summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/security/mac/mac_framework.h407
-rw-r--r--sys/security/mac/mac_policy.h491
-rw-r--r--sys/sys/mac.h407
-rw-r--r--sys/sys/mac_policy.h491
4 files changed, 1796 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
new file mode 100644
index 0000000..7ea1fe1
--- /dev/null
+++ b/sys/security/mac/mac_framework.h
@@ -0,0 +1,407 @@
+/*-
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
+ * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by NAI Labs,
+ * the Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * Userland/kernel interface for Mandatory Access Control.
+ *
+ * The POSIX.1e implementation page may be reached at:
+ * http://www.trustedbsd.org/
+ */
+#ifndef _SYS_MAC_H
+#define _SYS_MAC_H
+
+#ifndef _POSIX_MAC
+#define _POSIX_MAC
+#endif
+
+/*
+ * XXXMAC: The single MAC extended attribute will be deprecated once
+ * compound EA writes on a single target file can be performed cleanly
+ * with UFS2.
+ */
+#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac"
+#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
+
+/*
+ * XXXMAC: Per-policy structures will be moved from mac.h to per-policy
+ * include files once the revised user interface is available.
+ */
+
+/*
+ * Structures and constants associated with a Biba Integrity policy.
+ * mac_biba represents a Biba label, with mb_type determining its properties,
+ * and mb_grade represents the hierarchal grade if valid for the current
+ * mb_type. These structures will move to mac_biba.h once we have dymamic
+ * labels exposed to userland.
+ */
+struct mac_biba_element {
+ u_short mbe_type;
+ u_short mbe_grade;
+};
+
+/*
+ * Biba labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_biba {
+ int mb_flags;
+ struct mac_biba_element mb_single;
+ struct mac_biba_element mb_rangelow, mb_rangehigh;
+};
+
+/*
+ * Structures and constants associated with a Multi-Level Security policy.
+ * mac_mls represents an MLS label, with mm_type determining its properties,
+ * and mm_level represents the hierarchal sensitivity level if valid for the
+ * current mm_type. These structures will move to mac_mls.h once we have
+ * dynamic labels exposed to userland.
+ */
+struct mac_mls_element {
+ u_short mme_type;
+ u_short mme_level;
+};
+
+/*
+ * MLS labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_mls {
+ int mm_flags;
+ struct mac_mls_element mm_single;
+ struct mac_mls_element mm_rangelow, mm_rangehigh;
+};
+
+/*
+ * Structures and constants associated with a Type Enforcement policy.
+ * mac_te represents a Type Enforcement label.
+ */
+#define MAC_TE_TYPE_MAXLEN 32
+struct mac_te {
+ char mt_type[MAC_TE_TYPE_MAXLEN+1]; /* TE type */
+};
+
+struct mac_sebsd {
+ uint32_t ms_psid; /* persistent sid storage */
+};
+
+/*
+ * Composite structures and constants which combine the various policy
+ * elements into common structures to be associated with subjects and
+ * objects.
+ */
+struct mac {
+ int m_macflags;
+ struct mac_biba m_biba;
+ struct mac_mls m_mls;
+ struct mac_te m_te;
+ struct mac_sebsd m_sebsd;
+};
+typedef struct mac *mac_t;
+
+#define MAC_FLAG_INITIALIZED 0x00000001 /* Is initialized. */
+
+#ifndef _KERNEL
+
+/*
+ * POSIX.1e functions visible in the application namespace.
+ */
+int mac_dominate(const mac_t _labela, const mac_t _labelb);
+int mac_equal(const mac_t labela, const mac_t _labelb);
+int mac_free(void *_buf_p);
+mac_t mac_from_text(const char *_text_p);
+mac_t mac_get_fd(int _fildes);
+mac_t mac_get_file(const char *_path_p);
+mac_t mac_get_proc(void);
+mac_t mac_glb(const mac_t _labela, const mac_t _labelb);
+mac_t mac_lub(const mac_t _labela, const mac_t _labelb);
+int mac_set_fd(int _fildes, const mac_t _label);
+int mac_set_file(const char *_path_p, mac_t _label);
+int mac_set_proc(const mac_t _label);
+ssize_t mac_size(mac_t _label);
+char * mac_to_text(const mac_t _label, size_t *_len_p);
+int mac_valid(const mac_t _label);
+
+/*
+ * Extensions to POSIX.1e visible in the application namespace.
+ */
+int mac_is_present_np(const char *_policyname);
+int mac_policy(const char *_policyname, int call, void *arg);
+
+/*
+ * System calls wrapped by some POSIX.1e functions.
+ */
+int __mac_get_fd(int _fd, struct mac *_mac_p);
+int __mac_get_file(const char *_path_p, struct mac *_mac_p);
+int __mac_get_proc(struct mac *_mac_p);
+int __mac_set_fd(int fd, struct mac *_mac_p);
+int __mac_set_file(const char *_path_p, struct mac *_mac_p);
+int __mac_set_proc(struct mac *_mac_p);
+
+#else /* _KERNEL */
+#endif /* _KERNEL */
+
+/*
+ * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h
+ * and various other messes.
+ */
+
+#define MAC_MAX_POLICIES 8
+
+struct label {
+ int l_flags;
+ union {
+ void *l_ptr;
+ long l_long;
+ } l_perpolicy[MAC_MAX_POLICIES];
+};
+
+#ifdef _KERNEL
+
+/*
+ * MAC entry point operations
+ */
+enum mac_ep_ops {
+ MAC_OP_VNODE_READ,
+ MAC_OP_VNODE_WRITE,
+ MAC_OP_VNODE_POLL,
+ MAC_OP_PIPE_READ,
+ MAC_OP_PIPE_WRITE,
+ MAC_OP_PIPE_STAT,
+ MAC_OP_PIPE_POLL
+};
+
+/*
+ * Kernel functions to manage and evaluate labels.
+ */
+struct bpf_d;
+struct componentname;
+struct devfs_dirent;
+struct ifnet;
+struct ifreq;
+struct ipq;
+struct mbuf;
+struct mount;
+struct proc;
+struct sockaddr;
+struct socket;
+struct pipe;
+struct timespec;
+struct ucred;
+struct uio;
+struct vattr;
+struct vnode;
+
+#include <sys/acl.h> /* XXX acl_type_t */
+
+struct vop_refreshlabel_args;
+struct vop_setlabel_args;
+
+/*
+ * Label operations.
