summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2007-10-29 13:33:06 +0000
committerrwatson <rwatson@FreeBSD.org>2007-10-29 13:33:06 +0000
commita4265719055fe445116eb2743b6aacf518bb1a8d (patch)
treeb5d3ede5fbbf1cb40c13deb6bb8e406ce58b639e /sys
parent17e940f736d56194ae75e4a2963c775a59f0a3f6 (diff)
downloadFreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.zip
FreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.tar.gz
Resort TrustedBSD MAC Framework policy entry point implementations and
declarations to match the object, operation sort order in the framework itself. Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
-rw-r--r--sys/security/mac_biba/mac_biba.c2248
-rw-r--r--sys/security/mac_bsdextended/mac_bsdextended.c4
-rw-r--r--sys/security/mac_ifoff/mac_ifoff.c4
-rw-r--r--sys/security/mac_lomac/mac_lomac.c1729
-rw-r--r--sys/security/mac_mls/mac_mls.c1801
-rw-r--r--sys/security/mac_partition/mac_partition.c158
-rw-r--r--sys/security/mac_seeotheruids/mac_seeotheruids.c16
-rw-r--r--sys/security/mac_stub/mac_stub.c969
-rw-r--r--sys/security/mac_test/mac_test.c2499
9 files changed, 4744 insertions, 4684 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 72f9745..052e8f3 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -774,391 +774,252 @@ biba_copy_label(struct label *src, struct label *dest)
}
/*
- * Labeling event operations: file system objects, and things that look a lot
- * like file system objects.
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type name and then by operation.
*/
-static void
-biba_devfs_create_device(struct ucred *cred, struct mount *mp,
- struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
-{
- struct mac_biba *mb;
- int biba_type;
-
- mb = SLOT(delabel);
- if (strcmp(dev->si_name, "null") == 0 ||
- strcmp(dev->si_name, "zero") == 0 ||
- strcmp(dev->si_name, "random") == 0 ||
- strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
- biba_type = MAC_BIBA_TYPE_EQUAL;
- else if (ptys_equal &&
- (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
- strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
- biba_type = MAC_BIBA_TYPE_EQUAL;
- else
- biba_type = MAC_BIBA_TYPE_HIGH;
- biba_set_effective(mb, biba_type, 0, NULL);
-}
-
-static void
-biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
- struct devfs_dirent *de, struct label *delabel)
+static int
+biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
+ struct ifnet *ifp, struct label *ifplabel)
{
- struct mac_biba *mb;
-
- mb = SLOT(delabel);
-
- biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL);
-}
+ struct mac_biba *a, *b;
-static void
-biba_devfs_create_symlink(struct ucred *cred, struct mount *mp,
- struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
- struct label *delabel)
-{
- struct mac_biba *source, *dest;
+ if (!biba_enabled)
+ return (0);
- source = SLOT(cred->cr_label);
- dest = SLOT(delabel);
+ a = SLOT(dlabel);
+ b = SLOT(ifplabel);
- biba_copy_effective(source, dest);
+ if (biba_equal_effective(a, b))
+ return (0);
+ return (EACCES);
}
static void
-biba_mount_create(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
+biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
+ struct label *dlabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(mplabel);
+ dest = SLOT(dlabel);
biba_copy_effective(source, dest);
}
static void
-biba_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *newlabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(vplabel);
-
- biba_copy(source, dest);
-}
-
-static void
-biba_devfs_update(struct mount *mp, struct devfs_dirent *de,
- struct label *delabel, struct vnode *vp, struct label *vplabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(vplabel);
- dest = SLOT(delabel);
-
- biba_copy(source, dest);
-}
-
-static void
-biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel,
- struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
- struct label *vplabel)
+biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(delabel);
- dest = SLOT(vplabel);
+ source = SLOT(dlabel);
+ dest = SLOT(mlabel);
biba_copy_effective(source, dest);
}
static int
-biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
+biba_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
- struct mac_biba mb_temp, *source, *dest;
- int buflen, error;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
+ struct mac_biba *subj, *new;
+ int error;
- buflen = sizeof(mb_temp);
- bzero(&mb_temp, buflen);
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
- error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
- MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread);
- if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the mntlabel. */
- biba_copy_effective(source, dest);
- return (0);
- } else if (error)
+ /*
+ * If there is a Biba label update for the credential, it may
+ * be an update of the effective, range, or both.
+ */
+ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+ if (error)
return (error);
- if (buflen != sizeof(mb_temp)) {
- printf("biba_vnode_associate_extattr: bad size %d\n",
- buflen);
- return (EPERM);
- }
- if (biba_valid(&mb_temp) != 0) {
- printf("biba_vnode_associate_extattr: invalid\n");
- return (EPERM);
- }
- if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) !=
- MAC_BIBA_FLAG_EFFECTIVE) {
- printf("biba_vnode_associate_extattr: not effective\n");
- return (EPERM);
- }
-
- biba_copy_effective(&mb_temp, dest);
- return (0);
-}
-
-static void
-biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
-
- biba_copy_effective(source, dest);
-}
+ /*
+ * If the Biba label is to be changed, authorize as appropriate.
+ */
+ if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) {
+ /*
+ * If the change request modifies both the Biba label
+ * effective and range, check that the new effective will be
+ * in the new range.
+ */
+ if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) ==
+ MAC_BIBA_FLAGS_BOTH &&
+ !biba_effective_in_range(new, new))
+ return (EINVAL);
-static int
-biba_vnode_create_extattr(struct ucred *cred, struct mount *mp,
- struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel, struct componentname *cnp)
-{
- struct mac_biba *source, *dest, mb_temp;
- size_t buflen;
- int error;
+ /*
+ * To change the Biba effective label on a credential, the
+ * new effective label must be in the current range.
+ */
+ if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE &&
+ !biba_effective_in_range(new, subj))
+ return (EPERM);
- buflen = sizeof(mb_temp);
- bzero(&mb_temp, buflen);
+ /*
+ * To change the Biba range on a credential, the new range
+ * label must be in the current range.
+ */
+ if (new->mb_flags & MAC_BIBA_FLAG_RANGE &&
+ !biba_range_in_range(new, subj))
+ return (EPERM);
- source = SLOT(cred->cr_label);
- dest = SLOT(vplabel);
- biba_copy_effective(source, &mb_temp);
+ /*
+ * To have EQUAL in any component of the new credential Biba
+ * label, the subject must already have EQUAL in their label.
+ */
+ if (biba_contains_equal(new)) {
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
+ }
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
- MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
- if (error == 0)
- biba_copy_effective(source, dest);
- return (error);
+ return (0);
}
static int
-biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *intlabel)
+biba_cred_check_visible(struct ucred *u1, struct ucred *u2)
{
- struct mac_biba *source, mb_temp;
- size_t buflen;
- int error;
-
- buflen = sizeof(mb_temp);
- bzero(&mb_temp, buflen);
+ struct mac_biba *subj, *obj;
- source = SLOT(intlabel);
- if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0)
+ if (!biba_enabled)
return (0);
- biba_copy_effective(source, &mb_temp);
-
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
- MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
- return (error);
-}
-
-/*
- * Labeling event operations: IPC object.
- */
-static void
-biba_inpcb_create(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(solabel);
- dest = SLOT(inplabel);
-
- biba_copy_effective(source, dest);
-}
-
-static void
-biba_socket_create_mbuf(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(solabel);
- dest = SLOT(mlabel);
-
- biba_copy_effective(source, dest);
-}
-
-static void
-biba_socket_create(struct ucred *cred, struct socket *so,
- struct label *solabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(solabel);
-
- biba_copy_effective(source, dest);
-}
-
-static void
-biba_pipe_create(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(pplabel);
-
- biba_copy_effective(source, dest);
-}
-
-static void
-biba_posixsem_create(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(kslabel);
-
- biba_copy_effective(source, dest);
-}
-
-static void
-biba_socket_newconn(struct socket *oldso, struct label *oldsolabel,
- struct socket *newso, struct label *newsolabel)
-{
- struct mac_biba *source, *dest;
+ subj = SLOT(u1->cr_label);
+ obj = SLOT(u2->cr_label);
- source = SLOT(oldsolabel);
- dest = SLOT(newsolabel);
+ /* XXX: range */
+ if (!biba_dominate_effective(obj, subj))
+ return (ESRCH);
- biba_copy_effective(source, dest);
+ return (0);
}
static void
-biba_socket_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+biba_cred_relabel(struct ucred *cred, struct label *newlabel)
{
struct mac_biba *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(solabel);
+ dest = SLOT(cred->cr_label);
biba_copy(source, dest);
}
static void
-biba_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+biba_devfs_create_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
{
- struct mac_biba *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(pplabel);
+ struct mac_biba *mb;
+ int biba_type;
- biba_copy(source, dest);
+ mb = SLOT(delabel);
+ if (strcmp(dev->si_name, "null") == 0 ||
+ strcmp(dev->si_name, "zero") == 0 ||
+ strcmp(dev->si_name, "random") == 0 ||
+ strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
+ biba_type = MAC_BIBA_TYPE_EQUAL;
+ else if (ptys_equal &&
+ (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+ strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
+ biba_type = MAC_BIBA_TYPE_EQUAL;
+ else
+ biba_type = MAC_BIBA_TYPE_HIGH;
+ biba_set_effective(mb, biba_type, 0, NULL);
}
static void
-biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
- struct socket *so, struct label *sopeerlabel)
+biba_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
+ struct devfs_dirent *de, struct label *delabel)
{
- struct mac_biba *source, *dest;
+ struct mac_biba *mb;
- source = SLOT(mlabel);
- dest = SLOT(sopeerlabel);
+ mb = SLOT(delabel);
- biba_copy_effective(source, dest);
+ biba_set_effective(mb, MAC_BIBA_TYPE_HIGH, 0, NULL);
}
-/*
- * Labeling event operations: System V IPC objects.
- */
static void
-biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+biba_devfs_create_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel)
{
struct mac_biba *source, *dest;
- /* Ignore the msgq label */
source = SLOT(cred->cr_label);
- dest = SLOT(msglabel);
+ dest = SLOT(delabel);
biba_copy_effective(source, dest);
}
static void
-biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel)
+biba_devfs_update(struct mount *mp, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp, struct label *vplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(msqlabel);
+ source = SLOT(vplabel);
+ dest = SLOT(delabel);
- biba_copy_effective(source, dest);
+ biba_copy(source, dest);
}
static void
-biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semalabel)
+biba_devfs_vnode_associate(struct mount *mp, struct label *mntlabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(semalabel);
+ source = SLOT(delabel);
+ dest = SLOT(vplabel);
biba_copy_effective(source, dest);
}
-static void
-biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmlabel)
+static int
+biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
- struct mac_biba *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(shmlabel);
+ struct mac_biba *subj, *new;
+ int error;
- biba_copy_effective(source, dest);
-}
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
-/*
- * Labeling event operations: network objects.
- */
-static void
-biba_socketpeer_set_from_socket(struct socket *oldso,
- struct label *oldsolabel, struct socket *newso,
- struct label *newsopeerlabel)
-{
- struct mac_biba *source, *dest;
+ /*
+ * If there is a Biba label update for the interface, it may be an
+ * update of the effective, range, or both.
+ */
+ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+ if (error)
+ return (error);
- source = SLOT(oldsolabel);
- dest = SLOT(newsopeerlabel);
+ /*
+ * Relabling network interfaces requires Biba privilege.
+ */
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
- biba_copy_effective(source, dest);
+ return (0);
}
-static void
-biba_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
- struct label *dlabel)
+static int
+biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_biba *source, *dest;
+ struct mac_biba *p, *i;
- source = SLOT(cred->cr_label);
- dest = SLOT(dlabel);
+ if (!biba_enabled)
+ return (0);
- biba_copy_effective(source, dest);
+ p = SLOT(mlabel);
+ i = SLOT(ifplabel);
+
+ return (biba_effective_in_range(p, i) ? 0 : EACCES);
}
static void
@@ -1219,38 +1080,52 @@ set:
}
static void
-biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(mlabel);
- dest = SLOT(ipqlabel);
+ source = SLOT(ifplabel);
+ dest = SLOT(mlabel);
biba_copy_effective(source, dest);
}
static void
-biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
- struct label *mlabel)
+biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(ipqlabel);
- dest = SLOT(mlabel);
+ source = SLOT(newlabel);
+ dest = SLOT(ifplabel);
- /* Just use the head, since we require them all to match. */
- biba_copy_effective(source, dest);
+ biba_copy(source, dest);
+}
+
+static int
+biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_biba *p, *i;
+
+ if (!biba_enabled)
+ return (0);
+
+ p = SLOT(mlabel);
+ i = SLOT(inplabel);
+
+ return (biba_equal_effective(p, i) ? 0 : EACCES);
}
static void
-biba_netinet_fragment(struct mbuf *m, struct label *mlabel,
- struct mbuf *frag, struct label *fraglabel)
+biba_inpcb_create(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(mlabel);
- dest = SLOT(fraglabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
biba_copy_effective(source, dest);
}
@@ -1268,25 +1143,25 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
}
static void
-biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
- struct mbuf *m, struct label *mlabel)
+biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(dlabel);
- dest = SLOT(mlabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
- biba_copy_effective(source, dest);
+ biba_copy(source, dest);
}
static void
-biba_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(ifplabel);
- dest = SLOT(mlabel);
+ source = SLOT(mlabel);
+ dest = SLOT(ipqlabel);
biba_copy_effective(source, dest);
}
@@ -1304,15 +1179,16 @@ biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
}
static void
-biba_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
+ struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(newlabel);
- dest = SLOT(ifplabel);
+ source = SLOT(ipqlabel);
+ dest = SLOT(mlabel);
- biba_copy(source, dest);
+ /* Just use the head, since we require them all to match. */
+ biba_copy_effective(source, dest);
}
static void
@@ -1323,16 +1199,57 @@ biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
/* NOOP: we only accept matching labels, so no need to update */
}
+static int
+biba_kld_check_load(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
+{
+ struct mac_biba *subj, *obj;
+ int error;
+
+ if (!biba_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+
+ obj = SLOT(vplabel);
+ if (!biba_high_effective(obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+biba_mount_check_stat(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!biba_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(mplabel);
+
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
+}
+
static void
-biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+biba_mount_create(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(solabel);
- dest = SLOT(inplabel);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(mplabel);
- biba_copy(source, dest);
+ biba_copy_effective(source, dest);
}
static void
@@ -1381,6 +1298,18 @@ biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
}
static void
+biba_netinet_fragment(struct mbuf *m, struct label *mlabel,
+ struct mbuf *frag, struct label *fraglabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(mlabel);
+ dest = SLOT(fraglabel);
+
+ biba_copy_effective(source, dest);
+}
+
+static void
biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
struct mbuf *msend, struct label *msendlabel)
{
@@ -1414,155 +1343,95 @@ biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
}
-/*
- * Labeling event operations: processes.
- */
-static void
-biba_proc_create_swapper(struct ucred *cred)
-{
- struct mac_biba *dest;
-
- dest = SLOT(cred->cr_label);
-
- biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
- biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
- 0, NULL);
-}
-
-static void
-biba_proc_create_init(struct ucred *cred)
-{
- struct mac_biba *dest;
-
- dest = SLOT(cred->cr_label);
-
- biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL);
- biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
- 0, NULL);
-}
-
-static void
-biba_proc_associate_nfsd(struct ucred *cred)
-{
- struct mac_biba *label;
-
- label = SLOT(cred->cr_label);
- biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL);
- biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
- 0, NULL);
-}
-
-static void
-biba_cred_relabel(struct ucred *cred, struct label *newlabel)
+static int
+biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
{
- struct mac_biba *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(cred->cr_label);
- biba_copy(source, dest);
-}
+ if(!biba_enabled)
+ return (0);
-/*
- * Label cleanup/flush operations
- */
-static void
-biba_sysvmsg_cleanup(struct label *msglabel)
-{
+ /* XXX: This will be implemented soon... */
- bzero(SLOT(msglabel), sizeof(struct mac_biba));
+ return (0);
}
-static void
-biba_sysvmsq_cleanup(struct label *msqlabel)
+static int
+biba_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
+ struct mac_biba *subj, *obj;
- bzero(SLOT(msqlabel), sizeof(struct mac_biba));
-}
+ if (!biba_enabled)
+ return (0);
-static void
-biba_sysvsem_cleanup(struct label *semalabel)
-{
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
- bzero(SLOT(semalabel), sizeof(struct mac_biba));
-}
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
-static void
-biba_sysvshm_cleanup(struct label *shmlabel)
-{
- bzero(SLOT(shmlabel), sizeof(struct mac_biba));
+ return (0);
}
-/*
- * Access control checks.
- */
static int
-biba_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
- struct ifnet *ifp, struct label *ifplabel)
+biba_pipe_check_read(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_biba *a, *b;
+ struct mac_biba *subj, *obj;
if (!biba_enabled)
return (0);
- a = SLOT(dlabel);
- b = SLOT(ifplabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
- if (biba_equal_effective(a, b))
- return (0);
- return (EACCES);
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
}
static int
-biba_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+biba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
- struct mac_biba *subj, *new;
+ struct mac_biba *subj, *obj, *new;
int error;
- subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
/*
- * If there is a Biba label update for the credential, it may
- * be an update of the effective, range, or both.
+ * If there is a Biba label update for a pipe, it must be a effective
+ * update.
*/
- error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+ error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
if (error)
return (error);
/*
- * If the Biba label is to be changed, authorize as appropriate.
+ * To perform a relabel of a pipe (Biba label or not), Biba must
+ * authorize the relabel.
*/
- if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) {
- /*
- * If the change request modifies both the Biba label
- * effective and range, check that the new effective will be
- * in the new range.
- */
- if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) ==
- MAC_BIBA_FLAGS_BOTH &&
- !biba_effective_in_range(new, new))
- return (EINVAL);
-
- /*
- * To change the Biba effective label on a credential, the
- * new effective label must be in the current range.
- */
- if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE &&
- !biba_effective_in_range(new, subj))
- return (EPERM);
+ if (!biba_effective_in_range(obj, subj))
+ return (EPERM);
+ /*
+ * If the Biba label is to be changed, authorize as appropriate.
+ */
+ if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
/*
- * To change the Biba range on a credential, the new range
- * label must be in the current range.
+ * To change the Biba label on a pipe, the new pipe label
+ * must be in the subject range.
*/
- if (new->mb_flags & MAC_BIBA_FLAG_RANGE &&
- !biba_range_in_range(new, subj))
+ if (!biba_effective_in_range(new, subj))
return (EPERM);
/*
- * To have EQUAL in any component of the new credential Biba
- * label, the subject must already have EQUAL in their label.
+ * To change the Biba label on a pipe to be EQUAL, the
+ * subject must have appropriate privilege.
*/
if (biba_contains_equal(new)) {
error = biba_subject_privileged(subj);
@@ -1575,84 +1444,86 @@ biba_cred_check_relabel(struct ucred *cred, struct label *newlabel)
}
static int
-biba_cred_check_visible(struct ucred *u1, struct ucred *u2)
+biba_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
struct mac_biba *subj, *obj;
if (!biba_enabled)
return (0);
- subj = SLOT(u1->cr_label);
- obj = SLOT(u2->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
- /* XXX: range */
if (!biba_dominate_effective(obj, subj))
- return (ESRCH);
+ return (EACCES);
return (0);
}
static int
-biba_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+biba_pipe_check_write(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_biba *subj, *new;
- int error;
+ struct mac_biba *subj, *obj;
- subj = SLOT(cred->cr_label);
- new = SLOT(newlabel);
+ if (!biba_enabled)
+ return (0);
- /*
- * If there is a Biba label update for the interface, it may be an
- * update of the effective, range, or both.
- */
- error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
- if (error)
- return (error);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
- /*
- * Relabling network interfaces requires Biba privilege.
- */
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
return (0);
}
-static int
-biba_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+static void
+biba_pipe_create(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_biba *p, *i;
+ struct mac_biba *source, *dest;
- if (!biba_enabled)
- return (0);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(pplabel);
- p = SLOT(mlabel);
- i = SLOT(ifplabel);
+ biba_copy_effective(source, dest);
+}
- return (biba_effective_in_range(p, i) ? 0 : EACCES);
+static void
+biba_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(pplabel);
+
+ biba_copy(source, dest);
}
static int
-biba_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+biba_posixsem_check_write(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- struct mac_biba *p, *i;
+ struct mac_biba *subj, *obj;
if (!biba_enabled)
return (0);
- p = SLOT(mlabel);
- i = SLOT(inplabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(kslabel);
- return (biba_equal_effective(p, i) ? 0 : EACCES);
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
}
static int
-biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
struct mac_biba *subj, *obj;
@@ -1660,7 +1531,7 @@ biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(msglabel);
+ obj = SLOT(kslabel);
if (!biba_dominate_effective(obj, subj))
return (EACCES);
@@ -1668,27 +1539,220 @@ biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
return (0);
}
+static void
+biba_posixsem_create(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(kslabel);
+
+ biba_copy_effective(source, dest);
+}
+
+/*
+ * Some system privileges are allowed regardless of integrity grade; others
+ * are allowed only when running with privilege with respect to the Biba
+ * policy as they might otherwise allow bypassing of the integrity policy.
+ */
static int
-biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+biba_priv_check(struct ucred *cred, int priv)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *subj;
+ int error;
if (!biba_enabled)
return (0);
- subj = SLOT(cred->cr_label);
- obj = SLOT(msglabel);
+ /*
+ * Exempt only specific privileges from the Biba integrity policy.
+ */
+ switch (priv) {
+ case PRIV_KTRACE:
+ case PRIV_MSGBUF:
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
+ /*
+ * Allow processes to manipulate basic process audit properties, and
+ * to submit audit records.
+ */
+ case PRIV_AUDIT_GETAUDIT:
+ case PRIV_AUDIT_SETAUDIT:
+ case PRIV_AUDIT_SUBMIT:
+ /*
+ * Allow processes to manipulate their regular UNIX credentials.
+ */
+ case PRIV_CRED_SETUID:
+ case PRIV_CRED_SETEUID:
+ case PRIV_CRED_SETGID:
+ case PRIV_CRED_SETEGID:
+ case PRIV_CRED_SETGROUPS:
+ case PRIV_CRED_SETREUID:
+ case PRIV_CRED_SETREGID:
+ case PRIV_CRED_SETRESUID:
+ case PRIV_CRED_SETRESGID:
+
+ /*
+ * Allow processes to perform system monitoring.
+ */
+ case PRIV_SEEOTHERGIDS:
+ case PRIV_SEEOTHERUIDS:
+ break;
+
+ /*
+ * Allow access to general process debugging facilities. We
+ * separately control debugging based on MAC label.
+ */
+ case PRIV_DEBUG_DIFFCRED:
+ case PRIV_DEBUG_SUGID:
+ case PRIV_DEBUG_UNPRIV:
+
+ /*
+ * Allow manipulating jails.
+ */
+ case PRIV_JAIL_ATTACH:
+
+ /*
+ * Allow privilege with respect to the Partition policy, but not the
+ * Privs policy.
+ */
+ case PRIV_MAC_PARTITION:
+
+ /*
+ * Allow privilege with respect to process resource limits and login
+ * context.
+ */
+ case PRIV_PROC_LIMIT:
+ case PRIV_PROC_SETLOGIN:
+ case PRIV_PROC_SETRLIMIT:
+
+ /*
+ * Allow System V and POSIX IPC privileges.
+ */
+ case PRIV_IPC_READ:
+ case PRIV_IPC_WRITE:
+ case PRIV_IPC_ADMIN:
+ case PRIV_IPC_MSGSIZE:
+ case PRIV_MQ_ADMIN:
+
+ /*
+ * Allow certain scheduler manipulations -- possibly this should be
+ * controlled by more fine-grained policy, as potentially low
+ * integrity processes can deny CPU to higher integrity ones.
+ */
+ case PRIV_SCHED_DIFFCRED:
+ case PRIV_SCHED_SETPRIORITY:
+ case PRIV_SCHED_RTPRIO:
+ case PRIV_SCHED_SETPOLICY:
+ case PRIV_SCHED_SET:
+ case PRIV_SCHED_SETPARAM:
+
+ /*
+ * More IPC privileges.
+ */
+ case PRIV_SEM_WRITE:
+
+ /*
+ * Allow signaling privileges subject to integrity policy.
+ */
+ case PRIV_SIGNAL_DIFFCRED:
+ case PRIV_SIGNAL_SUGID:
+
+ /*
+ * Allow access to only limited sysctls from lower integrity levels;
+ * piggy-back on the Jail definition.
+ */
+ case PRIV_SYSCTL_WRITEJAIL:
+
+ /*
+ * Allow TTY-based privileges, subject to general device access using
+ * labels on TTY device nodes, but not console privilege.
+ */
+ case PRIV_TTY_DRAINWAIT:
+ case PRIV_TTY_DTRWAIT:
+ case PRIV_TTY_EXCLUSIVE:
+ case PRIV_TTY_PRISON:
+ case PRIV_TTY_STI:
+ case PRIV_TTY_SETA:
+
+ /*
+ * Grant most VFS privileges, as almost all are in practice bounded
+ * by more specific checks using labels.
+ */
+ case PRIV_VFS_READ:
+ case PRIV_VFS_WRITE:
+ case PRIV_VFS_ADMIN:
+ case PRIV_VFS_EXEC:
+ case PRIV_VFS_LOOKUP:
+ case PRIV_VFS_CHFLAGS_DEV:
+ case PRIV_VFS_CHOWN:
+ case PRIV_VFS_CHROOT:
+ case PRIV_VFS_RETAINSUGID:
+ case PRIV_VFS_EXCEEDQUOTA:
+ case PRIV_VFS_FCHROOT:
+ case PRIV_VFS_FHOPEN:
+ case PRIV_VFS_FHSTATFS:
+ case PRIV_VFS_GENERATION:
+ case PRIV_VFS_GETFH:
+ case PRIV_VFS_GETQUOTA:
+ case PRIV_VFS_LINK:
+ case PRIV_VFS_MOUNT:
+ case PRIV_VFS_MOUNT_OWNER:
+ case PRIV_VFS_MOUNT_PERM:
+ case PRIV_VFS_MOUNT_SUIDDIR:
+ case PRIV_VFS_MOUNT_NONUSER:
+ case PRIV_VFS_SETGID:
+ case PRIV_VFS_STICKYFILE:
+ case PRIV_VFS_SYSFLAGS:
+ case PRIV_VFS_UNMOUNT:
+
+ /*
+ * Allow VM privileges; it would be nice if these were subject to
+ * resource limits.
+ */
+ case PRIV_VM_MADV_PROTECT:
+ case PRIV_VM_MLOCK:
+ case PRIV_VM_MUNLOCK:
+
+ /*
+ * Allow some but not all network privileges. In general, dont allow
+ * reconfiguring the network stack, just normal use.
+ */
+ case PRIV_NETATALK_RESERVEDPORT:
+ case PRIV_NETINET_RESERVEDPORT:
+ case PRIV_NETINET_RAW:
+ case PRIV_NETINET_REUSEPORT:
+ case PRIV_NETIPX_RESERVEDPORT:
+ case PRIV_NETIPX_RAW:
+ break;
+
+ /*
+ * All remaining system privileges are allow only if the process
+ * holds privilege with respect to the Biba policy.
+ */
+ default:
+ subj = SLOT(cred->cr_label);
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
return (0);
}
+static void
+biba_proc_associate_nfsd(struct ucred *cred)
+{
+ struct mac_biba *label;
+
+ label = SLOT(cred->cr_label);
+ biba_set_effective(label, MAC_BIBA_TYPE_LOW, 0, NULL);
+ biba_set_range(label, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
+ 0, NULL);
+}
+
static int
-biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+biba_proc_check_debug(struct ucred *cred, struct proc *p)
{
struct mac_biba *subj, *obj;
@@ -1696,17 +1760,19 @@ biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(msqklabel);
+ obj = SLOT(p->p_ucred->cr_label);
+ /* XXX: range checks */
if (!biba_dominate_effective(obj, subj))
+ return (ESRCH);
+ if (!biba_dominate_effective(subj, obj))
return (EACCES);
return (0);
}
static int
-biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+biba_proc_check_sched(struct ucred *cred, struct proc *p)
{
struct mac_biba *subj, *obj;
@@ -1714,8 +1780,11 @@ biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(msqklabel);
+ obj = SLOT(p->p_ucred->cr_label);
+ /* XXX: range checks */
+ if (!biba_dominate_effective(obj, subj))
+ return (ESRCH);
if (!biba_dominate_effective(subj, obj))
return (EACCES);
@@ -1723,8 +1792,7 @@ biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
}
static int
-biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
{
struct mac_biba *subj, *obj;
@@ -1732,86 +1800,110 @@ biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(msqklabel);
+ obj = SLOT(p->p_ucred->cr_label);
+ /* XXX: range checks */
if (!biba_dominate_effective(obj, subj))
+ return (ESRCH);
+ if (!biba_dominate_effective(subj, obj))
return (EACCES);
return (0);
}
static int
-biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel, int cmd)
+biba_socket_check_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *p, *s;
if (!biba_enabled)
return (0);
- subj = SLOT(cred->cr_label);
- obj = SLOT(msqklabel);
+ p = SLOT(mlabel);
+ s = SLOT(solabel);
- switch(cmd) {
- case IPC_RMID:
- case IPC_SET:
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
- break;
+ return (biba_equal_effective(p, s) ? 0 : EACCES);
+}
- case IPC_STAT:
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
- break;
+static void
+biba_proc_create_init(struct ucred *cred)
+{
+ struct mac_biba *dest;
- default:
- return (EACCES);
- }
+ dest = SLOT(cred->cr_label);
- return (0);
+ biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL);
+ biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
+ 0, NULL);
}
-static int
-biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel, int cmd)
+static void
+biba_proc_create_swapper(struct ucred *cred)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *dest;
- if (!biba_enabled)
- return (0);
+ dest = SLOT(cred->cr_label);
+ biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
+ biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH,
+ 0, NULL);
+}
+
+static int
+biba_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
+{
+ struct mac_biba *subj, *obj, *new;
+ int error;
+
+ new = SLOT(newlabel);
subj = SLOT(cred->cr_label);
- obj = SLOT(semaklabel);
+ obj = SLOT(solabel);
- switch(cmd) {
- case IPC_RMID:
- case IPC_SET:
- case SETVAL:
- case SETALL:
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
- break;
+ /*
+ * If there is a Biba label update for the socket, it may be an
+ * update of effective.
+ */
+ error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
+ if (error)
+ return (error);
- case IPC_STAT:
- case GETVAL:
- case GETPID:
- case GETNCNT:
- case GETZCNT:
- case GETALL:
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
- break;
+ /*
+ * To relabel a socket, the old socket effective must be in the
+ * subject range.
+ */
+ if (!biba_effective_in_range(obj, subj))
+ return (EPERM);
- default:
- return (EACCES);
+ /*
+ * If the Biba label is to be changed, authorize as appropriate.
+ */
+ if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
+ /*
+ * To relabel a socket, the new socket effective must be in
+ * the subject range.
+ */
+ if (!biba_effective_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * To change the Biba label on the socket to contain EQUAL,
+ * the subject must have appropriate privilege.
+ */
+ if (biba_contains_equal(new)) {
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
}
return (0);
}
static int
-biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel)
+biba_socket_check_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
struct mac_biba *subj, *obj;
@@ -1819,111 +1911,110 @@ biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(semaklabel);
+ obj = SLOT(solabel);
if (!biba_dominate_effective(obj, subj))
- return (EACCES);
+ return (ENOENT);
return (0);
}
-static int
-biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel, size_t accesstype)
+static void
+biba_socket_create(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *source, *dest;
- if (!biba_enabled)
- return (0);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(solabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(semaklabel);
+ biba_copy_effective(source, dest);
+}
- if (accesstype & SEM_R)
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
+static void
+biba_socket_create_mbuf(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_biba *source, *dest;
- if (accesstype & SEM_A)
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
+ source = SLOT(solabel);
+ dest = SLOT(mlabel);
- return (0);
+ biba_copy_effective(source, dest);
}
-static int
-biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int shmflg)
+static void
+biba_socket_newconn(struct socket *oldso, struct label *oldsolabel,
+ struct socket *newso, struct label *newsolabel)
{
- struct mac_biba *subj, *obj;
-
- if (!biba_enabled)
- return (0);
+ struct mac_biba *source, *dest;
- subj = SLOT(cred->cr_label);
- obj = SLOT(shmseglabel);
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsolabel);
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
- if ((shmflg & SHM_RDONLY) == 0) {
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
- }
-
- return (0);
+ biba_copy_effective(source, dest);
}
-static int
-biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int cmd)
+static void
+biba_socket_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
- struct mac_biba *subj, *obj;
-
- if (!biba_enabled)
- return (0);
+ struct mac_biba *source, *dest;
- subj = SLOT(cred->cr_label);
- obj = SLOT(shmseglabel);
+ source = SLOT(newlabel);
+ dest = SLOT(solabel);
- switch(cmd) {
- case IPC_RMID:
- case IPC_SET:
- if (!biba_dominate_effective(subj, obj))
- return (EACCES);
- break;
+ biba_copy(source, dest);
+}
- case IPC_STAT:
- case SHM_STAT:
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
- break;
+static void
+biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
+ struct socket *so, struct label *sopeerlabel)
+{
+ struct mac_biba *source, *dest;
- default:
- return (EACCES);
- }
+ source = SLOT(mlabel);
+ dest = SLOT(sopeerlabel);
- return (0);
+ biba_copy_effective(source, dest);
}
-static int
-biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int shmflg)
+static void
+biba_socketpeer_set_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *source, *dest;
- if (!biba_enabled)
- return (0);
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsopeerlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(shmseglabel);
+ biba_copy_effective(source, dest);
+}
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
+static void
+biba_syncache_create(struct label *label, struct inpcb *inp)
+{
+ struct mac_biba *source, *dest;
- return (0);
+ source = SLOT(inp->inp_label);
+ dest = SLOT(label);
+ biba_copy_effective(source, dest);
+}
+
+static void
+biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
+ struct label *mlabel)
+{
+ struct mac_biba *source, *dest;
+
+ source = SLOT(sc_label);
+ dest = SLOT(mlabel);
+ biba_copy_effective(source, dest);
}
static int
-biba_kld_check_load(struct ucred *cred, struct vnode *vp,
+biba_system_check_acct(struct ucred *cred, struct vnode *vp,
struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -1938,6 +2029,9 @@ biba_kld_check_load(struct ucred *cred, struct vnode *vp,
if (error)
return (error);
+ if (vplabel == NULL)
+ return (0);
+
obj = SLOT(vplabel);
if (!biba_high_effective(obj))
return (EACCES);
@@ -1946,144 +2040,142 @@ biba_kld_check_load(struct ucred *cred, struct vnode *vp,
}
static int
-biba_mount_check_stat(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
+biba_system_check_auditctl(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
+ int error;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(mplabel);
- if (!biba_dominate_effective(obj, subj))
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+
+ if (vplabel == NULL)
+ return (0);
+
+ obj = SLOT(vplabel);
+ if (!biba_high_effective(obj))
return (EACCES);
return (0);
}
static int
-biba_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
+biba_system_check_auditon(struct ucred *cred, int cmd)
{
+ struct mac_biba *subj;
+ int error;
- if(!biba_enabled)
+ if (!biba_enabled)
return (0);
- /* XXX: This will be implemented soon... */
+ subj = SLOT(cred->cr_label);
+
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
return (0);
}
static int
-biba_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+biba_system_check_swapoff(struct ucred *cred, struct vnode *vp,
+ struct label *label)
{
- struct mac_biba *subj, *obj;
+ struct mac_biba *subj;
+ int error;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
return (0);
}
static int
-biba_pipe_check_read(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+biba_system_check_swapon(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
+ int error;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
+ obj = SLOT(vplabel);
- if (!biba_dominate_effective(obj, subj))
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
+
+ if (!biba_high_effective(obj))
return (EACCES);
return (0);
}
static int
-biba_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+ void *arg1, int arg2, struct sysctl_req *req)
{
- struct mac_biba *subj, *obj, *new;
+ struct mac_biba *subj;
int error;
- new = SLOT(newlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- /*
- * If there is a Biba label update for a pipe, it must be a effective
- * update.
- */
- error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
- if (error)
- return (error);
+ if (!biba_enabled)
+ return (0);
- /*
- * To perform a relabel of a pipe (Biba label or not), Biba must
- * authorize the relabel.
- */
- if (!biba_effective_in_range(obj, subj))
- return (EPERM);
+ subj = SLOT(cred->cr_label);
/*
- * If the Biba label is to be changed, authorize as appropriate.
+ * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high,
+ * but also require privilege to change them.
*/
- if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
- /*
- * To change the Biba label on a pipe, the new pipe label
- * must be in the subject range.
