1ddcdf265SRobert Watson /*- 2ddcdf265SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3ddcdf265SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4ddcdf265SRobert Watson * All rights reserved. 5ddcdf265SRobert Watson * 6ddcdf265SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7ddcdf265SRobert Watson * 8ddcdf265SRobert Watson * This software was developed for the FreeBSD Project in part by NAI Labs, 9ddcdf265SRobert Watson * the Security Research Division of Network Associates, Inc. under 10ddcdf265SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11ddcdf265SRobert Watson * CHATS research program. 12ddcdf265SRobert Watson * 13ddcdf265SRobert Watson * Redistribution and use in source and binary forms, with or without 14ddcdf265SRobert Watson * modification, are permitted provided that the following conditions 15ddcdf265SRobert Watson * are met: 16ddcdf265SRobert Watson * 1. Redistributions of source code must retain the above copyright 17ddcdf265SRobert Watson * notice, this list of conditions and the following disclaimer. 18ddcdf265SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19ddcdf265SRobert Watson * notice, this list of conditions and the following disclaimer in the 20ddcdf265SRobert Watson * documentation and/or other materials provided with the distribution. 21ddcdf265SRobert Watson * 3. The names of the authors may not be used to endorse or promote 22ddcdf265SRobert Watson * products derived from this software without specific prior written 23ddcdf265SRobert Watson * permission. 24ddcdf265SRobert Watson * 25ddcdf265SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26ddcdf265SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27ddcdf265SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28ddcdf265SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29ddcdf265SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30ddcdf265SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31ddcdf265SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32ddcdf265SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33ddcdf265SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34ddcdf265SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35ddcdf265SRobert Watson * SUCH DAMAGE. 36ddcdf265SRobert Watson * 37ddcdf265SRobert Watson * $FreeBSD$ 38ddcdf265SRobert Watson */ 39ddcdf265SRobert Watson /* 40ddcdf265SRobert Watson * Kernel interface for MAC policy modules. 41ddcdf265SRobert Watson */ 42ddcdf265SRobert Watson #ifndef _SYS_MAC_POLICY_H 43ddcdf265SRobert Watson #define _SYS_MAC_POLICY_H 44ddcdf265SRobert Watson 45ddcdf265SRobert Watson /*- 46ddcdf265SRobert Watson * Pluggable access control policy definition structure. 47ddcdf265SRobert Watson * 48ddcdf265SRobert Watson * List of operations that are performed as part of the implementation 49ddcdf265SRobert Watson * of a MAC policy. Policy implementors declare operations with a 50ddcdf265SRobert Watson * mac_policy_ops structure, and using the MAC_POLICY_SET() macro. 51ddcdf265SRobert Watson * If an entry point is not declared, then then the policy will be ignored 52ddcdf265SRobert Watson * during evaluation of that event or check. 53ddcdf265SRobert Watson * 54ddcdf265SRobert Watson * Operations are sorted first by general class of operation, then 55ddcdf265SRobert Watson * alphabetically. 56ddcdf265SRobert Watson */ 57ddcdf265SRobert Watson struct mac_policy_conf; 58ddcdf265SRobert Watson struct mac_policy_ops { 59ddcdf265SRobert Watson /* 60ddcdf265SRobert Watson * Policy module operations. 61ddcdf265SRobert Watson */ 62ddcdf265SRobert Watson void (*mpo_destroy)(struct mac_policy_conf *mpc); 63ddcdf265SRobert Watson void (*mpo_init)(struct mac_policy_conf *mpc); 64ddcdf265SRobert Watson 65ddcdf265SRobert Watson /* 6627f2eac7SRobert Watson * General policy-directed security system call so that policies 6727f2eac7SRobert Watson * may implement new services without reserving explicit 6827f2eac7SRobert Watson * system call numbers. 6927f2eac7SRobert Watson */ 7027f2eac7SRobert Watson int (*mpo_syscall)(struct thread *td, int call, void *arg); 7127f2eac7SRobert Watson 7227f2eac7SRobert Watson /* 73ddcdf265SRobert Watson * Label operations. 