fxr.watson.org: sys/security/mac/mac

FreeBSD/Linux Kernel Cross Reference
sys/security/mac/mac_net.c

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /*- 2 * Copyright (c) 1999-2002, 2009, 2019 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2004 Networks Associates Technology, Inc. 5 * Copyright (c) 2006 SPARTA, Inc. 6 * Copyright (c) 2008 Apple Inc. 7 * All rights reserved. 8 * 9 * This software was developed by Robert Watson and Ilmar Habibulin for the 10 * TrustedBSD Project. 11 * 12 * This software was enhanced by SPARTA ISSO under SPAWAR contract 13 * N66001-04-C-6019 ("SEFOS"). 14 * 15 * This software was developed for the FreeBSD Project in part by Network 16 * Associates Laboratories, the Security Research Division of Network 17 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 18 * as part of the DARPA CHATS research program. 19 * 20 * This software was developed at the University of Cambridge Computer 21 * Laboratory with support from a grant from Google, Inc. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the above copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 32 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 35 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 42 * SUCH DAMAGE. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include "opt_mac.h" 49 50 #include <sys/param.h> 51 #include <sys/kernel.h> 52 #include <sys/lock.h> 53 #include <sys/malloc.h> 54 #include <sys/mutex.h> 55 #include <sys/mac.h> 56 #include <sys/priv.h> 57 #include <sys/sbuf.h> 58 #include <sys/sdt.h> 59 #include <sys/systm.h> 60 #include <sys/mount.h> 61 #include <sys/file.h> 62 #include <sys/namei.h> 63 #include <sys/protosw.h> 64 #include <sys/socket.h> 65 #include <sys/socketvar.h> 66 #include <sys/sysctl.h> 67 68 #include <net/bpfdesc.h> 69 #include <net/if.h> 70 #include <net/if_var.h> 71 72 #include <security/mac/mac_framework.h> 73 #include <security/mac/mac_internal.h> 74 #include <security/mac/mac_policy.h> 75 76 /* 77 * XXXRW: struct ifnet locking is incomplete in the network code, so we use 78 * our own global mutex for struct ifnet. Non-ideal, but should help in the 79 * SMP environment. 80 * 81 * This lock is acquired only if a loaded policy is using ifnet labeling. 82 * This should not ever change during a MAC policy check, itself, but could 83 * change during setup/return from a check, so we have to condition unlock on 84 * previous lock. 85 */ 86 struct mtx mac_ifnet_mtx; 87 MTX_SYSINIT(mac_ifnet_mtx, &mac_ifnet_mtx, "mac_ifnet", MTX_DEF); 88 89 /* 90 * Retrieve the label associated with an mbuf by searching for the tag. 91 * Depending on the value of mac_labelmbufs, it's possible that a label will 92 * not be present, in which case NULL is returned. Policies must handle the 93 * possibility of an mbuf not having label storage if they do not enforce 94 * early loading. 