18e38aeffSJohn Baldwin /*-
28e38aeffSJohn Baldwin * Copyright (c) 2003-2006 SPARTA, Inc.
39b6dd12eSRobert Watson * Copyright (c) 2009-2011 Robert N. M. Watson
48e38aeffSJohn Baldwin * All rights reserved.
58e38aeffSJohn Baldwin *
68e38aeffSJohn Baldwin * This software was developed for the FreeBSD Project in part by Network
78e38aeffSJohn Baldwin * Associates Laboratories, the Security Research Division of Network
88e38aeffSJohn Baldwin * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
98e38aeffSJohn Baldwin * as part of the DARPA CHATS research program.
108e38aeffSJohn Baldwin *
118e38aeffSJohn Baldwin * This software was enhanced by SPARTA ISSO under SPAWAR contract
122087a58cSRobert Watson * N66001-04-C-6019 ("SEFOS"). *
132087a58cSRobert Watson *
142087a58cSRobert Watson * This software was developed at the University of Cambridge Computer
152087a58cSRobert Watson * Laboratory with support from a grant from Google, Inc.
168e38aeffSJohn Baldwin *
178e38aeffSJohn Baldwin * Redistribution and use in source and binary forms, with or without
188e38aeffSJohn Baldwin * modification, are permitted provided that the following conditions
198e38aeffSJohn Baldwin * are met:
208e38aeffSJohn Baldwin * 1. Redistributions of source code must retain the above copyright
218e38aeffSJohn Baldwin * notice, this list of conditions and the following disclaimer.
228e38aeffSJohn Baldwin * 2. Redistributions in binary form must reproduce the above copyright
238e38aeffSJohn Baldwin * notice, this list of conditions and the following disclaimer in the
248e38aeffSJohn Baldwin * documentation and/or other materials provided with the distribution.
258e38aeffSJohn Baldwin *
268e38aeffSJohn Baldwin * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
278e38aeffSJohn Baldwin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
288e38aeffSJohn Baldwin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
298e38aeffSJohn Baldwin * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
308e38aeffSJohn Baldwin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
318e38aeffSJohn Baldwin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
328e38aeffSJohn Baldwin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
338e38aeffSJohn Baldwin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
348e38aeffSJohn Baldwin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
358e38aeffSJohn Baldwin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
368e38aeffSJohn Baldwin * SUCH DAMAGE.
378e38aeffSJohn Baldwin */
388e38aeffSJohn Baldwin
398e38aeffSJohn Baldwin #include <sys/cdefs.h>
408e38aeffSJohn Baldwin #include "opt_mac.h"
418e38aeffSJohn Baldwin
428e38aeffSJohn Baldwin #include <sys/param.h>
438e38aeffSJohn Baldwin #include <sys/kernel.h>
448e38aeffSJohn Baldwin #include <sys/mman.h>
458e38aeffSJohn Baldwin #include <sys/malloc.h>
468e38aeffSJohn Baldwin #include <sys/module.h>
472087a58cSRobert Watson #include <sys/sdt.h>
488e38aeffSJohn Baldwin #include <sys/systm.h>
498e38aeffSJohn Baldwin #include <sys/sysctl.h>
508e38aeffSJohn Baldwin
518e38aeffSJohn Baldwin #include <security/mac/mac_framework.h>
528e38aeffSJohn Baldwin #include <security/mac/mac_internal.h>
538e38aeffSJohn Baldwin #include <security/mac/mac_policy.h>
548e38aeffSJohn Baldwin
558e38aeffSJohn Baldwin static struct label *
mac_posixshm_label_alloc(void)568e38aeffSJohn Baldwin mac_posixshm_label_alloc(void)
578e38aeffSJohn Baldwin {
588e38aeffSJohn Baldwin struct label *label;
598e38aeffSJohn Baldwin
608e38aeffSJohn Baldwin label = mac_labelzone_alloc(M_WAITOK);
61fa765671SRobert Watson MAC_POLICY_PERFORM(posixshm_init_label, label);
