The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_biba/mac_biba.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson
    3  * Copyright (c) 2001-2005 McAfee, Inc.
    4  * Copyright (c) 2006 SPARTA, Inc.
    5  * All rights reserved.
    6  *
    7  * This software was developed by Robert Watson for the TrustedBSD Project.
    8  *
    9  * This software was developed for the FreeBSD Project in part by McAfee
   10  * Research, the Security Research Division of McAfee, Inc. under
   11  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
   12  * CHATS research program.
   13  *
   14  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   15  * N66001-04-C-6019 ("SEFOS").
   16  *
   17  * Redistribution and use in source and binary forms, with or without
   18  * modification, are permitted provided that the following conditions
   19  * are met:
   20  * 1. Redistributions of source code must retain the above copyright
   21  *    notice, this list of conditions and the following disclaimer.
   22  * 2. Redistributions in binary form must reproduce the above copyright
   23  *    notice, this list of conditions and the following disclaimer in the
   24  *    documentation and/or other materials provided with the distribution.
   25  *
   26  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   36  * SUCH DAMAGE.
   37  *
   38  * $FreeBSD: releng/8.4/sys/security/mac_biba/mac_biba.c 208680 2010-05-31 22:27:08Z rwatson $
   39  */
   40 
   41 /*
   42  * Developed by the TrustedBSD Project.
   43  *
   44  * Biba fixed label mandatory integrity policy.
   45  */
   46 
   47 #include <sys/param.h>
   48 #include <sys/conf.h>
   49 #include <sys/extattr.h>
   50 #include <sys/kernel.h>
   51 #include <sys/ksem.h>
   52 #include <sys/malloc.h>
   53 #include <sys/mman.h>
   54 #include <sys/mount.h>
   55 #include <sys/priv.h>
   56 #include <sys/proc.h>
   57 #include <sys/sbuf.h>
   58 #include <sys/systm.h>
   59 #include <sys/sysproto.h>
   60 #include <sys/sysent.h>
   61 #include <sys/systm.h>
   62 #include <sys/vnode.h>
   63 #include <sys/file.h>
   64 #include <sys/socket.h>
   65 #include <sys/socketvar.h>
   66 #include <sys/pipe.h>
   67 #include <sys/sx.h>
   68 #include <sys/sysctl.h>
   69 #include <sys/msg.h>
   70 #include <sys/sem.h>
   71 #include <sys/shm.h>
   72 
   73 #include <fs/devfs/devfs.h>
   74 
   75 #include <net/bpfdesc.h>
   76 #include <net/if.h>
   77 #include <net/if_types.h>
   78 #include <net/if_var.h>
   79 
   80 #include <netinet/in.h>
   81 #include <netinet/in_pcb.h>
   82 #include <netinet/ip_var.h>
   83 
   84 #include <vm/uma.h>
   85 #include <vm/vm.h>
   86 
   87 #include <security/mac/mac_policy.h>
   88 #include <security/mac_biba/mac_biba.h>
   89 
   90 SYSCTL_DECL(_security_mac);
   91 
   92 SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0,
   93     "TrustedBSD mac_biba policy controls");
   94 
   95 static int      biba_label_size = sizeof(struct mac_biba);
   96 SYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD,
   97     &biba_label_size, 0, "Size of struct mac_biba");
   98 
   99 static int      biba_enabled = 1;
  100 SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled,
  101     0, "Enforce MAC/Biba policy");
  102 TUNABLE_INT("security.mac.biba.enabled", &biba_enabled);
  103 
  104 static int      destroyed_not_inited;
  105 SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
  106     &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
  107 
  108 static int      trust_all_interfaces = 0;
  109 SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
  110     &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
  111 TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
  112 
  113 static char     trusted_interfaces[128];
  114 SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
  115     trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
  116 TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
  117     sizeof(trusted_interfaces));
  118 
  119 static int      max_compartments = MAC_BIBA_MAX_COMPARTMENTS;
  120 SYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD,
  121     &max_compartments, 0, "Maximum supported compartments");
  122 
  123 static int      ptys_equal = 0;
  124 SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal,
  125     0, "Label pty devices as biba/equal on create");
  126 TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
  127 
  128 static int      interfaces_equal = 1;
  129 SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
  130     &interfaces_equal, 0, "Label network interfaces as biba/equal on create");
  131 TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
  132 
  133 static int      revocation_enabled = 0;
  134 SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
  135     &revocation_enabled, 0, "Revoke access to objects on relabel");
  136 TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled);
  137 
  138 static int      biba_slot;
  139 #define SLOT(l) ((struct mac_biba *)mac_label_get((l), biba_slot))
  140 #define SLOT_SET(l, val) mac_label_set((l), biba_slot, (uintptr_t)(val))
  141 
  142 static uma_zone_t       zone_biba;
  143 
  144 static __inline int
  145 biba_bit_set_empty(u_char *set) {
  146         int i;
  147 
  148         for (i = 0; i < MAC_BIBA_MAX_COMPARTMENTS >> 3; i++)
  149                 if (set[i] != 0)
  150                         return (0);
  151         return (1);
  152 }
  153 
  154 static struct mac_biba *
  155 biba_alloc(int flag)
  156 {
  157 
  158         return (uma_zalloc(zone_biba, flag | M_ZERO));
  159 }
  160 
  161 static void
  162 biba_free(struct mac_biba *mb)
  163 {
  164 
  165         if (mb != NULL)
  166                 uma_zfree(zone_biba, mb);
  167         else
  168                 atomic_add_int(&destroyed_not_inited, 1);
  169 }
  170 
  171 static int
  172 biba_atmostflags(struct mac_biba *mb, int flags)
  173 {
  174 
  175         if ((mb->mb_flags & flags) != mb->mb_flags)
  176                 return (EINVAL);
  177         return (0);
  178 }
  179 
  180 static int
  181 biba_dominate_element(struct mac_biba_element *a, struct mac_biba_element *b)
  182 {
  183         int bit;
  184 
  185         switch (a->mbe_type) {
  186         case MAC_BIBA_TYPE_EQUAL:
  187         case MAC_BIBA_TYPE_HIGH:
  188                 return (1);
  189 
  190         case MAC_BIBA_TYPE_LOW:
  191                 switch (b->mbe_type) {
  192                 case MAC_BIBA_TYPE_GRADE:
  193                 case MAC_BIBA_TYPE_HIGH:
  194                         return (0);
  195 
  196                 case MAC_BIBA_TYPE_EQUAL:
  197                 case MAC_BIBA_TYPE_LOW:
  198                         return (1);
  199 
  200                 default:
  201                         panic("biba_dominate_element: b->mbe_type invalid");
  202                 }
  203 
  204         case MAC_BIBA_TYPE_GRADE:
  205                 switch (b->mbe_type) {
  206                 case MAC_BIBA_TYPE_EQUAL:
  207                 case MAC_BIBA_TYPE_LOW:
  208                         return (1);
  209 
  210                 case MAC_BIBA_TYPE_HIGH:
  211                         return (0);
  212 
  213                 case MAC_BIBA_TYPE_GRADE:
  214                         for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++)
  215                                 if (!MAC_BIBA_BIT_TEST(bit,
  216                                     a->mbe_compartments) &&
  217                                     MAC_BIBA_BIT_TEST(bit, b->mbe_compartments))
  218                                         return (0);
  219                         return (a->mbe_grade >= b->mbe_grade);
  220 
  221                 default:
  222                         panic("biba_dominate_element: b->mbe_type invalid");
  223                 }
  224 
  225         default:
  226                 panic("biba_dominate_element: a->mbe_type invalid");
  227         }
  228 
  229         return (0);
  230 }
  231 
  232 static int
  233 biba_subject_dominate_high(struct mac_biba *mb)
  234 {
  235         struct mac_biba_element *element;
  236 
  237         KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  238             ("biba_effective_in_range: mb not effective"));
  239         element = &mb->mb_effective;
  240 
  241         return (element->mbe_type == MAC_BIBA_TYPE_EQUAL ||
  242             element->mbe_type == MAC_BIBA_TYPE_HIGH);
  243 }
  244 
  245 static int
  246 biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb)
  247 {
  248 
  249         return (biba_dominate_element(&rangeb->mb_rangehigh,
  250             &rangea->mb_rangehigh) &&
  251             biba_dominate_element(&rangea->mb_rangelow,
  252             &rangeb->mb_rangelow));
  253 }
  254 
  255 static int
  256 biba_effective_in_range(struct mac_biba *effective, struct mac_biba *range)
  257 {
  258 
  259         KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  260             ("biba_effective_in_range: a not effective"));
  261         KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
  262             ("biba_effective_in_range: b not range"));
  263 
  264         return (biba_dominate_element(&range->mb_rangehigh,
  265             &effective->mb_effective) &&
  266             biba_dominate_element(&effective->mb_effective,
  267             &range->mb_rangelow));
  268 
  269         return (1);
  270 }
  271 
  272 static int
  273 biba_dominate_effective(struct mac_biba *a, struct mac_biba *b)
  274 {
  275         KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  276             ("biba_dominate_effective: a not effective"));
  277         KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  278             ("biba_dominate_effective: b not effective"));
  279 
  280         return (biba_dominate_element(&a->mb_effective, &b->mb_effective));
  281 }
  282 
  283 static int
  284 biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b)
  285 {
  286 
  287         if (a->mbe_type == MAC_BIBA_TYPE_EQUAL ||
  288             b->mbe_type == MAC_BIBA_TYPE_EQUAL)
  289                 return (1);
  290 
  291         return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade);
  292 }
  293 
  294 static int
  295 biba_equal_effective(struct mac_biba *a, struct mac_biba *b)
  296 {
  297 
  298         KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  299             ("biba_equal_effective: a not effective"));
  300         KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  301             ("biba_equal_effective: b not effective"));
  302 
  303         return (biba_equal_element(&a->mb_effective, &b->mb_effective));
  304 }
  305 
  306 static int
  307 biba_contains_equal(struct mac_biba *mb)
  308 {
  309 
  310         if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
  311                 if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL)
  312                         return (1);
  313         }
  314 
  315         if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) {
  316                 if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL)
  317                         return (1);
  318                 if (mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL)
  319                         return (1);
  320         }
  321 
  322         return (0);
  323 }
  324 
  325 static int
  326 biba_subject_privileged(struct mac_biba *mb)
  327 {
  328 
  329         KASSERT((mb->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH,
  330             ("biba_subject_privileged: subject doesn't have both labels"));
  331 
  332         /* If the effective is EQUAL, it's ok. */
  333         if (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL)
  334                 return (0);
  335 
  336         /* If either range endpoint is EQUAL, it's ok. */
  337         if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_EQUAL ||
  338             mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_EQUAL)
  339                 return (0);
  340 
  341         /* If the range is low-high, it's ok. */
  342         if (mb->mb_rangelow.mbe_type == MAC_BIBA_TYPE_LOW &&
  343             mb->mb_rangehigh.mbe_type == MAC_BIBA_TYPE_HIGH)
  344                 return (0);
  345 
  346         /* It's not ok. */
  347         return (EPERM);
  348 }
  349 
  350 static int
  351 biba_high_effective(struct mac_biba *mb)
  352 {
  353 
  354         KASSERT((mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  355             ("biba_equal_effective: mb not effective"));
  356 
  357         return (mb->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH);
  358 }
  359 
  360 static int
  361 biba_valid(struct mac_biba *mb)
  362 {
  363 
  364         if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
  365                 switch (mb->mb_effective.mbe_type) {
  366                 case MAC_BIBA_TYPE_GRADE:
  367                         break;
  368 
  369                 case MAC_BIBA_TYPE_EQUAL:
  370                 case MAC_BIBA_TYPE_HIGH:
  371                 case MAC_BIBA_TYPE_LOW:
  372                         if (mb->mb_effective.mbe_grade != 0 ||
  373                             !MAC_BIBA_BIT_SET_EMPTY(
  374                             mb->mb_effective.mbe_compartments))
  375                                 return (EINVAL);
  376                         break;
  377 
  378                 default:
  379                         return (EINVAL);
  380                 }
  381         } else {
  382                 if (mb->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF)
  383                         return (EINVAL);
  384         }
  385 
  386         if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) {
  387                 switch (mb->mb_rangelow.mbe_type) {
  388                 case MAC_BIBA_TYPE_GRADE:
  389                         break;
  390 
  391                 case MAC_BIBA_TYPE_EQUAL:
  392                 case MAC_BIBA_TYPE_HIGH:
  393                 case MAC_BIBA_TYPE_LOW:
  394                         if (mb->mb_rangelow.mbe_grade != 0 ||
  395                             !MAC_BIBA_BIT_SET_EMPTY(
  396                             mb->mb_rangelow.mbe_compartments))
  397                                 return (EINVAL);
  398                         break;
  399 
  400                 default:
  401                         return (EINVAL);
  402                 }
  403 
  404                 switch (mb->mb_rangehigh.mbe_type) {
  405                 case MAC_BIBA_TYPE_GRADE:
  406                         break;
  407 
  408                 case MAC_BIBA_TYPE_EQUAL:
  409                 case MAC_BIBA_TYPE_HIGH:
  410                 case MAC_BIBA_TYPE_LOW:
  411                         if (mb->mb_rangehigh.mbe_grade != 0 ||
  412                             !MAC_BIBA_BIT_SET_EMPTY(
  413                             mb->mb_rangehigh.mbe_compartments))
  414                                 return (EINVAL);
  415                         break;
  416 
  417                 default:
  418                         return (EINVAL);
  419                 }
  420                 if (!biba_dominate_element(&mb->mb_rangehigh,
  421                     &mb->mb_rangelow))
  422                         return (EINVAL);
  423         } else {
  424                 if (mb->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF ||
  425                     mb->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF)
  426                         return (EINVAL);
  427         }
  428 
  429         return (0);
  430 }
  431 
  432 static void
  433 biba_set_range(struct mac_biba *mb, u_short typelow, u_short gradelow,
  434     u_char *compartmentslow, u_short typehigh, u_short gradehigh,
  435     u_char *compartmentshigh)
  436 {
  437 
  438         mb->mb_rangelow.mbe_type = typelow;
  439         mb->mb_rangelow.mbe_grade = gradelow;
  440         if (compartmentslow != NULL)
  441                 memcpy(mb->mb_rangelow.mbe_compartments, compartmentslow,
  442                     sizeof(mb->mb_rangelow.mbe_compartments));
  443         mb->mb_rangehigh.mbe_type = typehigh;
  444         mb->mb_rangehigh.mbe_grade = gradehigh;
  445         if (compartmentshigh != NULL)
  446                 memcpy(mb->mb_rangehigh.mbe_compartments, compartmentshigh,
  447                     sizeof(mb->mb_rangehigh.mbe_compartments));
  448         mb->mb_flags |= MAC_BIBA_FLAG_RANGE;
  449 }
  450 
  451 static void
  452 biba_set_effective(struct mac_biba *mb, u_short type, u_short grade,
  453     u_char *compartments)
  454 {
  455 
  456         mb->mb_effective.mbe_type = type;
  457         mb->mb_effective.mbe_grade = grade;
  458         if (compartments != NULL)
  459                 memcpy(mb->mb_effective.mbe_compartments, compartments,
  460                     sizeof(mb->mb_effective.mbe_compartments));
  461         mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE;
  462 }
  463 
  464 static void
  465 biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto)
  466 {
  467 
  468         KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
  469             ("biba_copy_range: labelfrom not range"));
  470 
  471         labelto->mb_rangelow = labelfrom->mb_rangelow;
  472         labelto->mb_rangehigh = labelfrom->mb_rangehigh;
  473         labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
  474 }
  475 
  476 static void
  477 biba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto)
  478 {
  479 
  480         KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0,
  481             ("biba_copy_effective: labelfrom not effective"));
  482 
  483         labelto->mb_effective = labelfrom->mb_effective;
  484         labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE;
  485 }
  486 
  487 static void
  488 biba_copy(struct mac_biba *source, struct mac_biba *dest)
  489 {
  490 
  491         if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE)
  492                 biba_copy_effective(source, dest);
  493         if (source->mb_flags & MAC_BIBA_FLAG_RANGE)
  494                 biba_copy_range(source, dest);
  495 }
  496 
  497 /*
  498  * Policy module operations.
