diff options
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 350 | ||||
| -rw-r--r-- | sys/security/mac_biba/mac_biba.h | 10 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 336 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.h | 10 |
4 files changed, 353 insertions, 353 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 34c30fa..f8a7321 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -221,9 +221,9 @@ mac_biba_subject_dominate_high(struct mac_biba *mac_biba) { struct mac_biba_element *element; - KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_single_in_range: mac_biba not single")); - element = &mac_biba->mb_single; + KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_effective_in_range: mac_biba not effective")); + element = &mac_biba->mb_effective; return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || element->mbe_type == MAC_BIBA_TYPE_HIGH); @@ -240,31 +240,31 @@ mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) } static int -mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) +mac_biba_effective_in_range(struct mac_biba *effective, struct mac_biba *range) { - KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_single_in_range: a not single")); + KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_effective_in_range: a not effective")); KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, - ("mac_biba_single_in_range: b not range")); + ("mac_biba_effective_in_range: b not range")); return (mac_biba_dominate_element(&range->mb_rangehigh, - &single->mb_single) && - mac_biba_dominate_element(&single->mb_single, + &effective->mb_effective) && + mac_biba_dominate_element(&effective->mb_effective, &range->mb_rangelow)); return (1); } static int -mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) +mac_biba_dominate_effective(struct mac_biba *a, struct mac_biba *b) { - KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_dominate_single: a not single")); - KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_dominate_single: b not single")); + KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_dominate_effective: a not effective")); + KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_dominate_effective: b not effective")); - return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); + return (mac_biba_dominate_element(&a->mb_effective, &b->mb_effective)); } static int @@ -279,23 +279,23 @@ mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) } static int -mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) +mac_biba_equal_effective(struct mac_biba *a, struct mac_biba *b) { - KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: a not single")); - KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: b not single")); + KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: a not effective")); + KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: b not effective")); - return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); + return (mac_biba_equal_element(&a->mb_effective, &b->mb_effective)); } static int mac_biba_contains_equal(struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) - if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) + if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) return (1); if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { @@ -316,8 +316,8 @@ mac_biba_subject_privileged(struct mac_biba *mac_biba) MAC_BIBA_FLAGS_BOTH, ("mac_biba_subject_privileged: subject doesn't have both labels")); - /* If the single is EQUAL, it's ok. */ - if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) + /* If the effective is EQUAL, it's ok. */ + if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) return (0); /* If either range endpoint is EQUAL, it's ok. */ @@ -335,30 +335,30 @@ mac_biba_subject_privileged(struct mac_biba *mac_biba) } static int -mac_biba_high_single(struct mac_biba *mac_biba) +mac_biba_high_effective(struct mac_biba *mac_biba) { - KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: mac_biba not single")); + KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: mac_biba not effective")); - return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); + return (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); } static int mac_biba_valid(struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { - switch (mac_biba->mb_single.mbe_type) { + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + switch (mac_biba->mb_effective.mbe_type) { case MAC_BIBA_TYPE_GRADE: break; case MAC_BIBA_TYPE_EQUAL: case MAC_BIBA_TYPE_HIGH: case MAC_BIBA_TYPE_LOW: - if (mac_biba->mb_single.mbe_grade != 0 || + if (mac_biba->mb_effective.mbe_grade != 0 || !MAC_BIBA_BIT_SET_EMPTY( - mac_biba->mb_single.mbe_compartments)) + mac_biba->mb_effective.mbe_compartments)) return (EINVAL); break; @@ -366,7 +366,7 @@ mac_biba_valid(struct mac_biba *mac_biba) return (EINVAL); } } else { - if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) + if (mac_biba->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) return (EINVAL); } @@ -438,16 +438,16 @@ mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, } static void -mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade, +mac_biba_set_effective(struct mac_biba *mac_biba, u_short type, u_short grade, u_char *compartments) { - mac_biba->mb_single.mbe_type = type; - mac_biba->mb_single.mbe_grade = grade; + mac_biba->mb_effective.mbe_type = type; + mac_biba->mb_effective.mbe_grade = grade; if (compartments != NULL) - memcpy(mac_biba->mb_single.mbe_compartments, compartments, - sizeof(mac_biba->mb_single.mbe_compartments)); - mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; + memcpy(mac_biba->mb_effective.mbe_compartments, compartments, + sizeof(mac_biba->mb_effective.mbe_compartments)); + mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } static