2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
10 * This software was developed for the FreeBSD Project in part by NAI Labs,
11 * the Security Research Division of Network Associates, Inc. under
12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
13 * CHATS research program.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. The names of the authors may not be used to endorse or promote
24 * products derived from this software without specific prior written
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 * Developed by the TrustedBSD Project.
44 * Framework for extensible kernel access control. Kernel and userland
45 * interface to the framework, policy registration and composition.
49 #include "opt_devfs.h"
51 #include <sys/param.h>
52 #include <sys/extattr.h>
53 #include <sys/kernel.h>
55 #include <sys/malloc.h>
56 #include <sys/mutex.h>
58 #include <sys/module.h>
60 #include <sys/systm.h>
61 #include <sys/sysproto.h>
62 #include <sys/sysent.h>
63 #include <sys/vnode.h>
64 #include <sys/mount.h>
66 #include <sys/namei.h>
67 #include <sys/socket.h>
69 #include <sys/socketvar.h>
70 #include <sys/sysctl.h>
74 #include <vm/vm_map.h>
75 #include <vm/vm_object.h>
77 #include <sys/mac_policy.h>
79 #include <fs/devfs/devfs.h>
81 #include <net/bpfdesc.h>
83 #include <net/if_var.h>
85 #include <netinet/in.h>
86 #include <netinet/ip_var.h>
91 * Declare that the kernel provides MAC support, version 1. This permits
92 * modules to refuse to be loaded if the necessary support isn't present,
93 * even if it's pre-boot.
95 MODULE_VERSION(kernel_mac_support, 1);
97 SYSCTL_DECL(_security);
99 SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
100 "TrustedBSD MAC policy controls");
102 #if MAC_MAX_POLICIES > 32
103 #error "MAC_MAX_POLICIES too large"
106 static unsigned int mac_max_policies = MAC_MAX_POLICIES;
107 static unsigned int mac_policy_offsets_free = (1 << MAC_MAX_POLICIES) - 1;
108 SYSCTL_UINT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD,
109 &mac_max_policies, 0, "");
112 * Has the kernel started generating labeled objects yet? All read/write
113 * access to this variable is serialized during the boot process. Following
114 * the end of serialization, we don't update this flag; no locking.
116 static int mac_late = 0;
119 * Warn about EA transactions only the first time they happen.
120 * Weak coherency, no locking.
122 static int ea_warn_once = 0;
124 static int mac_enforce_fs = 1;
125 SYSCTL_INT(_security_mac, OID_AUTO, enforce_fs, CTLFLAG_RW,
126 &mac_enforce_fs, 0, "Enforce MAC policy on file system objects");
127 TUNABLE_INT("security.mac.enforce_fs", &mac_enforce_fs);
129 static int mac_enforce_network = 1;
130 SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW,
131 &mac_enforce_network, 0, "Enforce MAC policy on network packets");
132 TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network);
134 static int mac_enforce_pipe = 1;
135 SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW,
136 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
137 TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe);
139 static int mac_enforce_process = 1;
140 SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
141 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
142 TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process);
144 static int mac_enforce_socket = 1;
145 SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW,
146 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
147 TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket);
149 static int mac_enforce_system = 1;
150 SYSCTL_INT(_security_mac, OID_AUTO, enforce_system, CTLFLAG_RW,
151 &mac_enforce_system, 0, "Enforce MAC policy on system operations");
152 TUNABLE_INT("security.mac.enforce_system", &mac_enforce_system);
154 static int mac_enforce_vm = 1;
155 SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
156 &mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
157 TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
159 static int mac_cache_fslabel_in_vnode = 1;
160 SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW,
161 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode");
162 TUNABLE_INT("security.mac.cache_fslabel_in_vnode",
163 &mac_cache_fslabel_in_vnode);
165 static int mac_mmap_revocation = 1;
166 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
167 &mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
169 static int mac_mmap_revocation_via_cow = 0;
170 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
171 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
172 "copy-on-write semantics, or by removing all write access");
175 SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0,
176 "TrustedBSD MAC debug info");
178 static int mac_debug_label_fallback = 0;
179 SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
180 &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
181 "when label is corrupted.");
182 TUNABLE_INT("security.mac.debug_label_fallback",
183 &mac_debug_label_fallback);
185 SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0,
186 "TrustedBSD MAC object counters");
188 static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
189 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
192 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
193 &nmacmbufs, 0, "number of mbufs in use");
194 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD,
195 &nmaccreds, 0, "number of ucreds in use");
196 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD,
197 &nmacifnets, 0, "number of ifnets in use");
198 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD,
199 &nmacipqs, 0, "number of ipqs in use");
200 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, bpfdescs, CTLFLAG_RD,
201 &nmacbpfdescs, 0, "number of bpfdescs in use");
202 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sockets, CTLFLAG_RD,
203 &nmacsockets, 0, "number of sockets in use");
204 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD,
205 &nmacpipes, 0, "number of pipes in use");
206 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD,
207 &nmacmounts, 0, "number of mounts in use");
208 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD,
209 &nmactemp, 0, "number of temporary labels in use");
210 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD,
211 &nmacvnodes, 0, "number of vnodes in use");
212 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD,
213 &nmacdevfsdirents, 0, "number of devfs dirents inuse");
216 static int error_select(int error1, int error2);
217 static int mac_policy_register(struct mac_policy_conf *mpc);
218 static int mac_policy_unregister(struct mac_policy_conf *mpc);
220 static void mac_check_vnode_mmap_downgrade(struct ucred *cred,
221 struct vnode *vp, int *prot);
222 static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
223 struct ucred *cred, struct vm_map *map);
225 static void mac_destroy_socket_label(struct label *label);
227 static int mac_setlabel_vnode_extattr(struct ucred *cred,
228 struct vnode *vp, struct label *intlabel);
231 MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector");
232 MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
233 MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC temporary label storage");
236 * mac_policy_list_lock protects the consistency of 'mac_policy_list',
237 * the linked list of attached policy modules. Read-only consumers of
238 * the list must acquire a shared lock for the duration of their use;
239 * writers must acquire an exclusive lock. Note that for compound
240 * operations, locks should be held for the entire compound operation,
241 * and that this is not yet done for relabel requests.
243 static struct mtx mac_policy_list_lock;
244 static LIST_HEAD(, mac_policy_conf) mac_policy_list;
245 static int mac_policy_list_busy;
246 #define MAC_POLICY_LIST_LOCKINIT() mtx_init(&mac_policy_list_lock, \
247 "mac_policy_list_lock", NULL, MTX_DEF);
248 #define MAC_POLICY_LIST_LOCK() mtx_lock(&mac_policy_list_lock);
249 #define MAC_POLICY_LIST_UNLOCK() mtx_unlock(&mac_policy_list_lock);
251 #define MAC_POLICY_LIST_BUSY() do { \
252 MAC_POLICY_LIST_LOCK(); \
253 mac_policy_list_busy++; \
254 MAC_POLICY_LIST_UNLOCK(); \
257 #define MAC_POLICY_LIST_UNBUSY() do { \
258 MAC_POLICY_LIST_LOCK(); \
259 mac_policy_list_busy--; \
260 if (mac_policy_list_busy < 0) \
261 panic("Extra mac_policy_list_busy--"); \
262 MAC_POLICY_LIST_UNLOCK(); \
266 * MAC_CHECK performs the designated check by walking the policy
267 * module list and checking with each as to how it feels about the
268 * request. Note that it returns its value via 'error' in the scope
271 #define MAC_CHECK(check, args...) do { \
272 struct mac_policy_conf *mpc; \
275 MAC_POLICY_LIST_BUSY(); \
276 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
277 if (mpc->mpc_ops->mpo_ ## check != NULL) \
278 error = error_select( \
279 mpc->mpc_ops->mpo_ ## check (args), \
282 MAC_POLICY_LIST_UNBUSY(); \
286 * MAC_BOOLEAN performs the designated boolean composition by walking
287 * the module list, invoking each instance of the operation, and
288 * combining the results using the passed C operator. Note that it
289 * returns its value via 'result' in the scope of the caller, which
290 * should be initialized by the caller in a meaningful way to get
291 * a meaningful result.
293 #define MAC_BOOLEAN(operation, composition, args...) do { \
294 struct mac_policy_conf *mpc; \
296 MAC_POLICY_LIST_BUSY(); \
297 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
298 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
299 result = result composition \
300 mpc->mpc_ops->mpo_ ## operation (args); \
302 MAC_POLICY_LIST_UNBUSY(); \
305 #define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \
307 char *curptr, *curptr_start, *element_name, *element_temp; \
308 size_t left, left_start, len; \
309 int claimed, first, first_start, ignorenotfound; \
312 element_temp = elementlist; \
317 while ((element_name = strsep(&element_temp, ",")) != NULL) { \
318 curptr_start = curptr; \
320 first_start = first; \
321 if (element_name[0] == '?') { \
323 ignorenotfound = 1; \
325 ignorenotfound = 0; \
328 len = snprintf(curptr, left, "%s/", \
332 len = snprintf(curptr, left, ",%s/", \
335 error = EINVAL; /* XXXMAC: E2BIG */ \
341 MAC_CHECK(externalize_ ## type, label, element_name, \
342 curptr, left, &len, &claimed); \
345 if (claimed == 1) { \
346 if (len >= outbuflen) { \
347 error = EINVAL; /* XXXMAC: E2BIG */ \
352 } else if (claimed == 0 && ignorenotfound) { \
354 * Revert addition of the label element \
357 curptr = curptr_start; \
360 first = first_start; \
362 error = EINVAL; /* XXXMAC: ENOLABEL */ \
368 #define MAC_INTERNALIZE(type, label, instring) do { \
369 char *element, *element_name, *element_data; \
373 element = instring; \
374 while ((element_name = strsep(&element, ",")) != NULL) { \
375 element_data = element_name; \
376 element_name = strsep(&element_data, "/"); \
377 if (element_data == NULL) { \
382 MAC_CHECK(internalize_ ## type, label, element_name, \
383 element_data, &claimed); \
386 if (claimed != 1) { \
387 /* XXXMAC: Another error here? */ \
395 * MAC_PERFORM performs the designated operation by walking the policy
396 * module list and invoking that operation for each policy.