+ */
+void mac_init_bpfdesc(struct bpf_d *);
+void mac_init_cred(struct ucred *);
+void mac_init_devfsdirent(struct devfs_dirent *);
+void mac_init_ifnet(struct ifnet *);
+void mac_init_ipq(struct ipq *);
+void mac_init_socket(struct socket *);
+void mac_init_pipe(struct pipe *);
+int mac_init_mbuf(struct mbuf *m, int how);
+void mac_init_mount(struct mount *);
+void mac_init_vnode(struct vnode *);
+void mac_destroy_bpfdesc(struct bpf_d *);
+void mac_destroy_cred(struct ucred *);
+void mac_destroy_devfsdirent(struct devfs_dirent *);
+void mac_destroy_ifnet(struct ifnet *);
+void mac_destroy_ipq(struct ipq *);
+void mac_destroy_socket(struct socket *);
+void mac_destroy_pipe(struct pipe *);
+void mac_destroy_mbuf(struct mbuf *);
+void mac_destroy_mount(struct mount *);
+void mac_destroy_vnode(struct vnode *);
+
+/*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
+void mac_create_devfs_directory(char *dirname, int dirnamelen,
+ struct devfs_dirent *de);
+void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
+void mac_create_vnode(struct ucred *cred, struct vnode *parent,
+ struct vnode *child);
+void mac_create_mount(struct ucred *cred, struct mount *mp);
+void mac_create_root_mount(struct ucred *cred, struct mount *mp);
+void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+ struct label *newlabel);
+void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp);
+void mac_update_procfsvnode(struct vnode *vp, struct ucred *cred);
+void mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
+void mac_create_socket(struct ucred *cred, struct socket *socket);
+void mac_create_socket_from_socket(struct socket *oldsocket,
+ struct socket *newsocket);
+void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+ struct socket *socket);
+void mac_set_socket_peer_from_socket(struct socket *oldsocket,
+ struct socket *newsocket);
+void mac_create_pipe(struct ucred *cred, struct pipe *pipe);
+
+/*
+ * Labeling event operations: network objects.
+ */
+void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
+void mac_create_ifnet(struct ifnet *ifp);
+void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq);
+void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
+void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment);
+void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m);
+void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
+void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
+ struct ifnet *ifnet, struct mbuf *newmbuf);
+void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq);
+void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
+
+/*
+ * Labeling event operations: processes.
+ */
+void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
+void mac_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp);
+int mac_execve_will_transition(struct ucred *old, struct vnode *vp);
+void mac_create_proc0(struct ucred *cred);
+void mac_create_proc1(struct ucred *cred);
+
+/* Access control checks. */
+int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
+int mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
+int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
+int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
+int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op);
+int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ unsigned long cmd, void *data);
+int mac_check_proc_debug(struct ucred *cred, struct proc *proc);
+int mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int mac_check_proc_signal(struct ucred *cred, struct proc *proc,
+ int signum);
+int mac_check_socket_bind(struct ucred *cred, struct socket *so,
+ struct sockaddr *sockaddr);
+int mac_check_socket_connect(struct ucred *cred, struct socket *so,
+ struct sockaddr *sockaddr);
+int mac_check_socket_listen(struct ucred *cred, struct socket *so);
+int mac_check_socket_receive(struct socket *so, struct mbuf *m);
+int mac_check_socket_visible(struct ucred *cred, struct socket *so);
+int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
+ int flags);
+int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp, struct vattr *vap);
+int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp);
+/* XXX This u_char should be vm_prot_t! */
+u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp,
+ int newmapping);
+int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op);
+int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
+ mode_t acc_mode);
+int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, int samedir, struct componentname *cnp);
+int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type, struct acl *acl);
+int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+ u_long flags);
+int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+ mode_t mode);
+int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+ uid_t uid, gid_t gid);
+int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+ struct timespec atime, struct timespec mtime);
+int mac_check_vnode_stat(struct ucred *cred, struct vnode *vp);
+int mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifnet);
+int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifnet);
+int mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
+ struct label *label);
+
+/*
+ * Calls to help various file systems implement labeling functionality
+ * using their existing EA implementation.
+ */
+int vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp,
+ struct ucred *cred);
+int vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap);
+int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
+
+#endif /* _KERNEL */
+
+#endif /* !_SYS_MAC_H */
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
new file mode 100644
index 0000000..71b2509
--- /dev/null
+++ b/sys/security/mac/mac_policy.h
@@ -0,0 +1,491 @@
+/*-
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
+ * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by NAI Labs,
+ * the Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * Kernel interface for MAC policy modules.
+ */
+#ifndef _SYS_MAC_POLICY_H
+#define _SYS_MAC_POLICY_H
+
+/*-
+ * Pluggable access control policy definition structure.
+ *
+ * List of operations that are performed as part of the implementation
+ * of a MAC policy. Policy implementors declare operations with a
+ * mac_policy_ops structure, and using the MAC_POLICY_SET() macro.
+ * If an entry point is not declared, then then the policy will be ignored
+ * during evaluation of that event or check.
+ *
+ * Operations are sorted first by general class of operation, then
+ * alphabetically.
+ */
+struct mac_policy_conf;
+struct mac_policy_ops {
+ /*
+ * Policy module operations.
+ */
+ void (*mpo_destroy)(struct mac_policy_conf *mpc);
+ void (*mpo_init)(struct mac_policy_conf *mpc);
+
+ /*
+ * Label operations.
+ */
+ void (*mpo_init_bpfdesc)(struct bpf_d *, struct label *label);
+ void (*mpo_init_cred)(struct ucred *, struct label *label);
+ void (*mpo_init_devfsdirent)(struct devfs_dirent *,
+ struct label *label);
+ void (*mpo_init_ifnet)(struct ifnet *, struct label *label);
+ void (*mpo_init_ipq)(struct ipq *ipq, struct label *label);
+ int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label);
+ void (*mpo_init_mount)(struct mount *, struct label *mntlabel,
+ struct label *fslabel);
+ void (*mpo_init_socket)(struct socket *so, struct label *label,
+ struct label *peerlabel);
+ void (*mpo_init_pipe)(struct pipe *pipe, struct label *label);
+ void (*mpo_init_temp)(struct label *label);
+ void (*mpo_init_vnode)(struct vnode *, struct label *label);
+ void (*mpo_destroy_bpfdesc)(struct bpf_d *, struct label *label);
+ void (*mpo_destroy_cred)(struct ucred *, struct label *label);
+ void (*mpo_destroy_devfsdirent)(struct devfs_dirent *de,
+ struct label *label);
+ void (*mpo_destroy_ifnet)(struct ifnet *, struct label *label);
+ void (*mpo_destroy_ipq)(struct ipq *ipq, struct label *label);
+ void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label);
+ void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel,
+ struct label *fslabel);
+ void (*mpo_destroy_socket)(struct socket *so, struct label *label,
+ struct label *peerlabel);
+ void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label);
+ void (*mpo_destroy_temp)(struct label *label);
+ void (*mpo_destroy_vnode)(struct vnode *, struct label *label);
+ int (*mpo_externalize)(struct label *label, struct mac *extmac);
+ int (*mpo_internalize)(struct label *label, struct mac *extmac);
+
+ /*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+ void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de,
+ struct label *label);
+ void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen,
+ struct devfs_dirent *de, struct label *label);
+ void (*mpo_create_devfs_vnode)(struct devfs_dirent *de,
+ struct label *direntlabel, struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_create_vnode)(struct ucred *cred, struct vnode *parent,
+ struct label *parentlabel, struct vnode *child,
+ struct label *childlabel);
+ void (*mpo_create_mount)(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel, struct label *fslabel);
+ void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp,
+ struct label *mountlabel, struct label *fslabel);
+ void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp,
+ struct label *vnodelabel, struct label *label);
+ int (*mpo_stdcreatevnode_ea)(struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent,
+ struct label *direntlabel, struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_update_procfsvnode)(struct vnode *vp,
+ struct label *vnodelabel, struct ucred *cred);
+ int (*mpo_update_vnode_from_extattr)(struct vnode *vp,
+ struct label *vnodelabel, struct mount *mp,
+ struct label *fslabel);
+ int (*mpo_update_vnode_from_externalized)(struct vnode *vp,
+ struct label *vnodelabel, struct mac *mac);
+ void (*mpo_update_vnode_from_mount)(struct vnode *vp,
+ struct label *vnodelabel, struct mount *mp,
+ struct label *fslabel);
+
+ /*
+ * Labeling event operations: IPC objects.
