Implement MLS confidentiality protection for System V IPC objects

(message queues, semaphores, shared memory). Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research
author: rwatson <rwatson@FreeBSD.org> 2005-01-22 20:11:16 +0000
committer: rwatson <rwatson@FreeBSD.org> 2005-01-22 20:11:16 +0000
commit: 37fb320c8f71124b36c0c6bd79f3d929ab14102a (patch)
tree: e050f61a397830be896bb7e242ee1ee8a82fd86e /sys/security/mac_mls
parent: 75eae615207bacc0f64cc88f3504fd1876e21776 (diff)
download: FreeBSD-src-37fb320c8f71124b36c0c6bd79f3d929ab14102a.zip
FreeBSD-src-37fb320c8f71124b36c0c6bd79f3d929ab14102a.tar.gz
1 files changed, 391 insertions, 5 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 3c5a88b..7537722 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -1,14 +1,14 @@
 /*-
  * Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 McAfee, Inc.
  * All rights reserved.
  *
  * This software was developed by Robert Watson for the TrustedBSD Project.
  *
- * This software was developed for the FreeBSD Project in part by Network
- * Associates Laboratories, the Security Research Division of Network
- * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
- * as part of the DARPA CHATS research program.
+ * This software was developed for the FreeBSD Project in part by McAfee
+ * Research, the Security Research Division of McAfee, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -60,6 +60,9 @@
 #include <sys/socketvar.h>
 #include <sys/pipe.h>
 #include <sys/sysctl.h>
+#include <sys/msg.h>
+#include <sys/sem.h>
+#include <sys/shm.h>
 
 #include <fs/devfs/devfs.h>
 
@@ -1049,6 +1052,59 @@ mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
 }
 
 /*
+ * Labeling event operations: System V IPC objects.
+ */
+
+static void
+mac_mls_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+{
+	struct mac_mls *source, *dest;
+
+	/* Ignore the msgq label */
+	source = SLOT(cred->cr_label);
+	dest = SLOT(msglabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(cred->cr_label);
+	dest = SLOT(msqlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr,
+    struct label *semalabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(cred->cr_label);
+	dest = SLOT(semalabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
+    struct label *shmlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(cred->cr_label);
+	dest = SLOT(shmlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+/*
  * Labeling event operations: network objects.
  */
 static void
@@ -1306,6 +1362,37 @@ mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel)
 }
 
 /*
+ * Label cleanup/flush operations.
+ */
+static void
+mac_mls_cleanup_sysv_msgmsg(struct label *msglabel)
+{
+
+	bzero(SLOT(msglabel), sizeof(struct mac_mls));
+}
+
+static void
+mac_mls_cleanup_sysv_msgqueue(struct label *msqlabel)
+{
+
+	bzero(SLOT(msqlabel), sizeof(struct mac_mls));
+}
+
+static void
+mac_mls_cleanup_sysv_sema(struct label *semalabel)
+{
+
+	bzero(SLOT(semalabel), sizeof(struct mac_mls));
+}
+
+static void
+mac_mls_cleanup_sysv_shm(struct label *shmlabel)
+{
+
+	bzero(SLOT(shmlabel), sizeof(struct mac_mls));
+}
+
+/*
  * Access control checks.
  */
 static int
@@ -1462,6 +1549,277 @@ mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
 }
 