void @@ -463,22 +463,22 @@ mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) } static void -mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) +mac_biba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) { - KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_copy_single: labelfrom not single")); + KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_copy_effective: labelfrom not effective")); - labelto->mb_single = labelfrom->mb_single; - labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; + labelto->mb_effective = labelfrom->mb_effective; + labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } static void mac_biba_copy(struct mac_biba *source, struct mac_biba *dest) { - if (source->mb_flags & MAC_BIBA_FLAG_SINGLE) - mac_biba_copy_single(source, dest); + if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) + mac_biba_copy_effective(source, dest); if (source->mb_flags & MAC_BIBA_FLAG_RANGE) mac_biba_copy_range(source, dest); } @@ -581,8 +581,8 @@ static int mac_biba_to_string(struct sbuf *sb, struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { - if (mac_biba_element_to_string(sb, &mac_biba->mb_single) + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + if (mac_biba_element_to_string(sb, &mac_biba->mb_effective) == -1) return (EINVAL); } @@ -686,12 +686,12 @@ mac_biba_parse_element(struct mac_biba_element *element, char *string) static int mac_biba_parse(struct mac_biba *mac_biba, char *string) { - char *rangehigh, *rangelow, *single; + char *rangehigh, *rangelow, *effective; int error; - single = strsep(&string, "("); - if (*single == '\0') - single = NULL; + effective = strsep(&string, "("); + if (*effective == '\0') + effective = NULL; if (string != NULL) { rangelow = strsep(&string, "-"); @@ -712,11 +712,11 @@ mac_biba_parse(struct mac_biba *mac_biba, char *string) ("mac_biba_parse: range mismatch")); bzero(mac_biba, sizeof(*mac_biba)); - if (single != NULL) { - error = mac_biba_parse_element(&mac_biba->mb_single, single); + if (effective != NULL) { + error = mac_biba_parse_element(&mac_biba->mb_effective, effective); if (error) return (error); - mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } if (rangelow != NULL) { @@ -790,7 +790,7 @@ mac_biba_create_devfs_device(struct mount *mp, struct cdev *dev, biba_type = MAC_BIBA_TYPE_EQUAL; else biba_type = MAC_BIBA_TYPE_HIGH; - mac_biba_set_single(mac_biba, biba_type, 0, NULL); + mac_biba_set_effective(mac_biba, biba_type, 0, NULL); } static void @@ -800,7 +800,7 @@ mac_biba_create_devfs_directory(struct mount *mp, char *dirname, struct mac_biba *mac_biba; mac_biba = SLOT(label); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -813,7 +813,7 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(delabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -824,9 +824,9 @@ mac_biba_create_mount(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(mntlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); dest = SLOT(fslabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -837,9 +837,9 @@ mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, /* Always mount root as high integrity. */ mac_biba = SLOT(fslabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba = SLOT(mntlabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -877,7 +877,7 @@ mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, source = SLOT(delabel); dest = SLOT(vlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -897,7 +897,7 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { /* Fall back to the fslabel. */ - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); return (0); } else if (error) return (error); @@ -911,12 +911,12 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, printf("mac_biba_associate_vnode_extattr: invalid\n"); return (EPERM); } - if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) { - printf("mac_biba_associate_vnode_extattr: not single\n"); + if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_EFFECTIVE) { + printf("mac_biba_associate_vnode_extattr: not effective\n"); return (EPERM); } - mac_biba_copy_single(&temp, dest); + mac_biba_copy_effective(&temp, dest); return (0); } @@ -929,7 +929,7 @@ mac_biba_associate_vnode_singlelabel(struct mount *mp, source = SLOT(fslabel); dest = SLOT(vlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -946,12 +946,12 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(vlabel); - mac_biba_copy_single(source, &temp); + mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); if (error == 0) - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); return (error); } @@ -967,10 +967,10 @@ mac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, bzero(&temp, buflen); source = SLOT(intlabel); - if ((source->mb_flags & MAC_BIBA_FLAG_SINGLE) == 0) + if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) return (0); - mac_biba_copy_single(source, &temp); + mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); @@ -989,7 +989,7 @@ mac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, source = SLOT(solabel); dest = SLOT(inplabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1001,7 +1001,7 @@ mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, source = SLOT(socketlabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1013,7 +1013,7 @@ mac_biba_create_socket(struct ucred *cred, struct socket *socket, source = SLOT(cred->cr_label); dest = SLOT(socketlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1025,7 +1025,7 @@ mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, source = SLOT(cred->cr_label); dest = SLOT(pipelabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1038,7 +1038,7 @@ mac_biba_create_socket_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1074,7 +1074,7 @@ mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, source = SLOT(mbuflabel); dest = SLOT(socketpeerlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } /* @@ -1090,7 +1090,7 @@ mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketpeerlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1102,7 +1102,7 @@ mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, source = SLOT(cred->cr_label); dest = SLOT(bpflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1158,7 +1158,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) } } set: - mac_biba_set_single(dest, type, 0, NULL); + mac_biba_set_effective(dest, type, 0, NULL); mac_biba_set_range(dest, type, 0, NULL, type, 0, NULL); } @@ -1171,7 +1171,7 @@ mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, source = SLOT(fragmentlabel); dest = SLOT(ipqlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1184,7 +1184,7 @@ mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, dest = SLOT(datagramlabel); /* Just use the head, since we require them all to match. */ - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1196,7 +1196,7 @@ mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, source = SLOT(datagramlabel); dest = SLOT(fragmentlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1208,7 +1208,7 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, source = SLOT(inplabel); dest = SLOT(mlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1240,7 +1240,7 @@ mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, dest = SLOT(mbuflabel); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } static void @@ -1252,7 +1252,7 @@ mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, source = SLOT(bpflabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1264,7 +1264,7 @@ mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, source = SLOT(ifnetlabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1277,7 +1277,7 @@ mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1289,7 +1289,7 @@ mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -1301,7 +1301,7 @@ mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, a = SLOT(ipqlabel); b = SLOT(fragmentlabel); - return (mac_biba_equal_single(a, b)); + return (mac_biba_equal_effective(a, b)); } static void @@ -1346,7 +1346,7 @@ mac_biba_create_proc0(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -1358,7 +1358,7 @@ mac_biba_create_proc1(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -1389,7 +1389,7 @@ mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, a = SLOT(bpflabel); b = SLOT(ifnetlabel); - if (mac_biba_equal_single(a, b)) + if (mac_biba_equal_effective(a, b)) return (0); return (EACCES); } @@ -1405,7 +1405,7 @@ mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) /* * If there is a Biba label update for the credential, it may - * be an update of the single, range, or both. + * be an update of the effective, range, or both. */ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); if (error) @@ -1417,20 +1417,20 @@ mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { /* * If the change request modifies both the Biba label - * single and range, check that the new single will be + * effective and range, check that the new effective will be * in the new range. */ if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH && - !mac_biba_single_in_range(new, new)) + !mac_biba_effective_in_range(new, new)) return (EINVAL); /* - * To change the Biba single label on a credential, the - * new single label must be in the current range. + * To change the Biba effective label on a credential, the + * new effective label must be in the current range. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && - !mac_biba_single_in_range(new, subj)) + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && + !mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1468,7 +1468,7 @@ mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) obj = SLOT(u2->cr_label); /* XXX: range */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); return (0); @@ -1486,7 +1486,7 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, /* * If there is a Biba label update for the interface, it may - * be an update of the single, range, or both. + * be an update of the effective, range, or both. */ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); if (error) @@ -1514,7 +1514,7 @@ mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, p = SLOT(mbuflabel); i = SLOT(ifnetlabel); - return (mac_biba_single_in_range(p, i) ? 0 : EACCES); + return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); } static int @@ -1529,7 +1529,7 @@ mac_biba_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, p = SLOT(mlabel); i = SLOT(inplabel); - return (mac_biba_equal_single(p, i) ? 0 : EACCES); + return (mac_biba_equal_effective(p, i) ? 0 : EACCES); } static int @@ -1549,7 +1549,7 @@ mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, return (error); obj = SLOT(label); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -1581,7 +1581,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, subj = SLOT(cred->cr_label); obj = SLOT(mntlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1612,7 +1612,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1630,7 +1630,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1649,9 +1649,9 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, /* * If there is a Biba label update for a pipe, it must be a - * single update. + * effective update. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); @@ -1659,18 +1659,18 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, * To perform a relabel of a pipe (Biba label or not), Biba must * authorize the relabel. */ - if (!mac_biba_single_in_range(obj, subj)) + if (!mac_biba_effective_in_range(obj, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* * To change the Biba label on a pipe, the new pipe label * must be in the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1699,7 +1699,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1717,7 +1717,7 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1735,9 +1735,9 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1755,9 +1755,9 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1775,9 +1775,9 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1795,7 +1795,7 @@ mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, p = SLOT(mbuflabel); s = SLOT(socketlabel); - return (mac_biba_equal_single(p, s) ? 0 : EACCES); + return (mac_biba_equal_effective(p, s) ? 0 : EACCES); } static int @@ -1811,28 +1811,28 @@ mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, /* * If there is a Biba label update for the socket, it may be - * an update of single. + * an update of effective. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); /* - * To relabel a socket, the old socket single must be in the subject + * To relabel a socket, the old socket effective must be in the subject * range. */ - if (!mac_biba_single_in_range(obj, subj)) + if (!mac_biba_effective_in_range(obj, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* - * To relabel a socket, the new socket single must be in + * To relabel a socket, the new socket effective must be in * the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1861,7 +1861,7 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ENOENT); return (0); @@ -1905,7 +1905,7 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, return (0); obj = SLOT(label); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -1946,7 +1946,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, if (error) return (error); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -2012,7 +2012,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2030,7 +2030,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2048,7 +2048,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2067,12 +2067,12 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2090,7 +2090,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2108,7 +2108,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2140,7 +2140,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2158,7 +2158,7 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2176,7 +2176,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2195,12 +2195,12 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2218,7 +2218,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2236,7 +2236,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2259,11 +2259,11 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, obj = SLOT(label); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); } if (prot & VM_PROT_WRITE) { - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2284,11 +2284,11 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); } if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2307,7 +2307,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2325,7 +2325,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2343,7 +2343,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2361,7 +2361,7 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2380,9 +2380,9 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, /* * If there is a Biba label update for the vnode, it must be a - * single label. + * effective label. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); @@ -2390,18 +2390,18 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, * To perform a relabel of the vnode (Biba label or not), Biba must * authorize the relabel. */ - if (!mac_biba_single_in_range(old, subj)) + if (!mac_biba_effective_in_range(old, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* * To change the Biba label on a vnode, the new vnode label * must be in the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -2431,12 +2431,12 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2455,13 +2455,13 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); if (vp != NULL) { obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2480,7 +2480,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2498,7 +2498,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2517,7 +2517,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); /* XXX: protect the MAC EA in a special way? */ @@ -2537,7 +2537,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2555,7 +2555,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2573,7 +2573,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2591,7 +2591,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2609,7 +2609,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2627,7 +2627,7 @@ mac_biba_check_vnode_write(struct ucred *active_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); diff --git a/sys/security/mac_biba/mac_biba.h b/sys/security/mac_biba/mac_biba.h index d96a39b..05eefab 100644 --- a/sys/security/mac_biba/mac_biba.h +++ b/sys/security/mac_biba/mac_biba.