2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
10 * This software was developed for the FreeBSD Project in part by NAI Labs,
11 * the Security Research Division of Network Associates, Inc. under
12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
13 * CHATS research program.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. The names of the authors may not be used to endorse or promote
24 * products derived from this software without specific prior written
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 * Developed by the TrustedBSD Project.
44 * Framework for extensible kernel access control. Kernel and userland
45 * interface to the framework, policy registration and composition.
49 #include "opt_devfs.h"
51 #include <sys/param.h>
52 #include <sys/extattr.h>
53 #include <sys/kernel.h>
55 #include <sys/malloc.h>
56 #include <sys/mutex.h>
58 #include <sys/module.h>
60 #include <sys/systm.h>
61 #include <sys/sysproto.h>
62 #include <sys/sysent.h>
63 #include <sys/vnode.h>
64 #include <sys/mount.h>
66 #include <sys/namei.h>
67 #include <sys/socket.h>
69 #include <sys/socketvar.h>
70 #include <sys/sysctl.h>
74 #include <vm/vm_map.h>
75 #include <vm/vm_object.h>
77 #include <sys/mac_policy.h>
79 #include <fs/devfs/devfs.h>
81 #include <net/bpfdesc.h>
83 #include <net/if_var.h>
85 #include <netinet/in.h>
86 #include <netinet/ip_var.h>
91 * Declare that the kernel provides MAC support, version 1. This permits
92 * modules to refuse to be loaded if the necessary support isn't present,
93 * even if it's pre-boot.
95 MODULE_VERSION(kernel_mac_support, 1);
97 SYSCTL_DECL(_security);
99 SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
100 "TrustedBSD MAC policy controls");
102 #if MAC_MAX_POLICIES > 32
103 #error "MAC_MAX_POLICIES too large"
106 static unsigned int mac_max_policies = MAC_MAX_POLICIES;
107 static unsigned int mac_policy_offsets_free = (1 << MAC_MAX_POLICIES) - 1;
108 SYSCTL_UINT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD,
109 &mac_max_policies, 0, "");
112 * Has the kernel started generating labeled objects yet? All read/write
113 * access to this variable is serialized during the boot process. Following
114 * the end of serialization, we don't update this flag; no locking.
116 static int mac_late = 0;
119 * Warn about EA transactions only the first time they happen.
120 * Weak coherency, no locking.
122 static int ea_warn_once = 0;
124 static int mac_enforce_fs = 1;
125 SYSCTL_INT(_security_mac, OID_AUTO, enforce_fs, CTLFLAG_RW,
126 &mac_enforce_fs, 0, "Enforce MAC policy on file system objects");
127 TUNABLE_INT("security.mac.enforce_fs", &mac_enforce_fs);
129 static int mac_enforce_network = 1;
130 SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW,
131 &mac_enforce_network, 0, "Enforce MAC policy on network packets");
132 TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network);
134 static int mac_enforce_pipe = 1;
135 SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW,
136 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
137 TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe);
139 static int mac_enforce_process = 1;
140 SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
141 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
142 TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process);
144 static int mac_enforce_socket = 1;
145 SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW,
146 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
147 TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket);
149 static int mac_enforce_vm = 1;
150 SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
151 &mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
152 TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
154 static int mac_cache_fslabel_in_vnode = 1;
155 SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW,
156 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode");
157 TUNABLE_INT("security.mac.cache_fslabel_in_vnode",
158 &mac_cache_fslabel_in_vnode);
160 static int mac_mmap_revocation = 1;
161 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
162 &mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
164 static int mac_mmap_revocation_via_cow = 0;
165 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
166 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
167 "copy-on-write semantics, or by removing all write access");
170 SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0,
171 "TrustedBSD MAC debug info");
173 static int mac_debug_label_fallback = 0;
174 SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
175 &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
176 "when label is corrupted.");
177 TUNABLE_INT("security.mac.debug_label_fallback",
178 &mac_debug_label_fallback);
180 SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0,
181 "TrustedBSD MAC object counters");
183 static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
184 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
187 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
188 &nmacmbufs, 0, "number of mbufs in use");
189 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD,
190 &nmaccreds, 0, "number of ucreds in use");
191 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD,
192 &nmacifnets, 0, "number of ifnets in use");
193 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD,
194 &nmacipqs, 0, "number of ipqs in use");
195 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, bpfdescs, CTLFLAG_RD,
196 &nmacbpfdescs, 0, "number of bpfdescs in use");
197 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, sockets, CTLFLAG_RD,
198 &nmacsockets, 0, "number of sockets in use");
199 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD,
200 &nmacpipes, 0, "number of pipes in use");
201 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD,
202 &nmacmounts, 0, "number of mounts in use");
203 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD,
204 &nmactemp, 0, "number of temporary labels in use");
205 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD,
206 &nmacvnodes, 0, "number of vnodes in use");
207 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD,
208 &nmacdevfsdirents, 0, "number of devfs dirents inuse");
211 static int error_select(int error1, int error2);
212 static int mac_policy_register(struct mac_policy_conf *mpc);
213 static int mac_policy_unregister(struct mac_policy_conf *mpc);
215 static void mac_check_vnode_mmap_downgrade(struct ucred *cred,
216 struct vnode *vp, int *prot);
217 static void mac_cred_mmapped_drop_perms_recurse(struct thread *td,
218 struct ucred *cred, struct vm_map *map);
220 static void mac_destroy_socket_label(struct label *label);
222 static int mac_setlabel_vnode_extattr(struct ucred *cred,
223 struct vnode *vp, struct label *intlabel);
226 MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector");
227 MALLOC_DEFINE(M_MACPIPELABEL, "macpipelabel", "MAC labels for pipes");
228 MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC temporary label storage");
231 * mac_policy_list_lock protects the consistency of 'mac_policy_list',
232 * the linked list of attached policy modules. Read-only consumers of
233 * the list must acquire a shared lock for the duration of their use;
234 * writers must acquire an exclusive lock. Note that for compound
235 * operations, locks should be held for the entire compound operation,
236 * and that this is not yet done for relabel requests.
238 static struct mtx mac_policy_list_lock;
239 static LIST_HEAD(, mac_policy_conf) mac_policy_list;
240 static int mac_policy_list_busy;
241 #define MAC_POLICY_LIST_LOCKINIT() mtx_init(&mac_policy_list_lock, \
242 "mac_policy_list_lock", NULL, MTX_DEF);
243 #define MAC_POLICY_LIST_LOCK() mtx_lock(&mac_policy_list_lock);
244 #define MAC_POLICY_LIST_UNLOCK() mtx_unlock(&mac_policy_list_lock);
246 #define MAC_POLICY_LIST_BUSY() do { \
247 MAC_POLICY_LIST_LOCK(); \
248 mac_policy_list_busy++; \
249 MAC_POLICY_LIST_UNLOCK(); \
252 #define MAC_POLICY_LIST_UNBUSY() do { \
253 MAC_POLICY_LIST_LOCK(); \
254 mac_policy_list_busy--; \
255 if (mac_policy_list_busy < 0) \
256 panic("Extra mac_policy_list_busy--"); \
257 MAC_POLICY_LIST_UNLOCK(); \
261 * MAC_CHECK performs the designated check by walking the policy
262 * module list and checking with each as to how it feels about the
263 * request. Note that it returns its value via 'error' in the scope
266 #define MAC_CHECK(check, args...) do { \
267 struct mac_policy_conf *mpc; \
270 MAC_POLICY_LIST_BUSY(); \
271 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
272 if (mpc->mpc_ops->mpo_ ## check != NULL) \
273 error = error_select( \
274 mpc->mpc_ops->mpo_ ## check (args), \
277 MAC_POLICY_LIST_UNBUSY(); \
281 * MAC_BOOLEAN performs the designated boolean composition by walking
282 * the module list, invoking each instance of the operation, and
283 * combining the results using the passed C operator. Note that it
284 * returns its value via 'result' in the scope of the caller, which
285 * should be initialized by the caller in a meaningful way to get
286 * a meaningful result.
288 #define MAC_BOOLEAN(operation, composition, args...) do { \
289 struct mac_policy_conf *mpc; \
291 MAC_POLICY_LIST_BUSY(); \
292 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
293 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
294 result = result composition \
295 mpc->mpc_ops->mpo_ ## operation (args); \
297 MAC_POLICY_LIST_UNBUSY(); \
300 #define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \
302 char *curptr, *curptr_start, *element_name, *element_temp; \
303 size_t left, left_start, len; \
304 int claimed, first, first_start, ignorenotfound; \
307 element_temp = elementlist; \
312 while ((element_name = strsep(&element_temp, ",")) != NULL) { \
313 curptr_start = curptr; \
315 first_start = first; \
316 if (element_name[0] == '?') { \
318 ignorenotfound = 1; \
320 ignorenotfound = 0; \
323 len = snprintf(curptr, left, "%s/", \
327 len = snprintf(curptr, left, ",%s/", \
330 error = EINVAL; /* XXXMAC: E2BIG */ \
336 MAC_CHECK(externalize_ ## type, label, element_name, \
337 curptr, left, &len, &claimed); \
340 if (claimed == 1) { \
341 if (len >= outbuflen) { \
342 error = EINVAL; /* XXXMAC: E2BIG */ \
347 } else if (claimed == 0 && ignorenotfound) { \
349 * Revert addition of the label element \
352 curptr = curptr_start; \
355 first = first_start; \
357 error = EINVAL; /* XXXMAC: ENOLABEL */ \
363 #define MAC_INTERNALIZE(type, label, instring) do { \
364 char *element, *element_name, *element_data; \
368 element = instring; \
369 while ((element_name = strsep(&element, ",")) != NULL) { \
370 element_data = element_name; \
371 element_name = strsep(&element_data, "/"); \
372 if (element_data == NULL) { \
377 MAC_CHECK(internalize_ ## type, label, element_name, \
378 element_data, &claimed); \
381 if (claimed != 1) { \
382 /* XXXMAC: Another error here? */ \
390 * MAC_PERFORM performs the designated operation by walking the policy
391 * module list and invoking that operation for each policy.