74ddcdf265SRobert Watson */ 7596adb909SRobert Watson void (*mpo_init_bpfdesc_label)(struct label *label); 7696adb909SRobert Watson void (*mpo_init_cred_label)(struct label *label); 7796adb909SRobert Watson void (*mpo_init_devfsdirent_label)(struct label *label); 7896adb909SRobert Watson void (*mpo_init_ifnet_label)(struct label *label); 7996adb909SRobert Watson void (*mpo_init_ipq_label)(struct label *label); 8096adb909SRobert Watson int (*mpo_init_mbuf_label)(struct label *label, int flag); 8196adb909SRobert Watson void (*mpo_init_mount_label)(struct label *label); 8296adb909SRobert Watson void (*mpo_init_mount_fs_label)(struct label *label); 8383985c26SRobert Watson int (*mpo_init_socket_label)(struct label *label, int flag); 8483985c26SRobert Watson int (*mpo_init_socket_peer_label)(struct label *label, int flag); 8596adb909SRobert Watson void (*mpo_init_pipe_label)(struct label *label); 8696adb909SRobert Watson void (*mpo_init_vnode_label)(struct label *label); 8796adb909SRobert Watson void (*mpo_destroy_bpfdesc_label)(struct label *label); 8896adb909SRobert Watson void (*mpo_destroy_cred_label)(struct label *label); 8996adb909SRobert Watson void (*mpo_destroy_devfsdirent_label)(struct label *label); 9096adb909SRobert Watson void (*mpo_destroy_ifnet_label)(struct label *label); 9196adb909SRobert Watson void (*mpo_destroy_ipq_label)(struct label *label); 9296adb909SRobert Watson void (*mpo_destroy_mbuf_label)(struct label *label); 9396adb909SRobert Watson void (*mpo_destroy_mount_label)(struct label *label); 9496adb909SRobert Watson void (*mpo_destroy_mount_fs_label)(struct label *label); 9596adb909SRobert Watson void (*mpo_destroy_socket_label)(struct label *label); 9696adb909SRobert Watson void (*mpo_destroy_socket_peer_label)(struct label *label); 9796adb909SRobert Watson void (*mpo_destroy_pipe_label)(struct label *label); 9896adb909SRobert Watson void (*mpo_destroy_vnode_label)(struct label *label); 99475b9d0aSRobert Watson void (*mpo_copy_pipe_label)(struct label *src, 100475b9d0aSRobert Watson struct label *dest); 101475b9d0aSRobert Watson void (*mpo_copy_vnode_label)(struct label *src, 102475b9d0aSRobert Watson struct label *dest); 103475b9d0aSRobert Watson int (*mpo_externalize_cred_label)(struct label *label, 104475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 105475b9d0aSRobert Watson size_t *len, int *claimed); 106475b9d0aSRobert Watson int (*mpo_externalize_ifnet_label)(struct label *label, 107475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 108475b9d0aSRobert Watson size_t *len, int *claimed); 109475b9d0aSRobert Watson int (*mpo_externalize_pipe_label)(struct label *label, 110475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 111475b9d0aSRobert Watson size_t *len, int *claimed); 112475b9d0aSRobert Watson int (*mpo_externalize_socket_label)(struct label *label, 113475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 114475b9d0aSRobert Watson size_t *len, int *claimed); 115475b9d0aSRobert Watson int (*mpo_externalize_socket_peer_label)(struct label *label, 116475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 117475b9d0aSRobert Watson size_t *len, int *claimed); 118475b9d0aSRobert Watson int (*mpo_externalize_vnode_label)(struct label *label, 119475b9d0aSRobert Watson char *element_name, char *buffer, size_t buflen, 120475b9d0aSRobert Watson size_t *len, int *claimed); 121475b9d0aSRobert Watson int (*mpo_externalize_vnode_oldmac)(struct label *label, 122475b9d0aSRobert Watson struct oldmac *extmac); 123475b9d0aSRobert Watson int (*mpo_internalize_cred_label)(struct label *label, 124475b9d0aSRobert Watson char *element_name, char *element_data, int *claimed); 125475b9d0aSRobert Watson int (*mpo_internalize_ifnet_label)(struct label *label, 126475b9d0aSRobert Watson char *element_name, char *element_data, int *claimed); 127475b9d0aSRobert Watson int (*mpo_internalize_pipe_label)(struct label *label, 128475b9d0aSRobert Watson char *element_name, char *element_data, int *claimed); 129475b9d0aSRobert Watson int (*mpo_internalize_socket_label)(struct label *label, 130475b9d0aSRobert Watson char *element_name, char *element_data, int *claimed); 131475b9d0aSRobert Watson int (*mpo_internalize_vnode_label)(struct label *label, 132475b9d0aSRobert Watson char *element_name, char *element_data, int *claimed); 133ddcdf265SRobert Watson 134ddcdf265SRobert Watson /* 135ddcdf265SRobert Watson * Labeling event operations: file system objects, and things that 136ddcdf265SRobert Watson * look a lot like file system objects. 