diff options
-rw-r--r-- | sys/security/mac/mac_framework.h | 407 | ||||
-rw-r--r-- | sys/security/mac/mac_policy.h | 491 | ||||
-rw-r--r-- | sys/sys/mac.h | 407 | ||||
-rw-r--r-- | sys/sys/mac_policy.h | 491 |
4 files changed, 1796 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h new file mode 100644 index 0000000..7ea1fe1 --- /dev/null +++ b/sys/security/mac/mac_framework.h @@ -0,0 +1,407 @@ +/*- + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson + * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed by Robert Watson for the TrustedBSD Project. + * + * This software was developed for the FreeBSD Project in part by NAI Labs, + * the Security Research Division of Network Associates, Inc. under + * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA + * CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ +/* + * Userland/kernel interface for Mandatory Access Control. + * + * The POSIX.1e implementation page may be reached at: + * http://www.trustedbsd.org/ + */ +#ifndef _SYS_MAC_H +#define _SYS_MAC_H + +#ifndef _POSIX_MAC +#define _POSIX_MAC +#endif + +/* + * XXXMAC: The single MAC extended attribute will be deprecated once + * compound EA writes on a single target file can be performed cleanly + * with UFS2. + */ +#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac" +#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM + +/* + * XXXMAC: Per-policy structures will be moved from mac.h to per-policy + * include files once the revised user interface is available. + */ + +/* + * Structures and constants associated with a Biba Integrity policy. + * mac_biba represents a Biba label, with mb_type determining its properties, + * and mb_grade represents the hierarchal grade if valid for the current + * mb_type. These structures will move to mac_biba.h once we have dymamic + * labels exposed to userland. + */ +struct mac_biba_element { + u_short mbe_type; + u_short mbe_grade; +}; + +/* + * Biba labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_biba { + int mb_flags; + struct mac_biba_element mb_single; + struct mac_biba_element mb_rangelow, mb_rangehigh; +}; + +/* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. These structures will move to mac_mls.h once we have + * dynamic labels exposed to userland. + */ +struct mac_mls_element { + u_short mme_type; + u_short mme_level; +}; + +/* + * MLS labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_mls { + int mm_flags; + struct mac_mls_element mm_single; + struct mac_mls_element mm_rangelow, mm_rangehigh; +}; + +/* + * Structures and constants associated with a Type Enforcement policy. + * mac_te represents a Type Enforcement label. + */ +#define MAC_TE_TYPE_MAXLEN 32 +struct mac_te { + char mt_type[MAC_TE_TYPE_MAXLEN+1]; /* TE type */ +}; + +struct mac_sebsd { + uint32_t ms_psid; /* persistent sid storage */ +}; + +/* + * Composite structures and constants which combine the various policy + * elements into common structures to be associated with subjects and + * objects. + */ +struct mac { + int m_macflags; + struct mac_biba m_biba; + struct mac_mls m_mls; + struct mac_te m_te; + struct mac_sebsd m_sebsd; +}; +typedef struct mac *mac_t; + +#define MAC_FLAG_INITIALIZED 0x00000001 /* Is initialized. */ + +#ifndef _KERNEL + +/* + * POSIX.1e functions visible in the application namespace. + */ +int mac_dominate(const mac_t _labela, const mac_t _labelb); +int mac_equal(const mac_t labela, const mac_t _labelb); +int mac_free(void *_buf_p); +mac_t mac_from_text(const char *_text_p); +mac_t mac_get_fd(int _fildes); +mac_t mac_get_file(const char *_path_p); +mac_t mac_get_proc(void); +mac_t mac_glb(const mac_t _labela, const mac_t _labelb); +mac_t mac_lub(const mac_t _labela, const mac_t _labelb); +int mac_set_fd(int _fildes, const mac_t _label); +int mac_set_file(const char *_path_p, mac_t _label); +int mac_set_proc(const mac_t _label); +ssize_t mac_size(mac_t _label); +char * mac_to_text(const mac_t _label, size_t *_len_p); +int mac_valid(const mac_t _label); + +/* + * Extensions to POSIX.1e visible in the application namespace. + */ +int mac_is_present_np(const char *_policyname); +int mac_policy(const char *_policyname, int call, void *arg); + +/* + * System calls wrapped by some POSIX.1e functions. + */ +int __mac_get_fd(int _fd, struct mac *_mac_p); +int __mac_get_file(const char *_path_p, struct mac *_mac_p); +int __mac_get_proc(struct mac *_mac_p); +int __mac_set_fd(int fd, struct mac *_mac_p); +int __mac_set_file(const char *_path_p, struct mac *_mac_p); +int __mac_set_proc(struct mac *_mac_p); + +#else /* _KERNEL */ +#endif /* _KERNEL */ + +/* + * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h + * and various other messes. + */ + +#define MAC_MAX_POLICIES 8 + +struct label { + int l_flags; + union { + void *l_ptr; + long l_long; + } l_perpolicy[MAC_MAX_POLICIES]; +}; + +#ifdef _KERNEL + +/* + * MAC entry point operations + */ +enum mac_ep_ops { + MAC_OP_VNODE_READ, + MAC_OP_VNODE_WRITE, + MAC_OP_VNODE_POLL, + MAC_OP_PIPE_READ, + MAC_OP_PIPE_WRITE, + MAC_OP_PIPE_STAT, + MAC_OP_PIPE_POLL +}; + +/* + * Kernel functions to manage and evaluate labels. + */ +struct bpf_d; +struct componentname; +struct devfs_dirent; +struct ifnet; +struct ifreq; +struct ipq; +struct mbuf; +struct mount; +struct proc; +struct sockaddr; +struct socket; +struct pipe; +struct timespec; +struct ucred; +struct uio; +struct vattr; +struct vnode; + +#include <sys/acl.h> /* XXX acl_type_t */ + +struct vop_refreshlabel_args; +struct vop_setlabel_args; + +/* + * Label operations. + */ +void mac_init_bpfdesc(struct bpf_d *); +void mac_init_cred(struct ucred *); +void mac_init_devfsdirent(struct devfs_dirent *); +void mac_init_ifnet(struct ifnet *); +void mac_init_ipq(struct ipq *); +void mac_init_socket(struct socket *); +void mac_init_pipe(struct pipe *); +int mac_init_mbuf(struct mbuf *m, int how); +void mac_init_mount(struct mount *); +void mac_init_vnode(struct vnode *); +void mac_destroy_bpfdesc(struct bpf_d *); +void mac_destroy_cred(struct ucred *); +void mac_destroy_devfsdirent(struct devfs_dirent *); +void mac_destroy_ifnet(struct ifnet *); +void mac_destroy_ipq(struct ipq *); +void mac_destroy_socket(struct socket *); +void mac_destroy_pipe(struct pipe *); +void mac_destroy_mbuf(struct mbuf *); +void mac_destroy_mount(struct mount *); +void mac_destroy_vnode(struct vnode *); + +/* + * Labeling event operations: file system objects, and things that + * look a lot like file system objects. + */ +void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); +void mac_create_devfs_directory(char *dirname, int dirnamelen, + struct devfs_dirent *de); +void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp); +void mac_create_vnode(struct ucred *cred, struct vnode *parent, + struct vnode *child); +void mac_create_mount(struct ucred *cred, struct mount *mp); +void mac_create_root_mount(struct ucred *cred, struct mount *mp); +void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, + struct label *newlabel); +void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_procfsvnode(struct vnode *vp, struct