[Midnightbsd-cvs] src: security/mac:
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Sep 12 21:26:21 EDT 2008
Log Message:
-----------
Added Files:
-----------
src/sys/security/mac:
mac_audit.c (r1.1)
mac_framework.c (r1.1)
mac_framework.h (r1.1)
mac_policy.h (r1.1)
mac_priv.c (r1.1)
mac_syscalls.c (r1.1)
-------------- next part --------------
--- /dev/null
+++ sys/security/mac/mac_syscalls.c
@@ -0,0 +1,702 @@
+/*-
+ * Copyright (c) 1999-2002, 2006 Robert N. M. Watson
+ * Copyright (c) 2001 Ilmar S. Habibulin
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson and Ilmar Habibulin for the
+ * TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: src/sys/security/mac/mac_syscalls.c,v 1.132 2007/08/06 14:26:03 rwatson Exp $");
+
+#include "opt_mac.h"
+
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/lock.h>
+#include <sys/malloc.h>
+#include <sys/mutex.h>
+#include <sys/mac.h>
+#include <sys/proc.h>
+#include <sys/systm.h>
+#include <sys/sysproto.h>
+#include <sys/sysent.h>
+#include <sys/vnode.h>
+#include <sys/mount.h>
+#include <sys/file.h>
+#include <sys/namei.h>
+#include <sys/socket.h>
+#include <sys/pipe.h>
+#include <sys/socketvar.h>
+
+#include <security/mac/mac_framework.h>
+#include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
+
+#ifdef MAC
+
+int
+__mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
+{
+ char *elements, *buffer;
+ struct mac mac;
+ struct proc *tproc;
+ struct ucred *tcred;
+ int error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ tproc = pfind(uap->pid);
+ if (tproc == NULL)
+ return (ESRCH);
+
+ tcred = NULL; /* Satisfy gcc. */
+ error = p_cansee(td, tproc);
+ if (error == 0)
+ tcred = crhold(tproc->p_ucred);
+ PROC_UNLOCK(tproc);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ crfree(tcred);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ error = mac_externalize_cred_label(tcred->cr_label, elements,
+ buffer, mac.m_buflen);
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+ crfree(tcred);
+ return (error);
+}
+
+int
+__mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
+{
+ char *elements, *buffer;
+ struct mac mac;
+ int error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ error = mac_externalize_cred_label(td->td_ucred->cr_label,
+ elements, buffer, mac.m_buflen);
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+ return (error);
+}
+
+int
+__mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
+{
+ struct ucred *newcred, *oldcred;
+ struct label *intlabel;
+ struct proc *p;
+ struct mac mac;
+ char *buffer;
+ int error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ intlabel = mac_cred_label_alloc();
+ error = mac_internalize_cred_label(intlabel, buffer);
+ free(buffer, M_MACTEMP);
+ if (error)
+ goto out;
+
+ newcred = crget();
+
+ p = td->td_proc;
+ PROC_LOCK(p);
+ oldcred = p->p_ucred;
+
+ error = mac_check_cred_relabel(oldcred, intlabel);
+ if (error) {
+ PROC_UNLOCK(p);
+ crfree(newcred);
+ goto out;
+ }
+
+ setsugid(p);
+ crcopy(newcred, oldcred);
+ mac_relabel_cred(newcred, intlabel);
+ p->p_ucred = newcred;
+
+ /*
+ * Grab additional reference for use while revoking mmaps, prior to
+ * releasing the proc lock and sharing the cred.
+ */
+ crhold(newcred);
+ PROC_UNLOCK(p);
+
+ mac_cred_mmapped_drop_perms(td, newcred);
+
+ crfree(newcred); /* Free revocation reference. */
+ crfree(oldcred);
+
+out:
+ mac_cred_label_free(intlabel);
+ return (error);
+}
+
+int
+__mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
+{
+ char *elements, *buffer;
+ struct label *intlabel;
+ struct file *fp;
+ struct mac mac;
+ struct vnode *vp;
+ struct pipe *pipe;
+ struct socket *so;
+ short label_type;
+ int vfslocked, error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ error = fget(td, uap->fd, &fp);
+ if (error)
+ goto out;
+
+ label_type = fp->f_type;
+ switch (fp->f_type) {
+ case DTYPE_FIFO:
+ case DTYPE_VNODE:
+ vp = fp->f_vnode;
+ intlabel = mac_vnode_label_alloc();
+ vfslocked = VFS_LOCK_GIANT(vp->v_mount);
+ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+ mac_copy_vnode_label(vp->v_label, intlabel);
+ VOP_UNLOCK(vp, 0, td);
+ VFS_UNLOCK_GIANT(vfslocked);
+ error = mac_externalize_vnode_label(intlabel, elements,
+ buffer, mac.m_buflen);
+ mac_vnode_label_free(intlabel);
+ break;
+
+ case DTYPE_PIPE:
+ pipe = fp->f_data;
+ intlabel = mac_pipe_label_alloc();
+ PIPE_LOCK(pipe);
+ mac_copy_pipe_label(pipe->pipe_pair->pp_label, intlabel);
+ PIPE_UNLOCK(pipe);
+ error = mac_externalize_pipe_label(intlabel, elements,
+ buffer, mac.m_buflen);
+ mac_pipe_label_free(intlabel);
+ break;
+
+ case DTYPE_SOCKET:
+ so = fp->f_data;
+ intlabel = mac_socket_label_alloc(M_WAITOK);
+ SOCK_LOCK(so);
+ mac_copy_socket_label(so->so_label, intlabel);
+ SOCK_UNLOCK(so);
+ error = mac_externalize_socket_label(intlabel, elements,
+ buffer, mac.m_buflen);
+ mac_socket_label_free(intlabel);
+ break;
+
+ default:
+ error = EINVAL;
+ }
+ fdrop(fp, td);
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+out:
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+ return (error);
+}
+
+int
+__mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
+{
+ char *elements, *buffer;
+ struct nameidata nd;
+ struct label *intlabel;
+ struct mac mac;
+ int vfslocked, error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | FOLLOW, UIO_USERSPACE,
+ uap->path_p, td);
+ error = namei(&nd);
+ if (error)
+ goto out;
+
+ intlabel = mac_vnode_label_alloc();
+ vfslocked = NDHASGIANT(&nd);
+ mac_copy_vnode_label(nd.ni_vp->v_label, intlabel);
+ error = mac_externalize_vnode_label(intlabel, elements, buffer,
+ mac.m_buflen);
+
+ NDFREE(&nd, 0);
+ VFS_UNLOCK_GIANT(vfslocked);
+ mac_vnode_label_free(intlabel);
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+out:
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+
+ return (error);
+}
+
+int
+__mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
+{
+ char *elements, *buffer;
+ struct nameidata nd;
+ struct label *intlabel;
+ struct mac mac;
+ int vfslocked, error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ elements = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, elements, mac.m_buflen, NULL);
+ if (error) {
+ free(elements, M_MACTEMP);
+ return (error);
+ }
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
+ NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | NOFOLLOW, UIO_USERSPACE,
+ uap->path_p, td);
+ error = namei(&nd);
+ if (error)
+ goto out;
+
+ intlabel = mac_vnode_label_alloc();
+ vfslocked = NDHASGIANT(&nd);
+ mac_copy_vnode_label(nd.ni_vp->v_label, intlabel);
+ error = mac_externalize_vnode_label(intlabel, elements, buffer,
+ mac.m_buflen);
+ NDFREE(&nd, 0);
+ VFS_UNLOCK_GIANT(vfslocked);
+ mac_vnode_label_free(intlabel);
+
+ if (error == 0)
+ error = copyout(buffer, mac.m_string, strlen(buffer)+1);
+
+out:
+ free(buffer, M_MACTEMP);
+ free(elements, M_MACTEMP);
+
+ return (error);
+}
+
+int
+__mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
+{
+ struct label *intlabel;
+ struct pipe *pipe;
+ struct socket *so;
+ struct file *fp;
+ struct mount *mp;
+ struct vnode *vp;
+ struct mac mac;
+ char *buffer;
+ int error, vfslocked;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ error = fget(td, uap->fd, &fp);
+ if (error)
+ goto out;
+
+ switch (fp->f_type) {
+ case DTYPE_FIFO:
+ case DTYPE_VNODE:
+ intlabel = mac_vnode_label_alloc();
+ error = mac_internalize_vnode_label(intlabel, buffer);
+ if (error) {
+ mac_vnode_label_free(intlabel);
+ break;
+ }
+ vp = fp->f_vnode;
+ vfslocked = VFS_LOCK_GIANT(vp->v_mount);
+ error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
+ if (error != 0) {
+ VFS_UNLOCK_GIANT(vfslocked);
+ mac_vnode_label_free(intlabel);
+ break;
+ }
+ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+ error = vn_setlabel(vp, intlabel, td->td_ucred);
+ VOP_UNLOCK(vp, 0, td);
+ vn_finished_write(mp);
+ VFS_UNLOCK_GIANT(vfslocked);
+ mac_vnode_label_free(intlabel);
+ break;
+
+ case DTYPE_PIPE:
+ intlabel = mac_pipe_label_alloc();
+ error = mac_internalize_pipe_label(intlabel, buffer);
+ if (error == 0) {
+ pipe = fp->f_data;
+ PIPE_LOCK(pipe);
+ error = mac_pipe_label_set(td->td_ucred,
+ pipe->pipe_pair, intlabel);
+ PIPE_UNLOCK(pipe);
+ }
+ mac_pipe_label_free(intlabel);
+ break;
+
+ case DTYPE_SOCKET:
+ intlabel = mac_socket_label_alloc(M_WAITOK);
+ error = mac_internalize_socket_label(intlabel, buffer);
+ if (error == 0) {
+ so = fp->f_data;
+ error = mac_socket_label_set(td->td_ucred, so,
+ intlabel);
+ }
+ mac_socket_label_free(intlabel);
+ break;
+
+ default:
+ error = EINVAL;
+ }
+ fdrop(fp, td);
+out:
+ free(buffer, M_MACTEMP);
+ return (error);
+}
+
+int
+__mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
+{
+ struct label *intlabel;
+ struct nameidata nd;
+ struct mount *mp;
+ struct mac mac;
+ char *buffer;
+ int vfslocked, error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ intlabel = mac_vnode_label_alloc();
+ error = mac_internalize_vnode_label(intlabel, buffer);
+ free(buffer, M_MACTEMP);
+ if (error)
+ goto out;
+
+ NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | FOLLOW, UIO_USERSPACE,
+ uap->path_p, td);
+ error = namei(&nd);
+ vfslocked = NDHASGIANT(&nd);
+ if (error == 0) {
+ error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
+ if (error == 0) {
+ error = vn_setlabel(nd.ni_vp, intlabel,
+ td->td_ucred);
+ vn_finished_write(mp);
+ }
+ }
+
+ NDFREE(&nd, 0);
+ VFS_UNLOCK_GIANT(vfslocked);
+out:
+ mac_vnode_label_free(intlabel);
+ return (error);
+}
+
+int
+__mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
+{
+ struct label *intlabel;
+ struct nameidata nd;
+ struct mount *mp;
+ struct mac mac;
+ char *buffer;
+ int vfslocked, error;
+
+ error = copyin(uap->mac_p, &mac, sizeof(mac));
+ if (error)
+ return (error);
+
+ error = mac_check_structmac_consistent(&mac);
+ if (error)
+ return (error);
+
+ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK);
+ error = copyinstr(mac.m_string, buffer, mac.m_buflen, NULL);
+ if (error) {
+ free(buffer, M_MACTEMP);
+ return (error);
+ }
+
+ intlabel = mac_vnode_label_alloc();
+ error = mac_internalize_vnode_label(intlabel, buffer);
+ free(buffer, M_MACTEMP);
+ if (error)
+ goto out;
+
+ NDINIT(&nd, LOOKUP, MPSAFE | LOCKLEAF | NOFOLLOW, UIO_USERSPACE,
+ uap->path_p, td);
+ error = namei(&nd);
+ vfslocked = NDHASGIANT(&nd);
+ if (error == 0) {
+ error = vn_start_write(nd.ni_vp, &mp, V_WAIT | PCATCH);
+ if (error == 0) {
+ error = vn_setlabel(nd.ni_vp, intlabel,
+ td->td_ucred);
+ vn_finished_write(mp);
+ }
+ }
+
+ NDFREE(&nd, 0);
+ VFS_UNLOCK_GIANT(vfslocked);
+out:
+ mac_vnode_label_free(intlabel);
+ return (error);
+}
+
+int
+mac_syscall(struct thread *td, struct mac_syscall_args *uap)
+{
+ struct mac_policy_conf *mpc;
+ char target[MAC_MAX_POLICY_NAME];
+ int entrycount, error;
+
+ error = copyinstr(uap->policy, target, sizeof(target), NULL);
+ if (error)
+ return (error);
+
+ error = ENOSYS;
+ LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
+ if (strcmp(mpc->mpc_name, target) == 0 &&
+ mpc->mpc_ops->mpo_syscall != NULL) {
+ error = mpc->mpc_ops->mpo_syscall(td,
+ uap->call, uap->arg);
+ goto out;
+ }
+ }
+
+ if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
+ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
+ if (strcmp(mpc->mpc_name, target) == 0 &&
+ mpc->mpc_ops->mpo_syscall != NULL) {
+ error = mpc->mpc_ops->mpo_syscall(td,
+ uap->call, uap->arg);
+ break;
+ }
+ }
+ mac_policy_list_unbusy();
+ }
+out:
+ return (error);
+}
+
+#else /* !MAC */
+
+int
+__mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+__mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
+mac_syscall(struct thread *td, struct mac_syscall_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+#endif /* !MAC */
--- /dev/null
+++ sys/security/mac/mac_framework.c
@@ -0,0 +1,586 @@
+/*-
+ * Copyright (c) 1999-2002, 2006 Robert N. M. Watson
+ * Copyright (c) 2001 Ilmar S. Habibulin
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson and Ilmar Habibulin for the
+ * TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*-
+ * Framework for extensible kernel access control. This file contains core
+ * kernel infrastructure for the TrustedBSD MAC Framework, including policy
+ * registration, versioning, locking, error composition operator, and system
+ * calls.
