diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-29 13:33:06 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-29 13:33:06 +0000 |
commit | a4265719055fe445116eb2743b6aacf518bb1a8d (patch) | |
tree | b5d3ede5fbbf1cb40c13deb6bb8e406ce58b639e /sys | |
parent | 17e940f736d56194ae75e4a2963c775a59f0a3f6 (diff) | |
download | FreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.zip FreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.tar.gz |
Resort TrustedBSD MAC Framework policy entry point implementations and
declarations to match the object, operation sort order in the framework
itself.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 2248 | ||||
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 4 | ||||
-rw-r--r-- | sys/security/mac_ifoff/mac_ifoff.c | 4 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 1729 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 1801 | ||||
-rw-r--r-- | sys/security/mac_partition/mac_partition.c | 158 | ||||
-rw-r--r-- | sys/security/mac_seeotheruids/mac_seeotheruids.c | 16 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 969 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 2499 |
9 files changed, 4744 insertions, 4684 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 72f9745..052e8f3 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -774,391 +774,252 @@ biba_copy_label(struct label *src, struct label *dest) } /* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ -static void -biba_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) -{ - struct mac_biba *mb; - int biba_type; - - mb = SLOT(delabel); - if (strcmp(dev->si_name, "null") == 0 || - strcmp(dev->si_name, "zero") == 0 || - strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) - biba_type = MAC_BIBA_TYPE_EQUAL; - else if (ptys_equal && - (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || - strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) - biba_type = MAC_BIBA_TYPE_EQUAL; - else - biba_type = MAC_BIBA_TYPE_HIGH; - biba_set_effective(mb, biba_type, 0, NULL); -} - -static void -biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *delabel) +static int +biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { - struct mac_biba *mb; - - mb = SLOT(delabel); - - biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); -} + struct mac_biba *a, *b; -static void -biba_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) -{ - struct mac_biba *source, *dest; + if (!biba_enabled) + return (0); - source = SLOT(cred->cr_label); - dest = SLOT(delabel); + a = SLOT(dlabel); + b = SLOT(ifplabel); - biba_copy_effective(source, dest); + if (biba_equal_effective(a, b)) + return (0); + return (EACCES); } static void -biba_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) +biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(mplabel); + dest = SLOT(dlabel); biba_copy_effective(source, dest); } static void -biba_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *newlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(vplabel); - - biba_copy(source, dest); -} - -static void -biba_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(vplabel); - dest = SLOT(delabel); - - biba_copy(source, dest); -} - -static void -biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) +biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(delabel); - dest = SLOT(vplabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); biba_copy_effective(source, dest); } static int -biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +biba_cred_check_relabel(struct ucred *cred, struct label *newlabel) { - struct mac_biba mb_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); + struct mac_biba *subj, *new; + int error; - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - biba_copy_effective(source, dest); - return (0); - } else if (error) + /* + * If there is a Biba label update for the credential, it may + * be an update of the effective, range, or both. + */ + error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); + if (error) return (error); - if (buflen != sizeof(mb_temp)) { - printf("biba_vnode_associate_extattr: bad size %d\n", - buflen); - return (EPERM); - } - if (biba_valid(&mb_temp) != 0) { - printf("biba_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != - MAC_BIBA_FLAG_EFFECTIVE) { - printf("biba_vnode_associate_extattr: not effective\n"); - return (EPERM); - } - - biba_copy_effective(&mb_temp, dest); - return (0); -} - -static void -biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - biba_copy_effective(source, dest); -} + /* + * If the Biba label is to be changed, authorize as appropriate. + */ + if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { + /* + * If the change request modifies both the Biba label + * effective and range, check that the new effective will be + * in the new range. + */ + if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == + MAC_BIBA_FLAGS_BOTH && + !biba_effective_in_range(new, new)) + return (EINVAL); -static int -biba_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_biba *source, *dest, mb_temp; - size_t buflen; - int error; + /* + * To change the Biba effective label on a credential, the + * new effective label must be in the current range. + */ + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && + !biba_effective_in_range(new, subj)) + return (EPERM); - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); + /* + * To change the Biba range on a credential, the new range + * label must be in the current range. + */ + if (new->mb_flags & MAC_BIBA_FLAG_RANGE && + !biba_range_in_range(new, subj)) + return (EPERM); - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - biba_copy_effective(source, &mb_temp); + /* + * To have EQUAL in any component of the new credential Biba + * label, the subject must already have EQUAL in their label. + */ + if (biba_contains_equal(new)) { + error = biba_subject_privileged(subj); + if (error) + return (error); + } + } - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); - if (error == 0) - biba_copy_effective(source, dest); - return (error); + return (0); } static int -biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +biba_cred_check_visible(struct ucred *u1, struct ucred *u2) { - struct mac_biba *source, mb_temp; - size_t buflen; - int error; - - buflen = sizeof(mb_temp); - bzero(&mb_temp, buflen); + struct mac_biba *subj, *obj; - source = SLOT(intlabel); - if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) + if (!biba_enabled) return (0); - biba_copy_effective(source, &mb_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, - MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); - return (error); -} - -/* - * Labeling event operations: IPC object. - */ -static void -biba_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(solabel); - dest = SLOT(inplabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(solabel); - dest = SLOT(mlabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(solabel); - - biba_copy_effective(source, dest); -} - -static void -biba_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(pplabel); - - biba_copy_effective(source, dest); -} - -static void -biba_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(kslabel); - - biba_copy_effective(source, dest); -} - -static void -biba_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) -{ - struct mac_biba *source, *dest; + subj = SLOT(u1->cr_label); + obj = SLOT(u2->cr_label); - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); + /* XXX: range */ + if (!biba_dominate_effective(obj, subj)) + return (ESRCH); - biba_copy_effective(source, dest); + return (0); } static void -biba_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +biba_cred_relabel(struct ucred *cred, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(solabel); + dest = SLOT(cred->cr_label); biba_copy(source, dest); } static void -biba_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +biba_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(pplabel); + struct mac_biba *mb; + int biba_type; - biba_copy(source, dest); + mb = SLOT(delabel); + if (strcmp(dev->si_name, "null") == 0 || + strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "random") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) + biba_type = MAC_BIBA_TYPE_EQUAL; + else if (ptys_equal && + (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || + strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) + biba_type = MAC_BIBA_TYPE_EQUAL; + else + biba_type = MAC_BIBA_TYPE_HIGH; + biba_set_effective(mb, biba_type, 0, NULL); } static void -biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) +biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *delabel) { - struct mac_biba *source, *dest; + struct mac_biba *mb; - source = SLOT(mlabel); - dest = SLOT(sopeerlabel); + mb = SLOT(delabel); - biba_copy_effective(source, dest); + biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL); } -/* - * Labeling event operations: System V IPC objects. - */ static void -biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +biba_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_biba *source, *dest; - /* Ignore the msgq label */ source = SLOT(cred->cr_label); - dest = SLOT(msglabel); + dest = SLOT(delabel); biba_copy_effective(source, dest); } static void -biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) +biba_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(cred->cr_label); - dest = SLOT(msqlabel); + source = SLOT(vplabel); + dest = SLOT(delabel); - biba_copy_effective(source, dest); + biba_copy(source, dest); } static void -biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) +biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(cred->cr_label); - dest = SLOT(semalabel); + source = SLOT(delabel); + dest = SLOT(vplabel); biba_copy_effective(source, dest); } -static void -biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) +static int +biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { - struct mac_biba *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(shmlabel); + struct mac_biba *subj, *new; + int error; - biba_copy_effective(source, dest); -} + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); -/* - * Labeling event operations: network objects. - */ -static void -biba_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - struct mac_biba *source, *dest; + /* + * If there is a Biba label update for the interface, it may be an + * update of the effective, range, or both. + */ + error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); + if (error) + return (error); - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); + /* + * Relabling network interfaces requires Biba privilege. + */ + error = biba_subject_privileged(subj); + if (error) + return (error); - biba_copy_effective(source, dest); + return (0); } -static void -biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) +static int +biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { - struct mac_biba *source, *dest; + struct mac_biba *p, *i; - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); + if (!biba_enabled) + return (0); - biba_copy_effective(source, dest); + p = SLOT(mlabel); + i = SLOT(ifplabel); + + return (biba_effective_in_range(p, i) ? 0 : EACCES); } static void @@ -1219,38 +1080,52 @@ set: } static void -biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(mlabel); - dest = SLOT(ipqlabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); biba_copy_effective(source, dest); } static void -biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, - struct label *mlabel) +biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_biba *source, *dest; - source = SLOT(ipqlabel); - dest = SLOT(mlabel); + source = SLOT(newlabel); + dest = SLOT(ifplabel); - /* Just use the head, since we require them all to match. */ - biba_copy_effective(source, dest); + biba_copy(source, dest); +} + +static int +biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *p, *i; + + if (!biba_enabled) + return (0); + + p = SLOT(mlabel); + i = SLOT(inplabel); + + return (biba_equal_effective(p, i) ? 0 : EACCES); } static void -biba_netinet_fragment(struct mbuf *m, struct label *mlabel, - struct mbuf *frag, struct label *fraglabel) +biba_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { struct mac_biba *source, *dest; - source = SLOT(mlabel); - dest = SLOT(fraglabel); + source = SLOT(solabel); + dest = SLOT(inplabel); biba_copy_effective(source, dest); } @@ -1268,25 +1143,25 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) +biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { struct mac_biba *source, *dest; - source = SLOT(dlabel); - dest = SLOT(mlabel); + source = SLOT(solabel); + dest = SLOT(inplabel); - biba_copy_effective(source, dest); + biba_copy(source, dest); } static void -biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_biba *source, *dest; - source = SLOT(ifplabel); - dest = SLOT(mlabel); + source = SLOT(mlabel); + dest = SLOT(ipqlabel); biba_copy_effective(source, dest); } @@ -1304,15 +1179,16 @@ biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, } static void -biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, + struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(newlabel); - dest = SLOT(ifplabel); + source = SLOT(ipqlabel); + dest = SLOT(mlabel); - biba_copy(source, dest); + /* Just use the head, since we require them all to match. */ + biba_copy_effective(source, dest); } static void @@ -1323,16 +1199,57 @@ biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, /* NOOP: we only accept matching labels, so no need to update */ } +static int +biba_kld_check_load(struct ucred *cred, struct vnode *vp, + struct label *vplabel) +{ + struct mac_biba *subj, *obj; + int error; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + + error = biba_subject_privileged(subj); + if (error) + return (error); + + obj = SLOT(vplabel); + if (!biba_high_effective(obj)) + return (EACCES); + + return (0); +} + +static int +biba_mount_check_stat(struct ucred *cred, struct mount *mp, + struct label *mplabel) +{ + struct mac_biba *subj, *obj; + + if (!biba_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(mplabel); + + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); +} + static void -biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +biba_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) { struct mac_biba *source, *dest; - source = SLOT(solabel); - dest = SLOT(inplabel); + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); - biba_copy(source, dest); + biba_copy_effective(source, dest); } static void @@ -1381,6 +1298,18 @@ biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +biba_netinet_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(fraglabel); + + biba_copy_effective(source, dest); +} + +static void biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, struct mbuf *msend, struct label *msendlabel) { @@ -1414,155 +1343,95 @@ biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } -/* - * Labeling event operations: processes. - */ -static void -biba_proc_create_swapper(struct ucred *cred) -{ - struct mac_biba *dest; - - dest = SLOT(cred->cr_label); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); - biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_proc_create_init(struct ucred *cred) -{ - struct mac_biba *dest; - - dest = SLOT(cred->cr_label); - - biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); - biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_proc_associate_nfsd(struct ucred *cred) -{ - struct mac_biba *label; - - label = SLOT(cred->cr_label); - biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); - biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, - 0, NULL); -} - -static void -biba_cred_relabel(struct ucred *cred, struct label *newlabel) +static int +biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { - struct mac_biba *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); - biba_copy(source, dest); -} + if(!biba_enabled) + return (0); -/* - * Label cleanup/flush operations - */ -static void -biba_sysvmsg_cleanup(struct label *msglabel) -{ + /* XXX: This will be implemented soon... */ - bzero(SLOT(msglabel), sizeof(struct mac_biba)); + return (0); } -static void -biba_sysvmsq_cleanup(struct label *msqlabel) +static int +biba_pipe_check_poll(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + struct mac_biba *subj, *obj; - bzero(SLOT(msqlabel), sizeof(struct mac_biba)); -} + if (!biba_enabled) + return (0); -static void -biba_sysvsem_cleanup(struct label *semalabel) -{ + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); - bzero(SLOT(semalabel), sizeof(struct mac_biba)); -} + if (!biba_dominate_effective(obj, subj)) + return (EACCES); -static void -biba_sysvshm_cleanup(struct label *shmlabel) -{ - bzero(SLOT(shmlabel), sizeof(struct mac_biba)); + return (0); } -/* - * Access control checks. - */ static int -biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) +biba_pipe_check_read(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_biba *a, *b; + struct mac_biba *subj, *obj; if (!biba_enabled) return (0); - a = SLOT(dlabel); - b = SLOT(ifplabel); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); - if (biba_equal_effective(a, b)) - return (0); - return (EACCES); + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + + return (0); } static int -biba_cred_check_relabel(struct ucred *cred, struct label *newlabel) +biba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { - struct mac_biba *subj, *new; + struct mac_biba *subj, *obj, *new; int error; - subj = SLOT(cred->cr_label); new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); /* - * If there is a Biba label update for the credential, it may - * be an update of the effective, range, or both. + * If there is a Biba label update for a pipe, it must be a effective + * update. */ - error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); /* - * If the Biba label is to be changed, authorize as appropriate. + * To perform a relabel of a pipe (Biba label or not), Biba must + * authorize the relabel. */ - if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { - /* - * If the change request modifies both the Biba label - * effective and range, check that the new effective will be - * in the new range. - */ - if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == - MAC_BIBA_FLAGS_BOTH && - !biba_effective_in_range(new, new)) - return (EINVAL); - - /* - * To change the Biba effective label on a credential, the - * new effective label must be in the current range. - */ - if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && - !biba_effective_in_range(new, subj)) - return (EPERM); + if (!biba_effective_in_range(obj, subj)) + return (EPERM); + /* + * If the Biba label is to be changed, authorize as appropriate. + */ + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* - * To change the Biba range on a credential, the new range - * label must be in the current range. + * To change the Biba label on a pipe, the new pipe label + * must be in the subject range. */ - if (new->mb_flags & MAC_BIBA_FLAG_RANGE && - !biba_range_in_range(new, subj)) + if (!biba_effective_in_range(new, subj)) return (EPERM); /* - * To have EQUAL in any component of the new credential Biba - * label, the subject must already have EQUAL in their label. + * To change the Biba label on a pipe to be EQUAL, the + * subject must have appropriate privilege. */ if (biba_contains_equal(new)) { error = biba_subject_privileged(subj); @@ -1575,84 +1444,86 @@ biba_cred_check_relabel(struct ucred *cred, struct label *newlabel) } static int -biba_cred_check_visible(struct ucred *u1, struct ucred *u2) +biba_pipe_check_stat(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { struct mac_biba *subj, *obj; if (!biba_enabled) return (0); - subj = SLOT(u1->cr_label); - obj = SLOT(u2->cr_label); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); - /* XXX: range */ if (!biba_dominate_effective(obj, subj)) - return (ESRCH); + return (EACCES); return (0); } static int -biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +biba_pipe_check_write(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_biba *subj, *new; - int error; + struct mac_biba *subj, *obj; - subj = SLOT(cred->cr_label); - new = SLOT(newlabel); + if (!biba_enabled) + return (0); - /* - * If there is a Biba label update for the interface, it may be an - * update of the effective, range, or both. - */ - error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); - if (error) - return (error); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); - /* - * Relabling network interfaces requires Biba privilege. - */ - error = biba_subject_privileged(subj); - if (error) - return (error); + if (!biba_dominate_effective(subj, obj)) + return (EACCES); return (0); } -static int -biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +static void +biba_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_biba *p, *i; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); - p = SLOT(mlabel); - i = SLOT(ifplabel); + biba_copy_effective(source, dest); +} - return (biba_effective_in_range(p, i) ? 0 : EACCES); +static void +biba_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(pplabel); + + biba_copy(source, dest); } static int -biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - struct mac_biba *p, *i; + struct mac_biba *subj, *obj; if (!biba_enabled) return (0); - p = SLOT(mlabel); - i = SLOT(inplabel); + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); - return (biba_equal_effective(p, i) ? 0 : EACCES); + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + + return (0); } static int -biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_biba *subj, *obj; @@ -1660,7 +1531,7 @@ biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); + obj = SLOT(kslabel); if (!biba_dominate_effective(obj, subj)) return (EACCES); @@ -1668,27 +1539,220 @@ biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, return (0); } +static void +biba_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(kslabel); + + biba_copy_effective(source, dest); +} + +/* + * Some system privileges are allowed regardless of integrity grade; others + * are allowed only when running with privilege with respect to the Biba + * policy as they might otherwise allow bypassing of the integrity policy. + */ static int -biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +biba_priv_check(struct ucred *cred, int priv) { - struct mac_biba *subj, *obj; + struct mac_biba *subj; + int error; if (!biba_enabled) return (0); - subj = SLOT(cred->cr_label); - obj = SLOT(msglabel); + /* + * Exempt only specific privileges from the Biba integrity policy. + */ + switch (priv) { + case PRIV_KTRACE: + case PRIV_MSGBUF: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); + /* + * Allow processes to manipulate basic process audit properties, and + * to submit audit records. + */ + case PRIV_AUDIT_GETAUDIT: + case PRIV_AUDIT_SETAUDIT: + case PRIV_AUDIT_SUBMIT: + /* + * Allow processes to manipulate their regular UNIX credentials. + */ + case PRIV_CRED_SETUID: + case PRIV_CRED_SETEUID: + case PRIV_CRED_SETGID: + case PRIV_CRED_SETEGID: + case PRIV_CRED_SETGROUPS: + case PRIV_CRED_SETREUID: + case PRIV_CRED_SETREGID: + case PRIV_CRED_SETRESUID: + case PRIV_CRED_SETRESGID: + + /* + * Allow processes to perform system monitoring. + */ + case PRIV_SEEOTHERGIDS: + case PRIV_SEEOTHERUIDS: + break; + + /* + * Allow access to general process debugging facilities. We + * separately control debugging based on MAC label. + */ + case PRIV_DEBUG_DIFFCRED: + case PRIV_DEBUG_SUGID: + case PRIV_DEBUG_UNPRIV: + + /* + * Allow manipulating jails. + */ + case PRIV_JAIL_ATTACH: + + /* + * Allow privilege with respect to the Partition policy, but not the + * Privs policy. + */ + case PRIV_MAC_PARTITION: + + /* + * Allow privilege with respect to process resource limits and login + * context. + */ + case PRIV_PROC_LIMIT: + case PRIV_PROC_SETLOGIN: + case PRIV_PROC_SETRLIMIT: + + /* + * Allow System V and POSIX IPC privileges. + */ + case PRIV_IPC_READ: + case PRIV_IPC_WRITE: + case PRIV_IPC_ADMIN: + case PRIV_IPC_MSGSIZE: + case PRIV_MQ_ADMIN: + + /* + * Allow certain scheduler manipulations -- possibly this should be + * controlled by more fine-grained policy, as potentially low + * integrity processes can deny CPU to higher integrity ones. + */ + case PRIV_SCHED_DIFFCRED: + case PRIV_SCHED_SETPRIORITY: + case PRIV_SCHED_RTPRIO: + case PRIV_SCHED_SETPOLICY: + case PRIV_SCHED_SET: + case PRIV_SCHED_SETPARAM: + + /* + * More IPC privileges. + */ + case PRIV_SEM_WRITE: + + /* + * Allow signaling privileges subject to integrity policy. + */ + case PRIV_SIGNAL_DIFFCRED: + case PRIV_SIGNAL_SUGID: + + /* + * Allow access to only limited sysctls from lower integrity levels; + * piggy-back on the Jail definition. + */ + case PRIV_SYSCTL_WRITEJAIL: + + /* + * Allow TTY-based privileges, subject to general device access using + * labels on TTY device nodes, but not console privilege. + */ + case PRIV_TTY_DRAINWAIT: + case PRIV_TTY_DTRWAIT: + case PRIV_TTY_EXCLUSIVE: + case PRIV_TTY_PRISON: + case PRIV_TTY_STI: + case PRIV_TTY_SETA: + + /* + * Grant most VFS privileges, as almost all are in practice bounded + * by more specific checks using labels. + */ + case PRIV_VFS_READ: + case PRIV_VFS_WRITE: + case PRIV_VFS_ADMIN: + case PRIV_VFS_EXEC: + case PRIV_VFS_LOOKUP: + case PRIV_VFS_CHFLAGS_DEV: + case PRIV_VFS_CHOWN: + case PRIV_VFS_CHROOT: + case PRIV_VFS_RETAINSUGID: + case PRIV_VFS_EXCEEDQUOTA: + case PRIV_VFS_FCHROOT: + case PRIV_VFS_FHOPEN: + case PRIV_VFS_FHSTATFS: + case PRIV_VFS_GENERATION: + case PRIV_VFS_GETFH: + case PRIV_VFS_GETQUOTA: + case PRIV_VFS_LINK: + case PRIV_VFS_MOUNT: + case PRIV_VFS_MOUNT_OWNER: + case PRIV_VFS_MOUNT_PERM: + case PRIV_VFS_MOUNT_SUIDDIR: + case PRIV_VFS_MOUNT_NONUSER: + case PRIV_VFS_SETGID: + case PRIV_VFS_STICKYFILE: + case PRIV_VFS_SYSFLAGS: + case PRIV_VFS_UNMOUNT: + + /* + * Allow VM privileges; it would be nice if these were subject to + * resource limits. + */ + case PRIV_VM_MADV_PROTECT: + case PRIV_VM_MLOCK: + case PRIV_VM_MUNLOCK: + + /* + * Allow some but not all network privileges. In general, dont allow + * reconfiguring the network stack, just normal use. + */ + case PRIV_NETATALK_RESERVEDPORT: + case PRIV_NETINET_RESERVEDPORT: + case PRIV_NETINET_RAW: + case PRIV_NETINET_REUSEPORT: + case PRIV_NETIPX_RESERVEDPORT: + case PRIV_NETIPX_RAW: + break; + + /* + * All remaining system privileges are allow only if the process + * holds privilege with respect to the Biba policy. + */ + default: + subj = SLOT(cred->cr_label); + error = biba_subject_privileged(subj); + if (error) + return (error); + } return (0); } +static void +biba_proc_associate_nfsd(struct ucred *cred) +{ + struct mac_biba *label; + + label = SLOT(cred->cr_label); + biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL); + biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); +} + static int -biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +biba_proc_check_debug(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -1696,17 +1760,19 @@ biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); + obj = SLOT(p->p_ucred->cr_label); + /* XXX: range checks */ if (!biba_dominate_effective(obj, subj)) + return (ESRCH); + if (!biba_dominate_effective(subj, obj)) return (EACCES); return (0); } static int -biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +biba_proc_check_sched(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -1714,8 +1780,11 @@ biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); + obj = SLOT(p->p_ucred->cr_label); + /* XXX: range checks */ + if (!biba_dominate_effective(obj, subj)) + return (ESRCH); if (!biba_dominate_effective(subj, obj)) return (EACCES); @@ -1723,8 +1792,7 @@ biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, } static int -biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_biba *subj, *obj; @@ -1732,86 +1800,110 @@ biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); + obj = SLOT(p->p_ucred->cr_label); + /* XXX: range checks */ if (!biba_dominate_effective(obj, subj)) + return (ESRCH); + if (!biba_dominate_effective(subj, obj)) return (EACCES); return (0); } static int -biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) +biba_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - struct mac_biba *subj, *obj; + struct mac_biba *p, *s; if (!biba_enabled) return (0); - subj = SLOT(cred->cr_label); - obj = SLOT(msqklabel); + p = SLOT(mlabel); + s = SLOT(solabel); - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; + return (biba_equal_effective(p, s) ? 0 : EACCES); +} - case IPC_STAT: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; +static void +biba_proc_create_init(struct ucred *cred) +{ + struct mac_biba *dest; - default: - return (EACCES); - } + dest = SLOT(cred->cr_label); - return (0); + biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); + biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); } -static int -biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) +static void +biba_proc_create_swapper(struct ucred *cred) { - struct mac_biba *subj, *obj; + struct mac_biba *dest; - if (!biba_enabled) - return (0); + dest = SLOT(cred->cr_label); + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, + 0, NULL); +} + +static int +biba_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_biba *subj, *obj, *new; + int error; + + new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); + obj = SLOT(solabel); - switch(cmd) { - case IPC_RMID: - case IPC_SET: - case SETVAL: - case SETALL: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; + /* + * If there is a Biba label update for the socket, it may be an + * update of effective. + */ + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); + if (error) + return (error); - case IPC_STAT: - case GETVAL: - case GETPID: - case GETNCNT: - case GETZCNT: - case GETALL: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; + /* + * To relabel a socket, the old socket effective must be in the + * subject range. + */ + if (!biba_effective_in_range(obj, subj)) + return (EPERM); - default: - return (EACCES); + /* + * If the Biba label is to be changed, authorize as appropriate. + */ + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + /* + * To relabel a socket, the new socket effective must be in + * the subject range. + */ + if (!biba_effective_in_range(new, subj)) + return (EPERM); + + /* + * To change the Biba label on the socket to contain EQUAL, + * the subject must have appropriate privilege. + */ + if (biba_contains_equal(new)) { + error = biba_subject_privileged(subj); + if (error) + return (error); + } } return (0); } static int -biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) +biba_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_biba *subj, *obj; @@ -1819,111 +1911,110 @@ biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); + obj = SLOT(solabel); if (!biba_dominate_effective(obj, subj)) - return (EACCES); + return (ENOENT); return (0); } -static int -biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) +static void +biba_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) { - struct mac_biba *subj, *obj; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(cred->cr_label); + dest = SLOT(solabel); - subj = SLOT(cred->cr_label); - obj = SLOT(semaklabel); + biba_copy_effective(source, dest); +} - if (accesstype & SEM_R) - if (!biba_dominate_effective(obj, subj)) - return (EACCES); +static void +biba_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *source, *dest; - if (accesstype & SEM_A) - if (!biba_dominate_effective(subj, obj)) - return (EACCES); + source = SLOT(solabel); + dest = SLOT(mlabel); - return (0); + biba_copy_effective(source, dest); } -static int -biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +static void +biba_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) { - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); + struct mac_biba *source, *dest; - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - if ((shmflg & SHM_RDONLY) == 0) { - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - } - - return (0); + biba_copy_effective(source, dest); } -static int -biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) +static void +biba_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { - struct mac_biba *subj, *obj; - - if (!biba_enabled) - return (0); + struct mac_biba *source, *dest; - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); + source = SLOT(newlabel); + dest = SLOT(solabel); - switch(cmd) { - case IPC_RMID: - case IPC_SET: - if (!biba_dominate_effective(subj, obj)) - return (EACCES); - break; + biba_copy(source, dest); +} - case IPC_STAT: - case SHM_STAT: - if (!biba_dominate_effective(obj, subj)) - return (EACCES); - break; +static void +biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_biba *source, *dest; - default: - return (EACCES); - } + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); - return (0); + biba_copy_effective(source, dest); } -static int -biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +static void +biba_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { - struct mac_biba *subj, *obj; + struct mac_biba *source, *dest; - if (!biba_enabled) - return (0); + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(shmseglabel); + biba_copy_effective(source, dest); +} - if (!biba_dominate_effective(obj, subj)) - return (EACCES); +static void +biba_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_biba *source, *dest; - return (0); + source = SLOT(inp->inp_label); + dest = SLOT(label); + biba_copy_effective(source, dest); +} + +static void +biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + biba_copy_effective(source, dest); } static int -biba_kld_check_load(struct ucred *cred, struct vnode *vp, +biba_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -1938,6 +2029,9 @@ biba_kld_check_load(struct ucred *cred, struct vnode *vp, if (error) return (error); + if (vplabel == NULL) + return (0); + obj = SLOT(vplabel); if (!biba_high_effective(obj)) return (EACCES); @@ -1946,144 +2040,142 @@ biba_kld_check_load(struct ucred *cred, struct vnode *vp, } static int -biba_mount_check_stat(struct ucred *cred, struct mount *mp, - struct label *mplabel) +biba_system_check_auditctl(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { struct mac_biba *subj, *obj; + int error; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(mplabel); - if (!biba_dominate_effective(obj, subj)) + error = biba_subject_privileged(subj); + if (error) + return (error); + + if (vplabel == NULL) + return (0); + + obj = SLOT(vplabel); + if (!biba_high_effective(obj)) return (EACCES); return (0); } static int -biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) +biba_system_check_auditon(struct ucred *cred, int cmd) { + struct mac_biba *subj; + int error; - if(!biba_enabled) + if (!biba_enabled) return (0); - /* XXX: This will be implemented soon... */ + subj = SLOT(cred->cr_label); + + error = biba_subject_privileged(subj); + if (error) + return (error); return (0); } static int -biba_pipe_check_poll(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +biba_system_check_swapoff(struct ucred *cred, struct vnode *vp, + struct label *label) { - struct mac_biba *subj, *obj; + struct mac_biba *subj; + int error; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - if (!biba_dominate_effective(obj, subj)) - return (EACCES); + error = biba_subject_privileged(subj); + if (error) + return (error); return (0); } static int -biba_pipe_check_read(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +biba_system_check_swapon(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { struct mac_biba *subj, *obj; + int error; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); + obj = SLOT(vplabel); - if (!biba_dominate_effective(obj, subj)) + error = biba_subject_privileged(subj); + if (error) + return (error); + + if (!biba_high_effective(obj)) return (EACCES); return (0); } static int -biba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { - struct mac_biba *subj, *obj, *new; + struct mac_biba *subj; int error; - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - /* - * If there is a Biba label update for a pipe, it must be a effective - * update. - */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); - if (error) - return (error); + if (!biba_enabled) + return (0); - /* - * To perform a relabel of a pipe (Biba label or not), Biba must - * authorize the relabel. - */ - if (!biba_effective_in_range(obj, subj)) - return (EPERM); + subj = SLOT(cred->cr_label); /* - * If the Biba label is to be changed, authorize as appropriate. + * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, + * but also require privilege to change them. */ - if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { - /* - * To change the Biba label on a pipe, the new pipe label - * must be in the subject range. - */ - if (!biba_effective_in_range(new, subj)) - return (EPERM); + if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { + if (!biba_subject_dominate_high(subj)) + return (EACCES); - /* - * To change the Biba label on a pipe to be EQUAL, the - * subject must have appropriate privilege. - */ - if (biba_contains_equal(new)) { - error = biba_subject_privileged(subj); - if (error) - return (error); - } + error = biba_subject_privileged(subj); + if (error) + return (error); } return (0); } -static int -biba_pipe_check_stat(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +static void +biba_sysvmsg_cleanup(struct label *msglabel) { - struct mac_biba *subj, *obj; - if (!biba_enabled) - return (0); + bzero(SLOT(msglabel), sizeof(struct mac_biba)); +} - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); +static void +biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + struct mac_biba *source, *dest; - if (!biba_dominate_effective(obj, subj)) - return (EACCES); + /* Ignore the msgq label */ + source = SLOT(cred->cr_label); + dest = SLOT(msglabel); - return (0); + biba_copy_effective(source, dest); } static int -biba_pipe_check_write(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { struct mac_biba *subj, *obj; @@ -2091,17 +2183,17 @@ biba_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); + obj = SLOT(msglabel); - if (!biba_dominate_effective(subj, obj)) + if (!biba_dominate_effective(obj, subj)) return (EACCES); return (0); } static int -biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { struct mac_biba *subj, *obj; @@ -2109,7 +2201,7 @@ biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(kslabel); + obj = SLOT(msglabel); if (!biba_dominate_effective(subj, obj)) return (EACCES); @@ -2118,8 +2210,8 @@ biba_posixsem_check_write(struct ucred *cred, struct ksem *ks, } static int -biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { struct mac_biba *subj, *obj; @@ -2127,7 +2219,7 @@ biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(kslabel); + obj = SLOT(msqklabel); if (!biba_dominate_effective(obj, subj)) return (EACCES); @@ -2136,7 +2228,8 @@ biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, } static int -biba_proc_check_debug(struct ucred *cred, struct proc *p) +biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { struct mac_biba *subj, *obj; @@ -2144,11 +2237,8 @@ biba_proc_check_debug(struct ucred *cred, struct proc *p) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); + obj = SLOT(msqklabel); - /* XXX: range checks */ - if (!biba_dominate_effective(obj, subj)) - return (ESRCH); if (!biba_dominate_effective(subj, obj)) return (EACCES); @@ -2156,7 +2246,8 @@ biba_proc_check_debug(struct ucred *cred, struct proc *p) } static int -biba_proc_check_sched(struct ucred *cred, struct proc *p) +biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { struct mac_biba *subj, *obj; @@ -2164,19 +2255,17 @@ biba_proc_check_sched(struct ucred *cred, struct proc *p) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); + obj = SLOT(msqklabel); - /* XXX: range checks */ if (!biba_dominate_effective(obj, subj)) - return (ESRCH); - if (!biba_dominate_effective(subj, obj)) return (EACCES); return (0); } static int -biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) { struct mac_biba *subj, *obj; @@ -2184,86 +2273,87 @@ biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); + obj = SLOT(msqklabel); - /* XXX: range checks */ - if (!biba_dominate_effective(obj, subj)) - return (ESRCH); - if (!biba_dominate_effective(subj, obj)) + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; + + case IPC_STAT: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; + + default: return (EACCES); + } return (0); } -static int -biba_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +static void +biba_sysvmsq_cleanup(struct label *msqlabel) { - struct mac_biba *p, *s; - if (!biba_enabled) - return (0); + bzero(SLOT(msqlabel), sizeof(struct mac_biba)); +} - p = SLOT(mlabel); - s = SLOT(solabel); +static void +biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + struct mac_biba *source, *dest; - return (biba_equal_effective(p, s) ? 0 : EACCES); + source = SLOT(cred->cr_label); + dest = SLOT(msqlabel); + + biba_copy_effective(source, dest); } static int -biba_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) { - struct mac_biba *subj, *obj, *new; - int error; + struct mac_biba *subj, *obj; - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); + if (!biba_enabled) + return (0); - /* - * If there is a Biba label update for the socket, it may be an - * update of effective. - */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); - if (error) - return (error); + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); - /* - * To relabel a socket, the old socket effective must be in the - * subject range. - */ - if (!biba_effective_in_range(obj, subj)) - return (EPERM); + switch(cmd) { + case IPC_RMID: + case IPC_SET: + case SETVAL: + case SETALL: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; - /* - * If the Biba label is to be changed, authorize as appropriate. - */ - if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { - /* - * To relabel a socket, the new socket effective must be in - * the subject range. - */ - if (!biba_effective_in_range(new, subj)) - return (EPERM); + case IPC_STAT: + case GETVAL: + case GETPID: + case GETNCNT: + case GETZCNT: + case GETALL: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; - /* - * To change the Biba label on the socket to contain EQUAL, - * the subject must have appropriate privilege. - */ - if (biba_contains_equal(new)) { - error = biba_subject_privileged(subj); - if (error) - return (error); - } + default: + return (EACCES); } return (0); } static int -biba_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) +biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) { struct mac_biba *subj, *obj; @@ -2271,341 +2361,198 @@ biba_socket_check_visible(struct ucred *cred, struct socket *so, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(solabel); + obj = SLOT(semaklabel); if (!biba_dominate_effective(obj, subj)) - return (ENOENT); + return (EACCES); return (0); } -/* - * Some system privileges are allowed regardless of integrity grade; others - * are allowed only when running with privilege with respect to the Biba - * policy as they might otherwise allow bypassing of the integrity policy. - */ static int -biba_priv_check(struct ucred *cred, int priv) +biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) { - struct mac_biba *subj; - int error; + struct mac_biba *subj, *obj; if (!biba_enabled) return (0); - /* - * Exempt only specific privileges from the Biba integrity policy. - */ - switch (priv) { - case PRIV_KTRACE: - case PRIV_MSGBUF: - - /* - * Allow processes to manipulate basic process audit properties, and - * to submit audit records. - */ - case PRIV_AUDIT_GETAUDIT: - case PRIV_AUDIT_SETAUDIT: - case PRIV_AUDIT_SUBMIT: - - /* - * Allow processes to manipulate their regular UNIX credentials. - */ - case PRIV_CRED_SETUID: - case PRIV_CRED_SETEUID: - case PRIV_CRED_SETGID: - case PRIV_CRED_SETEGID: - case PRIV_CRED_SETGROUPS: - case PRIV_CRED_SETREUID: - case PRIV_CRED_SETREGID: - case PRIV_CRED_SETRESUID: - case PRIV_CRED_SETRESGID: - - /* - * Allow processes to perform system monitoring. - */ - case PRIV_SEEOTHERGIDS: - case PRIV_SEEOTHERUIDS: - break; - - /* - * Allow access to general process debugging facilities. We - * separately control debugging based on MAC label. - */ - case PRIV_DEBUG_DIFFCRED: - case PRIV_DEBUG_SUGID: - case PRIV_DEBUG_UNPRIV: - - /* - * Allow manipulating jails. - */ - case PRIV_JAIL_ATTACH: - - /* - * Allow privilege with respect to the Partition policy, but not the - * Privs policy. - */ - case PRIV_MAC_PARTITION: - - /* - * Allow privilege with respect to process resource limits and login - * context. - */ - case PRIV_PROC_LIMIT: - case PRIV_PROC_SETLOGIN: - case PRIV_PROC_SETRLIMIT: - - /* - * Allow System V and POSIX IPC privileges. - */ - case PRIV_IPC_READ: - case PRIV_IPC_WRITE: - case PRIV_IPC_ADMIN: - case PRIV_IPC_MSGSIZE: - case PRIV_MQ_ADMIN: - - /* - * Allow certain scheduler manipulations -- possibly this should be - * controlled by more fine-grained policy, as potentially low - * integrity processes can deny CPU to higher integrity ones. - */ - case PRIV_SCHED_DIFFCRED: - case PRIV_SCHED_SETPRIORITY: - case PRIV_SCHED_RTPRIO: - case PRIV_SCHED_SETPOLICY: - case PRIV_SCHED_SET: - case PRIV_SCHED_SETPARAM: + subj = SLOT(cred->cr_label); + obj = SLOT(semaklabel); - /* - * More IPC privileges. - */ - case PRIV_SEM_WRITE: + if (accesstype & SEM_R) + if (!biba_dominate_effective(obj, subj)) + return (EACCES); - /* - * Allow signaling privileges subject to integrity policy. - */ - case PRIV_SIGNAL_DIFFCRED: - case PRIV_SIGNAL_SUGID: + if (accesstype & SEM_A) + if (!biba_dominate_effective(subj, obj)) + return (EACCES); - /* - * Allow access to only limited sysctls from lower integrity levels; - * piggy-back on the Jail definition. - */ - case PRIV_SYSCTL_WRITEJAIL: + return (0); +} - /* - * Allow TTY-based privileges, subject to general device access using - * labels on TTY device nodes, but not console privilege. - */ - case PRIV_TTY_DRAINWAIT: - case PRIV_TTY_DTRWAIT: - case PRIV_TTY_EXCLUSIVE: - case PRIV_TTY_PRISON: - case PRIV_TTY_STI: - case PRIV_TTY_SETA: +static void +biba_sysvsem_cleanup(struct label *semalabel) +{ - /* - * Grant most VFS privileges, as almost all are in practice bounded - * by more specific checks using labels. - */ - case PRIV_VFS_READ: - case PRIV_VFS_WRITE: - case PRIV_VFS_ADMIN: - case PRIV_VFS_EXEC: - case PRIV_VFS_LOOKUP: - case PRIV_VFS_CHFLAGS_DEV: - case PRIV_VFS_CHOWN: - case PRIV_VFS_CHROOT: - case PRIV_VFS_RETAINSUGID: - case PRIV_VFS_EXCEEDQUOTA: - case PRIV_VFS_FCHROOT: - case PRIV_VFS_FHOPEN: - case PRIV_VFS_FHSTATFS: - case PRIV_VFS_GENERATION: - case PRIV_VFS_GETFH: - case PRIV_VFS_GETQUOTA: - case PRIV_VFS_LINK: - case PRIV_VFS_MOUNT: - case PRIV_VFS_MOUNT_OWNER: - case PRIV_VFS_MOUNT_PERM: - case PRIV_VFS_MOUNT_SUIDDIR: - case PRIV_VFS_MOUNT_NONUSER: - case PRIV_VFS_SETGID: - case PRIV_VFS_STICKYFILE: - case PRIV_VFS_SYSFLAGS: - case PRIV_VFS_UNMOUNT: + bzero(SLOT(semalabel), sizeof(struct mac_biba)); +} - /* - * Allow VM privileges; it would be nice if these were subject to - * resource limits. - */ - case PRIV_VM_MADV_PROTECT: - case PRIV_VM_MLOCK: - case PRIV_VM_MUNLOCK: +static void +biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + struct mac_biba *source, *dest; - /* - * Allow some but not all network privileges. In general, dont allow - * reconfiguring the network stack, just normal use. - */ - case PRIV_NETATALK_RESERVEDPORT: - case PRIV_NETINET_RESERVEDPORT: - case PRIV_NETINET_RAW: - case PRIV_NETINET_REUSEPORT: - case PRIV_NETIPX_RESERVEDPORT: - case PRIV_NETIPX_RAW: - break; + source = SLOT(cred->cr_label); + dest = SLOT(semalabel); - /* - * All remaining system privileges are allow only if the process - * holds privilege with respect to the Biba policy. - */ - default: - subj = SLOT(cred->cr_label); - error = biba_subject_privileged(subj); - if (error) - return (error); - } - return (0); + biba_copy_effective(source, dest); } static int -biba_system_check_acct(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { struct mac_biba *subj, *obj; - int error; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); - error = biba_subject_privileged(subj); - if (error) - return (error); - - if (vplabel == NULL) - return (0); - - obj = SLOT(vplabel); - if (!biba_high_effective(obj)) + if (!biba_dominate_effective(obj, subj)) return (EACCES); - + if ((shmflg & SHM_RDONLY) == 0) { + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + } + return (0); } static int -biba_system_check_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) { struct mac_biba *subj, *obj; - int error; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); - error = biba_subject_privileged(subj); - if (error) - return (error); + switch(cmd) { + case IPC_RMID: + case IPC_SET: + if (!biba_dominate_effective(subj, obj)) + return (EACCES); + break; - if (vplabel == NULL) - return (0); + case IPC_STAT: + case SHM_STAT: + if (!biba_dominate_effective(obj, subj)) + return (EACCES); + break; - obj = SLOT(vplabel); - if (!biba_high_effective(obj)) + default: return (EACCES); + } return (0); } static int -biba_system_check_auditon(struct ucred *cred, int cmd) +biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { - struct mac_biba *subj; - int error; + struct mac_biba *subj, *obj; if (!biba_enabled) return (0); subj = SLOT(cred->cr_label); + obj = SLOT(shmseglabel); - error = biba_subject_privileged(subj); - if (error) - return (error); + if (!biba_dominate_effective(obj, subj)) + return (EACCES); return (0); } -static int -biba_system_check_swapon(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +static void +biba_sysvshm_cleanup(struct label *shmlabel) { - struct mac_biba *subj, *obj; - int error; - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(vplabel); + bzero(SLOT(shmlabel), sizeof(struct mac_biba)); +} - error = biba_subject_privileged(subj); - if (error) - return (error); +static void +biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + struct mac_biba *source, *dest; - if (!biba_high_effective(obj)) - return (EACCES); + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); - return (0); + biba_copy_effective(source, dest); } static int -biba_system_check_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) +biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - struct mac_biba *subj; - int error; + struct mac_biba mb_temp, *source, *dest; + int buflen, error; - if (!biba_enabled) - return (0); + source = SLOT(mplabel); + dest = SLOT(vplabel); - subj = SLOT(cred->cr_label); + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); - error = biba_subject_privileged(subj); - if (error) + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + biba_copy_effective(source, dest); + return (0); + } else if (error) return (error); + if (buflen != sizeof(mb_temp)) { + printf("biba_vnode_associate_extattr: bad size %d\n", + buflen); + return (EPERM); + } + if (biba_valid(&mb_temp) != 0) { + printf("biba_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != + MAC_BIBA_FLAG_EFFECTIVE) { + printf("biba_vnode_associate_extattr: not effective\n"); + return (EPERM); + } + + biba_copy_effective(&mb_temp, dest); return (0); } -static int -biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, - void *arg1, int arg2, struct sysctl_req *req) +static void +biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - struct mac_biba *subj; - int error; - - if (!biba_enabled) - return (0); - - subj = SLOT(cred->cr_label); - - /* - * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high, - * but also require privilege to change them. - */ - if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { - if (!biba_subject_dominate_high(subj)) - return (EACCES); + struct mac_biba *source, *dest; - error = biba_subject_privileged(subj); - if (error) - return (error); - } + source = SLOT(mplabel); + dest = SLOT(vplabel); - return (0); + biba_copy_effective(source, dest); } static int @@ -3242,174 +3189,235 @@ biba_vnode_check_write(struct ucred *active_cred, return (0); } -static void -biba_syncache_create(struct label *label, struct inpcb *inp) +static int +biba_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { - struct mac_biba *source, *dest; + struct mac_biba *source, *dest, mb_temp; + size_t buflen; + int error; - source = SLOT(inp->inp_label); - dest = SLOT(label); - biba_copy_effective(source, dest); + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + biba_copy_effective(source, &mb_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); + if (error == 0) + biba_copy_effective(source, dest); + return (error); } static void -biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +biba_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *newlabel) { struct mac_biba *source, *dest; - source = SLOT(sc_label); - dest = SLOT(mlabel); - biba_copy_effective(source, dest); + source = SLOT(newlabel); + dest = SLOT(vplabel); + + biba_copy(source, dest); +} + +static int +biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_biba *source, mb_temp; + size_t buflen; + int error; + + buflen = sizeof(mb_temp); + bzero(&mb_temp, buflen); + + source = SLOT(intlabel); + if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) + return (0); + + biba_copy_effective(source, &mb_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, + MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread); + return (error); } static struct mac_policy_ops mac_biba_ops = { .mpo_init = biba_init, - .mpo_bpfdesc_init_label = biba_init_label, - .mpo_cred_init_label = biba_init_label, - .mpo_devfs_init_label = biba_init_label, - .mpo_ifnet_init_label = biba_init_label, - .mpo_inpcb_init_label = biba_init_label_waitcheck, - .mpo_syncache_init_label = biba_init_label_waitcheck, - .mpo_sysvmsg_init_label = biba_init_label, - .mpo_sysvmsq_init_label = biba_init_label, - .mpo_sysvsem_init_label = biba_init_label, - .mpo_sysvshm_init_label = biba_init_label, - .mpo_ipq_init_label = biba_init_label_waitcheck, - .mpo_mbuf_init_label = biba_init_label_waitcheck, - .mpo_mount_init_label = biba_init_label, - .mpo_pipe_init_label = biba_init_label, - .mpo_posixsem_init_label = biba_init_label, - .mpo_socket_init_label = biba_init_label_waitcheck, - .mpo_socketpeer_init_label = biba_init_label_waitcheck, - .mpo_syncache_create = biba_syncache_create, - .mpo_vnode_init_label = biba_init_label, + + .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, + .mpo_bpfdesc_create = biba_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = biba_destroy_label, - .mpo_cred_destroy_label = biba_destroy_label, - .mpo_devfs_destroy_label = biba_destroy_label, - .mpo_ifnet_destroy_label = biba_destroy_label, - .mpo_inpcb_destroy_label = biba_destroy_label, - .mpo_syncache_destroy_label = biba_destroy_label, - .mpo_sysvmsg_destroy_label = biba_destroy_label, - .mpo_sysvmsq_destroy_label = biba_destroy_label, - .mpo_sysvsem_destroy_label = biba_destroy_label, - .mpo_sysvshm_destroy_label = biba_destroy_label, - .mpo_ipq_destroy_label = biba_destroy_label, - .mpo_mbuf_destroy_label = biba_destroy_label, - .mpo_mount_destroy_label = biba_destroy_label, - .mpo_pipe_destroy_label = biba_destroy_label, - .mpo_posixsem_destroy_label = biba_destroy_label, - .mpo_socket_destroy_label = biba_destroy_label, - .mpo_socketpeer_destroy_label = biba_destroy_label, - .mpo_vnode_destroy_label = biba_destroy_label, + .mpo_bpfdesc_init_label = biba_init_label, + + .mpo_cred_check_relabel = biba_cred_check_relabel, + .mpo_cred_check_visible = biba_cred_check_visible, .mpo_cred_copy_label = biba_copy_label, - .mpo_ifnet_copy_label = biba_copy_label, - .mpo_mbuf_copy_label = biba_copy_label, - .mpo_pipe_copy_label = biba_copy_label, - .mpo_socket_copy_label = biba_copy_label, - .mpo_vnode_copy_label = biba_copy_label, + .mpo_cred_destroy_label = biba_destroy_label, .mpo_cred_externalize_label = biba_externalize_label, - .mpo_ifnet_externalize_label = biba_externalize_label, - .mpo_pipe_externalize_label = biba_externalize_label, - .mpo_socket_externalize_label = biba_externalize_label, - .mpo_socketpeer_externalize_label = biba_externalize_label, - .mpo_vnode_externalize_label = biba_externalize_label, + .mpo_cred_init_label = biba_init_label, .mpo_cred_internalize_label = biba_internalize_label, - .mpo_ifnet_internalize_label = biba_internalize_label, - .mpo_pipe_internalize_label = biba_internalize_label, - .mpo_socket_internalize_label = biba_internalize_label, - .mpo_vnode_internalize_label = biba_internalize_label, + .mpo_cred_relabel = biba_cred_relabel, + .mpo_devfs_create_device = biba_devfs_create_device, .mpo_devfs_create_directory = biba_devfs_create_directory, .mpo_devfs_create_symlink = biba_devfs_create_symlink, - .mpo_mount_create = biba_mount_create, - .mpo_vnode_relabel = biba_vnode_relabel, + .mpo_devfs_destroy_label = biba_destroy_label, + .mpo_devfs_init_label = biba_init_label, .mpo_devfs_update = biba_devfs_update, .mpo_devfs_vnode_associate = biba_devfs_vnode_associate, - .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = biba_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = biba_socket_create_mbuf, - .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, - .mpo_pipe_create = biba_pipe_create, - .mpo_posixsem_create = biba_posixsem_create, - .mpo_socket_create = biba_socket_create, - .mpo_socket_newconn = biba_socket_newconn, - .mpo_pipe_relabel = biba_pipe_relabel, - .mpo_socket_relabel = biba_socket_relabel, - .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, - .mpo_bpfdesc_create = biba_bpfdesc_create, - .mpo_ipq_reassemble = biba_ipq_reassemble, - .mpo_netinet_fragment = biba_netinet_fragment, + + .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, + .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, + .mpo_ifnet_copy_label = biba_copy_label, .mpo_ifnet_create = biba_ifnet_create, + .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = biba_destroy_label, + .mpo_ifnet_externalize_label = biba_externalize_label, + .mpo_ifnet_init_label = biba_init_label, + .mpo_ifnet_internalize_label = biba_internalize_label, + .mpo_ifnet_relabel = biba_ifnet_relabel, + + .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, .mpo_inpcb_create = biba_inpcb_create, - .mpo_sysvmsg_create = biba_sysvmsg_create, - .mpo_sysvmsq_create = biba_sysvmsq_create, - .mpo_sysvsem_create = biba_sysvsem_create, - .mpo_sysvshm_create = biba_sysvshm_create, - .mpo_ipq_create = biba_ipq_create, .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, + .mpo_inpcb_destroy_label = biba_destroy_label, + .mpo_inpcb_init_label = biba_init_label_waitcheck, + .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, + + .mpo_ipq_create = biba_ipq_create, + .mpo_ipq_destroy_label = biba_destroy_label, + .mpo_ipq_init_label = biba_init_label_waitcheck, .mpo_ipq_match = biba_ipq_match, - .mpo_ifnet_relabel = biba_ifnet_relabel, + .mpo_ipq_reassemble = biba_ipq_reassemble, .mpo_ipq_update = biba_ipq_update, - .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, - .mpo_proc_create_swapper = biba_proc_create_swapper, - .mpo_proc_create_init = biba_proc_create_init, - .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, - .mpo_cred_relabel = biba_cred_relabel, - .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, - .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive, - .mpo_cred_check_relabel = biba_cred_check_relabel, - .mpo_cred_check_visible = biba_cred_check_visible, - .mpo_ifnet_check_relabel = biba_ifnet_check_relabel, - .mpo_ifnet_check_transmit = biba_ifnet_check_transmit, - .mpo_inpcb_check_deliver = biba_inpcb_check_deliver, - .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, - .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, + .mpo_kld_check_load = biba_kld_check_load, + + .mpo_mbuf_copy_label = biba_copy_label, + .mpo_mbuf_destroy_label = biba_destroy_label, + .mpo_mbuf_init_label = biba_init_label_waitcheck, + .mpo_mount_check_stat = biba_mount_check_stat, + .mpo_mount_create = biba_mount_create, + .mpo_mount_destroy_label = biba_destroy_label, + .mpo_mount_init_label = biba_init_label, + + .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, + + .mpo_netinet_arp_send = biba_netinet_arp_send, + .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, + .mpo_netinet_firewall_send = biba_netinet_firewall_send, + .mpo_netinet_fragment = biba_netinet_fragment, + .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, + .mpo_netinet_igmp_send = biba_netinet_igmp_send, + + .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, + .mpo_pipe_check_ioctl = biba_pipe_check_ioctl, .mpo_pipe_check_poll = biba_pipe_check_poll, .mpo_pipe_check_read = biba_pipe_check_read, .mpo_pipe_check_relabel = biba_pipe_check_relabel, .mpo_pipe_check_stat = biba_pipe_check_stat, .mpo_pipe_check_write = biba_pipe_check_write, + .mpo_pipe_copy_label = biba_copy_label, + .mpo_pipe_create = biba_pipe_create, + .mpo_pipe_destroy_label = biba_destroy_label, + .mpo_pipe_externalize_label = biba_externalize_label, + .mpo_pipe_init_label = biba_init_label, + .mpo_pipe_internalize_label = biba_internalize_label, + .mpo_pipe_relabel = biba_pipe_relabel, + .mpo_posixsem_check_destroy = biba_posixsem_check_write, .mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly, .mpo_posixsem_check_open = biba_posixsem_check_write, .mpo_posixsem_check_post = biba_posixsem_check_write, .mpo_posixsem_check_unlink = biba_posixsem_check_write, .mpo_posixsem_check_wait = biba_posixsem_check_write, + .mpo_posixsem_create = biba_posixsem_create, + .mpo_posixsem_destroy_label = biba_destroy_label, + .mpo_posixsem_init_label = biba_init_label, + + .mpo_priv_check = biba_priv_check, + + .mpo_proc_associate_nfsd = biba_proc_associate_nfsd, .mpo_proc_check_debug = biba_proc_check_debug, .mpo_proc_check_sched = biba_proc_check_sched, .mpo_proc_check_signal = biba_proc_check_signal, + .mpo_proc_create_init = biba_proc_create_init, + .mpo_proc_create_swapper = biba_proc_create_swapper, + .mpo_socket_check_deliver = biba_socket_check_deliver, .mpo_socket_check_relabel = biba_socket_check_relabel, .mpo_socket_check_visible = biba_socket_check_visible, + .mpo_socket_copy_label = biba_copy_label, + .mpo_socket_create = biba_socket_create, + .mpo_socket_create_mbuf = biba_socket_create_mbuf, + .mpo_socket_destroy_label = biba_destroy_label, + .mpo_socket_externalize_label = biba_externalize_label, + .mpo_socket_init_label = biba_init_label_waitcheck, + .mpo_socket_internalize_label = biba_internalize_label, + .mpo_socket_newconn = biba_socket_newconn, + .mpo_socket_relabel = biba_socket_relabel, + + .mpo_socketpeer_destroy_label = biba_destroy_label, + .mpo_socketpeer_externalize_label = biba_externalize_label, + .mpo_socketpeer_init_label = biba_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket, + + .mpo_syncache_create = biba_syncache_create, + .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, + .mpo_syncache_destroy_label = biba_destroy_label, + .mpo_syncache_init_label = biba_init_label_waitcheck, + .mpo_system_check_acct = biba_system_check_acct, .mpo_system_check_auditctl = biba_system_check_auditctl, .mpo_system_check_auditon = biba_system_check_auditon, - .mpo_system_check_swapon = biba_system_check_swapon, .mpo_system_check_swapoff = biba_system_check_swapoff, + .mpo_system_check_swapon = biba_system_check_swapon, .mpo_system_check_sysctl = biba_system_check_sysctl, + + .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup, + .mpo_sysvmsg_create = biba_sysvmsg_create, + .mpo_sysvmsg_destroy_label = biba_destroy_label, + .mpo_sysvmsg_init_label = biba_init_label, + + .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup, + .mpo_sysvmsq_create = biba_sysvmsq_create, + .mpo_sysvmsq_destroy_label = biba_destroy_label, + .mpo_sysvmsq_init_label = biba_init_label, + + .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = biba_sysvsem_check_semget, + .mpo_sysvsem_check_semop = biba_sysvsem_check_semop, + .mpo_sysvsem_cleanup = biba_sysvsem_cleanup, + .mpo_sysvsem_create = biba_sysvsem_create, + .mpo_sysvsem_destroy_label = biba_destroy_label, + .mpo_sysvsem_init_label = biba_init_label, + + .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = biba_sysvshm_cleanup, + .mpo_sysvshm_create = biba_sysvshm_create, + .mpo_sysvshm_destroy_label = biba_destroy_label, + .mpo_sysvshm_init_label = biba_init_label, + + .mpo_vnode_associate_extattr = biba_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel, .mpo_vnode_check_access = biba_vnode_check_open, .mpo_vnode_check_chdir = biba_vnode_check_chdir, .mpo_vnode_check_chroot = biba_vnode_check_chroot, @@ -3441,14 +3449,14 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_check_stat = biba_vnode_check_stat, .mpo_vnode_check_unlink = biba_vnode_check_unlink, .mpo_vnode_check_write = biba_vnode_check_write, - .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, - .mpo_netinet_arp_send = biba_netinet_arp_send, - .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, - .mpo_netinet_firewall_send = biba_netinet_firewall_send, - .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, - .mpo_netinet_igmp_send = biba_netinet_igmp_send, - .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, - .mpo_priv_check = biba_priv_check, + .mpo_vnode_create_extattr = biba_vnode_create_extattr, + .mpo_vnode_copy_label = biba_copy_label, + .mpo_vnode_destroy_label = biba_destroy_label, + .mpo_vnode_externalize_label = biba_externalize_label, + .mpo_vnode_init_label = biba_init_label, + .mpo_vnode_internalize_label = biba_internalize_label, + .mpo_vnode_relabel = biba_vnode_relabel, + .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, }; MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba", diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index a4c4a38..3c97e78 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -442,6 +442,10 @@ ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode) return (ugidfw_check(cred, vp, &vap, acc_mode)); } +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type and then by operation. + */ static int ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index 6d51ea8..e49e3ad 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -117,6 +117,10 @@ ifnet_check_incoming(struct ifnet *ifp, int viabpf) return (EPERM); } +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type and then by operation. + */ static int ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel) diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 6ee206a..24dbefc 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -631,15 +631,6 @@ lomac_init_label_waitcheck(struct label *label, int flag) } static void -lomac_proc_init_label(struct label *label) -{ - - PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC, - M_ZERO | M_WAITOK)); - mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF); -} - -static void lomac_destroy_label(struct label *label) { @@ -647,15 +638,6 @@ lomac_destroy_label(struct label *label) SLOT_SET(label, NULL); } -static void -lomac_proc_destroy_label(struct label *label) -{ - - mtx_destroy(&PSLOT(label)->mtx); - FREE(PSLOT(label), M_LOMAC); - PSLOT_SET(label, NULL); -} - static int lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element) { @@ -889,339 +871,282 @@ lomac_copy_label(struct label *src, struct label *dest) } /* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ -static void -lomac_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +static int +lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { - struct mac_lomac *ml; - int lomac_type; + struct mac_lomac *a, *b; - ml = SLOT(delabel); - if (strcmp(dev->si_name, "null") == 0 || - strcmp(dev->si_name, "zero") == 0 || - strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || - strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0) - lomac_type = MAC_LOMAC_TYPE_EQUAL; - else if (ptys_equal && - (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || - strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) - lomac_type = MAC_LOMAC_TYPE_EQUAL; - else - lomac_type = MAC_LOMAC_TYPE_HIGH; - lomac_set_single(ml, lomac_type, 0); -} + if (!lomac_enabled) + return (0); -static void -lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *delabel) -{ - struct mac_lomac *ml; + a = SLOT(dlabel); + b = SLOT(ifplabel); - ml = SLOT(delabel); - lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0); + if (lomac_equal_single(a, b)) + return (0); + return (EACCES); } static void -lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) +lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(delabel); - - lomac_copy_single(source, dest); -} - -static void -lomac_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) -{ - struct mac_lomac *source, *dest; + dest = SLOT(dlabel); - source = SLOT(cred->cr_label); - dest = SLOT(mplabel); lomac_copy_single(source, dest); } static void -lomac_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(vplabel); - - try_relabel(source, dest); -} - -static void -lomac_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(vplabel); - dest = SLOT(delabel); - - lomac_copy(source, dest); -} - -static void -lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) +lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(delabel); - dest = SLOT(vplabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); lomac_copy_single(source, dest); } static int -lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel) { - struct mac_lomac ml_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); + struct mac_lomac *subj, *new; + int error; - buflen = sizeof(ml_temp); - bzero(&ml_temp, buflen); + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - lomac_copy_single(source, dest); - return (0); - } else if (error) + /* + * If there is a LOMAC label update for the credential, it may be an + * update of the single, range, or both. + */ + error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH); + if (error) return (error); - if (buflen != sizeof(ml_temp)) { - if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) { - printf("lomac_vnode_associate_extattr: bad size %d\n", - buflen); - return (EPERM); - } - bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle)); - buflen = sizeof(ml_temp); - (void)vn_extattr_set(vp, IO_NODELOCKED, - MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, - buflen, (char *)&ml_temp, curthread); - } - if (lomac_valid(&ml_temp) != 0) { - printf("lomac_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != - MAC_LOMAC_FLAG_SINGLE) { - printf("lomac_vnode_associate_extattr: not single\n"); - return (EPERM); - } - - lomac_copy_single(&ml_temp, dest); - return (0); -} - -static void -lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); + /* + * If the LOMAC label is to be changed, authorize as appropriate. + */ + if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { + /* + * Fill in the missing parts from the previous label. + */ + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + lomac_copy_single(subj, new); + if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0) + lomac_copy_range(subj, new); - lomac_copy_single(source, dest); -} + /* + * To change the LOMAC range on a credential, the new range + * label must be in the current range. + */ + if (!lomac_range_in_range(new, subj)) + return (EPERM); -static int -lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_lomac *source, *dest, *dir, temp; - size_t buflen; - int error; + /* + * To change the LOMAC single label on a credential, the new + * single label must be in the new range. Implicitly from + * the previous check, the new single is in the old range. + */ + if (!lomac_single_in_range(new, new)) + return (EPERM); - buflen = sizeof(temp); - bzero(&temp, buflen); + /* + * To have EQUAL in any component of the new credential LOMAC + * label, the subject must already have EQUAL in their label. + */ + if (lomac_contains_equal(new)) { + error = lomac_subject_privileged(subj); + if (error) + return (error); + } - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - dir = SLOT(dvplabel); - if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { - lomac_copy_auxsingle(dir, &temp); - lomac_set_single(&temp, dir->ml_auxsingle.mle_type, - dir->ml_auxsingle.mle_grade); - } else { - lomac_copy_single(source, &temp); + /* + * XXXMAC: Additional consistency tests regarding the single + * and range of the new label might be performed here. + */ } - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); - if (error == 0) - lomac_copy(&temp, dest); - return (error); + return (0); } static int -lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { - struct mac_lomac *source, temp; - size_t buflen; - int error; - - buflen = sizeof(temp); - bzero(&temp, buflen); + struct mac_lomac *subj, *obj; - source = SLOT(intlabel); - if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + if (!lomac_enabled) return (0); - lomac_copy_single(source, &temp); - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, - MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); - return (error); -} + subj = SLOT(cr1->cr_label); + obj = SLOT(cr2->cr_label); -/* - * Labeling event operations: IPC object. - */ + /* XXX: range */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + + return (0); +} static void -lomac_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +lomac_cred_relabel(struct ucred *cred, struct label *newlabel) { struct mac_lomac *source, *dest; - source = SLOT(solabel); - dest = SLOT(inplabel); + source = SLOT(newlabel); + dest = SLOT(cred->cr_label); - lomac_copy_single(source, dest); + try_relabel(source, dest); } static void -lomac_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +lomac_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - struct mac_lomac *source, *dest; - - source = SLOT(solabel); - dest = SLOT(mlabel); + struct mac_lomac *ml; + int lomac_type; - lomac_copy_single(source, dest); + ml = SLOT(delabel); + if (strcmp(dev->si_name, "null") == 0 || + strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "random") == 0 || + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || + strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0) + lomac_type = MAC_LOMAC_TYPE_EQUAL; + else if (ptys_equal && + (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || + strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0)) + lomac_type = MAC_LOMAC_TYPE_EQUAL; + else + lomac_type = MAC_LOMAC_TYPE_HIGH; + lomac_set_single(ml, lomac_type, 0); } static void -lomac_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) +lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *delabel) { - struct mac_lomac *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(solabel); + struct mac_lomac *ml; - lomac_copy_single(source, dest); + ml = SLOT(delabel); + lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0); } static void -lomac_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(pplabel); + dest = SLOT(delabel); lomac_copy_single(source, dest); } static void -lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) +lomac_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_lomac *source, *dest; - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); + source = SLOT(vplabel); + dest = SLOT(delabel); - lomac_copy_single(source, dest); + lomac_copy(source, dest); } static void -lomac_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { struct mac_lomac *source, *dest; - source = SLOT(newlabel); - dest = SLOT(solabel); + source = SLOT(delabel); + dest = SLOT(vplabel); - try_relabel(source, dest); + lomac_copy_single(source, dest); } -static void -lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +static int +lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(pplabel); + struct mac_lomac *subj, *new; + int error; - try_relabel(source, dest); -} + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); -static void -lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) -{ - struct mac_lomac *source, *dest; + /* + * If there is a LOMAC label update for the interface, it may be an + * update of the single, range, or both. + */ + error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH); + if (error) + return (error); - source = SLOT(mlabel); - dest = SLOT(sopeerlabel); + /* + * Relabling network interfaces requires LOMAC privilege. + */ + error = lomac_subject_privileged(subj); + if (error) + return (error); - lomac_copy_single(source, dest); -} + /* + * If the LOMAC label is to be changed, authorize as appropriate. + */ + if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { + /* + * Fill in the missing parts from the previous label. + */ + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + lomac_copy_single(subj, new); + if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0) + lomac_copy_range(subj, new); -/* - * Labeling event operations: network objects. - */ -static void -lomac_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) -{ - struct mac_lomac *source, *dest; + /* + * Rely on the traditional superuser status for the LOMAC + * interface relabel requirements. XXXMAC: This will go + * away. + * + * XXXRW: This is also redundant to a higher layer check. + */ + error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0); + if (error) + return (EPERM); - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); + /* + * XXXMAC: Additional consistency tests regarding the single + * and the range of the new label might be performed here. + */ + } - lomac_copy_single(source, dest); + return (0); } -static void -lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) +static int +lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { - struct mac_lomac *source, *dest; + struct mac_lomac *p, *i; - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); + if (!lomac_enabled) + return (0); - lomac_copy_single(source, dest); + p = SLOT(mlabel); + i = SLOT(ifplabel); + + return (lomac_single_in_range(p, i) ? 0 : EACCES); } static void @@ -1283,38 +1208,52 @@ set: } static void -lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(mlabel); - dest = SLOT(ipqlabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); lomac_copy_single(source, dest); } static void -lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *m, struct label *mlabel) +lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_lomac *source, *dest; - source = SLOT(ipqlabel); - dest = SLOT(mlabel); + source = SLOT(newlabel); + dest = SLOT(ifplabel); - /* Just use the head, since we require them all to match. */ - lomac_copy_single(source, dest); + try_relabel(source, dest); +} + +static int +lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *p, *i; + + if (!lomac_enabled) + return (0); + + p = SLOT(mlabel); + i = SLOT(inplabel); + + return (lomac_equal_single(p, i) ? 0 : EACCES); } static void -lomac_netinet_fragment(struct mbuf *m, struct label *mlabel, - struct mbuf *frag, struct label *fraglabel) +lomac_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { struct mac_lomac *source, *dest; - source = SLOT(mlabel); - dest = SLOT(fraglabel); + source = SLOT(solabel); + dest = SLOT(inplabel); lomac_copy_single(source, dest); } @@ -1332,25 +1271,25 @@ lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) +lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { struct mac_lomac *source, *dest; - source = SLOT(dlabel); - dest = SLOT(mlabel); + source = SLOT(solabel); + dest = SLOT(inplabel); lomac_copy_single(source, dest); } static void -lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_lomac *source, *dest; - source = SLOT(ifplabel); - dest = SLOT(mlabel); + source = SLOT(mlabel); + dest = SLOT(ipqlabel); lomac_copy_single(source, dest); } @@ -1368,15 +1307,16 @@ lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, } static void -lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(newlabel); - dest = SLOT(ifplabel); + source = SLOT(ipqlabel); + dest = SLOT(mlabel); - try_relabel(source, dest); + /* Just use the head, since we require them all to match. */ + lomac_copy_single(source, dest); } static void @@ -1387,37 +1327,36 @@ lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, /* NOOP: we only accept matching labels, so no need to update */ } -static void -lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +lomac_kld_check_load(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { - struct mac_lomac *source, *dest; + struct mac_lomac *subj, *obj; - source = SLOT(solabel); - dest = SLOT(inplabel); + if (!lomac_enabled) + return (0); - lomac_copy_single(source, dest); -} + subj = SLOT(cred->cr_label); + obj = SLOT(vplabel); -static void -lomac_syncache_create(struct label *label, struct inpcb *inp) -{ - struct mac_lomac *source, *dest; + if (lomac_subject_privileged(subj)) + return (EPERM); - source = SLOT(inp->inp_label); - dest = SLOT(label); - lomac_copy(source, dest); + if (!lomac_high_single(obj)) + return (EACCES); + + return (0); } static void -lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +lomac_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) { struct mac_lomac *source, *dest; - source = SLOT(sc_label); - dest = SLOT(mlabel); - lomac_copy(source, dest); + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); + lomac_copy_single(source, dest); } static void @@ -1466,6 +1405,18 @@ lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +lomac_netinet_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(fraglabel); + + lomac_copy_single(source, dest); +} + +static void lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, struct mbuf *msend, struct label *msendlabel) { @@ -1499,306 +1450,6 @@ lomac_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); } -/* - * Labeling event operations: processes. - */ -static void -lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - struct mac_lomac *source, *dest, *obj, *robj; - - source = SLOT(old->cr_label); - dest = SLOT(new->cr_label); - obj = SLOT(vplabel); - robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; - - lomac_copy(source, dest); - /* - * If there's an auxiliary label on the real object, respect it and - * assume that this level should be assumed immediately if a higher - * level is currently in place. - */ - if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && - !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single) - && lomac_auxsingle_in_range(robj, dest)) - lomac_set_single(dest, robj->ml_auxsingle.mle_type, - robj->ml_auxsingle.mle_grade); - /* - * Restructuring to use the execve transitioning mechanism instead of - * the normal demotion mechanism here would be difficult, so just - * copy the label over and perform standard demotion. This is also - * non-optimal because it will result in the intermediate label "new" - * being created and immediately recycled. - */ - if (lomac_enabled && revocation_enabled && - !lomac_dominate_single(obj, source)) - (void)maybe_demote(source, obj, "executing", "file", vp); -} - -static int -lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) -{ - struct mac_lomac *subj, *obj, *robj; - - if (!lomac_enabled || !revocation_enabled) - return (0); - - subj = SLOT(old->cr_label); - obj = SLOT(vplabel); - robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; - - return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && - !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) - && lomac_auxsingle_in_range(robj, subj)) || - !lomac_dominate_single(obj, subj)); -} - -static void -lomac_proc_create_swapper(struct ucred *cred) -{ - struct mac_lomac *dest; - - dest = SLOT(cred->cr_label); - - lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); - lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); -} - -static void -lomac_proc_create_init(struct ucred *cred) -{ - struct mac_lomac *dest; - - dest = SLOT(cred->cr_label); - - lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0); - lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); -} - -static void -lomac_cred_relabel(struct ucred *cred, struct label *newlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); - - try_relabel(source, dest); -} - -/* - * Access control checks. - */ -static int -lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) -{ - struct mac_lomac *a, *b; - - if (!lomac_enabled) - return (0); - - a = SLOT(dlabel); - b = SLOT(ifplabel); - - if (lomac_equal_single(a, b)) - return (0); - return (EACCES); -} - -static int -lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel) -{ - struct mac_lomac *subj, *new; - int error; - - subj = SLOT(cred->cr_label); - new = SLOT(newlabel); - - /* - * If there is a LOMAC label update for the credential, it may be an - * update of the single, range, or both. - */ - error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH); - if (error) - return (error); - - /* - * If the LOMAC label is to be changed, authorize as appropriate. - */ - if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { - /* - * Fill in the missing parts from the previous label. - */ - if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) - lomac_copy_single(subj, new); - if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0) - lomac_copy_range(subj, new); - - /* - * To change the LOMAC range on a credential, the new range - * label must be in the current range. - */ - if (!lomac_range_in_range(new, subj)) - return (EPERM); - - /* - * To change the LOMAC single label on a credential, the new - * single label must be in the new range. Implicitly from - * the previous check, the new single is in the old range. - */ - if (!lomac_single_in_range(new, new)) - return (EPERM); - - /* - * To have EQUAL in any component of the new credential LOMAC - * label, the subject must already have EQUAL in their label. - */ - if (lomac_contains_equal(new)) { - error = lomac_subject_privileged(subj); - if (error) - return (error); - } - - /* - * XXXMAC: Additional consistency tests regarding the single - * and range of the new label might be performed here. - */ - } - - return (0); -} - -static int -lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cr1->cr_label); - obj = SLOT(cr2->cr_label); - - /* XXX: range */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - - return (0); -} - -static int -lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) -{ - struct mac_lomac *subj, *new; - int error; - - subj = SLOT(cred->cr_label); - new = SLOT(newlabel); - - /* - * If there is a LOMAC label update for the interface, it may be an - * update of the single, range, or both. - */ - error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH); - if (error) - return (error); - - /* - * Relabling network interfaces requires LOMAC privilege. - */ - error = lomac_subject_privileged(subj); - if (error) - return (error); - - /* - * If the LOMAC label is to be changed, authorize as appropriate. - */ - if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { - /* - * Fill in the missing parts from the previous label. - */ - if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) - lomac_copy_single(subj, new); - if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0) - lomac_copy_range(subj, new); - - /* - * Rely on the traditional superuser status for the LOMAC - * interface relabel requirements. XXXMAC: This will go - * away. - * - * XXXRW: This is also redundant to a higher layer check. - */ - error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0); - if (error) - return (EPERM); - - /* - * XXXMAC: Additional consistency tests regarding the single - * and the range of the new label might be performed here. - */ - } - - return (0); -} - -static int -lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *p, *i; - - if (!lomac_enabled) - return (0); - - p = SLOT(mlabel); - i = SLOT(ifplabel); - - return (lomac_single_in_range(p, i) ? 0 : EACCES); -} - -static int -lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *p, *i; - - if (!lomac_enabled) - return (0); - - p = SLOT(mlabel); - i = SLOT(inplabel); - - return (lomac_equal_single(p, i) ? 0 : EACCES); -} - -static int -lomac_kld_check_load(struct ucred *cred, struct vnode *vp, - struct label *vplabel) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(vplabel); - - if (lomac_subject_privileged(subj)) - return (EPERM); - - if (!lomac_high_single(obj)) - return (EACCES); - - return (0); -} - static int lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) @@ -1899,148 +1550,28 @@ lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp, return (0); } -static int -lomac_proc_check_debug(struct ucred *cred, struct proc *p) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); -} - -static int -lomac_proc_check_sched(struct ucred *cred, struct proc *p) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); -} - -static int -lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum) -{ - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!lomac_dominate_single(obj, subj)) - return (ESRCH); - if (!lomac_subject_dominate(subj, obj)) - return (EACCES); - - return (0); -} - -static int -lomac_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_lomac *p, *s; - - if (!lomac_enabled) - return (0); - - p = SLOT(mlabel); - s = SLOT(solabel); - - return (lomac_equal_single(p, s) ? 0 : EACCES); -} - -static int -lomac_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +static void +lomac_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_lomac *subj, *obj, *new; - int error; - - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - /* - * If there is a LOMAC label update for the socket, it may be an - * update of single. - */ - error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE); - if (error) - return (error); - - /* - * To relabel a socket, the old socket single must be in the subject - * range. - */ - if (!lomac_single_in_range(obj, subj)) - return (EPERM); - - /* - * If the LOMAC label is to be changed, authorize as appropriate. - */ - if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) { - /* - * To relabel a socket, the new socket single must be in the - * subject range. - */ - if (!lomac_single_in_range(new, subj)) - return (EPERM); + struct mac_lomac *source, *dest; - /* - * To change the LOMAC label on the socket to contain EQUAL, - * the subject must have appropriate privilege. - */ - if (lomac_contains_equal(new)) { - error = lomac_subject_privileged(subj); - if (error) - return (error); - } - } + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); - return (0); + lomac_copy_single(source, dest); } -static int -lomac_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) +static void +lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { - struct mac_lomac *subj, *obj; - - if (!lomac_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); + struct mac_lomac *source, *dest; - if (!lomac_dominate_single(obj, subj)) - return (ENOENT); + source = SLOT(newlabel); + dest = SLOT(pplabel); - return (0); + try_relabel(source, dest); } /* @@ -2232,6 +1763,283 @@ lomac_priv_check(struct ucred *cred, int priv) return (0); } +static int +lomac_proc_check_debug(struct ucred *cred, struct proc *p) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static int +lomac_proc_check_sched(struct ucred *cred, struct proc *p) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static int +lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!lomac_dominate_single(obj, subj)) + return (ESRCH); + if (!lomac_subject_dominate(subj, obj)) + return (EACCES); + + return (0); +} + +static void +lomac_proc_create_init(struct ucred *cred) +{ + struct mac_lomac *dest; + + dest = SLOT(cred->cr_label); + + lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0); + lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); +} + +static void +lomac_proc_create_swapper(struct ucred *cred) +{ + struct mac_lomac *dest; + + dest = SLOT(cred->cr_label); + + lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); + lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0); +} + +static void +lomac_proc_destroy_label(struct label *label) +{ + + mtx_destroy(&PSLOT(label)->mtx); + FREE(PSLOT(label), M_LOMAC); + PSLOT_SET(label, NULL); +} + +static void +lomac_proc_init_label(struct label *label) +{ + + PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC, + M_ZERO | M_WAITOK)); + mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF); +} + +static int +lomac_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *p, *s; + + if (!lomac_enabled) + return (0); + + p = SLOT(mlabel); + s = SLOT(solabel); + + return (lomac_equal_single(p, s) ? 0 : EACCES); +} + +static int +lomac_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_lomac *subj, *obj, *new; + int error; + + new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + /* + * If there is a LOMAC label update for the socket, it may be an + * update of single. + */ + error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE); + if (error) + return (error); + + /* + * To relabel a socket, the old socket single must be in the subject + * range. + */ + if (!lomac_single_in_range(obj, subj)) + return (EPERM); + + /* + * If the LOMAC label is to be changed, authorize as appropriate. + */ + if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) { + /* + * To relabel a socket, the new socket single must be in the + * subject range. + */ + if (!lomac_single_in_range(new, subj)) + return (EPERM); + + /* + * To change the LOMAC label on the socket to contain EQUAL, + * the subject must have appropriate privilege. + */ + if (lomac_contains_equal(new)) { + error = lomac_subject_privileged(subj); + if (error) + return (error); + } + } + + return (0); +} + +static int +lomac_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_lomac *subj, *obj; + + if (!lomac_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); + + if (!lomac_dominate_single(obj, subj)) + return (ENOENT); + + return (0); +} + +static void +lomac_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(solabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(solabel); + dest = SLOT(mlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(solabel); + + try_relabel(source, dest); +} + +static void +lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); + + lomac_copy_single(source, dest); +} + +static void +lomac_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_lomac *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + lomac_copy(source, dest); +} + +static void +lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + lomac_copy(source, dest); +} static int lomac_system_check_acct(struct ucred *cred, struct vnode *vp, @@ -2341,6 +2149,112 @@ lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, return (0); } +static void +lomac_thread_userret(struct thread *td) +{ + struct proc *p = td->td_proc; + struct mac_lomac_proc *subj = PSLOT(p->p_label); + struct ucred *newcred, *oldcred; + int dodrop; + + mtx_lock(&subj->mtx); + if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { + dodrop = 0; + mtx_unlock(&subj->mtx); + newcred = crget(); + /* + * Prevent a lock order reversal in + * mac_cred_mmapped_drop_perms; ideally, the other user of + * subj->mtx wouldn't be holding Giant. + */ + mtx_lock(&Giant); + PROC_LOCK(p); + mtx_lock(&subj->mtx); + /* + * Check if we lost the race while allocating the cred. + */ + if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { + crfree(newcred); + goto out; + } + oldcred = p->p_ucred; + crcopy(newcred, oldcred); + crhold(newcred); + lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); + p->p_ucred = newcred; + crfree(oldcred); + dodrop = 1; + out: + mtx_unlock(&subj->mtx); + PROC_UNLOCK(p); + if (dodrop) + mac_cred_mmapped_drop_perms(curthread, newcred); + mtx_unlock(&Giant); + } else { + mtx_unlock(&subj->mtx); + } +} + +static int +lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_lomac ml_temp, *source, *dest; + int buflen, error; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + buflen = sizeof(ml_temp); + bzero(&ml_temp, buflen); + + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + lomac_copy_single(source, dest); + return (0); + } else if (error) + return (error); + + if (buflen != sizeof(ml_temp)) { + if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) { + printf("lomac_vnode_associate_extattr: bad size %d\n", + buflen); + return (EPERM); + } + bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle)); + buflen = sizeof(ml_temp); + (void)vn_extattr_set(vp, IO_NODELOCKED, + MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, + buflen, (char *)&ml_temp, curthread); + } + if (lomac_valid(&ml_temp) != 0) { + printf("lomac_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != + MAC_LOMAC_FLAG_SINGLE) { + printf("lomac_vnode_associate_extattr: not single\n"); + return (EPERM); + } + + lomac_copy_single(&ml_temp, dest); + return (0); +} + +static void +lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mplabel); + dest = SLOT(vplabel); + + lomac_copy_single(source, dest); +} + static int lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct componentname *cnp, struct vattr *vap) @@ -2788,162 +2702,254 @@ lomac_vnode_check_write(struct ucred *active_cred, return (0); } -static void -lomac_thread_userret(struct thread *td) +static int +lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { - struct proc *p = td->td_proc; - struct mac_lomac_proc *subj = PSLOT(p->p_label); - struct ucred *newcred, *oldcred; - int dodrop; + struct mac_lomac *source, *dest, *dir, temp; + size_t buflen; + int error; - mtx_lock(&subj->mtx); - if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) { - dodrop = 0; - mtx_unlock(&subj->mtx); - newcred = crget(); - /* - * Prevent a lock order reversal in - * mac_cred_mmapped_drop_perms; ideally, the other user of - * subj->mtx wouldn't be holding Giant. - */ - mtx_lock(&Giant); - PROC_LOCK(p); - mtx_lock(&subj->mtx); - /* - * Check if we lost the race while allocating the cred. - */ - if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) { - crfree(newcred); - goto out; - } - oldcred = p->p_ucred; - crcopy(newcred, oldcred); - crhold(newcred); - lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label)); - p->p_ucred = newcred; - crfree(oldcred); - dodrop = 1; - out: - mtx_unlock(&subj->mtx); - PROC_UNLOCK(p); - if (dodrop) - mac_cred_mmapped_drop_perms(curthread, newcred); - mtx_unlock(&Giant); + buflen = sizeof(temp); + bzero(&temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + dir = SLOT(dvplabel); + if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { + lomac_copy_auxsingle(dir, &temp); + lomac_set_single(&temp, dir->ml_auxsingle.mle_type, + dir->ml_auxsingle.mle_grade); } else { - mtx_unlock(&subj->mtx); + lomac_copy_single(source, &temp); } + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); + if (error == 0) + lomac_copy(&temp, dest); + return (error); +} + +static void +lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + struct mac_lomac *source, *dest, *obj, *robj; + + source = SLOT(old->cr_label); + dest = SLOT(new->cr_label); + obj = SLOT(vplabel); + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; + + lomac_copy(source, dest); + /* + * If there's an auxiliary label on the real object, respect it and + * assume that this level should be assumed immediately if a higher + * level is currently in place. + */ + if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && + !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single) + && lomac_auxsingle_in_range(robj, dest)) + lomac_set_single(dest, robj->ml_auxsingle.mle_type, + robj->ml_auxsingle.mle_grade); + /* + * Restructuring to use the execve transitioning mechanism instead of + * the normal demotion mechanism here would be difficult, so just + * copy the label over and perform standard demotion. This is also + * non-optimal because it will result in the intermediate label "new" + * being created and immediately recycled. + */ + if (lomac_enabled && revocation_enabled && + !lomac_dominate_single(obj, source)) + (void)maybe_demote(source, obj, "executing", "file", vp); +} + +static int +lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + struct mac_lomac *subj, *obj, *robj; + + if (!lomac_enabled || !revocation_enabled) + return (0); + + subj = SLOT(old->cr_label); + obj = SLOT(vplabel); + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; + + return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && + !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) + && lomac_auxsingle_in_range(robj, subj)) || + !lomac_dominate_single(obj, subj)); +} + +static void +lomac_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *newlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(vplabel); + + try_relabel(source, dest); +} + +static int +lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_lomac *source, temp; + size_t buflen; + int error; + + buflen = sizeof(temp); + bzero(&temp, buflen); + + source = SLOT(intlabel); + if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + return (0); + + lomac_copy_single(source, &temp); + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, + MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread); + return (error); } static struct mac_policy_ops lomac_ops = { .mpo_init = lomac_init, - .mpo_bpfdesc_init_label = lomac_init_label, - .mpo_cred_init_label = lomac_init_label, - .mpo_devfs_init_label = lomac_init_label, - .mpo_ifnet_init_label = lomac_init_label, - .mpo_syncache_init_label = lomac_init_label_waitcheck, - .mpo_inpcb_init_label = lomac_init_label_waitcheck, - .mpo_ipq_init_label = lomac_init_label_waitcheck, - .mpo_mbuf_init_label = lomac_init_label_waitcheck, - .mpo_mount_init_label = lomac_init_label, - .mpo_pipe_init_label = lomac_init_label, - .mpo_proc_init_label = lomac_proc_init_label, - .mpo_socket_init_label = lomac_init_label_waitcheck, - .mpo_socketpeer_init_label = lomac_init_label_waitcheck, - .mpo_vnode_init_label = lomac_init_label, - .mpo_syncache_create = lomac_syncache_create, + + .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive, + .mpo_bpfdesc_create = lomac_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = lomac_destroy_label, - .mpo_cred_destroy_label = lomac_destroy_label, - .mpo_devfs_destroy_label = lomac_destroy_label, - .mpo_ifnet_destroy_label = lomac_destroy_label, - .mpo_inpcb_destroy_label = lomac_destroy_label, - .mpo_ipq_destroy_label = lomac_destroy_label, - .mpo_mbuf_destroy_label = lomac_destroy_label, - .mpo_mount_destroy_label = lomac_destroy_label, - .mpo_pipe_destroy_label = lomac_destroy_label, - .mpo_proc_destroy_label = lomac_proc_destroy_label, - .mpo_syncache_destroy_label = lomac_destroy_label, - .mpo_socket_destroy_label = lomac_destroy_label, - .mpo_socketpeer_destroy_label = lomac_destroy_label, - .mpo_vnode_destroy_label = lomac_destroy_label, + .mpo_bpfdesc_init_label = lomac_init_label, + + .mpo_cred_check_relabel = lomac_cred_check_relabel, + .mpo_cred_check_visible = lomac_cred_check_visible, .mpo_cred_copy_label = lomac_copy_label, - .mpo_ifnet_copy_label = lomac_copy_label, - .mpo_mbuf_copy_label = lomac_copy_label, - .mpo_pipe_copy_label = lomac_copy_label, - .mpo_socket_copy_label = lomac_copy_label, - .mpo_vnode_copy_label = lomac_copy_label, + .mpo_cred_destroy_label = lomac_destroy_label, .mpo_cred_externalize_label = lomac_externalize_label, - .mpo_ifnet_externalize_label = lomac_externalize_label, - .mpo_pipe_externalize_label = lomac_externalize_label, - .mpo_socket_externalize_label = lomac_externalize_label, - .mpo_socketpeer_externalize_label = lomac_externalize_label, - .mpo_vnode_externalize_label = lomac_externalize_label, + .mpo_cred_init_label = lomac_init_label, .mpo_cred_internalize_label = lomac_internalize_label, - .mpo_ifnet_internalize_label = lomac_internalize_label, - .mpo_pipe_internalize_label = lomac_internalize_label, - .mpo_socket_internalize_label = lomac_internalize_label, - .mpo_vnode_internalize_label = lomac_internalize_label, + .mpo_cred_relabel = lomac_cred_relabel, + .mpo_devfs_create_device = lomac_devfs_create_device, .mpo_devfs_create_directory = lomac_devfs_create_directory, .mpo_devfs_create_symlink = lomac_devfs_create_symlink, - .mpo_mount_create = lomac_mount_create, - .mpo_vnode_relabel = lomac_vnode_relabel, + .mpo_devfs_destroy_label = lomac_destroy_label, + .mpo_devfs_init_label = lomac_init_label, .mpo_devfs_update = lomac_devfs_update, .mpo_devfs_vnode_associate = lomac_devfs_vnode_associate, - .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = lomac_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = lomac_socket_create_mbuf, - .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf, - .mpo_pipe_create = lomac_pipe_create, - .mpo_socket_create = lomac_socket_create, - .mpo_socket_newconn = lomac_socket_newconn, - .mpo_pipe_relabel = lomac_pipe_relabel, - .mpo_socket_relabel = lomac_socket_relabel, - .