fxr.watson.org: sys/security/mac_partition/mac

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_partition/mac_partition.c

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /*- 2 * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by Network 11 * Associates Laboratories, the Security Research Division of Network 12 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 13 * as part of the DARPA CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that the following conditions 20 * are met: 21 * 1. Redistributions of source code must retain the above copyright 22 * notice, this list of conditions and the following disclaimer. 23 * 2. Redistributions in binary form must reproduce the above copyright 24 * notice, this list of conditions and the following disclaimer in the 25 * documentation and/or other materials provided with the distribution. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * $FreeBSD$ 40 */ 41 42 /* 43 * Developed by the TrustedBSD Project. 44 * 45 * Experiment with a partition-like model. 46 */ 47 48 #include <sys/param.h> 49 #include <sys/kernel.h> 50 #include <sys/module.h> 51 #include <sys/priv.h> 52 #include <sys/proc.h> 53 #include <sys/sbuf.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/systm.h> 57 #include <sys/sysctl.h> 58 59 #include <net/route.h> 60 #include <netinet/in.h> 61 #include <netinet/in_pcb.h> 62 63 #include <security/mac/mac_policy.h> 64 #include <security/mac_partition/mac_partition.h> 65 66 SYSCTL_DECL(_security_mac); 67 68 static SYSCTL_NODE(_security_mac, OID_AUTO, partition, 69 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 70 "TrustedBSD mac_partition policy controls"); 71 72 static int partition_enabled = 1; 73 SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 74 &partition_enabled, 0, "Enforce partition policy"); 75 76 static int partition_slot; 77 #define SLOT(l) mac_label_get((l), partition_slot) 78 #define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 79 80 static int 81 partition_check(struct label *subject, struct label *object) 82 { 83 84 if (partition_enabled == 0) 85 return (0); 86 87 if (subject == NULL) 88 return (0); 89 90 if (SLOT(subject) == 0) 91 return (0); 92 93 /* 94 * If the object label hasn't been allocated, then it's effectively 95 * not in a partition, and we know the subject is as it has a label 96 * and it's not 0, so reject. 97 */ 98 if (object == NULL) 99 return (EPERM); 100 101 if (SLOT(subject) == SLOT(object)) 102 return (0); 103 104 return (EPERM); 105 } 106 107 /* 108 * Object-specific entry points are sorted alphabetically by object type name 109 * and then by operation. 110 */ 111 static int 112 partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) 113 { 114 int error; 115 116 error = 0; 117 118 /* 119 * Treat "" as a no-op request because it reflects an unset 120 * partition label. If we ever want to support switching back to an 121 * unpartitioned state for a process, we'll need to differentiate the 122 * "not in a partition" and "no partition defined during internalize" 123 * conditions. 124 */ 125 if (SLOT(newlabel) != 0) { 126 /* 127 * Require BSD privilege in order to change the partition. 128 * Originally we also required that the process not be in a 129 * partition in the first place, but this didn't interact 130 * well with sendmail. 131 */ 132 error = priv_check_cred(cred, PRIV_MAC_PARTITION); 133 } 134 135 return (error); 136 } 137 138 static int 139 partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) 140 { 141 int error; 142 143 error = partition_check(cr1->cr_label, cr2->cr_label); 144 145 return (error == 0 ? 