+ */
+ void (*mpo_create_mbuf_from_socket)(struct socket *so,
+ struct label *socketlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ void (*mpo_create_socket)(struct ucred *cred, struct socket *so,
+ struct label *socketlabel);
+ void (*mpo_create_socket_from_socket)(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketlabel);
+ void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so,
+ struct label *oldlabel, struct label *newlabel);
+ void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe,
+ struct label *oldlabel, struct label *newlabel);
+ void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf,
+ struct label *mbuflabel, struct socket *so,
+ struct label *socketpeerlabel);
+ void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketpeerlabel);
+ void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel);
+
+ /*
+ * Labeling event operations: network objects.
+ */
+ void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d,
+ struct label *bpflabel);
+ void (*mpo_create_ifnet)(struct ifnet *ifnet,
+ struct label *ifnetlabel);
+ void (*mpo_create_ipq)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+ void (*mpo_create_datagram_from_ipq)
+ (struct ipq *ipq, struct label *ipqlabel,
+ struct mbuf *datagram, struct label *datagramlabel);
+ void (*mpo_create_fragment)(struct mbuf *datagram,
+ struct label *datagramlabel, struct mbuf *fragment,
+ struct label *fragmentlabel);
+ void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf,
+ struct label *oldlabel, struct mbuf *newmbuf,
+ struct label *newlabel);
+ void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_from_bpfdesc)(struct bpf_d *bpf_d,
+ struct label *bpflabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_from_ifnet)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_multicast_encap)(struct mbuf *oldmbuf,
+ struct label *oldmbuflabel, struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *newmbuf,
+ struct label *newmbuflabel);
+ void (*mpo_create_mbuf_netlayer)(struct mbuf *oldmbuf,
+ struct label *oldmbuflabel, struct mbuf *newmbuf,
+ struct label *newmbuflabel);
+ int (*mpo_fragment_match)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+ void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet,
+ struct label *ifnetlabel, struct label *newlabel);
+ void (*mpo_update_ipq)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+
+ /*
+ * Labeling event operations: processes.
+ */
+ void (*mpo_create_cred)(struct ucred *parent_cred,
+ struct ucred *child_cred);
+ void (*mpo_execve_transition)(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *vnodelabel);
+ int (*mpo_execve_will_transition)(struct ucred *old,
+ struct vnode *vp, struct label *vnodelabel);
+ void (*mpo_create_proc0)(struct ucred *cred);
+ void (*mpo_create_proc1)(struct ucred *cred);
+ void (*mpo_relabel_cred)(struct ucred *cred,
+ struct label *newlabel);
+
+ /*
+ * Access control checks.
+ */
+ int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d,
+ struct label *bpflabel, struct ifnet *ifnet,
+ struct label *ifnetlabel);
+ int (*mpo_check_cred_relabel)(struct ucred *cred,
+ struct label *newlabel);
+ int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
+ int (*mpo_check_ifnet_relabel)(struct ucred *cred,
+ struct ifnet *ifnet, struct label *ifnetlabel,
+ struct label *newlabel);
+ int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel);
+ int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void *data);
+ int (*mpo_check_pipe_op)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op);
+ int (*mpo_check_pipe_relabel)(struct ucred *cred,
+ struct pipe *pipe, struct label *pipelabel,
+ struct label *newlabel);
+ int (*mpo_check_proc_debug)(struct ucred *cred,
+ struct proc *proc);
+ int (*mpo_check_proc_sched)(struct ucred *cred,
+ struct proc *proc);
+ int (*mpo_check_proc_signal)(struct ucred *cred,
+ struct proc *proc, int signum);
+ int (*mpo_check_socket_bind)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct sockaddr *sockaddr);
+ int (*mpo_check_socket_connect)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct sockaddr *sockaddr);
+ int (*mpo_check_socket_listen)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel);
+ int (*mpo_check_socket_receive)(struct socket *so,
+ struct label *socketlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ int (*mpo_check_socket_relabel)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct label *newlabel);
+ int (*mpo_check_socket_visible)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel);
+ int (*mpo_check_vnode_access)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int flags);
+ int (*mpo_check_vnode_chdir)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_chroot)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_create)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct componentname *cnp, struct vattr *vap);
+ int (*mpo_check_vnode_delete)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct vnode *vp, void *label, struct componentname *cnp);
+ int (*mpo_check_vnode_deleteacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type);
+ int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp,
+ struct label *label);
+ int (*mpo_check_vnode_getacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type);
+ int (*mpo_check_vnode_getextattr)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int attrnamespace,
+ const char *name, struct uio *uio);
+ int (*mpo_check_vnode_lookup)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct componentname *cnp);
+ int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
+ struct label *label, mode_t acc_mode);
+ int (*mpo_check_vnode_readdir)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_readlink)(struct ucred *cred,
+ struct vnode *vp, struct label *label);
+ int (*mpo_check_vnode_relabel)(struct ucred *cred,
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *newlabel);
+ int (*mpo_check_vnode_rename_from)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel, struct vnode *vp,
+ struct label *label, struct componentname *cnp);
+ int (*mpo_check_vnode_rename_to)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel, struct vnode *vp,