628e38aeffSJohn Baldwin return (label);
638e38aeffSJohn Baldwin }
648e38aeffSJohn Baldwin
658e38aeffSJohn Baldwin void
mac_posixshm_init(struct shmfd * shmfd)668e38aeffSJohn Baldwin mac_posixshm_init(struct shmfd *shmfd)
678e38aeffSJohn Baldwin {
688e38aeffSJohn Baldwin
696356dba0SRobert Watson if (mac_labeled & MPC_OBJECT_POSIXSHM)
708e38aeffSJohn Baldwin shmfd->shm_label = mac_posixshm_label_alloc();
716356dba0SRobert Watson else
726356dba0SRobert Watson shmfd->shm_label = NULL;
738e38aeffSJohn Baldwin }
748e38aeffSJohn Baldwin
758e38aeffSJohn Baldwin static void
mac_posixshm_label_free(struct label * label)768e38aeffSJohn Baldwin mac_posixshm_label_free(struct label *label)
778e38aeffSJohn Baldwin {
788e38aeffSJohn Baldwin
79fa765671SRobert Watson MAC_POLICY_PERFORM_NOSLEEP(posixshm_destroy_label, label);
808e38aeffSJohn Baldwin mac_labelzone_free(label);
818e38aeffSJohn Baldwin }
828e38aeffSJohn Baldwin
838e38aeffSJohn Baldwin void
mac_posixshm_destroy(struct shmfd * shmfd)848e38aeffSJohn Baldwin mac_posixshm_destroy(struct shmfd *shmfd)
858e38aeffSJohn Baldwin {
868e38aeffSJohn Baldwin
876356dba0SRobert Watson if (shmfd->shm_label != NULL) {
888e38aeffSJohn Baldwin mac_posixshm_label_free(shmfd->shm_label);
898e38aeffSJohn Baldwin shmfd->shm_label = NULL;
908e38aeffSJohn Baldwin }
916356dba0SRobert Watson }
928e38aeffSJohn Baldwin
938e38aeffSJohn Baldwin void
mac_posixshm_create(struct ucred * cred,struct shmfd * shmfd)948e38aeffSJohn Baldwin mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd)
958e38aeffSJohn Baldwin {
968e38aeffSJohn Baldwin
97fa765671SRobert Watson MAC_POLICY_PERFORM_NOSLEEP(posixshm_create, cred, shmfd,
98fa765671SRobert Watson shmfd->shm_label);
998e38aeffSJohn Baldwin }
1008e38aeffSJohn Baldwin
1019b6dd12eSRobert Watson MAC_CHECK_PROBE_DEFINE2(posixshm_check_create, "struct ucred *",
1029b6dd12eSRobert Watson "const char *");
1039b6dd12eSRobert Watson
1049b6dd12eSRobert Watson int
mac_posixshm_check_create(struct ucred * cred,const char * path)1059b6dd12eSRobert Watson mac_posixshm_check_create(struct ucred *cred, const char *path)
1069b6dd12eSRobert Watson {
1079b6dd12eSRobert Watson int error;
1089b6dd12eSRobert Watson
1099b6dd12eSRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_create, cred, path);
1109b6dd12eSRobert Watson MAC_CHECK_PROBE2(posixshm_check_create, error, cred, path);
1119b6dd12eSRobert Watson
1129b6dd12eSRobert Watson return (error);
1139b6dd12eSRobert Watson }
1149b6dd12eSRobert Watson
1152087a58cSRobert Watson MAC_CHECK_PROBE_DEFINE4(posixshm_check_mmap, "struct ucred *",
1162087a58cSRobert Watson "struct shmfd *", "int", "int");
1172087a58cSRobert Watson
1188e38aeffSJohn Baldwin int
mac_posixshm_check_mmap(struct ucred * cred,struct shmfd * shmfd,int prot,int flags)1198e38aeffSJohn Baldwin mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, int prot,
1208e38aeffSJohn Baldwin int flags)
1218e38aeffSJohn Baldwin {
1228e38aeffSJohn Baldwin int error;
1238e38aeffSJohn Baldwin
124fa765671SRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_mmap, cred, shmfd,
125fa765671SRobert Watson shmfd->shm_label, prot, flags);
1262087a58cSRobert Watson MAC_CHECK_PROBE4(posixshm_check_mmap, error, cred, shmfd, prot,
1272087a58cSRobert Watson flags);
1288e38aeffSJohn Baldwin
1298e38aeffSJohn Baldwin return (error);
1308e38aeffSJohn Baldwin }
1318e38aeffSJohn Baldwin
1329b6dd12eSRobert Watson MAC_CHECK_PROBE_DEFINE3(posixshm_check_open, "struct ucred *",
13392c6196cSMark Johnston "struct shmfd *", "accmode_t");
1342087a58cSRobert Watson
1358e38aeffSJohn Baldwin int