398 #define MAC_PERFORM(operation, args...) do { \
399 struct mac_policy_conf *mpc; \
401 MAC_POLICY_LIST_BUSY(); \
402 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
403 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
404 mpc->mpc_ops->mpo_ ## operation (args); \
406 MAC_POLICY_LIST_UNBUSY(); \
410 * Initialize the MAC subsystem, including appropriate SMP locks.
416 LIST_INIT(&mac_policy_list);
417 MAC_POLICY_LIST_LOCKINIT();
421 * For the purposes of modules that want to know if they were loaded
422 * "early", set the mac_late flag once we've processed modules either
423 * linked into the kernel, or loaded before the kernel startup.
433 * Allow MAC policy modules to register during boot, etc.
436 mac_policy_modevent(module_t mod, int type, void *data)
438 struct mac_policy_conf *mpc;
442 mpc = (struct mac_policy_conf *) data;
446 if (mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_NOTLATE &&
448 printf("mac_policy_modevent: can't load %s policy "
449 "after booting\n", mpc->mpc_name);
453 error = mac_policy_register(mpc);
456 /* Don't unregister the module if it was never registered. */
457 if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED)
459 error = mac_policy_unregister(mpc);
471 mac_policy_register(struct mac_policy_conf *mpc)
473 struct mac_policy_conf *tmpc;
474 struct mac_policy_op_entry *mpe;
477 MALLOC(mpc->mpc_ops, struct mac_policy_ops *, sizeof(*mpc->mpc_ops),
478 M_MACOPVEC, M_WAITOK | M_ZERO);
479 for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) {
480 switch (mpe->mpe_constant) {
483 * Doesn't actually happen, but this allows checking
484 * that all enumerated values are handled.
488 mpc->mpc_ops->mpo_destroy =
492 mpc->mpc_ops->mpo_init =
496 mpc->mpc_ops->mpo_syscall =
499 case MAC_INIT_BPFDESC_LABEL:
500 mpc->mpc_ops->mpo_init_bpfdesc_label =
503 case MAC_INIT_CRED_LABEL:
504 mpc->mpc_ops->mpo_init_cred_label =
507 case MAC_INIT_DEVFSDIRENT_LABEL:
508 mpc->mpc_ops->mpo_init_devfsdirent_label =
511 case MAC_INIT_IFNET_LABEL:
512 mpc->mpc_ops->mpo_init_ifnet_label =
515 case MAC_INIT_IPQ_LABEL:
516 mpc->mpc_ops->mpo_init_ipq_label =
519 case MAC_INIT_MBUF_LABEL:
520 mpc->mpc_ops->mpo_init_mbuf_label =
523 case MAC_INIT_MOUNT_LABEL:
524 mpc->mpc_ops->mpo_init_mount_label =
527 case MAC_INIT_MOUNT_FS_LABEL:
528 mpc->mpc_ops->mpo_init_mount_fs_label =
531 case MAC_INIT_PIPE_LABEL:
532 mpc->mpc_ops->mpo_init_pipe_label =
535 case MAC_INIT_SOCKET_LABEL:
536 mpc->mpc_ops->mpo_init_socket_label =
539 case MAC_INIT_SOCKET_PEER_LABEL:
540 mpc->mpc_ops->mpo_init_socket_peer_label =
543 case MAC_INIT_VNODE_LABEL:
544 mpc->mpc_ops->mpo_init_vnode_label =
547 case MAC_DESTROY_BPFDESC_LABEL:
548 mpc->mpc_ops->mpo_destroy_bpfdesc_label =
551 case MAC_DESTROY_CRED_LABEL:
552 mpc->mpc_ops->mpo_destroy_cred_label =
555 case MAC_DESTROY_DEVFSDIRENT_LABEL:
556 mpc->mpc_ops->mpo_destroy_devfsdirent_label =
559 case MAC_DESTROY_IFNET_LABEL:
560 mpc->mpc_ops->mpo_destroy_ifnet_label =
563 case MAC_DESTROY_IPQ_LABEL:
564 mpc->mpc_ops->mpo_destroy_ipq_label =
567 case MAC_DESTROY_MBUF_LABEL:
568 mpc->mpc_ops->mpo_destroy_mbuf_label =
571 case MAC_DESTROY_MOUNT_LABEL:
572 mpc->mpc_ops->mpo_destroy_mount_label =
575 case MAC_DESTROY_MOUNT_FS_LABEL:
576 mpc->mpc_ops->mpo_destroy_mount_fs_label =
579 case MAC_DESTROY_PIPE_LABEL:
580 mpc->mpc_ops->mpo_destroy_pipe_label =
583 case MAC_DESTROY_SOCKET_LABEL:
584 mpc->mpc_ops->mpo_destroy_socket_label =
587 case MAC_DESTROY_SOCKET_PEER_LABEL:
588 mpc->mpc_ops->mpo_destroy_socket_peer_label =
591 case MAC_DESTROY_VNODE_LABEL:
592 mpc->mpc_ops->mpo_destroy_vnode_label =
595 case MAC_COPY_PIPE_LABEL:
596 mpc->mpc_ops->mpo_copy_pipe_label =
599 case MAC_COPY_VNODE_LABEL:
600 mpc->mpc_ops->mpo_copy_vnode_label =
603 case MAC_EXTERNALIZE_CRED_LABEL:
604 mpc->mpc_ops->mpo_externalize_cred_label =
607 case MAC_EXTERNALIZE_IFNET_LABEL:
608 mpc->mpc_ops->mpo_externalize_ifnet_label =
611 case MAC_EXTERNALIZE_PIPE_LABEL:
612 mpc->mpc_ops->mpo_externalize_pipe_label =
615 case MAC_EXTERNALIZE_SOCKET_LABEL:
616 mpc->mpc_ops->mpo_externalize_socket_label =
619 case MAC_EXTERNALIZE_SOCKET_PEER_LABEL:
620 mpc->mpc_ops->mpo_externalize_socket_peer_label =
623 case MAC_EXTERNALIZE_VNODE_LABEL:
624 mpc->mpc_ops->mpo_externalize_vnode_label =
627 case MAC_INTERNALIZE_CRED_LABEL:
628 mpc->mpc_ops->mpo_internalize_cred_label =
631 case MAC_INTERNALIZE_IFNET_LABEL:
632 mpc->mpc_ops->mpo_internalize_ifnet_label =
635 case MAC_INTERNALIZE_PIPE_LABEL:
636 mpc->mpc_ops->mpo_internalize_pipe_label =
639 case MAC_INTERNALIZE_SOCKET_LABEL:
640 mpc->mpc_ops->mpo_internalize_socket_label =
643 case MAC_INTERNALIZE_VNODE_LABEL:
644 mpc->mpc_ops->mpo_internalize_vnode_label =
647 case MAC_CREATE_DEVFS_DEVICE:
648 mpc->mpc_ops->mpo_create_devfs_device =
651 case MAC_CREATE_DEVFS_DIRECTORY:
652 mpc->mpc_ops->mpo_create_devfs_directory =
655 case MAC_CREATE_DEVFS_SYMLINK:
656 mpc->mpc_ops->mpo_create_devfs_symlink =
659 case MAC_CREATE_DEVFS_VNODE:
660 mpc->mpc_ops->mpo_create_devfs_vnode =
663 case MAC_CREATE_MOUNT:
664 mpc->mpc_ops->mpo_create_mount =
667 case MAC_CREATE_ROOT_MOUNT:
668 mpc->mpc_ops->mpo_create_root_mount =
671 case MAC_RELABEL_VNODE:
672 mpc->mpc_ops->mpo_relabel_vnode =
675 case MAC_UPDATE_DEVFSDIRENT:
676 mpc->mpc_ops->mpo_update_devfsdirent =
679 case MAC_ASSOCIATE_VNODE_DEVFS:
680 mpc->mpc_ops->mpo_associate_vnode_devfs =
683 case MAC_ASSOCIATE_VNODE_EXTATTR:
684 mpc->mpc_ops->mpo_associate_vnode_extattr =
687 case MAC_ASSOCIATE_VNODE_SINGLELABEL:
688 mpc->mpc_ops->mpo_associate_vnode_singlelabel =
691 case MAC_CREATE_VNODE_EXTATTR:
692 mpc->mpc_ops->mpo_create_vnode_extattr =
695 case MAC_SETLABEL_VNODE_EXTATTR:
696 mpc->mpc_ops->mpo_setlabel_vnode_extattr =
699 case MAC_CREATE_MBUF_FROM_SOCKET:
700 mpc->mpc_ops->mpo_create_mbuf_from_socket =
703 case MAC_CREATE_PIPE:
704 mpc->mpc_ops->mpo_create_pipe =
707 case MAC_CREATE_SOCKET:
708 mpc->mpc_ops->mpo_create_socket =
711 case MAC_CREATE_SOCKET_FROM_SOCKET:
712 mpc->mpc_ops->mpo_create_socket_from_socket =
715 case MAC_RELABEL_PIPE:
716 mpc->mpc_ops->mpo_relabel_pipe =
719 case MAC_RELABEL_SOCKET:
720 mpc->mpc_ops->mpo_relabel_socket =
723 case MAC_SET_SOCKET_PEER_FROM_MBUF:
724 mpc->mpc_ops->mpo_set_socket_peer_from_mbuf =
727 case MAC_SET_SOCKET_PEER_FROM_SOCKET:
728 mpc->mpc_ops->mpo_set_socket_peer_from_socket =
731 case MAC_CREATE_BPFDESC:
732 mpc->mpc_ops->mpo_create_bpfdesc =
735 case MAC_CREATE_DATAGRAM_FROM_IPQ:
736 mpc->mpc_ops->mpo_create_datagram_from_ipq =
739 case MAC_CREATE_FRAGMENT:
740 mpc->mpc_ops->mpo_create_fragment =
743 case MAC_CREATE_IFNET:
744 mpc->mpc_ops->mpo_create_ifnet =
748 mpc->mpc_ops->mpo_create_ipq =
751 case MAC_CREATE_MBUF_FROM_MBUF:
752 mpc->mpc_ops->mpo_create_mbuf_from_mbuf =
755 case MAC_CREATE_MBUF_LINKLAYER:
756 mpc->mpc_ops->mpo_create_mbuf_linklayer =
