Introduce support for Mandatory Access Control and extensible

kernel access control.

Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module.  In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

5 files changed, 47 insertions, 3 deletions

diff --git a/sys/compat/linux/linux_file.c b/sys/compat/linux/linux_file.c
index 4f37d75..3c459dd 100644
--- a/sys/compat/linux/linux_file.c
+++ b/sys/compat/linux/linux_file.c
@@ -29,6 +29,7 @@
  */
 
 #include "opt_compat.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -38,6 +39,7 @@
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
@@ -325,6 +327,13 @@ again:
 		cookies = NULL;
 	}
 
+#ifdef MAC
+	/*
+	 * Do directory search MAC check using non-cached credentials.
+	 */
+	if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp))
+		goto out;
+#endif /* MAC */
 	if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies,
 		 &cookies)))
 		goto out;
diff --git a/sys/compat/linux/linux_getcwd.c b/sys/compat/linux/linux_getcwd.c
index 6e8d0b1..44079b9 100644
--- a/sys/compat/linux/linux_getcwd.c
+++ b/sys/compat/linux/linux_getcwd.c
@@ -38,6 +38,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include "opt_compat.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -51,6 +52,7 @@
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/uio.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/dirent.h>
 #include <ufs/ufs/dir.h>	/* XXX only for DIRBLKSIZ */
@@ -200,7 +202,12 @@ unionread:
 
 		eofflag = 0;
 
-		error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, 0, 0);
+#ifdef MAC
+		error = mac_check_vnode_readdir(td->td_ucred, uvp);
+		if (error == 0)
+#endif /* MAC */
+			error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag,
+			    0, 0);
 
 		off = uio.uio_offset;
 
diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c
index c081fc1..7eebf69 100644
--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@@ -29,6 +29,7 @@
  */
 
 #include "opt_compat.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -37,6 +38,7 @@
 #include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
@@ -250,7 +252,7 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args)
 	vp = NULL;
 
 	/*
-	 * XXX This code should make use of vn_open(), rather than doing
+	 * XXX: This code should make use of vn_open(), rather than doing
 	 * all this stuff itself.
 	 */
 	NDINIT(&ni, LOOKUP, FOLLOW|LOCKLEAF, UIO_USERSPACE, args->library, td);
@@ -306,6 +308,11 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args)
 	 * XXX: This should use vn_open() so that it is properly authorized,
 	 * and to reduce code redundancy all over the place here.
 	 */
+#ifdef MAC
+	error = mac_check_vnode_open(td->td_ucred, vp, FREAD);
+	if (error)
+		goto cleanup;
+#endif
 	error = VOP_OPEN(vp, FREAD, td->td_ucred, td);
 	if (error)
 		goto cleanup;
diff --git a/sys/compat/linux/linux_stats.c b/sys/compat/linux/linux_stats.c
index 9da9323..5ceb22a 100644
--- a/sys/compat/linux/linux_stats.c
+++ b/sys/compat/linux/linux_stats.c
@@ -28,12 +28,15 @@
  * $FreeBSD$
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/dirent.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
 #include <sys/proc.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
 #include <sys/stat.h>
@@ -247,6 +250,11 @@ linux_statfs(struct thread *td, struct linux_statfs_args *args)
 	mp = ndp->ni_vp->v_mount;
 	bsd_statfs = &mp->mnt_stat;
 	vrele(ndp->ni_vp);
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error)
+		return (error);
+#endif
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error)
 		return error;
@@ -282,6 +290,13 @@ linux_fstatfs(struct thread *td, struct linux_fstatfs_args *args)
 	if (error)
 		return error;
 	mp = ((struct vnode *)fp->f_data)->v_mount;
+#ifdef MAC
+	error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+	if (error) {
+		fdrop(fp, td);
+		return (error);
+	}
+#endif
 	bsd_statfs = &mp->mnt_stat;
 	error = VFS_STATFS(mp, bsd_statfs, td);
 	if (error) {
@@ -344,6 +359,11 @@ linux_ustat(struct thread *td, struct linux_ustat_args *args)
 	if (vfinddev(dev, VCHR, &vp)) {
 		if (vp->v_mount == NULL)
 			return (EINVAL);
+#ifdef MAC
+		error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+		if (error)
+			return (error);
+#endif
 		stat = &(vp->v_mount->mnt_stat);
 		error = VFS_STATFS(vp->v_mount, stat, td);
 		if (error)
diff --git a/sys/modules/linux/Makefile b/sys/modules/linux/Makefile
index 1879240..d839060 100644
--- a/sys/modules/linux/Makefile
+++ b/sys/modules/linux/Makefile
@@ -8,7 +8,8 @@ KMOD=	linux
 SRCS=	linux_dummy.c linux_file.c linux_getcwd.c linux_ioctl.c linux_ipc.c \
 	linux_machdep.c linux_mib.c linux_misc.c linux_signal.c linux_socket.c \
 	linux_stats.c linux_sysctl.c linux_sysent.c linux_sysvec.c \
-	linux_util.c opt_compat.h opt_linux.h opt_vmpage.h vnode_if.h
+	linux_util.c opt_compat.h opt_linux.h opt_mac.h opt_vmpage.h \
+	vnode_if.h
 OBJS=	linux_locore.o
 
 .if ${MACHINE_ARCH} == "i386"