ucred *cred); +void mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp); + +/* + * Labeling event operations: IPC objects. + */ +void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m); +void mac_create_socket(struct ucred *cred, struct socket *socket); +void mac_create_socket_from_socket(struct socket *oldsocket, + struct socket *newsocket); +void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, + struct socket *socket); +void mac_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket); +void mac_create_pipe(struct ucred *cred, struct pipe *pipe); + +/* + * Labeling event operations: network objects. + */ +void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); +void mac_create_ifnet(struct ifnet *ifp); +void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq); +void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram); +void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment); +void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf); +void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); +void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); +void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m); +void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, + struct ifnet *ifnet, struct mbuf *newmbuf); +void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); +int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); +void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); + +/* + * Labeling event operations: processes. + */ +void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); +void mac_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp); +int mac_execve_will_transition(struct ucred *old, struct vnode *vp); +void mac_create_proc0(struct ucred *cred); +void mac_create_proc1(struct ucred *cred); + +/* Access control checks. */ +int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); +int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); +int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); +int mac_check_mount_stat(struct ucred *cred, struct mount *mp); +int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op); +int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + unsigned long cmd, void *data); +int mac_check_proc_debug(struct ucred *cred, struct proc *proc); +int mac_check_proc_sched(struct ucred *cred, struct proc *proc); +int mac_check_proc_signal(struct ucred *cred, struct proc *proc, + int signum); +int mac_check_socket_bind(struct ucred *cred, struct socket *so, + struct sockaddr *sockaddr); +int mac_check_socket_connect(struct ucred *cred, struct socket *so, + struct sockaddr *sockaddr); +int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_receive(struct socket *so, struct mbuf *m); +int mac_check_socket_visible(struct ucred *cred, struct socket *so); +int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, + int flags); +int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); +int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp); +int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp, struct vattr *vap); +int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, + acl_type_t type); +int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, + acl_type_t type); +int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); +int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp); +/* XXX This u_char should be vm_prot_t! */ +u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, + int newmapping); +int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op); +int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, + mode_t acc_mode); +int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, int samedir, struct componentname *cnp); +int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, + acl_type_t type, struct acl *acl); +int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); +int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, + u_long flags); +int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, + mode_t mode); +int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, + uid_t uid, gid_t gid); +int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, + struct timespec atime, struct timespec mtime); +int mac_check_vnode_stat(struct ucred *cred, struct vnode *vp); +int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, + struct ifnet *ifnet); +int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, + struct ifnet *ifnet); +int mac_setsockopt_label_set(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, + struct label *label); + +/* + * Calls to help various file systems implement labeling functionality + * using their existing EA implementation. + */ +int vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, + struct ucred *cred); +int vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap); +int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); + +#endif /* _KERNEL */ + +#endif /* !_SYS_MAC_H */ diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h new file mode 100644 index 0000000..71b2509 --- /dev/null +++ b/sys/security/mac/mac_policy.h @@ -0,0 +1,491 @@ +/*- + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson + * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed by Robert Watson for the TrustedBSD Project. + * + * This software was developed for the FreeBSD Project in part by NAI Labs, + * the Security Research Division of Network Associates, Inc. under + * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA + * CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ +/* + * Kernel interface for MAC policy modules. + */ +#ifndef _SYS_MAC_POLICY_H +#define _SYS_MAC_POLICY_H + +/*- + * Pluggable access control policy definition structure. + * + * List of operations that are performed as part of the implementation + * of a MAC policy. Policy implementors declare operations with a + * mac_policy_ops structure, and using the MAC_POLICY_SET() macro. + * If an entry point is not declared, then then the policy will be ignored + * during evaluation of that event or check. + * + * Operations are sorted first by general class of operation, then + * alphabetically. + */ +struct mac_policy_conf; +struct mac_policy_ops { + /* + * Policy module operations. + */ + void (*mpo_destroy)(struct mac_policy_conf *mpc); + void (*mpo_init)(struct mac_policy_conf *mpc); + + /* + * Label operations. + */ + void (*mpo_init_bpfdesc)(struct bpf_d *, struct label *label); + void (*mpo_init_cred)(struct ucred *, struct label *label); + void (*mpo_init_devfsdirent)(struct devfs_dirent *, + struct label *label); + void (*mpo_init_ifnet)(struct ifnet *, struct label *label); + void (*mpo_init_ipq)(struct ipq *ipq, struct label *label); + int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label); + void (*mpo_init_mount)(struct mount *, struct label *mntlabel, + struct label *fslabel); + void (*mpo_init_socket)(struct socket *so, struct label *label, + struct label *peerlabel); + void (*mpo_init_pipe)(struct pipe *pipe, struct label *label); + void (*mpo_init_temp)(struct label *label); + void (*mpo_init_vnode)(struct vnode *, struct label *label); + void (*mpo_destroy_bpfdesc)(struct bpf_d *, struct label *label); + void (*mpo_destroy_cred)(struct ucred *, struct label *label); + void (*mpo_destroy_devfsdirent)(struct devfs_dirent *de, + struct label *label); + void (*mpo_destroy_ifnet)(struct ifnet *, struct label *label); + void (*mpo_destroy_ipq)(struct ipq *ipq, struct label *label); + void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label); + void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel, + struct label *fslabel); + void (*mpo_destroy_socket)(struct socket *so, struct label *label, + struct label *peerlabel); + void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label); + void (*mpo_destroy_temp)(struct label *label); + void (*mpo_destroy_vnode)(struct vnode *, struct label *label); + int (*mpo_externalize)(struct label *label, struct mac *extmac); + int (*mpo_internalize)(struct label *label, struct mac *extmac); + + /* + * Labeling event operations: file system objects, and things that + * look a lot like file system objects. + */ + void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, + struct label *label); + void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_vnode)(struct devfs_dirent *de, + struct label *direntlabel, struct vnode *vp, + struct label *vnodelabel); + void (*mpo_create_vnode)(struct ucred *cred, struct vnode *parent, + struct label *parentlabel, struct vnode *child, + struct label *childlabel); + void (*mpo_create_mount)(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct label *fslabel); + void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp, + struct label *mountlabel, struct label *fslabel); + void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel, struct label *label); + int (*mpo_stdcreatevnode_ea)(struct vnode *vp, + struct label *vnodelabel); + void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + struct label *direntlabel, struct vnode *vp, + struct label *vnodelabel); + void (*mpo_update_procfsvnode)(struct vnode *vp, + struct label *vnodelabel, struct ucred *cred); + int (*mpo_update_vnode_from_extattr)(struct vnode *vp, + struct label *vnodelabel, struct mount *mp, + struct label *fslabel); + int (*mpo_update_vnode_from_externalized)(struct vnode *vp, + struct label *vnodelabel, struct mac *mac); + void (*mpo_update_vnode_from_mount)(struct vnode *vp, + struct label *vnodelabel, struct mount *mp, + struct label *fslabel); + + /* + * Labeling event operations: IPC objects. + */ + void (*mpo_create_mbuf_from_socket)(struct socket *so, + struct label *socketlabel, struct mbuf *m, + struct label *mbuflabel); + void (*mpo_create_socket)(struct ucred *cred, struct socket *so, + struct label *socketlabel); + void (*mpo_create_socket_from_socket)(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketlabel); + void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so, + struct label *oldlabel, struct label *newlabel); + void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe, + struct label *oldlabel, struct label *newlabel); + void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf, + struct label *mbuflabel, struct socket *so, + struct label *socketpeerlabel); + void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketpeerlabel); + void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel); + + /* + * Labeling event operations: network objects. + */ + void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d, + struct label *bpflabel); + void (*mpo_create_ifnet)(struct ifnet *ifnet, + struct label *ifnetlabel); + void (*mpo_create_ipq)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + void (*mpo_create_datagram_from_ipq) + (struct ipq *ipq, struct label *ipqlabel, + struct mbuf *datagram, struct label *datagramlabel); + void (*mpo_create_fragment)(struct mbuf *datagram, + struct label *datagramlabel, struct mbuf *fragment, + struct label *fragmentlabel); + void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf, + struct label *oldlabel, struct mbuf *newmbuf, + struct label *newlabel); + void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_from_bpfdesc)(struct bpf_d *bpf_d, + struct label *bpflabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_from_ifnet)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_multicast_encap)(struct mbuf *oldmbuf, + struct label *oldmbuflabel, struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *newmbuf, + struct label *newmbuflabel); + void (*mpo_create_mbuf_netlayer)(struct mbuf *oldmbuf, + struct label *oldmbuflabel, struct mbuf *newmbuf, + struct label *newmbuflabel); + int (*mpo_fragment_match)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, + struct label *ifnetlabel, struct label *newlabel); + void (*mpo_update_ipq)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + + /* + * Labeling event operations: processes. + */ + void (*mpo_create_cred)(struct ucred *parent_cred, + struct ucred *child_cred); + void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vnodelabel); + int (*mpo_execve_will_transition)(struct ucred *old, + struct vnode *vp, struct label *vnodelabel); + void (*mpo_create_proc0)(struct ucred *cred); + void (*mpo_create_proc1)(struct ucred *cred); + void (*mpo_relabel_cred)(struct ucred *cred, + struct label *newlabel); + + /* + * Access control checks. + */ + int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d, + struct label *bpflabel, struct ifnet *ifnet, + struct label *ifnetlabel); + int (*mpo_check_cred_relabel)(struct ucred *cred, + struct label *newlabel); + int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); + int (*mpo_check_ifnet_relabel)(struct ucred *cred, + struct ifnet *ifnet, struct label *ifnetlabel, + struct label *newlabel); + int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *m, + struct label *mbuflabel); + int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp, + struct label *mntlabel); + int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, unsigned long cmd, void *data); + int (*mpo_check_pipe_op)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, int op); + int (*mpo_check_pipe_relabel)(struct ucred *cred, + struct pipe *pipe, struct label *pipelabel, + struct label *newlabel); + int (*mpo_check_proc_debug)(struct ucred *cred, + struct proc *proc); + int (*mpo_check_proc_sched)(struct ucred *cred, + struct proc *proc); + int (*mpo_check_proc_signal)(struct ucred *cred, + struct proc *proc, int signum); + int (*mpo_check_socket_bind)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct sockaddr *sockaddr); + int (*mpo_check_socket_connect)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct sockaddr *sockaddr); + int (*mpo_check_socket_listen)(struct ucred *cred, + struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_receive)(struct socket *so, + struct label *socketlabel, struct mbuf *m, + struct label *mbuflabel); + int (*mpo_check_socket_relabel)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct label *newlabel); + int (*mpo_check_socket_visible)(struct ucred *cred, + struct socket *so, struct