759 case MAC_CREATE_MBUF_FROM_BPFDESC:
760 mpc->mpc_ops->mpo_create_mbuf_from_bpfdesc =
763 case MAC_CREATE_MBUF_FROM_IFNET:
764 mpc->mpc_ops->mpo_create_mbuf_from_ifnet =
767 case MAC_CREATE_MBUF_MULTICAST_ENCAP:
768 mpc->mpc_ops->mpo_create_mbuf_multicast_encap =
771 case MAC_CREATE_MBUF_NETLAYER:
772 mpc->mpc_ops->mpo_create_mbuf_netlayer =
775 case MAC_FRAGMENT_MATCH:
776 mpc->mpc_ops->mpo_fragment_match =
779 case MAC_RELABEL_IFNET:
780 mpc->mpc_ops->mpo_relabel_ifnet =
784 mpc->mpc_ops->mpo_update_ipq =
787 case MAC_CREATE_CRED:
788 mpc->mpc_ops->mpo_create_cred =
791 case MAC_EXECVE_TRANSITION:
792 mpc->mpc_ops->mpo_execve_transition =
795 case MAC_EXECVE_WILL_TRANSITION:
796 mpc->mpc_ops->mpo_execve_will_transition =
799 case MAC_CREATE_PROC0:
800 mpc->mpc_ops->mpo_create_proc0 =
803 case MAC_CREATE_PROC1:
804 mpc->mpc_ops->mpo_create_proc1 =
807 case MAC_RELABEL_CRED:
808 mpc->mpc_ops->mpo_relabel_cred =
811 case MAC_THREAD_USERRET:
812 mpc->mpc_ops->mpo_thread_userret =
815 case MAC_CHECK_BPFDESC_RECEIVE:
816 mpc->mpc_ops->mpo_check_bpfdesc_receive =
819 case MAC_CHECK_CRED_RELABEL:
820 mpc->mpc_ops->mpo_check_cred_relabel =
823 case MAC_CHECK_CRED_VISIBLE:
824 mpc->mpc_ops->mpo_check_cred_visible =
827 case MAC_CHECK_IFNET_RELABEL:
828 mpc->mpc_ops->mpo_check_ifnet_relabel =
831 case MAC_CHECK_IFNET_TRANSMIT:
832 mpc->mpc_ops->mpo_check_ifnet_transmit =
835 case MAC_CHECK_MOUNT_STAT:
836 mpc->mpc_ops->mpo_check_mount_stat =
839 case MAC_CHECK_PIPE_IOCTL:
840 mpc->mpc_ops->mpo_check_pipe_ioctl =
843 case MAC_CHECK_PIPE_POLL:
844 mpc->mpc_ops->mpo_check_pipe_poll =
847 case MAC_CHECK_PIPE_READ:
848 mpc->mpc_ops->mpo_check_pipe_read =
851 case MAC_CHECK_PIPE_RELABEL:
852 mpc->mpc_ops->mpo_check_pipe_relabel =
855 case MAC_CHECK_PIPE_STAT:
856 mpc->mpc_ops->mpo_check_pipe_stat =
859 case MAC_CHECK_PIPE_WRITE:
860 mpc->mpc_ops->mpo_check_pipe_write =
863 case MAC_CHECK_PROC_DEBUG:
864 mpc->mpc_ops->mpo_check_proc_debug =
867 case MAC_CHECK_PROC_SCHED:
868 mpc->mpc_ops->mpo_check_proc_sched =
871 case MAC_CHECK_PROC_SIGNAL:
872 mpc->mpc_ops->mpo_check_proc_signal =
875 case MAC_CHECK_SOCKET_BIND:
876 mpc->mpc_ops->mpo_check_socket_bind =
879 case MAC_CHECK_SOCKET_CONNECT:
880 mpc->mpc_ops->mpo_check_socket_connect =
883 case MAC_CHECK_SOCKET_DELIVER:
884 mpc->mpc_ops->mpo_check_socket_deliver =
887 case MAC_CHECK_SOCKET_LISTEN:
888 mpc->mpc_ops->mpo_check_socket_listen =
891 case MAC_CHECK_SOCKET_RECEIVE:
892 mpc->mpc_ops->mpo_check_socket_receive =
895 case MAC_CHECK_SOCKET_RELABEL:
896 mpc->mpc_ops->mpo_check_socket_relabel =
899 case MAC_CHECK_SOCKET_SEND:
900 mpc->mpc_ops->mpo_check_socket_send =
903 case MAC_CHECK_SOCKET_VISIBLE:
904 mpc->mpc_ops->mpo_check_socket_visible =
907 case MAC_CHECK_SYSTEM_REBOOT:
908 mpc->mpc_ops->mpo_check_system_reboot =
911 case MAC_CHECK_SYSTEM_SWAPON:
912 mpc->mpc_ops->mpo_check_system_swapon =
915 case MAC_CHECK_SYSTEM_SYSCTL:
916 mpc->mpc_ops->mpo_check_system_sysctl =
919 case MAC_CHECK_VNODE_ACCESS:
920 mpc->mpc_ops->mpo_check_vnode_access =
923 case MAC_CHECK_VNODE_CHDIR:
924 mpc->mpc_ops->mpo_check_vnode_chdir =
927 case MAC_CHECK_VNODE_CHROOT:
928 mpc->mpc_ops->mpo_check_vnode_chroot =
931 case MAC_CHECK_VNODE_CREATE:
932 mpc->mpc_ops->mpo_check_vnode_create =
935 case MAC_CHECK_VNODE_DELETE:
936 mpc->mpc_ops->mpo_check_vnode_delete =
939 case MAC_CHECK_VNODE_DELETEACL:
940 mpc->mpc_ops->mpo_check_vnode_deleteacl =
943 case MAC_CHECK_VNODE_EXEC:
944 mpc->mpc_ops->mpo_check_vnode_exec =
947 case MAC_CHECK_VNODE_GETACL:
948 mpc->mpc_ops->mpo_check_vnode_getacl =
951 case MAC_CHECK_VNODE_GETEXTATTR:
952 mpc->mpc_ops->mpo_check_vnode_getextattr =
955 case MAC_CHECK_VNODE_LINK:
956 mpc->mpc_ops->mpo_check_vnode_link =
959 case MAC_CHECK_VNODE_LOOKUP:
960 mpc->mpc_ops->mpo_check_vnode_lookup =
963 case MAC_CHECK_VNODE_MMAP:
964 mpc->mpc_ops->mpo_check_vnode_mmap =
967 case MAC_CHECK_VNODE_MMAP_DOWNGRADE:
968 mpc->mpc_ops->mpo_check_vnode_mmap_downgrade =
971 case MAC_CHECK_VNODE_MPROTECT:
972 mpc->mpc_ops->mpo_check_vnode_mprotect =
975 case MAC_CHECK_VNODE_OPEN:
976 mpc->mpc_ops->mpo_check_vnode_open =
979 case MAC_CHECK_VNODE_POLL:
980 mpc->mpc_ops->mpo_check_vnode_poll =
983 case MAC_CHECK_VNODE_READ:
984 mpc->mpc_ops->mpo_check_vnode_read =
987 case MAC_CHECK_VNODE_READDIR:
988 mpc->mpc_ops->mpo_check_vnode_readdir =
991 case MAC_CHECK_VNODE_READLINK:
992 mpc->mpc_ops->mpo_check_vnode_readlink =
995 case MAC_CHECK_VNODE_RELABEL:
996 mpc->mpc_ops->mpo_check_vnode_relabel =
999 case MAC_CHECK_VNODE_RENAME_FROM:
1000 mpc->mpc_ops->mpo_check_vnode_rename_from =
1003 case MAC_CHECK_VNODE_RENAME_TO:
1004 mpc->mpc_ops->mpo_check_vnode_rename_to =
1007 case MAC_CHECK_VNODE_REVOKE:
1008 mpc->mpc_ops->mpo_check_vnode_revoke =
1011 case MAC_CHECK_VNODE_SETACL:
1012 mpc->mpc_ops->mpo_check_vnode_setacl =
1015 case MAC_CHECK_VNODE_SETEXTATTR:
1016 mpc->mpc_ops->mpo_check_vnode_setextattr =
1019 case MAC_CHECK_VNODE_SETFLAGS:
1020 mpc->mpc_ops->mpo_check_vnode_setflags =
1023 case MAC_CHECK_VNODE_SETMODE:
1024 mpc->mpc_ops->mpo_check_vnode_setmode =
1027 case MAC_CHECK_VNODE_SETOWNER:
1028 mpc->mpc_ops->mpo_check_vnode_setowner =
1031 case MAC_CHECK_VNODE_SETUTIMES:
1032 mpc->mpc_ops->mpo_check_vnode_setutimes =
1035 case MAC_CHECK_VNODE_STAT:
1036 mpc->mpc_ops->mpo_check_vnode_stat =
1039 case MAC_CHECK_VNODE_WRITE:
1040 mpc->mpc_ops->mpo_check_vnode_write =
1045 printf("MAC policy `%s': unknown operation %d\n",
1046 mpc->mpc_name, mpe->mpe_constant);
1051 MAC_POLICY_LIST_LOCK();
1052 if (mac_policy_list_busy > 0) {
1053 MAC_POLICY_LIST_UNLOCK();
1054 FREE(mpc->mpc_ops, M_MACOPVEC);
1055 mpc->mpc_ops = NULL;
1058 LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
1059 if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
1060 MAC_POLICY_LIST_UNLOCK();
1061 FREE(mpc->mpc_ops, M_MACOPVEC);
1062 mpc->mpc_ops = NULL;
1066 if (mpc->mpc_field_off != NULL) {
1067 slot = ffs(mac_policy_offsets_free);
1069 MAC_POLICY_LIST_UNLOCK();
1070 FREE(mpc->mpc_ops, M_MACOPVEC);
1071 mpc->mpc_ops = NULL;
1075 mac_policy_offsets_free &= ~(1 << slot);
1076 *mpc->mpc_field_off = slot;
1078 mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
1079 LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
1081 /* Per-policy initialization. */
1082 if (mpc->mpc_ops->mpo_init != NULL)
1083 (*(mpc->mpc_ops->mpo_init))(mpc);
1084 MAC_POLICY_LIST_UNLOCK();
1086 printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname,
1093 mac_policy_unregister(struct mac_policy_conf *mpc)
1097 * If we fail the load, we may get a request to unload. Check
1098 * to see if we did the run-time registration, and if not,
1101 MAC_POLICY_LIST_LOCK();
1102 if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
1103 MAC_POLICY_LIST_UNLOCK();
1108 * Don't allow unloading modules with private data.