137ddcdf265SRobert Watson */ 138ddcdf265SRobert Watson void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, 139ddcdf265SRobert Watson struct label *label); 140ddcdf265SRobert Watson void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, 141ddcdf265SRobert Watson struct devfs_dirent *de, struct label *label); 14274e62b1bSRobert Watson void (*mpo_create_devfs_symlink)(struct ucred *cred, 14374e62b1bSRobert Watson struct devfs_dirent *dd, struct label *ddlabel, 14474e62b1bSRobert Watson struct devfs_dirent *de, struct label *delabel); 145ddcdf265SRobert Watson void (*mpo_create_devfs_vnode)(struct devfs_dirent *de, 146ddcdf265SRobert Watson struct label *direntlabel, struct vnode *vp, 147ddcdf265SRobert Watson struct label *vnodelabel); 148ddcdf265SRobert Watson void (*mpo_create_vnode)(struct ucred *cred, struct vnode *parent, 149ddcdf265SRobert Watson struct label *parentlabel, struct vnode *child, 150ddcdf265SRobert Watson struct label *childlabel); 151ddcdf265SRobert Watson void (*mpo_create_mount)(struct ucred *cred, struct mount *mp, 152ddcdf265SRobert Watson struct label *mntlabel, struct label *fslabel); 153ddcdf265SRobert Watson void (*mpo_create_root_mount)(struct ucred *cred, struct mount *mp, 154ddcdf265SRobert Watson struct label *mountlabel, struct label *fslabel); 155ddcdf265SRobert Watson void (*mpo_relabel_vnode)(struct ucred *cred, struct vnode *vp, 156ddcdf265SRobert Watson struct label *vnodelabel, struct label *label); 157ddcdf265SRobert Watson int (*mpo_stdcreatevnode_ea)(struct vnode *vp, 158ddcdf265SRobert Watson struct label *vnodelabel); 159ddcdf265SRobert Watson void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, 160ddcdf265SRobert Watson struct label *direntlabel, struct vnode *vp, 161ddcdf265SRobert Watson struct label *vnodelabel); 162ddcdf265SRobert Watson void (*mpo_update_procfsvnode)(struct vnode *vp, 163ddcdf265SRobert Watson struct label *vnodelabel, struct ucred *cred); 164ddcdf265SRobert Watson int (*mpo_update_vnode_from_extattr)(struct vnode *vp, 165ddcdf265SRobert Watson struct label *vnodelabel, struct mount *mp, 166ddcdf265SRobert Watson struct label *fslabel); 167ddcdf265SRobert Watson int (*mpo_update_vnode_from_externalized)(struct vnode *vp, 168475b9d0aSRobert Watson struct label *vnodelabel, struct oldmac *extmac); 169ddcdf265SRobert Watson void (*mpo_update_vnode_from_mount)(struct vnode *vp, 170ddcdf265SRobert Watson struct label *vnodelabel, struct mount *mp, 171ddcdf265SRobert Watson struct label *fslabel); 172ddcdf265SRobert Watson 173ddcdf265SRobert Watson /* 174ddcdf265SRobert Watson * Labeling event operations: IPC objects. 175ddcdf265SRobert Watson */ 176ddcdf265SRobert Watson void (*mpo_create_mbuf_from_socket)(struct socket *so, 177ddcdf265SRobert Watson struct label *socketlabel, struct mbuf *m, 178ddcdf265SRobert Watson struct label *mbuflabel); 179ddcdf265SRobert Watson void (*mpo_create_socket)(struct ucred *cred, struct socket *so, 180ddcdf265SRobert Watson struct label *socketlabel); 181ddcdf265SRobert Watson void (*mpo_create_socket_from_socket)(struct socket *oldsocket, 182ddcdf265SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 183ddcdf265SRobert Watson struct label *newsocketlabel); 184ddcdf265SRobert Watson void (*mpo_relabel_socket)(struct ucred *cred, struct socket *so, 185ddcdf265SRobert Watson struct label *oldlabel, struct label *newlabel); 186ddcdf265SRobert Watson void (*mpo_relabel_pipe)(struct ucred *cred, struct pipe *pipe, 187ddcdf265SRobert Watson struct label *oldlabel, struct label *newlabel); 188ddcdf265SRobert Watson void (*mpo_set_socket_peer_from_mbuf)(struct mbuf *mbuf, 189ddcdf265SRobert Watson struct label *mbuflabel, struct socket *so, 190ddcdf265SRobert Watson struct label *socketpeerlabel); 191ddcdf265SRobert Watson void (*mpo_set_socket_peer_from_socket)(struct socket *oldsocket, 192ddcdf265SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 193ddcdf265SRobert Watson struct label *newsocketpeerlabel); 194ddcdf265SRobert Watson void (*mpo_create_pipe)(struct ucred *cred, struct pipe *pipe, 195ddcdf265SRobert Watson struct label *pipelabel); 196ddcdf265SRobert Watson 197ddcdf265SRobert Watson /* 198ddcdf265SRobert Watson * Labeling event operations: network objects. 