xref: /freebsd/sys/security/mac/mac_system.c (revision c14d15ae3eb84fc6db4c95414c7a051a05ebe2a1) 
17bc82500SRobert Watson /*-
26bd11732SRobert Watson  * Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
3c14d15aeSRobert Watson  * Copyright (c) 2007 Robert N. M. Watson
47bc82500SRobert Watson  * All rights reserved.
57bc82500SRobert Watson  *
66201265bSRobert Watson  * This software was developed for the FreeBSD Project in part by Network
76201265bSRobert Watson  * Associates Laboratories, the Security Research Division of Network
86201265bSRobert Watson  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
96201265bSRobert Watson  * as part of the DARPA CHATS research program.
107bc82500SRobert Watson  *
11c14d15aeSRobert Watson  * Portions of this software were developed by Robert Watson for the
12c14d15aeSRobert Watson  * TrustedBSD Project.
13c14d15aeSRobert Watson  *
147bc82500SRobert Watson  * Redistribution and use in source and binary forms, with or without
157bc82500SRobert Watson  * modification, are permitted provided that the following conditions
167bc82500SRobert Watson  * are met:
177bc82500SRobert Watson  * 1. Redistributions of source code must retain the above copyright
187bc82500SRobert Watson  *    notice, this list of conditions and the following disclaimer.
197bc82500SRobert Watson  * 2. Redistributions in binary form must reproduce the above copyright
207bc82500SRobert Watson  *    notice, this list of conditions and the following disclaimer in the
217bc82500SRobert Watson  *    documentation and/or other materials provided with the distribution.
227bc82500SRobert Watson  *
237bc82500SRobert Watson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
247bc82500SRobert Watson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
257bc82500SRobert Watson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
267bc82500SRobert Watson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
277bc82500SRobert Watson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
287bc82500SRobert Watson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
297bc82500SRobert Watson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
307bc82500SRobert Watson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
317bc82500SRobert Watson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
327bc82500SRobert Watson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
337bc82500SRobert Watson  * SUCH DAMAGE.
347bc82500SRobert Watson  */
35677b542eSDavid E. O'Brien 
36c14d15aeSRobert Watson /*
37c14d15aeSRobert Watson  * MAC Framework entry points relating to overall operation of system,
38c14d15aeSRobert Watson  * including global services such as the kernel environment and loadable
39c14d15aeSRobert Watson  * modules.
40c14d15aeSRobert Watson  *
41c14d15aeSRobert Watson  * System checks often align with existing privilege checks, but provide
42c14d15aeSRobert Watson  * additional security context that may be relevant to policies, such as the
43c14d15aeSRobert Watson  * specific object being operated on.
44c14d15aeSRobert Watson  */
45c14d15aeSRobert Watson 
46677b542eSDavid E. O'Brien #include <sys/cdefs.h>
47677b542eSDavid E. O'Brien __FBSDID("$FreeBSD$");
48677b542eSDavid E. O'Brien 
497bc82500SRobert Watson #include "opt_mac.h"
50f9d0d524SRobert Watson 
517bc82500SRobert Watson #include <sys/param.h>
5295fab37eSRobert Watson #include <sys/kernel.h>
5395fab37eSRobert Watson #include <sys/lock.h>
54b656366bSBruce Evans #include <sys/malloc.h>
555dba30f1SPoul-Henning Kamp #include <sys/module.h>
5695fab37eSRobert Watson #include <sys/mutex.h>
5795fab37eSRobert Watson #include <sys/systm.h>
5895fab37eSRobert Watson #include <sys/vnode.h>
5995fab37eSRobert Watson #include <sys/sysctl.h>
6095fab37eSRobert Watson 
61aed55708SRobert Watson #include <security/mac/mac_framework.h>
626bd11732SRobert Watson #include <security/mac/mac_internal.h>
630efd6615SRobert Watson #include <security/mac/mac_policy.h>
6495fab37eSRobert Watson 
6595fab37eSRobert Watson int
66e686e5aeSRobert Watson mac_check_kenv_dump(struct ucred *cred)
67e686e5aeSRobert Watson {
68e686e5aeSRobert Watson 	int error;
69e686e5aeSRobert Watson 
70e686e5aeSRobert Watson 	MAC_CHECK(check_kenv_dump, cred);
71e686e5aeSRobert Watson 
72e686e5aeSRobert Watson 	return (error);
73e686e5aeSRobert Watson }
74e686e5aeSRobert Watson 
75e686e5aeSRobert Watson int
76e686e5aeSRobert Watson mac_check_kenv_get(struct ucred *cred, char *name)
77e686e5aeSRobert Watson {
78e686e5aeSRobert Watson 	int error;
79e686e5aeSRobert Watson 
80e686e5aeSRobert Watson 	MAC_CHECK(check_kenv_get, cred, name);