1110 if (mpc->mpc_field_off != NULL) {
1111 MAC_POLICY_LIST_UNLOCK();
1116 * Only allow the unload to proceed if the module is unloadable
1117 * by its own definition.
1119 if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
1120 MAC_POLICY_LIST_UNLOCK();
1124 * Right now, we EBUSY if the list is in use. In the future,
1125 * for reliability reasons, we might want to sleep and wakeup
1126 * later to try again.
1128 if (mac_policy_list_busy > 0) {
1129 MAC_POLICY_LIST_UNLOCK();
1132 if (mpc->mpc_ops->mpo_destroy != NULL)
1133 (*(mpc->mpc_ops->mpo_destroy))(mpc);
1135 LIST_REMOVE(mpc, mpc_list);
1136 MAC_POLICY_LIST_UNLOCK();
1138 FREE(mpc->mpc_ops, M_MACOPVEC);
1139 mpc->mpc_ops = NULL;
1140 mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
1142 printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
1149 * Define an error value precedence, and given two arguments, selects the
1150 * value with the higher precedence.
1153 error_select(int error1, int error2)
1156 /* Certain decision-making errors take top priority. */
1157 if (error1 == EDEADLK || error2 == EDEADLK)
1160 /* Invalid arguments should be reported where possible. */
1161 if (error1 == EINVAL || error2 == EINVAL)
1164 /* Precedence goes to "visibility", with both process and file. */
1165 if (error1 == ESRCH || error2 == ESRCH)
1168 if (error1 == ENOENT || error2 == ENOENT)
1171 /* Precedence goes to DAC/MAC protections. */
1172 if (error1 == EACCES || error2 == EACCES)
1175 /* Precedence goes to privilege. */
1176 if (error1 == EPERM || error2 == EPERM)
1179 /* Precedence goes to error over success; otherwise, arbitrary. */
1186 mac_init_label(struct label *label)
1189 bzero(label, sizeof(*label));
1190 label->l_flags = MAC_FLAG_INITIALIZED;
1194 mac_destroy_label(struct label *label)
1197 KASSERT(label->l_flags & MAC_FLAG_INITIALIZED,
1198 ("destroying uninitialized label"));
1200 bzero(label, sizeof(*label));
1201 /* implicit: label->l_flags &= ~MAC_FLAG_INITIALIZED; */
1205 mac_init_bpfdesc(struct bpf_d *bpf_d)
1208 mac_init_label(&bpf_d->bd_label);
1209 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
1211 atomic_add_int(&nmacbpfdescs, 1);
1216 mac_init_cred_label(struct label *label)
1219 mac_init_label(label);
1220 MAC_PERFORM(init_cred_label, label);
1222 atomic_add_int(&nmaccreds, 1);
1227 mac_init_cred(struct ucred *cred)
1230 mac_init_cred_label(&cred->cr_label);
1234 mac_init_devfsdirent(struct devfs_dirent *de)
1237 mac_init_label(&de->de_label);
1238 MAC_PERFORM(init_devfsdirent_label, &de->de_label);
1240 atomic_add_int(&nmacdevfsdirents, 1);
1245 mac_init_ifnet_label(struct label *label)
1248 mac_init_label(label);
1249 MAC_PERFORM(init_ifnet_label, label);
1251 atomic_add_int(&nmacifnets, 1);
1256 mac_init_ifnet(struct ifnet *ifp)
1259 mac_init_ifnet_label(&ifp->if_label);
1263 mac_init_ipq(struct ipq *ipq)
1266 mac_init_label(&ipq->ipq_label);
1267 MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
1269 atomic_add_int(&nmacipqs, 1);
1274 mac_init_mbuf(struct mbuf *m, int flag)
1278 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
1280 mac_init_label(&m->m_pkthdr.label);
1282 MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
1284 MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
1285 mac_destroy_label(&m->m_pkthdr.label);
1290 atomic_add_int(&nmacmbufs, 1);
1296 mac_init_mount(struct mount *mp)
1299 mac_init_label(&mp->mnt_mntlabel);
1300 mac_init_label(&mp->mnt_fslabel);
1301 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
1302 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
1304 atomic_add_int(&nmacmounts, 1);
1309 mac_init_pipe_label(struct label *label)
1312 mac_init_label(label);
1313 MAC_PERFORM(init_pipe_label, label);
1315 atomic_add_int(&nmacpipes, 1);
1320 mac_init_pipe(struct pipe *pipe)
1322 struct label *label;
1324 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
1325 pipe->pipe_label = label;
1326 pipe->pipe_peer->pipe_label = label;
1327 mac_init_pipe_label(label);
1331 mac_init_socket_label(struct label *label, int flag)
1335 mac_init_label(label);
1337 MAC_CHECK(init_socket_label, label, flag);
1339 MAC_PERFORM(destroy_socket_label, label);
1340 mac_destroy_label(label);
1345 atomic_add_int(&nmacsockets, 1);
1352 mac_init_socket_peer_label(struct label *label, int flag)
1356 mac_init_label(label);
1358 MAC_CHECK(init_socket_peer_label, label, flag);
1360 MAC_PERFORM(destroy_socket_label, label);
1361 mac_destroy_label(label);
1368 mac_init_socket(struct socket *socket, int flag)
1372 error = mac_init_socket_label(&socket->so_label, flag);
1376 error = mac_init_socket_peer_label(&socket->so_peerlabel, flag);
1378 mac_destroy_socket_label(&socket->so_label);
1384 mac_init_vnode_label(struct label *label)
1387 mac_init_label(label);
1388 MAC_PERFORM(init_vnode_label, label);
1390 atomic_add_int(&nmacvnodes, 1);
1395 mac_init_vnode(struct vnode *vp)
1398 mac_init_vnode_label(&vp->v_label);
1402 mac_destroy_bpfdesc(struct bpf_d *bpf_d)
1405 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
1406 mac_destroy_label(&bpf_d->bd_label);
1408 atomic_subtract_int(&nmacbpfdescs, 1);
1413 mac_destroy_cred_label(struct label *label)
1416 MAC_PERFORM(destroy_cred_label, label);
1417 mac_destroy_label(label);
1419 atomic_subtract_int(&nmaccreds, 1);
1424 mac_destroy_cred(struct ucred *cred)
1427 mac_destroy_cred_label(&cred->cr_label);
1431 mac_destroy_devfsdirent(struct devfs_dirent *de)
1434 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
1435 mac_destroy_label(&de->de_label);
1437 atomic_subtract_int(&nmacdevfsdirents, 1);
1442 mac_destroy_ifnet_label(struct label *label)
1445 MAC_PERFORM(destroy_ifnet_label, label);
1446 mac_destroy_label(label);
1448 atomic_subtract_int(&nmacifnets, 1);
1453 mac_destroy_ifnet(struct ifnet *ifp)
1456 mac_destroy_ifnet_label(&ifp->if_label);
1460 mac_destroy_ipq(struct ipq *ipq)
1463 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
1464 mac_destroy_label(&ipq->ipq_label);
1466 atomic_subtract_int(&nmacipqs, 1);
1471 mac_destroy_mbuf(struct mbuf *m)
1474 MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
1475 mac_destroy_label(&m->m_pkthdr.label);
1477 atomic_subtract_int(&nmacmbufs, 1);
1482 mac_destroy_mount(struct mount *mp)
1485 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
1486 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
1487 mac_destroy_label(&mp->mnt_fslabel);
1488 mac_destroy_label(&mp->mnt_mntlabel);
1490 atomic_subtract_int(&nmacmounts, 1);
1495 mac_destroy_pipe_label(struct label *label)
1498 MAC_PERFORM(destroy_pipe_label, label);
1499 mac_destroy_label(label);
1501 atomic_subtract_int(&nmacpipes, 1);
1506 mac_destroy_pipe(struct pipe *pipe)
1509 mac_destroy_pipe_label(pipe->pipe_label);
1510 free(pipe->pipe_label, M_MACPIPELABEL);
1514 mac_destroy_socket_label(struct label *label)
1517 MAC_PERFORM(destroy_socket_label, label);
1518 mac_destroy_label(label);
1520 atomic_subtract_int(&nmacsockets, 1);
1525 mac_destroy_socket_peer_label(struct label *label)
1528 MAC_PERFORM(destroy_socket_peer_label, label);
1529 mac_destroy_label(label);
1533 mac_destroy_socket(struct socket *socket)
1536 mac_destroy_socket_label(&socket->so_label);
1537 mac_destroy_socket_peer_label(&socket->so_peerlabel);
1541 mac_destroy_vnode_label(struct label *label)
1544 MAC_PERFORM(destroy_vnode_label, label);
1545 mac_destroy_label(label);
1547 atomic_subtract_int(&nmacvnodes, 1);
1552 mac_destroy_vnode(struct vnode *vp)
1555 mac_destroy_vnode_label(&vp->v_label);
1559 mac_copy_pipe_label(struct label *src, struct label *dest)
1562 MAC_PERFORM(copy_pipe_label, src, dest);
1566 mac_copy_vnode_label(struct label *src, struct label *dest)
1569 MAC_PERFORM(copy_vnode_label, src, dest);
1573 mac_check_structmac_consistent(struct mac *mac)
1576 if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
1583 mac_externalize_cred_label(struct label *label, char *elements,
1584 char *outbuf, size_t outbuflen, int flags)
1588 MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
1594 mac_externalize_ifnet_label(struct label *label, char *elements,
1595 char *outbuf, size_t outbuflen, int flags)
1599 MAC_EXTERNALIZE(ifnet_label, label, elements, outbuf, outbuflen);
1605 mac_externalize_pipe_label(struct label *label, char *elements,
1606 char *outbuf, size_t outbuflen, int flags)
1610 MAC_EXTERNALIZE(pipe_label, label, elements, outbuf, outbuflen);
1616 mac_externalize_socket_label(struct label *label, char *elements,
1617 char *outbuf, size_t outbuflen, int flags)
1621 MAC_EXTERNALIZE(socket_label, label, elements, outbuf, outbuflen);
1627 mac_externalize_socket_peer_label(struct label *label, char *elements,
1628 char *outbuf, size_t outbuflen, int flags)
1632 MAC_EXTERNALIZE(socket_peer_label, label, elements, outbuf, outbuflen);
1638 mac_externalize_vnode_label(struct label *label, char *elements,
1639 char *outbuf, size_t outbuflen, int flags)
1643 MAC_EXTERNALIZE(vnode_label, label, elements, outbuf, outbuflen);
1649 mac_internalize_cred_label(struct label *label, char *string)
1653 MAC_INTERNALIZE(cred_label, label, string);
1659 mac_internalize_ifnet_label(struct label *label, char *string)
1663 MAC_INTERNALIZE(ifnet_label, label, string);
1669 mac_internalize_pipe_label(struct label *label, char *string)
1673 MAC_INTERNALIZE(pipe_label, label, string);
1679 mac_internalize_socket_label(struct label *label, char *string)
1683 MAC_INTERNALIZE(socket_label, label, string);
1689 mac_internalize_vnode_label(struct label *label, char *string)
1693 MAC_INTERNALIZE(vnode_label, label, string);
1699 * Initialize MAC label for the first kernel process, from which other
1700 * kernel processes and threads are spawned.
1703 mac_create_proc0(struct ucred *cred)
1706 MAC_PERFORM(create_proc0, cred);
1710 * Initialize MAC label for the first userland process, from which other
1711 * userland processes and threads are spawned.
1714 mac_create_proc1(struct ucred *cred)
1717 MAC_PERFORM(create_proc1, cred);
1721 mac_thread_userret(struct thread *td)
1724 MAC_PERFORM(thread_userret, td);
1728 * When a new process is created, its label must be initialized. Generally,
1729 * this involves inheritence from the parent process, modulo possible
1730 * deltas. This function allows that processing to take place.
