Add the fo_chown and fo_chmod methods to struct fileops and use them

to implement fchown(2) and fchmod(2) support for several file types
that previously lacked it. Add MAC entries for chown/chmod done on
posix shared memory and (old) in-kernel posix semaphores.

Based on the submission by:	glebius
Reviewed by:	rwatson
Approved by:	re (bz)

6 files changed, 176 insertions, 0 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index f515e98e..011cb86 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -225,6 +225,10 @@ int	mac_posixsem_check_getvalue(struct ucred *active_cred,
 int	mac_posixsem_check_open(struct ucred *cred, struct ksem *ks);
 int	mac_posixsem_check_post(struct ucred *active_cred,
 	    struct ucred *file_cred, struct ksem *ks);
+int	mac_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
+	    mode_t mode);
+int	mac_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
+	    uid_t uid, gid_t gid);
 int	mac_posixsem_check_stat(struct ucred *active_cred,
 	    struct ucred *file_cred, struct ksem *ks);
 int	mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks);
@@ -237,6 +241,10 @@ void	mac_posixsem_init(struct ksem *);
 int	mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,
 	    int prot, int flags);
 int	mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd);
+int	mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
+	    mode_t mode);
+int	mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
+	    uid_t uid, gid_t gid);
 int	mac_posixshm_check_stat(struct ucred *active_cred,
 	    struct ucred *file_cred, struct shmfd *shmfd);
 int	mac_posixshm_check_truncate(struct ucred *active_cred,
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index b874c41..b7ef07b 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -336,6 +336,12 @@ typedef int	(*mpo_posixsem_check_open_t)(struct ucred *cred,
 typedef int	(*mpo_posixsem_check_post_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct ksem *ks,
 		    struct label *kslabel);
+typedef int	(*mpo_posixsem_check_setmode_t)(struct ucred *cred,
+		    struct ksem *ks, struct label *shmlabel,
+		    mode_t mode);
+typedef int	(*mpo_posixsem_check_setowner_t)(struct ucred *cred,
+		    struct ksem *ks, struct label *shmlabel,
+		    uid_t uid, gid_t gid);
 typedef int	(*mpo_posixsem_check_stat_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct ksem *ks,
 		    struct label *kslabel);
@@ -354,6 +360,12 @@ typedef int	(*mpo_posixshm_check_mmap_t)(struct ucred *cred,
 		    int flags);
 typedef int	(*mpo_posixshm_check_open_t)(struct ucred *cred,
 		    struct shmfd *shmfd, struct label *shmlabel);
+typedef int	(*mpo_posixshm_check_setmode_t)(struct ucred *cred,
+		    struct shmfd *shmfd, struct label *shmlabel,
+		    mode_t mode);
+typedef int	(*mpo_posixshm_check_setowner_t)(struct ucred *cred,
+		    struct shmfd *shmfd, struct label *shmlabel,
+		    uid_t uid, gid_t gid);
 typedef int	(*mpo_posixshm_check_stat_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct shmfd *shmfd,
 		    struct label *shmlabel);
@@ -791,6 +803,8 @@ struct mac_policy_ops {
 	mpo_posixsem_check_getvalue_t		mpo_posixsem_check_getvalue;
 	mpo_posixsem_check_open_t		mpo_posixsem_check_open;
 	mpo_posixsem_check_post_t		mpo_posixsem_check_post;
+	mpo_posixsem_check_setmode_t		mpo_posixsem_check_setmode;
+	mpo_posixsem_check_setowner_t		mpo_posixsem_check_setowner;
 	mpo_posixsem_check_stat_t		mpo_posixsem_check_stat;
 	mpo_posixsem_check_unlink_t		mpo_posixsem_check_unlink;
 	mpo_posixsem_check_wait_t		mpo_posixsem_check_wait;
@@ -800,6 +814,8 @@ struct mac_policy_ops {
 
