diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 72f974519c7f..052e8f326ee6 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -774,727 +774,8 @@ biba_copy_label(struct label *src, struct label *dest) } /* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. - */ -static void -biba_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) -{ - struct mac_biba *mb; - int biba_type; - - mb = SLOT(delabel); - if (strcmp(dev->si_name, "null") == 0 || - strcmp(dev->si_name, "zero") == 0 || - strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) - biba_type = MAC_BIBA_TYPE_EQUAL; - else if (ptys_equal && - (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || - strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) - biba_type = MAC_BIBA_TYPE_EQUAL; - else - biba_type = MAC_BIBA_TYPE_HIGH; - biba_set_effective(mb, biba_type, 0, NULL); -} - -static void -biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *delabel) -{ - struct mac_biba *mb; - - mb = SLOT(delabel); - - biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); -} - -static void -biba_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(delabel); - - biba_copy_effective(source, dest); -} - -static void -biba_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(mplabel); - - biba_copy_effective(source, dest); -} - -static void -biba_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(vplabel); - - biba_copy(source, dest); -} - -static void -biba_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(vplabel); - dest = SLOT(delabel); - - biba_copy(source, dest); -} - -static void -biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(delabel); - dest = SLOT(vplabel); - - biba_copy_effective(source, dest); -} - -static int -biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_biba mb_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); - - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - biba_copy_effective(source, dest); - return (0); - } else if (error) - return (error); - - if (buflen != sizeof(mb_temp)) { - printf("biba_vnode_associate_extattr: bad size %d\n", - buflen); - return (EPERM); - } - if (biba_valid(&mb_temp) != 0) { - printf("biba_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != - MAC_BIBA_FLAG_EFFECTIVE) { - printf("biba_vnode_associate_extattr: not effective\n"); - return (EPERM); - } - - biba_copy_effective(&mb_temp, dest); - return (0); -} - -static void -biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - biba_copy_effective(source, dest); -} - -static int -biba_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_biba *source, *dest, mb_temp; - size_t buflen; - int error; - - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); - - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - biba_copy_effective(source, &mb_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); - if (error == 0) - biba_copy_effective(source, dest); - return (error); -} - -static int -biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) -{ - struct mac_biba *source, mb_temp; - size_t buflen; - int error; - - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); - - source = SLOT(intlabel); - if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) - return (0); - - biba_copy_effective(source, &mb_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); - return (error); -} - -/* - * Labeling event operations: IPC object. - */ -static void -biba_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(solabel); - dest = SLOT(mlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(solabel); - - biba_copy_effective(source, dest); -} - -static void -biba_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(pplabel); - - biba_copy_effective(source, dest); -} - -static void -biba_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(kslabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(solabel); - - biba_copy(source, dest); -} - -static void -biba_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(pplabel); - - biba_copy(source, dest); -} - -static void -biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(sopeerlabel); - - biba_copy_effective(source, dest); -} - -/* - * Labeling event operations: System V IPC objects. - */ -static void -biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) -{ - struct mac_biba *source, *dest; - - /* Ignore the msgq label */ - source = SLOT(cred->cr_label); - dest = SLOT(msglabel); - - biba_copy_effective(source, dest); -} - -static void -biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(msqlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(semalabel); - - biba_copy_effective(source, dest); -} - -static void -biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(shmlabel); - - biba_copy_effective(source, dest); -} - -/* - * Labeling event operations: network objects. - */ -static void -biba_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_ifnet_create(struct ifnet *ifp, struct label *ifplabel) -{ - char tifname[IFNAMSIZ], *p, *q; - char tiflist[sizeof(trusted_interfaces)]; - struct mac_biba *dest; - int len, type; - - dest = SLOT(ifplabel); - - if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { - type = MAC_BIBA_TYPE_EQUAL; - goto set; - } - - if (trust_all_interfaces) { - type = MAC_BIBA_TYPE_HIGH; - goto set; - } - - type = MAC_BIBA_TYPE_LOW; - - if (trusted_interfaces[0] == '\0' || - !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) - goto set; - - bzero(tiflist, sizeof(tiflist)); - for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) - if(*p != ' ' && *p != '\t') - *q = *p; - - for (p = q = tiflist;; p++) { - if (*p == ',' || *p == '\0') { - len = p - q; - if (len < IFNAMSIZ) { - bzero(tifname, sizeof(tifname)); - bcopy(q, tifname, len); - if (strcmp(tifname, ifp->if_xname) == 0) { - type = MAC_BIBA_TYPE_HIGH; - break; - } - } else { - *p = '\0'; - printf("mac_biba warning: interface name " - "\"%s\" is too long (must be < %d)\n", - q, IFNAMSIZ); - } - if (*p == '\0') - break; - q = p + 1; - } - } -set: - biba_set_effective(dest, type, 0, NULL); - biba_set_range(dest, type, 0, NULL, type, 0, NULL); -} - -static void -biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(ipqlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, - struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(ipqlabel); - dest = SLOT(mlabel); - - /* Just use the head, since we require them all to match. */ - biba_copy_effective(source, dest); -} - -static void -biba_netinet_fragment(struct mbuf *m, struct label *mlabel, - struct mbuf *frag, struct label *fraglabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(fraglabel); - - biba_copy_effective(source, dest); -} - -static void -biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(inplabel); - dest = SLOT(mlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(dlabel); - dest = SLOT(mlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(ifplabel); - dest = SLOT(mlabel); - - biba_copy_effective(source, dest); -} - -static int -biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_biba *a, *b; - - a = SLOT(ipqlabel); - b = SLOT(mlabel); - - return (biba_equal_effective(a, b)); -} - -static void -biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(ifplabel); - - biba_copy(source, dest); -} - -static void -biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - - /* NOOP: we only accept matching labels, so no need to update */ -} - -static void -biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - biba_copy(source, dest); -} - -static void -biba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -static void -biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -static void -biba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - /* XXX: where is the label for the firewall really coming from? */ - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -static void -biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -static void -biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -/* - * Labeling event operations: processes. - */ -static void -biba_proc_create_swapper(struct ucred *cred) -{ - struct mac_biba *dest; - - dest = SLOT(cred->cr_label); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); - biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_proc_create_init(struct ucred *cred) -{ - struct mac_biba *dest; - - dest = SLOT(cred->cr_label); - - biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); - biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_proc_associate_nfsd(struct ucred *cred) -{ - struct mac_biba *label; - - label = SLOT(cred->cr_label); - biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); - biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); - - biba_copy(source, dest); -} - -/* - * Label cleanup/flush operations - */ -static void -biba_sysvmsg_cleanup(struct label *msglabel) -{ - - bzero(SLOT(msglabel), sizeof(struct mac_biba)); -} - -static void -biba_sysvmsq_cleanup(struct label *msqlabel) -{ - - bzero(SLOT(msqlabel), sizeof(struct mac_biba)); -} - -static void -biba_sysvsem_cleanup(struct label *semalabel) -{ - - bzero(SLOT(semalabel), sizeof(struct mac_biba)); -} - -static void -biba_sysvshm_cleanup(struct label *shmlabel) -{ - bzero(SLOT(shmlabel), sizeof(struct mac_biba)); -} - -/* - * Access control checks. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ static int biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, @@ -1513,6 +794,30 @@ biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, return (EACCES); } +static void +biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(dlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(dlabel); + dest = SLOT(mlabel); + + biba_copy_effective(source, dest); +} + static int biba_cred_check_relabel(struct ucred *cred, struct label *newlabel) { @@ -1592,6 +897,88 @@ biba_cred_check_visible(struct ucred *u1, struct ucred *u2) return (0); } +static void +biba_cred_relabel(struct ucred *cred, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(cred->cr_label); + + biba_copy(source, dest); +} + +static void +biba_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +{ + struct mac_biba *mb; + int biba_type; + + mb = SLOT(delabel); + if (strcmp(dev->si_name, "null") == 0 || + strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "random") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) + biba_type = MAC_BIBA_TYPE_EQUAL; + else if (ptys_equal && + (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || + strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) + biba_type = MAC_BIBA_TYPE_EQUAL; + else + biba_type = MAC_BIBA_TYPE_HIGH; + biba_set_effective(mb, biba_type, 0, NULL); +} + +static void +biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *delabel) +{ + struct mac_biba *mb; + + mb = SLOT(delabel); + + biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); +} + +static void +biba_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(delabel); + + biba_copy_effective(source, dest); +} + +static void +biba_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(vplabel); + dest = SLOT(delabel); + + biba_copy(source, dest); +} + +static void +biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(delabel); + dest = SLOT(vplabel); + + biba_copy_effective(source, dest); +} + static int biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel) @@ -1635,6 +1022,87 @@ biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, return (biba_effective_in_range(p, i) ? 0 : EACCES); } +static void +biba_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +{ + char tifname[IFNAMSIZ], *p, *q; + char tiflist[sizeof(trusted_interfaces)]; + struct mac_biba *dest; + int len, type; + + dest = SLOT(ifplabel); + + if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { + type = MAC_BIBA_TYPE_EQUAL; + goto set; + } + + if (trust_all_interfaces) { + type = MAC_BIBA_TYPE_HIGH; + goto set; + } + + type = MAC_BIBA_TYPE_LOW; + + if (trusted_interfaces[0] == '\0' || + !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) + goto set; + + bzero(tiflist, sizeof(tiflist)); + for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) + if(*p != ' ' && *p != '\t') + *q = *p; + + for (p = q = tiflist;; p++) { + if (*p == ',' || *p == '\0') { + len = p - q; + if (len < IFNAMSIZ) { + bzero(tifname, sizeof(tifname)); + bcopy(q, tifname, len); + if (strcmp(tifname, ifp->if_xname) == 0) { + type = MAC_BIBA_TYPE_HIGH; + break; + } + } else { + *p = '\0'; + printf("mac_biba warning: interface name " + "\"%s\" is too long (must be < %d)\n", + q, IFNAMSIZ); + } + if (*p == '\0') + break; + q = p + 1; + } + } +set: + biba_set_effective(dest, type, 0, NULL); + biba_set_range(dest, type, 0, NULL, type, 0, NULL); +} + +static void +biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(ifplabel); + dest = SLOT(mlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(ifplabel); + + biba_copy(source, dest); +} + static int biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) @@ -1650,276 +1118,85 @@ biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, return (biba_equal_effective(p, i) ? 0 : EACCES); } -static int -biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +static void +biba_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { - struct mac_biba *subj, *obj; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(solabel); + dest = SLOT(inplabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); + biba_copy_effective(source, dest); +} - if (!biba_dominate_effective(obj, subj)) - return (EACCES); +static void +biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *source, *dest; - return (0); + source = SLOT(inplabel); + dest = SLOT(mlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(solabel); + dest = SLOT(inplabel); + + biba_copy(source, dest); +} + +static void +biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(ipqlabel); + + biba_copy_effective(source, dest); } static int -biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_biba *subj, *obj; + struct mac_biba *a, *b; - if (!biba_enabled) - return (0); + a = SLOT(ipqlabel); + b = SLOT(mlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); - - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); + return (biba_equal_effective(a, b)); } -static int -biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, + struct label *mlabel) { - struct mac_biba *subj, *obj; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(ipqlabel); + dest = SLOT(mlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - - return (0); + /* Just use the head, since we require them all to match. */ + biba_copy_effective(source, dest); } -static int -biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_biba *subj, *obj; - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; - - case IPC_STAT: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - case SETVAL: - case SETALL: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; - - case IPC_STAT: - case GETVAL: - case GETPID: - case GETNCNT: - case GETZCNT: - case GETALL: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - if (accesstype & SEM_R) - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - - if (accesstype & SEM_A) - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - if ((shmflg & SHM_RDONLY) == 0) { - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - } - - return (0); -} - -static int -biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; - - case IPC_STAT: - case SHM_STAT: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - - return (0); + /* NOOP: we only accept matching labels, so no need to update */ } static int @@ -1963,6 +1240,109 @@ biba_mount_check_stat(struct ucred *cred, struct mount *mp, return (0); } +static void +biba_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); + + biba_copy_effective(source, dest); +} + +static void +biba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + /* XXX: where is the label for the firewall really coming from? */ + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(fraglabel); + + biba_copy_effective(source, dest); +} + +static void +biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + static int biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) @@ -2099,6 +1479,30 @@ biba_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } +static void +biba_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); + + biba_copy_effective(source, dest); +} + +static void +biba_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(pplabel); + + biba_copy(source, dest); +} + static int biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, struct label *kslabel) @@ -2135,148 +1539,16 @@ biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, return (0); } -static int -biba_proc_check_debug(struct ucred *cred, struct proc *p) +static void +biba_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - struct mac_biba *subj, *obj; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(cred->cr_label); + dest = SLOT(kslabel); - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!biba_dominate_effective(obj, subj)) - return (ESRCH); - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -biba_proc_check_sched(struct ucred *cred, struct proc *p) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!biba_dominate_effective(obj, subj)) - return (ESRCH); - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!biba_dominate_effective(obj, subj)) - return (ESRCH); - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -biba_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *p, *s; - - if (!biba_enabled) - return (0); - - p = SLOT(mlabel); - s = SLOT(solabel); - - return (biba_equal_effective(p, s) ? 0 : EACCES); -} - -static int -biba_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_biba *subj, *obj, *new; - int error; - - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - /* - * If there is a Biba label update for the socket, it may be an - * update of effective. - */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); - if (error) - return (error); - - /* - * To relabel a socket, the old socket effective must be in the - * subject range. - */ - if (!biba_effective_in_range(obj, subj)) - return (EPERM); - - /* - * If the Biba label is to be changed, authorize as appropriate. - */ - if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { - /* - * To relabel a socket, the new socket effective must be in - * the subject range. - */ - if (!biba_effective_in_range(new, subj)) - return (EPERM); - - /* - * To change the Biba label on the socket to contain EQUAL, - * the subject must have appropriate privilege. - */ - if (biba_contains_equal(new)) { - error = biba_subject_privileged(subj); - if (error) - return (error); - } - } - - return (0); -} - -static int -biba_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - if (!biba_dominate_effective(obj, subj)) - return (ENOENT); - - return (0); + biba_copy_effective(source, dest); } /* @@ -2468,6 +1740,279 @@ biba_priv_check(struct ucred *cred, int priv) return (0); } +static void +biba_proc_associate_nfsd(struct ucred *cred) +{ + struct mac_biba *label; + + label = SLOT(cred->cr_label); + biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); + biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); +} + +static int +biba_proc_check_debug(struct ucred *cred, struct proc *p) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!biba_dominate_effective(obj, subj)) + return (ESRCH); + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_proc_check_sched(struct ucred *cred, struct proc *p) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!biba_dominate_effective(obj, subj)) + return (ESRCH); + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!biba_dominate_effective(obj, subj)) + return (ESRCH); + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *p, *s; + + if (!biba_enabled) + return (0); + + p = SLOT(mlabel); + s = SLOT(solabel); + + return (biba_equal_effective(p, s) ? 0 : EACCES); +} + +static void +biba_proc_create_init(struct ucred *cred) +{ + struct mac_biba *dest; + + dest = SLOT(cred->cr_label); + + biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); + biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); +} + +static void +biba_proc_create_swapper(struct ucred *cred) +{ + struct mac_biba *dest; + + dest = SLOT(cred->cr_label); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); +} + +static int +biba_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_biba *subj, *obj, *new; + int error; + + new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + /* + * If there is a Biba label update for the socket, it may be an + * update of effective. + */ + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); + if (error) + return (error); + + /* + * To relabel a socket, the old socket effective must be in the + * subject range. + */ + if (!biba_effective_in_range(obj, subj)) + return (EPERM); + + /* + * If the Biba label is to be changed, authorize as appropriate. + */ + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + /* + * To relabel a socket, the new socket effective must be in + * the subject range. + */ + if (!biba_effective_in_range(new, subj)) + return (EPERM); + + /* + * To change the Biba label on the socket to contain EQUAL, + * the subject must have appropriate privilege. + */ + if (biba_contains_equal(new)) { + error = biba_subject_privileged(subj); + if (error) + return (error); + } + } + + return (0); +} + +static int +biba_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + if (!biba_dominate_effective(obj, subj)) + return (ENOENT); + + return (0); +} + +static void +biba_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(solabel); + + biba_copy_effective(source, dest); +} + +static void +biba_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(solabel); + dest = SLOT(mlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); + + biba_copy_effective(source, dest); +} + +static void +biba_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(solabel); + + biba_copy(source, dest); +} + +static void +biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); + + biba_copy_effective(source, dest); +} + +static void +biba_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_biba *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + biba_copy_effective(source, dest); +} + +static void +biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + biba_copy_effective(source, dest); +} + static int biba_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) @@ -2538,6 +2083,25 @@ biba_system_check_auditon(struct ucred *cred, int cmd) return (0); } +static int +biba_system_check_swapoff(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct mac_biba *subj; + int error; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + + error = biba_subject_privileged(subj); + if (error) + return (error); + + return (0); +} + static int biba_system_check_swapon(struct ucred *cred, struct vnode *vp, struct label *vplabel) @@ -2561,25 +2125,6 @@ biba_system_check_swapon(struct ucred *cred, struct vnode *vp, return (0); } -static int -biba_system_check_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) -{ - struct mac_biba *subj; - int error; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - - error = biba_subject_privileged(subj); - if (error) - return (error); - - return (0); -} - static int biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req) @@ -2608,6 +2153,408 @@ biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, return (0); } +static void +biba_sysvmsg_cleanup(struct label *msglabel) +{ + + bzero(SLOT(msglabel), sizeof(struct mac_biba)); +} + +static void +biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + struct mac_biba *source, *dest; + + /* Ignore the msgq label */ + source = SLOT(cred->cr_label); + dest = SLOT(msglabel); + + biba_copy_effective(source, dest); +} + +static int +biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msglabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msglabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; + + case IPC_STAT: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static void +biba_sysvmsq_cleanup(struct label *msqlabel) +{ + + bzero(SLOT(msqlabel), sizeof(struct mac_biba)); +} + +static void +biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(msqlabel); + + biba_copy_effective(source, dest); +} + +static int +biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + case SETVAL: + case SETALL: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; + + case IPC_STAT: + case GETVAL: + case GETPID: + case GETNCNT: + case GETZCNT: + case GETALL: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static int +biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + if (accesstype & SEM_R) + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + if (accesstype & SEM_A) + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static void +biba_sysvsem_cleanup(struct label *semalabel) +{ + + bzero(SLOT(semalabel), sizeof(struct mac_biba)); +} + +static void +biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(semalabel); + + biba_copy_effective(source, dest); +} + +static int +biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + if ((shmflg & SHM_RDONLY) == 0) { + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + } + + return (0); +} + +static int +biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; + + case IPC_STAT: + case SHM_STAT: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static int +biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static void +biba_sysvshm_cleanup(struct label *shmlabel) +{ + + bzero(SLOT(shmlabel), sizeof(struct mac_biba)); +} + +static void +biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); + + biba_copy_effective(source, dest); +} + +static int +biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_biba mb_temp, *source, *dest; + int buflen, error; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); + + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + biba_copy_effective(source, dest); + return (0); + } else if (error) + return (error); + + if (buflen != sizeof(mb_temp)) { + printf("biba_vnode_associate_extattr: bad size %d\n", + buflen); + return (EPERM); + } + if (biba_valid(&mb_temp) != 0) { + printf("biba_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != + MAC_BIBA_FLAG_EFFECTIVE) { + printf("biba_vnode_associate_extattr: not effective\n"); + return (EPERM); + } + + biba_copy_effective(&mb_temp, dest); + return (0); +} + +static void +biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + biba_copy_effective(source, dest); +} + static int biba_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel) @@ -3242,174 +3189,235 @@ biba_vnode_check_write(struct ucred *active_cred, return (0); } -static void -biba_syncache_create(struct label *label, struct inpcb *inp) +static int +biba_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { - struct mac_biba *source, *dest; + struct mac_biba *source, *dest, mb_temp; + size_t buflen; + int error; - source = SLOT(inp->inp_label); - dest = SLOT(label); - biba_copy_effective(source, dest); + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + biba_copy_effective(source, &mb_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); + if (error == 0) + biba_copy_effective(source, dest); + return (error); } static void -biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +biba_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *newlabel) { struct mac_biba *source, *dest; - source = SLOT(sc_label); - dest = SLOT(mlabel); - biba_copy_effective(source, dest); + source = SLOT(newlabel); + dest = SLOT(vplabel); + + biba_copy(source, dest); +} + +static int +biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_biba *source, mb_temp; + size_t buflen; + int error; + + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); + + source = SLOT(intlabel); + if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) + return (0); + + biba_copy_effective(source, &mb_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); + return (error); } static struct mac_policy_ops mac_biba_ops = { .mpo_init = biba_init, - .mpo_bpfdesc_init_label = biba_init_label, - .mpo_cred_init_label = biba_init_label, - .mpo_devfs_init_label = biba_init_label, - .mpo_ifnet_init_label = biba_init_label, - .mpo_inpcb_init_label = biba_init_label_waitcheck, - .mpo_syncache_init_label = biba_init_label_waitcheck, - .mpo_sysvmsg_init_label = biba_init_label, - .mpo_sysvmsq_init_label = biba_init_label, - .mpo_sysvsem_init_label = biba_init_label, - .mpo_sysvshm_init_label = biba_init_label, - .mpo_ipq_init_label = biba_init_label_waitcheck, - .mpo_mbuf_init_label = biba_init_label_waitcheck, - .mpo_mount_init_label = biba_init_label, - .mpo_pipe_init_label = biba_init_label, - .mpo_posixsem_init_label = biba_init_label, - .mpo_socket_init_label = biba_init_label_waitcheck, - .mpo_socketpeer_init_label = biba_init_label_waitcheck, - .mpo_syncache_create = biba_syncache_create, - .mpo_vnode_init_label = biba_init_label, + + .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, + .mpo_bpfdesc_create = biba_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = biba_destroy_label, - .mpo_cred_destroy_label = biba_destroy_label, - .mpo_devfs_destroy_label = biba_destroy_label, - .mpo_ifnet_destroy_label = biba_destroy_label, - .mpo_inpcb_destroy_label = biba_destroy_label, - .mpo_syncache_destroy_label = biba_destroy_label, - .mpo_sysvmsg_destroy_label = biba_destroy_label, - .mpo_sysvmsq_destroy_label = biba_destroy_label, - .mpo_sysvsem_destroy_label = biba_destroy_label, - .mpo_sysvshm_destroy_label = biba_destroy_label, - .mpo_ipq_destroy_label = biba_destroy_label, - .mpo_mbuf_destroy_label = biba_destroy_label, - .mpo_mount_destroy_label = biba_destroy_label, - .mpo_pipe_destroy_label = biba_destroy_label, - .mpo_posixsem_destroy_label = biba_destroy_label, - .mpo_socket_destroy_label = biba_destroy_label, - .mpo_socketpeer_destroy_label = biba_destroy_label, - .mpo_vnode_destroy_label = biba_destroy_label, + .mpo_bpfdesc_init_label = biba_init_label, + + .mpo_cred_check_relabel = biba_cred_check_relabel, + .mpo_cred_check_visible = biba_cred_check_visible, .mpo_cred_copy_label = biba_copy_label, - .mpo_ifnet_copy_label = biba_copy_label, - .mpo_mbuf_copy_label = biba_copy_label, - .mpo_pipe_copy_label = biba_copy_label, - .mpo_socket_copy_label = biba_copy_label, - .mpo_vnode_copy_label = biba_copy_label, + .mpo_cred_destroy_label = biba_destroy_label, .mpo_cred_externalize_label = biba_externalize_label, - .mpo_ifnet_externalize_label = biba_externalize_label, - .mpo_pipe_externalize_label = biba_externalize_label, - .mpo_socket_externalize_label = biba_externalize_label, - .mpo_socketpeer_externalize_label = biba_externalize_label, - .mpo_vnode_externalize_label = biba_externalize_label, + .mpo_cred_init_label = biba_init_label, .mpo_cred_internalize_label = biba_internalize_label, - .mpo_ifnet_internalize_label = biba_internalize_label, - .mpo_pipe_internalize_label = biba_internalize_label, - .mpo_socket_internalize_label = biba_internalize_label, - .mpo_vnode_internalize_label = biba_internalize_label, + .mpo_cred_relabel = biba_cred_relabel, + .mpo_devfs_create_device = biba_devfs_create_device, .mpo_devfs_create_directory = biba_devfs_create_directory, .mpo_devfs_create_symlink = biba_devfs_create_symlink, - .mpo_mount_create = biba_mount_create, - .mpo_vnode_relabel = biba_vnode_relabel, + .mpo_devfs_destroy_label = biba_destroy_label, + .mpo_devfs_init_label = biba_init_label, .mpo_devfs_update = biba_devfs_update, .mpo_devfs_vnode_associate = biba_devfs_vnode_associate, - .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = biba_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = biba_socket_create_mbuf, - .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, - .mpo_pipe_create = biba_pipe_create, - .mpo_posixsem_create = biba_posixsem_create, - .mpo_socket_create = biba_socket_create, - .mpo_socket_newconn = biba_socket_newconn, - .mpo_pipe_relabel = biba_pipe_relabel, - .mpo_socket_relabel = biba_socket_relabel, - .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, - .mpo_bpfdesc_create = biba_bpfdesc_create, - .mpo_ipq_reassemble = biba_ipq_reassemble, - .mpo_netinet_fragment = biba_netinet_fragment, - .mpo_ifnet_create = biba_ifnet_create, - .mpo_inpcb_create = biba_inpcb_create, - .mpo_sysvmsg_create = biba_sysvmsg_create, - .mpo_sysvmsq_create = biba_sysvmsq_create, - .mpo_sysvsem_create = biba_sysvsem_create, - .mpo_sysvshm_create = biba_sysvshm_create, - .mpo_ipq_create = biba_ipq_create, - .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, - .mpo_ipq_match = biba_ipq_match, - .mpo_ifnet_relabel = biba_ifnet_relabel, - .mpo_ipq_update = biba_ipq_update, - .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, - .mpo_proc_create_swapper = biba_proc_create_swapper, - .mpo_proc_create_init = biba_proc_create_init, - .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, - .mpo_cred_relabel = biba_cred_relabel, - .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, - .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, - .mpo_cred_check_relabel = biba_cred_check_relabel, - .mpo_cred_check_visible = biba_cred_check_visible, + .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, + .mpo_ifnet_copy_label = biba_copy_label, + .mpo_ifnet_create = biba_ifnet_create, + .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = biba_destroy_label, + .mpo_ifnet_externalize_label = biba_externalize_label, + .mpo_ifnet_init_label = biba_init_label, + .mpo_ifnet_internalize_label = biba_internalize_label, + .mpo_ifnet_relabel = biba_ifnet_relabel, + .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, - .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, - .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, + .mpo_inpcb_create = biba_inpcb_create, + .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, + .mpo_inpcb_destroy_label = biba_destroy_label, + .mpo_inpcb_init_label = biba_init_label_waitcheck, + .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, + + .mpo_ipq_create = biba_ipq_create, + .mpo_ipq_destroy_label = biba_destroy_label, + .mpo_ipq_init_label = biba_init_label_waitcheck, + .mpo_ipq_match = biba_ipq_match, + .mpo_ipq_reassemble = biba_ipq_reassemble, + .mpo_ipq_update = biba_ipq_update, + .mpo_kld_check_load = biba_kld_check_load, + + .mpo_mbuf_copy_label = biba_copy_label, + .mpo_mbuf_destroy_label = biba_destroy_label, + .mpo_mbuf_init_label = biba_init_label_waitcheck, + .mpo_mount_check_stat = biba_mount_check_stat, + .mpo_mount_create = biba_mount_create, + .mpo_mount_destroy_label = biba_destroy_label, + .mpo_mount_init_label = biba_init_label, + + .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, + + .mpo_netinet_arp_send = biba_netinet_arp_send, + .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, + .mpo_netinet_firewall_send = biba_netinet_firewall_send, + .mpo_netinet_fragment = biba_netinet_fragment, + .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, + .mpo_netinet_igmp_send = biba_netinet_igmp_send, + + .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, + .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, .mpo_pipe_check_poll = biba_pipe_check_poll, .mpo_pipe_check_read = biba_pipe_check_read, .mpo_pipe_check_relabel = biba_pipe_check_relabel, .mpo_pipe_check_stat = biba_pipe_check_stat, .mpo_pipe_check_write = biba_pipe_check_write, + .mpo_pipe_copy_label = biba_copy_label, + .mpo_pipe_create = biba_pipe_create, + .mpo_pipe_destroy_label = biba_destroy_label, + .mpo_pipe_externalize_label = biba_externalize_label, + .mpo_pipe_init_label = biba_init_label, + .mpo_pipe_internalize_label = biba_internalize_label, + .mpo_pipe_relabel = biba_pipe_relabel, + .mpo_posixsem_check_destroy = biba_posixsem_check_write, .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, .mpo_posixsem_check_open = biba_posixsem_check_write, .mpo_posixsem_check_post = biba_posixsem_check_write, .mpo_posixsem_check_unlink = biba_posixsem_check_write, .mpo_posixsem_check_wait = biba_posixsem_check_write, + .mpo_posixsem_create = biba_posixsem_create, + .mpo_posixsem_destroy_label = biba_destroy_label, + .mpo_posixsem_init_label = biba_init_label, + + .mpo_priv_check = biba_priv_check, + + .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, .mpo_proc_check_debug = biba_proc_check_debug, .mpo_proc_check_sched = biba_proc_check_sched, .mpo_proc_check_signal = biba_proc_check_signal, + .mpo_proc_create_init = biba_proc_create_init, + .mpo_proc_create_swapper = biba_proc_create_swapper, + .mpo_socket_check_deliver = biba_socket_check_deliver, .mpo_socket_check_relabel = biba_socket_check_relabel, .mpo_socket_check_visible = biba_socket_check_visible, + .mpo_socket_copy_label = biba_copy_label, + .mpo_socket_create = biba_socket_create, + .mpo_socket_create_mbuf = biba_socket_create_mbuf, + .mpo_socket_destroy_label = biba_destroy_label, + .mpo_socket_externalize_label = biba_externalize_label, + .mpo_socket_init_label = biba_init_label_waitcheck, + .mpo_socket_internalize_label = biba_internalize_label, + .mpo_socket_newconn = biba_socket_newconn, + .mpo_socket_relabel = biba_socket_relabel, + + .mpo_socketpeer_destroy_label = biba_destroy_label, + .mpo_socketpeer_externalize_label = biba_externalize_label, + .mpo_socketpeer_init_label = biba_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, + + .mpo_syncache_create = biba_syncache_create, + .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, + .mpo_syncache_destroy_label = biba_destroy_label, + .mpo_syncache_init_label = biba_init_label_waitcheck, + .mpo_system_check_acct = biba_system_check_acct, .mpo_system_check_auditctl = biba_system_check_auditctl, .mpo_system_check_auditon = biba_system_check_auditon, - .mpo_system_check_swapon = biba_system_check_swapon, .mpo_system_check_swapoff = biba_system_check_swapoff, + .mpo_system_check_swapon = biba_system_check_swapon, .mpo_system_check_sysctl = biba_system_check_sysctl, + + .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, + .mpo_sysvmsg_create = biba_sysvmsg_create, + .mpo_sysvmsg_destroy_label = biba_destroy_label, + .mpo_sysvmsg_init_label = biba_init_label, + + .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, + .mpo_sysvmsq_create = biba_sysvmsq_create, + .mpo_sysvmsq_destroy_label = biba_destroy_label, + .mpo_sysvmsq_init_label = biba_init_label, + + .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, + .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, + .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, + .mpo_sysvsem_create = biba_sysvsem_create, + .mpo_sysvsem_destroy_label = biba_destroy_label, + .mpo_sysvsem_init_label = biba_init_label, + + .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, + .mpo_sysvshm_create = biba_sysvshm_create, + .mpo_sysvshm_destroy_label = biba_destroy_label, + .mpo_sysvshm_init_label = biba_init_label, + + .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, .mpo_vnode_check_access = biba_vnode_check_open, .mpo_vnode_check_chdir = biba_vnode_check_chdir, .mpo_vnode_check_chroot = biba_vnode_check_chroot, @@ -3441,14 +3449,14 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_check_stat = biba_vnode_check_stat, .mpo_vnode_check_unlink = biba_vnode_check_unlink, .mpo_vnode_check_write = biba_vnode_check_write, - .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, - .mpo_netinet_arp_send = biba_netinet_arp_send, - .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, - .mpo_netinet_firewall_send = biba_netinet_firewall_send, - .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, - .mpo_netinet_igmp_send = biba_netinet_igmp_send, - .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, - .mpo_priv_check = biba_priv_check, + .mpo_vnode_create_extattr = biba_vnode_create_extattr, + .mpo_vnode_copy_label = biba_copy_label, + .mpo_vnode_destroy_label = biba_destroy_label, + .mpo_vnode_externalize_label = biba_externalize_label, + .mpo_vnode_init_label = biba_init_label, + .mpo_vnode_internalize_label = biba_internalize_label, + .mpo_vnode_relabel = biba_vnode_relabel, + .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, }; MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index a4c4a38f0e4c..3c97e78033f4 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -442,6 +442,10 @@ ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode) return (ugidfw_check(cred, vp, &vap, acc_mode)); } +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type and then by operation. + */ static int ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index 6d51ea8dca4f..e49e3ad13bdf 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -117,6 +117,10 @@ ifnet_check_incoming(struct ifnet *ifp, int viabpf) return (EPERM); } +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type and then by operation. + */ static int ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel) diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 6ee206a7ac43..24dbefcc0365 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -630,15 +630,6 @@ lomac_init_label_waitcheck(struct label *label, int flag) return (0); } -static void -lomac_proc_init_label(struct label *label) -{ - - PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC, - M_ZERO | M_WAITOK)); - mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF); -} - static void lomac_destroy_label(struct label *label) { @@ -647,15 +638,6 @@ lomac_destroy_label(struct label *label) SLOT_SET(label, NULL); } -static void -lomac_proc_destroy_label(struct label *label) -{ - - mtx_destroy(&PSLOT(label)->mtx); - FREE(PSLOT(label), M_LOMAC); - PSLOT_SET(label, NULL); -} - static int lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element) { @@ -889,709 +871,8 @@ lomac_copy_label(struct label *src, struct label *dest) } /* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. - */ -static void -lomac_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) -{ - struct mac_lomac *ml; - int lomac_type; - - ml = SLOT(delabel); - if (strcmp(dev->si_name, "null") == 0 || - strcmp(dev->si_name, "zero") == 0 || - strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || - strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0) - lomac_type = MAC_LOMAC_TYPE_EQUAL; - else if (ptys_equal && - (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || - strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) - lomac_type = MAC_LOMAC_TYPE_EQUAL; - else - lomac_type = MAC_LOMAC_TYPE_HIGH; - lomac_set_single(ml, lomac_type, 0); -} - -static void -lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *delabel) -{ - struct mac_lomac *ml; - - ml = SLOT(delabel); - lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0); -} - -static void -lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(delabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(mplabel); - lomac_copy_single(source, dest); -} - -static void -lomac_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(vplabel); - - try_relabel(source, dest); -} - -static void -lomac_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(vplabel); - dest = SLOT(delabel); - - lomac_copy(source, dest); -} - -static void -lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(delabel); - dest = SLOT(vplabel); - - lomac_copy_single(source, dest); -} - -static int -lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_lomac ml_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - buflen = sizeof(ml_temp); - bzero(&ml_temp, buflen); - - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - lomac_copy_single(source, dest); - return (0); - } else if (error) - return (error); - - if (buflen != sizeof(ml_temp)) { - if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) { - printf("lomac_vnode_associate_extattr: bad size %d\n", - buflen); - return (EPERM); - } - bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle)); - buflen = sizeof(ml_temp); - (void)vn_extattr_set(vp, IO_NODELOCKED, - MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, - buflen, (char *)&ml_temp, curthread); - } - if (lomac_valid(&ml_temp) != 0) { - printf("lomac_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != - MAC_LOMAC_FLAG_SINGLE) { - printf("lomac_vnode_associate_extattr: not single\n"); - return (EPERM); - } - - lomac_copy_single(&ml_temp, dest); - return (0); -} - -static void -lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - lomac_copy_single(source, dest); -} - -static int -lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_lomac *source, *dest, *dir, temp; - size_t buflen; - int error; - - buflen = sizeof(temp); - bzero(&temp, buflen); - - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - dir = SLOT(dvplabel); - if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { - lomac_copy_auxsingle(dir, &temp); - lomac_set_single(&temp, dir->ml_auxsingle.mle_type, - dir->ml_auxsingle.mle_grade); - } else { - lomac_copy_single(source, &temp); - } - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); - if (error == 0) - lomac_copy(&temp, dest); - return (error); -} - -static int -lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) -{ - struct mac_lomac *source, temp; - size_t buflen; - int error; - - buflen = sizeof(temp); - bzero(&temp, buflen); - - source = SLOT(intlabel); - if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) - return (0); - - lomac_copy_single(source, &temp); - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); - return (error); -} - -/* - * Labeling event operations: IPC object. - */ -static void -lomac_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(solabel); - dest = SLOT(mlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(solabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(pplabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(solabel); - - try_relabel(source, dest); -} - -static void -lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(pplabel); - - try_relabel(source, dest); -} - -static void -lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(sopeerlabel); - - lomac_copy_single(source, dest); -} - -/* - * Labeling event operations: network objects. - */ -static void -lomac_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel) -{ - char tifname[IFNAMSIZ], *p, *q; - char tiflist[sizeof(trusted_interfaces)]; - struct mac_lomac *dest; - int len, grade; - - dest = SLOT(ifplabel); - - if (ifp->if_type == IFT_LOOP) { - grade = MAC_LOMAC_TYPE_EQUAL; - goto set; - } - - if (trust_all_interfaces) { - grade = MAC_LOMAC_TYPE_HIGH; - goto set; - } - - grade = MAC_LOMAC_TYPE_LOW; - - if (trusted_interfaces[0] == '\0' || - !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) - goto set; - - bzero(tiflist, sizeof(tiflist)); - for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) - if(*p != ' ' && *p != '\t') - *q = *p; - - for (p = q = tiflist;; p++) { - if (*p == ',' || *p == '\0') { - len = p - q; - if (len < IFNAMSIZ) { - bzero(tifname, sizeof(tifname)); - bcopy(q, tifname, len); - if (strcmp(tifname, ifp->if_xname) == 0) { - grade = MAC_LOMAC_TYPE_HIGH; - break; - } - } - else { - *p = '\0'; - printf("MAC/LOMAC warning: interface name " - "\"%s\" is too long (must be < %d)\n", - q, IFNAMSIZ); - } - if (*p == '\0') - break; - q = p + 1; - } - } -set: - lomac_set_single(dest, grade, 0); - lomac_set_range(dest, grade, 0, grade, 0); -} - -static void -lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(ipqlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(ipqlabel); - dest = SLOT(mlabel); - - /* Just use the head, since we require them all to match. */ - lomac_copy_single(source, dest); -} - -static void -lomac_netinet_fragment(struct mbuf *m, struct label *mlabel, - struct mbuf *frag, struct label *fraglabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(fraglabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(inplabel); - dest = SLOT(mlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(dlabel); - dest = SLOT(mlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(ifplabel); - dest = SLOT(mlabel); - - lomac_copy_single(source, dest); -} - -static int -lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_lomac *a, *b; - - a = SLOT(ipqlabel); - b = SLOT(mlabel); - - return (lomac_equal_single(a, b)); -} - -static void -lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(ifplabel); - - try_relabel(source, dest); -} - -static void -lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - - /* NOOP: we only accept matching labels, so no need to update */ -} - -static void -lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_syncache_create(struct label *label, struct inpcb *inp) -{ - struct mac_lomac *source, *dest; - - source = SLOT(inp->inp_label); - dest = SLOT(label); - lomac_copy(source, dest); -} - -static void -lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(sc_label); - dest = SLOT(mlabel); - lomac_copy(source, dest); -} - -static void -lomac_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *dest; - - dest = SLOT(mlabel); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); -} - -static void -lomac_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *dest; - - dest = SLOT(mlabel); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); -} - -static void -lomac_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *dest; - - dest = SLOT(mlabel); - - /* XXX: where is the label for the firewall really comming from? */ - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); -} - -static void -lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *dest; - - dest = SLOT(mlabel); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); -} - -static void -lomac_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *dest; - - dest = SLOT(mlabel); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); -} - -/* - * Labeling event operations: processes. - */ -static void -lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - struct mac_lomac *source, *dest, *obj, *robj; - - source = SLOT(old->cr_label); - dest = SLOT(new->cr_label); - obj = SLOT(vplabel); - robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; - - lomac_copy(source, dest); - /* - * If there's an auxiliary label on the real object, respect it and - * assume that this level should be assumed immediately if a higher - * level is currently in place. - */ - if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && - !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single) - && lomac_auxsingle_in_range(robj, dest)) - lomac_set_single(dest, robj->ml_auxsingle.mle_type, - robj->ml_auxsingle.mle_grade); - /* - * Restructuring to use the execve transitioning mechanism instead of - * the normal demotion mechanism here would be difficult, so just - * copy the label over and perform standard demotion. This is also - * non-optimal because it will result in the intermediate label "new" - * being created and immediately recycled. - */ - if (lomac_enabled && revocation_enabled && - !lomac_dominate_single(obj, source)) - (void)maybe_demote(source, obj, "executing", "file", vp); -} - -static int -lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - struct mac_lomac *subj, *obj, *robj; - - if (!lomac_enabled || !revocation_enabled) - return (0); - - subj = SLOT(old->cr_label); - obj = SLOT(vplabel); - robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; - - return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && - !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) - && lomac_auxsingle_in_range(robj, subj)) || - !lomac_dominate_single(obj, subj)); -} - -static void -lomac_proc_create_swapper(struct ucred *cred) -{ - struct mac_lomac *dest; - - dest = SLOT(cred->cr_label); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); - lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); -} - -static void -lomac_proc_create_init(struct ucred *cred) -{ - struct mac_lomac *dest; - - dest = SLOT(cred->cr_label); - - lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0); - lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); -} - -static void -lomac_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); - - try_relabel(source, dest); -} - -/* - * Access control checks. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ static int lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, @@ -1610,6 +891,30 @@ lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, return (EACCES); } +static void +lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(dlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(dlabel); + dest = SLOT(mlabel); + + lomac_copy_single(source, dest); +} + static int lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel) { @@ -1690,6 +995,87 @@ lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) return (0); } +static void +lomac_cred_relabel(struct ucred *cred, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(cred->cr_label); + + try_relabel(source, dest); +} + +static void +lomac_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +{ + struct mac_lomac *ml; + int lomac_type; + + ml = SLOT(delabel); + if (strcmp(dev->si_name, "null") == 0 || + strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "random") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || + strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0) + lomac_type = MAC_LOMAC_TYPE_EQUAL; + else if (ptys_equal && + (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || + strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) + lomac_type = MAC_LOMAC_TYPE_EQUAL; + else + lomac_type = MAC_LOMAC_TYPE_HIGH; + lomac_set_single(ml, lomac_type, 0); +} + +static void +lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *delabel) +{ + struct mac_lomac *ml; + + ml = SLOT(delabel); + lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0); +} + +static void +lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(delabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(vplabel); + dest = SLOT(delabel); + + lomac_copy(source, dest); +} + +static void +lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(delabel); + dest = SLOT(vplabel); + + lomac_copy_single(source, dest); +} static int lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, @@ -1763,6 +1149,88 @@ lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, return (lomac_single_in_range(p, i) ? 