393 #define MAC_PERFORM(operation, args...) do { \
394 struct mac_policy_conf *mpc; \
396 MAC_POLICY_LIST_BUSY(); \
397 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \
398 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
399 mpc->mpc_ops->mpo_ ## operation (args); \
401 MAC_POLICY_LIST_UNBUSY(); \
405 * Initialize the MAC subsystem, including appropriate SMP locks.
411 LIST_INIT(&mac_policy_list);
412 MAC_POLICY_LIST_LOCKINIT();
416 * For the purposes of modules that want to know if they were loaded
417 * "early", set the mac_late flag once we've processed modules either
418 * linked into the kernel, or loaded before the kernel startup.
428 * Allow MAC policy modules to register during boot, etc.
431 mac_policy_modevent(module_t mod, int type, void *data)
433 struct mac_policy_conf *mpc;
437 mpc = (struct mac_policy_conf *) data;
441 if (mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_NOTLATE &&
443 printf("mac_policy_modevent: can't load %s policy "
444 "after booting\n", mpc->mpc_name);
448 error = mac_policy_register(mpc);
451 /* Don't unregister the module if it was never registered. */
452 if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED)
454 error = mac_policy_unregister(mpc);
466 mac_policy_register(struct mac_policy_conf *mpc)
468 struct mac_policy_conf *tmpc;
469 struct mac_policy_op_entry *mpe;
472 MALLOC(mpc->mpc_ops, struct mac_policy_ops *, sizeof(*mpc->mpc_ops),
473 M_MACOPVEC, M_WAITOK | M_ZERO);
474 for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) {
475 switch (mpe->mpe_constant) {
478 * Doesn't actually happen, but this allows checking
479 * that all enumerated values are handled.
483 mpc->mpc_ops->mpo_destroy =
487 mpc->mpc_ops->mpo_init =
491 mpc->mpc_ops->mpo_syscall =
494 case MAC_INIT_BPFDESC_LABEL:
495 mpc->mpc_ops->mpo_init_bpfdesc_label =
498 case MAC_INIT_CRED_LABEL:
499 mpc->mpc_ops->mpo_init_cred_label =
502 case MAC_INIT_DEVFSDIRENT_LABEL:
503 mpc->mpc_ops->mpo_init_devfsdirent_label =
506 case MAC_INIT_IFNET_LABEL:
507 mpc->mpc_ops->mpo_init_ifnet_label =
510 case MAC_INIT_IPQ_LABEL:
511 mpc->mpc_ops->mpo_init_ipq_label =
514 case MAC_INIT_MBUF_LABEL:
515 mpc->mpc_ops->mpo_init_mbuf_label =
518 case MAC_INIT_MOUNT_LABEL:
519 mpc->mpc_ops->mpo_init_mount_label =
522 case MAC_INIT_MOUNT_FS_LABEL:
523 mpc->mpc_ops->mpo_init_mount_fs_label =
526 case MAC_INIT_PIPE_LABEL:
527 mpc->mpc_ops->mpo_init_pipe_label =
530 case MAC_INIT_SOCKET_LABEL:
531 mpc->mpc_ops->mpo_init_socket_label =
534 case MAC_INIT_SOCKET_PEER_LABEL:
535 mpc->mpc_ops->mpo_init_socket_peer_label =
538 case MAC_INIT_VNODE_LABEL:
539 mpc->mpc_ops->mpo_init_vnode_label =
542 case MAC_DESTROY_BPFDESC_LABEL:
543 mpc->mpc_ops->mpo_destroy_bpfdesc_label =
546 case MAC_DESTROY_CRED_LABEL:
547 mpc->mpc_ops->mpo_destroy_cred_label =
550 case MAC_DESTROY_DEVFSDIRENT_LABEL:
551 mpc->mpc_ops->mpo_destroy_devfsdirent_label =
554 case MAC_DESTROY_IFNET_LABEL:
555 mpc->mpc_ops->mpo_destroy_ifnet_label =
558 case MAC_DESTROY_IPQ_LABEL:
559 mpc->mpc_ops->mpo_destroy_ipq_label =
562 case MAC_DESTROY_MBUF_LABEL:
563 mpc->mpc_ops->mpo_destroy_mbuf_label =
566 case MAC_DESTROY_MOUNT_LABEL:
567 mpc->mpc_ops->mpo_destroy_mount_label =
570 case MAC_DESTROY_MOUNT_FS_LABEL:
571 mpc->mpc_ops->mpo_destroy_mount_fs_label =
574 case MAC_DESTROY_PIPE_LABEL:
575 mpc->mpc_ops->mpo_destroy_pipe_label =
578 case MAC_DESTROY_SOCKET_LABEL:
579 mpc->mpc_ops->mpo_destroy_socket_label =
582 case MAC_DESTROY_SOCKET_PEER_LABEL:
583 mpc->mpc_ops->mpo_destroy_socket_peer_label =
586 case MAC_DESTROY_VNODE_LABEL:
587 mpc->mpc_ops->mpo_destroy_vnode_label =
590 case MAC_COPY_PIPE_LABEL:
591 mpc->mpc_ops->mpo_copy_pipe_label =
594 case MAC_COPY_VNODE_LABEL:
595 mpc->mpc_ops->mpo_copy_vnode_label =
598 case MAC_EXTERNALIZE_CRED_LABEL:
599 mpc->mpc_ops->mpo_externalize_cred_label =
602 case MAC_EXTERNALIZE_IFNET_LABEL:
603 mpc->mpc_ops->mpo_externalize_ifnet_label =
606 case MAC_EXTERNALIZE_PIPE_LABEL:
607 mpc->mpc_ops->mpo_externalize_pipe_label =
610 case MAC_EXTERNALIZE_SOCKET_LABEL:
611 mpc->mpc_ops->mpo_externalize_socket_label =
614 case MAC_EXTERNALIZE_SOCKET_PEER_LABEL:
615 mpc->mpc_ops->mpo_externalize_socket_peer_label =
618 case MAC_EXTERNALIZE_VNODE_LABEL:
619 mpc->mpc_ops->mpo_externalize_vnode_label =
622 case MAC_INTERNALIZE_CRED_LABEL:
623 mpc->mpc_ops->mpo_internalize_cred_label =
626 case MAC_INTERNALIZE_IFNET_LABEL:
627 mpc->mpc_ops->mpo_internalize_ifnet_label =
630 case MAC_INTERNALIZE_PIPE_LABEL:
631 mpc->mpc_ops->mpo_internalize_pipe_label =
634 case MAC_INTERNALIZE_SOCKET_LABEL:
635 mpc->mpc_ops->mpo_internalize_socket_label =
638 case MAC_INTERNALIZE_VNODE_LABEL:
639 mpc->mpc_ops->mpo_internalize_vnode_label =
642 case MAC_CREATE_DEVFS_DEVICE:
643 mpc->mpc_ops->mpo_create_devfs_device =
646 case MAC_CREATE_DEVFS_DIRECTORY:
647 mpc->mpc_ops->mpo_create_devfs_directory =
650 case MAC_CREATE_DEVFS_SYMLINK:
651 mpc->mpc_ops->mpo_create_devfs_symlink =
654 case MAC_CREATE_DEVFS_VNODE:
655 mpc->mpc_ops->mpo_create_devfs_vnode =
658 case MAC_CREATE_MOUNT:
659 mpc->mpc_ops->mpo_create_mount =
662 case MAC_CREATE_ROOT_MOUNT:
663 mpc->mpc_ops->mpo_create_root_mount =
666 case MAC_RELABEL_VNODE:
667 mpc->mpc_ops->mpo_relabel_vnode =
670 case MAC_UPDATE_DEVFSDIRENT:
671 mpc->mpc_ops->mpo_update_devfsdirent =
674 case MAC_ASSOCIATE_VNODE_DEVFS:
675 mpc->mpc_ops->mpo_associate_vnode_devfs =
678 case MAC_ASSOCIATE_VNODE_EXTATTR:
679 mpc->mpc_ops->mpo_associate_vnode_extattr =
682 case MAC_ASSOCIATE_VNODE_SINGLELABEL:
683 mpc->mpc_ops->mpo_associate_vnode_singlelabel =
686 case MAC_CREATE_VNODE_EXTATTR:
687 mpc->mpc_ops->mpo_create_vnode_extattr =
690 case MAC_SETLABEL_VNODE_EXTATTR:
691 mpc->mpc_ops->mpo_setlabel_vnode_extattr =
694 case MAC_CREATE_MBUF_FROM_SOCKET:
695 mpc->mpc_ops->mpo_create_mbuf_from_socket =
698 case MAC_CREATE_PIPE:
699 mpc->mpc_ops->mpo_create_pipe =
702 case MAC_CREATE_SOCKET:
703 mpc->mpc_ops->mpo_create_socket =
706 case MAC_CREATE_SOCKET_FROM_SOCKET:
707 mpc->mpc_ops->mpo_create_socket_from_socket =
710 case MAC_RELABEL_PIPE:
711 mpc->mpc_ops->mpo_relabel_pipe =
714 case MAC_RELABEL_SOCKET:
715 mpc->mpc_ops->mpo_relabel_socket =
718 case MAC_SET_SOCKET_PEER_FROM_MBUF:
719 mpc->mpc_ops->mpo_set_socket_peer_from_mbuf =
722 case MAC_SET_SOCKET_PEER_FROM_SOCKET:
723 mpc->mpc_ops->mpo_set_socket_peer_from_socket =
726 case MAC_CREATE_BPFDESC:
727 mpc->mpc_ops->mpo_create_bpfdesc =
730 case MAC_CREATE_DATAGRAM_FROM_IPQ:
731 mpc->mpc_ops->mpo_create_datagram_from_ipq =
734 case MAC_CREATE_FRAGMENT:
735 mpc->mpc_ops->mpo_create_fragment =
738 case MAC_CREATE_IFNET:
739 mpc->mpc_ops->mpo_create_ifnet =
743 mpc->mpc_ops->mpo_create_ipq =
746 case MAC_CREATE_MBUF_FROM_MBUF:
747 mpc->mpc_ops->mpo_create_mbuf_from_mbuf =
