Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/security/mac/mac_label.c
39530 views
1
/*-

2
 * Copyright (c) 2003-2004 Networks Associates Technology, Inc.

3
 * Copyright (c) 2007 Robert N. M. Watson

4
 * All rights reserved.

5
 *

6
 * This software was developed for the FreeBSD Project in part by Network

7
 * Associates Laboratories, the Security Research Division of Network

8
 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),

9
 * as part of the DARPA CHATS research program.

10
 *

11
 * Redistribution and use in source and binary forms, with or without

12
 * modification, are permitted provided that the following conditions

13
 * are met:

14
 * 1. Redistributions of source code must retain the above copyright

15
 *    notice, this list of conditions and the following disclaimer.

16
 * 2. Redistributions in binary form must reproduce the above copyright

17
 *    notice, this list of conditions and the following disclaimer in the

18
 *    documentation and/or other materials provided with the distribution.

19
 *

20
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

21
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

22
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

23
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

24
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

25
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

26
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

28
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

29
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

30
 * SUCH DAMAGE.

31
 */

32


33
#include <sys/cdefs.h>

34
#include "opt_mac.h"

35


36
#include <sys/param.h>

37
#include <sys/module.h>

38
#include <sys/sysctl.h>

39
#include <sys/systm.h>

40


41
#include <vm/uma.h>

42


43
#include <security/mac/mac_framework.h>

44
#include <security/mac/mac_internal.h>

45
#include <security/mac/mac_policy.h>

46


47
/*

48
 * zone_label is the UMA zone from which most labels are allocated.  Label

49
 * structures are initialized to zero bytes so that policies see a NULL/0

50
 * slot on first use, even if the policy is loaded after the label is

51
 * allocated for an object.

52
 */

53
static uma_zone_t	zone_label;

54


55
static int	mac_labelzone_ctor(void *mem, int size, void *arg, int flags);

56
static void	mac_labelzone_dtor(void *mem, int size, void *arg);

57


58
void

59
mac_labelzone_init(void)

60
{

61


62
	zone_label = uma_zcreate("MAC labels", sizeof(struct label),

63
	    mac_labelzone_ctor, mac_labelzone_dtor, NULL, NULL,

64
	    UMA_ALIGN_PTR, 0);

65
}

66


67
/*

68
 * mac_init_label() and mac_destroy_label() are exported so that they can be

69
 * used in mbuf tag initialization, where labels are not slab allocated from

70
 * the zone_label zone.

71
 */

72
void

73
mac_init_label(struct label *label)

74
{

75


76
	bzero(label, sizeof(*label));

77
	label->l_flags = MAC_FLAG_INITIALIZED;

78
}

79


80
void

81
mac_destroy_label(struct label *label)

82
{

83


84
	KASSERT(label->l_flags & MAC_FLAG_INITIALIZED,

85
	    ("destroying uninitialized label"));

86


87
#ifdef DIAGNOSTIC

88
	bzero(label, sizeof(*label));

89
#else

90
	label->l_flags &= ~MAC_FLAG_INITIALIZED;

91
#endif

92
}

93


94
static int

95
mac_labelzone_ctor(void *mem, int size, void *arg, int flags)

96
{

97
	struct label *label;

98


99
	KASSERT(size == sizeof(*label), ("mac_labelzone_ctor: wrong size\n"));

100
	label = mem;

101
	mac_init_label(label);

102
	return (0);

103
}

104


105
static void

106
mac_labelzone_dtor(void *mem, int size, void *arg)

107
{

108
	struct label *label;

109


110
	KASSERT(size == sizeof(*label), ("mac_labelzone_dtor: wrong size\n"));

111
	label = mem;

112
	mac_destroy_label(label);

113
}

114


115
struct label *

116
mac_labelzone_alloc(int flags)

117
{

118


119
	return (uma_zalloc(zone_label, flags));

120
}

121


122
void

123
mac_labelzone_free(struct label *label)

124
{

125


126
	uma_zfree(zone_label, label);

127
}

128


129
/*

130
 * Functions used by policy modules to get and set label values.

131
 */

132
intptr_t

133
mac_label_get(struct label *l, int slot)

134
{

135


136
	KASSERT(l != NULL, ("mac_label_get: NULL label"));

137


138
	return (l->l_perpolicy[slot]);

139
}

140


141
void

142
mac_label_set(struct label *l, int slot, intptr_t v)

143
{

144


145
	KASSERT(l != NULL, ("mac_label_set: NULL label"));

146


147
	l->l_perpolicy[slot] = v;

148
}

149


150