1733 mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
1736 MAC_PERFORM(create_cred, parent_cred, child_cred);
1740 mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
1743 MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
1747 mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
1751 MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de,
1752 &de->de_label, vp, &vp->v_label);
1756 mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp)
1760 ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
1762 MAC_CHECK(associate_vnode_extattr, mp, &mp->mnt_fslabel, vp,
1769 mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
1772 MAC_PERFORM(associate_vnode_singlelabel, mp, &mp->mnt_fslabel, vp,
1777 mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
1778 struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
1782 ASSERT_VOP_LOCKED(dvp, "mac_create_vnode_extattr");
1783 ASSERT_VOP_LOCKED(vp, "mac_create_vnode_extattr");
1785 error = VOP_OPENEXTATTR(vp, cred, curthread);
1786 if (error == EOPNOTSUPP) {
1787 /* XXX: Optionally abort if transactions not supported. */
1788 if (ea_warn_once == 0) {
1789 printf("Warning: transactions not supported "
1796 MAC_CHECK(create_vnode_extattr, cred, mp, &mp->mnt_fslabel,
1797 dvp, &dvp->v_label, vp, &vp->v_label, cnp);
1800 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
1804 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
1806 if (error == EOPNOTSUPP)
1807 error = 0; /* XXX */
1813 mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
1814 struct label *intlabel)
1818 ASSERT_VOP_LOCKED(vp, "mac_setlabel_vnode_extattr");
1820 error = VOP_OPENEXTATTR(vp, cred, curthread);
1821 if (error == EOPNOTSUPP) {
1822 /* XXX: Optionally abort if transactions not supported. */
1823 if (ea_warn_once == 0) {
1824 printf("Warning: transactions not supported "
1831 MAC_CHECK(setlabel_vnode_extattr, cred, vp, &vp->v_label, intlabel);
1834 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
1838 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
1840 if (error == EOPNOTSUPP)
1841 error = 0; /* XXX */
1847 mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
1850 ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
1852 MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
1856 mac_execve_will_transition(struct ucred *old, struct vnode *vp)
1861 MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);
1867 mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
1871 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_access");
1873 if (!mac_enforce_fs)
1876 MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
1881 mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp)
1885 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chdir");
1887 if (!mac_enforce_fs)
1890 MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label);
1895 mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp)
1899 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chroot");
1901 if (!mac_enforce_fs)
1904 MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label);
1909 mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1910 struct componentname *cnp, struct vattr *vap)
1914 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_create");
1916 if (!mac_enforce_fs)
1919 MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap);
1924 mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
1925 struct componentname *cnp)
1929 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
1930 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
1932 if (!mac_enforce_fs)
1935 MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
1941 mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1946 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
1948 if (!mac_enforce_fs)
1951 MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
1956 mac_check_vnode_exec(struct ucred *cred, struct vnode *vp)
1960 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_exec");
1962 if (!mac_enforce_process && !mac_enforce_fs)
1965 MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label);
1971 mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)
1975 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getacl");
1977 if (!mac_enforce_fs)
1980 MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type);
1985 mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1986 int attrnamespace, const char *name, struct uio *uio)
1990 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getextattr");
1992 if (!mac_enforce_fs)
1995 MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label,
1996 attrnamespace, name, uio);
2001 mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
2002 struct vnode *vp, struct componentname *cnp)
2006 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_link");
2007 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_link");
2009 if (!mac_enforce_fs)
2012 MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp,
2018 mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
2019 struct componentname *cnp)
2023 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_lookup");
2025 if (!mac_enforce_fs)
2028 MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp);
2033 mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot)
2037 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap");
2039 if (!mac_enforce_fs || !mac_enforce_vm)
2042 MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot);
2047 mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
2051 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_downgrade");
2053 if (!mac_enforce_fs || !mac_enforce_vm)
2056 MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label,
2063 mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
2067 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mprotect");
2069 if (!mac_enforce_fs || !mac_enforce_vm)
2072 MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot);
2077 mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
2081 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
2083 if (!mac_enforce_fs)
2086 MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
2091 mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
2096 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll");
2098 if (!mac_enforce_fs)
2101 MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp,
2108 mac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
2113 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read");
2115 if (!mac_enforce_fs)
2118 MAC_CHECK(check_vnode_read, active_cred, file_cred, vp,
2125 mac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp)
2129 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_readdir");
2131 if (!mac_enforce_fs)
2134 MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label);
2139 mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp)
2143 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_readlink");
2145 if (!mac_enforce_fs)
2148 MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label);
2153 mac_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
2154 struct label *newlabel)
2158 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel");
2160 MAC_CHECK(check_vnode_relabel, cred, vp, &vp->v_label, newlabel);
2166 mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
2167 struct vnode *vp, struct componentname *cnp)
2171 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
2172 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
2174 if (!mac_enforce_fs)
2177 MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
2183 mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
2184 struct vnode *vp, int samedir, struct componentname *cnp)
2188 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
2189 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
2191 if (!mac_enforce_fs)
2194 MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
2195 vp != NULL ? &vp->v_label : NULL, samedir, cnp);
2200 mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
2204 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
2206 if (!mac_enforce_fs)
2209 MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
2214 mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
2219 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
2221 if (!mac_enforce_fs)
2224 MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
2229 mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
2230 int attrnamespace, const char *name, struct uio *uio)
2234 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
2236 if (!mac_enforce_fs)
2239 MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
2240 attrnamespace, name, uio);
2245 mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
2249 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
2251 if (!mac_enforce_fs)
2254 MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
2259 mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
2263 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
2265 if (!mac_enforce_fs)
2268 MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
2273 mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
2278 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
2280 if (!mac_enforce_fs)
2283 MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
2288 mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
2289 struct timespec atime, struct timespec mtime)
2293 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
2295 if (!mac_enforce_fs)
2298 MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
2304 mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
2309 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat");
2311 if (!mac_enforce_fs)
2314 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
2320 mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
2325 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write");
2327 if (!mac_enforce_fs)
2330 MAC_CHECK(check_vnode_write, active_cred, file_cred, vp,
2337 * When relabeling a process, call out to the policies for the maximum
2338 * permission allowed for each object type we know about in its
2339 * memory space, and revoke access (in the least surprising ways we
2340 * know) when necessary. The process lock is not held here.