750 case MAC_CREATE_MBUF_LINKLAYER:
751 mpc->mpc_ops->mpo_create_mbuf_linklayer =
754 case MAC_CREATE_MBUF_FROM_BPFDESC:
755 mpc->mpc_ops->mpo_create_mbuf_from_bpfdesc =
758 case MAC_CREATE_MBUF_FROM_IFNET:
759 mpc->mpc_ops->mpo_create_mbuf_from_ifnet =
762 case MAC_CREATE_MBUF_MULTICAST_ENCAP:
763 mpc->mpc_ops->mpo_create_mbuf_multicast_encap =
766 case MAC_CREATE_MBUF_NETLAYER:
767 mpc->mpc_ops->mpo_create_mbuf_netlayer =
770 case MAC_FRAGMENT_MATCH:
771 mpc->mpc_ops->mpo_fragment_match =
774 case MAC_RELABEL_IFNET:
775 mpc->mpc_ops->mpo_relabel_ifnet =
779 mpc->mpc_ops->mpo_update_ipq =
782 case MAC_CREATE_CRED:
783 mpc->mpc_ops->mpo_create_cred =
786 case MAC_EXECVE_TRANSITION:
787 mpc->mpc_ops->mpo_execve_transition =
790 case MAC_EXECVE_WILL_TRANSITION:
791 mpc->mpc_ops->mpo_execve_will_transition =
794 case MAC_CREATE_PROC0:
795 mpc->mpc_ops->mpo_create_proc0 =
798 case MAC_CREATE_PROC1:
799 mpc->mpc_ops->mpo_create_proc1 =
802 case MAC_RELABEL_CRED:
803 mpc->mpc_ops->mpo_relabel_cred =
806 case MAC_THREAD_USERRET:
807 mpc->mpc_ops->mpo_thread_userret =
810 case MAC_CHECK_BPFDESC_RECEIVE:
811 mpc->mpc_ops->mpo_check_bpfdesc_receive =
814 case MAC_CHECK_CRED_RELABEL:
815 mpc->mpc_ops->mpo_check_cred_relabel =
818 case MAC_CHECK_CRED_VISIBLE:
819 mpc->mpc_ops->mpo_check_cred_visible =
822 case MAC_CHECK_IFNET_RELABEL:
823 mpc->mpc_ops->mpo_check_ifnet_relabel =
826 case MAC_CHECK_IFNET_TRANSMIT:
827 mpc->mpc_ops->mpo_check_ifnet_transmit =
830 case MAC_CHECK_MOUNT_STAT:
831 mpc->mpc_ops->mpo_check_mount_stat =
834 case MAC_CHECK_PIPE_IOCTL:
835 mpc->mpc_ops->mpo_check_pipe_ioctl =
838 case MAC_CHECK_PIPE_POLL:
839 mpc->mpc_ops->mpo_check_pipe_poll =
842 case MAC_CHECK_PIPE_READ:
843 mpc->mpc_ops->mpo_check_pipe_read =
846 case MAC_CHECK_PIPE_RELABEL:
847 mpc->mpc_ops->mpo_check_pipe_relabel =
850 case MAC_CHECK_PIPE_STAT:
851 mpc->mpc_ops->mpo_check_pipe_stat =
854 case MAC_CHECK_PIPE_WRITE:
855 mpc->mpc_ops->mpo_check_pipe_write =
858 case MAC_CHECK_PROC_DEBUG:
859 mpc->mpc_ops->mpo_check_proc_debug =
862 case MAC_CHECK_PROC_SCHED:
863 mpc->mpc_ops->mpo_check_proc_sched =
866 case MAC_CHECK_PROC_SIGNAL:
867 mpc->mpc_ops->mpo_check_proc_signal =
870 case MAC_CHECK_SOCKET_BIND:
871 mpc->mpc_ops->mpo_check_socket_bind =
874 case MAC_CHECK_SOCKET_CONNECT:
875 mpc->mpc_ops->mpo_check_socket_connect =
878 case MAC_CHECK_SOCKET_DELIVER:
879 mpc->mpc_ops->mpo_check_socket_deliver =
882 case MAC_CHECK_SOCKET_LISTEN:
883 mpc->mpc_ops->mpo_check_socket_listen =
886 case MAC_CHECK_SOCKET_RECEIVE:
887 mpc->mpc_ops->mpo_check_socket_receive =
890 case MAC_CHECK_SOCKET_RELABEL:
891 mpc->mpc_ops->mpo_check_socket_relabel =
894 case MAC_CHECK_SOCKET_SEND:
895 mpc->mpc_ops->mpo_check_socket_send =
898 case MAC_CHECK_SOCKET_VISIBLE:
899 mpc->mpc_ops->mpo_check_socket_visible =
902 case MAC_CHECK_VNODE_ACCESS:
903 mpc->mpc_ops->mpo_check_vnode_access =
906 case MAC_CHECK_VNODE_CHDIR:
907 mpc->mpc_ops->mpo_check_vnode_chdir =
910 case MAC_CHECK_VNODE_CHROOT:
911 mpc->mpc_ops->mpo_check_vnode_chroot =
914 case MAC_CHECK_VNODE_CREATE:
915 mpc->mpc_ops->mpo_check_vnode_create =
918 case MAC_CHECK_VNODE_DELETE:
919 mpc->mpc_ops->mpo_check_vnode_delete =
922 case MAC_CHECK_VNODE_DELETEACL:
923 mpc->mpc_ops->mpo_check_vnode_deleteacl =
926 case MAC_CHECK_VNODE_EXEC:
927 mpc->mpc_ops->mpo_check_vnode_exec =
930 case MAC_CHECK_VNODE_GETACL:
931 mpc->mpc_ops->mpo_check_vnode_getacl =
934 case MAC_CHECK_VNODE_GETEXTATTR:
935 mpc->mpc_ops->mpo_check_vnode_getextattr =
938 case MAC_CHECK_VNODE_LINK:
939 mpc->mpc_ops->mpo_check_vnode_link =
942 case MAC_CHECK_VNODE_LOOKUP:
943 mpc->mpc_ops->mpo_check_vnode_lookup =
946 case MAC_CHECK_VNODE_MMAP:
947 mpc->mpc_ops->mpo_check_vnode_mmap =
950 case MAC_CHECK_VNODE_MMAP_DOWNGRADE:
951 mpc->mpc_ops->mpo_check_vnode_mmap_downgrade =
954 case MAC_CHECK_VNODE_MPROTECT:
955 mpc->mpc_ops->mpo_check_vnode_mprotect =
958 case MAC_CHECK_VNODE_OPEN:
959 mpc->mpc_ops->mpo_check_vnode_open =
962 case MAC_CHECK_VNODE_POLL:
963 mpc->mpc_ops->mpo_check_vnode_poll =
966 case MAC_CHECK_VNODE_READ:
967 mpc->mpc_ops->mpo_check_vnode_read =
970 case MAC_CHECK_VNODE_READDIR:
971 mpc->mpc_ops->mpo_check_vnode_readdir =
974 case MAC_CHECK_VNODE_READLINK:
975 mpc->mpc_ops->mpo_check_vnode_readlink =
978 case MAC_CHECK_VNODE_RELABEL:
979 mpc->mpc_ops->mpo_check_vnode_relabel =
982 case MAC_CHECK_VNODE_RENAME_FROM:
983 mpc->mpc_ops->mpo_check_vnode_rename_from =
986 case MAC_CHECK_VNODE_RENAME_TO:
987 mpc->mpc_ops->mpo_check_vnode_rename_to =
990 case MAC_CHECK_VNODE_REVOKE:
991 mpc->mpc_ops->mpo_check_vnode_revoke =
994 case MAC_CHECK_VNODE_SETACL:
995 mpc->mpc_ops->mpo_check_vnode_setacl =
998 case MAC_CHECK_VNODE_SETEXTATTR:
999 mpc->mpc_ops->mpo_check_vnode_setextattr =
1002 case MAC_CHECK_VNODE_SETFLAGS:
1003 mpc->mpc_ops->mpo_check_vnode_setflags =
1006 case MAC_CHECK_VNODE_SETMODE:
1007 mpc->mpc_ops->mpo_check_vnode_setmode =
1010 case MAC_CHECK_VNODE_SETOWNER:
1011 mpc->mpc_ops->mpo_check_vnode_setowner =
1014 case MAC_CHECK_VNODE_SETUTIMES:
1015 mpc->mpc_ops->mpo_check_vnode_setutimes =
1018 case MAC_CHECK_VNODE_STAT:
1019 mpc->mpc_ops->mpo_check_vnode_stat =
1022 case MAC_CHECK_VNODE_SWAPON:
1023 mpc->mpc_ops->mpo_check_vnode_swapon =
1026 case MAC_CHECK_VNODE_WRITE:
1027 mpc->mpc_ops->mpo_check_vnode_write =
1032 printf("MAC policy `%s': unknown operation %d\n",
1033 mpc->mpc_name, mpe->mpe_constant);
1038 MAC_POLICY_LIST_LOCK();
1039 if (mac_policy_list_busy > 0) {
1040 MAC_POLICY_LIST_UNLOCK();
1041 FREE(mpc->mpc_ops, M_MACOPVEC);
1042 mpc->mpc_ops = NULL;
1045 LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
1046 if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
1047 MAC_POLICY_LIST_UNLOCK();
1048 FREE(mpc->mpc_ops, M_MACOPVEC);
1049 mpc->mpc_ops = NULL;
1053 if (mpc->mpc_field_off != NULL) {
1054 slot = ffs(mac_policy_offsets_free);
1056 MAC_POLICY_LIST_UNLOCK();
1057 FREE(mpc->mpc_ops, M_MACOPVEC);
1058 mpc->mpc_ops = NULL;
1062 mac_policy_offsets_free &= ~(1 << slot);
1063 *mpc->mpc_field_off = slot;
1065 mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
1066 LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
1068 /* Per-policy initialization. */
1069 if (mpc->mpc_ops->mpo_init != NULL)
1070 (*(mpc->mpc_ops->mpo_init))(mpc);
1071 MAC_POLICY_LIST_UNLOCK();
1073 printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname,
1080 mac_policy_unregister(struct mac_policy_conf *mpc)
1084 * If we fail the load, we may get a request to unload. Check
1085 * to see if we did the run-time registration, and if not,
1088 MAC_POLICY_LIST_LOCK();
1089 if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
1090 MAC_POLICY_LIST_UNLOCK();
1095 * Don't allow unloading modules with private data.