+ struct label *label, int samedir,
+ struct componentname *cnp);
+ int (*mpo_check_vnode_revoke)(struct ucred *cred,
+ struct vnode *vp, struct label *label);
+ int (*mpo_check_vnode_setacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type,
+ struct acl *acl);
+ int (*mpo_check_vnode_setextattr)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int attrnamespace,
+ const char *name, struct uio *uio);
+ int (*mpo_check_vnode_setflags)(struct ucred *cred,
+ struct vnode *vp, struct label *label, u_long flags);
+ int (*mpo_check_vnode_setmode)(struct ucred *cred,
+ struct vnode *vp, struct label *label, mode_t mode);
+ int (*mpo_check_vnode_setowner)(struct ucred *cred,
+ struct vnode *vp, struct label *label, uid_t uid,
+ gid_t gid);
+ int (*mpo_check_vnode_setutimes)(struct ucred *cred,
+ struct vnode *vp, struct label *label,
+ struct timespec atime, struct timespec mtime);
+ int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp,
+ struct label *label);
+ vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int newmapping);
+ int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp,
+ struct label *label, int op);
+};
+
+typedef void *macop_t;
+
+enum mac_op_constant {
+ MAC_OP_LAST,
+ MAC_DESTROY,
+ MAC_INIT,
+ MAC_INIT_BPFDESC,
+ MAC_INIT_CRED,
+ MAC_INIT_DEVFSDIRENT,
+ MAC_INIT_IFNET,
+ MAC_INIT_IPQ,
+ MAC_INIT_MBUF,
+ MAC_INIT_MOUNT,
+ MAC_INIT_PIPE,
+ MAC_INIT_SOCKET,
+ MAC_INIT_TEMP,
+ MAC_INIT_VNODE,
+ MAC_DESTROY_BPFDESC,
+ MAC_DESTROY_CRED,
+ MAC_DESTROY_DEVFSDIRENT,
+ MAC_DESTROY_IFNET,
+ MAC_DESTROY_IPQ,
+ MAC_DESTROY_MBUF,
+ MAC_DESTROY_MOUNT,
+ MAC_DESTROY_PIPE,
+ MAC_DESTROY_SOCKET,
+ MAC_DESTROY_TEMP,
+ MAC_DESTROY_VNODE,
+ MAC_EXTERNALIZE,
+ MAC_INTERNALIZE,
+ MAC_CREATE_DEVFS_DEVICE,
+ MAC_CREATE_DEVFS_DIRECTORY,
+ MAC_CREATE_DEVFS_VNODE,
+ MAC_CREATE_VNODE,
+ MAC_CREATE_MOUNT,
+ MAC_CREATE_ROOT_MOUNT,
+ MAC_RELABEL_VNODE,
+ MAC_STDCREATEVNODE_EA,
+ MAC_UPDATE_DEVFSDIRENT,
+ MAC_UPDATE_PROCFSVNODE,
+ MAC_UPDATE_VNODE_FROM_EXTATTR,
+ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
+ MAC_UPDATE_VNODE_FROM_MOUNT,
+ MAC_CREATE_MBUF_FROM_SOCKET,
+ MAC_CREATE_PIPE,
+ MAC_CREATE_SOCKET,
+ MAC_CREATE_SOCKET_FROM_SOCKET,
+ MAC_RELABEL_PIPE,
+ MAC_RELABEL_SOCKET,
+ MAC_SET_SOCKET_PEER_FROM_MBUF,
+ MAC_SET_SOCKET_PEER_FROM_SOCKET,
+ MAC_CREATE_BPFDESC,
+ MAC_CREATE_DATAGRAM_FROM_IPQ,
+ MAC_CREATE_IFNET,
+ MAC_CREATE_IPQ,
+ MAC_CREATE_FRAGMENT,
+ MAC_CREATE_MBUF_FROM_MBUF,
+ MAC_CREATE_MBUF_LINKLAYER,
+ MAC_CREATE_MBUF_FROM_BPFDESC,
+ MAC_CREATE_MBUF_FROM_IFNET,
+ MAC_CREATE_MBUF_MULTICAST_ENCAP,
+ MAC_CREATE_MBUF_NETLAYER,
+ MAC_FRAGMENT_MATCH,
+ MAC_RELABEL_IFNET,
+ MAC_UPDATE_IPQ,
+ MAC_CREATE_CRED,
+ MAC_EXECVE_TRANSITION,
+ MAC_EXECVE_WILL_TRANSITION,
+ MAC_CREATE_PROC0,
+ MAC_CREATE_PROC1,
+ MAC_RELABEL_CRED,
+ MAC_CHECK_BPFDESC_RECEIVE,
+ MAC_CHECK_CRED_RELABEL,
+ MAC_CHECK_CRED_VISIBLE,
+ MAC_CHECK_IFNET_RELABEL,
+ MAC_CHECK_IFNET_TRANSMIT,
+ MAC_CHECK_MOUNT_STAT,
+ MAC_CHECK_PIPE_IOCTL,
+ MAC_CHECK_PIPE_OP,
+ MAC_CHECK_PIPE_RELABEL,
+ MAC_CHECK_PROC_DEBUG,
+ MAC_CHECK_PROC_SCHED,
+ MAC_CHECK_PROC_SIGNAL,
+ MAC_CHECK_SOCKET_BIND,
+ MAC_CHECK_SOCKET_CONNECT,
+ MAC_CHECK_SOCKET_LISTEN,
+ MAC_CHECK_SOCKET_RELABEL,
+ MAC_CHECK_SOCKET_RECEIVE,
+ MAC_CHECK_SOCKET_VISIBLE,
+ MAC_CHECK_VNODE_ACCESS,
+ MAC_CHECK_VNODE_CHDIR,
+ MAC_CHECK_VNODE_CHROOT,
+ MAC_CHECK_VNODE_CREATE,
+ MAC_CHECK_VNODE_DELETE,
+ MAC_CHECK_VNODE_DELETEACL,
+ MAC_CHECK_VNODE_EXEC,
+ MAC_CHECK_VNODE_GETACL,
+ MAC_CHECK_VNODE_GETEXTATTR,
+ MAC_CHECK_VNODE_LOOKUP,
+ MAC_CHECK_VNODE_OPEN,
+ MAC_CHECK_VNODE_READDIR,
+ MAC_CHECK_VNODE_READLINK,
+ MAC_CHECK_VNODE_RELABEL,
+ MAC_CHECK_VNODE_RENAME_FROM,
+ MAC_CHECK_VNODE_RENAME_TO,
+ MAC_CHECK_VNODE_REVOKE,
+ MAC_CHECK_VNODE_SETACL,
+ MAC_CHECK_VNODE_SETEXTATTR,
+ MAC_CHECK_VNODE_SETFLAGS,
+ MAC_CHECK_VNODE_SETMODE,
+ MAC_CHECK_VNODE_SETOWNER,
+ MAC_CHECK_VNODE_SETUTIMES,
+ MAC_CHECK_VNODE_STAT,
+ MAC_CHECK_VNODE_MMAP_PERMS,
+ MAC_CHECK_VNODE_OP,
+};
+
+struct mac_policy_op_entry {
+ enum mac_op_constant mpe_constant; /* what this hook implements */
+ void *mpe_function; /* hook's implementation */
+};
+
+struct mac_policy_conf {
+ char *mpc_name; /* policy name */
+ char *mpc_fullname; /* policy full name */
+ struct mac_policy_ops *mpc_ops; /* policy operations */
+ struct mac_policy_op_entry *mpc_entries; /* ops to fill in */
+ int mpc_loadtime_flags; /* flags */
+ int *mpc_field_off; /* security field */
+ int mpc_runtime_flags; /* flags */
+ LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */
+};
+
+/* Flags for the mpc_loadtime_flags field. */
+#define MPC_LOADTIME_FLAG_NOTLATE 0x00000001
+#define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002
+
+/* Flags for the mpc_runtime_flags field. */
+#define MPC_RUNTIME_FLAG_REGISTERED 0x00000001
+
+#define MAC_POLICY_SET(mpents, mpname, mpfullname, mpflags, privdata_wanted) \
+ static struct mac_policy_conf mpname##_mac_policy_conf = { \
+ #mpname, \
+ mpfullname, \
+ NULL, \
+ mpents, \
+ mpflags, \
+ privdata_wanted, \
+ 0, \
+ }; \
+ static moduledata_t mpname##_mod = { \
+ #mpname, \
+ mac_policy_modevent, \
+ &mpname##_mac_policy_conf \
+ }; \
+ DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \
+ SI_ORDER_MIDDLE)
+
+int mac_policy_modevent(module_t mod, int type, void *data);
+
+#define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s]
+
+#endif /* !_SYS_MAC_POLICY_H */
diff --git a/sys/sys/mac.h b/sys/sys/mac.h
new file mode 100644
index 0000000..7ea1fe1
--- /dev/null
+++ b/sys/sys/mac.h
@@ -0,0 +1,407 @@
+/*-
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
+ * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by NAI Labs,
+ * the Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * Userland/kernel interface for Mandatory Access Control.
+ *
+ * The POSIX.1e implementation page may be reached at:
+ * http://www.trustedbsd.org/
+ */
+#ifndef _SYS_MAC_H
+#define _SYS_MAC_H
+
+#ifndef _POSIX_MAC
+#define _POSIX_MAC
+#endif
+
+/*
+ * XXXMAC: The single MAC extended attribute will be deprecated once
+ * compound EA writes on a single target file can be performed cleanly
+ * with UFS2.