0 : EACCES); } +static void +lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +{ + char tifname[IFNAMSIZ], *p, *q; + char tiflist[sizeof(trusted_interfaces)]; + struct mac_lomac *dest; + int len, grade; + + dest = SLOT(ifplabel); + + if (ifp->if_type == IFT_LOOP) { + grade = MAC_LOMAC_TYPE_EQUAL; + goto set; + } + + if (trust_all_interfaces) { + grade = MAC_LOMAC_TYPE_HIGH; + goto set; + } + + grade = MAC_LOMAC_TYPE_LOW; + + if (trusted_interfaces[0] == '\0' || + !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) + goto set; + + bzero(tiflist, sizeof(tiflist)); + for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) + if(*p != ' ' && *p != '\t') + *q = *p; + + for (p = q = tiflist;; p++) { + if (*p == ',' || *p == '\0') { + len = p - q; + if (len < IFNAMSIZ) { + bzero(tifname, sizeof(tifname)); + bcopy(q, tifname, len); + if (strcmp(tifname, ifp->if_xname) == 0) { + grade = MAC_LOMAC_TYPE_HIGH; + break; + } + } + else { + *p = '\0'; + printf("MAC/LOMAC warning: interface name " + "\"%s\" is too long (must be < %d)\n", + q, IFNAMSIZ); + } + if (*p == '\0') + break; + q = p + 1; + } + } +set: + lomac_set_single(dest, grade, 0); + lomac_set_range(dest, grade, 0, grade, 0); +} + +static void +lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(ifplabel); + dest = SLOT(mlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(ifplabel); + + try_relabel(source, dest); +} + static int lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) @@ -1778,6 +1246,87 @@ lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, return (lomac_equal_single(p, i) ? 0 : EACCES); } +static void +lomac_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(solabel); + dest = SLOT(inplabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(inplabel); + dest = SLOT(mlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(solabel); + dest = SLOT(inplabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(ipqlabel); + + lomac_copy_single(source, dest); +} + +static int +lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) +{ + struct mac_lomac *a, *b; + + a = SLOT(ipqlabel); + b = SLOT(mlabel); + + return (lomac_equal_single(a, b)); +} + +static void +lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(ipqlabel); + dest = SLOT(mlabel); + + /* Just use the head, since we require them all to match. */ + lomac_copy_single(source, dest); +} + +static void +lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) +{ + + /* NOOP: we only accept matching labels, so no need to update */ +} + static int lomac_kld_check_load(struct ucred *cred, struct vnode *vp, struct label *vplabel) @@ -1799,6 +1348,108 @@ lomac_kld_check_load(struct ucred *cred, struct vnode *vp, return (0); } +static void +lomac_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); + lomac_copy_single(source, dest); +} + +static void +lomac_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *dest; + + dest = SLOT(mlabel); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); +} + +static void +lomac_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *dest; + + dest = SLOT(mlabel); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); +} + +static void +lomac_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *dest; + + dest = SLOT(mlabel); + + /* XXX: where is the label for the firewall really comming from? */ + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); +} + +static void +lomac_netinet_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(fraglabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *dest; + + dest = SLOT(mlabel); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); +} + +static void +lomac_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *dest; + + dest = SLOT(mlabel); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); +} + static int lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) @@ -1899,148 +1550,28 @@ lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } -static int -lomac_proc_check_debug(struct ucred *cred, struct proc *p) +static void +lomac_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_lomac *subj, *obj; + struct mac_lomac *source, *dest; - if (!lomac_enabled) - return (0); + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); + lomac_copy_single(source, dest); } -static int -lomac_proc_check_sched(struct ucred *cred, struct proc *p) +static void +lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { - struct mac_lomac *subj, *obj; + struct mac_lomac *source, *dest; - if (!lomac_enabled) - return (0); + source = SLOT(newlabel); + dest = SLOT(pplabel); - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); -} - -static int -lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); -} - -static int -lomac_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *p, *s; - - if (!lomac_enabled) - return (0); - - p = SLOT(mlabel); - s = SLOT(solabel); - - return (lomac_equal_single(p, s) ? 0 : EACCES); -} - -static int -lomac_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_lomac *subj, *obj, *new; - int error; - - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - /* - * If there is a LOMAC label update for the socket, it may be an - * update of single. - */ - error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE); - if (error) - return (error); - - /* - * To relabel a socket, the old socket single must be in the subject - * range. - */ - if (!lomac_single_in_range(obj, subj)) - return (EPERM); - - /* - * If the LOMAC label is to be changed, authorize as appropriate. - */ - if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) { - /* - * To relabel a socket, the new socket single must be in the - * subject range. - */ - if (!lomac_single_in_range(new, subj)) - return (EPERM); - - /* - * To change the LOMAC label on the socket to contain EQUAL, - * the subject must have appropriate privilege. - */ - if (lomac_contains_equal(new)) { - error = lomac_subject_privileged(subj); - if (error) - return (error); - } - } - - return (0); -} - -static int -lomac_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - if (!lomac_dominate_single(obj, subj)) - return (ENOENT); - - return (0); + try_relabel(source, dest); } /* @@ -2232,6 +1763,283 @@ lomac_priv_check(struct ucred *cred, int priv) return (0); } +static int +lomac_proc_check_debug(struct ucred *cred, struct proc *p) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static int +lomac_proc_check_sched(struct ucred *cred, struct proc *p) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static int +lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static void +lomac_proc_create_init(struct ucred *cred) +{ + struct mac_lomac *dest; + + dest = SLOT(cred->cr_label); + + lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0); + lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); +} + +static void +lomac_proc_create_swapper(struct ucred *cred) +{ + struct mac_lomac *dest; + + dest = SLOT(cred->cr_label); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); + lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); +} + +static void +lomac_proc_destroy_label(struct label *label) +{ + + mtx_destroy(&PSLOT(label)->mtx); + FREE(PSLOT(label), M_LOMAC); + PSLOT_SET(label, NULL); +} + +static void +lomac_proc_init_label(struct label *label) +{ + + PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC, + M_ZERO | M_WAITOK)); + mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF); +} + +static int +lomac_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *p, *s; + + if (!lomac_enabled) + return (0); + + p = SLOT(mlabel); + s = SLOT(solabel); + + return (lomac_equal_single(p, s) ? 0 : EACCES); +} + +static int +lomac_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_lomac *subj, *obj, *new; + int error; + + new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + /* + * If there is a LOMAC label update for the socket, it may be an + * update of single. + */ + error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE); + if (error) + return (error); + + /* + * To relabel a socket, the old socket single must be in the subject + * range. + */ + if (!lomac_single_in_range(obj, subj)) + return (EPERM); + + /* + * If the LOMAC label is to be changed, authorize as appropriate. + */ + if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) { + /* + * To relabel a socket, the new socket single must be in the + * subject range. + */ + if (!lomac_single_in_range(new, subj)) + return (EPERM); + + /* + * To change the LOMAC label on the socket to contain EQUAL, + * the subject must have appropriate privilege. + */ + if (lomac_contains_equal(new)) { + error = lomac_subject_privileged(subj); + if (error) + return (error); + } + } + + return (0); +} + +static int +lomac_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + if (!lomac_dominate_single(obj, subj)) + return (ENOENT); + + return (0); +} + +static void +lomac_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(solabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(solabel); + dest = SLOT(mlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(solabel); + + try_relabel(source, dest); +} + +static void +lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_lomac *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + lomac_copy(source, dest); +} + +static void +lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + lomac_copy(source, dest); +} static int lomac_system_check_acct(struct ucred *cred, struct vnode *vp, @@ -2341,6 +2149,112 @@ lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, return (0); } +static void +lomac_thread_userret(struct thread *td) +{ + struct proc *p = td->td_proc; + struct mac_lomac_proc *subj = PSLOT(p->p_label); + struct ucred *newcred, *oldcred; + int dodrop; + + mtx_lock(&subj->mtx); + if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { + dodrop = 0; + mtx_unlock(&subj->mtx); + newcred = crget(); + /* + * Prevent a lock order reversal in + * mac_cred_mmapped_drop_perms; ideally, the other user of + * subj->mtx wouldn't be holding Giant. + */ + mtx_lock(&Giant); + PROC_LOCK(p); + mtx_lock(&subj->mtx); + /* + * Check if we lost the race while allocating the cred. + */ + if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { + crfree(newcred); + goto out; + } + oldcred = p->p_ucred; + crcopy(newcred, oldcred); + crhold(newcred); + lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); + p->p_ucred = newcred; + crfree(oldcred); + dodrop = 1; + out: + mtx_unlock(&subj->mtx); + PROC_UNLOCK(p); + if (dodrop) + mac_cred_mmapped_drop_perms(curthread, newcred); + mtx_unlock(&Giant); + } else { + mtx_unlock(&subj->mtx); + } +} + +static int +lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_lomac ml_temp, *source, *dest; + int buflen, error; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + buflen = sizeof(ml_temp); + bzero(&ml_temp, buflen); + + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + lomac_copy_single(source, dest); + return (0); + } else if (error) + return (error); + + if (buflen != sizeof(ml_temp)) { + if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) { + printf("lomac_vnode_associate_extattr: bad size %d\n", + buflen); + return (EPERM); + } + bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle)); + buflen = sizeof(ml_temp); + (void)vn_extattr_set(vp, IO_NODELOCKED, + MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, + buflen, (char *)&ml_temp, curthread); + } + if (lomac_valid(&ml_temp) != 0) { + printf("lomac_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != + MAC_LOMAC_FLAG_SINGLE) { + printf("lomac_vnode_associate_extattr: not single\n"); + return (EPERM); + } + + lomac_copy_single(&ml_temp, dest); + return (0); +} + +static void +lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + lomac_copy_single(source, dest); +} + static int lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct componentname *cnp, struct vattr *vap) @@ -2788,162 +2702,254 @@ lomac_vnode_check_write(struct ucred *active_cred, return (0); } -static void -lomac_thread_userret(struct thread *td) +static int +lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { - struct proc *p = td->td_proc; - struct mac_lomac_proc *subj = PSLOT(p->p_label); - struct ucred *newcred, *oldcred; - int dodrop; + struct mac_lomac *source, *dest, *dir, temp; + size_t buflen; + int error; - mtx_lock(&subj->mtx); - if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { - dodrop = 0; - mtx_unlock(&subj->mtx); - newcred = crget(); - /* - * Prevent a lock order reversal in - * mac_cred_mmapped_drop_perms; ideally, the other user of - * subj->mtx wouldn't be holding Giant. - */ - mtx_lock(&Giant); - PROC_LOCK(p); - mtx_lock(&subj->mtx); - /* - * Check if we lost the race while allocating the cred. - */ - if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { - crfree(newcred); - goto out; - } - oldcred = p->p_ucred; - crcopy(newcred, oldcred); - crhold(newcred); - lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); - p->p_ucred = newcred; - crfree(oldcred); - dodrop = 1; - out: - mtx_unlock(&subj->mtx); - PROC_UNLOCK(p); - if (dodrop) - mac_cred_mmapped_drop_perms(curthread, newcred); - mtx_unlock(&Giant); + buflen = sizeof(temp); + bzero(&temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + dir = SLOT(dvplabel); + if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { + lomac_copy_auxsingle(dir, &temp); + lomac_set_single(&temp, dir->ml_auxsingle.mle_type, + dir->ml_auxsingle.mle_grade); } else { - mtx_unlock(&subj->mtx); + lomac_copy_single(source, &temp); } + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); + if (error == 0) + lomac_copy(&temp, dest); + return (error); +} + +static void +lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + struct mac_lomac *source, *dest, *obj, *robj; + + source = SLOT(old->cr_label); + dest = SLOT(new->cr_label); + obj = SLOT(vplabel); + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; + + lomac_copy(source, dest); + /* + * If there's an auxiliary label on the real object, respect it and + * assume that this level should be assumed immediately if a higher + * level is currently in place. + */ + if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && + !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single) + && lomac_auxsingle_in_range(robj, dest)) + lomac_set_single(dest, robj->ml_auxsingle.mle_type, + robj->ml_auxsingle.mle_grade); + /* + * Restructuring to use the execve transitioning mechanism instead of + * the normal demotion mechanism here would be difficult, so just + * copy the label over and perform standard demotion. This is also + * non-optimal because it will result in the intermediate label "new" + * being created and immediately recycled. + */ + if (lomac_enabled && revocation_enabled && + !lomac_dominate_single(obj, source)) + (void)maybe_demote(source, obj, "executing", "file", vp); +} + +static int +lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + struct mac_lomac *subj, *obj, *robj; + + if (!lomac_enabled || !revocation_enabled) + return (0); + + subj = SLOT(old->cr_label); + obj = SLOT(vplabel); + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; + + return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && + !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) + && lomac_auxsingle_in_range(robj, subj)) || + !lomac_dominate_single(obj, subj)); +} + +static void +lomac_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(vplabel); + + try_relabel(source, dest); +} + +static int +lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_lomac *source, temp; + size_t buflen; + int error; + + buflen = sizeof(temp); + bzero(&temp, buflen); + + source = SLOT(intlabel); + if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + return (0); + + lomac_copy_single(source, &temp); + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); + return (error); } static struct mac_policy_ops lomac_ops = { .mpo_init = lomac_init, - .mpo_bpfdesc_init_label = lomac_init_label, - .mpo_cred_init_label = lomac_init_label, - .mpo_devfs_init_label = lomac_init_label, - .mpo_ifnet_init_label = lomac_init_label, - .mpo_syncache_init_label = lomac_init_label_waitcheck, - .mpo_inpcb_init_label = lomac_init_label_waitcheck, - .mpo_ipq_init_label = lomac_init_label_waitcheck, - .mpo_mbuf_init_label = lomac_init_label_waitcheck, - .mpo_mount_init_label = lomac_init_label, - .mpo_pipe_init_label = lomac_init_label, - .mpo_proc_init_label = lomac_proc_init_label, - .mpo_socket_init_label = lomac_init_label_waitcheck, - .mpo_socketpeer_init_label = lomac_init_label_waitcheck, - .mpo_vnode_init_label = lomac_init_label, - .mpo_syncache_create = lomac_syncache_create, + + .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive, + .mpo_bpfdesc_create = lomac_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = lomac_destroy_label, - .mpo_cred_destroy_label = lomac_destroy_label, - .mpo_devfs_destroy_label = lomac_destroy_label, - .mpo_ifnet_destroy_label = lomac_destroy_label, - .mpo_inpcb_destroy_label = lomac_destroy_label, - .mpo_ipq_destroy_label = lomac_destroy_label, - .mpo_mbuf_destroy_label = lomac_destroy_label, - .mpo_mount_destroy_label = lomac_destroy_label, - .mpo_pipe_destroy_label = lomac_destroy_label, - .mpo_proc_destroy_label = lomac_proc_destroy_label, - .mpo_syncache_destroy_label = lomac_destroy_label, - .mpo_socket_destroy_label = lomac_destroy_label, - .mpo_socketpeer_destroy_label = lomac_destroy_label, - .mpo_vnode_destroy_label = lomac_destroy_label, + .mpo_bpfdesc_init_label = lomac_init_label, + + .mpo_cred_check_relabel = lomac_cred_check_relabel, + .mpo_cred_check_visible = lomac_cred_check_visible, .mpo_cred_copy_label = lomac_copy_label, - .mpo_ifnet_copy_label = lomac_copy_label, - .mpo_mbuf_copy_label = lomac_copy_label, - .mpo_pipe_copy_label = lomac_copy_label, - .mpo_socket_copy_label = lomac_copy_label, - .mpo_vnode_copy_label = lomac_copy_label, + .mpo_cred_destroy_label = lomac_destroy_label, .mpo_cred_externalize_label = lomac_externalize_label, - .mpo_ifnet_externalize_label = lomac_externalize_label, - .mpo_pipe_externalize_label = lomac_externalize_label, - .mpo_socket_externalize_label = lomac_externalize_label, - .mpo_socketpeer_externalize_label = lomac_externalize_label, - .mpo_vnode_externalize_label = lomac_externalize_label, + .mpo_cred_init_label = lomac_init_label, .mpo_cred_internalize_label = lomac_internalize_label, - .mpo_ifnet_internalize_label = lomac_internalize_label, - .mpo_pipe_internalize_label = lomac_internalize_label, - .mpo_socket_internalize_label = lomac_internalize_label, - .mpo_vnode_internalize_label = lomac_internalize_label, + .mpo_cred_relabel = lomac_cred_relabel, + .mpo_devfs_create_device = lomac_devfs_create_device, .mpo_devfs_create_directory = lomac_devfs_create_directory, .mpo_devfs_create_symlink = lomac_devfs_create_symlink, - .mpo_mount_create = lomac_mount_create, - .mpo_vnode_relabel = lomac_vnode_relabel, + .mpo_devfs_destroy_label = lomac_destroy_label, + .mpo_devfs_init_label = lomac_init_label, .mpo_devfs_update = lomac_devfs_update, .mpo_devfs_vnode_associate = lomac_devfs_vnode_associate, - .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = lomac_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = lomac_socket_create_mbuf, - .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf, - .mpo_pipe_create = lomac_pipe_create, - .mpo_socket_create = lomac_socket_create, - .mpo_socket_newconn = lomac_socket_newconn, - .mpo_pipe_relabel = lomac_pipe_relabel, - .mpo_socket_relabel = lomac_socket_relabel, - .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket, - .mpo_bpfdesc_create = lomac_bpfdesc_create, - .mpo_ipq_reassemble = lomac_ipq_reassemble, - .mpo_netinet_fragment = lomac_netinet_fragment, - .mpo_ifnet_create = lomac_ifnet_create, - .mpo_inpcb_create = lomac_inpcb_create, - .mpo_ipq_create = lomac_ipq_create, - .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, - .mpo_ipq_match = lomac_ipq_match, - .mpo_ifnet_relabel = lomac_ifnet_relabel, - .mpo_ipq_update = lomac_ipq_update, - .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel, - .mpo_vnode_execve_transition = lomac_vnode_execve_transition, - .mpo_vnode_execve_will_transition = - lomac_vnode_execve_will_transition, - .mpo_proc_create_swapper = lomac_proc_create_swapper, - .mpo_proc_create_init = lomac_proc_create_init, - .mpo_cred_relabel = lomac_cred_relabel, - .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive, - .mpo_cred_check_relabel = lomac_cred_check_relabel, - .mpo_cred_check_visible = lomac_cred_check_visible, + .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel, .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit, + .mpo_ifnet_copy_label = lomac_copy_label, + .mpo_ifnet_create = lomac_ifnet_create, + .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = lomac_destroy_label, + .mpo_ifnet_externalize_label = lomac_externalize_label, + .mpo_ifnet_init_label = lomac_init_label, + .mpo_ifnet_internalize_label = lomac_internalize_label, + .mpo_ifnet_relabel = lomac_ifnet_relabel, + + .mpo_syncache_create = lomac_syncache_create, + .mpo_syncache_destroy_label = lomac_destroy_label, + .mpo_syncache_init_label = lomac_init_label_waitcheck, + .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver, + .mpo_inpcb_create = lomac_inpcb_create, + .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf, + .mpo_inpcb_destroy_label = lomac_destroy_label, + .mpo_inpcb_init_label = lomac_init_label_waitcheck, + .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel, + + .mpo_ipq_create = lomac_ipq_create, + .mpo_ipq_destroy_label = lomac_destroy_label, + .mpo_ipq_init_label = lomac_init_label_waitcheck, + .mpo_ipq_match = lomac_ipq_match, + .mpo_ipq_reassemble = lomac_ipq_reassemble, + .mpo_ipq_update = lomac_ipq_update, + .mpo_kld_check_load = lomac_kld_check_load, + + .mpo_mbuf_copy_label = lomac_copy_label, + .mpo_mbuf_destroy_label = lomac_destroy_label, + .mpo_mbuf_init_label = lomac_init_label_waitcheck, + + .mpo_mount_create = lomac_mount_create, + .mpo_mount_destroy_label = lomac_destroy_label, + .mpo_mount_init_label = lomac_init_label, + + .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, + + .mpo_netinet_arp_send = lomac_netinet_arp_send, + .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, + .mpo_netinet_firewall_send = lomac_netinet_firewall_send, + .mpo_netinet_fragment = lomac_netinet_fragment, + .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, + .mpo_netinet_igmp_send = lomac_netinet_igmp_send, + + .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, + .mpo_pipe_check_ioctl = lomac_pipe_check_ioctl, .mpo_pipe_check_read = lomac_pipe_check_read, .mpo_pipe_check_relabel = lomac_pipe_check_relabel, .mpo_pipe_check_write = lomac_pipe_check_write, + .mpo_pipe_copy_label = lomac_copy_label, + .mpo_pipe_create = lomac_pipe_create, + .mpo_pipe_destroy_label = lomac_destroy_label, + .mpo_pipe_externalize_label = lomac_externalize_label, + .mpo_pipe_init_label = lomac_init_label, + .mpo_pipe_internalize_label = lomac_internalize_label, + .mpo_pipe_relabel = lomac_pipe_relabel, + + .mpo_priv_check = lomac_priv_check, + .mpo_proc_check_debug = lomac_proc_check_debug, .mpo_proc_check_sched = lomac_proc_check_sched, .mpo_proc_check_signal = lomac_proc_check_signal, + .mpo_proc_create_swapper = lomac_proc_create_swapper, + .mpo_proc_create_init = lomac_proc_create_init, + .mpo_proc_destroy_label = lomac_proc_destroy_label, + .mpo_proc_init_label = lomac_proc_init_label, + .mpo_socket_check_deliver = lomac_socket_check_deliver, .mpo_socket_check_relabel = lomac_socket_check_relabel, .mpo_socket_check_visible = lomac_socket_check_visible, + .mpo_socket_copy_label = lomac_copy_label, + .mpo_socket_create = lomac_socket_create, + .mpo_socket_create_mbuf = lomac_socket_create_mbuf, + .mpo_socket_destroy_label = lomac_destroy_label, + .mpo_socket_externalize_label = lomac_externalize_label, + .mpo_socket_init_label = lomac_init_label_waitcheck, + .mpo_socket_internalize_label = lomac_internalize_label, + .mpo_socket_newconn = lomac_socket_newconn, + .mpo_socket_relabel = lomac_socket_relabel, + + .mpo_socketpeer_destroy_label = lomac_destroy_label, + .mpo_socketpeer_externalize_label = lomac_externalize_label, + .mpo_socketpeer_init_label = lomac_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket, + + .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf, + .mpo_system_check_acct = lomac_system_check_acct, .mpo_system_check_auditctl = lomac_system_check_auditctl, .mpo_system_check_swapoff = lomac_system_check_swapoff, .mpo_system_check_swapon = lomac_system_check_swapon, .mpo_system_check_sysctl = lomac_system_check_sysctl, + + .mpo_thread_userret = lomac_thread_userret, + + .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel, .mpo_vnode_check_access = lomac_vnode_check_open, .mpo_vnode_check_create = lomac_vnode_check_create, .mpo_vnode_check_deleteacl = lomac_vnode_check_deleteacl, @@ -2964,15 +2970,16 @@ static struct mac_policy_ops lomac_ops = .mpo_vnode_check_setutimes = lomac_vnode_check_setutimes, .mpo_vnode_check_unlink = lomac_vnode_check_unlink, .mpo_vnode_check_write = lomac_vnode_check_write, - .mpo_thread_userret = lomac_thread_userret, - .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, - .mpo_netinet_arp_send = lomac_netinet_arp_send, - .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, - .mpo_netinet_firewall_send = lomac_netinet_firewall_send, - .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, - .mpo_netinet_igmp_send = lomac_netinet_igmp_send, - .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, - .mpo_priv_check = lomac_priv_check, + .mpo_vnode_copy_label = lomac_copy_label, + .mpo_vnode_create_extattr = lomac_vnode_create_extattr, + .mpo_vnode_destroy_label = lomac_destroy_label, + .mpo_vnode_execve_transition = lomac_vnode_execve_transition, + .mpo_vnode_execve_will_transition = lomac_vnode_execve_will_transition, + .mpo_vnode_externalize_label = lomac_externalize_label, + .mpo_vnode_init_label = lomac_init_label, + .mpo_vnode_internalize_label = lomac_internalize_label, + .mpo_vnode_relabel = lomac_vnode_relabel, + .