 	mpo_posixshm_check_mmap_t		mpo_posixshm_check_mmap;
 	mpo_posixshm_check_open_t		mpo_posixshm_check_open;
+	mpo_posixshm_check_setmode_t		mpo_posixshm_check_setmode;
+	mpo_posixshm_check_setowner_t		mpo_posixshm_check_setowner;
 	mpo_posixshm_check_stat_t		mpo_posixshm_check_stat;
 	mpo_posixshm_check_truncate_t		mpo_posixshm_check_truncate;
 	mpo_posixshm_check_unlink_t		mpo_posixshm_check_unlink;
diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c
index 9035d60..461e5db 100644
--- a/sys/security/mac/mac_posix_sem.c
+++ b/sys/security/mac/mac_posix_sem.c
@@ -198,3 +198,35 @@ mac_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred,
 
 	return (error);
 }
+
+MAC_CHECK_PROBE_DEFINE3(posixsem_check_setmode, "struct ucred *",
+    "struct ksem *", "mode_t");
+
+int
+mac_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, mode_t mode)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixsem_check_setmode, cred, ks,
+	    ks->ks_label, mode);
+	MAC_CHECK_PROBE3(posixsem_check_setmode, error, cred, ks, mode);
+
+	return (error);
+}
+
+MAC_CHECK_PROBE_DEFINE4(posixsem_check_setowner, "struct ucred *",
+    "struct ks *", "uid_t", "gid_t");
+
+int
+mac_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, uid_t uid,
+    gid_t gid)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixsem_check_setowner, cred, ks,
+	    ks->ks_label, uid, gid);
+	MAC_CHECK_PROBE4(posixsem_check_setowner, error, cred, ks,
+	    uid, gid);
+
+	return (error);
+}
diff --git a/sys/security/mac/mac_posix_shm.c b/sys/security/mac/mac_posix_shm.c
index 4432a98..7e1c3f7 100644
--- a/sys/security/mac/mac_posix_shm.c
+++ b/sys/security/mac/mac_posix_shm.c
@@ -181,3 +181,35 @@ mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd)
 
 	return (error);
 }
+
+MAC_CHECK_PROBE_DEFINE3(posixshm_check_setmode, "struct ucred *",
+    "struct shmfd *", "mode_t");
+
+int
+mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, mode_t mode)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixshm_check_setmode, cred, shmfd,
+	    shmfd->shm_label, mode);
+	MAC_CHECK_PROBE3(posixshm_check_setmode, error, cred, shmfd, mode);
+
+	return (error);
+}
+
+MAC_CHECK_PROBE_DEFINE4(posixshm_check_setowner, "struct ucred *",
+    "struct shmfd *", "uid_t", "gid_t");
+
+int
+mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, uid_t uid,
+    gid_t gid)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(posixshm_check_setowner, cred, shmfd,
+	    shmfd->shm_label, uid, gid);
+	MAC_CHECK_PROBE4(posixshm_check_setowner, error, cred, shmfd,
+	    uid, gid);
+
+	return (error);
+}
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 007efb8..361bb15 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -687,6 +687,22 @@ stub_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred,
 }
 
 static int
+stub_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
+    struct label *kslabel, mode_t mode)
+{
+
+	return (0);
+}
+
+static int
+stub_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
+    struct label *kslabel, uid_t uid, gid_t gid)
+{
+
+	return (0);
+}
+
+static int
 stub_posixsem_check_stat(struct ucred *active_cred, struct ucred *file_cred,
     struct ksem *ks, struct label *kslabel)
 {
@@ -734,6 +750,22 @@ stub_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
 }
 