0 : ESRCH); 146 } 147 148 static void 149 partition_cred_copy_label(struct label *src, struct label *dest) 150 { 151 152 if (src != NULL && dest != NULL) 153 SLOT_SET(dest, SLOT(src)); 154 else if (dest != NULL) 155 SLOT_SET(dest, 0); 156 } 157 158 static void 159 partition_cred_create_init(struct ucred *cred) 160 { 161 162 SLOT_SET(cred->cr_label, 0); 163 } 164 165 static void 166 partition_cred_create_swapper(struct ucred *cred) 167 { 168 169 SLOT_SET(cred->cr_label, 0); 170 } 171 172 static void 173 partition_cred_destroy_label(struct label *label) 174 { 175 176 SLOT_SET(label, 0); 177 } 178 179 static int 180 partition_cred_externalize_label(struct label *label, char *element_name, 181 struct sbuf *sb, int *claimed) 182 { 183 184 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 185 return (0); 186 187 (*claimed)++; 188 189 if (label != NULL) { 190 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 191 return (EINVAL); 192 } else { 193 if (sbuf_printf(sb, "") == -1) 194 return (EINVAL); 195 } 196 return (0); 197 } 198 199 static void 200 partition_cred_init_label(struct label *label) 201 { 202 203 SLOT_SET(label, 0); 204 } 205 206 static int 207 partition_cred_internalize_label(struct label *label, char *element_name, 208 char *element_data, int *claimed) 209 { 210 211 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 212 return (0); 213 214 (*claimed)++; 215 SLOT_SET(label, strtol(element_data, NULL, 10)); 216 return (0); 217 } 218 219 static void 220 partition_cred_relabel(struct ucred *cred, struct label *newlabel) 221 { 222 223 if (newlabel != NULL && SLOT(newlabel) != 0) 224 SLOT_SET(cred->cr_label, SLOT(newlabel)); 225 } 226 227 static int 228 partition_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 229 struct label *inplabel) 230 { 231 int error; 232 233 error = partition_check(cred->cr_label, inp->inp_cred->cr_label); 234 235 return (error ? ENOENT : 0); 236 } 237 238 static int 239 partition_proc_check_debug(struct ucred *cred, struct proc *p) 240 { 241 int error; 242 243 error = partition_check(cred->cr_label, p->p_ucred->cr_label); 244 245 return (error ? ESRCH : 0); 246 } 247 248 static int 249 partition_proc_check_sched(struct ucred *cred, struct proc *p) 250 { 251 int error; 252 253 error = partition_check(cred->cr_label, p->p_ucred->cr_label); 254 255 return (error ? ESRCH : 0); 256 } 257 258 static int 259 partition_proc_check_signal(struct ucred *cred, struct proc *p, 260 int signum) 261 { 262 int error; 263 264 error = partition_check(cred->cr_label, p->p_ucred->cr_label); 265 266 return (error ? ESRCH : 0); 267 } 268 269 static int 270 partition_socket_check_visible(struct ucred *cred, struct socket *so, 271 struct label *solabel) 272 { 273 int error; 274 275 error = partition_check(cred->cr_label, so->so_cred->cr_label); 276 277 return (error ? ENOENT : 0); 278 } 279 280 static int 281 partition_vnode_check_exec(struct ucred *cred, struct vnode *vp, 282 struct label *vplabel, struct image_params *imgp, 283 struct label *execlabel) 284 { 285 286 if (execlabel != NULL) { 287 /* 288 * We currently don't permit labels to be changed at 289 * exec-time as part of the partition model, so disallow 290 * non-NULL partition label changes in execlabel. 291 */ 292 if (SLOT(execlabel) != 0) 293 return (EINVAL); 294 } 295 296 return (0); 297 } 298 299 static struct mac_policy_ops partition_ops = 300 { 301 .mpo_cred_check_relabel = partition_cred_check_relabel, 302 .mpo_cred_check_visible = partition_cred_check_visible, 303 .mpo_cred_copy_label = partition_cred_copy_label, 304 .mpo_cred_create_init = partition_cred_create_init, 305 .mpo_cred_create_swapper = partition_cred_create_swapper, 306 .mpo_cred_destroy_label = partition_cred_destroy_label, 307 .mpo_cred_externalize_label = partition_cred_externalize_label, 308 .mpo_cred_init_label = partition_cred_init_label, 309 .mpo_cred_internalize_label = partition_cred_internalize_label, 310 .mpo_cred_relabel = partition_cred_relabel, 311 .mpo_inpcb_check_visible = partition_inpcb_check_visible, 312 .mpo_proc_check_debug = partition_proc_check_debug, 313 .mpo_proc_check_sched = partition_proc_check_sched, 314 .mpo_proc_check_signal = partition_proc_check_signal, 315 .mpo_socket_check_visible = partition_socket_check_visible, 316 .mpo_vnode_check_exec = partition_vnode_check_exec, 317 }; 318 319 MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", 320 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot);

Cache object: 04fd85ef58f1dfecad5e1a47868e498b

FreeBSD/Linux Kernel Cross Reference sys/security/mac_partition/mac_partition.c

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_partition/mac_partition.c