81e686e5aeSRobert Watson 
82e686e5aeSRobert Watson 	return (error);
83e686e5aeSRobert Watson }
84e686e5aeSRobert Watson 
85e686e5aeSRobert Watson int
86e686e5aeSRobert Watson mac_check_kenv_set(struct ucred *cred, char *name, char *value)
87e686e5aeSRobert Watson {
88e686e5aeSRobert Watson 	int error;
89e686e5aeSRobert Watson 
90e686e5aeSRobert Watson 	MAC_CHECK(check_kenv_set, cred, name, value);
91e686e5aeSRobert Watson 
92e686e5aeSRobert Watson 	return (error);
93e686e5aeSRobert Watson }
94e686e5aeSRobert Watson 
95e686e5aeSRobert Watson int
96e686e5aeSRobert Watson mac_check_kenv_unset(struct ucred *cred, char *name)
97e686e5aeSRobert Watson {
98e686e5aeSRobert Watson 	int error;
99e686e5aeSRobert Watson 
100e686e5aeSRobert Watson 	MAC_CHECK(check_kenv_unset, cred, name);
101e686e5aeSRobert Watson 
102e686e5aeSRobert Watson 	return (error);
103e686e5aeSRobert Watson }
104e686e5aeSRobert Watson 
105e686e5aeSRobert Watson int
106a3df768bSRobert Watson mac_check_kld_load(struct ucred *cred, struct vnode *vp)
107a3df768bSRobert Watson {
108a3df768bSRobert Watson 	int error;
109a3df768bSRobert Watson 
110a3df768bSRobert Watson 	ASSERT_VOP_LOCKED(vp, "mac_check_kld_load");
111a3df768bSRobert Watson 
112eca8a663SRobert Watson 	MAC_CHECK(check_kld_load, cred, vp, vp->v_label);
113a3df768bSRobert Watson 
114a3df768bSRobert Watson 	return (error);
115a3df768bSRobert Watson }
116a3df768bSRobert Watson 
117a3df768bSRobert Watson int
118a3df768bSRobert Watson mac_check_kld_stat(struct ucred *cred)
119a3df768bSRobert Watson {
120a3df768bSRobert Watson 	int error;
121a3df768bSRobert Watson 
122a3df768bSRobert Watson 	MAC_CHECK(check_kld_stat, cred);
123a3df768bSRobert Watson 
124a3df768bSRobert Watson 	return (error);
125a3df768bSRobert Watson }
126a3df768bSRobert Watson 
127a3df768bSRobert Watson int
128e5e820fdSRobert Watson mac_check_system_acct(struct ucred *cred, struct vnode *vp)
129e5e820fdSRobert Watson {
130e5e820fdSRobert Watson 	int error;
131e5e820fdSRobert Watson 
132e5e820fdSRobert Watson 	if (vp != NULL) {
133e5e820fdSRobert Watson 		ASSERT_VOP_LOCKED(vp, "mac_check_system_acct");
134e5e820fdSRobert Watson 	}
135e5e820fdSRobert Watson 
136e5e820fdSRobert Watson 	MAC_CHECK(check_system_acct, cred, vp,
137eca8a663SRobert Watson 	    vp != NULL ? vp->v_label : NULL);
138e5e820fdSRobert Watson 
139e5e820fdSRobert Watson 	return (error);
140e5e820fdSRobert Watson }
141e5e820fdSRobert Watson 
142e5e820fdSRobert Watson int
143a2ecb9b7SRobert Watson mac_check_system_reboot(struct ucred *cred, int howto)
144a2ecb9b7SRobert Watson {
145a2ecb9b7SRobert Watson 	int error;
146a2ecb9b7SRobert Watson 
147a2ecb9b7SRobert Watson 	MAC_CHECK(check_system_reboot, cred, howto);
1489e913ebdSRobert Watson 
149a2ecb9b7SRobert Watson 	return (error);
150a2ecb9b7SRobert Watson }
151a2ecb9b7SRobert Watson 
152a2ecb9b7SRobert Watson int
15303ce2c0cSRobert Watson mac_check_system_swapon(struct ucred *cred, struct vnode *vp)
15403ce2c0cSRobert Watson {
15503ce2c0cSRobert Watson 	int error;
15603ce2c0cSRobert Watson 
15703ce2c0cSRobert Watson 	ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon");
15803ce2c0cSRobert Watson 
159eca8a663SRobert Watson 	MAC_CHECK(check_system_swapon, cred, vp, vp->v_label);
16003ce2c0cSRobert Watson 	return (error);
16103ce2c0cSRobert Watson }
16203ce2c0cSRobert Watson 
16303ce2c0cSRobert Watson int
1641b2c2ab2SRobert Watson mac_check_system_swapoff(struct ucred *cred, struct vnode *vp)
1651b2c2ab2SRobert Watson {
1661b2c2ab2SRobert Watson 	int error;
1671b2c2ab2SRobert Watson 
1681b2c2ab2SRobert Watson 	ASSERT_VOP_LOCKED(vp, "mac_check_system_swapoff");
1691b2c2ab2SRobert Watson 
170eca8a663SRobert Watson 	MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label);
1711b2c2ab2SRobert Watson 	return (error);
1721b2c2ab2SRobert Watson }
1731b2c2ab2SRobert Watson 
1741b2c2ab2SRobert Watson int
175c14d15aeSRobert Watson mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
176c14d15aeSRobert Watson     void *arg1, int arg2, struct sysctl_req *req)
177d3fc69eeSRobert Watson {
178d3fc69eeSRobert Watson 	int error;
179d3fc69eeSRobert Watson 
180d3fc69eeSRobert Watson 	/*
181578994bbSChristian S.J. Peron 	 * XXXMAC: We would very much like to assert the SYSCTL_LOCK here,
182d3fc69eeSRobert Watson 	 * but since it's not exported from kern_sysctl.c, we can't.
183d3fc69eeSRobert Watson 	 */
18463dba32bSPawel Jakub Dawidek 	MAC_CHECK(check_system_sysctl, cred, oidp, arg1, arg2, req);
185d3fc69eeSRobert Watson 
186d3fc69eeSRobert Watson 	return (error);
187d3fc69eeSRobert Watson }
188