+ *
+ * The MAC Framework implements three programming interfaces:
+ *
+ * - The kernel MAC interface, defined in mac_framework.h, and invoked
+ * throughout the kernel to request security decisions, notify of security
+ * related events, etc.
+ *
+ * - The MAC policy module interface, defined in mac_policy.h, which is
+ * implemented by MAC policy modules and invoked by the MAC Framework to
+ * forward kernel security requests and notifications to policy modules.
+ *
+ * - The user MAC API, defined in mac.h, which allows user programs to query
+ * and set label state on objects.
+ *
+ * The majority of the MAC Framework implementation may be found in
+ * src/sys/security/mac. Sample policy modules may be found in
+ * src/sys/security/mac_*.
+ */
+
+#include "opt_mac.h"
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: src/sys/security/mac/mac_framework.c,v 1.136 2007/01/01 01:40:29 csjp Exp $");
+
+#include <sys/param.h>
+#include <sys/condvar.h>
+#include <sys/kernel.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
+#include <sys/mac.h>
+#include <sys/module.h>
+#include <sys/systm.h>
+#include <sys/sysctl.h>
+
+#include <security/mac/mac_framework.h>
+#include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
+
+/*
+ * Root sysctl node for all MAC and MAC policy controls.
+ */
+SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
+ "TrustedBSD MAC policy controls");
+
+/*
+ * Declare that the kernel provides MAC support, version 3 (FreeBSD 7.x).
+ * This permits modules to refuse to be loaded if the necessary support isn't
+ * present, even if it's pre-boot.
+ */
+MODULE_VERSION(kernel_mac_support, MAC_VERSION);
+
+static unsigned int mac_version = MAC_VERSION;
+SYSCTL_UINT(_security_mac, OID_AUTO, version, CTLFLAG_RD, &mac_version, 0,
+ "");
+
+/*
+ * Labels consist of a indexed set of "slots", which are allocated policies
+ * as required. The MAC Framework maintains a bitmask of slots allocated so
+ * far to prevent reuse. Slots cannot be reused, as the MAC Framework
+ * guarantees that newly allocated slots in labels will be NULL unless
+ * otherwise initialized, and because we do not have a mechanism to garbage
+ * collect slots on policy unload. As labeled policies tend to be statically
+ * loaded during boot, and not frequently unloaded and reloaded, this is not
+ * generally an issue.
+ */
+#if MAC_MAX_SLOTS > 32
+#error "MAC_MAX_SLOTS too large"
+#endif
+
+static unsigned int mac_max_slots = MAC_MAX_SLOTS;
+static unsigned int mac_slot_offsets_free = (1 << MAC_MAX_SLOTS) - 1;
+SYSCTL_UINT(_security_mac, OID_AUTO, max_slots, CTLFLAG_RD, &mac_max_slots,
+ 0, "");
+
+/*
+ * Has the kernel started generating labeled objects yet? All read/write
+ * access to this variable is serialized during the boot process. Following
+ * the end of serialization, we don't update this flag; no locking.
+ */
+static int mac_late = 0;
+
+/*
+ * Flag to indicate whether or not we should allocate label storage for new
+ * mbufs. Since most dynamic policies we currently work with don't rely on
+ * mbuf labeling, try to avoid paying the cost of mtag allocation unless
+ * specifically notified of interest. One result of this is that if a
+ * dynamically loaded policy requests mbuf labels, it must be able to deal
+ * with a NULL label being returned on any mbufs that were already in flight
+ * when the policy was loaded. Since the policy already has to deal with
+ * uninitialized labels, this probably won't be a problem. Note: currently
+ * no locking. Will this be a problem?
+ *
+ * In the future, we may want to allow objects to request labeling on a per-
+ * object type basis, rather than globally for all objects.
+ */
+#ifndef MAC_ALWAYS_LABEL_MBUF
+int mac_labelmbufs = 0;
+#endif
+
+MALLOC_DEFINE(M_MACTEMP, "mactemp", "MAC temporary label storage");
+
+/*
+ * mac_static_policy_list holds a list of policy modules that are not loaded
+ * while the system is "live", and cannot be unloaded. These policies can be
+ * invoked without holding the busy count.
+ *
+ * mac_policy_list stores the list of dynamic policies. A busy count is
+ * maintained for the list, stored in mac_policy_busy. The busy count is
+ * protected by mac_policy_mtx; the list may be modified only while the busy
+ * count is 0, requiring that the lock be held to prevent new references to
+ * the list from being acquired. For almost all operations, incrementing the
+ * busy count is sufficient to guarantee consistency, as the list cannot be
+ * modified while the busy count is elevated. For a few special operations
+ * involving a change to the list of active policies, the mtx itself must be
+ * held. A condition variable, mac_policy_cv, is used to signal potential
+ * exclusive consumers that they should try to acquire the lock if a first
+ * attempt at exclusive access fails.
+ *
+ * This design intentionally avoids fairness, and may starve attempts to
+ * acquire an exclusive lock on a busy system. This is required because we
+ * do not ever want acquiring a read reference to perform an unbounded length
+ * sleep. Read references are acquired in ithreads, network isrs, etc, and
+ * any unbounded blocking could lead quickly to deadlock.
+ *
+ * Another reason for never blocking on read references is that the MAC
+ * Framework may recurse: if a policy calls a VOP, for example, this might
+ * lead to vnode life cycle operations (such as init/destroy).
+ *
+ * If the kernel option MAC_STATIC has been compiled in, all locking becomes
+ * a no-op, and the global list of policies is not allowed to change after
+ * early boot.
+ *
+ * XXXRW: Currently, we signal mac_policy_cv every time the framework becomes
+ * unbusy and there is a thread waiting to enter it exclusively. Since it
+ * may take some time before the thread runs, we may issue a lot of signals.
+ * We should instead keep track of the fact that we've signalled, taking into
+ * account that the framework may be busy again by the time the thread runs,
+ * requiring us to re-signal.
+ */
+#ifndef MAC_STATIC
+static struct mtx mac_policy_mtx;
+static struct cv mac_policy_cv;
+static int mac_policy_count;
+static int mac_policy_wait;
+#endif
+struct mac_policy_list_head mac_policy_list;
+struct mac_policy_list_head mac_static_policy_list;
+
+/*
+ * We manually invoke WITNESS_WARN() to allow Witness to generate warnings
+ * even if we don't end up ever triggering the wait at run-time. The
+ * consumer of the exclusive interface must not hold any locks (other than
+ * potentially Giant) since we may sleep for long (potentially indefinite)
+ * periods of time waiting for the framework to become quiescent so that a
+ * policy list change may be made.
+ */
+void
+mac_policy_grab_exclusive(void)
+{
+
+#ifndef MAC_STATIC
+ if (!mac_late)
+ return;
+
+ WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
+ "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__);
+ mtx_lock(&mac_policy_mtx);
+ while (mac_policy_count != 0) {
+ mac_policy_wait++;
+ cv_wait(&mac_policy_cv, &mac_policy_mtx);
+ mac_policy_wait--;
+ }
+#endif
+}
+
+void
+mac_policy_assert_exclusive(void)
+{
+
+#ifndef MAC_STATIC
+ if (!mac_late)
+ return;
+
+ mtx_assert(&mac_policy_mtx, MA_OWNED);
+ KASSERT(mac_policy_count == 0,
+ ("mac_policy_assert_exclusive(): not exclusive"));
+#endif
+}
+
+void
+mac_policy_release_exclusive(void)
+{
+#ifndef MAC_STATIC
+ int dowakeup;
+
+ if (!mac_late)
+ return;
+
+ KASSERT(mac_policy_count == 0,
+ ("mac_policy_release_exclusive(): not exclusive"));
+ dowakeup = (mac_policy_wait != 0);
+ mtx_unlock(&mac_policy_mtx);
+ if (dowakeup)
+ cv_signal(&mac_policy_cv);
+#endif
+}
+
+void
+mac_policy_list_busy(void)
+{
+
+#ifndef MAC_STATIC
+ if (!mac_late)
+ return;
+
+ mtx_lock(&mac_policy_mtx);
+ mac_policy_count++;
+ mtx_unlock(&mac_policy_mtx);
+#endif
+}
+
+int
+mac_policy_list_conditional_busy(void)
+{
+#ifndef MAC_STATIC
+ int ret;
+
+ if (!mac_late)
+ return (1);
+
+ mtx_lock(&mac_policy_mtx);
+ if (!LIST_EMPTY(&mac_policy_list)) {
+ mac_policy_count++;
+ ret = 1;
+ } else
+ ret = 0;
+ mtx_unlock(&mac_policy_mtx);
+ return (ret);
+#else
+ return (1);
+#endif
+}
+
+void
+mac_policy_list_unbusy(void)
+{
+#ifndef MAC_STATIC
+ int dowakeup;
+
+ if (!mac_late)
+ return;
+
+ mtx_lock(&mac_policy_mtx);
+ mac_policy_count--;
+ KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK"));
+ dowakeup = (mac_policy_count == 0 && mac_policy_wait != 0);
+ mtx_unlock(&mac_policy_mtx);
+
+ if (dowakeup)
+ cv_signal(&mac_policy_cv);
+#endif
+}
+
+/*
+ * Initialize the MAC subsystem, including appropriate SMP locks.
