOCK(newso); 2327193391Srwatson biba_copy_effective(&source, dest); 2328193391Srwatson SOCK_UNLOCK(newso); 2329173138Srwatson} 2330140628Srwatson 2331173138Srwatsonstatic void 2332173138Srwatsonbiba_syncache_create(struct label *label, struct inpcb *inp) 2333173138Srwatson{ 2334173138Srwatson struct mac_biba *source, *dest; 2335140628Srwatson 2336173138Srwatson source = SLOT(inp->inp_label); 2337173138Srwatson dest = SLOT(label); 2338173138Srwatson biba_copy_effective(source, dest); 2339140628Srwatson} 2340140628Srwatson 2341173138Srwatsonstatic void 2342173138Srwatsonbiba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2343173138Srwatson struct label *mlabel) 2344173138Srwatson{ 2345173138Srwatson struct mac_biba *source, *dest; 2346173138Srwatson 2347173138Srwatson source = SLOT(sc_label); 2348173138Srwatson dest = SLOT(mlabel); 2349173138Srwatson biba_copy_effective(source, dest); 2350173138Srwatson} 2351173138Srwatson 2352140628Srwatsonstatic int 2353173138Srwatsonbiba_system_check_acct(struct ucred *cred, struct vnode *vp, 2354168976Srwatson struct label *vplabel) 2355110354Srwatson{ 2356110354Srwatson struct mac_biba *subj, *obj; 2357110354Srwatson int error; 2358110354Srwatson 2359172955Srwatson if (!biba_enabled) 2360110354Srwatson return (0); 2361110354Srwatson 2362122524Srwatson subj = SLOT(cred->cr_label); 2363110354Srwatson 2364172955Srwatson error = biba_subject_privileged(subj); 2365110354Srwatson if (error) 2366110354Srwatson return (error); 2367110354Srwatson 2368173138Srwatson if (vplabel == NULL) 2369173138Srwatson return (0); 2370173138Srwatson 2371168976Srwatson obj = SLOT(vplabel); 2372172955Srwatson if (!biba_high_effective(obj)) 2373110354Srwatson return (EACCES); 2374110354Srwatson 2375110354Srwatson return (0); 2376110354Srwatson} 2377110354Srwatson 2378110354Srwatsonstatic int 2379173138Srwatsonbiba_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2380173138Srwatson struct label *vplabel) 2381101099Srwatson{ 2382101099Srwatson struct mac_biba *subj, *obj; 2383173138Srwatson int error; 2384101099Srwatson 2385172955Srwatson if (!biba_enabled) 2386101099Srwatson return (0); 2387101099Srwatson 2388122524Srwatson subj = SLOT(cred->cr_label); 2389101099Srwatson 2390173138Srwatson error = biba_subject_privileged(subj); 2391173138Srwatson if (error) 2392173138Srwatson return (error); 2393173138Srwatson 2394173138Srwatson if (vplabel == NULL) 2395173138Srwatson return (0); 2396173138Srwatson 2397173138Srwatson obj = SLOT(vplabel); 2398173138Srwatson if (!biba_high_effective(obj)) 2399101099Srwatson return (EACCES); 2400101099Srwatson 2401101099Srwatson return (0); 2402101099Srwatson} 2403101099Srwatson 2404101099Srwatsonstatic int 2405173138Srwatsonbiba_system_check_auditon(struct ucred *cred, int cmd) 2406101099Srwatson{ 2407173138Srwatson struct mac_biba *subj; 2408173138Srwatson int error; 2409103759Srwatson 2410173138Srwatson if (!biba_enabled) 2411101099Srwatson return (0); 2412101099Srwatson 2413173138Srwatson subj = SLOT(cred->cr_label); 2414101099Srwatson 2415173138Srwatson error = biba_subject_privileged(subj); 2416173138Srwatson if (error) 2417173138Srwatson return (error); 2418173138Srwatson 2419101099Srwatson return (0); 2420101099Srwatson} 2421101099Srwatson 2422101099Srwatsonstatic int 2423173138Srwatsonbiba_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2424173138Srwatson struct label *label) 2425101099Srwatson{ 2426173138Srwatson struct mac_biba *subj; 2427173138Srwatson int error; 2428101099Srwatson 2429172955Srwatson if (!biba_enabled) 2430101099Srwatson return (0); 2431101099Srwatson 2432122524Srwatson subj = SLOT(cred->cr_label); 2433101099Srwatson 2434173138Srwatson error = biba_subject_privileged(subj); 2435173138Srwatson if (error) 2436173138Srwatson return (error); 2437101099Srwatson 2438101099Srwatson return (0); 2439101099Srwatson} 2440101099Srwatson 2441101099Srwatsonstatic int 2442173138Srwatsonbiba_system_check_swapon(struct ucred *cred, struct vnode *vp, 2443173138Srwatson struct label *vplabel) 2444102115Srwatson{ 2445102115Srwatson struct mac_biba *subj, *obj; 2446173138Srwatson int error; 2447102115Srwatson 2448172955Srwatson if (!biba_enabled) 2449102115Srwatson return (0); 2450102115Srwatson 2451122524Srwatson subj = SLOT(cred->cr_label); 2452173138Srwatson obj = SLOT(vplabel); 2453102115Srwatson 2454173138Srwatson error = biba_subject_privileged(subj); 2455173138Srwatson if (error) 2456173138Srwatson return (error); 2457173138Srwatson 2458173138Srwatson if (!biba_high_effective(obj)) 2459102115Srwatson return (EACCES); 2460102115Srwatson 2461102115Srwatson return (0); 2462102115Srwatson} 2463102115Srwatson 2464102115Srwatsonstatic int 2465173138Srwatsonbiba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2466173138Srwatson void *arg1, int arg2, struct sysctl_req *req) 2467101099Srwatson{ 2468173138Srwatson struct mac_biba *subj; 2469105634Srwatson int error; 2470101099Srwatson 2471173138Srwatson if (!biba_enabled) 2472173138Srwatson return (0); 2473173138Srwatson 2474122524Srwatson subj = SLOT(cred->cr_label); 2475101099Srwatson 2476101099Srwatson /* 2477173138Srwatson * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, 2478173138Srwatson * but also require privilege to change them. 2479101099Srwatson */ 2480173138Srwatson if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { 2481173138Srwatson if (!biba_subject_dominate_high(subj)) 2482173138Srwatson return (EACCES); 2483101099Srwatson 2484173138Srwatson error = biba_subject_privileged(subj); 2485173138Srwatson if (error) 2486173138Srwatson return (error); 2487105634Srwatson } 2488105634Srwatson 2489101099Srwatson return (0); 2490101099Srwatson} 2491101099Srwatson 2492173138Srwatsonstatic void 2493173138Srwatsonbiba_sysvmsg_cleanup(struct label *msglabel) 2494102115Srwatson{ 2495102115Srwatson 2496173138Srwatson bzero(SLOT(msglabel), sizeof(struct mac_biba)); 2497173138Srwatson} 2498102115Srwatson 2499173138Srwatsonstatic void 2500173138Srwatsonbiba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2501173138Srwatson struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2502173138Srwatson{ 2503173138Srwatson struct mac_biba *source, *dest; 2504102115Srwatson 2505173138Srwatson /* Ignore the msgq label */ 2506173138Srwatson source = SLOT(cred->cr_label); 2507173138Srwatson dest = SLOT(msglabel); 2508102115Srwatson 2509173138Srwatson biba_copy_effective(source, dest); 2510102115Srwatson} 2511102115Srwatson 2512102115Srwatsonstatic int 2513173138Srwatsonbiba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2514173138Srwatson struct label *msglabel) 2515102115Srwatson{ 2516102115Srwatson struct mac_biba *subj, *obj; 2517102115Srwatson 2518172955Srwatson if (!biba_enabled) 2519102115Srwatson return (0); 2520102115Srwatson 2521122524Srwatson subj = SLOT(cred->cr_label); 2522173138Srwatson obj = SLOT(msglabel); 2523102115Srwatson 2524173138Srwatson if (!biba_dominate_effective(obj, subj)) 2525102115Srwatson return (EACCES); 2526102115Srwatson 2527102115Srwatson return (0); 2528102115Srwatson} 2529102115Srwatson 2530102115Srwatsonstatic int 2531173138Srwatsonbiba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2532173138Srwatson struct label *msglabel) 2533145855Srwatson{ 2534145855Srwatson struct mac_biba *subj, *obj; 2535145855Srwatson 2536172955Srwatson if (!biba_enabled) 2537145855Srwatson return (0); 2538145855Srwatson 2539145855Srwatson subj = SLOT(cred->cr_label); 2540173138Srwatson obj = SLOT(msglabel); 2541145855Srwatson 2542172955Srwatson if (!biba_dominate_effective(subj, obj)) 2543145855Srwatson return (EACCES); 2544145855Srwatson 2545145855Srwatson return (0); 2546145855Srwatson} 2547145855Srwatson 2548145855Srwatsonstatic int 2549173138Srwatsonbiba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 2550173138Srwatson struct label *msqklabel) 2551145855Srwatson{ 2552145855Srwatson struct mac_biba *subj, *obj; 2553145855Srwatson 2554172955Srwatson if (!biba_enabled) 2555145855Srwatson return (0); 2556145855Srwatson 2557145855Srwatson subj = SLOT(cred->cr_label); 2558173138Srwatson obj = SLOT(msqklabel); 2559145855Srwatson 2560172955Srwatson if (!biba_dominate_effective(obj, subj)) 2561145855Srwatson return (EACCES); 2562145855Srwatson 2563145855Srwatson return (0); 2564145855Srwatson} 2565145855Srwatson 2566145855Srwatsonstatic int 2567173138Srwatsonbiba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 2568173138Srwatson struct label *msqklabel) 2569101099Srwatson{ 2570101099Srwatson struct mac_biba *subj, *obj; 2571101099Srwatson 2572172955Srwatson if (!biba_enabled) 2573101099Srwatson return (0); 2574101099Srwatson 2575122524Srwatson subj = SLOT(cred->cr_label); 2576173138Srwatson obj = SLOT(msqklabel); 2577101099Srwatson 2578172955Srwatson if (!biba_dominate_effective(subj, obj)) 2579101099Srwatson return (EACCES); 2580101099Srwatson 2581101099Srwatson return (0); 2582101099Srwatson} 2583101099Srwatson 2584101099Srwatsonstatic int 2585173138Srwatsonbiba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 2586173138Srwatson struct label *msqklabel) 2587101099Srwatson{ 2588101099Srwatson struct mac_biba *subj, *obj; 2589103759Srwatson 2590172955Srwatson if (!biba_enabled) 2591101099Srwatson return (0); 2592101099Srwatson 2593122524Srwatson subj = SLOT(cred->cr_label); 2594173138Srwatson obj = SLOT(msqklabel); 2595103759Srwatson 2596172955Srwatson if (!biba_dominate_effective(obj, subj)) 2597101099Srwatson return (EACCES); 2598101099Srwatson 2599101099Srwatson return (0); 2600101099Srwatson} 2601101099Srwatson 2602101099Srwatsonstatic int 2603173138Srwatsonbiba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 2604173138Srwatson struct label *msqklabel, int cmd) 2605101099Srwatson{ 2606101099Srwatson struct mac_biba *subj, *obj; 2607103759Srwatson 2608172955Srwatson if (!biba_enabled) 2609101099Srwatson return (0); 2610101099Srwatson 2611122524Srwatson subj = SLOT(cred->cr_label); 2612173138Srwatson obj = SLOT(msqklabel); 2613103759Srwatson 2614173138Srwatson switch(cmd) { 2615173138Srwatson case IPC_RMID: 2616173138Srwatson case IPC_SET: 2617173138Srwatson if (!biba_dominate_effective(subj, obj)) 2618173138Srwatson return (EACCES); 2619173138Srwatson break; 2620173138Srwatson 2621173138Srwatson case IPC_STAT: 2622173138Srwatson if (!biba_dominate_effective(obj, subj)) 2623173138Srwatson return (EACCES); 2624173138Srwatson break; 2625173138Srwatson 2626173138Srwatson default: 2627101099Srwatson return (EACCES); 2628173138Srwatson } 2629101099Srwatson 2630101099Srwatson return (0); 2631101099Srwatson} 2632101099Srwatson 2633173138Srwatsonstatic void 2634173138Srwatsonbiba_sysvmsq_cleanup(struct label *msqlabel) 2635101099Srwatson{ 2636101099Srwatson 2637173138Srwatson bzero(SLOT(msqlabel), sizeof(struct mac_biba)); 2638173138Srwatson} 2639101099Srwatson 2640173138Srwatsonstatic void 2641173138Srwatsonbiba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2642173138Srwatson struct label *msqlabel) 2643173138Srwatson{ 2644173138Srwatson struct mac_biba *source, *dest; 2645101099Srwatson 2646173138Srwatson source = SLOT(cred->cr_label); 2647173138Srwatson dest = SLOT(msqlabel); 2648173138Srwatson 2649173138Srwatson biba_copy_effective(source, dest); 2650101099Srwatson} 2651101099Srwatson 2652101099Srwatsonstatic int 2653173138Srwatsonbiba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 2654173138Srwatson struct label *semaklabel, int cmd) 2655101099Srwatson{ 2656173138Srwatson struct mac_biba *subj, *obj; 2657101099Srwatson 2658173138Srwatson if (!biba_enabled) 2659173138Srwatson return (0); 2660173138Srwatson 2661122524Srwatson subj = SLOT(cred->cr_label); 2662173138Srwatson obj = SLOT(semaklabel); 2663101099Srwatson 2664173138Srwatson switch(cmd) { 2665173138Srwatson case IPC_RMID: 2666173138Srwatson case IPC_SET: 2667173138Srwatson case SETVAL: 2668173138Srwatson case SETALL: 2669173138Srwatson if (!biba_dominate_effective(subj, obj)) 2670173138Srwatson return (EACCES); 2671173138Srwatson break; 2672101099Srwatson 2673173138Srwatson case IPC_STAT: 2674173138Srwatson case GETVAL: 2675173138Srwatson case GETPID: 2676173138Srwatson case GETNCNT: 2677173138Srwatson case GETZCNT: 2678173138Srwatson case GETALL: 2679173138Srwatson if (!biba_dominate_effective(obj, subj)) 2680173138Srwatson return (EACCES); 2681173138Srwatson break; 2682101099Srwatson 2683173138Srwatson default: 2684173138Srwatson return (EACCES); 2685105634Srwatson } 2686105634Srwatson 2687101099Srwatson return (0); 2688101099Srwatson} 2689101099Srwatson 2690101099Srwatsonstatic int 2691173138Srwatsonbiba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, 2692173138Srwatson struct label *semaklabel) 2693101099Srwatson{ 2694101099Srwatson struct mac_biba *subj, *obj; 2695101099Srwatson 2696172955Srwatson if (!biba_enabled) 2697105722Srwatson return (0); 2698105722Srwatson 2699122524Srwatson subj = SLOT(cred->cr_label); 2700173138Srwatson obj = SLOT(semaklabel); 2701101099Srwatson 2702172955Srwatson if (!biba_dominate_effective(obj, subj)) 2703173138Srwatson return (EACCES); 2704101099Srwatson 2705101099Srwatson return (0); 2706101099Srwatson} 2707101099Srwatson 2708101099Srwatsonstatic int 2709173138Srwatsonbiba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 2710173138Srwatson struct label *semaklabel, size_t accesstype) 2711112574Srwatson{ 2712173138Srwatson struct mac_biba *subj, *obj; 2713112574Srwatson 2714172955Srwatson if (!biba_enabled) 2715112574Srwatson return (0); 2716112574Srwatson 2717173138Srwatson subj = SLOT(cred->cr_label); 2718173138Srwatson obj = SLOT(semaklabel); 2719112574Srwatson 2720173138Srwatson if (accesstype & SEM_R) 2721173138Srwatson if (!biba_dominate_effective(obj, subj)) 2722173138Srwatson return (EACCES); 2723112574Srwatson 2724173138Srwatson if (accesstype & SEM_A) 2725173138Srwatson if (!biba_dominate_effective(subj, obj)) 2726173138Srwatson return (EACCES); 2727168951Srwatson 2728173138Srwatson return (0); 2729173138Srwatson} 2730168951Srwatson 2731173138Srwatsonstatic void 2732173138Srwatsonbiba_sysvsem_cleanup(struct label *semalabel) 2733173138Srwatson{ 2734168951Srwatson 2735173138Srwatson bzero(SLOT(semalabel), sizeof(struct mac_biba)); 2736173138Srwatson} 2737168951Srwatson 2738173138Srwatsonstatic void 2739173138Srwatsonbiba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2740173138Srwatson struct label *semalabel) 2741173138Srwatson{ 2742173138Srwatson struct mac_biba *source, *dest; 2743168951Srwatson 2744173138Srwatson source = SLOT(cred->cr_label); 2745173138Srwatson dest = SLOT(semalabel); 2746168951Srwatson 2747173138Srwatson biba_copy_effective(source, dest); 2748112574Srwatson} 2749112574Srwatson 2750112574Srwatsonstatic int 2751173138Srwatsonbiba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 2752173138Srwatson struct label *shmseglabel, int shmflg) 2753106418Srwatson{ 2754106418Srwatson struct mac_biba *subj, *obj; 2755106418Srwatson 2756172955Srwatson if (!biba_enabled) 2757106418Srwatson return (0); 2758106418Srwatson 2759122524Srwatson subj = SLOT(cred->cr_label); 