+ */
+#define FREEBSD_MAC_EXTATTR_NAME "freebsd.mac"
+#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
+
+/*
+ * XXXMAC: Per-policy structures will be moved from mac.h to per-policy
+ * include files once the revised user interface is available.
+ */
+
+/*
+ * Structures and constants associated with a Biba Integrity policy.
+ * mac_biba represents a Biba label, with mb_type determining its properties,
+ * and mb_grade represents the hierarchal grade if valid for the current
+ * mb_type. These structures will move to mac_biba.h once we have dymamic
+ * labels exposed to userland.
+ */
+struct mac_biba_element {
+ u_short mbe_type;
+ u_short mbe_grade;
+};
+
+/*
+ * Biba labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_biba {
+ int mb_flags;
+ struct mac_biba_element mb_single;
+ struct mac_biba_element mb_rangelow, mb_rangehigh;
+};
+
+/*
+ * Structures and constants associated with a Multi-Level Security policy.
+ * mac_mls represents an MLS label, with mm_type determining its properties,
+ * and mm_level represents the hierarchal sensitivity level if valid for the
+ * current mm_type. These structures will move to mac_mls.h once we have
+ * dynamic labels exposed to userland.
+ */
+struct mac_mls_element {
+ u_short mme_type;
+ u_short mme_level;
+};
+
+/*
+ * MLS labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_mls {
+ int mm_flags;
+ struct mac_mls_element mm_single;
+ struct mac_mls_element mm_rangelow, mm_rangehigh;
+};
+
+/*
+ * Structures and constants associated with a Type Enforcement policy.
+ * mac_te represents a Type Enforcement label.
+ */
+#define MAC_TE_TYPE_MAXLEN 32
+struct mac_te {
+ char mt_type[MAC_TE_TYPE_MAXLEN+1]; /* TE type */
+};
+
+struct mac_sebsd {
+ uint32_t ms_psid; /* persistent sid storage */
+};
+
+/*
+ * Composite structures and constants which combine the various policy
+ * elements into common structures to be associated with subjects and
+ * objects.
+ */
+struct mac {
+ int m_macflags;
+ struct mac_biba m_biba;
+ struct mac_mls m_mls;
+ struct mac_te m_te;
+ struct mac_sebsd m_sebsd;
+};
+typedef struct mac *mac_t;
+
+#define MAC_FLAG_INITIALIZED 0x00000001 /* Is initialized. */
+
+#ifndef _KERNEL
+
+/*
+ * POSIX.1e functions visible in the application namespace.
+ */
+int mac_dominate(const mac_t _labela, const mac_t _labelb);
+int mac_equal(const mac_t labela, const mac_t _labelb);
+int mac_free(void *_buf_p);
+mac_t mac_from_text(const char *_text_p);
+mac_t mac_get_fd(int _fildes);
+mac_t mac_get_file(const char *_path_p);
+mac_t mac_get_proc(void);
+mac_t mac_glb(const mac_t _labela, const mac_t _labelb);
+mac_t mac_lub(const mac_t _labela, const mac_t _labelb);
+int mac_set_fd(int _fildes, const mac_t _label);
+int mac_set_file(const char *_path_p, mac_t _label);
+int mac_set_proc(const mac_t _label);
+ssize_t mac_size(mac_t _label);
+char * mac_to_text(const mac_t _label, size_t *_len_p);
+int mac_valid(const mac_t _label);
+
+/*
+ * Extensions to POSIX.1e visible in the application namespace.
+ */
+int mac_is_present_np(const char *_policyname);
+int mac_policy(const char *_policyname, int call, void *arg);
+
+/*
+ * System calls wrapped by some POSIX.1e functions.
+ */
+int __mac_get_fd(int _fd, struct mac *_mac_p);
+int __mac_get_file(const char *_path_p, struct mac *_mac_p);
+int __mac_get_proc(struct mac *_mac_p);
+int __mac_set_fd(int fd, struct mac *_mac_p);
+int __mac_set_file(const char *_path_p, struct mac *_mac_p);
+int __mac_set_proc(struct mac *_mac_p);
+
+#else /* _KERNEL */
+#endif /* _KERNEL */
+
+/*
+ * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h
+ * and various other messes.
+ */
+
+#define MAC_MAX_POLICIES 8
+
+struct label {
+ int l_flags;
+ union {
+ void *l_ptr;
+ long l_long;
+ } l_perpolicy[MAC_MAX_POLICIES];
+};
+
+#ifdef _KERNEL
+
+/*
+ * MAC entry point operations
+ */
+enum mac_ep_ops {
+ MAC_OP_VNODE_READ,
+ MAC_OP_VNODE_WRITE,
+ MAC_OP_VNODE_POLL,
+ MAC_OP_PIPE_READ,
+ MAC_OP_PIPE_WRITE,
+ MAC_OP_PIPE_STAT,
+ MAC_OP_PIPE_POLL
+};
+
+/*
+ * Kernel functions to manage and evaluate labels.
+ */
+struct bpf_d;
+struct componentname;
+struct devfs_dirent;
+struct ifnet;
+struct ifreq;
+struct ipq;
+struct mbuf;
+struct mount;
+struct proc;
+struct sockaddr;
+struct socket;
+struct pipe;
+struct timespec;
+struct ucred;
+struct uio;
+struct vattr;
+struct vnode;
+
+#include <sys/acl.h> /* XXX acl_type_t */
+
+struct vop_refreshlabel_args;
+struct vop_setlabel_args;
+
+/*
+ * Label operations.
+ */
+void mac_init_bpfdesc(struct bpf_d *);
+void mac_init_cred(struct ucred *);
+void mac_init_devfsdirent(struct devfs_dirent *);
+void mac_init_ifnet(struct ifnet *);
+void mac_init_ipq(struct ipq *);
+void mac_init_socket(struct socket *);
+void mac_init_pipe(struct pipe *);
+int mac_init_mbuf(struct mbuf *m, int how);
+void mac_init_mount(struct mount *);
+void mac_init_vnode(struct vnode *);
+void mac_destroy_bpfdesc(struct bpf_d *);
+void mac_destroy_cred(struct ucred *);
+void mac_destroy_devfsdirent(struct devfs_dirent *);
+void mac_destroy_ifnet(struct ifnet *);
+void mac_destroy_ipq(struct ipq *);
+void mac_destroy_socket(struct socket *);
+void mac_destroy_pipe(struct pipe *);
+void mac_destroy_mbuf(struct mbuf *);
+void mac_destroy_mount(struct mount *);
+void mac_destroy_vnode(struct vnode *);
+
+/*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
+void mac_create_devfs_directory(char *dirname, int dirnamelen,
+ struct devfs_dirent *de);
+void mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
+void mac_create_vnode(struct ucred *cred, struct vnode *parent,
+ struct vnode *child);
+void mac_create_mount(struct ucred *cred, struct mount *mp);
+void mac_create_root_mount(struct ucred *cred, struct mount *mp);
+void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+ struct label *newlabel);
+void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp);
+void mac_update_procfsvnode(struct vnode *vp, struct ucred *cred);
+void mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
+void mac_create_socket(struct ucred *cred, struct socket *socket);
+void mac_create_socket_from_socket(struct socket *oldsocket,
+ struct socket *newsocket);
+void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+ struct socket *socket);
+void mac_set_socket_peer_from_socket(struct socket *oldsocket,
+ struct socket *newsocket);
+void mac_create_pipe(struct ucred *cred, struct pipe *pipe);
+
+/*
+ * Labeling event operations: network objects.