95 */ 96 struct label * 97 mac_mbuf_to_label(struct mbuf *m) 98 { 99 struct m_tag *tag; 100 struct label *label; 101 102 if (m == NULL) 103 return (NULL); 104 tag = m_tag_find(m, PACKET_TAG_MACLABEL, NULL); 105 if (tag == NULL) 106 return (NULL); 107 label = (struct label *)(tag+1); 108 return (label); 109 } 110 111 static struct label * 112 mac_bpfdesc_label_alloc(void) 113 { 114 struct label *label; 115 116 label = mac_labelzone_alloc(M_WAITOK); 117 MAC_POLICY_PERFORM(bpfdesc_init_label, label); 118 return (label); 119 } 120 121 void 122 mac_bpfdesc_init(struct bpf_d *d) 123 { 124 125 if (mac_labeled & MPC_OBJECT_BPFDESC) 126 d->bd_label = mac_bpfdesc_label_alloc(); 127 else 128 d->bd_label = NULL; 129 } 130 131 static struct label * 132 mac_ifnet_label_alloc(void) 133 { 134 struct label *label; 135 136 label = mac_labelzone_alloc(M_WAITOK); 137 MAC_POLICY_PERFORM(ifnet_init_label, label); 138 return (label); 139 } 140 141 void 142 mac_ifnet_init(struct ifnet *ifp) 143 { 144 145 if (mac_labeled & MPC_OBJECT_IFNET) 146 ifp->if_label = mac_ifnet_label_alloc(); 147 else 148 ifp->if_label = NULL; 149 } 150 151 int 152 mac_mbuf_tag_init(struct m_tag *tag, int flag) 153 { 154 struct label *label; 155 int error; 156 157 label = (struct label *) (tag + 1); 158 mac_init_label(label); 159 160 if (flag & M_WAITOK) 161 MAC_POLICY_CHECK(mbuf_init_label, label, flag); 162 else 163 MAC_POLICY_CHECK_NOSLEEP(mbuf_init_label, label, flag); 164 if (error) { 165 MAC_POLICY_PERFORM_NOSLEEP(mbuf_destroy_label, label); 166 mac_destroy_label(label); 167 } 168 return (error); 169 } 170 171 int 172 mac_mbuf_init(struct mbuf *m, int flag) 173 { 174 struct m_tag *tag; 175 int error; 176 177 M_ASSERTPKTHDR(m); 178 179 if (mac_labeled & MPC_OBJECT_MBUF) { 180 tag = m_tag_get(PACKET_TAG_MACLABEL, sizeof(struct label), 181 flag); 182 if (tag == NULL) 183 return (ENOMEM); 184 error = mac_mbuf_tag_init(tag, flag); 185 if (error) { 186 m_tag_free(tag); 187 return (error); 188 } 189 m_tag_prepend(m, tag); 190 } 191 return (0); 192 } 193 194 static void 195 mac_bpfdesc_label_free(struct label *label) 196 { 197 198 MAC_POLICY_PERFORM_NOSLEEP(bpfdesc_destroy_label, label); 199 mac_labelzone_free(label); 200 } 201 202 void 203 mac_bpfdesc_destroy(struct bpf_d *d) 204 { 205 206 if (d->bd_label != NULL) { 207 mac_bpfdesc_label_free(d->bd_label); 208 d->bd_label = NULL; 209 } 210 } 211 212 static void 213 mac_ifnet_label_free(struct label *label) 214 { 215 216 MAC_POLICY_PERFORM_NOSLEEP(ifnet_destroy_label, label); 217 mac_labelzone_free(label); 218 } 219 220 void 221 mac_ifnet_destroy(struct ifnet *ifp) 222 { 223 224 if (ifp->if_label != NULL) { 225 mac_ifnet_label_free(ifp->if_label); 226 ifp->if_label = NULL; 227 } 228 } 229 230 void 231 mac_mbuf_tag_destroy(struct m_tag *tag) 232 { 233 struct label *label; 234 235 label = (struct label *)(tag+1); 236 237 MAC_POLICY_PERFORM_NOSLEEP(mbuf_destroy_label, label); 238 mac_destroy_label(label); 239 } 240 241 /* 242 * mac_mbuf_tag_copy is called when an mbuf header is duplicated, in which 243 * case the labels must also be duplicated. 