  499  */
  500 static void
  501 biba_init(struct mac_policy_conf *conf)
  502 {
  503 
  504         zone_biba = uma_zcreate("mac_biba", sizeof(struct mac_biba), NULL,
  505             NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
  506 }
  507 
  508 /*
  509  * Label operations.
  510  */
  511 static void
  512 biba_init_label(struct label *label)
  513 {
  514 
  515         SLOT_SET(label, biba_alloc(M_WAITOK));
  516 }
  517 
  518 static int
  519 biba_init_label_waitcheck(struct label *label, int flag)
  520 {
  521 
  522         SLOT_SET(label, biba_alloc(flag));
  523         if (SLOT(label) == NULL)
  524                 return (ENOMEM);
  525 
  526         return (0);
  527 }
  528 
  529 static void
  530 biba_destroy_label(struct label *label)
  531 {
  532 
  533         biba_free(SLOT(label));
  534         SLOT_SET(label, NULL);
  535 }
  536 
  537 /*
  538  * biba_element_to_string() accepts an sbuf and Biba element.  It converts
  539  * the Biba element to a string and stores the result in the sbuf; if there
  540  * isn't space in the sbuf, -1 is returned.
  541  */
  542 static int
  543 biba_element_to_string(struct sbuf *sb, struct mac_biba_element *element)
  544 {
  545         int i, first;
  546 
  547         switch (element->mbe_type) {
  548         case MAC_BIBA_TYPE_HIGH:
  549                 return (sbuf_printf(sb, "high"));
  550 
  551         case MAC_BIBA_TYPE_LOW:
  552                 return (sbuf_printf(sb, "low"));
  553 
  554         case MAC_BIBA_TYPE_EQUAL:
  555                 return (sbuf_printf(sb, "equal"));
  556 
  557         case MAC_BIBA_TYPE_GRADE:
  558                 if (sbuf_printf(sb, "%d", element->mbe_grade) == -1)
  559                         return (-1);
  560 
  561                 first = 1;
  562                 for (i = 1; i <= MAC_BIBA_MAX_COMPARTMENTS; i++) {
  563                         if (MAC_BIBA_BIT_TEST(i, element->mbe_compartments)) {
  564                                 if (first) {
  565                                         if (sbuf_putc(sb, ':') == -1)
  566                                                 return (-1);
  567                                         if (sbuf_printf(sb, "%d", i) == -1)
  568                                                 return (-1);
  569                                         first = 0;
  570                                 } else {
  571                                         if (sbuf_printf(sb, "+%d", i) == -1)
  572                                                 return (-1);
  573                                 }
  574                         }
  575                 }
  576                 return (0);
  577 
  578         default:
  579                 panic("biba_element_to_string: invalid type (%d)",
  580                     element->mbe_type);
  581         }
  582 }
  583 
  584 /*
  585  * biba_to_string() converts a Biba label to a string, and places the results
  586  * in the passed sbuf.  It returns 0 on success, or EINVAL if there isn't
  587  * room in the sbuf.  Note: the sbuf will be modified even in a failure case,
  588  * so the caller may need to revert the sbuf by restoring the offset if
  589  * that's undesired.
  590  */
  591 static int
  592 biba_to_string(struct sbuf *sb, struct mac_biba *mb)
  593 {
  594 
  595         if (mb->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
  596                 if (biba_element_to_string(sb, &mb->mb_effective) == -1)
  597                         return (EINVAL);
  598         }
  599 
  600         if (mb->mb_flags & MAC_BIBA_FLAG_RANGE) {
  601                 if (sbuf_putc(sb, '(') == -1)
  602                         return (EINVAL);
  603 
  604                 if (biba_element_to_string(sb, &mb->mb_rangelow) == -1)
  605                         return (EINVAL);
  606 
  607                 if (sbuf_putc(sb, '-') == -1)
  608                         return (EINVAL);
  609 
  610                 if (biba_element_to_string(sb, &mb->mb_rangehigh) == -1)
  611                         return (EINVAL);
  612 
  613                 if (sbuf_putc(sb, ')') == -1)
  614                         return (EINVAL);
  615         }
  616 
  617         return (0);
  618 }
  619 
  620 static int
  621 biba_externalize_label(struct label *label, char *element_name,
  622     struct sbuf *sb, int *claimed)
  623 {
  624         struct mac_biba *mb;
  625 
  626         if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0)
  627                 return (0);
  628 
  629         (*claimed)++;
  630 
  631         mb = SLOT(label);
  632         return (biba_to_string(sb, mb));
  633 }
  634 
  635 static int
  636 biba_parse_element(struct mac_biba_element *element, char *string)
  637 {
  638         char *compartment, *end, *grade;
  639         int value;
  640 
  641         if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) {
  642                 element->mbe_type = MAC_BIBA_TYPE_HIGH;
  643                 element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
  644         } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) {
  645                 element->mbe_type = MAC_BIBA_TYPE_LOW;
  646                 element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
  647         } else if (strcmp(string, "equal") == 0 ||
  648             strcmp(string, "eq") == 0) {
  649                 element->mbe_type = MAC_BIBA_TYPE_EQUAL;
  650                 element->mbe_grade = MAC_BIBA_TYPE_UNDEF;
  651         } else {
  652                 element->mbe_type = MAC_BIBA_TYPE_GRADE;
  653 
  654                 /*
  655                  * Numeric grade piece of the element.
  656                  */
  657                 grade = strsep(&string, ":");
  658                 value = strtol(grade, &end, 10);
  659                 if (end == grade || *end != '\0')
  660                         return (EINVAL);
  661                 if (value < 0 || value > 65535)
  662                         return (EINVAL);
  663                 element->mbe_grade = value;
  664 
  665                 /*
  666                  * Optional compartment piece of the element.  If none are
  667                  * included, we assume that the label has no compartments.
  668                  */
  669                 if (string == NULL)
  670                         return (0);
  671                 if (*string == '\0')
  672                         return (0);
  673 
  674                 while ((compartment = strsep(&string, "+")) != NULL) {
  675                         value = strtol(compartment, &end, 10);
  676                         if (compartment == end || *end != '\0')
  677                                 return (EINVAL);
  678                         if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS)
  679                                 return (EINVAL);
  680                         MAC_BIBA_BIT_SET(value, element->mbe_compartments);
  681                 }
  682         }
  683 
  684         return (0);
  685 }
  686 
  687 /*
  688  * Note: destructively consumes the string, make a local copy before calling
  689  * if that's a problem.
  690  */
  691 static int
  692 biba_parse(struct mac_biba *mb, char *string)
  693 {
  694         char *rangehigh, *rangelow, *effective;
  695         int error;
  696 
  697         effective = strsep(&string, "(");
  698         if (*effective == '\0')
  699                 effective = NULL;
  700 
  701         if (string != NULL) {
  702                 rangelow = strsep(&string, "-");
  703                 if (string == NULL)
  704                         return (EINVAL);
  705                 rangehigh = strsep(&string, ")");
  706                 if (string == NULL)
  707                         return (EINVAL);
  708                 if (*string != '\0')
  709                         return (EINVAL);
  710         } else {
  711                 rangelow = NULL;
  712                 rangehigh = NULL;
  713         }
  714 
  715         KASSERT((rangelow != NULL && rangehigh != NULL) ||
  716             (rangelow == NULL && rangehigh == NULL),
  717             ("biba_parse: range mismatch"));
  718 
  719         bzero(mb, sizeof(*mb));
  720         if (effective != NULL) {
  721                 error = biba_parse_element(&mb->mb_effective, effective);
  722                 if (error)
  723                         return (error);
  724                 mb->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE;
  725         }
  726 
  727         if (rangelow != NULL) {
  728                 error = biba_parse_element(&mb->mb_rangelow, rangelow);
  729                 if (error)
  730                         return (error);
  731                 error = biba_parse_element(&mb->mb_rangehigh, rangehigh);
  732                 if (error)
  733                         return (error);
  734                 mb->mb_flags |= MAC_BIBA_FLAG_RANGE;
  735         }
  736 
  737         error = biba_valid(mb);
  738         if (error)
  739                 return (error);
  740 
  741         return (0);
  742 }
  743 
  744 static int
  745 biba_internalize_label(struct label *label, char *element_name,
  746     char *element_data, int *claimed)
  747 {
  748         struct mac_biba *mb, mb_temp;
  749         int error;
  750 
  751         if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0)
  752                 return (0);
  753 
  754         (*claimed)++;
  755 
  756         error = biba_parse(&mb_temp, element_data);
  757         if (error)
  758                 return (error);
  759 
  760         mb = SLOT(label);
  761         *mb = mb_temp;
  762 
  763         return (0);
  764 }
  765 
  766 static void
  767 biba_copy_label(struct label *src, struct label *dest)
  768 {
  769 
  770         *SLOT(dest) = *SLOT(src);
  771 }
  772 
  773 /*
  774  * Object-specific entry point implementations are sorted alphabetically by
  775  * object type name and then by operation.
  776  */
  777 static int
  778 biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
  779     struct ifnet *ifp, struct label *ifplabel)
  780 {
  781         struct mac_biba *a, *b;
  782 
  783         if (!biba_enabled)
  784                 return (0);
  785 
  786         a = SLOT(dlabel);
  787         b = SLOT(ifplabel);
  788 
  789         if (biba_equal_effective(a, b))
  790                 return (0);
  791         return (EACCES);
  792 }
  793 
  794 static void
  795 biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
  796     struct label *dlabel)
  797 {
  798         struct mac_biba *source, *dest;
  799 
  800         source = SLOT(cred->cr_label);
  801         dest = SLOT(dlabel);
  802 
  803         biba_copy_effective(source, dest);
  804 }
  805 
  806 static void
  807 biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
  808     struct mbuf *m, struct label *mlabel)
  809 {
  810         struct mac_biba *source, *dest;
  811 
  812         source = SLOT(dlabel);
  813         dest = SLOT(mlabel);
  814 
  815         biba_copy_effective(source, dest);
  816 }
  817 
  818 static void
  819 biba_cred_associate_nfsd(struct ucred *cred)
  820 {
  821         struct mac_biba *label;
  822 
  823         label = SLOT(cred->cr_label);
  824         biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL);
  825         biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
  826             0, NULL);
  827 }
  828 
  829 static int
  830 biba_cred_check_relabel(struct ucred *cred, struct label *newlabel)
  831 {
  832         struct mac_biba *subj, *new;
  833         int error;
  834 
  835         subj = SLOT(cred->cr_label);
  836         new = SLOT(newlabel);
  837 
  838         /*
  839          * If there is a Biba label update for the credential, it may
  840          * be an update of the effective, range, or both.
  841          */
  842         error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
  843         if (error)
  844                 return (error);
  845 
  846         /*
  847          * If the Biba label is to be changed, authorize as appropriate.
  848          */
  849         if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) {
  850                 /*
  851                  * If the change request modifies both the Biba label
  852                  * effective and range, check that the new effective will be
  853                  * in the new range.
  854                  */
  855                 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) ==
  856                     MAC_BIBA_FLAGS_BOTH &&
  857                     !biba_effective_in_range(new, new))
  858                         return (EINVAL);
  859 
  860                 /*
  861                  * To change the Biba effective label on a credential, the
  862                  * new effective label must be in the current range.
  863                  */
  864                 if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE &&
  865                     !biba_effective_in_range(new, subj))
  866                         return (EPERM);
  867 
  868                 /*
  869                  * To change the Biba range on a credential, the new range
  870                  * label must be in the current range.
  871                  */
  872                 if (new->mb_flags & MAC_BIBA_FLAG_RANGE &&
  873                     !biba_range_in_range(new, subj))
  874                         return (EPERM);
  875 
  876                 /*
  877                  * To have EQUAL in any component of the new credential Biba
  878                  * label, the subject must already have EQUAL in their label.
