1 /*- 2 * Copyright (c) 1999-2002, 2009 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2005 McAfee, Inc. 5 * Copyright (c) 2005-2006 SPARTA, Inc. 6 * Copyright (c) 2008 Apple Inc. 7 * All rights reserved. 8 * 9 * This software was developed by Robert Watson and Ilmar Habibulin for the 10 * TrustedBSD Project. 11 * 12 * This software was developed for the FreeBSD Project in part by McAfee 13 * Research, the Security Research Division of McAfee, Inc. under 14 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 15 * CHATS research program. 16 * 17 * This software was enhanced by SPARTA ISSO under SPAWAR contract 18 * N66001-04-C-6019 ("SEFOS"). 19 * 20 * This software was developed at the University of Cambridge Computer 21 * Laboratory with support from a grant from Google, Inc. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the above copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 32 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 33 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 34 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 35 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 36 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 37 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 38 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 40 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 41 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 42 * SUCH DAMAGE. 43 */ 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include "opt_mac.h" 49 50 #include <sys/param.h> 51 #include <sys/condvar.h> 52 #include <sys/extattr.h> 53 #include <sys/imgact.h> 54 #include <sys/kernel.h> 55 #include <sys/lock.h> 56 #include <sys/malloc.h> 57 #include <sys/mutex.h> 58 #include <sys/proc.h> 59 #include <sys/sbuf.h> 60 #include <sys/systm.h> 61 #include <sys/vnode.h> 62 #include <sys/mount.h> 63 #include <sys/file.h> 64 #include <sys/namei.h> 65 #include <sys/sdt.h> 66 #include <sys/sysctl.h> 67 68 #include <vm/vm.h> 69 #include <vm/pmap.h> 70 #include <vm/vm_map.h> 71 #include <vm/vm_object.h> 72 73 #include <fs/devfs/devfs.h> 74 75 #include <security/mac/mac_framework.h> 76 #include <security/mac/mac_internal.h> 77 #include <security/mac/mac_policy.h> 78 79 /* 80 * Warn about EA transactions only the first time they happen. No locking on 81 * this variable. 82 */ 83 static int ea_warn_once = 0; 84 85 static int mac_vnode_setlabel_extattr(struct ucred *cred, 86 struct vnode *vp, struct label *intlabel); 87 88 static struct label * 89 mac_devfs_label_alloc(void) 90 { 91 struct label *label; 92 93 label = mac_labelzone_alloc(M_WAITOK); 94 MAC_POLICY_PERFORM(devfs_init_label, label); 95 return (label); 96 } 97 98 void 99 mac_devfs_init(struct devfs_dirent *de) 100 { 101 102 if (mac_labeled & MPC_OBJECT_DEVFS) 103 de->de_label = mac_devfs_label_alloc(); 104 else 105 de->de_label = NULL; 106 } 107 108 static struct label * 109 mac_mount_label_alloc(void) 110 { 111 struct label *label; 112 113 label = mac_labelzone_alloc(M_WAITOK); 114 MAC_POLICY_PERFORM(mount_init_label, label); 115 return (label); 116 } 117 118 void 119 mac_mount_init(struct mount *mp) 120 { 121 122 if (mac_labeled & MPC_OBJECT_MOUNT) 123 mp->mnt_label = mac_mount_label_alloc(); 124 else 125 mp->mnt_label = NULL; 126 } 127 128 struct label * 129 mac_vnode_label_alloc(void) 130 { 131 struct label *label; 132 133 label = mac_labelzone_alloc(M_WAITOK); 134 MAC_POLICY_PERFORM(vnode_init_label, label); 135 return (label); 136 } 137 138 void 139 mac_vnode_init(struct vnode *vp) 140 { 141 142 if (mac_labeled & MPC_OBJECT_VNODE) 143 vp->v_label = mac_vnode_label_alloc(); 144 else 