2760173138Srwatson obj = SLOT(shmseglabel); 2761106418Srwatson 2762173138Srwatson if (!biba_dominate_effective(obj, subj)) 2763106418Srwatson return (EACCES); 2764173138Srwatson if ((shmflg & SHM_RDONLY) == 0) { 2765173138Srwatson if (!biba_dominate_effective(subj, obj)) 2766173138Srwatson return (EACCES); 2767173138Srwatson } 2768173138Srwatson 2769106418Srwatson return (0); 2770106418Srwatson} 2771106418Srwatson 2772106418Srwatsonstatic int 2773173138Srwatsonbiba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 2774173138Srwatson struct label *shmseglabel, int cmd) 2775168933Srwatson{ 2776168933Srwatson struct mac_biba *subj, *obj; 2777168933Srwatson 2778172955Srwatson if (!biba_enabled) 2779168933Srwatson return (0); 2780168933Srwatson 2781168933Srwatson subj = SLOT(cred->cr_label); 2782173138Srwatson obj = SLOT(shmseglabel); 2783168933Srwatson 2784173138Srwatson switch(cmd) { 2785173138Srwatson case IPC_RMID: 2786173138Srwatson case IPC_SET: 2787173138Srwatson if (!biba_dominate_effective(subj, obj)) 2788173138Srwatson return (EACCES); 2789173138Srwatson break; 2790168933Srwatson 2791173138Srwatson case IPC_STAT: 2792173138Srwatson case SHM_STAT: 2793173138Srwatson if (!biba_dominate_effective(obj, subj)) 2794173138Srwatson return (EACCES); 2795173138Srwatson break; 2796168933Srwatson 2797173138Srwatson default: 2798168933Srwatson return (EACCES); 2799173138Srwatson } 2800168933Srwatson 2801168933Srwatson return (0); 2802168933Srwatson} 2803168933Srwatson 2804168933Srwatsonstatic int 2805173138Srwatsonbiba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 2806173138Srwatson struct label *shmseglabel, int shmflg) 2807168933Srwatson{ 2808173138Srwatson struct mac_biba *subj, *obj; 2809168933Srwatson 2810172955Srwatson if (!biba_enabled) 2811168933Srwatson return (0); 2812168933Srwatson 2813168933Srwatson subj = SLOT(cred->cr_label); 2814173138Srwatson obj = SLOT(shmseglabel); 2815168933Srwatson 2816173138Srwatson if (!biba_dominate_effective(obj, subj)) 2817173138Srwatson return (EACCES); 2818168933Srwatson 2819168933Srwatson return (0); 2820168933Srwatson} 2821168933Srwatson 2822173138Srwatsonstatic void 2823173138Srwatsonbiba_sysvshm_cleanup(struct label *shmlabel) 2824106161Srwatson{ 2825106161Srwatson 2826173138Srwatson bzero(SLOT(shmlabel), sizeof(struct mac_biba)); 2827173138Srwatson} 2828106161Srwatson 2829173138Srwatsonstatic void 2830173138Srwatsonbiba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2831173138Srwatson struct label *shmlabel) 2832173138Srwatson{ 2833173138Srwatson struct mac_biba *source, *dest; 2834106161Srwatson 2835173138Srwatson source = SLOT(cred->cr_label); 2836173138Srwatson dest = SLOT(shmlabel); 2837106161Srwatson 2838173138Srwatson biba_copy_effective(source, dest); 2839106161Srwatson} 2840106161Srwatson 2841106161Srwatsonstatic int 2842173138Srwatsonbiba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2843173138Srwatson struct vnode *vp, struct label *vplabel) 2844112574Srwatson{ 2845173138Srwatson struct mac_biba mb_temp, *source, *dest; 2846173138Srwatson int buflen, error; 2847112574Srwatson 2848173138Srwatson source = SLOT(mplabel); 2849173138Srwatson dest = SLOT(vplabel); 2850112574Srwatson 2851173138Srwatson buflen = sizeof(mb_temp); 2852173138Srwatson bzero(&mb_temp, buflen); 2853112574Srwatson 2854173138Srwatson error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 2855173138Srwatson MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); 2856173138Srwatson if (error == ENOATTR || error == EOPNOTSUPP) { 2857173138Srwatson /* Fall back to the mntlabel. */ 2858173138Srwatson biba_copy_effective(source, dest); 2859173138Srwatson return (0); 2860173138Srwatson } else if (error) 2861112574Srwatson return (error); 2862112574Srwatson 2863173138Srwatson if (buflen != sizeof(mb_temp)) { 2864173138Srwatson printf("biba_vnode_associate_extattr: bad size %d\n", 2865173138Srwatson buflen); 2866173138Srwatson return (EPERM); 2867173138Srwatson } 2868173138Srwatson if (biba_valid(&mb_temp) != 0) { 2869173138Srwatson printf("biba_vnode_associate_extattr: invalid\n"); 2870173138Srwatson return (EPERM); 2871173138Srwatson } 2872173138Srwatson if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != 2873173138Srwatson MAC_BIBA_FLAG_EFFECTIVE) { 2874173138Srwatson printf("biba_vnode_associate_extattr: not effective\n"); 2875173138Srwatson return (EPERM); 2876173138Srwatson } 2877173138Srwatson 2878173138Srwatson biba_copy_effective(&mb_temp, dest); 2879112574Srwatson return (0); 2880112574Srwatson} 2881112574Srwatson 2882173138Srwatsonstatic void 2883173138Srwatsonbiba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2884173138Srwatson struct vnode *vp, struct label *vplabel) 2885106161Srwatson{ 2886173138Srwatson struct mac_biba *source, *dest; 2887106161Srwatson 2888173138Srwatson source = SLOT(mplabel); 2889173138Srwatson dest = SLOT(vplabel); 2890106161Srwatson 2891173138Srwatson biba_copy_effective(source, dest); 2892106161Srwatson} 2893106161Srwatson 2894106161Srwatsonstatic int 2895172955Srwatsonbiba_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2896168976Srwatson struct label *dvplabel) 2897101099Srwatson{ 2898101099Srwatson struct mac_biba *subj, *obj; 2899101099Srwatson 2900172955Srwatson if (!biba_enabled) 2901101099Srwatson return (0); 2902101099Srwatson 2903122524Srwatson subj = SLOT(cred->cr_label); 2904168976Srwatson obj = SLOT(dvplabel); 2905101099Srwatson 2906172955Srwatson if (!biba_dominate_effective(obj, subj)) 2907101099Srwatson return (EACCES); 2908101099Srwatson 2909101099Srwatson return (0); 2910101099Srwatson} 2911101099Srwatson 2912101099Srwatsonstatic int 2913172955Srwatsonbiba_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2914168976Srwatson struct label *dvplabel) 2915101099Srwatson{ 2916101099Srwatson struct mac_biba *subj, *obj; 2917101099Srwatson 2918172955Srwatson if (!biba_enabled) 2919101099Srwatson return (0); 2920101099Srwatson 2921122524Srwatson subj = SLOT(cred->cr_label); 2922168976Srwatson obj = SLOT(dvplabel); 2923101099Srwatson 2924172955Srwatson if (!biba_dominate_effective(obj, subj)) 2925101099Srwatson return (EACCES); 2926101099Srwatson 2927101099Srwatson return (0); 2928101099Srwatson} 2929101099Srwatson 2930101099Srwatsonstatic int 2931172955Srwatsonbiba_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2932168976Srwatson struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2933101099Srwatson{ 2934101099Srwatson struct mac_biba *subj, *obj; 2935101099Srwatson 2936172955Srwatson if (!biba_enabled) 2937101099Srwatson return (0); 2938101099Srwatson 2939122524Srwatson subj = SLOT(cred->cr_label); 2940168976Srwatson obj = SLOT(dvplabel); 2941101099Srwatson 2942172955Srwatson if (!biba_dominate_effective(subj, obj)) 2943101099Srwatson return (EACCES); 2944101099Srwatson 2945101099Srwatson return (0); 2946101099Srwatson} 2947101099Srwatson 2948101099Srwatsonstatic int 2949172955Srwatsonbiba_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2950168976Srwatson struct label *vplabel, acl_type_t type) 2951101099Srwatson{ 2952101099Srwatson struct mac_biba *subj, *obj; 2953101099Srwatson 2954172955Srwatson if (!biba_enabled) 2955101099Srwatson return (0); 2956101099Srwatson 2957122524Srwatson subj = SLOT(cred->cr_label); 2958168976Srwatson obj = SLOT(vplabel); 2959101099Srwatson 2960172955Srwatson if (!biba_dominate_effective(subj, obj)) 2961101099Srwatson return (EACCES); 2962101099Srwatson 2963101099Srwatson return (0); 2964101099Srwatson} 2965101099Srwatson 2966101099Srwatsonstatic