 static int
+mac_mls_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
+    struct label *msglabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msglabel);
+
+	if (!mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
+    struct label *msglabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msglabel);
+
+	if (!mac_mls_dominate_effective(obj, subj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqklabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msqklabel);
+
+	if (!mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqklabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msqklabel);
+
+	if (!mac_mls_dominate_effective(obj, subj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqklabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msqklabel);
+
+	if (!mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
+    struct label *msqklabel, int cmd)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(msqklabel);
+
+	switch(cmd) {
+	case IPC_RMID:
+	case IPC_SET:
+		if (!mac_mls_dominate_effective(obj, subj))
+			return (EACCES);
+		break;
+
+	case IPC_STAT:
+		if (!mac_mls_dominate_effective(subj, obj))
+			return (EACCES);
+		break;
+
+	default:
+		return (EACCES);
+	}
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
+    struct label *semaklabel, int cmd)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(semaklabel);
+
+	switch(cmd) {
+	case IPC_RMID:
+	case IPC_SET:
+	case SETVAL:
+	case SETALL:
+		if (!mac_mls_dominate_effective(obj, subj))
+			return (EACCES);
+		break;
+
+	case IPC_STAT:
+	case GETVAL:
+	case GETPID:
+	case GETNCNT:
+	case GETZCNT:
+	case GETALL:
+		if (!mac_mls_dominate_effective(subj, obj))
+			return (EACCES);
+		break;
+
+	default:
+		return (EACCES);
+	}
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
+    struct label *semaklabel)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(semaklabel);
+
+	if (!mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
+    struct label *semaklabel, size_t accesstype)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(semaklabel);
+
+	if( accesstype & SEM_R )
+		if (!mac_mls_dominate_effective(subj, obj))
+			return (EACCES);
+
+	if( accesstype & SEM_A )
+		if (!mac_mls_dominate_effective(obj, subj))
+			return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
+    struct label *shmseglabel, int shmflg)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(shmseglabel);
+
+	if (!mac_mls_dominate_effective(subj, obj))
+			return (EACCES);
+	if ((shmflg & SHM_RDONLY) == 0)
+		if (!mac_mls_dominate_effective(obj, subj))
+			return (EACCES);
+	
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
+    struct label *shmseglabel, int cmd)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(shmseglabel);
+
+	switch(cmd) {
+	case IPC_RMID:
+	case IPC_SET:
+		if (!mac_mls_dominate_effective(obj, subj))
+			return (EACCES);
+		break;
+
+	case IPC_STAT:
+	case SHM_STAT:
+		if (!mac_mls_dominate_effective(subj, obj))
+			return (EACCES);
+		break;
+
+	default:
+		return (EACCES);
+	}
+
+	return (0);
+}
+
+static int
+mac_mls_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
+    struct label *shmseglabel, int shmflg)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(shmseglabel);
+
+	if (!mac_mls_dominate_effective(obj, subj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
 mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp,
     struct label *mntlabel)
 {
@@ -2420,6 +2778,10 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_init_devfsdirent_label = mac_mls_init_label,
 	.mpo_init_ifnet_label = mac_mls_init_label,
 	.mpo_init_inpcb_label = mac_mls_init_label_waitcheck,
