1/* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29/*- 30 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 31 * Copyright (c) 2001 Ilmar S. Habibulin 32 * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc. 33 * Copyright (c) 2005 SPARTA, Inc. 34 * All rights reserved. 35 * 36 * This software was developed by Robert Watson and Ilmar Habibulin for the 37 * TrustedBSD Project. 38 * 39 * This software was developed for the FreeBSD Project in part by Network 40 * Associates Laboratories, the Security Research Division of Network 41 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 42 * as part of the DARPA CHATS research program. 43 * 44 * Redistribution and use in source and binary forms, with or without 45 * modification, are permitted provided that the following conditions 46 * are met: 47 * 1. Redistributions of source code must retain the above copyright 48 * notice, this list of conditions and the following disclaimer. 49 * 2. Redistributions in binary form must reproduce the above copyright 50 * notice, this list of conditions and the following disclaimer in the 51 * documentation and/or other materials provided with the distribution. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 */ 66 67#ifndef _SECURITY_MAC_INTERNAL_H_ 68#define _SECURITY_MAC_INTERNAL_H_ 69 70#ifndef PRIVATE 71#warning "MAC policy is not KPI, see Technical Q&A QA1574, this header will be removed in next version" 72#endif 73 74#include <string.h> 75#include <sys/param.h> 76#include <sys/queue.h> 77#include <security/mac.h> 78#include <security/mac_framework.h> 79#include <security/mac_policy.h> 80#include <security/mac_data.h> 81#include <sys/sysctl.h> 82#include <kern/wait_queue.h> 83#include <kern/locks.h> 84#include <sys/kernel.h> 85#include <sys/lock.h> 86#include <sys/malloc.h> 87#include <sys/sbuf.h> 88#include <sys/proc.h> 89#include <sys/systm.h> 90#include <sys/socket.h> 91#include <sys/socketvar.h> 92#include <sys/vnode.h> 93 94/* 95 * MAC Framework sysctl namespace. 96 */ 97 98SYSCTL_DECL(_security); 99SYSCTL_DECL(_security_mac); 100 101extern int mac_late; 102 103struct mac_policy_list_element { 104 struct mac_policy_conf *mpc; 105}; 106 107struct mac_policy_list { 108 u_int numloaded; 109 u_int max; 110 u_int maxindex; 111 u_int staticmax; 112 u_int chunks; 113 u_int freehint; 114 struct mac_policy_list_element *entries; 115}; 116 117typedef struct mac_policy_list mac_policy_list_t; 118 119 120/* 121 * Policy that has registered with the framework for a specific 122 * label namespace name. 123 */ 124struct mac_label_listener { 125 mac_policy_handle_t mll_handle; 126 LIST_ENTRY(mac_label_listener) mll_list; 127}; 128 129LIST_HEAD(mac_label_listeners_t, mac_label_listener); 130 131/* 132 * Type of list used to manage label namespace names. 133 */ 134struct mac_label_element { 135 char mle_name[MAC_MAX_LABEL_ELEMENT_NAME]; 136 struct mac_label_listeners_t mle_listeners; 137 LIST_ENTRY(mac_label_element) mle_list; 138}; 139 140LIST_HEAD(mac_label_element_list_t, mac_label_element); 141 142/* 143 * Journal operations 144 */ 145 146#define MLJ_TYPE_PORT 1 147#define MLJ_TYPE_TASK 2 148 149#define MLJ_PORT_OP_INIT 0x0001 150#define MLJ_PORT_OP_CREATE_K 0x0002 151#define MLJ_PORT_OP_CREATE 0x0004 152#define MLJ_PORT_OP_UPDATE 0x0008 153 154#define MLJ_TASK_OP_INIT 0x0001 155#define MLJ_TASK_OP_CREATE_K 