145 vp->v_label = NULL; 146 } 147 148 static void 149 mac_devfs_label_free(struct label *label) 150 { 151 152 MAC_POLICY_PERFORM_NOSLEEP(devfs_destroy_label, label); 153 mac_labelzone_free(label); 154 } 155 156 void 157 mac_devfs_destroy(struct devfs_dirent *de) 158 { 159 160 if (de->de_label != NULL) { 161 mac_devfs_label_free(de->de_label); 162 de->de_label = NULL; 163 } 164 } 165 166 static void 167 mac_mount_label_free(struct label *label) 168 { 169 170 MAC_POLICY_PERFORM_NOSLEEP(mount_destroy_label, label); 171 mac_labelzone_free(label); 172 } 173 174 void 175 mac_mount_destroy(struct mount *mp) 176 { 177 178 if (mp->mnt_label != NULL) { 179 mac_mount_label_free(mp->mnt_label); 180 mp->mnt_label = NULL; 181 } 182 } 183 184 void 185 mac_vnode_label_free(struct label *label) 186 { 187 188 MAC_POLICY_PERFORM_NOSLEEP(vnode_destroy_label, label); 189 mac_labelzone_free(label); 190 } 191 192 void 193 mac_vnode_destroy(struct vnode *vp) 194 { 195 196 if (vp->v_label != NULL) { 197 mac_vnode_label_free(vp->v_label); 198 vp->v_label = NULL; 199 } 200 } 201 202 void 203 mac_vnode_copy_label(struct label *src, struct label *dest) 204 { 205 206 MAC_POLICY_PERFORM_NOSLEEP(vnode_copy_label, src, dest); 207 } 208 209 int 210 mac_vnode_externalize_label(struct label *label, char *elements, 211 char *outbuf, size_t outbuflen) 212 { 213 int error; 214 215 MAC_POLICY_EXTERNALIZE(vnode, label, elements, outbuf, outbuflen); 216 217 return (error); 218 } 219 220 int 221 mac_vnode_internalize_label(struct label *label, char *string) 222 { 223 int error; 224 225 MAC_POLICY_INTERNALIZE(vnode, label, string); 226 227 return (error); 228 } 229 230 void 231 mac_devfs_update(struct mount *mp, struct devfs_dirent *de, struct vnode *vp) 232 { 233 234 MAC_POLICY_PERFORM_NOSLEEP(devfs_update, mp, de, de->de_label, vp, 235 vp->v_label); 236 } 237 238 void 239 mac_devfs_vnode_associate(struct mount *mp, struct devfs_dirent *de, 240 struct vnode *vp) 241 { 242 243 MAC_POLICY_PERFORM_NOSLEEP(devfs_vnode_associate, mp, mp->mnt_label, 244 de, de->de_label, vp, vp->v_label); 245 } 246 247 int 248 mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp) 249 { 250 int error; 251 252 ASSERT_VOP_LOCKED(vp, "mac_vnode_associate_extattr"); 253 254 MAC_POLICY_CHECK(vnode_associate_extattr, mp, mp->mnt_label, vp, 255 vp->v_label); 256 257 return (error); 258 } 259 260 void 261 mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp) 262 { 263 264 MAC_POLICY_PERFORM_NOSLEEP(vnode_associate_singlelabel, mp, 265 mp->mnt_label, vp, vp->v_label); 266 } 267 268 /* 269 * Functions implementing extended-attribute backed labels for file systems 270 * that support it. 271 * 272 * Where possible, we use EA transactions to make writes to multiple 273 * attributes across difference policies mutually atomic. We allow work to 274 * continue on file systems not supporting EA transactions, but generate a 275 * printf warning. 276 */ 277 int 278 mac_vnode_create_extattr(struct ucred *cred, struct mount *mp, 279 struct vnode *dvp, struct vnode *vp, struct componentname *cnp) 280 { 281 int error; 282 283 ASSERT_VOP_LOCKED(dvp, "mac_vnode_create_extattr"); 284 ASSERT_VOP_LOCKED(vp, "mac_vnode_create_extattr"); 285 286 error = VOP_OPENEXTATTR(vp, cred, curthread); 287 if (error == EOPNOTSUPP) { 288 if (ea_warn_once == 0) { 289 printf("Warning: transactions not supported " 290 "in EA write.