244 */ 245 void 246 mac_mbuf_tag_copy(struct m_tag *src, struct m_tag *dest) 247 { 248 struct label *src_label, *dest_label; 249 250 src_label = (struct label *)(src+1); 251 dest_label = (struct label *)(dest+1); 252 253 /* 254 * mac_mbuf_tag_init() is called on the target tag in m_tag_copy(), 255 * so we don't need to call it here. 256 */ 257 MAC_POLICY_PERFORM_NOSLEEP(mbuf_copy_label, src_label, dest_label); 258 } 259 260 void 261 mac_mbuf_copy(struct mbuf *m_from, struct mbuf *m_to) 262 { 263 struct label *src_label, *dest_label; 264 265 if (mac_policy_count == 0) 266 return; 267 268 src_label = mac_mbuf_to_label(m_from); 269 dest_label = mac_mbuf_to_label(m_to); 270 271 MAC_POLICY_PERFORM_NOSLEEP(mbuf_copy_label, src_label, dest_label); 272 } 273 274 static void 275 mac_ifnet_copy_label(struct label *src, struct label *dest) 276 { 277 278 MAC_POLICY_PERFORM_NOSLEEP(ifnet_copy_label, src, dest); 279 } 280 281 static int 282 mac_ifnet_externalize_label(struct label *label, char *elements, 283 char *outbuf, size_t outbuflen) 284 { 285 int error; 286 287 MAC_POLICY_EXTERNALIZE(ifnet, label, elements, outbuf, outbuflen); 288 289 return (error); 290 } 291 292 static int 293 mac_ifnet_internalize_label(struct label *label, char *string) 294 { 295 int error; 296 297 MAC_POLICY_INTERNALIZE(ifnet, label, string); 298 299 return (error); 300 } 301 302 void 303 mac_ifnet_create(struct ifnet *ifp) 304 { 305 int locked; 306 307 if (mac_policy_count == 0) 308 return; 309 310 MAC_IFNET_LOCK(ifp, locked); 311 MAC_POLICY_PERFORM_NOSLEEP(ifnet_create, ifp, ifp->if_label); 312 MAC_IFNET_UNLOCK(ifp, locked); 313 } 314 315 void 316 mac_bpfdesc_create(struct ucred *cred, struct bpf_d *d) 317 { 318 319 MAC_POLICY_PERFORM_NOSLEEP(bpfdesc_create, cred, d, d->bd_label); 320 } 321 322 void 323 mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m) 324 { 325 struct label *label; 326 327 /* Assume reader lock is enough. */ 328 BPFD_LOCK_ASSERT(d); 329 330 if (mac_policy_count == 0) 331 return; 332 333 label = mac_mbuf_to_label(m); 334 335 MAC_POLICY_PERFORM_NOSLEEP(bpfdesc_create_mbuf, d, d->bd_label, m, 336 label); 337 } 338 339 void 340 mac_ifnet_create_mbuf_impl(struct ifnet *ifp, struct mbuf *m) 341 { 342 struct label *label; 343 int locked; 344 345 label = mac_mbuf_to_label(m); 346 347 MAC_IFNET_LOCK(ifp, locked); 348 MAC_POLICY_PERFORM_NOSLEEP(ifnet_create_mbuf, ifp, ifp->if_label, m, 349 label); 350 MAC_IFNET_UNLOCK(ifp, locked); 351 } 352 353 MAC_CHECK_PROBE_DEFINE2(bpfdesc_check_receive, "struct bpf_d *", 354 "struct ifnet *"); 355 356 int 357 mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp) 358 { 359 int error, locked; 360 361 /* Assume reader lock is enough. */ 362 BPFD_LOCK_ASSERT(d); 363 364 if (mac_policy_count == 0) 365 return (0); 366 367 MAC_IFNET_LOCK(ifp, locked); 368 MAC_POLICY_CHECK_NOSLEEP(bpfdesc_check_receive, d, d->bd_label, ifp, 369 ifp->if_label); 370 MAC_CHECK_PROBE2(bpfdesc_check_receive, error, d, ifp); 371 MAC_IFNET_UNLOCK(ifp, locked); 372 373 return (error); 374 } 375 376 MAC_CHECK_PROBE_DEFINE2(ifnet_check_transmit, "struct ifnet *", 377 "struct mbuf *"); 378 379 int 380 mac_ifnet_check_transmit_impl(struct ifnet *ifp, struct mbuf *m) 381 { 382 struct label *label; 383 int error, locked; 384 385 M_ASSERTPKTHDR(m); 386 387 label = mac_mbuf_to_label(m); 388 389 MAC_IFNET_LOCK(ifp, locked); 390 MAC_POLICY_CHECK_NOSLEEP(ifnet_check_transmit, ifp, ifp->if_label, m, 391 label); 392 MAC_CHECK_PROBE2(ifnet_check_transmit, error, ifp, m); 393 MAC_IFNET_UNLOCK(ifp, locked); 394 395 return (error); 396 } 397 398 int 399 mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr, 400 struct ifnet *ifp) 401 { 402 char *elements, *buffer; 403 struct label *intlabel; 404 struct mac mac; 405 int error, locked; 406 407 if (!