1 /*- 2 * Copyright (c) 1999-2002, 2008 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2005 Samy Al Bahra 6 * Copyright (c) 2006 SPARTA, Inc. 7 * Copyright (c) 2008 Apple Inc. 8 * All rights reserved. 9 * 10 * This software was developed by Robert Watson and Ilmar Habibulin for the 11 * TrustedBSD Project. 12 * 13 * This software was developed for the FreeBSD Project in part by Network 14 * Associates Laboratories, the Security Research Division of Network 15 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 16 * as part of the DARPA CHATS research program. 17 * 18 * This software was enhanced by SPARTA ISSO under SPAWAR contract 19 * N66001-04-C-6019 ("SEFOS"). 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include "opt_mac.h" 47 48 #include <sys/param.h> 49 #include <sys/condvar.h> 50 #include <sys/imgact.h> 51 #include <sys/kernel.h> 52 #include <sys/lock.h> 53 #include <sys/malloc.h> 54 #include <sys/mutex.h> 55 #include <sys/mac.h> 56 #include <sys/proc.h> 57 #include <sys/sbuf.h> 58 #include <sys/systm.h> 59 #include <sys/vnode.h> 60 #include <sys/mount.h> 61 #include <sys/file.h> 62 #include <sys/namei.h> 63 #include <sys/sysctl.h> 64 65 #include <vm/vm.h> 66 #include <vm/pmap.h> 67 #include <vm/vm_map.h> 68 #include <vm/vm_object.h> 69 70 #include <security/mac/mac_framework.h> 71 #include <security/mac/mac_internal.h> 72 #include <security/mac/mac_policy.h> 73 74 struct label * 75 mac_cred_label_alloc(void) 76 { 77 struct label *label; 78 79 label = mac_labelzone_alloc(M_WAITOK); 80 MAC_PERFORM(cred_init_label, label); 81 return (label); 82 } 83 84 void 85 mac_cred_init(struct ucred *cred) 86 { 87 88 if (mac_labeled & MPC_OBJECT_CRED) 89 cred->cr_label = mac_cred_label_alloc(); 90 else 91 cred->cr_label = NULL; 92 } 93 94 void 95 mac_cred_label_free(struct label *label) 96 { 97 98 MAC_PERFORM(cred_destroy_label, label); 99 mac_labelzone_free(label); 100 } 101 102 void 103 mac_cred_destroy(struct ucred *cred) 104 { 105 106 if (cred->cr_label != NULL) { 107 mac_cred_label_free(cred->cr_label); 108 cred->cr_label = NULL; 109 } 110 } 111 112 /* 113 * When a thread becomes an NFS server daemon, its credential may need to be 114 * updated to reflect this so that policies can recognize when file system 115 * operations originate from the network. 116 * 117 * At some point, it would be desirable if the credential used for each NFS 118 * RPC could be set based on the RPC context (i.e., source system, etc) to 119 * provide more fine-grained access control. 120 */ 121 void 122 mac_cred_associate_nfsd(struct ucred *cred) 123 { 124 125 MAC_PERFORM(cred_associate_nfsd, cred); 126 } 127 128 /* 129 * Initialize MAC label for the first kernel process, from which other kernel 130 * processes and threads are spawned. 131 */ 132 void 133 mac_cred_create_swapper(struct ucred *cred) 134 { 135 136 MAC_PERFORM(cred_create_swapper, cred); 137 } 138 139 /* 140 * Initialize MAC label for the first userland process, from which other 141 * userland processes and threads are spawned. 142 */ 143 void 144 mac_cred_create_init(struct ucred *cred) 145 { 146 147 MAC_PERFORM(cred_create_init, cred); 148 } 149 150 int 151 mac_cred_externalize_label(struct label *label, char *elements, 152 char *outbuf, size_t outbuflen) 153 { 154 int error; 155 156 MAC_EXTERNALIZE(cred, label, elements, outbuf, outbuflen); 157 158 return (error); 159 } 160 161 int 162 mac_cred_internalize_label(struct label *label, char *string) 163 { 164 int error; 165 166 MAC_INTERNALIZE(cred, label, string); 167 168 return (error); 169 } 170 171 /* 172 * When a new process is created, its label must be initialized. Generally, 173 * this involves inheritence from the parent process, modulo possible deltas. 174 * This function allows that processing to take place. 175 */ 176 void 177 mac_cred_copy(struct ucred *src, struct ucred *dest) 178 { 179 180 MAC_PERFORM(cred_copy_label, src->cr_label, dest->cr_label); 181 } 182 183 /* 184 * When the subject's label changes, it may require revocation of privilege 185 * to mapped objects. This can't be done on-the-fly later with a unified 186 * buffer cache. 187 */ 188 void 189 mac_cred_relabel(struct ucred *cred, struct label *newlabel) 190 { 191 192 MAC_PERFORM(cred_relabel, cred, newlabel); 193 } 194 195 int 196 mac_cred_check_relabel(struct ucred *cred, struct label *newlabel) 197 { 198 int error; 199 200 MAC_CHECK(cred_check_relabel, cred, newlabel); 201 202 return (error); 203 } 204 205 int 206 mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2) 207 { 208 int error; 209 210 MAC_CHECK(cred_check_visible, cr1, cr2); 211 212 return (error); 213 } 214