\n"); 291 ea_warn_once = 1; 292 } 293 } else if (error) 294 return (error); 295 296 MAC_POLICY_CHECK(vnode_create_extattr, cred, mp, mp->mnt_label, dvp, 297 dvp->v_label, vp, vp->v_label, cnp); 298 299 if (error) { 300 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread); 301 return (error); 302 } 303 304 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread); 305 if (error == EOPNOTSUPP) 306 error = 0; 307 308 return (error); 309 } 310 311 static int 312 mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 313 struct label *intlabel) 314 { 315 int error; 316 317 ASSERT_VOP_LOCKED(vp, "mac_vnode_setlabel_extattr"); 318 319 error = VOP_OPENEXTATTR(vp, cred, curthread); 320 if (error == EOPNOTSUPP) { 321 if (ea_warn_once == 0) { 322 printf("Warning: transactions not supported " 323 "in EA write.\n"); 324 ea_warn_once = 1; 325 } 326 } else if (error) 327 return (error); 328 329 MAC_POLICY_CHECK(vnode_setlabel_extattr, cred, vp, vp->v_label, 330 intlabel); 331 332 if (error) { 333 VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread); 334 return (error); 335 } 336 337 error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread); 338 if (error == EOPNOTSUPP) 339 error = 0; 340 341 return (error); 342 } 343 344 void 345 mac_vnode_execve_transition(struct ucred *old, struct ucred *new, 346 struct vnode *vp, struct label *interpvplabel, struct image_params *imgp) 347 { 348 349 ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition"); 350 351 MAC_POLICY_PERFORM(vnode_execve_transition, old, new, vp, 352 vp->v_label, interpvplabel, imgp, imgp->execlabel); 353 } 354 355 int 356 mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 357 struct label *interpvplabel, struct image_params *imgp) 358 { 359 int result; 360 361 ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_will_transition"); 362 363 result = 0; 364 /* No sleeping since the process lock will be held by the caller. */ 365 MAC_POLICY_BOOLEAN_NOSLEEP(vnode_execve_will_transition, ||, old, vp, 366 vp->v_label, interpvplabel, imgp, imgp->execlabel); 367 368 return (result); 369 } 370 371 MAC_CHECK_PROBE_DEFINE3(vnode_check_access, "struct ucred *", 372 "struct vnode *", "accmode_t"); 373 374 int 375 mac_vnode_check_access_impl(struct ucred *cred, struct vnode *vp, accmode_t accmode) 376 { 377 int error; 378 379 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access"); 380 381 MAC_POLICY_CHECK(vnode_check_access, cred, vp, vp->v_label, accmode); 382 MAC_CHECK_PROBE3(vnode_check_access, error, cred, vp, accmode); 383 384 return (error); 385 } 386 387 MAC_CHECK_PROBE_DEFINE2(vnode_check_chdir, "struct ucred *", 388 "struct vnode *"); 389 390 int 391 mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp) 392 { 393 int error; 394 395 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_chdir"); 396 397 MAC_POLICY_CHECK(vnode_check_chdir, cred, dvp, dvp->v_label); 398 MAC_CHECK_PROBE2(vnode_check_chdir, error, cred, dvp); 399 400 return (error); 401 } 402 403 MAC_CHECK_PROBE_DEFINE2(vnode_check_chroot, "struct ucred *", 404 "struct vnode *"); 405 406 int 407 mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp) 408 { 409 int error; 410 411 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_chroot"); 412 413 MAC_POLICY_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label); 414 MAC_CHECK_PROBE2(vnode_check_chroot, error, cred, dvp); 415 416 return (error); 417 } 418 419 MAC_CHECK_PROBE_DEFINE4(vnode_check_create, "struct ucred *", 420 "struct vnode *", "struct componentname *", "struct vattr *"); 421 422 int 423 mac_vnode_check_create(struct ucred *cred, struct vnode *dvp, 424 struct componentname *cnp, struct vattr *vap) 425 { 426 int error; 427 428 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_create"); 429 430 MAC_POLICY_CHECK(vnode_check_create, cred, dvp, dvp->v_label, cnp, 431 vap); 432 MAC_CHECK_PROBE4(vnode_check_create, error, cred, dvp, cnp, vap); 