+ */
+void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
+void mac_create_ifnet(struct ifnet *ifp);
+void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq);
+void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
+void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment);
+void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m);
+void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
+void mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
+ struct ifnet *ifnet, struct mbuf *newmbuf);
+void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq);
+void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
+
+/*
+ * Labeling event operations: processes.
+ */
+void mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
+void mac_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp);
+int mac_execve_will_transition(struct ucred *old, struct vnode *vp);
+void mac_create_proc0(struct ucred *cred);
+void mac_create_proc1(struct ucred *cred);
+
+/* Access control checks. */
+int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
+int mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
+int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
+int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
+int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op);
+int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ unsigned long cmd, void *data);
+int mac_check_proc_debug(struct ucred *cred, struct proc *proc);
+int mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int mac_check_proc_signal(struct ucred *cred, struct proc *proc,
+ int signum);
+int mac_check_socket_bind(struct ucred *cred, struct socket *so,
+ struct sockaddr *sockaddr);
+int mac_check_socket_connect(struct ucred *cred, struct socket *so,
+ struct sockaddr *sockaddr);
+int mac_check_socket_listen(struct ucred *cred, struct socket *so);
+int mac_check_socket_receive(struct socket *so, struct mbuf *m);
+int mac_check_socket_visible(struct ucred *cred, struct socket *so);
+int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
+ int flags);
+int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp, struct vattr *vap);
+int mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp);
+/* XXX This u_char should be vm_prot_t! */
+u_char mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp,
+ int newmapping);
+int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op);
+int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
+ mode_t acc_mode);
+int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, int samedir, struct componentname *cnp);
+int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type, struct acl *acl);
+int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+ u_long flags);
+int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+ mode_t mode);
+int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+ uid_t uid, gid_t gid);
+int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+ struct timespec atime, struct timespec mtime);
+int mac_check_vnode_stat(struct ucred *cred, struct vnode *vp);
+int mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifnet);
+int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifnet);
+int mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
+ struct label *label);
+
+/*
+ * Calls to help various file systems implement labeling functionality
+ * using their existing EA implementation.
+ */
+int vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp,
+ struct ucred *cred);
+int vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap);
+int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
+
+#endif /* _KERNEL */
+
+#endif /* !_SYS_MAC_H */
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h
new file mode 100644
index 0000000..71b2509
--- /dev/null
+++ b/sys/sys/mac_policy.h
@@ -0,0 +1,491 @@
+/*-
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
+ * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by NAI Labs,
+ * the Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * Kernel interface for MAC policy modules.
+ */
+#ifndef _SYS_MAC_POLICY_H
+#define _SYS_MAC_POLICY_H
+
+/*-
+ * Pluggable access control policy definition structure.
+ *
+ * List of operations that are performed as part of the implementation
+ * of a MAC policy. Policy implementors declare operations with a
+ * mac_policy_ops structure, and using the MAC_POLICY_SET() macro.
+ * If an entry point is not declared, then then the policy will be ignored
+ * during evaluation of that event or check.
+ *
+ * Operations are sorted first by general class of operation, then
+ * alphabetically.
+ */
+struct mac_policy_conf;
+struct mac_policy_ops {
+ /*
+ * Policy module operations.
+ */
+ void (*mpo_destroy)(struct mac_policy_conf *mpc);
+ void (*mpo_init)(struct mac_policy_conf *mpc);
+
+ /*
+ * Label operations.
+ */
+ void (*mpo_init_bpfdesc)(struct bpf_d *, struct label *label);
+ void (*mpo_init_cred)(struct ucred *, struct label *label);
+ void (*mpo_init_devfsdirent)(struct devfs_dirent *,
+ struct label *label);
+ void (*mpo_init_ifnet)(struct ifnet *, struct label *label);
+ void (*mpo_init_ipq)(struct ipq *ipq, struct label *label);
+ int (*mpo_init_mbuf)(struct mbuf *, int how, struct label *label);
+ void (*mpo_init_mount)(struct mount *, struct label *mntlabel,
+ struct label *fslabel);
+ void (*mpo_init_socket)(struct socket *so, struct label *label,
+ struct label *peerlabel);
+ void (*mpo_init_pipe)(struct pipe *pipe, struct label *label);
+ void (*mpo_init_temp)(struct label *label);
+ void (*mpo_init_vnode)(struct vnode *, struct label *label);
+ void (*mpo_destroy_bpfdesc)(struct bpf_d *, struct label *label);
+ void (*mpo_destroy_cred)(struct ucred *, struct label *label);
+ void (*mpo_destroy_devfsdirent)(struct devfs_dirent *de,
+ struct label *label);
+ void (*mpo_destroy_ifnet)(struct ifnet *, struct label *label);
+ void (*mpo_destroy_ipq)(struct ipq *ipq, struct label *label);
+ void (*mpo_destroy_mbuf)(struct mbuf *, struct label *label);
+ void (*mpo_destroy_mount)(struct mount *, struct label *mntlabel,
+ struct label *fslabel);
+ void (*mpo_destroy_socket)(struct socket *so, struct label *label,
+ struct label *peerlabel);
+ void (*mpo_destroy_pipe)(struct pipe *pipe, struct label *label);
+ void (*mpo_destroy_temp)(struct label *label);
+ void (*mpo_destroy_vnode)(struct vnode *, struct label *label);
+ int (*mpo_externalize)(struct label *label, struct mac *extmac);
+ int (*mpo_internalize)(struct label *label, struct mac *extmac);
+
+ /*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+ void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de,
+ struct label *label);
+ void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen,
+ struct devfs_dirent *de, struct label *label);
+ void (*mpo_create_devfs_vnode)(struct devfs_dirent *de,
+ struct label *direntlabel, struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_create_vnode)(struct ucred *cred, struct vnode *parent,
+ struct label *parentlabel, struct vnode *child,
+ struct label *childlabel);
+ void (*mpo_create_mount)(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel, struct label *fslabel);
+ void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp,
+ struct label *mountlabel, struct label *fslabel);
+ void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp,
+ struct label *vnodelabel, struct label *label);
+ int (*mpo_stdcreatevnode_ea)(struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent,
+ struct label *direntlabel, struct vnode *vp,
+ struct label *vnodelabel);
+ void (*mpo_update_procfsvnode)(struct vnode *vp,
+ struct label *vnodelabel, struct ucred *cred);
+ int (*mpo_update_vnode_from_extattr)(struct vnode *vp,
+ struct label *vnodelabel, struct mount *mp,
+ struct label *fslabel);
+ int (*mpo_update_vnode_from_externalized)(struct vnode *vp,
+ struct label *vnodelabel, struct mac *mac);
+ void (*mpo_update_vnode_from_mount)(struct vnode *vp,
+ struct label *vnodelabel, struct mount *mp,
+ struct label *fslabel);
+
+ /*
+ * Labeling event operations: IPC objects.
