The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_partition/mac_partition.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
    3  * Copyright (c) 2001-2002 Networks Associates Technology, Inc.
    4  * Copyright (c) 2006 SPARTA, Inc.
    5  * Copyright (c) 2008 Apple Inc.
    6  * All rights reserved.
    7  *
    8  * This software was developed by Robert Watson for the TrustedBSD Project.
    9  *
   10  * This software was developed for the FreeBSD Project in part by Network
   11  * Associates Laboratories, the Security Research Division of Network
   12  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
   13  * as part of the DARPA CHATS research program.
   14  *
   15  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   16  * N66001-04-C-6019 ("SEFOS").
   17  *
   18  * Redistribution and use in source and binary forms, with or without
   19  * modification, are permitted provided that the following conditions
   20  * are met:
   21  * 1. Redistributions of source code must retain the above copyright
   22  *    notice, this list of conditions and the following disclaimer.
   23  * 2. Redistributions in binary form must reproduce the above copyright
   24  *    notice, this list of conditions and the following disclaimer in the
   25  *    documentation and/or other materials provided with the distribution.
   26  *
   27  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   28  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   29  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   30  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   31  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   32  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   33  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   34  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   35  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   36  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   37  * SUCH DAMAGE.
   38  *
   39  * $FreeBSD: releng/11.2/sys/security/mac_partition/mac_partition.c 227309 2011-11-07 15:43:11Z ed $
   40  */
   41 
   42 /*
   43  * Developed by the TrustedBSD Project.
   44  *
   45  * Experiment with a partition-like model.
   46  */
   47 
   48 #include <sys/param.h>
   49 #include <sys/kernel.h>
   50 #include <sys/module.h>
   51 #include <sys/priv.h>
   52 #include <sys/proc.h>
   53 #include <sys/sbuf.h>
   54 #include <sys/socket.h>
   55 #include <sys/socketvar.h>
   56 #include <sys/systm.h>
   57 #include <sys/sysctl.h>
   58 
   59 #include <net/route.h>
   60 #include <netinet/in.h>
   61 #include <netinet/in_pcb.h>
   62 
   63 #include <security/mac/mac_policy.h>
   64 #include <security/mac_partition/mac_partition.h>
   65 
   66 SYSCTL_DECL(_security_mac);
   67 
   68 static SYSCTL_NODE(_security_mac, OID_AUTO, partition, CTLFLAG_RW, 0,
   69     "TrustedBSD mac_partition policy controls");
   70 
   71 static int      partition_enabled = 1;
   72 SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW,
   73     &partition_enabled, 0, "Enforce partition policy");
   74 
   75 static int      partition_slot;
   76 #define SLOT(l) mac_label_get((l), partition_slot)
   77 #define SLOT_SET(l, v)  mac_label_set((l), partition_slot, (v))
   78 
   79 static int
   80 partition_check(struct label *subject, struct label *object)
   81 {
   82 
   83         if (partition_enabled == 0)
   84                 return (0);
   85 
   86         if (subject == NULL)
   87                 return (0);
   88 
   89         if (SLOT(subject) == 0)
   90                 return (0);
   91 
   92         /*
   93          * If the object label hasn't been allocated, then it's effectively
   94          * not in a partition, and we know the subject is as it has a label
   95          * and it's not 0, so reject.
   96          */
   97         if (object == NULL)
   98                 return (EPERM);
   99 
  100         if (SLOT(subject) == SLOT(object))
  101                 return (0);
  102 
  103         return (EPERM);
  104 }
  105 
  106 /*
  107  * Object-specific entry points are sorted alphabetically by object type name
  108  * and then by operation.
  109  */
  110 static int
  111 partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
  112 {
  113         int error;
  114 
  115         error = 0;
  116 
  117         /*
  118          * Treat "" as a no-op request because it reflects an unset
  119          * partition label.  If we ever want to support switching back to an
  120          * unpartitioned state for a process, we'll need to differentiate the
  121          * "not in a partition" and "no partition defined during internalize"
  122          * conditions.
  123          */
  124         if (SLOT(newlabel) != 0) {
  125                 /*
  126                  * Require BSD privilege in order to change the partition.
  127                  * Originally we also required that the process not be in a
  128                  * partition in the first place, but this didn't interact
  129                  * well with sendmail.
