The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_file.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
    3  * Copyright (c) 2006 SPARTA, Inc.
    4  * All rights reserved.
    5  *
    6  * This software was developed for the FreeBSD Project in part by Network
    7  * Associates Laboratories, the Security Research Division of Network
    8  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
    9  * as part of the DARPA CHATS research program.
   10  *
   11  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   12  * N66001-04-C-6019 ("SEFOS").
   13  *
   14  * Redistribution and use in source and binary forms, with or without
   15  * modification, are permitted provided that the following conditions
   16  * are met:
   17  * 1. Redistributions of source code must retain the above copyright
   18  *    notice, this list of conditions and the following disclaimer.
   19  * 2. Redistributions in binary form must reproduce the above copyright
   20  *    notice, this list of conditions and the following disclaimer in the
   21  *    documentation and/or other materials provided with the distribution.
   22  *
   23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   33  * SUCH DAMAGE.
   34  */
   35 
   36 #include <sys/param.h>
   37 #include <sys/kernel.h>
   38 #include <sys/lock.h>
   39 #include <sys/malloc.h>
   40 #include <sys/proc.h>
   41 #include <sys/sbuf.h>
   42 #include <sys/systm.h>
   43 #include <sys/vnode.h>
   44 #include <sys/vnode_internal.h>
   45 #include <sys/file.h>
   46 #include <sys/file_internal.h>
   47 
   48 #include <security/mac_internal.h>
   49 
   50 
   51 static struct label *
   52 mac_file_label_alloc(void)
   53 {
   54         struct label *label;
   55 
   56         label = mac_labelzone_alloc(MAC_WAITOK);
   57         if (label == NULL)
   58                 return (NULL);
   59         MAC_PERFORM(file_label_init, label);
   60         return (label);
   61 }
   62 
   63 void
   64 mac_file_label_init(struct fileglob *fg)
   65 {
   66 
   67         fg->fg_label = mac_file_label_alloc();
   68 }
   69 
   70 static void
   71 mac_file_label_free(struct label *label)
   72 {
   73 
   74         MAC_PERFORM(file_label_destroy, label);
   75         mac_labelzone_free(label);
   76 }
   77 
   78 void
   79 mac_file_label_associate(struct ucred *cred, struct fileglob *fg)
   80 {
   81 
   82         MAC_PERFORM(file_label_associate, cred, fg, fg->fg_label);
   83 }
   84 
   85 void
   86 mac_file_label_destroy(struct fileglob *fg)
   87 {
   88 
   89         mac_file_label_free(fg->fg_label);
   90         fg->fg_label = NULL;
   91 }
   92 
   93 int
   94 mac_file_check_create(struct ucred *cred)
   95 {
   96         int error;
   97 
   98         MAC_CHECK(file_check_create, cred);
   99         return (error);
  100 }
  101 
  102 int
  103 mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd)
  104 {
  105         int error;
  106 
  107         MAC_CHECK(file_check_dup, cred, fg, fg->fg_label, newfd);
  108         return (error);
  109 }
  110 
  111 int
  112 mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd,
  113     user_long_t arg)
  114 {
  115         int error;
  116 
  117         MAC_CHECK(file_check_fcntl, cred, fg, fg->fg_label, cmd, arg);
  118         return (error);
  119 }
  120 
  121 int
  122 mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg, u_int cmd)
  123 {
  124         int error;
  125 
  126         MAC_CHECK(file_check_ioctl, cred, fg, fg->fg_label, cmd);
  127         return (error);
  128 }
  129 
  130 int
  131 mac_file_check_inherit(struct ucred *cred, struct fileglob *fg)
  132 {
  133         int error;
  134 
  135         MAC_CHECK(file_check_inherit, cred, fg, fg->fg_label);
  136         return (error);
  137 }
  138 
  139 int
  140 mac_file_check_receive(struct ucred *cred, struct fileglob *fg)
  141 {
  142         int error;
  143 
  144         MAC_CHECK(file_check_receive, cred, fg, fg->fg_label);
  145         return (error);
  146 }
  147 
  148 int
  149 mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg)
  150 {
  151         int error;
  152 
  153         MAC_CHECK(file_check_get_offset, cred, fg, fg->fg_label);
  154         return (error);
  155 }
  156 
  157 int
  158 mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg)
  159 {
  160         int error;
  161 
  162         MAC_CHECK(file_check_change_offset, cred, fg, fg->fg_label);
  163         return (error);
  164 }
  165  
  166 int
  167 mac_file_check_get(struct ucred *cred, struct fileglob *fg, char *elements,
  168     int len)
  169 {
  170         int error;
  171         
  172         MAC_CHECK(file_check_get, cred, fg, elements, len);
  173         return (error);
  174 }
  175 
  176 int
  177 mac_file_check_set(struct ucred *cred, struct fileglob *fg, char *buf,
  178     int buflen)
  179 {
  180         int error;
  181         
  182         MAC_CHECK(file_check_set, cred, fg, buf, buflen);
  183         return (error);
  184 }
  185 
  186 int
  187 mac_file_check_lock(struct ucred *cred, struct fileglob *fg, int op,
  188     struct flock *fl)
  189 {
  190         int error;
  191         
  192         MAC_CHECK(file_check_lock, cred, fg, fg->fg_label, op, fl);
  193         return (error);
  194 }
  195 
  196 /*
  197  * On some platforms, VM_PROT_READ implies VM_PROT_EXECUTE. If that is true,
  198  * both prot and maxprot will have VM_PROT_EXECUTE set after file_check_mmap
  199  * if VM_PROT_READ is set.
  200  *
  201  * The type of maxprot in file_check_mmap must be equivalent to vm_prot_t *
  202  * (defined in <mach/vm_prot.h>). mac_policy.h does not include any header
  203  * files, so cannot use the typedef itself.
  204  */
  205 int
  206 mac_file_check_mmap(struct ucred *cred, struct fileglob *fg, int prot,
  207     int flags, int *maxprot)
  208 {
  209         int error;
  210         int maxp;
  211 
  212         maxp = *maxprot;
  213         MAC_CHECK(file_check_mmap, cred, fg, fg->fg_label, prot, flags, &maxp);
  214         if ((maxp | *maxprot) != *maxprot)
  215                 panic("file_check_mmap increased max protections");
  216         *maxprot = maxp;
  217         return (error);
  218 }
  219 
  220 void
  221 mac_file_check_mmap_downgrade(struct ucred *cred, struct fileglob *fg,
  222     int *prot)
  223 {
  224         int result = *prot;
  225 
  226         MAC_PERFORM(file_check_mmap_downgrade, cred, fg, fg->fg_label,
  227             &result);
  228 
  229         *prot = result;
  230 }

Cache object: c2a6dcd97441f18d7d8ecbd89ffa99fd


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.