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket, - .mpo_bpfdesc_create = lomac_bpfdesc_create, - .mpo_ipq_reassemble = lomac_ipq_reassemble, - .mpo_netinet_fragment = lomac_netinet_fragment, + + .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel, + .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit, + .mpo_ifnet_copy_label = lomac_copy_label, .mpo_ifnet_create = lomac_ifnet_create, + .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = lomac_destroy_label, + .mpo_ifnet_externalize_label = lomac_externalize_label, + .mpo_ifnet_init_label = lomac_init_label, + .mpo_ifnet_internalize_label = lomac_internalize_label, + .mpo_ifnet_relabel = lomac_ifnet_relabel, + + .mpo_syncache_create = lomac_syncache_create, + .mpo_syncache_destroy_label = lomac_destroy_label, + .mpo_syncache_init_label = lomac_init_label_waitcheck, + + .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver, .mpo_inpcb_create = lomac_inpcb_create, - .mpo_ipq_create = lomac_ipq_create, .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, + .mpo_inpcb_destroy_label = lomac_destroy_label, + .mpo_inpcb_init_label = lomac_init_label_waitcheck, + .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel, + + .mpo_ipq_create = lomac_ipq_create, + .mpo_ipq_destroy_label = lomac_destroy_label, + .mpo_ipq_init_label = lomac_init_label_waitcheck, .mpo_ipq_match = lomac_ipq_match, - .mpo_ifnet_relabel = lomac_ifnet_relabel, + .mpo_ipq_reassemble = lomac_ipq_reassemble, .mpo_ipq_update = lomac_ipq_update, - .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel, - .mpo_vnode_execve_transition = lomac_vnode_execve_transition, - .mpo_vnode_execve_will_transition = - lomac_vnode_execve_will_transition, - .mpo_proc_create_swapper = lomac_proc_create_swapper, - .mpo_proc_create_init = lomac_proc_create_init, - .mpo_cred_relabel = lomac_cred_relabel, - .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive, - .mpo_cred_check_relabel = lomac_cred_check_relabel, - .mpo_cred_check_visible = lomac_cred_check_visible, - .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel, - .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit, - .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver, + .mpo_kld_check_load = lomac_kld_check_load, + + .mpo_mbuf_copy_label = lomac_copy_label, + .mpo_mbuf_destroy_label = lomac_destroy_label, + .mpo_mbuf_init_label = lomac_init_label_waitcheck, + + .mpo_mount_create = lomac_mount_create, + .mpo_mount_destroy_label = lomac_destroy_label, + .mpo_mount_init_label = lomac_init_label, + + .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, + + .mpo_netinet_arp_send = lomac_netinet_arp_send, + .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, + .mpo_netinet_firewall_send = lomac_netinet_firewall_send, + .mpo_netinet_fragment = lomac_netinet_fragment, + .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, + .mpo_netinet_igmp_send = lomac_netinet_igmp_send, + + .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, + .mpo_pipe_check_ioctl = lomac_pipe_check_ioctl, .mpo_pipe_check_read = lomac_pipe_check_read, .mpo_pipe_check_relabel = lomac_pipe_check_relabel, .mpo_pipe_check_write = lomac_pipe_check_write, + .mpo_pipe_copy_label = lomac_copy_label, + .mpo_pipe_create = lomac_pipe_create, + .mpo_pipe_destroy_label = lomac_destroy_label, + .mpo_pipe_externalize_label = lomac_externalize_label, + .mpo_pipe_init_label = lomac_init_label, + .mpo_pipe_internalize_label = lomac_internalize_label, + .mpo_pipe_relabel = lomac_pipe_relabel, + + .mpo_priv_check = lomac_priv_check, + .mpo_proc_check_debug = lomac_proc_check_debug, .mpo_proc_check_sched = lomac_proc_check_sched, .mpo_proc_check_signal = lomac_proc_check_signal, + .mpo_proc_create_swapper = lomac_proc_create_swapper, + .mpo_proc_create_init = lomac_proc_create_init, + .mpo_proc_destroy_label = lomac_proc_destroy_label, + .mpo_proc_init_label = lomac_proc_init_label, + .mpo_socket_check_deliver = lomac_socket_check_deliver, .mpo_socket_check_relabel = lomac_socket_check_relabel, .mpo_socket_check_visible = lomac_socket_check_visible, + .mpo_socket_copy_label = lomac_copy_label, + .mpo_socket_create = lomac_socket_create, + .mpo_socket_create_mbuf = lomac_socket_create_mbuf, + .mpo_socket_destroy_label = lomac_destroy_label, + .mpo_socket_externalize_label = lomac_externalize_label, + .mpo_socket_init_label = lomac_init_label_waitcheck, + .mpo_socket_internalize_label = lomac_internalize_label, + .mpo_socket_newconn = lomac_socket_newconn, + .mpo_socket_relabel = lomac_socket_relabel, + + .mpo_socketpeer_destroy_label = lomac_destroy_label, + .mpo_socketpeer_externalize_label = lomac_externalize_label, + .mpo_socketpeer_init_label = lomac_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket, + + .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf, + .mpo_system_check_acct = lomac_system_check_acct, .mpo_system_check_auditctl = lomac_system_check_auditctl, .mpo_system_check_swapoff = lomac_system_check_swapoff, .mpo_system_check_swapon = lomac_system_check_swapon, .mpo_system_check_sysctl = lomac_system_check_sysctl, + + .mpo_thread_userret = lomac_thread_userret, + + .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel, .mpo_vnode_check_access = lomac_vnode_check_open, .mpo_vnode_check_create = lomac_vnode_check_create, .mpo_vnode_check_deleteacl = lomac_vnode_check_deleteacl, @@ -2964,15 +2970,16 @@ static struct mac_policy_ops lomac_ops = .mpo_vnode_check_setutimes = lomac_vnode_check_setutimes, .mpo_vnode_check_unlink = lomac_vnode_check_unlink, .mpo_vnode_check_write = lomac_vnode_check_write, - .mpo_thread_userret = lomac_thread_userret, - .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, - .mpo_netinet_arp_send = lomac_netinet_arp_send, - .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, - .mpo_netinet_firewall_send = lomac_netinet_firewall_send, - .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, - .mpo_netinet_igmp_send = lomac_netinet_igmp_send, - .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, - .mpo_priv_check = lomac_priv_check, + .mpo_vnode_copy_label = lomac_copy_label, + .mpo_vnode_create_extattr = lomac_vnode_create_extattr, + .mpo_vnode_destroy_label = lomac_destroy_label, + .mpo_vnode_execve_transition = lomac_vnode_execve_transition, + .mpo_vnode_execve_will_transition = lomac_vnode_execve_will_transition, + .mpo_vnode_externalize_label = lomac_externalize_label, + .mpo_vnode_init_label = lomac_init_label, + .mpo_vnode_internalize_label = lomac_internalize_label, + .mpo_vnode_relabel = lomac_vnode_relabel, + .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, }; MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC", diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 8ead381..eb3ab0e 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -736,10 +736,140 @@ mls_copy_label(struct label *src, struct label *dest) *SLOT(dest) = *SLOT(src); } + /* - * Labeling event operations: file system objects, and things that look a lot - * like file system objects. + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. */ +static int +mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) +{ + struct mac_mls *a, *b; + + if (!mls_enabled) + return (0); + + a = SLOT(dlabel); + b = SLOT(ifplabel); + + if (mls_equal_effective(a, b)) + return (0); + return (EACCES); +} + +static void +mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(dlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(dlabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + +static int +mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) +{ + struct mac_mls *subj, *new; + int error; + + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); + + /* + * If there is an MLS label update for the credential, it may be an + * update of effective, range, or both. + */ + error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); + if (error) + return (error); + + /* + * If the MLS label is to be changed, authorize as appropriate. + */ + if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { + /* + * If the change request modifies both the MLS label + * effective and range, check that the new effective will be + * in the new range. + */ + if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == + MAC_MLS_FLAGS_BOTH && !mls_effective_in_range(new, new)) + return (EINVAL); + + /* + * To change the MLS effective label on a credential, the new + * effective label must be in the current range. + */ + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && + !mls_effective_in_range(new, subj)) + return (EPERM); + + /* + * To change the MLS range label on a credential, the new + * range must be in the current range. + */ + if (new->mm_flags & MAC_MLS_FLAG_RANGE && + !mls_range_in_range(new, subj)) + return (EPERM); + + /* + * To have EQUAL in any component of the new credential MLS + * label, the subject must already have EQUAL in their label. + */ + if (mls_contains_equal(new)) { + error = mls_subject_privileged(subj); + if (error) + return (error); + } + } + + return (0); +} + +static int +mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +{ + struct mac_mls *subj, *obj; + + if (!mls_enabled) + return (0); + + subj = SLOT(cr1->cr_label); + obj = SLOT(cr2->cr_label); + + /* XXX: range */ + if (!mls_dominate_effective(subj, obj)) + return (ESRCH); + + return (0); +} + +static void +mls_cred_relabel(struct ucred *cred, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(cred->cr_label); + + mls_copy(source, dest); +} + static void mls_devfs_create_device(struct ucred *cred, struct mount *mp, struct cdev *dev, struct devfs_dirent *de, struct label *delabel) @@ -789,29 +919,6 @@ mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, } static void -mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(mplabel); - - mls_copy_effective(source, dest); -} - -static void -mls_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - struct mac_mls *source, *dest; - - source = SLOT(label); - dest = SLOT(vplabel); - - mls_copy(source, dest); -} - -static void mls_devfs_update(struct mount *mp, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vplabel) { @@ -837,332 +944,255 @@ mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, } static int -mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { - struct mac_mls mm_temp, *source, *dest; - int buflen, error; - - source = SLOT(mplabel); - dest = SLOT(vplabel); + struct mac_mls *subj, *new; + int error; - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); + subj = SLOT(cred->cr_label); + new = SLOT(newlabel); - error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread); - if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the mntlabel. */ - mls_copy_effective(source, dest); - return (0); - } else if (error) + /* + * If there is an MLS label update for the interface, it may be an + * update of effective, range, or both. + */ + error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); + if (error) return (error); - if (buflen != sizeof(mm_temp)) { - printf("mls_vnode_associate_extattr: bad size %d\n", buflen); - return (EPERM); - } - if (mls_valid(&mm_temp) != 0) { - printf("mls_vnode_associate_extattr: invalid\n"); - return (EPERM); - } - if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) != - MAC_MLS_FLAG_EFFECTIVE) { - printf("mls_associated_vnode_extattr: not effective\n"); - return (EPERM); - } + /* + * Relabeling network interfaces requires MLS privilege. + */ + error = mls_subject_privileged(subj); - mls_copy_effective(&mm_temp, dest); return (0); } -static void -mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mplabel); - dest = SLOT(vplabel); - - mls_copy_effective(source, dest); -} - -static int -mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) -{ - struct mac_mls *source, *dest, mm_temp; - size_t buflen; - int error; - - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); - - source = SLOT(cred->cr_label); - dest = SLOT(vplabel); - mls_copy_effective(source, &mm_temp); - - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); - if (error == 0) - mls_copy_effective(source, dest); - return (error); -} - static int -mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, mm_temp; - size_t buflen; - int error; - - buflen = sizeof(mm_temp); - bzero(&mm_temp, buflen); + struct mac_mls *p, *i; - source = SLOT(intlabel); - if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) + if (!mls_enabled) return (0); - mls_copy_effective(source, &mm_temp); + p = SLOT(mlabel); + i = SLOT(ifplabel); - error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, - MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); - return (error); + return (mls_effective_in_range(p, i) ? 0 : EACCES); } -/* - * Labeling event operations: IPC object. - */ static void -mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, - struct label *inplabel) +mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { - struct mac_mls *source, *dest; + struct mac_mls *dest; + int type; - source = SLOT(solabel); - dest = SLOT(inplabel); + dest = SLOT(ifplabel); - mls_copy_effective(source, dest); + if (ifp->if_type == IFT_LOOP) + type = MAC_MLS_TYPE_EQUAL; + else + type = MAC_MLS_TYPE_LOW; + + mls_set_effective(dest, type, 0, NULL); + mls_set_range(dest, type, 0, NULL, type, 0, NULL); } static void -mls_socket_create_mbuf(struct socket *so, struct label *solabel, +mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(solabel); + source = SLOT(ifplabel); dest = SLOT(mlabel); mls_copy_effective(source, dest); } static void -mls_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) +mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_mls *source, *dest; - source = SLOT(cred->cr_label); - dest = SLOT(solabel); + source = SLOT(newlabel); + dest = SLOT(ifplabel); - mls_copy_effective(source, dest); + mls_copy(source, dest); } -static void -mls_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +static int +mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, *dest; - - source = SLOT(cred->cr_label); - dest = SLOT(pplabel); - - mls_copy_effective(source, dest); -} + struct mac_mls *p, *i; -static void -mls_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_mls *source, *dest; + if (!mls_enabled) + return (0); - source = SLOT(cred->cr_label); - dest = SLOT(kslabel); + p = SLOT(mlabel); + i = SLOT(inplabel); - mls_copy_effective(source, dest); + return (mls_equal_effective(p, i) ? 0 : EACCES); } static void -mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) +mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, + struct label *inplabel) { struct mac_mls *source, *dest; - source = SLOT(oldsolabel); - dest = SLOT(newsolabel); + source = SLOT(solabel); + dest = SLOT(inplabel); mls_copy_effective(source, dest); } static void -mls_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(newlabel); - dest = SLOT(solabel); + source = SLOT(inplabel); + dest = SLOT(mlabel); - mls_copy(source, dest); + mls_copy_effective(source, dest); } static void -mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { struct mac_mls *source, *dest; - source = SLOT(newlabel); - dest = SLOT(pplabel); + source = SLOT(solabel); + dest = SLOT(inplabel); mls_copy(source, dest); } static void -mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) +mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_mls *source, *dest; source = SLOT(mlabel); - dest = SLOT(sopeerlabel); + dest = SLOT(ipqlabel); mls_copy_effective(source, dest); } -/* - * Labeling event operations: System V IPC objects. - */ -static void -mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +static int +mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_mls *source, *dest; + struct mac_mls *a, *b; - /* Ignore the msgq label. */ - source = SLOT(cred->cr_label); - dest = SLOT(msglabel); + a = SLOT(ipqlabel); + b = SLOT(mlabel); - mls_copy_effective(source, dest); + return (mls_equal_effective(a, b)); } static void -mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) +mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, + struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(cred->cr_label); - dest = SLOT(msqlabel); + source = SLOT(ipqlabel); + dest = SLOT(mlabel); + /* Just use the head, since we require them all to match. */ mls_copy_effective(source, dest); } static void -mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) +mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { - struct mac_mls *source, *dest; - source = SLOT(cred->cr_label); - dest = SLOT(semalabel); - - mls_copy_effective(source, dest); + /* NOOP: we only accept matching labels, so no need to update */ } -static void -mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) +static int +mls_mount_check_stat(struct ucred *cred, struct mount *mp, + struct label *mntlabel) { - struct mac_mls *source, *dest; + struct mac_mls *subj, *obj; - source = SLOT(cred->cr_label); - dest = SLOT(shmlabel); + if (!mls_enabled) + return (0); - mls_copy_effective(source, dest); + subj = SLOT(cred->cr_label); + obj = SLOT(mntlabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); } -/* - * Labeling event operations: network objects. - */ static void -mls_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) +mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) { struct mac_mls *source, *dest; - source = SLOT(oldsolabel); - dest = SLOT(newsopeerlabel); + source = SLOT(cred->cr_label); + dest = SLOT(mplabel); mls_copy_effective(source, dest); } static void -mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) +mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, *dest; + struct mac_mls *dest; - source = SLOT(cred->cr_label); - dest = SLOT(dlabel); + dest = SLOT(mlabel); - mls_copy_effective(source, dest); + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void -mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; - int type; - dest = SLOT(ifplabel); - - if (ifp->if_type == IFT_LOOP) - type = MAC_MLS_TYPE_EQUAL; - else - type = MAC_MLS_TYPE_LOW; + dest = SLOT(mlabel); - mls_set_effective(dest, type, 0, NULL); - mls_set_range(dest, type, 0, NULL, type, 0, NULL); + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void -mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { struct mac_mls *source, *dest; - source = SLOT(mlabel); - dest = SLOT(ipqlabel); + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); mls_copy_effective(source, dest); } static void -mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, - struct label *mlabel) +mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, *dest; + struct mac_mls *dest; - source = SLOT(ipqlabel); dest = SLOT(mlabel); - /* Just use the head, since we require them all to match. */ - mls_copy_effective(source, dest); + /* XXX: where is the label for the firewall really comming from? */ + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void @@ -1178,212 +1208,245 @@ mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, } static void -mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { struct mac_mls *source, *dest; - source = SLOT(inplabel); - dest = SLOT(mlabel); + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); mls_copy_effective(source, dest); } static void -mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, +mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, *dest; + struct mac_mls *dest; - source = SLOT(dlabel); dest = SLOT(mlabel); - mls_copy_effective(source, dest); + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void -mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, +mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { - struct mac_mls *source, *dest; + struct mac_mls *dest; - source = SLOT(ifplabel); dest = SLOT(mlabel); - mls_copy_effective(source, dest); + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static int -mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { - struct mac_mls *a, *b; - a = SLOT(ipqlabel); - b = SLOT(mlabel); + if (!mls_enabled) + return (0); - return (mls_equal_effective(a, b)); + /* XXX: This will be implemented soon... */ + + return (0); } -static void -mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +static int +mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_mls *source, *dest; + struct mac_mls *subj, *obj; - source = SLOT(newlabel); - dest = SLOT(ifplabel); + if (!mls_enabled) + return (0); - mls_copy(source, dest); -} + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); -static void -mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) -{ + if (!mls_dominate_effective(subj, obj)) + return (EACCES); - /* NOOP: we only accept matching labels, so no need to update */ + return (0); } -static void -mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +mls_pipe_check_read(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_mls *source, *dest; + struct mac_mls *subj, *obj; - source = SLOT(solabel); - dest = SLOT(inplabel); + if (!mls_enabled) + return (0); - mls_copy(source, dest); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); } -static void -mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +static int +mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { - struct mac_mls *dest; + struct mac_mls *subj, *obj, *new; + int error; - dest = SLOT(mlabel); + new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} + /* + * If there is an MLS label update for a pipe, it must be a effective + * update. + */ + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); + if (error) + return (error); -static void -mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; + /* + * To perform a relabel of a pipe (MLS label or not), MLS must + * authorize the relabel. + */ + if (!mls_effective_in_range(obj, subj)) + return (EPERM); - dest = SLOT(mlabel); + /* + * If the MLS label is to be changed, authorize as appropriate. + */ + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { + /* + * To change the MLS label on a pipe, the new pipe label must + * be in the subject range. + */ + if (!mls_effective_in_range(new, subj)) + return (EPERM); - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + /* + * To change the MLS label on a pipe to be EQUAL, the subject + * must have appropriate privilege. + */ + if (mls_contains_equal(new)) { + error = mls_subject_privileged(subj); + if (error) + return (error); + } + } + + return (0); } -static void -mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) +static int +mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_mls *source, *dest; + struct mac_mls *subj, *obj; - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); + if (!mls_enabled) + return (0); - mls_copy_effective(source, dest); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); + + if (!mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); } -static void -mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) +static int +mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { - struct mac_mls *dest; + struct mac_mls *subj, *obj; - dest = SLOT(mlabel); + if (!mls_enabled) + return (0); - /* XXX: where is the label for the firewall really comming from? */ - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + subj = SLOT(cred->cr_label); + obj = SLOT(pplabel); + + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); } static void -mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) +mls_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { struct mac_mls *source, *dest; - source = SLOT(mrecvlabel); - dest = SLOT(msendlabel); + source = SLOT(cred->cr_label); + dest = SLOT(pplabel); mls_copy_effective(source, dest); } static void -mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { - struct mac_mls *dest; + struct mac_mls *source, *dest; - dest = SLOT(mlabel); + source = SLOT(newlabel); + dest = SLOT(pplabel); - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mls_copy(source, dest); } -static void -mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +static int +mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - struct mac_mls *dest; - - dest = SLOT(mlabel); + struct mac_mls *subj, *obj; - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} + if (!mls_enabled) + return (0); -static void -mls_syncache_create(struct label *label, struct inpcb *inp) -{ - struct mac_mls *source, *dest; + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); - source = SLOT(inp->inp_label); - dest = SLOT(label); + if (!mls_dominate_effective(subj, obj)) + return (EACCES); - mls_copy_effective(source, dest); + return (0); } -static void -mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +static int +mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - struct mac_mls *source, *dest; - - source = SLOT(sc_label); - dest = SLOT(mlabel); + struct mac_mls *subj, *obj; - mls_copy_effective(source, dest); -} + if (!mls_enabled) + return (0); -/* - * Labeling event operations: processes. - */ -static void -mls_proc_create_swapper(struct ucred *cred) -{ - struct mac_mls *dest; + subj = SLOT(cred->cr_label); + obj = SLOT(kslabel); - dest = SLOT(cred->cr_label); + if (!mls_dominate_effective(obj, subj)) + return (EACCES); - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); + return (0); } static void -mls_proc_create_init(struct ucred *cred) +mls_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - struct mac_mls *dest; + struct mac_mls *source, *dest; - dest = SLOT(cred->cr_label); + source = SLOT(cred->cr_label); + dest = SLOT(kslabel); - mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); - mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, - NULL); + mls_copy_effective(source, dest); } static void @@ -1397,117 +1460,145 @@ mls_proc_associate_nfsd(struct ucred *cred) NULL); } -static void -mls_cred_relabel(struct ucred *cred, struct label *newlabel) +static int +mls_proc_check_debug(struct ucred *cred, struct proc *p) { - struct mac_mls *source, *dest; + struct mac_mls *subj, *obj; - source = SLOT(newlabel); - dest = SLOT(cred->cr_label); + if (!mls_enabled) + return (0); - mls_copy(source, dest); + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!mls_dominate_effective(subj, obj)) + return (ESRCH); + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); } -/* - * Label cleanup/flush operations. - */ -static void -mls_sysvmsg_cleanup(struct label *msglabel) +static int +mls_proc_check_sched(struct ucred *cred, struct proc *p) { + struct mac_mls *subj, *obj; - bzero(SLOT(msglabel), sizeof(struct mac_mls)); + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!mls_dominate_effective(subj, obj)) + return (ESRCH); + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); } -static void -mls_sysvmsq_cleanup(struct label *msqlabel) +static int +mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { + struct mac_mls *subj, *obj; - bzero(SLOT(msqlabel), sizeof(struct mac_mls)); + if (!mls_enabled) + return (0); + + subj = SLOT(cred->cr_label); + obj = SLOT(p->p_ucred->cr_label); + + /* XXX: range checks */ + if (!mls_dominate_effective(subj, obj)) + return (ESRCH); + if (!mls_dominate_effective(obj, subj)) + return (EACCES); + + return (0); } static void -mls_sysvsem_cleanup(struct label *semalabel) +mls_proc_create_init(struct ucred *cred) { + struct mac_mls *dest; - bzero(SLOT(semalabel), sizeof(struct mac_mls)); + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); } static void -mls_sysvshm_cleanup(struct label *shmlabel) +mls_proc_create_swapper(struct ucred *cred) { + struct mac_mls *dest; - bzero(SLOT(shmlabel), sizeof(struct mac_mls)); + dest = SLOT(cred->cr_label); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, + NULL); } -/* - * Access control checks. - */ static int -mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) +mls_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - struct mac_mls *a, *b; + struct mac_mls *p, *s; if (!mls_enabled) return (0); - a = SLOT(dlabel); - b = SLOT(ifplabel); + p = SLOT(mlabel); + s = SLOT(solabel); - if (mls_equal_effective(a, b)) - return (0); - return (EACCES); + return (mls_equal_effective(p, s) ? 0 : EACCES); } static int -mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) +mls_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { - struct mac_mls *subj, *new; + struct mac_mls *subj, *obj, *new; int error; - subj = SLOT(cred->cr_label); new = SLOT(newlabel); + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); /* - * If there is an MLS label update for the credential, it may be an - * update of effective, range, or both. + * If there is an MLS label update for the socket, it may be an + * update of effective. */ - error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); /* - * If the MLS label is to be changed, authorize as appropriate. + * To relabel a socket, the old socket effective must be in the + * subject range. */ - if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { - /* - * If the change request modifies both the MLS label - * effective and range, check that the new effective will be - * in the new range. - */ - if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == - MAC_MLS_FLAGS_BOTH && !mls_effective_in_range(new, new)) - return (EINVAL); - - /* - * To change the MLS effective label on a credential, the new - * effective label must be in the current range. - */ - if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && - !mls_effective_in_range(new, subj)) - return (EPERM); + if (!mls_effective_in_range(obj, subj)) + return (EPERM); + /* + * If the MLS label is to be changed, authorize as appropriate. + */ + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* - * To change the MLS range label on a credential, the new - * range must be in the current range. + * To relabel a socket, the new socket effective must be in + * the subject range. */ - if (new->mm_flags & MAC_MLS_FLAG_RANGE && - !mls_range_in_range(new, subj)) + if (!mls_effective_in_range(new, subj)) return (EPERM); /* - * To have EQUAL in any component of the new credential MLS - * label, the subject must already have EQUAL in their label. + * To change the MLS label on the socket to contain EQUAL, + * the subject must have appropriate privilege. */ if (mls_contains_equal(new)) { error = mls_subject_privileged(subj); @@ -1520,77 +1611,194 @@ mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) } static int -mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +mls_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_mls *subj, *obj; if (!mls_enabled) return (0); - subj = SLOT(cr1->cr_label); - obj = SLOT(cr2->cr_label); + subj = SLOT(cred->cr_label); + obj = SLOT(solabel); - /* XXX: range */ if (!mls_dominate_effective(subj, obj)) - return (ESRCH); + return (ENOENT); return (0); } +static void +mls_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(solabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(solabel); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(newlabel); + dest = SLOT(solabel); + + mls_copy(source, dest); +} + +static void +mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); + + mls_copy_effective(source, dest); +} + +static void +mls_syncache_create(struct label *label, struct inpcb *inp) +{ + struct mac_mls *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + + mls_copy_effective(source, dest); +} + +static void +mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mlabel); + + mls_copy_effective(source, dest); +} + static int -mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +mls_system_check_acct(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { - struct mac_mls *subj, *new; - int error; + struct mac_mls *subj, *obj; - subj = SLOT(cred->cr_label); - new = SLOT(newlabel); + if (!mls_enabled) + return (0); - /* - * If there is an MLS label update for the interface, it may be an - * update of effective, range, or both. - */ - error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); - if (error) - return (error); + subj = SLOT(cred->cr_label); + obj = SLOT(vplabel); - /* - * Relabeling network interfaces requires MLS privilege. - */ - error = mls_subject_privileged(subj); + if (!mls_dominate_effective(obj, subj) || + !mls_dominate_effective(subj, obj)) + return (EACCES); return (0); } static int -mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +mls_system_check_auditctl(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { - struct mac_mls *p, *i; + struct mac_mls *subj, *obj; if (!mls_enabled) return (0); - p = SLOT(mlabel); - i = SLOT(ifplabel); + subj = SLOT(cred->cr_label); + obj = SLOT(vplabel); - return (mls_effective_in_range(p, i) ? 0 : EACCES); + if (!mls_dominate_effective(obj, subj) || + !mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); } static int -mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +mls_system_check_swapon(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { - struct mac_mls *p, *i; + struct mac_mls *subj, *obj; if (!mls_enabled) return (0); - p = SLOT(mlabel); - i = SLOT(inplabel); + subj = SLOT(cred->cr_label); + obj = SLOT(vplabel); - return (mls_equal_effective(p, i) ? 