1/* 2 * Copyright (c) 2007 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/*- 29 * Copyright (c) 2003-2005 Networks Associates Technology, Inc. 30 * All rights reserved. 31 * 32 * This software was developed for the FreeBSD Project in part by Network 33 * Associates Laboratories, the Security Research Division of Network 34 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 35 * as part of the DARPA CHATS research program. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 46 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56 * SUCH DAMAGE. 57 */ 58 59#include <sys/cdefs.h> 60 61#include <sys/param.h> 62#include <sys/kernel.h> 63#include <sys/lock.h> 64#include <sys/malloc.h> 65#include <sys/posix_shm.h> 66#include <sys/sbuf.h> 67#include <sys/systm.h> 68#include <sys/sysctl.h> 69#include <sys/vnode.h> 70 71#include <security/mac_internal.h> 72 73static struct label * 74mac_posixshm_label_alloc(void) 75{ 76 struct label *label; 77 78 label = mac_labelzone_alloc(MAC_WAITOK); 79 if (label == NULL) 80 return (NULL); 81 MAC_PERFORM(posixshm_label_init, label); 82 return (label); 83} 84 85void 86mac_posixshm_label_init(struct pshminfo *pshm) 87{ 88 89 pshm->pshm_label = mac_posixshm_label_alloc(); 90} 91 92static void 93mac_posixshm_label_free(struct label *label) 94{ 95 96 MAC_PERFORM(posixshm_label_destroy, label); 97 mac_labelzone_free(label); 98} 99 100void 101mac_posixshm_label_destroy(struct pshminfo *pshm) 102{ 103 104 mac_posixshm_label_free(pshm->pshm_label); 105 pshm->pshm_label = NULL; 106} 107 108void 109mac_posixshm_vnode_label_associate(kauth_cred_t cred, 110 struct pshminfo *pshm, struct label *plabel, 111 vnode_t vp, struct label *vlabel) 112{ 113 MAC_PERFORM(vnode_label_associate_posixshm, cred, 114 pshm, plabel, vp, vlabel); 115} 116 117void 118mac_posixshm_label_associate(kauth_cred_t cred, struct pshminfo *pshm, 119 const char *name) 120{ 121 122 MAC_PERFORM(posixshm_label_associate, cred, pshm, pshm->pshm_label, name); 123} 124 125int 126mac_posixshm_check_create(kauth_cred_t cred, const char *name) 127{ 128 int error = 0; 129 130 if (!mac_posixshm_enforce) 131 return 0; 132 133 MAC_CHECK(posixshm_check_create, cred, name); 134 135 return error; 136} 137 138int 139mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *shm, int fflags) 140{ 141 int error = 0; 142 143 if (!mac_posixshm_enforce) 144 return 0; 145 146 MAC_CHECK(posixshm_check_open, cred, shm, shm->pshm_label, fflags); 147 148 return (error); 149} 150 151int 152mac_posixshm_check_mmap(kauth_cred_t cred, struct pshminfo *shm, 153 int prot, int flags) 154{ 155 int error = 0; 156 157 if (!mac_posixshm_enforce) 158 return 0; 159 160 MAC_CHECK(posixshm_check_mmap, cred, shm, shm->pshm_label, 161 prot, flags); 162 163 return (error); 164} 165 166int 167mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *shm) 168{ 169 int error = 0; 170 171 if (!mac_posixshm_enforce) 172 return 0; 173 174 MAC_CHECK(posixshm_check_stat, cred, shm, shm->pshm_label); 175 176 return (error); 177} 178 179int 180mac_posixshm_check_truncate(kauth_cred_t cred, struct pshminfo *shm, 181 off_t size) 182{ 183 int error = 0; 184 185 if (!mac_posixshm_enforce) 186 return 0; 187 188 MAC_CHECK(posixshm_check_truncate, cred, shm, shm->pshm_label, size); 189 190 return (error); 191} 192 193int 194mac_posixshm_check_unlink(kauth_cred_t cred, struct pshminfo *shm, 195 const char *name) 196{ 197 int error = 0; 198 199 if (!mac_posixshm_enforce) 200 return 0; 201 202 MAC_CHECK(posixshm_check_unlink, cred, shm, shm->pshm_label, name); 203 204 return (error); 205} 206