int 2967172955Srwatsonbiba_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2968168976Srwatson struct label *vplabel, int attrnamespace, const char *name) 2969119202Srwatson{ 2970119202Srwatson struct mac_biba *subj, *obj; 2971119202Srwatson 2972172955Srwatson if (!biba_enabled) 2973119202Srwatson return (0); 2974119202Srwatson 2975122524Srwatson subj = SLOT(cred->cr_label); 2976168976Srwatson obj = SLOT(vplabel); 2977119202Srwatson 2978172955Srwatson if (!biba_dominate_effective(subj, obj)) 2979119202Srwatson return (EACCES); 2980119202Srwatson 2981119202Srwatson return (0); 2982119202Srwatson} 2983119202Srwatson 2984119202Srwatsonstatic int 2985172955Srwatsonbiba_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2986168976Srwatson struct label *vplabel, struct image_params *imgp, 2987106648Srwatson struct label *execlabel) 2988101099Srwatson{ 2989106648Srwatson struct mac_biba *subj, *obj, *exec; 2990106648Srwatson int error; 2991101099Srwatson 2992106648Srwatson if (execlabel != NULL) { 2993106648Srwatson /* 2994106648Srwatson * We currently don't permit labels to be changed at 2995172955Srwatson * exec-time as part of Biba, so disallow non-NULL Biba label 2996172955Srwatson * elements in the execlabel. 2997106648Srwatson */ 2998106648Srwatson exec = SLOT(execlabel); 2999106648Srwatson error = biba_atmostflags(exec, 0); 3000106648Srwatson if (error) 3001106648Srwatson return (error); 3002106648Srwatson } 3003106648Srwatson 3004172955Srwatson if (!biba_enabled) 3005101099Srwatson return (0); 3006101099Srwatson 3007122524Srwatson subj = SLOT(cred->cr_label); 3008168976Srwatson obj = SLOT(vplabel); 3009101099Srwatson 3010172955Srwatson if (!biba_dominate_effective(obj, subj)) 3011101099Srwatson return (EACCES); 3012101099Srwatson 3013101099Srwatson return (0); 3014101099Srwatson} 3015101099Srwatson 3016101099Srwatsonstatic int 3017172955Srwatsonbiba_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 3018168976Srwatson struct label *vplabel, acl_type_t type) 3019101099Srwatson{ 3020101099Srwatson struct mac_biba *subj, *obj; 3021101099Srwatson 3022172955Srwatson if (!biba_enabled) 3023101099Srwatson return (0); 3024101099Srwatson 3025122524Srwatson subj = SLOT(cred->cr_label); 3026168976Srwatson obj = SLOT(vplabel); 3027101099Srwatson 3028172955Srwatson if (!biba_dominate_effective(obj, subj)) 3029101099Srwatson return (EACCES); 3030101099Srwatson 3031101099Srwatson return (0); 3032101099Srwatson} 3033101099Srwatson 3034101099Srwatsonstatic int 3035172955Srwatsonbiba_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 3036189533Srwatson struct label *vplabel, int attrnamespace, const char *name) 3037101099Srwatson{ 3038101099Srwatson struct mac_biba *subj, *obj; 3039101099Srwatson 3040172955Srwatson if (!biba_enabled) 3041101099Srwatson return (0); 3042101099Srwatson 3043122524Srwatson subj = SLOT(cred->cr_label); 3044168976Srwatson obj = SLOT(vplabel); 3045101099Srwatson 3046172955Srwatson if (!biba_dominate_effective(obj, subj)) 3047101099Srwatson return (EACCES); 3048101099Srwatson 3049101099Srwatson return (0); 3050101099Srwatson} 3051101099Srwatson 3052101099Srwatsonstatic int 3053172955Srwatsonbiba_vnode_check_link(struct ucred *cred, struct vnode *dvp, 3054168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3055104530Srwatson struct componentname *cnp) 3056104530Srwatson{ 3057104530Srwatson struct mac_biba *subj, *obj; 3058104530Srwatson 3059172955Srwatson if (!biba_enabled) 3060104530Srwatson return (0); 3061104530Srwatson 3062122524Srwatson subj = SLOT(cred->cr_label); 3063168976Srwatson obj = SLOT(dvplabel); 3064104530Srwatson 3065172955Srwatson if (!biba_dominate_effective(subj, obj)) 3066104530Srwatson return (EACCES); 3067104530Srwatson 3068168976Srwatson obj = SLOT(vplabel); 3069104530Srwatson 3070172955Srwatson if (!biba_dominate_effective(subj, obj)) 3071104530Srwatson return (EACCES); 3072104530Srwatson 3073104530Srwatson return (0); 3074104530Srwatson} 3075104530Srwatson 3076104530Srwatsonstatic int 3077172955Srwatsonbiba_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 3078168976Srwatson struct label *vplabel, int attrnamespace) 3079119202Srwatson{ 3080119202Srwatson struct mac_biba *subj, *obj; 3081119202Srwatson 3082172955Srwatson if (!biba_enabled) 3083119202Srwatson return (0); 3084119202Srwatson 3085122524Srwatson subj = SLOT(cred->cr_label); 3086168976Srwatson obj = SLOT(vplabel); 3087119202Srwatson 3088172955Srwatson if (!biba_dominate_effective(obj, subj)) 3089119202Srwatson return (EACCES); 3090119202Srwatson 3091119202Srwatson return (0); 3092119202Srwatson} 3093119202Srwatson 3094119202Srwatsonstatic int 3095172955Srwatsonbiba_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 3096168976Srwatson struct label *dvplabel, struct componentname *cnp) 3097101099Srwatson{ 3098101099Srwatson struct mac_biba *subj, *obj; 3099103759Srwatson 3100172955Srwatson if (!biba_enabled) 3101101099Srwatson return (0); 3102103759Srwatson 3103122524Srwatson subj = SLOT(cred->cr_label); 3104168976Srwatson obj = SLOT(dvplabel); 3105103759Srwatson 3106172955Srwatson if (!biba_dominate_effective(obj, subj)) 3107101099Srwatson return (EACCES); 3108101099Srwatson 3109103759Srwatson return (0); 3110101099Srwatson} 3111101099Srwatson 3112101099Srwatsonstatic int 3113172955Srwatsonbiba_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 3114168976Srwatson struct label *vplabel, int prot, int flags) 3115104546Srwatson{ 3116104546Srwatson struct mac_biba *subj, *obj; 3117104546Srwatson 3118104546Srwatson /* 3119104546Srwatson * Rely on the use of open()-time protections to handle 3120104546Srwatson * non-revocation cases. 3121104546Srwatson */ 3122172955Srwatson if (!biba_enabled || !revocation_enabled) 3123104546Srwatson return (0); 3124104546Srwatson 3125122524Srwatson subj = SLOT(cred->cr_label); 3126168976Srwatson obj = SLOT(vplabel); 3127104546Srwatson 3128104546Srwatson if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { 3129172955Srwatson if (!biba_dominate_effective(obj, subj)) 3130104546Srwatson return (EACCES); 3131104546Srwatson } 3132145076Scsjp if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { 3133172955Srwatson if (!biba_dominate_effective(subj, obj)) 3134104546Srwatson return (EACCES); 3135104546Srwatson } 3136104546Srwatson 3137104569Srwatson return (0); 3138104546Srwatson} 3139104546Srwatson 3140104546Srwatsonstatic int 3141172955Srwatsonbiba_vnode_check_open(struct ucred *cred, struct vnode *vp, 3142184413Strasz struct label *vplabel, accmode_t accmode) 3143101099Srwatson{ 3144101099Srwatson struct mac_biba *subj, *obj; 3145101099Srwatson 3146172955Srwatson if (!biba_enabled) 3147101099Srwatson return (0); 3148101099Srwatson 3149122524Srwatson subj = SLOT(cred->cr_label); 3150168976Srwatson obj = SLOT(vplabel); 3151101099Srwatson 3152101099Srwatson /* XXX privilege override for admin? */ 3153190524Strasz if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { 3154172955Srwatson if (!biba_dominate_effective(obj, subj)) 3155101099Srwatson return (EACCES); 3156101099Srwatson } 3157190524Strasz if (accmode & VMODIFY_PERMS) { 3158172955Srwatson if (!biba_dominate_effective(subj, obj)) 3159101099Srwatson return (EACCES); 3160101099Srwatson } 3161101099Srwatson 3162101099Srwatson return (0); 3163101099Srwatson} 3164101099Srwatson 3165101099Srwatsonstatic int 3166172955Srwatsonbiba_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 3167168976Srwatson struct vnode *vp, struct label *vplabel) 3168102112Srwatson{ 3169102112Srwatson