2343 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
2346 /* XXX freeze all other threads */
2347 mac_cred_mmapped_drop_perms_recurse(td, cred,
2348 &td->td_proc->p_vmspace->vm_map);
2349 /* XXX allow other threads to continue */
2352 static __inline const char *
2353 prot2str(vm_prot_t prot)
2356 switch (prot & VM_PROT_ALL) {
2359 case VM_PROT_READ | VM_PROT_WRITE:
2361 case VM_PROT_READ | VM_PROT_EXECUTE:
2363 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
2367 case VM_PROT_EXECUTE:
2369 case VM_PROT_WRITE | VM_PROT_EXECUTE:
2377 mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
2380 struct vm_map_entry *vme;
2382 vm_prot_t revokeperms;
2384 vm_ooffset_t offset;
2387 if (!mac_mmap_revocation)
2390 vm_map_lock_read(map);
2391 for (vme = map->header.next; vme != &map->header; vme = vme->next) {
2392 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) {
2393 mac_cred_mmapped_drop_perms_recurse(td, cred,
2394 vme->object.sub_map);
2398 * Skip over entries that obviously are not shared.
2400 if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) ||
2401 !vme->max_protection)
2404 * Drill down to the deepest backing object.
2406 offset = vme->offset;
2407 object = vme->object.vm_object;
2410 while (object->backing_object != NULL) {
2411 object = object->backing_object;
2412 offset += object->backing_object_offset;
2415 * At the moment, vm_maps and objects aren't considered
2416 * by the MAC system, so only things with backing by a
2417 * normal object (read: vnodes) are checked.
2419 if (object->type != OBJT_VNODE)
2421 vp = (struct vnode *)object->handle;
2422 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
2423 result = vme->max_protection;
2424 mac_check_vnode_mmap_downgrade(cred, vp, &result);
2425 VOP_UNLOCK(vp, 0, td);
2427 * Find out what maximum protection we may be allowing
2428 * now but a policy needs to get removed.
2430 revokeperms = vme->max_protection & ~result;
2433 printf("pid %ld: revoking %s perms from %#lx:%ld "
2434 "(max %s/cur %s)\n", (long)td->td_proc->p_pid,
2435 prot2str(revokeperms), (u_long)vme->start,
2436 (long)(vme->end - vme->start),
2437 prot2str(vme->max_protection), prot2str(vme->protection));
2438 vm_map_lock_upgrade(map);
2440 * This is the really simple case: if a map has more
2441 * max_protection than is allowed, but it's not being
2442 * actually used (that is, the current protection is
2443 * still allowed), we can just wipe it out and do
2446 if ((vme->protection & revokeperms) == 0) {
2447 vme->max_protection -= revokeperms;
2449 if (revokeperms & VM_PROT_WRITE) {
2451 * In the more complicated case, flush out all
2452 * pending changes to the object then turn it
2455 vm_object_reference(object);
2456 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
2457 vm_object_page_clean(object,
2459 OFF_TO_IDX(offset + vme->end - vme->start +
2462 VOP_UNLOCK(vp, 0, td);
2463 vm_object_deallocate(object);
2465 * Why bother if there's no read permissions
2466 * anymore? For the rest, we need to leave
2467 * the write permissions on for COW, or
2468 * remove them entirely if configured to.
2470 if (!mac_mmap_revocation_via_cow) {
2471 vme->max_protection &= ~VM_PROT_WRITE;
2472 vme->protection &= ~VM_PROT_WRITE;
2473 } if ((revokeperms & VM_PROT_READ) == 0)
2474 vme->eflags |= MAP_ENTRY_COW |
2475 MAP_ENTRY_NEEDS_COPY;
2477 if (revokeperms & VM_PROT_EXECUTE) {
2478 vme->max_protection &= ~VM_PROT_EXECUTE;
2479 vme->protection &= ~VM_PROT_EXECUTE;
2481 if (revokeperms & VM_PROT_READ) {
2482 vme->max_protection = 0;
2483 vme->protection = 0;
2485 pmap_protect(map->pmap, vme->start, vme->end,
2486 vme->protection & ~revokeperms);
2487 vm_map_simplify_entry(map, vme);
2489 vm_map_lock_downgrade(map);
2491 vm_map_unlock_read(map);
2495 * When the subject's label changes, it may require revocation of privilege
2496 * to mapped objects. This can't be done on-the-fly later with a unified
2500 mac_relabel_cred(struct ucred *cred, struct label *newlabel)
2503 MAC_PERFORM(relabel_cred, cred, newlabel);
2507 mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel)
2510 MAC_PERFORM(relabel_vnode, cred, vp, &vp->v_label, newlabel);
2514 mac_create_ifnet(struct ifnet *ifnet)
2517 MAC_PERFORM(create_ifnet, ifnet, &ifnet->if_label);
2521 mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d)
2524 MAC_PERFORM(create_bpfdesc, cred, bpf_d, &bpf_d->bd_label);
2528 mac_create_socket(struct ucred *cred, struct socket *socket)
2531 MAC_PERFORM(create_socket, cred, socket, &socket->so_label);
2535 mac_create_pipe(struct ucred *cred, struct pipe *pipe)
2538 MAC_PERFORM(create_pipe, cred, pipe, pipe->pipe_label);
2542 mac_create_socket_from_socket(struct socket *oldsocket,
2543 struct socket *newsocket)
2546 MAC_PERFORM(create_socket_from_socket, oldsocket, &oldsocket->so_label,
2547 newsocket, &newsocket->so_label);
2551 mac_relabel_socket(struct ucred *cred, struct socket *socket,
2552 struct label *newlabel)
2555 MAC_PERFORM(relabel_socket, cred, socket, &socket->so_label, newlabel);
2559 mac_relabel_pipe(struct ucred *cred, struct pipe *pipe, struct label *newlabel)
2562 MAC_PERFORM(relabel_pipe, cred, pipe, pipe->pipe_label, newlabel);
2566 mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
2569 MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, &mbuf->m_pkthdr.label,
2570 socket, &socket->so_peerlabel);
2574 mac_set_socket_peer_from_socket(struct socket *oldsocket,
2575 struct socket *newsocket)
2578 MAC_PERFORM(set_socket_peer_from_socket, oldsocket,
2579 &oldsocket->so_label, newsocket, &newsocket->so_peerlabel);
2583 mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram)
2586 MAC_PERFORM(create_datagram_from_ipq, ipq, &ipq->ipq_label,
2587 datagram, &datagram->m_pkthdr.label);
2591 mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment)
2594 MAC_PERFORM(create_fragment, datagram, &datagram->m_pkthdr.label,
2595 fragment, &fragment->m_pkthdr.label);
2599 mac_create_ipq(struct mbuf *fragment, struct ipq *ipq)
2602 MAC_PERFORM(create_ipq, fragment, &fragment->m_pkthdr.label, ipq,
2607 mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf)
2610 MAC_PERFORM(create_mbuf_from_mbuf, oldmbuf, &oldmbuf->m_pkthdr.label,
2611 newmbuf, &newmbuf->m_pkthdr.label);
2615 mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
2618 MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, &bpf_d->bd_label, mbuf,
2619 &mbuf->m_pkthdr.label);
2623 mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *mbuf)
2626 MAC_PERFORM(create_mbuf_linklayer, ifnet, &ifnet->if_label, mbuf,
2627 &mbuf->m_pkthdr.label);
2631 mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *mbuf)
2634 MAC_PERFORM(create_mbuf_from_ifnet, ifnet, &ifnet->if_label, mbuf,
2635 &mbuf->m_pkthdr.label);
2639 mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet,
2640 struct mbuf *newmbuf)
2643 MAC_PERFORM(create_mbuf_multicast_encap, oldmbuf,
2644 &oldmbuf->m_pkthdr.label, ifnet, &ifnet->if_label, newmbuf,
2645 &newmbuf->m_pkthdr.label);
2649 mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
2652 MAC_PERFORM(create_mbuf_netlayer, oldmbuf, &oldmbuf->m_pkthdr.label,
2653 newmbuf, &newmbuf->m_pkthdr.label);
2657 mac_fragment_match(struct mbuf *fragment, struct ipq *ipq)
2662 MAC_BOOLEAN(fragment_match, &&, fragment, &fragment->m_pkthdr.label,
2663 ipq, &ipq->ipq_label);
2669 mac_update_ipq(struct mbuf *fragment, struct ipq *ipq)
2672 MAC_PERFORM(update_ipq, fragment, &fragment->m_pkthdr.label, ipq,
2677 mac_create_mbuf_from_socket(struct socket *socket, struct mbuf *mbuf)
2680 MAC_PERFORM(create_mbuf_from_socket, socket, &socket->so_label, mbuf,
2681 &mbuf->m_pkthdr.label);
2685 mac_create_mount(struct ucred *cred, struct mount *mp)
2688 MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel,
2693 mac_create_root_mount(struct ucred *cred, struct mount *mp)
2696 MAC_PERFORM(create_root_mount, cred, mp, &mp->mnt_mntlabel,
2701 mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
2705 if (!mac_enforce_network)
2708 MAC_CHECK(check_bpfdesc_receive, bpf_d, &bpf_d->bd_label, ifnet,
2715 mac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
2719 MAC_CHECK(check_cred_relabel, cred, newlabel);
2725 mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
2729 if (!mac_enforce_process)
2732 MAC_CHECK(check_cred_visible, u1, u2);
2738 mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
2742 if (!mac_enforce_network)
2745 KASSERT(mbuf->m_flags & M_PKTHDR, ("packet has no pkthdr"));
2746 if (!(mbuf->m_pkthdr.label.l_flags & MAC_FLAG_INITIALIZED))
2747 if_printf(ifnet, "not initialized\n");
2749 MAC_CHECK(check_ifnet_transmit, ifnet, &ifnet->if_label, mbuf,
2750 &mbuf->m_pkthdr.label);
2756 mac_check_mount_stat(struct ucred *cred, struct mount *mount)
2760 if (!mac_enforce_fs)
2763 MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel);
2769 mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
2774 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2776 if (!mac_enforce_pipe)
2779 MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
2785 mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
2789 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2791 if (!mac_enforce_pipe)
2794 MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
2800 mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