(mac_labeled & MPC_OBJECT_IFNET)) 408 return (EINVAL); 409 410 error = copyin(ifr_data_get_ptr(ifr), &mac, sizeof(mac)); 411 if (error) 412 return (error); 413 414 error = mac_check_structmac_consistent(&mac); 415 if (error) 416 return (error); 417 418 elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); 419 error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL); 420 if (error) { 421 free(elements, M_MACTEMP); 422 return (error); 423 } 424 425 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); 426 intlabel = mac_ifnet_label_alloc(); 427 MAC_IFNET_LOCK(ifp, locked); 428 mac_ifnet_copy_label(ifp->if_label, intlabel); 429 MAC_IFNET_UNLOCK(ifp, locked); 430 error = mac_ifnet_externalize_label(intlabel, elements, buffer, 431 mac.m_buflen); 432 mac_ifnet_label_free(intlabel); 433 if (error == 0) 434 error = copyout(buffer, mac.m_string, strlen(buffer)+1); 435 436 free(buffer, M_MACTEMP); 437 free(elements, M_MACTEMP); 438 439 return (error); 440 } 441 442 int 443 mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp) 444 { 445 struct label *intlabel; 446 struct mac mac; 447 char *buffer; 448 int error, locked; 449 450 if (!(mac_labeled & MPC_OBJECT_IFNET)) 451 return (EINVAL); 452 453 error = copyin(ifr_data_get_ptr(ifr), &mac, sizeof(mac)); 454 if (error) 455 return (error); 456 457 error = mac_check_structmac_consistent(&mac); 458 if (error) 459 return (error); 460 461 buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK); 462 error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL); 463 if (error) { 464 free(buffer, M_MACTEMP); 465 return (error); 466 } 467 468 intlabel = mac_ifnet_label_alloc(); 469 error = mac_ifnet_internalize_label(intlabel, buffer); 470 free(buffer, M_MACTEMP); 471 if (error) { 472 mac_ifnet_label_free(intlabel); 473 return (error); 474 } 475 476 /* 477 * XXX: Note that this is a redundant privilege check, since policies 478 * impose this check themselves if required by the policy 479 * Eventually, this should go away. 480 */ 481 error = priv_check_cred(cred, PRIV_NET_SETIFMAC); 482 if (error) { 483 mac_ifnet_label_free(intlabel); 484 return (error); 485 } 486 487 MAC_IFNET_LOCK(ifp, locked); 488 MAC_POLICY_CHECK_NOSLEEP(ifnet_check_relabel, cred, ifp, 489 ifp->if_label, intlabel); 490 if (error) { 491 MAC_IFNET_UNLOCK(ifp, locked); 492 mac_ifnet_label_free(intlabel); 493 return (error); 494 } 495 496 MAC_POLICY_PERFORM_NOSLEEP(ifnet_relabel, cred, ifp, ifp->if_label, 497 intlabel); 498 MAC_IFNET_UNLOCK(ifp, locked); 499 500 mac_ifnet_label_free(intlabel); 501 return (0); 502 }

Cache object: a422154ad192259568b3fb37fbc0e3a8

FreeBSD/Linux Kernel Cross Reference sys/security/mac/mac_net.c

FreeBSD/Linux Kernel Cross Reference
sys/security/mac/mac_net.c