  879                  */
  880                 if (biba_contains_equal(new)) {
  881                         error = biba_subject_privileged(subj);
  882                         if (error)
  883                                 return (error);
  884                 }
  885         }
  886 
  887         return (0);
  888 }
  889 
  890 static int
  891 biba_cred_check_visible(struct ucred *u1, struct ucred *u2)
  892 {
  893         struct mac_biba *subj, *obj;
  894 
  895         if (!biba_enabled)
  896                 return (0);
  897 
  898         subj = SLOT(u1->cr_label);
  899         obj = SLOT(u2->cr_label);
  900 
  901         /* XXX: range */
  902         if (!biba_dominate_effective(obj, subj))
  903                 return (ESRCH);
  904 
  905         return (0);
  906 }
  907 
  908 static void
  909 biba_cred_create_init(struct ucred *cred)
  910 {
  911         struct mac_biba *dest;
  912 
  913         dest = SLOT(cred->cr_label);
  914 
  915         biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL);
  916         biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
  917             0, NULL);
  918 }
  919 
  920 static void
  921 biba_cred_create_swapper(struct ucred *cred)
  922 {
  923         struct mac_biba *dest;
  924 
  925         dest = SLOT(cred->cr_label);
  926 
  927         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
  928         biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
  929             0, NULL);
  930 }
  931 
  932 static void
  933 biba_cred_relabel(struct ucred *cred, struct label *newlabel)
  934 {
  935         struct mac_biba *source, *dest;
  936 
  937         source = SLOT(newlabel);
  938         dest = SLOT(cred->cr_label);
  939 
  940         biba_copy(source, dest);
  941 }
  942 
  943 static void
  944 biba_devfs_create_device(struct ucred *cred, struct mount *mp,
  945     struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
  946 {
  947         struct mac_biba *mb;
  948         int biba_type;
  949 
  950         mb = SLOT(delabel);
  951         if (strcmp(dev->si_name, "null") == 0 ||
  952             strcmp(dev->si_name, "zero") == 0 ||
  953             strcmp(dev->si_name, "random") == 0 ||
  954             strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
  955                 biba_type = MAC_BIBA_TYPE_EQUAL;
  956         else if (ptys_equal &&
  957             (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
  958             strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
  959             strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
  960                 biba_type = MAC_BIBA_TYPE_EQUAL;
  961         else
  962                 biba_type = MAC_BIBA_TYPE_HIGH;
  963         biba_set_effective(mb, biba_type, 0, NULL);
  964 }
  965 
  966 static void
  967 biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
  968     struct devfs_dirent *de, struct label *delabel)
  969 {
  970         struct mac_biba *mb;
  971 
  972         mb = SLOT(delabel);
  973 
  974         biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL);
  975 }
  976 
  977 static void
  978 biba_devfs_create_symlink(struct ucred *cred, struct mount *mp,
  979     struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
  980     struct label *delabel)
  981 {
  982         struct mac_biba *source, *dest;
  983 
  984         source = SLOT(cred->cr_label);
  985         dest = SLOT(delabel);
  986 
  987         biba_copy_effective(source, dest);
  988 }
  989 
  990 static void
  991 biba_devfs_update(struct mount *mp, struct devfs_dirent *de,
  992     struct label *delabel, struct vnode *vp, struct label *vplabel)
  993 {
  994         struct mac_biba *source, *dest;
  995 
  996         source = SLOT(vplabel);
  997         dest = SLOT(delabel);
  998 
  999         biba_copy(source, dest);
 1000 }
 1001 
 1002 static void
 1003 biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel,
 1004     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
 1005     struct label *vplabel)
 1006 {
 1007         struct mac_biba *source, *dest;
 1008 
 1009         source = SLOT(delabel);
 1010         dest = SLOT(vplabel);
 1011 
 1012         biba_copy_effective(source, dest);
 1013 }
 1014 
 1015 static int
 1016 biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
 1017     struct label *ifplabel, struct label *newlabel)
 1018 {
 1019         struct mac_biba *subj, *new;
 1020         int error;
 1021 
 1022         subj = SLOT(cred->cr_label);
 1023         new = SLOT(newlabel);
 1024 
 1025         /*
 1026          * If there is a Biba label update for the interface, it may be an
 1027          * update of the effective, range, or both.
 1028          */
 1029         error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
 1030         if (error)
 1031                 return (error);
 1032 
 1033         /*
 1034          * Relabling network interfaces requires Biba privilege.
 1035          */
 1036         error = biba_subject_privileged(subj);
 1037         if (error)
 1038                 return (error);
 1039 
 1040         return (0);
 1041 }
 1042 
 1043 static int
 1044 biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
 1045     struct mbuf *m, struct label *mlabel)
 1046 {
 1047         struct mac_biba *p, *i;
 1048 
 1049         if (!biba_enabled)
 1050                 return (0);
 1051 
 1052         p = SLOT(mlabel);
 1053         i = SLOT(ifplabel);
 1054 
 1055         return (biba_effective_in_range(p, i) ? 0 : EACCES);
 1056 }
 1057 
 1058 static void
 1059 biba_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
 1060 {
 1061         char tifname[IFNAMSIZ], *p, *q;
 1062         char tiflist[sizeof(trusted_interfaces)];
 1063         struct mac_biba *dest;
 1064         int len, type;
 1065 
 1066         dest = SLOT(ifplabel);
 1067 
 1068         if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) {
 1069                 type = MAC_BIBA_TYPE_EQUAL;
 1070                 goto set;
 1071         }
 1072 
 1073         if (trust_all_interfaces) {
 1074                 type = MAC_BIBA_TYPE_HIGH;
 1075                 goto set;
 1076         }
 1077 
 1078         type = MAC_BIBA_TYPE_LOW;
 1079 
 1080         if (trusted_interfaces[0] == '\0' ||
 1081             !strvalid(trusted_interfaces, sizeof(trusted_interfaces)))
 1082                 goto set;
 1083 
 1084         bzero(tiflist, sizeof(tiflist));
 1085         for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++)
 1086                 if(*p != ' ' && *p != '\t')
 1087                         *q = *p;
 1088 
 1089         for (p = q = tiflist;; p++) {
 1090                 if (*p == ',' || *p == '\0') {
 1091                         len = p - q;
 1092                         if (len < IFNAMSIZ) {
 1093                                 bzero(tifname, sizeof(tifname));
 1094                                 bcopy(q, tifname, len);
 1095                                 if (strcmp(tifname, ifp->if_xname) == 0) {
 1096                                         type = MAC_BIBA_TYPE_HIGH;
 1097                                         break;
 1098                                 }
 1099                         } else {
 1100                                 *p = '\0';
 1101                                 printf("mac_biba warning: interface name "
 1102                                     "\"%s\" is too long (must be < %d)\n",
 1103                                     q, IFNAMSIZ);
 1104                         }
 1105                         if (*p == '\0')
 1106                                 break;
 1107                         q = p + 1;
 1108                 }
 1109         }
 1110 set:
 1111         biba_set_effective(dest, type, 0, NULL);
 1112         biba_set_range(dest, type, 0, NULL, type, 0, NULL);
 1113 }
 1114 
 1115 static void
 1116 biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
 1117     struct mbuf *m, struct label *mlabel)
 1118 {
 1119         struct mac_biba *source, *dest;
 1120 
 1121         source = SLOT(ifplabel);
 1122         dest = SLOT(mlabel);
 1123 
 1124         biba_copy_effective(source, dest);
 1125 }
 1126 
 1127 static void
 1128 biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
 1129     struct label *ifplabel, struct label *newlabel)
 1130 {
 1131         struct mac_biba *source, *dest;
 1132 
 1133         source = SLOT(newlabel);
 1134         dest = SLOT(ifplabel);
 1135 
 1136         biba_copy(source, dest);
 1137 }
 1138 
 1139 static int
 1140 biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
 1141     struct mbuf *m, struct label *mlabel)
 1142 {
 1143         struct mac_biba *p, *i;
 1144 
 1145         if (!biba_enabled)
 1146                 return (0);
 1147 
 1148         p = SLOT(mlabel);
 1149         i = SLOT(inplabel);
 1150 
 1151         return (biba_equal_effective(p, i) ? 0 : EACCES);
 1152 }
 1153 
 1154 static int
 1155 biba_inpcb_check_visible(struct ucred *cred, struct inpcb *inp,
 1156     struct label *inplabel)
 1157 {
 1158         struct mac_biba *subj, *obj;
 1159 
 1160         if (!biba_enabled)
 1161                 return (0);
 1162 
 1163         subj = SLOT(cred->cr_label);
 1164         obj = SLOT(inplabel);
 1165 
 1166         if (!biba_dominate_effective(obj, subj))
 1167                 return (ENOENT);
 1168 
 1169         return (0);
 1170 }
 1171 
 1172 static void
 1173 biba_inpcb_create(struct socket *so, struct label *solabel,
 1174     struct inpcb *inp, struct label *inplabel)
 1175 {
 1176         struct mac_biba *source, *dest;
 1177 
 1178         source = SLOT(solabel);
 1179         dest = SLOT(inplabel);
 1180 
 1181         SOCK_LOCK(so);
 1182         biba_copy_effective(source, dest);
 1183         SOCK_UNLOCK(so);
 1184 }
 1185 
 1186 static void
 1187 biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
 1188     struct mbuf *m, struct label *mlabel)
 1189 {
 1190         struct mac_biba *source, *dest;
 1191 
 1192         source = SLOT(inplabel);
 1193         dest = SLOT(mlabel);
 1194 
 1195         biba_copy_effective(source, dest);
 1196 }
 1197 
 1198 static void
 1199 biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
 1200     struct inpcb *inp, struct label *inplabel)
 1201 {
 1202         struct mac_biba *source, *dest;
 1203 
 1204         SOCK_LOCK_ASSERT(so);
 1205 
 1206         source = SLOT(solabel);
 1207         dest = SLOT(inplabel);
 1208 
 1209         biba_copy(source, dest);
 1210 }
 1211 
 1212 static void
 1213 biba_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6,
 1214     struct label *q6label)
 1215 {
 1216         struct mac_biba *source, *dest;
 1217 
 1218         source = SLOT(mlabel);
 1219         dest = SLOT(q6label);
 1220 
 1221         biba_copy_effective(source, dest);
 1222 }
 1223 
 1224 static int
 1225 biba_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6,
 1226     struct label *q6label)
 1227 {
 1228         struct mac_biba *a, *b;
 1229 
 1230         a = SLOT(q6label);
 1231         b = SLOT(mlabel);
 1232 
 1233         return (biba_equal_effective(a, b));
 1234 }
 1235 
 1236 static void
 1237 biba_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m,
 1238     struct label *mlabel)
 1239 {
 1240         struct mac_biba *source, *dest;
 1241 
 1242         source = SLOT(q6label);
 1243         dest = SLOT(mlabel);
 1244 
 1245         /* Just use the head, since we require them all to match. */
 1246         biba_copy_effective(source, dest);
 1247 }
 1248 
 1249 static void
 1250 biba_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6,
 1251     struct label *q6label)
 1252 {
 1253 
 1254         /* NOOP: we only accept matching labels, so no need to update */
 1255 }
 1256 
 1257 static void
 1258 biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q,
 1259     struct label *qlabel)
 1260 {
 1261         struct mac_biba *source, *dest;
 1262 
 1263         source = SLOT(mlabel);
 1264         dest = SLOT(qlabel);
 1265 
 1266         biba_copy_effective(source, dest);
 1267 }
 1268 
 1269 static int
 1270 biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q,
 1271     struct label *qlabel)
 1272 {
 1273         struct mac_biba *a, *b;
 1274 
 1275         a = SLOT(qlabel);
 1276         b = SLOT(mlabel);
 1277 
 1278         return (biba_equal_effective(a, b));
 1279 }
 1280 
 1281 static void
 1282 biba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
 1283     struct label *mlabel)
 1284 {
 1285         struct mac_biba *source, *dest;
 1286 
 1287         source = SLOT(qlabel);
 1288         dest = SLOT(mlabel);
 1289 
 1290         /* Just use the head, since we require them all to match. */
 1291         biba_copy_effective(source, dest);
 1292 }
 1293 
 1294 static void
 1295 biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
 1296     struct label *qlabel)
 1297 {
 1298 
 1299         /* NOOP: we only accept matching labels, so no need to update */
 1300 }
 1301 
 1302 static int
 1303 biba_kld_check_load(struct ucred *cred, struct vnode *vp,
 1304     struct label *vplabel)
 1305 {
 1306         struct mac_biba *subj, *obj;
 1307         int error;
 1308 
 1309         if (!biba_enabled)
 1310                 return (0);
 1311 
 1312         subj = SLOT(cred->cr_label);
 1313 
 1314         error = biba_subject_privileged(subj);
 1315         if (error)
 1316                 return (error);
 1317 
 1318         obj = SLOT(vplabel);
 1319         if (!biba_high_effective(obj))
 1320                 return (EACCES);
 1321 
 1322         return (0);
 1323 }
 1324 
 1325 static int
 1326 biba_mount_check_stat(struct ucred *cred, struct mount *mp,
 1327     struct label *mplabel)
 1328 {
 1329         struct mac_biba *subj, *obj;
 1330 
 1331         if (!biba_enabled)
 1332                 return (0);
 1333 
 1334         subj = SLOT(cred->cr_label);
 1335         obj = SLOT(mplabel);
 1336 
 1337         if (!biba_dominate_effective(obj, subj))
 1338                 return (EACCES);
 1339 
 1340         return (0);
 1341 }
 1342 
 1343 static void
 1344 biba_mount_create(struct ucred *cred, struct mount *mp,
 1345     struct label *mplabel)
 1346 {
 1347         struct mac_biba *source, *dest;
 1348 
 1349         source = SLOT(cred->cr_label);
 1350         dest = SLOT(mplabel);
 1351 
 1352         biba_copy_effective(source, dest);
 1353 }
 1354 
 1355 static void
 1356 biba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
 1357     struct mbuf *m, struct label *mlabel)
 1358 {
 1359         struct mac_biba *dest;
 1360 
 1361         dest = SLOT(mlabel);
 1362 
 1363         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 1364 }
 1365 
 1366 static void
 1367 biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
 1368     struct mbuf *m, struct label *mlabel)
 1369 {
 1370         struct mac_biba *dest;
 1371 
 1372         dest = SLOT(mlabel);
 1373 
 1374         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 1375 }
 1376 
 1377 static void
 1378 biba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
 1379     struct mbuf *msend, struct label *msendlabel)
 1380 {
 1381         struct mac_biba *source, *dest;
 1382 
 1383         source = SLOT(mrecvlabel);
 1384         dest = SLOT(msendlabel);
 1385 
 1386         biba_copy_effective(source, dest);
 1387 }
 1388 
 1389 static void
 1390 biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
 1391 {
 1392         struct mac_biba *dest;
 1393 
 1394         dest = SLOT(mlabel);
 1395 
 1396         /* XXX: where is the label for the firewall really coming from? */
 1397         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 1398 }
 1399 
 1400 static void
 1401 biba_netinet_fragment(struct mbuf *m, struct label *mlabel,
 1402     struct mbuf *frag, struct label *fraglabel)
 1403 {
 1404         struct mac_biba *source, *dest;
 1405 
 1406         source = SLOT(mlabel);
 1407         dest = SLOT(fraglabel);
 1408 
 1409         biba_copy_effective(source, dest);
 1410 }
 1411 
 1412 static void
 1413 biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
 1414     struct mbuf *msend, struct label *msendlabel)
 1415 {
 1416         struct mac_biba *source, *dest;
 1417 
 1418         source = SLOT(mrecvlabel);
 1419         dest = SLOT(msendlabel);
 1420 
 1421         biba_copy_effective(source, dest);
 1422 }
 1423 
 1424 static void
 1425 biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
 1426     struct mbuf *m, struct label *mlabel)
 1427 {
 1428         struct mac_biba *dest;
 1429 
 1430         dest = SLOT(mlabel);
 1431 
 1432         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 1433 }
 1434 
 1435 static void
 1436 biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
 1437     struct mbuf *m, struct label *mlabel)
 1438 {
 1439         struct mac_biba *dest;
 1440 
 1441         dest = SLOT(mlabel);
 1442 
 1443         biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 1444 }
 1445 
 1446 static int
 1447 biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
 1448     struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
 1449 {
 1450 
 1451         if(!biba_enabled)
 1452                 return (0);
 1453 
 1454         /* XXX: This will be implemented soon... */
 1455 
 1456         return (0);
 1457 }
 1458 
 1459 static int
 1460 biba_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
 1461     struct label *pplabel)
 1462 {
 1463         struct mac_biba *subj, *obj;
 1464 
 1465         if (!biba_enabled)
 1466                 return (0);
 1467 
 1468         subj = SLOT(cred->cr_label);
 1469         obj = SLOT(pplabel);
 1470 
 1471         if (!biba_dominate_effective(obj, subj))
 1472                 return (EACCES);
 1473 
 1474         return (0);
 1475 }
 1476 
 1477 static int
 1478 biba_pipe_check_read(struct ucred *cred, struct pipepair *pp,
 1479     struct label *pplabel)
 1480 {
 1481         struct mac_biba *subj, *obj;
 1482 
 1483         if (!biba_enabled)
 1484                 return (0);
 1485 
 1486         subj = SLOT(cred->cr_label);
 1487         obj = SLOT(pplabel);
 1488 
 1489         if (!biba_dominate_effective(obj, subj))
 1490                 return (EACCES);
 1491 
 1492         return (0);
 1493 }
 1494 
 1495 static int
 1496 biba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
 1497     struct label *pplabel, struct label *newlabel)
 1498 {
 1499         struct mac_biba *subj, *obj, *new;
 1500         int error;
 1501 
 1502         new = SLOT(newlabel);
 1503         subj = SLOT(cred->cr_label);
 1504         obj = SLOT(pplabel);
 1505 
 1506         /*
 1507          * If there is a Biba label update for a pipe, it must be a effective
 1508          * update.