- */
- if (!biba_effective_in_range(new, subj))
- return (EPERM);
+ if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) {
+ if (!biba_subject_dominate_high(subj))
+ return (EACCES);
- /*
- * To change the Biba label on a pipe to be EQUAL, the
- * subject must have appropriate privilege.
- */
- if (biba_contains_equal(new)) {
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
- }
+ error = biba_subject_privileged(subj);
+ if (error)
+ return (error);
}
return (0);
}
-static int
-biba_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+static void
+biba_sysvmsg_cleanup(struct label *msglabel)
{
- struct mac_biba *subj, *obj;
- if (!biba_enabled)
- return (0);
+ bzero(SLOT(msglabel), sizeof(struct mac_biba));
+}
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
+static void
+biba_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+{
+ struct mac_biba *source, *dest;
- if (!biba_dominate_effective(obj, subj))
- return (EACCES);
+ /* Ignore the msgq label */
+ source = SLOT(cred->cr_label);
+ dest = SLOT(msglabel);
- return (0);
+ biba_copy_effective(source, dest);
}
static int
-biba_pipe_check_write(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+biba_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
struct mac_biba *subj, *obj;
@@ -2091,17 +2183,17 @@ biba_pipe_check_write(struct ucred *cred, struct pipepair *pp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
+ obj = SLOT(msglabel);
- if (!biba_dominate_effective(subj, obj))
+ if (!biba_dominate_effective(obj, subj))
return (EACCES);
return (0);
}
static int
-biba_posixsem_check_write(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+biba_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
struct mac_biba *subj, *obj;
@@ -2109,7 +2201,7 @@ biba_posixsem_check_write(struct ucred *cred, struct ksem *ks,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(kslabel);
+ obj = SLOT(msglabel);
if (!biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2118,8 +2210,8 @@ biba_posixsem_check_write(struct ucred *cred, struct ksem *ks,
}
static int
-biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+biba_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
struct mac_biba *subj, *obj;
@@ -2127,7 +2219,7 @@ biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(kslabel);
+ obj = SLOT(msqklabel);
if (!biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2136,7 +2228,8 @@ biba_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
}
static int
-biba_proc_check_debug(struct ucred *cred, struct proc *p)
+biba_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
struct mac_biba *subj, *obj;
@@ -2144,11 +2237,8 @@ biba_proc_check_debug(struct ucred *cred, struct proc *p)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
+ obj = SLOT(msqklabel);
- /* XXX: range checks */
- if (!biba_dominate_effective(obj, subj))
- return (ESRCH);
if (!biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2156,7 +2246,8 @@ biba_proc_check_debug(struct ucred *cred, struct proc *p)
}
static int
-biba_proc_check_sched(struct ucred *cred, struct proc *p)
+biba_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
struct mac_biba *subj, *obj;
@@ -2164,19 +2255,17 @@ biba_proc_check_sched(struct ucred *cred, struct proc *p)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
+ obj = SLOT(msqklabel);
- /* XXX: range checks */
if (!biba_dominate_effective(obj, subj))
- return (ESRCH);
- if (!biba_dominate_effective(subj, obj))
return (EACCES);
return (0);
}
static int
-biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
+biba_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel, int cmd)
{
struct mac_biba *subj, *obj;
@@ -2184,86 +2273,87 @@ biba_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
+ obj = SLOT(msqklabel);
- /* XXX: range checks */
- if (!biba_dominate_effective(obj, subj))
- return (ESRCH);
- if (!biba_dominate_effective(subj, obj))
+ switch(cmd) {
+ case IPC_RMID:
+ case IPC_SET:
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
+ break;
+
+ case IPC_STAT:
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
+ break;
+
+ default:
return (EACCES);
+ }
return (0);
}
-static int
-biba_socket_check_deliver(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
+static void
+biba_sysvmsq_cleanup(struct label *msqlabel)
{
- struct mac_biba *p, *s;
- if (!biba_enabled)
- return (0);
+ bzero(SLOT(msqlabel), sizeof(struct mac_biba));
+}
- p = SLOT(mlabel);
- s = SLOT(solabel);
+static void
+biba_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel)
+{
+ struct mac_biba *source, *dest;
- return (biba_equal_effective(p, s) ? 0 : EACCES);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(msqlabel);
+
+ biba_copy_effective(source, dest);
}
static int
-biba_socket_check_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+biba_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel, int cmd)
{
- struct mac_biba *subj, *obj, *new;
- int error;
+ struct mac_biba *subj, *obj;
- new = SLOT(newlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
+ if (!biba_enabled)
+ return (0);
- /*
- * If there is a Biba label update for the socket, it may be an
- * update of effective.
- */
- error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE);
- if (error)
- return (error);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(semaklabel);
- /*
- * To relabel a socket, the old socket effective must be in the
- * subject range.
- */
- if (!biba_effective_in_range(obj, subj))
- return (EPERM);
+ switch(cmd) {
+ case IPC_RMID:
+ case IPC_SET:
+ case SETVAL:
+ case SETALL:
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
+ break;
- /*
- * If the Biba label is to be changed, authorize as appropriate.
- */
- if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) {
- /*
- * To relabel a socket, the new socket effective must be in
- * the subject range.
- */
- if (!biba_effective_in_range(new, subj))
- return (EPERM);
+ case IPC_STAT:
+ case GETVAL:
+ case GETPID:
+ case GETNCNT:
+ case GETZCNT:
+ case GETALL:
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
+ break;
- /*
- * To change the Biba label on the socket to contain EQUAL,
- * the subject must have appropriate privilege.
- */
- if (biba_contains_equal(new)) {
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
- }
+ default:
+ return (EACCES);
}
return (0);
}
static int
-biba_socket_check_visible(struct ucred *cred, struct socket *so,
- struct label *solabel)
+biba_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel)
{
struct mac_biba *subj, *obj;
@@ -2271,341 +2361,198 @@ biba_socket_check_visible(struct ucred *cred, struct socket *so,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
+ obj = SLOT(semaklabel);
if (!biba_dominate_effective(obj, subj))
- return (ENOENT);
+ return (EACCES);
return (0);
}
-/*
- * Some system privileges are allowed regardless of integrity grade; others
- * are allowed only when running with privilege with respect to the Biba
- * policy as they might otherwise allow bypassing of the integrity policy.
- */
static int
-biba_priv_check(struct ucred *cred, int priv)
+biba_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel, size_t accesstype)
{
- struct mac_biba *subj;
- int error;
+ struct mac_biba *subj, *obj;
if (!biba_enabled)
return (0);
- /*
- * Exempt only specific privileges from the Biba integrity policy.
- */
- switch (priv) {
- case PRIV_KTRACE:
- case PRIV_MSGBUF:
-
- /*
- * Allow processes to manipulate basic process audit properties, and
- * to submit audit records.
- */
- case PRIV_AUDIT_GETAUDIT:
- case PRIV_AUDIT_SETAUDIT:
- case PRIV_AUDIT_SUBMIT:
-
- /*
- * Allow processes to manipulate their regular UNIX credentials.
- */
- case PRIV_CRED_SETUID:
- case PRIV_CRED_SETEUID:
- case PRIV_CRED_SETGID:
- case PRIV_CRED_SETEGID:
- case PRIV_CRED_SETGROUPS:
- case PRIV_CRED_SETREUID:
- case PRIV_CRED_SETREGID:
- case PRIV_CRED_SETRESUID:
- case PRIV_CRED_SETRESGID:
-
- /*
- * Allow processes to perform system monitoring.
- */
- case PRIV_SEEOTHERGIDS:
- case PRIV_SEEOTHERUIDS:
- break;
-
- /*
- * Allow access to general process debugging facilities. We
- * separately control debugging based on MAC label.
- */
- case PRIV_DEBUG_DIFFCRED:
- case PRIV_DEBUG_SUGID:
- case PRIV_DEBUG_UNPRIV:
-
- /*
- * Allow manipulating jails.
- */
- case PRIV_JAIL_ATTACH:
-
- /*
- * Allow privilege with respect to the Partition policy, but not the
- * Privs policy.
- */
- case PRIV_MAC_PARTITION:
-
- /*
- * Allow privilege with respect to process resource limits and login
- * context.
- */
- case PRIV_PROC_LIMIT:
- case PRIV_PROC_SETLOGIN:
- case PRIV_PROC_SETRLIMIT:
-
- /*
- * Allow System V and POSIX IPC privileges.
- */
- case PRIV_IPC_READ:
- case PRIV_IPC_WRITE:
- case PRIV_IPC_ADMIN:
- case PRIV_IPC_MSGSIZE:
- case PRIV_MQ_ADMIN:
-
- /*
- * Allow certain scheduler manipulations -- possibly this should be
- * controlled by more fine-grained policy, as potentially low
- * integrity processes can deny CPU to higher integrity ones.
- */
- case PRIV_SCHED_DIFFCRED:
- case PRIV_SCHED_SETPRIORITY:
- case PRIV_SCHED_RTPRIO:
- case PRIV_SCHED_SETPOLICY:
- case PRIV_SCHED_SET:
- case PRIV_SCHED_SETPARAM:
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(semaklabel);
- /*
- * More IPC privileges.
- */
- case PRIV_SEM_WRITE:
+ if (accesstype & SEM_R)
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
- /*
- * Allow signaling privileges subject to integrity policy.
- */
- case PRIV_SIGNAL_DIFFCRED:
- case PRIV_SIGNAL_SUGID:
+ if (accesstype & SEM_A)
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
- /*
- * Allow access to only limited sysctls from lower integrity levels;
- * piggy-back on the Jail definition.
- */
- case PRIV_SYSCTL_WRITEJAIL:
+ return (0);
+}
- /*
- * Allow TTY-based privileges, subject to general device access using
- * labels on TTY device nodes, but not console privilege.
- */
- case PRIV_TTY_DRAINWAIT:
- case PRIV_TTY_DTRWAIT:
- case PRIV_TTY_EXCLUSIVE:
- case PRIV_TTY_PRISON:
- case PRIV_TTY_STI:
- case PRIV_TTY_SETA:
+static void
+biba_sysvsem_cleanup(struct label *semalabel)
+{
- /*
- * Grant most VFS privileges, as almost all are in practice bounded
- * by more specific checks using labels.
- */
- case PRIV_VFS_READ:
- case PRIV_VFS_WRITE:
- case PRIV_VFS_ADMIN:
- case PRIV_VFS_EXEC:
- case PRIV_VFS_LOOKUP:
- case PRIV_VFS_CHFLAGS_DEV:
- case PRIV_VFS_CHOWN:
- case PRIV_VFS_CHROOT:
- case PRIV_VFS_RETAINSUGID:
- case PRIV_VFS_EXCEEDQUOTA:
- case PRIV_VFS_FCHROOT:
- case PRIV_VFS_FHOPEN:
- case PRIV_VFS_FHSTATFS:
- case PRIV_VFS_GENERATION:
- case PRIV_VFS_GETFH:
- case PRIV_VFS_GETQUOTA:
- case PRIV_VFS_LINK:
- case PRIV_VFS_MOUNT:
- case PRIV_VFS_MOUNT_OWNER:
- case PRIV_VFS_MOUNT_PERM:
- case PRIV_VFS_MOUNT_SUIDDIR:
- case PRIV_VFS_MOUNT_NONUSER:
- case PRIV_VFS_SETGID:
- case PRIV_VFS_STICKYFILE:
- case PRIV_VFS_SYSFLAGS:
- case PRIV_VFS_UNMOUNT:
+ bzero(SLOT(semalabel), sizeof(struct mac_biba));
+}
- /*
- * Allow VM privileges; it would be nice if these were subject to
- * resource limits.
- */
- case PRIV_VM_MADV_PROTECT:
- case PRIV_VM_MLOCK:
- case PRIV_VM_MUNLOCK:
+static void
+biba_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semalabel)
+{
+ struct mac_biba *source, *dest;
- /*
- * Allow some but not all network privileges. In general, dont allow
- * reconfiguring the network stack, just normal use.
- */
- case PRIV_NETATALK_RESERVEDPORT:
- case PRIV_NETINET_RESERVEDPORT:
- case PRIV_NETINET_RAW:
- case PRIV_NETINET_REUSEPORT:
- case PRIV_NETIPX_RESERVEDPORT:
- case PRIV_NETIPX_RAW:
- break;
+ source = SLOT(cred->cr_label);
+ dest = SLOT(semalabel);
- /*
- * All remaining system privileges are allow only if the process
- * holds privilege with respect to the Biba policy.
- */
- default:
- subj = SLOT(cred->cr_label);
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
- }
- return (0);
+ biba_copy_effective(source, dest);
}
static int
-biba_system_check_acct(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+biba_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg)
{
struct mac_biba *subj, *obj;
- int error;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
+ obj = SLOT(shmseglabel);
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
-
- if (vplabel == NULL)
- return (0);
-
- obj = SLOT(vplabel);
- if (!biba_high_effective(obj))
+ if (!biba_dominate_effective(obj, subj))
return (EACCES);
-
+ if ((shmflg & SHM_RDONLY) == 0) {
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
+ }
+
return (0);
}
static int
-biba_system_check_auditctl(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+biba_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int cmd)
{
struct mac_biba *subj, *obj;
- int error;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
+ obj = SLOT(shmseglabel);
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
+ switch(cmd) {
+ case IPC_RMID:
+ case IPC_SET:
+ if (!biba_dominate_effective(subj, obj))
+ return (EACCES);
+ break;
- if (vplabel == NULL)
- return (0);
+ case IPC_STAT:
+ case SHM_STAT:
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
+ break;
- obj = SLOT(vplabel);
- if (!biba_high_effective(obj))
+ default:
return (EACCES);
+ }
return (0);
}
static int
-biba_system_check_auditon(struct ucred *cred, int cmd)
+biba_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg)
{
- struct mac_biba *subj;
- int error;
+ struct mac_biba *subj, *obj;
if (!biba_enabled)
return (0);
subj = SLOT(cred->cr_label);
+ obj = SLOT(shmseglabel);
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
+ if (!biba_dominate_effective(obj, subj))
+ return (EACCES);
return (0);
}
-static int
-biba_system_check_swapon(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+static void
+biba_sysvshm_cleanup(struct label *shmlabel)
{
- struct mac_biba *subj, *obj;
- int error;
- if (!biba_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(vplabel);
+ bzero(SLOT(shmlabel), sizeof(struct mac_biba));
+}
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
+static void
+biba_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmlabel)
+{
+ struct mac_biba *source, *dest;
- if (!biba_high_effective(obj))
- return (EACCES);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(shmlabel);
- return (0);
+ biba_copy_effective(source, dest);
}
static int
-biba_system_check_swapoff(struct ucred *cred, struct vnode *vp,
- struct label *label)
+biba_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- struct mac_biba *subj;
- int error;
+ struct mac_biba mb_temp, *source, *dest;
+ int buflen, error;
- if (!biba_enabled)
- return (0);
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
- subj = SLOT(cred->cr_label);
+ buflen = sizeof(mb_temp);
+ bzero(&mb_temp, buflen);
- error = biba_subject_privileged(subj);
- if (error)
+ error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
+ MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &mb_temp, curthread);
+ if (error == ENOATTR || error == EOPNOTSUPP) {
+ /* Fall back to the mntlabel. */
+ biba_copy_effective(source, dest);
+ return (0);
+ } else if (error)
return (error);
+ if (buflen != sizeof(mb_temp)) {
+ printf("biba_vnode_associate_extattr: bad size %d\n",
+ buflen);
+ return (EPERM);
+ }
+ if (biba_valid(&mb_temp) != 0) {
+ printf("biba_vnode_associate_extattr: invalid\n");
+ return (EPERM);
+ }
+ if ((mb_temp.mb_flags & MAC_BIBA_FLAGS_BOTH) !=
+ MAC_BIBA_FLAG_EFFECTIVE) {
+ printf("biba_vnode_associate_extattr: not effective\n");
+ return (EPERM);
+ }
+
+ biba_copy_effective(&mb_temp, dest);
return (0);
}
-static int
-biba_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
- void *arg1, int arg2, struct sysctl_req *req)
+static void
+biba_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- struct mac_biba *subj;
- int error;
-
- if (!biba_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
-
- /*
- * Treat sysctl variables without CTLFLAG_ANYBODY flag as biba/high,
- * but also require privilege to change them.
- */
- if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) {
- if (!biba_subject_dominate_high(subj))
- return (EACCES);
+ struct mac_biba *source, *dest;
- error = biba_subject_privileged(subj);
- if (error)
- return (error);
- }
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
- return (0);
+ biba_copy_effective(source, dest);
}
static int
@@ -3242,174 +3189,235 @@ biba_vnode_check_write(struct ucred *active_cred,
return (0);
}
-static void
-biba_syncache_create(struct label *label, struct inpcb *inp)
+static int
+biba_vnode_create_extattr(struct ucred *cred, struct mount *mp,
+ struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
{
- struct mac_biba *source, *dest;
+ struct mac_biba *source, *dest, mb_temp;
+ size_t buflen;
+ int error;
- source = SLOT(inp->inp_label);
- dest = SLOT(label);
- biba_copy_effective(source, dest);
+ buflen = sizeof(mb_temp);
+ bzero(&mb_temp, buflen);
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(vplabel);
+ biba_copy_effective(source, &mb_temp);
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
+ MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
+ if (error == 0)
+ biba_copy_effective(source, dest);
+ return (error);
}
static void
-biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
- struct label *mlabel)
+biba_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(sc_label);
- dest = SLOT(mlabel);
- biba_copy_effective(source, dest);
+ source = SLOT(newlabel);
+ dest = SLOT(vplabel);
+
+ biba_copy(source, dest);
+}
+
+static int
+biba_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *intlabel)
+{
+ struct mac_biba *source, mb_temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(mb_temp);
+ bzero(&mb_temp, buflen);
+
+ source = SLOT(intlabel);
+ if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0)
+ return (0);
+
+ biba_copy_effective(source, &mb_temp);
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
+ MAC_BIBA_EXTATTR_NAME, buflen, (char *) &mb_temp, curthread);
+ return (error);
}
static struct mac_policy_ops mac_biba_ops =
{
.mpo_init = biba_init,
- .mpo_bpfdesc_init_label = biba_init_label,
- .mpo_cred_init_label = biba_init_label,
- .mpo_devfs_init_label = biba_init_label,
- .mpo_ifnet_init_label = biba_init_label,
- .mpo_inpcb_init_label = biba_init_label_waitcheck,
- .mpo_syncache_init_label = biba_init_label_waitcheck,
- .mpo_sysvmsg_init_label = biba_init_label,
- .mpo_sysvmsq_init_label = biba_init_label,
- .mpo_sysvsem_init_label = biba_init_label,
- .mpo_sysvshm_init_label = biba_init_label,
- .mpo_ipq_init_label = biba_init_label_waitcheck,
- .mpo_mbuf_init_label = biba_init_label_waitcheck,
- .mpo_mount_init_label = biba_init_label,
- .mpo_pipe_init_label = biba_init_label,
- .mpo_posixsem_init_label = biba_init_label,
- .mpo_socket_init_label = biba_init_label_waitcheck,
- .mpo_socketpeer_init_label = biba_init_label_waitcheck,
- .mpo_syncache_create = biba_syncache_create,
- .mpo_vnode_init_label = biba_init_label,
+
+ .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive,
+ .mpo_bpfdesc_create = biba_bpfdesc_create,
+ .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
.mpo_bpfdesc_destroy_label = biba_destroy_label,
- .mpo_cred_destroy_label = biba_destroy_label,
- .mpo_devfs_destroy_label = biba_destroy_label,
- .mpo_ifnet_destroy_label = biba_destroy_label,
- .mpo_inpcb_destroy_label = biba_destroy_label,
- .mpo_syncache_destroy_label = biba_destroy_label,
- .mpo_sysvmsg_destroy_label = biba_destroy_label,
- .mpo_sysvmsq_destroy_label = biba_destroy_label,
- .mpo_sysvsem_destroy_label = biba_destroy_label,
- .mpo_sysvshm_destroy_label = biba_destroy_label,
- .mpo_ipq_destroy_label = biba_destroy_label,
- .mpo_mbuf_destroy_label = biba_destroy_label,
- .mpo_mount_destroy_label = biba_destroy_label,
- .mpo_pipe_destroy_label = biba_destroy_label,
- .mpo_posixsem_destroy_label = biba_destroy_label,
- .mpo_socket_destroy_label = biba_destroy_label,
- .mpo_socketpeer_destroy_label = biba_destroy_label,
- .mpo_vnode_destroy_label = biba_destroy_label,
+ .mpo_bpfdesc_init_label = biba_init_label,
+
+ .mpo_cred_check_relabel = biba_cred_check_relabel,
+ .mpo_cred_check_visible = biba_cred_check_visible,
.mpo_cred_copy_label = biba_copy_label,
- .mpo_ifnet_copy_label = biba_copy_label,
- .mpo_mbuf_copy_label = biba_copy_label,
- .mpo_pipe_copy_label = biba_copy_label,
- .mpo_socket_copy_label = biba_copy_label,
- .mpo_vnode_copy_label = biba_copy_label,
+ .mpo_cred_destroy_label = biba_destroy_label,
.mpo_cred_externalize_label = biba_externalize_label,
- .mpo_ifnet_externalize_label = biba_externalize_label,
- .mpo_pipe_externalize_label = biba_externalize_label,
- .mpo_socket_externalize_label = biba_externalize_label,
- .mpo_socketpeer_externalize_label = biba_externalize_label,
- .mpo_vnode_externalize_label = biba_externalize_label,
+ .mpo_cred_init_label = biba_init_label,
.mpo_cred_internalize_label = biba_internalize_label,
- .mpo_ifnet_internalize_label = biba_internalize_label,
- .mpo_pipe_internalize_label = biba_internalize_label,
- .mpo_socket_internalize_label = biba_internalize_label,
- .mpo_vnode_internalize_label = biba_internalize_label,
+ .mpo_cred_relabel = biba_cred_relabel,
+
.mpo_devfs_create_device = biba_devfs_create_device,
.mpo_devfs_create_directory = biba_devfs_create_directory,
.mpo_devfs_create_symlink = biba_devfs_create_symlink,
- .mpo_mount_create = biba_mount_create,
- .mpo_vnode_relabel = biba_vnode_relabel,
+ .mpo_devfs_destroy_label = biba_destroy_label,
+ .mpo_devfs_init_label = biba_init_label,
.mpo_devfs_update = biba_devfs_update,
.mpo_devfs_vnode_associate = biba_devfs_vnode_associate,
- .mpo_vnode_associate_extattr = biba_vnode_associate_extattr,
- .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel,
- .mpo_vnode_create_extattr = biba_vnode_create_extattr,
- .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr,
- .mpo_socket_create_mbuf = biba_socket_create_mbuf,
- .mpo_syncache_create_mbuf = biba_syncache_create_mbuf,
- .mpo_pipe_create = biba_pipe_create,
- .mpo_posixsem_create = biba_posixsem_create,
- .mpo_socket_create = biba_socket_create,
- .mpo_socket_newconn = biba_socket_newconn,
- .mpo_pipe_relabel = biba_pipe_relabel,
- .mpo_socket_relabel = biba_socket_relabel,
- .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf,
- .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket,
- .mpo_bpfdesc_create = biba_bpfdesc_create,
- .mpo_ipq_reassemble = biba_ipq_reassemble,
- .mpo_netinet_fragment = biba_netinet_fragment,
+
+ .mpo_ifnet_check_relabel = biba_ifnet_check_relabel,
+ .mpo_ifnet_check_transmit = biba_ifnet_check_transmit,
+ .mpo_ifnet_copy_label = biba_copy_label,
.mpo_ifnet_create = biba_ifnet_create,
+ .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
+ .mpo_ifnet_destroy_label = biba_destroy_label,
+ .mpo_ifnet_externalize_label = biba_externalize_label,
+ .mpo_ifnet_init_label = biba_init_label,
+ .mpo_ifnet_internalize_label = biba_internalize_label,
+ .mpo_ifnet_relabel = biba_ifnet_relabel,
+
+ .mpo_inpcb_check_deliver = biba_inpcb_check_deliver,
.mpo_inpcb_create = biba_inpcb_create,
- .mpo_sysvmsg_create = biba_sysvmsg_create,
- .mpo_sysvmsq_create = biba_sysvmsq_create,
- .mpo_sysvsem_create = biba_sysvsem_create,
- .mpo_sysvshm_create = biba_sysvshm_create,
- .mpo_ipq_create = biba_ipq_create,
.mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,
- .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
- .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
+ .mpo_inpcb_destroy_label = biba_destroy_label,
+ .mpo_inpcb_init_label = biba_init_label_waitcheck,
+ .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel,
+
+ .mpo_ipq_create = biba_ipq_create,
+ .mpo_ipq_destroy_label = biba_destroy_label,
+ .mpo_ipq_init_label = biba_init_label_waitcheck,
.mpo_ipq_match = biba_ipq_match,
- .mpo_ifnet_relabel = biba_ifnet_relabel,
+ .mpo_ipq_reassemble = biba_ipq_reassemble,
.mpo_ipq_update = biba_ipq_update,
- .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel,
- .mpo_proc_create_swapper = biba_proc_create_swapper,
- .mpo_proc_create_init = biba_proc_create_init,
- .mpo_proc_associate_nfsd = biba_proc_associate_nfsd,
- .mpo_cred_relabel = biba_cred_relabel,
- .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup,
- .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup,
- .mpo_sysvsem_cleanup = biba_sysvsem_cleanup,
- .mpo_sysvshm_cleanup = biba_sysvshm_cleanup,
- .mpo_bpfdesc_check_receive = biba_bpfdesc_check_receive,
- .mpo_cred_check_relabel = biba_cred_check_relabel,
- .mpo_cred_check_visible = biba_cred_check_visible,
- .mpo_ifnet_check_relabel = biba_ifnet_check_relabel,
- .mpo_ifnet_check_transmit = biba_ifnet_check_transmit,
- .mpo_inpcb_check_deliver = biba_inpcb_check_deliver,
- .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv,
- .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid,
- .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget,
- .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd,
- .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv,
- .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl,
- .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl,
- .mpo_sysvsem_check_semget = biba_sysvsem_check_semget,
- .mpo_sysvsem_check_semop = biba_sysvsem_check_semop,
- .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat,
- .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl,
- .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget,
+
.mpo_kld_check_load = biba_kld_check_load,
+
+ .mpo_mbuf_copy_label = biba_copy_label,
+ .mpo_mbuf_destroy_label = biba_destroy_label,
+ .mpo_mbuf_init_label = biba_init_label_waitcheck,
+
.mpo_mount_check_stat = biba_mount_check_stat,
+ .mpo_mount_create = biba_mount_create,
+ .mpo_mount_destroy_label = biba_destroy_label,
+ .mpo_mount_init_label = biba_init_label,
+
+ .mpo_netatalk_aarp_send = biba_netatalk_aarp_send,
+
+ .mpo_netinet_arp_send = biba_netinet_arp_send,
+ .mpo_netinet_firewall_reply = biba_netinet_firewall_reply,
+ .mpo_netinet_firewall_send = biba_netinet_firewall_send,
+ .mpo_netinet_fragment = biba_netinet_fragment,
+ .mpo_netinet_icmp_reply = biba_netinet_icmp_reply,
+ .mpo_netinet_igmp_send = biba_netinet_igmp_send,
+
+ .mpo_netinet6_nd6_send = biba_netinet6_nd6_send,
+
.mpo_pipe_check_ioctl = biba_pipe_check_ioctl,
.mpo_pipe_check_poll = biba_pipe_check_poll,
.mpo_pipe_check_read = biba_pipe_check_read,
.mpo_pipe_check_relabel = biba_pipe_check_relabel,
.mpo_pipe_check_stat = biba_pipe_check_stat,
.mpo_pipe_check_write = biba_pipe_check_write,
+ .mpo_pipe_copy_label = biba_copy_label,
+ .mpo_pipe_create = biba_pipe_create,
+ .mpo_pipe_destroy_label = biba_destroy_label,
+ .mpo_pipe_externalize_label = biba_externalize_label,
+ .mpo_pipe_init_label = biba_init_label,
+ .mpo_pipe_internalize_label = biba_internalize_label,
+ .mpo_pipe_relabel = biba_pipe_relabel,
+
.mpo_posixsem_check_destroy = biba_posixsem_check_write,
.mpo_posixsem_check_getvalue = biba_posixsem_check_rdonly,
.mpo_posixsem_check_open = biba_posixsem_check_write,
.mpo_posixsem_check_post = biba_posixsem_check_write,
.mpo_posixsem_check_unlink = biba_posixsem_check_write,
.mpo_posixsem_check_wait = biba_posixsem_check_write,
+ .mpo_posixsem_create = biba_posixsem_create,
+ .mpo_posixsem_destroy_label = biba_destroy_label,
+ .mpo_posixsem_init_label = biba_init_label,
+
+ .mpo_priv_check = biba_priv_check,
+
+ .mpo_proc_associate_nfsd = biba_proc_associate_nfsd,
.mpo_proc_check_debug = biba_proc_check_debug,
.mpo_proc_check_sched = biba_proc_check_sched,
.mpo_proc_check_signal = biba_proc_check_signal,
+ .mpo_proc_create_init = biba_proc_create_init,
+ .mpo_proc_create_swapper = biba_proc_create_swapper,
+
.mpo_socket_check_deliver = biba_socket_check_deliver,
.mpo_socket_check_relabel = biba_socket_check_relabel,
.mpo_socket_check_visible = biba_socket_check_visible,
+ .mpo_socket_copy_label = biba_copy_label,
+ .mpo_socket_create = biba_socket_create,
+ .mpo_socket_create_mbuf = biba_socket_create_mbuf,
+ .mpo_socket_destroy_label = biba_destroy_label,
+ .mpo_socket_externalize_label = biba_externalize_label,
+ .mpo_socket_init_label = biba_init_label_waitcheck,
+ .mpo_socket_internalize_label = biba_internalize_label,
+ .mpo_socket_newconn = biba_socket_newconn,
+ .mpo_socket_relabel = biba_socket_relabel,
+
+ .mpo_socketpeer_destroy_label = biba_destroy_label,
+ .mpo_socketpeer_externalize_label = biba_externalize_label,
+ .mpo_socketpeer_init_label = biba_init_label_waitcheck,
+ .mpo_socketpeer_set_from_mbuf = biba_socketpeer_set_from_mbuf,
+ .mpo_socketpeer_set_from_socket = biba_socketpeer_set_from_socket,
+
+ .mpo_syncache_create = biba_syncache_create,
+ .mpo_syncache_create_mbuf = biba_syncache_create_mbuf,
+ .mpo_syncache_destroy_label = biba_destroy_label,
+ .mpo_syncache_init_label = biba_init_label_waitcheck,
+
.mpo_system_check_acct = biba_system_check_acct,
.mpo_system_check_auditctl = biba_system_check_auditctl,
.mpo_system_check_auditon = biba_system_check_auditon,
- .mpo_system_check_swapon = biba_system_check_swapon,
.mpo_system_check_swapoff = biba_system_check_swapoff,
+ .mpo_system_check_swapon = biba_system_check_swapon,
.mpo_system_check_sysctl = biba_system_check_sysctl,
+
+ .mpo_sysvmsg_cleanup = biba_sysvmsg_cleanup,
+ .mpo_sysvmsg_create = biba_sysvmsg_create,
+ .mpo_sysvmsg_destroy_label = biba_destroy_label,
+ .mpo_sysvmsg_init_label = biba_init_label,
+
+ .mpo_sysvmsq_check_msgrcv = biba_sysvmsq_check_msgrcv,
+ .mpo_sysvmsq_check_msgrmid = biba_sysvmsq_check_msgrmid,
+ .mpo_sysvmsq_check_msqget = biba_sysvmsq_check_msqget,
+ .mpo_sysvmsq_check_msqsnd = biba_sysvmsq_check_msqsnd,
+ .mpo_sysvmsq_check_msqrcv = biba_sysvmsq_check_msqrcv,
+ .mpo_sysvmsq_check_msqctl = biba_sysvmsq_check_msqctl,
+ .mpo_sysvmsq_cleanup = biba_sysvmsq_cleanup,
+ .mpo_sysvmsq_create = biba_sysvmsq_create,
+ .mpo_sysvmsq_destroy_label = biba_destroy_label,
+ .mpo_sysvmsq_init_label = biba_init_label,
+
+ .mpo_sysvsem_check_semctl = biba_sysvsem_check_semctl,
+ .mpo_sysvsem_check_semget = biba_sysvsem_check_semget,
+ .mpo_sysvsem_check_semop = biba_sysvsem_check_semop,
+ .mpo_sysvsem_cleanup = biba_sysvsem_cleanup,
+ .mpo_sysvsem_create = biba_sysvsem_create,
+ .mpo_sysvsem_destroy_label = biba_destroy_label,
+ .mpo_sysvsem_init_label = biba_init_label,
+
+ .mpo_sysvshm_check_shmat = biba_sysvshm_check_shmat,
+ .mpo_sysvshm_check_shmctl = biba_sysvshm_check_shmctl,
+ .mpo_sysvshm_check_shmget = biba_sysvshm_check_shmget,
+ .mpo_sysvshm_cleanup = biba_sysvshm_cleanup,
+ .mpo_sysvshm_create = biba_sysvshm_create,
+ .mpo_sysvshm_destroy_label = biba_destroy_label,
+ .mpo_sysvshm_init_label = biba_init_label,
+
+ .mpo_vnode_associate_extattr = biba_vnode_associate_extattr,
+ .mpo_vnode_associate_singlelabel = biba_vnode_associate_singlelabel,
.mpo_vnode_check_access = biba_vnode_check_open,
.mpo_vnode_check_chdir = biba_vnode_check_chdir,
.mpo_vnode_check_chroot = biba_vnode_check_chroot,
@@ -3441,14 +3449,14 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_vnode_check_stat = biba_vnode_check_stat,
.mpo_vnode_check_unlink = biba_vnode_check_unlink,
.mpo_vnode_check_write = biba_vnode_check_write,
- .mpo_netatalk_aarp_send = biba_netatalk_aarp_send,
- .mpo_netinet_arp_send = biba_netinet_arp_send,
- .mpo_netinet_firewall_reply = biba_netinet_firewall_reply,
- .mpo_netinet_firewall_send = biba_netinet_firewall_send,
- .mpo_netinet_icmp_reply = biba_netinet_icmp_reply,
- .mpo_netinet_igmp_send = biba_netinet_igmp_send,
- .mpo_netinet6_nd6_send = biba_netinet6_nd6_send,
- .mpo_priv_check = biba_priv_check,
+ .mpo_vnode_create_extattr = biba_vnode_create_extattr,
+ .mpo_vnode_copy_label = biba_copy_label,
+ .mpo_vnode_destroy_label = biba_destroy_label,
+ .mpo_vnode_externalize_label = biba_externalize_label,
+ .mpo_vnode_init_label = biba_init_label,
+ .mpo_vnode_internalize_label = biba_internalize_label,
+ .mpo_vnode_relabel = biba_vnode_relabel,
+ .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr,
};
MAC_POLICY_SET(&mac_biba_ops, mac_biba, "TrustedBSD MAC/Biba",
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index a4c4a38..3c97e78 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -442,6 +442,10 @@ ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode)
return (ugidfw_check(cred, vp, &vap, acc_mode));
}
+/*
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type and then by operation.
+ */
static int
ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp,
struct label *vplabel)
diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
index 6d51ea8..e49e3ad 100644
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@@ -117,6 +117,10 @@ ifnet_check_incoming(struct ifnet *ifp, int viabpf)
return (EPERM);
}
+/*
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type and then by operation.
+ */
static int
ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
struct ifnet *ifp, struct label *ifplabel)
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 6ee206a..24dbefc 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -631,15 +631,6 @@ lomac_init_label_waitcheck(struct label *label, int flag)
}
static void
-lomac_proc_init_label(struct label *label)
-{
-
- PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC,
- M_ZERO | M_WAITOK));
- mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF);
-}
-
-static void
lomac_destroy_label(struct label *label)
{
@@ -647,15 +638,6 @@ lomac_destroy_label(struct label *label)
SLOT_SET(label, NULL);
}
-static void
-lomac_proc_destroy_label(struct label *label)
-{
-
- mtx_destroy(&PSLOT(label)->mtx);
- FREE(PSLOT(label), M_LOMAC);
- PSLOT_SET(label, NULL);
-}
-
static int
lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element)
{
@@ -889,339 +871,282 @@ lomac_copy_label(struct label *src, struct label *dest)
}
/*
- * Labeling event operations: file system objects, and things that look a lot
- * like file system objects.
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type name and then by operation.