0x0002 156 157struct mac_label_journal { 158 struct label *l; 159 int type; 160 int ops; 161 162 int kotype; /* Kernel Port */ 163 164 TAILQ_ENTRY(mac_label_journal) link; 165}; 166TAILQ_HEAD(mac_label_journal_list_t, mac_label_journal); 167 168int mac_label_journal_add (struct label *, int); 169int mac_label_journal_remove(struct label *); 170struct mac_label_journal * 171 mac_label_journal_find (struct label *); 172int mac_label_journal (struct label *, int, ...); 173void mac_label_journal_replay(void); 174 175 176/* 177 * MAC Framework global variables. 178 */ 179 180extern struct mac_label_element_list_t mac_label_element_list; 181extern struct mac_label_element_list_t mac_static_label_element_list; 182extern struct mac_label_journal_list_t mac_label_journal_list; 183 184extern struct mac_policy_list mac_policy_list; 185 186/* 187 * global flags to control whether a MACF subsystem is configured 188 * at all in the system. 189 */ 190extern unsigned int mac_device_enforce; 191extern unsigned int mac_pipe_enforce; 192extern unsigned int mac_posixsem_enforce; 193extern unsigned int mac_posixshm_enforce; 194extern unsigned int mac_proc_enforce; 195extern unsigned int mac_socket_enforce; 196extern unsigned int mac_system_enforce; 197extern unsigned int mac_sysvmsg_enforce; 198extern unsigned int mac_sysvsem_enforce; 199extern unsigned int mac_sysvshm_enforce; 200extern unsigned int mac_vm_enforce; 201extern unsigned int mac_vnode_enforce; 202 203#if CONFIG_MACF_NET 204extern unsigned int mac_label_mbufs; 205#endif 206 207extern unsigned int mac_label_vnodes; 208 209static int mac_proc_check_enforce(proc_t p, int enforce_flags); 210 211static __inline__ int mac_proc_check_enforce(proc_t p, int enforce_flags) 212{ 213#if CONFIG_MACF 214 return ((p->p_mac_enforce & enforce_flags) != 0); 215#else 216#pragma unused(p,enforce_flags) 217 return 0; 218#endif 219} 220 221static int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags); 222static void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags); 223 224static __inline__ int mac_context_check_enforce(vfs_context_t ctx, int enforce_flags) 225{ 226 proc_t proc = vfs_context_proc(ctx); 227 228 if (proc == NULL) 229 return 0; 230 231 return (mac_proc_check_enforce(proc, enforce_flags)); 232} 233 234static __inline__ void mac_context_set_enforce(vfs_context_t ctx, int enforce_flags) 235{ 236#if CONFIG_MACF 237 proc_t proc = vfs_context_proc(ctx); 238 239 if (proc == NULL) 240 return; 241 242 mac_proc_set_enforce(proc, enforce_flags); 243#else 244#pragma unused(ctx,enforce_flags) 245#endif 246} 247 248 249/* 250 * MAC Framework infrastructure functions. 251 */ 252 253int mac_error_select(int error1, int error2); 254 255void mac_policy_list_busy(void); 256int mac_policy_list_conditional_busy(void); 257void mac_policy_list_unbusy(void); 258 259void mac_labelzone_init(void); 260struct label *mac_labelzone_alloc(int flags); 261void mac_labelzone_free(struct label *label); 262 263void mac_label_init(struct label *label); 264void mac_label_destroy(struct label *label); 265#if KERNEL 266int mac_check_structmac_consistent(struct user_mac *mac); 267#else 268int mac_check_structmac_consistent(struct mac *mac); 269#endif 270 271int mac_cred_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); 272int mac_lctx_label_externalize(struct label *, char *e, char *out, size_t