From 42726d8ae85552af3ecb8f23c1836c4ec33ef4f2 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 17 Nov 2004 13:10:16 +0000 Subject: [PATCH] Define new MAC framework and policy entry points for System V IPC objects and operations: - System V IPC message, message queue, semaphore, and shared memory segment init, destroy, cleanup, create operations. - System V IPC message, message queue, seamphore, and shared memory segment access control entry points, including rights to attach, destroy, and manipulate these IPC objects. Submitted by: Dandekar Hrishikesh Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research --- sys/security/mac/mac_framework.h | 64 +++++++++++++++++++++++++++++++ sys/security/mac/mac_policy.h | 66 +++++++++++++++++++++++++++++++- sys/sys/mac.h | 64 +++++++++++++++++++++++++++++++ sys/sys/mac_policy.h | 66 +++++++++++++++++++++++++++++++- 4 files changed, 258 insertions(+), 2 deletions(-) diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 172c8c2eb21e..b7d08f5cdd60 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -118,7 +118,11 @@ struct ipq; struct m_tag; struct mbuf; struct mount; +struct msg; +struct msqid_kernel; struct proc; +struct semid_kernel; +struct shmid_kernel; struct sockaddr; struct socket; struct sysctl_oid; @@ -143,6 +147,10 @@ void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); void mac_init_ifnet(struct ifnet *); int mac_init_inpcb(struct inpcb *, int flag); +void mac_init_sysv_msgmsg(struct msg *); +void mac_init_sysv_msgqueue(struct msqid_kernel*); +void mac_init_sysv_sema(struct semid_kernel*); +void mac_init_sysv_shm(struct shmid_kernel*); int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); void mac_init_pipe(struct pipepair *); @@ -158,6 +166,10 @@ void mac_destroy_cred(struct ucred *); void mac_destroy_devfsdirent(struct devfs_dirent *); void mac_destroy_ifnet(struct ifnet *); void mac_destroy_inpcb(struct inpcb *); +void mac_destroy_sysv_msgmsg(struct msg *); +void mac_destroy_sysv_msgqueue(struct msqid_kernel *); +void mac_destroy_sysv_sema(struct semid_kernel *); +void mac_destroy_sysv_shm(struct shmid_kernel *); void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipepair *); @@ -207,6 +219,18 @@ void mac_set_socket_peer_from_socket(struct socket *oldsocket, struct socket *newsocket); void mac_create_pipe(struct ucred *cred, struct pipepair *pp); +/* + * Labeling event operations: System V IPC primitives + */ +void mac_create_sysv_msgmsg(struct ucred *cred, + struct msqid_kernel *msqkptr, struct msg *msgptr); +void mac_create_sysv_msgqueue(struct ucred *cred, + struct msqid_kernel *msqkptr); +void mac_create_sysv_sema(struct ucred *cred, + struct semid_kernel *semakptr); +void mac_create_sysv_shm(struct ucred *cred, + struct shmid_kernel *shmsegptr); + /* * Labeling event operations: network objects. */ @@ -245,11 +269,51 @@ void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); +/* + * Label cleanup operation: This is the inverse complement for the + * mac_create and associate type of hooks. This hook lets the policy + * module(s) perform a cleanup/flushing operation on the label + * associated with the objects, without freeing up the space allocated. + * This hook is useful in cases where it is desirable to remove any + * labeling reference when recycling any object to a pool. This hook + * does not replace the mac_destroy hooks. + */ +void mac_cleanup_sysv_msgmsg(struct msg *msgptr); +void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); +void mac_cleanup_sysv_sema(struct semid_kernel *semakptr); +void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); + /* Access control checks. */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); +int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr); +int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr); +int mac_check_sysv_msqget(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqsnd(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqrcv(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqctl(struct ucred *cred, + struct msqid_kernel *msqkptr, int cmd); +int mac_check_sysv_semctl(struct ucred *cred, + struct semid_kernel *semakptr, int cmd); +int mac_check_sysv_semget(struct ucred *cred, + struct semid_kernel *semakptr); +int mac_check_sysv_semop(struct ucred *cred,struct semid_kernel *semakptr, + size_t accesstype); +int mac_check_sysv_shmat(struct ucred *cred, + struct shmid_kernel *shmsegptr, int shmflg); +int mac_check_sysv_shmctl(struct ucred *cred, + struct shmid_kernel *shmsegptr, int cmd); +int mac_check_sysv_shmdt(struct ucred *cred, + struct shmid_kernel *shmsegptr); +int mac_check_sysv_shmget(struct ucred *cred, + struct shmid_kernel *shmsegptr, int shmflg); int mac_check_kenv_dump(struct ucred *cred); int mac_check_kenv_get(struct ucred *cred, char *name); int mac_check_kenv_set(struct ucred *cred, char *name, char *value); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 6e6bc0cbc06d..952a1ba99967 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -63,9 +63,12 @@ struct label; struct mac_policy_conf; struct mbuf; struct mount; +struct msqid_kernel; struct pipepair; struct proc; struct sbuf; +struct semid_kernel; +struct shmid_kernel; struct sockaddr; struct socket; struct sysctl_oid; @@ -100,6 +103,10 @@ struct mac_policy_ops { void (*mpo_init_devfsdirent_label)(struct label *label); void (*mpo_init_ifnet_label)(struct label *label); int (*mpo_init_inpcb_label)(struct label *label, int flag); + void (*mpo_init_sysv_msgmsg_label)(struct label *label); + void (*mpo_init_sysv_msgqueue_label)(struct label *label); + void (*mpo_init_sysv_sema_label)(struct label *label); + void (*mpo_init_sysv_shm_label)(struct label *label); int (*mpo_init_ipq_label)(struct label *label, int flag); int (*mpo_init_mbuf_label)(struct label *label, int flag); void (*mpo_init_mount_label)(struct label *label); @@ -114,6 +121,10 @@ struct mac_policy_ops { void (*mpo_destroy_devfsdirent_label)(struct label *label); void (*mpo_destroy_ifnet_label)(struct label *label); void (*mpo_destroy_inpcb_label)(struct label *label); + void (*mpo_destroy_sysv_msgmsg_label)(struct label *label); + void (*mpo_destroy_sysv_msgqueue_label)(struct label *label); + void (*mpo_destroy_sysv_sema_label)(struct label *label); + void (*mpo_destroy_sysv_shm_label)(struct label *label); void (*mpo_destroy_ipq_label)(struct label *label); void (*mpo_destroy_mbuf_label)(struct label *label); void (*mpo_destroy_mount_label)(struct label *label); @@ -123,6 +134,10 @@ struct mac_policy_ops { void (*mpo_destroy_pipe_label)(struct label *label); void (*mpo_destroy_proc_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); + void (*mpo_cleanup_sysv_msgmsg)(struct label *msglabel); + void (*mpo_cleanup_sysv_msgqueue)(struct label *msqlabel); + void (*mpo_cleanup_sysv_sema)(struct label *semalabel); + void (*mpo_cleanup_sysv_shm)(struct label *shmlabel); void (*mpo_copy_cred_label)(struct label *src, struct label *dest); void (*mpo_copy_ifnet_label)(struct label *src, @@ -224,6 +239,19 @@ struct mac_policy_ops { void (*mpo_create_pipe)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel); + /* + * Labeling event operations: System V IPC primitives. + */ + void (*mpo_create_sysv_msgmsg)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel, + struct msg *msgptr, struct label *msglabel); + void (*mpo_create_sysv_msgqueue)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel); + void (*mpo_create_sysv_sema)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semalabel); + void (*mpo_create_sysv_shm)(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmlabel); + /* * Labeling event operations: network objects. */ @@ -315,6 +343,42 @@ struct mac_policy_ops { int (*mpo_check_inpcb_deliver)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); + int (*mpo_check_sysv_msgmsq)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msgrcv)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel); + int (*mpo_check_sysv_msgrmid)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel); + int (*mpo_check_sysv_msqget)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqsnd)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqrcv)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqctl)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel, + int cmd); + int (*mpo_check_sysv_semctl)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, + int cmd); + int (*mpo_check_sysv_semget)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel); + int (*mpo_check_sysv_semop)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, + size_t accesstype); + int (*mpo_check_sysv_shmat)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg); + int (*mpo_check_sysv_shmctl)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd); + int (*mpo_check_sysv_shmdt)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel); + int (*mpo_check_sysv_shmget)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg); int (*mpo_check_kenv_dump)(struct ucred *cred); int (*mpo_check_kenv_get)(struct