 1509          */
 1510         error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
 1511         if (error)
 1512                 return (error);
 1513 
 1514         /*
 1515          * To perform a relabel of a pipe (Biba label or not), Biba must
 1516          * authorize the relabel.
 1517          */
 1518         if (!biba_effective_in_range(obj, subj))
 1519                 return (EPERM);
 1520 
 1521         /*
 1522          * If the Biba label is to be changed, authorize as appropriate.
 1523          */
 1524         if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
 1525                 /*
 1526                  * To change the Biba label on a pipe, the new pipe label
 1527                  * must be in the subject range.
 1528                  */
 1529                 if (!biba_effective_in_range(new, subj))
 1530                         return (EPERM);
 1531 
 1532                 /*
 1533                  * To change the Biba label on a pipe to be EQUAL, the
 1534                  * subject must have appropriate privilege.
 1535                  */
 1536                 if (biba_contains_equal(new)) {
 1537                         error = biba_subject_privileged(subj);
 1538                         if (error)
 1539                                 return (error);
 1540                 }
 1541         }
 1542 
 1543         return (0);
 1544 }
 1545 
 1546 static int
 1547 biba_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
 1548     struct label *pplabel)
 1549 {
 1550         struct mac_biba *subj, *obj;
 1551 
 1552         if (!biba_enabled)
 1553                 return (0);
 1554 
 1555         subj = SLOT(cred->cr_label);
 1556         obj = SLOT(pplabel);
 1557 
 1558         if (!biba_dominate_effective(obj, subj))
 1559                 return (EACCES);
 1560 
 1561         return (0);
 1562 }
 1563 
 1564 static int
 1565 biba_pipe_check_write(struct ucred *cred, struct pipepair *pp,
 1566     struct label *pplabel)
 1567 {
 1568         struct mac_biba *subj, *obj;
 1569 
 1570         if (!biba_enabled)
 1571                 return (0);
 1572 
 1573         subj = SLOT(cred->cr_label);
 1574         obj = SLOT(pplabel);
 1575 
 1576         if (!biba_dominate_effective(subj, obj))
 1577                 return (EACCES);
 1578 
 1579         return (0);
 1580 }
 1581 
 1582 static void
 1583 biba_pipe_create(struct ucred *cred, struct pipepair *pp,
 1584     struct label *pplabel)
 1585 {
 1586         struct mac_biba *source, *dest;
 1587 
 1588         source = SLOT(cred->cr_label);
 1589         dest = SLOT(pplabel);
 1590 
 1591         biba_copy_effective(source, dest);
 1592 }
 1593 
 1594 static void
 1595 biba_pipe_relabel(struct ucred *cred, struct pipepair *pp,
 1596     struct label *pplabel, struct label *newlabel)
 1597 {
 1598         struct mac_biba *source, *dest;
 1599 
 1600         source = SLOT(newlabel);
 1601         dest = SLOT(pplabel);
 1602 
 1603         biba_copy(source, dest);
 1604 }
 1605 
 1606 static int
 1607 biba_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks,
 1608     struct label *kslabel)
 1609 {
 1610         struct mac_biba *subj, *obj;
 1611 
 1612         if (!biba_enabled)
 1613                 return (0);
 1614 
 1615         subj = SLOT(cred->cr_label);
 1616         obj = SLOT(kslabel);
 1617 
 1618         if (!biba_dominate_effective(subj, obj))
 1619                 return (EACCES);
 1620 
 1621         return (0);
 1622 }
 1623 
 1624 static int
 1625 biba_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred,
 1626     struct ksem *ks, struct label *kslabel)
 1627 {
 1628         struct mac_biba *subj, *obj;
 1629 
 1630         if (!biba_enabled)
 1631                 return (0);
 1632 
 1633         subj = SLOT(active_cred->cr_label);
 1634         obj = SLOT(kslabel);
 1635 
 1636         if (!biba_dominate_effective(subj, obj))
 1637                 return (EACCES);
 1638 
 1639         return (0);
 1640 }
 1641 
 1642 static int
 1643 biba_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred,
 1644     struct ksem *ks, struct label *kslabel)
 1645 {
 1646         struct mac_biba *subj, *obj;
 1647 
 1648         if (!biba_enabled)
 1649                 return (0);
 1650 
 1651         subj = SLOT(active_cred->cr_label);
 1652         obj = SLOT(kslabel);
 1653 
 1654         if (!biba_dominate_effective(obj, subj))
 1655                 return (EACCES);
 1656 
 1657         return (0);
 1658 }
 1659 
 1660 static void
 1661 biba_posixsem_create(struct ucred *cred, struct ksem *ks,
 1662     struct label *kslabel)
 1663 {
 1664         struct mac_biba *source, *dest;
 1665 
 1666         source = SLOT(cred->cr_label);
 1667         dest = SLOT(kslabel);
 1668 
 1669         biba_copy_effective(source, dest);
 1670 }
 1671 
 1672 /*
 1673  * Some system privileges are allowed regardless of integrity grade; others
 1674  * are allowed only when running with privilege with respect to the Biba
 1675  * policy as they might otherwise allow bypassing of the integrity policy.
 1676  */
 1677 static int
 1678 biba_priv_check(struct ucred *cred, int priv)
 1679 {
 1680         struct mac_biba *subj;
 1681         int error;
 1682 
 1683         if (!biba_enabled)
 1684                 return (0);
 1685 
 1686         /*
 1687          * Exempt only specific privileges from the Biba integrity policy.
 1688          */
 1689         switch (priv) {
 1690         case PRIV_KTRACE:
 1691         case PRIV_MSGBUF:
 1692 
 1693         /*
 1694          * Allow processes to manipulate basic process audit properties, and
 1695          * to submit audit records.
 1696          */
 1697         case PRIV_AUDIT_GETAUDIT:
 1698         case PRIV_AUDIT_SETAUDIT:
 1699         case PRIV_AUDIT_SUBMIT:
 1700 
 1701         /*
 1702          * Allow processes to manipulate their regular UNIX credentials.
 1703          */
 1704         case PRIV_CRED_SETUID:
 1705         case PRIV_CRED_SETEUID:
 1706         case PRIV_CRED_SETGID:
 1707         case PRIV_CRED_SETEGID:
 1708         case PRIV_CRED_SETGROUPS:
 1709         case PRIV_CRED_SETREUID:
 1710         case PRIV_CRED_SETREGID:
 1711         case PRIV_CRED_SETRESUID:
 1712         case PRIV_CRED_SETRESGID:
 1713 
 1714         /*
 1715          * Allow processes to perform system monitoring.
 1716          */
 1717         case PRIV_SEEOTHERGIDS:
 1718         case PRIV_SEEOTHERUIDS:
 1719                 break;
 1720 
 1721         /*
 1722          * Allow access to general process debugging facilities.  We
 1723          * separately control debugging based on MAC label.
 1724          */
 1725         case PRIV_DEBUG_DIFFCRED:
 1726         case PRIV_DEBUG_SUGID:
 1727         case PRIV_DEBUG_UNPRIV:
 1728 
 1729         /*
 1730          * Allow manipulating jails.
 1731          */
 1732         case PRIV_JAIL_ATTACH:
 1733 
 1734         /*
 1735          * Allow privilege with respect to the Partition policy, but not the
 1736          * Privs policy.
 1737          */
 1738         case PRIV_MAC_PARTITION:
 1739 
 1740         /*
 1741          * Allow privilege with respect to process resource limits and login
 1742          * context.
 1743          */
 1744         case PRIV_PROC_LIMIT:
 1745         case PRIV_PROC_SETLOGIN:
 1746         case PRIV_PROC_SETRLIMIT:
 1747 
 1748         /*
 1749          * Allow System V and POSIX IPC privileges.
 1750          */
 1751         case PRIV_IPC_READ:
 1752         case PRIV_IPC_WRITE:
 1753         case PRIV_IPC_ADMIN:
 1754         case PRIV_IPC_MSGSIZE:
 1755         case PRIV_MQ_ADMIN:
 1756 
 1757         /*
 1758          * Allow certain scheduler manipulations -- possibly this should be
 1759          * controlled by more fine-grained policy, as potentially low
 1760          * integrity processes can deny CPU to higher integrity ones.
 1761          */
 1762         case PRIV_SCHED_DIFFCRED:
 1763         case PRIV_SCHED_SETPRIORITY:
 1764         case PRIV_SCHED_RTPRIO:
 1765         case PRIV_SCHED_SETPOLICY:
 1766         case PRIV_SCHED_SET:
 1767         case PRIV_SCHED_SETPARAM:
 1768 
 1769         /*
 1770          * More IPC privileges.
 1771          */
 1772         case PRIV_SEM_WRITE:
 1773 
 1774         /*
 1775          * Allow signaling privileges subject to integrity policy.
 1776          */
 1777         case PRIV_SIGNAL_DIFFCRED:
 1778         case PRIV_SIGNAL_SUGID:
 1779 
 1780         /*
 1781          * Allow access to only limited sysctls from lower integrity levels;
 1782          * piggy-back on the Jail definition.
 1783          */
 1784         case PRIV_SYSCTL_WRITEJAIL:
 1785 
 1786         /*
 1787          * Allow TTY-based privileges, subject to general device access using
 1788          * labels on TTY device nodes, but not console privilege.
 1789          */
 1790         case PRIV_TTY_DRAINWAIT:
 1791         case PRIV_TTY_DTRWAIT:
 1792         case PRIV_TTY_EXCLUSIVE:
 1793         case PRIV_TTY_STI:
 1794         case PRIV_TTY_SETA:
 1795 
 1796         /*
 1797          * Grant most VFS privileges, as almost all are in practice bounded
 1798          * by more specific checks using labels.
 1799          */
 1800         case PRIV_VFS_READ:
 1801         case PRIV_VFS_WRITE:
 1802         case PRIV_VFS_ADMIN:
 1803         case PRIV_VFS_EXEC:
 1804         case PRIV_VFS_LOOKUP:
 1805         case PRIV_VFS_CHFLAGS_DEV:
 1806         case PRIV_VFS_CHOWN:
 1807         case PRIV_VFS_CHROOT:
 1808         case PRIV_VFS_RETAINSUGID:
 1809         case PRIV_VFS_EXCEEDQUOTA:
 1810         case PRIV_VFS_FCHROOT:
 1811         case PRIV_VFS_FHOPEN:
 1812         case PRIV_VFS_FHSTATFS:
 1813         case PRIV_VFS_GENERATION:
 1814         case PRIV_VFS_GETFH:
 1815         case PRIV_VFS_GETQUOTA:
 1816         case PRIV_VFS_LINK:
 1817         case PRIV_VFS_MOUNT:
 1818         case PRIV_VFS_MOUNT_OWNER:
 1819         case PRIV_VFS_MOUNT_PERM:
 1820         case PRIV_VFS_MOUNT_SUIDDIR:
 1821         case PRIV_VFS_MOUNT_NONUSER:
 1822         case PRIV_VFS_SETGID:
 1823         case PRIV_VFS_STICKYFILE:
 1824         case PRIV_VFS_SYSFLAGS:
 1825         case PRIV_VFS_UNMOUNT:
 1826 
 1827         /*
 1828          * Allow VM privileges; it would be nice if these were subject to
 1829          * resource limits.
 1830          */
 1831         case PRIV_VM_MADV_PROTECT:
 1832         case PRIV_VM_MLOCK:
 1833         case PRIV_VM_MUNLOCK:
 1834         case PRIV_VM_SWAP_NOQUOTA:
 1835         case PRIV_VM_SWAP_NORLIMIT:
 1836 
 1837         /*
 1838          * Allow some but not all network privileges.  In general, dont allow
 1839          * reconfiguring the network stack, just normal use.
 1840          */
 1841         case PRIV_NETATALK_RESERVEDPORT:
 1842         case PRIV_NETINET_RESERVEDPORT:
 1843         case PRIV_NETINET_RAW:
 1844         case PRIV_NETINET_REUSEPORT:
 1845         case PRIV_NETIPX_RESERVEDPORT:
 1846         case PRIV_NETIPX_RAW:
 1847                 break;
 1848 
 1849         /*
 1850          * All remaining system privileges are allow only if the process
 1851          * holds privilege with respect to the Biba policy.