199ddcdf265SRobert Watson */ 200ddcdf265SRobert Watson void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d, 201ddcdf265SRobert Watson struct label *bpflabel); 202ddcdf265SRobert Watson void (*mpo_create_ifnet)(struct ifnet *ifnet, 203ddcdf265SRobert Watson struct label *ifnetlabel); 204ddcdf265SRobert Watson void (*mpo_create_ipq)(struct mbuf *fragment, 205ddcdf265SRobert Watson struct label *fragmentlabel, struct ipq *ipq, 206ddcdf265SRobert Watson struct label *ipqlabel); 207ddcdf265SRobert Watson void (*mpo_create_datagram_from_ipq) 208ddcdf265SRobert Watson (struct ipq *ipq, struct label *ipqlabel, 209ddcdf265SRobert Watson struct mbuf *datagram, struct label *datagramlabel); 210ddcdf265SRobert Watson void (*mpo_create_fragment)(struct mbuf *datagram, 211ddcdf265SRobert Watson struct label *datagramlabel, struct mbuf *fragment, 212ddcdf265SRobert Watson struct label *fragmentlabel); 213ddcdf265SRobert Watson void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf, 214ddcdf265SRobert Watson struct label *oldlabel, struct mbuf *newmbuf, 215ddcdf265SRobert Watson struct label *newlabel); 216ddcdf265SRobert Watson void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet, 217ddcdf265SRobert Watson struct label *ifnetlabel, struct mbuf *mbuf, 218ddcdf265SRobert Watson struct label *mbuflabel); 219ddcdf265SRobert Watson void (*mpo_create_mbuf_from_bpfdesc)(struct bpf_d *bpf_d, 220ddcdf265SRobert Watson struct label *bpflabel, struct mbuf *mbuf, 221ddcdf265SRobert Watson struct label *mbuflabel); 222ddcdf265SRobert Watson void (*mpo_create_mbuf_from_ifnet)(struct ifnet *ifnet, 223ddcdf265SRobert Watson struct label *ifnetlabel, struct mbuf *mbuf, 224ddcdf265SRobert Watson struct label *mbuflabel); 225ddcdf265SRobert Watson void (*mpo_create_mbuf_multicast_encap)(struct mbuf *oldmbuf, 226ddcdf265SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, 227ddcdf265SRobert Watson struct label *ifnetlabel, struct mbuf *newmbuf, 228ddcdf265SRobert Watson struct label *newmbuflabel); 229ddcdf265SRobert Watson void (*mpo_create_mbuf_netlayer)(struct mbuf *oldmbuf, 230ddcdf265SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 231ddcdf265SRobert Watson struct label *newmbuflabel); 232ddcdf265SRobert Watson int (*mpo_fragment_match)(struct mbuf *fragment, 233ddcdf265SRobert Watson struct label *fragmentlabel, struct ipq *ipq, 234ddcdf265SRobert Watson struct label *ipqlabel); 235ddcdf265SRobert Watson void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, 236ddcdf265SRobert Watson struct label *ifnetlabel, struct label *newlabel); 237ddcdf265SRobert Watson void (*mpo_update_ipq)(struct mbuf *fragment, 238ddcdf265SRobert Watson struct label *fragmentlabel, struct ipq *ipq, 239ddcdf265SRobert Watson struct label *ipqlabel); 240ddcdf265SRobert Watson 241ddcdf265SRobert Watson /* 242ddcdf265SRobert Watson * Labeling event operations: processes. 243ddcdf265SRobert Watson */ 244ddcdf265SRobert Watson void (*mpo_create_cred)(struct ucred *parent_cred, 245ddcdf265SRobert Watson struct ucred *child_cred); 246ddcdf265SRobert Watson void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, 247ddcdf265SRobert Watson struct vnode *vp, struct label *vnodelabel); 248ddcdf265SRobert Watson int (*mpo_execve_will_transition)(struct ucred *old, 249ddcdf265SRobert Watson struct vnode *vp, struct label *vnodelabel); 250ddcdf265SRobert Watson void (*mpo_create_proc0)(struct ucred *cred); 251ddcdf265SRobert Watson void (*mpo_create_proc1)(struct ucred *cred); 252ddcdf265SRobert Watson void (*mpo_relabel_cred)(struct ucred *cred, 253ddcdf265SRobert Watson struct label *newlabel); 25492dbb82aSRobert Watson void (*mpo_thread_userret)(struct thread *thread); 255ddcdf265SRobert Watson 256ddcdf265SRobert Watson /* 257ddcdf265SRobert Watson * Access control checks. 258ddcdf265SRobert Watson */ 259ddcdf265SRobert Watson int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d, 260ddcdf265SRobert Watson struct label *bpflabel, struct ifnet *ifnet, 261ddcdf265SRobert Watson struct label *ifnetlabel); 262ddcdf265SRobert Watson int (*mpo_check_cred_relabel)(struct ucred *cred, 263ddcdf265SRobert Watson struct label *newlabel); 264ddcdf265SRobert Watson int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2); 265ddcdf265SRobert Watson int (*mpo_check_ifnet_relabel)(struct ucred *cred, 266ddcdf265SRobert Watson struct ifnet *ifnet, struct label *ifnetlabel, 267ddcdf265SRobert Watson struct label *newlabel); 268ddcdf265SRobert Watson int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet, 269ddcdf265SRobert Watson struct label *ifnetlabel, struct mbuf *m, 270ddcdf265SRobert Watson struct label *mbuflabel); 271ddcdf265SRobert Watson int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp, 272ddcdf265SRobert Watson struct label *mntlabel); 273ddcdf265SRobert Watson int (*mpo_check_pipe_ioctl)(struct ucred *cred, struct pipe *pipe, 274ddcdf265SRobert Watson struct label *pipelabel, unsigned long cmd, void *data); 275c024c3eeSRobert Watson int (*mpo_check_pipe_poll)(struct ucred *cred, struct pipe *pipe, 276c024c3eeSRobert Watson struct label *pipelabel); 277c024c3eeSRobert Watson int (*mpo_check_pipe_read)(struct ucred *cred, struct pipe *pipe, 278c024c3eeSRobert Watson struct label *pipelabel); 279ddcdf265SRobert Watson int (*mpo_check_pipe_relabel)(struct ucred *cred, 280ddcdf265SRobert Watson struct pipe *pipe, struct label *pipelabel, 281ddcdf265SRobert Watson struct label *newlabel); 282c024c3eeSRobert Watson int (*mpo_check_pipe_stat)(struct ucred *cred, struct pipe *pipe, 283c024c3eeSRobert Watson struct label *pipelabel); 284c024c3eeSRobert Watson int (*mpo_check_pipe_write)(struct ucred *cred, struct pipe *pipe, 285c024c3eeSRobert Watson struct label *pipelabel); 286ddcdf265SRobert Watson int (*mpo_check_proc_debug)(struct ucred *cred, 287ddcdf265SRobert Watson struct proc *proc); 288ddcdf265SRobert Watson int (*mpo_check_proc_sched)(struct ucred *cred, 289ddcdf265SRobert Watson struct proc *proc); 290ddcdf265SRobert Watson int (*mpo_check_proc_signal)(struct ucred *cred, 291ddcdf265SRobert Watson struct proc *proc, int signum); 292ddcdf265SRobert Watson int (*mpo_check_socket_bind)(struct ucred *cred, 293ddcdf265SRobert Watson struct socket *so, struct label *socketlabel, 294ddcdf265SRobert Watson struct sockaddr *sockaddr); 295ddcdf265SRobert Watson int (*mpo_check_socket_connect)(struct ucred *cred, 296ddcdf265SRobert Watson struct socket *so, struct label *socketlabel, 297ddcdf265SRobert Watson struct sockaddr *sockaddr); 298fb95b5d3SRobert Watson int (*mpo_check_socket_deliver)(struct socket *so, 299ddcdf265SRobert Watson struct label *socketlabel, struct mbuf *m, 300ddcdf265SRobert Watson struct label *mbuflabel); 301fb95b5d3SRobert Watson int (*mpo_check_socket_listen)(struct ucred *cred, 302fb95b5d3SRobert Watson struct socket *so, struct label *socketlabel); 303b371c939SRobert Watson int (*mpo_check_socket_receive)(struct ucred *cred, 304b371c939SRobert Watson struct socket *so, struct label *socketlabel); 305ddcdf265SRobert Watson int (*mpo_check_socket_relabel)(struct ucred *cred, 306ddcdf265SRobert Watson struct socket *so, struct label *socketlabel, 307ddcdf265SRobert Watson struct label *newlabel); 308b371c939SRobert Watson int (*mpo_check_socket_send)(struct ucred *cred, 309b371c939SRobert Watson struct socket *so, struct label *socketlabel); 310ddcdf265SRobert Watson int (*mpo_check_socket_visible)(struct ucred *cred, 311ddcdf265SRobert Watson struct socket *so, struct label *socketlabel); 312ddcdf265SRobert Watson int (*mpo_check_vnode_access)(struct ucred *cred, 313ddcdf265SRobert Watson struct vnode *vp, struct label *label, int flags); 314ddcdf265SRobert Watson int (*mpo_check_vnode_chdir)(struct ucred *cred, 315ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel); 316ddcdf265SRobert Watson int (*mpo_check_vnode_chroot)(struct ucred *cred, 317ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel); 318ddcdf265SRobert Watson int (*mpo_check_vnode_create)(struct ucred *cred, 319ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel, 320ddcdf265SRobert Watson struct componentname *cnp, struct vattr *vap); 321ddcdf265SRobert Watson int (*mpo_check_vnode_delete)(struct ucred *cred, 322ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel, 323ddcdf265SRobert Watson struct vnode *vp, void *label, struct componentname *cnp); 324ddcdf265SRobert Watson int (*mpo_check_vnode_deleteacl)(struct ucred *cred, 325ddcdf265SRobert Watson struct vnode *vp, struct label *label, acl_type_t type); 326ddcdf265SRobert Watson int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, 327ddcdf265SRobert Watson struct label *label); 328ddcdf265SRobert Watson int (*mpo_check_vnode_getacl)(struct ucred *cred, 329ddcdf265SRobert Watson struct vnode *vp, struct label *label, acl_type_t type); 330ddcdf265SRobert Watson int (*mpo_check_vnode_getextattr)(struct ucred *cred, 331ddcdf265SRobert Watson struct vnode *vp, struct label *label, int attrnamespace, 332ddcdf265SRobert Watson const char *name, struct uio *uio); 3330a694196SRobert Watson int (*mpo_check_vnode_link)(struct ucred *cred, struct vnode *dvp, 3340a694196SRobert Watson struct label *dlabel, struct vnode *vp, 3350a694196SRobert Watson struct label *label, struct componentname *cnp); 336ddcdf265SRobert Watson int (*mpo_check_vnode_lookup)(struct ucred *cred, 337ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel, 338ddcdf265SRobert Watson struct componentname *cnp); 339e183f80eSRobert Watson