Implement mpo_check_kld_load() and mpo_check_kld_unload() for the Biba

MAC policy.  To load a KLD, require that the subject hold Biba privilege,
and the the kernel module be marked as high integrity.  To unload a
KLD, require that the subject hold Biba privilege.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

1 files changed, 39 insertions, 0 deletions

diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index fd3f41a..83ba804 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -1543,6 +1543,43 @@ mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
 }
 
 static int
+mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_biba *subj, *obj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	obj = SLOT(label);
+	if (!mac_biba_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+
+static int
+mac_biba_check_kld_unload(struct ucred *cred)
+{
+	struct mac_biba *subj;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	return (mac_biba_subject_privileged(subj));
+}
+
+static int
 mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
     struct label *mntlabel)
 {
@@ -2622,6 +2659,8 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_cred_visible = mac_biba_check_cred_visible,
 	.mpo_check_ifnet_relabel = mac_biba_check_ifnet_relabel,
 	.mpo_check_ifnet_transmit = mac_biba_check_ifnet_transmit,
+	.mpo_check_kld_load = mac_biba_check_kld_load,
+	.mpo_check_kld_unload = mac_biba_check_kld_unload,
 	.mpo_check_mount_stat = mac_biba_check_mount_stat,
 	.mpo_check_pipe_ioctl = mac_biba_check_pipe_ioctl,
 	.mpo_check_pipe_poll = mac_biba_check_pipe_poll,