  130                  */
  131                 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
  132         }
  133 
  134         return (error);
  135 }
  136 
  137 static int
  138 partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
  139 {
  140         int error;
  141 
  142         error = partition_check(cr1->cr_label, cr2->cr_label);
  143 
  144         return (error == 0 ? 0 : ESRCH);
  145 }
  146 
  147 static void
  148 partition_cred_copy_label(struct label *src, struct label *dest)
  149 {
  150 
  151         if (src != NULL && dest != NULL)
  152                 SLOT_SET(dest, SLOT(src));
  153         else if (dest != NULL)
  154                 SLOT_SET(dest, 0);
  155 }
  156 
  157 static void
  158 partition_cred_create_init(struct ucred *cred)
  159 {
  160 
  161         SLOT_SET(cred->cr_label, 0);
  162 }
  163 
  164 static void
  165 partition_cred_create_swapper(struct ucred *cred)
  166 {
  167 
  168         SLOT_SET(cred->cr_label, 0);
  169 }
  170 
  171 static void
  172 partition_cred_destroy_label(struct label *label)
  173 {
  174 
  175         SLOT_SET(label, 0);
  176 }
  177 
  178 static int
  179 partition_cred_externalize_label(struct label *label, char *element_name,
  180     struct sbuf *sb, int *claimed)
  181 {
  182 
  183         if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
  184                 return (0);
  185 
  186         (*claimed)++;
  187 
  188         if (label != NULL) {
  189                 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1)
  190                         return (EINVAL);
  191         } else {
  192                 if (sbuf_printf(sb, "") == -1)
  193                         return (EINVAL);
  194         }
  195         return (0);
  196 }
  197 
  198 static void
  199 partition_cred_init_label(struct label *label)
  200 {
  201 
  202         SLOT_SET(label, 0);
  203 }
  204 
  205 static int
  206 partition_cred_internalize_label(struct label *label, char *element_name,
  207     char *element_data, int *claimed)
  208 {
  209 
  210         if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
  211                 return (0);
  212 
  213         (*claimed)++;
  214         SLOT_SET(label, strtol(element_data, NULL, 10));
  215         return (0);
  216 }
  217 
  218 static void
  219 partition_cred_relabel(struct ucred *cred, struct label *newlabel)
  220 {
  221 
  222         if (newlabel != NULL && SLOT(newlabel) != 0)
  223                 SLOT_SET(cred->cr_label, SLOT(newlabel));
  224 }
  225 
  226 static int
  227 partition_inpcb_check_visible(struct ucred *cred, struct inpcb *inp,
  228     struct label *inplabel)
  229 {
  230         int error;
  231 
  232         error = partition_check(cred->cr_label, inp->inp_cred->cr_label);
  233 
  234         return (error ? ENOENT : 0);
  235 }
  236 
  237 static int
  238 partition_proc_check_debug(struct ucred *cred, struct proc *p)
  239 {
  240         int error;
  241 
  242         error = partition_check(cred->cr_label, p->p_ucred->cr_label);
  243 
  244         return (error ? ESRCH : 0);
  245 }
  246 
  247 static int
  248 partition_proc_check_sched(struct ucred *cred, struct proc *p)
  249 {
  250         int error;
  251 
  252         error = partition_check(cred->cr_label, p->p_ucred->cr_label);
  253 
  254         return (error ? ESRCH : 0);
  255 }
  256 
  257 static int
  258 partition_proc_check_signal(struct ucred *cred, struct proc *p,
  259     int signum)
  260 {
  261         int error;
  262 
  263         error = partition_check(cred->cr_label, p->p_ucred->cr_label);
  264 
  265         return (error ? ESRCH : 0);
  266 }
  267 
  268 static int
  269 partition_socket_check_visible(struct ucred *cred, struct socket *so,
  270     struct label *solabel)
  271 {
  272         int error;
  273 
  274         error = partition_check(cred->cr_label, so->so_cred->cr_label);
  275 
  276         return (error ? ENOENT : 0);
  277 }
  278 
  279 static int
  280 partition_vnode_check_exec(struct ucred *cred, struct vnode *vp,
  281     struct label *vplabel, struct image_params *imgp,
  282     struct label *execlabel)
  283 {
  284 
  285         if (execlabel != NULL) {
  286                 /*
  287                  * We currently don't permit labels to be changed at
  288                  * exec-time as part of the partition model, so disallow
  289                  * non-NULL partition label changes in execlabel.
  290                  */
  291                 if (SLOT(execlabel) != 0)
  292                         return (EINVAL);
  293         }
  294 
  295         return (0);
  296 }
  297 
  298 static struct mac_policy_ops partition_ops =
  299 {
  300         .mpo_cred_check_relabel = partition_cred_check_relabel,
  301         .mpo_cred_check_visible = partition_cred_check_visible,
  302         .mpo_cred_copy_label = partition_cred_copy_label,
  303         .mpo_cred_create_init = partition_cred_create_init,
  304         .mpo_cred_create_swapper = partition_cred_create_swapper,
  305         .mpo_cred_destroy_label = partition_cred_destroy_label,
  306         .mpo_cred_externalize_label = partition_cred_externalize_label,
  307         .mpo_cred_init_label = partition_cred_init_label,
  308         .mpo_cred_internalize_label = partition_cred_internalize_label,
  309         .mpo_cred_relabel = partition_cred_relabel,
  310         .mpo_inpcb_check_visible = partition_inpcb_check_visible,
  311         .mpo_proc_check_debug = partition_proc_check_debug,
  312         .mpo_proc_check_sched = partition_proc_check_sched,
  313         .mpo_proc_check_signal = partition_proc_check_signal,
  314         .mpo_socket_check_visible = partition_socket_check_visible,
  315         .mpo_vnode_check_exec = partition_vnode_check_exec,
  316 };
  317 
  318 MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition",
  319     MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot);

Cache object: 7ac6803af241ad062e91f3f34cb592d3


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.