*/
-static void
-lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
- struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
+static int
+lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
+ struct ifnet *ifp, struct label *ifplabel)
{
- struct mac_lomac *ml;
- int lomac_type;
+ struct mac_lomac *a, *b;
- ml = SLOT(delabel);
- if (strcmp(dev->si_name, "null") == 0 ||
- strcmp(dev->si_name, "zero") == 0 ||
- strcmp(dev->si_name, "random") == 0 ||
- strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 ||
- strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0)
- lomac_type = MAC_LOMAC_TYPE_EQUAL;
- else if (ptys_equal &&
- (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
- strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
- lomac_type = MAC_LOMAC_TYPE_EQUAL;
- else
- lomac_type = MAC_LOMAC_TYPE_HIGH;
- lomac_set_single(ml, lomac_type, 0);
-}
+ if (!lomac_enabled)
+ return (0);
-static void
-lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
- struct devfs_dirent *de, struct label *delabel)
-{
- struct mac_lomac *ml;
+ a = SLOT(dlabel);
+ b = SLOT(ifplabel);
- ml = SLOT(delabel);
- lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0);
+ if (lomac_equal_single(a, b))
+ return (0);
+ return (EACCES);
}
static void
-lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
- struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
- struct label *delabel)
+lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
+ struct label *dlabel)
{
struct mac_lomac *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(delabel);
-
- lomac_copy_single(source, dest);
-}
-
-static void
-lomac_mount_create(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
-{
- struct mac_lomac *source, *dest;
+ dest = SLOT(dlabel);
- source = SLOT(cred->cr_label);
- dest = SLOT(mplabel);
lomac_copy_single(source, dest);
}
static void
-lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *newlabel)
-{
- struct mac_lomac *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(vplabel);
-
- try_relabel(source, dest);
-}
-
-static void
-lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
- struct label *delabel, struct vnode *vp, struct label *vplabel)
-{
- struct mac_lomac *source, *dest;
-
- source = SLOT(vplabel);
- dest = SLOT(delabel);
-
- lomac_copy(source, dest);
-}
-
-static void
-lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
- struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
- struct label *vplabel)
+lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(delabel);
- dest = SLOT(vplabel);
+ source = SLOT(dlabel);
+ dest = SLOT(mlabel);
lomac_copy_single(source, dest);
}
static int
-lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
+lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
- struct mac_lomac ml_temp, *source, *dest;
- int buflen, error;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
+ struct mac_lomac *subj, *new;
+ int error;
- buflen = sizeof(ml_temp);
- bzero(&ml_temp, buflen);
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
- error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
- MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread);
- if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the mntlabel. */
- lomac_copy_single(source, dest);
- return (0);
- } else if (error)
+ /*
+ * If there is a LOMAC label update for the credential, it may be an
+ * update of the single, range, or both.
+ */
+ error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH);
+ if (error)
return (error);
- if (buflen != sizeof(ml_temp)) {
- if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) {
- printf("lomac_vnode_associate_extattr: bad size %d\n",
- buflen);
- return (EPERM);
- }
- bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle));
- buflen = sizeof(ml_temp);
- (void)vn_extattr_set(vp, IO_NODELOCKED,
- MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME,
- buflen, (char *)&ml_temp, curthread);
- }
- if (lomac_valid(&ml_temp) != 0) {
- printf("lomac_vnode_associate_extattr: invalid\n");
- return (EPERM);
- }
- if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) !=
- MAC_LOMAC_FLAG_SINGLE) {
- printf("lomac_vnode_associate_extattr: not single\n");
- return (EPERM);
- }
-
- lomac_copy_single(&ml_temp, dest);
- return (0);
-}
-
-static void
-lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
-{
- struct mac_lomac *source, *dest;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
+ /*
+ * If the LOMAC label is to be changed, authorize as appropriate.
+ */
+ if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
+ /*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ lomac_copy_single(subj, new);
+ if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
+ lomac_copy_range(subj, new);
- lomac_copy_single(source, dest);
-}
+ /*
+ * To change the LOMAC range on a credential, the new range
+ * label must be in the current range.
+ */
+ if (!lomac_range_in_range(new, subj))
+ return (EPERM);
-static int
-lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
- struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel, struct componentname *cnp)
-{
- struct mac_lomac *source, *dest, *dir, temp;
- size_t buflen;
- int error;
+ /*
+ * To change the LOMAC single label on a credential, the new
+ * single label must be in the new range. Implicitly from
+ * the previous check, the new single is in the old range.
+ */
+ if (!lomac_single_in_range(new, new))
+ return (EPERM);
- buflen = sizeof(temp);
- bzero(&temp, buflen);
+ /*
+ * To have EQUAL in any component of the new credential LOMAC
+ * label, the subject must already have EQUAL in their label.
+ */
+ if (lomac_contains_equal(new)) {
+ error = lomac_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
- source = SLOT(cred->cr_label);
- dest = SLOT(vplabel);
- dir = SLOT(dvplabel);
- if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) {
- lomac_copy_auxsingle(dir, &temp);
- lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
- dir->ml_auxsingle.mle_grade);
- } else {
- lomac_copy_single(source, &temp);
+ /*
+ * XXXMAC: Additional consistency tests regarding the single
+ * and range of the new label might be performed here.
+ */
}
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
- MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
- if (error == 0)
- lomac_copy(&temp, dest);
- return (error);
+ return (0);
}
static int
-lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *intlabel)
+lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
{
- struct mac_lomac *source, temp;
- size_t buflen;
- int error;
-
- buflen = sizeof(temp);
- bzero(&temp, buflen);
+ struct mac_lomac *subj, *obj;
- source = SLOT(intlabel);
- if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ if (!lomac_enabled)
return (0);
- lomac_copy_single(source, &temp);
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
- MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
- return (error);
-}
+ subj = SLOT(cr1->cr_label);
+ obj = SLOT(cr2->cr_label);
-/*
- * Labeling event operations: IPC object.
- */
+ /* XXX: range */
+ if (!lomac_dominate_single(obj, subj))
+ return (ESRCH);
+
+ return (0);
+}
static void
-lomac_inpcb_create(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(solabel);
- dest = SLOT(inplabel);
+ source = SLOT(newlabel);
+ dest = SLOT(cred->cr_label);
- lomac_copy_single(source, dest);
+ try_relabel(source, dest);
}
static void
-lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
+lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
{
- struct mac_lomac *source, *dest;
-
- source = SLOT(solabel);
- dest = SLOT(mlabel);
+ struct mac_lomac *ml;
+ int lomac_type;
- lomac_copy_single(source, dest);
+ ml = SLOT(delabel);
+ if (strcmp(dev->si_name, "null") == 0 ||
+ strcmp(dev->si_name, "zero") == 0 ||
+ strcmp(dev->si_name, "random") == 0 ||
+ strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 ||
+ strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0)
+ lomac_type = MAC_LOMAC_TYPE_EQUAL;
+ else if (ptys_equal &&
+ (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+ strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
+ lomac_type = MAC_LOMAC_TYPE_EQUAL;
+ else
+ lomac_type = MAC_LOMAC_TYPE_HIGH;
+ lomac_set_single(ml, lomac_type, 0);
}
static void
-lomac_socket_create(struct ucred *cred, struct socket *so,
- struct label *solabel)
+lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
+ struct devfs_dirent *de, struct label *delabel)
{
- struct mac_lomac *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(solabel);
+ struct mac_lomac *ml;
- lomac_copy_single(source, dest);
+ ml = SLOT(delabel);
+ lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0);
}
static void
-lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel)
{
struct mac_lomac *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(pplabel);
+ dest = SLOT(delabel);
lomac_copy_single(source, dest);
}
static void
-lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
- struct socket *newso, struct label *newsolabel)
+lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp, struct label *vplabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(oldsolabel);
- dest = SLOT(newsolabel);
+ source = SLOT(vplabel);
+ dest = SLOT(delabel);
- lomac_copy_single(source, dest);
+ lomac_copy(source, dest);
}
static void
-lomac_socket_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vplabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(newlabel);
- dest = SLOT(solabel);
+ source = SLOT(delabel);
+ dest = SLOT(vplabel);
- try_relabel(source, dest);
+ lomac_copy_single(source, dest);
}
-static void
-lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+static int
+lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
- struct mac_lomac *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(pplabel);
+ struct mac_lomac *subj, *new;
+ int error;
- try_relabel(source, dest);
-}
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
-static void
-lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
- struct socket *so, struct label *sopeerlabel)
-{
- struct mac_lomac *source, *dest;
+ /*
+ * If there is a LOMAC label update for the interface, it may be an
+ * update of the single, range, or both.
+ */
+ error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH);
+ if (error)
+ return (error);
- source = SLOT(mlabel);
- dest = SLOT(sopeerlabel);
+ /*
+ * Relabling network interfaces requires LOMAC privilege.
+ */
+ error = lomac_subject_privileged(subj);
+ if (error)
+ return (error);
- lomac_copy_single(source, dest);
-}
+ /*
+ * If the LOMAC label is to be changed, authorize as appropriate.
+ */
+ if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
+ /*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ lomac_copy_single(subj, new);
+ if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
+ lomac_copy_range(subj, new);
-/*
- * Labeling event operations: network objects.
- */
-static void
-lomac_socketpeer_set_from_socket(struct socket *oldso,
- struct label *oldsolabel, struct socket *newso,
- struct label *newsopeerlabel)
-{
- struct mac_lomac *source, *dest;
+ /*
+ * Rely on the traditional superuser status for the LOMAC
+ * interface relabel requirements. XXXMAC: This will go
+ * away.
+ *
+ * XXXRW: This is also redundant to a higher layer check.
+ */
+ error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
+ if (error)
+ return (EPERM);
- source = SLOT(oldsolabel);
- dest = SLOT(newsopeerlabel);
+ /*
+ * XXXMAC: Additional consistency tests regarding the single
+ * and the range of the new label might be performed here.
+ */
+ }
- lomac_copy_single(source, dest);
+ return (0);
}
-static void
-lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
- struct label *dlabel)
+static int
+lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_lomac *source, *dest;
+ struct mac_lomac *p, *i;
- source = SLOT(cred->cr_label);
- dest = SLOT(dlabel);
+ if (!lomac_enabled)
+ return (0);
- lomac_copy_single(source, dest);
+ p = SLOT(mlabel);
+ i = SLOT(ifplabel);
+
+ return (lomac_single_in_range(p, i) ? 0 : EACCES);
}
static void
@@ -1283,38 +1208,52 @@ set:
}
static void
-lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(mlabel);
- dest = SLOT(ipqlabel);
+ source = SLOT(ifplabel);
+ dest = SLOT(mlabel);
lomac_copy_single(source, dest);
}
static void
-lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
- struct mbuf *m, struct label *mlabel)
+lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(ipqlabel);
- dest = SLOT(mlabel);
+ source = SLOT(newlabel);
+ dest = SLOT(ifplabel);
- /* Just use the head, since we require them all to match. */
- lomac_copy_single(source, dest);
+ try_relabel(source, dest);
+}
+
+static int
+lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_lomac *p, *i;
+
+ if (!lomac_enabled)
+ return (0);
+
+ p = SLOT(mlabel);
+ i = SLOT(inplabel);
+
+ return (lomac_equal_single(p, i) ? 0 : EACCES);
}
static void
-lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
- struct mbuf *frag, struct label *fraglabel)
+lomac_inpcb_create(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(mlabel);
- dest = SLOT(fraglabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
lomac_copy_single(source, dest);
}
@@ -1332,25 +1271,25 @@ lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
}
static void
-lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
- struct mbuf *m, struct label *mlabel)
+lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(dlabel);
- dest = SLOT(mlabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
lomac_copy_single(source, dest);
}
static void
-lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(ifplabel);
- dest = SLOT(mlabel);
+ source = SLOT(mlabel);
+ dest = SLOT(ipqlabel);
lomac_copy_single(source, dest);
}
@@ -1368,15 +1307,16 @@ lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
}
static void
-lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(newlabel);
- dest = SLOT(ifplabel);
+ source = SLOT(ipqlabel);
+ dest = SLOT(mlabel);
- try_relabel(source, dest);
+ /* Just use the head, since we require them all to match. */
+ lomac_copy_single(source, dest);
}
static void
@@ -1387,37 +1327,36 @@ lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
/* NOOP: we only accept matching labels, so no need to update */
}
-static void
-lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+static int
+lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
- struct mac_lomac *source, *dest;
+ struct mac_lomac *subj, *obj;
- source = SLOT(solabel);
- dest = SLOT(inplabel);
+ if (!lomac_enabled)
+ return (0);
- lomac_copy_single(source, dest);
-}
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(vplabel);
-static void
-lomac_syncache_create(struct label *label, struct inpcb *inp)
-{
- struct mac_lomac *source, *dest;
+ if (lomac_subject_privileged(subj))
+ return (EPERM);
- source = SLOT(inp->inp_label);
- dest = SLOT(label);
- lomac_copy(source, dest);
+ if (!lomac_high_single(obj))
+ return (EACCES);
+
+ return (0);
}
static void
-lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
- struct label *mlabel)
+lomac_mount_create(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(sc_label);
- dest = SLOT(mlabel);
- lomac_copy(source, dest);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(mplabel);
+ lomac_copy_single(source, dest);
}
static void
@@ -1466,6 +1405,18 @@ lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
}
static void
+lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
+ struct mbuf *frag, struct label *fraglabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(mlabel);
+ dest = SLOT(fraglabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
struct mbuf *msend, struct label *msendlabel)
{
@@ -1499,306 +1450,6 @@ lomac_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
}
-/*
- * Labeling event operations: processes.
- */
-static void
-lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
- struct image_params *imgp, struct label *execlabel)
-{
- struct mac_lomac *source, *dest, *obj, *robj;
-
- source = SLOT(old->cr_label);
- dest = SLOT(new->cr_label);
- obj = SLOT(vplabel);
- robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
-
- lomac_copy(source, dest);
- /*
- * If there's an auxiliary label on the real object, respect it and
- * assume that this level should be assumed immediately if a higher
- * level is currently in place.
- */
- if (robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
- !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
- && lomac_auxsingle_in_range(robj, dest))
- lomac_set_single(dest, robj->ml_auxsingle.mle_type,
- robj->ml_auxsingle.mle_grade);
- /*
- * Restructuring to use the execve transitioning mechanism instead of
- * the normal demotion mechanism here would be difficult, so just
- * copy the label over and perform standard demotion. This is also
- * non-optimal because it will result in the intermediate label "new"
- * being created and immediately recycled.
- */
- if (lomac_enabled && revocation_enabled &&
- !lomac_dominate_single(obj, source))
- (void)maybe_demote(source, obj, "executing", "file", vp);
-}
-
-static int
-lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *vplabel, struct label *interpvplabel,
- struct image_params *imgp, struct label *execlabel)
-{
- struct mac_lomac *subj, *obj, *robj;
-
- if (!lomac_enabled || !revocation_enabled)
- return (0);
-
- subj = SLOT(old->cr_label);
- obj = SLOT(vplabel);
- robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
-
- return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
- !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
- && lomac_auxsingle_in_range(robj, subj)) ||
- !lomac_dominate_single(obj, subj));
-}
-
-static void
-lomac_proc_create_swapper(struct ucred *cred)
-{
- struct mac_lomac *dest;
-
- dest = SLOT(cred->cr_label);
-
- lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
- lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
-}
-
-static void
-lomac_proc_create_init(struct ucred *cred)
-{
- struct mac_lomac *dest;
-
- dest = SLOT(cred->cr_label);
-
- lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
- lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
-}
-
-static void
-lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
-{
- struct mac_lomac *source, *dest;
-
- source = SLOT(newlabel);
- dest = SLOT(cred->cr_label);
-
- try_relabel(source, dest);
-}
-
-/*
- * Access control checks.
- */
-static int
-lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
- struct ifnet *ifp, struct label *ifplabel)
-{
- struct mac_lomac *a, *b;
-
- if (!lomac_enabled)
- return (0);
-
- a = SLOT(dlabel);
- b = SLOT(ifplabel);
-
- if (lomac_equal_single(a, b))
- return (0);
- return (EACCES);
-}
-
-static int
-lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
-{
- struct mac_lomac *subj, *new;
- int error;
-
- subj = SLOT(cred->cr_label);
- new = SLOT(newlabel);
-
- /*
- * If there is a LOMAC label update for the credential, it may be an
- * update of the single, range, or both.
- */
- error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH);
- if (error)
- return (error);
-
- /*
- * If the LOMAC label is to be changed, authorize as appropriate.
- */
- if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
- /*
- * Fill in the missing parts from the previous label.
- */
- if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
- lomac_copy_single(subj, new);
- if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
- lomac_copy_range(subj, new);
-
- /*
- * To change the LOMAC range on a credential, the new range
- * label must be in the current range.
- */
- if (!lomac_range_in_range(new, subj))
- return (EPERM);
-
- /*
- * To change the LOMAC single label on a credential, the new
- * single label must be in the new range. Implicitly from
- * the previous check, the new single is in the old range.
- */
- if (!lomac_single_in_range(new, new))
- return (EPERM);
-
- /*
- * To have EQUAL in any component of the new credential LOMAC
- * label, the subject must already have EQUAL in their label.
- */
- if (lomac_contains_equal(new)) {
- error = lomac_subject_privileged(subj);
- if (error)
- return (error);
- }
-
- /*
- * XXXMAC: Additional consistency tests regarding the single
- * and range of the new label might be performed here.
- */
- }
-
- return (0);
-}
-
-static int
-lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
-{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cr1->cr_label);
- obj = SLOT(cr2->cr_label);
-
- /* XXX: range */
- if (!lomac_dominate_single(obj, subj))
- return (ESRCH);
-
- return (0);
-}
-
-static int
-lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
-{
- struct mac_lomac *subj, *new;
- int error;
-
- subj = SLOT(cred->cr_label);
- new = SLOT(newlabel);
-
- /*
- * If there is a LOMAC label update for the interface, it may be an
- * update of the single, range, or both.
- */
- error = lomac_atmostflags(new, MAC_LOMAC_FLAGS_BOTH);
- if (error)
- return (error);
-
- /*
- * Relabling network interfaces requires LOMAC privilege.
- */
- error = lomac_subject_privileged(subj);
- if (error)
- return (error);
-
- /*
- * If the LOMAC label is to be changed, authorize as appropriate.
- */
- if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
- /*
- * Fill in the missing parts from the previous label.
- */
- if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
- lomac_copy_single(subj, new);
- if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
- lomac_copy_range(subj, new);
-
- /*
- * Rely on the traditional superuser status for the LOMAC
- * interface relabel requirements. XXXMAC: This will go
- * away.
- *
- * XXXRW: This is also redundant to a higher layer check.
- */
- error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
- if (error)
- return (EPERM);
-
- /*
- * XXXMAC: Additional consistency tests regarding the single
- * and the range of the new label might be performed here.
- */
- }
-
- return (0);
-}
-
-static int
-lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_lomac *p, *i;
-
- if (!lomac_enabled)
- return (0);
-
- p = SLOT(mlabel);
- i = SLOT(ifplabel);
-
- return (lomac_single_in_range(p, i) ? 0 : EACCES);
-}
-
-static int
-lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_lomac *p, *i;
-
- if (!lomac_enabled)
- return (0);
-
- p = SLOT(mlabel);
- i = SLOT(inplabel);
-
- return (lomac_equal_single(p, i) ? 0 : EACCES);
-}
-
-static int
-lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
-{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(vplabel);
-
- if (lomac_subject_privileged(subj))
- return (EPERM);
-
- if (!lomac_high_single(obj))
- return (EACCES);
-
- return (0);
-}
-
static int
lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
@@ -1899,148 +1550,28 @@ lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp,
return (0);
}
-static int
-lomac_proc_check_debug(struct ucred *cred, struct proc *p)
-{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!lomac_dominate_single(obj, subj))
- return (ESRCH);
- if (!lomac_subject_dominate(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-lomac_proc_check_sched(struct ucred *cred, struct proc *p)
-{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!lomac_dominate_single(obj, subj))
- return (ESRCH);
- if (!lomac_subject_dominate(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
-{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!lomac_dominate_single(obj, subj))
- return (ESRCH);
- if (!lomac_subject_dominate(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-lomac_socket_check_deliver(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_lomac *p, *s;
-
- if (!lomac_enabled)
- return (0);
-
- p = SLOT(mlabel);
- s = SLOT(solabel);
-
- return (lomac_equal_single(p, s) ? 0 : EACCES);
-}
-
-static int
-lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+static void
+lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_lomac *subj, *obj, *new;
- int error;
-
- new = SLOT(newlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
-
- /*
- * If there is a LOMAC label update for the socket, it may be an
- * update of single.
- */
- error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE);
- if (error)
- return (error);
-
- /*
- * To relabel a socket, the old socket single must be in the subject
- * range.
- */
- if (!lomac_single_in_range(obj, subj))
- return (EPERM);
-
- /*
- * If the LOMAC label is to be changed, authorize as appropriate.
- */
- if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
- /*
- * To relabel a socket, the new socket single must be in the
- * subject range.
- */
- if (!lomac_single_in_range(new, subj))
- return (EPERM);
+ struct mac_lomac *source, *dest;
- /*
- * To change the LOMAC label on the socket to contain EQUAL,
- * the subject must have appropriate privilege.
- */
- if (lomac_contains_equal(new)) {
- error = lomac_subject_privileged(subj);
- if (error)
- return (error);
- }
- }
+ source = SLOT(cred->cr_label);
+ dest = SLOT(pplabel);
- return (0);
+ lomac_copy_single(source, dest);
}
-static int
-lomac_socket_check_visible(struct ucred *cred, struct socket *so,
- struct label *solabel)
+static void
+lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
- struct mac_lomac *subj, *obj;
-
- if (!lomac_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
+ struct mac_lomac *source, *dest;
- if (!lomac_dominate_single(obj, subj))
- return (ENOENT);
+ source = SLOT(newlabel);
+ dest = SLOT(pplabel);
- return (0);
+ try_relabel(source, dest);
}
/*
@@ -2232,6 +1763,283 @@ lomac_priv_check(struct ucred *cred, int priv)
return (0);
}
+static int
+lomac_proc_check_debug(struct ucred *cred, struct proc *p)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!lomac_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!lomac_dominate_single(obj, subj))
+ return (ESRCH);
+ if (!lomac_subject_dominate(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+lomac_proc_check_sched(struct ucred *cred, struct proc *p)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!lomac_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!lomac_dominate_single(obj, subj))
+ return (ESRCH);
+ if (!lomac_subject_dominate(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
+lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!lomac_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!lomac_dominate_single(obj, subj))
+ return (ESRCH);
+ if (!lomac_subject_dominate(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static void
+lomac_proc_create_init(struct ucred *cred)
+{
+ struct mac_lomac *dest;
+
+ dest = SLOT(cred->cr_label);
+
+ lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
+ lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
+}
+
+static void
+lomac_proc_create_swapper(struct ucred *cred)
+{
+ struct mac_lomac *dest;
+
+ dest = SLOT(cred->cr_label);
+
+ lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
+ lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
+}
+
+static void
+lomac_proc_destroy_label(struct label *label)
+{
+
+ mtx_destroy(&PSLOT(label)->mtx);
+ FREE(PSLOT(label), M_LOMAC);
+ PSLOT_SET(label, NULL);
+}
+
+static void
+lomac_proc_init_label(struct label *label)
+{
+
+ PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC,
+ M_ZERO | M_WAITOK));
+ mtx_init(&PSLOT(label)->mtx, "MAC/Lomac proc lock", NULL, MTX_DEF);
+}
+
+static int
+lomac_socket_check_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_lomac *p, *s;
+
+ if (!lomac_enabled)
+ return (0);
+
+ p = SLOT(mlabel);
+ s = SLOT(solabel);
+
+ return (lomac_equal_single(p, s) ? 0 : EACCES);
+}
+
+static int
+lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
+{
+ struct mac_lomac *subj, *obj, *new;
+ int error;
+
+ new = SLOT(newlabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(solabel);
+
+ /*
+ * If there is a LOMAC label update for the socket, it may be an
+ * update of single.
+ */
+ error = lomac_atmostflags(new, MAC_LOMAC_FLAG_SINGLE);
+ if (error)
+ return (error);
+
+ /*
+ * To relabel a socket, the old socket single must be in the subject
+ * range.
+ */
+ if (!lomac_single_in_range(obj, subj))
+ return (EPERM);
+
+ /*
+ * If the LOMAC label is to be changed, authorize as appropriate.
+ */
+ if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
+ /*
+ * To relabel a socket, the new socket single must be in the
+ * subject range.
+ */
+ if (!lomac_single_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * To change the LOMAC label on the socket to contain EQUAL,
+ * the subject must have appropriate privilege.
+ */
+ if (lomac_contains_equal(new)) {
+ error = lomac_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
+ }
+
+ return (0);
+}
+
+static int
+lomac_socket_check_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
+{
+ struct mac_lomac *subj, *obj;
+
+ if (!lomac_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(solabel);
+
+ if (!lomac_dominate_single(obj, subj))
+ return (ENOENT);
+
+ return (0);
+}
+
+static void
+lomac_socket_create(struct ucred *cred, struct socket *so,
+ struct label *solabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(solabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
+lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(solabel);
+ dest = SLOT(mlabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
+lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
+ struct socket *newso, struct label *newsolabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsolabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
+lomac_socket_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(solabel);
+
+ try_relabel(source, dest);
+}
+
+static void
+lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
+ struct socket *so, struct label *sopeerlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(mlabel);
+ dest = SLOT(sopeerlabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
+lomac_socketpeer_set_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsopeerlabel);
+
+ lomac_copy_single(source, dest);
+}
+
+static void
+lomac_syncache_create(struct label *label, struct inpcb *inp)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(inp->inp_label);
+ dest = SLOT(label);
+ lomac_copy(source, dest);
+}
+
+static void
+lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
+ struct label *mlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(sc_label);
+ dest = SLOT(mlabel);
+ lomac_copy(source, dest);
+}
static int
lomac_system_check_acct(struct ucred *cred, struct vnode *vp,
@@ -2341,6 +2149,112 @@ lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
return (0);
}
+static void
+lomac_thread_userret(struct thread *td)
+{
+ struct proc *p = td->td_proc;
+ struct mac_lomac_proc *subj = PSLOT(p->p_label);
+ struct ucred *newcred, *oldcred;
+ int dodrop;
+
+ mtx_lock(&subj->mtx);
+ if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
+ dodrop = 0;
+ mtx_unlock(&subj->mtx);
+ newcred = crget();
+ /*
+ * Prevent a lock order reversal in
+ * mac_cred_mmapped_drop_perms; ideally, the other user of
+ * subj->mtx wouldn't be holding Giant.
+ */
+ mtx_lock(&Giant);
+ PROC_LOCK(p);
+ mtx_lock(&subj->mtx);
+ /*
+ * Check if we lost the race while allocating the cred.
+ */
+ if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) {
+ crfree(newcred);
+ goto out;
+ }
+ oldcred = p->p_ucred;
+ crcopy(newcred, oldcred);
+ crhold(newcred);
+ lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
+ p->p_ucred = newcred;
+ crfree(oldcred);
+ dodrop = 1;
+ out:
+ mtx_unlock(&subj->mtx);
+ PROC_UNLOCK(p);
+ if (dodrop)
+ mac_cred_mmapped_drop_perms(curthread, newcred);
+ mtx_unlock(&Giant);
+ } else {
+ mtx_unlock(&subj->mtx);
+ }
+}
+
+static int
+lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
+{
+ struct mac_lomac ml_temp, *source, *dest;
+ int buflen, error;
+
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
+
+ buflen = sizeof(ml_temp);
+ bzero(&ml_temp, buflen);
+
+ error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
+ MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread);
+ if (error == ENOATTR || error == EOPNOTSUPP) {
+ /* Fall back to the mntlabel. */
+ lomac_copy_single(source, dest);
+ return (0);
+ } else if (error)
+ return (error);
+
+ if (buflen != sizeof(ml_temp)) {
+ if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) {
+ printf("lomac_vnode_associate_extattr: bad size %d\n",
+ buflen);
+ return (EPERM);
+ }
+ bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle));
+ buflen = sizeof(ml_temp);
+ (void)vn_extattr_set(vp, IO_NODELOCKED,
+ MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME,
+ buflen, (char *)&ml_temp, curthread);
+ }
+ if (lomac_valid(&ml_temp) != 0) {
+ printf("lomac_vnode_associate_extattr: invalid\n");
+ return (EPERM);
+ }
+ if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) !=
+ MAC_LOMAC_FLAG_SINGLE) {
+ printf("lomac_vnode_associate_extattr: not single\n");
+ return (EPERM);
+ }
+
+ lomac_copy_single(&ml_temp, dest);
+ return (0);
+}
+
+static void
+lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
+
+ lomac_copy_single(source, dest);
+}
+
static int
lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
@@ -2788,162 +2702,254 @@ lomac_vnode_check_write(struct ucred *active_cred,
return (0);
}
-static void
-lomac_thread_userret(struct thread *td)
+static int
+lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
+ struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
{
- struct proc *p = td->td_proc;
- struct mac_lomac_proc *subj = PSLOT(p->p_label);
- struct ucred *newcred, *oldcred;
- int dodrop;
+ struct mac_lomac *source, *dest, *dir, temp;
+ size_t buflen;
+ int error;
- mtx_lock(&subj->mtx);
- if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
- dodrop = 0;
- mtx_unlock(&subj->mtx);
- newcred = crget();
- /*
- * Prevent a lock order reversal in
- * mac_cred_mmapped_drop_perms; ideally, the other user of
- * subj->mtx wouldn't be holding Giant.
- */
- mtx_lock(&Giant);
- PROC_LOCK(p);
- mtx_lock(&subj->mtx);
- /*
- * Check if we lost the race while allocating the cred.
- */
- if ((subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) == 0) {
- crfree(newcred);
- goto out;
- }
- oldcred = p->p_ucred;
- crcopy(newcred, oldcred);
- crhold(newcred);
- lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
- p->p_ucred = newcred;
- crfree(oldcred);
- dodrop = 1;
- out:
- mtx_unlock(&subj->mtx);
- PROC_UNLOCK(p);
- if (dodrop)
- mac_cred_mmapped_drop_perms(curthread, newcred);
- mtx_unlock(&Giant);
+ buflen = sizeof(temp);
+ bzero(&temp, buflen);
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(vplabel);
+ dir = SLOT(dvplabel);
+ if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) {
+ lomac_copy_auxsingle(dir, &temp);
+ lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
+ dir->ml_auxsingle.mle_grade);
} else {
- mtx_unlock(&subj->mtx);
+ lomac_copy_single(source, &temp);
}
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
+ MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
+ if (error == 0)
+ lomac_copy(&temp, dest);
+ return (error);
+}
+
+static void
+lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
+ struct image_params *imgp, struct label *execlabel)
+{
+ struct mac_lomac *source, *dest, *obj, *robj;
+
+ source = SLOT(old->cr_label);
+ dest = SLOT(new->cr_label);
+ obj = SLOT(vplabel);
+ robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
+
+ lomac_copy(source, dest);
+ /*
+ * If there's an auxiliary label on the real object, respect it and
+ * assume that this level should be assumed immediately if a higher
+ * level is currently in place.
+ */
+ if (robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
+ !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
+ && lomac_auxsingle_in_range(robj, dest))
+ lomac_set_single(dest, robj->ml_auxsingle.mle_type,
+ robj->ml_auxsingle.mle_grade);
+ /*
+ * Restructuring to use the execve transitioning mechanism instead of
+ * the normal demotion mechanism here would be difficult, so just
+ * copy the label over and perform standard demotion. This is also
+ * non-optimal because it will result in the intermediate label "new"
+ * being created and immediately recycled.