0 : EACCES); + if (!mls_dominate_effective(obj, subj) || + !mls_dominate_effective(subj, obj)) + return (EACCES); + + return (0); +} + +static void +mls_sysvmsg_cleanup(struct label *msglabel) +{ + + bzero(SLOT(msglabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + struct mac_mls *source, *dest; + + /* Ignore the msgq label. */ + source = SLOT(cred->cr_label); + dest = SLOT(msglabel); + + mls_copy_effective(source, dest); } static int @@ -1714,6 +1922,25 @@ mls_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, return (0); } +static void +mls_sysvmsq_cleanup(struct label *msqlabel) +{ + + bzero(SLOT(msqlabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(msqlabel); + + mls_copy_effective(source, dest); +} + static int mls_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, struct label *semaklabel, int cmd) @@ -1793,6 +2020,25 @@ mls_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, return (0); } +static void +mls_sysvsem_cleanup(struct label *semalabel) +{ + + bzero(SLOT(semalabel), sizeof(struct mac_mls)); +} + +static void +mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(cred->cr_label); + dest = SLOT(semalabel); + + mls_copy_effective(source, dest); +} + static int mls_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) @@ -1865,395 +2111,75 @@ mls_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, return (0); } -static int -mls_mount_check_stat(struct ucred *cred, struct mount *mp, - struct label *mntlabel) +static void +mls_sysvshm_cleanup(struct label *shmlabel) { - struct mac_mls *subj, *obj; - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(mntlabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); + bzero(SLOT(shmlabel), sizeof(struct mac_mls)); } -static int -mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) +static void +mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) { + struct mac_mls *source, *dest; - if (!mls_enabled) - return (0); - - /* XXX: This will be implemented soon... */ + source = SLOT(cred->cr_label); + dest = SLOT(shmlabel); - return (0); + mls_copy_effective(source, dest); } static int -mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); + struct mac_mls mm_temp, *source, *dest; + int buflen, error; - return (0); -} + source = SLOT(mplabel); + dest = SLOT(vplabel); -static int -mls_pipe_check_read(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_mls *subj, *obj; + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); - if (!mls_enabled) + error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread); + if (error == ENOATTR || error == EOPNOTSUPP) { + /* Fall back to the mntlabel. */ + mls_copy_effective(source, dest); return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) -{ - struct mac_mls *subj, *obj, *new; - int error; - - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - /* - * If there is an MLS label update for a pipe, it must be a effective - * update. - */ - error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); - if (error) + } else if (error) return (error); - /* - * To perform a relabel of a pipe (MLS label or not), MLS must - * authorize the relabel. - */ - if (!mls_effective_in_range(obj, subj)) + if (buflen != sizeof(mm_temp)) { + printf("mls_vnode_associate_extattr: bad size %d\n", buflen); return (EPERM); - - /* - * If the MLS label is to be changed, authorize as appropriate. - */ - if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { - /* - * To change the MLS label on a pipe, the new pipe label must - * be in the subject range. - */ - if (!mls_effective_in_range(new, subj)) - return (EPERM); - - /* - * To change the MLS label on a pipe to be EQUAL, the subject - * must have appropriate privilege. - */ - if (mls_contains_equal(new)) { - error = mls_subject_privileged(subj); - if (error) - return (error); - } } - - return (0); -} - -static int -mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(pplabel); - - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(kslabel); - - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, - struct label *kslabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(kslabel); - - if (!mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_proc_check_debug(struct ucred *cred, struct proc *p) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!mls_dominate_effective(subj, obj)) - return (ESRCH); - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_proc_check_sched(struct ucred *cred, struct proc *p) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!mls_dominate_effective(subj, obj)) - return (ESRCH); - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(p->p_ucred->cr_label); - - /* XXX: range checks */ - if (!mls_dominate_effective(subj, obj)) - return (ESRCH); - if (!mls_dominate_effective(obj, subj)) - return (EACCES); - - return (0); -} - -static int -mls_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *p, *s; - - if (!mls_enabled) - return (0); - - p = SLOT(mlabel); - s = SLOT(solabel); - - return (mls_equal_effective(p, s) ? 0 : EACCES); -} - -static int -mls_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) -{ - struct mac_mls *subj, *obj, *new; - int error; - - new = SLOT(newlabel); - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - /* - * If there is an MLS label update for the socket, it may be an - * update of effective. - */ - error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); - if (error) - return (error); - - /* - * To relabel a socket, the old socket effective must be in the - * subject range. - */ - if (!mls_effective_in_range(obj, subj)) + if (mls_valid(&mm_temp) != 0) { + printf("mls_vnode_associate_extattr: invalid\n"); + return (EPERM); + } + if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) != + MAC_MLS_FLAG_EFFECTIVE) { + printf("mls_associated_vnode_extattr: not effective\n"); return (EPERM); - - /* - * If the MLS label is to be changed, authorize as appropriate. - */ - if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { - /* - * To relabel a socket, the new socket effective must be in - * the subject range. - */ - if (!mls_effective_in_range(new, subj)) - return (EPERM); - - /* - * To change the MLS label on the socket to contain EQUAL, - * the subject must have appropriate privilege. - */ - if (mls_contains_equal(new)) { - error = mls_subject_privileged(subj); - if (error) - return (error); - } } + mls_copy_effective(&mm_temp, dest); return (0); } -static int -mls_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(solabel); - - if (!mls_dominate_effective(subj, obj)) - return (ENOENT); - - return (0); -} - -static int -mls_system_check_acct(struct ucred *cred, struct vnode *vp, - struct label *vplabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(vplabel); - - if (!mls_dominate_effective(obj, subj) || - !mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_system_check_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vplabel) -{ - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(vplabel); - - if (!mls_dominate_effective(obj, subj) || - !mls_dominate_effective(subj, obj)) - return (EACCES); - - return (0); -} - -static int -mls_system_check_swapon(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +static void +mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - struct mac_mls *subj, *obj; - - if (!mls_enabled) - return (0); - - subj = SLOT(cred->cr_label); - obj = SLOT(vplabel); + struct mac_mls *source, *dest; - if (!mls_dominate_effective(obj, subj) || - !mls_dominate_effective(subj, obj)) - return (EACCES); + source = SLOT(mplabel); + dest = SLOT(vplabel); - return (0); + mls_copy_effective(source, dest); } static int @@ -2890,149 +2816,229 @@ mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, return (0); } +static int +mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) +{ + struct mac_mls *source, *dest, mm_temp; + size_t buflen; + int error; + + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); + + source = SLOT(cred->cr_label); + dest = SLOT(vplabel); + mls_copy_effective(source, &mm_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); + if (error == 0) + mls_copy_effective(source, dest); + return (error); +} + +static void +mls_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + struct mac_mls *source, *dest; + + source = SLOT(label); + dest = SLOT(vplabel); + + mls_copy(source, dest); +} + +static int +mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + struct mac_mls *source, mm_temp; + size_t buflen; + int error; + + buflen = sizeof(mm_temp); + bzero(&mm_temp, buflen); + + source = SLOT(intlabel); + if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) + return (0); + + mls_copy_effective(source, &mm_temp); + + error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, + MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread); + return (error); +} + static struct mac_policy_ops mls_ops = { .mpo_init = mls_init, - .mpo_bpfdesc_init_label = mls_init_label, - .mpo_cred_init_label = mls_init_label, - .mpo_devfs_init_label = mls_init_label, - .mpo_ifnet_init_label = mls_init_label, - .mpo_inpcb_init_label = mls_init_label_waitcheck, - .mpo_syncache_init_label = mls_init_label_waitcheck, - .mpo_sysvmsg_init_label = mls_init_label, - .mpo_sysvmsq_init_label = mls_init_label, - .mpo_sysvsem_init_label = mls_init_label, - .mpo_sysvshm_init_label = mls_init_label, - .mpo_ipq_init_label = mls_init_label_waitcheck, - .mpo_mbuf_init_label = mls_init_label_waitcheck, - .mpo_mount_init_label = mls_init_label, - .mpo_pipe_init_label = mls_init_label, - .mpo_posixsem_init_label = mls_init_label, - .mpo_socket_init_label = mls_init_label_waitcheck, - .mpo_socketpeer_init_label = mls_init_label_waitcheck, - .mpo_vnode_init_label = mls_init_label, + + .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, + .mpo_bpfdesc_create = mls_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = mls_destroy_label, - .mpo_cred_destroy_label = mls_destroy_label, - .mpo_devfs_destroy_label = mls_destroy_label, - .mpo_ifnet_destroy_label = mls_destroy_label, - .mpo_inpcb_destroy_label = mls_destroy_label, - .mpo_syncache_destroy_label = mls_destroy_label, - .mpo_sysvmsg_destroy_label = mls_destroy_label, - .mpo_sysvmsq_destroy_label = mls_destroy_label, - .mpo_sysvsem_destroy_label = mls_destroy_label, - .mpo_sysvshm_destroy_label = mls_destroy_label, - .mpo_ipq_destroy_label = mls_destroy_label, - .mpo_mbuf_destroy_label = mls_destroy_label, - .mpo_mount_destroy_label = mls_destroy_label, - .mpo_pipe_destroy_label = mls_destroy_label, - .mpo_posixsem_destroy_label = mls_destroy_label, - .mpo_socket_destroy_label = mls_destroy_label, - .mpo_socketpeer_destroy_label = mls_destroy_label, - .mpo_vnode_destroy_label = mls_destroy_label, + .mpo_bpfdesc_init_label = mls_init_label, + + .mpo_cred_check_relabel = mls_cred_check_relabel, + .mpo_cred_check_visible = mls_cred_check_visible, .mpo_cred_copy_label = mls_copy_label, - .mpo_ifnet_copy_label = mls_copy_label, - .mpo_mbuf_copy_label = mls_copy_label, - .mpo_pipe_copy_label = mls_copy_label, - .mpo_socket_copy_label = mls_copy_label, - .mpo_vnode_copy_label = mls_copy_label, + .mpo_cred_destroy_label = mls_destroy_label, .mpo_cred_externalize_label = mls_externalize_label, - .mpo_ifnet_externalize_label = mls_externalize_label, - .mpo_pipe_externalize_label = mls_externalize_label, - .mpo_socket_externalize_label = mls_externalize_label, - .mpo_socketpeer_externalize_label = mls_externalize_label, - .mpo_vnode_externalize_label = mls_externalize_label, + .mpo_cred_init_label = mls_init_label, .mpo_cred_internalize_label = mls_internalize_label, - .mpo_ifnet_internalize_label = mls_internalize_label, - .mpo_pipe_internalize_label = mls_internalize_label, - .mpo_socket_internalize_label = mls_internalize_label, - .mpo_vnode_internalize_label = mls_internalize_label, + .mpo_cred_relabel = mls_cred_relabel, + .mpo_devfs_create_device = mls_devfs_create_device, .mpo_devfs_create_directory = mls_devfs_create_directory, .mpo_devfs_create_symlink = mls_devfs_create_symlink, - .mpo_mount_create = mls_mount_create, - .mpo_vnode_relabel = mls_vnode_relabel, + .mpo_devfs_destroy_label = mls_destroy_label, + .mpo_devfs_init_label = mls_init_label, .mpo_devfs_update = mls_devfs_update, .mpo_devfs_vnode_associate = mls_devfs_vnode_associate, - .mpo_vnode_associate_extattr = mls_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel, - .mpo_vnode_create_extattr = mls_vnode_create_extattr, - .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, - .mpo_socket_create_mbuf = mls_socket_create_mbuf, - .mpo_syncache_create_mbuf = mls_syncache_create_mbuf, - .mpo_pipe_create = mls_pipe_create, - .mpo_posixsem_create = mls_posixsem_create, - .mpo_socket_create = mls_socket_create, - .mpo_socket_newconn = mls_socket_newconn, - .mpo_pipe_relabel = mls_pipe_relabel, - .mpo_socket_relabel = mls_socket_relabel, - .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket, - .mpo_bpfdesc_create = mls_bpfdesc_create, - .mpo_ipq_reassemble = mls_ipq_reassemble, - .mpo_netinet_fragment = mls_netinet_fragment, + + .mpo_ifnet_check_relabel = mls_ifnet_check_relabel, + .mpo_ifnet_check_transmit = mls_ifnet_check_transmit, + .mpo_ifnet_copy_label = mls_copy_label, .mpo_ifnet_create = mls_ifnet_create, + .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = mls_destroy_label, + .mpo_ifnet_externalize_label = mls_externalize_label, + .mpo_ifnet_init_label = mls_init_label, + .mpo_ifnet_internalize_label = mls_internalize_label, + .mpo_ifnet_relabel = mls_ifnet_relabel, + + .mpo_inpcb_check_deliver = mls_inpcb_check_deliver, .mpo_inpcb_create = mls_inpcb_create, - .mpo_syncache_create = mls_syncache_create, - .mpo_ipq_create = mls_ipq_create, - .mpo_sysvmsg_create = mls_sysvmsg_create, - .mpo_sysvmsq_create = mls_sysvmsq_create, - .mpo_sysvsem_create = mls_sysvsem_create, - .mpo_sysvshm_create = mls_sysvshm_create, .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, + .mpo_inpcb_destroy_label = mls_destroy_label, + .mpo_inpcb_init_label = mls_init_label_waitcheck, + .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, + + .mpo_ipq_create = mls_ipq_create, + .mpo_ipq_destroy_label = mls_destroy_label, + .mpo_ipq_init_label = mls_init_label_waitcheck, .mpo_ipq_match = mls_ipq_match, - .mpo_ifnet_relabel = mls_ifnet_relabel, + .mpo_ipq_reassemble = mls_ipq_reassemble, .mpo_ipq_update = mls_ipq_update, - .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel, - .mpo_proc_create_swapper = mls_proc_create_swapper, - .mpo_proc_create_init = mls_proc_create_init, - .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, - .mpo_cred_relabel = mls_cred_relabel, - .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, - .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive, - .mpo_cred_check_relabel = mls_cred_check_relabel, - .mpo_cred_check_visible = mls_cred_check_visible, - .mpo_ifnet_check_relabel = mls_ifnet_check_relabel, - .mpo_ifnet_check_transmit = mls_ifnet_check_transmit, - .mpo_inpcb_check_deliver = mls_inpcb_check_deliver, - .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = mls_sysvsem_check_semget, - .mpo_sysvsem_check_semop = mls_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget, + + .mpo_mbuf_copy_label = mls_copy_label, + .mpo_mbuf_destroy_label = mls_destroy_label, + .mpo_mbuf_init_label = mls_init_label_waitcheck, + .mpo_mount_check_stat = mls_mount_check_stat, + .mpo_mount_create = mls_mount_create, + .mpo_mount_destroy_label = mls_destroy_label, + .mpo_mount_init_label = mls_init_label, + + .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, + + .mpo_netinet_arp_send = mls_netinet_arp_send, + .mpo_netinet_firewall_reply = mls_netinet_firewall_reply, + .mpo_netinet_firewall_send = mls_netinet_firewall_send, + .mpo_netinet_fragment = mls_netinet_fragment, + .mpo_netinet_icmp_reply = mls_netinet_icmp_reply, + .mpo_netinet_igmp_send = mls_netinet_igmp_send, + + .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, + .mpo_pipe_check_ioctl = mls_pipe_check_ioctl, .mpo_pipe_check_poll = mls_pipe_check_poll, .mpo_pipe_check_read = mls_pipe_check_read, .mpo_pipe_check_relabel = mls_pipe_check_relabel, .mpo_pipe_check_stat = mls_pipe_check_stat, .mpo_pipe_check_write = mls_pipe_check_write, + .mpo_pipe_copy_label = mls_copy_label, + .mpo_pipe_create = mls_pipe_create, + .mpo_pipe_destroy_label = mls_destroy_label, + .mpo_pipe_externalize_label = mls_externalize_label, + .mpo_pipe_init_label = mls_init_label, + .mpo_pipe_internalize_label = mls_internalize_label, + .mpo_pipe_relabel = mls_pipe_relabel, + .mpo_posixsem_check_destroy = mls_posixsem_check_write, .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, .mpo_posixsem_check_open = mls_posixsem_check_write, .mpo_posixsem_check_post = mls_posixsem_check_write, .mpo_posixsem_check_unlink = mls_posixsem_check_write, .mpo_posixsem_check_wait = mls_posixsem_check_write, + .mpo_posixsem_create = mls_posixsem_create, + .mpo_posixsem_destroy_label = mls_destroy_label, + .mpo_posixsem_init_label = mls_init_label, + + .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, .mpo_proc_check_debug = mls_proc_check_debug, .mpo_proc_check_sched = mls_proc_check_sched, .mpo_proc_check_signal = mls_proc_check_signal, + .mpo_proc_create_init = mls_proc_create_init, + .mpo_proc_create_swapper = mls_proc_create_swapper, + .mpo_socket_check_deliver = mls_socket_check_deliver, .mpo_socket_check_relabel = mls_socket_check_relabel, .mpo_socket_check_visible = mls_socket_check_visible, + .mpo_socket_copy_label = mls_copy_label, + .mpo_socket_create = mls_socket_create, + .mpo_socket_create_mbuf = mls_socket_create_mbuf, + .mpo_socket_destroy_label = mls_destroy_label, + .mpo_socket_externalize_label = mls_externalize_label, + .mpo_socket_init_label = mls_init_label_waitcheck, + .mpo_socket_internalize_label = mls_internalize_label, + .mpo_socket_newconn = mls_socket_newconn, + .mpo_socket_relabel = mls_socket_relabel, + + .mpo_socketpeer_destroy_label = mls_destroy_label, + .mpo_socketpeer_externalize_label = mls_externalize_label, + .mpo_socketpeer_init_label = mls_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket, + + .mpo_syncache_create = mls_syncache_create, + .mpo_syncache_create_mbuf = mls_syncache_create_mbuf, + .mpo_syncache_destroy_label = mls_destroy_label, + .mpo_syncache_init_label = mls_init_label_waitcheck, + + .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup, + .mpo_sysvmsg_create = mls_sysvmsg_create, + .mpo_sysvmsg_destroy_label = mls_destroy_label, + .mpo_sysvmsg_init_label = mls_init_label, + + .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup, + .mpo_sysvmsq_destroy_label = mls_destroy_label, + .mpo_sysvmsq_init_label = mls_init_label, + .mpo_sysvmsq_create = mls_sysvmsq_create, + + .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = mls_sysvsem_check_semget, + .mpo_sysvsem_check_semop = mls_sysvsem_check_semop, + .mpo_sysvsem_cleanup = mls_sysvsem_cleanup, + .mpo_sysvsem_create = mls_sysvsem_create, + .mpo_sysvsem_destroy_label = mls_destroy_label, + .mpo_sysvsem_init_label = mls_init_label, + + .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = mls_sysvshm_cleanup, + .mpo_sysvshm_create = mls_sysvshm_create, + .mpo_sysvshm_destroy_label = mls_destroy_label, + .mpo_sysvshm_init_label = mls_init_label, + + .mpo_system_check_acct = mls_system_check_acct, .mpo_system_check_auditctl = mls_system_check_auditctl, .mpo_system_check_swapon = mls_system_check_swapon, + + .mpo_vnode_associate_extattr = mls_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel, .mpo_vnode_check_access = mls_vnode_check_open, .mpo_vnode_check_chdir = mls_vnode_check_chdir, .mpo_vnode_check_chroot = mls_vnode_check_chroot, @@ -3064,13 +3070,14 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_check_stat = mls_vnode_check_stat, .mpo_vnode_check_unlink = mls_vnode_check_unlink, .mpo_vnode_check_write = mls_vnode_check_write, - .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, - .mpo_netinet_arp_send = mls_netinet_arp_send, - .mpo_netinet_firewall_reply = mls_netinet_firewall_reply, - .mpo_netinet_firewall_send = mls_netinet_firewall_send, - .mpo_netinet_icmp_reply = mls_netinet_icmp_reply, - .mpo_netinet_igmp_send = mls_netinet_igmp_send, - .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, + .mpo_vnode_copy_label = mls_copy_label, + .mpo_vnode_create_extattr = mls_vnode_create_extattr, + .mpo_vnode_destroy_label = mls_destroy_label, + .mpo_vnode_externalize_label = mls_externalize_label, + .mpo_vnode_init_label = mls_init_label, + .mpo_vnode_internalize_label = mls_internalize_label, + .mpo_vnode_relabel = mls_vnode_relabel, + .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, }; MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index a3bfbe4..33a036a 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -69,123 +69,113 @@ static int partition_slot; #define SLOT(l) mac_label_get((l), partition_slot) #define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) -static void -partition_init_label(struct label *label) +static int +label_on_label(struct label *subject, struct label *object) { - SLOT_SET(label, 0); -} - -static void -partition_destroy_label(struct label *label) -{ + if (mac_partition_enabled == 0) + return (0); - SLOT_SET(label, 0); -} + if (SLOT(subject) == 0) + return (0); -static void -partition_copy_label(struct label *src, struct label *dest) -{ + if (SLOT(subject) == SLOT(object)) + return (0); - SLOT_SET(dest, SLOT(src)); + return (EPERM); } +/* + * Object-specific entry points are sorted alphabetically by object type name + * and then by operation. + */ static int -partition_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) { + int error; - if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) - return (0); + error = 0; - (*claimed)++; + /* Treat "0" as a no-op request. */ + if (SLOT(newlabel) != 0) { + /* + * Require BSD privilege in order to change the partition. + * Originally we also required that the process not be in a + * partition in the first place, but this didn't interact + * well with sendmail. + */ + error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); + } - if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) - return (EINVAL); - else - return (0); + return (error); } static int -partition_internalize_label(struct label *label, char *element_name, - char *element_data, int *claimed) +partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { + int error; - if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) - return (0); - - (*claimed)++; - SLOT_SET(label, strtol(element_data, NULL, 10)); - return (0); -} - -static void -partition_proc_create_swapper(struct ucred *cred) -{ + error = label_on_label(cr1->cr_label, cr2->cr_label); - SLOT_SET(cred->cr_label, 0); + return (error == 0 ? 0 : ESRCH); } static void -partition_proc_create_init(struct ucred *cred) +partition_cred_copy_label(struct label *src, struct label *dest) { - SLOT_SET(cred->cr_label, 0); + SLOT_SET(dest, SLOT(src)); } static void -partition_cred_relabel(struct ucred *cred, struct label *newlabel) +partition_cred_destroy_label(struct label *label) { - if (SLOT(newlabel) != 0) - SLOT_SET(cred->cr_label, SLOT(newlabel)); + SLOT_SET(label, 0); } static int -label_on_label(struct label *subject, struct label *object) +partition_cred_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) { - if (mac_partition_enabled == 0) + if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) return (0); - if (SLOT(subject) == 0) - return (0); + (*claimed)++; - if (SLOT(subject) == SLOT(object)) + if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1) + return (EINVAL); + else return (0); +} - return (EPERM); +static void +partition_cred_init_label(struct label *label) +{ + + SLOT_SET(label, 0); } static int -partition_cred_check_relabel(struct ucred *cred, struct label *newlabel) +partition_cred_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) { - int error; - - error = 0; - /* Treat "0" as a no-op request. */ - if (SLOT(newlabel) != 0) { - /* - * Require BSD privilege in order to change the partition. - * Originally we also required that the process not be in a - * partition in the first place, but this didn't interact - * well with sendmail. - */ - error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0); - } + if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0) + return (0); - return (error); + (*claimed)++; + SLOT_SET(label, strtol(element_data, NULL, 10)); + return (0); } -static int -partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +static void +partition_cred_relabel(struct ucred *cred, struct label *newlabel) { - int error; - error = label_on_label(cr1->cr_label, cr2->cr_label); - - return (error == 0 ? 0 : ESRCH); + if (SLOT(newlabel) != 0) + SLOT_SET(cred->cr_label, SLOT(newlabel)); } static int @@ -219,6 +209,20 @@ partition_proc_check_signal(struct ucred *cred, struct proc *p, return (error ? ESRCH : 0); } +static void +partition_proc_create_init(struct ucred *cred) +{ + + SLOT_SET(cred->cr_label, 0); +} + +static void +partition_proc_create_swapper(struct ucred *cred) +{ + + SLOT_SET(cred->cr_label, 0); +} + static int partition_socket_check_visible(struct ucred *cred, struct socket *so, struct label *solabel) @@ -251,19 +255,19 @@ partition_vnode_check_exec(struct ucred *cred, struct vnode *vp, static struct mac_policy_ops partition_ops = { - .mpo_cred_init_label = partition_init_label, - .mpo_cred_destroy_label = partition_destroy_label, - .mpo_cred_copy_label = partition_copy_label, - .mpo_cred_externalize_label = partition_externalize_label, - .mpo_cred_internalize_label = partition_internalize_label, - .mpo_proc_create_swapper = partition_proc_create_swapper, - .mpo_proc_create_init = partition_proc_create_init, - .mpo_cred_relabel = partition_cred_relabel, .mpo_cred_check_relabel = partition_cred_check_relabel, .mpo_cred_check_visible = partition_cred_check_visible, + .mpo_cred_copy_label = partition_cred_copy_label, + .mpo_cred_destroy_label = partition_cred_destroy_label, + .mpo_cred_externalize_label = partition_cred_externalize_label, + .mpo_cred_init_label = partition_cred_init_label, + .mpo_cred_internalize_label = partition_cred_internalize_label, + .mpo_cred_relabel = partition_cred_relabel, .mpo_proc_check_debug = partition_proc_check_debug, .mpo_proc_check_sched = partition_proc_check_sched, .mpo_proc_check_signal = partition_proc_check_signal, + .mpo_proc_create_init = partition_proc_create_init, + .mpo_proc_create_swapper = partition_proc_create_swapper, .mpo_socket_check_visible = partition_socket_check_visible, .mpo_vnode_check_exec = partition_vnode_check_exec, }; diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c index ae88ac3..ac7880d 100644 --- a/sys/security/mac_seeotheruids/mac_seeotheruids.c +++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c @@ -126,32 +126,32 @@ seeotheruids_check(struct ucred *cr1, struct ucred *cr2) } static int -seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p) { - return (seeotheruids_check(cr1, cr2)); + return (seeotheruids_check(cred, p->p_ucred)); } static int -seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p, - int signum) +seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p) { return (seeotheruids_check(cred, p->p_ucred)); } static int -seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p) +seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p, + int signum) { return (seeotheruids_check(cred, p->p_ucred)); } static int -seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p) +seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { - return (seeotheruids_check(cred, p->p_ucred)); + return (seeotheruids_check(cr1, cr2)); } static int @@ -164,10 +164,10 @@ seeotheruids_socket_check_visible(struct ucred *cred, struct socket *so, static struct mac_policy_ops seeotheruids_ops = { - .mpo_cred_check_visible = seeotheruids_cred_check_visible, .mpo_proc_check_debug = seeotheruids_proc_check_debug, .mpo_proc_check_sched = seeotheruids_proc_check_sched, .mpo_proc_check_signal = seeotheruids_proc_check_signal, + .mpo_cred_check_visible = seeotheruids_cred_check_visible, .mpo_socket_check_visible = seeotheruids_socket_check_visible, }; diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 2cd3fb9..50463a0 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -159,261 +159,236 @@ stub_internalize_label(struct label *label, char *element_name, } /* - * Labeling event operations: file system objects, and things that look - * a lot like file system objects. + * Object-specific entry point imeplementations are sorted alphabetically by + * object type name and then by operation. */ -static void -stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) -{ - -} - static int -stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - - return (0); -} - -static void -stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { + return (0); } static void -stub_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { } static void -stub_devfs_create_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *de, struct label *delabel) +stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { } -static void -stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) +static int +stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) { + return (0); } static int -stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) +stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { return (0); } static void -stub_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) +stub_cred_relabel(struct ucred *cred, struct label *newlabel) { } static void -stub_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - -} - -static int -stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +stub_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - return (0); } static void -stub_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) +stub_devfs_create_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { } -/* - * Labeling event operations: IPC object. - */ static void -stub_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } static void -stub_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { } static void -stub_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { } -static void -stub_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static int +stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { + return (0); } -static void -stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) +static int +stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { + return (0); } static void -stub_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { } static void -stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) +stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { } -static void -stub_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) +static int +stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { + return (0); } -/* - * Labeling event operations: network objects. - */ static void -stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) +stub_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { } static void -stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, +stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) { } static void -stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, - struct label *fraglabel) +stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { } static void -stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } -static void -stub_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { + return (1); } static void -stub_syncache_create(struct label *label, struct inpcb *inp) +stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } -static void -stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) +static int +stub_kenv_check_dump(struct ucred *cred) { + return (0); } -static void -stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) +static int +stub_kenv_check_get(struct ucred *cred, char *name) { + return (0); } -static void -stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmalabel) +static int +stub_kenv_check_set(struct ucred *cred, char *name, char *value) { + return (0); } -static void -stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static int +stub_kenv_check_unset(struct ucred *cred, char *name) { + return (0); } -static void -stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +static int +stub_kld_check_load(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { + return (0); } -static void -stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +static int +stub_kld_check_stat(struct ucred *cred) { + return (0); } -static void -stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) +static int +stub_mount_check_stat(struct ucred *cred, struct mount *mp, + struct label *mplabel) { + return (0); } static void -stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +stub_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) { } @@ -446,760 +421,743 @@ stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void -stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) +stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, + struct label *fraglabel) { } static void -stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { } static void -stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) +stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) { } static void -stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, +stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { } -static int -stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static void +stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) { - return (1); } static void -stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) +stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) { } -static void -stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +static int +stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { + return (0); } -static void -stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static int +stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } -static void -stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +stub_pipe_check_read(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } -/* - * Labeling event operations: processes. - */ -static void -stub_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) +static int +stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { + return (0); } static int -stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) +stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { return (0); } -static void -stub_proc_create_swapper(struct ucred *cred) +static int +stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } static void -stub_proc_create_init(struct ucred *cred) +stub_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { } static void -stub_proc_associate_nfsd(struct ucred *cred) +stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { } -static void -stub_cred_relabel(struct ucred *cred, struct label *newlabel) +static int +stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_thread_userret(struct thread *td) +static int +stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -/* - * Label cleanup/flush operations - */ -static void -stub_sysvmsg_cleanup(struct label *msglabel) +static int +stub_posixsem_check_open(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvmsq_cleanup(struct label *msqlabel) +static int +stub_posixsem_check_post(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvsem_cleanup(struct label *semalabel) +static int +stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvshm_cleanup(struct label *shmlabel) +static int +stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -/* - * Access control checks. - */ -static int -stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) +static void +stub_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - return (0); } static int -stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) +stub_priv_check(struct ucred *cred, int priv) { return (0); } static int -stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +stub_priv_grant(struct ucred *cred, int priv) { - return (0); + return (EPERM); } -static int -stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +static void +stub_proc_associate_nfsd(struct ucred *cred) { - return (0); } static int -stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +stub_proc_check_debug(struct ucred *cred, struct proc *p) { return (0); } static int -stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +stub_proc_check_sched(struct ucred *cred, struct proc *p) { return (0); } static int -stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, - struct label *msglabel, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) { return (0); } static int -stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) { return (0); } - static int -stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_proc_check_setauid(struct ucred *cred, uid_t auid) { return (0); } - static int -stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setegid(struct ucred *cred, gid_t egid) { return (0); } - static int -stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_seteuid(struct ucred *cred, uid_t euid) { return (0); } static int -stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setgid(struct ucred *cred, gid_t gid) { return (0); } - static int -stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) +stub_proc_check_setgroups(struct ucred *cred, int ngroups, + gid_t *gidset) { return (0); } - static int -stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) +stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) { return (0); } static int -stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) +stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) { return (0); } - static int -stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) +stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, + uid_t suid) { return (0); } static int -stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) { return (0); } static int -stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) +stub_proc_check_setuid(struct ucred *cred, uid_t uid) { return (0); } static int -stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel) +stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { return (0); } - static int -stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +stub_proc_check_wait(struct ucred *cred, struct proc *p) { return (0); } -static int -stub_kenv_check_dump(struct ucred *cred) +static void +stub_proc_create_init(struct ucred *cred) { - return (0); } -static int -stub_kenv_check_get(struct ucred *cred, char *name) +static void +stub_proc_create_swapper(struct ucred *cred) { - return (0); } static int -stub_kenv_check_set(struct ucred *cred, char *name, char *value) +stub_socket_check_accept(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_kenv_check_unset(struct ucred *cred, char *name) +stub_socket_check_bind(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_kld_check_load(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_socket_check_connect(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_kld_check_stat(struct ucred *cred) +stub_socket_check_create(struct ucred *cred, int domain, int type, int proto) { return (0); } static int -stub_mount_check_stat(struct ucred *cred, struct mount *mp, - struct label *mplabel) +stub_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { return (0); } static int -stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) +stub_socket_check_listen(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_poll(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_read(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_receive(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +stub_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { return (0); } - static int -stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_send(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_stat(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +stub_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } -static int -stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) { - return (0); } -static int -stub_posixsem_check_open(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - return (0); } -static int -stub_posixsem_check_post(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) { - return (0); } -static int -stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { - return (0); } -static int -stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { - return (0); } -static int -stub_proc_check_debug(struct ucred *cred, struct proc *p) +static void +stub_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { - return (0); } -static int -stub_proc_check_sched(struct ucred *cred, struct proc *p) +static void +stub_syncache_create(struct label *label, struct inpcb *inp) { - return (0); } -static int -stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +static void +stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) { - return (0); } static int -stub_proc_check_wait(struct ucred *cred, struct proc *p) +stub_system_check_acct(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) +stub_system_check_audit(struct ucred *cred, void *record, int length) { return (0); } static int -stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) +stub_system_check_auditctl(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setauid(struct ucred *cred, uid_t auid) +stub_system_check_auditon(struct ucred *cred, int cmd) { return (0); } static int -stub_proc_check_setuid(struct ucred *cred, uid_t uid) +stub_system_check_reboot(struct ucred *cred, int how) { return (0); } static int -stub_proc_check_seteuid(struct ucred *cred, uid_t euid) +stub_system_check_swapoff(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setgid(struct ucred *cred, gid_t gid) +stub_system_check_swapon(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setegid(struct ucred *cred, gid_t egid) +stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { return (0); } static int -stub_proc_check_setgroups(struct ucred *cred, int ngroups, - gid_t *gidset) +stub_vnode_check_access(struct ucred *cred, struct vnode *vp, + struct label *vplabel, int acc_mode) { return (0); } static int -stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel) { return (0); } static int -stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel) { return (0); } static int -stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, - uid_t suid) +stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { return (0); } -static int -stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, - gid_t sgid) +static void +stub_sysvmsg_cleanup(struct label *msglabel) { - return (0); } -static int -stub_socket_check_accept(struct ucred *cred, struct socket *so, - struct label *solabel) +static void +stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { - return (0); } static int -stub_socket_check_bind(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } static int -stub_socket_check_connect(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { return (0); } + static int -stub_socket_check_create(struct ucred *cred, int domain, int type, int proto) +stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { return (0); } + static int -stub_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } + static int -stub_socket_check_listen(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } static int -stub_socket_check_poll(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } + static int -stub_socket_check_receive(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) { return (0); } -static int -stub_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) + +static void +stub_sysvmsq_cleanup(struct label *msqlabel) { - return (0); } -static int -stub_socket_check_send(struct ucred *cred, struct socket *so, - struct label *solabel) + +static void +stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) { - return (0); } static int -stub_socket_check_stat(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) { return (0); } static int -stub_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) { return (0); } + static int -stub_system_check_acct(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) { return (0); } -static int -stub_system_check_audit(struct ucred *cred, void *record, int length) +static void +stub_sysvsem_cleanup(struct label *semalabel) { - return (0); } -static int -stub_system_check_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +static void +stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) { - return (0); } static int -stub_system_check_auditon(struct ucred *cred, int cmd) +stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { return (0); } static int -stub_system_check_reboot(struct ucred *cred, int how) +stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) { return (0); } static int -stub_system_check_swapoff(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel) { return (0); } + static int -stub_system_check_swapon(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { return (0); } -static int -stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, - void *arg1, int arg2, struct sysctl_req *req) +static void +stub_sysvshm_cleanup(struct label *shmlabel) { - return (0); } -static int -stub_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) +static void +stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmalabel) { - return (0); } -static int -stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel) +static void +stub_thread_userret(struct thread *td) { - return (0); } static int -stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel) +stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { return (0); } -static int -stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel, struct componentname *cnp, struct vattr *vap) +static void +stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - return (0); } static int @@ -1441,189 +1399,180 @@ stub_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, } static int -stub_priv_check(struct ucred *cred, int priv) +stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { return (0); } +static void +stub_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + +} + static int -stub_priv_grant(struct ucred *cred, int priv) +stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) { - return (EPERM); + return (0); +} + +static void +stub_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + +} + +static int +stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + + return (0); } +/* + * Register functions with MAC Framework policy entry points. + */ static struct mac_policy_ops stub_ops = { .mpo_destroy = stub_destroy, .mpo_init = stub_init, .mpo_syscall = stub_syscall, - .mpo_bpfdesc_init_label = stub_init_label, - .mpo_cred_init_label = stub_init_label, - .mpo_devfs_init_label = stub_init_label, - .mpo_ifnet_init_label = stub_init_label, - .mpo_inpcb_init_label = stub_init_label_waitcheck, - .mpo_sysvmsg_init_label = stub_init_label, - .mpo_sysvmsq_init_label = stub_init_label, - .mpo_sysvsem_init_label = stub_init_label, - .mpo_sysvshm_init_label = stub_init_label, - .mpo_ipq_init_label = stub_init_label_waitcheck, - .mpo_mbuf_init_label = stub_init_label_waitcheck, - .mpo_mount_init_label = stub_init_label, - .mpo_pipe_init_label = stub_init_label, - .mpo_posixsem_init_label = stub_init_label, - .mpo_socket_init_label = stub_init_label_waitcheck, - .mpo_socketpeer_init_label = stub_init_label_waitcheck, - .mpo_vnode_init_label = stub_init_label, + + .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, + .mpo_bpfdesc_create = stub_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = stub_destroy_label, - .mpo_cred_destroy_label = stub_destroy_label, - .mpo_devfs_destroy_label = stub_destroy_label, - .mpo_ifnet_destroy_label = stub_destroy_label, - .mpo_inpcb_destroy_label = stub_destroy_label, - .mpo_sysvmsg_destroy_label = stub_destroy_label, - .mpo_sysvmsq_destroy_label = stub_destroy_label, - .mpo_sysvsem_destroy_label = stub_destroy_label, - .mpo_sysvshm_destroy_label = stub_destroy_label, - .mpo_ipq_destroy_label = stub_destroy_label, - .mpo_mbuf_destroy_label = stub_destroy_label, - .mpo_mount_destroy_label = stub_destroy_label, - .mpo_pipe_destroy_label = stub_destroy_label, - .mpo_posixsem_destroy_label = stub_destroy_label, - .mpo_socket_destroy_label = stub_destroy_label, - .mpo_socketpeer_destroy_label = stub_destroy_label, - .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_bpfdesc_init_label = stub_init_label, + + .mpo_cred_check_relabel = stub_cred_check_relabel, + .mpo_cred_check_visible = stub_cred_check_visible, .mpo_cred_copy_label = stub_copy_label, - .mpo_ifnet_copy_label = stub_copy_label, - .mpo_mbuf_copy_label = stub_copy_label, - .mpo_pipe_copy_label = stub_copy_label, - .mpo_socket_copy_label = stub_copy_label, - .mpo_vnode_copy_label = stub_copy_label, + .mpo_cred_destroy_label = stub_destroy_label, .mpo_cred_externalize_label = stub_externalize_label, - .mpo_ifnet_externalize_label = stub_externalize_label, - .mpo_pipe_externalize_label = stub_externalize_label, - .mpo_socket_externalize_label = stub_externalize_label, - .mpo_socketpeer_externalize_label = stub_externalize_label, - .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_cred_init_label = stub_init_label, .mpo_cred_internalize_label = stub_internalize_label, - .mpo_ifnet_internalize_label = stub_internalize_label, - .mpo_pipe_internalize_label = stub_internalize_label, - .mpo_socket_internalize_label = stub_internalize_label, - .mpo_vnode_internalize_label = stub_internalize_label, - .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, - .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, + .mpo_cred_relabel= stub_cred_relabel, + .mpo_devfs_create_device = stub_devfs_create_device, .mpo_devfs_create_directory = stub_devfs_create_directory, .mpo_devfs_create_symlink = stub_devfs_create_symlink, - .mpo_sysvmsg_create = stub_sysvmsg_create, - .mpo_sysvmsq_create = stub_sysvmsq_create, - .mpo_sysvsem_create = stub_sysvsem_create, - .mpo_sysvshm_create = stub_sysvshm_create, - .mpo_vnode_create_extattr = stub_vnode_create_extattr, - .mpo_mount_create = stub_mount_create, - .mpo_vnode_relabel = stub_vnode_relabel, - .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, + .mpo_devfs_destroy_label = stub_destroy_label, + .mpo_devfs_init_label = stub_init_label, .mpo_devfs_update = stub_devfs_update, - .mpo_socket_create_mbuf = stub_socket_create_mbuf, - .mpo_pipe_create = stub_pipe_create, - .mpo_posixsem_create = stub_posixsem_create, - .mpo_socket_create = stub_socket_create, - .mpo_socket_newconn = stub_socket_newconn, - .mpo_pipe_relabel = stub_pipe_relabel, - .mpo_socket_relabel = stub_socket_relabel, - .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, - .mpo_bpfdesc_create = stub_bpfdesc_create, + .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, + + .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, + .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, + .mpo_ifnet_copy_label = stub_copy_label, .mpo_ifnet_create = stub_ifnet_create, + .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = stub_destroy_label, + .mpo_ifnet_externalize_label = stub_externalize_label, + .mpo_ifnet_init_label = stub_init_label, + .mpo_ifnet_internalize_label = stub_internalize_label, + .mpo_ifnet_relabel = stub_ifnet_relabel, + + .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, .mpo_inpcb_create = stub_inpcb_create, - .mpo_ipq_create = stub_ipq_create, - .mpo_ipq_reassemble = stub_ipq_reassemble, - .mpo_netinet_fragment = stub_netinet_fragment, .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, - .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, - .mpo_netinet_arp_send = stub_netinet_arp_send, - .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, - .mpo_netinet_firewall_send = stub_netinet_firewall_send, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_igmp_send = stub_netinet_igmp_send, - .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, + .mpo_inpcb_destroy_label = stub_destroy_label, + .mpo_inpcb_init_label = stub_init_label_waitcheck, + .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, + + .mpo_ipq_create = stub_ipq_create, + .mpo_ipq_destroy_label = stub_destroy_label, + .mpo_ipq_init_label = stub_init_label_waitcheck, .mpo_ipq_match = stub_ipq_match, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, - .mpo_ifnet_relabel = stub_ifnet_relabel, .mpo_ipq_update = stub_ipq_update, - .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, - .mpo_vnode_execve_transition = stub_vnode_execve_transition, - .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, - .mpo_proc_create_swapper = stub_proc_create_swapper, - .mpo_proc_create_init = stub_proc_create_init, - .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, - .mpo_cred_relabel= stub_cred_relabel, - .mpo_thread_userret = stub_thread_userret, - .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, - .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, - .mpo_cred_check_relabel = stub_cred_check_relabel, - .mpo_cred_check_visible = stub_cred_check_visible, - .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, - .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, - .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, - .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, - .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, - .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, - .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_ipq_reassemble = stub_ipq_reassemble, + .mpo_kenv_check_dump = stub_kenv_check_dump, .mpo_kenv_check_get = stub_kenv_check_get, .mpo_kenv_check_set = stub_kenv_check_set, .mpo_kenv_check_unset = stub_kenv_check_unset, + .mpo_kld_check_load = stub_kld_check_load, .mpo_kld_check_stat = stub_kld_check_stat, + + .mpo_mbuf_copy_label = stub_copy_label, + .mpo_mbuf_destroy_label = stub_destroy_label, + .mpo_mbuf_init_label = stub_init_label_waitcheck, + .mpo_mount_check_stat = stub_mount_check_stat, + .mpo_mount_create = stub_mount_create, + .mpo_mount_destroy_label = stub_destroy_label, + .mpo_mount_init_label = stub_init_label, + + .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, + + .mpo_netinet_arp_send = stub_netinet_arp_send, + .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, + .mpo_netinet_firewall_send = stub_netinet_firewall_send, + .mpo_netinet_fragment = stub_netinet_fragment, + .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, + .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, + .mpo_netinet_igmp_send = stub_netinet_igmp_send, + + .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, + .mpo_pipe_check_ioctl = stub_pipe_check_ioctl, .mpo_pipe_check_poll = stub_pipe_check_poll, .mpo_pipe_check_read = stub_pipe_check_read, .mpo_pipe_check_relabel = stub_pipe_check_relabel, .mpo_pipe_check_stat = stub_pipe_check_stat, .mpo_pipe_check_write = stub_pipe_check_write, + .mpo_pipe_copy_label = stub_copy_label, + .mpo_pipe_create = stub_pipe_create, + .mpo_pipe_destroy_label = stub_destroy_label, + .mpo_pipe_externalize_label = stub_externalize_label, + .mpo_pipe_init_label = stub_init_label, + .mpo_pipe_internalize_label = stub_internalize_label, + .mpo_pipe_relabel = stub_pipe_relabel, + .mpo_posixsem_check_destroy = stub_posixsem_check_destroy, .mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue, .mpo_posixsem_check_open = stub_posixsem_check_open, .mpo_posixsem_check_post = stub_posixsem_check_post, .mpo_posixsem_check_unlink = stub_posixsem_check_unlink, .mpo_posixsem_check_wait = stub_posixsem_check_wait, + .mpo_posixsem_create = stub_posixsem_create, + .mpo_posixsem_destroy_label = stub_destroy_label, + .mpo_posixsem_init_label = stub_init_label, + + .mpo_priv_check = stub_priv_check, + .mpo_priv_grant = stub_priv_grant, + + .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, .mpo_proc_check_debug = stub_proc_check_debug, .mpo_proc_check_sched = stub_proc_check_sched, .mpo_proc_check_setaudit = stub_proc_check_setaudit, .mpo_proc_check_setaudit_addr = stub_proc_check_setaudit_addr, .mpo_proc_check_setauid = stub_proc_check_setauid, - .mpo_proc_check_setuid = stub_proc_check_setuid, + .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_seteuid = stub_proc_check_seteuid, .mpo_proc_check_setgid = stub_proc_check_setgid, - .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_setgroups = stub_proc_check_setgroups, - .mpo_proc_check_setreuid = stub_proc_check_setreuid, .mpo_proc_check_setregid = stub_proc_check_setregid, - .mpo_proc_check_setresuid = stub_proc_check_setresuid, .mpo_proc_check_setresgid = stub_proc_check_setresgid, + .mpo_proc_check_setresuid = stub_proc_check_setresuid, + .mpo_proc_check_setreuid = stub_proc_check_setreuid, + .mpo_proc_check_setuid = stub_proc_check_setuid, .mpo_proc_check_signal = stub_proc_check_signal, .mpo_proc_check_wait = stub_proc_check_wait, + .mpo_proc_create_init = stub_proc_create_init, + .mpo_proc_create_swapper = stub_proc_create_swapper, + .mpo_socket_check_accept = stub_socket_check_accept, .mpo_socket_check_bind = stub_socket_check_bind, .mpo_socket_check_connect = stub_socket_check_connect, @@ -1636,6 +1585,61 @@ static struct mac_policy_ops stub_ops = .mpo_socket_check_send = stub_socket_check_send, .mpo_socket_check_stat = stub_socket_check_stat, .mpo_socket_check_visible = stub_socket_check_visible, + .mpo_socket_copy_label = stub_copy_label, + .mpo_socket_create = stub_socket_create, + .mpo_socket_create_mbuf = stub_socket_create_mbuf, + .mpo_socket_destroy_label = stub_destroy_label, + .mpo_socket_externalize_label = stub_externalize_label, + .mpo_socket_init_label = stub_init_label_waitcheck, + .mpo_socket_internalize_label = stub_internalize_label, + .mpo_socket_newconn = stub_socket_newconn, + .mpo_socket_relabel = stub_socket_relabel, + + .mpo_socketpeer_destroy_label = stub_destroy_label, + .mpo_socketpeer_externalize_label = stub_externalize_label, + .mpo_socketpeer_init_label = stub_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, + + .mpo_syncache_init_label = stub_init_label_waitcheck, + .mpo_syncache_destroy_label = stub_destroy_label, + .mpo_syncache_create = stub_syncache_create, + .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + + .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, + .mpo_sysvmsg_create = stub_sysvmsg_create, + .mpo_sysvmsg_destroy_label = stub_destroy_label, + .mpo_sysvmsg_init_label = stub_init_label, + + .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, + .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, + .mpo_sysvmsq_create = stub_sysvmsq_create, + .mpo_sysvmsq_destroy_label = stub_destroy_label, + .mpo_sysvmsq_init_label = stub_init_label, + + .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, + .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, + .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, + .mpo_sysvsem_create = stub_sysvsem_create, + .mpo_sysvsem_destroy_label = stub_destroy_label, + .mpo_sysvsem_init_label = stub_init_label, + + .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, + .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, + .mpo_sysvshm_create = stub_sysvshm_create, + .mpo_sysvshm_destroy_label = stub_destroy_label, + .mpo_sysvshm_init_label = stub_init_label, + .mpo_system_check_acct = stub_system_check_acct, .mpo_system_check_audit = stub_system_check_audit, .mpo_system_check_auditctl = stub_system_check_auditctl, @@ -1644,6 +1648,11 @@ static struct mac_policy_ops stub_ops = .mpo_system_check_swapoff = stub_system_check_swapoff, .mpo_system_check_swapon = stub_system_check_swapon, .mpo_system_check_sysctl = stub_system_check_sysctl, + + .mpo_thread_userret = stub_thread_userret, + + .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, .mpo_vnode_check_access = stub_vnode_check_access, .mpo_vnode_check_chdir = stub_vnode_check_chdir, .mpo_vnode_check_chroot = stub_vnode_check_chroot, @@ -1677,12 +1686,16 @@ static struct mac_policy_ops stub_ops = .mpo_vnode_check_stat = stub_vnode_check_stat, .mpo_vnode_check_unlink = stub_vnode_check_unlink, .mpo_vnode_check_write = stub_vnode_check_write, - .mpo_priv_check = stub_priv_check, - .mpo_priv_grant = stub_priv_grant, - .mpo_syncache_init_label = stub_init_label_waitcheck, - .mpo_syncache_destroy_label = stub_destroy_label, - .mpo_syncache_create = stub_syncache_create, - .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + .mpo_vnode_copy_label = stub_copy_label, + .mpo_vnode_create_extattr = stub_vnode_create_extattr, + .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_vnode_execve_transition = stub_vnode_execve_transition, + .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, + .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_vnode_init_label = stub_init_label, + .mpo_vnode_internalize_label = stub_internalize_label, + .mpo_vnode_relabel = stub_vnode_relabel, + .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, }; MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 2486716..ff0c215 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -149,217 +149,109 @@ SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, } while (0) /* - * Label operations. + * Functions that span multiple entry points. */ -COUNTER_DECL(bpfdesc_init_label); -static void -test_bpfdesc_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_BPF); - COUNTER_INC(bpfdesc_init_label); -} - -COUNTER_DECL(cred_init_label); -static void -test_cred_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_CRED); - COUNTER_INC(cred_init_label); -} - -COUNTER_DECL(devfs_init_label); -static void -test_devfs_init_label(struct label *label) +COUNTER_DECL(internalize_label); +static int +test_internalize_label(struct label *label, char *element_name, + char *element_data, int *claimed) { - LABEL_INIT(label, MAGIC_DEVFS); - COUNTER_INC(devfs_init_label); -} - -COUNTER_DECL(ifnet_init_label); -static void -test_ifnet_init_label(struct label *label) -{ + LABEL_NOTFREE(label); + COUNTER_INC(internalize_label); - LABEL_INIT(label, MAGIC_IFNET); - COUNTER_INC(ifnet_init_label); + return (0); } -COUNTER_DECL(inpcb_init_label); +/* + * Object-specific entry point implementations are sorted alphabetically by + * object type name and then by operation. + */ +COUNTER_DECL(bpfdesc_check_receive); static int -test_inpcb_init_label(struct label *label, int flag) +test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifp, struct label *ifplabel) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_inpcb_init_label() at %s:%d", __FILE__, - __LINE__); + LABEL_CHECK(bpflabel, MAGIC_BPF); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + COUNTER_INC(bpfdesc_check_receive); - LABEL_INIT(label, MAGIC_INPCB); - COUNTER_INC(inpcb_init_label); return (0); } -COUNTER_DECL(sysvmsg_init_label); -static void -test_sysvmsg_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_init_label); -} - -COUNTER_DECL(sysvmsq_init_label); +COUNTER_DECL(bpfdesc_create); static void -test_sysvmsq_init_label(struct label *label) +test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, + struct label *bpflabel) { - LABEL_INIT(label, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_init_label); -} -COUNTER_DECL(sysvsem_init_label); -static void -test_sysvsem_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_init_label); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(bpflabel, MAGIC_BPF); + COUNTER_INC(bpfdesc_create); } -COUNTER_DECL(sysvshm_init_label); +COUNTER_DECL(bpfdesc_create_mbuf); static void -test_sysvshm_init_label(struct label *label) -{ - LABEL_INIT(label, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_init_label); -} - -COUNTER_DECL(ipq_init_label); -static int -test_ipq_init_label(struct label *label, int flag) +test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, + struct mbuf *mbuf, struct label *mbuflabel) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_ipq_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_IPQ); - COUNTER_INC(ipq_init_label); - return (0); + LABEL_CHECK(bpflabel, MAGIC_BPF); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(bpfdesc_create_mbuf); } -COUNTER_DECL(mbuf_init_label); -static int -test_mbuf_init_label(struct label *label, int flag) +COUNTER_DECL(bpfdesc_destroy_label); +static void +test_bpfdesc_destroy_label(struct label *label) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_mbuf_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_MBUF); - COUNTER_INC(mbuf_init_label); - return (0); + LABEL_DESTROY(label, MAGIC_BPF); + COUNTER_INC(bpfdesc_destroy_label); } -COUNTER_DECL(mount_init_label); +COUNTER_DECL(bpfdesc_init_label); static void -test_mount_init_label(struct label *label) +test_bpfdesc_init_label(struct label *label) { - LABEL_INIT(label, MAGIC_MOUNT); - COUNTER_INC(mount_init_label); + LABEL_INIT(label, MAGIC_BPF); + COUNTER_INC(bpfdesc_init_label); } -COUNTER_DECL(socket_init_label); +COUNTER_DECL(cred_check_relabel); static int -test_socket_init_label(struct label *label, int flag) +test_cred_check_relabel(struct ucred *cred, struct label *newlabel) { - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_socket_init_label() at %s:%d", __FILE__, - __LINE__); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(newlabel, MAGIC_CRED); + COUNTER_INC(cred_check_relabel); - LABEL_INIT(label, MAGIC_SOCKET); - COUNTER_INC(socket_init_label); return (0); } -COUNTER_DECL(socketpeer_init_label); +COUNTER_DECL(cred_check_visible); static int -test_socketpeer_init_label(struct label *label, int flag) -{ - - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_socketpeer_init_label() at %s:%d", __FILE__, - __LINE__); - - LABEL_INIT(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_init_label); - return (0); -} - -COUNTER_DECL(pipe_init_label); -static void -test_pipe_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_PIPE); - COUNTER_INC(pipe_init_label); -} - -COUNTER_DECL(posixsem_init_label); -static void -test_posixsem_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_init_label); -} - -COUNTER_DECL(proc_init_label); -static void -test_proc_init_label(struct label *label) +test_cred_check_visible(struct ucred *u1, struct ucred *u2) { - LABEL_INIT(label, MAGIC_PROC); - COUNTER_INC(proc_init_label); -} - -COUNTER_DECL(syncache_init_label); -static int -test_syncache_init_label(struct label *label, int flag) -{ + LABEL_CHECK(u1->cr_label, MAGIC_CRED); + LABEL_CHECK(u2->cr_label, MAGIC_CRED); + COUNTER_INC(cred_check_visible); - if (flag & M_WAITOK) - WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, - "test_syncache_init_label() at %s:%d", __FILE__, - __LINE__); - LABEL_INIT(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_init_label); return (0); } -COUNTER_DECL(vnode_init_label); -static void -test_vnode_init_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_VNODE); - COUNTER_INC(vnode_init_label); -} - -COUNTER_DECL(bpfdesc_destroy_label); +COUNTER_DECL(cred_copy_label); static void -test_bpfdesc_destroy_label(struct label *label) +test_cred_copy_label(struct label *src, struct label *dest) { - LABEL_DESTROY(label, MAGIC_BPF); - COUNTER_INC(bpfdesc_destroy_label); + LABEL_CHECK(src, MAGIC_CRED); + LABEL_CHECK(dest, MAGIC_CRED); + COUNTER_INC(cred_copy_label); } COUNTER_DECL(cred_destroy_label); @@ -371,175 +263,139 @@ test_cred_destroy_label(struct label *label) COUNTER_INC(cred_destroy_label); } -COUNTER_DECL(devfs_destroy_label); -static void -test_devfs_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_DEVFS); - COUNTER_INC(devfs_destroy_label); -} - -COUNTER_DECL(ifnet_destroy_label); -static void -test_ifnet_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_IFNET); - COUNTER_INC(ifnet_destroy_label); -} - -COUNTER_DECL(inpcb_destroy_label); -static void -test_inpcb_destroy_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_INPCB); - COUNTER_INC(inpcb_destroy_label); -} - -COUNTER_DECL(syncache_destroy_label); -static void -test_syncache_destroy_label(struct label *label) +COUNTER_DECL(cred_externalize_label); +static int +test_cred_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) { - LABEL_DESTROY(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_destroy_label); -} - -COUNTER_DECL(sysvmsg_destroy_label); -static void -test_sysvmsg_destroy_label(struct label *label) -{ + LABEL_CHECK(label, MAGIC_CRED); + COUNTER_INC(cred_externalize_label); - LABEL_DESTROY(label, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_destroy_label); + return (0); } -COUNTER_DECL(sysvmsq_destroy_label); +COUNTER_DECL(cred_init_label); static void -test_sysvmsq_destroy_label(struct label *label) +test_cred_init_label(struct label *label) { - LABEL_DESTROY(label, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_destroy_label); + LABEL_INIT(label, MAGIC_CRED); + COUNTER_INC(cred_init_label); } -COUNTER_DECL(sysvsem_destroy_label); +COUNTER_DECL(cred_relabel); static void -test_sysvsem_destroy_label(struct label *label) +test_cred_relabel(struct ucred *cred, struct label *newlabel) { - LABEL_DESTROY(label, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_destroy_label); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(newlabel, MAGIC_CRED); + COUNTER_INC(cred_relabel); } -COUNTER_DECL(sysvshm_destroy_label); +COUNTER_DECL(devfs_create_device); static void -test_sysvshm_destroy_label(struct label *label) +test_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - LABEL_DESTROY(label, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_destroy_label); + if (cred != NULL) + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(delabel, MAGIC_DEVFS); + COUNTER_INC(devfs_create_device); } -COUNTER_DECL(ipq_destroy_label); +COUNTER_DECL(devfs_create_directory); static void -test_ipq_destroy_label(struct label *label) +test_devfs_create_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { - LABEL_DESTROY(label, MAGIC_IPQ); - COUNTER_INC(ipq_destroy_label); + LABEL_CHECK(delabel, MAGIC_DEVFS); + COUNTER_INC(devfs_create_directory); } -COUNTER_DECL(mbuf_destroy_label); +COUNTER_DECL(devfs_create_symlink); static void -test_mbuf_destroy_label(struct label *label) +test_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { - /* - * If we're loaded dynamically, there may be mbufs in flight that - * didn't have label storage allocated for them. Handle this - * gracefully. - */ - if (label == NULL) - return; - - LABEL_DESTROY(label, MAGIC_MBUF); - COUNTER_INC(mbuf_destroy_label); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(ddlabel, MAGIC_DEVFS); + LABEL_CHECK(delabel, MAGIC_DEVFS); + COUNTER_INC(devfs_create_symlink); } -COUNTER_DECL(mount_destroy_label); +COUNTER_DECL(devfs_destroy_label); static void -test_mount_destroy_label(struct label *label) +test_devfs_destroy_label(struct label *label) { - LABEL_DESTROY(label, MAGIC_MOUNT); - COUNTER_INC(mount_destroy_label); + LABEL_DESTROY(label, MAGIC_DEVFS); + COUNTER_INC(devfs_destroy_label); } -COUNTER_DECL(socket_destroy_label); +COUNTER_DECL(devfs_init_label); static void -test_socket_destroy_label(struct label *label) +test_devfs_init_label(struct label *label) { - LABEL_DESTROY(label, MAGIC_SOCKET); - COUNTER_INC(socket_destroy_label); + LABEL_INIT(label, MAGIC_DEVFS); + COUNTER_INC(devfs_init_label); } -COUNTER_DECL(socketpeer_destroy_label); +COUNTER_DECL(devfs_update); static void -test_socketpeer_destroy_label(struct label *label) +test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, + struct label *direntlabel, struct vnode *vp, struct label *vplabel) { - LABEL_DESTROY(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_destroy_label); + LABEL_CHECK(direntlabel, MAGIC_DEVFS); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(devfs_update); } -COUNTER_DECL(pipe_destroy_label); +COUNTER_DECL(devfs_vnode_associate); static void -test_pipe_destroy_label(struct label *label) +test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { - LABEL_DESTROY(label, MAGIC_PIPE); - COUNTER_INC(pipe_destroy_label); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(delabel, MAGIC_DEVFS); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(devfs_vnode_associate); } -COUNTER_DECL(posixsem_destroy_label); -static void -test_posixsem_destroy_label(struct label *label) +COUNTER_DECL(ifnet_check_relabel); +static int +test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { - LABEL_DESTROY(label, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_destroy_label); -} - -COUNTER_DECL(proc_destroy_label); -static void -test_proc_destroy_label(struct label *label) -{ + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(newlabel, MAGIC_IFNET); + COUNTER_INC(ifnet_check_relabel); - LABEL_DESTROY(label, MAGIC_PROC); - COUNTER_INC(proc_destroy_label); + return (0); } -COUNTER_DECL(vnode_destroy_label); -static void -test_vnode_destroy_label(struct label *label) +COUNTER_DECL(ifnet_check_transmit); +static int +test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mbuflabel) { - LABEL_DESTROY(label, MAGIC_VNODE); - COUNTER_INC(vnode_destroy_label); -} - -COUNTER_DECL(cred_copy_label); -static void -test_cred_copy_label(struct label *src, struct label *dest) -{ + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(ifnet_check_transmit); - LABEL_CHECK(src, MAGIC_CRED); - LABEL_CHECK(dest, MAGIC_CRED); - COUNTER_INC(cred_copy_label); + return (0); } COUNTER_DECL(ifnet_copy_label); @@ -552,56 +408,33 @@ test_ifnet_copy_label(struct label *src, struct label *dest) COUNTER_INC(ifnet_copy_label); } -COUNTER_DECL(mbuf_copy_label); -static void -test_mbuf_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_MBUF); - LABEL_CHECK(dest, MAGIC_MBUF); - COUNTER_INC(mbuf_copy_label); -} - -COUNTER_DECL(pipe_copy_label); +COUNTER_DECL(ifnet_create); static void -test_pipe_copy_label(struct label *src, struct label *dest) +test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { - LABEL_CHECK(src, MAGIC_PIPE); - LABEL_CHECK(dest, MAGIC_PIPE); - COUNTER_INC(pipe_copy_label); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + COUNTER_INC(ifnet_create); } -COUNTER_DECL(socket_copy_label); +COUNTER_DECL(ifnet_create_mbuf); static void -test_socket_copy_label(struct label *src, struct label *dest) +test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mbuflabel) { - LABEL_CHECK(src, MAGIC_SOCKET); - LABEL_CHECK(dest, MAGIC_SOCKET); - COUNTER_INC(socket_copy_label); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(ifnet_create_mbuf); } -COUNTER_DECL(vnode_copy_label); +COUNTER_DECL(ifnet_destroy_label); static void -test_vnode_copy_label(struct label *src, struct label *dest) -{ - - LABEL_CHECK(src, MAGIC_VNODE); - LABEL_CHECK(dest, MAGIC_VNODE); - COUNTER_INC(vnode_copy_label); -} - -COUNTER_DECL(cred_externalize_label); -static int -test_cred_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +test_ifnet_destroy_label(struct label *label) { - LABEL_CHECK(label, MAGIC_CRED); - COUNTER_INC(cred_externalize_label); - - return (0); + LABEL_DESTROY(label, MAGIC_IFNET); + COUNTER_INC(ifnet_destroy_label); } COUNTER_DECL(ifnet_externalize_label); @@ -616,482 +449,317 @@ test_ifnet_externalize_label(struct label *label, char *element_name, return (0); } -COUNTER_DECL(pipe_externalize_label); -static int -test_pipe_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +COUNTER_DECL(ifnet_init_label); +static void +test_ifnet_init_label(struct label *label) { - LABEL_CHECK(label, MAGIC_PIPE); - COUNTER_INC(pipe_externalize_label); - - return (0); + LABEL_INIT(label, MAGIC_IFNET); + COUNTER_INC(ifnet_init_label); } -COUNTER_DECL(socket_externalize_label); -static int -test_socket_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +COUNTER_DECL(ifnet_relabel); +static void +test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { - LABEL_CHECK(label, MAGIC_SOCKET); - COUNTER_INC(socket_externalize_label); - - return (0); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(newlabel, MAGIC_IFNET); + COUNTER_INC(ifnet_relabel); } -COUNTER_DECL(socketpeer_externalize_label); +COUNTER_DECL(inpcb_check_deliver); static int -test_socketpeer_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { - LABEL_CHECK(label, MAGIC_SOCKET); - COUNTER_INC(socketpeer_externalize_label); + LABEL_CHECK(inplabel, MAGIC_INPCB); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(inpcb_check_deliver); return (0); } -COUNTER_DECL(vnode_externalize_label); -static int -test_vnode_externalize_label(struct label *label, char *element_name, - struct sbuf *sb, int *claimed) +COUNTER_DECL(inpcb_create); +static void +test_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { - LABEL_CHECK(label, MAGIC_VNODE); - COUNTER_INC(vnode_externalize_label); - - return (0); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(inplabel, MAGIC_INPCB); + COUNTER_INC(inpcb_create); } -COUNTER_DECL(internalize_label); -static int -test_internalize_label(struct label *label, char *element_name, - char *element_data, int *claimed) +COUNTER_DECL(inpcb_create_mbuf); +static void +test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { - LABEL_NOTFREE(label); - COUNTER_INC(internalize_label); - - return (0); + LABEL_CHECK(inplabel, MAGIC_INPCB); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(inpcb_create_mbuf); } -/* - * Labeling event operations: file system objects, and things that look - * a lot like file system objects. - */ -COUNTER_DECL(devfs_vnode_associate); +COUNTER_DECL(inpcb_destroy_label); static void -test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) +test_inpcb_destroy_label(struct label *label) { - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(delabel, MAGIC_DEVFS); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(devfs_vnode_associate); + LABEL_DESTROY(label, MAGIC_INPCB); + COUNTER_INC(inpcb_destroy_label); } -COUNTER_DECL(vnode_associate_extattr); +COUNTER_DECL(inpcb_init_label); static int -test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +test_inpcb_init_label(struct label *label, int flag) { - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(vnode_associate_extattr); + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_inpcb_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_INPCB); + COUNTER_INC(inpcb_init_label); return (0); } -COUNTER_DECL(vnode_associate_singlelabel); -static void -test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(vnode_associate_singlelabel); -} - -COUNTER_DECL(devfs_create_device); +COUNTER_DECL(inpcb_sosetlabel); static void -test_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +test_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { - if (cred != NULL) - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(delabel, MAGIC_DEVFS); - COUNTER_INC(devfs_create_device); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(inplabel, MAGIC_INPCB); + COUNTER_INC(inpcb_sosetlabel); } -COUNTER_DECL(devfs_create_directory); +COUNTER_DECL(ipq_create); static void -test_devfs_create_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *de, struct label *delabel) +test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) { - LABEL_CHECK(delabel, MAGIC_DEVFS); - COUNTER_INC(devfs_create_directory); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_create); } -COUNTER_DECL(devfs_create_symlink); +COUNTER_DECL(ipq_destroy_label); static void -test_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) +test_ipq_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ddlabel, MAGIC_DEVFS); - LABEL_CHECK(delabel, MAGIC_DEVFS); - COUNTER_INC(devfs_create_symlink); + LABEL_DESTROY(label, MAGIC_IPQ); + COUNTER_INC(ipq_destroy_label); } -COUNTER_DECL(vnode_create_extattr); +COUNTER_DECL(ipq_init_label); static int -test_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mplabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) +test_ipq_init_label(struct label *label, int flag) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mplabel, MAGIC_MOUNT); - LABEL_CHECK(dvplabel, MAGIC_VNODE); - COUNTER_INC(vnode_create_extattr); + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_ipq_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_IPQ); + COUNTER_INC(ipq_init_label); return (0); } -COUNTER_DECL(mount_create); -static void -test_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mplabel, MAGIC_MOUNT); - COUNTER_INC(mount_create); -} - -COUNTER_DECL(vnode_relabel); -static void -test_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); - COUNTER_INC(vnode_relabel); -} - -COUNTER_DECL(vnode_setlabel_extattr); +COUNTER_DECL(ipq_match); static int -test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - LABEL_CHECK(intlabel, MAGIC_VNODE); - COUNTER_INC(vnode_setlabel_extattr); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_match); - return (0); + return (1); } -COUNTER_DECL(devfs_update); +COUNTER_DECL(ipq_reassemble); static void -test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vplabel) +test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *datagram, struct label *datagramlabel) { - LABEL_CHECK(direntlabel, MAGIC_DEVFS); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(devfs_update); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(datagramlabel, MAGIC_MBUF); + COUNTER_INC(ipq_reassemble); } -/* - * Labeling event operations: IPC object. - */ -COUNTER_DECL(socket_create_mbuf); +COUNTER_DECL(ipq_update); static void -test_socket_create_mbuf(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, + struct ipq *ipq, struct label *ipqlabel) { - LABEL_CHECK(socketlabel, MAGIC_SOCKET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(socket_create_mbuf); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + LABEL_CHECK(ipqlabel, MAGIC_IPQ); + COUNTER_INC(ipq_update); } -COUNTER_DECL(socket_create); -static void -test_socket_create(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +COUNTER_DECL(kenv_check_dump); +static int +test_kenv_check_dump(struct ucred *cred) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); - COUNTER_INC(socket_create); -} - -COUNTER_DECL(pipe_create); -static void -test_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) -{ + COUNTER_INC(kenv_check_dump); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_create); + return (0); } -COUNTER_DECL(posixsem_create); -static void -test_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +COUNTER_DECL(kenv_check_get); +static int +test_kenv_check_get(struct ucred *cred, char *name) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_create); -} - -COUNTER_DECL(socket_newconn); -static void -test_socket_newconn(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) -{ + COUNTER_INC(kenv_check_get); - LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); - LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); - COUNTER_INC(socket_newconn); + return (0); } -COUNTER_DECL(socket_relabel); -static void -test_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +COUNTER_DECL(kenv_check_set); +static int +test_kenv_check_set(struct ucred *cred, char *name, char *value) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_SOCKET); - COUNTER_INC(socket_relabel); -} - -COUNTER_DECL(pipe_relabel); -static void -test_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) -{ + COUNTER_INC(kenv_check_set); - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - LABEL_CHECK(newlabel, MAGIC_PIPE); - COUNTER_INC(pipe_relabel); + return (0); } -COUNTER_DECL(socketpeer_set_from_mbuf); -static void -test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +COUNTER_DECL(kenv_check_unset); +static int +test_kenv_check_unset(struct ucred *cred, char *name) { - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); - COUNTER_INC(socketpeer_set_from_mbuf); -} - -/* - * Labeling event operations: network objects. - */ -COUNTER_DECL(socketpeer_set_from_socket); -static void -test_socketpeer_set_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) -{ + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(kenv_check_unset); - LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); - LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); - COUNTER_INC(socketpeer_set_from_socket); + return (0); } -COUNTER_DECL(bpfdesc_create); -static void -test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +COUNTER_DECL(kld_check_load); +static int +test_kld_check_load(struct ucred *cred, struct vnode *vp, + struct label *label) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(bpflabel, MAGIC_BPF); - COUNTER_INC(bpfdesc_create); -} - -COUNTER_DECL(ipq_reassemble); -static void -test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) -{ - - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - LABEL_CHECK(datagramlabel, MAGIC_MBUF); - COUNTER_INC(ipq_reassemble); -} - -COUNTER_DECL(netinet_fragment); -static void -test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) -{ + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(kld_check_load); - LABEL_CHECK(datagramlabel, MAGIC_MBUF); - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - COUNTER_INC(netinet_fragment); + return (0); } -COUNTER_DECL(ifnet_create); -static void -test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +COUNTER_DECL(kld_check_stat); +static int +test_kld_check_stat(struct ucred *cred) { - LABEL_CHECK(ifplabel, MAGIC_IFNET); - COUNTER_INC(ifnet_create); -} - -COUNTER_DECL(inpcb_create); -static void -test_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) -{ + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(kld_check_stat); - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(inplabel, MAGIC_INPCB); - COUNTER_INC(inpcb_create); + return (0); } -COUNTER_DECL(syncache_create); +COUNTER_DECL(mbuf_copy_label); static void -test_syncache_create(struct label *label, struct inpcb *inp) +test_mbuf_copy_label(struct label *src, struct label *dest) { - LABEL_CHECK(label, MAGIC_SYNCACHE); - COUNTER_INC(syncache_create); + LABEL_CHECK(src, MAGIC_MBUF); + LABEL_CHECK(dest, MAGIC_MBUF); + COUNTER_INC(mbuf_copy_label); } -COUNTER_DECL(syncache_create_mbuf); +COUNTER_DECL(mbuf_destroy_label); static void -test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +test_mbuf_destroy_label(struct label *label) { - LABEL_CHECK(sc_label, MAGIC_SYNCACHE); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(syncache_create_mbuf); -} - -COUNTER_DECL(sysvmsg_create); -static void -test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) -{ + /* + * If we're loaded dynamically, there may be mbufs in flight that + * didn't have label storage allocated for them. Handle this + * gracefully. + */ + if (label == NULL) + return; - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsg_create); + LABEL_DESTROY(label, MAGIC_MBUF); + COUNTER_INC(mbuf_destroy_label); } -COUNTER_DECL(sysvmsq_create); -static void -test_sysvmsq_create(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqlabel) +COUNTER_DECL(mbuf_init_label); +static int +test_mbuf_init_label(struct label *label, int flag) { - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_create); -} - -COUNTER_DECL(sysvsem_create); -static void -test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) -{ + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_mbuf_init_label() at %s:%d", __FILE__, + __LINE__); - LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_create); + LABEL_INIT(label, MAGIC_MBUF); + COUNTER_INC(mbuf_init_label); + return (0); } -COUNTER_DECL(sysvshm_create); -static void -test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmlabel) +COUNTER_DECL(mount_check_stat); +static int +test_mount_check_stat(struct ucred *cred, struct mount *mp, + struct label *mplabel) { - LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_create); -} - -COUNTER_DECL(ipq_create); -static void -test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) -{ + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + COUNTER_INC(mount_check_stat); - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_create); + return (0); } -COUNTER_DECL(inpcb_create_mbuf); +COUNTER_DECL(mount_create); static void -test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +test_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) { - LABEL_CHECK(inplabel, MAGIC_INPCB); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(inpcb_create_mbuf); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + COUNTER_INC(mount_create); } -COUNTER_DECL(bpfdesc_create_mbuf); +COUNTER_DECL(mount_destroy_label); static void -test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +test_mount_destroy_label(struct label *label) { - LABEL_CHECK(bpflabel, MAGIC_BPF); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(bpfdesc_create_mbuf); + LABEL_DESTROY(label, MAGIC_MOUNT); + COUNTER_INC(mount_destroy_label); } -COUNTER_DECL(ifnet_create_mbuf); +COUNTER_DECL(mount_init_label); static void -test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(ifnet_create_mbuf); -} - -COUNTER_DECL(ipq_match); -static int -test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +test_mount_init_label(struct label *label) { - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_match); - - return (1); + LABEL_INIT(label, MAGIC_MOUNT); + COUNTER_INC(mount_init_label); } COUNTER_DECL(netatalk_aarp_send); @@ -1116,6 +784,17 @@ test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, COUNTER_INC(netinet_arp_send); } +COUNTER_DECL(netinet_fragment); +static void +test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, + struct mbuf *fragment, struct label *fragmentlabel) +{ + + LABEL_CHECK(datagramlabel, MAGIC_MBUF); + LABEL_CHECK(fragmentlabel, MAGIC_MBUF); + COUNTER_INC(netinet_fragment); +} + COUNTER_DECL(netinet_icmp_reply); static void test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, @@ -1167,1077 +846,1270 @@ test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, COUNTER_INC(netinet6_nd6_send); } -COUNTER_DECL(ifnet_relabel); -static void -test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +COUNTER_DECL(pipe_check_ioctl); +static int +test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(newlabel, MAGIC_IFNET); - COUNTER_INC(ifnet_relabel); -} - -COUNTER_DECL(ipq_update); -static void -test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) -{ + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_ioctl); - LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); - COUNTER_INC(ipq_update); + return (0); } -COUNTER_DECL(inpcb_sosetlabel); -static void -test_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +COUNTER_DECL(pipe_check_poll); +static int +test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) { - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(inplabel, MAGIC_INPCB); - COUNTER_INC(inpcb_sosetlabel); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_poll); + + return (0); } -/* - * Labeling event operations: processes. - */ -COUNTER_DECL(vnode_execve_transition); -static void -test_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, - struct label *interpvplabel, struct image_params *imgp, - struct label *execlabel) +COUNTER_DECL(pipe_check_read); +static int +test_pipe_check_read(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) { - LABEL_CHECK(old->cr_label, MAGIC_CRED); - LABEL_CHECK(new->cr_label, MAGIC_CRED); - LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvplabel, MAGIC_VNODE); - LABEL_CHECK(execlabel, MAGIC_CRED); - COUNTER_INC(vnode_execve_transition); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_read); + + return (0); } -COUNTER_DECL(vnode_execve_will_transition); +COUNTER_DECL(pipe_check_relabel); static int -test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) +test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel, struct label *newlabel) { - LABEL_CHECK(old->cr_label, MAGIC_CRED); - LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvplabel, MAGIC_VNODE); - LABEL_CHECK(execlabel, MAGIC_CRED); - COUNTER_INC(vnode_execve_will_transition); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + LABEL_CHECK(newlabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_relabel); return (0); } -COUNTER_DECL(proc_create_swapper); -static void -test_proc_create_swapper(struct ucred *cred) +COUNTER_DECL(pipe_check_stat); +static int +test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_create_swapper); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_stat); + + return (0); } -COUNTER_DECL(proc_create_init); -static void -test_proc_create_init(struct ucred *cred) +COUNTER_DECL(pipe_check_write); +static int +test_pipe_check_write(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_create_init); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_check_write); + + return (0); } -COUNTER_DECL(cred_relabel); +COUNTER_DECL(pipe_copy_label); static void -test_cred_relabel(struct ucred *cred, struct label *newlabel) +test_pipe_copy_label(struct label *src, struct label *dest) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_CRED); - COUNTER_INC(cred_relabel); + LABEL_CHECK(src, MAGIC_PIPE); + LABEL_CHECK(dest, MAGIC_PIPE); + COUNTER_INC(pipe_copy_label); } -COUNTER_DECL(thread_userret); +COUNTER_DECL(pipe_create); static void -test_thread_userret(struct thread *td) +test_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel) { - COUNTER_INC(thread_userret); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + COUNTER_INC(pipe_create); } -/* - * Label cleanup/flush operations - */ -COUNTER_DECL(sysvmsg_cleanup); +COUNTER_DECL(pipe_destroy_label); static void -test_sysvmsg_cleanup(struct label *msglabel) +test_pipe_destroy_label(struct label *label) { - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); - COUNTER_INC(sysvmsg_cleanup); + LABEL_DESTROY(label, MAGIC_PIPE); + COUNTER_INC(pipe_destroy_label); } -COUNTER_DECL(sysvmsq_cleanup); -static void -test_sysvmsq_cleanup(struct label *msqlabel) +COUNTER_DECL(pipe_externalize_label); +static int +test_pipe_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) { - LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); - COUNTER_INC(sysvmsq_cleanup); + LABEL_CHECK(label, MAGIC_PIPE); + COUNTER_INC(pipe_externalize_label); + + return (0); } -COUNTER_DECL(sysvsem_cleanup); +COUNTER_DECL(pipe_init_label); static void -test_sysvsem_cleanup(struct label *semalabel) +test_pipe_init_label(struct label *label) { - LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_cleanup); + LABEL_INIT(label, MAGIC_PIPE); + COUNTER_INC(pipe_init_label); } -COUNTER_DECL(sysvshm_cleanup); +COUNTER_DECL(pipe_relabel); static void -test_sysvshm_cleanup(struct label *shmlabel) +test_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pipelabel, struct label *newlabel) { - LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_cleanup); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(pipelabel, MAGIC_PIPE); + LABEL_CHECK(newlabel, MAGIC_PIPE); + COUNTER_INC(pipe_relabel); } -/* - * Access control checks. - */ -COUNTER_DECL(bpfdesc_check_receive); +COUNTER_DECL(posixsem_check_destroy); static int -test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifp, struct label *ifplabel) +test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - LABEL_CHECK(bpflabel, MAGIC_BPF); - LABEL_CHECK(ifplabel, MAGIC_IFNET); - COUNTER_INC(bpfdesc_check_receive); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_destroy); return (0); } -COUNTER_DECL(cred_check_relabel); +COUNTER_DECL(posixsem_check_getvalue); static int -test_cred_check_relabel(struct ucred *cred, struct label *newlabel) +test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(newlabel, MAGIC_CRED); - COUNTER_INC(cred_check_relabel); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_getvalue); return (0); } -COUNTER_DECL(cred_check_visible); +COUNTER_DECL(posixsem_check_open); static int -test_cred_check_visible(struct ucred *u1, struct ucred *u2) +test_posixsem_check_open(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - LABEL_CHECK(u1->cr_label, MAGIC_CRED); - LABEL_CHECK(u2->cr_label, MAGIC_CRED); - COUNTER_INC(cred_check_visible); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_open); return (0); } -COUNTER_DECL(ifnet_check_relabel); +COUNTER_DECL(posixsem_check_post); static int -test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +test_posixsem_check_post(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(newlabel, MAGIC_IFNET); - COUNTER_INC(ifnet_check_relabel); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_post); return (0); } -COUNTER_DECL(ifnet_check_transmit); +COUNTER_DECL(posixsem_check_unlink); static int -test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mbuflabel) +test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(ifnet_check_transmit); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_unlink); return (0); } -COUNTER_DECL(inpcb_check_deliver); +COUNTER_DECL(posixsem_check_wait); static int -test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - LABEL_CHECK(inplabel, MAGIC_INPCB); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(inpcb_check_deliver); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_check_wait); return (0); } -COUNTER_DECL(sysvmsq_check_msgmsq); -static int -test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, - struct label *msglabel, struct msqid_kernel *msqkptr, - struct label *msqklabel) +COUNTER_DECL(posixsem_create); +static void +test_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgmsq); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_create); +} - return (0); +COUNTER_DECL(posixsem_destroy_label); +static void +test_posixsem_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_destroy_label); } -COUNTER_DECL(sysvmsq_check_msgrcv); +COUNTER_DECL(posixsem_init_label); +static void +test_posixsem_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_POSIX_SEM); + COUNTER_INC(posixsem_init_label); +} + +COUNTER_DECL(proc_check_debug); static int -test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +test_proc_check_debug(struct ucred *cred, struct proc *p) { - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgrcv); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_debug); return (0); } -COUNTER_DECL(sysvmsq_check_msgrmid); +COUNTER_DECL(proc_check_sched); static int -test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +test_proc_check_sched(struct ucred *cred, struct proc *p) { - LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msgrmid); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_sched); return (0); } -COUNTER_DECL(sysvmsq_check_msqget); +COUNTER_DECL(proc_check_signal); static int -test_sysvmsq_check_msqget(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqget); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_signal); return (0); } -COUNTER_DECL(sysvmsq_check_msqsnd); +COUNTER_DECL(proc_check_setaudit); static int -test_sysvmsq_check_msqsnd(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqsnd); + COUNTER_INC(proc_check_setaudit); return (0); } -COUNTER_DECL(sysvmsq_check_msqrcv); +COUNTER_DECL(proc_check_setaudit_addr); static int -test_sysvmsq_check_msqrcv(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel) +test_proc_check_setaudit_addr(struct ucred *cred, + struct auditinfo_addr *aia) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqrcv); + COUNTER_INC(proc_check_setaudit_addr); return (0); } -COUNTER_DECL(sysvmsq_check_msqctl); +COUNTER_DECL(proc_check_setauid); static int -test_sysvmsq_check_msqctl(struct ucred *cred, - struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) +test_proc_check_setauid(struct ucred *cred, uid_t auid) { - LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(sysvmsq_check_msqctl); + COUNTER_INC(proc_check_setauid); return (0); } -COUNTER_DECL(sysvsem_check_semctl); +COUNTER_DECL(proc_check_setegid); static int -test_sysvsem_check_semctl(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel, int cmd) +test_proc_check_setegid(struct ucred *cred, gid_t egid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semctl); + COUNTER_INC(proc_check_setegid); - return (0); + return (0); } -COUNTER_DECL(sysvsem_check_semget); +COUNTER_DECL(proc_check_euid); static int -test_sysvsem_check_semget(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel) +test_proc_check_seteuid(struct ucred *cred, uid_t euid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semget); + COUNTER_INC(proc_check_euid); return (0); } -COUNTER_DECL(sysvsem_check_semop); +COUNTER_DECL(proc_check_setregid); static int -test_sysvsem_check_semop(struct ucred *cred, - struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) +test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); - COUNTER_INC(sysvsem_check_semop); + COUNTER_INC(proc_check_setregid); return (0); } -COUNTER_DECL(sysvshm_check_shmat); +COUNTER_DECL(proc_check_setreuid); static int -test_sysvshm_check_shmat(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) +test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmat); + COUNTER_INC(proc_check_setreuid); - return (0); + return (0); } -COUNTER_DECL(sysvshm_check_shmctl); +COUNTER_DECL(proc_check_setgid); static int -test_sysvshm_check_shmctl(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) +test_proc_check_setgid(struct ucred *cred, gid_t gid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmctl); + COUNTER_INC(proc_check_setgid); - return (0); + return (0); } -COUNTER_DECL(sysvshm_check_shmdt); +COUNTER_DECL(proc_check_setgroups); static int -test_sysvshm_check_shmdt(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel) +test_proc_check_setgroups(struct ucred *cred, int ngroups, + gid_t *gidset) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmdt); + COUNTER_INC(proc_check_setgroups); return (0); } -COUNTER_DECL(sysvshm_check_shmget); +COUNTER_DECL(proc_check_setresgid); static int -test_sysvshm_check_shmget(struct ucred *cred, - struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) +test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); - COUNTER_INC(sysvshm_check_shmget); + COUNTER_INC(proc_check_setresgid); return (0); } -COUNTER_DECL(kenv_check_dump); +COUNTER_DECL(proc_check_setresuid); static int -test_kenv_check_dump(struct ucred *cred) +test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, + uid_t suid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(kenv_check_dump); + COUNTER_INC(proc_check_setresuid); return (0); } -COUNTER_DECL(kenv_check_get); +COUNTER_DECL(proc_check_setuid); static int -test_kenv_check_get(struct ucred *cred, char *name) +test_proc_check_setuid(struct ucred *cred, uid_t uid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(kenv_check_get); + COUNTER_INC(proc_check_setuid); return (0); } -COUNTER_DECL(kenv_check_set); +COUNTER_DECL(proc_check_wait); static int -test_kenv_check_set(struct ucred *cred, char *name, char *value) +test_proc_check_wait(struct ucred *cred, struct proc *p) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(kenv_check_set); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); + COUNTER_INC(proc_check_wait); return (0); } -COUNTER_DECL(kenv_check_unset); -static int -test_kenv_check_unset(struct ucred *cred, char *name) +COUNTER_DECL(proc_create_init); +static void +test_proc_create_init(struct ucred *cred) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(kenv_check_unset); - - return (0); + COUNTER_INC(proc_create_init); } -COUNTER_DECL(kld_check_load); -static int -test_kld_check_load(struct ucred *cred, struct vnode *vp, - struct label *label) +COUNTER_DECL(proc_create_swapper); +static void +test_proc_create_swapper(struct ucred *cred) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); - COUNTER_INC(kld_check_load); + COUNTER_INC(proc_create_swapper); +} - return (0); +COUNTER_DECL(proc_destroy_label); +static void +test_proc_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_PROC); + COUNTER_INC(proc_destroy_label); } -COUNTER_DECL(kld_check_stat); +COUNTER_DECL(proc_init_label); +static void +test_proc_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_PROC); + COUNTER_INC(proc_init_label); +} + +COUNTER_DECL(socket_check_accept); static int -test_kld_check_stat(struct ucred *cred) +test_socket_check_accept(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(kld_check_stat); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_accept); return (0); } -COUNTER_DECL(mount_check_stat); +COUNTER_DECL(socket_check_bind); static int -test_mount_check_stat(struct ucred *cred, struct mount *mp, - struct label *mplabel) +test_socket_check_bind(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mplabel, MAGIC_MOUNT); - COUNTER_INC(mount_check_stat); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_bind); return (0); } -COUNTER_DECL(pipe_check_ioctl); +COUNTER_DECL(socket_check_connect); static int -test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) +test_socket_check_connect(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_ioctl); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_connect); return (0); } -COUNTER_DECL(pipe_check_poll); +COUNTER_DECL(socket_check_deliver); static int -test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) +test_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_poll); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(socket_check_deliver); return (0); } -COUNTER_DECL(pipe_check_read); +COUNTER_DECL(socket_check_listen); static int -test_pipe_check_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) +test_socket_check_listen(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_read); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_listen); return (0); } -COUNTER_DECL(pipe_check_relabel); +COUNTER_DECL(socket_check_poll); static int -test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) +test_socket_check_poll(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - LABEL_CHECK(newlabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_relabel); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_poll); return (0); } -COUNTER_DECL(pipe_check_stat); +COUNTER_DECL(socket_check_receive); static int -test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) +test_socket_check_receive(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_stat); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_receive); return (0); } -COUNTER_DECL(pipe_check_write); +COUNTER_DECL(socket_check_relabel); static int -test_pipe_check_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) +test_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(pipelabel, MAGIC_PIPE); - COUNTER_INC(pipe_check_write); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(newlabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_relabel); return (0); } -COUNTER_DECL(posixsem_check_destroy); +COUNTER_DECL(socket_check_send); static int -test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +test_socket_check_send(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_destroy); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_send); return (0); } -COUNTER_DECL(posixsem_check_getvalue); +COUNTER_DECL(socket_check_stat); static