+ */
+static void
+mac_init(void)
+{
+
+ LIST_INIT(&mac_static_policy_list);
+ LIST_INIT(&mac_policy_list);
+ mac_labelzone_init();
+
+#ifndef MAC_STATIC
+ mtx_init(&mac_policy_mtx, "mac_policy_mtx", NULL, MTX_DEF);
+ cv_init(&mac_policy_cv, "mac_policy_cv");
+#endif
+}
+
+/*
+ * For the purposes of modules that want to know if they were loaded "early",
+ * set the mac_late flag once we've processed modules either linked into the
+ * kernel, or loaded before the kernel startup.
+ */
+static void
+mac_late_init(void)
+{
+
+ mac_late = 1;
+}
+
+/*
+ * After the policy list has changed, walk the list to update any global
+ * flags. Currently, we support only one flag, and it's conditionally
+ * defined; as a result, the entire function is conditional. Eventually, the
+ * #else case might also iterate across the policies.
+ */
+static void
+mac_policy_updateflags(void)
+{
+#ifndef MAC_ALWAYS_LABEL_MBUF
+ struct mac_policy_conf *tmpc;
+ int labelmbufs;
+
+ mac_policy_assert_exclusive();
+
+ labelmbufs = 0;
+ LIST_FOREACH(tmpc, &mac_static_policy_list, mpc_list) {
+ if (tmpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_LABELMBUFS)
+ labelmbufs++;
+ }
+ LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
+ if (tmpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_LABELMBUFS)
+ labelmbufs++;
+ }
+ mac_labelmbufs = (labelmbufs != 0);
+#endif
+}
+
+static int
+mac_policy_register(struct mac_policy_conf *mpc)
+{
+ struct mac_policy_conf *tmpc;
+ int error, slot, static_entry;
+
+ error = 0;
+
+ /*
+ * We don't technically need exclusive access while !mac_late, but
+ * hold it for assertion consistency.
+ */
+ mac_policy_grab_exclusive();
+
+ /*
+ * If the module can potentially be unloaded, or we're loading late,
+ * we have to stick it in the non-static list and pay an extra
+ * performance overhead. Otherwise, we can pay a light locking cost
+ * and stick it in the static list.
+ */
+ static_entry = (!mac_late &&
+ !(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK));
+
+ if (static_entry) {
+ LIST_FOREACH(tmpc, &mac_static_policy_list, mpc_list) {
+ if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
+ error = EEXIST;
+ goto out;
+ }
+ }
+ } else {
+ LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
+ if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
+ error = EEXIST;
+ goto out;
+ }
+ }
+ }
+ if (mpc->mpc_field_off != NULL) {
+ slot = ffs(mac_slot_offsets_free);
+ if (slot == 0) {
+ error = ENOMEM;
+ goto out;
+ }
+ slot--;
+ mac_slot_offsets_free &= ~(1 << slot);
+ *mpc->mpc_field_off = slot;
+ }
+ mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
+
+ /*
+ * If we're loading a MAC module after the framework has initialized,
+ * it has to go into the dynamic list. If we're loading it before
+ * we've finished initializing, it can go into the static list with
+ * weaker locker requirements.
+ */
+ if (static_entry)
+ LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list);
+ else
+ LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
+
+ /*
+ * Per-policy initialization. Currently, this takes place under the
+ * exclusive lock, so policies must not sleep in their init method.
+ * In the future, we may want to separate "init" from "start", with
+ * "init" occuring without the lock held. Likewise, on tear-down,
+ * breaking out "stop" from "destroy".
+ */
+ if (mpc->mpc_ops->mpo_init != NULL)
+ (*(mpc->mpc_ops->mpo_init))(mpc);
+ mac_policy_updateflags();
+
+ printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname,
+ mpc->mpc_name);
+
+out:
+ mac_policy_release_exclusive();
+ return (error);
+}
+
+static int
+mac_policy_unregister(struct mac_policy_conf *mpc)
+{
+
+ /*
+ * If we fail the load, we may get a request to unload. Check to see
+ * if we did the run-time registration, and if not, silently succeed.
+ */
+ mac_policy_grab_exclusive();
+ if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+ mac_policy_release_exclusive();
+ return (0);
+ }
+#if 0
+ /*
+ * Don't allow unloading modules with private data.
+ */
+ if (mpc->mpc_field_off != NULL) {
+ MAC_POLICY_LIST_UNLOCK();
+ return (EBUSY);
+ }
+#endif
+ /*
+ * Only allow the unload to proceed if the module is unloadable by
+ * its own definition.
+ */
+ if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+ mac_policy_release_exclusive();
+ return (EBUSY);
+ }
+ if (mpc->mpc_ops->mpo_destroy != NULL)
+ (*(mpc->mpc_ops->mpo_destroy))(mpc);
+
+ LIST_REMOVE(mpc, mpc_list);
+ mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
+ mac_policy_updateflags();
+
+ mac_policy_release_exclusive();
+
+ printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
+ mpc->mpc_name);
+
+ return (0);
+}
+
+/*
+ * Allow MAC policy modules to register during boot, etc.
+ */
+int
+mac_policy_modevent(module_t mod, int type, void *data)
+{
+ struct mac_policy_conf *mpc;
+ int error;
+
+ error = 0;
+ mpc = (struct mac_policy_conf *) data;
+
+#ifdef MAC_STATIC
+ if (mac_late) {
+ printf("mac_policy_modevent: MAC_STATIC and late\n");
+ return (EBUSY);
+ }
+#endif
+
+ switch (type) {
+ case MOD_LOAD:
+ if (mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_NOTLATE &&
+ mac_late) {
+ printf("mac_policy_modevent: can't load %s policy "
+ "after booting\n", mpc->mpc_name);
+ error = EBUSY;
+ break;
+ }
+ error = mac_policy_register(mpc);
+ break;
+ case MOD_UNLOAD:
+ /* Don't unregister the module if it was never registered. */
+ if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED)
+ != 0)
+ error = mac_policy_unregister(mpc);
+ else
+ error = 0;
+ break;
+ default:
+ error = EOPNOTSUPP;
+ break;
+ }
+
+ return (error);
+}
+
+/*
+ * Define an error value precedence, and given two arguments, selects the
+ * value with the higher precedence.
+ */
+int
+mac_error_select(int error1, int error2)
+{
+
+ /* Certain decision-making errors take top priority. */
+ if (error1 == EDEADLK || error2 == EDEADLK)
+ return (EDEADLK);
+
+ /* Invalid arguments should be reported where possible. */
+ if (error1 == EINVAL || error2 == EINVAL)
+ return (EINVAL);
+
+ /* Precedence goes to "visibility", with both process and file. */
+ if (error1 == ESRCH || error2 == ESRCH)
+ return (ESRCH);
+
+ if (error1 == ENOENT || error2 == ENOENT)
+ return (ENOENT);
+
+ /* Precedence goes to DAC/MAC protections. */
+ if (error1 == EACCES || error2 == EACCES)
+ return (EACCES);
+
+ /* Precedence goes to privilege. */
+ if (error1 == EPERM || error2 == EPERM)
+ return (EPERM);
+
+ /* Precedence goes to error over success; otherwise, arbitrary. */
+ if (error1 != 0)
+ return (error1);
+ return (error2);
+}
+
+int
+mac_check_structmac_consistent(struct mac *mac)
+{
+
+ if (mac->m_buflen < 0 ||
+ mac->m_buflen > MAC_MAX_LABEL_BUF_LEN)
+ return (EINVAL);
+
+ return (0);
+}
+
+SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL);
+SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL);
--- /dev/null
+++ sys/security/mac/mac_priv.c
@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 2006 nCircle Network Security, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert N. M. Watson for the TrustedBSD
+ * Project under contract to nCircle Network Security, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
+ * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/security/mac/mac_priv.c,v 1.3 2006/12/22 23:34:44 rwatson Exp $
+ */
+
+/*
+ * MAC checks for system privileges.
+ */
+
+#include "opt_mac.h"
+
+#include <sys/param.h>
+#include <sys/priv.h>
+#include <sys/module.h>
+
+#include <security/mac/mac_framework.h>
+#include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
+
+/*
+ * The MAC Framework interacts with kernel privilege checks in two ways: it
+ * may restrict the granting of privilege to a subject, and it may grant
+ * additional privileges to the subject. Policies may implement none, one,
+ * or both of these entry points. Restriction of privilege by any policy
+ * always overrides granting of privilege by any policy or other privilege
+ * mechanism. See kern_priv.c:priv_check_cred() for details of the
+ * composition.
+ */
+
+/*
+ * Restrict access to a privilege for a credential. Return failure if any
+ * policy denies access.
+ */
+int
+mac_priv_check(struct ucred *cred, int priv)
+{
+ int error;
+
+ MAC_CHECK(priv_check, cred, priv);
+
+ return (error);
+}
+
+/*
+ * Grant access to a privilege for a credential. Return success if any
+ * policy grants access.
+ */
+int
+mac_priv_grant(struct ucred *cred, int priv)
+{
+ int error;
+
+ MAC_GRANT(priv_grant, cred, priv);
+
+ return (error);
+}
--- /dev/null
+++ sys/security/mac/mac_policy.h
@@ -0,0 +1,980 @@
+/*-
+ * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/security/mac/mac_policy.h,v 1.94.2.1 2007/11/06 14:46:58 rwatson Exp $
+ */
+/*
+ * Kernel interface for MAC policy modules.
+ */
+#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_
+#define _SYS_SECURITY_MAC_MAC_POLICY_H_
+
+#ifndef _KERNEL
+#error "no user-serviceable parts inside"
+#endif
+
+/*-
+ * Pluggable access control policy definition structure.
+ *
+ * List of operations that are performed as part of the implementation of a
+ * MAC policy. Policy implementors declare operations with a mac_policy_ops
+ * structure, and using the MAC_POLICY_SET() macro. If an entry point is not
+ * declared, then then the policy will be ignored during evaluation of that
+ * event or check.
+ *
+ * Operations are sorted first by general class of operation, then
+ * alphabetically.
+ */
+#include <sys/acl.h> /* XXX acl_type_t */
+
+struct acl;
+struct auditinfo;
+struct auditinfo_addr;
+struct bpf_d;
+struct cdev;
+struct componentname;
+struct devfs_dirent;
+struct ifnet;
+struct image_params;
+struct inpcb;
+struct ipq;
+struct ksem;
+struct label;
+struct mac_policy_conf;
+struct mbuf;
+struct mount;
+struct msg;
+struct msqid_kernel;
+struct pipepair;
+struct proc;
+struct sbuf;
+struct semid_kernel;
+struct shmid_kernel;
+struct sockaddr;
+struct socket;
+struct sysctl_oid;
+struct sysctl_req;
+struct thread;
+struct ucred;
+struct uio;
+struct vattr;
+struct vnode;
+
+/*
+ * Policy module operations.
+ */
+typedef void (*mpo_destroy_t)(struct mac_policy_conf *mpc);
+typedef void (*mpo_init_t)(struct mac_policy_conf *mpc);
+
+/*
+ * General policy-directed security system call so that policies may
+ * implement new services without reserving explicit system call numbers.
+ */
+typedef int (*mpo_syscall_t)(struct thread *td, int call, void *arg);
+
+/*
+ * Place-holder function pointers for ABI-compatibility purposes.