 1852          */
 1853         default:
 1854                 subj = SLOT(cred->cr_label);
 1855                 error = biba_subject_privileged(subj);
 1856                 if (error)
 1857                         return (error);
 1858         }
 1859         return (0);
 1860 }
 1861 
 1862 static int
 1863 biba_proc_check_debug(struct ucred *cred, struct proc *p)
 1864 {
 1865         struct mac_biba *subj, *obj;
 1866 
 1867         if (!biba_enabled)
 1868                 return (0);
 1869 
 1870         subj = SLOT(cred->cr_label);
 1871         obj = SLOT(p->p_ucred->cr_label);
 1872 
 1873         /* XXX: range checks */
 1874         if (!biba_dominate_effective(obj, subj))
 1875                 return (ESRCH);
 1876         if (!biba_dominate_effective(subj, obj))
 1877                 return (EACCES);
 1878 
 1879         return (0);
 1880 }
 1881 
 1882 static int
 1883 biba_proc_check_sched(struct ucred *cred, struct proc *p)
 1884 {
 1885         struct mac_biba *subj, *obj;
 1886 
 1887         if (!biba_enabled)
 1888                 return (0);
 1889 
 1890         subj = SLOT(cred->cr_label);
 1891         obj = SLOT(p->p_ucred->cr_label);
 1892 
 1893         /* XXX: range checks */
 1894         if (!biba_dominate_effective(obj, subj))
 1895                 return (ESRCH);
 1896         if (!biba_dominate_effective(subj, obj))
 1897                 return (EACCES);
 1898 
 1899         return (0);
 1900 }
 1901 
 1902 static int
 1903 biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
 1904 {
 1905         struct mac_biba *subj, *obj;
 1906 
 1907         if (!biba_enabled)
 1908                 return (0);
 1909 
 1910         subj = SLOT(cred->cr_label);
 1911         obj = SLOT(p->p_ucred->cr_label);
 1912 
 1913         /* XXX: range checks */
 1914         if (!biba_dominate_effective(obj, subj))
 1915                 return (ESRCH);
 1916         if (!biba_dominate_effective(subj, obj))
 1917                 return (EACCES);
 1918 
 1919         return (0);
 1920 }
 1921 
 1922 static int
 1923 biba_socket_check_deliver(struct socket *so, struct label *solabel,
 1924     struct mbuf *m, struct label *mlabel)
 1925 {
 1926         struct mac_biba *p, *s;
 1927         int error;
 1928 
 1929         if (!biba_enabled)
 1930                 return (0);
 1931 
 1932         p = SLOT(mlabel);
 1933         s = SLOT(solabel);
 1934 
 1935         SOCK_LOCK(so);
 1936         error = biba_equal_effective(p, s) ? 0 : EACCES;
 1937         SOCK_UNLOCK(so);
 1938         return (error);
 1939 }
 1940 
 1941 static int
 1942 biba_socket_check_relabel(struct ucred *cred, struct socket *so,
 1943     struct label *solabel, struct label *newlabel)
 1944 {
 1945         struct mac_biba *subj, *obj, *new;
 1946         int error;
 1947 
 1948         SOCK_LOCK_ASSERT(so);
 1949 
 1950         new = SLOT(newlabel);
 1951         subj = SLOT(cred->cr_label);
 1952         obj = SLOT(solabel);
 1953 
 1954         /*
 1955          * If there is a Biba label update for the socket, it may be an
 1956          * update of effective.
 1957          */
 1958         error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
 1959         if (error)
 1960                 return (error);
 1961 
 1962         /*
 1963          * To relabel a socket, the old socket effective must be in the
 1964          * subject range.
 1965          */
 1966         if (!biba_effective_in_range(obj, subj))
 1967                 return (EPERM);
 1968 
 1969         /*
 1970          * If the Biba label is to be changed, authorize as appropriate.
 1971          */
 1972         if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
 1973                 /*
 1974                  * To relabel a socket, the new socket effective must be in
 1975                  * the subject range.
 1976                  */
 1977                 if (!biba_effective_in_range(new, subj))
 1978                         return (EPERM);
 1979 
 1980                 /*
 1981                  * To change the Biba label on the socket to contain EQUAL,
 1982                  * the subject must have appropriate privilege.
 1983                  */
 1984                 if (biba_contains_equal(new)) {
 1985                         error = biba_subject_privileged(subj);
 1986                         if (error)
 1987                                 return (error);
 1988                 }
 1989         }
 1990 
 1991         return (0);
 1992 }
 1993 
 1994 static int
 1995 biba_socket_check_visible(struct ucred *cred, struct socket *so,
 1996     struct label *solabel)
 1997 {
 1998         struct mac_biba *subj, *obj;
 1999 
 2000         if (!biba_enabled)
 2001                 return (0);
 2002 
 2003         subj = SLOT(cred->cr_label);
 2004         obj = SLOT(solabel);
 2005 
 2006         SOCK_LOCK(so);
 2007         if (!biba_dominate_effective(obj, subj)) {
 2008                 SOCK_UNLOCK(so);
 2009                 return (ENOENT);
 2010         }
 2011         SOCK_UNLOCK(so);
 2012 
 2013         return (0);
 2014 }
 2015 
 2016 static void
 2017 biba_socket_create(struct ucred *cred, struct socket *so,
 2018     struct label *solabel)
 2019 {
 2020         struct mac_biba *source, *dest;
 2021 
 2022         source = SLOT(cred->cr_label);
 2023         dest = SLOT(solabel);
 2024 
 2025         biba_copy_effective(source, dest);
 2026 }
 2027 
 2028 static void
 2029 biba_socket_create_mbuf(struct socket *so, struct label *solabel,
 2030     struct mbuf *m, struct label *mlabel)
 2031 {
 2032         struct mac_biba *source, *dest;
 2033 
 2034         source = SLOT(solabel);
 2035         dest = SLOT(mlabel);
 2036 
 2037         SOCK_LOCK(so);
 2038         biba_copy_effective(source, dest);
 2039         SOCK_UNLOCK(so);
 2040 }
 2041 
 2042 static void
 2043 biba_socket_newconn(struct socket *oldso, struct label *oldsolabel,
 2044     struct socket *newso, struct label *newsolabel)
 2045 {
 2046         struct mac_biba source, *dest;
 2047 
 2048         SOCK_LOCK(oldso);
 2049         source = *SLOT(oldsolabel);
 2050         SOCK_UNLOCK(oldso);
 2051 
 2052         dest = SLOT(newsolabel);
 2053 
 2054         SOCK_LOCK(newso);
 2055         biba_copy_effective(&source, dest);
 2056         SOCK_UNLOCK(newso);
 2057 }
 2058 
 2059 static void
 2060 biba_socket_relabel(struct ucred *cred, struct socket *so,
 2061     struct label *solabel, struct label *newlabel)
 2062 {
 2063         struct mac_biba *source, *dest;
 2064 
 2065         SOCK_LOCK_ASSERT(so);
 2066 
 2067         source = SLOT(newlabel);
 2068         dest = SLOT(solabel);
 2069 
 2070         biba_copy(source, dest);
 2071 }
 2072 
 2073 static void
 2074 biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
 2075     struct socket *so, struct label *sopeerlabel)
 2076 {
 2077         struct mac_biba *source, *dest;
 2078 
 2079         source = SLOT(mlabel);
 2080         dest = SLOT(sopeerlabel);
 2081 
 2082         SOCK_LOCK(so);
 2083         biba_copy_effective(source, dest);
 2084         SOCK_UNLOCK(so);
 2085 }
 2086 
 2087 static void
 2088 biba_socketpeer_set_from_socket(struct socket *oldso,
 2089     struct label *oldsolabel, struct socket *newso,
 2090     struct label *newsopeerlabel)
 2091 {
 2092         struct mac_biba source, *dest;
 2093 
 2094         SOCK_LOCK(oldso);
 2095         source = *SLOT(oldsolabel);
 2096         SOCK_UNLOCK(oldso);
 2097         dest = SLOT(newsopeerlabel);
 2098 
 2099         SOCK_LOCK(newso);
 2100         biba_copy_effective(&source, dest);
 2101         SOCK_UNLOCK(newso);
 2102 }
 2103 
 2104 static void
 2105 biba_syncache_create(struct label *label, struct inpcb *inp)
 2106 {
 2107         struct mac_biba *source, *dest;
 2108 
 2109         source = SLOT(inp->inp_label);
 2110         dest = SLOT(label);
 2111         biba_copy_effective(source, dest);
 2112 }
 2113 
 2114 static void
 2115 biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
 2116     struct label *mlabel)
 2117 {
 2118         struct mac_biba *source, *dest;
 2119 
 2120         source = SLOT(sc_label);
 2121         dest = SLOT(mlabel);
 2122         biba_copy_effective(source, dest);
 2123 }
 2124 
 2125 static int
 2126 biba_system_check_acct(struct ucred *cred, struct vnode *vp,
 2127     struct label *vplabel)
 2128 {
 2129         struct mac_biba *subj, *obj;
 2130         int error;
 2131 
 2132         if (!biba_enabled)
 2133                 return (0);
 2134 
 2135         subj = SLOT(cred->cr_label);
 2136 
 2137         error = biba_subject_privileged(subj);
 2138         if (error)
 2139                 return (error);
 2140 
 2141         if (vplabel == NULL)
 2142                 return (0);
 2143 
 2144         obj = SLOT(vplabel);
 2145         if (!biba_high_effective(obj))
 2146                 return (EACCES);
 2147 
 2148         return (0);
 2149 }
 2150 
 2151 static int
 2152 biba_system_check_auditctl(struct ucred *cred, struct vnode *vp,
 2153     struct label *vplabel)
 2154 {
 2155         struct mac_biba *subj, *obj;
 2156         int error;
 2157 
 2158         if (!biba_enabled)
 2159                 return (0);
 2160 
 2161         subj = SLOT(cred->cr_label);
 2162 
 2163         error = biba_subject_privileged(subj);
 2164         if (error)
 2165                 return (error);
 2166 
 2167         if (vplabel == NULL)
 2168                 return (0);
 2169 
 2170         obj = SLOT(vplabel);
 2171         if (!biba_high_effective(obj))
 2172                 return (EACCES);
 2173 
 2174         return (0);
 2175 }
 2176 
 2177 static int
 2178 biba_system_check_auditon(struct ucred *cred, int cmd)
 2179 {
 2180         struct mac_biba *subj;
 2181         int error;
 2182 
 2183         if (!biba_enabled)
 2184                 return (0);
 2185 
 2186         subj = SLOT(cred->cr_label);
 2187 
 2188         error = biba_subject_privileged(subj);
 2189         if (error)
 2190                 return (error);
 2191 
 2192         return (0);
 2193 }
 2194 
 2195 static int
 2196 biba_system_check_swapoff(struct ucred *cred, struct vnode *vp,
 2197     struct label *label)
 2198 {
 2199         struct mac_biba *subj;
 2200         int error;
 2201 
 2202         if (!biba_enabled)
 2203                 return (0);
 2204 
 2205         subj = SLOT(cred->cr_label);
 2206 
 2207         error = biba_subject_privileged(subj);
 2208         if (error)
 2209                 return (error);
 2210 
 2211         return (0);
 2212 }
 2213 
 2214 static int
 2215 biba_system_check_swapon(struct ucred *cred, struct vnode *vp,
 2216     struct label *vplabel)
 2217 {
 2218         struct mac_biba *subj, *obj;
 2219         int error;
 2220 
 2221         if (!biba_enabled)
 2222                 return (0);
 2223 
 2224         subj = SLOT(cred->cr_label);
 2225         obj = SLOT(vplabel);
 2226 
 2227         error = biba_subject_privileged(subj);
 2228         if (error)
 2229                 return (error);
 2230 
 2231         if (!biba_high_effective(obj))
 2232                 return (EACCES);
 2233 
 2234         return (0);
 2235 }
 2236 
 2237 static int
 2238 biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
 2239     void *arg1, int arg2, struct sysctl_req *req)
 2240 {
 2241         struct mac_biba *subj;
 2242         int error;
 2243 
 2244         if (!biba_enabled)
 2245                 return (0);
 2246 
 2247         subj = SLOT(cred->cr_label);
 2248 
 2249         /*
 2250          * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high,
 2251          * but also require privilege to change them.