 static int
+stub_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
+    struct label *shmlabel, mode_t mode)
+{
+
+	return (0);
+}
+
+static int
+stub_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
+    struct label *shmlabel, uid_t uid, gid_t gid)
+{
+
+	return (0);
+}
+
+static int
 stub_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred,
     struct shmfd *shmfd, struct label *shmlabel)
 {
@@ -1731,6 +1763,8 @@ static struct mac_policy_ops stub_ops =
 	.mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue,
 	.mpo_posixsem_check_open = stub_posixsem_check_open,
 	.mpo_posixsem_check_post = stub_posixsem_check_post,
+	.mpo_posixsem_check_setmode = stub_posixsem_check_setmode,
+	.mpo_posixsem_check_setowner = stub_posixsem_check_setowner,
 	.mpo_posixsem_check_stat = stub_posixsem_check_stat,
 	.mpo_posixsem_check_unlink = stub_posixsem_check_unlink,
 	.mpo_posixsem_check_wait = stub_posixsem_check_wait,
@@ -1740,6 +1774,8 @@ static struct mac_policy_ops stub_ops =
 
 	.mpo_posixshm_check_mmap = stub_posixshm_check_mmap,
 	.mpo_posixshm_check_open = stub_posixshm_check_open,
+	.mpo_posixshm_check_setmode = stub_posixshm_check_setmode,
+	.mpo_posixshm_check_setowner = stub_posixshm_check_setowner,
 	.mpo_posixshm_check_stat = stub_posixshm_check_stat,
 	.mpo_posixshm_check_truncate = stub_posixshm_check_truncate,
 	.mpo_posixshm_check_unlink = stub_posixshm_check_unlink,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index bef0cb7..2aa2e38 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -1297,6 +1297,30 @@ test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred,
 	return (0);
 }
 
+COUNTER_DECL(posixsem_check_setmode);
+static int
+test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
+    struct label *kslabel, mode_t mode)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
+	COUNTER_INC(posixsem_check_setmode);
+	return (0);
+}
+
+COUNTER_DECL(posixsem_check_setowner);
+static int
+test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
+    struct label *kslabel, uid_t uid, gid_t gid)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
+	COUNTER_INC(posixsem_check_setowner);
+	return (0);
+}
+
 COUNTER_DECL(posixsem_check_stat);
 static int
 test_posixsem_check_stat(struct ucred *active_cred,
@@ -1390,6 +1414,30 @@ test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
 	return (0);
 }
 
+COUNTER_DECL(posixshm_check_setmode);
+static int
+test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
+    struct label *shmfdlabel, mode_t mode)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
+	COUNTER_INC(posixshm_check_setmode);
+	return (0);
+}
+
+COUNTER_DECL(posixshm_check_setowner);
+static int
+test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
+    struct label *shmfdlabel, uid_t uid, gid_t gid)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
+	COUNTER_INC(posixshm_check_setowner);
+	return (0);
+}
+
 COUNTER_DECL(posixshm_check_stat);
 static int
 test_posixshm_check_stat(struct ucred *active_cred,
@@ -3045,6 +3093,8 @@ static struct mac_policy_ops test_ops =
 	.mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
 	.mpo_posixsem_check_open = test_posixsem_check_open,
 	.mpo_posixsem_check_post = test_posixsem_check_post,
+	.mpo_posixsem_check_setmode = test_posixsem_check_setmode,
+	.mpo_posixsem_check_setowner = test_posixsem_check_setowner,
 	.mpo_posixsem_check_stat = test_posixsem_check_stat,
 	.mpo_posixsem_check_unlink = test_posixsem_check_unlink,
 	.mpo_posixsem_check_wait = test_posixsem_check_wait,
@@ -3054,6 +3104,8 @@ static struct mac_policy_ops test_ops =
 
 	.mpo_posixshm_check_mmap = test_posixshm_check_mmap,
 	.mpo_posixshm_check_open = test_posixshm_check_open,
+	.mpo_posixshm_check_setmode = test_posixshm_check_setmode,
+	.mpo_posixshm_check_setowner = test_posixshm_check_setowner,
 	.mpo_posixshm_check_stat = test_posixshm_check_stat,
 	.mpo_posixshm_check_truncate = test_posixshm_check_truncate,
 	.mpo_posixshm_check_unlink = test_posixshm_check_unlink,