olen); 273#if CONFIG_MACF_SOCKET 274int mac_socket_label_externalize(struct label *, char *e, char *out, size_t olen); 275#endif /* CONFIG_MACF_SOCKET */ 276int mac_vnode_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); 277int mac_pipe_label_externalize(struct label *label, char *elements, 278 char *outbuf, size_t outbuflen); 279 280int mac_cred_label_internalize(struct label *label, char *string); 281int mac_lctx_label_internalize(struct label *label, char *string); 282#if CONFIG_MACF_SOCKET 283int mac_socket_label_internalize(struct label *label, char *string); 284#endif /* CONFIG_MACF_SOCKET */ 285int mac_vnode_label_internalize(struct label *label, char *string); 286int mac_pipe_label_internalize(struct label *label, char *string); 287 288#if CONFIG_MACF_SOCKET 289/* internal socket label manipulation functions */ 290struct label *mac_socket_label_alloc(int flags); 291void mac_socket_label_free(struct label *l); 292int mac_socket_label_update(struct ucred *cred, struct socket *so, struct label *l); 293#endif /* MAC_SOCKET */ 294 295#if CONFIG_MACF_NET 296struct label *mac_mbuf_to_label(struct mbuf *m); 297#else 298#define mac_mbuf_to_label(m) (NULL) 299#endif 300 301/* 302 * MAC_CHECK performs the designated check by walking the policy 303 * module list and checking with each as to how it feels about the 304 * request. Note that it returns its value via 'error' in the scope 305 * of the caller. 306 */ 307#define MAC_CHECK(check, args...) do { \ 308 struct mac_policy_conf *mpc; \ 309 u_int i; \ 310 \ 311 error = 0; \ 312 for (i = 0; i < mac_policy_list.staticmax; i++) { \ 313 mpc = mac_policy_list.entries[i].mpc; \ 314 if (mpc == NULL) \ 315 continue; \ 316 \ 317 if (mpc->mpc_ops->mpo_ ## check != NULL) \ 318 error = mac_error_select( \ 319 mpc->mpc_ops->mpo_ ## check (args), \ 320 error); \ 321 } \ 322 if (mac_policy_list_conditional_busy() != 0) { \ 323 for (; i <= mac_policy_list.maxindex; i++) { \ 324 mpc = mac_policy_list.entries[i].mpc; \ 325 if (mpc == NULL) \ 326 continue; \ 327 \ 328 if (mpc->mpc_ops->mpo_ ## check != NULL) \ 329 error = mac_error_select( \ 330 mpc->mpc_ops->mpo_ ## check (args), \ 331 error); \ 332 } \ 333 mac_policy_list_unbusy(); \ 334 } \ 335} while (0) 336 337/* 338 * MAC_GRANT performs the designated check by walking the policy 339 * module list and checking with each as to how it feels about the 340 * request. Unlike MAC_CHECK, it grants if any policies return '0', 341 * and otherwise returns EPERM. Note that it returns its value via 342 * 'error' in the scope of the caller. 343 */ 344#define MAC_GRANT(check, args...) do { \ 345 struct mac_policy_conf *mpc; \ 346 u_int i; \ 347 \ 348 error = EPERM; \ 349 for (i = 0; i < mac_policy_list.staticmax; i++) { \ 350 mpc = mac_policy_list.entries[i].mpc; \ 351 if (mpc == NULL) \ 352 continue; \ 353 \ 354 if (mpc->mpc_ops->mpo_ ## check != NULL) { \ 355 if (mpc->mpc_ops->mpo_ ## check (args) == 0) \ 356 error = 0; \ 357 } \ 358 } \ 359 if (mac_policy_list_conditional_busy() != 0) { \ 360 for (; i <= mac_policy_list.maxindex; i++) { \ 361 mpc = mac_policy_list.entries[i].mpc; \ 362 if (mpc == NULL) \ 363 continue; \ 364 \ 365 if (mpc->mpc_ops->mpo_ ## check != NULL) { \ 366 if (mpc->mpc_ops->mpo_ ## check (args) \ 367 == 0) \ 368 error = 0; \ 369 } \ 370 } \ 371 mac_policy_list_unbusy(); \ 372 } \ 373} while (0) 374 375/* 376 * MAC_BOOLEAN performs the designated boolean composition by walking 377 * the module list, invoking each instance of the operation, and 378 * combining the results using the passed C operator. Note that it 379 * returns its value via 'result' in the scope of the caller, which 380 * should be initialized by the caller in a meaningful way to get 381 * a meaningful result. 