2804 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2806 if (!mac_enforce_pipe)
2809 MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
2815 mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
2816 struct label *newlabel)
2820 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2822 if (!mac_enforce_pipe)
2825 MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
2831 mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
2835 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2837 if (!mac_enforce_pipe)
2840 MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
2846 mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
2850 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2852 if (!mac_enforce_pipe)
2855 MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
2861 mac_check_proc_debug(struct ucred *cred, struct proc *proc)
2865 PROC_LOCK_ASSERT(proc, MA_OWNED);
2867 if (!mac_enforce_process)
2870 MAC_CHECK(check_proc_debug, cred, proc);
2876 mac_check_proc_sched(struct ucred *cred, struct proc *proc)
2880 PROC_LOCK_ASSERT(proc, MA_OWNED);
2882 if (!mac_enforce_process)
2885 MAC_CHECK(check_proc_sched, cred, proc);
2891 mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
2895 PROC_LOCK_ASSERT(proc, MA_OWNED);
2897 if (!mac_enforce_process)
2900 MAC_CHECK(check_proc_signal, cred, proc, signum);
2906 mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
2907 struct sockaddr *sockaddr)
2911 if (!mac_enforce_socket)
2914 MAC_CHECK(check_socket_bind, ucred, socket, &socket->so_label,
2921 mac_check_socket_connect(struct ucred *cred, struct socket *socket,
2922 struct sockaddr *sockaddr)
2926 if (!mac_enforce_socket)
2929 MAC_CHECK(check_socket_connect, cred, socket, &socket->so_label,
2936 mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf)
2940 if (!mac_enforce_socket)
2943 MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf,
2944 &mbuf->m_pkthdr.label);
2950 mac_check_socket_listen(struct ucred *cred, struct socket *socket)
2954 if (!mac_enforce_socket)
2957 MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label);
2962 mac_check_socket_receive(struct ucred *cred, struct socket *so)
2966 if (!mac_enforce_socket)
2969 MAC_CHECK(check_socket_receive, cred, so, &so->so_label);
2975 mac_check_socket_relabel(struct ucred *cred, struct socket *socket,
2976 struct label *newlabel)
2980 MAC_CHECK(check_socket_relabel, cred, socket, &socket->so_label,
2987 mac_check_socket_send(struct ucred *cred, struct socket *so)
2991 if (!mac_enforce_socket)
2994 MAC_CHECK(check_socket_send, cred, so, &so->so_label);
3000 mac_check_socket_visible(struct ucred *cred, struct socket *socket)
3004 if (!mac_enforce_socket)
3007 MAC_CHECK(check_socket_visible, cred, socket, &socket->so_label);
3013 mac_check_system_reboot(struct ucred *cred, int howto)
3017 if (!mac_enforce_system)
3020 MAC_CHECK(check_system_reboot, cred, howto);
3026 mac_check_system_swapon(struct ucred *cred, struct vnode *vp)
3030 ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon");
3032 if (!mac_enforce_system)
3035 MAC_CHECK(check_system_swapon, cred, vp, &vp->v_label);
3040 mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
3041 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
3046 * XXXMAC: We're very much like to assert the SYSCTL_LOCK here,
3047 * but since it's not exported from kern_sysctl.c, we can't.
3049 if (!mac_enforce_system)
3052 MAC_CHECK(check_system_sysctl, cred, name, namelen, old, oldlenp,
3053 inkernel, new, newlen);
3059 mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
3060 struct ifnet *ifnet)
3062 char *elements, *buffer;
3066 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac));
3070 error = mac_check_structmac_consistent(&mac);
3074 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3075 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3077 free(elements, M_MACTEMP);
3081 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3082 error = mac_externalize_ifnet_label(&ifnet->if_label, elements,
3083 buffer, mac.m_buflen, M_WAITOK);
3085 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3087 free(buffer, M_MACTEMP);
3088 free(elements, M_MACTEMP);
3094 mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
3095 struct ifnet *ifnet)
3097 struct label intlabel;
3102 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac));
3106 error = mac_check_structmac_consistent(&mac);
3110 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3111 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3113 free(buffer, M_MACTEMP);
3117 mac_init_ifnet_label(&intlabel);
3118 error = mac_internalize_ifnet_label(&intlabel, buffer);
3119 free(buffer, M_MACTEMP);
3121 mac_destroy_ifnet_label(&intlabel);
3126 * XXX: Note that this is a redundant privilege check, since
3127 * policies impose this check themselves if required by the
3128 * policy. Eventually, this should go away.
3130 error = suser_cred(cred, 0);
3132 mac_destroy_ifnet_label(&intlabel);
3136 MAC_CHECK(check_ifnet_relabel, cred, ifnet, &ifnet->if_label,
3139 mac_destroy_ifnet_label(&intlabel);
3143 MAC_PERFORM(relabel_ifnet, cred, ifnet, &ifnet->if_label, &intlabel);
3145 mac_destroy_ifnet_label(&intlabel);
3150 mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp)
3153 MAC_PERFORM(create_devfs_vnode, de, &de->de_label, vp, &vp->v_label);
3157 mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
3160 MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
3164 mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
3165 struct devfs_dirent *de)
3168 MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
3173 mac_create_devfs_directory(char *dirname, int dirnamelen,
3174 struct devfs_dirent *de)
3177 MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
3182 mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
3185 struct label intlabel;
3189 error = mac_check_structmac_consistent(mac);
3193 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3194 error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
3196 free(buffer, M_MACTEMP);
3200 mac_init_socket_label(&intlabel, M_WAITOK);
3201 error = mac_internalize_socket_label(&intlabel, buffer);
3202 free(buffer, M_MACTEMP);
3204 mac_destroy_socket_label(&intlabel);
3208 mac_check_socket_relabel(cred, so, &intlabel);
3210 mac_destroy_socket_label(&intlabel);
3214 mac_relabel_socket(cred, so, &intlabel);
3216 mac_destroy_socket_label(&intlabel);
3221 mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
3225 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
3227 error = mac_check_pipe_relabel(cred, pipe, label);
3231 mac_relabel_pipe(cred, pipe, label);
3237 mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
3240 char *buffer, *elements;
3243 error = mac_check_structmac_consistent(mac);
3247 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3248 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
3250 free(elements, M_MACTEMP);
3254 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3255 error = mac_externalize_socket_label(&so->so_label, elements,
3256 buffer, mac->m_buflen, M_WAITOK);
3258 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
3260 free(buffer, M_MACTEMP);
3261 free(elements, M_MACTEMP);
3267 mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
3270 char *elements, *buffer;
3273 error = mac_check_structmac_consistent(mac);
3277 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3278 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
3280 free(elements, M_MACTEMP);
3284 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3285 error = mac_externalize_socket_peer_label(&so->so_peerlabel,
3286 elements, buffer, mac->m_buflen, M_WAITOK);
3288 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
3290 free(buffer, M_MACTEMP);
3291 free(elements, M_MACTEMP);
3297 * Implementation of VOP_SETLABEL() that relies on extended attributes
3298 * to store label data. Can be referenced by filesystems supporting
3299 * extended attributes.
3302 vop_stdsetlabel_ea(struct vop_setlabel_args *ap)
3304 struct vnode *vp = ap->a_vp;
3305 struct label *intlabel = ap->a_label;
3308 ASSERT_VOP_LOCKED(vp, "vop_stdsetlabel_ea");
3310 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)
3311 return (EOPNOTSUPP);
3313 error = mac_setlabel_vnode_extattr(ap->a_cred, vp, intlabel);
3317 mac_relabel_vnode(ap->a_cred, vp, intlabel);
3323 vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
3327 if (vp->v_mount == NULL) {
3328 /* printf("vn_setlabel: null v_mount\n"); */
3329 if (vp->v_type != VNON)
3330 printf("vn_setlabel: null v_mount with non-VNON\n");
3334 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)
3335 return (EOPNOTSUPP);
3338 * Multi-phase commit. First check the policies to confirm the
3339 * change is OK. Then commit via the filesystem. Finally,
3340 * update the actual vnode label. Question: maybe the filesystem
3341 * should update the vnode at the end as part of VOP_SETLABEL()?
3343 error = mac_check_vnode_relabel(cred, vp, intlabel);
3348 * VADMIN provides the opportunity for the filesystem to make
3349 * decisions about who is and is not able to modify labels
3350 * and protections on files. This might not be right. We can't
3351 * assume VOP_SETLABEL() will do it, because we might implement
3352 * that as part of vop_stdsetlabel_ea().