 2252          */
 2253         if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) {
 2254                 if (!biba_subject_dominate_high(subj))
 2255                         return (EACCES);
 2256 
 2257                 error = biba_subject_privileged(subj);
 2258                 if (error)
 2259                         return (error);
 2260         }
 2261 
 2262         return (0);
 2263 }
 2264 
 2265 static void
 2266 biba_sysvmsg_cleanup(struct label *msglabel)
 2267 {
 2268 
 2269         bzero(SLOT(msglabel), sizeof(struct mac_biba));
 2270 }
 2271 
 2272 static void
 2273 biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
 2274     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 2275 {
 2276         struct mac_biba *source, *dest;
 2277 
 2278         /* Ignore the msgq label */
 2279         source = SLOT(cred->cr_label);
 2280         dest = SLOT(msglabel);
 2281 
 2282         biba_copy_effective(source, dest);
 2283 }
 2284 
 2285 static int
 2286 biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
 2287     struct label *msglabel)
 2288 {
 2289         struct mac_biba *subj, *obj;
 2290 
 2291         if (!biba_enabled)
 2292                 return (0);
 2293 
 2294         subj = SLOT(cred->cr_label);
 2295         obj = SLOT(msglabel);
 2296 
 2297         if (!biba_dominate_effective(obj, subj))
 2298                 return (EACCES);
 2299 
 2300         return (0);
 2301 }
 2302 
 2303 static int
 2304 biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
 2305     struct label *msglabel)
 2306 {
 2307         struct mac_biba *subj, *obj;
 2308 
 2309         if (!biba_enabled)
 2310                 return (0);
 2311 
 2312         subj = SLOT(cred->cr_label);
 2313         obj = SLOT(msglabel);
 2314 
 2315         if (!biba_dominate_effective(subj, obj))
 2316                 return (EACCES);
 2317 
 2318         return (0);
 2319 }
 2320 
 2321 static int
 2322 biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
 2323     struct label *msqklabel)
 2324 {
 2325         struct mac_biba *subj, *obj;
 2326 
 2327         if (!biba_enabled)
 2328                 return (0);
 2329 
 2330         subj = SLOT(cred->cr_label);
 2331         obj = SLOT(msqklabel);
 2332 
 2333         if (!biba_dominate_effective(obj, subj))
 2334                 return (EACCES);
 2335 
 2336         return (0);
 2337 }
 2338 
 2339 static int
 2340 biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
 2341     struct label *msqklabel)
 2342 {
 2343         struct mac_biba *subj, *obj;
 2344 
 2345         if (!biba_enabled)
 2346                 return (0);
 2347 
 2348         subj = SLOT(cred->cr_label);
 2349         obj = SLOT(msqklabel);
 2350 
 2351         if (!biba_dominate_effective(subj, obj))
 2352                 return (EACCES);
 2353 
 2354         return (0);
 2355 }
 2356 
 2357 static int
 2358 biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
 2359     struct label *msqklabel)
 2360 {
 2361         struct mac_biba *subj, *obj;
 2362 
 2363         if (!biba_enabled)
 2364                 return (0);
 2365 
 2366         subj = SLOT(cred->cr_label);
 2367         obj = SLOT(msqklabel);
 2368 
 2369         if (!biba_dominate_effective(obj, subj))
 2370                 return (EACCES);
 2371 
 2372         return (0);
 2373 }
 2374 
 2375 static int
 2376 biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
 2377     struct label *msqklabel, int cmd)
 2378 {
 2379         struct mac_biba *subj, *obj;
 2380 
 2381         if (!biba_enabled)
 2382                 return (0);
 2383 
 2384         subj = SLOT(cred->cr_label);
 2385         obj = SLOT(msqklabel);
 2386 
 2387         switch(cmd) {
 2388         case IPC_RMID:
 2389         case IPC_SET:
 2390                 if (!biba_dominate_effective(subj, obj))
 2391                         return (EACCES);
 2392                 break;
 2393 
 2394         case IPC_STAT:
 2395                 if (!biba_dominate_effective(obj, subj))
 2396                         return (EACCES);
 2397                 break;
 2398 
 2399         default:
 2400                 return (EACCES);
 2401         }
 2402 
 2403         return (0);
 2404 }
 2405 
 2406 static void
 2407 biba_sysvmsq_cleanup(struct label *msqlabel)
 2408 {
 2409 
 2410         bzero(SLOT(msqlabel), sizeof(struct mac_biba));
 2411 }
 2412 
 2413 static void
 2414 biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
 2415     struct label *msqlabel)
 2416 {
 2417         struct mac_biba *source, *dest;
 2418 
 2419         source = SLOT(cred->cr_label);
 2420         dest = SLOT(msqlabel);
 2421 
 2422         biba_copy_effective(source, dest);
 2423 }
 2424 
 2425 static int
 2426 biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
 2427     struct label *semaklabel, int cmd)
 2428 {
 2429         struct mac_biba *subj, *obj;
 2430 
 2431         if (!biba_enabled)
 2432                 return (0);
 2433 
 2434         subj = SLOT(cred->cr_label);
 2435         obj = SLOT(semaklabel);
 2436 
 2437         switch(cmd) {
 2438         case IPC_RMID:
 2439         case IPC_SET:
 2440         case SETVAL:
 2441         case SETALL:
 2442                 if (!biba_dominate_effective(subj, obj))
 2443                         return (EACCES);
 2444                 break;
 2445 
 2446         case IPC_STAT:
 2447         case GETVAL:
 2448         case GETPID:
 2449         case GETNCNT:
 2450         case GETZCNT:
 2451         case GETALL:
 2452                 if (!biba_dominate_effective(obj, subj))
 2453                         return (EACCES);
 2454                 break;
 2455 
 2456         default:
 2457                 return (EACCES);
 2458         }
 2459 
 2460         return (0);
 2461 }
 2462 
 2463 static int
 2464 biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
 2465     struct label *semaklabel)
 2466 {
 2467         struct mac_biba *subj, *obj;
 2468 
 2469         if (!biba_enabled)
 2470                 return (0);
 2471 
 2472         subj = SLOT(cred->cr_label);
 2473         obj = SLOT(semaklabel);
 2474 
 2475         if (!biba_dominate_effective(obj, subj))
 2476                 return (EACCES);
 2477 
 2478         return (0);
 2479 }
 2480 
 2481 static int
 2482 biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
 2483     struct label *semaklabel, size_t accesstype)
 2484 {
 2485         struct mac_biba *subj, *obj;
 2486 
 2487         if (!biba_enabled)
 2488                 return (0);
 2489 
 2490         subj = SLOT(cred->cr_label);
 2491         obj = SLOT(semaklabel);
 2492 
 2493         if (accesstype & SEM_R)
 2494                 if (!biba_dominate_effective(obj, subj))
 2495                         return (EACCES);
 2496 
 2497         if (accesstype & SEM_A)
 2498                 if (!biba_dominate_effective(subj, obj))
 2499                         return (EACCES);
 2500 
 2501         return (0);
 2502 }
 2503 
 2504 static void
 2505 biba_sysvsem_cleanup(struct label *semalabel)
 2506 {
 2507 
 2508         bzero(SLOT(semalabel), sizeof(struct mac_biba));
 2509 }
 2510 
 2511 static void
 2512 biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
 2513     struct label *semalabel)
 2514 {
 2515         struct mac_biba *source, *dest;
 2516 
 2517         source = SLOT(cred->cr_label);
 2518         dest = SLOT(semalabel);
 2519 
 2520         biba_copy_effective(source, dest);
 2521 }
 2522 
 2523 static int
 2524 biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
 2525     struct label *shmseglabel, int shmflg)
 2526 {
 2527         struct mac_biba *subj, *obj;
 2528 
 2529         if (!biba_enabled)
 2530                 return (0);
 2531 
 2532         subj = SLOT(cred->cr_label);
 2533         obj = SLOT(shmseglabel);
 2534 
 2535         if (!biba_dominate_effective(obj, subj))
 2536                 return (EACCES);
 2537         if ((shmflg & SHM_RDONLY) == 0) {
 2538                 if (!biba_dominate_effective(subj, obj))
 2539                         return (EACCES);
 2540         }
 2541         
 2542         return (0);
 2543 }
 2544 
 2545 static int
 2546 biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
 2547     struct label *shmseglabel, int cmd)
 2548 {
 2549         struct mac_biba *subj, *obj;
 2550 
 2551         if (!biba_enabled)
 2552                 return (0);
 2553 
 2554         subj = SLOT(cred->cr_label);
 2555         obj = SLOT(shmseglabel);
 2556 
 2557         switch(cmd) {
 2558         case IPC_RMID:
 2559         case IPC_SET:
 2560                 if (!biba_dominate_effective(subj, obj))
 2561                         return (EACCES);
 2562                 break;
 2563 
 2564         case IPC_STAT:
 2565         case SHM_STAT:
 2566                 if (!biba_dominate_effective(obj, subj))
 2567                         return (EACCES);
 2568                 break;
 2569 
 2570         default:
 2571                 return (EACCES);
 2572         }
 2573 
 2574         return (0);
 2575 }
 2576 
 2577 static int
 2578 biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
 2579     struct label *shmseglabel, int shmflg)
 2580 {
 2581         struct mac_biba *subj, *obj;
 2582 
 2583         if (!biba_enabled)
 2584                 return (0);
 2585 
 2586         subj = SLOT(cred->cr_label);
 2587         obj = SLOT(shmseglabel);
 2588 
 2589         if (!biba_dominate_effective(obj, subj))
 2590                 return (EACCES);
 2591 
 2592         return (0);
 2593 }
 2594 
 2595 static void
 2596 biba_sysvshm_cleanup(struct label *shmlabel)
 2597 {
 2598 
 2599         bzero(SLOT(shmlabel), sizeof(struct mac_biba));
 2600 }
 2601 
 2602 static void
 2603 biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
 2604     struct label *shmlabel)
 2605 {
 2606         struct mac_biba *source, *dest;
 2607 
 2608         source = SLOT(cred->cr_label);
 2609         dest = SLOT(shmlabel);
 2610 
 2611         biba_copy_effective(source, dest);
 2612 }
 2613 
 2614 static int
 2615 biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
 2616     struct vnode *vp, struct label *vplabel)
 2617 {
 2618         struct mac_biba mb_temp, *source, *dest;
 2619         int buflen, error;
 2620 
 2621         source = SLOT(mplabel);
 2622         dest = SLOT(vplabel);
 2623 
 2624         buflen = sizeof(mb_temp);
 2625         bzero(&mb_temp, buflen);
 2626 
 2627         error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
 2628             MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread);
 2629         if (error == ENOATTR || error == EOPNOTSUPP) {
 2630                 /* Fall back to the mntlabel. */
 2631                 biba_copy_effective(source, dest);
 2632                 return (0);
 2633         } else if (error)
 2634                 return (error);
 2635 
 2636         if (buflen != sizeof(mb_temp)) {
 2637                 printf("biba_vnode_associate_extattr: bad size %d\n",
 2638                     buflen);
 2639                 return (EPERM);
 2640         }
 2641         if (biba_valid(&mb_temp) != 0) {
 2642                 printf("biba_vnode_associate_extattr: invalid\n");
 2643                 return (EPERM);
 2644         }
 2645         if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) !=
 2646             MAC_BIBA_FLAG_EFFECTIVE) {
 2647                 printf("biba_vnode_associate_extattr: not effective\n");
 2648                 return (EPERM);
 2649         }
 2650 
 2651         biba_copy_effective(&mb_temp, dest);
 2652         return (0);
 2653 }
 2654 
 2655 static void
 2656 biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
 2657     struct vnode *vp, struct label *vplabel)
 2658 {
 2659         struct mac_biba *source, *dest;
 2660 
 2661         source = SLOT(mplabel);
 2662         dest = SLOT(vplabel);
 2663 
 2664         biba_copy_effective(source, dest);
 2665 }
 2666 
 2667 static int
 2668 biba_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
 2669     struct label *dvplabel)
 2670 {
 2671         struct mac_biba *subj, *obj;
 2672 
 2673         if (!biba_enabled)
 2674                 return (0);
 2675 
 2676         subj = SLOT(cred->cr_label);
 2677         obj = SLOT(dvplabel);
 2678 
 2679         if (!biba_dominate_effective(obj, subj))
 2680                 return (EACCES);
 2681 
 2682         return (0);
 2683 }
 2684 
 2685 static int
 2686 biba_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
 2687     struct label *dvplabel)
 2688 {
 2689         struct mac_biba *subj, *obj;
 2690 
 2691         if (!biba_enabled)
 2692                 return (0);
 2693 
 2694         subj = SLOT(cred->cr_label);
 2695         obj = SLOT(dvplabel);
 2696 
 2697         if (!biba_dominate_effective(obj, subj))
 2698                 return (EACCES);
 2699 
 2700         return (0);
 2701 }
 2702 
 2703 static int
 2704 biba_vnode_check_create(struct ucred *cred, struct vnode *dvp,
 2705     struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
 2706 {
 2707         struct mac_biba *subj, *obj;
 2708 
 2709         if (!biba_enabled)
 2710                 return (0);
 2711 
 2712         subj = SLOT(cred->cr_label);
 2713         obj = SLOT(dvplabel);
 2714 
 2715         if (!biba_dominate_effective(subj, obj))
 2716                 return (EACCES);
 2717 
 2718         return (0);
 2719 }
 2720 
 2721 static int
 2722 biba_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
 2723     struct label *vplabel, acl_type_t type)
 2724 {
 2725         struct mac_biba *subj, *obj;
 2726 
 2727         if (!biba_enabled)
 2728                 return (0);
 2729 
 2730         subj = SLOT(cred->cr_label);
 2731         obj = SLOT(vplabel);
 2732 
 2733         if (!biba_dominate_effective(subj, obj))
 2734                 return (EACCES);
 2735 
 2736         return (0);
 2737 }
 2738 
 2739 static int
 2740 biba_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
 2741     struct label *vplabel, int attrnamespace, const char *name)
 2742 {
 2743         struct mac_biba *subj, *obj;
 2744 
 2745         if (!biba_enabled)
 2746                 return (0);
 2747 
 2748         subj = SLOT(cred->cr_label);
 2749         obj = SLOT(vplabel);
 2750 
 2751         if (!biba_dominate_effective(subj, obj))
 2752                 return (EACCES);
 2753 
 2754         return (0);
 2755 }
 2756 
 2757 static int
 2758 biba_vnode_check_exec(struct ucred *cred, struct vnode *vp,
 2759     struct label *vplabel, struct image_params *imgp,
 2760     struct label *execlabel)
 2761 {
 2762         struct mac_biba *subj, *obj, *exec;
 2763         int error;
 2764 
 2765         if (execlabel != NULL) {
 2766                 /*
 2767                  * We currently don't permit labels to be changed at
 2768                  * exec-time as part of Biba, so disallow non-NULL Biba label
 2769                  * elements in the execlabel.