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -44,9 +44,9 @@ #define MAC_BIBA_LABEL_NAME "biba" -#define MAC_BIBA_FLAG_SINGLE 0x00000001 /* mb_single initialized */ +#define MAC_BIBA_FLAG_EFFECTIVE 0x00000001 /* mb_effective initialized */ #define MAC_BIBA_FLAG_RANGE 0x00000002 /* mb_range* initialized */ -#define MAC_BIBA_FLAGS_BOTH (MAC_BIBA_FLAG_SINGLE | MAC_BIBA_FLAG_RANGE) +#define MAC_BIBA_FLAGS_BOTH (MAC_BIBA_FLAG_EFFECTIVE | MAC_BIBA_FLAG_RANGE) #define MAC_BIBA_TYPE_UNDEF 0 /* Undefined */ #define MAC_BIBA_TYPE_GRADE 1 /* Hierarchal grade with mb_grade. */ @@ -73,14 +73,14 @@ struct mac_biba_element { }; /* - * Biba labels consist of two components: a single label, and a label + * Biba labels consist of two components: an effective label, and a label * range. Depending on the context, one or both may be used; the mb_flags * field permits the provider to indicate what fields are intended for * use. */ struct mac_biba { int mb_flags; - struct mac_biba_element mb_single; + struct mac_biba_element mb_effective; struct mac_biba_element mb_rangelow, mb_rangehigh; }; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 4fcf014..ee390c3 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -216,31 +216,31 @@ mac_mls_range_in_range(struct mac_mls *rangea, struct mac_mls *rangeb) } static int -mac_mls_single_in_range(struct mac_mls *single, struct mac_mls *range) +mac_mls_effective_in_range(struct mac_mls *effective, struct mac_mls *range) { - KASSERT((single->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_single_in_range: a not single")); + KASSERT((effective->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_effective_in_range: a not effective")); KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, - ("mac_mls_single_in_range: b not range")); + ("mac_mls_effective_in_range: b not range")); return (mac_mls_dominate_element(&range->mm_rangehigh, - &single->mm_single) && - mac_mls_dominate_element(&single->mm_single, + &effective->mm_effective) && + mac_mls_dominate_element(&effective->mm_effective, &range->mm_rangelow)); return (1); } static int -mac_mls_dominate_single(struct mac_mls *a, struct mac_mls *b) +mac_mls_dominate_effective(struct mac_mls *a, struct mac_mls *b) { - KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_dominate_single: a not single")); - KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_dominate_single: b not single")); + KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_dominate_effective: a not effective")); + KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_dominate_effective: b not effective")); - return (mac_mls_dominate_element(&a->mm_single, &b->mm_single)); + return (mac_mls_dominate_element(&a->mm_effective, &b->mm_effective)); } static int @@ -255,23 +255,23 @@ mac_mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) } static int -mac_mls_equal_single(struct mac_mls *a, struct mac_mls *b) +mac_mls_equal_effective(struct mac_mls *a, struct mac_mls *b) { - KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_equal_single: a not single")); - KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_equal_single: b not single")); + KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_equal_effective: a not effective")); + KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_equal_effective: b not effective")); - return (mac_mls_equal_element(&a->mm_single, &b->mm_single)); + return (mac_mls_equal_element(&a->mm_effective, &b->mm_effective)); } static int mac_mls_contains_equal(struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) - if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) + if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) return (1); if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { @@ -292,8 +292,8 @@ mac_mls_subject_privileged(struct mac_mls *mac_mls) MAC_MLS_FLAGS_BOTH, ("mac_mls_subject_privileged: subject doesn't have both labels")); - /* If the single is EQUAL, it's ok. */ - if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) + /* If the effective is EQUAL, it's ok. */ + if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) return (0); /* If either range endpoint is EQUAL, it's ok. */ @@ -314,17 +314,17 @@ static int mac_mls_valid(struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { - switch (mac_mls->mm_single.mme_type) { + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { + switch (mac_mls->mm_effective.mme_type) { case MAC_MLS_TYPE_LEVEL: break; case MAC_MLS_TYPE_EQUAL: case MAC_MLS_TYPE_HIGH: case MAC_MLS_TYPE_LOW: - if (mac_mls->mm_single.mme_level != 0 || + if (mac_mls->mm_effective.mme_level != 0 || !MAC_MLS_BIT_SET_EMPTY( - mac_mls->mm_single.mme_compartments)) + mac_mls->mm_effective.mme_compartments)) return (EINVAL); break; @@ -332,7 +332,7 @@ mac_mls_valid(struct mac_mls *mac_mls) return (EINVAL); } } else { - if (mac_mls->mm_single.mme_type != MAC_MLS_TYPE_UNDEF) + if (mac_mls->mm_effective.mme_type != MAC_MLS_TYPE_UNDEF) return (EINVAL); } @@ -404,16 +404,16 @@ mac_mls_set_range(struct mac_mls *mac_mls, u_short typelow, } static void -mac_mls_set_single(struct mac_mls *mac_mls, u_short type, u_short level, +mac_mls_set_effective(struct mac_mls *mac_mls, u_short type, u_short level, u_char *compartments) { - mac_mls->mm_single.mme_type = type; - mac_mls->mm_single.mme_level = level; + mac_mls->mm_effective.mme_type = type; + mac_mls->mm_effective.mme_level = level; if (compartments != NULL) - memcpy(mac_mls->mm_single.mme_compartments, compartments, - sizeof(mac_mls->mm_single.mme_compartments)); - mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; + memcpy(mac_mls->mm_effective.mme_compartments, compartments, + sizeof(mac_mls->mm_effective.mme_compartments)); + mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } static void @@ -429,22 +429,22 @@ mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) } static void -mac_mls_copy_single(struct mac_mls *labelfrom, struct mac_mls *labelto) +mac_mls_copy_effective(struct mac_mls *labelfrom, struct mac_mls *labelto) { - KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_copy_single: labelfrom not single")); + KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_copy_effective: labelfrom not effective")); - labelto->mm_single = labelfrom->mm_single; - labelto->mm_flags |= MAC_MLS_FLAG_SINGLE; + labelto->mm_effective = labelfrom->mm_effective; + labelto->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } static void mac_mls_copy(struct mac_mls *source, struct mac_mls *dest) { - if (source->mm_flags & MAC_MLS_FLAG_SINGLE) - mac_mls_copy_single(source, dest); + if (source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) + mac_mls_copy_effective(source, dest); if (source->mm_flags & MAC_MLS_FLAG_RANGE) mac_mls_copy_range(source, dest); } @@ -547,8 +547,8 @@ static int mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { - if (mac_mls_element_to_string(sb, &mac_mls->mm_single) + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { + if (mac_mls_element_to_string(sb, &mac_mls->mm_effective) == -1) return (EINVAL); } @@ -653,12 +653,12 @@ mac_mls_parse_element(struct mac_mls_element *element, char *string) static int mac_mls_parse(struct mac_mls *mac_mls, char *string) { - char *rangehigh, *rangelow, *single; + char *rangehigh, *rangelow, *effective; int error; - single = strsep(&string, "("); - if (*single == '\0') - single = NULL; + effective = strsep(&string, "("); + if (*effective == '\0') + effective = NULL; if (string != NULL) { rangelow = strsep(&string, "-"); @@ -679,11 +679,11 @@ mac_mls_parse(struct mac_mls *mac_mls, char *string) ("mac_mls_parse: range mismatch")); bzero(mac_mls, sizeof(*mac_mls)); - if (single != NULL) { - error = mac_mls_parse_element(&mac_mls->mm_single, single); + if (effective != NULL) { + error = mac_mls_parse_element(&mac_mls->mm_effective, effective); if (error) return (error); - mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; + mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } if (rangelow != NULL) { @@ -760,7 +760,7 @@ mac_mls_create_devfs_device(struct mount *mp, struct cdev *dev, mls_type = MAC_MLS_TYPE_EQUAL; else mls_type = MAC_MLS_TYPE_LOW; - mac_mls_set_single(mac_mls, mls_type, 0, NULL); + mac_mls_set_effective(mac_mls, mls_type, 0, NULL); } static void @@ -770,7 +770,7 @@ mac_mls_create_devfs_directory(struct mount *mp, char *dirname, struct mac_mls *mac_mls; mac_mls = SLOT(label); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -783,7 +783,7 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(delabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -794,9 +794,9 @@ mac_mls_create_mount(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(mntlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); dest = SLOT(fslabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -807,9 +807,9 @@ mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, /* Always mount root as high integrity. */ mac_mls = SLOT(fslabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); mac_mls = SLOT(mntlabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -834,7 +834,7 @@ mac_mls_update_devfsdirent(struct mount *mp, source = SLOT(vnodelabel); dest = SLOT(direntlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -847,7 +847,7 @@ mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, source = SLOT(delabel); dest = SLOT(vlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -867,7 +867,7 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { /* Fall back to the fslabel. */ - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); return (0); } else if (error) return (error); @@ -881,12 +881,12 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, printf("mac_mls_associate_vnode_extattr: invalid\n"); return (EPERM); } - if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) { - printf("mac_mls_associated_vnode_extattr: not single\n"); + if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { + printf("mac_mls_associated_vnode_extattr: not effective\n"); return (EPERM); } - mac_mls_copy_single(&temp, dest); + mac_mls_copy_effective(&temp, dest); return (0); } @@ -899,7 +899,7 @@ mac_mls_associate_vnode_singlelabel(struct mount *mp, source = SLOT(fslabel); dest = SLOT(vlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -916,12 +916,12 @@ mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(vlabel); - mac_mls_copy_single(source, &temp); + mac_mls_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); if (error == 0) - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); return (error); } @@ -937,10 +937,10 @@ mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, bzero(&temp, buflen); source = SLOT(intlabel); - if ((source->mm_flags & MAC_MLS_FLAG_SINGLE) == 0) + if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) return (0); - mac_mls_copy_single(source, &temp); + mac_mls_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); @@ -959,7 +959,7 @@ mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, source = SLOT(solabel); dest = SLOT(inplabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -971,7 +971,7 @@ mac_mls_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, source = SLOT(socketlabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -983,7 +983,7 @@ mac_mls_create_socket(struct ucred *cred, struct socket *socket, source = SLOT(cred->cr_label); dest = SLOT(socketlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -995,7 +995,7 @@ mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, source = SLOT(cred->cr_label); dest = SLOT(pipelabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1008,7 +1008,7 @@ mac_mls_create_socket_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1044,7 +1044,7 @@ mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, source = SLOT(mbuflabel); dest = SLOT(socketpeerlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } /* @@ -1060,7 +1060,7 @@ mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketpeerlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1072,7 +1072,7 @@ mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, source = SLOT(cred->cr_label); dest = SLOT(bpflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1088,7 +1088,7 @@ mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) else type = MAC_MLS_TYPE_LOW; - mac_mls_set_single(dest, type, 0, NULL); + mac_mls_set_effective(dest, type, 0, NULL); mac_mls_set_range(dest, type, 0, NULL, type, 0, NULL); } @@ -1101,7 +1101,7 @@ mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, source = SLOT(fragmentlabel); dest = SLOT(ipqlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1114,7 +1114,7 @@ mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, dest = SLOT(datagramlabel); /* Just use the head, since we require them all to match. */ - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1126,7 +1126,7 @@ mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, source = SLOT(datagramlabel); dest = SLOT(fragmentlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1138,7 +1138,7 @@ mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, source = SLOT(inplabel); dest = SLOT(mlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1170,7 +1170,7 @@ mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, dest = SLOT(mbuflabel); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void @@ -1182,7 +1182,7 @@ mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, source = SLOT(bpflabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1194,7 +1194,7 @@ mac_mls_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, source = SLOT(ifnetlabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1207,7 +1207,7 @@ mac_mls_create_mbuf_multicast_encap(struct mbuf *oldmbuf, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1219,7 +1219,7 @@ mac_mls_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -1231,7 +1231,7 @@ mac_mls_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, a = SLOT(ipqlabel); b = SLOT(fragmentlabel); - return (mac_mls_equal_single(a, b)); + return (mac_mls_equal_effective(a, b)); } static void @@ -1276,7 +1276,7 @@ mac_mls_create_proc0(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, NULL); } @@ -1288,7 +1288,7 @@ mac_mls_create_proc1(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, NULL); } @@ -1319,7 +1319,7 @@ mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, a = SLOT(bpflabel); b = SLOT(ifnetlabel); - if (mac_mls_equal_single(a, b)) + if (mac_mls_equal_effective(a, b)) return (0); return (EACCES); } @@ -1335,7 +1335,7 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) /* * If there is an MLS label update for the credential, it may be - * an update of single, range, or both. + * an update of effective, range, or both. */ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); if (error) @@ -1346,21 +1346,21 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) */ if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { /* - * If the change request modifies both the MLS label single - * and range, check that the new single will be in the + * If the change request modifies both the MLS label effective + * and range, check that the new effective will be in the * new range. */ if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH && - !mac_mls_single_in_range(new, new)) + !mac_mls_effective_in_range(new, new)) return (EINVAL); /* - * To change the MLS single label on a credential, the - * new single label must be in the current range. + * To change the MLS effective label on a credential, the + * new effective label must be in the current range. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE && - !mac_mls_single_in_range(new, subj)) + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && + !mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1398,7 +1398,7 @@ mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) obj = SLOT(u2->cr_label); /* XXX: range */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); return (0); @@ -1416,7 +1416,7 @@ mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, /* * If there is an MLS label update for the interface, it may - * be an update of single, range, or both. + * be an update of effective, range, or both. */ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); if (error) @@ -1442,7 +1442,7 @@ mac_mls_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, p = SLOT(mbuflabel); i = SLOT(ifnetlabel); - return (mac_mls_single_in_range(p, i) ? 0 : EACCES); + return (mac_mls_effective_in_range(p, i) ? 0 : EACCES); } static int @@ -1457,7 +1457,7 @@ mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, p = SLOT(mlabel); i = SLOT(inplabel); - return (mac_mls_equal_single(p, i) ? 0 : EACCES); + return (mac_mls_equal_effective(p, i) ? 0 : EACCES); } static int @@ -1472,7 +1472,7 @@ mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, subj = SLOT(cred->cr_label); obj = SLOT(mntlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1503,7 +1503,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1521,7 +1521,7 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1540,9 +1540,9 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, /* * If there is an MLS label update for a pipe, it must be a - * single update. + * effective update. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); @@ -1550,18 +1550,18 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, * To perform a relabel of a pipe (MLS label or not), MLS must * authorize the relabel. */ - if (!mac_mls_single_in_range(obj, subj)) + if (!mac_mls_effective_in_range(obj, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* * To change the MLS label on a pipe, the new pipe label * must be in the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1590,7 +1590,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1608,7 +1608,7 @@ mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1626,9 +1626,9 @@ mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1646,9 +1646,9 @@ mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1666,9 +1666,9 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1686,7 +1686,7 @@ mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, p = SLOT(mbuflabel); s = SLOT(socketlabel); - return (mac_mls_equal_single(p, s) ? 