int (*mpo_check_vnode_mmap)(struct ucred *cred, struct vnode *vp, 340e183f80eSRobert Watson struct label *label, int prot); 341e183f80eSRobert Watson void (*mpo_check_vnode_mmap_downgrade)(struct ucred *cred, 342e183f80eSRobert Watson struct vnode *vp, struct label *label, int *prot); 343e183f80eSRobert Watson int (*mpo_check_vnode_mprotect)(struct ucred *cred, 344e183f80eSRobert Watson struct vnode *vp, struct label *label, int prot); 345ddcdf265SRobert Watson int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, 346ddcdf265SRobert Watson struct label *label, mode_t acc_mode); 347177142e4SRobert Watson int (*mpo_check_vnode_poll)(struct ucred *active_cred, 348177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, 3497f724f8bSRobert Watson struct label *label); 350177142e4SRobert Watson int (*mpo_check_vnode_read)(struct ucred *active_cred, 351177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, 3527f724f8bSRobert Watson struct label *label); 353ddcdf265SRobert Watson int (*mpo_check_vnode_readdir)(struct ucred *cred, 354ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel); 355ddcdf265SRobert Watson int (*mpo_check_vnode_readlink)(struct ucred *cred, 356ddcdf265SRobert Watson struct vnode *vp, struct label *label); 357ddcdf265SRobert Watson int (*mpo_check_vnode_relabel)(struct ucred *cred, 358ddcdf265SRobert Watson struct vnode *vp, struct label *vnodelabel, 359ddcdf265SRobert Watson struct label *newlabel); 360ddcdf265SRobert Watson int (*mpo_check_vnode_rename_from)(struct ucred *cred, 361ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel, struct vnode *vp, 362ddcdf265SRobert Watson struct label *label, struct componentname *cnp); 363ddcdf265SRobert Watson int (*mpo_check_vnode_rename_to)(struct ucred *cred, 364ddcdf265SRobert Watson struct vnode *dvp, struct label *dlabel, struct vnode *vp, 365ddcdf265SRobert Watson struct label *label, int samedir, 366ddcdf265SRobert Watson struct componentname *cnp); 367ddcdf265SRobert Watson int (*mpo_check_vnode_revoke)(struct ucred *cred, 368ddcdf265SRobert Watson struct vnode *vp, struct label *label); 369ddcdf265SRobert Watson int (*mpo_check_vnode_setacl)(struct ucred *cred, 370ddcdf265SRobert Watson struct vnode *vp, struct label *label, acl_type_t type, 371ddcdf265SRobert Watson struct acl *acl); 372ddcdf265SRobert Watson int (*mpo_check_vnode_setextattr)(struct ucred *cred, 373ddcdf265SRobert Watson struct vnode *vp, struct label *label, int attrnamespace, 374ddcdf265SRobert Watson const char *name, struct uio *uio); 375ddcdf265SRobert Watson int (*mpo_check_vnode_setflags)(struct ucred *cred, 376ddcdf265SRobert Watson struct vnode *vp, struct label *label, u_long flags); 377ddcdf265SRobert Watson int (*mpo_check_vnode_setmode)(struct ucred *cred, 378ddcdf265SRobert Watson struct vnode *vp, struct label *label, mode_t mode); 379ddcdf265SRobert Watson int (*mpo_check_vnode_setowner)(struct ucred *cred, 380ddcdf265SRobert Watson struct vnode *vp, struct label *label, uid_t uid, 381ddcdf265SRobert Watson gid_t gid); 382ddcdf265SRobert Watson int (*mpo_check_vnode_setutimes)(struct ucred *cred, 383ddcdf265SRobert Watson struct vnode *vp, struct label *label, 384ddcdf265SRobert Watson struct timespec atime, struct timespec mtime); 385177142e4SRobert Watson int (*mpo_check_vnode_stat)(struct ucred *active_cred, 386177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, 387ddcdf265SRobert Watson struct label *label); 388177142e4SRobert Watson int (*mpo_check_vnode_write)(struct ucred *active_cred, 389177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, 3907f724f8bSRobert Watson struct label *label); 391ddcdf265SRobert Watson }; 392ddcdf265SRobert Watson 3934b826b4cSRobert Watson typedef const void *macop_t; 394ddcdf265SRobert Watson 395ddcdf265SRobert Watson enum mac_op_constant { 396ddcdf265SRobert Watson MAC_OP_LAST, 397ddcdf265SRobert Watson MAC_DESTROY, 398ddcdf265SRobert Watson MAC_INIT, 39927f2eac7SRobert Watson MAC_SYSCALL, 40096adb909SRobert Watson MAC_INIT_BPFDESC_LABEL, 40196adb909SRobert Watson MAC_INIT_CRED_LABEL, 40296adb909SRobert Watson MAC_INIT_DEVFSDIRENT_LABEL, 40396adb909SRobert Watson MAC_INIT_IFNET_LABEL, 40496adb909SRobert Watson MAC_INIT_IPQ_LABEL, 40596adb909SRobert Watson MAC_INIT_MBUF_LABEL, 40696adb909SRobert Watson MAC_INIT_MOUNT_LABEL, 40796adb909SRobert Watson MAC_INIT_MOUNT_FS_LABEL, 40896adb909SRobert Watson MAC_INIT_PIPE_LABEL, 40996adb909SRobert Watson MAC_INIT_SOCKET_LABEL, 41096adb909SRobert Watson