 2770                  */
 2771                 exec = SLOT(execlabel);
 2772                 error = biba_atmostflags(exec, 0);
 2773                 if (error)
 2774                         return (error);
 2775         }
 2776 
 2777         if (!biba_enabled)
 2778                 return (0);
 2779 
 2780         subj = SLOT(cred->cr_label);
 2781         obj = SLOT(vplabel);
 2782 
 2783         if (!biba_dominate_effective(obj, subj))
 2784                 return (EACCES);
 2785 
 2786         return (0);
 2787 }
 2788 
 2789 static int
 2790 biba_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
 2791     struct label *vplabel, acl_type_t type)
 2792 {
 2793         struct mac_biba *subj, *obj;
 2794 
 2795         if (!biba_enabled)
 2796                 return (0);
 2797 
 2798         subj = SLOT(cred->cr_label);
 2799         obj = SLOT(vplabel);
 2800 
 2801         if (!biba_dominate_effective(obj, subj))
 2802                 return (EACCES);
 2803 
 2804         return (0);
 2805 }
 2806 
 2807 static int
 2808 biba_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
 2809     struct label *vplabel, int attrnamespace, const char *name)
 2810 {
 2811         struct mac_biba *subj, *obj;
 2812 
 2813         if (!biba_enabled)
 2814                 return (0);
 2815 
 2816         subj = SLOT(cred->cr_label);
 2817         obj = SLOT(vplabel);
 2818 
 2819         if (!biba_dominate_effective(obj, subj))
 2820                 return (EACCES);
 2821 
 2822         return (0);
 2823 }
 2824 
 2825 static int
 2826 biba_vnode_check_link(struct ucred *cred, struct vnode *dvp,
 2827     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2828     struct componentname *cnp)
 2829 {
 2830         struct mac_biba *subj, *obj;
 2831 
 2832         if (!biba_enabled)
 2833                 return (0);
 2834 
 2835         subj = SLOT(cred->cr_label);
 2836         obj = SLOT(dvplabel);
 2837 
 2838         if (!biba_dominate_effective(subj, obj))
 2839                 return (EACCES);
 2840 
 2841         obj = SLOT(vplabel);
 2842 
 2843         if (!biba_dominate_effective(subj, obj))
 2844                 return (EACCES);
 2845 
 2846         return (0);
 2847 }
 2848 
 2849 static int
 2850 biba_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
 2851     struct label *vplabel, int attrnamespace)
 2852 {
 2853         struct mac_biba *subj, *obj;
 2854 
 2855         if (!biba_enabled)
 2856                 return (0);
 2857 
 2858         subj = SLOT(cred->cr_label);
 2859         obj = SLOT(vplabel);
 2860 
 2861         if (!biba_dominate_effective(obj, subj))
 2862                 return (EACCES);
 2863 
 2864         return (0);
 2865 }
 2866 
 2867 static int
 2868 biba_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
 2869     struct label *dvplabel, struct componentname *cnp)
 2870 {
 2871         struct mac_biba *subj, *obj;
 2872 
 2873         if (!biba_enabled)
 2874                 return (0);
 2875 
 2876         subj = SLOT(cred->cr_label);
 2877         obj = SLOT(dvplabel);
 2878 
 2879         if (!biba_dominate_effective(obj, subj))
 2880                 return (EACCES);
 2881 
 2882         return (0);
 2883 }
 2884 
 2885 static int
 2886 biba_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
 2887     struct label *vplabel, int prot, int flags)
 2888 {
 2889         struct mac_biba *subj, *obj;
 2890 
 2891         /*
 2892          * Rely on the use of open()-time protections to handle
 2893          * non-revocation cases.
 2894          */
 2895         if (!biba_enabled || !revocation_enabled)
 2896                 return (0);
 2897 
 2898         subj = SLOT(cred->cr_label);
 2899         obj = SLOT(vplabel);
 2900 
 2901         if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
 2902                 if (!biba_dominate_effective(obj, subj))
 2903                         return (EACCES);
 2904         }
 2905         if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) {
 2906                 if (!biba_dominate_effective(subj, obj))
 2907                         return (EACCES);
 2908         }
 2909 
 2910         return (0);
 2911 }
 2912 
 2913 static int
 2914 biba_vnode_check_open(struct ucred *cred, struct vnode *vp,
 2915     struct label *vplabel, accmode_t accmode)
 2916 {
 2917         struct mac_biba *subj, *obj;
 2918 
 2919         if (!biba_enabled)
 2920                 return (0);
 2921 
 2922         subj = SLOT(cred->cr_label);
 2923         obj = SLOT(vplabel);
 2924 
 2925         /* XXX privilege override for admin? */
 2926         if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 2927                 if (!biba_dominate_effective(obj, subj))
 2928                         return (EACCES);
 2929         }
 2930         if (accmode & VMODIFY_PERMS) {
 2931                 if (!biba_dominate_effective(subj, obj))
 2932                         return (EACCES);
 2933         }
 2934 
 2935         return (0);
 2936 }
 2937 
 2938 static int
 2939 biba_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
 2940     struct vnode *vp, struct label *vplabel)
 2941 {
 2942         struct mac_biba *subj, *obj;
 2943 
 2944         if (!biba_enabled || !revocation_enabled)
 2945                 return (0);
 2946 
 2947         subj = SLOT(active_cred->cr_label);
 2948         obj = SLOT(vplabel);
 2949 
 2950         if (!biba_dominate_effective(obj, subj))
 2951                 return (EACCES);
 2952 
 2953         return (0);
 2954 }
 2955 
 2956 static int
 2957 biba_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
 2958     struct vnode *vp, struct label *vplabel)
 2959 {
 2960         struct mac_biba *subj, *obj;
 2961 
 2962         if (!biba_enabled || !revocation_enabled)
 2963                 return (0);
 2964 
 2965         subj = SLOT(active_cred->cr_label);
 2966         obj = SLOT(vplabel);
 2967 
 2968         if (!biba_dominate_effective(obj, subj))
 2969                 return (EACCES);
 2970 
 2971         return (0);
 2972 }
 2973 
 2974 static int
 2975 biba_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
 2976     struct label *dvplabel)
 2977 {
 2978         struct mac_biba *subj, *obj;
 2979 
 2980         if (!biba_enabled)
 2981                 return (0);
 2982 
 2983         subj = SLOT(cred->cr_label);
 2984         obj = SLOT(dvplabel);
 2985 
 2986         if (!biba_dominate_effective(obj, subj))
 2987                 return (EACCES);
 2988 
 2989         return (0);
 2990 }
 2991 
 2992 static int
 2993 biba_vnode_check_readlink(struct ucred *cred, struct vnode *vp,
 2994     struct label *vplabel)
 2995 {
 2996         struct mac_biba *subj, *obj;
 2997 
 2998         if (!biba_enabled)
 2999                 return (0);
 3000 
 3001         subj = SLOT(cred->cr_label);
 3002         obj = SLOT(vplabel);
 3003 
 3004         if (!biba_dominate_effective(obj, subj))
 3005                 return (EACCES);
 3006 
 3007         return (0);
 3008 }
 3009 
 3010 static int
 3011 biba_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
 3012     struct label *vplabel, struct label *newlabel)
 3013 {
 3014         struct mac_biba *old, *new, *subj;
 3015         int error;
 3016 
 3017         old = SLOT(vplabel);
 3018         new = SLOT(newlabel);
 3019         subj = SLOT(cred->cr_label);
 3020 
 3021         /*
 3022          * If there is a Biba label update for the vnode, it must be a
 3023          * effective label.
 3024          */
 3025         error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
 3026         if (error)
 3027                 return (error);
 3028 
 3029         /*
 3030          * To perform a relabel of the vnode (Biba label or not), Biba must
 3031          * authorize the relabel.
 3032          */
 3033         if (!biba_effective_in_range(old, subj))
 3034                 return (EPERM);
 3035 
 3036         /*
 3037          * If the Biba label is to be changed, authorize as appropriate.
 3038          */
 3039         if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
 3040                 /*
 3041                  * To change the Biba label on a vnode, the new vnode label
 3042                  * must be in the subject range.
 3043                  */
 3044                 if (!biba_effective_in_range(new, subj))
 3045                         return (EPERM);
 3046 
 3047                 /*
 3048                  * To change the Biba label on the vnode to be EQUAL, the
 3049                  * subject must have appropriate privilege.
 3050                  */
 3051                 if (biba_contains_equal(new)) {
 3052                         error = biba_subject_privileged(subj);
 3053                         if (error)
 3054                                 return (error);
 3055                 }
 3056         }
 3057 
 3058         return (0);
 3059 }
 3060 
 3061 static int
 3062 biba_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
 3063     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 3064     struct componentname *cnp)
 3065 {
 3066         struct mac_biba *subj, *obj;
 3067 
 3068         if (!biba_enabled)
 3069                 return (0);
 3070 
 3071         subj = SLOT(cred->cr_label);
 3072         obj = SLOT(dvplabel);
 3073 
 3074         if (!biba_dominate_effective(subj, obj))
 3075                 return (EACCES);
 3076 
 3077         obj = SLOT(vplabel);
 3078 
 3079         if (!biba_dominate_effective(subj, obj))
 3080                 return (EACCES);
 3081 
 3082         return (0);
 3083 }
 3084 
 3085 static int
 3086 biba_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
 3087     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 3088     int samedir, struct componentname *cnp)
 3089 {
 3090         struct mac_biba *subj, *obj;
 3091 
 3092         if (!biba_enabled)
 3093                 return (0);
 3094 
 3095         subj = SLOT(cred->cr_label);
 3096         obj = SLOT(dvplabel);
 3097 
 3098         if (!biba_dominate_effective(subj, obj))
 3099                 return (EACCES);
 3100 
 3101         if (vp != NULL) {
 3102                 obj = SLOT(vplabel);
 3103 
 3104                 if (!biba_dominate_effective(subj, obj))
 3105                         return (EACCES);
 3106         }
 3107 
 3108         return (0);
 3109 }
 3110 
 3111 static int
 3112 biba_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
 3113     struct label *vplabel)
 3114 {
 3115         struct mac_biba *subj, *obj;
 3116 
 3117         if (!biba_enabled)
 3118                 return (0);
 3119 
 3120         subj = SLOT(cred->cr_label);
 3121         obj = SLOT(vplabel);
 3122 
 3123         if (!biba_dominate_effective(subj, obj))
 3124                 return (EACCES);
 3125 
 3126         return (0);
 3127 }
 3128 
 3129 static int
 3130 biba_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
 3131     struct label *vplabel, acl_type_t type, struct acl *acl)
 3132 {
 3133         struct mac_biba *subj, *obj;
 3134 
 3135         if (!biba_enabled)
 3136                 return (0);
 3137 
 3138         subj = SLOT(cred->cr_label);
 3139         obj = SLOT(vplabel);
 3140 
 3141         if (!biba_dominate_effective(subj, obj))
 3142                 return (EACCES);
 3143 
 3144         return (0);
 3145 }
 3146 
 3147 static int
 3148 biba_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
 3149     struct label *vplabel, int attrnamespace, const char *name)
 3150 {
 3151         struct mac_biba *subj, *obj;
 3152 
 3153         if (!biba_enabled)
 3154                 return (0);
 3155 
 3156         subj = SLOT(cred->cr_label);
 3157         obj = SLOT(vplabel);
 3158 
 3159         if (!biba_dominate_effective(subj, obj))
 3160                 return (EACCES);
 3161 
 3162         /* XXX: protect the MAC EA in a special way? */
 3163 
 3164         return (0);
 3165 }
 3166 
 3167 static int
 3168 biba_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
 3169     struct label *vplabel, u_long flags)
 3170 {
 3171         struct mac_biba *subj, *obj;
 3172 
 3173         if (!biba_enabled)
 3174                 return (0);
 3175 
 3176         subj = SLOT(cred->cr_label);
 3177         obj = SLOT(vplabel);
 3178 
 3179         if (!biba_dominate_effective(subj, obj))
 3180                 return (EACCES);
 3181 
 3182         return (0);
 3183 }
 3184 
 3185 static int
 3186 biba_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
 3187     struct label *vplabel, mode_t mode)
 3188 {
 3189         struct mac_biba *subj, *obj;
 3190 
 3191         if (!biba_enabled)
 3192                 return (0);
 3193 
 3194         subj = SLOT(cred->cr_label);
 3195         obj = SLOT(vplabel);
 3196 
 3197         if (!biba_dominate_effective(subj, obj))
 3198                 return (EACCES);
 3199 
 3200         return (0);
 3201 }
 3202 
 3203 static int
 3204 biba_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
 3205     struct label *vplabel, uid_t uid, gid_t gid)
 3206 {
 3207         struct mac_biba *subj, *obj;
 3208 
 3209         if (!biba_enabled)
 3210                 return (0);
 3211 
 3212         subj = SLOT(cred->cr_label);
 3213         obj = SLOT(vplabel);
 3214 
 3215         if (!biba_dominate_effective(subj, obj))
 3216                 return (EACCES);
 3217 
 3218         return (0);
 3219 }
 3220 
 3221 static int
 3222 biba_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
 3223     struct label *vplabel, struct timespec atime, struct timespec mtime)
 3224 {
 3225         struct mac_biba *subj, *obj;
 3226 
 3227         if (!biba_enabled)
 3228                 return (0);
 3229 
 3230         subj = SLOT(cred->cr_label);
 3231         obj = SLOT(vplabel);
 3232 
 3233         if (!biba_dominate_effective(subj, obj))
 3234                 return (EACCES);
 3235 
 3236         return (0);
 3237 }
 3238 
 3239 static int
 3240 biba_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
 3241     struct vnode *vp, struct label *vplabel)
 3242 {
 3243         struct mac_biba *subj, *obj;
 3244 
 3245         if (!biba_enabled)
 3246                 return (0);
 3247 
 3248         subj = SLOT(active_cred->cr_label);
 3249         obj = SLOT(vplabel);
 3250 
 3251         if (!biba_dominate_effective(obj, subj))
 3252                 return (EACCES);
 3253 
 3254         return (0);
 3255 }
 3256 
 3257 static int
 3258 biba_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
 3259     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 3260     struct componentname *cnp)
 3261 {
 3262         struct mac_biba *subj, *obj;
 3263 
 3264         if (!biba_enabled)
 3265                 return (0);
 3266 
 3267         subj = SLOT(cred->cr_label);
 3268         obj = SLOT(dvplabel);
 3269 
 3270         if (!biba_dominate_effective(subj, obj))
 3271                 return (EACCES);
 3272 
 3273         obj = SLOT(vplabel);
 3274 
 3275         if (!biba_dominate_effective(subj, obj))
 3276                 return (EACCES);
 3277 
 3278         return (0);
 3279 }
 3280 