int -test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +test_socket_check_stat(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_getvalue); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_stat); return (0); } -COUNTER_DECL(posixsem_check_open); +COUNTER_DECL(socket_check_visible); static int -test_posixsem_check_open(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +test_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_open); + LABEL_CHECK(solabel, MAGIC_SOCKET); + COUNTER_INC(socket_check_visible); return (0); } -COUNTER_DECL(posixsem_check_post); -static int -test_posixsem_check_post(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +COUNTER_DECL(socket_copy_label); +static void +test_socket_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_SOCKET); + LABEL_CHECK(dest, MAGIC_SOCKET); + COUNTER_INC(socket_copy_label); +} + +COUNTER_DECL(socket_create); +static void +test_socket_create(struct ucred *cred, struct socket *socket, + struct label *socketlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_post); + LABEL_CHECK(socketlabel, MAGIC_SOCKET); + COUNTER_INC(socket_create); +} - return (0); +COUNTER_DECL(socket_create_mbuf); +static void +test_socket_create_mbuf(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) +{ + + LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(socket_create_mbuf); } -COUNTER_DECL(posixsem_check_unlink); +COUNTER_DECL(socket_destroy_label); +static void +test_socket_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SOCKET); + COUNTER_INC(socket_destroy_label); +} + +COUNTER_DECL(socket_externalize_label); static int -test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +test_socket_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_unlink); + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socket_externalize_label); return (0); } -COUNTER_DECL(posixsem_check_wait); +COUNTER_DECL(socket_init_label); static int -test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +test_socket_init_label(struct label *label, int flag) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); - COUNTER_INC(posixsem_check_wait); + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_socket_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_SOCKET); + COUNTER_INC(socket_init_label); return (0); } -COUNTER_DECL(proc_check_debug); -static int -test_proc_check_debug(struct ucred *cred, struct proc *p) +COUNTER_DECL(socket_newconn); +static void +test_socket_newconn(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketlabel) +{ + + LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); + LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); + COUNTER_INC(socket_newconn); +} + +COUNTER_DECL(socket_relabel); +static void +test_socket_relabel(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_debug); + LABEL_CHECK(newlabel, MAGIC_SOCKET); + COUNTER_INC(socket_relabel); +} - return (0); +COUNTER_DECL(socketpeer_destroy_label); +static void +test_socketpeer_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_destroy_label); } -COUNTER_DECL(proc_check_sched); +COUNTER_DECL(socketpeer_externalize_label); static int -test_proc_check_sched(struct ucred *cred, struct proc *p) +test_socketpeer_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_sched); + LABEL_CHECK(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_externalize_label); return (0); } -COUNTER_DECL(proc_check_signal); +COUNTER_DECL(socketpeer_init_label); static int -test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +test_socketpeer_init_label(struct label *label, int flag) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_signal); + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_socketpeer_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_SOCKET); + COUNTER_INC(socketpeer_init_label); return (0); } -COUNTER_DECL(proc_check_setaudit); -static int -test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) +COUNTER_DECL(socketpeer_set_from_mbuf); +static void +test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, + struct socket *socket, struct label *socketpeerlabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setaudit); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); + COUNTER_INC(socketpeer_set_from_mbuf); +} - return (0); +COUNTER_DECL(socketpeer_set_from_socket); +static void +test_socketpeer_set_from_socket(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketpeerlabel) +{ + + LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); + LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); + COUNTER_INC(socketpeer_set_from_socket); } -COUNTER_DECL(proc_check_setaudit_addr); -static int -test_proc_check_setaudit_addr(struct ucred *cred, - struct auditinfo_addr *aia) +COUNTER_DECL(syncache_create); +static void +test_syncache_create(struct label *label, struct inpcb *inp) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setaudit_addr); + LABEL_CHECK(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_create); +} - return (0); +COUNTER_DECL(syncache_create_mbuf); +static void +test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) +{ + + LABEL_CHECK(sc_label, MAGIC_SYNCACHE); + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(syncache_create_mbuf); } -COUNTER_DECL(proc_check_setauid); -static int -test_proc_check_setauid(struct ucred *cred, uid_t auid) +COUNTER_DECL(syncache_destroy_label); +static void +test_syncache_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setauid); + LABEL_DESTROY(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_destroy_label); +} + +COUNTER_DECL(syncache_init_label); +static int +test_syncache_init_label(struct label *label, int flag) +{ + if (flag & M_WAITOK) + WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, + "test_syncache_init_label() at %s:%d", __FILE__, + __LINE__); + LABEL_INIT(label, MAGIC_SYNCACHE); + COUNTER_INC(syncache_init_label); return (0); } -COUNTER_DECL(proc_check_setuid); +COUNTER_DECL(system_check_acct); static int -test_proc_check_setuid(struct ucred *cred, uid_t uid) +test_system_check_acct(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setuid); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(system_check_acct); return (0); } -COUNTER_DECL(proc_check_euid); +COUNTER_DECL(system_check_audit); static int -test_proc_check_seteuid(struct ucred *cred, uid_t euid) +test_system_check_audit(struct ucred *cred, void *record, int length) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_euid); + COUNTER_INC(system_check_audit); return (0); } -COUNTER_DECL(proc_check_setgid); +COUNTER_DECL(system_check_auditctl); static int -test_proc_check_setgid(struct ucred *cred, gid_t gid) +test_system_check_auditctl(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setgid); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(system_check_auditctl); return (0); } -COUNTER_DECL(proc_check_setegid); +COUNTER_DECL(system_check_auditon); static int -test_proc_check_setegid(struct ucred *cred, gid_t egid) +test_system_check_auditon(struct ucred *cred, int cmd) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setegid); + COUNTER_INC(system_check_auditon); return (0); } -COUNTER_DECL(proc_check_setgroups); +COUNTER_DECL(system_check_reboot); static int -test_proc_check_setgroups(struct ucred *cred, int ngroups, - gid_t *gidset) +test_system_check_reboot(struct ucred *cred, int how) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setgroups); + COUNTER_INC(system_check_reboot); return (0); } -COUNTER_DECL(proc_check_setreuid); +COUNTER_DECL(system_check_swapoff); static int -test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +test_system_check_swapoff(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setreuid); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(system_check_swapoff); return (0); } -COUNTER_DECL(proc_check_setregid); +COUNTER_DECL(system_check_swapon); static int -test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +test_system_check_swapon(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setregid); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(system_check_swapon); return (0); } -COUNTER_DECL(proc_check_setresuid); +COUNTER_DECL(system_check_sysctl); static int -test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, - uid_t suid) +test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setresuid); + COUNTER_INC(system_check_sysctl); return (0); } -COUNTER_DECL(proc_check_setresgid); -static int -test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, - gid_t sgid) +COUNTER_DECL(sysvmsg_cleanup); +static void +test_sysvmsg_cleanup(struct label *msglabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_setresgid); + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_cleanup); +} - return (0); +COUNTER_DECL(sysvmsg_create); +static void +test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +{ + + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsg_create); } -COUNTER_DECL(proc_check_wait); -static int -test_proc_check_wait(struct ucred *cred, struct proc *p) +COUNTER_DECL(sysvmsg_destroy_label); +static void +test_sysvmsg_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); - COUNTER_INC(proc_check_wait); + LABEL_DESTROY(label, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_destroy_label); +} - return (0); +COUNTER_DECL(sysvmsg_init_label); +static void +test_sysvmsg_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_MSG); + COUNTER_INC(sysvmsg_init_label); } -COUNTER_DECL(socket_check_accept); +COUNTER_DECL(sysvmsq_check_msgmsq); static int -test_socket_check_accept(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) { + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_accept); + COUNTER_INC(sysvmsq_check_msgmsq); - return (0); + return (0); } -COUNTER_DECL(socket_check_bind); +COUNTER_DECL(sysvmsq_check_msgrcv); static int -test_socket_check_bind(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_bind); + COUNTER_INC(sysvmsq_check_msgrcv); return (0); } -COUNTER_DECL(socket_check_connect); +COUNTER_DECL(sysvmsq_check_msgrmid); static int -test_socket_check_connect(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { + LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_connect); + COUNTER_INC(sysvmsq_check_msgrmid); return (0); } -COUNTER_DECL(socket_check_deliver); +COUNTER_DECL(sysvmsq_check_msqget); static int -test_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +test_sysvmsq_check_msqget(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(mlabel, MAGIC_MBUF); - COUNTER_INC(socket_check_deliver); + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + COUNTER_INC(sysvmsq_check_msqget); return (0); } -COUNTER_DECL(socket_check_listen); +COUNTER_DECL(sysvmsq_check_msqsnd); static int -test_socket_check_listen(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvmsq_check_msqsnd(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_listen); + COUNTER_INC(sysvmsq_check_msqsnd); return (0); } -COUNTER_DECL(socket_check_poll); +COUNTER_DECL(sysvmsq_check_msqrcv); static int -test_socket_check_poll(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvmsq_check_msqrcv(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_poll); + COUNTER_INC(sysvmsq_check_msqrcv); return (0); } -COUNTER_DECL(socket_check_receive); +COUNTER_DECL(sysvmsq_check_msqctl); static int -test_socket_check_receive(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvmsq_check_msqctl(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) { + LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_receive); + COUNTER_INC(sysvmsq_check_msqctl); return (0); } -COUNTER_DECL(socket_check_relabel); -static int -test_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +COUNTER_DECL(sysvmsq_cleanup); +static void +test_sysvmsq_cleanup(struct label *msqlabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - LABEL_CHECK(newlabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_relabel); + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_cleanup); +} - return (0); +COUNTER_DECL(sysvmsq_create); +static void +test_sysvmsq_create(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel) +{ + + LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_create); } -COUNTER_DECL(socket_check_send); -static int -test_socket_check_send(struct ucred *cred, struct socket *so, - struct label *solabel) +COUNTER_DECL(sysvmsq_destroy_label); +static void +test_sysvmsq_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_send); + LABEL_DESTROY(label, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_destroy_label); +} - return (0); +COUNTER_DECL(sysvmsq_init_label); +static void +test_sysvmsq_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_MSQ); + COUNTER_INC(sysvmsq_init_label); } -COUNTER_DECL(socket_check_stat); +COUNTER_DECL(sysvsem_check_semctl); static int -test_socket_check_stat(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvsem_check_semctl(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, int cmd) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_stat); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semctl); - return (0); + return (0); } -COUNTER_DECL(socket_check_visible); +COUNTER_DECL(sysvsem_check_semget); static int -test_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) +test_sysvsem_check_semget(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(solabel, MAGIC_SOCKET); - COUNTER_INC(socket_check_visible); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semget); return (0); } -COUNTER_DECL(system_check_acct); +COUNTER_DECL(sysvsem_check_semop); static int -test_system_check_acct(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +test_sysvsem_check_semop(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(system_check_acct); + LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_check_semop); return (0); } -COUNTER_DECL(system_check_audit); -static int -test_system_check_audit(struct ucred *cred, void *record, int length) +COUNTER_DECL(sysvsem_cleanup); +static void +test_sysvsem_cleanup(struct label *semalabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(system_check_audit); + LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_cleanup); +} - return (0); +COUNTER_DECL(sysvsem_create); +static void +test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) +{ + + LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_create); } -COUNTER_DECL(system_check_auditctl); -static int -test_system_check_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +COUNTER_DECL(sysvsem_destroy_label); +static void +test_sysvsem_destroy_label(struct label *label) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(system_check_auditctl); + LABEL_DESTROY(label, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_destroy_label); +} - return (0); +COUNTER_DECL(sysvsem_init_label); +static void +test_sysvsem_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_SEM); + COUNTER_INC(sysvsem_init_label); } -COUNTER_DECL(system_check_auditon); +COUNTER_DECL(sysvshm_check_shmat); static int -test_system_check_auditon(struct ucred *cred, int cmd) +test_sysvshm_check_shmat(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(system_check_auditon); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmat); - return (0); + return (0); } -COUNTER_DECL(system_check_reboot); +COUNTER_DECL(sysvshm_check_shmctl); static int -test_system_check_reboot(struct ucred *cred, int how) +test_sysvshm_check_shmctl(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(system_check_reboot); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmctl); - return (0); + return (0); } -COUNTER_DECL(system_check_swapoff); +COUNTER_DECL(sysvshm_check_shmdt); static int -test_system_check_swapoff(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +test_sysvshm_check_shmdt(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(system_check_swapoff); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmdt); return (0); } -COUNTER_DECL(system_check_swapon); +COUNTER_DECL(sysvshm_check_shmget); static int -test_system_check_swapon(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +test_sysvshm_check_shmget(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(system_check_swapon); + LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_check_shmget); return (0); } -COUNTER_DECL(system_check_sysctl); +COUNTER_DECL(sysvshm_cleanup); +static void +test_sysvshm_cleanup(struct label *shmlabel) +{ + + LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_cleanup); +} + +COUNTER_DECL(sysvshm_create); +static void +test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmlabel) +{ + + LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_create); +} + +COUNTER_DECL(sysvshm_destroy_label); +static void +test_sysvshm_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_destroy_label); +} + +COUNTER_DECL(sysvshm_init_label); +static void +test_sysvshm_init_label(struct label *label) +{ + LABEL_INIT(label, MAGIC_SYSV_SHM); + COUNTER_INC(sysvshm_init_label); +} + +COUNTER_DECL(thread_userret); +static void +test_thread_userret(struct thread *td) +{ + + COUNTER_INC(thread_userret); +} + +COUNTER_DECL(vnode_associate_extattr); static int -test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, - void *arg1, int arg2, struct sysctl_req *req) +test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - COUNTER_INC(system_check_sysctl); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(vnode_associate_extattr); return (0); } +COUNTER_DECL(vnode_associate_singlelabel); +static void +test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) +{ + + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(vnode_associate_singlelabel); +} + COUNTER_DECL(vnode_check_access); static int test_vnode_check_access(struct ucred *cred, struct vnode *vp, @@ -2662,176 +2534,257 @@ test_vnode_check_write(struct ucred *active_cred, return (0); } +COUNTER_DECL(vnode_copy_label); +static void +test_vnode_copy_label(struct label *src, struct label *dest) +{ + + LABEL_CHECK(src, MAGIC_VNODE); + LABEL_CHECK(dest, MAGIC_VNODE); + COUNTER_INC(vnode_copy_label); +} + +COUNTER_DECL(vnode_create_extattr); +static int +test_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + COUNTER_INC(vnode_create_extattr); + + return (0); +} + +COUNTER_DECL(vnode_destroy_label); +static void +test_vnode_destroy_label(struct label *label) +{ + + LABEL_DESTROY(label, MAGIC_VNODE); + COUNTER_INC(vnode_destroy_label); +} + +COUNTER_DECL(vnode_execve_transition); +static void +test_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *filelabel, + struct label *interpvplabel, struct image_params *imgp, + struct label *execlabel) +{ + + LABEL_CHECK(old->cr_label, MAGIC_CRED); + LABEL_CHECK(new->cr_label, MAGIC_CRED); + LABEL_CHECK(filelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); + LABEL_CHECK(execlabel, MAGIC_CRED); + COUNTER_INC(vnode_execve_transition); +} + +COUNTER_DECL(vnode_execve_will_transition); +static int +test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *filelabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + + LABEL_CHECK(old->cr_label, MAGIC_CRED); + LABEL_CHECK(filelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); + LABEL_CHECK(execlabel, MAGIC_CRED); + COUNTER_INC(vnode_execve_will_transition); + + return (0); +} + +COUNTER_DECL(vnode_externalize_label); +static int +test_vnode_externalize_label(struct label *label, char *element_name, + struct sbuf *sb, int *claimed) +{ + + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_externalize_label); + + return (0); +} + +COUNTER_DECL(vnode_init_label); +static void +test_vnode_init_label(struct label *label) +{ + + LABEL_INIT(label, MAGIC_VNODE); + COUNTER_INC(vnode_init_label); +} + +COUNTER_DECL(vnode_relabel); +static void +test_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(vplabel, MAGIC_VNODE); + LABEL_CHECK(label, MAGIC_VNODE); + COUNTER_INC(vnode_relabel); +} + +COUNTER_DECL(vnode_setlabel_extattr); +static int +test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(vplabel, MAGIC_VNODE); + LABEL_CHECK(intlabel, MAGIC_VNODE); + COUNTER_INC(vnode_setlabel_extattr); + + return (0); +} + static struct mac_policy_ops test_ops = { - .mpo_bpfdesc_init_label = test_bpfdesc_init_label, - .mpo_cred_init_label = test_cred_init_label, - .mpo_devfs_init_label = test_devfs_init_label, - .mpo_ifnet_init_label = test_ifnet_init_label, - .mpo_syncache_init_label = test_syncache_init_label, - .mpo_sysvmsg_init_label = test_sysvmsg_init_label, - .mpo_sysvmsq_init_label = test_sysvmsq_init_label, - .mpo_sysvsem_init_label = test_sysvsem_init_label, - .mpo_sysvshm_init_label = test_sysvshm_init_label, - .mpo_inpcb_init_label = test_inpcb_init_label, - .mpo_ipq_init_label = test_ipq_init_label, - .mpo_mbuf_init_label = test_mbuf_init_label, - .mpo_mount_init_label = test_mount_init_label, - .mpo_pipe_init_label = test_pipe_init_label, - .mpo_posixsem_init_label = test_posixsem_init_label, - .mpo_proc_init_label = test_proc_init_label, - .mpo_socket_init_label = test_socket_init_label, - .mpo_socketpeer_init_label = test_socketpeer_init_label, - .mpo_vnode_init_label = test_vnode_init_label, + .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, + .mpo_bpfdesc_create = test_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, - .mpo_cred_destroy_label = test_cred_destroy_label, - .mpo_devfs_destroy_label = test_devfs_destroy_label, - .mpo_ifnet_destroy_label = test_ifnet_destroy_label, - .mpo_syncache_destroy_label = test_syncache_destroy_label, - .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, - .mpo_sysvmsq_destroy_label = - test_sysvmsq_destroy_label, - .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, - .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, - .mpo_inpcb_destroy_label = test_inpcb_destroy_label, - .mpo_ipq_destroy_label = test_ipq_destroy_label, - .mpo_mbuf_destroy_label = test_mbuf_destroy_label, - .mpo_mount_destroy_label = test_mount_destroy_label, - .mpo_pipe_destroy_label = test_pipe_destroy_label, - .mpo_posixsem_destroy_label = test_posixsem_destroy_label, - .mpo_proc_destroy_label = test_proc_destroy_label, - .mpo_socket_destroy_label = test_socket_destroy_label, - .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, - .mpo_vnode_destroy_label = test_vnode_destroy_label, + .mpo_bpfdesc_init_label = test_bpfdesc_init_label, + + .mpo_cred_check_relabel = test_cred_check_relabel, + .mpo_cred_check_visible = test_cred_check_visible, .mpo_cred_copy_label = test_cred_copy_label, - .mpo_ifnet_copy_label = test_ifnet_copy_label, - .mpo_mbuf_copy_label = test_mbuf_copy_label, - .mpo_pipe_copy_label = test_pipe_copy_label, - .mpo_socket_copy_label = test_socket_copy_label, - .mpo_vnode_copy_label = test_vnode_copy_label, + .mpo_cred_destroy_label = test_cred_destroy_label, .mpo_cred_externalize_label = test_cred_externalize_label, - .mpo_ifnet_externalize_label = test_ifnet_externalize_label, - .mpo_pipe_externalize_label = test_pipe_externalize_label, - .mpo_socket_externalize_label = test_socket_externalize_label, - .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, - .mpo_vnode_externalize_label = test_vnode_externalize_label, + .mpo_cred_init_label = test_cred_init_label, .mpo_cred_internalize_label = test_internalize_label, - .mpo_ifnet_internalize_label = test_internalize_label, - .mpo_pipe_internalize_label = test_internalize_label, - .mpo_socket_internalize_label = test_internalize_label, - .mpo_vnode_internalize_label = test_internalize_label, - .mpo_devfs_vnode_associate = test_devfs_vnode_associate, - .mpo_vnode_associate_extattr = test_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, + .mpo_cred_relabel = test_cred_relabel, + .mpo_devfs_create_device = test_devfs_create_device, .mpo_devfs_create_directory = test_devfs_create_directory, .mpo_devfs_create_symlink = test_devfs_create_symlink, - .mpo_vnode_create_extattr = test_vnode_create_extattr, - .mpo_mount_create = test_mount_create, - .mpo_vnode_relabel = test_vnode_relabel, - .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, + .mpo_devfs_destroy_label = test_devfs_destroy_label, + .mpo_devfs_init_label = test_devfs_init_label, .mpo_devfs_update = test_devfs_update, - .mpo_socket_create_mbuf = test_socket_create_mbuf, - .mpo_pipe_create = test_pipe_create, - .mpo_posixsem_create = test_posixsem_create, - .mpo_socket_create = test_socket_create, - .mpo_socket_newconn = test_socket_newconn, - .mpo_pipe_relabel = test_pipe_relabel, - .mpo_socket_relabel = test_socket_relabel, - .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, - .mpo_bpfdesc_create = test_bpfdesc_create, + .mpo_devfs_vnode_associate = test_devfs_vnode_associate, + + .mpo_ifnet_check_relabel = test_ifnet_check_relabel, + .mpo_ifnet_check_transmit = test_ifnet_check_transmit, + .mpo_ifnet_copy_label = test_ifnet_copy_label, .mpo_ifnet_create = test_ifnet_create, + .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = test_ifnet_destroy_label, + .mpo_ifnet_externalize_label = test_ifnet_externalize_label, + .mpo_ifnet_init_label = test_ifnet_init_label, + .mpo_ifnet_internalize_label = test_internalize_label, + .mpo_ifnet_relabel = test_ifnet_relabel, + + .mpo_syncache_destroy_label = test_syncache_destroy_label, + .mpo_syncache_init_label = test_syncache_init_label, + + .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, + .mpo_sysvmsg_init_label = test_sysvmsg_init_label, + + .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, + .mpo_sysvmsq_init_label = test_sysvmsq_init_label, + + .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, + .mpo_sysvsem_init_label = test_sysvsem_init_label, + + .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, + .mpo_sysvshm_init_label = test_sysvshm_init_label, + + .mpo_inpcb_check_deliver = test_inpcb_check_deliver, .mpo_inpcb_create = test_inpcb_create, - .mpo_syncache_create = test_syncache_create, - .mpo_syncache_create_mbuf = test_syncache_create_mbuf, - .mpo_sysvmsg_create = test_sysvmsg_create, - .mpo_sysvmsq_create = test_sysvmsq_create, - .mpo_sysvsem_create = test_sysvsem_create, - .mpo_sysvshm_create = test_sysvshm_create, - .mpo_ipq_reassemble = test_ipq_reassemble, - .mpo_netinet_fragment = test_netinet_fragment, - .mpo_ipq_create = test_ipq_create, .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, + .mpo_inpcb_destroy_label = test_inpcb_destroy_label, + .mpo_inpcb_init_label = test_inpcb_init_label, + .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, + + .mpo_ipq_create = test_ipq_create, + .mpo_ipq_destroy_label = test_ipq_destroy_label, + .mpo_ipq_init_label = test_ipq_init_label, .mpo_ipq_match = test_ipq_match, - .mpo_netatalk_aarp_send = test_netatalk_aarp_send, - .mpo_netinet_arp_send = test_netinet_arp_send, - .mpo_netinet_icmp_reply = test_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, - .mpo_netinet_igmp_send = test_netinet_igmp_send, - .mpo_netinet_tcp_reply = test_netinet_tcp_reply, - .mpo_netinet6_nd6_send = test_netinet6_nd6_send, - .mpo_ifnet_relabel = test_ifnet_relabel, + .mpo_ipq_reassemble = test_ipq_reassemble, .mpo_ipq_update = test_ipq_update, - .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, - .mpo_vnode_execve_transition = test_vnode_execve_transition, - .mpo_vnode_execve_will_transition = - test_vnode_execve_will_transition, - .mpo_proc_create_swapper = test_proc_create_swapper, - .mpo_proc_create_init = test_proc_create_init, - .mpo_cred_relabel = test_cred_relabel, - .mpo_thread_userret = test_thread_userret, - .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = test_sysvsem_cleanup, - .mpo_sysvshm_cleanup = test_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, - .mpo_cred_check_relabel = test_cred_check_relabel, - .mpo_cred_check_visible = test_cred_check_visible, - .mpo_ifnet_check_relabel = test_ifnet_check_relabel, - .mpo_ifnet_check_transmit = test_ifnet_check_transmit, - .mpo_inpcb_check_deliver = test_inpcb_check_deliver, - .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, - .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = test_sysvsem_check_semget, - .mpo_sysvsem_check_semop = test_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, - .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, + .mpo_kenv_check_dump = test_kenv_check_dump, .mpo_kenv_check_get = test_kenv_check_get, .mpo_kenv_check_set = test_kenv_check_set, .mpo_kenv_check_unset = test_kenv_check_unset, + .mpo_kld_check_load = test_kld_check_load, .mpo_kld_check_stat = test_kld_check_stat, + + .mpo_mbuf_copy_label = test_mbuf_copy_label, + .mpo_mbuf_destroy_label = test_mbuf_destroy_label, + .mpo_mbuf_init_label = test_mbuf_init_label, + .mpo_mount_check_stat = test_mount_check_stat, + .mpo_mount_create = test_mount_create, + .mpo_mount_destroy_label = test_mount_destroy_label, + .mpo_mount_init_label = test_mount_init_label, + + .mpo_netatalk_aarp_send = test_netatalk_aarp_send, + + .mpo_netinet_arp_send = test_netinet_arp_send, + .mpo_netinet_fragment = test_netinet_fragment, + .mpo_netinet_icmp_reply = test_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, + .mpo_netinet_igmp_send = test_netinet_igmp_send, + .mpo_netinet_tcp_reply = test_netinet_tcp_reply, + + .mpo_netinet6_nd6_send = test_netinet6_nd6_send, + .mpo_pipe_check_ioctl = test_pipe_check_ioctl, .mpo_pipe_check_poll = test_pipe_check_poll, .mpo_pipe_check_read = test_pipe_check_read, .mpo_pipe_check_relabel = test_pipe_check_relabel, .mpo_pipe_check_stat = test_pipe_check_stat, .mpo_pipe_check_write = test_pipe_check_write, + .mpo_pipe_copy_label = test_pipe_copy_label, + .mpo_pipe_create = test_pipe_create, + .mpo_pipe_destroy_label = test_pipe_destroy_label, + .mpo_pipe_externalize_label = test_pipe_externalize_label, + .mpo_pipe_init_label = test_pipe_init_label, + .mpo_pipe_internalize_label = test_internalize_label, + .mpo_pipe_relabel = test_pipe_relabel, + .mpo_posixsem_check_destroy = test_posixsem_check_destroy, .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, .mpo_posixsem_check_open = test_posixsem_check_open, .mpo_posixsem_check_post = test_posixsem_check_post, .mpo_posixsem_check_unlink = test_posixsem_check_unlink, .mpo_posixsem_check_wait = test_posixsem_check_wait, + .mpo_posixsem_create = test_posixsem_create, + .mpo_posixsem_destroy_label = test_posixsem_destroy_label, + .mpo_posixsem_init_label = test_posixsem_init_label, + .mpo_proc_check_debug = test_proc_check_debug, .mpo_proc_check_sched = test_proc_check_sched, .mpo_proc_check_setaudit = test_proc_check_setaudit, .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, .mpo_proc_check_setauid = test_proc_check_setauid, - .mpo_proc_check_setuid = test_proc_check_setuid, .mpo_proc_check_seteuid = test_proc_check_seteuid, - .mpo_proc_check_setgid = test_proc_check_setgid, .mpo_proc_check_setegid = test_proc_check_setegid, + .mpo_proc_check_setgid = test_proc_check_setgid, .mpo_proc_check_setgroups = test_proc_check_setgroups, - .mpo_proc_check_setreuid = test_proc_check_setreuid, .mpo_proc_check_setregid = test_proc_check_setregid, - .mpo_proc_check_setresuid = test_proc_check_setresuid, .mpo_proc_check_setresgid = test_proc_check_setresgid, + .mpo_proc_check_setresuid = test_proc_check_setresuid, + .mpo_proc_check_setreuid = test_proc_check_setreuid, + .mpo_proc_check_setuid = test_proc_check_setuid, .mpo_proc_check_signal = test_proc_check_signal, .mpo_proc_check_wait = test_proc_check_wait, + .mpo_proc_create_init = test_proc_create_init, + .mpo_proc_create_swapper = test_proc_create_swapper, + .mpo_proc_destroy_label = test_proc_destroy_label, + .mpo_proc_init_label = test_proc_init_label, + .mpo_socket_check_accept = test_socket_check_accept, .mpo_socket_check_bind = test_socket_check_bind, .mpo_socket_check_connect = test_socket_check_connect, @@ -2843,6 +2796,25 @@ static struct mac_policy_ops test_ops = .mpo_socket_check_send = test_socket_check_send, .mpo_socket_check_stat = test_socket_check_stat, .mpo_socket_check_visible = test_socket_check_visible, + .mpo_socket_copy_label = test_socket_copy_label, + .mpo_socket_create = test_socket_create, + .mpo_socket_create_mbuf = test_socket_create_mbuf, + .mpo_socket_destroy_label = test_socket_destroy_label, + .mpo_socket_externalize_label = test_socket_externalize_label, + .mpo_socket_init_label = test_socket_init_label, + .mpo_socket_internalize_label = test_internalize_label, + .mpo_socket_newconn = test_socket_newconn, + .mpo_socket_relabel = test_socket_relabel, + + .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, + .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, + .mpo_socketpeer_init_label = test_socketpeer_init_label, + .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, + + .mpo_syncache_create = test_syncache_create, + .mpo_syncache_create_mbuf = test_syncache_create_mbuf, + .mpo_system_check_acct = test_system_check_acct, .mpo_system_check_audit = test_system_check_audit, .mpo_system_check_auditctl = test_system_check_auditctl, @@ -2851,7 +2823,38 @@ static struct mac_policy_ops test_ops = .mpo_system_check_swapoff = test_system_check_swapoff, .mpo_system_check_swapon = test_system_check_swapon, .mpo_system_check_sysctl = test_system_check_sysctl, + .mpo_vnode_check_access = test_vnode_check_access, + .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, + .mpo_sysvmsg_create = test_sysvmsg_create, + + .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, + .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, + .mpo_sysvmsq_create = test_sysvmsq_create, + + .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = test_sysvsem_check_semget, + .mpo_sysvsem_check_semop = test_sysvsem_check_semop, + .mpo_sysvsem_cleanup = test_sysvsem_cleanup, + .mpo_sysvsem_create = test_sysvsem_create, + + .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, + .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = test_sysvshm_cleanup, + .mpo_sysvshm_create = test_sysvshm_create, + + .mpo_thread_userret = test_thread_userret, + + .mpo_vnode_associate_extattr = test_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, .mpo_vnode_check_chdir = test_vnode_check_chdir, .mpo_vnode_check_chroot = test_vnode_check_chroot, .mpo_vnode_check_create = test_vnode_check_create, @@ -2882,6 +2885,16 @@ static struct mac_policy_ops test_ops = .mpo_vnode_check_stat = test_vnode_check_stat, .mpo_vnode_check_unlink = test_vnode_check_unlink, .mpo_vnode_check_write = test_vnode_check_write, + .mpo_vnode_copy_label = test_vnode_copy_label, + .mpo_vnode_create_extattr = test_vnode_create_extattr, + .mpo_vnode_destroy_label = test_vnode_destroy_label, + .mpo_vnode_execve_transition = test_vnode_execve_transition, + .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, + .mpo_vnode_externalize_label = test_vnode_externalize_label, + .mpo_vnode_init_label = test_vnode_init_label, + .mpo_vnode_internalize_label = test_internalize_label, + .mpo_vnode_relabel = test_vnode_relabel, + .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, }; MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", |