label *socketlabel); + int (*mpo_check_vnode_access)(struct ucred *cred, + struct vnode *vp, struct label *label, int flags); + int (*mpo_check_vnode_chdir)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_chroot)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_create)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct componentname *cnp, struct vattr *vap); + int (*mpo_check_vnode_delete)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct vnode *vp, void *label, struct componentname *cnp); + int (*mpo_check_vnode_deleteacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, + struct label *label); + int (*mpo_check_vnode_getacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_getextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name, struct uio *uio); + int (*mpo_check_vnode_lookup)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct componentname *cnp); + int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t acc_mode); + int (*mpo_check_vnode_readdir)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_readlink)(struct ucred *cred, + struct vnode *vp, struct label *label); + int (*mpo_check_vnode_relabel)(struct ucred *cred, + struct vnode *vp, struct label *vnodelabel, + struct label *newlabel); + int (*mpo_check_vnode_rename_from)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, struct vnode *vp, + struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_rename_to)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, struct vnode *vp, + struct label *label, int samedir, + struct componentname *cnp); + int (*mpo_check_vnode_revoke)(struct ucred *cred, + struct vnode *vp, struct label *label); + int (*mpo_check_vnode_setacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type, + struct acl *acl); + int (*mpo_check_vnode_setextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name, struct uio *uio); + int (*mpo_check_vnode_setflags)(struct ucred *cred, + struct vnode *vp, struct label *label, u_long flags); + int (*mpo_check_vnode_setmode)(struct ucred *cred, + struct vnode *vp, struct label *label, mode_t mode); + int (*mpo_check_vnode_setowner)(struct ucred *cred, + struct vnode *vp, struct label *label, uid_t uid, + gid_t gid); + int (*mpo_check_vnode_setutimes)(struct ucred *cred, + struct vnode *vp, struct label *label, + struct timespec atime, struct timespec mtime); + int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, + struct label *label); + vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, + struct vnode *vp, struct label *label, int newmapping); + int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, + struct label *label, int op); +}; + +typedef void *macop_t; + +enum mac_op_constant { + MAC_OP_LAST, + MAC_DESTROY, + MAC_INIT, + MAC_INIT_BPFDESC, + MAC_INIT_CRED, + MAC_INIT_DEVFSDIRENT, + MAC_INIT_IFNET, + MAC_INIT_IPQ, + MAC_INIT_MBUF, + MAC_INIT_MOUNT, + MAC_INIT_PIPE, + MAC_INIT_SOCKET, + MAC_INIT_TEMP, + MAC_INIT_VNODE, + MAC_DESTROY_BPFDESC, + MAC_DESTROY_CRED, + MAC_DESTROY_DEVFSDIRENT, + MAC_DESTROY_IFNET, + MAC_DESTROY_IPQ, + MAC_DESTROY_MBUF, + MAC_DESTROY_MOUNT, + MAC_DESTROY_PIPE, + MAC_DESTROY_SOCKET, + MAC_DESTROY_TEMP, + MAC_DESTROY_VNODE, + MAC_EXTERNALIZE, + MAC_INTERNALIZE, + MAC_CREATE_DEVFS_DEVICE, + MAC_CREATE_DEVFS_DIRECTORY, + MAC_CREATE_DEVFS_VNODE, + MAC_CREATE_VNODE, + MAC_CREATE_MOUNT, + MAC_CREATE_ROOT_MOUNT, + MAC_RELABEL_VNODE, + MAC_STDCREATEVNODE_EA, + MAC_UPDATE_DEVFSDIRENT, + MAC_UPDATE_PROCFSVNODE, + MAC_UPDATE_VNODE_FROM_EXTATTR, + MAC_UPDATE_VNODE_FROM_EXTERNALIZED, + MAC_UPDATE_VNODE_FROM_MOUNT, + MAC_CREATE_MBUF_FROM_SOCKET, + MAC_CREATE_PIPE, + MAC_CREATE_SOCKET, + MAC_CREATE_SOCKET_FROM_SOCKET, + MAC_RELABEL_PIPE, + MAC_RELABEL_SOCKET, + MAC_SET_SOCKET_PEER_FROM_MBUF, + MAC_SET_SOCKET_PEER_FROM_SOCKET, + MAC_CREATE_BPFDESC, + MAC_CREATE_DATAGRAM_FROM_IPQ, + MAC_CREATE_IFNET, + MAC_CREATE_IPQ, + MAC_CREATE_FRAGMENT, + MAC_CREATE_MBUF_FROM_MBUF, + MAC_CREATE_MBUF_LINKLAYER, + MAC_CREATE_MBUF_FROM_BPFDESC, + MAC_CREATE_MBUF_FROM_IFNET, + MAC_CREATE_MBUF_MULTICAST_ENCAP, + MAC_CREATE_MBUF_NETLAYER, + MAC_FRAGMENT_MATCH, + MAC_RELABEL_IFNET, + MAC_UPDATE_IPQ, + MAC_CREATE_CRED, + MAC_EXECVE_TRANSITION, + MAC_EXECVE_WILL_TRANSITION, + MAC_CREATE_PROC0, + MAC_CREATE_PROC1, + MAC_RELABEL_CRED, + MAC_CHECK_BPFDESC_RECEIVE, + MAC_CHECK_CRED_RELABEL, + MAC_CHECK_CRED_VISIBLE, + MAC_CHECK_IFNET_RELABEL, + MAC_CHECK_IFNET_TRANSMIT, + MAC_CHECK_MOUNT_STAT, + MAC_CHECK_PIPE_IOCTL, + MAC_CHECK_PIPE_OP, + MAC_CHECK_PIPE_RELABEL, + MAC_CHECK_PROC_DEBUG, + MAC_CHECK_PROC_SCHED, + MAC_CHECK_PROC_SIGNAL, + MAC_CHECK_SOCKET_BIND, + MAC_CHECK_SOCKET_CONNECT, + MAC_CHECK_SOCKET_LISTEN, + MAC_CHECK_SOCKET_RELABEL, + MAC_CHECK_SOCKET_RECEIVE, + MAC_CHECK_SOCKET_VISIBLE, + MAC_CHECK_VNODE_ACCESS, + MAC_CHECK_VNODE_CHDIR, + MAC_CHECK_VNODE_CHROOT, + MAC_CHECK_VNODE_CREATE, + MAC_CHECK_VNODE_DELETE, + MAC_CHECK_VNODE_DELETEACL, + MAC_CHECK_VNODE_EXEC, + MAC_CHECK_VNODE_GETACL, + MAC_CHECK_VNODE_GETEXTATTR, + MAC_CHECK_VNODE_LOOKUP, + MAC_CHECK_VNODE_OPEN, + MAC_CHECK_VNODE_READDIR, + MAC_CHECK_VNODE_READLINK, + MAC_CHECK_VNODE_RELABEL, + MAC_CHECK_VNODE_RENAME_FROM, + MAC_CHECK_VNODE_RENAME_TO, + MAC_CHECK_VNODE_REVOKE, + MAC_CHECK_VNODE_SETACL, + MAC_CHECK_VNODE_SETEXTATTR, + MAC_CHECK_VNODE_SETFLAGS, + MAC_CHECK_VNODE_SETMODE, + MAC_CHECK_VNODE_SETOWNER, + MAC_CHECK_VNODE_SETUTIMES, + MAC_CHECK_VNODE_STAT, + MAC_CHECK_VNODE_MMAP_PERMS, + MAC_CHECK_VNODE_OP, +}; + +struct mac_policy_op_entry { + enum mac_op_constant mpe_constant; /* what this hook implements */ + void *mpe_function; /* hook's implementation */ +}; + +struct mac_policy_conf { + char *mpc_name; /* policy name */ + char *mpc_fullname; /* policy full name */ + struct mac_policy_ops *mpc_ops; /* policy operations */ + struct mac_policy_op_entry *mpc_entries; /* ops to fill in */ + int mpc_loadtime_flags; /* flags */ + int *mpc_field_off; /* security field */ + int mpc_runtime_flags; /* flags */ + LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */ +}; + +/* Flags for the mpc_loadtime_flags field. */ +#define MPC_LOADTIME_FLAG_NOTLATE 0x00000001 +#define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002 + +/* Flags for the mpc_runtime_flags field. */ +#define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 + +#define MAC_POLICY_SET(mpents, mpname, mpfullname, mpflags, privdata_wanted) \ + static struct mac_policy_conf mpname##_mac_policy_conf = { \ + #mpname, \ + mpfullname, \ + NULL, \ + mpents, \ + mpflags, \ + privdata_wanted, \ + 0, \ + }; \ + static moduledata_t mpname##_mod = { \ + #mpname, \ + mac_policy_modevent, \ + &mpname##_mac_policy_conf \ + }; \ + DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \ + SI_ORDER_MIDDLE) + +int mac_policy_modevent(module_t mod, int type, void *data); + +#define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] + +#endif /* !