1 /*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD$ 38 */ 39 40 /* 41 * Developed by the TrustedBSD Project. 42 * Limit access to interfaces until they are specifically administratively 43 * enabled. Prevents protocol stack-driven packet leakage in unsafe 44 * environments. 45 */ 46 47 #include <sys/types.h> 48 #include <sys/param.h> 49 #include <sys/conf.h> 50 #include <sys/kernel.h> 51 #include <sys/mac.h> 52 #include <sys/mount.h> 53 #include <sys/proc.h> 54 #include <sys/systm.h> 55 #include <sys/sysproto.h> 56 #include <sys/sysent.h> 57 #include <sys/vnode.h> 58 #include <sys/file.h> 59 #include <sys/socket.h> 60 #include <sys/socketvar.h> 61 #include <sys/sysctl.h> 62 63 #include <net/bpfdesc.h> 64 #include <net/if.h> 65 #include <net/if_types.h> 66 #include <net/if_var.h> 67 68 #include <vm/vm.h> 69 70 #include <sys/mac_policy.h> 71 72 SYSCTL_DECL(_security_mac); 73 74 SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW, 0, 75 "TrustedBSD mac_ifoff policy controls"); 76 77 static int mac_ifoff_enabled = 1; 78 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, enabled, CTLFLAG_RW, 79 &mac_ifoff_enabled, 0, "Enforce ifoff policy"); 80 TUNABLE_INT("security.mac.ifoff.enabled", &mac_ifoff_enabled); 81 82 static int mac_ifoff_lo_enabled = 1; 83 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, lo_enabled, CTLFLAG_RW, 84 &mac_ifoff_lo_enabled, 0, "Enable loopback interfaces"); 85 TUNABLE_INT("security.mac.ifoff.lo_enabled", &mac_ifoff_lo_enabled); 86 87 static int mac_ifoff_other_enabled = 0; 88 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, other_enabled, CTLFLAG_RW, 89 &mac_ifoff_other_enabled, 0, "Enable other interfaces"); 90 TUNABLE_INT("security.mac.ifoff.other_enabled", &mac_ifoff_other_enabled); 91 92 static int mac_ifoff_bpfrecv_enabled = 0; 93 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW, 94 &mac_ifoff_bpfrecv_enabled, 0, "Enable BPF reception even when interface " 95 "is disabled"); 96 TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &mac_ifoff_bpfrecv_enabled); 97 98 static int 99 check_ifnet_outgoing(struct ifnet *ifnet) 100 { 101 102 if (!mac_ifoff_enabled) 103 return (0); 104 105 if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP) 106 return (0); 107 108 if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP) 109 return (0); 110 111 return (EPERM); 112 } 113 114 static int 115 check_ifnet_incoming(struct ifnet *ifnet, int viabpf) 116 { 117 if (!mac_ifoff_enabled) 118 return (0); 119 120 if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP) 121 return (0); 122 123 if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP) 124 return (0); 125 126 if (viabpf && mac_ifoff_bpfrecv_enabled) 127 return (0); 128 129 return (EPERM); 130 } 131 132 static int 133 mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 134 struct ifnet *ifnet, struct label *ifnetlabel) 135 { 136 137 return (check_ifnet_incoming(ifnet, 1)); 138 } 139 140 static int 141 mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 142 struct mbuf *m, struct label *mbuflabel) 143 { 144 145 return (check_ifnet_outgoing(ifnet)); 146 } 147 148 static int 149 mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, 150 struct mbuf *m, struct label *mbuflabel) 151 { 152 153 if (m->m_flags & M_PKTHDR) { 154 if (m->m_pkthdr.rcvif != NULL) 155 return (check_ifnet_incoming(m->m_pkthdr.rcvif, 0)); 156 } 157 158 return (0); 159 } 160 161 static struct mac_policy_op_entry mac_ifoff_ops[] = 162 { 163 { MAC_CHECK_BPFDESC_RECEIVE, 164 (macop_t)mac_ifoff_check_bpfdesc_receive }, 165 { MAC_CHECK_IFNET_TRANSMIT, 166 (macop_t)mac_ifoff_check_ifnet_transmit }, 167 { MAC_CHECK_SOCKET_DELIVER, 168 (macop_t)mac_ifoff_check_socket_deliver }, 169 { MAC_OP_LAST, NULL } 170 }; 171 172 MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff", 173 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 174