0 : EACCES); + return (mac_mls_equal_effective(p, s) ? 0 : EACCES); } static int @@ -1702,28 +1702,28 @@ mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, /* * If there is an MLS label update for the socket, it may be - * an update of single. + * an update of effective. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); /* - * To relabel a socket, the old socket single must be in the subject + * To relabel a socket, the old socket effective must be in the subject * range. */ - if (!mac_mls_single_in_range(obj, subj)) + if (!mac_mls_effective_in_range(obj, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* - * To relabel a socket, the new socket single must be in + * To relabel a socket, the new socket effective must be in * the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1752,7 +1752,7 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ENOENT); return (0); @@ -1770,8 +1770,8 @@ mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj) || - !mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(obj, subj) || + !mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1789,7 +1789,7 @@ mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1807,7 +1807,7 @@ mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1825,7 +1825,7 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1844,12 +1844,12 @@ mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1867,7 +1867,7 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1885,7 +1885,7 @@ mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1917,7 +1917,7 @@ mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1935,7 +1935,7 @@ mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1953,7 +1953,7 @@ mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1972,11 +1972,11 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1995,7 +1995,7 @@ mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2013,7 +2013,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2036,11 +2036,11 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, obj = SLOT(label); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); } if (prot & VM_PROT_WRITE) { - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2061,11 +2061,11 @@ mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); } if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2084,7 +2084,7 @@ mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2102,7 +2102,7 @@ mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2120,7 +2120,7 @@ mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2138,7 +2138,7 @@ mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2157,9 +2157,9 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, /* * If there is an MLS label update for the vnode, it must be a - * single label. + * effective label. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); @@ -2167,18 +2167,18 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, * To perform a relabel of the vnode (MLS label or not), MLS must * authorize the relabel. */ - if (!mac_mls_single_in_range(old, subj)) + if (!mac_mls_effective_in_range(old, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* * To change the MLS label on a vnode, the new vnode label * must be in the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -2209,12 +2209,12 @@ mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2233,13 +2233,13 @@ mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); if (vp != NULL) { obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2258,7 +2258,7 @@ mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2276,7 +2276,7 @@ mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2295,7 +2295,7 @@ mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); /* XXX: protect the MAC EA in a special way? */ @@ -2315,7 +2315,7 @@ mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2333,7 +2333,7 @@ mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2351,7 +2351,7 @@ mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2369,7 +2369,7 @@ mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2387,7 +2387,7 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2405,7 +2405,7 @@ mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); diff --git a/sys/security/mac_mls/mac_mls.h b/sys/security/mac_mls/mac_mls.h index 69a3b62..7bed921 100644 --- a/sys/security/mac_mls/mac_mls.h +++ b/sys/security/mac_mls/mac_mls.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -44,9 +44,9 @@ #define MAC_MLS_LABEL_NAME "mls" -#define MAC_MLS_FLAG_SINGLE 0x00000001 /* mm_single initialized */ +#define MAC_MLS_FLAG_EFFECTIVE 0x00000001 /* mm_effective initialized */ #define MAC_MLS_FLAG_RANGE 0x00000002 /* mm_range* initialized */ -#define MAC_MLS_FLAGS_BOTH (MAC_MLS_FLAG_SINGLE | MAC_MLS_FLAG_RANGE) +#define MAC_MLS_FLAGS_BOTH (MAC_MLS_FLAG_EFFECTIVE | MAC_MLS_FLAG_RANGE) #define MAC_MLS_TYPE_UNDEF 0 /* Undefined */ #define MAC_MLS_TYPE_LEVEL 1 /* Hierarchal level with mm_level. */ @@ -78,14 +78,14 @@ struct mac_mls_element { }; /* - * MLS labels consist of two components: a single label, and a label + * MLS labels consist of two components: an effective label, and a label * range. Depending on the context, one or both may be used; the mb_flags * field permits the provider to indicate what fields are intended for * use. */ struct mac_mls { int mm_flags; - struct mac_mls_element mm_single; + struct mac_mls_element mm_effective; struct mac_mls_element mm_rangelow, mm_rangehigh; }; |