+ */
+ void (*mpo_create_mbuf_from_socket)(struct socket *so,
+ struct label *socketlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ void (*mpo_create_socket)(struct ucred *cred, struct socket *so,
+ struct label *socketlabel);
+ void (*mpo_create_socket_from_socket)(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketlabel);
+ void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so,
+ struct label *oldlabel, struct label *newlabel);
+ void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe,
+ struct label *oldlabel, struct label *newlabel);
+ void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf,
+ struct label *mbuflabel, struct socket *so,
+ struct label *socketpeerlabel);
+ void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket,
+ struct label *oldsocketlabel, struct socket *newsocket,
+ struct label *newsocketpeerlabel);
+ void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel);
+
+ /*
+ * Labeling event operations: network objects.
+ */
+ void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d,
+ struct label *bpflabel);
+ void (*mpo_create_ifnet)(struct ifnet *ifnet,
+ struct label *ifnetlabel);
+ void (*mpo_create_ipq)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+ void (*mpo_create_datagram_from_ipq)
+ (struct ipq *ipq, struct label *ipqlabel,
+ struct mbuf *datagram, struct label *datagramlabel);
+ void (*mpo_create_fragment)(struct mbuf *datagram,
+ struct label *datagramlabel, struct mbuf *fragment,
+ struct label *fragmentlabel);
+ void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf,
+ struct label *oldlabel, struct mbuf *newmbuf,
+ struct label *newlabel);
+ void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_from_bpfdesc)(struct bpf_d *bpf_d,
+ struct label *bpflabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_from_ifnet)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *mbuf,
+ struct label *mbuflabel);
+ void (*mpo_create_mbuf_multicast_encap)(struct mbuf *oldmbuf,
+ struct label *oldmbuflabel, struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *newmbuf,
+ struct label *newmbuflabel);
+ void (*mpo_create_mbuf_netlayer)(struct mbuf *oldmbuf,
+ struct label *oldmbuflabel, struct mbuf *newmbuf,
+ struct label *newmbuflabel);
+ int (*mpo_fragment_match)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+ void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet,
+ struct label *ifnetlabel, struct label *newlabel);
+ void (*mpo_update_ipq)(struct mbuf *fragment,
+ struct label *fragmentlabel, struct ipq *ipq,
+ struct label *ipqlabel);
+
+ /*
+ * Labeling event operations: processes.
+ */
+ void (*mpo_create_cred)(struct ucred *parent_cred,
+ struct ucred *child_cred);
+ void (*mpo_execve_transition)(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *vnodelabel);
+ int (*mpo_execve_will_transition)(struct ucred *old,
+ struct vnode *vp, struct label *vnodelabel);
+ void (*mpo_create_proc0)(struct ucred *cred);
+ void (*mpo_create_proc1)(struct ucred *cred);
+ void (*mpo_relabel_cred)(struct ucred *cred,
+ struct label *newlabel);
+
+ /*
+ * Access control checks.
+ */
+ int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d,
+ struct label *bpflabel, struct ifnet *ifnet,
+ struct label *ifnetlabel);
+ int (*mpo_check_cred_relabel)(struct ucred *cred,
+ struct label *newlabel);
+ int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
+ int (*mpo_check_ifnet_relabel)(struct ucred *cred,
+ struct ifnet *ifnet, struct label *ifnetlabel,
+ struct label *newlabel);
+ int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet,
+ struct label *ifnetlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel);
+ int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void *data);
+ int (*mpo_check_pipe_op)(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op);
+ int (*mpo_check_pipe_relabel)(struct ucred *cred,
+ struct pipe *pipe, struct label *pipelabel,
+ struct label *newlabel);
+ int (*mpo_check_proc_debug)(struct ucred *cred,
+ struct proc *proc);
+ int (*mpo_check_proc_sched)(struct ucred *cred,
+ struct proc *proc);
+ int (*mpo_check_proc_signal)(struct ucred *cred,
+ struct proc *proc, int signum);
+ int (*mpo_check_socket_bind)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct sockaddr *sockaddr);
+ int (*mpo_check_socket_connect)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct sockaddr *sockaddr);
+ int (*mpo_check_socket_listen)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel);
+ int (*mpo_check_socket_receive)(struct socket *so,
+ struct label *socketlabel, struct mbuf *m,
+ struct label *mbuflabel);
+ int (*mpo_check_socket_relabel)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel,
+ struct label *newlabel);
+ int (*mpo_check_socket_visible)(struct ucred *cred,
+ struct socket *so, struct label *socketlabel);
+ int (*mpo_check_vnode_access)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int flags);
+ int (*mpo_check_vnode_chdir)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_chroot)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_create)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct componentname *cnp, struct vattr *vap);
+ int (*mpo_check_vnode_delete)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct vnode *vp, void *label, struct componentname *cnp);
+ int (*mpo_check_vnode_deleteacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type);
+ int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp,
+ struct label *label);
+ int (*mpo_check_vnode_getacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type);
+ int (*mpo_check_vnode_getextattr)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int attrnamespace,
+ const char *name, struct uio *uio);
+ int (*mpo_check_vnode_lookup)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel,
+ struct componentname *cnp);
+ int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
+ struct label *label, mode_t acc_mode);
+ int (*mpo_check_vnode_readdir)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel);