_SYS_MAC_POLICY_H */ diff --git a/sys/sys/mac.h b/sys/sys/mac.h new file mode 100644 index 0000000..7ea1fe1 --- /dev/null +++ b/sys/sys/mac.h @@ -0,0 +1,407 @@ +/*- + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson + * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed by Robert Watson for the TrustedBSD Project. + * + * This software was developed for the FreeBSD Project in part by NAI Labs, + * the Security Research Division of Network Associates, Inc. under + * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA + * CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ +/* + * Userland/kernel interface for Mandatory Access Control. + * + * The POSIX.1e implementation page may be reached at: + * http://www.trustedbsd.org/ + */ +#ifndef _SYS_MAC_H +#define _SYS_MAC_H + +#ifndef _POSIX_MAC +#define _POSIX_MAC +#endif + +/* + * XXXMAC: The single MAC extended attribute will be deprecated once + * compound EA writes on a single target file can be performed cleanly + * with UFS2. + */ +#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac" +#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM + +/* + * XXXMAC: Per-policy structures will be moved from mac.h to per-policy + * include files once the revised user interface is available. + */ + +/* + * Structures and constants associated with a Biba Integrity policy. + * mac_biba represents a Biba label, with mb_type determining its properties, + * and mb_grade represents the hierarchal grade if valid for the current + * mb_type. These structures will move to mac_biba.h once we have dymamic + * labels exposed to userland. + */ +struct mac_biba_element { + u_short mbe_type; + u_short mbe_grade; +}; + +/* + * Biba labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_biba { + int mb_flags; + struct mac_biba_element mb_single; + struct mac_biba_element mb_rangelow, mb_rangehigh; +}; + +/* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. These structures will move to mac_mls.h once we have + * dynamic labels exposed to userland. + */ +struct mac_mls_element { + u_short mme_type; + u_short mme_level; +}; + +/* + * MLS labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_mls { + int mm_flags; + struct mac_mls_element mm_single; + struct mac_mls_element mm_rangelow, mm_rangehigh; +}; + +/* + * Structures and constants associated with a Type Enforcement policy. + * mac_te represents a Type Enforcement label. + */ +#define MAC_TE_TYPE_MAXLEN 32 +struct mac_te { + char mt_type[MAC_TE_TYPE_MAXLEN+1]; /* TE type */ +}; + +struct mac_sebsd { + uint32_t ms_psid; /* persistent sid storage */ +}; + +/* + * Composite structures and constants which combine the various policy + * elements into common structures to be associated with subjects and + * objects. + */ +struct mac { + int m_macflags; + struct mac_biba m_biba; + struct mac_mls m_mls; + struct mac_te m_te; + struct mac_sebsd m_sebsd; +}; +typedef struct mac *mac_t; + +#define MAC_FLAG_INITIALIZED 0x00000001 /* Is initialized. */ + +#ifndef _KERNEL + +/* + * POSIX.1e functions visible in the application namespace. + */ +int mac_dominate(const mac_t _labela, const mac_t _labelb); +int mac_equal(const mac_t labela, const mac_t _labelb); +int mac_free(void *_buf_p); +mac_t mac_from_text(const char *_text_p); +mac_t mac_get_fd(int _fildes); +mac_t mac_get_file(const char *_path_p); +mac_t mac_get_proc(void); +mac_t mac_glb(const mac_t _labela, const mac_t _labelb); +mac_t mac_lub(const mac_t _labela, const mac_t _labelb); +int mac_set_fd(int _fildes, const mac_t _label); +int mac_set_file(const char *_path_p, mac_t _label); +int mac_set_proc(const mac_t _label); +ssize_t mac_size(mac_t _label); +char * mac_to_text(const mac_t _label, size_t *_len_p); +int mac_valid(const mac_t _label); + +/* + * Extensions to POSIX.1e visible in the application namespace. + */ +int mac_is_present_np(const char *_policyname); +int mac_policy(const char *_policyname, int call, void *arg); + +/* + * System calls wrapped by some POSIX.1e functions. + */ +int __mac_get_fd(int _fd, struct mac *_mac_p); +int __mac_get_file(const char *_path_p, struct mac *_mac_p); +int __mac_get_proc(struct mac *_mac_p); +int __mac_set_fd(int fd, struct mac *_mac_p); +int __mac_set_file(const char *_path_p, struct mac *_mac_p); +int __mac_set_proc(struct mac *_mac_p); + +#else /* _KERNEL */ +#endif /* _KERNEL */ + +/* + * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h + * and various other messes. + */ + +#define MAC_MAX_POLICIES 8 + +struct label { + int l_flags; + union { + void *l_ptr; + long l_long; + } l_perpolicy[MAC_MAX_POLICIES]; +}; + +#ifdef _KERNEL + +/* + * MAC entry point operations + */ +enum mac_ep_ops { + MAC_OP_VNODE_READ, + MAC_OP_VNODE_WRITE, + MAC_OP_VNODE_POLL, + MAC_OP_PIPE_READ, + MAC_OP_PIPE_WRITE, + MAC_OP_PIPE_STAT, + MAC_OP_PIPE_POLL +}; + +/* + * Kernel functions to manage and evaluate labels. + */ +struct bpf_d; +struct componentname; +struct devfs_dirent; +struct ifnet; +struct ifreq; +struct ipq; +struct mbuf; +struct mount; +struct proc; +struct sockaddr; +struct socket; +struct pipe; +struct timespec; +struct ucred; +struct uio; +struct vattr; +struct vnode; + +#include <sys/acl.h> /* XXX acl_type_t */ + +struct vop_refreshlabel_args; +struct vop_setlabel_args; + +/* + * Label operations. + */ +void mac_init_bpfdesc(struct bpf_d *); +void mac_init_cred(struct ucred *); +void mac_init_devfsdirent(struct devfs_dirent *); +void mac_init_ifnet(struct ifnet *); +void mac_init_ipq(struct ipq *); +void mac_init_socket(struct socket *); +void mac_init_pipe(struct pipe *); +int mac_init_mbuf(struct mbuf *m, int how); +void mac_init_mount(struct mount *); +void mac_init_vnode(struct vnode *); +void mac_destroy_bpfdesc(struct bpf_d *); +void mac_destroy_cred(struct ucred *); +void mac_destroy_devfsdirent(struct devfs_dirent *); +void mac_destroy_ifnet(struct ifnet *); +void mac_destroy_ipq(struct ipq *); +void mac_destroy_socket(struct socket *); +void mac_destroy_pipe(struct pipe *); +void mac_destroy_mbuf(struct mbuf *); +void mac_destroy_mount(struct mount *); +void mac_destroy_vnode(struct vnode *); + +/* + * Labeling event operations: file system objects, and things that + * look a lot like file system objects. + */ +void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); +void mac_create_devfs_directory(char *dirname, int dirnamelen, + struct devfs_dirent *de); +void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp); +void mac_create_vnode(struct ucred *cred, struct vnode *parent, + struct vnode *child); +void mac_create_mount(struct ucred *cred, struct mount *mp); +void mac_create_root_mount(struct ucred *cred, struct mount *mp); +void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, + struct label *newlabel); +void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_procfsvnode(struct vnode *vp, struct ucred *cred); +void mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp); + +/* + * Labeling event operations: IPC objects. + */ +void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m); +void mac_create_socket(struct ucred *cred, struct socket *socket); +void mac_create_socket_from_socket(struct socket *oldsocket, + struct socket *newsocket); +void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, + struct socket *socket); +void