struct mac_biba *subj, *obj; 3170102112Srwatson 3171172955Srwatson if (!biba_enabled || !revocation_enabled) 3172102112Srwatson return (0); 3173102112Srwatson 3174122524Srwatson subj = SLOT(active_cred->cr_label); 3175168976Srwatson obj = SLOT(vplabel); 3176102112Srwatson 3177172955Srwatson if (!biba_dominate_effective(obj, subj)) 3178102112Srwatson return (EACCES); 3179102112Srwatson 3180102112Srwatson return (0); 3181102112Srwatson} 3182102112Srwatson 3183102112Srwatsonstatic int 3184172955Srwatsonbiba_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 3185168976Srwatson struct vnode *vp, struct label *vplabel) 3186102112Srwatson{ 3187102112Srwatson struct mac_biba *subj, *obj; 3188102112Srwatson 3189172955Srwatson if (!biba_enabled || !revocation_enabled) 3190102112Srwatson return (0); 3191102112Srwatson 3192122524Srwatson subj = SLOT(active_cred->cr_label); 3193168976Srwatson obj = SLOT(vplabel); 3194102112Srwatson 3195172955Srwatson if (!biba_dominate_effective(obj, subj)) 3196102112Srwatson return (EACCES); 3197102112Srwatson 3198102112Srwatson return (0); 3199102112Srwatson} 3200102112Srwatson 3201102112Srwatsonstatic int 3202172955Srwatsonbiba_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 3203168976Srwatson struct label *dvplabel) 3204101099Srwatson{ 3205101099Srwatson struct mac_biba *subj, *obj; 3206101099Srwatson 3207172955Srwatson if (!biba_enabled) 3208101099Srwatson return (0); 3209101099Srwatson 3210122524Srwatson subj = SLOT(cred->cr_label); 3211168976Srwatson obj = SLOT(dvplabel); 3212101099Srwatson 3213172955Srwatson if (!biba_dominate_effective(obj, subj)) 3214101099Srwatson return (EACCES); 3215101099Srwatson 3216101099Srwatson return (0); 3217101099Srwatson} 3218101099Srwatson 3219101099Srwatsonstatic int 3220172955Srwatsonbiba_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 3221168976Srwatson struct label *vplabel) 3222101099Srwatson{ 3223101099Srwatson struct mac_biba *subj, *obj; 3224101099Srwatson 3225172955Srwatson if (!biba_enabled) 3226101099Srwatson return (0); 3227101099Srwatson 3228122524Srwatson subj = SLOT(cred->cr_label); 3229168976Srwatson obj = SLOT(vplabel); 3230101099Srwatson 3231172955Srwatson if (!biba_dominate_effective(obj, subj)) 3232101099Srwatson return (EACCES); 3233101099Srwatson 3234101099Srwatson return (0); 3235101099Srwatson} 3236101099Srwatson 3237101099Srwatsonstatic int 3238172955Srwatsonbiba_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 3239168976Srwatson struct label *vplabel, struct label *newlabel) 3240101099Srwatson{ 3241101099Srwatson struct mac_biba *old, *new, *subj; 3242105634Srwatson int error; 3243101099Srwatson 3244168976Srwatson old = SLOT(vplabel); 3245101099Srwatson new = SLOT(newlabel); 3246122524Srwatson subj = SLOT(cred->cr_label); 3247101099Srwatson 3248101099Srwatson /* 3249105634Srwatson * If there is a Biba label update for the vnode, it must be a 3250132232Srwatson * effective label. 3251101099Srwatson */ 3252132232Srwatson error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); 3253105634Srwatson if (error) 3254105634Srwatson return (error); 3255101099Srwatson 3256101099Srwatson /* 3257105634Srwatson * To perform a relabel of the vnode (Biba label or not), Biba must 3258105634Srwatson * authorize the relabel. 3259101099Srwatson */ 3260172955Srwatson if (!biba_effective_in_range(old, subj)) 3261101099Srwatson return (EPERM); 3262101099Srwatson 3263101099Srwatson /* 3264105634Srwatson * If the Biba label is to be changed, authorize as appropriate. 3265101099Srwatson */ 3266132232Srwatson if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { 3267105634Srwatson /* 3268105634Srwatson * To change the Biba label on a vnode, the new vnode label 3269105634Srwatson * must be in the subject range. 3270105634Srwatson */ 3271172955Srwatson if (!biba_effective_in_range(new, subj)) 3272105634Srwatson return (EPERM); 3273101099Srwatson 3274105634Srwatson /* 3275172955Srwatson * To change the Biba label on the vnode to be EQUAL, the 3276172955Srwatson * subject must have appropriate privilege. 3277105634Srwatson */ 3278172955Srwatson if (biba_contains_equal(new)) { 3279172955Srwatson error = biba_subject_privileged(subj); 3280105634Srwatson if (error) 3281105634Srwatson return (error); 3282105634Srwatson } 3283105634Srwatson } 3284105634Srwatson 3285105634Srwatson return (0); 3286101099Srwatson} 3287101099Srwatson 3288101099Srwatsonstatic int 3289172955Srwatsonbiba_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 3290168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3291101099Srwatson struct componentname *cnp) 3292101099Srwatson{ 3293101099Srwatson struct mac_biba *subj, *obj; 3294101099Srwatson 3295172955Srwatson if (!biba_enabled) 3296101099Srwatson return (0); 3297101099Srwatson 3298122524Srwatson subj = SLOT(cred->cr_label); 3299168976Srwatson obj = SLOT(dvplabel); 3300101099Srwatson 3301172955Srwatson if (!biba_dominate_effective(subj, obj)) 3302101099Srwatson return (EACCES); 3303101099Srwatson 3304168976Srwatson obj = SLOT(vplabel); 3305101099Srwatson 3306172955Srwatson if (!biba_dominate_effective(subj, obj)) 3307101099Srwatson return (EACCES); 3308101099Srwatson 3309101099Srwatson return (0); 3310101099Srwatson} 3311101099Srwatson 3312101099Srwatsonstatic int 3313172955Srwatsonbiba_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 3314168976Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3315168976Srwatson int samedir, struct componentname *cnp) 3316101099Srwatson{ 3317101099Srwatson struct mac_biba *subj, *obj; 3318101099Srwatson 3319172955Srwatson if (!biba_enabled) 3320101099Srwatson return (0); 3321101099Srwatson 3322122524Srwatson subj = SLOT(cred->cr_label); 3323168976Srwatson obj = SLOT(dvplabel); 3324101099Srwatson 3325172955Srwatson if (!biba_dominate_effective(subj, obj)) 3326101099Srwatson return (EACCES); 3327101099Srwatson 3328101099Srwatson if (vp != NULL) { 3329168976Srwatson obj = SLOT(vplabel); 3330101099Srwatson 3331172955Srwatson if (!biba_dominate_effective(subj, obj)) 3332101099Srwatson return (EACCES); 3333101099Srwatson } 3334101099Srwatson 3335101099Srwatson return (0); 3336101099Srwatson} 3337101099Srwatson 3338101099Srwatsonstatic int 3339172955Srwatsonbiba_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 3340168976Srwatson struct label *vplabel) 3341101099Srwatson{ 3342101099Srwatson struct mac_biba *subj, *obj; 3343101099Srwatson 3344172955Srwatson if (!biba_enabled) 3345101099Srwatson return (0); 3346101099Srwatson 3347122524Srwatson subj = SLOT(cred->cr_label); 3348168976Srwatson obj = SLOT(vplabel); 3349101099Srwatson 3350172955Srwatson if (!biba_dominate_effective(subj, obj)) 3351101099Srwatson return (EACCES); 3352101099Srwatson 3353101099Srwatson return (0); 3354101099Srwatson} 3355101099Srwatson 3356101099Srwatsonstatic int 3357172955Srwatsonbiba_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 3358168976Srwatson struct label *vplabel, acl_type_t type, struct acl *acl) 3359101099Srwatson{ 3360101099Srwatson struct mac_biba *subj, *obj; 3361101099Srwatson 3362172955Srwatson if (!biba_enabled) 3363101099Srwatson return (0); 3364101099Srwatson 3365122524Srwatson subj = SLOT(cred->cr_label); 3366168976Srwatson obj = SLOT(vplabel); 3367101099Srwatson 3368172955Srwatson if (!biba_dominate_effective(subj, obj)) 3369101099Srwatson return (EACCES); 3370101099Srwatson 3371101099Srwatson return (0); 3372101099Srwatson} 3373101099Srwatson 3374101099Srwatsonstatic int 3375172955Srwatsonbiba_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 