ucred *cred, char *name); int (*mpo_check_kenv_set)(struct ucred *cred, char *name, @@ -328,7 +392,7 @@ struct mac_policy_ops { struct label *mntlabel); int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, - unsigned long cmd, void *data); + unsigned long cmd, void *data); int (*mpo_check_pipe_poll)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel); int (*mpo_check_pipe_read)(struct ucred *cred, diff --git a/sys/sys/mac.h b/sys/sys/mac.h index 172c8c2eb21e..b7d08f5cdd60 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -118,7 +118,11 @@ struct ipq; struct m_tag; struct mbuf; struct mount; +struct msg; +struct msqid_kernel; struct proc; +struct semid_kernel; +struct shmid_kernel; struct sockaddr; struct socket; struct sysctl_oid; @@ -143,6 +147,10 @@ void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); void mac_init_ifnet(struct ifnet *); int mac_init_inpcb(struct inpcb *, int flag); +void mac_init_sysv_msgmsg(struct msg *); +void mac_init_sysv_msgqueue(struct msqid_kernel*); +void mac_init_sysv_sema(struct semid_kernel*); +void mac_init_sysv_shm(struct shmid_kernel*); int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); void mac_init_pipe(struct pipepair *); @@ -158,6 +166,10 @@ void mac_destroy_cred(struct ucred *); void mac_destroy_devfsdirent(struct devfs_dirent *); void mac_destroy_ifnet(struct ifnet *); void mac_destroy_inpcb(struct inpcb *); +void mac_destroy_sysv_msgmsg(struct msg *); +void mac_destroy_sysv_msgqueue(struct msqid_kernel *); +void mac_destroy_sysv_sema(struct semid_kernel *); +void mac_destroy_sysv_shm(struct shmid_kernel *); void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipepair *); @@ -207,6 +219,18 @@ void mac_set_socket_peer_from_socket(struct socket *oldsocket, struct socket *newsocket); void mac_create_pipe(struct ucred *cred, struct pipepair *pp); +/* + * Labeling event operations: System V IPC primitives + */ +void mac_create_sysv_msgmsg(struct ucred *cred, + struct msqid_kernel *msqkptr, struct msg *msgptr); +void mac_create_sysv_msgqueue(struct ucred *cred, + struct msqid_kernel *msqkptr); +void mac_create_sysv_sema(struct ucred *cred, + struct semid_kernel *semakptr); +void mac_create_sysv_shm(struct ucred *cred, + struct shmid_kernel *shmsegptr); + /* * Labeling event operations: network objects. */ @@ -245,11 +269,51 @@ void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); +/* + * Label cleanup operation: This is the inverse complement for the + * mac_create and associate type of hooks. This hook lets the policy + * module(s) perform a cleanup/flushing operation on the label + * associated with the objects, without freeing up the space allocated. + * This hook is useful in cases where it is desirable to remove any + * labeling reference when recycling any object to a pool. This hook + * does not replace the mac_destroy hooks. + */ +void mac_cleanup_sysv_msgmsg(struct msg *msgptr); +void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); +void mac_cleanup_sysv_sema(struct semid_kernel *semakptr); +void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); + /* Access control checks. */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); +int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr); +int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr); +int mac_check_sysv_msqget(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqsnd(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqrcv(struct ucred *cred, + struct msqid_kernel *msqkptr); +int mac_check_sysv_msqctl(struct ucred *cred, + struct msqid_kernel *msqkptr, int cmd); +int mac_check_sysv_semctl(struct ucred *cred, + struct semid_kernel *semakptr, int cmd); +int mac_check_sysv_semget(struct ucred *cred, + struct semid_kernel *semakptr); +int mac_check_sysv_semop(struct ucred *cred,struct semid_kernel *semakptr, + size_t accesstype); +int mac_check_sysv_shmat(struct ucred *cred, + struct shmid_kernel *shmsegptr, int shmflg); +int mac_check_sysv_shmctl(struct ucred *cred, + struct shmid_kernel *shmsegptr, int cmd); +int mac_check_sysv_shmdt(struct ucred *cred, + struct shmid_kernel *shmsegptr); +int mac_check_sysv_shmget(struct ucred *cred, + struct shmid_kernel *shmsegptr, int shmflg); int mac_check_kenv_dump(struct ucred *cred); int mac_check_kenv_get(struct ucred *cred, char *name); int mac_check_kenv_set(struct ucred *cred, char *name, char *value); diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index 6e6bc0cbc06d..952a1ba99967 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -63,9 +63,12 @@ struct label; struct mac_policy_conf; struct mbuf; struct mount; +struct msqid_kernel; struct pipepair; struct proc; struct sbuf; +struct semid_kernel; +struct shmid_kernel; struct sockaddr; struct socket; struct sysctl_oid; @@ -100,6 +103,10 @@ struct mac_policy_ops { void (*mpo_init_devfsdirent_label)(struct label *label); void (*mpo_init_ifnet_label)(struct label *label); int (*mpo_init_inpcb_label)(struct label *label, int flag); + void (*mpo_init_sysv_msgmsg_label)(struct label *label); + void (*mpo_init_sysv_msgqueue_label)(struct label *label); + void (*mpo_init_sysv_sema_label)(struct label *label); + void (*mpo_init_sysv_shm_label)(struct label *label); int (*mpo_init_ipq_label)(struct label *label, int flag); int (*mpo_init_mbuf_label)(struct label *label, int flag); void (*mpo_init_mount_label)(struct label *label); @@ -114,6 +121,10 @@ struct mac_policy_ops { void (*mpo_destroy_devfsdirent_label)(struct label *label); void (*mpo_destroy_ifnet_label)(struct label *label); void (*mpo_destroy_inpcb_label)(struct label *label); + void (*mpo_destroy_sysv_msgmsg_label)(struct label *label); + void (*mpo_destroy_sysv_msgqueue_label)(struct label *label); + void (*mpo_destroy_sysv_sema_label)(struct label *label); + void (*mpo_destroy_sysv_shm_label)(struct label *label); void (*mpo_destroy_ipq_label)(struct label *label); void (*mpo_destroy_mbuf_label)(struct label *label); void (*mpo_destroy_mount_label)(struct label *label); @@ -123,6 +134,10 @@ struct mac_policy_ops { void (*mpo_destroy_pipe_label)(struct label *label); void (*mpo_destroy_proc_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); + void (*mpo_cleanup_sysv_msgmsg)(struct label *msglabel); + void (*mpo_cleanup_sysv_msgqueue)(struct label *msqlabel); + void (*mpo_cleanup_sysv_sema)(struct label *semalabel); + void (*mpo_cleanup_sysv_shm)(struct label *shmlabel); void (*mpo_copy_cred_label)(struct label *src, struct label *dest); void (*mpo_copy_ifnet_label)(struct label *src, @@ -224,6 +239,19 @@ struct mac_policy_ops { void (*mpo_create_pipe)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel); + /* + * Labeling event operations: System V IPC primitives. + */ + void (*mpo_create_sysv_msgmsg)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel, + struct msg *msgptr, struct label *msglabel); + void (*mpo_create_sysv_msgqueue)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel); + void (*mpo_create_sysv_sema)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semalabel); + void (*mpo_create_sysv_shm)(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmlabel); + /* * Labeling event operations: network objects. */ @@ -315,6 +343,42 @@ struct mac_policy_ops { int (*mpo_check_inpcb_deliver)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); + int (*mpo_check_sysv_msgmsq)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msgrcv)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel); + int (*mpo_check_sysv_msgrmid)(struct ucred *cred, + struct msg *msgptr, struct label *msglabel); + int (*mpo_check_sysv_msqget)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqsnd)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqrcv)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel); + int (*mpo_check_sysv_msqctl)(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel, + int cmd); + int (*mpo_check_sysv_semctl)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, + int cmd); + int (*mpo_check_sysv_semget)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel); + int (*mpo_check_sysv_semop)(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, + size_t accesstype); + int (*mpo_check_sysv_shmat)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg); + int (*mpo_check_sysv_shmctl)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd); + int (*mpo_check_sysv_shmdt)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel); + int (*mpo_check_sysv_shmget)(struct ucred *cred, + struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg); int (*mpo_check_kenv_dump)(struct ucred *cred); int (*mpo_check_kenv_get)(struct ucred *cred, char *name); int (*mpo_check_kenv_set)(struct ucred *cred, char *name, @@ -328,7 +392,7 @@ struct mac_policy_ops { struct label *mntlabel); int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel, - unsigned long cmd, void *data); + unsigned long cmd, void *data); int (*mpo_check_pipe_poll)(struct ucred *cred, struct pipepair *pp, struct label *pipelabel); int (*mpo_check_pipe_read)(struct ucred *cred,