1eca8a663SRobert Watson /*- 239cfa591SRobert Watson * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3eca8a663SRobert Watson * All rights reserved. 4eca8a663SRobert Watson * 5eca8a663SRobert Watson * This software was developed for the FreeBSD Project in part by Network 6eca8a663SRobert Watson * Associates Laboratories, the Security Research Division of Network 7eca8a663SRobert Watson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 8eca8a663SRobert Watson * as part of the DARPA CHATS research program. 9eca8a663SRobert Watson * 10eca8a663SRobert Watson * Redistribution and use in source and binary forms, with or without 11eca8a663SRobert Watson * modification, are permitted provided that the following conditions 12eca8a663SRobert Watson * are met: 13eca8a663SRobert Watson * 1. Redistributions of source code must retain the above copyright 14eca8a663SRobert Watson * notice, this list of conditions and the following disclaimer. 15eca8a663SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 16eca8a663SRobert Watson * notice, this list of conditions and the following disclaimer in the 17eca8a663SRobert Watson * documentation and/or other materials provided with the distribution. 18eca8a663SRobert Watson * 19eca8a663SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20eca8a663SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21eca8a663SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22eca8a663SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23eca8a663SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24eca8a663SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25eca8a663SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26eca8a663SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27eca8a663SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28eca8a663SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29eca8a663SRobert Watson * SUCH DAMAGE. 30eca8a663SRobert Watson */ 31eca8a663SRobert Watson 32eca8a663SRobert Watson #include <sys/cdefs.h> 33eca8a663SRobert Watson __FBSDID("$FreeBSD$"); 34eca8a663SRobert Watson 35eca8a663SRobert Watson #include "opt_mac.h" 36eca8a663SRobert Watson 37eca8a663SRobert Watson #include <sys/param.h> 38eca8a663SRobert Watson #include <sys/mac.h> 39eca8a663SRobert Watson #include <sys/sysctl.h> 40eca8a663SRobert Watson #include <sys/systm.h> 41eca8a663SRobert Watson 42eca8a663SRobert Watson #include <vm/uma.h> 43eca8a663SRobert Watson 44aed55708SRobert Watson #include <security/mac/mac_framework.h> 45eca8a663SRobert Watson #include <security/mac/mac_internal.h> 46eca8a663SRobert Watson 475c700f29SRobert Watson /* 48d5fb913fSRobert Watson * zone_label is the UMA zone from which most labels are allocated. Label 495c700f29SRobert Watson * structures are initialized to zero bytes so that policies see a NULL/0 505c700f29SRobert Watson * slot on first use, even if the policy is loaded after the label is 515c700f29SRobert Watson * allocated for an object. 525c700f29SRobert Watson */ 535c700f29SRobert Watson static uma_zone_t zone_label; 54eca8a663SRobert Watson 55b23f72e9SBrian Feldman static int mac_labelzone_ctor(void *mem, int size, void *arg, int flags); 56eca8a663SRobert Watson static void mac_labelzone_dtor(void *mem, int size, void *arg); 57eca8a663SRobert Watson 58eca8a663SRobert Watson void 59eca8a663SRobert Watson mac_labelzone_init(void) 60eca8a663SRobert Watson { 61eca8a663SRobert Watson 62eca8a663SRobert Watson zone_label = uma_zcreate("MAC labels", sizeof(struct label), 63eca8a663SRobert Watson mac_labelzone_ctor, mac_labelzone_dtor, NULL, NULL, 64eca8a663SRobert Watson UMA_ALIGN_PTR, 0); 65eca8a663SRobert Watson } 66eca8a663SRobert Watson 67d5fb913fSRobert Watson /* 68d5fb913fSRobert Watson * mac_init_label() and mac_destroy_label() are exported so that they can be 69d5fb913fSRobert Watson * used in mbuf tag initialization, where labels are not slab allocated from 70d5fb913fSRobert Watson * the zone_label zone. 71d5fb913fSRobert Watson */ 72d5fb913fSRobert Watson void 73d5fb913fSRobert Watson mac_init_label(struct label *label) 74d5fb913fSRobert Watson { 75d5fb913fSRobert Watson 76d5fb913fSRobert Watson bzero(label, sizeof(*label)); 77d5fb913fSRobert Watson label->l_flags = MAC_FLAG_INITIALIZED; 78d5fb913fSRobert Watson } 79d5fb913fSRobert Watson 80d5fb913fSRobert Watson void 81d5fb913fSRobert Watson mac_destroy_label(struct label *label) 82d5fb913fSRobert Watson { 83d5fb913fSRobert Watson 84d5fb913fSRobert Watson KASSERT(label->l_flags & MAC_FLAG_INITIALIZED, 85d5fb913fSRobert Watson ("destroying uninitialized label")); 86d5fb913fSRobert Watson 87d5fb913fSRobert Watson #ifdef DIAGNOSTIC 88d5fb913fSRobert Watson bzero(label, sizeof(*label)); 89d5fb913fSRobert Watson #else 90d5fb913fSRobert Watson label->l_flags &= ~MAC_FLAG_INITIALIZED; 91d5fb913fSRobert Watson #endif 92d5fb913fSRobert Watson } 93d5fb913fSRobert Watson 94d5fb913fSRobert Watson 95b23f72e9SBrian Feldman static int 96b23f72e9SBrian Feldman mac_labelzone_ctor(void *mem, int size, void *arg, int flags) 97eca8a663SRobert Watson { 98eca8a663SRobert Watson struct label *label; 99eca8a663SRobert Watson 100eca8a663SRobert Watson KASSERT(size == sizeof(*label), ("mac_labelzone_ctor: wrong size\n")); 101eca8a663SRobert Watson label = mem; 102d5fb913fSRobert Watson mac_init_label(label); 103b23f72e9SBrian Feldman return (0); 104eca8a663SRobert Watson } 105eca8a663SRobert Watson 106eca8a663SRobert Watson static void 107eca8a663SRobert Watson mac_labelzone_dtor(void *mem, int size, void *arg) 108eca8a663SRobert Watson { 109eca8a663SRobert Watson struct label *label; 110eca8a663SRobert Watson 111eca8a663SRobert Watson KASSERT(size == sizeof(*label), ("mac_labelzone_dtor: wrong size\n")); 112eca8a663SRobert Watson label = mem; 113d5fb913fSRobert Watson mac_destroy_label(label); 114eca8a663SRobert Watson } 115eca8a663SRobert Watson 116eca8a663SRobert Watson struct label * 117eca8a663SRobert Watson mac_labelzone_alloc(int flags) 118eca8a663SRobert Watson { 119eca8a663SRobert Watson 120eca8a663SRobert Watson return (uma_zalloc(zone_label, flags)); 121eca8a663SRobert Watson } 122eca8a663SRobert Watson 123eca8a663SRobert Watson void 124eca8a663SRobert Watson mac_labelzone_free(struct label *label) 125eca8a663SRobert Watson { 126eca8a663SRobert Watson 127eca8a663SRobert Watson uma_zfree(zone_label, label); 128eca8a663SRobert Watson } 129