+ int (*mpo_check_vnode_readlink)(struct ucred *cred,
+ struct vnode *vp, struct label *label);
+ int (*mpo_check_vnode_relabel)(struct ucred *cred,
+ struct vnode *vp, struct label *vnodelabel,
+ struct label *newlabel);
+ int (*mpo_check_vnode_rename_from)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel, struct vnode *vp,
+ struct label *label, struct componentname *cnp);
+ int (*mpo_check_vnode_rename_to)(struct ucred *cred,
+ struct vnode *dvp, struct label *dlabel, struct vnode *vp,
+ struct label *label, int samedir,
+ struct componentname *cnp);
+ int (*mpo_check_vnode_revoke)(struct ucred *cred,
+ struct vnode *vp, struct label *label);
+ int (*mpo_check_vnode_setacl)(struct ucred *cred,
+ struct vnode *vp, struct label *label, acl_type_t type,
+ struct acl *acl);
+ int (*mpo_check_vnode_setextattr)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int attrnamespace,
+ const char *name, struct uio *uio);
+ int (*mpo_check_vnode_setflags)(struct ucred *cred,
+ struct vnode *vp, struct label *label, u_long flags);
+ int (*mpo_check_vnode_setmode)(struct ucred *cred,
+ struct vnode *vp, struct label *label, mode_t mode);
+ int (*mpo_check_vnode_setowner)(struct ucred *cred,
+ struct vnode *vp, struct label *label, uid_t uid,
+ gid_t gid);
+ int (*mpo_check_vnode_setutimes)(struct ucred *cred,
+ struct vnode *vp, struct label *label,
+ struct timespec atime, struct timespec mtime);
+ int (*mpo_check_vnode_stat)(struct ucred *cred, struct vnode *vp,
+ struct label *label);
+ vm_prot_t (*mpo_check_vnode_mmap_perms)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int newmapping);
+ int (*mpo_check_vnode_op)(struct ucred *cred, struct vnode *vp,
+ struct label *label, int op);
+};
+
+typedef void *macop_t;
+
+enum mac_op_constant {
+ MAC_OP_LAST,
+ MAC_DESTROY,
+ MAC_INIT,
+ MAC_INIT_BPFDESC,
+ MAC_INIT_CRED,
+ MAC_INIT_DEVFSDIRENT,
+ MAC_INIT_IFNET,
+ MAC_INIT_IPQ,
+ MAC_INIT_MBUF,
+ MAC_INIT_MOUNT,
+ MAC_INIT_PIPE,
+ MAC_INIT_SOCKET,
+ MAC_INIT_TEMP,
+ MAC_INIT_VNODE,
+ MAC_DESTROY_BPFDESC,
+ MAC_DESTROY_CRED,
+ MAC_DESTROY_DEVFSDIRENT,
+ MAC_DESTROY_IFNET,
+ MAC_DESTROY_IPQ,
+ MAC_DESTROY_MBUF,
+ MAC_DESTROY_MOUNT,
+ MAC_DESTROY_PIPE,
+ MAC_DESTROY_SOCKET,
+ MAC_DESTROY_TEMP,
+ MAC_DESTROY_VNODE,
+ MAC_EXTERNALIZE,
+ MAC_INTERNALIZE,
+ MAC_CREATE_DEVFS_DEVICE,
+ MAC_CREATE_DEVFS_DIRECTORY,
+ MAC_CREATE_DEVFS_VNODE,
+ MAC_CREATE_VNODE,
+ MAC_CREATE_MOUNT,
+ MAC_CREATE_ROOT_MOUNT,
+ MAC_RELABEL_VNODE,
+ MAC_STDCREATEVNODE_EA,
+ MAC_UPDATE_DEVFSDIRENT,
+ MAC_UPDATE_PROCFSVNODE,
+ MAC_UPDATE_VNODE_FROM_EXTATTR,
+ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
+ MAC_UPDATE_VNODE_FROM_MOUNT,
+ MAC_CREATE_MBUF_FROM_SOCKET,
+ MAC_CREATE_PIPE,
+ MAC_CREATE_SOCKET,
+ MAC_CREATE_SOCKET_FROM_SOCKET,
+ MAC_RELABEL_PIPE,
+ MAC_RELABEL_SOCKET,
+ MAC_SET_SOCKET_PEER_FROM_MBUF,
+ MAC_SET_SOCKET_PEER_FROM_SOCKET,
+ MAC_CREATE_BPFDESC,
+ MAC_CREATE_DATAGRAM_FROM_IPQ,
+ MAC_CREATE_IFNET,
+ MAC_CREATE_IPQ,
+ MAC_CREATE_FRAGMENT,
+ MAC_CREATE_MBUF_FROM_MBUF,
+ MAC_CREATE_MBUF_LINKLAYER,
+ MAC_CREATE_MBUF_FROM_BPFDESC,
+ MAC_CREATE_MBUF_FROM_IFNET,
+ MAC_CREATE_MBUF_MULTICAST_ENCAP,
+ MAC_CREATE_MBUF_NETLAYER,
+ MAC_FRAGMENT_MATCH,
+ MAC_RELABEL_IFNET,
+ MAC_UPDATE_IPQ,
+ MAC_CREATE_CRED,
+ MAC_EXECVE_TRANSITION,
+ MAC_EXECVE_WILL_TRANSITION,
+ MAC_CREATE_PROC0,
+ MAC_CREATE_PROC1,
+ MAC_RELABEL_CRED,
+ MAC_CHECK_BPFDESC_RECEIVE,
+ MAC_CHECK_CRED_RELABEL,
+ MAC_CHECK_CRED_VISIBLE,
+ MAC_CHECK_IFNET_RELABEL,
+ MAC_CHECK_IFNET_TRANSMIT,
+ MAC_CHECK_MOUNT_STAT,
+ MAC_CHECK_PIPE_IOCTL,
+ MAC_CHECK_PIPE_OP,
+ MAC_CHECK_PIPE_RELABEL,
+ MAC_CHECK_PROC_DEBUG,
+ MAC_CHECK_PROC_SCHED,
+ MAC_CHECK_PROC_SIGNAL,
+ MAC_CHECK_SOCKET_BIND,
+ MAC_CHECK_SOCKET_CONNECT,
+ MAC_CHECK_SOCKET_LISTEN,
+ MAC_CHECK_SOCKET_RELABEL,
+ MAC_CHECK_SOCKET_RECEIVE,
+ MAC_CHECK_SOCKET_VISIBLE,
+ MAC_CHECK_VNODE_ACCESS,
+ MAC_CHECK_VNODE_CHDIR,
+ MAC_CHECK_VNODE_CHROOT,
+ MAC_CHECK_VNODE_CREATE,
+ MAC_CHECK_VNODE_DELETE,
+ MAC_CHECK_VNODE_DELETEACL,
+ MAC_CHECK_VNODE_EXEC,
+ MAC_CHECK_VNODE_GETACL,
+ MAC_CHECK_VNODE_GETEXTATTR,
+ MAC_CHECK_VNODE_LOOKUP,
+ MAC_CHECK_VNODE_OPEN,
+ MAC_CHECK_VNODE_READDIR,
+ MAC_CHECK_VNODE_READLINK,
+ MAC_CHECK_VNODE_RELABEL,
+ MAC_CHECK_VNODE_RENAME_FROM,
+ MAC_CHECK_VNODE_RENAME_TO,
+ MAC_CHECK_VNODE_REVOKE,
+ MAC_CHECK_VNODE_SETACL,
+ MAC_CHECK_VNODE_SETEXTATTR,
+ MAC_CHECK_VNODE_SETFLAGS,
+ MAC_CHECK_VNODE_SETMODE,
+ MAC_CHECK_VNODE_SETOWNER,
+ MAC_CHECK_VNODE_SETUTIMES,
+ MAC_CHECK_VNODE_STAT,
+ MAC_CHECK_VNODE_MMAP_PERMS,
+ MAC_CHECK_VNODE_OP,
+};
+
+struct mac_policy_op_entry {
+ enum mac_op_constant mpe_constant; /* what this hook implements */
+ void *mpe_function; /* hook's implementation */
+};
+
+struct mac_policy_conf {
+ char *mpc_name; /* policy name */
+ char *mpc_fullname; /* policy full name */
+ struct mac_policy_ops *mpc_ops; /* policy operations */
+ struct mac_policy_op_entry *mpc_entries; /* ops to fill in */
+ int mpc_loadtime_flags; /* flags */
+ int *mpc_field_off; /* security field */
+ int mpc_runtime_flags; /* flags */
+ LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */
+};
+
+/* Flags for the mpc_loadtime_flags field. */
+#define MPC_LOADTIME_FLAG_NOTLATE 0x00000001
+#define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002
+
+/* Flags for the mpc_runtime_flags field. */
+#define MPC_RUNTIME_FLAG_REGISTERED 0x00000001
+
+#define MAC_POLICY_SET(mpents, mpname, mpfullname, mpflags, privdata_wanted) \
+ static struct mac_policy_conf mpname##_mac_policy_conf = { \
+ #mpname, \
+ mpfullname, \
+ NULL, \
+ mpents, \
+ mpflags, \
+ privdata_wanted, \
+ 0, \
+ }; \
+ static moduledata_t mpname##_mod = { \
+ #mpname, \
+ mac_policy_modevent, \
+ &mpname##_mac_policy_conf \
+ }; \
+ DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \
+ SI_ORDER_MIDDLE)
+
+int mac_policy_modevent(module_t mod, int type, void *data);
+
+#define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s]
+
+#endif /* !_SYS_MAC_POLICY_H */
OpenPOWER on IntegriCloud