1097 if (mpc->mpc_field_off != NULL) {
1098 MAC_POLICY_LIST_UNLOCK();
1103 * Only allow the unload to proceed if the module is unloadable
1104 * by its own definition.
1106 if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
1107 MAC_POLICY_LIST_UNLOCK();
1111 * Right now, we EBUSY if the list is in use. In the future,
1112 * for reliability reasons, we might want to sleep and wakeup
1113 * later to try again.
1115 if (mac_policy_list_busy > 0) {
1116 MAC_POLICY_LIST_UNLOCK();
1119 if (mpc->mpc_ops->mpo_destroy != NULL)
1120 (*(mpc->mpc_ops->mpo_destroy))(mpc);
1122 LIST_REMOVE(mpc, mpc_list);
1123 MAC_POLICY_LIST_UNLOCK();
1125 FREE(mpc->mpc_ops, M_MACOPVEC);
1126 mpc->mpc_ops = NULL;
1127 mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
1129 printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
1136 * Define an error value precedence, and given two arguments, selects the
1137 * value with the higher precedence.
1140 error_select(int error1, int error2)
1143 /* Certain decision-making errors take top priority. */
1144 if (error1 == EDEADLK || error2 == EDEADLK)
1147 /* Invalid arguments should be reported where possible. */
1148 if (error1 == EINVAL || error2 == EINVAL)
1151 /* Precedence goes to "visibility", with both process and file. */
1152 if (error1 == ESRCH || error2 == ESRCH)
1155 if (error1 == ENOENT || error2 == ENOENT)
1158 /* Precedence goes to DAC/MAC protections. */
1159 if (error1 == EACCES || error2 == EACCES)
1162 /* Precedence goes to privilege. */
1163 if (error1 == EPERM || error2 == EPERM)
1166 /* Precedence goes to error over success; otherwise, arbitrary. */
1173 mac_init_label(struct label *label)
1176 bzero(label, sizeof(*label));
1177 label->l_flags = MAC_FLAG_INITIALIZED;
1181 mac_destroy_label(struct label *label)
1184 KASSERT(label->l_flags & MAC_FLAG_INITIALIZED,
1185 ("destroying uninitialized label"));
1187 bzero(label, sizeof(*label));
1188 /* implicit: label->l_flags &= ~MAC_FLAG_INITIALIZED; */
1192 mac_init_bpfdesc(struct bpf_d *bpf_d)
1195 mac_init_label(&bpf_d->bd_label);
1196 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
1198 atomic_add_int(&nmacbpfdescs, 1);
1203 mac_init_cred_label(struct label *label)
1206 mac_init_label(label);
1207 MAC_PERFORM(init_cred_label, label);
1209 atomic_add_int(&nmaccreds, 1);
1214 mac_init_cred(struct ucred *cred)
1217 mac_init_cred_label(&cred->cr_label);
1221 mac_init_devfsdirent(struct devfs_dirent *de)
1224 mac_init_label(&de->de_label);
1225 MAC_PERFORM(init_devfsdirent_label, &de->de_label);
1227 atomic_add_int(&nmacdevfsdirents, 1);
1232 mac_init_ifnet_label(struct label *label)
1235 mac_init_label(label);
1236 MAC_PERFORM(init_ifnet_label, label);
1238 atomic_add_int(&nmacifnets, 1);
1243 mac_init_ifnet(struct ifnet *ifp)
1246 mac_init_ifnet_label(&ifp->if_label);
1250 mac_init_ipq(struct ipq *ipq)
1253 mac_init_label(&ipq->ipq_label);
1254 MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
1256 atomic_add_int(&nmacipqs, 1);
1261 mac_init_mbuf(struct mbuf *m, int flag)
1265 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
1267 mac_init_label(&m->m_pkthdr.label);
1269 MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
1271 MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
1272 mac_destroy_label(&m->m_pkthdr.label);
1277 atomic_add_int(&nmacmbufs, 1);
1283 mac_init_mount(struct mount *mp)
1286 mac_init_label(&mp->mnt_mntlabel);
1287 mac_init_label(&mp->mnt_fslabel);
1288 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
1289 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
1291 atomic_add_int(&nmacmounts, 1);
1296 mac_init_pipe_label(struct label *label)
1299 mac_init_label(label);
1300 MAC_PERFORM(init_pipe_label, label);
1302 atomic_add_int(&nmacpipes, 1);
1307 mac_init_pipe(struct pipe *pipe)
1309 struct label *label;
1311 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
1312 pipe->pipe_label = label;
1313 pipe->pipe_peer->pipe_label = label;
1314 mac_init_pipe_label(label);
1318 mac_init_socket_label(struct label *label, int flag)
1322 mac_init_label(label);
1324 MAC_CHECK(init_socket_label, label, flag);
1326 MAC_PERFORM(destroy_socket_label, label);
1327 mac_destroy_label(label);
1332 atomic_add_int(&nmacsockets, 1);
1339 mac_init_socket_peer_label(struct label *label, int flag)
1343 mac_init_label(label);
1345 MAC_CHECK(init_socket_peer_label, label, flag);
1347 MAC_PERFORM(destroy_socket_label, label);
1348 mac_destroy_label(label);
1355 mac_init_socket(struct socket *socket, int flag)
1359 error = mac_init_socket_label(&socket->so_label, flag);
1363 error = mac_init_socket_peer_label(&socket->so_peerlabel, flag);
1365 mac_destroy_socket_label(&socket->so_label);
1371 mac_init_vnode_label(struct label *label)
1374 mac_init_label(label);
1375 MAC_PERFORM(init_vnode_label, label);
1377 atomic_add_int(&nmacvnodes, 1);
1382 mac_init_vnode(struct vnode *vp)
1385 mac_init_vnode_label(&vp->v_label);
1389 mac_destroy_bpfdesc(struct bpf_d *bpf_d)
1392 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
1393 mac_destroy_label(&bpf_d->bd_label);
1395 atomic_subtract_int(&nmacbpfdescs, 1);
1400 mac_destroy_cred_label(struct label *label)
1403 MAC_PERFORM(destroy_cred_label, label);
1404 mac_destroy_label(label);
1406 atomic_subtract_int(&nmaccreds, 1);
1411 mac_destroy_cred(struct ucred *cred)
1414 mac_destroy_cred_label(&cred->cr_label);
1418 mac_destroy_devfsdirent(struct devfs_dirent *de)
1421 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
1422 mac_destroy_label(&de->de_label);
1424 atomic_subtract_int(&nmacdevfsdirents, 1);
1429 mac_destroy_ifnet_label(struct label *label)
1432 MAC_PERFORM(destroy_ifnet_label, label);
1433 mac_destroy_label(label);
1435 atomic_subtract_int(&nmacifnets, 1);
1440 mac_destroy_ifnet(struct ifnet *ifp)
1443 mac_destroy_ifnet_label(&ifp->if_label);
1447 mac_destroy_ipq(struct ipq *ipq)
1450 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
1451 mac_destroy_label(&ipq->ipq_label);
1453 atomic_subtract_int(&nmacipqs, 1);
1458 mac_destroy_mbuf(struct mbuf *m)
1461 MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
1462 mac_destroy_label(&m->m_pkthdr.label);
1464 atomic_subtract_int(&nmacmbufs, 1);
1469 mac_destroy_mount(struct mount *mp)
1472 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
1473 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
1474 mac_destroy_label(&mp->mnt_fslabel);
1475 mac_destroy_label(&mp->mnt_mntlabel);
1477 atomic_subtract_int(&nmacmounts, 1);
1482 mac_destroy_pipe_label(struct label *label)
1485 MAC_PERFORM(destroy_pipe_label, label);
1486 mac_destroy_label(label);
1488 atomic_subtract_int(&nmacpipes, 1);
1493 mac_destroy_pipe(struct pipe *pipe)
1496 mac_destroy_pipe_label(pipe->pipe_label);
1497 free(pipe->pipe_label, M_MACPIPELABEL);
1501 mac_destroy_socket_label(struct label *label)
1504 MAC_PERFORM(destroy_socket_label, label);
1505 mac_destroy_label(label);
1507 atomic_subtract_int(&nmacsockets, 1);
1512 mac_destroy_socket_peer_label(struct label *label)
1515 MAC_PERFORM(destroy_socket_peer_label, label);
1516 mac_destroy_label(label);
1520 mac_destroy_socket(struct socket *socket)
1523 mac_destroy_socket_label(&socket->so_label);
1524 mac_destroy_socket_peer_label(&socket->so_peerlabel);
1528 mac_destroy_vnode_label(struct label *label)
1531 MAC_PERFORM(destroy_vnode_label, label);
1532 mac_destroy_label(label);
1534 atomic_subtract_int(&nmacvnodes, 1);
1539 mac_destroy_vnode(struct vnode *vp)
1542 mac_destroy_vnode_label(&vp->v_label);
1546 mac_copy_pipe_label(struct label *src, struct label *dest)
1549 MAC_PERFORM(copy_pipe_label, src, dest);
1553 mac_copy_vnode_label(struct label *src, struct label *dest)
1556 MAC_PERFORM(copy_vnode_label, src, dest);
1560 mac_check_structmac_consistent(struct mac *mac)
1563 if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
1570 mac_externalize_cred_label(struct label *label, char *elements,
1571 char *outbuf, size_t outbuflen, int flags)
1575 MAC_EXTERNALIZE(cred_label, label, elements, outbuf, outbuflen);
1581 mac_externalize_ifnet_label(struct label *label, char *elements,
1582 char *outbuf, size_t outbuflen, int flags)
1586 MAC_EXTERNALIZE(ifnet_label, label, elements, outbuf, outbuflen);
1592 mac_externalize_pipe_label(struct label *label, char *elements,
1593 char *outbuf, size_t outbuflen, int flags)
1597 MAC_EXTERNALIZE(pipe_label, label, elements, outbuf, outbuflen);
1603 mac_externalize_socket_label(struct label *label, char *elements,
1604 char *outbuf, size_t outbuflen, int flags)
1608 MAC_EXTERNALIZE(socket_label, label, elements, outbuf, outbuflen);
1614 mac_externalize_socket_peer_label(struct label *label, char *elements,
1615 char *outbuf, size_t outbuflen, int flags)
1619 MAC_EXTERNALIZE(socket_peer_label, label, elements, outbuf, outbuflen);
1625 mac_externalize_vnode_label(struct label *label, char *elements,
1626 char *outbuf, size_t outbuflen, int flags)
1630 MAC_EXTERNALIZE(vnode_label, label, elements, outbuf, outbuflen);
1636 mac_internalize_cred_label(struct label *label, char *string)
1640 MAC_INTERNALIZE(cred_label, label, string);
1646 mac_internalize_ifnet_label(struct label *label, char *string)
1650 MAC_INTERNALIZE(ifnet_label, label, string);
1656 mac_internalize_pipe_label(struct label *label, char *string)
1660 MAC_INTERNALIZE(pipe_label, label, string);
1666 mac_internalize_socket_label(struct label *label, char *string)
1670 MAC_INTERNALIZE(socket_label, label, string);
1676 mac_internalize_vnode_label(struct label *label, char *string)
1680 MAC_INTERNALIZE(vnode_label, label, string);
1686 * Initialize MAC label for the first kernel process, from which other
1687 * kernel processes and threads are spawned.
1690 mac_create_proc0(struct ucred *cred)
1693 MAC_PERFORM(create_proc0, cred);
1697 * Initialize MAC label for the first userland process, from which other
1698 * userland processes and threads are spawned.
1701 mac_create_proc1(struct ucred *cred)
1704 MAC_PERFORM(create_proc1, cred);
1708 mac_thread_userret(struct thread *td)
1711 MAC_PERFORM(thread_userret, td);
1715 * When a new process is created, its label must be initialized. Generally,
1716 * this involves inheritence from the parent process, modulo possible
1717 * deltas. This function allows that processing to take place.
1720 mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
