xref: /freebsd/sys/security/mac/mac_priv.c (revision 91061084d116fcbbcb1c1f17aad7d520b41c473b) 
1800c9408SRobert Watson /*-
2800c9408SRobert Watson  * Copyright (c) 2006 nCircle Network Security, Inc.
32087a58cSRobert Watson  * Copyright (c) 2009 Robert N. M. Watson
4800c9408SRobert Watson  * All rights reserved.
5800c9408SRobert Watson  *
6800c9408SRobert Watson  * This software was developed by Robert N. M. Watson for the TrustedBSD
7800c9408SRobert Watson  * Project under contract to nCircle Network Security, Inc.
8800c9408SRobert Watson  *
92087a58cSRobert Watson  * This software was developed at the University of Cambridge Computer
102087a58cSRobert Watson  * Laboratory with support from a grant from Google, Inc.
112087a58cSRobert Watson  *
12800c9408SRobert Watson  * Redistribution and use in source and binary forms, with or without
13800c9408SRobert Watson  * modification, are permitted provided that the following conditions
14800c9408SRobert Watson  * are met:
15800c9408SRobert Watson  * 1. Redistributions of source code must retain the above copyright
16800c9408SRobert Watson  *    notice, this list of conditions and the following disclaimer.
17800c9408SRobert Watson  * 2. Redistributions in binary form must reproduce the above copyright
18800c9408SRobert Watson  *    notice, this list of conditions and the following disclaimer in the
19800c9408SRobert Watson  *    documentation and/or other materials provided with the distribution.
20800c9408SRobert Watson  *
21800c9408SRobert Watson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22800c9408SRobert Watson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23800c9408SRobert Watson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24800c9408SRobert Watson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
25800c9408SRobert Watson  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26800c9408SRobert Watson  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
27800c9408SRobert Watson  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
28800c9408SRobert Watson  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
29800c9408SRobert Watson  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30800c9408SRobert Watson  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
31800c9408SRobert Watson  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32800c9408SRobert Watson  */
33800c9408SRobert Watson 
34800c9408SRobert Watson /*
35800c9408SRobert Watson  * MAC checks for system privileges.
36800c9408SRobert Watson  */
37800c9408SRobert Watson 
38c7ed8c0aSRobert Watson #include "sys/cdefs.h"
39c7ed8c0aSRobert Watson __FBSDID("$FreeBSD$");
40c7ed8c0aSRobert Watson 
41800c9408SRobert Watson #include "opt_mac.h"
42800c9408SRobert Watson 
43800c9408SRobert Watson #include <sys/param.h>
442087a58cSRobert Watson #include <sys/kernel.h>
45800c9408SRobert Watson #include <sys/priv.h>
462087a58cSRobert Watson #include <sys/sdt.h>
47800c9408SRobert Watson #include <sys/module.h>
48800c9408SRobert Watson 
49800c9408SRobert Watson #include <security/mac/mac_framework.h>
50800c9408SRobert Watson #include <security/mac/mac_internal.h>
510efd6615SRobert Watson #include <security/mac/mac_policy.h>
52800c9408SRobert Watson 
5323c3d46aSRobert Watson /*
5423c3d46aSRobert Watson  * The MAC Framework interacts with kernel privilege checks in two ways: it
5523c3d46aSRobert Watson  * may restrict the granting of privilege to a subject, and it may grant
5623c3d46aSRobert Watson  * additional privileges to the subject.  Policies may implement none, one,
5723c3d46aSRobert Watson  * or both of these entry points.  Restriction of privilege by any policy
5823c3d46aSRobert Watson  * always overrides granting of privilege by any policy or other privilege
5923c3d46aSRobert Watson  * mechanism.  See kern_priv.c:priv_check_cred() for details of the
6023c3d46aSRobert Watson  * composition.
6123c3d46aSRobert Watson  */
6223c3d46aSRobert Watson 
632087a58cSRobert Watson MAC_CHECK_PROBE_DEFINE2(priv_check, "struct ucred *", "int");
642087a58cSRobert Watson 
6523c3d46aSRobert Watson /*
6623c3d46aSRobert Watson  * Restrict access to a privilege for a credential.  Return failure if any
6723c3d46aSRobert Watson  * policy denies access.
6823c3d46aSRobert Watson  */
69800c9408SRobert Watson int
70*91061084SMateusz Guzik mac_priv_check_impl(struct ucred *cred, int priv)
71800c9408SRobert Watson {
72800c9408SRobert Watson 	int error;
73800c9408SRobert Watson 
74fa765671SRobert Watson 	MAC_POLICY_CHECK_NOSLEEP(priv_check, cred, priv);
752087a58cSRobert Watson 	MAC_CHECK_PROBE2(priv_check, error, cred, priv);
76800c9408SRobert Watson 
77800c9408SRobert Watson 	return (error);
78800c9408SRobert Watson }
79800c9408SRobert Watson 
802087a58cSRobert Watson MAC_GRANT_PROBE_DEFINE2(priv_grant, "struct ucred *", "int");
812087a58cSRobert Watson 
8223c3d46aSRobert Watson /*
8323c3d46aSRobert Watson  * Grant access to a privilege for a credential.  Return success if any
8423c3d46aSRobert Watson  * policy grants access.
8523c3d46aSRobert Watson  */
86800c9408SRobert Watson int
87*91061084SMateusz Guzik mac_priv_grant_impl(struct ucred *cred, int priv)
88800c9408SRobert Watson {
89800c9408SRobert Watson 	int error;
90800c9408SRobert Watson 
91fa765671SRobert Watson 	MAC_POLICY_GRANT_NOSLEEP(priv_grant, cred, priv);
922087a58cSRobert Watson 	MAC_GRANT_PROBE2(priv_grant, error, cred, priv);
93800c9408SRobert Watson 
94800c9408SRobert Watson 	return (error);
95800c9408SRobert Watson }
96