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, }; MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC", diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 8ead38155cbd..eb3ab0e20a48 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -736,711 +736,10 @@ mls_copy_label(struct label *src, struct label *dest) *SLOT(dest) = *SLOT(src); } -/* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. - */ -static void -mls_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) -{ - struct mac_mls *mm; - int mls_type; - - mm = SLOT(delabel); - if (strcmp(dev->si_name, "null") == 0 || - strcmp(dev->si_name, "zero") == 0 || - strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) - mls_type = MAC_MLS_TYPE_EQUAL; - else if (strcmp(dev->si_name, "kmem") == 0 || - strcmp(dev->si_name, "mem") == 0) - mls_type = MAC_MLS_TYPE_HIGH; - else if (ptys_equal && - (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || - strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) - mls_type = MAC_MLS_TYPE_EQUAL; - else - mls_type = MAC_MLS_TYPE_LOW; - mls_set_effective(mm, mls_type, 0, NULL); -} - -static void -mls_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *delabel) -{ - struct mac_mls *mm; - - mm = SLOT(delabel); - mls_set_effective(mm, MAC_MLS_TYPE_LOW, 0, NULL); -} - -static void -mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(delabel); - - mls_copy_effective(source, dest); -} - -static void -mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(mplabel); - - mls_copy_effective(source, dest); -} - -static void -mls_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - struct mac_mls *source, *dest; - - source = SLOT(label); - dest = SLOT(vplabel); - - mls_copy(source, dest); -} - -static void -mls_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(vplabel); - dest = SLOT(delabel); - - mls_copy_effective(source, dest); -} - -static void -mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(delabel); - dest = SLOT(vplabel); - - mls_copy_effective(source, dest); -} - -static int -mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_mls mm_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); - - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - mls_copy_effective(source, dest); - return (0); - } else if (error) - return (error); - - if (buflen != sizeof(mm_temp)) { - printf("mls_vnode_associate_extattr: bad size %d\n", buflen); - return (EPERM); - } - if (mls_valid(&mm_temp) != 0) { - printf("mls_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) != - MAC_MLS_FLAG_EFFECTIVE) { - printf("mls_associated_vnode_extattr: not effective\n"); - return (EPERM); - } - - mls_copy_effective(&mm_temp, dest); - return (0); -} - -static void -mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - mls_copy_effective(source, dest); -} - -static int -mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_mls *source, *dest, mm_temp; - size_t buflen; - int error; - - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); - - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - mls_copy_effective(source, &mm_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); - if (error == 0) - mls_copy_effective(source, dest); - return (error); -} - -static int -mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) -{ - struct mac_mls *source, mm_temp; - size_t buflen; - int error; - - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); - - source = SLOT(intlabel); - if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) - return (0); - - mls_copy_effective(source, &mm_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); - return (error); -} /* - * Labeling event operations: IPC object. - */ -static void -mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, - struct label *inplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - mls_copy_effective(source, dest); -} - -static void -mls_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(solabel); - dest = SLOT(mlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(solabel); - - mls_copy_effective(source, dest); -} - -static void -mls_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(pplabel); - - mls_copy_effective(source, dest); -} - -static void -mls_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(kslabel); - - mls_copy_effective(source, dest); -} - -static void -mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); - - mls_copy_effective(source, dest); -} - -static void -mls_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(solabel); - - mls_copy(source, dest); -} - -static void -mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(pplabel); - - mls_copy(source, dest); -} - -static void -mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(sopeerlabel); - - mls_copy_effective(source, dest); -} - -/* - * Labeling event operations: System V IPC objects. - */ -static void -mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) -{ - struct mac_mls *source, *dest; - - /* Ignore the msgq label. */ - source = SLOT(cred->cr_label); - dest = SLOT(msglabel); - - mls_copy_effective(source, dest); -} - -static void -mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(msqlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(semalabel); - - mls_copy_effective(source, dest); -} - -static void -mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(shmlabel); - - mls_copy_effective(source, dest); -} - -/* - * Labeling event operations: network objects. - */ -static void -mls_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) -{ - struct mac_mls *dest; - int type; - - dest = SLOT(ifplabel); - - if (ifp->if_type == IFT_LOOP) - type = MAC_MLS_TYPE_EQUAL; - else - type = MAC_MLS_TYPE_LOW; - - mls_set_effective(dest, type, 0, NULL); - mls_set_range(dest, type, 0, NULL, type, 0, NULL); -} - -static void -mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(ipqlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, - struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(ipqlabel); - dest = SLOT(mlabel); - - /* Just use the head, since we require them all to match. */ - mls_copy_effective(source, dest); -} - -static void -mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, - struct label *fraglabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(fraglabel); - - mls_copy_effective(source, dest); -} - -static void -mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(inplabel); - dest = SLOT(mlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(dlabel); - dest = SLOT(mlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(ifplabel); - dest = SLOT(mlabel); - - mls_copy_effective(source, dest); -} - -static int -mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - struct mac_mls *a, *b; - - a = SLOT(ipqlabel); - b = SLOT(mlabel); - - return (mls_equal_effective(a, b)); -} - -static void -mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(ifplabel); - - mls_copy(source, dest); -} - -static void -mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - - /* NOOP: we only accept matching labels, so no need to update */ -} - -static void -mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - mls_copy(source, dest); -} - -static void -mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void -mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void -mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - /* XXX: where is the label for the firewall really comming from? */ - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void -mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); - - mls_copy_effective(source, dest); -} - -static void -mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void -mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void -mls_syncache_create(struct label *label, struct inpcb *inp) -{ - struct mac_mls *source, *dest; - - source = SLOT(inp->inp_label); - dest = SLOT(label); - - mls_copy_effective(source, dest); -} - -static void -mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(sc_label); - dest = SLOT(mlabel); - - mls_copy_effective(source, dest); -} - -/* - * Labeling event operations: processes. - */ -static void -mls_proc_create_swapper(struct ucred *cred) -{ - struct mac_mls *dest; - - dest = SLOT(cred->cr_label); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - -static void -mls_proc_create_init(struct ucred *cred) -{ - struct mac_mls *dest; - - dest = SLOT(cred->cr_label); - - mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - -static void -mls_proc_associate_nfsd(struct ucred *cred) -{ - struct mac_mls *label; - - label = SLOT(cred->cr_label); - mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); - mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); -} - -static void -mls_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); - - mls_copy(source, dest); -} - -/* - * Label cleanup/flush operations. - */ -static void -mls_sysvmsg_cleanup(struct label *msglabel) -{ - - bzero(SLOT(msglabel), sizeof(struct mac_mls)); -} - -static void -mls_sysvmsq_cleanup(struct label *msqlabel) -{ - - bzero(SLOT(msqlabel), sizeof(struct mac_mls)); -} - -static void -mls_sysvsem_cleanup(struct label *semalabel) -{ - - bzero(SLOT(semalabel), sizeof(struct mac_mls)); -} - -static void -mls_sysvshm_cleanup(struct label *shmlabel) -{ - - bzero(SLOT(shmlabel), sizeof(struct mac_mls)); -} - -/* - * Access control checks. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ static int mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, @@ -1459,6 +758,29 @@ mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, return (EACCES); } +static void +mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(dlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(dlabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + static int mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) { @@ -1537,6 +859,90 @@ mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) return (0); } +static void +mls_cred_relabel(struct ucred *cred, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(cred->cr_label); + + mls_copy(source, dest); +} + +static void +mls_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +{ + struct mac_mls *mm; + int mls_type; + + mm = SLOT(delabel); + if (strcmp(dev->si_name, "null") == 0 || + strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "random") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) + mls_type = MAC_MLS_TYPE_EQUAL; + else if (strcmp(dev->si_name, "kmem") == 0 || + strcmp(dev->si_name, "mem") == 0) + mls_type = MAC_MLS_TYPE_HIGH; + else if (ptys_equal && + (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || + strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) + mls_type = MAC_MLS_TYPE_EQUAL; + else + mls_type = MAC_MLS_TYPE_LOW; + mls_set_effective(mm, mls_type, 0, NULL); +} + +static void +mls_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *delabel) +{ + struct mac_mls *mm; + + mm = SLOT(delabel); + mls_set_effective(mm, MAC_MLS_TYPE_LOW, 0, NULL); +} + +static void +mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(delabel); + + mls_copy_effective(source, dest); +} + +static void +mls_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(vplabel); + dest = SLOT(delabel); + + mls_copy_effective(source, dest); +} + +static void +mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(delabel); + dest = SLOT(vplabel); + + mls_copy_effective(source, dest); +} + static int mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel) @@ -1578,6 +984,47 @@ mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, return (mls_effective_in_range(p, i) ? 0 : EACCES); } +static void +mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +{ + struct mac_mls *dest; + int type; + + dest = SLOT(ifplabel); + + if (ifp->if_type == IFT_LOOP) + type = MAC_MLS_TYPE_EQUAL; + else + type = MAC_MLS_TYPE_LOW; + + mls_set_effective(dest, type, 0, NULL); + mls_set_range(dest, type, 0, NULL, type, 0, NULL); +} + +static void +mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(ifplabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(ifplabel); + + mls_copy(source, dest); +} + static int mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) @@ -1593,276 +1040,85 @@ mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, return (mls_equal_effective(p, i) ? 0 : EACCES); } -static int -mls_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +static void +mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, + struct label *inplabel) { - struct mac_mls *subj, *obj; + struct mac_mls *source, *dest; - if (!mls_enabled) - return (0); + source = SLOT(solabel); + dest = SLOT(inplabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); + mls_copy_effective(source, dest); +} - if (!mls_dominate_effective(subj, obj)) - return (EACCES); +static void +mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; - return (0); + source = SLOT(inplabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(solabel); + dest = SLOT(inplabel); + + mls_copy(source, dest); +} + +static void +mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(ipqlabel); + + mls_copy_effective(source, dest); } static int -mls_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_mls *subj, *obj; + struct mac_mls *a, *b; - if (!mls_enabled) - return (0); + a = SLOT(ipqlabel); + b = SLOT(mlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); - - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); + return (mls_equal_effective(a, b)); } -static int -mls_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, + struct label *mlabel) { - struct mac_mls *subj, *obj; + struct mac_mls *source, *dest; - if (!mls_enabled) - return (0); + source = SLOT(ipqlabel); + dest = SLOT(mlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); + /* Just use the head, since we require them all to match. */ + mls_copy_effective(source, dest); } -static int -mls_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_mls *subj, *obj; - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - break; - - case IPC_STAT: - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -mls_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - case SETVAL: - case SETALL: - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - break; - - case IPC_STAT: - case GETVAL: - case GETPID: - case GETNCNT: - case GETZCNT: - case GETALL: - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -mls_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); - - if( accesstype & SEM_R ) - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - if( accesstype & SEM_A ) - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - if ((shmflg & SHM_RDONLY) == 0) { - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - } - - return (0); -} - -static int -mls_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - break; - - case IPC_STAT: - case SHM_STAT: - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - break; - - default: - return (EACCES); - } - - return (0); -} - -static int -mls_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); - - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); + /* NOOP: we only accept matching labels, so no need to update */ } static int @@ -1883,6 +1139,108 @@ mls_mount_check_stat(struct ucred *cred, struct mount *mp, return (0); } +static void +mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); + + mls_copy_effective(source, dest); +} + +static void +mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + /* XXX: where is the label for the firewall really comming from? */ + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, + struct label *fraglabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(fraglabel); + + mls_copy_effective(source, dest); +} + +static void +mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + static int mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) @@ -2019,22 +1377,28 @@ mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } -static int -mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +mls_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_mls *subj, *obj; + struct mac_mls *source, *dest; - if (!mls_enabled) - return (0); + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); - subj = SLOT(cred->cr_label); - obj = SLOT(kslabel); + mls_copy_effective(source, dest); +} - if (!mls_dominate_effective(obj, subj)) - return (EACCES); +static void +mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) +{ + struct mac_mls *source, *dest; - return (0); + source = SLOT(newlabel); + dest = SLOT(pplabel); + + mls_copy(source, dest); } static int @@ -2055,6 +1419,47 @@ mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, return (0); } +static int +mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static void +mls_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(kslabel); + + mls_copy_effective(source, dest); +} + +static void +mls_proc_associate_nfsd(struct ucred *cred) +{ + struct mac_mls *label; + + label = SLOT(cred->cr_label); + mls_set_effective(label, MAC_MLS_TYPE_LOW, 0, NULL); + mls_set_range(label, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + static int mls_proc_check_debug(struct ucred *cred, struct proc *p) { @@ -2115,6 +1520,30 @@ mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) return (0); } +static void +mls_proc_create_init(struct ucred *cred) +{ + struct mac_mls *dest; + + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + +static void +mls_proc_create_swapper(struct ucred *cred) +{ + struct mac_mls *dest; + + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); +} + static int mls_socket_check_deliver(struct socket *so, struct label *solabel, struct mbuf *m, struct label *mlabel) @@ -2199,6 +1628,102 @@ mls_socket_check_visible(struct ucred *cred, struct socket *so, return (0); } +static void +mls_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(solabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(solabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(solabel); + + mls_copy(source, dest); +} + +static void +mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_mls *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + + mls_copy_effective(source, dest); +} + +static void +mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + static int mls_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) @@ -2256,6 +1781,407 @@ mls_system_check_swapon(struct ucred *cred, struct vnode *vp, return (0); } +static void +mls_sysvmsg_cleanup(struct label *msglabel) +{ + + bzero(SLOT(msglabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + struct mac_mls *source, *dest; + + /* Ignore the msgq label. */ + source = SLOT(cred->cr_label); + dest = SLOT(msglabel); + + mls_copy_effective(source, dest); +} + +static int +mls_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msglabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msglabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(msqklabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + break; + + case IPC_STAT: + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static void +mls_sysvmsq_cleanup(struct label *msqlabel) +{ + + bzero(SLOT(msqlabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(msqlabel); + + mls_copy_effective(source, dest); +} + +static int +mls_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + case SETVAL: + case SETALL: + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + break; + + case IPC_STAT: + case GETVAL: + case GETPID: + case GETNCNT: + case GETZCNT: + case GETALL: + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static int +mls_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static int +mls_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); + + if( accesstype & SEM_R ) + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + if( accesstype & SEM_A ) + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static void +mls_sysvsem_cleanup(struct label *semalabel) +{ + + bzero(SLOT(semalabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(semalabel); + + mls_copy_effective(source, dest); +} + +static int +mls_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + if ((shmflg & SHM_RDONLY) == 0) { + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + } + + return (0); +} + +static int +mls_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + break; + + case IPC_STAT: + case SHM_STAT: + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + break; + + default: + return (EACCES); + } + + return (0); +} + +static int +mls_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + +static void +mls_sysvshm_cleanup(struct label *shmlabel) +{ + + bzero(SLOT(shmlabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); + + mls_copy_effective(source, dest); +} + +static int +mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_mls mm_temp, *source, *dest; + int buflen, error; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); + + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + mls_copy_effective(source, dest); + return (0); + } else if (error) + return (error); + + if (buflen != sizeof(mm_temp)) { + printf("mls_vnode_associate_extattr: bad size %d\n", buflen); + return (EPERM); + } + if (mls_valid(&mm_temp) != 0) { + printf("mls_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) != + MAC_MLS_FLAG_EFFECTIVE) { + printf("mls_associated_vnode_extattr: not effective\n"); + return (EPERM); + } + + mls_copy_effective(&mm_temp, dest); + return (0); +} + +static void +mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + mls_copy_effective(source, dest); +} + static int mls_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel) @@ -2890,149 +2816,229 @@ mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, return (0); } +static int +mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) +{ + struct mac_mls *source, *dest, mm_temp; + size_t buflen; + int error; + + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + mls_copy_effective(source, &mm_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); + if (error == 0) + mls_copy_effective(source, dest); + return (error); +} + +static void +mls_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + struct mac_mls *source, *dest; + + source = SLOT(label); + dest = SLOT(vplabel); + + mls_copy(source, dest); +} + +static int +mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_mls *source, mm_temp; + size_t buflen; + int error; + + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); + + source = SLOT(intlabel); + if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) + return (0); + + mls_copy_effective(source, &mm_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); + return (error); +} + static struct mac_policy_ops mls_ops = { .mpo_init = mls_init, - .mpo_bpfdesc_init_label = mls_init_label, - .mpo_cred_init_label = mls_init_label, - .mpo_devfs_init_label = mls_init_label, - .mpo_ifnet_init_label = mls_init_label, - .mpo_inpcb_init_label = mls_init_label_waitcheck, - .mpo_syncache_init_label = mls_init_label_waitcheck, - .mpo_sysvmsg_init_label = mls_init_label, - .mpo_sysvmsq_init_label = mls_init_label, - .mpo_sysvsem_init_label = mls_init_label, - .mpo_sysvshm_init_label = mls_init_label, - .mpo_ipq_init_label = mls_init_label_waitcheck, - .mpo_mbuf_init_label = mls_init_label_waitcheck, - .mpo_mount_init_label = mls_init_label, - .mpo_pipe_init_label = mls_init_label, - .mpo_posixsem_init_label = mls_init_label, - .mpo_socket_init_label = mls_init_label_waitcheck, - .mpo_socketpeer_init_label = mls_init_label_waitcheck, - .mpo_vnode_init_label = mls_init_label, + + .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, + .mpo_bpfdesc_create = mls_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = mls_destroy_label, - .mpo_cred_destroy_label = mls_destroy_label, - .mpo_devfs_destroy_label = mls_destroy_label, - .mpo_ifnet_destroy_label = mls_destroy_label, - .mpo_inpcb_destroy_label = mls_destroy_label, - .mpo_syncache_destroy_label = mls_destroy_label, - .mpo_sysvmsg_destroy_label = mls_destroy_label, - .mpo_sysvmsq_destroy_label = mls_destroy_label, - .mpo_sysvsem_destroy_label = mls_destroy_label, - .mpo_sysvshm_destroy_label = mls_destroy_label, - .mpo_ipq_destroy_label = mls_destroy_label, - .mpo_mbuf_destroy_label = mls_destroy_label, - .mpo_mount_destroy_label = mls_destroy_label, - .mpo_pipe_destroy_label = mls_destroy_label, - .mpo_posixsem_destroy_label = mls_destroy_label, - .mpo_socket_destroy_label = mls_destroy_label, - .mpo_socketpeer_destroy_label = mls_destroy_label, - .mpo_vnode_destroy_label = mls_destroy_label, + .mpo_bpfdesc_init_label = mls_init_label, + + .mpo_cred_check_relabel = mls_cred_check_relabel, + .mpo_cred_check_visible = mls_cred_check_visible, .mpo_cred_copy_label = mls_copy_label, - .mpo_ifnet_copy_label = mls_copy_label, - .mpo_mbuf_copy_label = mls_copy_label, - .mpo_pipe_copy_label = mls_copy_label, - .mpo_socket_copy_label = mls_copy_label, - .mpo_vnode_copy_label = mls_copy_label, + .mpo_cred_destroy_label = mls_destroy_label, .mpo_cred_externalize_label = mls_externalize_label, - .mpo_ifnet_externalize_label = mls_externalize_label, - .mpo_pipe_externalize_label = mls_externalize_label, - .mpo_socket_externalize_label = mls_externalize_label, - .mpo_socketpeer_externalize_label = mls_externalize_label, - .mpo_vnode_externalize_label = mls_externalize_label, + .mpo_cred_init_label = mls_init_label, .mpo_cred_internalize_label = mls_internalize_label, - .mpo_ifnet_internalize_label = mls_internalize_label, - .mpo_pipe_internalize_label = mls_internalize_label, - .mpo_socket_internalize_label = mls_internalize_label, - .mpo_vnode_internalize_label = mls_internalize_label, + .mpo_cred_relabel = mls_cred_relabel, + .mpo_devfs_create_device = mls_devfs_create_device, .mpo_devfs_create_directory = mls_devfs_create_directory, .mpo_devfs_create_symlink = mls_devfs_create_symlink, - .mpo_mount_create = mls_mount_create, - .mpo_vnode_relabel = mls_vnode_relabel, + .mpo_devfs_destroy_label = mls_destroy_label, + .mpo_devfs_init_label = mls_init_label, .mpo_devfs_update = mls_devfs_update, .mpo_devfs_vnode_associate = mls_devfs_vnode_associate, - .mpo_vnode_associate_extattr = mls_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = mls_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = mls_socket_create_mbuf, - .mpo_syncache_create_mbuf = mls_syncache_create_mbuf, - .mpo_pipe_create = mls_pipe_create, - .mpo_posixsem_create = mls_posixsem_create, - .mpo_socket_create = mls_socket_create, - .mpo_socket_newconn = mls_socket_newconn, - .mpo_pipe_relabel = mls_pipe_relabel, - .mpo_socket_relabel = mls_socket_relabel, - .