3376189533Srwatson struct label *vplabel, int attrnamespace, const char *name) 3377101099Srwatson{ 3378101099Srwatson struct mac_biba *subj, *obj; 3379101099Srwatson 3380172955Srwatson if (!biba_enabled) 3381101099Srwatson return (0); 3382101099Srwatson 3383122524Srwatson subj = SLOT(cred->cr_label); 3384168976Srwatson obj = SLOT(vplabel); 3385101099Srwatson 3386172955Srwatson if (!biba_dominate_effective(subj, obj)) 3387101099Srwatson return (EACCES); 3388101099Srwatson 3389101099Srwatson /* XXX: protect the MAC EA in a special way? */ 3390101099Srwatson 3391101099Srwatson return (0); 3392101099Srwatson} 3393101099Srwatson 3394101099Srwatsonstatic int 3395172955Srwatsonbiba_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 3396168976Srwatson struct label *vplabel, u_long flags) 3397101099Srwatson{ 3398101099Srwatson struct mac_biba *subj, *obj; 3399101099Srwatson 3400172955Srwatson if (!biba_enabled) 3401101099Srwatson return (0); 3402101099Srwatson 3403122524Srwatson subj = SLOT(cred->cr_label); 3404168976Srwatson obj = SLOT(vplabel); 3405101099Srwatson 3406172955Srwatson if (!biba_dominate_effective(subj, obj)) 3407101099Srwatson return (EACCES); 3408101099Srwatson 3409101099Srwatson return (0); 3410101099Srwatson} 3411101099Srwatson 3412101099Srwatsonstatic int 3413172955Srwatsonbiba_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3414168976Srwatson struct label *vplabel, mode_t mode) 3415101099Srwatson{ 3416101099Srwatson struct mac_biba *subj, *obj; 3417101099Srwatson 3418172955Srwatson if (!biba_enabled) 3419101099Srwatson return (0); 3420101099Srwatson 3421122524Srwatson subj = SLOT(cred->cr_label); 3422168976Srwatson obj = SLOT(vplabel); 3423101099Srwatson 3424172955Srwatson if (!biba_dominate_effective(subj, obj)) 3425101099Srwatson return (EACCES); 3426101099Srwatson 3427101099Srwatson return (0); 3428101099Srwatson} 3429101099Srwatson 3430101099Srwatsonstatic int 3431172955Srwatsonbiba_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3432168976Srwatson struct label *vplabel, uid_t uid, gid_t gid) 3433101099Srwatson{ 3434101099Srwatson struct mac_biba *subj, *obj; 3435101099Srwatson 3436172955Srwatson if (!biba_enabled) 3437101099Srwatson return (0); 3438101099Srwatson 3439122524Srwatson subj = SLOT(cred->cr_label); 3440168976Srwatson obj = SLOT(vplabel); 3441101099Srwatson 3442172955Srwatson if (!biba_dominate_effective(subj, obj)) 3443101099Srwatson return (EACCES); 3444101099Srwatson 3445101099Srwatson return (0); 3446101099Srwatson} 3447101099Srwatson 3448101099Srwatsonstatic int 3449172955Srwatsonbiba_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3450168976Srwatson struct label *vplabel, struct timespec atime, struct timespec mtime) 3451101099Srwatson{ 3452101099Srwatson struct mac_biba *subj, *obj; 3453101099Srwatson 3454172955Srwatson if (!biba_enabled) 3455101099Srwatson return (0); 3456101099Srwatson 3457122524Srwatson subj = SLOT(cred->cr_label); 3458168976Srwatson obj = SLOT(vplabel); 3459101099Srwatson 3460172955Srwatson if (!biba_dominate_effective(subj, obj)) 3461101099Srwatson return (EACCES); 3462101099Srwatson 3463101099Srwatson return (0); 3464101099Srwatson} 3465101099Srwatson 3466101099Srwatsonstatic int 3467172955Srwatsonbiba_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3468168976Srwatson struct vnode *vp, struct label *vplabel) 3469101099Srwatson{ 3470101099Srwatson struct mac_biba *subj, *obj; 3471101099Srwatson 3472172955Srwatson if (!biba_enabled) 3473101099Srwatson return (0); 3474101099Srwatson 3475122524Srwatson subj = SLOT(active_cred->cr_label); 3476168976Srwatson obj = SLOT(vplabel); 3477101099Srwatson 3478172955Srwatson if (!biba_dominate_effective(obj, subj)) 3479101099Srwatson return (EACCES); 3480101099Srwatson 3481101099Srwatson return (0); 3482101099Srwatson} 3483101099Srwatson 3484102112Srwatsonstatic int 3485172955Srwatsonbiba_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3486172107Srwatson struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3487172107Srwatson struct componentname *cnp) 3488172107Srwatson{ 3489172107Srwatson struct mac_biba *subj, *obj; 3490172107Srwatson 3491172955Srwatson if (!biba_enabled) 3492172107Srwatson return (0); 3493172107Srwatson 3494172107Srwatson subj = SLOT(cred->cr_label); 3495172107Srwatson obj = SLOT(dvplabel); 3496172107Srwatson 3497172955Srwatson if (!biba_dominate_effective(subj, obj)) 3498172107Srwatson return (EACCES); 3499172107Srwatson 3500172107Srwatson obj = SLOT(vplabel); 3501172107Srwatson 3502172955Srwatson if (!biba_dominate_effective(subj, obj)) 3503172107Srwatson return (EACCES); 3504172107Srwatson 3505172107Srwatson return (0); 3506172107Srwatson} 3507172107Srwatson 3508172107Srwatsonstatic int 3509172955Srwatsonbiba_vnode_check_write(struct ucred *active_cred, 3510168976Srwatson struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3511102112Srwatson{ 3512102112Srwatson struct mac_biba *subj, *obj; 3513102112Srwatson 3514172955Srwatson if (!biba_enabled || !revocation_enabled) 3515102112Srwatson return (0); 3516102112Srwatson 3517122524Srwatson subj = SLOT(active_cred->cr_label); 3518168976Srwatson obj = SLOT(vplabel); 3519102112Srwatson 3520172955Srwatson if (!biba_dominate_effective(subj, obj)) 3521102112Srwatson return (EACCES); 3522102112Srwatson 3523102112Srwatson return (0); 3524102112Srwatson} 3525102112Srwatson 3526173138Srwatsonstatic int 3527173138Srwatsonbiba_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3528173138Srwatson struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3529173138Srwatson struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3530165150Scsjp{ 3531173138Srwatson struct mac_biba *source, *dest, mb_temp; 3532173138Srwatson size_t buflen; 3533173138Srwatson int error; 3534165150Scsjp 3535173138Srwatson buflen = sizeof(mb_temp); 3536173138Srwatson bzero(&mb_temp, buflen); 3537173138Srwatson 3538173138Srwatson source = SLOT(cred->cr_label); 3539173138Srwatson dest = SLOT(vplabel); 3540173138Srwatson biba_copy_effective(source, &mb_temp); 3541173138Srwatson 3542173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3543173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3544173138Srwatson if (error == 0) 3545173138Srwatson biba_copy_effective(source, dest); 3546173138Srwatson return (error); 3547165150Scsjp} 3548165150Scsjp 3549165150Scsjpstatic void 3550173138Srwatsonbiba_vnode_relabel(struct ucred *cred, struct vnode *vp, 3551173138Srwatson struct label *vplabel, struct label *newlabel) 3552165150Scsjp{ 3553165150Scsjp struct mac_biba *source, *dest; 3554165150Scsjp 3555173138Srwatson source = SLOT(newlabel); 3556173138Srwatson dest = SLOT(vplabel); 3557173138Srwatson 3558173138Srwatson biba_copy(source, dest); 3559165150Scsjp} 3560165150Scsjp 3561173138Srwatsonstatic int 3562173138Srwatsonbiba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3563173138Srwatson struct label *vplabel, struct label *intlabel) 3564173138Srwatson{ 3565173138Srwatson struct mac_biba *source, mb_temp; 3566173138Srwatson size_t buflen; 3567173138Srwatson int error; 3568173138Srwatson 3569173138Srwatson buflen = sizeof(mb_temp); 3570173138Srwatson bzero(&mb_temp, buflen); 3571173138Srwatson 3572173138Srwatson source = SLOT(intlabel); 3573173138Srwatson if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) 3574173138Srwatson return (0); 3575173138Srwatson 3576173138Srwatson biba_copy_effective(source, &mb_temp); 3577173138Srwatson 3578173138Srwatson error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, 3579173138Srwatson MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); 3580173138Srwatson return (error); 3581173138Srwatson} 3582173138Srwatson 3583106217Srwatsonstatic struct mac_policy_ops mac_biba_ops = 3584101099Srwatson{ 3585172955Srwatson .mpo_init = biba_init, 3586173138Srwatson 3587173138Srwatson .