433 434 return (error); 435 } 436 437 MAC_CHECK_PROBE_DEFINE3(vnode_check_deleteacl, "struct ucred *", 438 "struct vnode *", "acl_type_t"); 439 440 int 441 mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 442 acl_type_t type) 443 { 444 int error; 445 446 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteacl"); 447 448 MAC_POLICY_CHECK(vnode_check_deleteacl, cred, vp, vp->v_label, type); 449 MAC_CHECK_PROBE3(vnode_check_deleteacl, error, cred, vp, type); 450 451 return (error); 452 } 453 454 MAC_CHECK_PROBE_DEFINE4(vnode_check_deleteextattr, "struct ucred *", 455 "struct vnode *", "int", "const char *"); 456 457 int 458 mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 459 int attrnamespace, const char *name) 460 { 461 int error; 462 463 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteextattr"); 464 465 MAC_POLICY_CHECK(vnode_check_deleteextattr, cred, vp, vp->v_label, 466 attrnamespace, name); 467 MAC_CHECK_PROBE4(vnode_check_deleteextattr, error, cred, vp, 468 attrnamespace, name); 469 470 return (error); 471 } 472 473 MAC_CHECK_PROBE_DEFINE3(vnode_check_exec, "struct ucred *", "struct vnode *", 474 "struct image_params *"); 475 476 int 477 mac_vnode_check_exec(struct ucred *cred, struct vnode *vp, 478 struct image_params *imgp) 479 { 480 int error; 481 482 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_exec"); 483 484 MAC_POLICY_CHECK(vnode_check_exec, cred, vp, vp->v_label, imgp, 485 imgp->execlabel); 486 MAC_CHECK_PROBE3(vnode_check_exec, error, cred, vp, imgp); 487 488 return (error); 489 } 490 491 MAC_CHECK_PROBE_DEFINE3(vnode_check_getacl, "struct ucred *", 492 "struct vnode *", "acl_type_t"); 493 494 int 495 mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type) 496 { 497 int error; 498 499 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getacl"); 500 501 MAC_POLICY_CHECK(vnode_check_getacl, cred, vp, vp->v_label, type); 502 MAC_CHECK_PROBE3(vnode_check_getacl, error, cred, vp, type); 503 504 return (error); 505 } 506 507 MAC_CHECK_PROBE_DEFINE4(vnode_check_getextattr, "struct ucred *", 508 "struct vnode *", "int", "const char *"); 509 510 int 511 mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 512 int attrnamespace, const char *name) 513 { 514 int error; 515 516 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getextattr"); 517 518 MAC_POLICY_CHECK(vnode_check_getextattr, cred, vp, vp->v_label, 519 attrnamespace, name); 520 MAC_CHECK_PROBE4(vnode_check_getextattr, error, cred, vp, 521 attrnamespace, name); 522 523 return (error); 524 } 525 526 MAC_CHECK_PROBE_DEFINE4(vnode_check_link, "struct ucred *", "struct vnode *", 527 "struct vnode *", "struct componentname *"); 528 529 int 530 mac_vnode_check_link(struct ucred *cred, struct vnode *dvp, 531 struct vnode *vp, struct componentname *cnp) 532 { 533 int error; 534 535 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_link"); 536 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_link"); 537 538 MAC_POLICY_CHECK(vnode_check_link, cred, dvp, dvp->v_label, vp, 539 vp->v_label, cnp); 540 MAC_CHECK_PROBE4(vnode_check_link, error, cred, dvp, vp, cnp); 541 542 return (error); 543 } 544 545 MAC_CHECK_PROBE_DEFINE3(vnode_check_listextattr, "struct ucred *", 546 "struct vnode *", "int"); 547 548 int 549 mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 550 int attrnamespace) 551 { 552 int error; 553 554 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_listextattr"); 555 556 MAC_POLICY_CHECK(vnode_check_listextattr, cred, vp, vp->v_label, 557 attrnamespace); 558 MAC_CHECK_PROBE3(vnode_check_listextattr, error, cred, vp, 559 attrnamespace); 560 561 return (error); 562 } 563 564 MAC_CHECK_PROBE_DEFINE3(vnode_check_lookup, "struct ucred *", 565 "struct vnode *", "struct componentname *"); 566 567 int 568 mac_vnode_check_lookup_impl(struct ucred *cred, struct vnode *dvp, 569 struct componentname *cnp) 570 { 571 int error; 572 573 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_lookup"); 574 575 if ((cnp->cn_flags & NOMACCHECK) != 0) 576 return (0); 577 MAC_POLICY_CHECK(vnode_check_lookup, cred, dvp, dvp->v_label, cnp); 578 MAC_CHECK_PROBE3(vnode_check_lookup, error, cred, dvp, cnp); 579 580 return (error); 581 } 582 583 MAC_CHECK_PROBE_DEFINE4(vnode_check_mmap, "struct ucred *", "struct vnode *", 584 "int", "int"); 585 586 int 587 mac_vnode_check_mmap_impl(struct ucred *cred, struct vnode *vp, int prot, 588 int flags) 589 { 590 int error; 591 592 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap"); 593 594 MAC_POLICY_CHECK(vnode_check_mmap, cred, vp, vp->v_label, prot, flags); 595 MAC_CHECK_PROBE4(vnode_check_mmap, error, cred, vp, prot, flags); 596 597 return (error); 598 } 599 600 void 601 mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, 602 int *prot) 603 { 604 int result = *prot; 605 606 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap_downgrade"); 607 608 MAC_POLICY_PERFORM(vnode_check_mmap_downgrade, cred, vp, vp->v_label, 609 &result); 610 611 *prot = result; 612 } 613 614 MAC_CHECK_PROBE_DEFINE3(vnode_check_mprotect, "struct ucred *", 615 "struct vnode *", "int"); 616 617 int 618 mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot) 619 { 620 int error; 621 622 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mprotect"); 623 624 MAC_POLICY_CHECK(vnode_check_mprotect, cred, vp, vp->v_label, prot); 625 MAC_CHECK_PROBE3(vnode_check_mprotect, error, cred, vp, prot); 626 627 return (error); 628 } 629 630 MAC_CHECK_PROBE_DEFINE3(vnode_check_open, "struct ucred *", "struct vnode *", 631 "accmode_t"); 632 633 int 634 mac_vnode_check_open_impl(struct ucred *cred, struct vnode *vp, accmode_t accmode) 635 { 636 int error; 637 638 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_open"); 639 640 MAC_POLICY_CHECK(vnode_check_open, cred, vp, vp->v_label, accmode); 641 MAC_CHECK_PROBE3(vnode_check_open, error, cred, vp, accmode); 642 643 return (error); 644 } 645 646 MAC_CHECK_PROBE_DEFINE3(vnode_check_poll, "struct ucred *", "struct ucred *", 647 "struct vnode *"); 648 649 int 650 mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 651 struct vnode *vp) 652 { 653 int error; 654 655 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_poll"); 656 657 MAC_POLICY_CHECK(vnode_check_poll, active_cred, file_cred, vp, 658 vp->v_label); 659 MAC_CHECK_PROBE3(vnode_check_poll, error, active_cred, file_cred, 660 vp); 661 662 return (error); 663 } 664 665 MAC_CHECK_PROBE_DEFINE3(vnode_check_read, "struct ucred *", "struct ucred *", 666 "struct vnode *"); 667 668 int 669 mac_vnode_check_read_impl(struct ucred *active_cred, struct ucred *file_cred, 670 struct vnode *vp) 671 { 672 int error; 673 674 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_read"); 675 676 MAC_POLICY_CHECK(vnode_check_read, active_cred, file_cred, vp, 677 vp->v_label); 678 MAC_CHECK_PROBE3(vnode_check_read, error, active_cred, file_cred, 679 vp); 680 681 return (error); 682 } 683 684 MAC_CHECK_PROBE_DEFINE2(vnode_check_readdir, "struct ucred *", 685 "struct vnode *"); 686 687 int 688 mac_vnode_check_readdir(struct ucred *cred, struct vnode *dvp) 689 { 690 int error; 691 692 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_readdir"); 693 694 MAC_POLICY_CHECK(vnode_check_readdir, cred, dvp, dvp->v_label); 695 MAC_CHECK_PROBE2(vnode_check_readdir, error, cred, dvp); 