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket, - .mpo_bpfdesc_create = mls_bpfdesc_create, - .mpo_ipq_reassemble = mls_ipq_reassemble, - .mpo_netinet_fragment = mls_netinet_fragment, - .mpo_ifnet_create = mls_ifnet_create, - .mpo_inpcb_create = mls_inpcb_create, - .mpo_syncache_create = mls_syncache_create, - .mpo_ipq_create = mls_ipq_create, - .mpo_sysvmsg_create = mls_sysvmsg_create, - .mpo_sysvmsq_create = mls_sysvmsq_create, - .mpo_sysvsem_create = mls_sysvsem_create, - .mpo_sysvshm_create = mls_sysvshm_create, - .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, - .mpo_ipq_match = mls_ipq_match, - .mpo_ifnet_relabel = mls_ifnet_relabel, - .mpo_ipq_update = mls_ipq_update, - .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, - .mpo_proc_create_swapper = mls_proc_create_swapper, - .mpo_proc_create_init = mls_proc_create_init, - .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, - .mpo_cred_relabel = mls_cred_relabel, - .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, - .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, - .mpo_cred_check_relabel = mls_cred_check_relabel, - .mpo_cred_check_visible = mls_cred_check_visible, + .mpo_ifnet_check_relabel = mls_ifnet_check_relabel, .mpo_ifnet_check_transmit = mls_ifnet_check_transmit, + .mpo_ifnet_copy_label = mls_copy_label, + .mpo_ifnet_create = mls_ifnet_create, + .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = mls_destroy_label, + .mpo_ifnet_externalize_label = mls_externalize_label, + .mpo_ifnet_init_label = mls_init_label, + .mpo_ifnet_internalize_label = mls_internalize_label, + .mpo_ifnet_relabel = mls_ifnet_relabel, + .mpo_inpcb_check_deliver = mls_inpcb_check_deliver, - .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = mls_sysvsem_check_semget, - .mpo_sysvsem_check_semop = mls_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget, + .mpo_inpcb_create = mls_inpcb_create, + .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, + .mpo_inpcb_destroy_label = mls_destroy_label, + .mpo_inpcb_init_label = mls_init_label_waitcheck, + .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, + + .mpo_ipq_create = mls_ipq_create, + .mpo_ipq_destroy_label = mls_destroy_label, + .mpo_ipq_init_label = mls_init_label_waitcheck, + .mpo_ipq_match = mls_ipq_match, + .mpo_ipq_reassemble = mls_ipq_reassemble, + .mpo_ipq_update = mls_ipq_update, + + .mpo_mbuf_copy_label = mls_copy_label, + .mpo_mbuf_destroy_label = mls_destroy_label, + .mpo_mbuf_init_label = mls_init_label_waitcheck, + .mpo_mount_check_stat = mls_mount_check_stat, + .mpo_mount_create = mls_mount_create, + .mpo_mount_destroy_label = mls_destroy_label, + .mpo_mount_init_label = mls_init_label, + + .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, + + .mpo_netinet_arp_send = mls_netinet_arp_send, + .mpo_netinet_firewall_reply = mls_netinet_firewall_reply, + .mpo_netinet_firewall_send = mls_netinet_firewall_send, + .mpo_netinet_fragment = mls_netinet_fragment, + .mpo_netinet_icmp_reply = mls_netinet_icmp_reply, + .mpo_netinet_igmp_send = mls_netinet_igmp_send, + + .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, + .mpo_pipe_check_ioctl = mls_pipe_check_ioctl, .mpo_pipe_check_poll = mls_pipe_check_poll, .mpo_pipe_check_read = mls_pipe_check_read, .mpo_pipe_check_relabel = mls_pipe_check_relabel, .mpo_pipe_check_stat = mls_pipe_check_stat, .mpo_pipe_check_write = mls_pipe_check_write, + .mpo_pipe_copy_label = mls_copy_label, + .mpo_pipe_create = mls_pipe_create, + .mpo_pipe_destroy_label = mls_destroy_label, + .mpo_pipe_externalize_label = mls_externalize_label, + .mpo_pipe_init_label = mls_init_label, + .mpo_pipe_internalize_label = mls_internalize_label, + .mpo_pipe_relabel = mls_pipe_relabel, + .mpo_posixsem_check_destroy = mls_posixsem_check_write, .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, .mpo_posixsem_check_open = mls_posixsem_check_write, .mpo_posixsem_check_post = mls_posixsem_check_write, .mpo_posixsem_check_unlink = mls_posixsem_check_write, .mpo_posixsem_check_wait = mls_posixsem_check_write, + .mpo_posixsem_create = mls_posixsem_create, + .mpo_posixsem_destroy_label = mls_destroy_label, + .mpo_posixsem_init_label = mls_init_label, + + .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, .mpo_proc_check_debug = mls_proc_check_debug, .mpo_proc_check_sched = mls_proc_check_sched, .mpo_proc_check_signal = mls_proc_check_signal, + .mpo_proc_create_init = mls_proc_create_init, + .mpo_proc_create_swapper = mls_proc_create_swapper, + .mpo_socket_check_deliver = mls_socket_check_deliver, .mpo_socket_check_relabel = mls_socket_check_relabel, .mpo_socket_check_visible = mls_socket_check_visible, + .mpo_socket_copy_label = mls_copy_label, + .mpo_socket_create = mls_socket_create, + .mpo_socket_create_mbuf = mls_socket_create_mbuf, + .mpo_socket_destroy_label = mls_destroy_label, + .mpo_socket_externalize_label = mls_externalize_label, + .mpo_socket_init_label = mls_init_label_waitcheck, + .mpo_socket_internalize_label = mls_internalize_label, + .mpo_socket_newconn = mls_socket_newconn, + .mpo_socket_relabel = mls_socket_relabel, + + .mpo_socketpeer_destroy_label = mls_destroy_label, + .mpo_socketpeer_externalize_label = mls_externalize_label, + .mpo_socketpeer_init_label = mls_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket, + + .mpo_syncache_create = mls_syncache_create, + .mpo_syncache_create_mbuf = mls_syncache_create_mbuf, + .mpo_syncache_destroy_label = mls_destroy_label, + .mpo_syncache_init_label = mls_init_label_waitcheck, + + .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, + .mpo_sysvmsg_create = mls_sysvmsg_create, + .mpo_sysvmsg_destroy_label = mls_destroy_label, + .mpo_sysvmsg_init_label = mls_init_label, + + .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, + .mpo_sysvmsq_destroy_label = mls_destroy_label, + .mpo_sysvmsq_init_label = mls_init_label, + .mpo_sysvmsq_create = mls_sysvmsq_create, + + .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = mls_sysvsem_check_semget, + .mpo_sysvsem_check_semop = mls_sysvsem_check_semop, + .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, + .mpo_sysvsem_create = mls_sysvsem_create, + .mpo_sysvsem_destroy_label = mls_destroy_label, + .mpo_sysvsem_init_label = mls_init_label, + + .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, + .mpo_sysvshm_create = mls_sysvshm_create, + .mpo_sysvshm_destroy_label = mls_destroy_label, + .mpo_sysvshm_init_label = mls_init_label, + + .mpo_system_check_acct = mls_system_check_acct, .mpo_system_check_auditctl = mls_system_check_auditctl, .mpo_system_check_swapon = mls_system_check_swapon, + + .mpo_vnode_associate_extattr = mls_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel, .mpo_vnode_check_access = mls_vnode_check_open, .mpo_vnode_check_chdir = mls_vnode_check_chdir, .mpo_vnode_check_chroot = mls_vnode_check_chroot, @@ -3064,13 +3070,14 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_check_stat = mls_vnode_check_stat, .mpo_vnode_check_unlink = mls_vnode_check_unlink, .mpo_vnode_check_write = mls_vnode_check_write, - .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, - .mpo_netinet_arp_send = mls_netinet_arp_send, - .mpo_netinet_firewall_reply = mls_netinet_firewall_reply, - .mpo_netinet_firewall_send = mls_netinet_firewall_send, - .mpo_netinet_icmp_reply = mls_netinet_icmp_reply, - .mpo_netinet_igmp_send = mls_netinet_igmp_send, - .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, + .mpo_vnode_copy_label = mls_copy_label, + .mpo_vnode_create_extattr = mls_vnode_create_extattr, + .mpo_vnode_destroy_label = mls_destroy_label, + .mpo_vnode_externalize_label = mls_externalize_label, + .mpo_vnode_init_label = mls_init_label, + .mpo_vnode_internalize_label = mls_internalize_label, + .mpo_vnode_relabel = mls_vnode_relabel, + .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, }; MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index a3bfbe419ad0..33a036a86575 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -69,78 +69,6 @@ static int partition_slot; #define SLOT(l) mac_label_get((l), partition_slot) #define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) -static void -partition_init_label(struct label *label) -{ - - SLOT_SET(label, 0); -} - -static void -partition_destroy_label(struct label *label) -{ - - SLOT_SET(label, 0); -} - -static void -partition_copy_label(struct label *src, struct label *dest) -{ - - SLOT_SET(dest, SLOT(src)); -} - -static int -partition_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) - return (0); - - (*claimed)++; - - if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) - return (EINVAL); - else - return (0); -} - -static int -partition_internalize_label(struct label *label, char *element_name, - char *element_data, int *claimed) -{ - - if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) - return (0); - - (*claimed)++; - SLOT_SET(label, strtol(element_data, NULL, 10)); - return (0); -} - -static void -partition_proc_create_swapper(struct ucred *cred) -{ - - SLOT_SET(cred->cr_label, 0); -} - -static void -partition_proc_create_init(struct ucred *cred) -{ - - SLOT_SET(cred->cr_label, 0); -} - -static void -partition_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - - if (SLOT(newlabel) != 0) - SLOT_SET(cred->cr_label, SLOT(newlabel)); -} - static int label_on_label(struct label *subject, struct label *object) { @@ -157,6 +85,10 @@ label_on_label(struct label *subject, struct label *object) return (EPERM); } +/* + * Object-specific entry points are sorted alphabetically by object type name + * and then by operation. + */ static int partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) { @@ -188,6 +120,64 @@ partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) return (error == 0 ? 0 : ESRCH); } +static void +partition_cred_copy_label(struct label *src, struct label *dest) +{ + + SLOT_SET(dest, SLOT(src)); +} + +static void +partition_cred_destroy_label(struct label *label) +{ + + SLOT_SET(label, 0); +} + +static int +partition_cred_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) + return (0); + + (*claimed)++; + + if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) + return (EINVAL); + else + return (0); +} + +static void +partition_cred_init_label(struct label *label) +{ + + SLOT_SET(label, 0); +} + +static int +partition_cred_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) +{ + + if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) + return (0); + + (*claimed)++; + SLOT_SET(label, strtol(element_data, NULL, 10)); + return (0); +} + +static void +partition_cred_relabel(struct ucred *cred, struct label *newlabel) +{ + + if (SLOT(newlabel) != 0) + SLOT_SET(cred->cr_label, SLOT(newlabel)); +} + static int partition_proc_check_debug(struct ucred *cred, struct proc *p) { @@ -219,6 +209,20 @@ partition_proc_check_signal(struct ucred *cred, struct proc *p, return (error ? ESRCH : 0); } +static void +partition_proc_create_init(struct ucred *cred) +{ + + SLOT_SET(cred->cr_label, 0); +} + +static void +partition_proc_create_swapper(struct ucred *cred) +{ + + SLOT_SET(cred->cr_label, 0); +} + static int partition_socket_check_visible(struct ucred *cred, struct socket *so, struct label *solabel) @@ -251,19 +255,19 @@ partition_vnode_check_exec(struct ucred *cred, struct vnode *vp, static struct mac_policy_ops partition_ops = { - .mpo_cred_init_label = partition_init_label, - .mpo_cred_destroy_label = partition_destroy_label, - .mpo_cred_copy_label = partition_copy_label, - .mpo_cred_externalize_label = partition_externalize_label, - .mpo_cred_internalize_label = partition_internalize_label, - .mpo_proc_create_swapper = partition_proc_create_swapper, - .mpo_proc_create_init = partition_proc_create_init, - .mpo_cred_relabel = partition_cred_relabel, .mpo_cred_check_relabel = partition_cred_check_relabel, .mpo_cred_check_visible = partition_cred_check_visible, + .mpo_cred_copy_label = partition_cred_copy_label, + .mpo_cred_destroy_label = partition_cred_destroy_label, + .mpo_cred_externalize_label = partition_cred_externalize_label, + .mpo_cred_init_label = partition_cred_init_label, + .mpo_cred_internalize_label = partition_cred_internalize_label, + .mpo_cred_relabel = partition_cred_relabel, .mpo_proc_check_debug = partition_proc_check_debug, .mpo_proc_check_sched = partition_proc_check_sched, .mpo_proc_check_signal = partition_proc_check_signal, + .mpo_proc_create_init = partition_proc_create_init, + .mpo_proc_create_swapper = partition_proc_create_swapper, .mpo_socket_check_visible = partition_socket_check_visible, .mpo_vnode_check_exec = partition_vnode_check_exec, }; diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c index ae88ac33f7e5..ac7880d6ca4a 100644 --- a/sys/security/mac_seeotheruids/mac_seeotheruids.c +++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c @@ -126,15 +126,7 @@ seeotheruids_check(struct ucred *cr1, struct ucred *cr2) } static int -seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2) -{ - - return (seeotheruids_check(cr1, cr2)); -} - -static int -seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p, - int signum) +seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p) { return (seeotheruids_check(cred, p->p_ucred)); @@ -148,12 +140,20 @@ seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p) } static int -seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p) +seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p, + int signum) { return (seeotheruids_check(cred, p->p_ucred)); } +static int +seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +{ + + return (seeotheruids_check(cr1, cr2)); +} + static int seeotheruids_socket_check_visible(struct ucred *cred, struct socket *so, struct label *solabel) @@ -164,10 +164,10 @@ seeotheruids_socket_check_visible(struct ucred *cred, struct socket *so, static struct mac_policy_ops seeotheruids_ops = { - .mpo_cred_check_visible = seeotheruids_cred_check_visible, .mpo_proc_check_debug = seeotheruids_proc_check_debug, .mpo_proc_check_sched = seeotheruids_proc_check_sched, .mpo_proc_check_signal = seeotheruids_proc_check_signal, + .mpo_cred_check_visible = seeotheruids_cred_check_visible, .mpo_socket_check_visible = seeotheruids_socket_check_visible, }; diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 2cd3fb9f3674..50463a054217 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -159,28 +159,47 @@ stub_internalize_label(struct label *label, char *element_name, } /* - * Labeling event operations: file system objects, and things that look - * a lot like file system objects. + * Object-specific entry point imeplementations are sorted alphabetically by + * object type name and then by operation. */ +static int +stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) +{ + + return (0); +} + static void -stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) +stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) +{ + +} + +static void +stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { } static int -stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) +{ + + return (0); +} + +static int +stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { return (0); } static void -stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +stub_cred_relabel(struct ucred *cred, struct label *newlabel) { } @@ -207,37 +226,6 @@ stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, } -static int -stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - - return (0); -} - -static void -stub_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) -{ - -} - -static void -stub_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - -} - -static int -stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) -{ - - return (0); -} - static void stub_devfs_update(struct mount *mp, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vplabel) @@ -245,370 +233,14 @@ stub_devfs_update(struct mount *mp, struct devfs_dirent *de, } -/* - * Labeling event operations: IPC object. - */ static void -stub_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { } -static void -stub_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - -} - -static void -stub_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - -} - -static void -stub_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - -} - -static void -stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) -{ - -} - -static void -stub_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - -} - -static void -stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) -{ - -} - -static void -stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) -{ - -} - -static void -stub_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - -} - -/* - * Labeling event operations: network objects. - */ -static void -stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) -{ - -} - -static void -stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, - struct label *fraglabel) -{ - -} - -static void -stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) -{ - -} - -static void -stub_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - -} - -static void -stub_syncache_create(struct label *label, struct inpcb *inp) -{ - -} - -static void -stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) -{ - -} - -static void -stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) -{ - -} - -static void -stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) -{ - -} - -static void -stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmalabel) -{ - -} - -static void -stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - -} - -static void -stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) -{ - -} - -static void -stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netatalk_aarp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - -} - -static void -stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - -} - -static void -stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) -{ - -} - -static int -stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - - return (1); -} - -static void -stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) -{ - -} - -static void -stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - -} - -static void -stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ - -} - -static void -stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - -} - -/* - * Labeling event operations: processes. - */ -static void -stub_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - -} - -static int -stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - - return (0); -} - -static void -stub_proc_create_swapper(struct ucred *cred) -{ - -} - -static void -stub_proc_create_init(struct ucred *cred) -{ - -} - -static void -stub_proc_associate_nfsd(struct ucred *cred) -{ - -} - -static void -stub_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - -} - -static void -stub_thread_userret(struct thread *td) -{ - -} - -/* - * Label cleanup/flush operations - */ -static void -stub_sysvmsg_cleanup(struct label *msglabel) -{ - -} - -static void -stub_sysvmsq_cleanup(struct label *msqlabel) -{ - -} - -static void -stub_sysvsem_cleanup(struct label *semalabel) -{ - -} - -static void -stub_sysvshm_cleanup(struct label *shmlabel) -{ - -} - -/* - * Access control checks. - */ -static int -stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) -{ - - return (0); -} - -static int -stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) -{ - - return (0); -} - -static int -stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) -{ - - return (0); -} - static int stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel) @@ -625,6 +257,26 @@ stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, return (0); } +static void +stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +{ + +} + +static void +stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) +{ + +} + static int stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) @@ -633,124 +285,54 @@ stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, return (0); } -static int -stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, - struct label *msglabel, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +stub_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + +} + +static void +stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) +{ + +} + +static void +stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - return (0); } static int -stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - return (0); + return (1); } - -static int -stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +static void +stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *m, struct label *mlabel) { - return (0); } - -static int -stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +static void +stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - return (0); -} - - -static int -stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) -{ - - return (0); -} - -static int -stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) -{ - - return (0); -} - - -static int -stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) -{ - - return (0); -} - - -static int -stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) -{ - - return (0); -} - -static int -stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) -{ - - return (0); -} - - -static int -stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) -{ - - return (0); -} - -static int -stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - - return (0); -} - -static int -stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) -{ - - return (0); -} - -static int -stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel) -{ - - return (0); -} - - -static int -stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) -{ - - return (0); } static int @@ -804,6 +386,80 @@ stub_mount_check_stat(struct ucred *cred, struct mount *mp, return (0); } +static void +stub_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) +{ + +} + +static void +stub_netatalk_aarp_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + +} + +static void +stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, + struct label *fraglabel) +{ + +} + +static void +stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + +} + +static void +stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) +{ + +} + static int stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) @@ -852,6 +508,20 @@ stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } +static void +stub_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) +{ + +} + +static void +stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) +{ + +} + static int stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, struct label *kslabel) @@ -900,6 +570,33 @@ stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks, return (0); } +static void +stub_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + +} + +static int +stub_priv_check(struct ucred *cred, int priv) +{ + + return (0); +} + +static int +stub_priv_grant(struct ucred *cred, int priv) +{ + + return (EPERM); +} + +static void +stub_proc_associate_nfsd(struct ucred *cred) +{ + +} + static int stub_proc_check_debug(struct ucred *cred, struct proc *p) { @@ -914,20 +611,6 @@ stub_proc_check_sched(struct ucred *cred, struct proc *p) return (0); } -static int -stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) -{ - - return (0); -} - -static int -stub_proc_check_wait(struct ucred *cred, struct proc *p) -{ - - return (0); -} - static int stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) { @@ -950,7 +633,7 @@ stub_proc_check_setauid(struct ucred *cred, uid_t auid) } static int -stub_proc_check_setuid(struct ucred *cred, uid_t uid) +stub_proc_check_setegid(struct ucred *cred, gid_t egid) { return (0); @@ -970,13 +653,6 @@ stub_proc_check_setgid(struct ucred *cred, gid_t gid) return (0); } -static int -stub_proc_check_setegid(struct ucred *cred, gid_t egid) -{ - - return (0); -} - static int stub_proc_check_setgroups(struct ucred *cred, int ngroups, gid_t *gidset) @@ -986,14 +662,15 @@ stub_proc_check_setgroups(struct ucred *cred, int ngroups, } static int -stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) { return (0); } static int -stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) { return (0); @@ -1008,13 +685,45 @@ stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, } static int -stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, - gid_t sgid) +stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) { return (0); } +static int +stub_proc_check_setuid(struct ucred *cred, uid_t uid) +{ + + return (0); +} + +static int +stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +{ + + return (0); +} + +static int +stub_proc_check_wait(struct ucred *cred, struct proc *p) +{ + + return (0); +} + +static void +stub_proc_create_init(struct ucred *cred) +{ + +} + +static void +stub_proc_create_swapper(struct ucred *cred) +{ + +} + static int stub_socket_check_accept(struct ucred *cred, struct socket *so, struct label *solabel) @@ -1109,6 +818,62 @@ stub_socket_check_visible(struct ucred *cred, struct socket *so, return (0); } +static void +stub_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + +} + +static void +stub_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + +} + +static void +stub_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + +} + +static void +stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + +} + +static void +stub_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + +} + +static void +stub_syncache_create(struct label *label, struct inpcb *inp) +{ + +} + +static void +stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + +} + static int stub_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) @@ -1202,6 +967,199 @@ stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, return (0); } +static void +stub_sysvmsg_cleanup(struct label *msglabel) +{ + +} + +static void +stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + +} + +static int +stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + + return (0); +} + +static int +stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + + return (0); +} + + +static int +stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + + return (0); +} + + +static int +stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + + return (0); +} + + +static int +stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + + return (0); +} + +static int +stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + + return (0); +} + + +static int +stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) +{ + + return (0); +} + + +static void +stub_sysvmsq_cleanup(struct label *msqlabel) +{ + +} + +static void +stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + +} + +static int +stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) +{ + + return (0); +} + +static int +stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) +{ + + return (0); +} + + +static int +stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) +{ + + return (0); +} + +static void +stub_sysvsem_cleanup(struct label *semalabel) +{ + +} + +static void +stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + +} + +static int +stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + + return (0); +} + +static int +stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) +{ + + return (0); +} + +static int +stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel) +{ + + return (0); +} + + +static int +stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) +{ + + return (0); +} + +static void +stub_sysvshm_cleanup(struct label *shmlabel) +{ + +} + +static void +stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmalabel) +{ + +} + +static void +stub_thread_userret(struct thread *td) +{ + +} + +static int +stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + + return (0); +} + +static void +stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + +} + static int stub_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, struct label *vplabel, acl_type_t type) @@ -1441,189 +1399,180 @@ stub_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, } static int -stub_priv_check(struct ucred *cred, int priv) +stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { return (0); } -static int -stub_priv_grant(struct ucred *cred, int priv) +static void +stub_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) { - return (EPERM); } +static int +stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + + return (0); +} + +static void +stub_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + +} + +static int +stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + + return (0); +} + +/* + * Register functions with MAC Framework policy entry points. + */ static struct mac_policy_ops stub_ops = { .mpo_destroy = stub_destroy, .mpo_init = stub_init, .mpo_syscall = stub_syscall, - .mpo_bpfdesc_init_label = stub_init_label, - .mpo_cred_init_label = stub_init_label, - .mpo_devfs_init_label = stub_init_label, - .mpo_ifnet_init_label = stub_init_label, - .mpo_inpcb_init_label = stub_init_label_waitcheck, - .mpo_sysvmsg_init_label = stub_init_label, - .mpo_sysvmsq_init_label = stub_init_label, - .mpo_sysvsem_init_label = stub_init_label, - .mpo_sysvshm_init_label = stub_init_label, - .mpo_ipq_init_label = stub_init_label_waitcheck, - .mpo_mbuf_init_label = stub_init_label_waitcheck, - .mpo_mount_init_label = stub_init_label, - .mpo_pipe_init_label = stub_init_label, - .mpo_posixsem_init_label = stub_init_label, - .mpo_socket_init_label = stub_init_label_waitcheck, - .mpo_socketpeer_init_label = stub_init_label_waitcheck, - .mpo_vnode_init_label = stub_init_label, + + .