+ */
+ if (lomac_enabled && revocation_enabled &&
+ !lomac_dominate_single(obj, source))
+ (void)maybe_demote(source, obj, "executing", "file", vp);
+}
+
+static int
+lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct label *vplabel, struct label *interpvplabel,
+ struct image_params *imgp, struct label *execlabel)
+{
+ struct mac_lomac *subj, *obj, *robj;
+
+ if (!lomac_enabled || !revocation_enabled)
+ return (0);
+
+ subj = SLOT(old->cr_label);
+ obj = SLOT(vplabel);
+ robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
+
+ return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
+ !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
+ && lomac_auxsingle_in_range(robj, subj)) ||
+ !lomac_dominate_single(obj, subj));
+}
+
+static void
+lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *newlabel)
+{
+ struct mac_lomac *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(vplabel);
+
+ try_relabel(source, dest);
+}
+
+static int
+lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *intlabel)
+{
+ struct mac_lomac *source, temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(temp);
+ bzero(&temp, buflen);
+
+ source = SLOT(intlabel);
+ if ((source->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ return (0);
+
+ lomac_copy_single(source, &temp);
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
+ MAC_LOMAC_EXTATTR_NAME, buflen, (char *)&temp, curthread);
+ return (error);
}
static struct mac_policy_ops lomac_ops =
{
.mpo_init = lomac_init,
- .mpo_bpfdesc_init_label = lomac_init_label,
- .mpo_cred_init_label = lomac_init_label,
- .mpo_devfs_init_label = lomac_init_label,
- .mpo_ifnet_init_label = lomac_init_label,
- .mpo_syncache_init_label = lomac_init_label_waitcheck,
- .mpo_inpcb_init_label = lomac_init_label_waitcheck,
- .mpo_ipq_init_label = lomac_init_label_waitcheck,
- .mpo_mbuf_init_label = lomac_init_label_waitcheck,
- .mpo_mount_init_label = lomac_init_label,
- .mpo_pipe_init_label = lomac_init_label,
- .mpo_proc_init_label = lomac_proc_init_label,
- .mpo_socket_init_label = lomac_init_label_waitcheck,
- .mpo_socketpeer_init_label = lomac_init_label_waitcheck,
- .mpo_vnode_init_label = lomac_init_label,
- .mpo_syncache_create = lomac_syncache_create,
+
+ .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive,
+ .mpo_bpfdesc_create = lomac_bpfdesc_create,
+ .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
.mpo_bpfdesc_destroy_label = lomac_destroy_label,
- .mpo_cred_destroy_label = lomac_destroy_label,
- .mpo_devfs_destroy_label = lomac_destroy_label,
- .mpo_ifnet_destroy_label = lomac_destroy_label,
- .mpo_inpcb_destroy_label = lomac_destroy_label,
- .mpo_ipq_destroy_label = lomac_destroy_label,
- .mpo_mbuf_destroy_label = lomac_destroy_label,
- .mpo_mount_destroy_label = lomac_destroy_label,
- .mpo_pipe_destroy_label = lomac_destroy_label,
- .mpo_proc_destroy_label = lomac_proc_destroy_label,
- .mpo_syncache_destroy_label = lomac_destroy_label,
- .mpo_socket_destroy_label = lomac_destroy_label,
- .mpo_socketpeer_destroy_label = lomac_destroy_label,
- .mpo_vnode_destroy_label = lomac_destroy_label,
+ .mpo_bpfdesc_init_label = lomac_init_label,
+
+ .mpo_cred_check_relabel = lomac_cred_check_relabel,
+ .mpo_cred_check_visible = lomac_cred_check_visible,
.mpo_cred_copy_label = lomac_copy_label,
- .mpo_ifnet_copy_label = lomac_copy_label,
- .mpo_mbuf_copy_label = lomac_copy_label,
- .mpo_pipe_copy_label = lomac_copy_label,
- .mpo_socket_copy_label = lomac_copy_label,
- .mpo_vnode_copy_label = lomac_copy_label,
+ .mpo_cred_destroy_label = lomac_destroy_label,
.mpo_cred_externalize_label = lomac_externalize_label,
- .mpo_ifnet_externalize_label = lomac_externalize_label,
- .mpo_pipe_externalize_label = lomac_externalize_label,
- .mpo_socket_externalize_label = lomac_externalize_label,
- .mpo_socketpeer_externalize_label = lomac_externalize_label,
- .mpo_vnode_externalize_label = lomac_externalize_label,
+ .mpo_cred_init_label = lomac_init_label,
.mpo_cred_internalize_label = lomac_internalize_label,
- .mpo_ifnet_internalize_label = lomac_internalize_label,
- .mpo_pipe_internalize_label = lomac_internalize_label,
- .mpo_socket_internalize_label = lomac_internalize_label,
- .mpo_vnode_internalize_label = lomac_internalize_label,
+ .mpo_cred_relabel = lomac_cred_relabel,
+
.mpo_devfs_create_device = lomac_devfs_create_device,
.mpo_devfs_create_directory = lomac_devfs_create_directory,
.mpo_devfs_create_symlink = lomac_devfs_create_symlink,
- .mpo_mount_create = lomac_mount_create,
- .mpo_vnode_relabel = lomac_vnode_relabel,
+ .mpo_devfs_destroy_label = lomac_destroy_label,
+ .mpo_devfs_init_label = lomac_init_label,
.mpo_devfs_update = lomac_devfs_update,
.mpo_devfs_vnode_associate = lomac_devfs_vnode_associate,
- .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr,
- .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel,
- .mpo_vnode_create_extattr = lomac_vnode_create_extattr,
- .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr,
- .mpo_socket_create_mbuf = lomac_socket_create_mbuf,
- .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf,
- .mpo_pipe_create = lomac_pipe_create,
- .mpo_socket_create = lomac_socket_create,
- .mpo_socket_newconn = lomac_socket_newconn,
- .mpo_pipe_relabel = lomac_pipe_relabel,
- .mpo_socket_relabel = lomac_socket_relabel,
- .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf,
- .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket,
- .mpo_bpfdesc_create = lomac_bpfdesc_create,
- .mpo_ipq_reassemble = lomac_ipq_reassemble,
- .mpo_netinet_fragment = lomac_netinet_fragment,
+
+ .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel,
+ .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit,
+ .mpo_ifnet_copy_label = lomac_copy_label,
.mpo_ifnet_create = lomac_ifnet_create,
+ .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
+ .mpo_ifnet_destroy_label = lomac_destroy_label,
+ .mpo_ifnet_externalize_label = lomac_externalize_label,
+ .mpo_ifnet_init_label = lomac_init_label,
+ .mpo_ifnet_internalize_label = lomac_internalize_label,
+ .mpo_ifnet_relabel = lomac_ifnet_relabel,
+
+ .mpo_syncache_create = lomac_syncache_create,
+ .mpo_syncache_destroy_label = lomac_destroy_label,
+ .mpo_syncache_init_label = lomac_init_label_waitcheck,
+
+ .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver,
.mpo_inpcb_create = lomac_inpcb_create,
- .mpo_ipq_create = lomac_ipq_create,
.mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf,
- .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
- .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
+ .mpo_inpcb_destroy_label = lomac_destroy_label,
+ .mpo_inpcb_init_label = lomac_init_label_waitcheck,
+ .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel,
+
+ .mpo_ipq_create = lomac_ipq_create,
+ .mpo_ipq_destroy_label = lomac_destroy_label,
+ .mpo_ipq_init_label = lomac_init_label_waitcheck,
.mpo_ipq_match = lomac_ipq_match,
- .mpo_ifnet_relabel = lomac_ifnet_relabel,
+ .mpo_ipq_reassemble = lomac_ipq_reassemble,
.mpo_ipq_update = lomac_ipq_update,
- .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel,
- .mpo_vnode_execve_transition = lomac_vnode_execve_transition,
- .mpo_vnode_execve_will_transition =
- lomac_vnode_execve_will_transition,
- .mpo_proc_create_swapper = lomac_proc_create_swapper,
- .mpo_proc_create_init = lomac_proc_create_init,
- .mpo_cred_relabel = lomac_cred_relabel,
- .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive,
- .mpo_cred_check_relabel = lomac_cred_check_relabel,
- .mpo_cred_check_visible = lomac_cred_check_visible,
- .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel,
- .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit,
- .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver,
+
.mpo_kld_check_load = lomac_kld_check_load,
+
+ .mpo_mbuf_copy_label = lomac_copy_label,
+ .mpo_mbuf_destroy_label = lomac_destroy_label,
+ .mpo_mbuf_init_label = lomac_init_label_waitcheck,
+
+ .mpo_mount_create = lomac_mount_create,
+ .mpo_mount_destroy_label = lomac_destroy_label,
+ .mpo_mount_init_label = lomac_init_label,
+
+ .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send,
+
+ .mpo_netinet_arp_send = lomac_netinet_arp_send,
+ .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply,
+ .mpo_netinet_firewall_send = lomac_netinet_firewall_send,
+ .mpo_netinet_fragment = lomac_netinet_fragment,
+ .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply,
+ .mpo_netinet_igmp_send = lomac_netinet_igmp_send,
+
+ .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send,
+
.mpo_pipe_check_ioctl = lomac_pipe_check_ioctl,
.mpo_pipe_check_read = lomac_pipe_check_read,
.mpo_pipe_check_relabel = lomac_pipe_check_relabel,
.mpo_pipe_check_write = lomac_pipe_check_write,
+ .mpo_pipe_copy_label = lomac_copy_label,
+ .mpo_pipe_create = lomac_pipe_create,
+ .mpo_pipe_destroy_label = lomac_destroy_label,
+ .mpo_pipe_externalize_label = lomac_externalize_label,
+ .mpo_pipe_init_label = lomac_init_label,
+ .mpo_pipe_internalize_label = lomac_internalize_label,
+ .mpo_pipe_relabel = lomac_pipe_relabel,
+
+ .mpo_priv_check = lomac_priv_check,
+
.mpo_proc_check_debug = lomac_proc_check_debug,
.mpo_proc_check_sched = lomac_proc_check_sched,
.mpo_proc_check_signal = lomac_proc_check_signal,
+ .mpo_proc_create_swapper = lomac_proc_create_swapper,
+ .mpo_proc_create_init = lomac_proc_create_init,
+ .mpo_proc_destroy_label = lomac_proc_destroy_label,
+ .mpo_proc_init_label = lomac_proc_init_label,
+
.mpo_socket_check_deliver = lomac_socket_check_deliver,
.mpo_socket_check_relabel = lomac_socket_check_relabel,
.mpo_socket_check_visible = lomac_socket_check_visible,
+ .mpo_socket_copy_label = lomac_copy_label,
+ .mpo_socket_create = lomac_socket_create,
+ .mpo_socket_create_mbuf = lomac_socket_create_mbuf,
+ .mpo_socket_destroy_label = lomac_destroy_label,
+ .mpo_socket_externalize_label = lomac_externalize_label,
+ .mpo_socket_init_label = lomac_init_label_waitcheck,
+ .mpo_socket_internalize_label = lomac_internalize_label,
+ .mpo_socket_newconn = lomac_socket_newconn,
+ .mpo_socket_relabel = lomac_socket_relabel,
+
+ .mpo_socketpeer_destroy_label = lomac_destroy_label,
+ .mpo_socketpeer_externalize_label = lomac_externalize_label,
+ .mpo_socketpeer_init_label = lomac_init_label_waitcheck,
+ .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf,
+ .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket,
+
+ .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf,
+
.mpo_system_check_acct = lomac_system_check_acct,
.mpo_system_check_auditctl = lomac_system_check_auditctl,
.mpo_system_check_swapoff = lomac_system_check_swapoff,
.mpo_system_check_swapon = lomac_system_check_swapon,
.mpo_system_check_sysctl = lomac_system_check_sysctl,
+
+ .mpo_thread_userret = lomac_thread_userret,
+
+ .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr,
+ .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel,
.mpo_vnode_check_access = lomac_vnode_check_open,
.mpo_vnode_check_create = lomac_vnode_check_create,
.mpo_vnode_check_deleteacl = lomac_vnode_check_deleteacl,
@@ -2964,15 +2970,16 @@ static struct mac_policy_ops lomac_ops =
.mpo_vnode_check_setutimes = lomac_vnode_check_setutimes,
.mpo_vnode_check_unlink = lomac_vnode_check_unlink,
.mpo_vnode_check_write = lomac_vnode_check_write,
- .mpo_thread_userret = lomac_thread_userret,
- .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send,
- .mpo_netinet_arp_send = lomac_netinet_arp_send,
- .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply,
- .mpo_netinet_firewall_send = lomac_netinet_firewall_send,
- .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply,
- .mpo_netinet_igmp_send = lomac_netinet_igmp_send,
- .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send,
- .mpo_priv_check = lomac_priv_check,
+ .mpo_vnode_copy_label = lomac_copy_label,
+ .mpo_vnode_create_extattr = lomac_vnode_create_extattr,
+ .mpo_vnode_destroy_label = lomac_destroy_label,
+ .mpo_vnode_execve_transition = lomac_vnode_execve_transition,
+ .mpo_vnode_execve_will_transition = lomac_vnode_execve_will_transition,
+ .mpo_vnode_externalize_label = lomac_externalize_label,
+ .mpo_vnode_init_label = lomac_init_label,
+ .mpo_vnode_internalize_label = lomac_internalize_label,
+ .mpo_vnode_relabel = lomac_vnode_relabel,
+ .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr,
};
MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC",
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 8ead381..eb3ab0e 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -736,10 +736,140 @@ mls_copy_label(struct label *src, struct label *dest)
*SLOT(dest) = *SLOT(src);
}
+
/*
- * Labeling event operations: file system objects, and things that look a lot
- * like file system objects.
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type name and then by operation.
*/
+static int
+mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
+ struct ifnet *ifp, struct label *ifplabel)
+{
+ struct mac_mls *a, *b;
+
+ if (!mls_enabled)
+ return (0);
+
+ a = SLOT(dlabel);
+ b = SLOT(ifplabel);
+
+ if (mls_equal_effective(a, b))
+ return (0);
+ return (EACCES);
+}
+
+static void
+mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(dlabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(dlabel);
+ dest = SLOT(mlabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static int
+mls_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+{
+ struct mac_mls *subj, *new;
+ int error;
+
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
+
+ /*
+ * If there is an MLS label update for the credential, it may be an
+ * update of effective, range, or both.
+ */
+ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH);
+ if (error)
+ return (error);
+
+ /*
+ * If the MLS label is to be changed, authorize as appropriate.
+ */
+ if (new->mm_flags & MAC_MLS_FLAGS_BOTH) {
+ /*
+ * If the change request modifies both the MLS label
+ * effective and range, check that the new effective will be
+ * in the new range.
+ */
+ if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) ==
+ MAC_MLS_FLAGS_BOTH && !mls_effective_in_range(new, new))
+ return (EINVAL);
+
+ /*
+ * To change the MLS effective label on a credential, the new
+ * effective label must be in the current range.
+ */
+ if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE &&
+ !mls_effective_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * To change the MLS range label on a credential, the new
+ * range must be in the current range.
+ */
+ if (new->mm_flags & MAC_MLS_FLAG_RANGE &&
+ !mls_range_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * To have EQUAL in any component of the new credential MLS
+ * label, the subject must already have EQUAL in their label.
+ */
+ if (mls_contains_equal(new)) {
+ error = mls_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
+ }
+
+ return (0);
+}
+
+static int
+mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mls_enabled)
+ return (0);
+
+ subj = SLOT(cr1->cr_label);
+ obj = SLOT(cr2->cr_label);
+
+ /* XXX: range */
+ if (!mls_dominate_effective(subj, obj))
+ return (ESRCH);
+
+ return (0);
+}
+
+static void
+mls_cred_relabel(struct ucred *cred, struct label *newlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(cred->cr_label);
+
+ mls_copy(source, dest);
+}
+
static void
mls_devfs_create_device(struct ucred *cred, struct mount *mp,
struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
@@ -789,29 +919,6 @@ mls_devfs_create_symlink(struct ucred *cred, struct mount *mp,
}
static void
-mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel)
-{
- struct mac_mls *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(mplabel);
-
- mls_copy_effective(source, dest);
-}
-
-static void
-mls_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *label)
-{
- struct mac_mls *source, *dest;
-
- source = SLOT(label);
- dest = SLOT(vplabel);
-
- mls_copy(source, dest);
-}
-
-static void
mls_devfs_update(struct mount *mp, struct devfs_dirent *de,
struct label *delabel, struct vnode *vp, struct label *vplabel)
{
@@ -837,332 +944,255 @@ mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
}
static int
-mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
+mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
- struct mac_mls mm_temp, *source, *dest;
- int buflen, error;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
+ struct mac_mls *subj, *new;
+ int error;
- buflen = sizeof(mm_temp);
- bzero(&mm_temp, buflen);
+ subj = SLOT(cred->cr_label);
+ new = SLOT(newlabel);
- error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
- MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread);
- if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the mntlabel. */
- mls_copy_effective(source, dest);
- return (0);
- } else if (error)
+ /*
+ * If there is an MLS label update for the interface, it may be an
+ * update of effective, range, or both.
+ */
+ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH);
+ if (error)
return (error);
- if (buflen != sizeof(mm_temp)) {
- printf("mls_vnode_associate_extattr: bad size %d\n", buflen);
- return (EPERM);
- }
- if (mls_valid(&mm_temp) != 0) {
- printf("mls_vnode_associate_extattr: invalid\n");
- return (EPERM);
- }
- if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) !=
- MAC_MLS_FLAG_EFFECTIVE) {
- printf("mls_associated_vnode_extattr: not effective\n");
- return (EPERM);
- }
+ /*
+ * Relabeling network interfaces requires MLS privilege.
+ */
+ error = mls_subject_privileged(subj);
- mls_copy_effective(&mm_temp, dest);
return (0);
}
-static void
-mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
-{
- struct mac_mls *source, *dest;
-
- source = SLOT(mplabel);
- dest = SLOT(vplabel);
-
- mls_copy_effective(source, dest);
-}
-
-static int
-mls_vnode_create_extattr(struct ucred *cred, struct mount *mp,
- struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel, struct componentname *cnp)
-{
- struct mac_mls *source, *dest, mm_temp;
- size_t buflen;
- int error;
-
- buflen = sizeof(mm_temp);
- bzero(&mm_temp, buflen);
-
- source = SLOT(cred->cr_label);
- dest = SLOT(vplabel);
- mls_copy_effective(source, &mm_temp);
-
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
- MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread);
- if (error == 0)
- mls_copy_effective(source, dest);
- return (error);
-}
-
static int
-mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *intlabel)
+mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, mm_temp;
- size_t buflen;
- int error;
-
- buflen = sizeof(mm_temp);
- bzero(&mm_temp, buflen);
+ struct mac_mls *p, *i;
- source = SLOT(intlabel);
- if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0)
+ if (!mls_enabled)
return (0);
- mls_copy_effective(source, &mm_temp);
+ p = SLOT(mlabel);
+ i = SLOT(ifplabel);
- error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
- MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread);
- return (error);
+ return (mls_effective_in_range(p, i) ? 0 : EACCES);
}
-/*
- * Labeling event operations: IPC object.
- */
static void
-mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp,
- struct label *inplabel)
+mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *dest;
+ int type;
- source = SLOT(solabel);
- dest = SLOT(inplabel);
+ dest = SLOT(ifplabel);
- mls_copy_effective(source, dest);
+ if (ifp->if_type == IFT_LOOP)
+ type = MAC_MLS_TYPE_EQUAL;
+ else
+ type = MAC_MLS_TYPE_LOW;
+
+ mls_set_effective(dest, type, 0, NULL);
+ mls_set_range(dest, type, 0, NULL, type, 0, NULL);
}
static void
-mls_socket_create_mbuf(struct socket *so, struct label *solabel,
+mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
struct mbuf *m, struct label *mlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(solabel);
+ source = SLOT(ifplabel);
dest = SLOT(mlabel);
mls_copy_effective(source, dest);
}
static void
-mls_socket_create(struct ucred *cred, struct socket *so,
- struct label *solabel)
+mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(solabel);
+ source = SLOT(newlabel);
+ dest = SLOT(ifplabel);
- mls_copy_effective(source, dest);
+ mls_copy(source, dest);
}
-static void
-mls_pipe_create(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+static int
+mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, *dest;
-
- source = SLOT(cred->cr_label);
- dest = SLOT(pplabel);
-
- mls_copy_effective(source, dest);
-}
+ struct mac_mls *p, *i;
-static void
-mls_posixsem_create(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
- struct mac_mls *source, *dest;
+ if (!mls_enabled)
+ return (0);
- source = SLOT(cred->cr_label);
- dest = SLOT(kslabel);
+ p = SLOT(mlabel);
+ i = SLOT(inplabel);
- mls_copy_effective(source, dest);
+ return (mls_equal_effective(p, i) ? 0 : EACCES);
}
static void
-mls_socket_newconn(struct socket *oldso, struct label *oldsolabel,
- struct socket *newso, struct label *newsolabel)
+mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp,
+ struct label *inplabel)
{
struct mac_mls *source, *dest;
- source = SLOT(oldsolabel);
- dest = SLOT(newsolabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
mls_copy_effective(source, dest);
}
static void
-mls_socket_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(newlabel);
- dest = SLOT(solabel);
+ source = SLOT(inplabel);
+ dest = SLOT(mlabel);
- mls_copy(source, dest);
+ mls_copy_effective(source, dest);
}
static void
-mls_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
struct mac_mls *source, *dest;
- source = SLOT(newlabel);
- dest = SLOT(pplabel);
+ source = SLOT(solabel);
+ dest = SLOT(inplabel);
mls_copy(source, dest);
}
static void
-mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
- struct socket *so, struct label *sopeerlabel)
+mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
struct mac_mls *source, *dest;
source = SLOT(mlabel);
- dest = SLOT(sopeerlabel);
+ dest = SLOT(ipqlabel);
mls_copy_effective(source, dest);
}
-/*
- * Labeling event operations: System V IPC objects.
- */
-static void
-mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+static int
+mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *a, *b;
- /* Ignore the msgq label. */
- source = SLOT(cred->cr_label);
- dest = SLOT(msglabel);
+ a = SLOT(ipqlabel);
+ b = SLOT(mlabel);
- mls_copy_effective(source, dest);
+ return (mls_equal_effective(a, b));
}
static void
-mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel)
+mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
+ struct label *mlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(msqlabel);
+ source = SLOT(ipqlabel);
+ dest = SLOT(mlabel);
+ /* Just use the head, since we require them all to match. */
mls_copy_effective(source, dest);
}
static void
-mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semalabel)
+mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
- struct mac_mls *source, *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(semalabel);
-
- mls_copy_effective(source, dest);
+ /* NOOP: we only accept matching labels, so no need to update */
}
-static void
-mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmlabel)
+static int
+mls_mount_check_stat(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *subj, *obj;
- source = SLOT(cred->cr_label);
- dest = SLOT(shmlabel);
+ if (!mls_enabled)
+ return (0);
- mls_copy_effective(source, dest);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(mntlabel);
+
+ if (!mls_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
}
-/*
- * Labeling event operations: network objects.
- */
static void
-mls_socketpeer_set_from_socket(struct socket *oldso,
- struct label *oldsolabel, struct socket *newso,
- struct label *newsopeerlabel)
+mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel)
{
struct mac_mls *source, *dest;
- source = SLOT(oldsolabel);
- dest = SLOT(newsopeerlabel);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(mplabel);
mls_copy_effective(source, dest);
}
static void
-mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel)
+mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *dest;
- source = SLOT(cred->cr_label);
- dest = SLOT(dlabel);
+ dest = SLOT(mlabel);
- mls_copy_effective(source, dest);
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
}
static void
-mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
+mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_mls *dest;
- int type;
- dest = SLOT(ifplabel);
-
- if (ifp->if_type == IFT_LOOP)
- type = MAC_MLS_TYPE_EQUAL;
- else
- type = MAC_MLS_TYPE_LOW;
+ dest = SLOT(mlabel);
- mls_set_effective(dest, type, 0, NULL);
- mls_set_range(dest, type, 0, NULL, type, 0, NULL);
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
}
static void
-mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
+ struct mbuf *msend, struct label *msendlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(mlabel);
- dest = SLOT(ipqlabel);
+ source = SLOT(mrecvlabel);
+ dest = SLOT(msendlabel);
mls_copy_effective(source, dest);
}
static void
-mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
- struct label *mlabel)
+mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *dest;
- source = SLOT(ipqlabel);
dest = SLOT(mlabel);
- /* Just use the head, since we require them all to match. */
- mls_copy_effective(source, dest);
+ /* XXX: where is the label for the firewall really comming from? */
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
}
static void
@@ -1178,212 +1208,245 @@ mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag,
}
static void
-mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
+ struct mbuf *msend, struct label *msendlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(inplabel);
- dest = SLOT(mlabel);
+ source = SLOT(mrecvlabel);
+ dest = SLOT(msendlabel);
mls_copy_effective(source, dest);
}
static void
-mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
+mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *dest;
- source = SLOT(dlabel);
dest = SLOT(mlabel);
- mls_copy_effective(source, dest);
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
}
static void
-mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
+mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *dest;
- source = SLOT(ifplabel);
dest = SLOT(mlabel);
- mls_copy_effective(source, dest);
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
}
static int
-mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
{
- struct mac_mls *a, *b;
- a = SLOT(ipqlabel);
- b = SLOT(mlabel);
+ if (!mls_enabled)
+ return (0);
- return (mls_equal_effective(a, b));
+ /* XXX: This will be implemented soon... */
+
+ return (0);
}
-static void
-mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+static int
+mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *subj, *obj;
- source = SLOT(newlabel);
- dest = SLOT(ifplabel);
+ if (!mls_enabled)
+ return (0);
- mls_copy(source, dest);
-}
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
-static void
-mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
-{
+ if (!mls_dominate_effective(subj, obj))
+ return (EACCES);
- /* NOOP: we only accept matching labels, so no need to update */
+ return (0);
}
-static void
-mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+static int
+mls_pipe_check_read(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *subj, *obj;
- source = SLOT(solabel);
- dest = SLOT(inplabel);
+ if (!mls_enabled)
+ return (0);
- mls_copy(source, dest);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
+
+ if (!mls_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
}
-static void
-mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+static int
+mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
- struct mac_mls *dest;
+ struct mac_mls *subj, *obj, *new;
+ int error;
- dest = SLOT(mlabel);
+ new = SLOT(newlabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
-}
+ /*
+ * If there is an MLS label update for a pipe, it must be a effective
+ * update.
+ */
+ error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE);
+ if (error)
+ return (error);
-static void
-mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_mls *dest;
+ /*
+ * To perform a relabel of a pipe (MLS label or not), MLS must
+ * authorize the relabel.
+ */
+ if (!mls_effective_in_range(obj, subj))
+ return (EPERM);
- dest = SLOT(mlabel);
+ /*
+ * If the MLS label is to be changed, authorize as appropriate.
+ */
+ if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) {
+ /*
+ * To change the MLS label on a pipe, the new pipe label must
+ * be in the subject range.
+ */
+ if (!mls_effective_in_range(new, subj))
+ return (EPERM);
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
+ /*
+ * To change the MLS label on a pipe to be EQUAL, the subject
+ * must have appropriate privilege.
+ */
+ if (mls_contains_equal(new)) {
+ error = mls_subject_privileged(subj);
+ if (error)
+ return (error);
+ }
+ }
+
+ return (0);
}
-static void
-mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
- struct mbuf *msend, struct label *msendlabel)
+static int
+mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *subj, *obj;
- source = SLOT(mrecvlabel);
- dest = SLOT(msendlabel);
+ if (!mls_enabled)
+ return (0);
- mls_copy_effective(source, dest);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
+
+ if (!mls_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
}
-static void
-mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
+static int
+mls_pipe_check_write(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
- struct mac_mls *dest;
+ struct mac_mls *subj, *obj;
- dest = SLOT(mlabel);
+ if (!mls_enabled)
+ return (0);
- /* XXX: where is the label for the firewall really comming from? */
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(pplabel);
+
+ if (!mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
}
static void
-mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
- struct mbuf *msend, struct label *msendlabel)
+mls_pipe_create(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
struct mac_mls *source, *dest;
- source = SLOT(mrecvlabel);
- dest = SLOT(msendlabel);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(pplabel);
mls_copy_effective(source, dest);
}
static void
-mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+mls_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
- struct mac_mls *dest;
+ struct mac_mls *source, *dest;
- dest = SLOT(mlabel);
+ source = SLOT(newlabel);
+ dest = SLOT(pplabel);
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
+ mls_copy(source, dest);
}
-static void
-mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+static int
+mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- struct mac_mls *dest;
-
- dest = SLOT(mlabel);
+ struct mac_mls *subj, *obj;
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
-}
+ if (!mls_enabled)
+ return (0);
-static void
-mls_syncache_create(struct label *label, struct inpcb *inp)
-{
- struct mac_mls *source, *dest;
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(kslabel);
- source = SLOT(inp->inp_label);
- dest = SLOT(label);
+ if (!mls_dominate_effective(subj, obj))
+ return (EACCES);
- mls_copy_effective(source, dest);
+ return (0);
}
-static void
-mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
- struct label *mlabel)
+static int
+mls_posixsem_check_write(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- struct mac_mls *source, *dest;
-
- source = SLOT(sc_label);
- dest = SLOT(mlabel);
+ struct mac_mls *subj, *obj;
- mls_copy_effective(source, dest);
-}
+ if (!mls_enabled)
+ return (0);
-/*
- * Labeling event operations: processes.
- */
-static void
-mls_proc_create_swapper(struct ucred *cred)
-{
- struct mac_mls *dest;
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(kslabel);
- dest = SLOT(cred->cr_label);
+ if (!mls_dominate_effective(obj, subj))
+ return (EACCES);
- mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
- mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0,
- NULL);
+ return (0);
}
static void
-mls_proc_create_init(struct ucred *cred)
+mls_posixsem_create(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- struct mac_mls *dest;
+ struct mac_mls *source, *dest;
- dest = SLOT(cred->cr_label);
+ source = SLOT(cred->cr_label);
+ dest = SLOT(kslabel);
- mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL);
- mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0,
- NULL);
+ mls_copy_effective(source, dest);
}
static void
@@ -1397,117 +1460,145 @@ mls_proc_associate_nfsd(struct ucred *cred)
NULL);
}
-static void
-mls_cred_relabel(struct ucred *cred, struct label *newlabel)
+static int
+mls_proc_check_debug(struct ucred *cred, struct proc *p)
{
- struct mac_mls *source, *dest;
+ struct mac_mls *subj, *obj;
- source = SLOT(newlabel);
- dest = SLOT(cred->cr_label);
+ if (!mls_enabled)
+ return (0);
- mls_copy(source, dest);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!mls_dominate_effective(subj, obj))
+ return (ESRCH);
+ if (!mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
}
-/*
- * Label cleanup/flush operations.
- */
-static void
-mls_sysvmsg_cleanup(struct label *msglabel)
+static int
+mls_proc_check_sched(struct ucred *cred, struct proc *p)
{
+ struct mac_mls *subj, *obj;
- bzero(SLOT(msglabel), sizeof(struct mac_mls));
+ if (!mls_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!mls_dominate_effective(subj, obj))
+ return (ESRCH);
+ if (!mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
}
-static void
-mls_sysvmsq_cleanup(struct label *msqlabel)
+static int
+mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
{
+ struct mac_mls *subj, *obj;
- bzero(SLOT(msqlabel), sizeof(struct mac_mls));
+ if (!mls_enabled)
+ return (0);
+
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
+
+ /* XXX: range checks */
+ if (!mls_dominate_effective(subj, obj))
+ return (ESRCH);
+ if (!mls_dominate_effective(obj, subj))
+ return (EACCES);
+
+ return (0);
}
static void
-mls_sysvsem_cleanup(struct label *semalabel)
+mls_proc_create_init(struct ucred *cred)
{
+ struct mac_mls *dest;
- bzero(SLOT(semalabel), sizeof(struct mac_mls));
+ dest = SLOT(cred->cr_label);
+
+ mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL);
+ mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0,
+ NULL);
}
static void
-mls_sysvshm_cleanup(struct label *shmlabel)
+mls_proc_create_swapper(struct ucred *cred)
{
+ struct mac_mls *dest;
- bzero(SLOT(shmlabel), sizeof(struct mac_mls));
+ dest = SLOT(cred->cr_label);
+
+ mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
+ mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0,
+ NULL);
}
-/*
- * Access control checks.
- */
static int
-mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
- struct ifnet *ifp, struct label *ifplabel)
+mls_socket_check_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
- struct mac_mls *a, *b;
+ struct mac_mls *p, *s;
if (!mls_enabled)
return (0);
- a = SLOT(dlabel);
- b = SLOT(ifplabel);
+ p = SLOT(mlabel);
+ s = SLOT(solabel);
- if (mls_equal_effective(a, b))
- return (0);
- return (EACCES);
+ return (mls_equal_effective(p, s) ? 0 : EACCES);
}
static int
-mls_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+mls_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
- struct mac_mls *subj, *new;
+ struct mac_mls *subj, *obj, *new;
int error;
- subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(solabel);
/*
- * If there is an MLS label update for the credential, it may be an
- * update of effective, range, or both.
+ * If there is an MLS label update for the socket, it may be an
+ * update of effective.
*/
- error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH);
+ error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE);
if (error)
return (error);
/*
- * If the MLS label is to be changed, authorize as appropriate.
+ * To relabel a socket, the old socket effective must be in the
+ * subject range.
*/
- if (new->mm_flags & MAC_MLS_FLAGS_BOTH) {
- /*
- * If the change request modifies both the MLS label
- * effective and range, check that the new effective will be
- * in the new range.
- */
- if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) ==
- MAC_MLS_FLAGS_BOTH && !mls_effective_in_range(new, new))
- return (EINVAL);
-
- /*
- * To change the MLS effective label on a credential, the new
- * effective label must be in the current range.
- */
- if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE &&
- !mls_effective_in_range(new, subj))
- return (EPERM);
+ if (!mls_effective_in_range(obj, subj))
+ return (EPERM);
+ /*
+ * If the MLS label is to be changed, authorize as appropriate.
+ */
+ if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) {
/*
- * To change the MLS range label on a credential, the new
- * range must be in the current range.
+ * To relabel a socket, the new socket effective must be in
+ * the subject range.
*/
- if (new->mm_flags & MAC_MLS_FLAG_RANGE &&
- !mls_range_in_range(new, subj))
+ if (!mls_effective_in_range(new, subj))
return (EPERM);
/*
- * To have EQUAL in any component of the new credential MLS
- * label, the subject must already have EQUAL in their label.
+ * To change the MLS label on the socket to contain EQUAL,
+ * the subject must have appropriate privilege.
*/
if (mls_contains_equal(new)) {
error = mls_subject_privileged(subj);
@@ -1520,77 +1611,194 @@ mls_cred_check_relabel(struct ucred *cred, struct label *newlabel)
}
static int
-mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
+mls_socket_check_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
struct mac_mls *subj, *obj;
if (!mls_enabled)
return (0);
- subj = SLOT(cr1->cr_label);
- obj = SLOT(cr2->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(solabel);
- /* XXX: range */
if (!mls_dominate_effective(subj, obj))
- return (ESRCH);
+ return (ENOENT);
return (0);
}
+static void
+mls_socket_create(struct ucred *cred, struct socket *so,
+ struct label *solabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(solabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_socket_create_mbuf(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(solabel);
+ dest = SLOT(mlabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_socket_newconn(struct socket *oldso, struct label *oldsolabel,
+ struct socket *newso, struct label *newsolabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsolabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_socket_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(newlabel);
+ dest = SLOT(solabel);
+
+ mls_copy(source, dest);
+}
+
+static void
+mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
+ struct socket *so, struct label *sopeerlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(mlabel);
+ dest = SLOT(sopeerlabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_socketpeer_set_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsopeerlabel);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_syncache_create(struct label *label, struct inpcb *inp)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(inp->inp_label);
+ dest = SLOT(label);
+
+ mls_copy_effective(source, dest);
+}
+
+static void
+mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
+ struct label *mlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(sc_label);
+ dest = SLOT(mlabel);
+
+ mls_copy_effective(source, dest);
+}
+
static int
-mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+mls_system_check_acct(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
- struct mac_mls *subj, *new;
- int error;
+ struct mac_mls *subj, *obj;
- subj = SLOT(cred->cr_label);
- new = SLOT(newlabel);
+ if (!mls_enabled)
+ return (0);
- /*
- * If there is an MLS label update for the interface, it may be an
- * update of effective, range, or both.
- */
- error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH);
- if (error)
- return (error);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(vplabel);
- /*
- * Relabeling network interfaces requires MLS privilege.
- */
- error = mls_subject_privileged(subj);
+ if (!mls_dominate_effective(obj, subj) ||
+ !mls_dominate_effective(subj, obj))
+ return (EACCES);
return (0);
}
static int
-mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+mls_system_check_auditctl(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
- struct mac_mls *p, *i;
+ struct mac_mls *subj, *obj;
if (!mls_enabled)
return (0);
- p = SLOT(mlabel);
- i = SLOT(ifplabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(vplabel);
- return (mls_effective_in_range(p, i) ? 0 : EACCES);
+ if (!mls_dominate_effective(obj, subj) ||
+ !mls_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
}
static int
-mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+mls_system_check_swapon(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
- struct mac_mls *p, *i;
+ struct mac_mls *subj, *obj;
if (!mls_enabled)
return (0);
- p = SLOT(mlabel);
- i = SLOT(inplabel);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(vplabel);
- return (mls_equal_effective(p, i) ? 0 : EACCES);
+ if (!mls_dominate_effective(obj, subj) ||
+ !mls_dominate_effective(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static void
+mls_sysvmsg_cleanup(struct label *msglabel)
+{
+
+ bzero(SLOT(msglabel), sizeof(struct mac_mls));
+}
+
+static void
+mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+{
+ struct mac_mls *source, *dest;
+
+ /* Ignore the msgq label. */
+ source = SLOT(cred->cr_label);
+ dest = SLOT(msglabel);
+
+ mls_copy_effective(source, dest);
}
static int
@@ -1714,6 +1922,25 @@ mls_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
return (0);
}
+static void
+mls_sysvmsq_cleanup(struct label *msqlabel)
+{
+
+ bzero(SLOT(msqlabel), sizeof(struct mac_mls));
+}
+
+static void
+mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(msqlabel);
+
+ mls_copy_effective(source, dest);
+}
+
static int
mls_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
struct label *semaklabel, int cmd)
@@ -1793,6 +2020,25 @@ mls_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
return (0);
}
+static void
+mls_sysvsem_cleanup(struct label *semalabel)
+{
+
+ bzero(SLOT(semalabel), sizeof(struct mac_mls));
+}
+
+static void
+mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semalabel)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(semalabel);
+
+ mls_copy_effective(source, dest);
+}
+
static int
mls_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int shmflg)
@@ -1865,395 +2111,75 @@ mls_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
return (0);
}
-static int
-mls_mount_check_stat(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
+static void
+mls_sysvshm_cleanup(struct label *shmlabel)
{
- struct mac_mls *subj, *obj;
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(mntlabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
+ bzero(SLOT(shmlabel), sizeof(struct mac_mls));
}
-static int
-mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
+static void
+mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmlabel)
{
+ struct mac_mls *source, *dest;
- if (!mls_enabled)
- return (0);
-
- /* XXX: This will be implemented soon... */
+ source = SLOT(cred->cr_label);
+ dest = SLOT(shmlabel);
- return (0);
+ mls_copy_effective(source, dest);
}
static int
-mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (EACCES);
+ struct mac_mls mm_temp, *source, *dest;
+ int buflen, error;
- return (0);
-}
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
-static int
-mls_pipe_check_read(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
-{
- struct mac_mls *subj, *obj;
+ buflen = sizeof(mm_temp);
+ bzero(&mm_temp, buflen);
- if (!mls_enabled)
+ error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
+ MAC_MLS_EXTATTR_NAME, &buflen, (char *) &mm_temp, curthread);
+ if (error == ENOATTR || error == EOPNOTSUPP) {
+ /* Fall back to the mntlabel. */
+ mls_copy_effective(source, dest);
return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
-{
- struct mac_mls *subj, *obj, *new;
- int error;
-
- new = SLOT(newlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- /*
- * If there is an MLS label update for a pipe, it must be a effective
- * update.
- */
- error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE);
- if (error)
+ } else if (error)
return (error);
- /*
- * To perform a relabel of a pipe (MLS label or not), MLS must
- * authorize the relabel.
- */
- if (!mls_effective_in_range(obj, subj))
+ if (buflen != sizeof(mm_temp)) {
+ printf("mls_vnode_associate_extattr: bad size %d\n", buflen);
return (EPERM);
-
- /*
- * If the MLS label is to be changed, authorize as appropriate.
- */
- if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) {
- /*
- * To change the MLS label on a pipe, the new pipe label must
- * be in the subject range.
- */
- if (!mls_effective_in_range(new, subj))
- return (EPERM);
-
- /*
- * To change the MLS label on a pipe to be EQUAL, the subject
- * must have appropriate privilege.
- */
- if (mls_contains_equal(new)) {
- error = mls_subject_privileged(subj);
- if (error)
- return (error);
- }
}
-
- return (0);
-}
-
-static int
-mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_pipe_check_write(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(pplabel);
-
- if (!mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_posixsem_check_write(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(kslabel);
-
- if (!mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(kslabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_proc_check_debug(struct ucred *cred, struct proc *p)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!mls_dominate_effective(subj, obj))
- return (ESRCH);
- if (!mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_proc_check_sched(struct ucred *cred, struct proc *p)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!mls_dominate_effective(subj, obj))
- return (ESRCH);
- if (!mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(p->p_ucred->cr_label);
-
- /* XXX: range checks */
- if (!mls_dominate_effective(subj, obj))
- return (ESRCH);
- if (!mls_dominate_effective(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_socket_check_deliver(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
-{
- struct mac_mls *p, *s;
-
- if (!mls_enabled)
- return (0);
-
- p = SLOT(mlabel);
- s = SLOT(solabel);
-
- return (mls_equal_effective(p, s) ? 0 : EACCES);
-}
-
-static int
-mls_socket_check_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
-{
- struct mac_mls *subj, *obj, *new;
- int error;
-
- new = SLOT(newlabel);
- subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
-
- /*
- * If there is an MLS label update for the socket, it may be an
- * update of effective.
