Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/security/mac_priority/mac_priority.c
39476 views
1
/*-

2
 * SPDX-License-Identifier: BSD-2-Clause

3
 *

4
 * Copyright (c) 2021 Florian Walpen <[email protected]>

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 * 1. Redistributions of source code must retain the above copyright

10
 *    notice, this list of conditions and the following disclaimer.

11
 * 2. Redistributions in binary form must reproduce the above copyright

12
 *    notice, this list of conditions and the following disclaimer in the

13
 *    documentation and/or other materials provided with the distribution.

14
 *

15
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
 * SUCH DAMAGE.

26
 */

27


28
#include <sys/param.h>

29
#include <sys/conf.h>

30
#include <sys/kernel.h>

31
#include <sys/module.h>

32
#include <sys/priv.h>

33
#include <sys/sysctl.h>

34
#include <sys/ucred.h>

35


36
#include <security/mac/mac_policy.h>

37


38
static SYSCTL_NODE(_security_mac, OID_AUTO, priority,

39
    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,

40
    "mac_priority policy controls");

41


42
static int realtime_enabled = 1;

43
SYSCTL_INT(_security_mac_priority, OID_AUTO, realtime, CTLFLAG_RWTUN,

44
    &realtime_enabled, 0,

45
    "Enable realtime priority scheduling for group realtime_gid");

46


47
static int realtime_gid = GID_RT_PRIO;

48
SYSCTL_INT(_security_mac_priority, OID_AUTO, realtime_gid, CTLFLAG_RWTUN,

49
    &realtime_gid, 0,

50
    "Group id of the realtime privilege group");

51


52
static int idletime_enabled = 1;

53
SYSCTL_INT(_security_mac_priority, OID_AUTO, idletime, CTLFLAG_RWTUN,

54
    &idletime_enabled, 0,

55
    "Enable idle priority scheduling for group idletime_gid");

56


57
static int idletime_gid = GID_ID_PRIO;

58
SYSCTL_INT(_security_mac_priority, OID_AUTO, idletime_gid, CTLFLAG_RWTUN,

59
    &idletime_gid, 0,

60
    "Group id of the idletime privilege group");

61


62
static int

63
priority_priv_grant(struct ucred *cred, int priv)

64
{

65
	if ((priv == PRIV_SCHED_RTPRIO || priv == PRIV_SCHED_SETPOLICY) &&

66
	    realtime_enabled && groupmember(realtime_gid, cred))

67
		return (0);

68


69
	if (priv == PRIV_SCHED_IDPRIO && idletime_enabled &&

70
	    groupmember(idletime_gid, cred))

71
		return (0);

72


73
	return (EPERM);

74
}

75


76
static struct mac_policy_ops priority_ops = {

77
	.mpo_priv_grant = priority_priv_grant,

78
};

79


80
MAC_POLICY_SET(&priority_ops, mac_priority, "MAC/priority",

81
    MPC_LOADTIME_FLAG_UNLOADOK, NULL);

82


83