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, + .mpo_bpfdesc_create = stub_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = stub_destroy_label, - .mpo_cred_destroy_label = stub_destroy_label, - .mpo_devfs_destroy_label = stub_destroy_label, - .mpo_ifnet_destroy_label = stub_destroy_label, - .mpo_inpcb_destroy_label = stub_destroy_label, - .mpo_sysvmsg_destroy_label = stub_destroy_label, - .mpo_sysvmsq_destroy_label = stub_destroy_label, - .mpo_sysvsem_destroy_label = stub_destroy_label, - .mpo_sysvshm_destroy_label = stub_destroy_label, - .mpo_ipq_destroy_label = stub_destroy_label, - .mpo_mbuf_destroy_label = stub_destroy_label, - .mpo_mount_destroy_label = stub_destroy_label, - .mpo_pipe_destroy_label = stub_destroy_label, - .mpo_posixsem_destroy_label = stub_destroy_label, - .mpo_socket_destroy_label = stub_destroy_label, - .mpo_socketpeer_destroy_label = stub_destroy_label, - .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_bpfdesc_init_label = stub_init_label, + + .mpo_cred_check_relabel = stub_cred_check_relabel, + .mpo_cred_check_visible = stub_cred_check_visible, .mpo_cred_copy_label = stub_copy_label, - .mpo_ifnet_copy_label = stub_copy_label, - .mpo_mbuf_copy_label = stub_copy_label, - .mpo_pipe_copy_label = stub_copy_label, - .mpo_socket_copy_label = stub_copy_label, - .mpo_vnode_copy_label = stub_copy_label, + .mpo_cred_destroy_label = stub_destroy_label, .mpo_cred_externalize_label = stub_externalize_label, - .mpo_ifnet_externalize_label = stub_externalize_label, - .mpo_pipe_externalize_label = stub_externalize_label, - .mpo_socket_externalize_label = stub_externalize_label, - .mpo_socketpeer_externalize_label = stub_externalize_label, - .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_cred_init_label = stub_init_label, .mpo_cred_internalize_label = stub_internalize_label, - .mpo_ifnet_internalize_label = stub_internalize_label, - .mpo_pipe_internalize_label = stub_internalize_label, - .mpo_socket_internalize_label = stub_internalize_label, - .mpo_vnode_internalize_label = stub_internalize_label, - .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, - .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, + .mpo_cred_relabel= stub_cred_relabel, + .mpo_devfs_create_device = stub_devfs_create_device, .mpo_devfs_create_directory = stub_devfs_create_directory, .mpo_devfs_create_symlink = stub_devfs_create_symlink, - .mpo_sysvmsg_create = stub_sysvmsg_create, - .mpo_sysvmsq_create = stub_sysvmsq_create, - .mpo_sysvsem_create = stub_sysvsem_create, - .mpo_sysvshm_create = stub_sysvshm_create, - .mpo_vnode_create_extattr = stub_vnode_create_extattr, - .mpo_mount_create = stub_mount_create, - .mpo_vnode_relabel = stub_vnode_relabel, - .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, + .mpo_devfs_destroy_label = stub_destroy_label, + .mpo_devfs_init_label = stub_init_label, .mpo_devfs_update = stub_devfs_update, - .mpo_socket_create_mbuf = stub_socket_create_mbuf, - .mpo_pipe_create = stub_pipe_create, - .mpo_posixsem_create = stub_posixsem_create, - .mpo_socket_create = stub_socket_create, - .mpo_socket_newconn = stub_socket_newconn, - .mpo_pipe_relabel = stub_pipe_relabel, - .mpo_socket_relabel = stub_socket_relabel, - .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, - .mpo_bpfdesc_create = stub_bpfdesc_create, - .mpo_ifnet_create = stub_ifnet_create, - .mpo_inpcb_create = stub_inpcb_create, - .mpo_ipq_create = stub_ipq_create, - .mpo_ipq_reassemble = stub_ipq_reassemble, - .mpo_netinet_fragment = stub_netinet_fragment, - .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, - .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, - .mpo_netinet_arp_send = stub_netinet_arp_send, - .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, - .mpo_netinet_firewall_send = stub_netinet_firewall_send, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_igmp_send = stub_netinet_igmp_send, - .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, - .mpo_ipq_match = stub_ipq_match, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, - .mpo_ifnet_relabel = stub_ifnet_relabel, - .mpo_ipq_update = stub_ipq_update, - .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, - .mpo_vnode_execve_transition = stub_vnode_execve_transition, - .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, - .mpo_proc_create_swapper = stub_proc_create_swapper, - .mpo_proc_create_init = stub_proc_create_init, - .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, - .mpo_cred_relabel= stub_cred_relabel, - .mpo_thread_userret = stub_thread_userret, - .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, - .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, - .mpo_cred_check_relabel = stub_cred_check_relabel, - .mpo_cred_check_visible = stub_cred_check_visible, + .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, + .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, + .mpo_ifnet_copy_label = stub_copy_label, + .mpo_ifnet_create = stub_ifnet_create, + .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = stub_destroy_label, + .mpo_ifnet_externalize_label = stub_externalize_label, + .mpo_ifnet_init_label = stub_init_label, + .mpo_ifnet_internalize_label = stub_internalize_label, + .mpo_ifnet_relabel = stub_ifnet_relabel, + .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, - .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, - .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, - .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, - .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_inpcb_create = stub_inpcb_create, + .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, + .mpo_inpcb_destroy_label = stub_destroy_label, + .mpo_inpcb_init_label = stub_init_label_waitcheck, + .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, + + .mpo_ipq_create = stub_ipq_create, + .mpo_ipq_destroy_label = stub_destroy_label, + .mpo_ipq_init_label = stub_init_label_waitcheck, + .mpo_ipq_match = stub_ipq_match, + .mpo_ipq_update = stub_ipq_update, + .mpo_ipq_reassemble = stub_ipq_reassemble, + .mpo_kenv_check_dump = stub_kenv_check_dump, .mpo_kenv_check_get = stub_kenv_check_get, .mpo_kenv_check_set = stub_kenv_check_set, .mpo_kenv_check_unset = stub_kenv_check_unset, + .mpo_kld_check_load = stub_kld_check_load, .mpo_kld_check_stat = stub_kld_check_stat, + + .mpo_mbuf_copy_label = stub_copy_label, + .mpo_mbuf_destroy_label = stub_destroy_label, + .mpo_mbuf_init_label = stub_init_label_waitcheck, + .mpo_mount_check_stat = stub_mount_check_stat, + .mpo_mount_create = stub_mount_create, + .mpo_mount_destroy_label = stub_destroy_label, + .mpo_mount_init_label = stub_init_label, + + .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, + + .mpo_netinet_arp_send = stub_netinet_arp_send, + .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, + .mpo_netinet_firewall_send = stub_netinet_firewall_send, + .mpo_netinet_fragment = stub_netinet_fragment, + .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, + .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, + .mpo_netinet_igmp_send = stub_netinet_igmp_send, + + .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, + .mpo_pipe_check_ioctl = stub_pipe_check_ioctl, .mpo_pipe_check_poll = stub_pipe_check_poll, .mpo_pipe_check_read = stub_pipe_check_read, .mpo_pipe_check_relabel = stub_pipe_check_relabel, .mpo_pipe_check_stat = stub_pipe_check_stat, .mpo_pipe_check_write = stub_pipe_check_write, + .mpo_pipe_copy_label = stub_copy_label, + .mpo_pipe_create = stub_pipe_create, + .mpo_pipe_destroy_label = stub_destroy_label, + .mpo_pipe_externalize_label = stub_externalize_label, + .mpo_pipe_init_label = stub_init_label, + .mpo_pipe_internalize_label = stub_internalize_label, + .mpo_pipe_relabel = stub_pipe_relabel, + .mpo_posixsem_check_destroy = stub_posixsem_check_destroy, .mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue, .mpo_posixsem_check_open = stub_posixsem_check_open, .mpo_posixsem_check_post = stub_posixsem_check_post, .mpo_posixsem_check_unlink = stub_posixsem_check_unlink, .mpo_posixsem_check_wait = stub_posixsem_check_wait, + .mpo_posixsem_create = stub_posixsem_create, + .mpo_posixsem_destroy_label = stub_destroy_label, + .mpo_posixsem_init_label = stub_init_label, + + .mpo_priv_check = stub_priv_check, + .mpo_priv_grant = stub_priv_grant, + + .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, .mpo_proc_check_debug = stub_proc_check_debug, .mpo_proc_check_sched = stub_proc_check_sched, .mpo_proc_check_setaudit = stub_proc_check_setaudit, .mpo_proc_check_setaudit_addr = stub_proc_check_setaudit_addr, .mpo_proc_check_setauid = stub_proc_check_setauid, - .mpo_proc_check_setuid = stub_proc_check_setuid, + .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_seteuid = stub_proc_check_seteuid, .mpo_proc_check_setgid = stub_proc_check_setgid, - .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_setgroups = stub_proc_check_setgroups, - .mpo_proc_check_setreuid = stub_proc_check_setreuid, .mpo_proc_check_setregid = stub_proc_check_setregid, - .mpo_proc_check_setresuid = stub_proc_check_setresuid, .mpo_proc_check_setresgid = stub_proc_check_setresgid, + .mpo_proc_check_setresuid = stub_proc_check_setresuid, + .mpo_proc_check_setreuid = stub_proc_check_setreuid, + .mpo_proc_check_setuid = stub_proc_check_setuid, .mpo_proc_check_signal = stub_proc_check_signal, .mpo_proc_check_wait = stub_proc_check_wait, + .mpo_proc_create_init = stub_proc_create_init, + .mpo_proc_create_swapper = stub_proc_create_swapper, + .mpo_socket_check_accept = stub_socket_check_accept, .mpo_socket_check_bind = stub_socket_check_bind, .mpo_socket_check_connect = stub_socket_check_connect, @@ -1636,6 +1585,61 @@ static struct mac_policy_ops stub_ops = .mpo_socket_check_send = stub_socket_check_send, .mpo_socket_check_stat = stub_socket_check_stat, .mpo_socket_check_visible = stub_socket_check_visible, + .mpo_socket_copy_label = stub_copy_label, + .mpo_socket_create = stub_socket_create, + .mpo_socket_create_mbuf = stub_socket_create_mbuf, + .mpo_socket_destroy_label = stub_destroy_label, + .mpo_socket_externalize_label = stub_externalize_label, + .mpo_socket_init_label = stub_init_label_waitcheck, + .mpo_socket_internalize_label = stub_internalize_label, + .mpo_socket_newconn = stub_socket_newconn, + .mpo_socket_relabel = stub_socket_relabel, + + .mpo_socketpeer_destroy_label = stub_destroy_label, + .mpo_socketpeer_externalize_label = stub_externalize_label, + .mpo_socketpeer_init_label = stub_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, + + .mpo_syncache_init_label = stub_init_label_waitcheck, + .mpo_syncache_destroy_label = stub_destroy_label, + .mpo_syncache_create = stub_syncache_create, + .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + + .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, + .mpo_sysvmsg_create = stub_sysvmsg_create, + .mpo_sysvmsg_destroy_label = stub_destroy_label, + .mpo_sysvmsg_init_label = stub_init_label, + + .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, + .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, + .mpo_sysvmsq_create = stub_sysvmsq_create, + .mpo_sysvmsq_destroy_label = stub_destroy_label, + .mpo_sysvmsq_init_label = stub_init_label, + + .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, + .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, + .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, + .mpo_sysvsem_create = stub_sysvsem_create, + .mpo_sysvsem_destroy_label = stub_destroy_label, + .mpo_sysvsem_init_label = stub_init_label, + + .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, + .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, + .mpo_sysvshm_create = stub_sysvshm_create, + .mpo_sysvshm_destroy_label = stub_destroy_label, + .mpo_sysvshm_init_label = stub_init_label, + .mpo_system_check_acct = stub_system_check_acct, .mpo_system_check_audit = stub_system_check_audit, .mpo_system_check_auditctl = stub_system_check_auditctl, @@ -1644,6 +1648,11 @@ static struct mac_policy_ops stub_ops = .mpo_system_check_swapoff = stub_system_check_swapoff, .mpo_system_check_swapon = stub_system_check_swapon, .mpo_system_check_sysctl = stub_system_check_sysctl, + + .mpo_thread_userret = stub_thread_userret, + + .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, .mpo_vnode_check_access = stub_vnode_check_access, .mpo_vnode_check_chdir = stub_vnode_check_chdir, .mpo_vnode_check_chroot = stub_vnode_check_chroot, @@ -1677,12 +1686,16 @@ static struct mac_policy_ops stub_ops = .mpo_vnode_check_stat = stub_vnode_check_stat, .mpo_vnode_check_unlink = stub_vnode_check_unlink, .mpo_vnode_check_write = stub_vnode_check_write, - .mpo_priv_check = stub_priv_check, - .mpo_priv_grant = stub_priv_grant, - .mpo_syncache_init_label = stub_init_label_waitcheck, - .mpo_syncache_destroy_label = stub_destroy_label, - .mpo_syncache_create = stub_syncache_create, - .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + .mpo_vnode_copy_label = stub_copy_label, + .mpo_vnode_create_extattr = stub_vnode_create_extattr, + .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_vnode_execve_transition = stub_vnode_execve_transition, + .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, + .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_vnode_init_label = stub_init_label, + .mpo_vnode_internalize_label = stub_internalize_label, + .mpo_vnode_relabel = stub_vnode_relabel, + .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, }; MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 24867160d6eb..ff0c215c0035 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -149,208 +149,57 @@ SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, } while (0) /* - * Label operations. + * Functions that span multiple entry points. */ -COUNTER_DECL(bpfdesc_init_label); -static void -test_bpfdesc_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_BPF); - COUNTER_INC(bpfdesc_init_label); -} - -COUNTER_DECL(cred_init_label); -static void -test_cred_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_CRED); - COUNTER_INC(cred_init_label); -} - -COUNTER_DECL(devfs_init_label); -static void -test_devfs_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_DEVFS); - COUNTER_INC(devfs_init_label); -} - -COUNTER_DECL(ifnet_init_label); -static void -test_ifnet_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_IFNET); - COUNTER_INC(ifnet_init_label); -} - -COUNTER_DECL(inpcb_init_label); +COUNTER_DECL(internalize_label); static int -test_inpcb_init_label(struct label *label, int flag) +test_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_inpcb_init_label() at %s:%d", __FILE__, - __LINE__); + LABEL_NOTFREE(label); + COUNTER_INC(internalize_label); - LABEL_INIT(label, MAGIC_INPCB); - COUNTER_INC(inpcb_init_label); return (0); } -COUNTER_DECL(sysvmsg_init_label); -static void -test_sysvmsg_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_init_label); -} - -COUNTER_DECL(sysvmsq_init_label); -static void -test_sysvmsq_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_init_label); -} - -COUNTER_DECL(sysvsem_init_label); -static void -test_sysvsem_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_init_label); -} - -COUNTER_DECL(sysvshm_init_label); -static void -test_sysvshm_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_init_label); -} - -COUNTER_DECL(ipq_init_label); +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. + */ +COUNTER_DECL(bpfdesc_check_receive); static int -test_ipq_init_label(struct label *label, int flag) +test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifp, struct label *ifplabel) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_ipq_init_label() at %s:%d", __FILE__, - __LINE__); + LABEL_CHECK(bpflabel, MAGIC_BPF); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + COUNTER_INC(bpfdesc_check_receive); - LABEL_INIT(label, MAGIC_IPQ); - COUNTER_INC(ipq_init_label); return (0); } -COUNTER_DECL(mbuf_init_label); -static int -test_mbuf_init_label(struct label *label, int flag) -{ - - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_mbuf_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_MBUF); - COUNTER_INC(mbuf_init_label); - return (0); -} - -COUNTER_DECL(mount_init_label); +COUNTER_DECL(bpfdesc_create); static void -test_mount_init_label(struct label *label) +test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, + struct label *bpflabel) { - LABEL_INIT(label, MAGIC_MOUNT); - COUNTER_INC(mount_init_label); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(bpflabel, MAGIC_BPF); + COUNTER_INC(bpfdesc_create); } -COUNTER_DECL(socket_init_label); -static int -test_socket_init_label(struct label *label, int flag) -{ - - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_socket_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_SOCKET); - COUNTER_INC(socket_init_label); - return (0); -} - -COUNTER_DECL(socketpeer_init_label); -static int -test_socketpeer_init_label(struct label *label, int flag) -{ - - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_socketpeer_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_init_label); - return (0); -} - -COUNTER_DECL(pipe_init_label); +COUNTER_DECL(bpfdesc_create_mbuf); static void -test_pipe_init_label(struct label *label) +test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, + struct mbuf *mbuf, struct label *mbuflabel) { - LABEL_INIT(label, MAGIC_PIPE); - COUNTER_INC(pipe_init_label); -} - -COUNTER_DECL(posixsem_init_label); -static void -test_posixsem_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_init_label); -} - -COUNTER_DECL(proc_init_label); -static void -test_proc_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_PROC); - COUNTER_INC(proc_init_label); -} - -COUNTER_DECL(syncache_init_label); -static int -test_syncache_init_label(struct label *label, int flag) -{ - - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_syncache_init_label() at %s:%d", __FILE__, - __LINE__); - LABEL_INIT(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_init_label); - return (0); -} - -COUNTER_DECL(vnode_init_label); -static void -test_vnode_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_VNODE); - COUNTER_INC(vnode_init_label); + LABEL_CHECK(bpflabel, MAGIC_BPF); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(bpfdesc_create_mbuf); } COUNTER_DECL(bpfdesc_destroy_label); @@ -362,174 +211,37 @@ test_bpfdesc_destroy_label(struct label *label) COUNTER_INC(bpfdesc_destroy_label); } -COUNTER_DECL(cred_destroy_label); +COUNTER_DECL(bpfdesc_init_label); static void -test_cred_destroy_label(struct label *label) +test_bpfdesc_init_label(struct label *label) { - LABEL_DESTROY(label, MAGIC_CRED); - COUNTER_INC(cred_destroy_label); + LABEL_INIT(label, MAGIC_BPF); + COUNTER_INC(bpfdesc_init_label); } -COUNTER_DECL(devfs_destroy_label); -static void -test_devfs_destroy_label(struct label *label) +COUNTER_DECL(cred_check_relabel); +static int +test_cred_check_relabel(struct ucred *cred, struct label *newlabel) { - LABEL_DESTROY(label, MAGIC_DEVFS); - COUNTER_INC(devfs_destroy_label); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(newlabel, MAGIC_CRED); + COUNTER_INC(cred_check_relabel); + + return (0); } -COUNTER_DECL(ifnet_destroy_label); -static void -test_ifnet_destroy_label(struct label *label) +COUNTER_DECL(cred_check_visible); +static int +test_cred_check_visible(struct ucred *u1, struct ucred *u2) { - LABEL_DESTROY(label, MAGIC_IFNET); - COUNTER_INC(ifnet_destroy_label); -} + LABEL_CHECK(u1->cr_label, MAGIC_CRED); + LABEL_CHECK(u2->cr_label, MAGIC_CRED); + COUNTER_INC(cred_check_visible); -COUNTER_DECL(inpcb_destroy_label); -static void -test_inpcb_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_INPCB); - COUNTER_INC(inpcb_destroy_label); -} - -COUNTER_DECL(syncache_destroy_label); -static void -test_syncache_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_destroy_label); -} - -COUNTER_DECL(sysvmsg_destroy_label); -static void -test_sysvmsg_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_destroy_label); -} - -COUNTER_DECL(sysvmsq_destroy_label); -static void -test_sysvmsq_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_destroy_label); -} - -COUNTER_DECL(sysvsem_destroy_label); -static void -test_sysvsem_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_destroy_label); -} - -COUNTER_DECL(sysvshm_destroy_label); -static void -test_sysvshm_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_destroy_label); -} - -COUNTER_DECL(ipq_destroy_label); -static void -test_ipq_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_IPQ); - COUNTER_INC(ipq_destroy_label); -} - -COUNTER_DECL(mbuf_destroy_label); -static void -test_mbuf_destroy_label(struct label *label) -{ - - /* - * If we're loaded dynamically, there may be mbufs in flight that - * didn't have label storage allocated for them. Handle this - * gracefully. - */ - if (label == NULL) - return; - - LABEL_DESTROY(label, MAGIC_MBUF); - COUNTER_INC(mbuf_destroy_label); -} - -COUNTER_DECL(mount_destroy_label); -static void -test_mount_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_MOUNT); - COUNTER_INC(mount_destroy_label); -} - -COUNTER_DECL(socket_destroy_label); -static void -test_socket_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SOCKET); - COUNTER_INC(socket_destroy_label); -} - -COUNTER_DECL(socketpeer_destroy_label); -static void -test_socketpeer_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_destroy_label); -} - -COUNTER_DECL(pipe_destroy_label); -static void -test_pipe_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_PIPE); - COUNTER_INC(pipe_destroy_label); -} - -COUNTER_DECL(posixsem_destroy_label); -static void -test_posixsem_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_destroy_label); -} - -COUNTER_DECL(proc_destroy_label); -static void -test_proc_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_PROC); - COUNTER_INC(proc_destroy_label); -} - -COUNTER_DECL(vnode_destroy_label); -static void -test_vnode_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_VNODE); - COUNTER_INC(vnode_destroy_label); + return (0); } COUNTER_DECL(cred_copy_label); @@ -542,54 +254,13 @@ test_cred_copy_label(struct label *src, struct label *dest) COUNTER_INC(cred_copy_label); } -COUNTER_DECL(ifnet_copy_label); +COUNTER_DECL(cred_destroy_label); static void -test_ifnet_copy_label(struct label *src, struct label *dest) +test_cred_destroy_label(struct label *label) { - LABEL_CHECK(src, MAGIC_IFNET); - LABEL_CHECK(dest, MAGIC_IFNET); - COUNTER_INC(ifnet_copy_label); -} - -COUNTER_DECL(mbuf_copy_label); -static void -test_mbuf_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_MBUF); - LABEL_CHECK(dest, MAGIC_MBUF); - COUNTER_INC(mbuf_copy_label); -} - -COUNTER_DECL(pipe_copy_label); -static void -test_pipe_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_PIPE); - LABEL_CHECK(dest, MAGIC_PIPE); - COUNTER_INC(pipe_copy_label); -} - -COUNTER_DECL(socket_copy_label); -static void -test_socket_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_SOCKET); - LABEL_CHECK(dest, MAGIC_SOCKET); - COUNTER_INC(socket_copy_label); -} - -COUNTER_DECL(vnode_copy_label); -static void -test_vnode_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_VNODE); - LABEL_CHECK(dest, MAGIC_VNODE); - COUNTER_INC(vnode_copy_label); + LABEL_DESTROY(label, MAGIC_CRED); + COUNTER_INC(cred_destroy_label); } COUNTER_DECL(cred_externalize_label); @@ -604,117 +275,23 @@ test_cred_externalize_label(struct label *label, char *element_name, return (0); } -COUNTER_DECL(ifnet_externalize_label); -static int -test_ifnet_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - LABEL_CHECK(label, MAGIC_IFNET); - COUNTER_INC(ifnet_externalize_label); - - return (0); -} - -COUNTER_DECL(pipe_externalize_label); -static int -test_pipe_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - LABEL_CHECK(label, MAGIC_PIPE); - COUNTER_INC(pipe_externalize_label); - - return (0); -} - -COUNTER_DECL(socket_externalize_label); -static int -test_socket_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - LABEL_CHECK(label, MAGIC_SOCKET); - COUNTER_INC(socket_externalize_label); - - return (0); -} - -COUNTER_DECL(socketpeer_externalize_label); -static int -test_socketpeer_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - LABEL_CHECK(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_externalize_label); - - return (0); -} - -COUNTER_DECL(vnode_externalize_label); -static int -test_vnode_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) -{ - - LABEL_CHECK(label, MAGIC_VNODE); - COUNTER_INC(vnode_externalize_label); - - return (0); -} - -COUNTER_DECL(internalize_label); -static int -test_internalize_label(struct label *label, char *element_name, - char *element_data, int *claimed) -{ - - LABEL_NOTFREE(label); - COUNTER_INC(internalize_label); - - return (0); -} - -/* - * Labeling event operations: file system objects, and things that look - * a lot like file system objects. - */ -COUNTER_DECL(devfs_vnode_associate); +COUNTER_DECL(cred_init_label); static void -test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) +test_cred_init_label(struct label *label) { - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(delabel, MAGIC_DEVFS); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(devfs_vnode_associate); + LABEL_INIT(label, MAGIC_CRED); + COUNTER_INC(cred_init_label); } -COUNTER_DECL(vnode_associate_extattr); -static int -test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(vnode_associate_extattr); - - return (0); -} - -COUNTER_DECL(vnode_associate_singlelabel); +COUNTER_DECL(cred_relabel); static void -test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +test_cred_relabel(struct ucred *cred, struct label *newlabel) { - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(vnode_associate_singlelabel); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(newlabel, MAGIC_CRED); + COUNTER_INC(cred_relabel); } COUNTER_DECL(devfs_create_device); @@ -752,56 +329,22 @@ test_devfs_create_symlink(struct ucred *cred, struct mount *mp, COUNTER_INC(devfs_create_symlink); } -COUNTER_DECL(vnode_create_extattr); -static int -test_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(dvplabel, MAGIC_VNODE); - COUNTER_INC(vnode_create_extattr); - - return (0); -} - -COUNTER_DECL(mount_create); +COUNTER_DECL(devfs_destroy_label); static void -test_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) +test_devfs_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mplabel, MAGIC_MOUNT); - COUNTER_INC(mount_create); + LABEL_DESTROY(label, MAGIC_DEVFS); + COUNTER_INC(devfs_destroy_label); } -COUNTER_DECL(vnode_relabel); +COUNTER_DECL(devfs_init_label); static void -test_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) +test_devfs_init_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); - COUNTER_INC(vnode_relabel); -} - -COUNTER_DECL(vnode_setlabel_extattr); -static int -test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - LABEL_CHECK(intlabel, MAGIC_VNODE); - COUNTER_INC(vnode_setlabel_extattr); - - return (0); + LABEL_INIT(label, MAGIC_DEVFS); + COUNTER_INC(devfs_init_label); } COUNTER_DECL(devfs_update); @@ -815,540 +358,17 @@ test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, COUNTER_INC(devfs_update); } -/* - * Labeling event operations: IPC object. - */ -COUNTER_DECL(socket_create_mbuf); +COUNTER_DECL(devfs_vnode_associate); static void -test_socket_create_mbuf(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { - LABEL_CHECK(socketlabel, MAGIC_SOCKET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(socket_create_mbuf); -} - -COUNTER_DECL(socket_create); -static void -test_socket_create(struct ucred *cred, struct socket *socket, - struct label *socketlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); - COUNTER_INC(socket_create); -} - -COUNTER_DECL(pipe_create); -static void -test_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_create); -} - -COUNTER_DECL(posixsem_create); -static void -test_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_create); -} - -COUNTER_DECL(socket_newconn); -static void -test_socket_newconn(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) -{ - - LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); - LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); - COUNTER_INC(socket_newconn); -} - -COUNTER_DECL(socket_relabel); -static void -test_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_SOCKET); - COUNTER_INC(socket_relabel); -} - -COUNTER_DECL(pipe_relabel); -static void -test_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - LABEL_CHECK(newlabel, MAGIC_PIPE); - COUNTER_INC(pipe_relabel); -} - -COUNTER_DECL(socketpeer_set_from_mbuf); -static void -test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) -{ - - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); - COUNTER_INC(socketpeer_set_from_mbuf); -} - -/* - * Labeling event operations: network objects. - */ -COUNTER_DECL(socketpeer_set_from_socket); -static void -test_socketpeer_set_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) -{ - - LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); - LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); - COUNTER_INC(socketpeer_set_from_socket); -} - -COUNTER_DECL(bpfdesc_create); -static void -test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(bpflabel, MAGIC_BPF); - COUNTER_INC(bpfdesc_create); -} - -COUNTER_DECL(ipq_reassemble); -static void -test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) -{ - - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - LABEL_CHECK(datagramlabel, MAGIC_MBUF); - COUNTER_INC(ipq_reassemble); -} - -COUNTER_DECL(netinet_fragment); -static void -test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) -{ - - LABEL_CHECK(datagramlabel, MAGIC_MBUF); - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - COUNTER_INC(netinet_fragment); -} - -COUNTER_DECL(ifnet_create); -static void -test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - COUNTER_INC(ifnet_create); -} - -COUNTER_DECL(inpcb_create); -static void -test_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(inplabel, MAGIC_INPCB); - COUNTER_INC(inpcb_create); -} - -COUNTER_DECL(syncache_create); -static void -test_syncache_create(struct label *label, struct inpcb *inp) -{ - - LABEL_CHECK(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_create); -} - -COUNTER_DECL(syncache_create_mbuf); -static void -test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) -{ - - LABEL_CHECK(sc_label, MAGIC_SYNCACHE); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(syncache_create_mbuf); -} - -COUNTER_DECL(sysvmsg_create); -static void -test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) -{ - - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsg_create); -} - -COUNTER_DECL(sysvmsq_create); -static void -test_sysvmsq_create(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqlabel) -{ - - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_create); -} - -COUNTER_DECL(sysvsem_create); -static void -test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) -{ - - LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_create); -} - -COUNTER_DECL(sysvshm_create); -static void -test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) -{ - - LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_create); -} - -COUNTER_DECL(ipq_create); -static void -test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) -{ - - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_create); -} - -COUNTER_DECL(inpcb_create_mbuf); -static void -test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - - LABEL_CHECK(inplabel, MAGIC_INPCB); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(inpcb_create_mbuf); -} - -COUNTER_DECL(bpfdesc_create_mbuf); -static void -test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(bpflabel, MAGIC_BPF); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(bpfdesc_create_mbuf); -} - -COUNTER_DECL(ifnet_create_mbuf); -static void -test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(ifnet_create_mbuf); -} - -COUNTER_DECL(ipq_match); -static int -test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) -{ - - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_match); - - return (1); -} - -COUNTER_DECL(netatalk_aarp_send); -static void -test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(netatalk_aarp_send); -} - -COUNTER_DECL(netinet_arp_send); -static void -test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(netinet_arp_send); -} - -COUNTER_DECL(netinet_icmp_reply); -static void -test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) -{ - - LABEL_CHECK(mrecvlabel, MAGIC_MBUF); - LABEL_CHECK(msendlabel, MAGIC_MBUF); - COUNTER_INC(netinet_icmp_reply); -} - -COUNTER_DECL(netinet_icmp_replyinplace); -static void -test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) -{ - - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(netinet_icmp_replyinplace); -} - -COUNTER_DECL(netinet_igmp_send); -static void -test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(netinet_igmp_send); -} - -COUNTER_DECL(netinet_tcp_reply); -static void -test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) -{ - - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(netinet_tcp_reply); -} - -COUNTER_DECL(netinet6_nd6_send); -static void -test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(netinet6_nd6_send); -} - -COUNTER_DECL(ifnet_relabel); -static void -test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(newlabel, MAGIC_IFNET); - COUNTER_INC(ifnet_relabel); -} - -COUNTER_DECL(ipq_update); -static void -test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) -{ - - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_update); -} - -COUNTER_DECL(inpcb_sosetlabel); -static void -test_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(inplabel, MAGIC_INPCB); - COUNTER_INC(inpcb_sosetlabel); -} - -/* - * Labeling event operations: processes. - */ -COUNTER_DECL(vnode_execve_transition); -static void -test_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, - struct label *interpvplabel, struct image_params *imgp, - struct label *execlabel) -{ - - LABEL_CHECK(old->cr_label, MAGIC_CRED); - LABEL_CHECK(new->cr_label, MAGIC_CRED); - LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvplabel, MAGIC_VNODE); - LABEL_CHECK(execlabel, MAGIC_CRED); - COUNTER_INC(vnode_execve_transition); -} - -COUNTER_DECL(vnode_execve_will_transition); -static int -test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - - LABEL_CHECK(old->cr_label, MAGIC_CRED); - LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvplabel, MAGIC_VNODE); - LABEL_CHECK(execlabel, MAGIC_CRED); - COUNTER_INC(vnode_execve_will_transition); - - return (0); -} - -COUNTER_DECL(proc_create_swapper); -static void -test_proc_create_swapper(struct ucred *cred) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_create_swapper); -} - -COUNTER_DECL(proc_create_init); -static void -test_proc_create_init(struct ucred *cred) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_create_init); -} - -COUNTER_DECL(cred_relabel); -static void -test_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_CRED); - COUNTER_INC(cred_relabel); -} - -COUNTER_DECL(thread_userret); -static void -test_thread_userret(struct thread *td) -{ - - COUNTER_INC(thread_userret); -} - -/* - * Label cleanup/flush operations - */ -COUNTER_DECL(sysvmsg_cleanup); -static void -test_sysvmsg_cleanup(struct label *msglabel) -{ - - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_cleanup); -} - -COUNTER_DECL(sysvmsq_cleanup); -static void -test_sysvmsq_cleanup(struct label *msqlabel) -{ - - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_cleanup); -} - -COUNTER_DECL(sysvsem_cleanup); -static void -test_sysvsem_cleanup(struct label *semalabel) -{ - - LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_cleanup); -} - -COUNTER_DECL(sysvshm_cleanup); -static void -test_sysvshm_cleanup(struct label *shmlabel) -{ - - LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_cleanup); -} - -/* - * Access control checks. - */ -COUNTER_DECL(bpfdesc_check_receive); -static int -test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifp, struct label *ifplabel) -{ - - LABEL_CHECK(bpflabel, MAGIC_BPF); - LABEL_CHECK(ifplabel, MAGIC_IFNET); - COUNTER_INC(bpfdesc_check_receive); - - return (0); -} - -COUNTER_DECL(cred_check_relabel); -static int -test_cred_check_relabel(struct ucred *cred, struct label *newlabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_CRED); - COUNTER_INC(cred_check_relabel); - - return (0); -} - -COUNTER_DECL(cred_check_visible); -static int -test_cred_check_visible(struct ucred *u1, struct ucred *u2) -{ - - LABEL_CHECK(u1->cr_label, MAGIC_CRED); - LABEL_CHECK(u2->cr_label, MAGIC_CRED); - COUNTER_INC(cred_check_visible); - - return (0); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(delabel, MAGIC_DEVFS); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(devfs_vnode_associate); } COUNTER_DECL(ifnet_check_relabel); @@ -1378,6 +398,78 @@ test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, return (0); } +COUNTER_DECL(ifnet_copy_label); +static void +test_ifnet_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_IFNET); + LABEL_CHECK(dest, MAGIC_IFNET); + COUNTER_INC(ifnet_copy_label); +} + +COUNTER_DECL(ifnet_create); +static void +test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + COUNTER_INC(ifnet_create); +} + +COUNTER_DECL(ifnet_create_mbuf); +static void +test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(ifnet_create_mbuf); +} + +COUNTER_DECL(ifnet_destroy_label); +static void +test_ifnet_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_IFNET); + COUNTER_INC(ifnet_destroy_label); +} + +COUNTER_DECL(ifnet_externalize_label); +static int +test_ifnet_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_IFNET); + COUNTER_INC(ifnet_externalize_label); + + return (0); +} + +COUNTER_DECL(ifnet_init_label); +static void +test_ifnet_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_IFNET); + COUNTER_INC(ifnet_init_label); +} + +COUNTER_DECL(ifnet_relabel); +static void +test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(newlabel, MAGIC_IFNET); + COUNTER_INC(ifnet_relabel); +} + COUNTER_DECL(inpcb_check_deliver); static int test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, @@ -1391,188 +483,131 @@ test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, return (0); } -COUNTER_DECL(sysvmsq_check_msgmsq); -static int -test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, - struct label *msglabel, struct msqid_kernel *msqkptr, - struct label *msqklabel) +COUNTER_DECL(inpcb_create); +static void +test_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgmsq); - - return (0); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(inplabel, MAGIC_INPCB); + COUNTER_INC(inpcb_create); } -COUNTER_DECL(sysvmsq_check_msgrcv); -static int -test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +COUNTER_DECL(inpcb_create_mbuf); +static void +test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgrcv); + LABEL_CHECK(inplabel, MAGIC_INPCB); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(inpcb_create_mbuf); +} +COUNTER_DECL(inpcb_destroy_label); +static void +test_inpcb_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_INPCB); + COUNTER_INC(inpcb_destroy_label); +} + +COUNTER_DECL(inpcb_init_label); +static int +test_inpcb_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_inpcb_init_label() at %s:%d", __FILE__, + __LINE__); + + LABEL_INIT(label, MAGIC_INPCB); + COUNTER_INC(inpcb_init_label); return (0); } -COUNTER_DECL(sysvmsq_check_msgrmid); -static int -test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +COUNTER_DECL(inpcb_sosetlabel); +static void +test_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgrmid); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(inplabel, MAGIC_INPCB); + COUNTER_INC(inpcb_sosetlabel); +} +COUNTER_DECL(ipq_create); +static void +test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) +{ + + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_create); +} + +COUNTER_DECL(ipq_destroy_label); +static void +test_ipq_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_IPQ); + COUNTER_INC(ipq_destroy_label); +} + +COUNTER_DECL(ipq_init_label); +static int +test_ipq_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_ipq_init_label() at %s:%d", __FILE__, + __LINE__); + + LABEL_INIT(label, MAGIC_IPQ); + COUNTER_INC(ipq_init_label); return (0); } -COUNTER_DECL(sysvmsq_check_msqget); +COUNTER_DECL(ipq_match); static int -test_sysvmsq_check_msqget(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqget); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_match); - return (0); + return (1); } -COUNTER_DECL(sysvmsq_check_msqsnd); -static int -test_sysvmsq_check_msqsnd(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +COUNTER_DECL(ipq_reassemble); +static void +test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *datagram, struct label *datagramlabel) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqsnd); - - return (0); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(datagramlabel, MAGIC_MBUF); + COUNTER_INC(ipq_reassemble); } -COUNTER_DECL(sysvmsq_check_msqrcv); -static int -test_sysvmsq_check_msqrcv(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +COUNTER_DECL(ipq_update); +static void +test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqrcv); - - return (0); -} - -COUNTER_DECL(sysvmsq_check_msqctl); -static int -test_sysvmsq_check_msqctl(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) -{ - - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqctl); - - return (0); -} - -COUNTER_DECL(sysvsem_check_semctl); -static int -test_sysvsem_check_semctl(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel, int cmd) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semctl); - - return (0); -} - -COUNTER_DECL(sysvsem_check_semget); -static int -test_sysvsem_check_semget(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semget); - - return (0); -} - -COUNTER_DECL(sysvsem_check_semop); -static int -test_sysvsem_check_semop(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semop); - - return (0); -} - -COUNTER_DECL(sysvshm_check_shmat); -static int -test_sysvshm_check_shmat(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmat); - - return (0); -} - -COUNTER_DECL(sysvshm_check_shmctl); -static int -test_sysvshm_check_shmctl(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmctl); - - return (0); -} - -COUNTER_DECL(sysvshm_check_shmdt); -static int -test_sysvshm_check_shmdt(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmdt); - - return (0); -} - -COUNTER_DECL(sysvshm_check_shmget); -static int -test_sysvshm_check_shmget(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmget); - - return (0); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_update); } COUNTER_DECL(kenv_check_dump); @@ -1643,6 +678,48 @@ test_kld_check_stat(struct ucred *cred) return (0); } +COUNTER_DECL(mbuf_copy_label); +static void +test_mbuf_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_MBUF); + LABEL_CHECK(dest, MAGIC_MBUF); + COUNTER_INC(mbuf_copy_label); +} + +COUNTER_DECL(mbuf_destroy_label); +static void +test_mbuf_destroy_label(struct label *label) +{ + + /* + * If we're loaded dynamically, there may be mbufs in flight that + * didn't have label storage allocated for them. Handle this + * gracefully. + */ + if (label == NULL) + return; + + LABEL_DESTROY(label, MAGIC_MBUF); + COUNTER_INC(mbuf_destroy_label); +} + +COUNTER_DECL(mbuf_init_label); +static int +test_mbuf_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_mbuf_init_label() at %s:%d", __FILE__, + __LINE__); + + LABEL_INIT(label, MAGIC_MBUF); + COUNTER_INC(mbuf_init_label); + return (0); +} + COUNTER_DECL(mount_check_stat); static int test_mount_check_stat(struct ucred *cred, struct mount *mp, @@ -1656,6 +733,119 @@ test_mount_check_stat(struct ucred *cred, struct mount *mp, return (0); } +COUNTER_DECL(mount_create); +static void +test_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + COUNTER_INC(mount_create); +} + +COUNTER_DECL(mount_destroy_label); +static void +test_mount_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_MOUNT); + COUNTER_INC(mount_destroy_label); +} + +COUNTER_DECL(mount_init_label); +static void +test_mount_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_MOUNT); + COUNTER_INC(mount_init_label); +} + +COUNTER_DECL(netatalk_aarp_send); +static void +test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netatalk_aarp_send); +} + +COUNTER_DECL(netinet_arp_send); +static void +test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet_arp_send); +} + +COUNTER_DECL(netinet_fragment); +static void +test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, + struct mbuf *fragment, struct label *fragmentlabel) +{ + + LABEL_CHECK(datagramlabel, MAGIC_MBUF); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + COUNTER_INC(netinet_fragment); +} + +COUNTER_DECL(netinet_icmp_reply); +static void +test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + + LABEL_CHECK(mrecvlabel, MAGIC_MBUF); + LABEL_CHECK(msendlabel, MAGIC_MBUF); + COUNTER_INC(netinet_icmp_reply); +} + +COUNTER_DECL(netinet_icmp_replyinplace); +static void +test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +{ + + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(netinet_icmp_replyinplace); +} + +COUNTER_DECL(netinet_igmp_send); +static void +test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet_igmp_send); +} + +COUNTER_DECL(netinet_tcp_reply); +static void +test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) +{ + + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(netinet_tcp_reply); +} + +COUNTER_DECL(netinet6_nd6_send); +static void +test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet6_nd6_send); +} + COUNTER_DECL(pipe_check_ioctl); static int test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, @@ -1735,6 +925,69 @@ test_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } +COUNTER_DECL(pipe_copy_label); +static void +test_pipe_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_PIPE); + LABEL_CHECK(dest, MAGIC_PIPE); + COUNTER_INC(pipe_copy_label); +} + +COUNTER_DECL(pipe_create); +static void +test_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_create); +} + +COUNTER_DECL(pipe_destroy_label); +static void +test_pipe_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_PIPE); + COUNTER_INC(pipe_destroy_label); +} + +COUNTER_DECL(pipe_externalize_label); +static int +test_pipe_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_PIPE); + COUNTER_INC(pipe_externalize_label); + + return (0); +} + +COUNTER_DECL(pipe_init_label); +static void +test_pipe_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_PIPE); + COUNTER_INC(pipe_init_label); +} + +COUNTER_DECL(pipe_relabel); +static void +test_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel, struct label *newlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + LABEL_CHECK(newlabel, MAGIC_PIPE); + COUNTER_INC(pipe_relabel); +} + COUNTER_DECL(posixsem_check_destroy); static int test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, @@ -1813,6 +1066,35 @@ test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, return (0); } +COUNTER_DECL(posixsem_create); +static void +test_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_create); +} + +COUNTER_DECL(posixsem_destroy_label); +static void +test_posixsem_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_destroy_label); +} + +COUNTER_DECL(posixsem_init_label); +static void +test_posixsem_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_init_label); +} + COUNTER_DECL(proc_check_debug); static int test_proc_check_debug(struct ucred *cred, struct proc *p) @@ -1883,13 +1165,13 @@ test_proc_check_setauid(struct ucred *cred, uid_t auid) return (0); } -COUNTER_DECL(proc_check_setuid); +COUNTER_DECL(proc_check_setegid); static int -test_proc_check_setuid(struct ucred *cred, uid_t uid) +test_proc_check_setegid(struct ucred *cred, gid_t egid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setuid); + COUNTER_INC(proc_check_setegid); return (0); } @@ -1905,6 +1187,28 @@ test_proc_check_seteuid(struct ucred *cred, uid_t euid) return (0); } +COUNTER_DECL(proc_check_setregid); +static int +test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_setregid); + + return (0); +} + +COUNTER_DECL(proc_check_setreuid); +static int +test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_setreuid); + + return (0); +} + COUNTER_DECL(proc_check_setgid); static int test_proc_check_setgid(struct ucred *cred, gid_t gid) @@ -1916,17 +1220,6 @@ test_proc_check_setgid(struct ucred *cred, gid_t gid) return (0); } -COUNTER_DECL(proc_check_setegid); -static int -test_proc_check_setegid(struct ucred *cred, gid_t egid) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setegid); - - return (0); -} - COUNTER_DECL(proc_check_setgroups); static int test_proc_check_setgroups(struct ucred *cred, int ngroups, @@ -1939,24 +1232,14 @@ test_proc_check_setgroups(struct ucred *cred, int ngroups, return (0); } -COUNTER_DECL(proc_check_setreuid); +COUNTER_DECL(proc_check_setresgid); static int -test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setreuid); - - return (0); -} - -COUNTER_DECL(proc_check_setregid); -static int -test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setregid); + COUNTER_INC(proc_check_setresgid); return (0); } @@ -1973,14 +1256,13 @@ test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, return (0); } -COUNTER_DECL(proc_check_setresgid); +COUNTER_DECL(proc_check_setuid); static int -test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, - gid_t sgid) +test_proc_check_setuid(struct ucred *cred, uid_t uid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setresgid); + COUNTER_INC(proc_check_setuid); return (0); } @@ -1997,6 +1279,42 @@ test_proc_check_wait(struct ucred *cred, struct proc *p) return (0); } +COUNTER_DECL(proc_create_init); +static void +test_proc_create_init(struct ucred *cred) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_create_init); +} + +COUNTER_DECL(proc_create_swapper); +static void +test_proc_create_swapper(struct ucred *cred) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_create_swapper); +} + +COUNTER_DECL(proc_destroy_label); +static void +test_proc_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_PROC); + COUNTER_INC(proc_destroy_label); +} + +COUNTER_DECL(proc_init_label); +static void +test_proc_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_PROC); + COUNTER_INC(proc_init_label); +} + COUNTER_DECL(socket_check_accept); static int test_socket_check_accept(struct ucred *cred, struct socket *so, @@ -2141,6 +1459,199 @@ test_socket_check_visible(struct ucred *cred, struct socket *so, return (0); } +COUNTER_DECL(socket_copy_label); +static void +test_socket_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_SOCKET); + LABEL_CHECK(dest, MAGIC_SOCKET); + COUNTER_INC(socket_copy_label); +} + +COUNTER_DECL(socket_create); +static void +test_socket_create(struct ucred *cred, struct socket *socket, + struct label *socketlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(socketlabel, MAGIC_SOCKET); + COUNTER_INC(socket_create); +} + +COUNTER_DECL(socket_create_mbuf); +static void +test_socket_create_mbuf(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) +{ + + LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(socket_create_mbuf); +} + +COUNTER_DECL(socket_destroy_label); +static void +test_socket_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SOCKET); + COUNTER_INC(socket_destroy_label); +} + +COUNTER_DECL(socket_externalize_label); +static int +test_socket_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socket_externalize_label); + + return (0); +} + +COUNTER_DECL(socket_init_label); +static int +test_socket_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_socket_init_label() at %s:%d", __FILE__, + __LINE__); + + LABEL_INIT(label, MAGIC_SOCKET); + COUNTER_INC(socket_init_label); + return (0); +} + +COUNTER_DECL(socket_newconn); +static void +test_socket_newconn(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketlabel) +{ + + LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); + LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); + COUNTER_INC(socket_newconn); +} + +COUNTER_DECL(socket_relabel); +static void +test_socket_relabel(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct label *newlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(newlabel, MAGIC_SOCKET); + COUNTER_INC(socket_relabel); +} + +COUNTER_DECL(socketpeer_destroy_label); +static void +test_socketpeer_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_destroy_label); +} + +COUNTER_DECL(socketpeer_externalize_label); +static int +test_socketpeer_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_externalize_label); + + return (0); +} + +COUNTER_DECL(socketpeer_init_label); +static int +test_socketpeer_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_socketpeer_init_label() at %s:%d", __FILE__, + __LINE__); + + LABEL_INIT(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_init_label); + return (0); +} + +COUNTER_DECL(socketpeer_set_from_mbuf); +static void +test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, + struct socket *socket, struct label *socketpeerlabel) +{ + + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); + COUNTER_INC(socketpeer_set_from_mbuf); +} + +COUNTER_DECL(socketpeer_set_from_socket); +static void +test_socketpeer_set_from_socket(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketpeerlabel) +{ + + LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); + LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); + COUNTER_INC(socketpeer_set_from_socket); +} + +COUNTER_DECL(syncache_create); +static void +test_syncache_create(struct label *label, struct inpcb *inp) +{ + + LABEL_CHECK(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_create); +} + +COUNTER_DECL(syncache_create_mbuf); +static void +test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + + LABEL_CHECK(sc_label, MAGIC_SYNCACHE); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(syncache_create_mbuf); +} + +COUNTER_DECL(syncache_destroy_label); +static void +test_syncache_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_destroy_label); +} + +COUNTER_DECL(syncache_init_label); +static int +test_syncache_init_label(struct label *label, int flag) +{ + + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_syncache_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_init_label); + return (0); +} + COUNTER_DECL(system_check_acct); static int test_system_check_acct(struct ucred *cred, struct vnode *vp, @@ -2238,6 +1749,367 @@ test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, return (0); } +COUNTER_DECL(sysvmsg_cleanup); +static void +test_sysvmsg_cleanup(struct label *msglabel) +{ + + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_cleanup); +} + +COUNTER_DECL(sysvmsg_create); +static void +test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsg_create); +} + +COUNTER_DECL(sysvmsg_destroy_label); +static void +test_sysvmsg_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_destroy_label); +} + +COUNTER_DECL(sysvmsg_init_label); +static void +test_sysvmsg_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_init_label); +} + +COUNTER_DECL(sysvmsq_check_msgmsq); +static int +test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) +{ + + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msgmsq); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msgrcv); +static int +test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msgrcv); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msgrmid); +static int +test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) +{ + + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msgrmid); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msqget); +static int +test_sysvmsq_check_msqget(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) +{ + + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msqget); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msqsnd); +static int +test_sysvmsq_check_msqsnd(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) +{ + + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msqsnd); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msqrcv); +static int +test_sysvmsq_check_msqrcv(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) +{ + + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msqrcv); + + return (0); +} + +COUNTER_DECL(sysvmsq_check_msqctl); +static int +test_sysvmsq_check_msqctl(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) +{ + + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msqctl); + + return (0); +} + +COUNTER_DECL(sysvmsq_cleanup); +static void +test_sysvmsq_cleanup(struct label *msqlabel) +{ + + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_cleanup); +} + +COUNTER_DECL(sysvmsq_create); +static void +test_sysvmsq_create(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel) +{ + + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_create); +} + +COUNTER_DECL(sysvmsq_destroy_label); +static void +test_sysvmsq_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_destroy_label); +} + +COUNTER_DECL(sysvmsq_init_label); +static void +test_sysvmsq_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_init_label); +} + +COUNTER_DECL(sysvsem_check_semctl); +static int +test_sysvsem_check_semctl(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, int cmd) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semctl); + + return (0); +} + +COUNTER_DECL(sysvsem_check_semget); +static int +test_sysvsem_check_semget(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semget); + + return (0); +} + +COUNTER_DECL(sysvsem_check_semop); +static int +test_sysvsem_check_semop(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semop); + + return (0); +} + +COUNTER_DECL(sysvsem_cleanup); +static void +test_sysvsem_cleanup(struct label *semalabel) +{ + + LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_cleanup); +} + +COUNTER_DECL(sysvsem_create); +static void +test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + + LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_create); +} + +COUNTER_DECL(sysvsem_destroy_label); +static void +test_sysvsem_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_destroy_label); +} + +COUNTER_DECL(sysvsem_init_label); +static void +test_sysvsem_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_init_label); +} + +COUNTER_DECL(sysvshm_check_shmat); +static int +test_sysvshm_check_shmat(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmat); + + return (0); +} + +COUNTER_DECL(sysvshm_check_shmctl); +static int +test_sysvshm_check_shmctl(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmctl); + + return (0); +} + +COUNTER_DECL(sysvshm_check_shmdt); +static int +test_sysvshm_check_shmdt(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmdt); + + return (0); +} + +COUNTER_DECL(sysvshm_check_shmget); +static int +test_sysvshm_check_shmget(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmget); + + return (0); +} + +COUNTER_DECL(sysvshm_cleanup); +static void +test_sysvshm_cleanup(struct label *shmlabel) +{ + + LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_cleanup); +} + +COUNTER_DECL(sysvshm_create); +static void +test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + + LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_create); +} + +COUNTER_DECL(sysvshm_destroy_label); +static void +test_sysvshm_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_destroy_label); +} + +COUNTER_DECL(sysvshm_init_label); +static void +test_sysvshm_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_init_label); +} + +COUNTER_DECL(thread_userret); +static void +test_thread_userret(struct thread *td) +{ + + COUNTER_INC(thread_userret); +} + +COUNTER_DECL(vnode_associate_extattr); +static int +test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(vnode_associate_extattr); + + return (0); +} + +COUNTER_DECL(vnode_associate_singlelabel); +static void +test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(vnode_associate_singlelabel); +} + COUNTER_DECL(vnode_check_access); static int test_vnode_check_access(struct ucred *cred, struct vnode *vp, @@ -2662,176 +2534,257 @@ test_vnode_check_write(struct ucred *active_cred, return (0); } +COUNTER_DECL(vnode_copy_label); +static void +test_vnode_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_VNODE); + LABEL_CHECK(dest, MAGIC_VNODE); + COUNTER_INC(vnode_copy_label); +} + +COUNTER_DECL(vnode_create_extattr); +static int +test_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + COUNTER_INC(vnode_create_extattr); + + return (0); +} + +COUNTER_DECL(vnode_destroy_label); +static void +test_vnode_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_VNODE); + COUNTER_INC(vnode_destroy_label); +} + +COUNTER_DECL(vnode_execve_transition); +static void +test_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *filelabel, + struct label *interpvplabel, struct image_params *imgp, + struct label *execlabel) +{ + + LABEL_CHECK(old->cr_label, MAGIC_CRED); + LABEL_CHECK(new->cr_label, MAGIC_CRED); + LABEL_CHECK(filelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); + LABEL_CHECK(execlabel, MAGIC_CRED); + COUNTER_INC(vnode_execve_transition); +} + +COUNTER_DECL(vnode_execve_will_transition); +static int +test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *filelabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + + LABEL_CHECK(old->cr_label, MAGIC_CRED); + LABEL_CHECK(filelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); + LABEL_CHECK(execlabel, MAGIC_CRED); + COUNTER_INC(vnode_execve_will_transition); + + return (0); +} + +COUNTER_DECL(vnode_externalize_label); +static int +test_vnode_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_externalize_label); + + return (0); +} + +COUNTER_DECL(vnode_init_label); +static void +test_vnode_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_VNODE); + COUNTER_INC(vnode_init_label); +} + +COUNTER_DECL(vnode_relabel); +static void +test_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(vplabel, MAGIC_VNODE); + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_relabel); +} + +COUNTER_DECL(vnode_setlabel_extattr); +static int +test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(vplabel, MAGIC_VNODE); + LABEL_CHECK(intlabel, MAGIC_VNODE); + COUNTER_INC(vnode_setlabel_extattr); + + return (0); +} + static struct mac_policy_ops test_ops = { - .mpo_bpfdesc_init_label = test_bpfdesc_init_label, - .mpo_cred_init_label = test_cred_init_label, - .mpo_devfs_init_label = test_devfs_init_label, - .mpo_ifnet_init_label = test_ifnet_init_label, - .mpo_syncache_init_label = test_syncache_init_label, - .mpo_sysvmsg_init_label = test_sysvmsg_init_label, - .mpo_sysvmsq_init_label = test_sysvmsq_init_label, - .mpo_sysvsem_init_label = test_sysvsem_init_label, - .mpo_sysvshm_init_label = test_sysvshm_init_label, - .mpo_inpcb_init_label = test_inpcb_init_label, - .mpo_ipq_init_label = test_ipq_init_label, - .mpo_mbuf_init_label = test_mbuf_init_label, - .mpo_mount_init_label = test_mount_init_label, - .mpo_pipe_init_label = test_pipe_init_label, - .mpo_posixsem_init_label = test_posixsem_init_label, - .mpo_proc_init_label = test_proc_init_label, - .mpo_socket_init_label = test_socket_init_label, - .mpo_socketpeer_init_label = test_socketpeer_init_label, - .mpo_vnode_init_label = test_vnode_init_label, + .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, + .mpo_bpfdesc_create = test_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, - .mpo_cred_destroy_label = test_cred_destroy_label, - .mpo_devfs_destroy_label = test_devfs_destroy_label, - .mpo_ifnet_destroy_label = test_ifnet_destroy_label, - .mpo_syncache_destroy_label = test_syncache_destroy_label, - .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, - .mpo_sysvmsq_destroy_label = - test_sysvmsq_destroy_label, - .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, - .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, - .mpo_inpcb_destroy_label = test_inpcb_destroy_label, - .mpo_ipq_destroy_label = test_ipq_destroy_label, - .mpo_mbuf_destroy_label = test_mbuf_destroy_label, - .mpo_mount_destroy_label = test_mount_destroy_label, - .mpo_pipe_destroy_label = test_pipe_destroy_label, - .mpo_posixsem_destroy_label = test_posixsem_destroy_label, - .mpo_proc_destroy_label = test_proc_destroy_label, - .mpo_socket_destroy_label = test_socket_destroy_label, - .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, - .mpo_vnode_destroy_label = test_vnode_destroy_label, + .mpo_bpfdesc_init_label = test_bpfdesc_init_label, + + .mpo_cred_check_relabel = test_cred_check_relabel, + .mpo_cred_check_visible = test_cred_check_visible, .mpo_cred_copy_label = test_cred_copy_label, - .mpo_ifnet_copy_label = test_ifnet_copy_label, - .mpo_mbuf_copy_label = test_mbuf_copy_label, - .mpo_pipe_copy_label = test_pipe_copy_label, - .mpo_socket_copy_label = test_socket_copy_label, - .mpo_vnode_copy_label = test_vnode_copy_label, + .mpo_cred_destroy_label = test_cred_destroy_label, .mpo_cred_externalize_label = test_cred_externalize_label, - .mpo_ifnet_externalize_label = test_ifnet_externalize_label, - .mpo_pipe_externalize_label = test_pipe_externalize_label, - .mpo_socket_externalize_label = test_socket_externalize_label, - .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, - .mpo_vnode_externalize_label = test_vnode_externalize_label, + .mpo_cred_init_label = test_cred_init_label, .mpo_cred_internalize_label = test_internalize_label, - .mpo_ifnet_internalize_label = test_internalize_label, - .mpo_pipe_internalize_label = test_internalize_label, - .mpo_socket_internalize_label = test_internalize_label, - .mpo_vnode_internalize_label = test_internalize_label, - .mpo_devfs_vnode_associate = test_devfs_vnode_associate, - .mpo_vnode_associate_extattr = test_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, + .mpo_cred_relabel = test_cred_relabel, + .mpo_devfs_create_device = test_devfs_create_device, .mpo_devfs_create_directory = test_devfs_create_directory, .mpo_devfs_create_symlink = test_devfs_create_symlink, - .mpo_vnode_create_extattr = test_vnode_create_extattr, - .mpo_mount_create = test_mount_create, - .mpo_vnode_relabel = test_vnode_relabel, - .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, + .mpo_devfs_destroy_label = test_devfs_destroy_label, + .mpo_devfs_init_label = test_devfs_init_label, .mpo_devfs_update = test_devfs_update, - .mpo_socket_create_mbuf = test_socket_create_mbuf, - .mpo_pipe_create = test_pipe_create, - .mpo_posixsem_create = test_posixsem_create, - .mpo_socket_create = test_socket_create, - .mpo_socket_newconn = test_socket_newconn, - .mpo_pipe_relabel = test_pipe_relabel, - .mpo_socket_relabel = test_socket_relabel, - .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, - .mpo_bpfdesc_create = test_bpfdesc_create, - .mpo_ifnet_create = test_ifnet_create, - .mpo_inpcb_create = test_inpcb_create, - .mpo_syncache_create = test_syncache_create, - .mpo_syncache_create_mbuf = test_syncache_create_mbuf, - .mpo_sysvmsg_create = test_sysvmsg_create, - .mpo_sysvmsq_create = test_sysvmsq_create, - .mpo_sysvsem_create = test_sysvsem_create, - .mpo_sysvshm_create = test_sysvshm_create, - .mpo_ipq_reassemble = test_ipq_reassemble, - .mpo_netinet_fragment = test_netinet_fragment, - .mpo_ipq_create = test_ipq_create, - .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, - .mpo_ipq_match = test_ipq_match, - .mpo_netatalk_aarp_send = test_netatalk_aarp_send, - .mpo_netinet_arp_send = test_netinet_arp_send, - .mpo_netinet_icmp_reply = test_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, - .mpo_netinet_igmp_send = test_netinet_igmp_send, - .mpo_netinet_tcp_reply = test_netinet_tcp_reply, - .mpo_netinet6_nd6_send = test_netinet6_nd6_send, - .mpo_ifnet_relabel = test_ifnet_relabel, - .mpo_ipq_update = test_ipq_update, - .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, - .mpo_vnode_execve_transition = test_vnode_execve_transition, - .mpo_vnode_execve_will_transition = - test_vnode_execve_will_transition, - .mpo_proc_create_swapper = test_proc_create_swapper, - .mpo_proc_create_init = test_proc_create_init, - .mpo_cred_relabel = test_cred_relabel, - .mpo_thread_userret = test_thread_userret, - .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = test_sysvsem_cleanup, - .mpo_sysvshm_cleanup = test_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, - .mpo_cred_check_relabel = test_cred_check_relabel, - .mpo_cred_check_visible = test_cred_check_visible, + .mpo_devfs_vnode_associate = test_devfs_vnode_associate, + .mpo_ifnet_check_relabel = test_ifnet_check_relabel, .mpo_ifnet_check_transmit = test_ifnet_check_transmit, + .mpo_ifnet_copy_label = test_ifnet_copy_label, + .mpo_ifnet_create = test_ifnet_create, + .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = test_ifnet_destroy_label, + .mpo_ifnet_externalize_label = test_ifnet_externalize_label, + .mpo_ifnet_init_label = test_ifnet_init_label, + .mpo_ifnet_internalize_label = test_internalize_label, + .mpo_ifnet_relabel = test_ifnet_relabel, + + .mpo_syncache_destroy_label = test_syncache_destroy_label, + .mpo_syncache_init_label = test_syncache_init_label, + + .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, + .mpo_sysvmsg_init_label = test_sysvmsg_init_label, + + .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, + .mpo_sysvmsq_init_label = test_sysvmsq_init_label, + + .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, + .mpo_sysvsem_init_label = test_sysvsem_init_label, + + .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, + .mpo_sysvshm_init_label = test_sysvshm_init_label, + .mpo_inpcb_check_deliver = test_inpcb_check_deliver, - .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, - .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = test_sysvsem_check_semget, - .mpo_sysvsem_check_semop = test_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, - .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, + .mpo_inpcb_create = test_inpcb_create, + .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, + .mpo_inpcb_destroy_label = test_inpcb_destroy_label, + .mpo_inpcb_init_label = test_inpcb_init_label, + .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, + + .mpo_ipq_create = test_ipq_create, + .mpo_ipq_destroy_label = test_ipq_destroy_label, + .mpo_ipq_init_label = test_ipq_init_label, + .mpo_ipq_match = test_ipq_match, + .mpo_ipq_reassemble = test_ipq_reassemble, + .mpo_ipq_update = test_ipq_update, + .mpo_kenv_check_dump = test_kenv_check_dump, .mpo_kenv_check_get = test_kenv_check_get, .mpo_kenv_check_set = test_kenv_check_set, .mpo_kenv_check_unset = test_kenv_check_unset, + .mpo_kld_check_load = test_kld_check_load, .mpo_kld_check_stat = test_kld_check_stat, + + .mpo_mbuf_copy_label = test_mbuf_copy_label, + .mpo_mbuf_destroy_label = test_mbuf_destroy_label, + .mpo_mbuf_init_label = test_mbuf_init_label, + .mpo_mount_check_stat = test_mount_check_stat, + .mpo_mount_create = test_mount_create, + .mpo_mount_destroy_label = test_mount_destroy_label, + .mpo_mount_init_label = test_mount_init_label, + + .mpo_netatalk_aarp_send = test_netatalk_aarp_send, + + .mpo_netinet_arp_send = test_netinet_arp_send, + .mpo_netinet_fragment = test_netinet_fragment, + .mpo_netinet_icmp_reply = test_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, + .mpo_netinet_igmp_send = test_netinet_igmp_send, + .mpo_netinet_tcp_reply = test_netinet_tcp_reply, + + .mpo_netinet6_nd6_send = test_netinet6_nd6_send, + .mpo_pipe_check_ioctl = test_pipe_check_ioctl, .mpo_pipe_check_poll = test_pipe_check_poll, .mpo_pipe_check_read = test_pipe_check_read, .mpo_pipe_check_relabel = test_pipe_check_relabel, .mpo_pipe_check_stat = test_pipe_check_stat, .mpo_pipe_check_write = test_pipe_check_write, + .mpo_pipe_copy_label = test_pipe_copy_label, + .mpo_pipe_create = test_pipe_create, + .mpo_pipe_destroy_label = test_pipe_destroy_label, + .mpo_pipe_externalize_label = test_pipe_externalize_label, + .mpo_pipe_init_label = test_pipe_init_label, + .mpo_pipe_internalize_label = test_internalize_label, + .mpo_pipe_relabel = test_pipe_relabel, + .mpo_posixsem_check_destroy = test_posixsem_check_destroy, .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, .mpo_posixsem_check_open = test_posixsem_check_open, .mpo_posixsem_check_post = test_posixsem_check_post, .mpo_posixsem_check_unlink = test_posixsem_check_unlink, .mpo_posixsem_check_wait = test_posixsem_check_wait, + .mpo_posixsem_create = test_posixsem_create, + .mpo_posixsem_destroy_label = test_posixsem_destroy_label, + .mpo_posixsem_init_label = test_posixsem_init_label, + .mpo_proc_check_debug = test_proc_check_debug, .mpo_proc_check_sched = test_proc_check_sched, .mpo_proc_check_setaudit = test_proc_check_setaudit, .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, .mpo_proc_check_setauid = test_proc_check_setauid, - .mpo_proc_check_setuid = test_proc_check_setuid, .mpo_proc_check_seteuid = test_proc_check_seteuid, - .mpo_proc_check_setgid = test_proc_check_setgid, .mpo_proc_check_setegid = test_proc_check_setegid, + .mpo_proc_check_setgid = test_proc_check_setgid, .mpo_proc_check_setgroups = test_proc_check_setgroups, - .mpo_proc_check_setreuid = test_proc_check_setreuid, .mpo_proc_check_setregid = test_proc_check_setregid, - .mpo_proc_check_setresuid = test_proc_check_setresuid, .mpo_proc_check_setresgid = test_proc_check_setresgid, + .mpo_proc_check_setresuid = test_proc_check_setresuid, + .mpo_proc_check_setreuid = test_proc_check_setreuid, + .mpo_proc_check_setuid = test_proc_check_setuid, .mpo_proc_check_signal = test_proc_check_signal, .mpo_proc_check_wait = test_proc_check_wait, + .mpo_proc_create_init = test_proc_create_init, + .mpo_proc_create_swapper = test_proc_create_swapper, + .mpo_proc_destroy_label = test_proc_destroy_label, + .mpo_proc_init_label = test_proc_init_label, + .mpo_socket_check_accept = test_socket_check_accept, .mpo_socket_check_bind = test_socket_check_bind, .mpo_socket_check_connect = test_socket_check_connect, @@ -2843,6 +2796,25 @@ static struct mac_policy_ops test_ops = .mpo_socket_check_send = test_socket_check_send, .mpo_socket_check_stat = test_socket_check_stat, .mpo_socket_check_visible = test_socket_check_visible, + .mpo_socket_copy_label = test_socket_copy_label, + .mpo_socket_create = test_socket_create, + .mpo_socket_create_mbuf = test_socket_create_mbuf, + .mpo_socket_destroy_label = test_socket_destroy_label, + .mpo_socket_externalize_label = test_socket_externalize_label, + .mpo_socket_init_label = test_socket_init_label, + .mpo_socket_internalize_label = test_internalize_label, + .mpo_socket_newconn = test_socket_newconn, + .mpo_socket_relabel = test_socket_relabel, + + .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, + .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, + .mpo_socketpeer_init_label = test_socketpeer_init_label, + .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, + + .mpo_syncache_create = test_syncache_create, + .mpo_syncache_create_mbuf = test_syncache_create_mbuf, + .mpo_system_check_acct = test_system_check_acct, .mpo_system_check_audit = test_system_check_audit, .mpo_system_check_auditctl = test_system_check_auditctl, @@ -2851,7 +2823,38 @@ static struct mac_policy_ops test_ops = .mpo_system_check_swapoff = test_system_check_swapoff, .mpo_system_check_swapon = test_system_check_swapon, .mpo_system_check_sysctl = test_system_check_sysctl, + .mpo_vnode_check_access = test_vnode_check_access, + .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, + .mpo_sysvmsg_create = test_sysvmsg_create, + + .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, + .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, + .mpo_sysvmsq_create = test_sysvmsq_create, + + .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = test_sysvsem_check_semget, + .mpo_sysvsem_check_semop = test_sysvsem_check_semop, + .mpo_sysvsem_cleanup = test_sysvsem_cleanup, + .mpo_sysvsem_create = test_sysvsem_create, + + .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, + .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = test_sysvshm_cleanup, + .mpo_sysvshm_create = test_sysvshm_create, + + .mpo_thread_userret = test_thread_userret, + + .mpo_vnode_associate_extattr = test_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, .mpo_vnode_check_chdir = test_vnode_check_chdir, .mpo_vnode_check_chroot = test_vnode_check_chroot, .mpo_vnode_check_create = test_vnode_check_create, @@ -2882,6 +2885,16 @@ static struct mac_policy_ops test_ops = .mpo_vnode_check_stat = test_vnode_check_stat, .mpo_vnode_check_unlink = test_vnode_check_unlink, .mpo_vnode_check_write = test_vnode_check_write, + .mpo_vnode_copy_label = test_vnode_copy_label, + .mpo_vnode_create_extattr = test_vnode_create_extattr, + .mpo_vnode_destroy_label = test_vnode_destroy_label, + .mpo_vnode_execve_transition = test_vnode_execve_transition, + .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, + .mpo_vnode_externalize_label = test_vnode_externalize_label, + .mpo_vnode_init_label = test_vnode_init_label, + .mpo_vnode_internalize_label = test_internalize_label, + .mpo_vnode_relabel = test_vnode_relabel, + .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, }; MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",