2 * Copyright (c) 1999-2002, 2006, 2009 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
5 * Copyright (c) 2005-2006 SPARTA, Inc.
6 * Copyright (c) 2008 Apple Inc.
9 * This software was developed by Robert Watson and Ilmar Habibulin for the
12 * This software was developed for the FreeBSD Project in part by Network
13 * Associates Laboratories, the Security Research Division of Network
14 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
15 * as part of the DARPA CHATS research program.
17 * This software was enhanced by SPARTA ISSO under SPAWAR contract
18 * N66001-04-C-6019 ("SEFOS").
20 * This software was developed at the University of Cambridge Computer
21 * Laboratory with support from a grant from Google, Inc.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the above copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
32 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
50 #include <sys/param.h>
51 #include <sys/capsicum.h>
52 #include <sys/fcntl.h>
53 #include <sys/kernel.h>
55 #include <sys/malloc.h>
56 #include <sys/mutex.h>
59 #include <sys/systm.h>
60 #include <sys/sysctl.h>
61 #include <sys/sysproto.h>
62 #include <sys/sysent.h>
63 #include <sys/vnode.h>
64 #include <sys/mount.h>
66 #include <sys/namei.h>
67 #include <sys/socket.h>
69 #include <sys/socketvar.h>
71 #include <security/mac/mac_framework.h>
72 #include <security/mac/mac_internal.h>
73 #include <security/mac/mac_policy.h>
77 FEATURE(security_mac, "Mandatory Access Control Framework support");
79 static int kern___mac_get_path(struct thread *td, const char *path_p,
80 struct mac *mac_p, int follow);
81 static int kern___mac_set_path(struct thread *td, const char *path_p,
82 struct mac *mac_p, int follow);
85 sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
87 char *elements, *buffer;
93 error = copyin(uap->mac_p, &mac, sizeof(mac));
97 error = mac_check_structmac_consistent(&mac);
101 tproc = pfind(uap->pid);
105 tcred = NULL; /* Satisfy gcc. */
106 error = p_cansee(td, tproc);
108 tcred = crhold(tproc->p_ucred);
113 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
114 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
116 free(elements, M_MACTEMP);
121 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
122 error = mac_cred_externalize_label(tcred->cr_label, elements,
123 buffer, mac.m_buflen);
125 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
127 free(buffer, M_MACTEMP);
128 free(elements, M_MACTEMP);
134 sys___mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
136 char *elements, *buffer;
140 error = copyin(uap->mac_p, &mac, sizeof(mac));
144 error = mac_check_structmac_consistent(&mac);
148 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
149 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
151 free(elements, M_MACTEMP);
155 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
156 error = mac_cred_externalize_label(td->td_ucred->cr_label,
157 elements, buffer, mac.m_buflen);
159 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
161 free(buffer, M_MACTEMP);
162 free(elements, M_MACTEMP);
167 sys___mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
169 struct ucred *newcred, *oldcred;
170 struct label *intlabel;
176 if (!(mac_labeled & MPC_OBJECT_CRED))
179 error = copyin(uap->mac_p, &mac, sizeof(mac));
183 error = mac_check_structmac_consistent(&mac);
187 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
188 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
190 free(buffer, M_MACTEMP);
194 intlabel = mac_cred_label_alloc();
195 error = mac_cred_internalize_label(intlabel, buffer);
196 free(buffer, M_MACTEMP);
204 oldcred = p->p_ucred;
206 error = mac_cred_check_relabel(oldcred, intlabel);
214 crcopy(newcred, oldcred);
215 mac_cred_relabel(newcred, intlabel);
216 proc_set_cred(p, newcred);
220 mac_proc_vm_revoke(td);
223 mac_cred_label_free(intlabel);
228 sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
230 char *elements, *buffer;
231 struct label *intlabel;
240 error = copyin(uap->mac_p, &mac, sizeof(mac));
244 error = mac_check_structmac_consistent(&mac);
248 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
249 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
251 free(elements, M_MACTEMP);
255 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
256 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_MAC_GET), &fp);
260 switch (fp->f_type) {
263 if (!(mac_labeled & MPC_OBJECT_VNODE)) {
268 intlabel = mac_vnode_label_alloc();
269 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
270 mac_vnode_copy_label(vp->v_label, intlabel);
272 error = mac_vnode_externalize_label(intlabel, elements,
273 buffer, mac.m_buflen);
274 mac_vnode_label_free(intlabel);
278 if (!(mac_labeled & MPC_OBJECT_PIPE)) {
283 intlabel = mac_pipe_label_alloc();
285 mac_pipe_copy_label(pipe->pipe_pair->pp_label, intlabel);
287 error = mac_pipe_externalize_label(intlabel, elements,
288 buffer, mac.m_buflen);
289 mac_pipe_label_free(intlabel);
293 if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
298 intlabel = mac_socket_label_alloc(M_WAITOK);
300 mac_socket_copy_label(so->so_label, intlabel);
302 error = mac_socket_externalize_label(intlabel, elements,