MAC_INIT_SOCKET_PEER_LABEL, 41196adb909SRobert Watson MAC_INIT_VNODE_LABEL, 41296adb909SRobert Watson MAC_DESTROY_BPFDESC_LABEL, 41396adb909SRobert Watson MAC_DESTROY_CRED_LABEL, 41496adb909SRobert Watson MAC_DESTROY_DEVFSDIRENT_LABEL, 41596adb909SRobert Watson MAC_DESTROY_IFNET_LABEL, 41696adb909SRobert Watson MAC_DESTROY_IPQ_LABEL, 41796adb909SRobert Watson MAC_DESTROY_MBUF_LABEL, 41896adb909SRobert Watson MAC_DESTROY_MOUNT_LABEL, 41996adb909SRobert Watson MAC_DESTROY_MOUNT_FS_LABEL, 42096adb909SRobert Watson MAC_DESTROY_PIPE_LABEL, 42196adb909SRobert Watson MAC_DESTROY_SOCKET_LABEL, 42296adb909SRobert Watson MAC_DESTROY_SOCKET_PEER_LABEL, 42396adb909SRobert Watson MAC_DESTROY_VNODE_LABEL, 424475b9d0aSRobert Watson MAC_COPY_PIPE_LABEL, 425475b9d0aSRobert Watson MAC_COPY_VNODE_LABEL, 426475b9d0aSRobert Watson MAC_EXTERNALIZE_CRED_LABEL, 427475b9d0aSRobert Watson MAC_EXTERNALIZE_IFNET_LABEL, 428475b9d0aSRobert Watson MAC_EXTERNALIZE_PIPE_LABEL, 429475b9d0aSRobert Watson MAC_EXTERNALIZE_SOCKET_LABEL, 430475b9d0aSRobert Watson MAC_EXTERNALIZE_SOCKET_PEER_LABEL, 431475b9d0aSRobert Watson MAC_EXTERNALIZE_VNODE_LABEL, 432475b9d0aSRobert Watson MAC_EXTERNALIZE_VNODE_OLDMAC, 433475b9d0aSRobert Watson MAC_INTERNALIZE_CRED_LABEL, 434475b9d0aSRobert Watson MAC_INTERNALIZE_IFNET_LABEL, 435475b9d0aSRobert Watson MAC_INTERNALIZE_PIPE_LABEL, 436475b9d0aSRobert Watson MAC_INTERNALIZE_SOCKET_LABEL, 437475b9d0aSRobert Watson MAC_INTERNALIZE_VNODE_LABEL, 438ddcdf265SRobert Watson MAC_CREATE_DEVFS_DEVICE, 439ddcdf265SRobert Watson MAC_CREATE_DEVFS_DIRECTORY, 44074e62b1bSRobert Watson MAC_CREATE_DEVFS_SYMLINK, 441ddcdf265SRobert Watson MAC_CREATE_DEVFS_VNODE, 442ddcdf265SRobert Watson MAC_CREATE_VNODE, 443ddcdf265SRobert Watson MAC_CREATE_MOUNT, 444ddcdf265SRobert Watson MAC_CREATE_ROOT_MOUNT, 445ddcdf265SRobert Watson MAC_RELABEL_VNODE, 446ddcdf265SRobert Watson MAC_STDCREATEVNODE_EA, 447ddcdf265SRobert Watson MAC_UPDATE_DEVFSDIRENT, 448ddcdf265SRobert Watson MAC_UPDATE_PROCFSVNODE, 449ddcdf265SRobert Watson MAC_UPDATE_VNODE_FROM_EXTATTR, 450ddcdf265SRobert Watson MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 451ddcdf265SRobert Watson MAC_UPDATE_VNODE_FROM_MOUNT, 452ddcdf265SRobert Watson MAC_CREATE_MBUF_FROM_SOCKET, 453ddcdf265SRobert Watson MAC_CREATE_PIPE, 454ddcdf265SRobert Watson MAC_CREATE_SOCKET, 455ddcdf265SRobert Watson MAC_CREATE_SOCKET_FROM_SOCKET, 456ddcdf265SRobert Watson MAC_RELABEL_PIPE, 457ddcdf265SRobert Watson MAC_RELABEL_SOCKET, 458ddcdf265SRobert Watson MAC_SET_SOCKET_PEER_FROM_MBUF, 459ddcdf265SRobert Watson MAC_SET_SOCKET_PEER_FROM_SOCKET, 460ddcdf265SRobert Watson MAC_CREATE_BPFDESC, 461ddcdf265SRobert Watson MAC_CREATE_DATAGRAM_FROM_IPQ, 462ddcdf265SRobert Watson MAC_CREATE_IFNET, 463ddcdf265SRobert Watson MAC_CREATE_IPQ, 464ddcdf265SRobert Watson MAC_CREATE_FRAGMENT, 465ddcdf265SRobert Watson MAC_CREATE_MBUF_FROM_MBUF, 466ddcdf265SRobert Watson MAC_CREATE_MBUF_LINKLAYER, 467ddcdf265SRobert Watson MAC_CREATE_MBUF_FROM_BPFDESC, 468ddcdf265SRobert Watson MAC_CREATE_MBUF_FROM_IFNET, 469ddcdf265SRobert Watson MAC_CREATE_MBUF_MULTICAST_ENCAP, 470ddcdf265SRobert Watson MAC_CREATE_MBUF_NETLAYER, 471ddcdf265SRobert Watson MAC_FRAGMENT_MATCH, 472ddcdf265SRobert Watson MAC_RELABEL_IFNET, 473ddcdf265SRobert Watson MAC_UPDATE_IPQ, 474ddcdf265SRobert Watson MAC_CREATE_CRED, 475ddcdf265SRobert Watson MAC_EXECVE_TRANSITION, 476ddcdf265SRobert Watson MAC_EXECVE_WILL_TRANSITION, 477ddcdf265SRobert Watson MAC_CREATE_PROC0, 478ddcdf265SRobert Watson MAC_CREATE_PROC1, 479ddcdf265SRobert Watson MAC_RELABEL_CRED, 48092dbb82aSRobert Watson MAC_THREAD_USERRET, 481ddcdf265SRobert Watson MAC_CHECK_BPFDESC_RECEIVE, 482ddcdf265SRobert Watson MAC_CHECK_CRED_RELABEL, 483ddcdf265SRobert Watson MAC_CHECK_CRED_VISIBLE, 484ddcdf265SRobert Watson MAC_CHECK_IFNET_RELABEL, 485ddcdf265SRobert Watson MAC_CHECK_IFNET_TRANSMIT, 486ddcdf265SRobert Watson MAC_CHECK_MOUNT_STAT, 487ddcdf265SRobert Watson MAC_CHECK_PIPE_IOCTL, 488c024c3eeSRobert Watson MAC_CHECK_PIPE_POLL, 489c024c3eeSRobert Watson MAC_CHECK_PIPE_READ, 490ddcdf265SRobert Watson MAC_CHECK_PIPE_RELABEL, 491c024c3eeSRobert Watson MAC_CHECK_PIPE_STAT, 492c024c3eeSRobert Watson MAC_CHECK_PIPE_WRITE, 493ddcdf265SRobert Watson MAC_CHECK_PROC_DEBUG, 494ddcdf265SRobert Watson MAC_CHECK_PROC_SCHED, 495ddcdf265SRobert Watson MAC_CHECK_PROC_SIGNAL, 496ddcdf265SRobert Watson MAC_CHECK_SOCKET_BIND, 497ddcdf265SRobert Watson MAC_CHECK_SOCKET_CONNECT, 498fb95b5d3SRobert Watson MAC_CHECK_SOCKET_DELIVER, 