696 697 return (error); 698 } 699 700 MAC_CHECK_PROBE_DEFINE2(vnode_check_readlink, "struct ucred *", 701 "struct vnode *"); 702 703 int 704 mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp) 705 { 706 int error; 707 708 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_readlink"); 709 710 MAC_POLICY_CHECK(vnode_check_readlink, cred, vp, vp->v_label); 711 MAC_CHECK_PROBE2(vnode_check_readlink, error, cred, vp); 712 713 return (error); 714 } 715 716 MAC_CHECK_PROBE_DEFINE3(vnode_check_relabel, "struct ucred *", 717 "struct vnode *", "struct label *"); 718 719 static int 720 mac_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 721 struct label *newlabel) 722 { 723 int error; 724 725 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_relabel"); 726 727 MAC_POLICY_CHECK(vnode_check_relabel, cred, vp, vp->v_label, newlabel); 728 MAC_CHECK_PROBE3(vnode_check_relabel, error, cred, vp, newlabel); 729 730 return (error); 731 } 732 733 MAC_CHECK_PROBE_DEFINE4(vnode_check_rename_from, "struct ucred *", 734 "struct vnode *", "struct vnode *", "struct componentname *"); 735 736 int 737 mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 738 struct vnode *vp, struct componentname *cnp) 739 { 740 int error; 741 742 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_rename_from"); 743 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_from"); 744 745 MAC_POLICY_CHECK(vnode_check_rename_from, cred, dvp, dvp->v_label, vp, 746 vp->v_label, cnp); 747 MAC_CHECK_PROBE4(vnode_check_rename_from, error, cred, dvp, vp, cnp); 748 749 return (error); 750 } 751 752 MAC_CHECK_PROBE_DEFINE4(vnode_check_rename_to, "struct ucred *", 753 "struct vnode *", "struct vnode *", "struct componentname *"); 754 755 int 756 mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 757 struct vnode *vp, int samedir, struct componentname *cnp) 758 { 759 int error; 760 761 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_rename_to"); 762 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_to"); 763 764 MAC_POLICY_CHECK(vnode_check_rename_to, cred, dvp, dvp->v_label, vp, 765 vp != NULL ? vp->v_label : NULL, samedir, cnp); 766 MAC_CHECK_PROBE4(vnode_check_rename_to, error, cred, dvp, vp, cnp); 767 return (error); 768 } 769 770 MAC_CHECK_PROBE_DEFINE2(vnode_check_revoke, "struct ucred *", 771 "struct vnode *"); 772 773 int 774 mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp) 775 { 776 int error; 777 778 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_revoke"); 779 780 MAC_POLICY_CHECK(vnode_check_revoke, cred, vp, vp->v_label); 781 MAC_CHECK_PROBE2(vnode_check_revoke, error, cred, vp); 782 783 return (error); 784 } 785 786 MAC_CHECK_PROBE_DEFINE4(vnode_check_setacl, "struct ucred *", 787 "struct vnode *", "acl_type_t", "struct acl *"); 788 789 int 790 mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type, 791 struct acl *acl) 792 { 793 int error; 794 795 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setacl"); 796 797 MAC_POLICY_CHECK(vnode_check_setacl, cred, vp, vp->v_label, type, acl); 798 MAC_CHECK_PROBE4(vnode_check_setacl, error, cred, vp, type, acl); 799 800 return (error); 801 } 802 803 MAC_CHECK_PROBE_DEFINE4(vnode_check_setextattr, "struct ucred *", 804 "struct vnode *", "int", "const char *"); 805 806 int 807 mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 808 int attrnamespace, const char *name) 809 { 810 int error; 811 812 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setextattr"); 813 814 MAC_POLICY_CHECK(vnode_check_setextattr, cred, vp, vp->v_label, 815 attrnamespace, name); 816 MAC_CHECK_PROBE4(vnode_check_setextattr, error, cred, vp, 