Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/security/mac_pimd/mac_pimd.c
39476 views
1
/*-

2
 * SPDX-License-Identifier: BSD-2-Clause

3
 *

4
 * Copyright (c) 2022 Semihalf, Stormshield

5
 * Copyright (c) 2018 Ian Lepore <[email protected]>

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 * 2. Redistributions in binary form must reproduce the above copyright

13
 *    notice, this list of conditions and the following disclaimer in the

14
 *    documentation and/or other materials provided with the distribution.

15
 *

16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

26
 * SUCH DAMAGE.

27
 */

28


29
#include <sys/param.h>

30
#include <sys/kernel.h>

31
#include <sys/module.h>

32
#include <sys/priv.h>

33
#include <sys/sysctl.h>

34
#include <sys/ucred.h>

35


36
#include <security/mac/mac_policy.h>

37


38
static SYSCTL_NODE(_security_mac, OID_AUTO, pimd,

39
    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,

40
    "mac_pimd policy controls");

41


42
static int pimd_enabled = 0;

43
SYSCTL_INT(_security_mac_pimd, OID_AUTO, enabled, CTLFLAG_RWTUN,

44
    &pimd_enabled, 0, "Enable mac_pimd policy");

45


46
static int pimd_uid = 0;

47
SYSCTL_INT(_security_mac_pimd, OID_AUTO, uid, CTLFLAG_RWTUN,

48
    &pimd_uid, 0, "User id for pimd user");

49


50
static int

51
pimd_priv_grant(struct ucred *cred, int priv)

52
{

53


54
	if (pimd_enabled && cred->cr_uid == pimd_uid) {

55
		switch (priv) {

56
		case PRIV_NETINET_MROUTE:

57
			return (0);

58
		default:

59
			break;

60
		}

61
	}

62
	return (EPERM);

63
}

64


65
static struct mac_policy_ops pimd_ops =

66
{

67
	.mpo_priv_grant = pimd_priv_grant,

68
};

69


70
MAC_POLICY_SET(&pimd_ops, mac_pimd, "MAC/pimd",

71
    MPC_LOADTIME_FLAG_UNLOADOK, NULL);

72


73