499ddcdf265SRobert Watson MAC_CHECK_SOCKET_LISTEN, 500b371c939SRobert Watson MAC_CHECK_SOCKET_RECEIVE, 501ddcdf265SRobert Watson MAC_CHECK_SOCKET_RELABEL, 502b371c939SRobert Watson MAC_CHECK_SOCKET_SEND, 503ddcdf265SRobert Watson MAC_CHECK_SOCKET_VISIBLE, 504ddcdf265SRobert Watson MAC_CHECK_VNODE_ACCESS, 505ddcdf265SRobert Watson MAC_CHECK_VNODE_CHDIR, 506ddcdf265SRobert Watson MAC_CHECK_VNODE_CHROOT, 507ddcdf265SRobert Watson MAC_CHECK_VNODE_CREATE, 508ddcdf265SRobert Watson MAC_CHECK_VNODE_DELETE, 509ddcdf265SRobert Watson MAC_CHECK_VNODE_DELETEACL, 510ddcdf265SRobert Watson MAC_CHECK_VNODE_EXEC, 511ddcdf265SRobert Watson MAC_CHECK_VNODE_GETACL, 512ddcdf265SRobert Watson MAC_CHECK_VNODE_GETEXTATTR, 5130a694196SRobert Watson MAC_CHECK_VNODE_LINK, 514ddcdf265SRobert Watson MAC_CHECK_VNODE_LOOKUP, 515e183f80eSRobert Watson MAC_CHECK_VNODE_MMAP, 516e183f80eSRobert Watson MAC_CHECK_VNODE_MMAP_DOWNGRADE, 517e183f80eSRobert Watson MAC_CHECK_VNODE_MPROTECT, 518ddcdf265SRobert Watson MAC_CHECK_VNODE_OPEN, 5197f724f8bSRobert Watson MAC_CHECK_VNODE_POLL, 5207f724f8bSRobert Watson MAC_CHECK_VNODE_READ, 521ddcdf265SRobert Watson MAC_CHECK_VNODE_READDIR, 522ddcdf265SRobert Watson MAC_CHECK_VNODE_READLINK, 523ddcdf265SRobert Watson MAC_CHECK_VNODE_RELABEL, 524ddcdf265SRobert Watson MAC_CHECK_VNODE_RENAME_FROM, 525ddcdf265SRobert Watson MAC_CHECK_VNODE_RENAME_TO, 526ddcdf265SRobert Watson MAC_CHECK_VNODE_REVOKE, 527ddcdf265SRobert Watson MAC_CHECK_VNODE_SETACL, 528ddcdf265SRobert Watson MAC_CHECK_VNODE_SETEXTATTR, 529ddcdf265SRobert Watson MAC_CHECK_VNODE_SETFLAGS, 530ddcdf265SRobert Watson MAC_CHECK_VNODE_SETMODE, 531ddcdf265SRobert Watson MAC_CHECK_VNODE_SETOWNER, 532ddcdf265SRobert Watson MAC_CHECK_VNODE_SETUTIMES, 533ddcdf265SRobert Watson MAC_CHECK_VNODE_STAT, 5347f724f8bSRobert Watson MAC_CHECK_VNODE_WRITE, 535ddcdf265SRobert Watson }; 536ddcdf265SRobert Watson 537ddcdf265SRobert Watson struct mac_policy_op_entry { 538ddcdf265SRobert Watson enum mac_op_constant mpe_constant; /* what this hook implements */ 5394b826b4cSRobert Watson macop_t mpe_function; /* hook's implementation */ 540ddcdf265SRobert Watson }; 541ddcdf265SRobert Watson 542ddcdf265SRobert Watson struct mac_policy_conf { 543ddcdf265SRobert Watson char *mpc_name; /* policy name */ 544ddcdf265SRobert Watson char *mpc_fullname; /* policy full name */ 545ddcdf265SRobert Watson struct mac_policy_ops *mpc_ops; /* policy operations */ 546ddcdf265SRobert Watson struct mac_policy_op_entry *mpc_entries; /* ops to fill in */ 547ddcdf265SRobert Watson int mpc_loadtime_flags; /* flags */ 548ddcdf265SRobert Watson int *mpc_field_off; /* security field */ 549ddcdf265SRobert Watson int mpc_runtime_flags; /* flags */ 550ddcdf265SRobert Watson LIST_ENTRY(mac_policy_conf) mpc_list; /* global list */ 551ddcdf265SRobert Watson }; 552ddcdf265SRobert Watson 553ddcdf265SRobert Watson /* Flags for the mpc_loadtime_flags field. */ 554ddcdf265SRobert Watson #define MPC_LOADTIME_FLAG_NOTLATE 0x00000001 555ddcdf265SRobert Watson #define MPC_LOADTIME_FLAG_UNLOADOK 0x00000002 556ddcdf265SRobert Watson 557ddcdf265SRobert Watson /* Flags for the mpc_runtime_flags field. */ 558ddcdf265SRobert Watson #define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 559ddcdf265SRobert Watson 560ddcdf265SRobert Watson #define MAC_POLICY_SET(mpents, mpname, mpfullname, mpflags, privdata_wanted) \ 561ddcdf265SRobert Watson static struct mac_policy_conf mpname##_mac_policy_conf = { \ 562ddcdf265SRobert Watson #mpname, \ 563ddcdf265SRobert Watson mpfullname, \ 564ddcdf265SRobert Watson NULL, \ 565ddcdf265SRobert Watson mpents, \ 566ddcdf265SRobert Watson mpflags, \ 567ddcdf265SRobert Watson privdata_wanted, \ 568ddcdf265SRobert Watson 0, \ 569ddcdf265SRobert Watson }; \ 570ddcdf265SRobert Watson static moduledata_t mpname##_mod = { \ 571ddcdf265SRobert Watson #mpname, \ 572ddcdf265SRobert Watson mac_policy_modevent, \ 573ddcdf265SRobert Watson &mpname##_mac_policy_conf \ 574ddcdf265SRobert Watson }; \ 5757ba28492SRobert Watson MODULE_DEPEND(mpname, kernel_mac_support, 1, 1, 1); \ 576ddcdf265SRobert Watson DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \ 577ddcdf265SRobert Watson SI_ORDER_MIDDLE) 578ddcdf265SRobert Watson 579ddcdf265SRobert Watson int mac_policy_modevent(module_t mod, int type, void *data); 580ddcdf265SRobert Watson 581ddcdf265SRobert Watson #define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] 582ddcdf265SRobert Watson 583ddcdf265SRobert Watson #endif /* !_SYS_MAC_POLICY_H */ 584