817 attrnamespace, name); 818 819 return (error); 820 } 821 822 MAC_CHECK_PROBE_DEFINE3(vnode_check_setflags, "struct ucred *", 823 "struct vnode *", "u_long"); 824 825 int 826 mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp, u_long flags) 827 { 828 int error; 829 830 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setflags"); 831 832 MAC_POLICY_CHECK(vnode_check_setflags, cred, vp, vp->v_label, flags); 833 MAC_CHECK_PROBE3(vnode_check_setflags, error, cred, vp, flags); 834 835 return (error); 836 } 837 838 MAC_CHECK_PROBE_DEFINE3(vnode_check_setmode, "struct ucred *", 839 "struct vnode *", "mode_t"); 840 841 int 842 mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp, mode_t mode) 843 { 844 int error; 845 846 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setmode"); 847 848 MAC_POLICY_CHECK(vnode_check_setmode, cred, vp, vp->v_label, mode); 849 MAC_CHECK_PROBE3(vnode_check_setmode, error, cred, vp, mode); 850 851 return (error); 852 } 853 854 MAC_CHECK_PROBE_DEFINE4(vnode_check_setowner, "struct ucred *", 855 "struct vnode *", "uid_t", "gid_t"); 856 857 int 858 mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp, uid_t uid, 859 gid_t gid) 860 { 861 int error; 862 863 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setowner"); 864 865 MAC_POLICY_CHECK(vnode_check_setowner, cred, vp, vp->v_label, uid, gid); 866 MAC_CHECK_PROBE4(vnode_check_setowner, error, cred, vp, uid, gid); 867 868 return (error); 869 } 870 871 MAC_CHECK_PROBE_DEFINE4(vnode_check_setutimes, "struct ucred *", 872 "struct vnode *", "struct timespec *", "struct timespec *"); 873 874 int 875 mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 876 struct timespec atime, struct timespec mtime) 877 { 878 int error; 879 880 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setutimes"); 881 882 MAC_POLICY_CHECK(vnode_check_setutimes, cred, vp, vp->v_label, atime, 883 mtime); 884 MAC_CHECK_PROBE4(vnode_check_setutimes, error, cred, vp, &atime, 885 &mtime); 886 887 return (error); 888 } 889 890 MAC_CHECK_PROBE_DEFINE3(vnode_check_stat, "struct ucred *", "struct ucred *", 891 "struct vnode *"); 892 893 int 894 mac_vnode_check_stat_impl(struct ucred *active_cred, struct ucred *file_cred, 895 struct vnode *vp) 896 { 897 int error; 898 899 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_stat"); 900 901 MAC_POLICY_CHECK(vnode_check_stat, active_cred, file_cred, vp, 902 vp->v_label); 903 MAC_CHECK_PROBE3(vnode_check_stat, error, active_cred, file_cred, 904 vp); 905 906 return (error); 907 } 908 909 MAC_CHECK_PROBE_DEFINE4(vnode_check_unlink, "struct ucred *", 910 "struct vnode *", "struct vnode *", "struct componentname *"); 911 912 int 913 mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 914 struct vnode *vp, struct componentname *cnp) 915 { 916 int error; 917 918 ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_unlink"); 919 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_unlink"); 920 921 MAC_POLICY_CHECK(vnode_check_unlink, cred, dvp, dvp->v_label, vp, 922 vp->v_label, cnp); 923 MAC_CHECK_PROBE4(vnode_check_unlink, error, cred, dvp, vp, cnp); 924 925 return (error); 926 } 927 928 MAC_CHECK_PROBE_DEFINE3(vnode_check_write, "struct ucred *", 929 "struct ucred *", "struct vnode *"); 930 931 int 932 mac_vnode_check_write_impl(struct ucred *active_cred, struct ucred *file_cred, 933 struct vnode *vp) 934 { 935 int error; 936 937 ASSERT_VOP_LOCKED(vp, "mac_vnode_check_write"); 938 939 MAC_POLICY_CHECK(vnode_check_write, active_cred, file_cred, vp, 940 vp->v_label); 941 MAC_CHECK_PROBE3(vnode_check_write, error, active_cred, file_cred, 942 vp); 943 944 return (error); 945 } 946 947 void 948 mac_vnode_relabel(struct ucred *cred, struct vnode *vp, 949 struct label *newlabel) 950 { 951 952 MAC_POLICY_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel); 953 } 954 955 void 956 mac_mount_create(struct ucred *cred, struct mount *mp) 957 { 958 959 MAC_POLICY_PERFORM(mount_create, cred, mp, mp->mnt_label); 960 } 961 962 MAC_CHECK_PROBE_DEFINE2(mount_check_stat, "struct ucred *", 963 "struct mount *"); 964 965 int 966 mac_mount_check_stat(struct ucred *cred, struct mount *mount) 967 { 968 int error; 969 970 MAC_POLICY_CHECK_NOSLEEP(mount_check_stat, cred, mount, mount->mnt_label); 971 MAC_CHECK_PROBE2(mount_check_stat, error, cred, mount); 972 973 return (error); 974 } 975 976 void 977 mac_devfs_create_device(struct ucred *cred, struct mount *mp, 978 struct cdev *dev, struct devfs_dirent *de) 979 { 980 981 MAC_POLICY_PERFORM_NOSLEEP(devfs_create_device, cred, mp, dev, de, 982 de->de_label); 983 } 984 985 void 986 mac_devfs_create_symlink(struct ucred *cred, struct mount *mp, 987 struct devfs_dirent *dd, struct devfs_dirent *de) 988 { 989 990 MAC_POLICY_PERFORM_NOSLEEP(devfs_create_symlink, cred, mp, dd, 991 dd->de_label, de, de->de_label); 992 } 993 994 void 995 mac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, 996 struct devfs_dirent *de) 997 { 998 999 MAC_POLICY_PERFORM_NOSLEEP(devfs_create_directory, mp, dirname, 1000 dirnamelen, de, de->de_label); 1001 } 1002 1003 /* 1004 * Implementation of VOP_SETLABEL() that relies on extended attributes to 1005 * store label data. Can be referenced by filesystems supporting extended 1006 * attributes. 1007 */ 1008 int 1009 vop_stdsetlabel_ea(struct vop_setlabel_args *ap) 1010 { 1011 struct vnode *vp = ap->a_vp; 1012 struct label *intlabel = ap->a_label; 1013 int error; 1014 1015 ASSERT_VOP_LOCKED(vp, "vop_stdsetlabel_ea"); 1016 1017 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) 1018 return (EOPNOTSUPP); 1019 1020 error = mac_vnode_setlabel_extattr(ap->a_cred, vp, intlabel); 1021 if (error) 1022 return (error); 1023 1024 mac_vnode_relabel(ap->a_cred, vp, intlabel); 1025 1026 return (0); 1027 } 1028 1029 int 1030 vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred) 1031 { 1032 int error; 1033 1034 if (vp->v_mount == NULL) { 1035 /* printf("vn_setlabel: null v_mount\n"); */ 1036 if (vp->v_type != VNON) 1037 printf("vn_setlabel: null v_mount with non-VNON\n"); 1038 return (EBADF); 1039 } 1040 1041 if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0) 1042 return (EOPNOTSUPP); 1043 1044 /* 1045 * Multi-phase commit. First check the policies to confirm the 1046 * change is OK. Then commit via the filesystem. Finally, update 1047 * the actual vnode label. 1048 * 1049 * Question: maybe the filesystem should update the vnode at the end 1050 * as part of VOP_SETLABEL()? 1051 */ 1052 error = mac_vnode_check_relabel(cred, vp, intlabel); 1053 if (error) 1054 return (error); 1055 1056 /* 1057 * VADMIN provides the opportunity for the filesystem to make 1058 * decisions about who is and is not able to modify labels and 1059 * protections on files. This might not be right. We can't assume 1060 * VOP_SETLABEL() will do it, because we might implement that as part 1061 * of vop_stdsetlabel_ea(). 1062 */ 1063 error = VOP_ACCESS(vp, VADMIN, cred, curthread); 1064 if (error) 1065 return (error); 1066 1067 error = VOP_SETLABEL(vp, intlabel, cred, curthread); 1068 if (error) 1069 return (error); 1070 1071 return (0); 1072 } 1073 1074 #ifdef DEBUG_VFS_LOCKS 1075 void 1076 mac_vnode_assert_locked(struct vnode *vp, const char *func) 1077 { 1078 1079 ASSERT_VOP_LOCKED(vp, func); 1080 } 1081 #endif 1082