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, 3588173138Srwatson .mpo_bpfdesc_create = biba_bpfdesc_create, 3589173138Srwatson .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, 3590173138Srwatson .mpo_bpfdesc_destroy_label = biba_destroy_label, 3591172955Srwatson .mpo_bpfdesc_init_label = biba_init_label, 3592173138Srwatson 3593184407Srwatson .mpo_cred_associate_nfsd = biba_cred_associate_nfsd, 3594173138Srwatson .mpo_cred_check_relabel = biba_cred_check_relabel, 3595173138Srwatson .mpo_cred_check_visible = biba_cred_check_visible, 3596173138Srwatson .mpo_cred_copy_label = biba_copy_label, 3597184407Srwatson .mpo_cred_create_init = biba_cred_create_init, 3598184407Srwatson .mpo_cred_create_swapper = biba_cred_create_swapper, 3599172955Srwatson .mpo_cred_destroy_label = biba_destroy_label, 3600172955Srwatson .mpo_cred_externalize_label = biba_externalize_label, 3601173138Srwatson .mpo_cred_init_label = biba_init_label, 3602172955Srwatson .mpo_cred_internalize_label = biba_internalize_label, 3603173138Srwatson .mpo_cred_relabel = biba_cred_relabel, 3604173138Srwatson 3605172955Srwatson .mpo_devfs_create_device = biba_devfs_create_device, 3606172955Srwatson .mpo_devfs_create_directory = biba_devfs_create_directory, 3607172955Srwatson .mpo_devfs_create_symlink = biba_devfs_create_symlink, 3608173138Srwatson .mpo_devfs_destroy_label = biba_destroy_label, 3609173138Srwatson .mpo_devfs_init_label = biba_init_label, 3610172955Srwatson .mpo_devfs_update = biba_devfs_update, 3611172955Srwatson .mpo_devfs_vnode_associate = biba_devfs_vnode_associate, 3612173138Srwatson 3613173138Srwatson .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, 3614173138Srwatson .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, 3615173138Srwatson .mpo_ifnet_copy_label = biba_copy_label, 3616172955Srwatson .mpo_ifnet_create = biba_ifnet_create, 3617173138Srwatson .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, 3618173138Srwatson .mpo_ifnet_destroy_label = biba_destroy_label, 3619173138Srwatson .mpo_ifnet_externalize_label = biba_externalize_label, 3620173138Srwatson .mpo_ifnet_init_label = biba_init_label, 3621173138Srwatson .mpo_ifnet_internalize_label = biba_internalize_label, 3622173138Srwatson .mpo_ifnet_relabel = biba_ifnet_relabel, 3623173138Srwatson 3624173138Srwatson .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, 3625183980Sbz .mpo_inpcb_check_visible = biba_inpcb_check_visible, 3626172955Srwatson .mpo_inpcb_create = biba_inpcb_create, 3627173138Srwatson .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, 3628173138Srwatson .mpo_inpcb_destroy_label = biba_destroy_label, 3629173138Srwatson .mpo_inpcb_init_label = biba_init_label_waitcheck, 3630173138Srwatson .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, 3631173138Srwatson 3632184308Srwatson .mpo_ip6q_create = biba_ip6q_create, 3633184308Srwatson .mpo_ip6q_destroy_label = biba_destroy_label, 3634184308Srwatson .mpo_ip6q_init_label = biba_init_label_waitcheck, 3635184308Srwatson .mpo_ip6q_match = biba_ip6q_match, 3636184308Srwatson .mpo_ip6q_reassemble = biba_ip6q_reassemble, 3637184308Srwatson .mpo_ip6q_update = biba_ip6q_update, 3638184308Srwatson 3639172955Srwatson .mpo_ipq_create = biba_ipq_create, 3640173138Srwatson .mpo_ipq_destroy_label = biba_destroy_label, 3641173138Srwatson .mpo_ipq_init_label = biba_init_label_waitcheck, 3642172955Srwatson .mpo_ipq_match = biba_ipq_match, 3643173138Srwatson .mpo_ipq_reassemble = biba_ipq_reassemble, 3644172955Srwatson .mpo_ipq_update = biba_ipq_update, 3645173138Srwatson 3646172955Srwatson .mpo_kld_check_load = biba_kld_check_load, 3647173138Srwatson 3648173138Srwatson .mpo_mbuf_copy_label = biba_copy_label, 3649173138Srwatson .mpo_mbuf_destroy_label = biba_destroy_label, 3650173138Srwatson .mpo_mbuf_init_label = biba_init_label_waitcheck, 3651173138Srwatson 3652172955Srwatson .mpo_mount_check_stat = biba_mount_check_stat, 3653173138Srwatson .mpo_mount_create = biba_mount_create, 3654173138Srwatson .mpo_mount_destroy_label = biba_destroy_label, 3655173138Srwatson .mpo_mount_init_label = biba_init_label, 3656173138Srwatson 3657173138Srwatson .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, 3658173138Srwatson 3659173138Srwatson .mpo_netinet_arp_send = biba_netinet_arp_send, 3660173138Srwatson .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, 3661173138Srwatson .mpo_netinet_firewall_send = biba_netinet_firewall_send, 3662173138Srwatson .mpo_netinet_fragment = biba_netinet_fragment, 3663173138Srwatson .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, 3664173138Srwatson .mpo_netinet_igmp_send = biba_netinet_igmp_send, 3665173138Srwatson 3666173138Srwatson .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, 3667173138Srwatson 3668172955Srwatson .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, 3669172955Srwatson .mpo_pipe_check_poll = biba_pipe_check_poll, 3670172955Srwatson .mpo_pipe_check_read = biba_pipe_check_read, 3671172955Srwatson .mpo_pipe_check_relabel = biba_pipe_check_relabel, 3672172955Srwatson .mpo_pipe_check_stat = biba_pipe_check_stat, 3673172955Srwatson .mpo_pipe_check_write = biba_pipe_check_write, 3674173138Srwatson .mpo_pipe_copy_label = biba_copy_label, 3675173138Srwatson .mpo_pipe_create = biba_pipe_create, 3676173138Srwatson .mpo_pipe_destroy_label = biba_destroy_label, 3677173138Srwatson .mpo_pipe_externalize_label = biba_externalize_label, 3678173138Srwatson .mpo_pipe_init_label = biba_init_label, 3679173138Srwatson .mpo_pipe_internalize_label = biba_internalize_label, 3680173138Srwatson .mpo_pipe_relabel = biba_pipe_relabel, 3681173138Srwatson 3682172955Srwatson .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, 3683180059Sjhb .mpo_posixsem_check_open = biba_posixsem_check_openunlink, 3684172955Srwatson .mpo_posixsem_check_post = biba_posixsem_check_write, 3685225344Srwatson .mpo_posixsem_check_setmode = biba_posixsem_check_setmode, 3686225344Srwatson .mpo_posixsem_check_setowner = biba_posixsem_check_setowner, 3687180059Sjhb .mpo_posixsem_check_stat = biba_posixsem_check_rdonly, 3688180059Sjhb .