+ */
+typedef void (*mpo_placeholder_t)(void);
+
+/*
+ * Label operations. Initialize label storage, destroy label storage,
+ * recycle for re-use without init/destroy, copy a label to initialized
+ * storage, and externalize/internalize from/to initialized storage.
+ */
+typedef void (*mpo_init_bpfdesc_label_t)(struct label *label);
+typedef void (*mpo_init_cred_label_t)(struct label *label);
+typedef void (*mpo_init_devfs_label_t)(struct label *label);
+typedef void (*mpo_init_ifnet_label_t)(struct label *label);
+typedef int (*mpo_init_inpcb_label_t)(struct label *label, int flag);
+typedef void (*mpo_init_sysv_msgmsg_label_t)(struct label *label);
+typedef void (*mpo_init_sysv_msgqueue_label_t)(struct label *label);
+typedef void (*mpo_init_sysv_sem_label_t)(struct label *label);
+typedef void (*mpo_init_sysv_shm_label_t)(struct label *label);
+typedef int (*mpo_init_ipq_label_t)(struct label *label, int flag);
+typedef int (*mpo_init_mbuf_label_t)(struct label *label, int flag);
+typedef void (*mpo_init_mount_label_t)(struct label *label);
+typedef int (*mpo_init_socket_label_t)(struct label *label, int flag);
+typedef int (*mpo_init_socket_peer_label_t)(struct label *label,
+ int flag);
+typedef void (*mpo_init_pipe_label_t)(struct label *label);
+typedef void (*mpo_init_posix_sem_label_t)(struct label *label);
+typedef void (*mpo_init_proc_label_t)(struct label *label);
+typedef void (*mpo_init_vnode_label_t)(struct label *label);
+typedef void (*mpo_destroy_bpfdesc_label_t)(struct label *label);
+typedef void (*mpo_destroy_cred_label_t)(struct label *label);
+typedef void (*mpo_destroy_devfs_label_t)(struct label *label);
+typedef void (*mpo_destroy_ifnet_label_t)(struct label *label);
+typedef void (*mpo_destroy_inpcb_label_t)(struct label *label);
+typedef void (*mpo_destroy_sysv_msgmsg_label_t)(struct label *label);
+typedef void (*mpo_destroy_sysv_msgqueue_label_t)(struct label *label);
+typedef void (*mpo_destroy_sysv_sem_label_t)(struct label *label);
+typedef void (*mpo_destroy_sysv_shm_label_t)(struct label *label);
+typedef void (*mpo_destroy_ipq_label_t)(struct label *label);
+typedef void (*mpo_destroy_mbuf_label_t)(struct label *label);
+typedef void (*mpo_destroy_mount_label_t)(struct label *label);
+typedef void (*mpo_destroy_socket_label_t)(struct label *label);
+typedef void (*mpo_destroy_socket_peer_label_t)(struct label *label);
+typedef void (*mpo_destroy_pipe_label_t)(struct label *label);
+typedef void (*mpo_destroy_posix_sem_label_t)(struct label *label);
+typedef void (*mpo_destroy_proc_label_t)(struct label *label);
+typedef void (*mpo_destroy_vnode_label_t)(struct label *label);
+typedef void (*mpo_cleanup_sysv_msgmsg_t)(struct label *msglabel);
+typedef void (*mpo_cleanup_sysv_msgqueue_t)(struct label *msqlabel);
+typedef void (*mpo_cleanup_sysv_sem_t)(struct label *semalabel);
+typedef void (*mpo_cleanup_sysv_shm_t)(struct label *shmlabel);
+typedef void (*mpo_copy_cred_label_t)(struct label *src,
+ struct label *dest);
+typedef void (*mpo_copy_ifnet_label_t)(struct label *src,
+ struct label *dest);
+typedef void (*mpo_copy_mbuf_label_t)(struct label *src,
+ struct label *dest);
+typedef void (*mpo_copy_pipe_label_t)(struct label *src,
+ struct label *dest);
+typedef void (*mpo_copy_socket_label_t)(struct label *src,
+ struct label *dest);
+typedef void (*mpo_copy_vnode_label_t)(struct label *src,
+ struct label *dest);
+typedef int (*mpo_externalize_cred_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_externalize_ifnet_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_externalize_pipe_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_externalize_socket_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_externalize_socket_peer_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_externalize_vnode_label_t)(struct label *label,
+ char *element_name, struct sbuf *sb, int *claimed);
+typedef int (*mpo_internalize_cred_label_t)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
+typedef int (*mpo_internalize_ifnet_label_t)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
+typedef int (*mpo_internalize_pipe_label_t)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
+typedef int (*mpo_internalize_socket_label_t)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
+typedef int (*mpo_internalize_vnode_label_t)(struct label *label,
+ char *element_name, char *element_data, int *claimed);
+
+/*
+ * Labeling event operations: file system objects, and things that look a lot
+ * like file system objects.
+ */
+typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp,
+ struct label *mplabel, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp,
+ struct label *vplabel);
+typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp,
+ struct label *mplabel, struct vnode *vp,
+ struct label *vplabel);
+typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp,
+ struct label *mplabel, struct vnode *vp,
+ struct label *vplabel);
+typedef void (*mpo_create_devfs_device_t)(struct ucred *cred,
+ struct mount *mp, struct cdev *dev,
+ struct devfs_dirent *de, struct label *delabel);
+typedef void (*mpo_create_devfs_directory_t)(struct mount *mp,
+ char *dirname, int dirnamelen, struct devfs_dirent *de,
+ struct label *delabel);
+typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred,
+ struct mount *mp, struct devfs_dirent *dd,
+ struct label *ddlabel, struct devfs_dirent *de,
+ struct label *delabel);
+typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred,
+ struct mount *mp, struct label *mplabel,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp);
+typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp,
+ struct label *mplabel);
+typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel, struct label *label);
+typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ struct label *intlabel);
+typedef void (*mpo_update_devfs_t)(struct mount *mp,
+ struct devfs_dirent *de, struct label *delabel,
+ struct vnode *vp, struct label *vplabel);
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+typedef void (*mpo_create_mbuf_from_socket_t)(struct socket *so,
+ struct label *solabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_socket_t)(struct ucred *cred, struct socket *so,
+ struct label *solabel);
+typedef void (*mpo_create_socket_from_socket_t)(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsolabel);
+typedef void (*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so,
+ struct label *oldlabel, struct label *newlabel);
+typedef void (*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp,
+ struct label *oldlabel, struct label *newlabel);
+typedef void (*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *m,
+ struct label *mlabel, struct socket *so,
+ struct label *sopeerlabel);
+typedef void (*mpo_set_socket_peer_from_socket_t)(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel);
+typedef void (*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp,
+ struct label *pplabel);
+
+/*
+ * Labeling event operations: System V IPC primitives.
+ */
+typedef void (*mpo_create_sysv_msgmsg_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqlabel,
+ struct msg *msgptr, struct label *msglabel);
+typedef void (*mpo_create_sysv_msgqueue_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqlabel);
+typedef void (*mpo_create_sysv_sem_t)(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semalabel);
+typedef void (*mpo_create_sysv_shm_t)(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, struct label *shmlabel);
+
+/*
+ * Labeling event operations: POSIX (global/inter-process) semaphores.
+ */
+typedef void (*mpo_create_posix_sem_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+
+/*
+ * Labeling event operations: network objects.
+ */
+typedef void (*mpo_create_bpfdesc_t)(struct ucred *cred,
+ struct bpf_d *d, struct label *dlabel);
+typedef void (*mpo_create_ifnet_t)(struct ifnet *ifp,
+ struct label *ifplabel);
+typedef void (*mpo_create_inpcb_from_socket_t)(struct socket *so,
+ struct label *solabel, struct inpcb *inp,
+ struct label *inplabel);
+typedef void (*mpo_create_ipq_t)(struct mbuf *m, struct label *mlabel,
+ struct ipq *ipq, struct label *ipqlabel);
+typedef void (*mpo_create_datagram_from_ipq)
+ (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_fragment_t)(struct mbuf *m,
+ struct label *mlabel, struct mbuf *frag,
+ struct label *fraglabel);
+typedef void (*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp,
+ struct label *inplabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
+ struct label *ifplabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *d,
+ struct label *dlabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifp,
+ struct label *ifplabel, struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_create_mbuf_multicast_encap_t)(struct mbuf *m,
+ struct label *mlabel, struct ifnet *ifp,
+ struct label *ifplabel, struct mbuf *mnew,
+ struct label *mnewlabel);
+typedef void (*mpo_create_mbuf_netlayer_t)(struct mbuf *m,
+ struct label *mlabel, struct mbuf *mnew,
+ struct label *mnewlabel);
+typedef int (*mpo_fragment_match_t)(struct mbuf *m, struct label *mlabel,
+ struct ipq *ipq, struct label *ipqlabel);
+typedef void (*mpo_reflect_mbuf_icmp_t)(struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_reflect_mbuf_tcp_t)(struct mbuf *m,
+ struct label *mlabel);
+typedef void (*mpo_relabel_ifnet_t)(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel);
+typedef void (*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel,
+ struct ipq *ipq, struct label *ipqlabel);
+typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
+ struct label *label, struct inpcb *inp,
+ struct label *inplabel);
+
+typedef void (*mpo_create_mbuf_from_firewall_t)(struct mbuf *m,
+ struct label *label);
+typedef void (*mpo_destroy_syncache_label_t)(struct label *label);
+typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag);
+typedef void (*mpo_init_syncache_from_inpcb_t)(struct label *label,
+ struct inpcb *inp);
+typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
+ struct mbuf *m, struct label *mlabel);
+/*
+ * Labeling event operations: processes.
+ */
+typedef void (*mpo_execve_transition_t)(struct ucred *old,
+ struct ucred *new, struct vnode *vp,
+ struct label *vplabel, struct label *interpvnodelabel,
+ struct image_params *imgp, struct label *execlabel);
+typedef int (*mpo_execve_will_transition_t)(struct ucred *old,
+ struct vnode *vp, struct label *vplabel,
+ struct label *interpvnodelabel,
+ struct image_params *imgp, struct label *execlabel);
+typedef void (*mpo_create_proc0_t)(struct ucred *cred);
+typedef void (*mpo_create_proc1_t)(struct ucred *cred);
+typedef void (*mpo_relabel_cred_t)(struct ucred *cred,
+ struct label *newlabel);
+typedef void (*mpo_thread_userret_t)(struct thread *thread);
+
+/*
+ * Access control checks.