+	.mpo_init_sysv_msgmsg_label = mac_mls_init_label,
+	.mpo_init_sysv_msgqueue_label = mac_mls_init_label,
+	.mpo_init_sysv_sema_label = mac_mls_init_label,
+	.mpo_init_sysv_shm_label = mac_mls_init_label,
 	.mpo_init_ipq_label = mac_mls_init_label_waitcheck,
 	.mpo_init_mbuf_label = mac_mls_init_label_waitcheck,
 	.mpo_init_mount_label = mac_mls_init_label,
@@ -2433,6 +2795,10 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_destroy_devfsdirent_label = mac_mls_destroy_label,
 	.mpo_destroy_ifnet_label = mac_mls_destroy_label,
 	.mpo_destroy_inpcb_label = mac_mls_destroy_label,
+	.mpo_destroy_sysv_msgmsg_label = mac_mls_destroy_label,
+	.mpo_destroy_sysv_msgqueue_label = mac_mls_destroy_label,
+	.mpo_destroy_sysv_sema_label = mac_mls_destroy_label,
+	.mpo_destroy_sysv_shm_label = mac_mls_destroy_label,
 	.mpo_destroy_ipq_label = mac_mls_destroy_label,
 	.mpo_destroy_mbuf_label = mac_mls_destroy_label,
 	.mpo_destroy_mount_label = mac_mls_destroy_label,
@@ -2484,6 +2850,10 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_create_ifnet = mac_mls_create_ifnet,
 	.mpo_create_inpcb_from_socket = mac_mls_create_inpcb_from_socket,
 	.mpo_create_ipq = mac_mls_create_ipq,
+	.mpo_create_sysv_msgmsg = mac_mls_create_sysv_msgmsg,
+	.mpo_create_sysv_msgqueue = mac_mls_create_sysv_msgqueue,
+	.mpo_create_sysv_sema = mac_mls_create_sysv_sema,
+	.mpo_create_sysv_shm = mac_mls_create_sysv_shm,
 	.mpo_create_mbuf_from_inpcb = mac_mls_create_mbuf_from_inpcb,
 	.mpo_create_mbuf_from_mbuf = mac_mls_create_mbuf_from_mbuf,
 	.mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer,
@@ -2498,12 +2868,28 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_create_proc0 = mac_mls_create_proc0,
 	.mpo_create_proc1 = mac_mls_create_proc1,
 	.mpo_relabel_cred = mac_mls_relabel_cred,
+	.mpo_cleanup_sysv_msgmsg = mac_mls_cleanup_sysv_msgmsg,
+	.mpo_cleanup_sysv_msgqueue = mac_mls_cleanup_sysv_msgqueue,
+	.mpo_cleanup_sysv_sema = mac_mls_cleanup_sysv_sema,
+	.mpo_cleanup_sysv_shm = mac_mls_cleanup_sysv_shm,
 	.mpo_check_bpfdesc_receive = mac_mls_check_bpfdesc_receive,
 	.mpo_check_cred_relabel = mac_mls_check_cred_relabel,
 	.mpo_check_cred_visible = mac_mls_check_cred_visible,
 	.mpo_check_ifnet_relabel = mac_mls_check_ifnet_relabel,
 	.mpo_check_ifnet_transmit = mac_mls_check_ifnet_transmit,
 	.mpo_check_inpcb_deliver = mac_mls_check_inpcb_deliver,
+	.mpo_check_sysv_msgrcv = mac_mls_check_sysv_msgrcv,
+	.mpo_check_sysv_msgrmid = mac_mls_check_sysv_msgrmid,
+	.mpo_check_sysv_msqget = mac_mls_check_sysv_msqget,
+	.mpo_check_sysv_msqsnd = mac_mls_check_sysv_msqsnd,
+	.mpo_check_sysv_msqrcv = mac_mls_check_sysv_msqrcv,
+	.mpo_check_sysv_msqctl = mac_mls_check_sysv_msqctl,
+	.mpo_check_sysv_semctl = mac_mls_check_sysv_semctl,
+	.mpo_check_sysv_semget = mac_mls_check_sysv_semget,
+	.mpo_check_sysv_semop = mac_mls_check_sysv_semop,
+	.mpo_check_sysv_shmat = mac_mls_check_sysv_shmat,
+	.mpo_check_sysv_shmctl = mac_mls_check_sysv_shmctl,
+	.mpo_check_sysv_shmget = mac_mls_check_sysv_shmget,
 	.mpo_check_mount_stat = mac_mls_check_mount_stat,
 	.mpo_check_pipe_ioctl = mac_mls_check_pipe_ioctl,
 	.mpo_check_pipe_poll = mac_mls_check_pipe_poll,
author	rwatson <rwatson@FreeBSD.org>	2005-01-22 20:11:16 +0000
committer	rwatson <rwatson@FreeBSD.org>	2005-01-22 20:11:16 +0000
commit	37fb320c8f71124b36c0c6bd79f3d929ab14102a (patch)
tree	e050f61a397830be896bb7e242ee1ee8a82fd86e /sys/security/mac_mls
parent	75eae615207bacc0f64cc88f3504fd1876e21776 (diff)
download	FreeBSD-src-37fb320c8f71124b36c0c6bd79f3d929ab14102a.zip FreeBSD-src-37fb320c8f71124b36c0c6bd79f3d929ab14102a.tar.gz