382 */ 383#define MAC_BOOLEAN(operation, composition, args...) do { \ 384 struct mac_policy_conf *mpc; \ 385 u_int i; \ 386 \ 387 for (i = 0; i < mac_policy_list.staticmax; i++) { \ 388 mpc = mac_policy_list.entries[i].mpc; \ 389 if (mpc == NULL) \ 390 continue; \ 391 \ 392 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 393 result = result composition \ 394 mpc->mpc_ops->mpo_ ## operation \ 395 (args); \ 396 } \ 397 if (mac_policy_list_conditional_busy() != 0) { \ 398 for (; i <= mac_policy_list.maxindex; i++) { \ 399 mpc = mac_policy_list.entries[i].mpc; \ 400 if (mpc == NULL) \ 401 continue; \ 402 \ 403 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 404 result = result composition \ 405 mpc->mpc_ops->mpo_ ## operation \ 406 (args); \ 407 } \ 408 mac_policy_list_unbusy(); \ 409 } \ 410} while (0) 411 412#define MAC_INTERNALIZE(obj, label, instring) \ 413 mac_internalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_internalize), label, instring) 414 415#define MAC_EXTERNALIZE(obj, label, elementlist, outbuf, outbuflen) \ 416 mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize), label, elementlist, outbuf, outbuflen) 417 418#define MAC_EXTERNALIZE_AUDIT(obj, label, outbuf, outbuflen) \ 419 mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize_audit), label, "*", outbuf, outbuflen) 420 421/* 422 * MAC_PERFORM performs the designated operation by walking the policy 423 * module list and invoking that operation for each policy. 424 */ 425#define MAC_PERFORM(operation, args...) do { \ 426 struct mac_policy_conf *mpc; \ 427 u_int i; \ 428 \ 429 for (i = 0; i < mac_policy_list.staticmax; i++) { \ 430 mpc = mac_policy_list.entries[i].mpc; \ 431 if (mpc == NULL) \ 432 continue; \ 433 \ 434 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 435 mpc->mpc_ops->mpo_ ## operation (args); \ 436 } \ 437 if (mac_policy_list_conditional_busy() != 0) { \ 438 for (; i <= mac_policy_list.maxindex; i++) { \ 439 mpc = mac_policy_list.entries[i].mpc; \ 440 if (mpc == NULL) \ 441 continue; \ 442 \ 443 if (mpc->mpc_ops->mpo_ ## operation != NULL) \ 444 mpc->mpc_ops->mpo_ ## operation (args); \ 445 } \ 446 mac_policy_list_unbusy(); \ 447 } \ 448} while (0) 449 450struct __mac_get_pid_args; 451struct __mac_get_proc_args; 452struct __mac_set_proc_args; 453struct __mac_get_lcid_args; 454struct __mac_get_lctx_args; 455struct __mac_set_lctx_args; 456struct __mac_get_fd_args; 457struct __mac_get_file_args; 458struct __mac_get_link_args; 459struct __mac_set_fd_args; 460struct __mac_set_file_args; 461struct __mac_syscall_args; 462 463void mac_policy_addto_labellist(const mac_policy_handle_t, int); 464void mac_policy_removefrom_labellist(const mac_policy_handle_t); 465 466int mac_externalize(size_t mpo_externalize_off, struct label *label, 467 const char *elementlist, char *outbuf, size_t outbuflen); 468int mac_internalize(size_t mpo_internalize_off, struct label *label, 469 char *elementlist); 470#endif /* !_SECURITY_MAC_INTERNAL_H_ */ 471