1723 MAC_PERFORM(create_cred, parent_cred, child_cred);
1727 mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
1730 MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
1734 mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
1738 MAC_PERFORM(associate_vnode_devfs, mp, &mp->mnt_fslabel, de,
1739 &de->de_label, vp, &vp->v_label);
1743 mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp)
1747 ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
1749 MAC_CHECK(associate_vnode_extattr, mp, &mp->mnt_fslabel, vp,
1756 mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
1759 MAC_PERFORM(associate_vnode_singlelabel, mp, &mp->mnt_fslabel, vp,
1764 mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
1765 struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
1769 ASSERT_VOP_LOCKED(dvp, "mac_create_vnode_extattr");
1770 ASSERT_VOP_LOCKED(vp, "mac_create_vnode_extattr");
1772 error = VOP_OPENEXTATTR(vp, cred, curthread);
1773 if (error == EOPNOTSUPP) {
1774 /* XXX: Optionally abort if transactions not supported. */
1775 if (ea_warn_once == 0) {
1776 printf("Warning: transactions not supported "
1783 MAC_CHECK(create_vnode_extattr, cred, mp, &mp->mnt_fslabel,
1784 dvp, &dvp->v_label, vp, &vp->v_label, cnp);
1787 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
1791 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
1793 if (error == EOPNOTSUPP)
1794 error = 0; /* XXX */
1800 mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
1801 struct label *intlabel)
1805 ASSERT_VOP_LOCKED(vp, "mac_setlabel_vnode_extattr");
1807 error = VOP_OPENEXTATTR(vp, cred, curthread);
1808 if (error == EOPNOTSUPP) {
1809 /* XXX: Optionally abort if transactions not supported. */
1810 if (ea_warn_once == 0) {
1811 printf("Warning: transactions not supported "
1818 MAC_CHECK(setlabel_vnode_extattr, cred, vp, &vp->v_label, intlabel);
1821 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
1825 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);
1827 if (error == EOPNOTSUPP)
1828 error = 0; /* XXX */
1834 mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
1837 ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
1839 MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
1843 mac_execve_will_transition(struct ucred *old, struct vnode *vp)
1848 MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);
1854 mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
1858 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_access");
1860 if (!mac_enforce_fs)
1863 MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
1868 mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp)
1872 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chdir");
1874 if (!mac_enforce_fs)
1877 MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label);
1882 mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp)
1886 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chroot");
1888 if (!mac_enforce_fs)
1891 MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label);
1896 mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1897 struct componentname *cnp, struct vattr *vap)
1901 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_create");
1903 if (!mac_enforce_fs)
1906 MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap);
1911 mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
1912 struct componentname *cnp)
1916 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
1917 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
1919 if (!mac_enforce_fs)
1922 MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
1928 mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1933 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
1935 if (!mac_enforce_fs)
1938 MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
1943 mac_check_vnode_exec(struct ucred *cred, struct vnode *vp)
1947 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_exec");
1949 if (!mac_enforce_process && !mac_enforce_fs)
1952 MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label);
1958 mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)
1962 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getacl");
1964 if (!mac_enforce_fs)
1967 MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type);
1972 mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1973 int attrnamespace, const char *name, struct uio *uio)
1977 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getextattr");
1979 if (!mac_enforce_fs)
1982 MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label,
1983 attrnamespace, name, uio);
1988 mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
1989 struct vnode *vp, struct componentname *cnp)
1993 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_link");
1994 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_link");
1996 if (!mac_enforce_fs)
1999 MAC_CHECK(check_vnode_link, cred, dvp, &dvp->v_label, vp,
2005 mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
2006 struct componentname *cnp)
2010 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_lookup");
2012 if (!mac_enforce_fs)
2015 MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp);
2020 mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot)
2024 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap");
2026 if (!mac_enforce_fs || !mac_enforce_vm)
2029 MAC_CHECK(check_vnode_mmap, cred, vp, &vp->v_label, prot);
2034 mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
2038 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_downgrade");
2040 if (!mac_enforce_fs || !mac_enforce_vm)
2043 MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, &vp->v_label,
2050 mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
2054 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mprotect");
2056 if (!mac_enforce_fs || !mac_enforce_vm)
2059 MAC_CHECK(check_vnode_mprotect, cred, vp, &vp->v_label, prot);
2064 mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
2068 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
2070 if (!mac_enforce_fs)
2073 MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
2078 mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
2083 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll");
2085 if (!mac_enforce_fs)
2088 MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp,
2095 mac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
2100 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read");
2102 if (!mac_enforce_fs)
2105 MAC_CHECK(check_vnode_read, active_cred, file_cred, vp,
2112 mac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp)
2116 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_readdir");
2118 if (!mac_enforce_fs)
2121 MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label);
2126 mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp)
2130 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_readlink");
2132 if (!mac_enforce_fs)
2135 MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label);
2140 mac_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
2141 struct label *newlabel)
2145 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel");
2147 MAC_CHECK(check_vnode_relabel, cred, vp, &vp->v_label, newlabel);
2153 mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
2154 struct vnode *vp, struct componentname *cnp)
2158 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
2159 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
2161 if (!mac_enforce_fs)
2164 MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
2170 mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
2171 struct vnode *vp, int samedir, struct componentname *cnp)
2175 ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
2176 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
2178 if (!mac_enforce_fs)
2181 MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
2182 vp != NULL ? &vp->v_label : NULL, samedir, cnp);
2187 mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
2191 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
2193 if (!mac_enforce_fs)
2196 MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
2201 mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
2206 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
2208 if (!mac_enforce_fs)
2211 MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
2216 mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
2217 int attrnamespace, const char *name, struct uio *uio)
2221 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
2223 if (!mac_enforce_fs)
2226 MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
2227 attrnamespace, name, uio);
2232 mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
2236 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
2238 if (!mac_enforce_fs)
2241 MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
2246 mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
2250 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
2252 if (!mac_enforce_fs)
2255 MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
2260 mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
2265 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
2267 if (!mac_enforce_fs)
2270 MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
2275 mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
2276 struct timespec atime, struct timespec mtime)
2280 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
2282 if (!mac_enforce_fs)
2285 MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
2291 mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
2296 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat");
2298 if (!mac_enforce_fs)
2301 MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
2307 mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp)
2311 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_swapon");
2313 if (!mac_enforce_fs)
2316 MAC_CHECK(check_vnode_swapon, cred, vp, &vp->v_label);
2321 mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
2326 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write");
2328 if (!mac_enforce_fs)
2331 MAC_CHECK(check_vnode_write, active_cred, file_cred, vp,
2338 * When relabeling a process, call out to the policies for the maximum
2339 * permission allowed for each object type we know about in its
2340 * memory space, and revoke access (in the least surprising ways we
2341 * know) when necessary. The process lock is not held here.