- */
- error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE);
- if (error)
- return (error);
-
- /*
- * To relabel a socket, the old socket effective must be in the
- * subject range.
- */
- if (!mls_effective_in_range(obj, subj))
+ if (mls_valid(&mm_temp) != 0) {
+ printf("mls_vnode_associate_extattr: invalid\n");
+ return (EPERM);
+ }
+ if ((mm_temp.mm_flags & MAC_MLS_FLAGS_BOTH) !=
+ MAC_MLS_FLAG_EFFECTIVE) {
+ printf("mls_associated_vnode_extattr: not effective\n");
return (EPERM);
-
- /*
- * If the MLS label is to be changed, authorize as appropriate.
- */
- if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) {
- /*
- * To relabel a socket, the new socket effective must be in
- * the subject range.
- */
- if (!mls_effective_in_range(new, subj))
- return (EPERM);
-
- /*
- * To change the MLS label on the socket to contain EQUAL,
- * the subject must have appropriate privilege.
- */
- if (mls_contains_equal(new)) {
- error = mls_subject_privileged(subj);
- if (error)
- return (error);
- }
}
+ mls_copy_effective(&mm_temp, dest);
return (0);
}
-static int
-mls_socket_check_visible(struct ucred *cred, struct socket *so,
- struct label *solabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(solabel);
-
- if (!mls_dominate_effective(subj, obj))
- return (ENOENT);
-
- return (0);
-}
-
-static int
-mls_system_check_acct(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(vplabel);
-
- if (!mls_dominate_effective(obj, subj) ||
- !mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_system_check_auditctl(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(vplabel);
-
- if (!mls_dominate_effective(obj, subj) ||
- !mls_dominate_effective(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
-mls_system_check_swapon(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+static void
+mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- struct mac_mls *subj, *obj;
-
- if (!mls_enabled)
- return (0);
-
- subj = SLOT(cred->cr_label);
- obj = SLOT(vplabel);
+ struct mac_mls *source, *dest;
- if (!mls_dominate_effective(obj, subj) ||
- !mls_dominate_effective(subj, obj))
- return (EACCES);
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
- return (0);
+ mls_copy_effective(source, dest);
}
static int
@@ -2890,149 +2816,229 @@ mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
return (0);
}
+static int
+mls_vnode_create_extattr(struct ucred *cred, struct mount *mp,
+ struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
+{
+ struct mac_mls *source, *dest, mm_temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(mm_temp);
+ bzero(&mm_temp, buflen);
+
+ source = SLOT(cred->cr_label);
+ dest = SLOT(vplabel);
+ mls_copy_effective(source, &mm_temp);
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
+ MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread);
+ if (error == 0)
+ mls_copy_effective(source, dest);
+ return (error);
+}
+
+static void
+mls_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *label)
+{
+ struct mac_mls *source, *dest;
+
+ source = SLOT(label);
+ dest = SLOT(vplabel);
+
+ mls_copy(source, dest);
+}
+
+static int
+mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *intlabel)
+{
+ struct mac_mls *source, mm_temp;
+ size_t buflen;
+ int error;
+
+ buflen = sizeof(mm_temp);
+ bzero(&mm_temp, buflen);
+
+ source = SLOT(intlabel);
+ if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0)
+ return (0);
+
+ mls_copy_effective(source, &mm_temp);
+
+ error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
+ MAC_MLS_EXTATTR_NAME, buflen, (char *) &mm_temp, curthread);
+ return (error);
+}
+
static struct mac_policy_ops mls_ops =
{
.mpo_init = mls_init,
- .mpo_bpfdesc_init_label = mls_init_label,
- .mpo_cred_init_label = mls_init_label,
- .mpo_devfs_init_label = mls_init_label,
- .mpo_ifnet_init_label = mls_init_label,
- .mpo_inpcb_init_label = mls_init_label_waitcheck,
- .mpo_syncache_init_label = mls_init_label_waitcheck,
- .mpo_sysvmsg_init_label = mls_init_label,
- .mpo_sysvmsq_init_label = mls_init_label,
- .mpo_sysvsem_init_label = mls_init_label,
- .mpo_sysvshm_init_label = mls_init_label,
- .mpo_ipq_init_label = mls_init_label_waitcheck,
- .mpo_mbuf_init_label = mls_init_label_waitcheck,
- .mpo_mount_init_label = mls_init_label,
- .mpo_pipe_init_label = mls_init_label,
- .mpo_posixsem_init_label = mls_init_label,
- .mpo_socket_init_label = mls_init_label_waitcheck,
- .mpo_socketpeer_init_label = mls_init_label_waitcheck,
- .mpo_vnode_init_label = mls_init_label,
+
+ .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive,
+ .mpo_bpfdesc_create = mls_bpfdesc_create,
+ .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf,
.mpo_bpfdesc_destroy_label = mls_destroy_label,
- .mpo_cred_destroy_label = mls_destroy_label,
- .mpo_devfs_destroy_label = mls_destroy_label,
- .mpo_ifnet_destroy_label = mls_destroy_label,
- .mpo_inpcb_destroy_label = mls_destroy_label,
- .mpo_syncache_destroy_label = mls_destroy_label,
- .mpo_sysvmsg_destroy_label = mls_destroy_label,
- .mpo_sysvmsq_destroy_label = mls_destroy_label,
- .mpo_sysvsem_destroy_label = mls_destroy_label,
- .mpo_sysvshm_destroy_label = mls_destroy_label,
- .mpo_ipq_destroy_label = mls_destroy_label,
- .mpo_mbuf_destroy_label = mls_destroy_label,
- .mpo_mount_destroy_label = mls_destroy_label,
- .mpo_pipe_destroy_label = mls_destroy_label,
- .mpo_posixsem_destroy_label = mls_destroy_label,
- .mpo_socket_destroy_label = mls_destroy_label,
- .mpo_socketpeer_destroy_label = mls_destroy_label,
- .mpo_vnode_destroy_label = mls_destroy_label,
+ .mpo_bpfdesc_init_label = mls_init_label,
+
+ .mpo_cred_check_relabel = mls_cred_check_relabel,
+ .mpo_cred_check_visible = mls_cred_check_visible,
.mpo_cred_copy_label = mls_copy_label,
- .mpo_ifnet_copy_label = mls_copy_label,
- .mpo_mbuf_copy_label = mls_copy_label,
- .mpo_pipe_copy_label = mls_copy_label,
- .mpo_socket_copy_label = mls_copy_label,
- .mpo_vnode_copy_label = mls_copy_label,
+ .mpo_cred_destroy_label = mls_destroy_label,
.mpo_cred_externalize_label = mls_externalize_label,
- .mpo_ifnet_externalize_label = mls_externalize_label,
- .mpo_pipe_externalize_label = mls_externalize_label,
- .mpo_socket_externalize_label = mls_externalize_label,
- .mpo_socketpeer_externalize_label = mls_externalize_label,
- .mpo_vnode_externalize_label = mls_externalize_label,
+ .mpo_cred_init_label = mls_init_label,
.mpo_cred_internalize_label = mls_internalize_label,
- .mpo_ifnet_internalize_label = mls_internalize_label,
- .mpo_pipe_internalize_label = mls_internalize_label,
- .mpo_socket_internalize_label = mls_internalize_label,
- .mpo_vnode_internalize_label = mls_internalize_label,
+ .mpo_cred_relabel = mls_cred_relabel,
+
.mpo_devfs_create_device = mls_devfs_create_device,
.mpo_devfs_create_directory = mls_devfs_create_directory,
.mpo_devfs_create_symlink = mls_devfs_create_symlink,
- .mpo_mount_create = mls_mount_create,
- .mpo_vnode_relabel = mls_vnode_relabel,
+ .mpo_devfs_destroy_label = mls_destroy_label,
+ .mpo_devfs_init_label = mls_init_label,
.mpo_devfs_update = mls_devfs_update,
.mpo_devfs_vnode_associate = mls_devfs_vnode_associate,
- .mpo_vnode_associate_extattr = mls_vnode_associate_extattr,
- .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel,
- .mpo_vnode_create_extattr = mls_vnode_create_extattr,
- .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr,
- .mpo_socket_create_mbuf = mls_socket_create_mbuf,
- .mpo_syncache_create_mbuf = mls_syncache_create_mbuf,
- .mpo_pipe_create = mls_pipe_create,
- .mpo_posixsem_create = mls_posixsem_create,
- .mpo_socket_create = mls_socket_create,
- .mpo_socket_newconn = mls_socket_newconn,
- .mpo_pipe_relabel = mls_pipe_relabel,
- .mpo_socket_relabel = mls_socket_relabel,
- .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf,
- .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket,
- .mpo_bpfdesc_create = mls_bpfdesc_create,
- .mpo_ipq_reassemble = mls_ipq_reassemble,
- .mpo_netinet_fragment = mls_netinet_fragment,
+
+ .mpo_ifnet_check_relabel = mls_ifnet_check_relabel,
+ .mpo_ifnet_check_transmit = mls_ifnet_check_transmit,
+ .mpo_ifnet_copy_label = mls_copy_label,
.mpo_ifnet_create = mls_ifnet_create,
+ .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf,
+ .mpo_ifnet_destroy_label = mls_destroy_label,
+ .mpo_ifnet_externalize_label = mls_externalize_label,
+ .mpo_ifnet_init_label = mls_init_label,
+ .mpo_ifnet_internalize_label = mls_internalize_label,
+ .mpo_ifnet_relabel = mls_ifnet_relabel,
+
+ .mpo_inpcb_check_deliver = mls_inpcb_check_deliver,
.mpo_inpcb_create = mls_inpcb_create,
- .mpo_syncache_create = mls_syncache_create,
- .mpo_ipq_create = mls_ipq_create,
- .mpo_sysvmsg_create = mls_sysvmsg_create,
- .mpo_sysvmsq_create = mls_sysvmsq_create,
- .mpo_sysvsem_create = mls_sysvsem_create,
- .mpo_sysvshm_create = mls_sysvshm_create,
.mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf,
- .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf,
- .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf,
+ .mpo_inpcb_destroy_label = mls_destroy_label,
+ .mpo_inpcb_init_label = mls_init_label_waitcheck,
+ .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel,
+
+ .mpo_ipq_create = mls_ipq_create,
+ .mpo_ipq_destroy_label = mls_destroy_label,
+ .mpo_ipq_init_label = mls_init_label_waitcheck,
.mpo_ipq_match = mls_ipq_match,
- .mpo_ifnet_relabel = mls_ifnet_relabel,
+ .mpo_ipq_reassemble = mls_ipq_reassemble,
.mpo_ipq_update = mls_ipq_update,
- .mpo_inpcb_sosetlabel = mls_inpcb_sosetlabel,
- .mpo_proc_create_swapper = mls_proc_create_swapper,
- .mpo_proc_create_init = mls_proc_create_init,
- .mpo_proc_associate_nfsd = mls_proc_associate_nfsd,
- .mpo_cred_relabel = mls_cred_relabel,
- .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup,
- .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup,
- .mpo_sysvsem_cleanup = mls_sysvsem_cleanup,
- .mpo_sysvshm_cleanup = mls_sysvshm_cleanup,
- .mpo_bpfdesc_check_receive = mls_bpfdesc_check_receive,
- .mpo_cred_check_relabel = mls_cred_check_relabel,
- .mpo_cred_check_visible = mls_cred_check_visible,
- .mpo_ifnet_check_relabel = mls_ifnet_check_relabel,
- .mpo_ifnet_check_transmit = mls_ifnet_check_transmit,
- .mpo_inpcb_check_deliver = mls_inpcb_check_deliver,
- .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv,
- .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid,
- .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget,
- .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd,
- .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv,
- .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl,
- .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl,
- .mpo_sysvsem_check_semget = mls_sysvsem_check_semget,
- .mpo_sysvsem_check_semop = mls_sysvsem_check_semop,
- .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat,
- .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl,
- .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget,
+
+ .mpo_mbuf_copy_label = mls_copy_label,
+ .mpo_mbuf_destroy_label = mls_destroy_label,
+ .mpo_mbuf_init_label = mls_init_label_waitcheck,
+
.mpo_mount_check_stat = mls_mount_check_stat,
+ .mpo_mount_create = mls_mount_create,
+ .mpo_mount_destroy_label = mls_destroy_label,
+ .mpo_mount_init_label = mls_init_label,
+
+ .mpo_netatalk_aarp_send = mls_netatalk_aarp_send,
+
+ .mpo_netinet_arp_send = mls_netinet_arp_send,
+ .mpo_netinet_firewall_reply = mls_netinet_firewall_reply,
+ .mpo_netinet_firewall_send = mls_netinet_firewall_send,
+ .mpo_netinet_fragment = mls_netinet_fragment,
+ .mpo_netinet_icmp_reply = mls_netinet_icmp_reply,
+ .mpo_netinet_igmp_send = mls_netinet_igmp_send,
+
+ .mpo_netinet6_nd6_send = mls_netinet6_nd6_send,
+
.mpo_pipe_check_ioctl = mls_pipe_check_ioctl,
.mpo_pipe_check_poll = mls_pipe_check_poll,
.mpo_pipe_check_read = mls_pipe_check_read,
.mpo_pipe_check_relabel = mls_pipe_check_relabel,
.mpo_pipe_check_stat = mls_pipe_check_stat,
.mpo_pipe_check_write = mls_pipe_check_write,
+ .mpo_pipe_copy_label = mls_copy_label,
+ .mpo_pipe_create = mls_pipe_create,
+ .mpo_pipe_destroy_label = mls_destroy_label,
+ .mpo_pipe_externalize_label = mls_externalize_label,
+ .mpo_pipe_init_label = mls_init_label,
+ .mpo_pipe_internalize_label = mls_internalize_label,
+ .mpo_pipe_relabel = mls_pipe_relabel,
+
.mpo_posixsem_check_destroy = mls_posixsem_check_write,
.mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly,
.mpo_posixsem_check_open = mls_posixsem_check_write,
.mpo_posixsem_check_post = mls_posixsem_check_write,
.mpo_posixsem_check_unlink = mls_posixsem_check_write,
.mpo_posixsem_check_wait = mls_posixsem_check_write,
+ .mpo_posixsem_create = mls_posixsem_create,
+ .mpo_posixsem_destroy_label = mls_destroy_label,
+ .mpo_posixsem_init_label = mls_init_label,
+
+ .mpo_proc_associate_nfsd = mls_proc_associate_nfsd,
.mpo_proc_check_debug = mls_proc_check_debug,
.mpo_proc_check_sched = mls_proc_check_sched,
.mpo_proc_check_signal = mls_proc_check_signal,
+ .mpo_proc_create_init = mls_proc_create_init,
+ .mpo_proc_create_swapper = mls_proc_create_swapper,
+
.mpo_socket_check_deliver = mls_socket_check_deliver,
.mpo_socket_check_relabel = mls_socket_check_relabel,
.mpo_socket_check_visible = mls_socket_check_visible,
+ .mpo_socket_copy_label = mls_copy_label,
+ .mpo_socket_create = mls_socket_create,
+ .mpo_socket_create_mbuf = mls_socket_create_mbuf,
+ .mpo_socket_destroy_label = mls_destroy_label,
+ .mpo_socket_externalize_label = mls_externalize_label,
+ .mpo_socket_init_label = mls_init_label_waitcheck,
+ .mpo_socket_internalize_label = mls_internalize_label,
+ .mpo_socket_newconn = mls_socket_newconn,
+ .mpo_socket_relabel = mls_socket_relabel,
+
+ .mpo_socketpeer_destroy_label = mls_destroy_label,
+ .mpo_socketpeer_externalize_label = mls_externalize_label,
+ .mpo_socketpeer_init_label = mls_init_label_waitcheck,
+ .mpo_socketpeer_set_from_mbuf = mls_socketpeer_set_from_mbuf,
+ .mpo_socketpeer_set_from_socket = mls_socketpeer_set_from_socket,
+
+ .mpo_syncache_create = mls_syncache_create,
+ .mpo_syncache_create_mbuf = mls_syncache_create_mbuf,
+ .mpo_syncache_destroy_label = mls_destroy_label,
+ .mpo_syncache_init_label = mls_init_label_waitcheck,
+
+ .mpo_sysvmsg_cleanup = mls_sysvmsg_cleanup,
+ .mpo_sysvmsg_create = mls_sysvmsg_create,
+ .mpo_sysvmsg_destroy_label = mls_destroy_label,
+ .mpo_sysvmsg_init_label = mls_init_label,
+
+ .mpo_sysvmsq_check_msgrcv = mls_sysvmsq_check_msgrcv,
+ .mpo_sysvmsq_check_msgrmid = mls_sysvmsq_check_msgrmid,
+ .mpo_sysvmsq_check_msqget = mls_sysvmsq_check_msqget,
+ .mpo_sysvmsq_check_msqsnd = mls_sysvmsq_check_msqsnd,
+ .mpo_sysvmsq_check_msqrcv = mls_sysvmsq_check_msqrcv,
+ .mpo_sysvmsq_check_msqctl = mls_sysvmsq_check_msqctl,
+ .mpo_sysvmsq_cleanup = mls_sysvmsq_cleanup,
+ .mpo_sysvmsq_destroy_label = mls_destroy_label,
+ .mpo_sysvmsq_init_label = mls_init_label,
+ .mpo_sysvmsq_create = mls_sysvmsq_create,
+
+ .mpo_sysvsem_check_semctl = mls_sysvsem_check_semctl,
+ .mpo_sysvsem_check_semget = mls_sysvsem_check_semget,
+ .mpo_sysvsem_check_semop = mls_sysvsem_check_semop,
+ .mpo_sysvsem_cleanup = mls_sysvsem_cleanup,
+ .mpo_sysvsem_create = mls_sysvsem_create,
+ .mpo_sysvsem_destroy_label = mls_destroy_label,
+ .mpo_sysvsem_init_label = mls_init_label,
+
+ .mpo_sysvshm_check_shmat = mls_sysvshm_check_shmat,
+ .mpo_sysvshm_check_shmctl = mls_sysvshm_check_shmctl,
+ .mpo_sysvshm_check_shmget = mls_sysvshm_check_shmget,
+ .mpo_sysvshm_cleanup = mls_sysvshm_cleanup,
+ .mpo_sysvshm_create = mls_sysvshm_create,
+ .mpo_sysvshm_destroy_label = mls_destroy_label,
+ .mpo_sysvshm_init_label = mls_init_label,
+
+
.mpo_system_check_acct = mls_system_check_acct,
.mpo_system_check_auditctl = mls_system_check_auditctl,
.mpo_system_check_swapon = mls_system_check_swapon,
+
+ .mpo_vnode_associate_extattr = mls_vnode_associate_extattr,
+ .mpo_vnode_associate_singlelabel = mls_vnode_associate_singlelabel,
.mpo_vnode_check_access = mls_vnode_check_open,
.mpo_vnode_check_chdir = mls_vnode_check_chdir,
.mpo_vnode_check_chroot = mls_vnode_check_chroot,
@@ -3064,13 +3070,14 @@ static struct mac_policy_ops mls_ops =
.mpo_vnode_check_stat = mls_vnode_check_stat,
.mpo_vnode_check_unlink = mls_vnode_check_unlink,
.mpo_vnode_check_write = mls_vnode_check_write,
- .mpo_netatalk_aarp_send = mls_netatalk_aarp_send,
- .mpo_netinet_arp_send = mls_netinet_arp_send,
- .mpo_netinet_firewall_reply = mls_netinet_firewall_reply,
- .mpo_netinet_firewall_send = mls_netinet_firewall_send,
- .mpo_netinet_icmp_reply = mls_netinet_icmp_reply,
- .mpo_netinet_igmp_send = mls_netinet_igmp_send,
- .mpo_netinet6_nd6_send = mls_netinet6_nd6_send,
+ .mpo_vnode_copy_label = mls_copy_label,
+ .mpo_vnode_create_extattr = mls_vnode_create_extattr,
+ .mpo_vnode_destroy_label = mls_destroy_label,
+ .mpo_vnode_externalize_label = mls_externalize_label,
+ .mpo_vnode_init_label = mls_init_label,
+ .mpo_vnode_internalize_label = mls_internalize_label,
+ .mpo_vnode_relabel = mls_vnode_relabel,
+ .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr,
};
MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS",
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index a3bfbe4..33a036a 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -69,123 +69,113 @@ static int partition_slot;
#define SLOT(l) mac_label_get((l), partition_slot)
#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v))
-static void
-partition_init_label(struct label *label)
+static int
+label_on_label(struct label *subject, struct label *object)
{
- SLOT_SET(label, 0);
-}
-
-static void
-partition_destroy_label(struct label *label)
-{
+ if (mac_partition_enabled == 0)
+ return (0);
- SLOT_SET(label, 0);
-}
+ if (SLOT(subject) == 0)
+ return (0);
-static void
-partition_copy_label(struct label *src, struct label *dest)
-{
+ if (SLOT(subject) == SLOT(object))
+ return (0);
- SLOT_SET(dest, SLOT(src));
+ return (EPERM);
}
+/*
+ * Object-specific entry points are sorted alphabetically by object type name
+ * and then by operation.
+ */
static int
-partition_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
+ int error;
- if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
- return (0);
+ error = 0;
- (*claimed)++;
+ /* Treat "0" as a no-op request. */
+ if (SLOT(newlabel) != 0) {
+ /*
+ * Require BSD privilege in order to change the partition.
+ * Originally we also required that the process not be in a
+ * partition in the first place, but this didn't interact
+ * well with sendmail.
+ */
+ error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
+ }
- if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1)
- return (EINVAL);
- else
- return (0);
+ return (error);
}
static int
-partition_internalize_label(struct label *label, char *element_name,
- char *element_data, int *claimed)
+partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
{
+ int error;
- if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
- return (0);
-
- (*claimed)++;
- SLOT_SET(label, strtol(element_data, NULL, 10));
- return (0);
-}
-
-static void
-partition_proc_create_swapper(struct ucred *cred)
-{
+ error = label_on_label(cr1->cr_label, cr2->cr_label);
- SLOT_SET(cred->cr_label, 0);
+ return (error == 0 ? 0 : ESRCH);
}
static void
-partition_proc_create_init(struct ucred *cred)
+partition_cred_copy_label(struct label *src, struct label *dest)
{
- SLOT_SET(cred->cr_label, 0);
+ SLOT_SET(dest, SLOT(src));
}
static void
-partition_cred_relabel(struct ucred *cred, struct label *newlabel)
+partition_cred_destroy_label(struct label *label)
{
- if (SLOT(newlabel) != 0)
- SLOT_SET(cred->cr_label, SLOT(newlabel));
+ SLOT_SET(label, 0);
}
static int
-label_on_label(struct label *subject, struct label *object)
+partition_cred_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
{
- if (mac_partition_enabled == 0)
+ if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
return (0);
- if (SLOT(subject) == 0)
- return (0);
+ (*claimed)++;
- if (SLOT(subject) == SLOT(object))
+ if (sbuf_printf(sb, "%jd", (intmax_t)SLOT(label)) == -1)
+ return (EINVAL);
+ else
return (0);
+}
- return (EPERM);
+static void
+partition_cred_init_label(struct label *label)
+{
+
+ SLOT_SET(label, 0);
}
static int
-partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+partition_cred_internalize_label(struct label *label, char *element_name,
+ char *element_data, int *claimed)
{
- int error;
-
- error = 0;
- /* Treat "0" as a no-op request. */
- if (SLOT(newlabel) != 0) {
- /*
- * Require BSD privilege in order to change the partition.
- * Originally we also required that the process not be in a
- * partition in the first place, but this didn't interact
- * well with sendmail.
- */
- error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
- }
+ if (strcmp(MAC_PARTITION_LABEL_NAME, element_name) != 0)
+ return (0);
- return (error);
+ (*claimed)++;
+ SLOT_SET(label, strtol(element_data, NULL, 10));
+ return (0);
}
-static int
-partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
+static void
+partition_cred_relabel(struct ucred *cred, struct label *newlabel)
{
- int error;
- error = label_on_label(cr1->cr_label, cr2->cr_label);
-
- return (error == 0 ? 0 : ESRCH);
+ if (SLOT(newlabel) != 0)
+ SLOT_SET(cred->cr_label, SLOT(newlabel));
}
static int
@@ -219,6 +209,20 @@ partition_proc_check_signal(struct ucred *cred, struct proc *p,
return (error ? ESRCH : 0);
}
+static void
+partition_proc_create_init(struct ucred *cred)
+{
+
+ SLOT_SET(cred->cr_label, 0);
+}
+
+static void
+partition_proc_create_swapper(struct ucred *cred)
+{
+
+ SLOT_SET(cred->cr_label, 0);
+}
+
static int
partition_socket_check_visible(struct ucred *cred, struct socket *so,
struct label *solabel)
@@ -251,19 +255,19 @@ partition_vnode_check_exec(struct ucred *cred, struct vnode *vp,
static struct mac_policy_ops partition_ops =
{
- .mpo_cred_init_label = partition_init_label,
- .mpo_cred_destroy_label = partition_destroy_label,
- .mpo_cred_copy_label = partition_copy_label,
- .mpo_cred_externalize_label = partition_externalize_label,
- .mpo_cred_internalize_label = partition_internalize_label,
- .mpo_proc_create_swapper = partition_proc_create_swapper,
- .mpo_proc_create_init = partition_proc_create_init,
- .mpo_cred_relabel = partition_cred_relabel,
.mpo_cred_check_relabel = partition_cred_check_relabel,
.mpo_cred_check_visible = partition_cred_check_visible,
+ .mpo_cred_copy_label = partition_cred_copy_label,
+ .mpo_cred_destroy_label = partition_cred_destroy_label,
+ .mpo_cred_externalize_label = partition_cred_externalize_label,
+ .mpo_cred_init_label = partition_cred_init_label,
+ .mpo_cred_internalize_label = partition_cred_internalize_label,
+ .mpo_cred_relabel = partition_cred_relabel,
.mpo_proc_check_debug = partition_proc_check_debug,
.mpo_proc_check_sched = partition_proc_check_sched,
.mpo_proc_check_signal = partition_proc_check_signal,
+ .mpo_proc_create_init = partition_proc_create_init,
+ .mpo_proc_create_swapper = partition_proc_create_swapper,
.mpo_socket_check_visible = partition_socket_check_visible,
.mpo_vnode_check_exec = partition_vnode_check_exec,
};
diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c
index ae88ac3..ac7880d 100644
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@@ -126,32 +126,32 @@ seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
}
static int
-seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
+seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p)
{
- return (seeotheruids_check(cr1, cr2));
+ return (seeotheruids_check(cred, p->p_ucred));
}
static int
-seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p,
- int signum)
+seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p)
{
return (seeotheruids_check(cred, p->p_ucred));
}
static int
-seeotheruids_proc_check_sched(struct ucred *cred, struct proc *p)
+seeotheruids_proc_check_signal(struct ucred *cred, struct proc *p,
+ int signum)
{
return (seeotheruids_check(cred, p->p_ucred));
}
static int
-seeotheruids_proc_check_debug(struct ucred *cred, struct proc *p)
+seeotheruids_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
{
- return (seeotheruids_check(cred, p->p_ucred));
+ return (seeotheruids_check(cr1, cr2));
}
static int
@@ -164,10 +164,10 @@ seeotheruids_socket_check_visible(struct ucred *cred, struct socket *so,
static struct mac_policy_ops seeotheruids_ops =
{
- .mpo_cred_check_visible = seeotheruids_cred_check_visible,
.mpo_proc_check_debug = seeotheruids_proc_check_debug,
.mpo_proc_check_sched = seeotheruids_proc_check_sched,
.mpo_proc_check_signal = seeotheruids_proc_check_signal,
+ .mpo_cred_check_visible = seeotheruids_cred_check_visible,
.mpo_socket_check_visible = seeotheruids_socket_check_visible,
};
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 2cd3fb9..50463a0 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -159,261 +159,236 @@ stub_internalize_label(struct label *label, char *element_name,
}
/*
- * Labeling event operations: file system objects, and things that look
- * a lot like file system objects.
+ * Object-specific entry point imeplementations are sorted alphabetically by
+ * object type name and then by operation.
*/
-static void
-stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
- struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
- struct label *vplabel)
-{
-
-}
-
static int
-stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
-{
-
- return (0);
-}
-
-static void
-stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
+stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
+ struct ifnet *ifp, struct label *ifplabel)
{
+ return (0);
}
static void
-stub_devfs_create_device(struct ucred *cred, struct mount *mp,
- struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
+stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
+ struct label *dlabel)
{
}
static void
-stub_devfs_create_directory(struct mount *mp, char *dirname,
- int dirnamelen, struct devfs_dirent *de, struct label *delabel)
+stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
+ struct mbuf *m, struct label *mlabel)
{
}
-static void
-stub_devfs_create_symlink(struct ucred *cred, struct mount *mp,
- struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
- struct label *delabel)
+static int
+stub_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
+ return (0);
}
static int
-stub_vnode_create_extattr(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel, struct componentname *cnp)
+stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
{
return (0);
}
static void
-stub_mount_create(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
+stub_cred_relabel(struct ucred *cred, struct label *newlabel)
{
}
static void
-stub_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *label)
-{
-
-}
-
-static int
-stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *intlabel)
+stub_devfs_create_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
{
- return (0);
}
static void
-stub_devfs_update(struct mount *mp, struct devfs_dirent *de,
- struct label *delabel, struct vnode *vp, struct label *vplabel)
+stub_devfs_create_directory(struct mount *mp, char *dirname,
+ int dirnamelen, struct devfs_dirent *de, struct label *delabel)
{
}
-/*
- * Labeling event operations: IPC object.
- */
static void
-stub_socket_create_mbuf(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
+stub_devfs_create_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel)
{
}
static void
-stub_socket_create(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_devfs_update(struct mount *mp, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp, struct label *vplabel)
{
}
static void
-stub_pipe_create(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vplabel)
{
}
-static void
-stub_posixsem_create(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static int
+stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
+ return (0);
}
-static void
-stub_socket_newconn(struct socket *oldso, struct label *oldsolabel,
- struct socket *newso, struct label *newsolabel)
+static int
+stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
+ return (0);
}
static void
-stub_socket_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
{
}
static void
-stub_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
}
static void
-stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
- struct socket *so, struct label *sopeerlabel)
+stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
}
-static void
-stub_socketpeer_set_from_socket(struct socket *oldso,
- struct label *oldsolabel, struct socket *newso,
- struct label *newsopeerlabel)
+static int
+stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
{
+ return (0);
}
-/*
- * Labeling event operations: network objects.
- */
static void
-stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
- struct label *dlabel)
+stub_inpcb_create(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
}
static void
-stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
+stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
struct mbuf *m, struct label *mlabel)
{
}
static void
-stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag,
- struct label *fraglabel)
+stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
}
static void
-stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
+stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
}
-static void
-stub_inpcb_create(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+static int
+stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
+ return (1);
}
static void
-stub_syncache_create(struct label *label, struct inpcb *inp)
+stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
+ struct mbuf *m, struct label *mlabel)
{
}
static void
-stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
}
-static void
-stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel)
+static int
+stub_kenv_check_dump(struct ucred *cred)
{
+ return (0);
}
-static void
-stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semalabel)
+static int
+stub_kenv_check_get(struct ucred *cred, char *name)
{
+ return (0);
}
-static void
-stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmalabel)
+static int
+stub_kenv_check_set(struct ucred *cred, char *name, char *value)
{
+ return (0);
}
-static void
-stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+static int
+stub_kenv_check_unset(struct ucred *cred, char *name)
{
+ return (0);
}
-static void
-stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+static int
+stub_kld_check_load(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
+ return (0);
}
-static void
-stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
- struct label *mlabel)
+static int
+stub_kld_check_stat(struct ucred *cred)
{
+ return (0);
}
-static void
-stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
- struct mbuf *m, struct label *mlabel)
+static int
+stub_mount_check_stat(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
+ return (0);
}
static void
-stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+stub_mount_create(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
}
@@ -446,760 +421,743 @@ stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
}
static void
-stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
- struct mbuf *msend, struct label *msendlabel)
+stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag,
+ struct label *fraglabel)
{
}
static void
-stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
+stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
+ struct mbuf *msend, struct label *msendlabel)
{
}
static void
-stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel,
- struct mbuf *m, struct label *mlabel)
+stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
{
}
static void
-stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel,
+stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel,
struct mbuf *m, struct label *mlabel)
{
}
-static int
-stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+static void
+stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
{
- return (1);
}
static void
-stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
+stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel,
+ struct mbuf *m, struct label *mlabel)
{
}
-static void
-stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+static int
+stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
{
+ return (0);
}
-static void
-stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
- struct label *ipqlabel)
+static int
+stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
+ return (0);
}
-static void
-stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+static int
+stub_pipe_check_read(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
+ return (0);
}
-/*
- * Labeling event operations: processes.
- */
-static void
-stub_vnode_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
- struct image_params *imgp, struct label *execlabel)
+static int
+stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
+ return (0);
}
static int
-stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *vplabel, struct label *interpvplabel,
- struct image_params *imgp, struct label *execlabel)
+stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
return (0);
}
-static void
-stub_proc_create_swapper(struct ucred *cred)
+static int
+stub_pipe_check_write(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
+ return (0);
}
static void
-stub_proc_create_init(struct ucred *cred)
+stub_pipe_create(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel)
{
}
static void
-stub_proc_associate_nfsd(struct ucred *cred)
+stub_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel, struct label *newlabel)
{
}
-static void
-stub_cred_relabel(struct ucred *cred, struct label *newlabel)
+static int
+stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-static void
-stub_thread_userret(struct thread *td)
+static int
+stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-/*
- * Label cleanup/flush operations
- */
-static void
-stub_sysvmsg_cleanup(struct label *msglabel)
+static int
+stub_posixsem_check_open(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-static void
-stub_sysvmsq_cleanup(struct label *msqlabel)
+static int
+stub_posixsem_check_post(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-static void
-stub_sysvsem_cleanup(struct label *semalabel)
+static int
+stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-static void
-stub_sysvshm_cleanup(struct label *shmlabel)
+static int
+stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
+ return (0);
}
-/*
- * Access control checks.
