Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac/mac_sysv_msg.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project in part by Network 6 * Associates Laboratories, the Security Research Division of Network 7 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8 * as part of the DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD: releng/6.2/sys/security/mac/mac_sysv_msg.c 142383 2005-02-24 16:08:41Z rwatson $"); 34 35 #include "opt_mac.h" 36 37 #include <sys/param.h> 38 #include <sys/kernel.h> 39 #include <sys/lock.h> 40 #include <sys/malloc.h> 41 #include <sys/mutex.h> 42 #include <sys/mac.h> 43 #include <sys/sbuf.h> 44 #include <sys/systm.h> 45 #include <sys/vnode.h> 46 #include <sys/mount.h> 47 #include <sys/file.h> 48 #include <sys/namei.h> 49 #include <sys/sysctl.h> 50 #include <sys/msg.h> 51 52 #include <sys/mac_policy.h> 53 54 #include <security/mac/mac_internal.h> 55 56 static int mac_enforce_sysv_msg = 1; 57 SYSCTL_INT(_security_mac, OID_AUTO, enforce_sysv_msg, CTLFLAG_RW, 58 &mac_enforce_sysv_msg, 0, 59 "Enforce MAC policy on System V IPC Message Queues"); 60 TUNABLE_INT("security.mac.enforce_sysv_msg", &mac_enforce_sysv_msg); 61 62 #ifdef MAC_DEBUG 63 static unsigned int nmacipcmsgs, nmacipcmsqs; 64 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_msgs, CTLFLAG_RD, 65 &nmacipcmsgs, 0, "number of sysv ipc messages inuse"); 66 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_msqs, CTLFLAG_RD, 67 &nmacipcmsqs, 0, "number of sysv ipc message queue identifiers inuse"); 68 #endif 69 70 static struct label * 71 mac_sysv_msgmsg_label_alloc(void) 72 { 73 struct label *label; 74 75 label = mac_labelzone_alloc(M_WAITOK); 76 MAC_PERFORM(init_sysv_msgmsg_label, label); 77 MAC_DEBUG_COUNTER_INC(&nmacipcmsgs); 78 return (label); 79 } 80 81 void 82 mac_init_sysv_msgmsg(struct msg *msgptr) 83 { 84 85 msgptr->label = mac_sysv_msgmsg_label_alloc(); 86 } 87 88 static struct label * 89 mac_sysv_msgqueue_label_alloc(void) 90 { 91 struct label *label; 92 93 label = mac_labelzone_alloc(M_WAITOK); 94 MAC_PERFORM(init_sysv_msgqueue_label, label); 95 MAC_DEBUG_COUNTER_INC(&nmacipcmsqs); 96 return (label); 97 } 98 99 void 100 mac_init_sysv_msgqueue(struct msqid_kernel *msqkptr) 101 { 102 103 msqkptr->label = mac_sysv_msgqueue_label_alloc(); 104 } 105 106 static void 107 mac_sysv_msgmsg_label_free(struct label *label) 108 { 109 110 MAC_PERFORM(destroy_sysv_msgmsg_label, label); 111 mac_labelzone_free(label); 112 MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs); 113 } 114 115 void 116 mac_destroy_sysv_msgmsg(struct msg *msgptr) 117 { 118 119 mac_sysv_msgmsg_label_free(msgptr->label); 120 msgptr->label = NULL; 121 } 122 123 static void 124 mac_sysv_msgqueue_label_free(struct label *label) 125 { 126 127 MAC_PERFORM(destroy_sysv_msgqueue_label, label); 128 mac_labelzone_free(label); 129 MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs); 130 } 131 132 void 133 mac_destroy_sysv_msgqueue(struct msqid_kernel *msqkptr) 134 { 135 136 mac_sysv_msgqueue_label_free(msqkptr->label); 137 msqkptr->label = NULL; 138 } 139 140 void 141 mac_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 142 struct msg *msgptr) 143 { 144 145 MAC_PERFORM(create_sysv_msgmsg, cred, msqkptr, msqkptr->label, 146 msgptr, msgptr->label); 147 } 148 149 void 150 mac_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr) 151 { 152 153 MAC_PERFORM(create_sysv_msgqueue, cred, msqkptr, msqkptr->label); 154 } 155 156 void 157 mac_cleanup_sysv_msgmsg(struct msg *msgptr) 158 { 159 160 MAC_PERFORM(cleanup_sysv_msgmsg, msgptr->label); 161 } 162 163 void 164 mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr) 165 { 166 167 MAC_PERFORM(cleanup_sysv_msgqueue, msqkptr->label); 168 } 169 170 int 171 mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 172 struct msqid_kernel *msqkptr) 173 { 174 int error; 175 176 if (!mac_enforce_sysv_msg) 177 return (0); 178 179 MAC_CHECK(check_sysv_msgmsq, cred, msgptr, msgptr->label, msqkptr, 180 msqkptr->label); 181 182 return(error); 183 } 184 185 int 186 mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr) 187 { 188 int error; 189 190 if (!mac_enforce_sysv_msg) 191 return (0); 192 193 MAC_CHECK(check_sysv_msgrcv, cred, msgptr, msgptr->label); 194 195 return(error); 196 } 197 198 int 199 mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr) 200 { 201 int error; 202 203 if (!mac_enforce_sysv_msg) 204 return (0); 205 206 MAC_CHECK(check_sysv_msgrmid, cred, msgptr, msgptr->label); 207 208 return(error); 209 } 210 211 int 212 mac_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) 213 { 214 int error; 215 216 if (!mac_enforce_sysv_msg) 217 return (0); 218 219 MAC_CHECK(check_sysv_msqget, cred, msqkptr, msqkptr->label); 220 221 return(error); 222 } 223 224 int 225 mac_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) 226 { 227 int error; 228 229 if (!mac_enforce_sysv_msg) 230 return (0); 231 232 MAC_CHECK(check_sysv_msqsnd, cred, msqkptr, msqkptr->label); 233 234 return(error); 235 } 236 237 int 238 mac_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) 239 { 240 int error; 241 242 if (!mac_enforce_sysv_msg) 243 return (0); 244 245 MAC_CHECK(check_sysv_msqrcv, cred, msqkptr, msqkptr->label); 246 247 return(error); 248 } 249 250 int 251 mac_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 252 int cmd) 253 { 254 int error; 255 256 if (!mac_enforce_sysv_msg) 257 return (0); 258 259 MAC_CHECK(check_sysv_msqctl, cred, msqkptr, msqkptr->label, cmd); 260 261 return(error); 262 }
Cache object: 019dd71423cb7a80901fa961660d2137
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]