+ */
+typedef int (*mpo_check_bpfdesc_receive_t)(struct bpf_d *d,
+ struct label *dlabel, struct ifnet *ifp,
+ struct label *ifplabel);
+typedef int (*mpo_check_cred_relabel_t)(struct ucred *cred,
+ struct label *newlabel);
+typedef int (*mpo_check_cred_visible_t)(struct ucred *cr1,
+ struct ucred *cr2);
+typedef int (*mpo_check_ifnet_relabel_t)(struct ucred *cred,
+ struct ifnet *ifp, struct label *ifplabel,
+ struct label *newlabel);
+typedef int (*mpo_check_ifnet_transmit_t)(struct ifnet *ifp,
+ struct label *ifplabel, struct mbuf *m,
+ struct label *mlabel);
+typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
+ struct label *inplabel, struct mbuf *m,
+ struct label *mlabel);
+typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred,
+ struct msg *msgptr, struct label *msglabel,
+ struct msqid_kernel *msqkptr, struct label *msqklabel);
+typedef int (*mpo_check_sysv_msgrcv_t)(struct ucred *cred,
+ struct msg *msgptr, struct label *msglabel);
+typedef int (*mpo_check_sysv_msgrmid_t)(struct ucred *cred,
+ struct msg *msgptr, struct label *msglabel);
+typedef int (*mpo_check_sysv_msqget_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel);
+typedef int (*mpo_check_sysv_msqsnd_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel);
+typedef int (*mpo_check_sysv_msqrcv_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel);
+typedef int (*mpo_check_sysv_msqctl_t)(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqklabel,
+ int cmd);
+typedef int (*mpo_check_sysv_semctl_t)(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel,
+ int cmd);
+typedef int (*mpo_check_sysv_semget_t)(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel);
+typedef int (*mpo_check_sysv_semop_t)(struct ucred *cred,
+ struct semid_kernel *semakptr, struct label *semaklabel,
+ size_t accesstype);
+typedef int (*mpo_check_sysv_shmat_t)(struct ucred *cred,
+ struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg);
+typedef int (*mpo_check_sysv_shmctl_t)(struct ucred *cred,
+ struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int cmd);
+typedef int (*mpo_check_sysv_shmdt_t)(struct ucred *cred,
+ struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel);
+typedef int (*mpo_check_sysv_shmget_t)(struct ucred *cred,
+ struct shmid_kernel *shmsegptr,
+ struct label *shmseglabel, int shmflg);
+typedef int (*mpo_check_kenv_dump_t)(struct ucred *cred);
+typedef int (*mpo_check_kenv_get_t)(struct ucred *cred, char *name);
+typedef int (*mpo_check_kenv_set_t)(struct ucred *cred, char *name,
+ char *value);
+typedef int (*mpo_check_kenv_unset_t)(struct ucred *cred, char *name);
+typedef int (*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp,
+ struct label *vplabel);
+typedef int (*mpo_check_kld_stat_t)(struct ucred *cred);
+typedef int (*mpo_mpo_placeholder19_t)(void);
+typedef int (*mpo_mpo_placeholder20_t)(void);
+typedef int (*mpo_check_mount_stat_t)(struct ucred *cred,
+ struct mount *mp, struct label *mplabel);
+typedef int (*mpo_mpo_placeholder21_t)(void);
+typedef int (*mpo_check_pipe_ioctl_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel,
+ unsigned long cmd, void *data);
+typedef int (*mpo_check_pipe_poll_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel);
+typedef int (*mpo_check_pipe_read_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel);
+typedef int (*mpo_check_pipe_relabel_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel,
+ struct label *newlabel);
+typedef int (*mpo_check_pipe_stat_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel);
+typedef int (*mpo_check_pipe_write_t)(struct ucred *cred,
+ struct pipepair *pp, struct label *pplabel);
+typedef int (*mpo_check_posix_sem_destroy_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_posix_sem_getvalue_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_posix_sem_open_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_posix_sem_post_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_posix_sem_unlink_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_posix_sem_wait_t)(struct ucred *cred,
+ struct ksem *ks, struct label *kslabel);
+typedef int (*mpo_check_proc_debug_t)(struct ucred *cred,
+ struct proc *p);
+typedef int (*mpo_check_proc_sched_t)(struct ucred *cred,
+ struct proc *p);
+typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred,
+ struct auditinfo *ai);
+typedef int (*mpo_check_proc_setaudit_addr_t)(struct ucred *cred,
+ struct auditinfo_addr *aia);
+typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int (*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
+typedef int (*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
+typedef int (*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
+typedef int (*mpo_check_proc_setegid_t)(struct ucred *cred, gid_t egid);
+typedef int (*mpo_check_proc_setgroups_t)(struct ucred *cred, int ngroups,
+ gid_t *gidset);
+typedef int (*mpo_check_proc_setreuid_t)(struct ucred *cred, uid_t ruid,
+ uid_t euid);
+typedef int (*mpo_check_proc_setregid_t)(struct ucred *cred, gid_t rgid,
+ gid_t egid);
+typedef int (*mpo_check_proc_setresuid_t)(struct ucred *cred, uid_t ruid,
+ uid_t euid, uid_t suid);
+typedef int (*mpo_check_proc_setresgid_t)(struct ucred *cred, gid_t rgid,
+ gid_t egid, gid_t sgid);
+typedef int (*mpo_check_proc_signal_t)(struct ucred *cred,
+ struct proc *proc, int signum);
+typedef int (*mpo_check_proc_wait_t)(struct ucred *cred,
+ struct proc *proc);
+typedef int (*mpo_check_socket_accept_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_bind_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel,
+ struct sockaddr *sa);
+typedef int (*mpo_check_socket_connect_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel,
+ struct sockaddr *sa);
+typedef int (*mpo_check_socket_create_t)(struct ucred *cred, int domain,
+ int type, int protocol);
+typedef int (*mpo_check_socket_deliver_t)(struct socket *so,
+ struct label *solabel, struct mbuf *m,
+ struct label *mlabel);
+typedef int (*mpo_check_socket_listen_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_poll_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_receive_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_relabel_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel,
+ struct label *newlabel);
+typedef int (*mpo_check_socket_send_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_stat_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_socket_visible_t)(struct ucred *cred,
+ struct socket *so, struct label *solabel);
+typedef int (*mpo_check_system_acct_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+ int length);
+typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
+typedef int (*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
+typedef int (*mpo_check_system_swapon_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_system_swapoff_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_system_sysctl_t)(struct ucred *cred,
+ struct sysctl_oid *oidp, void *arg1, int arg2,
+ struct sysctl_req *req);
+typedef int (*mpo_check_vnode_access_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, int acc_mode);
+typedef int (*mpo_check_vnode_chdir_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel);
+typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel);
+typedef int (*mpo_check_vnode_create_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct componentname *cnp, struct vattr *vap);
+typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ acl_type_t type);
+typedef int (*mpo_check_vnode_deleteextattr_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ int attrnamespace, const char *name);
+typedef int (*mpo_check_vnode_exec_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ struct image_params *imgp, struct label *execlabel);
+typedef int (*mpo_check_vnode_getacl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ acl_type_t type);
+typedef int (*mpo_check_vnode_getextattr_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ int attrnamespace, const char *name, struct uio *uio);
+typedef int (*mpo_check_vnode_link_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp);
+typedef int (*mpo_check_vnode_listextattr_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ int attrnamespace);
+typedef int (*mpo_check_vnode_lookup_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct componentname *cnp);
+typedef int (*mpo_check_vnode_mmap_t)(struct ucred *cred,
+ struct vnode *vp, struct label *label, int prot,
+ int flags);
+typedef void (*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, int *prot);
+typedef int (*mpo_check_vnode_mprotect_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, int prot);
+typedef int (*mpo_check_vnode_open_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, int acc_mode);
+typedef int (*mpo_check_vnode_poll_t)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
+ struct label *vplabel);
+typedef int (*mpo_check_vnode_read_t)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
+ struct label *vplabel);
+typedef int (*mpo_check_vnode_readdir_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel);
+typedef int (*mpo_check_vnode_readlink_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_vnode_relabel_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ struct label *newlabel);
+typedef int (*mpo_check_vnode_rename_from_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp);
+typedef int (*mpo_check_vnode_rename_to_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, int samedir,
+ struct componentname *cnp);
+typedef int (*mpo_check_vnode_revoke_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_vnode_setacl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, acl_type_t type,
+ struct acl *acl);
+typedef int (*mpo_check_vnode_setextattr_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ int attrnamespace, const char *name, struct uio *uio);
+typedef int (*mpo_check_vnode_setflags_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, u_long flags);
+typedef int (*mpo_check_vnode_setmode_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, mode_t mode);
+typedef int (*mpo_check_vnode_setowner_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel, uid_t uid,
+ gid_t gid);
+typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel,
+ struct timespec atime, struct timespec mtime);
+typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
+ struct label *vplabel);
+typedef int (*mpo_check_vnode_unlink_t)(struct ucred *cred,
+ struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel,
+ struct componentname *cnp);
+typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp,
+ struct label *vplabel);
+typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred);
+typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
+typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
+
+struct mac_policy_ops {
+ /*
+ * Policy module operations.
+ */
+ mpo_destroy_t mpo_destroy;
+ mpo_init_t mpo_init;
+
+ /*
+ * General policy-directed security system call so that policies may
+ * implement new services without reserving explicit system call
+ * numbers.
+ */
+ mpo_syscall_t mpo_syscall;
+
+ /*
+ * Label operations. Initialize label storage, destroy label
+ * storage, recycle for re-use without init/destroy, copy a label to
+ * initialized storage, and externalize/internalize from/to
+ * initialized storage.