- */
-static int
-stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
- struct ifnet *ifp, struct label *ifplabel)
+static void
+stub_posixsem_create(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- return (0);
}
static int
-stub_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+stub_priv_check(struct ucred *cred, int priv)
{
return (0);
}
static int
-stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
+stub_priv_grant(struct ucred *cred, int priv)
{
- return (0);
+ return (EPERM);
}
-static int
-stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+static void
+stub_proc_associate_nfsd(struct ucred *cred)
{
- return (0);
}
static int
-stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mlabel)
+stub_proc_check_debug(struct ucred *cred, struct proc *p)
{
return (0);
}
static int
-stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+stub_proc_check_sched(struct ucred *cred, struct proc *p)
{
return (0);
}
static int
-stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
{
return (0);
}
static int
-stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia)
{
return (0);
}
-
static int
-stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+stub_proc_check_setauid(struct ucred *cred, uid_t auid)
{
return (0);
}
-
static int
-stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+stub_proc_check_setegid(struct ucred *cred, gid_t egid)
{
return (0);
}
-
static int
-stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+stub_proc_check_seteuid(struct ucred *cred, uid_t euid)
{
return (0);
}
static int
-stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+stub_proc_check_setgid(struct ucred *cred, gid_t gid)
{
return (0);
}
-
static int
-stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqklabel, int cmd)
+stub_proc_check_setgroups(struct ucred *cred, int ngroups,
+ gid_t *gidset)
{
return (0);
}
-
static int
-stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel, int cmd)
+stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
{
return (0);
}
static int
-stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel)
+stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
+ gid_t sgid)
{
return (0);
}
-
static int
-stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semaklabel, size_t accesstype)
+stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
+ uid_t suid)
{
return (0);
}
static int
-stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int shmflg)
+stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
{
return (0);
}
static int
-stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int cmd)
+stub_proc_check_setuid(struct ucred *cred, uid_t uid)
{
return (0);
}
static int
-stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel)
+stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
{
return (0);
}
-
static int
-stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmseglabel, int shmflg)
+stub_proc_check_wait(struct ucred *cred, struct proc *p)
{
return (0);
}
-static int
-stub_kenv_check_dump(struct ucred *cred)
+static void
+stub_proc_create_init(struct ucred *cred)
{
- return (0);
}
-static int
-stub_kenv_check_get(struct ucred *cred, char *name)
+static void
+stub_proc_create_swapper(struct ucred *cred)
{
- return (0);
}
static int
-stub_kenv_check_set(struct ucred *cred, char *name, char *value)
+stub_socket_check_accept(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_kenv_check_unset(struct ucred *cred, char *name)
+stub_socket_check_bind(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct sockaddr *sa)
{
return (0);
}
static int
-stub_kld_check_load(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+stub_socket_check_connect(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct sockaddr *sa)
{
return (0);
}
static int
-stub_kld_check_stat(struct ucred *cred)
+stub_socket_check_create(struct ucred *cred, int domain, int type, int proto)
{
return (0);
}
static int
-stub_mount_check_stat(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
+stub_socket_check_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
return (0);
}
static int
-stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
+stub_socket_check_listen(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+stub_socket_check_poll(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_pipe_check_read(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+stub_socket_check_receive(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel, struct label *newlabel)
+stub_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
return (0);
}
-
static int
-stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+stub_socket_check_send(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_pipe_check_write(struct ucred *cred, struct pipepair *pp,
- struct label *pplabel)
+stub_socket_check_stat(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
static int
-stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+stub_socket_check_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
return (0);
}
-static int
-stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static void
+stub_socket_create(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
- return (0);
}
-static int
-stub_posixsem_check_open(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static void
+stub_socket_create_mbuf(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
- return (0);
}
-static int
-stub_posixsem_check_post(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static void
+stub_socket_newconn(struct socket *oldso, struct label *oldsolabel,
+ struct socket *newso, struct label *newsolabel)
{
- return (0);
}
-static int
-stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static void
+stub_socket_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
- return (0);
}
-static int
-stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+static void
+stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
+ struct socket *so, struct label *sopeerlabel)
{
- return (0);
}
-static int
-stub_proc_check_debug(struct ucred *cred, struct proc *p)
+static void
+stub_socketpeer_set_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel)
{
- return (0);
}
-static int
-stub_proc_check_sched(struct ucred *cred, struct proc *p)
+static void
+stub_syncache_create(struct label *label, struct inpcb *inp)
{
- return (0);
}
-static int
-stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
+static void
+stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
+ struct label *mlabel)
{
- return (0);
}
static int
-stub_proc_check_wait(struct ucred *cred, struct proc *p)
+stub_system_check_acct(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
return (0);
}
static int
-stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
+stub_system_check_audit(struct ucred *cred, void *record, int length)
{
return (0);
}
static int
-stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia)
+stub_system_check_auditctl(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
return (0);
}
static int
-stub_proc_check_setauid(struct ucred *cred, uid_t auid)
+stub_system_check_auditon(struct ucred *cred, int cmd)
{
return (0);
}
static int
-stub_proc_check_setuid(struct ucred *cred, uid_t uid)
+stub_system_check_reboot(struct ucred *cred, int how)
{
return (0);
}
static int
-stub_proc_check_seteuid(struct ucred *cred, uid_t euid)
+stub_system_check_swapoff(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
return (0);
}
static int
-stub_proc_check_setgid(struct ucred *cred, gid_t gid)
+stub_system_check_swapon(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
return (0);
}
static int
-stub_proc_check_setegid(struct ucred *cred, gid_t egid)
+stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+ void *arg1, int arg2, struct sysctl_req *req)
{
return (0);
}
static int
-stub_proc_check_setgroups(struct ucred *cred, int ngroups,
- gid_t *gidset)
+stub_vnode_check_access(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, int acc_mode)
{
return (0);
}
static int
-stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
+stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel)
{
return (0);
}
static int
-stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
+stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel)
{
return (0);
}
static int
-stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
- uid_t suid)
+stub_vnode_check_create(struct ucred *cred, struct vnode *dvp,
+ struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
{
return (0);
}
-static int
-stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
- gid_t sgid)
+static void
+stub_sysvmsg_cleanup(struct label *msglabel)
{
- return (0);
}
-static int
-stub_socket_check_accept(struct ucred *cred, struct socket *so,
- struct label *solabel)
+static void
+stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
- return (0);
}
static int
-stub_socket_check_bind(struct ucred *cred, struct socket *so,
- struct label *solabel, struct sockaddr *sa)
+stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
return (0);
}
static int
-stub_socket_check_connect(struct ucred *cred, struct socket *so,
- struct label *solabel, struct sockaddr *sa)
+stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
return (0);
}
+
static int
-stub_socket_check_create(struct ucred *cred, int domain, int type, int proto)
+stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
return (0);
}
+
static int
-stub_socket_check_deliver(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
+stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
return (0);
}
+
static int
-stub_socket_check_listen(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
return (0);
}
static int
-stub_socket_check_poll(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
return (0);
}
+
static int
-stub_socket_check_receive(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqklabel, int cmd)
{
return (0);
}
-static int
-stub_socket_check_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+
+static void
+stub_sysvmsq_cleanup(struct label *msqlabel)
{
- return (0);
}
-static int
-stub_socket_check_send(struct ucred *cred, struct socket *so,
- struct label *solabel)
+
+static void
+stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel)
{
- return (0);
}
static int
-stub_socket_check_stat(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel, int cmd)
{
return (0);
}
static int
-stub_socket_check_visible(struct ucred *cred, struct socket *so,
- struct label *solabel)
+stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel)
{
return (0);
}
+
static int
-stub_system_check_acct(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semaklabel, size_t accesstype)
{
return (0);
}
-static int
-stub_system_check_audit(struct ucred *cred, void *record, int length)
+static void
+stub_sysvsem_cleanup(struct label *semalabel)
{
- return (0);
}
-static int
-stub_system_check_auditctl(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+static void
+stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semalabel)
{
- return (0);
}
static int
-stub_system_check_auditon(struct ucred *cred, int cmd)
+stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg)
{
return (0);
}
static int
-stub_system_check_reboot(struct ucred *cred, int how)
+stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int cmd)
{
return (0);
}
static int
-stub_system_check_swapoff(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel)
{
return (0);
}
+
static int
-stub_system_check_swapon(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg)
{
return (0);
}
-static int
-stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
- void *arg1, int arg2, struct sysctl_req *req)
+static void
+stub_sysvshm_cleanup(struct label *shmlabel)
{
- return (0);
}
-static int
-stub_vnode_check_access(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, int acc_mode)
+static void
+stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmalabel)
{
- return (0);
}
-static int
-stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel)
+static void
+stub_thread_userret(struct thread *td)
{
- return (0);
}
static int
-stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel)
+stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
return (0);
}
-static int
-stub_vnode_check_create(struct ucred *cred, struct vnode *dvp,
- struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
+static void
+stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- return (0);
}
static int
@@ -1441,189 +1399,180 @@ stub_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
}
static int
-stub_priv_check(struct ucred *cred, int priv)
+stub_vnode_create_extattr(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
{
return (0);
}
+static void
+stub_vnode_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
+ struct image_params *imgp, struct label *execlabel)
+{
+
+}
+
static int
-stub_priv_grant(struct ucred *cred, int priv)
+stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct label *vplabel, struct label *interpvplabel,
+ struct image_params *imgp, struct label *execlabel)
{
- return (EPERM);
+ return (0);
+}
+
+static void
+stub_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *label)
+{
+
+}
+
+static int
+stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *intlabel)
+{
+
+ return (0);
}
+/*
+ * Register functions with MAC Framework policy entry points.
+ */
static struct mac_policy_ops stub_ops =
{
.mpo_destroy = stub_destroy,
.mpo_init = stub_init,
.mpo_syscall = stub_syscall,
- .mpo_bpfdesc_init_label = stub_init_label,
- .mpo_cred_init_label = stub_init_label,
- .mpo_devfs_init_label = stub_init_label,
- .mpo_ifnet_init_label = stub_init_label,
- .mpo_inpcb_init_label = stub_init_label_waitcheck,
- .mpo_sysvmsg_init_label = stub_init_label,
- .mpo_sysvmsq_init_label = stub_init_label,
- .mpo_sysvsem_init_label = stub_init_label,
- .mpo_sysvshm_init_label = stub_init_label,
- .mpo_ipq_init_label = stub_init_label_waitcheck,
- .mpo_mbuf_init_label = stub_init_label_waitcheck,
- .mpo_mount_init_label = stub_init_label,
- .mpo_pipe_init_label = stub_init_label,
- .mpo_posixsem_init_label = stub_init_label,
- .mpo_socket_init_label = stub_init_label_waitcheck,
- .mpo_socketpeer_init_label = stub_init_label_waitcheck,
- .mpo_vnode_init_label = stub_init_label,
+
+ .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive,
+ .mpo_bpfdesc_create = stub_bpfdesc_create,
+ .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf,
.mpo_bpfdesc_destroy_label = stub_destroy_label,
- .mpo_cred_destroy_label = stub_destroy_label,
- .mpo_devfs_destroy_label = stub_destroy_label,
- .mpo_ifnet_destroy_label = stub_destroy_label,
- .mpo_inpcb_destroy_label = stub_destroy_label,
- .mpo_sysvmsg_destroy_label = stub_destroy_label,
- .mpo_sysvmsq_destroy_label = stub_destroy_label,
- .mpo_sysvsem_destroy_label = stub_destroy_label,
- .mpo_sysvshm_destroy_label = stub_destroy_label,
- .mpo_ipq_destroy_label = stub_destroy_label,
- .mpo_mbuf_destroy_label = stub_destroy_label,
- .mpo_mount_destroy_label = stub_destroy_label,
- .mpo_pipe_destroy_label = stub_destroy_label,
- .mpo_posixsem_destroy_label = stub_destroy_label,
- .mpo_socket_destroy_label = stub_destroy_label,
- .mpo_socketpeer_destroy_label = stub_destroy_label,
- .mpo_vnode_destroy_label = stub_destroy_label,
+ .mpo_bpfdesc_init_label = stub_init_label,
+
+ .mpo_cred_check_relabel = stub_cred_check_relabel,
+ .mpo_cred_check_visible = stub_cred_check_visible,
.mpo_cred_copy_label = stub_copy_label,
- .mpo_ifnet_copy_label = stub_copy_label,
- .mpo_mbuf_copy_label = stub_copy_label,
- .mpo_pipe_copy_label = stub_copy_label,
- .mpo_socket_copy_label = stub_copy_label,
- .mpo_vnode_copy_label = stub_copy_label,
+ .mpo_cred_destroy_label = stub_destroy_label,
.mpo_cred_externalize_label = stub_externalize_label,
- .mpo_ifnet_externalize_label = stub_externalize_label,
- .mpo_pipe_externalize_label = stub_externalize_label,
- .mpo_socket_externalize_label = stub_externalize_label,
- .mpo_socketpeer_externalize_label = stub_externalize_label,
- .mpo_vnode_externalize_label = stub_externalize_label,
+ .mpo_cred_init_label = stub_init_label,
.mpo_cred_internalize_label = stub_internalize_label,
- .mpo_ifnet_internalize_label = stub_internalize_label,
- .mpo_pipe_internalize_label = stub_internalize_label,
- .mpo_socket_internalize_label = stub_internalize_label,
- .mpo_vnode_internalize_label = stub_internalize_label,
- .mpo_devfs_vnode_associate = stub_devfs_vnode_associate,
- .mpo_vnode_associate_extattr = stub_vnode_associate_extattr,
- .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel,
+ .mpo_cred_relabel= stub_cred_relabel,
+
.mpo_devfs_create_device = stub_devfs_create_device,
.mpo_devfs_create_directory = stub_devfs_create_directory,
.mpo_devfs_create_symlink = stub_devfs_create_symlink,
- .mpo_sysvmsg_create = stub_sysvmsg_create,
- .mpo_sysvmsq_create = stub_sysvmsq_create,
- .mpo_sysvsem_create = stub_sysvsem_create,
- .mpo_sysvshm_create = stub_sysvshm_create,
- .mpo_vnode_create_extattr = stub_vnode_create_extattr,
- .mpo_mount_create = stub_mount_create,
- .mpo_vnode_relabel = stub_vnode_relabel,
- .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr,
+ .mpo_devfs_destroy_label = stub_destroy_label,
+ .mpo_devfs_init_label = stub_init_label,
.mpo_devfs_update = stub_devfs_update,
- .mpo_socket_create_mbuf = stub_socket_create_mbuf,
- .mpo_pipe_create = stub_pipe_create,
- .mpo_posixsem_create = stub_posixsem_create,
- .mpo_socket_create = stub_socket_create,
- .mpo_socket_newconn = stub_socket_newconn,
- .mpo_pipe_relabel = stub_pipe_relabel,
- .mpo_socket_relabel = stub_socket_relabel,
- .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf,
- .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket,
- .mpo_bpfdesc_create = stub_bpfdesc_create,
+ .mpo_devfs_vnode_associate = stub_devfs_vnode_associate,
+
+ .mpo_ifnet_check_relabel = stub_ifnet_check_relabel,
+ .mpo_ifnet_check_transmit = stub_ifnet_check_transmit,
+ .mpo_ifnet_copy_label = stub_copy_label,
.mpo_ifnet_create = stub_ifnet_create,
+ .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf,
+ .mpo_ifnet_destroy_label = stub_destroy_label,
+ .mpo_ifnet_externalize_label = stub_externalize_label,
+ .mpo_ifnet_init_label = stub_init_label,
+ .mpo_ifnet_internalize_label = stub_internalize_label,
+ .mpo_ifnet_relabel = stub_ifnet_relabel,
+
+ .mpo_inpcb_check_deliver = stub_inpcb_check_deliver,
.mpo_inpcb_create = stub_inpcb_create,
- .mpo_ipq_create = stub_ipq_create,
- .mpo_ipq_reassemble = stub_ipq_reassemble,
- .mpo_netinet_fragment = stub_netinet_fragment,
.mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf,
- .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf,
- .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf,
- .mpo_netatalk_aarp_send = stub_netatalk_aarp_send,
- .mpo_netinet_arp_send = stub_netinet_arp_send,
- .mpo_netinet_firewall_reply = stub_netinet_firewall_reply,
- .mpo_netinet_firewall_send = stub_netinet_firewall_send,
- .mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
- .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace,
- .mpo_netinet_igmp_send = stub_netinet_igmp_send,
- .mpo_netinet6_nd6_send = stub_netinet6_nd6_send,
+ .mpo_inpcb_destroy_label = stub_destroy_label,
+ .mpo_inpcb_init_label = stub_init_label_waitcheck,
+ .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
+
+ .mpo_ipq_create = stub_ipq_create,
+ .mpo_ipq_destroy_label = stub_destroy_label,
+ .mpo_ipq_init_label = stub_init_label_waitcheck,
.mpo_ipq_match = stub_ipq_match,
- .mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
- .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace,
- .mpo_netinet_tcp_reply = stub_netinet_tcp_reply,
- .mpo_ifnet_relabel = stub_ifnet_relabel,
.mpo_ipq_update = stub_ipq_update,
- .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
- .mpo_vnode_execve_transition = stub_vnode_execve_transition,
- .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition,
- .mpo_proc_create_swapper = stub_proc_create_swapper,
- .mpo_proc_create_init = stub_proc_create_init,
- .mpo_proc_associate_nfsd = stub_proc_associate_nfsd,
- .mpo_cred_relabel= stub_cred_relabel,
- .mpo_thread_userret = stub_thread_userret,
- .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup,
- .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup,
- .mpo_sysvsem_cleanup = stub_sysvsem_cleanup,
- .mpo_sysvshm_cleanup = stub_sysvshm_cleanup,
- .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive,
- .mpo_cred_check_relabel = stub_cred_check_relabel,
- .mpo_cred_check_visible = stub_cred_check_visible,
- .mpo_ifnet_check_relabel = stub_ifnet_check_relabel,
- .mpo_ifnet_check_transmit = stub_ifnet_check_transmit,
- .mpo_inpcb_check_deliver = stub_inpcb_check_deliver,
- .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq,
- .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv,
- .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid,
- .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget,
- .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd,
- .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv,
- .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl,
- .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl,
- .mpo_sysvsem_check_semget = stub_sysvsem_check_semget,
- .mpo_sysvsem_check_semop = stub_sysvsem_check_semop,
- .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat,
- .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl,
- .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt,
- .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget,
+ .mpo_ipq_reassemble = stub_ipq_reassemble,
+
.mpo_kenv_check_dump = stub_kenv_check_dump,
.mpo_kenv_check_get = stub_kenv_check_get,
.mpo_kenv_check_set = stub_kenv_check_set,
.mpo_kenv_check_unset = stub_kenv_check_unset,
+
.mpo_kld_check_load = stub_kld_check_load,
.mpo_kld_check_stat = stub_kld_check_stat,
+
+ .mpo_mbuf_copy_label = stub_copy_label,
+ .mpo_mbuf_destroy_label = stub_destroy_label,
+ .mpo_mbuf_init_label = stub_init_label_waitcheck,
+
.mpo_mount_check_stat = stub_mount_check_stat,
+ .mpo_mount_create = stub_mount_create,
+ .mpo_mount_destroy_label = stub_destroy_label,
+ .mpo_mount_init_label = stub_init_label,
+
+ .mpo_netatalk_aarp_send = stub_netatalk_aarp_send,
+
+ .mpo_netinet_arp_send = stub_netinet_arp_send,
+ .mpo_netinet_firewall_reply = stub_netinet_firewall_reply,
+ .mpo_netinet_firewall_send = stub_netinet_firewall_send,
+ .mpo_netinet_fragment = stub_netinet_fragment,
+ .mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
+ .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace,
+ .mpo_netinet_tcp_reply = stub_netinet_tcp_reply,
+ .mpo_netinet_igmp_send = stub_netinet_igmp_send,
+
+ .mpo_netinet6_nd6_send = stub_netinet6_nd6_send,
+
.mpo_pipe_check_ioctl = stub_pipe_check_ioctl,
.mpo_pipe_check_poll = stub_pipe_check_poll,
.mpo_pipe_check_read = stub_pipe_check_read,
.mpo_pipe_check_relabel = stub_pipe_check_relabel,
.mpo_pipe_check_stat = stub_pipe_check_stat,
.mpo_pipe_check_write = stub_pipe_check_write,
+ .mpo_pipe_copy_label = stub_copy_label,
+ .mpo_pipe_create = stub_pipe_create,
+ .mpo_pipe_destroy_label = stub_destroy_label,
+ .mpo_pipe_externalize_label = stub_externalize_label,
+ .mpo_pipe_init_label = stub_init_label,
+ .mpo_pipe_internalize_label = stub_internalize_label,
+ .mpo_pipe_relabel = stub_pipe_relabel,
+
.mpo_posixsem_check_destroy = stub_posixsem_check_destroy,
.mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue,
.mpo_posixsem_check_open = stub_posixsem_check_open,
.mpo_posixsem_check_post = stub_posixsem_check_post,
.mpo_posixsem_check_unlink = stub_posixsem_check_unlink,
.mpo_posixsem_check_wait = stub_posixsem_check_wait,
+ .mpo_posixsem_create = stub_posixsem_create,
+ .mpo_posixsem_destroy_label = stub_destroy_label,
+ .mpo_posixsem_init_label = stub_init_label,
+
+ .mpo_priv_check = stub_priv_check,
+ .mpo_priv_grant = stub_priv_grant,
+
+ .mpo_proc_associate_nfsd = stub_proc_associate_nfsd,
.mpo_proc_check_debug = stub_proc_check_debug,
.mpo_proc_check_sched = stub_proc_check_sched,
.mpo_proc_check_setaudit = stub_proc_check_setaudit,
.mpo_proc_check_setaudit_addr = stub_proc_check_setaudit_addr,
.mpo_proc_check_setauid = stub_proc_check_setauid,
- .mpo_proc_check_setuid = stub_proc_check_setuid,
+ .mpo_proc_check_setegid = stub_proc_check_setegid,
.mpo_proc_check_seteuid = stub_proc_check_seteuid,
.mpo_proc_check_setgid = stub_proc_check_setgid,
- .mpo_proc_check_setegid = stub_proc_check_setegid,
.mpo_proc_check_setgroups = stub_proc_check_setgroups,
- .mpo_proc_check_setreuid = stub_proc_check_setreuid,
.mpo_proc_check_setregid = stub_proc_check_setregid,
- .mpo_proc_check_setresuid = stub_proc_check_setresuid,
.mpo_proc_check_setresgid = stub_proc_check_setresgid,
+ .mpo_proc_check_setresuid = stub_proc_check_setresuid,
+ .mpo_proc_check_setreuid = stub_proc_check_setreuid,
+ .mpo_proc_check_setuid = stub_proc_check_setuid,
.mpo_proc_check_signal = stub_proc_check_signal,
.mpo_proc_check_wait = stub_proc_check_wait,
+ .mpo_proc_create_init = stub_proc_create_init,
+ .mpo_proc_create_swapper = stub_proc_create_swapper,
+
.mpo_socket_check_accept = stub_socket_check_accept,
.mpo_socket_check_bind = stub_socket_check_bind,
.mpo_socket_check_connect = stub_socket_check_connect,
@@ -1636,6 +1585,61 @@ static struct mac_policy_ops stub_ops =
.mpo_socket_check_send = stub_socket_check_send,
.mpo_socket_check_stat = stub_socket_check_stat,
.mpo_socket_check_visible = stub_socket_check_visible,
+ .mpo_socket_copy_label = stub_copy_label,
+ .mpo_socket_create = stub_socket_create,
+ .mpo_socket_create_mbuf = stub_socket_create_mbuf,
+ .mpo_socket_destroy_label = stub_destroy_label,
+ .mpo_socket_externalize_label = stub_externalize_label,
+ .mpo_socket_init_label = stub_init_label_waitcheck,
+ .mpo_socket_internalize_label = stub_internalize_label,
+ .mpo_socket_newconn = stub_socket_newconn,
+ .mpo_socket_relabel = stub_socket_relabel,
+
+ .mpo_socketpeer_destroy_label = stub_destroy_label,
+ .mpo_socketpeer_externalize_label = stub_externalize_label,
+ .mpo_socketpeer_init_label = stub_init_label_waitcheck,
+ .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf,
+ .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket,
+
+ .mpo_syncache_init_label = stub_init_label_waitcheck,
+ .mpo_syncache_destroy_label = stub_destroy_label,
+ .mpo_syncache_create = stub_syncache_create,
+ .mpo_syncache_create_mbuf= stub_syncache_create_mbuf,
+
+ .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup,
+ .mpo_sysvmsg_create = stub_sysvmsg_create,
+ .mpo_sysvmsg_destroy_label = stub_destroy_label,
+ .mpo_sysvmsg_init_label = stub_init_label,
+
+ .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq,
+ .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv,
+ .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid,
+ .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget,
+ .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd,
+ .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv,
+ .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl,
+ .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup,
+ .mpo_sysvmsq_create = stub_sysvmsq_create,
+ .mpo_sysvmsq_destroy_label = stub_destroy_label,
+ .mpo_sysvmsq_init_label = stub_init_label,
+
+ .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl,
+ .mpo_sysvsem_check_semget = stub_sysvsem_check_semget,
+ .mpo_sysvsem_check_semop = stub_sysvsem_check_semop,
+ .mpo_sysvsem_cleanup = stub_sysvsem_cleanup,
+ .mpo_sysvsem_create = stub_sysvsem_create,
+ .mpo_sysvsem_destroy_label = stub_destroy_label,
+ .mpo_sysvsem_init_label = stub_init_label,
+
+ .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat,
+ .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl,
+ .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt,
+ .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget,
+ .mpo_sysvshm_cleanup = stub_sysvshm_cleanup,
+ .mpo_sysvshm_create = stub_sysvshm_create,
+ .mpo_sysvshm_destroy_label = stub_destroy_label,
+ .mpo_sysvshm_init_label = stub_init_label,
+
.mpo_system_check_acct = stub_system_check_acct,
.mpo_system_check_audit = stub_system_check_audit,
.mpo_system_check_auditctl = stub_system_check_auditctl,
@@ -1644,6 +1648,11 @@ static struct mac_policy_ops stub_ops =
.mpo_system_check_swapoff = stub_system_check_swapoff,
.mpo_system_check_swapon = stub_system_check_swapon,
.mpo_system_check_sysctl = stub_system_check_sysctl,
+
+ .mpo_thread_userret = stub_thread_userret,
+
+ .mpo_vnode_associate_extattr = stub_vnode_associate_extattr,
+ .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel,
.mpo_vnode_check_access = stub_vnode_check_access,
.mpo_vnode_check_chdir = stub_vnode_check_chdir,
.mpo_vnode_check_chroot = stub_vnode_check_chroot,
@@ -1677,12 +1686,16 @@ static struct mac_policy_ops stub_ops =
.mpo_vnode_check_stat = stub_vnode_check_stat,
.mpo_vnode_check_unlink = stub_vnode_check_unlink,
.mpo_vnode_check_write = stub_vnode_check_write,
- .mpo_priv_check = stub_priv_check,
- .mpo_priv_grant = stub_priv_grant,
- .mpo_syncache_init_label = stub_init_label_waitcheck,
- .mpo_syncache_destroy_label = stub_destroy_label,
- .mpo_syncache_create = stub_syncache_create,
- .mpo_syncache_create_mbuf= stub_syncache_create_mbuf,
+ .mpo_vnode_copy_label = stub_copy_label,
+ .mpo_vnode_create_extattr = stub_vnode_create_extattr,
+ .mpo_vnode_destroy_label = stub_destroy_label,
+ .mpo_vnode_execve_transition = stub_vnode_execve_transition,
+ .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition,
+ .mpo_vnode_externalize_label = stub_externalize_label,
+ .mpo_vnode_init_label = stub_init_label,
+ .mpo_vnode_internalize_label = stub_internalize_label,
+ .mpo_vnode_relabel = stub_vnode_relabel,
+ .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr,
};
MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub",
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 2486716..ff0c215 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -149,217 +149,109 @@ SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0,
} while (0)
/*
- * Label operations.
+ * Functions that span multiple entry points.
*/
-COUNTER_DECL(bpfdesc_init_label);
-static void
-test_bpfdesc_init_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_BPF);
- COUNTER_INC(bpfdesc_init_label);
-}
-
-COUNTER_DECL(cred_init_label);
-static void
-test_cred_init_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_CRED);
- COUNTER_INC(cred_init_label);
-}
-
-COUNTER_DECL(devfs_init_label);
-static void
-test_devfs_init_label(struct label *label)
+COUNTER_DECL(internalize_label);
+static int
+test_internalize_label(struct label *label, char *element_name,
+ char *element_data, int *claimed)
{
- LABEL_INIT(label, MAGIC_DEVFS);
- COUNTER_INC(devfs_init_label);
-}
-
-COUNTER_DECL(ifnet_init_label);
-static void
-test_ifnet_init_label(struct label *label)
-{
+ LABEL_NOTFREE(label);
+ COUNTER_INC(internalize_label);
- LABEL_INIT(label, MAGIC_IFNET);
- COUNTER_INC(ifnet_init_label);
+ return (0);
}
-COUNTER_DECL(inpcb_init_label);
+/*
+ * Object-specific entry point implementations are sorted alphabetically by
+ * object type name and then by operation.
+ */
+COUNTER_DECL(bpfdesc_check_receive);
static int
-test_inpcb_init_label(struct label *label, int flag)
+test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifp, struct label *ifplabel)
{
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_inpcb_init_label() at %s:%d", __FILE__,
- __LINE__);
+ LABEL_CHECK(bpflabel, MAGIC_BPF);
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ COUNTER_INC(bpfdesc_check_receive);
- LABEL_INIT(label, MAGIC_INPCB);
- COUNTER_INC(inpcb_init_label);
return (0);
}
-COUNTER_DECL(sysvmsg_init_label);
-static void
-test_sysvmsg_init_label(struct label *label)
-{
- LABEL_INIT(label, MAGIC_SYSV_MSG);
- COUNTER_INC(sysvmsg_init_label);
-}
-
-COUNTER_DECL(sysvmsq_init_label);
+COUNTER_DECL(bpfdesc_create);
static void
-test_sysvmsq_init_label(struct label *label)
+test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
+ struct label *bpflabel)
{
- LABEL_INIT(label, MAGIC_SYSV_MSQ);
- COUNTER_INC(sysvmsq_init_label);
-}
-COUNTER_DECL(sysvsem_init_label);
-static void
-test_sysvsem_init_label(struct label *label)
-{
- LABEL_INIT(label, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_init_label);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(bpflabel, MAGIC_BPF);
+ COUNTER_INC(bpfdesc_create);
}
-COUNTER_DECL(sysvshm_init_label);
+COUNTER_DECL(bpfdesc_create_mbuf);
static void
-test_sysvshm_init_label(struct label *label)
-{
- LABEL_INIT(label, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_init_label);
-}
-
-COUNTER_DECL(ipq_init_label);
-static int
-test_ipq_init_label(struct label *label, int flag)
+test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct mbuf *mbuf, struct label *mbuflabel)
{
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_ipq_init_label() at %s:%d", __FILE__,
- __LINE__);
-
- LABEL_INIT(label, MAGIC_IPQ);
- COUNTER_INC(ipq_init_label);
- return (0);
+ LABEL_CHECK(bpflabel, MAGIC_BPF);
+ LABEL_CHECK(mbuflabel, MAGIC_MBUF);
+ COUNTER_INC(bpfdesc_create_mbuf);
}
-COUNTER_DECL(mbuf_init_label);
-static int
-test_mbuf_init_label(struct label *label, int flag)
+COUNTER_DECL(bpfdesc_destroy_label);
+static void
+test_bpfdesc_destroy_label(struct label *label)
{
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_mbuf_init_label() at %s:%d", __FILE__,
- __LINE__);
-
- LABEL_INIT(label, MAGIC_MBUF);
- COUNTER_INC(mbuf_init_label);
- return (0);
+ LABEL_DESTROY(label, MAGIC_BPF);
+ COUNTER_INC(bpfdesc_destroy_label);
}
-COUNTER_DECL(mount_init_label);
+COUNTER_DECL(bpfdesc_init_label);
static void
-test_mount_init_label(struct label *label)
+test_bpfdesc_init_label(struct label *label)
{
- LABEL_INIT(label, MAGIC_MOUNT);
- COUNTER_INC(mount_init_label);
+ LABEL_INIT(label, MAGIC_BPF);
+ COUNTER_INC(bpfdesc_init_label);
}
-COUNTER_DECL(socket_init_label);
+COUNTER_DECL(cred_check_relabel);
static int
-test_socket_init_label(struct label *label, int flag)
+test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_socket_init_label() at %s:%d", __FILE__,
- __LINE__);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(newlabel, MAGIC_CRED);
+ COUNTER_INC(cred_check_relabel);
- LABEL_INIT(label, MAGIC_SOCKET);
- COUNTER_INC(socket_init_label);
return (0);
}
-COUNTER_DECL(socketpeer_init_label);
+COUNTER_DECL(cred_check_visible);
static int
-test_socketpeer_init_label(struct label *label, int flag)
-{
-
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_socketpeer_init_label() at %s:%d", __FILE__,
- __LINE__);
-
- LABEL_INIT(label, MAGIC_SOCKET);
- COUNTER_INC(socketpeer_init_label);
- return (0);
-}
-
-COUNTER_DECL(pipe_init_label);
-static void
-test_pipe_init_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_PIPE);
- COUNTER_INC(pipe_init_label);
-}
-
-COUNTER_DECL(posixsem_init_label);
-static void
-test_posixsem_init_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_init_label);
-}
-
-COUNTER_DECL(proc_init_label);
-static void
-test_proc_init_label(struct label *label)
+test_cred_check_visible(struct ucred *u1, struct ucred *u2)
{
- LABEL_INIT(label, MAGIC_PROC);
- COUNTER_INC(proc_init_label);
-}
-
-COUNTER_DECL(syncache_init_label);
-static int
-test_syncache_init_label(struct label *label, int flag)
-{
+ LABEL_CHECK(u1->cr_label, MAGIC_CRED);
+ LABEL_CHECK(u2->cr_label, MAGIC_CRED);
+ COUNTER_INC(cred_check_visible);
- if (flag & M_WAITOK)
- WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
- "test_syncache_init_label() at %s:%d", __FILE__,
- __LINE__);
- LABEL_INIT(label, MAGIC_SYNCACHE);
- COUNTER_INC(syncache_init_label);
return (0);
}
-COUNTER_DECL(vnode_init_label);
-static void
-test_vnode_init_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_VNODE);
- COUNTER_INC(vnode_init_label);
-}
-
-COUNTER_DECL(bpfdesc_destroy_label);
+COUNTER_DECL(cred_copy_label);
static void
-test_bpfdesc_destroy_label(struct label *label)
+test_cred_copy_label(struct label *src, struct label *dest)
{
- LABEL_DESTROY(label, MAGIC_BPF);
- COUNTER_INC(bpfdesc_destroy_label);
+ LABEL_CHECK(src, MAGIC_CRED);
+ LABEL_CHECK(dest, MAGIC_CRED);
+ COUNTER_INC(cred_copy_label);
}
COUNTER_DECL(cred_destroy_label);
@@ -371,175 +263,139 @@ test_cred_destroy_label(struct label *label)
COUNTER_INC(cred_destroy_label);
}
-COUNTER_DECL(devfs_destroy_label);
-static void
-test_devfs_destroy_label(struct label *label)
-{
-
- LABEL_DESTROY(label, MAGIC_DEVFS);
- COUNTER_INC(devfs_destroy_label);
-}
-
-COUNTER_DECL(ifnet_destroy_label);
-static void
-test_ifnet_destroy_label(struct label *label)
-{
-
- LABEL_DESTROY(label, MAGIC_IFNET);
- COUNTER_INC(ifnet_destroy_label);
-}
-
-COUNTER_DECL(inpcb_destroy_label);
-static void
-test_inpcb_destroy_label(struct label *label)
-{
-
- LABEL_DESTROY(label, MAGIC_INPCB);
- COUNTER_INC(inpcb_destroy_label);
-}
-
-COUNTER_DECL(syncache_destroy_label);
-static void
-test_syncache_destroy_label(struct label *label)
+COUNTER_DECL(cred_externalize_label);
+static int
+test_cred_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
{
- LABEL_DESTROY(label, MAGIC_SYNCACHE);
- COUNTER_INC(syncache_destroy_label);
-}
-
-COUNTER_DECL(sysvmsg_destroy_label);
-static void
-test_sysvmsg_destroy_label(struct label *label)
-{
+ LABEL_CHECK(label, MAGIC_CRED);
+ COUNTER_INC(cred_externalize_label);
- LABEL_DESTROY(label, MAGIC_SYSV_MSG);
- COUNTER_INC(sysvmsg_destroy_label);
+ return (0);
}
-COUNTER_DECL(sysvmsq_destroy_label);
+COUNTER_DECL(cred_init_label);
static void
-test_sysvmsq_destroy_label(struct label *label)
+test_cred_init_label(struct label *label)
{
- LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
- COUNTER_INC(sysvmsq_destroy_label);
+ LABEL_INIT(label, MAGIC_CRED);
+ COUNTER_INC(cred_init_label);
}
-COUNTER_DECL(sysvsem_destroy_label);
+COUNTER_DECL(cred_relabel);
static void
-test_sysvsem_destroy_label(struct label *label)
+test_cred_relabel(struct ucred *cred, struct label *newlabel)
{
- LABEL_DESTROY(label, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_destroy_label);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(newlabel, MAGIC_CRED);
+ COUNTER_INC(cred_relabel);
}
-COUNTER_DECL(sysvshm_destroy_label);
+COUNTER_DECL(devfs_create_device);
static void
-test_sysvshm_destroy_label(struct label *label)
+test_devfs_create_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
{
- LABEL_DESTROY(label, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_destroy_label);
+ if (cred != NULL)
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(delabel, MAGIC_DEVFS);
+ COUNTER_INC(devfs_create_device);
}
-COUNTER_DECL(ipq_destroy_label);
+COUNTER_DECL(devfs_create_directory);
static void
-test_ipq_destroy_label(struct label *label)
+test_devfs_create_directory(struct mount *mp, char *dirname,
+ int dirnamelen, struct devfs_dirent *de, struct label *delabel)
{
- LABEL_DESTROY(label, MAGIC_IPQ);
- COUNTER_INC(ipq_destroy_label);
+ LABEL_CHECK(delabel, MAGIC_DEVFS);
+ COUNTER_INC(devfs_create_directory);
}
-COUNTER_DECL(mbuf_destroy_label);
+COUNTER_DECL(devfs_create_symlink);
static void
-test_mbuf_destroy_label(struct label *label)
+test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel)
{
- /*
- * If we're loaded dynamically, there may be mbufs in flight that
- * didn't have label storage allocated for them. Handle this
- * gracefully.
