CoCalc -- mac_sysv

GitHub Repository: freebsd/freebsd-src
Path: blob/main/sys/security/mac/mac_sysv_msg.c
³⁹⁴⁷⁶ views
1
/*-
2
 * Copyright (c) 2003-2004 Networks Associates Technology, Inc.
3
 * Copyright (c) 2006 SPARTA, Inc.
4
 * Copyright (c) 2008 Apple Inc.
5
 * Copyright (c) 2009 Robert N. M. Watson
6
 * All rights reserved.
7
 *
8
 * This software was developed for the FreeBSD Project in part by Network
9
 * Associates Laboratories, the Security Research Division of Network
10
 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
11
 * as part of the DARPA CHATS research program.
12
 *
13
 * This software was enhanced by SPARTA ISSO under SPAWAR contract
14
 * N66001-04-C-6019 ("SEFOS").
15
 *
16
 * This software was developed at the University of Cambridge Computer
17
 * Laboratory with support from a grant from Google, Inc.
18
 *
19
 * Redistribution and use in source and binary forms, with or without
20
 * modification, are permitted provided that the following conditions
21
 * are met:
22
 * 1. Redistributions of source code must retain the above copyright
23
 *    notice, this list of conditions and the following disclaimer.
24
 * 2. Redistributions in binary form must reproduce the above copyright
25
 *    notice, this list of conditions and the following disclaimer in the
26
 *    documentation and/or other materials provided with the distribution.
27
 *
28
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
29
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
32
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38
 * SUCH DAMAGE.
39
 */
40

41
#include <sys/cdefs.h>
42
#include "opt_mac.h"
43

44
#include <sys/param.h>
45
#include <sys/kernel.h>
46
#include <sys/lock.h>
47
#include <sys/malloc.h>
48
#include <sys/mutex.h>
49
#include <sys/sbuf.h>
50
#include <sys/sdt.h>
51
#include <sys/systm.h>
52
#include <sys/vnode.h>
53
#include <sys/mount.h>
54
#include <sys/file.h>
55
#include <sys/namei.h>
56
#include <sys/sysctl.h>
57
#include <sys/msg.h>
58

59
#include <security/mac/mac_framework.h>
60
#include <security/mac/mac_internal.h>
61
#include <security/mac/mac_policy.h>
62

63
static struct label *
64
mac_sysv_msgmsg_label_alloc(void)
65
{
66
	struct label *label;
67

68
	label = mac_labelzone_alloc(M_WAITOK);
69
	MAC_POLICY_PERFORM(sysvmsg_init_label, label);
70
	return (label);
71
}
72

73
void
74
mac_sysvmsg_init(struct msg *msgptr)
75
{
76

77
	if (mac_labeled & MPC_OBJECT_SYSVMSG)
78
		msgptr->label = mac_sysv_msgmsg_label_alloc();
79
	else
80
		msgptr->label = NULL;
81
}
82

83
static struct label *
84
mac_sysv_msgqueue_label_alloc(void)
85
{
86
	struct label *label;
87

88
	label = mac_labelzone_alloc(M_WAITOK);
89
	MAC_POLICY_PERFORM(sysvmsq_init_label, label);
90
	return (label);
91
}
92

93
void
94
mac_sysvmsq_init(struct msqid_kernel *msqkptr)
95
{
96

97
	if (mac_labeled & MPC_OBJECT_SYSVMSQ)
98
		msqkptr->label = mac_sysv_msgqueue_label_alloc();
99
	else
100
		msqkptr->label = NULL;
101
}
102

103
static void
104
mac_sysv_msgmsg_label_free(struct label *label)
105
{
106

107
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsg_destroy_label, label);
108
	mac_labelzone_free(label);
109
}
110

111
void
112
mac_sysvmsg_destroy(struct msg *msgptr)
113
{
114

115
	if (msgptr->label != NULL) {
116
		mac_sysv_msgmsg_label_free(msgptr->label);
117
		msgptr->label = NULL;
118
	}
119
}
120

121
static void
122
mac_sysv_msgqueue_label_free(struct label *label)
123
{
124

125
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_destroy_label, label);
126
	mac_labelzone_free(label);
127
}
128