+ */
+ mpo_init_bpfdesc_label_t mpo_init_bpfdesc_label;
+ mpo_init_cred_label_t mpo_init_cred_label;
+ mpo_init_devfs_label_t mpo_init_devfs_label;
+ mpo_placeholder_t _mpo_placeholder0;
+ mpo_init_ifnet_label_t mpo_init_ifnet_label;
+ mpo_init_inpcb_label_t mpo_init_inpcb_label;
+ mpo_init_sysv_msgmsg_label_t mpo_init_sysv_msgmsg_label;
+ mpo_init_sysv_msgqueue_label_t mpo_init_sysv_msgqueue_label;
+ mpo_init_sysv_sem_label_t mpo_init_sysv_sem_label;
+ mpo_init_sysv_shm_label_t mpo_init_sysv_shm_label;
+ mpo_init_ipq_label_t mpo_init_ipq_label;
+ mpo_init_mbuf_label_t mpo_init_mbuf_label;
+ mpo_init_mount_label_t mpo_init_mount_label;
+ mpo_init_socket_label_t mpo_init_socket_label;
+ mpo_init_socket_peer_label_t mpo_init_socket_peer_label;
+ mpo_init_pipe_label_t mpo_init_pipe_label;
+ mpo_init_posix_sem_label_t mpo_init_posix_sem_label;
+ mpo_init_proc_label_t mpo_init_proc_label;
+ mpo_init_vnode_label_t mpo_init_vnode_label;
+ mpo_destroy_bpfdesc_label_t mpo_destroy_bpfdesc_label;
+ mpo_destroy_cred_label_t mpo_destroy_cred_label;
+ mpo_destroy_devfs_label_t mpo_destroy_devfs_label;
+ mpo_placeholder_t _mpo_placeholder1;
+ mpo_destroy_ifnet_label_t mpo_destroy_ifnet_label;
+ mpo_destroy_inpcb_label_t mpo_destroy_inpcb_label;
+ mpo_destroy_sysv_msgmsg_label_t mpo_destroy_sysv_msgmsg_label;
+ mpo_destroy_sysv_msgqueue_label_t mpo_destroy_sysv_msgqueue_label;
+ mpo_destroy_sysv_sem_label_t mpo_destroy_sysv_sem_label;
+ mpo_destroy_sysv_shm_label_t mpo_destroy_sysv_shm_label;
+ mpo_destroy_ipq_label_t mpo_destroy_ipq_label;
+ mpo_destroy_mbuf_label_t mpo_destroy_mbuf_label;
+ mpo_destroy_mount_label_t mpo_destroy_mount_label;
+ mpo_destroy_socket_label_t mpo_destroy_socket_label;
+ mpo_destroy_socket_peer_label_t mpo_destroy_socket_peer_label;
+ mpo_destroy_pipe_label_t mpo_destroy_pipe_label;
+ mpo_destroy_posix_sem_label_t mpo_destroy_posix_sem_label;
+ mpo_destroy_proc_label_t mpo_destroy_proc_label;
+ mpo_destroy_vnode_label_t mpo_destroy_vnode_label;
+ mpo_cleanup_sysv_msgmsg_t mpo_cleanup_sysv_msgmsg;
+ mpo_cleanup_sysv_msgqueue_t mpo_cleanup_sysv_msgqueue;
+ mpo_cleanup_sysv_sem_t mpo_cleanup_sysv_sem;
+ mpo_cleanup_sysv_shm_t mpo_cleanup_sysv_shm;
+ mpo_copy_cred_label_t mpo_copy_cred_label;
+ mpo_copy_ifnet_label_t mpo_copy_ifnet_label;
+ mpo_copy_mbuf_label_t mpo_copy_mbuf_label;
+ mpo_placeholder_t _mpo_placeholder2;
+ mpo_copy_pipe_label_t mpo_copy_pipe_label;
+ mpo_copy_socket_label_t mpo_copy_socket_label;
+ mpo_copy_vnode_label_t mpo_copy_vnode_label;
+ mpo_externalize_cred_label_t mpo_externalize_cred_label;
+ mpo_externalize_ifnet_label_t mpo_externalize_ifnet_label;
+ mpo_placeholder_t _mpo_placeholder3;
+ mpo_externalize_pipe_label_t mpo_externalize_pipe_label;
+ mpo_externalize_socket_label_t mpo_externalize_socket_label;
+ mpo_externalize_socket_peer_label_t mpo_externalize_socket_peer_label;
+ mpo_externalize_vnode_label_t mpo_externalize_vnode_label;
+ mpo_internalize_cred_label_t mpo_internalize_cred_label;
+ mpo_internalize_ifnet_label_t mpo_internalize_ifnet_label;
+ mpo_placeholder_t _mpo_placeholder4;
+ mpo_internalize_pipe_label_t mpo_internalize_pipe_label;
+ mpo_internalize_socket_label_t mpo_internalize_socket_label;
+ mpo_internalize_vnode_label_t mpo_internalize_vnode_label;
+
+ /*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+ mpo_associate_vnode_devfs_t mpo_associate_vnode_devfs;
+ mpo_associate_vnode_extattr_t mpo_associate_vnode_extattr;
+ mpo_associate_vnode_singlelabel_t mpo_associate_vnode_singlelabel;
+ mpo_create_devfs_device_t mpo_create_devfs_device;
+ mpo_create_devfs_directory_t mpo_create_devfs_directory;
+ mpo_create_devfs_symlink_t mpo_create_devfs_symlink;
+ mpo_placeholder_t _mpo_placeholder5;
+ mpo_create_vnode_extattr_t mpo_create_vnode_extattr;
+ mpo_create_mount_t mpo_create_mount;
+ mpo_relabel_vnode_t mpo_relabel_vnode;
+ mpo_setlabel_vnode_extattr_t mpo_setlabel_vnode_extattr;
+ mpo_update_devfs_t mpo_update_devfs;
+
+ /*
+ * Labeling event operations: IPC objects.
+ */
+ mpo_create_mbuf_from_socket_t mpo_create_mbuf_from_socket;
+ mpo_create_socket_t mpo_create_socket;
+ mpo_create_socket_from_socket_t mpo_create_socket_from_socket;
+ mpo_relabel_socket_t mpo_relabel_socket;
+ mpo_relabel_pipe_t mpo_relabel_pipe;
+ mpo_set_socket_peer_from_mbuf_t mpo_set_socket_peer_from_mbuf;
+ mpo_set_socket_peer_from_socket_t mpo_set_socket_peer_from_socket;
+ mpo_create_pipe_t mpo_create_pipe;
+
+ /*
+ * Labeling event operations: System V IPC primitives.
+ */
+ mpo_create_sysv_msgmsg_t mpo_create_sysv_msgmsg;
+ mpo_create_sysv_msgqueue_t mpo_create_sysv_msgqueue;
+ mpo_create_sysv_sem_t mpo_create_sysv_sem;
+ mpo_create_sysv_shm_t mpo_create_sysv_shm;
+
+ /*
+ * Labeling event operations: POSIX (global/inter-process) semaphores.
+ */
+ mpo_create_posix_sem_t mpo_create_posix_sem;
+
+ /*
+ * Labeling event operations: network objects.
+ */
+ mpo_create_bpfdesc_t mpo_create_bpfdesc;
+ mpo_create_ifnet_t mpo_create_ifnet;
+ mpo_create_inpcb_from_socket_t mpo_create_inpcb_from_socket;
+ mpo_create_ipq_t mpo_create_ipq;
+ mpo_create_datagram_from_ipq mpo_create_datagram_from_ipq;
+ mpo_create_fragment_t mpo_create_fragment;
+ mpo_create_mbuf_from_inpcb_t mpo_create_mbuf_from_inpcb;
+ mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
+ mpo_create_mbuf_from_bpfdesc_t mpo_create_mbuf_from_bpfdesc;
+ mpo_create_mbuf_from_ifnet_t mpo_create_mbuf_from_ifnet;
+ mpo_create_mbuf_multicast_encap_t mpo_create_mbuf_multicast_encap;
+ mpo_create_mbuf_netlayer_t mpo_create_mbuf_netlayer;
+ mpo_fragment_match_t mpo_fragment_match;
+ mpo_reflect_mbuf_icmp_t mpo_reflect_mbuf_icmp;
+ mpo_reflect_mbuf_tcp_t mpo_reflect_mbuf_tcp;
+ mpo_relabel_ifnet_t mpo_relabel_ifnet;
+ mpo_update_ipq_t mpo_update_ipq;
+ mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
+
+ /*
+ * Labeling event operations: processes.
+ */
+ mpo_execve_transition_t mpo_execve_transition;
+ mpo_execve_will_transition_t mpo_execve_will_transition;
+ mpo_create_proc0_t mpo_create_proc0;
+ mpo_create_proc1_t mpo_create_proc1;
+ mpo_relabel_cred_t mpo_relabel_cred;
+ mpo_placeholder_t _mpo_placeholder6;
+ mpo_thread_userret_t mpo_thread_userret;
+
+ /*
+ * Access control checks.
+ */
+ mpo_check_bpfdesc_receive_t mpo_check_bpfdesc_receive;
+ mpo_placeholder_t _mpo_placeholder7;
+ mpo_check_cred_relabel_t mpo_check_cred_relabel;
+ mpo_check_cred_visible_t mpo_check_cred_visible;
+ mpo_placeholder_t _mpo_placeholder8;
+ mpo_placeholder_t _mpo_placeholder9;
+ mpo_placeholder_t _mpo_placeholder10;
+ mpo_placeholder_t _mpo_placeholder11;
+ mpo_placeholder_t _mpo_placeholder12;
+ mpo_placeholder_t _mpo_placeholder13;
+ mpo_placeholder_t _mpo_placeholder14;
+ mpo_placeholder_t _mpo_placeholder15;
+ mpo_placeholder_t _mpo_placeholder16;
+ mpo_placeholder_t _mpo_placeholder17;
+ mpo_placeholder_t _mpo_placeholder18;
+ mpo_check_ifnet_relabel_t mpo_check_ifnet_relabel;
+ mpo_check_ifnet_transmit_t mpo_check_ifnet_transmit;
+ mpo_check_inpcb_deliver_t mpo_check_inpcb_deliver;
+ mpo_check_sysv_msgmsq_t mpo_check_sysv_msgmsq;
+ mpo_check_sysv_msgrcv_t mpo_check_sysv_msgrcv;
+ mpo_check_sysv_msgrmid_t mpo_check_sysv_msgrmid;
+ mpo_check_sysv_msqget_t mpo_check_sysv_msqget;
+ mpo_check_sysv_msqsnd_t mpo_check_sysv_msqsnd;
+ mpo_check_sysv_msqrcv_t mpo_check_sysv_msqrcv;
+ mpo_check_sysv_msqctl_t mpo_check_sysv_msqctl;
+ mpo_check_sysv_semctl_t mpo_check_sysv_semctl;
+ mpo_check_sysv_semget_t mpo_check_sysv_semget;
+ mpo_check_sysv_semop_t mpo_check_sysv_semop;
+ mpo_check_sysv_shmat_t mpo_check_sysv_shmat;
+ mpo_check_sysv_shmctl_t mpo_check_sysv_shmctl;
+ mpo_check_sysv_shmdt_t mpo_check_sysv_shmdt;
+ mpo_check_sysv_shmget_t mpo_check_sysv_shmget;
+ mpo_check_kenv_dump_t mpo_check_kenv_dump;
+ mpo_check_kenv_get_t mpo_check_kenv_get;
+ mpo_check_kenv_set_t mpo_check_kenv_set;
+ mpo_check_kenv_unset_t mpo_check_kenv_unset;
+ mpo_check_kld_load_t mpo_check_kld_load;
+ mpo_check_kld_stat_t mpo_check_kld_stat;
+ mpo_placeholder_t _mpo_placeholder19;
+ mpo_placeholder_t _mpo_placeholder20;
+ mpo_check_mount_stat_t mpo_check_mount_stat;
+ mpo_placeholder_t _mpo_placeholder_21;
+ mpo_check_pipe_ioctl_t mpo_check_pipe_ioctl;
+ mpo_check_pipe_poll_t mpo_check_pipe_poll;
+ mpo_check_pipe_read_t mpo_check_pipe_read;
+ mpo_check_pipe_relabel_t mpo_check_pipe_relabel;
+ mpo_check_pipe_stat_t mpo_check_pipe_stat;
+ mpo_check_pipe_write_t mpo_check_pipe_write;
+ mpo_check_posix_sem_destroy_t mpo_check_posix_sem_destroy;
+ mpo_check_posix_sem_getvalue_t mpo_check_posix_sem_getvalue;
+ mpo_check_posix_sem_open_t mpo_check_posix_sem_open;
+ mpo_check_posix_sem_post_t mpo_check_posix_sem_post;
+ mpo_check_posix_sem_unlink_t mpo_check_posix_sem_unlink;
+ mpo_check_posix_sem_wait_t mpo_check_posix_sem_wait;
+ mpo_check_proc_debug_t mpo_check_proc_debug;
+ mpo_check_proc_sched_t mpo_check_proc_sched;
+ mpo_check_proc_setaudit_t mpo_check_proc_setaudit;
+ mpo_check_proc_setaudit_addr_t mpo_check_proc_setaudit_addr;
+ mpo_check_proc_setauid_t mpo_check_proc_setauid;
+ mpo_check_proc_setuid_t mpo_check_proc_setuid;
+ mpo_check_proc_seteuid_t mpo_check_proc_seteuid;
+ mpo_check_proc_setgid_t mpo_check_proc_setgid;
+ mpo_check_proc_setegid_t mpo_check_proc_setegid;
+ mpo_check_proc_setgroups_t mpo_check_proc_setgroups;
+ mpo_check_proc_setreuid_t mpo_check_proc_setreuid;