2344 mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred)
2347 /* XXX freeze all other threads */
2348 mac_cred_mmapped_drop_perms_recurse(td, cred,
2349 &td->td_proc->p_vmspace->vm_map);
2350 /* XXX allow other threads to continue */
2353 static __inline const char *
2354 prot2str(vm_prot_t prot)
2357 switch (prot & VM_PROT_ALL) {
2360 case VM_PROT_READ | VM_PROT_WRITE:
2362 case VM_PROT_READ | VM_PROT_EXECUTE:
2364 case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE:
2368 case VM_PROT_EXECUTE:
2370 case VM_PROT_WRITE | VM_PROT_EXECUTE:
2378 mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
2381 struct vm_map_entry *vme;
2383 vm_prot_t revokeperms;
2385 vm_ooffset_t offset;
2388 if (!mac_mmap_revocation)
2391 vm_map_lock_read(map);
2392 for (vme = map->header.next; vme != &map->header; vme = vme->next) {
2393 if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) {
2394 mac_cred_mmapped_drop_perms_recurse(td, cred,
2395 vme->object.sub_map);
2399 * Skip over entries that obviously are not shared.
2401 if (vme->eflags & (MAP_ENTRY_COW | MAP_ENTRY_NOSYNC) ||
2402 !vme->max_protection)
2405 * Drill down to the deepest backing object.
2407 offset = vme->offset;
2408 object = vme->object.vm_object;
2411 while (object->backing_object != NULL) {
2412 object = object->backing_object;
2413 offset += object->backing_object_offset;
2416 * At the moment, vm_maps and objects aren't considered
2417 * by the MAC system, so only things with backing by a
2418 * normal object (read: vnodes) are checked.
2420 if (object->type != OBJT_VNODE)
2422 vp = (struct vnode *)object->handle;
2423 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
2424 result = vme->max_protection;
2425 mac_check_vnode_mmap_downgrade(cred, vp, &result);
2426 VOP_UNLOCK(vp, 0, td);
2428 * Find out what maximum protection we may be allowing
2429 * now but a policy needs to get removed.
2431 revokeperms = vme->max_protection & ~result;
2434 printf("pid %ld: revoking %s perms from %#lx:%ld "
2435 "(max %s/cur %s)\n", (long)td->td_proc->p_pid,
2436 prot2str(revokeperms), (u_long)vme->start,
2437 (long)(vme->end - vme->start),
2438 prot2str(vme->max_protection), prot2str(vme->protection));
2439 vm_map_lock_upgrade(map);
2441 * This is the really simple case: if a map has more
2442 * max_protection than is allowed, but it's not being
2443 * actually used (that is, the current protection is
2444 * still allowed), we can just wipe it out and do
2447 if ((vme->protection & revokeperms) == 0) {
2448 vme->max_protection -= revokeperms;
2450 if (revokeperms & VM_PROT_WRITE) {
2452 * In the more complicated case, flush out all
2453 * pending changes to the object then turn it
2456 vm_object_reference(object);
2457 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
2458 vm_object_page_clean(object,
2460 OFF_TO_IDX(offset + vme->end - vme->start +
2463 VOP_UNLOCK(vp, 0, td);
2464 vm_object_deallocate(object);
2466 * Why bother if there's no read permissions
2467 * anymore? For the rest, we need to leave
2468 * the write permissions on for COW, or
2469 * remove them entirely if configured to.
2471 if (!mac_mmap_revocation_via_cow) {
2472 vme->max_protection &= ~VM_PROT_WRITE;
2473 vme->protection &= ~VM_PROT_WRITE;
2474 } if ((revokeperms & VM_PROT_READ) == 0)
2475 vme->eflags |= MAP_ENTRY_COW |
2476 MAP_ENTRY_NEEDS_COPY;
2478 if (revokeperms & VM_PROT_EXECUTE) {
2479 vme->max_protection &= ~VM_PROT_EXECUTE;
2480 vme->protection &= ~VM_PROT_EXECUTE;
2482 if (revokeperms & VM_PROT_READ) {
2483 vme->max_protection = 0;
2484 vme->protection = 0;
2486 pmap_protect(map->pmap, vme->start, vme->end,
2487 vme->protection & ~revokeperms);
2488 vm_map_simplify_entry(map, vme);
2490 vm_map_lock_downgrade(map);
2492 vm_map_unlock_read(map);
2496 * When the subject's label changes, it may require revocation of privilege
2497 * to mapped objects. This can't be done on-the-fly later with a unified
2501 mac_relabel_cred(struct ucred *cred, struct label *newlabel)
2504 MAC_PERFORM(relabel_cred, cred, newlabel);
2508 mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel)
2511 MAC_PERFORM(relabel_vnode, cred, vp, &vp->v_label, newlabel);
2515 mac_create_ifnet(struct ifnet *ifnet)
2518 MAC_PERFORM(create_ifnet, ifnet, &ifnet->if_label);
2522 mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d)
2525 MAC_PERFORM(create_bpfdesc, cred, bpf_d, &bpf_d->bd_label);
2529 mac_create_socket(struct ucred *cred, struct socket *socket)
2532 MAC_PERFORM(create_socket, cred, socket, &socket->so_label);
2536 mac_create_pipe(struct ucred *cred, struct pipe *pipe)
2539 MAC_PERFORM(create_pipe, cred, pipe, pipe->pipe_label);
2543 mac_create_socket_from_socket(struct socket *oldsocket,
2544 struct socket *newsocket)
2547 MAC_PERFORM(create_socket_from_socket, oldsocket, &oldsocket->so_label,
2548 newsocket, &newsocket->so_label);
2552 mac_relabel_socket(struct ucred *cred, struct socket *socket,
2553 struct label *newlabel)
2556 MAC_PERFORM(relabel_socket, cred, socket, &socket->so_label, newlabel);
2560 mac_relabel_pipe(struct ucred *cred, struct pipe *pipe, struct label *newlabel)
2563 MAC_PERFORM(relabel_pipe, cred, pipe, pipe->pipe_label, newlabel);
2567 mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
2570 MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, &mbuf->m_pkthdr.label,
2571 socket, &socket->so_peerlabel);
2575 mac_set_socket_peer_from_socket(struct socket *oldsocket,
2576 struct socket *newsocket)
2579 MAC_PERFORM(set_socket_peer_from_socket, oldsocket,
2580 &oldsocket->so_label, newsocket, &newsocket->so_peerlabel);
2584 mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram)
2587 MAC_PERFORM(create_datagram_from_ipq, ipq, &ipq->ipq_label,
2588 datagram, &datagram->m_pkthdr.label);
2592 mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment)
2595 MAC_PERFORM(create_fragment, datagram, &datagram->m_pkthdr.label,
2596 fragment, &fragment->m_pkthdr.label);
2600 mac_create_ipq(struct mbuf *fragment, struct ipq *ipq)
2603 MAC_PERFORM(create_ipq, fragment, &fragment->m_pkthdr.label, ipq,
2608 mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf)
2611 MAC_PERFORM(create_mbuf_from_mbuf, oldmbuf, &oldmbuf->m_pkthdr.label,
2612 newmbuf, &newmbuf->m_pkthdr.label);
2616 mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
2619 MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, &bpf_d->bd_label, mbuf,
2620 &mbuf->m_pkthdr.label);
2624 mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *mbuf)
2627 MAC_PERFORM(create_mbuf_linklayer, ifnet, &ifnet->if_label, mbuf,
2628 &mbuf->m_pkthdr.label);
2632 mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *mbuf)
2635 MAC_PERFORM(create_mbuf_from_ifnet, ifnet, &ifnet->if_label, mbuf,
2636 &mbuf->m_pkthdr.label);
2640 mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet,
2641 struct mbuf *newmbuf)
2644 MAC_PERFORM(create_mbuf_multicast_encap, oldmbuf,
2645 &oldmbuf->m_pkthdr.label, ifnet, &ifnet->if_label, newmbuf,
2646 &newmbuf->m_pkthdr.label);
2650 mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
2653 MAC_PERFORM(create_mbuf_netlayer, oldmbuf, &oldmbuf->m_pkthdr.label,
2654 newmbuf, &newmbuf->m_pkthdr.label);
2658 mac_fragment_match(struct mbuf *fragment, struct ipq *ipq)
2663 MAC_BOOLEAN(fragment_match, &&, fragment, &fragment->m_pkthdr.label,
2664 ipq, &ipq->ipq_label);
2670 mac_update_ipq(struct mbuf *fragment, struct ipq *ipq)
2673 MAC_PERFORM(update_ipq, fragment, &fragment->m_pkthdr.label, ipq,
2678 mac_create_mbuf_from_socket(struct socket *socket, struct mbuf *mbuf)
2681 MAC_PERFORM(create_mbuf_from_socket, socket, &socket->so_label, mbuf,
2682 &mbuf->m_pkthdr.label);
2686 mac_create_mount(struct ucred *cred, struct mount *mp)
2689 MAC_PERFORM(create_mount, cred, mp, &mp->mnt_mntlabel,
2694 mac_create_root_mount(struct ucred *cred, struct mount *mp)
2697 MAC_PERFORM(create_root_mount, cred, mp, &mp->mnt_mntlabel,
2702 mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
2706 if (!mac_enforce_network)
2709 MAC_CHECK(check_bpfdesc_receive, bpf_d, &bpf_d->bd_label, ifnet,
2716 mac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
2720 MAC_CHECK(check_cred_relabel, cred, newlabel);
2726 mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
2730 if (!mac_enforce_process)
2733 MAC_CHECK(check_cred_visible, u1, u2);
2739 mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
2743 if (!mac_enforce_network)
2746 KASSERT(mbuf->m_flags & M_PKTHDR, ("packet has no pkthdr"));
2747 if (!(mbuf->m_pkthdr.label.l_flags & MAC_FLAG_INITIALIZED))
2748 if_printf(ifnet, "not initialized\n");
2750 MAC_CHECK(check_ifnet_transmit, ifnet, &ifnet->if_label, mbuf,
2751 &mbuf->m_pkthdr.label);
2757 mac_check_mount_stat(struct ucred *cred, struct mount *mount)
2761 if (!mac_enforce_fs)
2764 MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel);
2770 mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
2775 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2777 if (!mac_enforce_pipe)