- */
- if (label == NULL)
- return;
-
- LABEL_DESTROY(label, MAGIC_MBUF);
- COUNTER_INC(mbuf_destroy_label);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(ddlabel, MAGIC_DEVFS);
+ LABEL_CHECK(delabel, MAGIC_DEVFS);
+ COUNTER_INC(devfs_create_symlink);
}
-COUNTER_DECL(mount_destroy_label);
+COUNTER_DECL(devfs_destroy_label);
static void
-test_mount_destroy_label(struct label *label)
+test_devfs_destroy_label(struct label *label)
{
- LABEL_DESTROY(label, MAGIC_MOUNT);
- COUNTER_INC(mount_destroy_label);
+ LABEL_DESTROY(label, MAGIC_DEVFS);
+ COUNTER_INC(devfs_destroy_label);
}
-COUNTER_DECL(socket_destroy_label);
+COUNTER_DECL(devfs_init_label);
static void
-test_socket_destroy_label(struct label *label)
+test_devfs_init_label(struct label *label)
{
- LABEL_DESTROY(label, MAGIC_SOCKET);
- COUNTER_INC(socket_destroy_label);
+ LABEL_INIT(label, MAGIC_DEVFS);
+ COUNTER_INC(devfs_init_label);
}
-COUNTER_DECL(socketpeer_destroy_label);
+COUNTER_DECL(devfs_update);
static void
-test_socketpeer_destroy_label(struct label *label)
+test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
+ struct label *direntlabel, struct vnode *vp, struct label *vplabel)
{
- LABEL_DESTROY(label, MAGIC_SOCKET);
- COUNTER_INC(socketpeer_destroy_label);
+ LABEL_CHECK(direntlabel, MAGIC_DEVFS);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(devfs_update);
}
-COUNTER_DECL(pipe_destroy_label);
+COUNTER_DECL(devfs_vnode_associate);
static void
-test_pipe_destroy_label(struct label *label)
+test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
+ struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
+ struct label *vplabel)
{
- LABEL_DESTROY(label, MAGIC_PIPE);
- COUNTER_INC(pipe_destroy_label);
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ LABEL_CHECK(delabel, MAGIC_DEVFS);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(devfs_vnode_associate);
}
-COUNTER_DECL(posixsem_destroy_label);
-static void
-test_posixsem_destroy_label(struct label *label)
+COUNTER_DECL(ifnet_check_relabel);
+static int
+test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
- LABEL_DESTROY(label, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_destroy_label);
-}
-
-COUNTER_DECL(proc_destroy_label);
-static void
-test_proc_destroy_label(struct label *label)
-{
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ LABEL_CHECK(newlabel, MAGIC_IFNET);
+ COUNTER_INC(ifnet_check_relabel);
- LABEL_DESTROY(label, MAGIC_PROC);
- COUNTER_INC(proc_destroy_label);
+ return (0);
}
-COUNTER_DECL(vnode_destroy_label);
-static void
-test_vnode_destroy_label(struct label *label)
+COUNTER_DECL(ifnet_check_transmit);
+static int
+test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mbuflabel)
{
- LABEL_DESTROY(label, MAGIC_VNODE);
- COUNTER_INC(vnode_destroy_label);
-}
-
-COUNTER_DECL(cred_copy_label);
-static void
-test_cred_copy_label(struct label *src, struct label *dest)
-{
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ LABEL_CHECK(mbuflabel, MAGIC_MBUF);
+ COUNTER_INC(ifnet_check_transmit);
- LABEL_CHECK(src, MAGIC_CRED);
- LABEL_CHECK(dest, MAGIC_CRED);
- COUNTER_INC(cred_copy_label);
+ return (0);
}
COUNTER_DECL(ifnet_copy_label);
@@ -552,56 +408,33 @@ test_ifnet_copy_label(struct label *src, struct label *dest)
COUNTER_INC(ifnet_copy_label);
}
-COUNTER_DECL(mbuf_copy_label);
-static void
-test_mbuf_copy_label(struct label *src, struct label *dest)
-{
-
- LABEL_CHECK(src, MAGIC_MBUF);
- LABEL_CHECK(dest, MAGIC_MBUF);
- COUNTER_INC(mbuf_copy_label);
-}
-
-COUNTER_DECL(pipe_copy_label);
+COUNTER_DECL(ifnet_create);
static void
-test_pipe_copy_label(struct label *src, struct label *dest)
+test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
{
- LABEL_CHECK(src, MAGIC_PIPE);
- LABEL_CHECK(dest, MAGIC_PIPE);
- COUNTER_INC(pipe_copy_label);
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ COUNTER_INC(ifnet_create);
}
-COUNTER_DECL(socket_copy_label);
+COUNTER_DECL(ifnet_create_mbuf);
static void
-test_socket_copy_label(struct label *src, struct label *dest)
+test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mbuflabel)
{
- LABEL_CHECK(src, MAGIC_SOCKET);
- LABEL_CHECK(dest, MAGIC_SOCKET);
- COUNTER_INC(socket_copy_label);
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ LABEL_CHECK(mbuflabel, MAGIC_MBUF);
+ COUNTER_INC(ifnet_create_mbuf);
}
-COUNTER_DECL(vnode_copy_label);
+COUNTER_DECL(ifnet_destroy_label);
static void
-test_vnode_copy_label(struct label *src, struct label *dest)
-{
-
- LABEL_CHECK(src, MAGIC_VNODE);
- LABEL_CHECK(dest, MAGIC_VNODE);
- COUNTER_INC(vnode_copy_label);
-}
-
-COUNTER_DECL(cred_externalize_label);
-static int
-test_cred_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+test_ifnet_destroy_label(struct label *label)
{
- LABEL_CHECK(label, MAGIC_CRED);
- COUNTER_INC(cred_externalize_label);
-
- return (0);
+ LABEL_DESTROY(label, MAGIC_IFNET);
+ COUNTER_INC(ifnet_destroy_label);
}
COUNTER_DECL(ifnet_externalize_label);
@@ -616,482 +449,317 @@ test_ifnet_externalize_label(struct label *label, char *element_name,
return (0);
}
-COUNTER_DECL(pipe_externalize_label);
-static int
-test_pipe_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+COUNTER_DECL(ifnet_init_label);
+static void
+test_ifnet_init_label(struct label *label)
{
- LABEL_CHECK(label, MAGIC_PIPE);
- COUNTER_INC(pipe_externalize_label);
-
- return (0);
+ LABEL_INIT(label, MAGIC_IFNET);
+ COUNTER_INC(ifnet_init_label);
}
-COUNTER_DECL(socket_externalize_label);
-static int
-test_socket_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+COUNTER_DECL(ifnet_relabel);
+static void
+test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
- LABEL_CHECK(label, MAGIC_SOCKET);
- COUNTER_INC(socket_externalize_label);
-
- return (0);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(ifplabel, MAGIC_IFNET);
+ LABEL_CHECK(newlabel, MAGIC_IFNET);
+ COUNTER_INC(ifnet_relabel);
}
-COUNTER_DECL(socketpeer_externalize_label);
+COUNTER_DECL(inpcb_check_deliver);
static int
-test_socketpeer_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
{
- LABEL_CHECK(label, MAGIC_SOCKET);
- COUNTER_INC(socketpeer_externalize_label);
+ LABEL_CHECK(inplabel, MAGIC_INPCB);
+ LABEL_CHECK(mlabel, MAGIC_MBUF);
+ COUNTER_INC(inpcb_check_deliver);
return (0);
}
-COUNTER_DECL(vnode_externalize_label);
-static int
-test_vnode_externalize_label(struct label *label, char *element_name,
- struct sbuf *sb, int *claimed)
+COUNTER_DECL(inpcb_create);
+static void
+test_inpcb_create(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
- LABEL_CHECK(label, MAGIC_VNODE);
- COUNTER_INC(vnode_externalize_label);
-
- return (0);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ LABEL_CHECK(inplabel, MAGIC_INPCB);
+ COUNTER_INC(inpcb_create);
}
-COUNTER_DECL(internalize_label);
-static int
-test_internalize_label(struct label *label, char *element_name,
- char *element_data, int *claimed)
+COUNTER_DECL(inpcb_create_mbuf);
+static void
+test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
+ struct mbuf *m, struct label *mlabel)
{
- LABEL_NOTFREE(label);
- COUNTER_INC(internalize_label);
-
- return (0);
+ LABEL_CHECK(inplabel, MAGIC_INPCB);
+ LABEL_CHECK(mlabel, MAGIC_MBUF);
+ COUNTER_INC(inpcb_create_mbuf);
}
-/*
- * Labeling event operations: file system objects, and things that look
- * a lot like file system objects.
- */
-COUNTER_DECL(devfs_vnode_associate);
+COUNTER_DECL(inpcb_destroy_label);
static void
-test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
- struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
- struct label *vplabel)
+test_inpcb_destroy_label(struct label *label)
{
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- LABEL_CHECK(delabel, MAGIC_DEVFS);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(devfs_vnode_associate);
+ LABEL_DESTROY(label, MAGIC_INPCB);
+ COUNTER_INC(inpcb_destroy_label);
}
-COUNTER_DECL(vnode_associate_extattr);
+COUNTER_DECL(inpcb_init_label);
static int
-test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
+test_inpcb_init_label(struct label *label, int flag)
{
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(vnode_associate_extattr);
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_inpcb_init_label() at %s:%d", __FILE__,
+ __LINE__);
+ LABEL_INIT(label, MAGIC_INPCB);
+ COUNTER_INC(inpcb_init_label);
return (0);
}
-COUNTER_DECL(vnode_associate_singlelabel);
-static void
-test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
- struct vnode *vp, struct label *vplabel)
-{
-
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(vnode_associate_singlelabel);
-}
-
-COUNTER_DECL(devfs_create_device);
+COUNTER_DECL(inpcb_sosetlabel);
static void
-test_devfs_create_device(struct ucred *cred, struct mount *mp,
- struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
+test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
+ struct inpcb *inp, struct label *inplabel)
{
- if (cred != NULL)
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(delabel, MAGIC_DEVFS);
- COUNTER_INC(devfs_create_device);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ LABEL_CHECK(inplabel, MAGIC_INPCB);
+ COUNTER_INC(inpcb_sosetlabel);
}
-COUNTER_DECL(devfs_create_directory);
+COUNTER_DECL(ipq_create);
static void
-test_devfs_create_directory(struct mount *mp, char *dirname,
- int dirnamelen, struct devfs_dirent *de, struct label *delabel)
+test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
+ struct ipq *ipq, struct label *ipqlabel)
{
- LABEL_CHECK(delabel, MAGIC_DEVFS);
- COUNTER_INC(devfs_create_directory);
+ LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
+ LABEL_CHECK(ipqlabel, MAGIC_IPQ);
+ COUNTER_INC(ipq_create);
}
-COUNTER_DECL(devfs_create_symlink);
+COUNTER_DECL(ipq_destroy_label);
static void
-test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
- struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
- struct label *delabel)
+test_ipq_destroy_label(struct label *label)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(ddlabel, MAGIC_DEVFS);
- LABEL_CHECK(delabel, MAGIC_DEVFS);
- COUNTER_INC(devfs_create_symlink);
+ LABEL_DESTROY(label, MAGIC_IPQ);
+ COUNTER_INC(ipq_destroy_label);
}
-COUNTER_DECL(vnode_create_extattr);
+COUNTER_DECL(ipq_init_label);
static int
-test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
- struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
- struct vnode *vp, struct label *vplabel, struct componentname *cnp)
+test_ipq_init_label(struct label *label, int flag)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- LABEL_CHECK(dvplabel, MAGIC_VNODE);
- COUNTER_INC(vnode_create_extattr);
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_ipq_init_label() at %s:%d", __FILE__,
+ __LINE__);
+ LABEL_INIT(label, MAGIC_IPQ);
+ COUNTER_INC(ipq_init_label);
return (0);
}
-COUNTER_DECL(mount_create);
-static void
-test_mount_create(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
-{
-
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- COUNTER_INC(mount_create);
-}
-
-COUNTER_DECL(vnode_relabel);
-static void
-test_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *label)
-{
-
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- LABEL_CHECK(label, MAGIC_VNODE);
- COUNTER_INC(vnode_relabel);
-}
-
-COUNTER_DECL(vnode_setlabel_extattr);
+COUNTER_DECL(ipq_match);
static int
-test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vplabel, struct label *intlabel)
+test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
+ struct ipq *ipq, struct label *ipqlabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- LABEL_CHECK(intlabel, MAGIC_VNODE);
- COUNTER_INC(vnode_setlabel_extattr);
+ LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
+ LABEL_CHECK(ipqlabel, MAGIC_IPQ);
+ COUNTER_INC(ipq_match);
- return (0);
+ return (1);
}
-COUNTER_DECL(devfs_update);
+COUNTER_DECL(ipq_reassemble);
static void
-test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
- struct label *direntlabel, struct vnode *vp, struct label *vplabel)
+test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
+ struct mbuf *datagram, struct label *datagramlabel)
{
- LABEL_CHECK(direntlabel, MAGIC_DEVFS);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(devfs_update);
+ LABEL_CHECK(ipqlabel, MAGIC_IPQ);
+ LABEL_CHECK(datagramlabel, MAGIC_MBUF);
+ COUNTER_INC(ipq_reassemble);
}
-/*
- * Labeling event operations: IPC object.
- */
-COUNTER_DECL(socket_create_mbuf);
+COUNTER_DECL(ipq_update);
static void
-test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
+test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
+ struct ipq *ipq, struct label *ipqlabel)
{
- LABEL_CHECK(socketlabel, MAGIC_SOCKET);
- LABEL_CHECK(mbuflabel, MAGIC_MBUF);
- COUNTER_INC(socket_create_mbuf);
+ LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
+ LABEL_CHECK(ipqlabel, MAGIC_IPQ);
+ COUNTER_INC(ipq_update);
}
-COUNTER_DECL(socket_create);
-static void
-test_socket_create(struct ucred *cred, struct socket *socket,
- struct label *socketlabel)
+COUNTER_DECL(kenv_check_dump);
+static int
+test_kenv_check_dump(struct ucred *cred)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(socketlabel, MAGIC_SOCKET);
- COUNTER_INC(socket_create);
-}
-
-COUNTER_DECL(pipe_create);
-static void
-test_pipe_create(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
-{
+ COUNTER_INC(kenv_check_dump);
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_create);
+ return (0);
}
-COUNTER_DECL(posixsem_create);
-static void
-test_posixsem_create(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+COUNTER_DECL(kenv_check_get);
+static int
+test_kenv_check_get(struct ucred *cred, char *name)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_create);
-}
-
-COUNTER_DECL(socket_newconn);
-static void
-test_socket_newconn(struct socket *oldsocket,
- struct label *oldsocketlabel, struct socket *newsocket,
- struct label *newsocketlabel)
-{
+ COUNTER_INC(kenv_check_get);
- LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
- LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
- COUNTER_INC(socket_newconn);
+ return (0);
}
-COUNTER_DECL(socket_relabel);
-static void
-test_socket_relabel(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct label *newlabel)
+COUNTER_DECL(kenv_check_set);
+static int
+test_kenv_check_set(struct ucred *cred, char *name, char *value)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(newlabel, MAGIC_SOCKET);
- COUNTER_INC(socket_relabel);
-}
-
-COUNTER_DECL(pipe_relabel);
-static void
-test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, struct label *newlabel)
-{
+ COUNTER_INC(kenv_check_set);
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- LABEL_CHECK(newlabel, MAGIC_PIPE);
- COUNTER_INC(pipe_relabel);
+ return (0);
}
-COUNTER_DECL(socketpeer_set_from_mbuf);
-static void
-test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
- struct socket *socket, struct label *socketpeerlabel)
+COUNTER_DECL(kenv_check_unset);
+static int
+test_kenv_check_unset(struct ucred *cred, char *name)
{
- LABEL_CHECK(mbuflabel, MAGIC_MBUF);
- LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
- COUNTER_INC(socketpeer_set_from_mbuf);
-}
-
-/*
- * Labeling event operations: network objects.
- */
-COUNTER_DECL(socketpeer_set_from_socket);
-static void
-test_socketpeer_set_from_socket(struct socket *oldsocket,
- struct label *oldsocketlabel, struct socket *newsocket,
- struct label *newsocketpeerlabel)
-{
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ COUNTER_INC(kenv_check_unset);
- LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
- LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
- COUNTER_INC(socketpeer_set_from_socket);
+ return (0);
}
-COUNTER_DECL(bpfdesc_create);
-static void
-test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
- struct label *bpflabel)
+COUNTER_DECL(kld_check_load);
+static int
+test_kld_check_load(struct ucred *cred, struct vnode *vp,
+ struct label *label)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(bpflabel, MAGIC_BPF);
- COUNTER_INC(bpfdesc_create);
-}
-
-COUNTER_DECL(ipq_reassemble);
-static void
-test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
- struct mbuf *datagram, struct label *datagramlabel)
-{
-
- LABEL_CHECK(ipqlabel, MAGIC_IPQ);
- LABEL_CHECK(datagramlabel, MAGIC_MBUF);
- COUNTER_INC(ipq_reassemble);
-}
-
-COUNTER_DECL(netinet_fragment);
-static void
-test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
- struct mbuf *fragment, struct label *fragmentlabel)
-{
+ LABEL_CHECK(label, MAGIC_VNODE);
+ COUNTER_INC(kld_check_load);
- LABEL_CHECK(datagramlabel, MAGIC_MBUF);
- LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
- COUNTER_INC(netinet_fragment);
+ return (0);
}
-COUNTER_DECL(ifnet_create);
-static void
-test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
+COUNTER_DECL(kld_check_stat);
+static int
+test_kld_check_stat(struct ucred *cred)
{
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- COUNTER_INC(ifnet_create);
-}
-
-COUNTER_DECL(inpcb_create);
-static void
-test_inpcb_create(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
-{
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ COUNTER_INC(kld_check_stat);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- LABEL_CHECK(inplabel, MAGIC_INPCB);
- COUNTER_INC(inpcb_create);
+ return (0);
}
-COUNTER_DECL(syncache_create);
+COUNTER_DECL(mbuf_copy_label);
static void
-test_syncache_create(struct label *label, struct inpcb *inp)
+test_mbuf_copy_label(struct label *src, struct label *dest)
{
- LABEL_CHECK(label, MAGIC_SYNCACHE);
- COUNTER_INC(syncache_create);
+ LABEL_CHECK(src, MAGIC_MBUF);
+ LABEL_CHECK(dest, MAGIC_MBUF);
+ COUNTER_INC(mbuf_copy_label);
}
-COUNTER_DECL(syncache_create_mbuf);
+COUNTER_DECL(mbuf_destroy_label);
static void
-test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
- struct label *mlabel)
+test_mbuf_destroy_label(struct label *label)
{
- LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
- LABEL_CHECK(mlabel, MAGIC_MBUF);
- COUNTER_INC(syncache_create_mbuf);
-}
-
-COUNTER_DECL(sysvmsg_create);
-static void
-test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
-{
+ /*
+ * If we're loaded dynamically, there may be mbufs in flight that
+ * didn't have label storage allocated for them. Handle this
+ * gracefully.
+ */
+ if (label == NULL)
+ return;
- LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
- LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
- COUNTER_INC(sysvmsg_create);
+ LABEL_DESTROY(label, MAGIC_MBUF);
+ COUNTER_INC(mbuf_destroy_label);
}
-COUNTER_DECL(sysvmsq_create);
-static void
-test_sysvmsq_create(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct label *msqlabel)
+COUNTER_DECL(mbuf_init_label);
+static int
+test_mbuf_init_label(struct label *label, int flag)
{
- LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
- COUNTER_INC(sysvmsq_create);
-}
-
-COUNTER_DECL(sysvsem_create);
-static void
-test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
- struct label *semalabel)
-{
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_mbuf_init_label() at %s:%d", __FILE__,
+ __LINE__);
- LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_create);
+ LABEL_INIT(label, MAGIC_MBUF);
+ COUNTER_INC(mbuf_init_label);
+ return (0);
}
-COUNTER_DECL(sysvshm_create);
-static void
-test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
- struct label *shmlabel)
+COUNTER_DECL(mount_check_stat);
+static int
+test_mount_check_stat(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
- LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_create);
-}
-
-COUNTER_DECL(ipq_create);
-static void
-test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
- struct ipq *ipq, struct label *ipqlabel)
-{
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ COUNTER_INC(mount_check_stat);
- LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
- LABEL_CHECK(ipqlabel, MAGIC_IPQ);
- COUNTER_INC(ipq_create);
+ return (0);
}
-COUNTER_DECL(inpcb_create_mbuf);
+COUNTER_DECL(mount_create);
static void
-test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+test_mount_create(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
{
- LABEL_CHECK(inplabel, MAGIC_INPCB);
- LABEL_CHECK(mlabel, MAGIC_MBUF);
- COUNTER_INC(inpcb_create_mbuf);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ COUNTER_INC(mount_create);
}
-COUNTER_DECL(bpfdesc_create_mbuf);
+COUNTER_DECL(mount_destroy_label);
static void
-test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
- struct mbuf *mbuf, struct label *mbuflabel)
+test_mount_destroy_label(struct label *label)
{
- LABEL_CHECK(bpflabel, MAGIC_BPF);
- LABEL_CHECK(mbuflabel, MAGIC_MBUF);
- COUNTER_INC(bpfdesc_create_mbuf);
+ LABEL_DESTROY(label, MAGIC_MOUNT);
+ COUNTER_INC(mount_destroy_label);
}
-COUNTER_DECL(ifnet_create_mbuf);
+COUNTER_DECL(mount_init_label);
static void
-test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mbuflabel)
-{
-
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- LABEL_CHECK(mbuflabel, MAGIC_MBUF);
- COUNTER_INC(ifnet_create_mbuf);
-}
-
-COUNTER_DECL(ipq_match);
-static int
-test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
- struct ipq *ipq, struct label *ipqlabel)
+test_mount_init_label(struct label *label)
{
- LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
- LABEL_CHECK(ipqlabel, MAGIC_IPQ);
- COUNTER_INC(ipq_match);
-
- return (1);
+ LABEL_INIT(label, MAGIC_MOUNT);
+ COUNTER_INC(mount_init_label);
}
COUNTER_DECL(netatalk_aarp_send);
@@ -1116,6 +784,17 @@ test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
COUNTER_INC(netinet_arp_send);
}
+COUNTER_DECL(netinet_fragment);
+static void
+test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
+ struct mbuf *fragment, struct label *fragmentlabel)
+{
+
+ LABEL_CHECK(datagramlabel, MAGIC_MBUF);
+ LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
+ COUNTER_INC(netinet_fragment);
+}
+
COUNTER_DECL(netinet_icmp_reply);
static void
test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
@@ -1167,1077 +846,1270 @@ test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
COUNTER_INC(netinet6_nd6_send);
}
-COUNTER_DECL(ifnet_relabel);
-static void
-test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+COUNTER_DECL(pipe_check_ioctl);
+static int
+test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- LABEL_CHECK(newlabel, MAGIC_IFNET);
- COUNTER_INC(ifnet_relabel);
-}
-
-COUNTER_DECL(ipq_update);
-static void
-test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
- struct ipq *ipq, struct label *ipqlabel)
-{
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_ioctl);
- LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
- LABEL_CHECK(ipqlabel, MAGIC_IPQ);
- COUNTER_INC(ipq_update);
+ return (0);
}
-COUNTER_DECL(inpcb_sosetlabel);
-static void
-test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
- struct inpcb *inp, struct label *inplabel)
+COUNTER_DECL(pipe_check_poll);
+static int
+test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel)
{
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- LABEL_CHECK(inplabel, MAGIC_INPCB);
- COUNTER_INC(inpcb_sosetlabel);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_poll);
+
+ return (0);
}
-/*
- * Labeling event operations: processes.
- */
-COUNTER_DECL(vnode_execve_transition);
-static void
-test_vnode_execve_transition(struct ucred *old, struct ucred *new,
- struct vnode *vp, struct label *filelabel,
- struct label *interpvplabel, struct image_params *imgp,
- struct label *execlabel)
+COUNTER_DECL(pipe_check_read);
+static int
+test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel)
{
- LABEL_CHECK(old->cr_label, MAGIC_CRED);
- LABEL_CHECK(new->cr_label, MAGIC_CRED);
- LABEL_CHECK(filelabel, MAGIC_VNODE);
- LABEL_CHECK(interpvplabel, MAGIC_VNODE);
- LABEL_CHECK(execlabel, MAGIC_CRED);
- COUNTER_INC(vnode_execve_transition);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_read);
+
+ return (0);
}
-COUNTER_DECL(vnode_execve_will_transition);
+COUNTER_DECL(pipe_check_relabel);
static int
-test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
- struct label *filelabel, struct label *interpvplabel,
- struct image_params *imgp, struct label *execlabel)
+test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel, struct label *newlabel)
{
- LABEL_CHECK(old->cr_label, MAGIC_CRED);
- LABEL_CHECK(filelabel, MAGIC_VNODE);
- LABEL_CHECK(interpvplabel, MAGIC_VNODE);
- LABEL_CHECK(execlabel, MAGIC_CRED);
- COUNTER_INC(vnode_execve_will_transition);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ LABEL_CHECK(newlabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_relabel);
return (0);
}
-COUNTER_DECL(proc_create_swapper);
-static void
-test_proc_create_swapper(struct ucred *cred)
+COUNTER_DECL(pipe_check_stat);
+static int
+test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_create_swapper);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_stat);
+
+ return (0);
}
-COUNTER_DECL(proc_create_init);
-static void
-test_proc_create_init(struct ucred *cred)
+COUNTER_DECL(pipe_check_write);
+static int
+test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_create_init);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_check_write);
+
+ return (0);
}
-COUNTER_DECL(cred_relabel);
+COUNTER_DECL(pipe_copy_label);
static void
-test_cred_relabel(struct ucred *cred, struct label *newlabel)
+test_pipe_copy_label(struct label *src, struct label *dest)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(newlabel, MAGIC_CRED);
- COUNTER_INC(cred_relabel);
+ LABEL_CHECK(src, MAGIC_PIPE);
+ LABEL_CHECK(dest, MAGIC_PIPE);
+ COUNTER_INC(pipe_copy_label);
}
-COUNTER_DECL(thread_userret);
+COUNTER_DECL(pipe_create);
static void
-test_thread_userret(struct thread *td)
+test_pipe_create(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel)
{
- COUNTER_INC(thread_userret);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_create);
}
-/*
- * Label cleanup/flush operations
- */
-COUNTER_DECL(sysvmsg_cleanup);
+COUNTER_DECL(pipe_destroy_label);
static void
-test_sysvmsg_cleanup(struct label *msglabel)
+test_pipe_destroy_label(struct label *label)
{
- LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
- COUNTER_INC(sysvmsg_cleanup);
+ LABEL_DESTROY(label, MAGIC_PIPE);
+ COUNTER_INC(pipe_destroy_label);
}
-COUNTER_DECL(sysvmsq_cleanup);
-static void
-test_sysvmsq_cleanup(struct label *msqlabel)
+COUNTER_DECL(pipe_externalize_label);
+static int
+test_pipe_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
{
- LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
- COUNTER_INC(sysvmsq_cleanup);
+ LABEL_CHECK(label, MAGIC_PIPE);
+ COUNTER_INC(pipe_externalize_label);
+
+ return (0);
}
-COUNTER_DECL(sysvsem_cleanup);
+COUNTER_DECL(pipe_init_label);
static void
-test_sysvsem_cleanup(struct label *semalabel)
+test_pipe_init_label(struct label *label)
{
- LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_cleanup);
+ LABEL_INIT(label, MAGIC_PIPE);
+ COUNTER_INC(pipe_init_label);
}
-COUNTER_DECL(sysvshm_cleanup);
+COUNTER_DECL(pipe_relabel);
static void
-test_sysvshm_cleanup(struct label *shmlabel)
+test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+ struct label *pipelabel, struct label *newlabel)
{
- LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_cleanup);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(pipelabel, MAGIC_PIPE);
+ LABEL_CHECK(newlabel, MAGIC_PIPE);
+ COUNTER_INC(pipe_relabel);
}
-/*
- * Access control checks.