+ mpo_check_proc_setregid_t mpo_check_proc_setregid;
+ mpo_check_proc_setresuid_t mpo_check_proc_setresuid;
+ mpo_check_proc_setresgid_t mpo_check_proc_setresgid;
+ mpo_check_proc_signal_t mpo_check_proc_signal;
+ mpo_check_proc_wait_t mpo_check_proc_wait;
+ mpo_check_socket_accept_t mpo_check_socket_accept;
+ mpo_check_socket_bind_t mpo_check_socket_bind;
+ mpo_check_socket_connect_t mpo_check_socket_connect;
+ mpo_check_socket_create_t mpo_check_socket_create;
+ mpo_check_socket_deliver_t mpo_check_socket_deliver;
+ mpo_placeholder_t _mpo_placeholder22;
+ mpo_check_socket_listen_t mpo_check_socket_listen;
+ mpo_check_socket_poll_t mpo_check_socket_poll;
+ mpo_check_socket_receive_t mpo_check_socket_receive;
+ mpo_check_socket_relabel_t mpo_check_socket_relabel;
+ mpo_check_socket_send_t mpo_check_socket_send;
+ mpo_check_socket_stat_t mpo_check_socket_stat;
+ mpo_check_socket_visible_t mpo_check_socket_visible;
+ mpo_check_system_acct_t mpo_check_system_acct;
+ mpo_check_system_audit_t mpo_check_system_audit;
+ mpo_check_system_auditctl_t mpo_check_system_auditctl;
+ mpo_check_system_auditon_t mpo_check_system_auditon;
+ mpo_check_system_reboot_t mpo_check_system_reboot;
+ mpo_check_system_swapon_t mpo_check_system_swapon;
+ mpo_check_system_swapoff_t mpo_check_system_swapoff;
+ mpo_check_system_sysctl_t mpo_check_system_sysctl;
+ mpo_placeholder_t _mpo_placeholder23;
+ mpo_check_vnode_access_t mpo_check_vnode_access;
+ mpo_check_vnode_chdir_t mpo_check_vnode_chdir;
+ mpo_check_vnode_chroot_t mpo_check_vnode_chroot;
+ mpo_check_vnode_create_t mpo_check_vnode_create;
+ mpo_check_vnode_deleteacl_t mpo_check_vnode_deleteacl;
+ mpo_check_vnode_deleteextattr_t mpo_check_vnode_deleteextattr;
+ mpo_check_vnode_exec_t mpo_check_vnode_exec;
+ mpo_check_vnode_getacl_t mpo_check_vnode_getacl;
+ mpo_check_vnode_getextattr_t mpo_check_vnode_getextattr;
+ mpo_placeholder_t _mpo_placeholder24;
+ mpo_check_vnode_link_t mpo_check_vnode_link;
+ mpo_check_vnode_listextattr_t mpo_check_vnode_listextattr;
+ mpo_check_vnode_lookup_t mpo_check_vnode_lookup;
+ mpo_check_vnode_mmap_t mpo_check_vnode_mmap;
+ mpo_check_vnode_mmap_downgrade_t mpo_check_vnode_mmap_downgrade;
+ mpo_check_vnode_mprotect_t mpo_check_vnode_mprotect;
+ mpo_check_vnode_open_t mpo_check_vnode_open;
+ mpo_check_vnode_poll_t mpo_check_vnode_poll;
+ mpo_check_vnode_read_t mpo_check_vnode_read;
+ mpo_check_vnode_readdir_t mpo_check_vnode_readdir;
+ mpo_check_vnode_readlink_t mpo_check_vnode_readlink;
+ mpo_check_vnode_relabel_t mpo_check_vnode_relabel;
+ mpo_check_vnode_rename_from_t mpo_check_vnode_rename_from;
+ mpo_check_vnode_rename_to_t mpo_check_vnode_rename_to;
+ mpo_check_vnode_revoke_t mpo_check_vnode_revoke;
+ mpo_check_vnode_setacl_t mpo_check_vnode_setacl;
+ mpo_check_vnode_setextattr_t mpo_check_vnode_setextattr;
+ mpo_check_vnode_setflags_t mpo_check_vnode_setflags;
+ mpo_check_vnode_setmode_t mpo_check_vnode_setmode;
+ mpo_check_vnode_setowner_t mpo_check_vnode_setowner;
+ mpo_check_vnode_setutimes_t mpo_check_vnode_setutimes;
+ mpo_check_vnode_stat_t mpo_check_vnode_stat;
+ mpo_check_vnode_unlink_t mpo_check_vnode_unlink;
+ mpo_check_vnode_write_t mpo_check_vnode_write;
+ mpo_associate_nfsd_label_t mpo_associate_nfsd_label;
+ mpo_create_mbuf_from_firewall_t mpo_create_mbuf_from_firewall;
+ mpo_init_syncache_label_t mpo_init_syncache_label;
+ mpo_destroy_syncache_label_t mpo_destroy_syncache_label;
+ mpo_init_syncache_from_inpcb_t mpo_init_syncache_from_inpcb;
+ mpo_create_mbuf_from_syncache_t mpo_create_mbuf_from_syncache;
+ mpo_priv_check_t mpo_priv_check;
+ mpo_priv_grant_t mpo_priv_grant;
+};
+
+/*
+ * struct mac_policy_conf is the registration structure for policies, and is
+ * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
+ * to register the policy. In general, the fields are immutable, with the
+ * exception of the "security field", run-time flags, and policy list entry,
+ * which are managed by the MAC Framework. Be careful when modifying this
+ * structure, as its layout is statically compiled into all policies.
+ */
+struct mac_policy_conf {
+ char *mpc_name; /* policy name */
+ char *mpc_fullname; /* policy full name */
+ struct mac_policy_ops *mpc_ops; /* policy operations */
+ int mpc_loadtime_flags; /* flags */
+ int *mpc_field_off; /* security field */
+ int mpc_runtime_flags; /* flags */
+ LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */
+};
+
+/* Flags for the mpc_loadtime_flags field. */
+#define MPC_LOADTIME_FLAG_NOTLATE 0x00000001
+#define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002
+#define MPC_LOADTIME_FLAG_LABELMBUFS 0x00000004
+
+/* Flags for the mpc_runtime_flags field. */
+#define MPC_RUNTIME_FLAG_REGISTERED 0x00000001
+
+/*-
+ * The TrustedBSD MAC Framework has a major version number, MAC_VERSION,
+ * which defines the ABI of the Framework present in the kernel (and depended
+ * on by policy modules compiled against that kernel). Currently,
+ * MAC_POLICY_SET() requires that the kernel and module ABI version numbers
+ * exactly match. The following major versions have been defined to date:
+ *
+ * MAC version FreeBSD versions
+ * 1 5.x
+ * 2 6.x
+ * 3 7.x
+ */
+#define MAC_VERSION 3
+
+#define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \
+ static struct mac_policy_conf mpname##_mac_policy_conf = { \
+ #mpname, \
+ mpfullname, \
+ mpops, \
+ mpflags, \
+ privdata_wanted, \
+ 0, \
+ }; \
+ static moduledata_t mpname##_mod = { \
+ #mpname, \
+ mac_policy_modevent, \
+ &mpname##_mac_policy_conf \
+ }; \
+ MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION, \
+ MAC_VERSION, MAC_VERSION); \
+ DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \
+ SI_ORDER_MIDDLE)
+
+int mac_policy_modevent(module_t mod, int type, void *data);
+
+/*
+ * Policy interface to map a struct label pointer to per-policy data.
+ * Typically, policies wrap this in their own accessor macro that casts a
+ * uintptr_t to a policy-specific data type.
+ */
+intptr_t mac_label_get(struct label *l, int slot);
+void mac_label_set(struct label *l, int slot, intptr_t v);
+
+#endif /* !_SYS_SECURITY_MAC_MAC_POLICY_H_ */
--- /dev/null
+++ sys/security/mac/mac_framework.h
@@ -0,0 +1,428 @@
+/*-
+ * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.84.2.1 2007/11/06 14:46:58 rwatson Exp $
+ */
+
+/*
+ * Kernel interface for Mandatory Access Control -- how kernel services
+ * interact with the TrustedBSD MAC Framework.
+ */
+
+#ifndef _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_
+#define _SYS_SECURITY_MAC_MAC_FRAMEWORK_H_
+
+#ifndef _KERNEL
+#error "no user-serviceable parts inside"
+#endif
+
+struct auditinfo;
+struct auditinfo_addr;
+struct bpf_d;
+struct cdev;
+struct componentname;
+struct devfs_dirent;
+struct ifnet;
+struct ifreq;
+struct image_params;
+struct inpcb;
+struct ipq;
+struct ksem;
+struct label;
+struct m_tag;
+struct mac;
+struct mbuf;
+struct mount;
+struct msg;
+struct msqid_kernel;
+struct proc;
+struct semid_kernel;
+struct shmid_kernel;
+struct sockaddr;
+struct socket;
+struct sysctl_oid;
+struct sysctl_req;
+struct pipepair;
+struct thread;
+struct timespec;
+struct ucred;
+struct uio;
+struct vattr;
+struct vnode;
+struct vop_setlabel_args;
+
+#include <sys/acl.h> /* XXX acl_type_t */
+
+/*
+ * Kernel functions to manage and evaluate labels.
+ */
+void mac_init_bpfdesc(struct bpf_d *);
+void mac_init_cred(struct ucred *);
+void mac_init_devfs(struct devfs_dirent *);
+void mac_init_ifnet(struct ifnet *);
+int mac_init_inpcb(struct inpcb *, int);
+void mac_init_sysv_msgmsg(struct msg *);
+void mac_init_sysv_msgqueue(struct msqid_kernel *);
+void mac_init_sysv_sem(struct semid_kernel *);
+void mac_init_sysv_shm(struct shmid_kernel *);
+int mac_init_ipq(struct ipq *, int);
+int mac_init_socket(struct socket *, int);
+void mac_init_pipe(struct pipepair *);
+void mac_init_posix_sem(struct ksem *);
+int mac_init_mbuf(struct mbuf *, int);
+int mac_init_mbuf_tag(struct m_tag *, int);
+void mac_init_mount(struct mount *);
+void mac_init_proc(struct proc *);
+void mac_init_vnode(struct vnode *);
+void mac_copy_mbuf(struct mbuf *, struct mbuf *);
+void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
+void mac_copy_vnode_label(struct label *, struct label *);
+void mac_destroy_bpfdesc(struct bpf_d *);
+void mac_destroy_cred(struct ucred *);
+void mac_destroy_devfs(struct devfs_dirent *);
+void mac_destroy_ifnet(struct ifnet *);
+void mac_destroy_inpcb(struct inpcb *);
+void mac_destroy_sysv_msgmsg(struct msg *);
+void mac_destroy_sysv_msgqueue(struct msqid_kernel *);
+void mac_destroy_sysv_sem(struct semid_kernel *);
+void mac_destroy_sysv_shm(struct shmid_kernel *);
+void mac_destroy_ipq(struct ipq *);
+void mac_destroy_socket(struct socket *);
+void mac_destroy_pipe(struct pipepair *);
+void mac_destroy_posix_sem(struct ksem *);
+void mac_destroy_proc(struct proc *);
+void mac_destroy_mbuf_tag(struct m_tag *);
+void mac_destroy_mount(struct mount *);
+void mac_destroy_vnode(struct vnode *);
+
+struct label *mac_cred_label_alloc(void);
+void mac_cred_label_free(struct label *);
+struct label *mac_vnode_label_alloc(void);
+void mac_vnode_label_free(struct label *);
+
+/*
+ * Labeling event operations: file system objects, and things that look a lot
+ * like file system objects.