129
void
130
mac_sysvmsq_destroy(struct msqid_kernel *msqkptr)
131
{
132

133
	if (msqkptr->label != NULL) {
134
		mac_sysv_msgqueue_label_free(msqkptr->label);
135
		msqkptr->label = NULL;
136
	}
137
}
138

139
void
140
mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
141
    struct msg *msgptr)
142
{
143

144
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsg_create, cred, msqkptr,
145
	    msqkptr->label, msgptr, msgptr->label);
146
}
147

148
void
149
mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr)
150
{
151

152
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_create, cred, msqkptr,
153
	    msqkptr->label);
154
}
155

156
void
157
mac_sysvmsg_cleanup(struct msg *msgptr)
158
{
159

160
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsg_cleanup, msgptr->label);
161
}
162

163
void
164
mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr)
165
{
166

167
	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_cleanup, msqkptr->label);
168
}
169

170
MAC_CHECK_PROBE_DEFINE3(sysvmsq_check_msgmsq, "struct ucred *",
171
    "struct msg *", "struct msqid_kernel *");
172

173
int
174
mac_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
175
	struct msqid_kernel *msqkptr)
176
{
177
	int error;
178

179
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msgmsq, cred, msgptr,
180
	    msgptr->label, msqkptr, msqkptr->label);
181
	MAC_CHECK_PROBE3(sysvmsq_check_msgmsq, error, cred, msgptr, msqkptr);
182

183
	return (error);
184
}
185

186
MAC_CHECK_PROBE_DEFINE2(sysvmsq_check_msgrcv, "struct ucred *",
187
    "struct msg *");
188

189
int
190
mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr)
191
{
192
	int error;
193

194
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msgrcv, cred, msgptr,
195
	    msgptr->label);
196
	MAC_CHECK_PROBE2(sysvmsq_check_msgrcv, error, cred, msgptr);
197

198
	return (error);
199
}
200

201
MAC_CHECK_PROBE_DEFINE2(sysvmsq_check_msgrmid, "struct ucred *",
202
    "struct msg *");
203

204
int
205
mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr)
206
{
207
	int error;
208

209
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msgrmid, cred, msgptr,
210
	    msgptr->label);
211
	MAC_CHECK_PROBE2(sysvmsq_check_msgrmid, error, cred, msgptr);
212

213
	return (error);
214
}
215

216
MAC_CHECK_PROBE_DEFINE2(sysvmsq_check_msqget, "struct ucred *",
217
    "struct msqid_kernel *");
218

219
int
220
mac_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
221
{
222
	int error;
223

224
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msqget, cred, msqkptr,
225
	    msqkptr->label);
226
	MAC_CHECK_PROBE2(sysvmsq_check_msqget, error, cred, msqkptr);
227

228
	return (error);
229
}
230

231
MAC_CHECK_PROBE_DEFINE2(sysvmsq_check_msqsnd, "struct ucred *",
232
    "struct msqid_kernel *");
233

234
int
235
mac_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
236
{
237
	int error;
238

239
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msqsnd, cred, msqkptr,
240
	    msqkptr->label);
241
	MAC_CHECK_PROBE2(sysvmsq_check_msqsnd, error, cred, msqkptr);
242

243
	return (error);
244
}
245

246
MAC_CHECK_PROBE_DEFINE2(sysvmsq_check_msqrcv, "struct ucred *",
247
    "struct msqid_kernel *");
248

249
int
250
mac_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
251
{
252
	int error;
253

254
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msqrcv, cred, msqkptr,
255
	    msqkptr->label);
256
	MAC_CHECK_PROBE2(sysvmsq_check_msqrcv, error, cred, msqkptr);
257

258
	return (error);
259
}
260

261
MAC_CHECK_PROBE_DEFINE3(sysvmsq_check_msqctl, "struct ucred *",
262
    "struct msqid_kernel *", "int");
263

264
int
265
mac_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
266
    int cmd)
267
{
268
	int error;
269

270
	MAC_POLICY_CHECK_NOSLEEP(sysvmsq_check_msqctl, cred, msqkptr,
271
	    msqkptr->label, cmd);
272
	MAC_CHECK_PROBE3(sysvmsq_check_msqctl, error, cred, msqkptr, cmd);
273

274
	return (error);
275
}
276

277
Product

Resources

Company