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink, 3689172955Srwatson .mpo_posixsem_check_wait = biba_posixsem_check_write, 3690173138Srwatson .mpo_posixsem_create = biba_posixsem_create, 3691173138Srwatson .mpo_posixsem_destroy_label = biba_destroy_label, 3692173138Srwatson .mpo_posixsem_init_label = biba_init_label, 3693173138Srwatson 3694225344Srwatson .mpo_posixshm_check_mmap = biba_posixshm_check_mmap, 3695225344Srwatson .mpo_posixshm_check_open = biba_posixshm_check_open, 3696254603Skib .mpo_posixshm_check_read = biba_posixshm_check_read, 3697225344Srwatson .mpo_posixshm_check_setmode = biba_posixshm_check_setmode, 3698225344Srwatson .mpo_posixshm_check_setowner = biba_posixshm_check_setowner, 3699225344Srwatson .mpo_posixshm_check_stat = biba_posixshm_check_stat, 3700225344Srwatson .mpo_posixshm_check_truncate = biba_posixshm_check_truncate, 3701225344Srwatson .mpo_posixshm_check_unlink = biba_posixshm_check_unlink, 3702254603Skib .mpo_posixshm_check_write = biba_posixshm_check_write, 3703225344Srwatson .mpo_posixshm_create = biba_posixshm_create, 3704225344Srwatson .mpo_posixshm_destroy_label = biba_destroy_label, 3705225344Srwatson .mpo_posixshm_init_label = biba_init_label, 3706225344Srwatson 3707173138Srwatson .mpo_priv_check = biba_priv_check, 3708173138Srwatson 3709172955Srwatson .mpo_proc_check_debug = biba_proc_check_debug, 3710172955Srwatson .mpo_proc_check_sched = biba_proc_check_sched, 3711172955Srwatson .mpo_proc_check_signal = biba_proc_check_signal, 3712173138Srwatson 3713172955Srwatson .mpo_socket_check_deliver = biba_socket_check_deliver, 3714172955Srwatson .mpo_socket_check_relabel = biba_socket_check_relabel, 3715172955Srwatson .mpo_socket_check_visible = biba_socket_check_visible, 3716173138Srwatson .mpo_socket_copy_label = biba_copy_label, 3717173138Srwatson .mpo_socket_create = biba_socket_create, 3718173138Srwatson .mpo_socket_create_mbuf = biba_socket_create_mbuf, 3719173138Srwatson .mpo_socket_destroy_label = biba_destroy_label, 3720173138Srwatson .mpo_socket_externalize_label = biba_externalize_label, 3721173138Srwatson .mpo_socket_init_label = biba_init_label_waitcheck, 3722173138Srwatson .mpo_socket_internalize_label = biba_internalize_label, 3723173138Srwatson .mpo_socket_newconn = biba_socket_newconn, 3724173138Srwatson .mpo_socket_relabel = biba_socket_relabel, 3725173138Srwatson 3726173138Srwatson .mpo_socketpeer_destroy_label = biba_destroy_label, 3727173138Srwatson .mpo_socketpeer_externalize_label = biba_externalize_label, 3728173138Srwatson .mpo_socketpeer_init_label = biba_init_label_waitcheck, 3729173138Srwatson .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, 3730173138Srwatson .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, 3731173138Srwatson 3732173138Srwatson .mpo_syncache_create = biba_syncache_create, 3733173138Srwatson .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, 3734173138Srwatson .mpo_syncache_destroy_label = biba_destroy_label, 3735173138Srwatson .mpo_syncache_init_label = biba_init_label_waitcheck, 3736173138Srwatson 3737172955Srwatson .mpo_system_check_acct = biba_system_check_acct, 3738172955Srwatson .mpo_system_check_auditctl = biba_system_check_auditctl, 3739172955Srwatson .mpo_system_check_auditon = biba_system_check_auditon, 3740173138Srwatson .mpo_system_check_swapoff = biba_system_check_swapoff, 3741172955Srwatson .mpo_system_check_swapon = biba_system_check_swapon, 3742172955Srwatson .mpo_system_check_sysctl = biba_system_check_sysctl, 3743173138Srwatson 3744173138Srwatson .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, 3745173138Srwatson .mpo_sysvmsg_create = biba_sysvmsg_create, 3746173138Srwatson .mpo_sysvmsg_destroy_label = biba_destroy_label, 3747173138Srwatson .mpo_sysvmsg_init_label = biba_init_label, 3748173138Srwatson 3749173138Srwatson .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, 3750173138Srwatson .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, 3751173138Srwatson .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, 3752173138Srwatson .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, 3753173138Srwatson .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, 3754173138Srwatson .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, 3755173138Srwatson .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, 3756173138Srwatson .mpo_sysvmsq_create = biba_sysvmsq_create, 3757173138Srwatson .mpo_sysvmsq_destroy_label = biba_destroy_label, 3758173138Srwatson .mpo_sysvmsq_init_label = biba_init_label, 3759173138Srwatson 3760173138Srwatson .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, 3761173138Srwatson .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, 3762173138Srwatson .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, 3763173138Srwatson .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, 3764173138Srwatson .mpo_sysvsem_create = biba_sysvsem_create, 3765173138Srwatson .mpo_sysvsem_destroy_label = biba_destroy_label, 3766173138Srwatson .mpo_sysvsem_init_label = biba_init_label, 3767173138Srwatson 3768173138Srwatson .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, 3769173138Srwatson .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, 3770173138Srwatson .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, 3771173138Srwatson .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, 3772173138Srwatson .mpo_sysvshm_create = biba_sysvshm_create, 3773173138Srwatson .mpo_sysvshm_destroy_label = biba_destroy_label, 3774173138Srwatson .mpo_sysvshm_init_label = biba_init_label, 3775173138Srwatson 3776173138Srwatson .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, 3777173138Srwatson .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, 3778172955Srwatson .mpo_vnode_check_access = biba_vnode_check_open, 3779172955Srwatson .mpo_vnode_check_chdir = biba_vnode_check_chdir, 3780172955Srwatson .mpo_vnode_check_chroot = biba_vnode_check_chroot, 3781172955Srwatson .mpo_vnode_check_create = biba_vnode_check_create, 3782172955Srwatson .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl, 3783172955Srwatson .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr, 3784172955Srwatson .mpo_vnode_check_exec = biba_vnode_check_exec, 3785172955Srwatson .mpo_vnode_check_getacl = biba_vnode_check_getacl, 3786172955Srwatson .mpo_vnode_check_getextattr = biba_vnode_check_getextattr, 3787172955Srwatson .mpo_vnode_check_link = biba_vnode_check_link, 3788172955Srwatson .mpo_vnode_check_listextattr = biba_vnode_check_listextattr, 3789172955Srwatson .mpo_vnode_check_lookup = biba_vnode_check_lookup, 3790172955Srwatson .mpo_vnode_check_mmap = biba_vnode_check_mmap, 3791172955Srwatson .mpo_vnode_check_open = biba_vnode_check_open, 3792172955Srwatson .mpo_vnode_check_poll = biba_vnode_check_poll, 3793172955Srwatson .mpo_vnode_check_read = biba_vnode_check_read, 3794172955Srwatson .mpo_vnode_check_readdir = biba_vnode_check_readdir, 3795172955Srwatson .mpo_vnode_check_readlink = biba_vnode_check_readlink, 3796172955Srwatson .mpo_vnode_check_relabel = biba_vnode_check_relabel, 3797172955Srwatson .mpo_vnode_check_rename_from = biba_vnode_check_rename_from, 3798172955Srwatson .mpo_vnode_check_rename_to = biba_vnode_check_rename_to, 3799172955Srwatson .mpo_vnode_check_revoke = biba_vnode_check_revoke, 3800172955Srwatson .mpo_vnode_check_setacl = biba_vnode_check_setacl, 3801172955Srwatson .mpo_vnode_check_setextattr = biba_vnode_check_setextattr, 3802172955Srwatson .mpo_vnode_check_setflags = biba_vnode_check_setflags, 3803172955Srwatson .mpo_vnode_check_setmode = biba_vnode_check_setmode, 3804172955Srwatson .mpo_vnode_check_setowner = biba_vnode_check_setowner, 3805172955Srwatson .mpo_vnode_check_setutimes = biba_vnode_check_setutimes, 3806172955Srwatson .mpo_vnode_check_stat = biba_vnode_check_stat, 3807172955Srwatson .mpo_vnode_check_unlink = biba_vnode_check_unlink, 3808172955Srwatson .mpo_vnode_check_write = biba_vnode_check_write, 3809173138Srwatson .mpo_vnode_create_extattr = biba_vnode_create_extattr, 3810173138Srwatson .mpo_vnode_copy_label = biba_copy_label, 3811173138Srwatson .mpo_vnode_destroy_label = biba_destroy_label, 3812173138Srwatson .mpo_vnode_externalize_label = biba_externalize_label, 3813173138Srwatson .mpo_vnode_init_label = biba_init_label, 3814173138Srwatson .mpo_vnode_internalize_label = biba_internalize_label, 3815173138Srwatson .mpo_vnode_relabel = biba_vnode_relabel, 3816173138Srwatson .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, 3817101099Srwatson}; 3818101099Srwatson 3819112717SrwatsonMAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", 3820187016Srwatson MPC_LOADTIME_FLAG_NOTLATE, &biba_slot); 3821