2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
5 * Copyright (c) 2005-2006 SPARTA, Inc.
6 * Copyright (c) 2008 Apple Inc.
9 * This software was developed by Robert Watson and Ilmar Habibulin for the
12 * This software was developed for the FreeBSD Project in part by McAfee
13 * Research, the Technology Research Division of Network Associates, Inc.
14 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
15 * DARPA CHATS research program.
17 * This software was enhanced by SPARTA ISSO under SPAWAR contract
18 * N66001-04-C-6019 ("SEFOS").
20 * Redistribution and use in source and binary forms, with or without
21 * modification, are permitted provided that the following conditions
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 * 2. Redistributions in binary form must reproduce the above copyright
26 * notice, this list of conditions and the following disclaimer in the
27 * documentation and/or other materials provided with the distribution.
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD$");
47 #include <sys/param.h>
48 #include <sys/kernel.h>
50 #include <sys/malloc.h>
51 #include <sys/mutex.h>
54 #include <sys/systm.h>
55 #include <sys/mount.h>
57 #include <sys/namei.h>
58 #include <sys/protosw.h>
59 #include <sys/socket.h>
60 #include <sys/socketvar.h>
61 #include <sys/sysctl.h>
63 #include <net/bpfdesc.h>
65 #include <net/if_var.h>
67 #include <netinet/in.h>
68 #include <netinet/in_pcb.h>
69 #include <netinet/ip_var.h>
71 #include <security/mac/mac_framework.h>
72 #include <security/mac/mac_internal.h>
73 #include <security/mac/mac_policy.h>
76 * Currently, sockets hold two labels: the label of the socket itself, and a
77 * peer label, which may be used by policies to hold a copy of the label of
78 * any remote endpoint.
80 * Possibly, this peer label should be maintained at the protocol layer
81 * (inpcb, unpcb, etc), as this would allow protocol-aware code to maintain
82 * the label consistently. For example, it might be copied live from a
83 * remote socket for UNIX domain sockets rather than keeping a local copy on
84 * this endpoint, but be cached and updated based on packets received for
89 mac_socket_label_alloc(int flag)
94 label = mac_labelzone_alloc(flag);
98 MAC_CHECK(socket_init_label, label, flag);
100 MAC_PERFORM(socket_destroy_label, label);
101 mac_labelzone_free(label);
107 static struct label *
108 mac_socketpeer_label_alloc(int flag)
113 label = mac_labelzone_alloc(flag);
117 MAC_CHECK(socketpeer_init_label, label, flag);
119 MAC_PERFORM(socketpeer_destroy_label, label);
120 mac_labelzone_free(label);
127 mac_socket_init(struct socket *so, int flag)
130 if (mac_labeled & MPC_OBJECT_SOCKET) {
131 so->so_label = mac_socket_label_alloc(flag);
132 if (so->so_label == NULL)
134 so->so_peerlabel = mac_socketpeer_label_alloc(flag);
135 if (so->so_peerlabel == NULL) {
136 mac_socket_label_free(so->so_label);
142 so->so_peerlabel = NULL;
148 mac_socket_label_free(struct label *label)
151 MAC_PERFORM(socket_destroy_label, label);
152 mac_labelzone_free(label);
156 mac_socketpeer_label_free(struct label *label)
159 MAC_PERFORM(socketpeer_destroy_label, label);
160 mac_labelzone_free(label);
164 mac_socket_destroy(struct socket *so)
167 if (so->so_label != NULL) {
168 mac_socket_label_free(so->so_label);
170 mac_socketpeer_label_free(so->so_peerlabel);
171 so->so_peerlabel = NULL;
176 mac_socket_copy_label(struct label *src, struct label *dest)
179 MAC_PERFORM(socket_copy_label, src, dest);
183 mac_socket_externalize_label(struct label *label, char *elements,
184 char *outbuf, size_t outbuflen)
188 MAC_EXTERNALIZE(socket, label, elements, outbuf, outbuflen);
194 mac_socketpeer_externalize_label(struct label *label, char *elements,
195 char *outbuf, size_t outbuflen)
199 MAC_EXTERNALIZE(socketpeer, label, elements, outbuf, outbuflen);
205 mac_socket_internalize_label(struct label *label, char *string)
209 MAC_INTERNALIZE(socket, label, string);
215 mac_socket_create(struct ucred *cred, struct socket *so)
218 MAC_PERFORM(socket_create, cred, so, so->so_label);
222 mac_socket_newconn(struct socket *oldso, struct socket *newso)
225 SOCK_LOCK_ASSERT(oldso);
227 MAC_PERFORM(socket_newconn, oldso, oldso->so_label, newso,
232 mac_socket_relabel(struct ucred *cred, struct socket *so,
233 struct label *newlabel)
236 SOCK_LOCK_ASSERT(so);
238 MAC_PERFORM(socket_relabel, cred, so, so->so_label, newlabel);
242 mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
246 SOCK_LOCK_ASSERT(so);
248 label = mac_mbuf_to_label(m);
250 MAC_PERFORM(socketpeer_set_from_mbuf, m, label, so,
255 mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
259 * XXXRW: only hold the socket lock on one at a time, as one socket
260 * is the original, and one is the new. However, it's called in both
261 * directions, so we can't assert the lock here currently.
