From 9792022e80db34231627556d308375adcce097ac Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sat, 21 Apr 2007 22:08:48 +0000
Subject: Allow MAC policy modules to control access to audit configuration
 system calls.  Add MAC Framework entry points and MAC policy entry points for
 audit(), auditctl(), auditon(), setaudit(), aud setauid().

MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.

Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.
---
 sys/security/mac_lomac/mac_lomac.c | 64 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

(limited to 'sys/security/mac_lomac/mac_lomac.c')

diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 3beb701..d24e63f 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
  * All rights reserved.
  *
@@ -2046,6 +2046,65 @@ mac_lomac_check_socket_visible(struct ucred *cred, struct socket *socket,
 }
 
 static int
+mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	return (0);
+}
+
+static int
 mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
@@ -2700,6 +2759,9 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_check_socket_deliver = mac_lomac_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_lomac_check_socket_relabel,
 	.mpo_check_socket_visible = mac_lomac_check_socket_visible,
+	.mpo_check_system_acct = mac_lomac_check_system_acct,
+	.mpo_check_system_auditctl = mac_lomac_check_system_auditctl,
+	.mpo_check_system_swapoff = mac_lomac_check_system_swapoff,
 	.mpo_check_system_swapon = mac_lomac_check_system_swapon,
 	.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
 	.mpo_check_vnode_access = mac_lomac_check_vnode_open,
-- 
cgit v1.1