3354 error = VOP_ACCESS(vp, VADMIN, cred, curthread);
3358 error = VOP_SETLABEL(vp, intlabel, cred, curthread);
3366 __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
3368 char *elements, *buffer;
3371 struct ucred *tcred;
3374 error = copyin(SCARG(uap, mac_p), &mac, sizeof(mac));
3378 error = mac_check_structmac_consistent(&mac);
3382 tproc = pfind(uap->pid);
3386 tcred = NULL; /* Satisfy gcc. */
3387 error = p_cansee(td, tproc);
3389 tcred = crhold(tproc->p_ucred);
3394 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3395 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3397 free(elements, M_MACTEMP);
3402 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3403 error = mac_externalize_cred_label(&tcred->cr_label, elements,
3404 buffer, mac.m_buflen, M_WAITOK);
3406 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3408 free(buffer, M_MACTEMP);
3409 free(elements, M_MACTEMP);
3418 __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
3420 char *elements, *buffer;
3424 error = copyin(uap->mac_p, &mac, sizeof(mac));
3428 error = mac_check_structmac_consistent(&mac);
3432 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3433 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3435 free(elements, M_MACTEMP);
3439 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3440 error = mac_externalize_cred_label(&td->td_ucred->cr_label,
3441 elements, buffer, mac.m_buflen, M_WAITOK);
3443 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3445 free(buffer, M_MACTEMP);
3446 free(elements, M_MACTEMP);
3454 __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
3456 struct ucred *newcred, *oldcred;
3457 struct label intlabel;
3463 error = copyin(uap->mac_p, &mac, sizeof(mac));
3467 error = mac_check_structmac_consistent(&mac);
3471 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3472 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3474 free(buffer, M_MACTEMP);
3478 mac_init_cred_label(&intlabel);
3479 error = mac_internalize_cred_label(&intlabel, buffer);
3480 free(buffer, M_MACTEMP);
3482 mac_destroy_cred_label(&intlabel);
3490 oldcred = p->p_ucred;
3492 error = mac_check_cred_relabel(oldcred, &intlabel);
3500 crcopy(newcred, oldcred);
3501 mac_relabel_cred(newcred, &intlabel);
3502 p->p_ucred = newcred;
3505 * Grab additional reference for use while revoking mmaps, prior
3506 * to releasing the proc lock and sharing the cred.
3511 if (mac_enforce_vm) {
3513 mac_cred_mmapped_drop_perms(td, newcred);
3517 crfree(newcred); /* Free revocation reference. */
3521 mac_destroy_cred_label(&intlabel);
3529 __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
3531 char *elements, *buffer;
3532 struct label intlabel;
3540 error = copyin(uap->mac_p, &mac, sizeof(mac));
3544 error = mac_check_structmac_consistent(&mac);
3548 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3549 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3551 free(elements, M_MACTEMP);
3555 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3556 mtx_lock(&Giant); /* VFS */
3557 error = fget(td, SCARG(uap, fd), &fp);
3561 label_type = fp->f_type;
3562 switch (fp->f_type) {
3565 vp = (struct vnode *)fp->f_data;
3567 mac_init_vnode_label(&intlabel);
3569 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3570 mac_copy_vnode_label(&vp->v_label, &intlabel);
3571 VOP_UNLOCK(vp, 0, td);
3575 pipe = (struct pipe *)fp->f_data;
3577 mac_init_pipe_label(&intlabel);
3580 mac_copy_pipe_label(pipe->pipe_label, &intlabel);
3590 switch (label_type) {
3594 error = mac_externalize_vnode_label(&intlabel,
3595 elements, buffer, mac.m_buflen, M_WAITOK);
3596 mac_destroy_vnode_label(&intlabel);
3599 error = mac_externalize_pipe_label(&intlabel, elements,
3600 buffer, mac.m_buflen, M_WAITOK);
3601 mac_destroy_pipe_label(&intlabel);
3604 panic("__mac_get_fd: corrupted label_type");
3608 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3611 mtx_unlock(&Giant); /* VFS */
3612 free(buffer, M_MACTEMP);
3613 free(elements, M_MACTEMP);
3622 __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
3624 char *elements, *buffer;
3625 struct nameidata nd;
3626 struct label intlabel;
3630 error = copyin(uap->mac_p, &mac, sizeof(mac));
3634 error = mac_check_structmac_consistent(&mac);
3638 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3639 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3641 free(elements, M_MACTEMP);
3645 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3646 mtx_lock(&Giant); /* VFS */
3647 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p,
3653 mac_init_vnode_label(&intlabel);
3654 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
3655 error = mac_externalize_vnode_label(&intlabel, elements, buffer,
3656 mac.m_buflen, M_WAITOK);
3659 mac_destroy_vnode_label(&intlabel);
3662 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3665 mtx_unlock(&Giant); /* VFS */
3667 free(buffer, M_MACTEMP);
3668 free(elements, M_MACTEMP);
3677 __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
3679 char *elements, *buffer;
3680 struct nameidata nd;
3681 struct label intlabel;
3685 error = copyin(uap->mac_p, &mac, sizeof(mac));
3689 error = mac_check_structmac_consistent(&mac);
3693 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3694 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3696 free(elements, M_MACTEMP);
3700 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3701 mtx_lock(&Giant); /* VFS */
3702 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p,
3708 mac_init_vnode_label(&intlabel);
3709 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
3710 error = mac_externalize_vnode_label(&intlabel, elements, buffer,
3711 mac.m_buflen, M_WAITOK);
3713 mac_destroy_vnode_label(&intlabel);
3716 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3719 mtx_unlock(&Giant); /* VFS */
3721 free(buffer, M_MACTEMP);
3722 free(elements, M_MACTEMP);
3731 __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
3733 struct label intlabel;
3742 error = copyin(uap->mac_p, &mac, sizeof(mac));
3746 error = mac_check_structmac_consistent(&mac);
3750 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3751 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3753 free(buffer, M_MACTEMP);
3757 mtx_lock(&Giant); /* VFS */
3759 error = fget(td, SCARG(uap, fd), &fp);
3763 switch (fp->f_type) {
3766 mac_init_vnode_label(&intlabel);
3767 error = mac_internalize_vnode_label(&intlabel, buffer);
3769 mac_destroy_vnode_label(&intlabel);
3773 vp = (struct vnode *)fp->f_data;
3774 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3776 mac_destroy_vnode_label(&intlabel);
3780 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3781 error = vn_setlabel(vp, &intlabel, td->td_ucred);
3782 VOP_UNLOCK(vp, 0, td);
3783 vn_finished_write(mp);
3785 mac_destroy_vnode_label(&intlabel);
3789 mac_init_pipe_label(&intlabel);
3790 error = mac_internalize_pipe_label(&intlabel, buffer);
3792 pipe = (struct pipe *)fp->f_data;
3794 error = mac_pipe_label_set(td->td_ucred, pipe,
3799 mac_destroy_pipe_label(&intlabel);
3808 mtx_unlock(&Giant); /* VFS */
3810 free(buffer, M_MACTEMP);
3819 __mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
3821 struct label intlabel;
3822 struct nameidata nd;
3828 error = copyin(uap->mac_p, &mac, sizeof(mac));
3832 error = mac_check_structmac_consistent(&mac);
3836 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3837 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3839 free(buffer, M_MACTEMP);
3843 mac_init_vnode_label(&intlabel);
3844 error = mac_internalize_vnode_label(&intlabel, buffer);
3845 free(buffer, M_MACTEMP);
3847 mac_destroy_vnode_label(&intlabel);
3851 mtx_lock(&Giant); /* VFS */
3853 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p,
3857 error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
3859 error = vn_setlabel(nd.ni_vp, &intlabel,
3861 vn_finished_write(mp);
3865 mtx_unlock(&Giant); /* VFS */
3866 mac_destroy_vnode_label(&intlabel);
3875 __mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
3877 struct label intlabel;
3878 struct nameidata nd;
3884 error = copyin(uap->mac_p, &mac, sizeof(mac));
3888 error = mac_check_structmac_consistent(&mac);
3892 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3893 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3895 free(buffer, M_MACTEMP);
3899 mac_init_vnode_label(&intlabel);
3900 error = mac_internalize_vnode_label(&intlabel, buffer);
3901 free(buffer, M_MACTEMP);
3903 mac_destroy_vnode_label(&intlabel);
3907 mtx_lock(&Giant); /* VFS */
3909 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p,
3913 error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
3915 error = vn_setlabel(nd.ni_vp, &intlabel,
3917 vn_finished_write(mp);
3921 mtx_unlock(&Giant); /* VFS */
3922 mac_destroy_vnode_label(&intlabel);
3931 mac_syscall(struct thread *td, struct mac_syscall_args *uap)
3933 struct mac_policy_conf *mpc;
3934 char target[MAC_MAX_POLICY_NAME];
3937 error = copyinstr(SCARG(uap, policy), target, sizeof(target), NULL);
3942 MAC_POLICY_LIST_BUSY();
3943 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
3944 if (strcmp(mpc->mpc_name, target) == 0 &&
3945 mpc->mpc_ops->mpo_syscall != NULL) {
3946 error = mpc->mpc_ops->mpo_syscall(td,
3947 SCARG(uap, call), SCARG(uap, arg));
3953 MAC_POLICY_LIST_UNBUSY();
3957 SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
3958 SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
3963 __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
3970 __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
3977 __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
3984 __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
3991 __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
3998 __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
4005 __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
4012 __mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
4019 __mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
4026 mac_syscall(struct thread *td, struct mac_syscall_args *uap)
projects / FreeBSD / FreeBSD.git / blob