- */
-COUNTER_DECL(bpfdesc_check_receive);
+COUNTER_DECL(posixsem_check_destroy);
static int
-test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
- struct ifnet *ifp, struct label *ifplabel)
+test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- LABEL_CHECK(bpflabel, MAGIC_BPF);
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- COUNTER_INC(bpfdesc_check_receive);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_destroy);
return (0);
}
-COUNTER_DECL(cred_check_relabel);
+COUNTER_DECL(posixsem_check_getvalue);
static int
-test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
+test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(newlabel, MAGIC_CRED);
- COUNTER_INC(cred_check_relabel);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_getvalue);
return (0);
}
-COUNTER_DECL(cred_check_visible);
+COUNTER_DECL(posixsem_check_open);
static int
-test_cred_check_visible(struct ucred *u1, struct ucred *u2)
+test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- LABEL_CHECK(u1->cr_label, MAGIC_CRED);
- LABEL_CHECK(u2->cr_label, MAGIC_CRED);
- COUNTER_INC(cred_check_visible);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_open);
return (0);
}
-COUNTER_DECL(ifnet_check_relabel);
+COUNTER_DECL(posixsem_check_post);
static int
-test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
- struct label *ifplabel, struct label *newlabel)
+test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- LABEL_CHECK(newlabel, MAGIC_IFNET);
- COUNTER_INC(ifnet_check_relabel);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_post);
return (0);
}
-COUNTER_DECL(ifnet_check_transmit);
+COUNTER_DECL(posixsem_check_unlink);
static int
-test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
- struct mbuf *m, struct label *mbuflabel)
+test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- LABEL_CHECK(ifplabel, MAGIC_IFNET);
- LABEL_CHECK(mbuflabel, MAGIC_MBUF);
- COUNTER_INC(ifnet_check_transmit);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_unlink);
return (0);
}
-COUNTER_DECL(inpcb_check_deliver);
+COUNTER_DECL(posixsem_check_wait);
static int
-test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
- struct mbuf *m, struct label *mlabel)
+test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- LABEL_CHECK(inplabel, MAGIC_INPCB);
- LABEL_CHECK(mlabel, MAGIC_MBUF);
- COUNTER_INC(inpcb_check_deliver);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_check_wait);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msgmsq);
-static int
-test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel, struct msqid_kernel *msqkptr,
- struct label *msqklabel)
+COUNTER_DECL(posixsem_create);
+static void
+test_posixsem_create(struct ucred *cred, struct ksem *ks,
+ struct label *kslabel)
{
- LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
- LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msgmsq);
+ LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_create);
+}
- return (0);
+COUNTER_DECL(posixsem_destroy_label);
+static void
+test_posixsem_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_destroy_label);
}
-COUNTER_DECL(sysvmsq_check_msgrcv);
+COUNTER_DECL(posixsem_init_label);
+static void
+test_posixsem_init_label(struct label *label)
+{
+
+ LABEL_INIT(label, MAGIC_POSIX_SEM);
+ COUNTER_INC(posixsem_init_label);
+}
+
+COUNTER_DECL(proc_check_debug);
static int
-test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+test_proc_check_debug(struct ucred *cred, struct proc *p)
{
- LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msgrcv);
+ LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
+ COUNTER_INC(proc_check_debug);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msgrmid);
+COUNTER_DECL(proc_check_sched);
static int
-test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
- struct label *msglabel)
+test_proc_check_sched(struct ucred *cred, struct proc *p)
{
- LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msgrmid);
+ LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
+ COUNTER_INC(proc_check_sched);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msqget);
+COUNTER_DECL(proc_check_signal);
static int
-test_sysvmsq_check_msqget(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct label *msqklabel)
+test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
{
- LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msqget);
+ LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
+ COUNTER_INC(proc_check_signal);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msqsnd);
+COUNTER_DECL(proc_check_setaudit);
static int
-test_sysvmsq_check_msqsnd(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct label *msqklabel)
+test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
{
- LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msqsnd);
+ COUNTER_INC(proc_check_setaudit);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msqrcv);
+COUNTER_DECL(proc_check_setaudit_addr);
static int
-test_sysvmsq_check_msqrcv(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct label *msqklabel)
+test_proc_check_setaudit_addr(struct ucred *cred,
+ struct auditinfo_addr *aia)
{
- LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msqrcv);
+ COUNTER_INC(proc_check_setaudit_addr);
return (0);
}
-COUNTER_DECL(sysvmsq_check_msqctl);
+COUNTER_DECL(proc_check_setauid);
static int
-test_sysvmsq_check_msqctl(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
+test_proc_check_setauid(struct ucred *cred, uid_t auid)
{
- LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(sysvmsq_check_msqctl);
+ COUNTER_INC(proc_check_setauid);
return (0);
}
-COUNTER_DECL(sysvsem_check_semctl);
+COUNTER_DECL(proc_check_setegid);
static int
-test_sysvsem_check_semctl(struct ucred *cred,
- struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
+test_proc_check_setegid(struct ucred *cred, gid_t egid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_check_semctl);
+ COUNTER_INC(proc_check_setegid);
- return (0);
+ return (0);
}
-COUNTER_DECL(sysvsem_check_semget);
+COUNTER_DECL(proc_check_euid);
static int
-test_sysvsem_check_semget(struct ucred *cred,
- struct semid_kernel *semakptr, struct label *semaklabel)
+test_proc_check_seteuid(struct ucred *cred, uid_t euid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_check_semget);
+ COUNTER_INC(proc_check_euid);
return (0);
}
-COUNTER_DECL(sysvsem_check_semop);
+COUNTER_DECL(proc_check_setregid);
static int
-test_sysvsem_check_semop(struct ucred *cred,
- struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
+test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
- COUNTER_INC(sysvsem_check_semop);
+ COUNTER_INC(proc_check_setregid);
return (0);
}
-COUNTER_DECL(sysvshm_check_shmat);
+COUNTER_DECL(proc_check_setreuid);
static int
-test_sysvshm_check_shmat(struct ucred *cred,
- struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
+test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_check_shmat);
+ COUNTER_INC(proc_check_setreuid);
- return (0);
+ return (0);
}
-COUNTER_DECL(sysvshm_check_shmctl);
+COUNTER_DECL(proc_check_setgid);
static int
-test_sysvshm_check_shmctl(struct ucred *cred,
- struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
+test_proc_check_setgid(struct ucred *cred, gid_t gid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_check_shmctl);
+ COUNTER_INC(proc_check_setgid);
- return (0);
+ return (0);
}
-COUNTER_DECL(sysvshm_check_shmdt);
+COUNTER_DECL(proc_check_setgroups);
static int
-test_sysvshm_check_shmdt(struct ucred *cred,
- struct shmid_kernel *shmsegptr, struct label *shmseglabel)
+test_proc_check_setgroups(struct ucred *cred, int ngroups,
+ gid_t *gidset)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_check_shmdt);
+ COUNTER_INC(proc_check_setgroups);
return (0);
}
-COUNTER_DECL(sysvshm_check_shmget);
+COUNTER_DECL(proc_check_setresgid);
static int
-test_sysvshm_check_shmget(struct ucred *cred,
- struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
+test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
+ gid_t sgid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
- COUNTER_INC(sysvshm_check_shmget);
+ COUNTER_INC(proc_check_setresgid);
return (0);
}
-COUNTER_DECL(kenv_check_dump);
+COUNTER_DECL(proc_check_setresuid);
static int
-test_kenv_check_dump(struct ucred *cred)
+test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
+ uid_t suid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(kenv_check_dump);
+ COUNTER_INC(proc_check_setresuid);
return (0);
}
-COUNTER_DECL(kenv_check_get);
+COUNTER_DECL(proc_check_setuid);
static int
-test_kenv_check_get(struct ucred *cred, char *name)
+test_proc_check_setuid(struct ucred *cred, uid_t uid)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(kenv_check_get);
+ COUNTER_INC(proc_check_setuid);
return (0);
}
-COUNTER_DECL(kenv_check_set);
+COUNTER_DECL(proc_check_wait);
static int
-test_kenv_check_set(struct ucred *cred, char *name, char *value)
+test_proc_check_wait(struct ucred *cred, struct proc *p)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(kenv_check_set);
+ LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
+ COUNTER_INC(proc_check_wait);
return (0);
}
-COUNTER_DECL(kenv_check_unset);
-static int
-test_kenv_check_unset(struct ucred *cred, char *name)
+COUNTER_DECL(proc_create_init);
+static void
+test_proc_create_init(struct ucred *cred)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(kenv_check_unset);
-
- return (0);
+ COUNTER_INC(proc_create_init);
}
-COUNTER_DECL(kld_check_load);
-static int
-test_kld_check_load(struct ucred *cred, struct vnode *vp,
- struct label *label)
+COUNTER_DECL(proc_create_swapper);
+static void
+test_proc_create_swapper(struct ucred *cred)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(label, MAGIC_VNODE);
- COUNTER_INC(kld_check_load);
+ COUNTER_INC(proc_create_swapper);
+}
- return (0);
+COUNTER_DECL(proc_destroy_label);
+static void
+test_proc_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_PROC);
+ COUNTER_INC(proc_destroy_label);
}
-COUNTER_DECL(kld_check_stat);
+COUNTER_DECL(proc_init_label);
+static void
+test_proc_init_label(struct label *label)
+{
+
+ LABEL_INIT(label, MAGIC_PROC);
+ COUNTER_INC(proc_init_label);
+}
+
+COUNTER_DECL(socket_check_accept);
static int
-test_kld_check_stat(struct ucred *cred)
+test_socket_check_accept(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(kld_check_stat);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_accept);
return (0);
}
-COUNTER_DECL(mount_check_stat);
+COUNTER_DECL(socket_check_bind);
static int
-test_mount_check_stat(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
+test_socket_check_bind(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct sockaddr *sa)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(mplabel, MAGIC_MOUNT);
- COUNTER_INC(mount_check_stat);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_bind);
return (0);
}
-COUNTER_DECL(pipe_check_ioctl);
+COUNTER_DECL(socket_check_connect);
static int
-test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+test_socket_check_connect(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct sockaddr *sa)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_ioctl);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_connect);
return (0);
}
-COUNTER_DECL(pipe_check_poll);
+COUNTER_DECL(socket_check_deliver);
static int
-test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+test_socket_check_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_poll);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ LABEL_CHECK(mlabel, MAGIC_MBUF);
+ COUNTER_INC(socket_check_deliver);
return (0);
}
-COUNTER_DECL(pipe_check_read);
+COUNTER_DECL(socket_check_listen);
static int
-test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+test_socket_check_listen(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_read);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_listen);
return (0);
}
-COUNTER_DECL(pipe_check_relabel);
+COUNTER_DECL(socket_check_poll);
static int
-test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, struct label *newlabel)
+test_socket_check_poll(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- LABEL_CHECK(newlabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_relabel);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_poll);
return (0);
}
-COUNTER_DECL(pipe_check_stat);
+COUNTER_DECL(socket_check_receive);
static int
-test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+test_socket_check_receive(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_stat);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_receive);
return (0);
}
-COUNTER_DECL(pipe_check_write);
+COUNTER_DECL(socket_check_relabel);
static int
-test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+test_socket_check_relabel(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(pipelabel, MAGIC_PIPE);
- COUNTER_INC(pipe_check_write);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ LABEL_CHECK(newlabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_relabel);
return (0);
}
-COUNTER_DECL(posixsem_check_destroy);
+COUNTER_DECL(socket_check_send);
static int
-test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+test_socket_check_send(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_destroy);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_send);
return (0);
}
-COUNTER_DECL(posixsem_check_getvalue);
+COUNTER_DECL(socket_check_stat);
static int
-test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+test_socket_check_stat(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_getvalue);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_stat);
return (0);
}
-COUNTER_DECL(posixsem_check_open);
+COUNTER_DECL(socket_check_visible);
static int
-test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+test_socket_check_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_open);
+ LABEL_CHECK(solabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_check_visible);
return (0);
}
-COUNTER_DECL(posixsem_check_post);
-static int
-test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+COUNTER_DECL(socket_copy_label);
+static void
+test_socket_copy_label(struct label *src, struct label *dest)
+{
+
+ LABEL_CHECK(src, MAGIC_SOCKET);
+ LABEL_CHECK(dest, MAGIC_SOCKET);
+ COUNTER_INC(socket_copy_label);
+}
+
+COUNTER_DECL(socket_create);
+static void
+test_socket_create(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_post);
+ LABEL_CHECK(socketlabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_create);
+}
- return (0);
+COUNTER_DECL(socket_create_mbuf);
+static void
+test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
+ struct mbuf *m, struct label *mbuflabel)
+{
+
+ LABEL_CHECK(socketlabel, MAGIC_SOCKET);
+ LABEL_CHECK(mbuflabel, MAGIC_MBUF);
+ COUNTER_INC(socket_create_mbuf);
}
-COUNTER_DECL(posixsem_check_unlink);
+COUNTER_DECL(socket_destroy_label);
+static void
+test_socket_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_SOCKET);
+ COUNTER_INC(socket_destroy_label);
+}
+
+COUNTER_DECL(socket_externalize_label);
static int
-test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+test_socket_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_unlink);
+ LABEL_CHECK(label, MAGIC_SOCKET);
+ COUNTER_INC(socket_externalize_label);
return (0);
}
-COUNTER_DECL(posixsem_check_wait);
+COUNTER_DECL(socket_init_label);
static int
-test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
- struct label *kslabel)
+test_socket_init_label(struct label *label, int flag)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
- COUNTER_INC(posixsem_check_wait);
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_socket_init_label() at %s:%d", __FILE__,
+ __LINE__);
+ LABEL_INIT(label, MAGIC_SOCKET);
+ COUNTER_INC(socket_init_label);
return (0);
}
-COUNTER_DECL(proc_check_debug);
-static int
-test_proc_check_debug(struct ucred *cred, struct proc *p)
+COUNTER_DECL(socket_newconn);
+static void
+test_socket_newconn(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketlabel)
+{
+
+ LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
+ LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_newconn);
+}
+
+COUNTER_DECL(socket_relabel);
+static void
+test_socket_relabel(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel, struct label *newlabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_debug);
+ LABEL_CHECK(newlabel, MAGIC_SOCKET);
+ COUNTER_INC(socket_relabel);
+}
- return (0);
+COUNTER_DECL(socketpeer_destroy_label);
+static void
+test_socketpeer_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_SOCKET);
+ COUNTER_INC(socketpeer_destroy_label);
}
-COUNTER_DECL(proc_check_sched);
+COUNTER_DECL(socketpeer_externalize_label);
static int
-test_proc_check_sched(struct ucred *cred, struct proc *p)
+test_socketpeer_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_sched);
+ LABEL_CHECK(label, MAGIC_SOCKET);
+ COUNTER_INC(socketpeer_externalize_label);
return (0);
}
-COUNTER_DECL(proc_check_signal);
+COUNTER_DECL(socketpeer_init_label);
static int
-test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
+test_socketpeer_init_label(struct label *label, int flag)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_signal);
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_socketpeer_init_label() at %s:%d", __FILE__,
+ __LINE__);
+ LABEL_INIT(label, MAGIC_SOCKET);
+ COUNTER_INC(socketpeer_init_label);
return (0);
}
-COUNTER_DECL(proc_check_setaudit);
-static int
-test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
+COUNTER_DECL(socketpeer_set_from_mbuf);
+static void
+test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
+ struct socket *socket, struct label *socketpeerlabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setaudit);
+ LABEL_CHECK(mbuflabel, MAGIC_MBUF);
+ LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
+ COUNTER_INC(socketpeer_set_from_mbuf);
+}
- return (0);
+COUNTER_DECL(socketpeer_set_from_socket);
+static void
+test_socketpeer_set_from_socket(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketpeerlabel)
+{
+
+ LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
+ LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
+ COUNTER_INC(socketpeer_set_from_socket);
}
-COUNTER_DECL(proc_check_setaudit_addr);
-static int
-test_proc_check_setaudit_addr(struct ucred *cred,
- struct auditinfo_addr *aia)
+COUNTER_DECL(syncache_create);
+static void
+test_syncache_create(struct label *label, struct inpcb *inp)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setaudit_addr);
+ LABEL_CHECK(label, MAGIC_SYNCACHE);
+ COUNTER_INC(syncache_create);
+}
- return (0);
+COUNTER_DECL(syncache_create_mbuf);
+static void
+test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
+ struct label *mlabel)
+{
+
+ LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
+ LABEL_CHECK(mlabel, MAGIC_MBUF);
+ COUNTER_INC(syncache_create_mbuf);
}
-COUNTER_DECL(proc_check_setauid);
-static int
-test_proc_check_setauid(struct ucred *cred, uid_t auid)
+COUNTER_DECL(syncache_destroy_label);
+static void
+test_syncache_destroy_label(struct label *label)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setauid);
+ LABEL_DESTROY(label, MAGIC_SYNCACHE);
+ COUNTER_INC(syncache_destroy_label);
+}
+
+COUNTER_DECL(syncache_init_label);
+static int
+test_syncache_init_label(struct label *label, int flag)
+{
+ if (flag & M_WAITOK)
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "test_syncache_init_label() at %s:%d", __FILE__,
+ __LINE__);
+ LABEL_INIT(label, MAGIC_SYNCACHE);
+ COUNTER_INC(syncache_init_label);
return (0);
}
-COUNTER_DECL(proc_check_setuid);
+COUNTER_DECL(system_check_acct);
static int
-test_proc_check_setuid(struct ucred *cred, uid_t uid)
+test_system_check_acct(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setuid);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(system_check_acct);
return (0);
}
-COUNTER_DECL(proc_check_euid);
+COUNTER_DECL(system_check_audit);
static int
-test_proc_check_seteuid(struct ucred *cred, uid_t euid)
+test_system_check_audit(struct ucred *cred, void *record, int length)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_euid);
+ COUNTER_INC(system_check_audit);
return (0);
}
-COUNTER_DECL(proc_check_setgid);
+COUNTER_DECL(system_check_auditctl);
static int
-test_proc_check_setgid(struct ucred *cred, gid_t gid)
+test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setgid);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(system_check_auditctl);
return (0);
}
-COUNTER_DECL(proc_check_setegid);
+COUNTER_DECL(system_check_auditon);
static int
-test_proc_check_setegid(struct ucred *cred, gid_t egid)
+test_system_check_auditon(struct ucred *cred, int cmd)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setegid);
+ COUNTER_INC(system_check_auditon);
return (0);
}
-COUNTER_DECL(proc_check_setgroups);
+COUNTER_DECL(system_check_reboot);
static int
-test_proc_check_setgroups(struct ucred *cred, int ngroups,
- gid_t *gidset)
+test_system_check_reboot(struct ucred *cred, int how)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setgroups);
+ COUNTER_INC(system_check_reboot);
return (0);
}
-COUNTER_DECL(proc_check_setreuid);
+COUNTER_DECL(system_check_swapoff);
static int
-test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
+test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setreuid);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(system_check_swapoff);
return (0);
}
-COUNTER_DECL(proc_check_setregid);
+COUNTER_DECL(system_check_swapon);
static int
-test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
+test_system_check_swapon(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setregid);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(system_check_swapon);
return (0);
}
-COUNTER_DECL(proc_check_setresuid);
+COUNTER_DECL(system_check_sysctl);
static int
-test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
- uid_t suid)
+test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+ void *arg1, int arg2, struct sysctl_req *req)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setresuid);
+ COUNTER_INC(system_check_sysctl);
return (0);
}
-COUNTER_DECL(proc_check_setresgid);
-static int
-test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
- gid_t sgid)
+COUNTER_DECL(sysvmsg_cleanup);
+static void
+test_sysvmsg_cleanup(struct label *msglabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_setresgid);
+ LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
+ COUNTER_INC(sysvmsg_cleanup);
+}
- return (0);
+COUNTER_DECL(sysvmsg_create);
+static void
+test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
+{
+
+ LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
+ LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
+ COUNTER_INC(sysvmsg_create);
}
-COUNTER_DECL(proc_check_wait);
-static int
-test_proc_check_wait(struct ucred *cred, struct proc *p)
+COUNTER_DECL(sysvmsg_destroy_label);
+static void
+test_sysvmsg_destroy_label(struct label *label)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
- COUNTER_INC(proc_check_wait);
+ LABEL_DESTROY(label, MAGIC_SYSV_MSG);
+ COUNTER_INC(sysvmsg_destroy_label);
+}
- return (0);
+COUNTER_DECL(sysvmsg_init_label);
+static void
+test_sysvmsg_init_label(struct label *label)
+{
+ LABEL_INIT(label, MAGIC_SYSV_MSG);
+ COUNTER_INC(sysvmsg_init_label);
}
-COUNTER_DECL(socket_check_accept);
+COUNTER_DECL(sysvmsq_check_msgmsq);
static int
-test_socket_check_accept(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel, struct msqid_kernel *msqkptr,
+ struct label *msqklabel)
{
+ LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
+ LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_accept);
+ COUNTER_INC(sysvmsq_check_msgmsq);
- return (0);
+ return (0);
}
-COUNTER_DECL(socket_check_bind);
+COUNTER_DECL(sysvmsq_check_msgrcv);
static int
-test_socket_check_bind(struct ucred *cred, struct socket *so,
- struct label *solabel, struct sockaddr *sa)
+test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
+ LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_bind);
+ COUNTER_INC(sysvmsq_check_msgrcv);
return (0);
}
-COUNTER_DECL(socket_check_connect);
+COUNTER_DECL(sysvmsq_check_msgrmid);
static int
-test_socket_check_connect(struct ucred *cred, struct socket *so,
- struct label *solabel, struct sockaddr *sa)
+test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
+ struct label *msglabel)
{
+ LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_connect);
+ COUNTER_INC(sysvmsq_check_msgrmid);
return (0);
}
-COUNTER_DECL(socket_check_deliver);
+COUNTER_DECL(sysvmsq_check_msqget);
static int
-test_socket_check_deliver(struct socket *so, struct label *solabel,
- struct mbuf *m, struct label *mlabel)
+test_sysvmsq_check_msqget(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel)
{
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- LABEL_CHECK(mlabel, MAGIC_MBUF);
- COUNTER_INC(socket_check_deliver);
+ LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ COUNTER_INC(sysvmsq_check_msqget);
return (0);
}
-COUNTER_DECL(socket_check_listen);
+COUNTER_DECL(sysvmsq_check_msqsnd);
static int
-test_socket_check_listen(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvmsq_check_msqsnd(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel)
{
+ LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_listen);
+ COUNTER_INC(sysvmsq_check_msqsnd);
return (0);
}
-COUNTER_DECL(socket_check_poll);
+COUNTER_DECL(sysvmsq_check_msqrcv);
static int
-test_socket_check_poll(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvmsq_check_msqrcv(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel)
{
+ LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_poll);
+ COUNTER_INC(sysvmsq_check_msqrcv);
return (0);
}
-COUNTER_DECL(socket_check_receive);
+COUNTER_DECL(sysvmsq_check_msqctl);
static int
-test_socket_check_receive(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvmsq_check_msqctl(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
{
+ LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_receive);
+ COUNTER_INC(sysvmsq_check_msqctl);
return (0);
}
-COUNTER_DECL(socket_check_relabel);
-static int
-test_socket_check_relabel(struct ucred *cred, struct socket *so,
- struct label *solabel, struct label *newlabel)
+COUNTER_DECL(sysvmsq_cleanup);
+static void
+test_sysvmsq_cleanup(struct label *msqlabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- LABEL_CHECK(newlabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_relabel);
+ LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
+ COUNTER_INC(sysvmsq_cleanup);
+}
- return (0);
+COUNTER_DECL(sysvmsq_create);
+static void
+test_sysvmsq_create(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqlabel)
+{
+
+ LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
+ COUNTER_INC(sysvmsq_create);
}
-COUNTER_DECL(socket_check_send);
-static int
-test_socket_check_send(struct ucred *cred, struct socket *so,
- struct label *solabel)
+COUNTER_DECL(sysvmsq_destroy_label);
+static void
+test_sysvmsq_destroy_label(struct label *label)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_send);
+ LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
+ COUNTER_INC(sysvmsq_destroy_label);
+}
- return (0);
+COUNTER_DECL(sysvmsq_init_label);
+static void
+test_sysvmsq_init_label(struct label *label)
+{
+ LABEL_INIT(label, MAGIC_SYSV_MSQ);
+ COUNTER_INC(sysvmsq_init_label);
}
-COUNTER_DECL(socket_check_stat);
+COUNTER_DECL(sysvsem_check_semctl);
static int
-test_socket_check_stat(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvsem_check_semctl(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_stat);
+ LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_check_semctl);
- return (0);
+ return (0);
}
-COUNTER_DECL(socket_check_visible);
+COUNTER_DECL(sysvsem_check_semget);
static int
-test_socket_check_visible(struct ucred *cred, struct socket *so,
- struct label *solabel)
+test_sysvsem_check_semget(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(solabel, MAGIC_SOCKET);
- COUNTER_INC(socket_check_visible);
+ LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_check_semget);
return (0);
}
-COUNTER_DECL(system_check_acct);
+COUNTER_DECL(sysvsem_check_semop);
static int
-test_system_check_acct(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+test_sysvsem_check_semop(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(system_check_acct);
+ LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_check_semop);
return (0);
}
-COUNTER_DECL(system_check_audit);
-static int
-test_system_check_audit(struct ucred *cred, void *record, int length)
+COUNTER_DECL(sysvsem_cleanup);
+static void
+test_sysvsem_cleanup(struct label *semalabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(system_check_audit);
+ LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_cleanup);
+}
- return (0);
+COUNTER_DECL(sysvsem_create);
+static void
+test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
+ struct label *semalabel)
+{
+
+ LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_create);
}
-COUNTER_DECL(system_check_auditctl);
-static int
-test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+COUNTER_DECL(sysvsem_destroy_label);
+static void
+test_sysvsem_destroy_label(struct label *label)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(system_check_auditctl);
+ LABEL_DESTROY(label, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_destroy_label);
+}
- return (0);
+COUNTER_DECL(sysvsem_init_label);
+static void
+test_sysvsem_init_label(struct label *label)
+{
+ LABEL_INIT(label, MAGIC_SYSV_SEM);
+ COUNTER_INC(sysvsem_init_label);
}
-COUNTER_DECL(system_check_auditon);
+COUNTER_DECL(sysvshm_check_shmat);
static int
-test_system_check_auditon(struct ucred *cred, int cmd)
+test_sysvshm_check_shmat(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(system_check_auditon);
+ LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_check_shmat);
- return (0);
+ return (0);
}
-COUNTER_DECL(system_check_reboot);
+COUNTER_DECL(sysvshm_check_shmctl);
static int
-test_system_check_reboot(struct ucred *cred, int how)
+test_sysvshm_check_shmctl(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(system_check_reboot);
+ LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_check_shmctl);
- return (0);
+ return (0);
}
-COUNTER_DECL(system_check_swapoff);
+COUNTER_DECL(sysvshm_check_shmdt);
static int
-test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+test_sysvshm_check_shmdt(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, struct label *shmseglabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(system_check_swapoff);
+ LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_check_shmdt);
return (0);
}
-COUNTER_DECL(system_check_swapon);
+COUNTER_DECL(sysvshm_check_shmget);
static int
-test_system_check_swapon(struct ucred *cred, struct vnode *vp,
- struct label *vplabel)
+test_sysvshm_check_shmget(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(vplabel, MAGIC_VNODE);
- COUNTER_INC(system_check_swapon);
+ LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_check_shmget);
return (0);
}
-COUNTER_DECL(system_check_sysctl);
+COUNTER_DECL(sysvshm_cleanup);
+static void
+test_sysvshm_cleanup(struct label *shmlabel)
+{
+
+ LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_cleanup);
+}
+
+COUNTER_DECL(sysvshm_create);
+static void
+test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
+ struct label *shmlabel)
+{
+
+ LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_create);
+}
+
+COUNTER_DECL(sysvshm_destroy_label);
+static void
+test_sysvshm_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_destroy_label);
+}
+
+COUNTER_DECL(sysvshm_init_label);
+static void
+test_sysvshm_init_label(struct label *label)
+{
+ LABEL_INIT(label, MAGIC_SYSV_SHM);
+ COUNTER_INC(sysvshm_init_label);
+}
+
+COUNTER_DECL(thread_userret);
+static void
+test_thread_userret(struct thread *td)
+{
+
+ COUNTER_INC(thread_userret);
+}
+
+COUNTER_DECL(vnode_associate_extattr);
static int
-test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
- void *arg1, int arg2, struct sysctl_req *req)
+test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
- LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- COUNTER_INC(system_check_sysctl);
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(vnode_associate_extattr);
return (0);
}
+COUNTER_DECL(vnode_associate_singlelabel);
+static void
+test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
+{
+
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ COUNTER_INC(vnode_associate_singlelabel);
+}
+
COUNTER_DECL(vnode_check_access);
static int
test_vnode_check_access(struct ucred *cred, struct vnode *vp,
@@ -2662,176 +2534,257 @@ test_vnode_check_write(struct ucred *active_cred,
return (0);
}
+COUNTER_DECL(vnode_copy_label);
+static void
+test_vnode_copy_label(struct label *src, struct label *dest)
+{
+
+ LABEL_CHECK(src, MAGIC_VNODE);
+ LABEL_CHECK(dest, MAGIC_VNODE);
+ COUNTER_INC(vnode_copy_label);
+}
+
+COUNTER_DECL(vnode_create_extattr);
+static int
+test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
+ struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
+{
+
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(mplabel, MAGIC_MOUNT);
+ LABEL_CHECK(dvplabel, MAGIC_VNODE);
+ COUNTER_INC(vnode_create_extattr);
+
+ return (0);
+}
+
+COUNTER_DECL(vnode_destroy_label);
+static void
+test_vnode_destroy_label(struct label *label)
+{
+
+ LABEL_DESTROY(label, MAGIC_VNODE);
+ COUNTER_INC(vnode_destroy_label);
+}
+
+COUNTER_DECL(vnode_execve_transition);
+static void
+test_vnode_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *filelabel,
+ struct label *interpvplabel, struct image_params *imgp,
+ struct label *execlabel)
+{
+
+ LABEL_CHECK(old->cr_label, MAGIC_CRED);
+ LABEL_CHECK(new->cr_label, MAGIC_CRED);
+ LABEL_CHECK(filelabel, MAGIC_VNODE);
+ LABEL_CHECK(interpvplabel, MAGIC_VNODE);
+ LABEL_CHECK(execlabel, MAGIC_CRED);
+ COUNTER_INC(vnode_execve_transition);
+}
+
+COUNTER_DECL(vnode_execve_will_transition);
+static int
+test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
+ struct label *filelabel, struct label *interpvplabel,
+ struct image_params *imgp, struct label *execlabel)
+{
+
+ LABEL_CHECK(old->cr_label, MAGIC_CRED);
+ LABEL_CHECK(filelabel, MAGIC_VNODE);
+ LABEL_CHECK(interpvplabel, MAGIC_VNODE);
+ LABEL_CHECK(execlabel, MAGIC_CRED);
+ COUNTER_INC(vnode_execve_will_transition);
+
+ return (0);
+}
+
+COUNTER_DECL(vnode_externalize_label);
+static int
+test_vnode_externalize_label(struct label *label, char *element_name,
+ struct sbuf *sb, int *claimed)
+{
+
+ LABEL_CHECK(label, MAGIC_VNODE);
+ COUNTER_INC(vnode_externalize_label);
+
+ return (0);
+}
+
+COUNTER_DECL(vnode_init_label);
+static void
+test_vnode_init_label(struct label *label)
+{
+
+ LABEL_INIT(label, MAGIC_VNODE);
+ COUNTER_INC(vnode_init_label);
+}
+
+COUNTER_DECL(vnode_relabel);
+static void
+test_vnode_relabel(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *label)
+{
+
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ LABEL_CHECK(label, MAGIC_VNODE);
+ COUNTER_INC(vnode_relabel);
+}
+
+COUNTER_DECL(vnode_setlabel_extattr);
+static int
+test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *intlabel)
+{
+
+ LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+ LABEL_CHECK(vplabel, MAGIC_VNODE);
+ LABEL_CHECK(intlabel, MAGIC_VNODE);
+ COUNTER_INC(vnode_setlabel_extattr);
+
+ return (0);
+}
+
static struct mac_policy_ops test_ops =
{
- .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
- .mpo_cred_init_label = test_cred_init_label,
- .mpo_devfs_init_label = test_devfs_init_label,
- .mpo_ifnet_init_label = test_ifnet_init_label,
- .mpo_syncache_init_label = test_syncache_init_label,
- .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
- .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
- .mpo_sysvsem_init_label = test_sysvsem_init_label,
- .mpo_sysvshm_init_label = test_sysvshm_init_label,
- .mpo_inpcb_init_label = test_inpcb_init_label,
- .mpo_ipq_init_label = test_ipq_init_label,
- .mpo_mbuf_init_label = test_mbuf_init_label,
- .mpo_mount_init_label = test_mount_init_label,
- .mpo_pipe_init_label = test_pipe_init_label,
- .mpo_posixsem_init_label = test_posixsem_init_label,
- .mpo_proc_init_label = test_proc_init_label,
- .mpo_socket_init_label = test_socket_init_label,
- .mpo_socketpeer_init_label = test_socketpeer_init_label,
- .mpo_vnode_init_label = test_vnode_init_label,
+ .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
+ .mpo_bpfdesc_create = test_bpfdesc_create,
+ .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
.mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
- .mpo_cred_destroy_label = test_cred_destroy_label,
- .mpo_devfs_destroy_label = test_devfs_destroy_label,
- .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
- .mpo_syncache_destroy_label = test_syncache_destroy_label,
- .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
- .mpo_sysvmsq_destroy_label =
- test_sysvmsq_destroy_label,
- .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
- .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
- .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
- .mpo_ipq_destroy_label = test_ipq_destroy_label,
- .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
- .mpo_mount_destroy_label = test_mount_destroy_label,
- .mpo_pipe_destroy_label = test_pipe_destroy_label,
- .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
- .mpo_proc_destroy_label = test_proc_destroy_label,
- .mpo_socket_destroy_label = test_socket_destroy_label,
- .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
- .mpo_vnode_destroy_label = test_vnode_destroy_label,
+ .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
+
+ .mpo_cred_check_relabel = test_cred_check_relabel,
+ .mpo_cred_check_visible = test_cred_check_visible,
.mpo_cred_copy_label = test_cred_copy_label,
- .mpo_ifnet_copy_label = test_ifnet_copy_label,
- .mpo_mbuf_copy_label = test_mbuf_copy_label,
- .mpo_pipe_copy_label = test_pipe_copy_label,
- .mpo_socket_copy_label = test_socket_copy_label,
- .mpo_vnode_copy_label = test_vnode_copy_label,
+ .mpo_cred_destroy_label = test_cred_destroy_label,
.mpo_cred_externalize_label = test_cred_externalize_label,
- .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
- .mpo_pipe_externalize_label = test_pipe_externalize_label,
- .mpo_socket_externalize_label = test_socket_externalize_label,
- .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
- .mpo_vnode_externalize_label = test_vnode_externalize_label,
+ .mpo_cred_init_label = test_cred_init_label,
.mpo_cred_internalize_label = test_internalize_label,
- .mpo_ifnet_internalize_label = test_internalize_label,
- .mpo_pipe_internalize_label = test_internalize_label,
- .mpo_socket_internalize_label = test_internalize_label,
- .mpo_vnode_internalize_label = test_internalize_label,
- .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
- .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
- .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
+ .mpo_cred_relabel = test_cred_relabel,
+
.mpo_devfs_create_device = test_devfs_create_device,
.mpo_devfs_create_directory = test_devfs_create_directory,
.mpo_devfs_create_symlink = test_devfs_create_symlink,
- .mpo_vnode_create_extattr = test_vnode_create_extattr,
- .mpo_mount_create = test_mount_create,
- .mpo_vnode_relabel = test_vnode_relabel,
- .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
+ .mpo_devfs_destroy_label = test_devfs_destroy_label,
+ .mpo_devfs_init_label = test_devfs_init_label,
.mpo_devfs_update = test_devfs_update,
- .mpo_socket_create_mbuf = test_socket_create_mbuf,
- .mpo_pipe_create = test_pipe_create,
- .mpo_posixsem_create = test_posixsem_create,
- .mpo_socket_create = test_socket_create,
- .mpo_socket_newconn = test_socket_newconn,
- .mpo_pipe_relabel = test_pipe_relabel,
- .mpo_socket_relabel = test_socket_relabel,
- .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
- .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
- .mpo_bpfdesc_create = test_bpfdesc_create,
+ .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
+
+ .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
+ .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
+ .mpo_ifnet_copy_label = test_ifnet_copy_label,
.mpo_ifnet_create = test_ifnet_create,
+ .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
+ .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
+ .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
+ .mpo_ifnet_init_label = test_ifnet_init_label,
+ .mpo_ifnet_internalize_label = test_internalize_label,
+ .mpo_ifnet_relabel = test_ifnet_relabel,
+
+ .mpo_syncache_destroy_label = test_syncache_destroy_label,
+ .mpo_syncache_init_label = test_syncache_init_label,
+
+ .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
+ .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
+
+ .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
+ .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
+
+ .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
+ .mpo_sysvsem_init_label = test_sysvsem_init_label,
+
+ .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
+ .mpo_sysvshm_init_label = test_sysvshm_init_label,
+
+ .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
.mpo_inpcb_create = test_inpcb_create,
- .mpo_syncache_create = test_syncache_create,
- .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
- .mpo_sysvmsg_create = test_sysvmsg_create,
- .mpo_sysvmsq_create = test_sysvmsq_create,
- .mpo_sysvsem_create = test_sysvsem_create,
- .mpo_sysvshm_create = test_sysvshm_create,
- .mpo_ipq_reassemble = test_ipq_reassemble,
- .mpo_netinet_fragment = test_netinet_fragment,
- .mpo_ipq_create = test_ipq_create,
.mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
- .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
- .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
+ .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
+ .mpo_inpcb_init_label = test_inpcb_init_label,
+ .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
+
+ .mpo_ipq_create = test_ipq_create,
+ .mpo_ipq_destroy_label = test_ipq_destroy_label,
+ .mpo_ipq_init_label = test_ipq_init_label,
.mpo_ipq_match = test_ipq_match,
- .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
- .mpo_netinet_arp_send = test_netinet_arp_send,
- .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
- .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
- .mpo_netinet_igmp_send = test_netinet_igmp_send,
- .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
- .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
- .mpo_ifnet_relabel = test_ifnet_relabel,
+ .mpo_ipq_reassemble = test_ipq_reassemble,
.mpo_ipq_update = test_ipq_update,
- .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
- .mpo_vnode_execve_transition = test_vnode_execve_transition,
- .mpo_vnode_execve_will_transition =
- test_vnode_execve_will_transition,
- .mpo_proc_create_swapper = test_proc_create_swapper,
- .mpo_proc_create_init = test_proc_create_init,
- .mpo_cred_relabel = test_cred_relabel,
- .mpo_thread_userret = test_thread_userret,
- .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
- .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
- .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
- .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
- .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
- .mpo_cred_check_relabel = test_cred_check_relabel,
- .mpo_cred_check_visible = test_cred_check_visible,
- .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
- .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
- .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
- .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
- .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
- .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
- .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
- .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
- .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
- .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
- .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
- .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
- .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
- .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
- .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
- .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
- .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
+
.mpo_kenv_check_dump = test_kenv_check_dump,
.mpo_kenv_check_get = test_kenv_check_get,
.mpo_kenv_check_set = test_kenv_check_set,
.mpo_kenv_check_unset = test_kenv_check_unset,
+
.mpo_kld_check_load = test_kld_check_load,
.mpo_kld_check_stat = test_kld_check_stat,
+
+ .mpo_mbuf_copy_label = test_mbuf_copy_label,
+ .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
+ .mpo_mbuf_init_label = test_mbuf_init_label,
+
.mpo_mount_check_stat = test_mount_check_stat,
+ .mpo_mount_create = test_mount_create,
+ .mpo_mount_destroy_label = test_mount_destroy_label,
+ .mpo_mount_init_label = test_mount_init_label,
+
+ .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
+
+ .mpo_netinet_arp_send = test_netinet_arp_send,
+ .mpo_netinet_fragment = test_netinet_fragment,
+ .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
+ .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
+ .mpo_netinet_igmp_send = test_netinet_igmp_send,
+ .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
+
+ .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
+
.mpo_pipe_check_ioctl = test_pipe_check_ioctl,
.mpo_pipe_check_poll = test_pipe_check_poll,
.mpo_pipe_check_read = test_pipe_check_read,
.mpo_pipe_check_relabel = test_pipe_check_relabel,
.mpo_pipe_check_stat = test_pipe_check_stat,
.mpo_pipe_check_write = test_pipe_check_write,
+ .mpo_pipe_copy_label = test_pipe_copy_label,
+ .mpo_pipe_create = test_pipe_create,
+ .mpo_pipe_destroy_label = test_pipe_destroy_label,
+ .mpo_pipe_externalize_label = test_pipe_externalize_label,
+ .mpo_pipe_init_label = test_pipe_init_label,
+ .mpo_pipe_internalize_label = test_internalize_label,
+ .mpo_pipe_relabel = test_pipe_relabel,
+
.mpo_posixsem_check_destroy = test_posixsem_check_destroy,
.mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
.mpo_posixsem_check_open = test_posixsem_check_open,
.mpo_posixsem_check_post = test_posixsem_check_post,
.mpo_posixsem_check_unlink = test_posixsem_check_unlink,
.mpo_posixsem_check_wait = test_posixsem_check_wait,
+ .mpo_posixsem_create = test_posixsem_create,
+ .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
+ .mpo_posixsem_init_label = test_posixsem_init_label,
+
.mpo_proc_check_debug = test_proc_check_debug,
.mpo_proc_check_sched = test_proc_check_sched,
.mpo_proc_check_setaudit = test_proc_check_setaudit,
.mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
.mpo_proc_check_setauid = test_proc_check_setauid,
- .mpo_proc_check_setuid = test_proc_check_setuid,
.mpo_proc_check_seteuid = test_proc_check_seteuid,
- .mpo_proc_check_setgid = test_proc_check_setgid,
.mpo_proc_check_setegid = test_proc_check_setegid,
+ .mpo_proc_check_setgid = test_proc_check_setgid,
.mpo_proc_check_setgroups = test_proc_check_setgroups,
- .mpo_proc_check_setreuid = test_proc_check_setreuid,
.mpo_proc_check_setregid = test_proc_check_setregid,
- .mpo_proc_check_setresuid = test_proc_check_setresuid,
.mpo_proc_check_setresgid = test_proc_check_setresgid,
+ .mpo_proc_check_setresuid = test_proc_check_setresuid,
+ .mpo_proc_check_setreuid = test_proc_check_setreuid,
+ .mpo_proc_check_setuid = test_proc_check_setuid,
.mpo_proc_check_signal = test_proc_check_signal,
.mpo_proc_check_wait = test_proc_check_wait,
+ .mpo_proc_create_init = test_proc_create_init,
+ .mpo_proc_create_swapper = test_proc_create_swapper,
+ .mpo_proc_destroy_label = test_proc_destroy_label,
+ .mpo_proc_init_label = test_proc_init_label,
+
.mpo_socket_check_accept = test_socket_check_accept,
.mpo_socket_check_bind = test_socket_check_bind,
.mpo_socket_check_connect = test_socket_check_connect,
@@ -2843,6 +2796,25 @@ static struct mac_policy_ops test_ops =
.mpo_socket_check_send = test_socket_check_send,
.mpo_socket_check_stat = test_socket_check_stat,
.mpo_socket_check_visible = test_socket_check_visible,
+ .mpo_socket_copy_label = test_socket_copy_label,
+ .mpo_socket_create = test_socket_create,
+ .mpo_socket_create_mbuf = test_socket_create_mbuf,
+ .mpo_socket_destroy_label = test_socket_destroy_label,
+ .mpo_socket_externalize_label = test_socket_externalize_label,
+ .mpo_socket_init_label = test_socket_init_label,
+ .mpo_socket_internalize_label = test_internalize_label,
+ .mpo_socket_newconn = test_socket_newconn,
+ .mpo_socket_relabel = test_socket_relabel,
+
+ .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
+ .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
+ .mpo_socketpeer_init_label = test_socketpeer_init_label,
+ .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
+ .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
+
+ .mpo_syncache_create = test_syncache_create,
+ .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
+
.mpo_system_check_acct = test_system_check_acct,
.mpo_system_check_audit = test_system_check_audit,
.mpo_system_check_auditctl = test_system_check_auditctl,
@@ -2851,7 +2823,38 @@ static struct mac_policy_ops test_ops =
.mpo_system_check_swapoff = test_system_check_swapoff,
.mpo_system_check_swapon = test_system_check_swapon,
.mpo_system_check_sysctl = test_system_check_sysctl,
+
.mpo_vnode_check_access = test_vnode_check_access,
+ .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
+ .mpo_sysvmsg_create = test_sysvmsg_create,
+
+ .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
+ .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
+ .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
+ .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
+ .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
+ .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
+ .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
+ .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
+ .mpo_sysvmsq_create = test_sysvmsq_create,
+
+ .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
+ .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
+ .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
+ .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
+ .mpo_sysvsem_create = test_sysvsem_create,
+
+ .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
+ .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
+ .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
+ .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
+ .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
+ .mpo_sysvshm_create = test_sysvshm_create,
+
+ .mpo_thread_userret = test_thread_userret,
+
+ .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
+ .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
.mpo_vnode_check_chdir = test_vnode_check_chdir,
.mpo_vnode_check_chroot = test_vnode_check_chroot,
.mpo_vnode_check_create = test_vnode_check_create,
@@ -2882,6 +2885,16 @@ static struct mac_policy_ops test_ops =
.mpo_vnode_check_stat = test_vnode_check_stat,
.mpo_vnode_check_unlink = test_vnode_check_unlink,
.mpo_vnode_check_write = test_vnode_check_write,
+ .mpo_vnode_copy_label = test_vnode_copy_label,
+ .mpo_vnode_create_extattr = test_vnode_create_extattr,
+ .mpo_vnode_destroy_label = test_vnode_destroy_label,
+ .mpo_vnode_execve_transition = test_vnode_execve_transition,
+ .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
+ .mpo_vnode_externalize_label = test_vnode_externalize_label,
+ .mpo_vnode_init_label = test_vnode_init_label,
+ .mpo_vnode_internalize_label = test_internalize_label,
+ .mpo_vnode_relabel = test_vnode_relabel,
+ .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
};
MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
OpenPOWER on IntegriCloud