303 buffer, mac.m_buflen);
304 mac_socket_label_free(intlabel);
311 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
315 free(buffer, M_MACTEMP);
316 free(elements, M_MACTEMP);
321 sys___mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
324 return (kern___mac_get_path(td, uap->path_p, uap->mac_p, FOLLOW));
328 sys___mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
331 return (kern___mac_get_path(td, uap->path_p, uap->mac_p, NOFOLLOW));
335 kern___mac_get_path(struct thread *td, const char *path_p, struct mac *mac_p,
338 char *elements, *buffer;
340 struct label *intlabel;
344 if (!(mac_labeled & MPC_OBJECT_VNODE))
347 error = copyin(mac_p, &mac, sizeof(mac));
351 error = mac_check_structmac_consistent(&mac);
355 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
356 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
358 free(elements, M_MACTEMP);
362 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
363 NDINIT(&nd, LOOKUP, LOCKLEAF | follow, UIO_USERSPACE, path_p, td);
368 intlabel = mac_vnode_label_alloc();
369 mac_vnode_copy_label(nd.ni_vp->v_label, intlabel);
370 error = mac_vnode_externalize_label(intlabel, elements, buffer,
373 mac_vnode_label_free(intlabel);
376 error = copyout(buffer, mac.m_string, strlen(buffer)+1);
379 free(buffer, M_MACTEMP);
380 free(elements, M_MACTEMP);
386 sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
388 struct label *intlabel;
399 error = copyin(uap->mac_p, &mac, sizeof(mac));
403 error = mac_check_structmac_consistent(&mac);
407 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
408 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
410 free(buffer, M_MACTEMP);
414 error = fget(td, uap->fd, cap_rights_init(&rights, CAP_MAC_SET), &fp);
418 switch (fp->f_type) {
421 if (!(mac_labeled & MPC_OBJECT_VNODE)) {
425 intlabel = mac_vnode_label_alloc();
426 error = mac_vnode_internalize_label(intlabel, buffer);
428 mac_vnode_label_free(intlabel);
432 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
434 mac_vnode_label_free(intlabel);
437 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
438 error = vn_setlabel(vp, intlabel, td->td_ucred);
440 vn_finished_write(mp);
441 mac_vnode_label_free(intlabel);
445 if (!(mac_labeled & MPC_OBJECT_PIPE)) {
449 intlabel = mac_pipe_label_alloc();
450 error = mac_pipe_internalize_label(intlabel, buffer);
454 error = mac_pipe_label_set(td->td_ucred,
455 pipe->pipe_pair, intlabel);
458 mac_pipe_label_free(intlabel);
462 if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
466 intlabel = mac_socket_label_alloc(M_WAITOK);
467 error = mac_socket_internalize_label(intlabel, buffer);
470 error = mac_socket_label_set(td->td_ucred, so,
473 mac_socket_label_free(intlabel);
482 free(buffer, M_MACTEMP);
487 sys___mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
490 return (kern___mac_set_path(td, uap->path_p, uap->mac_p, FOLLOW));
494 sys___mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
497 return (kern___mac_set_path(td, uap->path_p, uap->mac_p, NOFOLLOW));
501 kern___mac_set_path(struct thread *td, const char *path_p, struct mac *mac_p,
504 struct label *intlabel;
511 if (!(mac_labeled & MPC_OBJECT_VNODE))
514 error = copyin(mac_p, &mac, sizeof(mac));
518 error = mac_check_structmac_consistent(&mac);
522 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
523 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
525 free(buffer, M_MACTEMP);
529 intlabel = mac_vnode_label_alloc();
530 error = mac_vnode_internalize_label(intlabel, buffer);
531 free(buffer, M_MACTEMP);
535 NDINIT(&nd, LOOKUP, LOCKLEAF | follow, UIO_USERSPACE, path_p, td);
538 error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
540 error = vn_setlabel(nd.ni_vp, intlabel,
542 vn_finished_write(mp);
548 mac_vnode_label_free(intlabel);
553 sys_mac_syscall(struct thread *td, struct mac_syscall_args *uap)
555 struct mac_policy_conf *mpc;
556 char target[MAC_MAX_POLICY_NAME];
559 error = copyinstr(uap->policy, target, sizeof(target), NULL);
564 LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
565 if (strcmp(mpc->mpc_name, target) == 0 &&
566 mpc->mpc_ops->mpo_syscall != NULL) {
567 error = mpc->mpc_ops->mpo_syscall(td,
568 uap->call, uap->arg);
573 if (!LIST_EMPTY(&mac_policy_list)) {
574 mac_policy_slock_sleep();
575 LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
576 if (strcmp(mpc->mpc_name, target) == 0 &&
577 mpc->mpc_ops->mpo_syscall != NULL) {
578 error = mpc->mpc_ops->mpo_syscall(td,
579 uap->call, uap->arg);
583 mac_policy_sunlock_sleep();
592 sys___mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
599 sys___mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
606 sys___mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
613 sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
620 sys___mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
627 sys___mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
634 sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
641 sys___mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
648 sys___mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
655 sys_mac_syscall(struct thread *td, struct mac_syscall_args *uap)