2780 MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
2786 mac_check_pipe_poll(struct ucred *cred, struct pipe *pipe)
2790 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2792 if (!mac_enforce_pipe)
2795 MAC_CHECK(check_pipe_poll, cred, pipe, pipe->pipe_label);
2801 mac_check_pipe_read(struct ucred *cred, struct pipe *pipe)
2805 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2807 if (!mac_enforce_pipe)
2810 MAC_CHECK(check_pipe_read, cred, pipe, pipe->pipe_label);
2816 mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
2817 struct label *newlabel)
2821 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2823 if (!mac_enforce_pipe)
2826 MAC_CHECK(check_pipe_relabel, cred, pipe, pipe->pipe_label, newlabel);
2832 mac_check_pipe_stat(struct ucred *cred, struct pipe *pipe)
2836 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2838 if (!mac_enforce_pipe)
2841 MAC_CHECK(check_pipe_stat, cred, pipe, pipe->pipe_label);
2847 mac_check_pipe_write(struct ucred *cred, struct pipe *pipe)
2851 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
2853 if (!mac_enforce_pipe)
2856 MAC_CHECK(check_pipe_write, cred, pipe, pipe->pipe_label);
2862 mac_check_proc_debug(struct ucred *cred, struct proc *proc)
2866 PROC_LOCK_ASSERT(proc, MA_OWNED);
2868 if (!mac_enforce_process)
2871 MAC_CHECK(check_proc_debug, cred, proc);
2877 mac_check_proc_sched(struct ucred *cred, struct proc *proc)
2881 PROC_LOCK_ASSERT(proc, MA_OWNED);
2883 if (!mac_enforce_process)
2886 MAC_CHECK(check_proc_sched, cred, proc);
2892 mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
2896 PROC_LOCK_ASSERT(proc, MA_OWNED);
2898 if (!mac_enforce_process)
2901 MAC_CHECK(check_proc_signal, cred, proc, signum);
2907 mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
2908 struct sockaddr *sockaddr)
2912 if (!mac_enforce_socket)
2915 MAC_CHECK(check_socket_bind, ucred, socket, &socket->so_label,
2922 mac_check_socket_connect(struct ucred *cred, struct socket *socket,
2923 struct sockaddr *sockaddr)
2927 if (!mac_enforce_socket)
2930 MAC_CHECK(check_socket_connect, cred, socket, &socket->so_label,
2937 mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf)
2941 if (!mac_enforce_socket)
2944 MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf,
2945 &mbuf->m_pkthdr.label);
2951 mac_check_socket_listen(struct ucred *cred, struct socket *socket)
2955 if (!mac_enforce_socket)
2958 MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label);
2963 mac_check_socket_receive(struct ucred *cred, struct socket *so)
2967 if (!mac_enforce_socket)
2970 MAC_CHECK(check_socket_receive, cred, so, &so->so_label);
2976 mac_check_socket_relabel(struct ucred *cred, struct socket *socket,
2977 struct label *newlabel)
2981 MAC_CHECK(check_socket_relabel, cred, socket, &socket->so_label,
2988 mac_check_socket_send(struct ucred *cred, struct socket *so)
2992 if (!mac_enforce_socket)
2995 MAC_CHECK(check_socket_send, cred, so, &so->so_label);
3001 mac_check_socket_visible(struct ucred *cred, struct socket *socket)
3005 if (!mac_enforce_socket)
3008 MAC_CHECK(check_socket_visible, cred, socket, &socket->so_label);
3014 mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
3015 struct ifnet *ifnet)
3017 char *elements, *buffer;
3021 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac));
3025 error = mac_check_structmac_consistent(&mac);
3029 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3030 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3032 free(elements, M_MACTEMP);
3036 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3037 error = mac_externalize_ifnet_label(&ifnet->if_label, elements,
3038 buffer, mac.m_buflen, M_WAITOK);
3040 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3042 free(buffer, M_MACTEMP);
3043 free(elements, M_MACTEMP);
3049 mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
3050 struct ifnet *ifnet)
3052 struct label intlabel;
3057 error = copyin(ifr->ifr_ifru.ifru_data, &mac, sizeof(mac));
3061 error = mac_check_structmac_consistent(&mac);
3065 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3066 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3068 free(buffer, M_MACTEMP);
3072 mac_init_ifnet_label(&intlabel);
3073 error = mac_internalize_ifnet_label(&intlabel, buffer);
3074 free(buffer, M_MACTEMP);
3076 mac_destroy_ifnet_label(&intlabel);
3081 * XXX: Note that this is a redundant privilege check, since
3082 * policies impose this check themselves if required by the
3083 * policy. Eventually, this should go away.
3085 error = suser_cred(cred, 0);
3087 mac_destroy_ifnet_label(&intlabel);
3091 MAC_CHECK(check_ifnet_relabel, cred, ifnet, &ifnet->if_label,
3094 mac_destroy_ifnet_label(&intlabel);
3098 MAC_PERFORM(relabel_ifnet, cred, ifnet, &ifnet->if_label, &intlabel);
3100 mac_destroy_ifnet_label(&intlabel);
3105 mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp)
3108 MAC_PERFORM(create_devfs_vnode, de, &de->de_label, vp, &vp->v_label);
3112 mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
3115 MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
3119 mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
3120 struct devfs_dirent *de)
3123 MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
3128 mac_create_devfs_directory(char *dirname, int dirnamelen,
3129 struct devfs_dirent *de)
3132 MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
3137 mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
3140 struct label intlabel;
3144 error = mac_check_structmac_consistent(mac);
3148 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3149 error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
3151 free(buffer, M_MACTEMP);
3155 mac_init_socket_label(&intlabel, M_WAITOK);
3156 error = mac_internalize_socket_label(&intlabel, buffer);
3157 free(buffer, M_MACTEMP);
3159 mac_destroy_socket_label(&intlabel);
3163 mac_check_socket_relabel(cred, so, &intlabel);
3165 mac_destroy_socket_label(&intlabel);
3169 mac_relabel_socket(cred, so, &intlabel);
3171 mac_destroy_socket_label(&intlabel);
3176 mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, struct label *label)
3180 PIPE_LOCK_ASSERT(pipe, MA_OWNED);
3182 error = mac_check_pipe_relabel(cred, pipe, label);
3186 mac_relabel_pipe(cred, pipe, label);
3192 mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
3195 char *buffer, *elements;
3198 error = mac_check_structmac_consistent(mac);
3202 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3203 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
3205 free(elements, M_MACTEMP);
3209 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3210 error = mac_externalize_socket_label(&so->so_label, elements,
3211 buffer, mac->m_buflen, M_WAITOK);
3213 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
3215 free(buffer, M_MACTEMP);
3216 free(elements, M_MACTEMP);
3222 mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
3225 char *elements, *buffer;
3228 error = mac_check_structmac_consistent(mac);
3232 elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
3233 error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
3235 free(elements, M_MACTEMP);
3239 buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3240 error = mac_externalize_socket_peer_label(&so->so_peerlabel,
3241 elements, buffer, mac->m_buflen, M_WAITOK);
3243 error = copyout(buffer, mac->m_string, strlen(buffer)+1);
3245 free(buffer, M_MACTEMP);
3246 free(elements, M_MACTEMP);
3252 * Implementation of VOP_SETLABEL() that relies on extended attributes
3253 * to store label data. Can be referenced by filesystems supporting
3254 * extended attributes.
3257 vop_stdsetlabel_ea(struct vop_setlabel_args *ap)
3259 struct vnode *vp = ap->a_vp;
3260 struct label *intlabel = ap->a_label;
3263 ASSERT_VOP_LOCKED(vp, "vop_stdsetlabel_ea");
3265 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)
3266 return (EOPNOTSUPP);
3268 error = mac_setlabel_vnode_extattr(ap->a_cred, vp, intlabel);
3272 mac_relabel_vnode(ap->a_cred, vp, intlabel);
3278 vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
3282 if (vp->v_mount == NULL) {
3283 /* printf("vn_setlabel: null v_mount\n"); */
3284 if (vp->v_type != VNON)
3285 printf("vn_setlabel: null v_mount with non-VNON\n");
3289 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)
3290 return (EOPNOTSUPP);
3293 * Multi-phase commit. First check the policies to confirm the
3294 * change is OK. Then commit via the filesystem. Finally,
3295 * update the actual vnode label. Question: maybe the filesystem
3296 * should update the vnode at the end as part of VOP_SETLABEL()?
3298 error = mac_check_vnode_relabel(cred, vp, intlabel);
3303 * VADMIN provides the opportunity for the filesystem to make
3304 * decisions about who is and is not able to modify labels
3305 * and protections on files. This might not be right. We can't
3306 * assume VOP_SETLABEL() will do it, because we might implement
3307 * that as part of vop_stdsetlabel_ea().