mac_posixshm_check_open(struct ucred * cred,struct shmfd * shmfd,accmode_t accmode)1369b6dd12eSRobert Watson mac_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
1379b6dd12eSRobert Watson accmode_t accmode)
1388e38aeffSJohn Baldwin {
1398e38aeffSJohn Baldwin int error;
1408e38aeffSJohn Baldwin
141fa765671SRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_open, cred, shmfd,
1429b6dd12eSRobert Watson shmfd->shm_label, accmode);
1439b6dd12eSRobert Watson MAC_CHECK_PROBE3(posixshm_check_open, error, cred, shmfd, accmode);
1448e38aeffSJohn Baldwin
1458e38aeffSJohn Baldwin return (error);
1468e38aeffSJohn Baldwin }
1478e38aeffSJohn Baldwin
1482087a58cSRobert Watson MAC_CHECK_PROBE_DEFINE3(posixshm_check_stat, "struct ucred *",
1492087a58cSRobert Watson "struct ucred *", "struct shmfd *");
1502087a58cSRobert Watson
1518e38aeffSJohn Baldwin int
mac_posixshm_check_stat(struct ucred * active_cred,struct ucred * file_cred,struct shmfd * shmfd)1528e38aeffSJohn Baldwin mac_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred,
1538e38aeffSJohn Baldwin struct shmfd *shmfd)
1548e38aeffSJohn Baldwin {
1558e38aeffSJohn Baldwin int error;
1568e38aeffSJohn Baldwin
157fa765671SRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_stat, active_cred, file_cred,
158fa765671SRobert Watson shmfd, shmfd->shm_label);
1592087a58cSRobert Watson MAC_CHECK_PROBE3(posixshm_check_stat, error, active_cred, file_cred,
1602087a58cSRobert Watson shmfd);
1618e38aeffSJohn Baldwin
1628e38aeffSJohn Baldwin return (error);
1638e38aeffSJohn Baldwin }
1648e38aeffSJohn Baldwin
1652087a58cSRobert Watson MAC_CHECK_PROBE_DEFINE3(posixshm_check_truncate, "struct ucred *",
1662087a58cSRobert Watson "struct ucred *", "struct shmfd *");
1672087a58cSRobert Watson
1688e38aeffSJohn Baldwin int
mac_posixshm_check_truncate(struct ucred * active_cred,struct ucred * file_cred,struct shmfd * shmfd)1698e38aeffSJohn Baldwin mac_posixshm_check_truncate(struct ucred *active_cred, struct ucred *file_cred,
1708e38aeffSJohn Baldwin struct shmfd *shmfd)
1718e38aeffSJohn Baldwin {
1728e38aeffSJohn Baldwin int error;
1738e38aeffSJohn Baldwin
174fa765671SRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_truncate, active_cred,
175fa765671SRobert Watson file_cred, shmfd, shmfd->shm_label);
1762087a58cSRobert Watson MAC_CHECK_PROBE3(posixshm_check_truncate, error, active_cred,
1772087a58cSRobert Watson file_cred, shmfd);
1788e38aeffSJohn Baldwin
1798e38aeffSJohn Baldwin return (error);
1808e38aeffSJohn Baldwin }
1818e38aeffSJohn Baldwin
1822087a58cSRobert Watson MAC_CHECK_PROBE_DEFINE2(posixshm_check_unlink, "struct ucred *",
1832087a58cSRobert Watson "struct shmfd *");
1842087a58cSRobert Watson
1858e38aeffSJohn Baldwin int
mac_posixshm_check_unlink(struct ucred * cred,struct shmfd * shmfd)1868e38aeffSJohn Baldwin mac_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd)
1878e38aeffSJohn Baldwin {
1888e38aeffSJohn Baldwin int error;
1898e38aeffSJohn Baldwin
190fa765671SRobert Watson MAC_POLICY_CHECK_NOSLEEP(posixshm_check_unlink, cred, shmfd,
19140202729SRobert Watson shmfd->shm_label);
1922087a58cSRobert Watson MAC_CHECK_PROBE2(posixshm_check_unlink, error, cred, shmfd);
1938e38aeffSJohn Baldwin
1948e38aeffSJohn Baldwin return (error);
1958e38aeffSJohn Baldwin }
1969c00bb91SKonstantin Belousov
1979c00bb91SKonstantin Belousov MAC_CHECK_PROBE_DEFINE3(posixshm_check_setmode, "struct ucred *",
1989c00bb91SKonstantin Belousov "struct shmfd *", "mode_t");
1999c00bb91SKonstantin Belousov
2009c00bb91SKonstantin Belousov int
mac_posixshm_check_setmode(struct ucred * cred,struct shmfd * shmfd,mode_t mode)2019c00bb91SKonstantin Belousov mac_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, mode_t mode)