+ */
+void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
+ struct vnode *vp);
+int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
+void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
+void mac_create_devfs_device(struct ucred *cred, struct mount *mp,
+ struct cdev *dev, struct devfs_dirent *de);
+void mac_create_devfs_directory(struct mount *mp, char *dirname,
+ int dirnamelen, struct devfs_dirent *de);
+void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+ struct devfs_dirent *dd, struct devfs_dirent *de);
+int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
+ struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
+void mac_create_mount(struct ucred *cred, struct mount *mp);
+void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+ struct label *newlabel);
+void mac_update_devfs(struct mount *mp, struct devfs_dirent *de,
+ struct vnode *vp);
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
+void mac_create_socket(struct ucred *cred, struct socket *so);
+void mac_create_socket_from_socket(struct socket *oldso,
+ struct socket *newso);
+void mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so);
+void mac_set_socket_peer_from_socket(struct socket *oldso,
+ struct socket *newso);
+void mac_create_pipe(struct ucred *cred, struct pipepair *pp);
+
+/*
+ * Labeling event operations: System V IPC primitives
+ */
+void mac_create_sysv_msgmsg(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct msg *msgptr);
+void mac_create_sysv_msgqueue(struct ucred *cred,
+ struct msqid_kernel *msqkptr);
+void mac_create_sysv_sem(struct ucred *cred,
+ struct semid_kernel *semakptr);
+void mac_create_sysv_shm(struct ucred *cred,
+ struct shmid_kernel *shmsegptr);
+
+/*
+ * Labeling event operations: POSIX (global/inter-process) semaphores.
+ */
+void mac_create_posix_sem(struct ucred *cred, struct ksem *ks);
+
+/*
+ * Labeling event operations: network objects.
+ */
+void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d);
+void mac_create_ifnet(struct ifnet *ifp);
+void mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp);
+void mac_create_ipq(struct mbuf *m, struct ipq *ipq);
+void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m);
+void mac_create_fragment(struct mbuf *m, struct mbuf *frag);
+void mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m);
+void mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m);
+void mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m);
+void mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m);
+void mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
+ struct mbuf *mnew);
+void mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew);
+int mac_fragment_match(struct mbuf *m, struct ipq *ipq);
+void mac_reflect_mbuf_icmp(struct mbuf *m);
+void mac_reflect_mbuf_tcp(struct mbuf *m);
+void mac_update_ipq(struct mbuf *m, struct ipq *ipq);
+void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
+void mac_create_mbuf_from_firewall(struct mbuf *m);
+void mac_destroy_syncache(struct label **l);
+int mac_init_syncache(struct label **l);
+void mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp);
+void mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m);
+
+/*
+ * Labeling event operations: processes.
+ */
+void mac_copy_cred(struct ucred *cr1, struct ucred *cr2);
+int mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
+void mac_execve_exit(struct image_params *imgp);
+void mac_execve_transition(struct ucred *oldcred, struct ucred *newcred,
+ struct vnode *vp, struct label *interpvnodelabel,
+ struct image_params *imgp);
+int mac_execve_will_transition(struct ucred *cred, struct vnode *vp,
+ struct label *interpvnodelabel, struct image_params *imgp);
+void mac_create_proc0(struct ucred *cred);
+void mac_create_proc1(struct ucred *cred);
+void mac_thread_userret(struct thread *td);
+
+/*
+ * Label cleanup operation: This is the inverse complement for the mac_create
+ * and associate type of hooks. This hook lets the policy module(s) perform a
+ * cleanup/flushing operation on the label associated with the objects,
+ * without freeing up the space allocated. This hook is useful in cases
+ * where it is desirable to remove any labeling reference when recycling any
+ * object to a pool. This hook does not replace the mac_destroy hooks.
+ *
+ * XXXRW: These object methods are inconsistent with the life cycles of other
+ * objects, and likely should be revised to be more consistent.
+ */
+void mac_cleanup_sysv_msgmsg(struct msg *msgptr);
+void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr);
+void mac_cleanup_sysv_sem(struct semid_kernel *semakptr);
+void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr);
+
+/*
+ * Access control checks.
+ */
+int mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp);
+int mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2);
+int mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m);
+int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
+int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
+ struct msqid_kernel *msqkptr);
+int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr);
+int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr);
+int mac_check_sysv_msqget(struct ucred *cred,
+ struct msqid_kernel *msqkptr);
+int mac_check_sysv_msqsnd(struct ucred *cred,
+ struct msqid_kernel *msqkptr);
+int mac_check_sysv_msqrcv(struct ucred *cred,
+ struct msqid_kernel *msqkptr);
+int mac_check_sysv_msqctl(struct ucred *cred,
+ struct msqid_kernel *msqkptr, int cmd);
+int mac_check_sysv_semctl(struct ucred *cred,
+ struct semid_kernel *semakptr, int cmd);
+int mac_check_sysv_semget(struct ucred *cred,
+ struct semid_kernel *semakptr);
+int mac_check_sysv_semop(struct ucred *cred,struct semid_kernel *semakptr,
+ size_t accesstype);
+int mac_check_sysv_shmat(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, int shmflg);
+int mac_check_sysv_shmctl(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, int cmd);
+int mac_check_sysv_shmdt(struct ucred *cred,
+ struct shmid_kernel *shmsegptr);
+int mac_check_sysv_shmget(struct ucred *cred,
+ struct shmid_kernel *shmsegptr, int shmflg);
+int mac_check_kenv_dump(struct ucred *cred);
+int mac_check_kenv_get(struct ucred *cred, char *name);
+int mac_check_kenv_set(struct ucred *cred, char *name, char *value);
+int mac_check_kenv_unset(struct ucred *cred, char *name);
+int mac_check_kld_load(struct ucred *cred, struct vnode *vp);
+int mac_check_kld_stat(struct ucred *cred);
+int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
+int mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
+ unsigned long cmd, void *data);
+int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp);
+int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp);
+int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp);
+int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp);
+int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks);
+int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ks);
+int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ks);
+int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ks);
+int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks);
+int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ks);
+int mac_check_proc_debug(struct ucred *cred, struct proc *p);
+int mac_check_proc_sched(struct ucred *cred, struct proc *p);
+int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
+int mac_check_proc_setaudit_addr(struct ucred *cred,
+ struct auditinfo_addr *aia);
+int mac_check_proc_setauid(struct ucred *cred, uid_t auid);
+int mac_check_proc_setuid(struct proc *p, struct ucred *cred,
+ uid_t uid);
+int mac_check_proc_seteuid(struct proc *p, struct ucred *cred,
+ uid_t euid);
+int mac_check_proc_setgid(struct proc *p, struct ucred *cred,
+ gid_t gid);
+int mac_check_proc_setegid(struct proc *p, struct ucred *cred,
+ gid_t egid);
+int mac_check_proc_setgroups(struct proc *p, struct ucred *cred,
+ int ngroups, gid_t *gidset);
+int mac_check_proc_setreuid(struct proc *p, struct ucred *cred,
+ uid_t ruid, uid_t euid);
+int mac_check_proc_setregid(struct proc *p, struct ucred *cred,
+ gid_t rgid, gid_t egid);
+int mac_check_proc_setresuid(struct proc *p, struct ucred *cred,
+ uid_t ruid, uid_t euid, uid_t suid);
+int mac_check_proc_setresgid(struct proc *p, struct ucred *cred,
+ gid_t rgid, gid_t egid, gid_t sgid);
+int mac_check_proc_signal(struct ucred *cred, struct proc *p,
+ int signum);
+int mac_check_proc_wait(struct ucred *cred, struct proc *p);
+int mac_check_socket_accept(struct ucred *cred, struct socket *so);
+int mac_check_socket_bind(struct ucred *cred, struct socket *so,
+ struct sockaddr *sa);
+int mac_check_socket_connect(struct ucred *cred, struct socket *so,
+ struct sockaddr *sa);
+int mac_check_socket_create(struct ucred *cred, int domain, int type,
+ int proto);
+int mac_check_socket_deliver(struct socket *so, struct mbuf *m);
+int mac_check_socket_listen(struct ucred *cred, struct socket *so);
+int mac_check_socket_poll(struct ucred *cred, struct socket *so);
+int mac_check_socket_receive(struct ucred *cred, struct socket *so);
+int mac_check_socket_send(struct ucred *cred, struct socket *so);
+int mac_check_socket_stat(struct ucred *cred, struct socket *so);
+int mac_check_socket_visible(struct ucred *cred, struct socket *so);
+int mac_check_system_acct(struct ucred *cred, struct vnode *vp);
+int mac_check_system_audit(struct ucred *cred, void *record, int length);
+int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
+int mac_check_system_auditon(struct ucred *cred, int cmd);
+int mac_check_system_reboot(struct ucred *cred, int howto);
+int mac_check_system_swapon(struct ucred *cred, struct vnode *vp);
+int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp);
+int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+ void *arg1, int arg2, struct sysctl_req *req);
+int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
+ int acc_mode);
+int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
+int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp, struct vattr *vap);
+int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name);
+int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+ struct image_params *imgp);
+int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type);
+int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace);
+int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+ struct componentname *cnp);
+int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot,
+ int flags);
+int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
+ int prot);
+int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
+ int acc_mode);
+int mac_check_vnode_poll(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp);
+int mac_check_vnode_read(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp);
+int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, int samedir, struct componentname *cnp);
+int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
+int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type, struct acl *acl);
+int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio);
+int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+ u_long flags);
+int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+ mode_t mode);
+int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+ uid_t uid, gid_t gid);
+int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+ struct timespec atime, struct timespec mtime);
+int mac_check_vnode_stat(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp);
+int mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp);
+int mac_check_vnode_write(struct ucred *active_cred,
+ struct ucred *file_cred, struct vnode *vp);
+int mac_getsockopt_label(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifp);
+int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+ struct ifnet *ifp);
+int mac_setsockopt_label(struct ucred *cred, struct socket *so,
+ struct mac *extmac);
+int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
+ struct label *label);
+void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
+void mac_associate_nfsd_label(struct ucred *cred);
+int mac_priv_check(struct ucred *cred, int priv);
+int mac_priv_grant(struct ucred *cred, int priv);
+
+/*
+ * Calls to help various file systems implement labeling functionality using
+ * their existing EA implementation.
+ */
+int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);
+
+#endif /* !_SYS_SECURITY_MAC_MAC_FRAMEWORK_H_ */
--- /dev/null
+++ sys/security/mac/mac_audit.c
@@ -0,0 +1,111 @@
+/*-
+ * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 2001 Ilmar S. Habibulin
+ * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ *
+ * This software was developed by Robert Watson and Ilmar Habibulin for the
+ * TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/security/mac/mac_audit.c,v 1.2 2007/06/26 14:14:01 rwatson Exp $
+ */
+
+#include <sys/param.h>
+#include <sys/module.h>
+#include <sys/vnode.h>
+
+#include <security/audit/audit.h>
+
+#include <security/mac/mac_framework.h>
+#include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
+
+int
+mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+ int error;
+
+ MAC_CHECK(check_proc_setaudit, cred, ai);
+
+ return (error);
+}
+
+int
+mac_check_proc_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia)
+{
+ int error;
+
+ MAC_CHECK(check_proc_setaudit_addr, cred, aia);
+
+ return (error);
+}
+
+int
+mac_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+ int error;
+
+ MAC_CHECK(check_proc_setauid, cred, auid);
+
+ return (error);
+}
+
+int
+mac_check_system_audit(struct ucred *cred, void *record, int length)
+{
+ int error;
+
+ MAC_CHECK(check_system_audit, cred, record, length);
+
+ return (error);
+}
+
+int
+mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
+{
+ int error;
+ struct label *vl;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
+
+ vl = (vp != NULL) ? vp->v_label : NULL;
+
+ MAC_CHECK(check_system_auditctl, cred, vp, vl);
+
+ return (error);
+}
+
+int
+mac_check_system_auditon(struct ucred *cred, int cmd)
+{
+ int error;
+
+ MAC_CHECK(check_system_auditon, cred, cmd);
+
+ return (error);
+}
More information about the Midnightbsd-cvs
mailing list