263 MAC_PERFORM(socketpeer_set_from_socket, oldso, oldso->so_label,
264 newso, newso->so_peerlabel);
268 mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
272 SOCK_LOCK_ASSERT(so);
274 label = mac_mbuf_to_label(m);
276 MAC_PERFORM(socket_create_mbuf, so, so->so_label, m, label);
280 mac_socket_check_accept(struct ucred *cred, struct socket *so)
284 SOCK_LOCK_ASSERT(so);
286 MAC_CHECK(socket_check_accept, cred, so, so->so_label);
292 mac_socket_check_bind(struct ucred *ucred, struct socket *so,
297 SOCK_LOCK_ASSERT(so);
299 MAC_CHECK(socket_check_bind, ucred, so, so->so_label, sa);
305 mac_socket_check_connect(struct ucred *cred, struct socket *so,
310 SOCK_LOCK_ASSERT(so);
312 MAC_CHECK(socket_check_connect, cred, so, so->so_label, sa);
318 mac_socket_check_create(struct ucred *cred, int domain, int type, int proto)
322 MAC_CHECK(socket_check_create, cred, domain, type, proto);
328 mac_socket_check_deliver(struct socket *so, struct mbuf *m)
333 SOCK_LOCK_ASSERT(so);
335 label = mac_mbuf_to_label(m);
337 MAC_CHECK(socket_check_deliver, so, so->so_label, m, label);
343 mac_socket_check_listen(struct ucred *cred, struct socket *so)
347 SOCK_LOCK_ASSERT(so);
349 MAC_CHECK(socket_check_listen, cred, so, so->so_label);
355 mac_socket_check_poll(struct ucred *cred, struct socket *so)
359 SOCK_LOCK_ASSERT(so);
361 MAC_CHECK(socket_check_poll, cred, so, so->so_label);
367 mac_socket_check_receive(struct ucred *cred, struct socket *so)
371 SOCK_LOCK_ASSERT(so);
373 MAC_CHECK(socket_check_receive, cred, so, so->so_label);
379 mac_socket_check_relabel(struct ucred *cred, struct socket *so,
380 struct label *newlabel)
384 SOCK_LOCK_ASSERT(so);
386 MAC_CHECK(socket_check_relabel, cred, so, so->so_label, newlabel);
392 mac_socket_check_send(struct ucred *cred, struct socket *so)
396 SOCK_LOCK_ASSERT(so);
398 MAC_CHECK(socket_check_send, cred, so, so->so_label);
404 mac_socket_check_stat(struct ucred *cred, struct socket *so)
408 SOCK_LOCK_ASSERT(so);
410 MAC_CHECK(socket_check_stat, cred, so, so->so_label);
416 mac_socket_check_visible(struct ucred *cred, struct socket *so)
420 SOCK_LOCK_ASSERT(so);
422 MAC_CHECK(socket_check_visible, cred, so, so->so_label);
428 mac_socket_label_set(struct ucred *cred, struct socket *so,
434 * We acquire the socket lock when we perform the test and set, but
435 * have to release it as the pcb code needs to acquire the pcb lock,
436 * which will precede the socket lock in the lock order. However,
437 * this is fine, as any race will simply result in the inpcb being
438 * refreshed twice, but still consistently, as the inpcb code will
439 * acquire the socket lock before refreshing, holding both locks.
442 error = mac_socket_check_relabel(cred, so, label);
448 mac_socket_relabel(cred, so, label);
452 * If the protocol has expressed interest in socket layer changes,
453 * such as if it needs to propagate changes to a cached pcb label
454 * from the socket, notify it of the label change while holding the
457 if (so->so_proto->pr_usrreqs->pru_sosetlabel != NULL)
458 (so->so_proto->pr_usrreqs->pru_sosetlabel)(so);
464 mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
466 struct label *intlabel;
470 if (!(mac_labeled & MPC_OBJECT_SOCKET))
473 error = mac_check_structmac_consistent(mac);
477 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
478 error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
480 free(buffer, M_MACTEMP);
484 intlabel = mac_socket_label_alloc(M_WAITOK);
485 error = mac_socket_internalize_label(intlabel, buffer);
486 free(buffer, M_MACTEMP);
490 error = mac_socket_label_set(cred, so, intlabel);
492 mac_socket_label_free(intlabel);
497 mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
499 char *buffer, *elements;
500 struct label *intlabel;
503 if (!(mac_labeled & MPC_OBJECT_SOCKET))
506 error = mac_check_structmac_consistent(mac);
510 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
511 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
513 free(elements, M_MACTEMP);
517 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
518 intlabel = mac_socket_label_alloc(M_WAITOK);
520 mac_socket_copy_label(so->so_label, intlabel);
522 error = mac_socket_externalize_label(intlabel, elements, buffer,
524 mac_socket_label_free(intlabel);
526 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
528 free(buffer, M_MACTEMP);
529 free(elements, M_MACTEMP);
535 mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
538 char *elements, *buffer;
539 struct label *intlabel;
542 if (!(mac_labeled & MPC_OBJECT_SOCKET))
545 error = mac_check_structmac_consistent(mac);
549 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
550 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
552 free(elements, M_MACTEMP);
556 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
557 intlabel = mac_socket_label_alloc(M_WAITOK);
559 mac_socket_copy_label(so->so_peerlabel, intlabel);
561 error = mac_socketpeer_externalize_label(intlabel, elements, buffer,
563 mac_socket_label_free(intlabel);
565 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
567 free(buffer, M_MACTEMP);
568 free(elements, M_MACTEMP);