2029c00bb91SKonstantin Belousov {
2039c00bb91SKonstantin Belousov int error;
2049c00bb91SKonstantin Belousov
2059c00bb91SKonstantin Belousov MAC_POLICY_CHECK_NOSLEEP(posixshm_check_setmode, cred, shmfd,
2069c00bb91SKonstantin Belousov shmfd->shm_label, mode);
2079c00bb91SKonstantin Belousov MAC_CHECK_PROBE3(posixshm_check_setmode, error, cred, shmfd, mode);
2089c00bb91SKonstantin Belousov
2099c00bb91SKonstantin Belousov return (error);
2109c00bb91SKonstantin Belousov }
2119c00bb91SKonstantin Belousov
2129c00bb91SKonstantin Belousov MAC_CHECK_PROBE_DEFINE4(posixshm_check_setowner, "struct ucred *",
2139c00bb91SKonstantin Belousov "struct shmfd *", "uid_t", "gid_t");
2149c00bb91SKonstantin Belousov
2159c00bb91SKonstantin Belousov int
mac_posixshm_check_setowner(struct ucred * cred,struct shmfd * shmfd,uid_t uid,gid_t gid)2169c00bb91SKonstantin Belousov mac_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, uid_t uid,
2179c00bb91SKonstantin Belousov gid_t gid)
2189c00bb91SKonstantin Belousov {
2199c00bb91SKonstantin Belousov int error;
2209c00bb91SKonstantin Belousov
2219c00bb91SKonstantin Belousov MAC_POLICY_CHECK_NOSLEEP(posixshm_check_setowner, cred, shmfd,
2229c00bb91SKonstantin Belousov shmfd->shm_label, uid, gid);
2239c00bb91SKonstantin Belousov MAC_CHECK_PROBE4(posixshm_check_setowner, error, cred, shmfd,
2249c00bb91SKonstantin Belousov uid, gid);
2259c00bb91SKonstantin Belousov
2269c00bb91SKonstantin Belousov return (error);
2279c00bb91SKonstantin Belousov }
228940cb0e2SKonstantin Belousov
229940cb0e2SKonstantin Belousov MAC_CHECK_PROBE_DEFINE3(posixshm_check_read, "struct ucred *",
230940cb0e2SKonstantin Belousov "struct ucred *", "struct shmfd *");
231940cb0e2SKonstantin Belousov
232940cb0e2SKonstantin Belousov int
mac_posixshm_check_read(struct ucred * active_cred,struct ucred * file_cred,struct shmfd * shmfd)233940cb0e2SKonstantin Belousov mac_posixshm_check_read(struct ucred *active_cred, struct ucred *file_cred,
234940cb0e2SKonstantin Belousov struct shmfd *shmfd)
235940cb0e2SKonstantin Belousov {
236940cb0e2SKonstantin Belousov int error;
237940cb0e2SKonstantin Belousov
238940cb0e2SKonstantin Belousov MAC_POLICY_CHECK_NOSLEEP(posixshm_check_read, active_cred,
239940cb0e2SKonstantin Belousov file_cred, shmfd, shmfd->shm_label);
240940cb0e2SKonstantin Belousov MAC_CHECK_PROBE3(posixshm_check_read, error, active_cred,
241940cb0e2SKonstantin Belousov file_cred, shmfd);
242940cb0e2SKonstantin Belousov
243940cb0e2SKonstantin Belousov return (error);
244940cb0e2SKonstantin Belousov }
245940cb0e2SKonstantin Belousov
246940cb0e2SKonstantin Belousov MAC_CHECK_PROBE_DEFINE3(posixshm_check_write, "struct ucred *",
247940cb0e2SKonstantin Belousov "struct ucred *", "struct shmfd *");
248940cb0e2SKonstantin Belousov
249940cb0e2SKonstantin Belousov int
mac_posixshm_check_write(struct ucred * active_cred,struct ucred * file_cred,struct shmfd * shmfd)250940cb0e2SKonstantin Belousov mac_posixshm_check_write(struct ucred *active_cred, struct ucred *file_cred,
251940cb0e2SKonstantin Belousov struct shmfd *shmfd)
252940cb0e2SKonstantin Belousov {
253940cb0e2SKonstantin Belousov int error;
254940cb0e2SKonstantin Belousov
255940cb0e2SKonstantin Belousov MAC_POLICY_CHECK_NOSLEEP(posixshm_check_write, active_cred,
256940cb0e2SKonstantin Belousov file_cred, shmfd, shmfd->shm_label);
257940cb0e2SKonstantin Belousov MAC_CHECK_PROBE3(posixshm_check_write, error, active_cred,
258940cb0e2SKonstantin Belousov file_cred, shmfd);
259940cb0e2SKonstantin Belousov
260940cb0e2SKonstantin Belousov return (error);
261940cb0e2SKonstantin Belousov }
262