3309 error = VOP_ACCESS(vp, VADMIN, cred, curthread);
3313 error = VOP_SETLABEL(vp, intlabel, cred, curthread);
3321 __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
3323 char *elements, *buffer;
3326 struct ucred *tcred;
3329 error = copyin(SCARG(uap, mac_p), &mac, sizeof(mac));
3333 error = mac_check_structmac_consistent(&mac);
3337 tproc = pfind(uap->pid);
3341 tcred = NULL; /* Satisfy gcc. */
3342 error = p_cansee(td, tproc);
3344 tcred = crhold(tproc->p_ucred);
3349 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3350 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3352 free(elements, M_MACTEMP);
3357 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3358 error = mac_externalize_cred_label(&tcred->cr_label, elements,
3359 buffer, mac.m_buflen, M_WAITOK);
3361 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3363 free(buffer, M_MACTEMP);
3364 free(elements, M_MACTEMP);
3373 __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
3375 char *elements, *buffer;
3379 error = copyin(uap->mac_p, &mac, sizeof(mac));
3383 error = mac_check_structmac_consistent(&mac);
3387 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3388 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3390 free(elements, M_MACTEMP);
3394 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3395 error = mac_externalize_cred_label(&td->td_ucred->cr_label,
3396 elements, buffer, mac.m_buflen, M_WAITOK);
3398 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3400 free(buffer, M_MACTEMP);
3401 free(elements, M_MACTEMP);
3409 __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
3411 struct ucred *newcred, *oldcred;
3412 struct label intlabel;
3418 error = copyin(uap->mac_p, &mac, sizeof(mac));
3422 error = mac_check_structmac_consistent(&mac);
3426 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3427 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3429 free(buffer, M_MACTEMP);
3433 mac_init_cred_label(&intlabel);
3434 error = mac_internalize_cred_label(&intlabel, buffer);
3435 free(buffer, M_MACTEMP);
3437 mac_destroy_cred_label(&intlabel);
3445 oldcred = p->p_ucred;
3447 error = mac_check_cred_relabel(oldcred, &intlabel);
3455 crcopy(newcred, oldcred);
3456 mac_relabel_cred(newcred, &intlabel);
3457 p->p_ucred = newcred;
3460 * Grab additional reference for use while revoking mmaps, prior
3461 * to releasing the proc lock and sharing the cred.
3466 if (mac_enforce_vm) {
3468 mac_cred_mmapped_drop_perms(td, newcred);
3472 crfree(newcred); /* Free revocation reference. */
3476 mac_destroy_cred_label(&intlabel);
3484 __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
3486 char *elements, *buffer;
3487 struct label intlabel;
3495 error = copyin(uap->mac_p, &mac, sizeof(mac));
3499 error = mac_check_structmac_consistent(&mac);
3503 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3504 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3506 free(elements, M_MACTEMP);
3510 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3511 mtx_lock(&Giant); /* VFS */
3512 error = fget(td, SCARG(uap, fd), &fp);
3516 label_type = fp->f_type;
3517 switch (fp->f_type) {
3520 vp = (struct vnode *)fp->f_data;
3522 mac_init_vnode_label(&intlabel);
3524 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3525 mac_copy_vnode_label(&vp->v_label, &intlabel);
3526 VOP_UNLOCK(vp, 0, td);
3530 pipe = (struct pipe *)fp->f_data;
3532 mac_init_pipe_label(&intlabel);
3535 mac_copy_pipe_label(pipe->pipe_label, &intlabel);
3545 switch (label_type) {
3549 error = mac_externalize_vnode_label(&intlabel,
3550 elements, buffer, mac.m_buflen, M_WAITOK);
3551 mac_destroy_vnode_label(&intlabel);
3554 error = mac_externalize_pipe_label(&intlabel, elements,
3555 buffer, mac.m_buflen, M_WAITOK);
3556 mac_destroy_pipe_label(&intlabel);
3559 panic("__mac_get_fd: corrupted label_type");
3563 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3566 mtx_unlock(&Giant); /* VFS */
3567 free(buffer, M_MACTEMP);
3568 free(elements, M_MACTEMP);
3577 __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
3579 char *elements, *buffer;
3580 struct nameidata nd;
3581 struct label intlabel;
3585 error = copyin(uap->mac_p, &mac, sizeof(mac));
3589 error = mac_check_structmac_consistent(&mac);
3593 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3594 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3596 free(elements, M_MACTEMP);
3600 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3601 mtx_lock(&Giant); /* VFS */
3602 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p,
3608 mac_init_vnode_label(&intlabel);
3609 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
3610 error = mac_externalize_vnode_label(&intlabel, elements, buffer,
3611 mac.m_buflen, M_WAITOK);
3614 mac_destroy_vnode_label(&intlabel);
3617 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3620 mtx_unlock(&Giant); /* VFS */
3622 free(buffer, M_MACTEMP);
3623 free(elements, M_MACTEMP);
3632 __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
3634 char *elements, *buffer;
3635 struct nameidata nd;
3636 struct label intlabel;
3640 error = copyin(uap->mac_p, &mac, sizeof(mac));
3644 error = mac_check_structmac_consistent(&mac);
3648 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3649 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
3651 free(elements, M_MACTEMP);
3655 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
3656 mtx_lock(&Giant); /* VFS */
3657 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p,
3663 mac_init_vnode_label(&intlabel);
3664 mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
3665 error = mac_externalize_vnode_label(&intlabel, elements, buffer,
3666 mac.m_buflen, M_WAITOK);
3668 mac_destroy_vnode_label(&intlabel);
3671 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
3674 mtx_unlock(&Giant); /* VFS */
3676 free(buffer, M_MACTEMP);
3677 free(elements, M_MACTEMP);
3686 __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
3688 struct label intlabel;
3697 error = copyin(uap->mac_p, &mac, sizeof(mac));
3701 error = mac_check_structmac_consistent(&mac);
3705 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3706 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3708 free(buffer, M_MACTEMP);
3712 mtx_lock(&Giant); /* VFS */
3714 error = fget(td, SCARG(uap, fd), &fp);
3718 switch (fp->f_type) {
3721 mac_init_vnode_label(&intlabel);
3722 error = mac_internalize_vnode_label(&intlabel, buffer);
3724 mac_destroy_vnode_label(&intlabel);
3728 vp = (struct vnode *)fp->f_data;
3729 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
3731 mac_destroy_vnode_label(&intlabel);
3735 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
3736 error = vn_setlabel(vp, &intlabel, td->td_ucred);
3737 VOP_UNLOCK(vp, 0, td);
3738 vn_finished_write(mp);
3740 mac_destroy_vnode_label(&intlabel);
3744 mac_init_pipe_label(&intlabel);
3745 error = mac_internalize_pipe_label(&intlabel, buffer);
3747 pipe = (struct pipe *)fp->f_data;
3749 error = mac_pipe_label_set(td->td_ucred, pipe,
3754 mac_destroy_pipe_label(&intlabel);
3763 mtx_unlock(&Giant); /* VFS */
3765 free(buffer, M_MACTEMP);
3774 __mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
3776 struct label intlabel;
3777 struct nameidata nd;
3783 error = copyin(uap->mac_p, &mac, sizeof(mac));
3787 error = mac_check_structmac_consistent(&mac);
3791 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3792 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3794 free(buffer, M_MACTEMP);
3798 mac_init_vnode_label(&intlabel);
3799 error = mac_internalize_vnode_label(&intlabel, buffer);
3800 free(buffer, M_MACTEMP);
3802 mac_destroy_vnode_label(&intlabel);
3806 mtx_lock(&Giant); /* VFS */
3808 NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, uap->path_p,
3812 error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
3814 error = vn_setlabel(nd.ni_vp, &intlabel,
3816 vn_finished_write(mp);
3820 mtx_unlock(&Giant); /* VFS */
3821 mac_destroy_vnode_label(&intlabel);
3830 __mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
3832 struct label intlabel;
3833 struct nameidata nd;
3839 error = copyin(uap->mac_p, &mac, sizeof(mac));
3843 error = mac_check_structmac_consistent(&mac);
3847 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
3848 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
3850 free(buffer, M_MACTEMP);
3854 mac_init_vnode_label(&intlabel);
3855 error = mac_internalize_vnode_label(&intlabel, buffer);
3856 free(buffer, M_MACTEMP);
3858 mac_destroy_vnode_label(&intlabel);
3862 mtx_lock(&Giant); /* VFS */
3864 NDINIT(&nd, LOOKUP, LOCKLEAF | NOFOLLOW, UIO_USERSPACE, uap->path_p,
3868 error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
3870 error = vn_setlabel(nd.ni_vp, &intlabel,
3872 vn_finished_write(mp);
3876 mtx_unlock(&Giant); /* VFS */
3877 mac_destroy_vnode_label(&intlabel);
3886 mac_syscall(struct thread *td, struct mac_syscall_args *uap)
3888 struct mac_policy_conf *mpc;
3889 char target[MAC_MAX_POLICY_NAME];
3892 error = copyinstr(SCARG(uap, policy), target, sizeof(target), NULL);
3897 MAC_POLICY_LIST_BUSY();
3898 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
3899 if (strcmp(mpc->mpc_name, target) == 0 &&
3900 mpc->mpc_ops->mpo_syscall != NULL) {
3901 error = mpc->mpc_ops->mpo_syscall(td,
3902 SCARG(uap, call), SCARG(uap, arg));
3908 MAC_POLICY_LIST_UNBUSY();
3912 SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
3913 SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
3918 __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
3925 __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
3932 __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
3939 __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
3946 __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
3953 __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
3960 __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
3967 __mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
3974 __mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
3981 mac_syscall(struct thread *td, struct mac_syscall_args *uap)