Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_partition/mac_partition.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network 9 * Associates Laboratories, the Security Research Division of Network 10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11 * as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD$ 35 */ 36 37 /* 38 * Developed by the TrustedBSD Project. 39 * 40 * Experiment with a partition-like model. 41 */ 42 43 #include <sys/param.h> 44 #include <sys/kernel.h> 45 #include <sys/module.h> 46 #include <sys/priv.h> 47 #include <sys/proc.h> 48 #include <sys/sbuf.h> 49 #include <sys/socket.h> 50 #include <sys/socketvar.h> 51 #include <sys/systm.h> 52 #include <sys/sysctl.h> 53 54 #include <net/route.h> 55 #include <netinet/in.h> 56 #include <netinet/in_pcb.h> 57 58 #include <security/mac/mac_policy.h> 59 #include <security/mac_partition/mac_partition.h> 60 61 SYSCTL_DECL(_security_mac); 62 63 SYSCTL_NODE(_security_mac, OID_AUTO, partition, CTLFLAG_RW, 0, 64 "TrustedBSD mac_partition policy controls"); 65 66 static int partition_enabled = 1; 67 SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, 68 &partition_enabled, 0, "Enforce partition policy"); 69 70 static int partition_slot; 71 #define SLOT(l) mac_label_get((l), partition_slot) 72 #define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) 73 74 static void 75 partition_init_label(struct label *label) 76 { 77 78 SLOT_SET(label, 0); 79 } 80 81 static void 82 partition_destroy_label(struct label *label) 83 { 84 85 SLOT_SET(label, 0); 86 } 87 88 static void 89 partition_copy_label(struct label *src, struct label *dest) 90 { 91 92 SLOT_SET(dest, SLOT(src)); 93 } 94 95 static int 96 partition_externalize_label(struct label *label, char *element_name, 97 struct sbuf *sb, int *claimed) 98 { 99 100 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 101 return (0); 102 103 (*claimed)++; 104 105 if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) 106 return (EINVAL); 107 else 108 return (0); 109 } 110 111 static int 112 partition_internalize_label(struct label *label, char *element_name, 113 char *element_data, int *claimed) 114 { 115 116 if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) 117 return (0); 118 119 (*claimed)++; 120 SLOT_SET(label, strtol(element_data, NULL, 10)); 121 return (0); 122 } 123 124 static void 125 partition_create_proc0(struct ucred *cred) 126 { 127 128 SLOT_SET(cred->cr_label, 0); 129 } 130 131 static void 132 partition_create_proc1(struct ucred *cred) 133 { 134 135 SLOT_SET(cred->cr_label, 0); 136 } 137 138 static void 139 partition_relabel_cred(struct ucred *cred, struct label *newlabel) 140 { 141 142 if (SLOT(newlabel) != 0) 143 SLOT_SET(cred->cr_label, SLOT(newlabel)); 144 } 145 146 static int 147 label_on_label(struct label *subject, struct label *object) 148 { 149 150 if (partition_enabled == 0) 151 return (0); 152 153 if (SLOT(subject) == 0) 154 return (0); 155 156 if (SLOT(subject) == SLOT(object)) 157 return (0); 158 159 return (EPERM); 160 } 161 162 static int 163 partition_check_cred_relabel(struct ucred *cred, struct label *newlabel) 164 { 165 int error; 166 167 error = 0; 168 169 /* Treat "" as a no-op request. */ 170 if (SLOT(newlabel) != 0) { 171 /* 172 * Require BSD privilege in order to change the partition. 173 * Originally we also required that the process not be 174 * in a partition in the first place, but this didn't 175 * interact well with sendmail. 176 */ 177 error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); 178 } 179 180 return (error); 181 } 182 183 static int 184 partition_check_cred_visible(struct ucred *cr1, struct ucred *cr2) 185 { 186 int error; 187 188 error = label_on_label(cr1->cr_label, cr2->cr_label); 189 190 return (error == 0 ? 0 : ESRCH); 191 } 192 193 static int 194 partition_check_inpcb_visible(struct ucred *cred, struct inpcb *inp, 195 struct label *inplabel) 196 { 197 int error; 198 199 error = label_on_label(cred->cr_label, inp->inp_cred->cr_label); 200 201 return (error ? ENOENT : 0); 202 } 203 204 static int 205 partition_check_proc_debug(struct ucred *cred, struct proc *p) 206 { 207 int error; 208 209 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 210 211 return (error ? ESRCH : 0); 212 } 213 214 static int 215 partition_check_proc_sched(struct ucred *cred, struct proc *p) 216 { 217 int error; 218 219 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 220 221 return (error ? ESRCH : 0); 222 } 223 224 static int 225 partition_check_proc_signal(struct ucred *cred, struct proc *p, 226 int signum) 227 { 228 int error; 229 230 error = label_on_label(cred->cr_label, p->p_ucred->cr_label); 231 232 return (error ? ESRCH : 0); 233 } 234 235 static int 236 partition_check_socket_visible(struct ucred *cred, struct socket *so, 237 struct label *solabel) 238 { 239 int error; 240 241 error = label_on_label(cred->cr_label, so->so_cred->cr_label); 242 243 return (error ? ENOENT : 0); 244 } 245 246 static int 247 partition_check_vnode_exec(struct ucred *cred, struct vnode *vp, 248 struct label *vplabel, struct image_params *imgp, 249 struct label *execlabel) 250 { 251 252 if (execlabel != NULL) { 253 /* 254 * We currently don't permit labels to be changed at 255 * exec-time as part of the partition model, so disallow 256 * non-NULL partition label changes in execlabel. 257 */ 258 if (SLOT(execlabel) != 0) 259 return (EINVAL); 260 } 261 262 return (0); 263 } 264 265 static struct mac_policy_ops partition_ops = 266 { 267 .mpo_init_cred_label = partition_init_label, 268 .mpo_destroy_cred_label = partition_destroy_label, 269 .mpo_copy_cred_label = partition_copy_label, 270 .mpo_externalize_cred_label = partition_externalize_label, 271 .mpo_internalize_cred_label = partition_internalize_label, 272 .mpo_create_proc0 = partition_create_proc0, 273 .mpo_create_proc1 = partition_create_proc1, 274 .mpo_relabel_cred = partition_relabel_cred, 275 .mpo_check_cred_relabel = partition_check_cred_relabel, 276 .mpo_check_cred_visible = partition_check_cred_visible, 277 .mpo_check_inpcb_visible = partition_check_inpcb_visible, 278 .mpo_check_proc_debug = partition_check_proc_debug, 279 .mpo_check_proc_sched = partition_check_proc_sched, 280 .mpo_check_proc_signal = partition_check_proc_signal, 281 .mpo_check_socket_visible = partition_check_socket_visible, 282 .mpo_check_vnode_exec = partition_check_vnode_exec, 283 }; 284 285 MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition", 286 MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot);
Cache object: 5c7dc97e3d8c988448f247aeca6f2c59
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]