mac_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket); +void mac_create_pipe(struct ucred *cred, struct pipe *pipe); + +/* + * Labeling event operations: network objects. + */ +void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d); +void mac_create_ifnet(struct ifnet *ifp); +void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq); +void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram); +void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment); +void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf); +void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); +void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m); +void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m); +void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, + struct ifnet *ifnet, struct mbuf *newmbuf); +void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); +int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); +void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); + +/* + * Labeling event operations: processes. + */ +void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child); +void mac_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp); +int mac_execve_will_transition(struct ucred *old, struct vnode *vp); +void mac_create_proc0(struct ucred *cred); +void mac_create_proc1(struct ucred *cred); + +/* Access control checks. */ +int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); +int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); +int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); +int mac_check_mount_stat(struct ucred *cred, struct mount *mp); +int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op); +int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, + unsigned long cmd, void *data); +int mac_check_proc_debug(struct ucred *cred, struct proc *proc); +int mac_check_proc_sched(struct ucred *cred, struct proc *proc); +int mac_check_proc_signal(struct ucred *cred, struct proc *proc, + int signum); +int mac_check_socket_bind(struct ucred *cred, struct socket *so, + struct sockaddr *sockaddr); +int mac_check_socket_connect(struct ucred *cred, struct socket *so, + struct sockaddr *sockaddr); +int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_receive(struct socket *so, struct mbuf *m); +int mac_check_socket_visible(struct ucred *cred, struct socket *so); +int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, + int flags); +int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); +int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp); +int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp, struct vattr *vap); +int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, + acl_type_t type); +int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, + acl_type_t type); +int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); +int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, + struct componentname *cnp); +/* XXX This u_char should be vm_prot_t! */ +u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, + int newmapping); +int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op); +int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, + mode_t acc_mode); +int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, int samedir, struct componentname *cnp); +int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp); +int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, + acl_type_t type, struct acl *acl); +int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name, struct uio *uio); +int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, + u_long flags); +int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, + mode_t mode); +int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, + uid_t uid, gid_t gid); +int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, + struct timespec atime, struct timespec mtime); +int mac_check_vnode_stat(struct ucred *cred, struct vnode *vp); +int mac_getsockopt_label_get(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, + struct ifnet *ifnet); +int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, + struct ifnet *ifnet); +int mac_setsockopt_label_set(struct ucred *cred, struct socket *so, + struct mac *extmac); +int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe, + struct label *label); + +/* + * Calls to help various file systems implement labeling functionality + * using their existing EA implementation. + */ +int vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp, + struct ucred *cred); +int vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap); +int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); + +#endif /* _KERNEL */ + +#endif /* !_SYS_MAC_H */ diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h new file mode 100644 index 0000000..71b2509 --- /dev/null +++ b/sys/sys/mac_policy.h @@ -0,0 +1,491 @@ +/*- + * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson + * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed by Robert Watson for the TrustedBSD Project. + * + * This software was developed for the FreeBSD Project in part by NAI Labs, + * the Security Research Division of Network Associates, Inc. under + * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA + * CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ +/* + * Kernel interface for MAC policy modules. + */ +#ifndef _SYS_MAC_POLICY_H +#define _SYS_MAC_POLICY_H + +/*- + * Pluggable access control policy definition structure. + * + * List of operations that are performed as part of the implementation + * of a MAC policy. Policy implementors declare operations with a + * mac_policy_ops structure, and using the MAC_POLICY_SET() macro. + * If an entry point is not declared, then then the policy will be ignored + * during evaluation of that event or check. + * + * Operations are sorted first by general class of operation, then + * alphabetically. + */ +struct mac_policy_conf; +struct mac_policy_ops { + /* + * Policy module operations. + */ + void (*mpo_destroy)(struct mac_policy_conf *mpc); + void (*mpo_init)(struct mac_policy_conf *mpc); + + /* + * Label operations. + */ + void (*mpo_init_bpfdesc)(struct bpf_d *, struct label *label); + void (*mpo_init_cred)(struct ucred *, struct label *label); + void (*mpo_init_devfsdirent)(struct devfs_dirent *, + struct label *label); + void (*mpo_init_ifnet)(struct ifnet *, struct label *label); + void (*mpo_init_ipq)(struct ipq *ipq, struct label *label); + int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label); + void (*mpo_init_mount)(struct mount *, struct label *mntlabel, + struct label *fslabel); + void (*mpo_init_socket)(struct socket *so, struct label *label, + struct label *peerlabel); + void (*mpo_init_pipe)(struct pipe *pipe, struct label *label); + void (*mpo_init_temp)(struct label *label); + void (*mpo_init_vnode)(struct vnode *, struct label *label); + void (*mpo_destroy_bpfdesc)(struct bpf_d *, struct label *label); + void (*mpo_destroy_cred)(struct ucred *, struct label *label); + void (*mpo_destroy_devfsdirent)(struct devfs_dirent *de, + struct label *label); + void (*mpo_destroy_ifnet)(struct ifnet *, struct label *label); + void (*mpo_destroy_ipq)(struct ipq *ipq, struct label *label); + void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label); + void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel, + struct label *fslabel); + void (*mpo_destroy_socket)(struct socket *so, struct label *label, + struct label *peerlabel); + void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label); + void (*mpo_destroy_temp)(struct label *label); + void (*mpo_destroy_vnode)(struct vnode *, struct label *label); + int (*mpo_externalize)(struct label *label, struct mac *extmac); + int (*mpo_internalize)(struct label *label, struct mac *extmac); + + /* + * Labeling event operations: file system objects, and things that + * look a lot like file system objects. + */ + void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, + struct label *label); + void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, + struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_vnode)(struct devfs_dirent *de, + struct label *direntlabel, struct vnode *vp, + struct label *vnodelabel); + void (*mpo_create_vnode)(struct ucred *cred, struct vnode *parent, + struct label *parentlabel, struct vnode *child, + struct label *childlabel); + void (*mpo_create_mount)(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct label *fslabel); + void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp, + struct label *mountlabel, struct label *fslabel); + void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp, + struct label *vnodelabel, struct label *label); + int (*mpo_stdcreatevnode_ea)(struct vnode *vp, + struct label *vnodelabel); + void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + struct label *direntlabel, struct vnode *vp, + struct label *vnodelabel); + void (*mpo_update_procfsvnode)(struct vnode *vp, + struct label *vnodelabel, struct ucred *cred); + int (*mpo_update_vnode_from_extattr)(struct vnode *vp, + struct label *vnodelabel, struct mount *mp, + struct label *fslabel); + int (*mpo_update_vnode_from_externalized)(struct vnode *vp, + struct label *vnodelabel, struct mac *mac); + void (*mpo_update_vnode_from_mount)(struct vnode *vp, + struct label *vnodelabel, struct mount *mp, + struct label *fslabel); + + /* + * Labeling event operations: IPC objects. + */ + void (*mpo_create_mbuf_from_socket)(struct socket *so, + struct label *socketlabel, struct mbuf *m, + struct label *mbuflabel); + void (*mpo_create_socket)(struct ucred *cred, struct socket *so, + struct label *socketlabel); + void (*mpo_create_socket_from_socket)(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketlabel); + void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so, + struct label *oldlabel, struct label *newlabel); + void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe, + struct label *oldlabel, struct label *newlabel); + void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf, + struct label *mbuflabel, struct socket *so, + struct label *socketpeerlabel); + void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket, + struct label *oldsocketlabel, struct socket *newsocket, + struct label *newsocketpeerlabel); + void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel); + + /* + * Labeling event operations: network objects. + */ + void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d, + struct label *bpflabel); + void (*mpo_create_ifnet)(struct ifnet *ifnet, + struct label *ifnetlabel); + void (*mpo_create_ipq)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + void (*mpo_create_datagram_from_ipq) + (struct ipq *ipq, struct label *ipqlabel, + struct mbuf *datagram, struct label *datagramlabel); + void (*mpo_create_fragment)(struct mbuf *datagram, + struct label *datagramlabel, struct mbuf *fragment, + struct label *fragmentlabel); + void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf, + struct label *oldlabel, struct mbuf *newmbuf, + struct label *newlabel); + void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_from_bpfdesc)(struct bpf_d *bpf_d, + struct label *bpflabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_from_ifnet)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *mbuf, + struct label *mbuflabel); + void (*mpo_create_mbuf_multicast_encap)(struct mbuf *oldmbuf, + struct label *oldmbuflabel, struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *newmbuf, + struct label *newmbuflabel); + void (*mpo_create_mbuf_netlayer)(struct mbuf *oldmbuf, + struct label *oldmbuflabel, struct mbuf *newmbuf, + struct label *newmbuflabel); + int (*mpo_fragment_match)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, + struct label *ifnetlabel, struct label *newlabel); + void (*mpo_update_ipq)(struct mbuf *fragment, + struct label *fragmentlabel, struct ipq *ipq, + struct label *ipqlabel); + + /* + * Labeling event operations: processes. + */ + void (*mpo_create_cred)(struct ucred *parent_cred, + struct ucred *child_cred); + void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vnodelabel); + int (*mpo_execve_will_transition)(struct ucred *old, + struct vnode *vp, struct label *vnodelabel); + void (*mpo_create_proc0)(struct ucred *cred); + void (*mpo_create_proc1)(struct ucred *cred); + void (*mpo_relabel_cred)(struct ucred *cred, + struct label *newlabel); + + /* + * Access control checks. + */ + int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d, + struct label *bpflabel, struct ifnet *ifnet, + struct label *ifnetlabel); + int (*mpo_check_cred_relabel)(struct ucred *cred, + struct label *newlabel); + int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); + int (*mpo_check_ifnet_relabel)(struct ucred *cred, + struct ifnet *ifnet, struct label *ifnetlabel, + struct label *newlabel); + int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet, + struct label *ifnetlabel, struct mbuf *m, + struct label *mbuflabel); + int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp, + struct label *mntlabel); + int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, unsigned long cmd, void *data); + int (*mpo_check_pipe_op)(struct ucred *cred, struct pipe *pipe, + struct label *pipelabel, int op); + int (*mpo_check_pipe_relabel)(struct ucred *cred, + struct pipe *pipe, struct label *pipelabel, + struct label *newlabel); + int (*mpo_check_proc_debug)(struct ucred *cred, + struct proc *proc); + int (*mpo_check_proc_sched)(struct ucred *cred, + struct proc *proc); + int (*mpo_check_proc_signal)(struct ucred *cred, + struct proc *proc, int signum); + int (*mpo_check_socket_bind)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct sockaddr *sockaddr); + int (*mpo_check_socket_connect)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct sockaddr *sockaddr); + int (*mpo_check_socket_listen)(struct ucred *cred, + struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_receive)(struct socket *so, + struct label *socketlabel, struct mbuf *m, + struct label *mbuflabel); + int (*mpo_check_socket_relabel)(struct ucred *cred, + struct socket *so, struct label *socketlabel, + struct label *newlabel); + int (*mpo_check_socket_visible)(struct ucred *cred, + struct socket *so, struct label *socketlabel); + int (*mpo_check_vnode_access)(struct ucred *cred, + struct vnode *vp, struct label *label, int flags); + int (*mpo_check_vnode_chdir)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_chroot)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_create)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct componentname *cnp, struct vattr *vap); + int (*mpo_check_vnode_delete)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct vnode *vp, void *label, struct componentname *cnp); + int (*mpo_check_vnode_deleteacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, + struct label *label); + int (*mpo_check_vnode_getacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_getextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name, struct uio *uio); + int (*mpo_check_vnode_lookup)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, + struct componentname *cnp); + int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, + struct label *label, mode_t acc_mode); + int (*mpo_check_vnode_readdir)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel); + int (*mpo_check_vnode_readlink)(struct ucred *cred, + struct vnode *vp, struct label *label); + int (*mpo_check_vnode_relabel)(struct ucred *cred, + struct vnode *vp, struct label *vnodelabel, + struct label *newlabel); + int (*mpo_check_vnode_rename_from)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, struct vnode *vp, + struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_rename_to)(struct ucred *cred, + struct vnode *dvp, struct label *dlabel, struct vnode *vp, + struct label *label, int samedir, + struct componentname *cnp); + int (*mpo_check_vnode_revoke)(struct ucred *cred, + struct vnode *vp, struct label *label); + int (*mpo_check_vnode_setacl)(struct ucred *cred, + struct vnode *vp, struct label *label, acl_type_t type, + struct acl *acl); + int (*mpo_check_vnode_setextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name, struct uio *uio); + int (*mpo_check_vnode_setflags)(struct ucred *cred, + struct vnode *vp, struct label *label, u_long flags); + int (*mpo_check_vnode_setmode)(struct ucred *cred, + struct vnode *vp, struct label *label, mode_t mode); + int (*mpo_check_vnode_setowner)(struct ucred *cred, + struct vnode *vp, struct label *label, uid_t uid, + gid_t gid); + int (*mpo_check_vnode_setutimes)(struct ucred *cred, + struct vnode *vp, struct label *label, + struct timespec atime, struct timespec mtime); + int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp, + struct label *label); + vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred, + struct vnode *vp, struct label *label, int newmapping); + int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp, + struct label *label, int op); +}; + +typedef void *macop_t; + +enum mac_op_constant { + MAC_OP_LAST, + MAC_DESTROY, + MAC_INIT, + MAC_INIT_BPFDESC, + MAC_INIT_CRED, + MAC_INIT_DEVFSDIRENT, + MAC_INIT_IFNET, + MAC_INIT_IPQ, + MAC_INIT_MBUF, + MAC_INIT_MOUNT, + MAC_INIT_PIPE, + MAC_INIT_SOCKET, + MAC_INIT_TEMP, + MAC_INIT_VNODE, + MAC_DESTROY_BPFDESC, + MAC_DESTROY_CRED, + MAC_DESTROY_DEVFSDIRENT, + MAC_DESTROY_IFNET, + MAC_DESTROY_IPQ, + MAC_DESTROY_MBUF, + MAC_DESTROY_MOUNT, + MAC_DESTROY_PIPE, + MAC_DESTROY_SOCKET, + MAC_DESTROY_TEMP, + MAC_DESTROY_VNODE, + MAC_EXTERNALIZE, + MAC_INTERNALIZE, + MAC_CREATE_DEVFS_DEVICE, + MAC_CREATE_DEVFS_DIRECTORY, + MAC_CREATE_DEVFS_VNODE, + MAC_CREATE_VNODE, + MAC_CREATE_MOUNT, + MAC_CREATE_ROOT_MOUNT, + MAC_RELABEL_VNODE, + MAC_STDCREATEVNODE_EA, + MAC_UPDATE_DEVFSDIRENT, + MAC_UPDATE_PROCFSVNODE, + MAC_UPDATE_VNODE_FROM_EXTATTR, + MAC_UPDATE_VNODE_FROM_EXTERNALIZED, + MAC_UPDATE_VNODE_FROM_MOUNT, + MAC_CREATE_MBUF_FROM_SOCKET, + MAC_CREATE_PIPE, + MAC_CREATE_SOCKET, + MAC_CREATE_SOCKET_FROM_SOCKET, + MAC_RELABEL_PIPE, + MAC_RELABEL_SOCKET, + MAC_SET_SOCKET_PEER_FROM_MBUF, + MAC_SET_SOCKET_PEER_FROM_SOCKET, + MAC_CREATE_BPFDESC, + MAC_CREATE_DATAGRAM_FROM_IPQ, + MAC_CREATE_IFNET, + MAC_CREATE_IPQ, + MAC_CREATE_FRAGMENT, + MAC_CREATE_MBUF_FROM_MBUF, + MAC_CREATE_MBUF_LINKLAYER, + MAC_CREATE_MBUF_FROM_BPFDESC, + MAC_CREATE_MBUF_FROM_IFNET, + MAC_CREATE_MBUF_MULTICAST_ENCAP, + MAC_CREATE_MBUF_NETLAYER, + MAC_FRAGMENT_MATCH, + MAC_RELABEL_IFNET, + MAC_UPDATE_IPQ, + MAC_CREATE_CRED, + MAC_EXECVE_TRANSITION, + MAC_EXECVE_WILL_TRANSITION, + MAC_CREATE_PROC0, + MAC_CREATE_PROC1, + MAC_RELABEL_CRED, + MAC_CHECK_BPFDESC_RECEIVE, + MAC_CHECK_CRED_RELABEL, + MAC_CHECK_CRED_VISIBLE, + MAC_CHECK_IFNET_RELABEL, + MAC_CHECK_IFNET_TRANSMIT, + MAC_CHECK_MOUNT_STAT, + MAC_CHECK_PIPE_IOCTL, + MAC_CHECK_PIPE_OP, + MAC_CHECK_PIPE_RELABEL, + MAC_CHECK_PROC_DEBUG, + MAC_CHECK_PROC_SCHED, + MAC_CHECK_PROC_SIGNAL, + MAC_CHECK_SOCKET_BIND, + MAC_CHECK_SOCKET_CONNECT, + MAC_CHECK_SOCKET_LISTEN, + MAC_CHECK_SOCKET_RELABEL, + MAC_CHECK_SOCKET_RECEIVE, + MAC_CHECK_SOCKET_VISIBLE, + MAC_CHECK_VNODE_ACCESS, + MAC_CHECK_VNODE_CHDIR, + MAC_CHECK_VNODE_CHROOT, + MAC_CHECK_VNODE_CREATE, + MAC_CHECK_VNODE_DELETE, + MAC_CHECK_VNODE_DELETEACL, + MAC_CHECK_VNODE_EXEC, + MAC_CHECK_VNODE_GETACL, + MAC_CHECK_VNODE_GETEXTATTR, + MAC_CHECK_VNODE_LOOKUP, + MAC_CHECK_VNODE_OPEN, + MAC_CHECK_VNODE_READDIR, + MAC_CHECK_VNODE_READLINK, + MAC_CHECK_VNODE_RELABEL, + MAC_CHECK_VNODE_RENAME_FROM, + MAC_CHECK_VNODE_RENAME_TO, + MAC_CHECK_VNODE_REVOKE, + MAC_CHECK_VNODE_SETACL, + MAC_CHECK_VNODE_SETEXTATTR, + MAC_CHECK_VNODE_SETFLAGS, + MAC_CHECK_VNODE_SETMODE, + MAC_CHECK_VNODE_SETOWNER, + MAC_CHECK_VNODE_SETUTIMES, + MAC_CHECK_VNODE_STAT, + MAC_CHECK_VNODE_MMAP_PERMS, + MAC_CHECK_VNODE_OP, +}; + +struct mac_policy_op_entry { + enum mac_op_constant mpe_constant; /* what this hook implements */ + void *mpe_function; /* hook's implementation */ +}; + +struct mac_policy_conf { + char *mpc_name; /* policy name */ + char *mpc_fullname; /* policy full name */ + struct mac_policy_ops *mpc_ops; /* policy operations */ + struct mac_policy_op_entry *mpc_entries; /* ops to fill in */ + int mpc_loadtime_flags; /* flags */ + int *mpc_field_off; /* security field */ + int mpc_runtime_flags; /* flags */ + LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */ +}; + +/* Flags for the mpc_loadtime_flags field. */ +#define MPC_LOADTIME_FLAG_NOTLATE 0x00000001 +#define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002 + +/* Flags for the mpc_runtime_flags field. */ +#define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 + +#define MAC_POLICY_SET(mpents, mpname, mpfullname, mpflags, privdata_wanted) \ + static struct mac_policy_conf mpname##_mac_policy_conf = { \ + #mpname, \ + mpfullname, \ + NULL, \ + mpents, \ + mpflags, \ + privdata_wanted, \ + 0, \ + }; \ + static moduledata_t mpname##_mod = { \ + #mpname, \ + mac_policy_modevent, \ + &mpname##_mac_policy_conf \ + }; \ + DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \ + SI_ORDER_MIDDLE) + +int mac_policy_modevent(module_t mod, int type, void *data); + +#define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] + +#endif /* !_SYS_MAC_POLICY_H */ |