 3281 static int
 3282 biba_vnode_check_write(struct ucred *active_cred,
 3283     struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
 3284 {
 3285         struct mac_biba *subj, *obj;
 3286 
 3287         if (!biba_enabled || !revocation_enabled)
 3288                 return (0);
 3289 
 3290         subj = SLOT(active_cred->cr_label);
 3291         obj = SLOT(vplabel);
 3292 
 3293         if (!biba_dominate_effective(subj, obj))
 3294                 return (EACCES);
 3295 
 3296         return (0);
 3297 }
 3298 
 3299 static int
 3300 biba_vnode_create_extattr(struct ucred *cred, struct mount *mp,
 3301     struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
 3302     struct vnode *vp, struct label *vplabel, struct componentname *cnp)
 3303 {
 3304         struct mac_biba *source, *dest, mb_temp;
 3305         size_t buflen;
 3306         int error;
 3307 
 3308         buflen = sizeof(mb_temp);
 3309         bzero(&mb_temp, buflen);
 3310 
 3311         source = SLOT(cred->cr_label);
 3312         dest = SLOT(vplabel);
 3313         biba_copy_effective(source, &mb_temp);
 3314 
 3315         error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
 3316             MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
 3317         if (error == 0)
 3318                 biba_copy_effective(source, dest);
 3319         return (error);
 3320 }
 3321 
 3322 static void
 3323 biba_vnode_relabel(struct ucred *cred, struct vnode *vp,
 3324     struct label *vplabel, struct label *newlabel)
 3325 {
 3326         struct mac_biba *source, *dest;
 3327 
 3328         source = SLOT(newlabel);
 3329         dest = SLOT(vplabel);
 3330 
 3331         biba_copy(source, dest);
 3332 }
 3333 
 3334 static int
 3335 biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
 3336     struct label *vplabel, struct label *intlabel)
 3337 {
 3338         struct mac_biba *source, mb_temp;
 3339         size_t buflen;
 3340         int error;
 3341 
 3342         buflen = sizeof(mb_temp);
 3343         bzero(&mb_temp, buflen);
 3344 
 3345         source = SLOT(intlabel);
 3346         if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0)
 3347                 return (0);
 3348 
 3349         biba_copy_effective(source, &mb_temp);
 3350 
 3351         error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
 3352             MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
 3353         return (error);
 3354 }
 3355 
 3356 static struct mac_policy_ops mac_biba_ops =
 3357 {
 3358         .mpo_init = biba_init,
 3359 
 3360         .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive,
 3361         .mpo_bpfdesc_create = biba_bpfdesc_create,
 3362         .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
 3363         .mpo_bpfdesc_destroy_label = biba_destroy_label,
 3364         .mpo_bpfdesc_init_label = biba_init_label,
 3365 
 3366         .mpo_cred_associate_nfsd = biba_cred_associate_nfsd,
 3367         .mpo_cred_check_relabel = biba_cred_check_relabel,
 3368         .mpo_cred_check_visible = biba_cred_check_visible,
 3369         .mpo_cred_copy_label = biba_copy_label,
 3370         .mpo_cred_create_init = biba_cred_create_init,
 3371         .mpo_cred_create_swapper = biba_cred_create_swapper,
 3372         .mpo_cred_destroy_label = biba_destroy_label,
 3373         .mpo_cred_externalize_label = biba_externalize_label,
 3374         .mpo_cred_init_label = biba_init_label,
 3375         .mpo_cred_internalize_label = biba_internalize_label,
 3376         .mpo_cred_relabel = biba_cred_relabel,
 3377 
 3378         .mpo_devfs_create_device = biba_devfs_create_device,
 3379         .mpo_devfs_create_directory = biba_devfs_create_directory,
 3380         .mpo_devfs_create_symlink = biba_devfs_create_symlink,
 3381         .mpo_devfs_destroy_label = biba_destroy_label,
 3382         .mpo_devfs_init_label = biba_init_label,
 3383         .mpo_devfs_update = biba_devfs_update,
 3384         .mpo_devfs_vnode_associate = biba_devfs_vnode_associate,
 3385 
 3386         .mpo_ifnet_check_relabel = biba_ifnet_check_relabel,
 3387         .mpo_ifnet_check_transmit = biba_ifnet_check_transmit,
 3388         .mpo_ifnet_copy_label = biba_copy_label,
 3389         .mpo_ifnet_create = biba_ifnet_create,
 3390         .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
 3391         .mpo_ifnet_destroy_label = biba_destroy_label,
 3392         .mpo_ifnet_externalize_label = biba_externalize_label,
 3393         .mpo_ifnet_init_label = biba_init_label,
 3394         .mpo_ifnet_internalize_label = biba_internalize_label,
 3395         .mpo_ifnet_relabel = biba_ifnet_relabel,
 3396 
 3397         .mpo_inpcb_check_deliver = biba_inpcb_check_deliver,
 3398         .mpo_inpcb_check_visible = biba_inpcb_check_visible,
 3399         .mpo_inpcb_create = biba_inpcb_create,
 3400         .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,
 3401         .mpo_inpcb_destroy_label = biba_destroy_label,
 3402         .mpo_inpcb_init_label = biba_init_label_waitcheck,
 3403         .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel,
 3404 
 3405         .mpo_ip6q_create = biba_ip6q_create,
 3406         .mpo_ip6q_destroy_label = biba_destroy_label,
 3407         .mpo_ip6q_init_label = biba_init_label_waitcheck,
 3408         .mpo_ip6q_match = biba_ip6q_match,
 3409         .mpo_ip6q_reassemble = biba_ip6q_reassemble,
 3410         .mpo_ip6q_update = biba_ip6q_update,
 3411 
 3412         .mpo_ipq_create = biba_ipq_create,
 3413         .mpo_ipq_destroy_label = biba_destroy_label,
 3414         .mpo_ipq_init_label = biba_init_label_waitcheck,
 3415         .mpo_ipq_match = biba_ipq_match,
 3416         .mpo_ipq_reassemble = biba_ipq_reassemble,
 3417         .mpo_ipq_update = biba_ipq_update,
 3418 
 3419         .mpo_kld_check_load = biba_kld_check_load,
 3420 
 3421         .mpo_mbuf_copy_label = biba_copy_label,
 3422         .mpo_mbuf_destroy_label = biba_destroy_label,
 3423         .mpo_mbuf_init_label = biba_init_label_waitcheck,
 3424 
 3425         .mpo_mount_check_stat = biba_mount_check_stat,
 3426         .mpo_mount_create = biba_mount_create,
 3427         .mpo_mount_destroy_label = biba_destroy_label,
 3428         .mpo_mount_init_label = biba_init_label,
 3429 
 3430         .mpo_netatalk_aarp_send = biba_netatalk_aarp_send,
 3431 
 3432         .mpo_netinet_arp_send = biba_netinet_arp_send,
 3433         .mpo_netinet_firewall_reply = biba_netinet_firewall_reply,
 3434         .mpo_netinet_firewall_send = biba_netinet_firewall_send,
 3435         .mpo_netinet_fragment = biba_netinet_fragment,
 3436         .mpo_netinet_icmp_reply = biba_netinet_icmp_reply,
 3437         .mpo_netinet_igmp_send = biba_netinet_igmp_send,
 3438 
 3439         .mpo_netinet6_nd6_send = biba_netinet6_nd6_send,
 3440 
 3441         .mpo_pipe_check_ioctl = biba_pipe_check_ioctl,
 3442         .mpo_pipe_check_poll = biba_pipe_check_poll,
 3443         .mpo_pipe_check_read = biba_pipe_check_read,
 3444         .mpo_pipe_check_relabel = biba_pipe_check_relabel,
 3445         .mpo_pipe_check_stat = biba_pipe_check_stat,
 3446         .mpo_pipe_check_write = biba_pipe_check_write,
 3447         .mpo_pipe_copy_label = biba_copy_label,
 3448         .mpo_pipe_create = biba_pipe_create,
 3449         .mpo_pipe_destroy_label = biba_destroy_label,
 3450         .mpo_pipe_externalize_label = biba_externalize_label,
 3451         .mpo_pipe_init_label = biba_init_label,
 3452         .mpo_pipe_internalize_label = biba_internalize_label,
 3453         .mpo_pipe_relabel = biba_pipe_relabel,
 3454 
 3455         .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly,
 3456         .mpo_posixsem_check_open = biba_posixsem_check_openunlink,
 3457         .mpo_posixsem_check_post = biba_posixsem_check_write,
 3458         .mpo_posixsem_check_stat = biba_posixsem_check_rdonly,
 3459         .mpo_posixsem_check_unlink = biba_posixsem_check_openunlink,
 3460         .mpo_posixsem_check_wait = biba_posixsem_check_write,
 3461         .mpo_posixsem_create = biba_posixsem_create,
 3462         .mpo_posixsem_destroy_label = biba_destroy_label,
 3463         .mpo_posixsem_init_label = biba_init_label,
 3464 
 3465         .mpo_priv_check = biba_priv_check,
 3466 
 3467         .mpo_proc_check_debug = biba_proc_check_debug,
 3468         .mpo_proc_check_sched = biba_proc_check_sched,
 3469         .mpo_proc_check_signal = biba_proc_check_signal,
 3470 
 3471         .mpo_socket_check_deliver = biba_socket_check_deliver,
 3472         .mpo_socket_check_relabel = biba_socket_check_relabel,
 3473         .mpo_socket_check_visible = biba_socket_check_visible,
 3474         .mpo_socket_copy_label = biba_copy_label,
 3475         .mpo_socket_create = biba_socket_create,
 3476         .mpo_socket_create_mbuf = biba_socket_create_mbuf,
 3477         .mpo_socket_destroy_label = biba_destroy_label,
 3478         .mpo_socket_externalize_label = biba_externalize_label,
 3479         .mpo_socket_init_label = biba_init_label_waitcheck,
 3480         .mpo_socket_internalize_label = biba_internalize_label,
 3481         .mpo_socket_newconn = biba_socket_newconn,
 3482         .mpo_socket_relabel = biba_socket_relabel,
 3483 
 3484         .mpo_socketpeer_destroy_label = biba_destroy_label,
 3485         .mpo_socketpeer_externalize_label = biba_externalize_label,
 3486         .mpo_socketpeer_init_label = biba_init_label_waitcheck,
 3487         .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf,
 3488         .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket,
 3489 
 3490         .mpo_syncache_create = biba_syncache_create,
 3491         .mpo_syncache_create_mbuf = biba_syncache_create_mbuf,
 3492         .mpo_syncache_destroy_label = biba_destroy_label,
 3493         .mpo_syncache_init_label = biba_init_label_waitcheck,
 3494 
 3495         .mpo_system_check_acct = biba_system_check_acct,
 3496         .mpo_system_check_auditctl = biba_system_check_auditctl,
 3497         .mpo_system_check_auditon = biba_system_check_auditon,
 3498         .mpo_system_check_swapoff = biba_system_check_swapoff,
 3499         .mpo_system_check_swapon = biba_system_check_swapon,
 3500         .mpo_system_check_sysctl = biba_system_check_sysctl,
 3501 
 3502         .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup,
 3503         .mpo_sysvmsg_create = biba_sysvmsg_create,
 3504         .mpo_sysvmsg_destroy_label = biba_destroy_label,
 3505         .mpo_sysvmsg_init_label = biba_init_label,
 3506 
 3507         .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv,
 3508         .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid,
 3509         .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget,
 3510         .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd,
 3511         .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv,
 3512         .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl,
 3513         .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup,
 3514         .mpo_sysvmsq_create = biba_sysvmsq_create,
 3515         .mpo_sysvmsq_destroy_label = biba_destroy_label,
 3516         .mpo_sysvmsq_init_label = biba_init_label,
 3517 
 3518         .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl,
 3519         .mpo_sysvsem_check_semget = biba_sysvsem_check_semget,
 3520         .mpo_sysvsem_check_semop = biba_sysvsem_check_semop,
 3521         .mpo_sysvsem_cleanup = biba_sysvsem_cleanup,
 3522         .mpo_sysvsem_create = biba_sysvsem_create,
 3523         .mpo_sysvsem_destroy_label = biba_destroy_label,
 3524         .mpo_sysvsem_init_label = biba_init_label,
 3525 
 3526         .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat,
 3527         .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl,
 3528         .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget,
 3529         .mpo_sysvshm_cleanup = biba_sysvshm_cleanup,
 3530         .mpo_sysvshm_create = biba_sysvshm_create,
 3531         .mpo_sysvshm_destroy_label = biba_destroy_label,
 3532         .mpo_sysvshm_init_label = biba_init_label,
 3533 
 3534         .mpo_vnode_associate_extattr = biba_vnode_associate_extattr,
 3535         .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel,
 3536         .mpo_vnode_check_access = biba_vnode_check_open,
 3537         .mpo_vnode_check_chdir = biba_vnode_check_chdir,
 3538         .mpo_vnode_check_chroot = biba_vnode_check_chroot,
 3539         .mpo_vnode_check_create = biba_vnode_check_create,
 3540         .mpo_vnode_check_deleteacl = biba_vnode_check_deleteacl,
 3541         .mpo_vnode_check_deleteextattr = biba_vnode_check_deleteextattr,
 3542         .mpo_vnode_check_exec = biba_vnode_check_exec,
 3543         .mpo_vnode_check_getacl = biba_vnode_check_getacl,
 3544         .mpo_vnode_check_getextattr = biba_vnode_check_getextattr,
 3545         .mpo_vnode_check_link = biba_vnode_check_link,
 3546         .mpo_vnode_check_listextattr = biba_vnode_check_listextattr,
 3547         .mpo_vnode_check_lookup = biba_vnode_check_lookup,
 3548         .mpo_vnode_check_mmap = biba_vnode_check_mmap,
 3549         .mpo_vnode_check_open = biba_vnode_check_open,
 3550         .mpo_vnode_check_poll = biba_vnode_check_poll,
 3551         .mpo_vnode_check_read = biba_vnode_check_read,
 3552         .mpo_vnode_check_readdir = biba_vnode_check_readdir,
 3553         .mpo_vnode_check_readlink = biba_vnode_check_readlink,
 3554         .mpo_vnode_check_relabel = biba_vnode_check_relabel,
 3555         .mpo_vnode_check_rename_from = biba_vnode_check_rename_from,
 3556         .mpo_vnode_check_rename_to = biba_vnode_check_rename_to,
 3557         .mpo_vnode_check_revoke = biba_vnode_check_revoke,
 3558         .mpo_vnode_check_setacl = biba_vnode_check_setacl,
 3559         .mpo_vnode_check_setextattr = biba_vnode_check_setextattr,
 3560         .mpo_vnode_check_setflags = biba_vnode_check_setflags,
 3561         .mpo_vnode_check_setmode = biba_vnode_check_setmode,
 3562         .mpo_vnode_check_setowner = biba_vnode_check_setowner,
 3563         .mpo_vnode_check_setutimes = biba_vnode_check_setutimes,
 3564         .mpo_vnode_check_stat = biba_vnode_check_stat,
 3565         .mpo_vnode_check_unlink = biba_vnode_check_unlink,
 3566         .mpo_vnode_check_write = biba_vnode_check_write,
 3567         .mpo_vnode_create_extattr = biba_vnode_create_extattr,
 3568         .mpo_vnode_copy_label = biba_copy_label,
 3569         .mpo_vnode_destroy_label = biba_destroy_label,
 3570         .mpo_vnode_externalize_label = biba_externalize_label,
 3571         .mpo_vnode_init_label = biba_init_label,
 3572         .mpo_vnode_internalize_label = biba_internalize_label,
 3573         .mpo_vnode_relabel = biba_vnode_relabel,
 3574         .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr,
 3575 };
 3576 
 3577 MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba",
 3578     MPC_LOADTIME_FLAG_NOTLATE, &biba_slot);

Cache object: 6e44cba3e590f272bd969828c3ba6796


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.