| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2007 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | |
| 29 | /*- |
| 30 | * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson |
| 31 | * Copyright (c) 2001 Ilmar S. Habibulin |
| 32 | * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc. |
| 33 | * Copyright (c) 2005 SPARTA, Inc. |
| 34 | * All rights reserved. |
| 35 | * |
| 36 | * This software was developed by Robert Watson and Ilmar Habibulin for the |
| 37 | * TrustedBSD Project. |
| 38 | * |
| 39 | * This software was developed for the FreeBSD Project in part by Network |
| 40 | * Associates Laboratories, the Security Research Division of Network |
| 41 | * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), |
| 42 | * as part of the DARPA CHATS research program. |
| 43 | * |
| 44 | * Redistribution and use in source and binary forms, with or without |
| 45 | * modification, are permitted provided that the following conditions |
| 46 | * are met: |
| 47 | * 1. Redistributions of source code must retain the above copyright |
| 48 | * notice, this list of conditions and the following disclaimer. |
| 49 | * 2. Redistributions in binary form must reproduce the above copyright |
| 50 | * notice, this list of conditions and the following disclaimer in the |
| 51 | * documentation and/or other materials provided with the distribution. |
| 52 | * |
| 53 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| 54 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 55 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 56 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 57 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 58 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 59 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 60 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 61 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 62 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 63 | * SUCH DAMAGE. |
| 64 | * |
| 65 | */ |
| 66 | |
| 67 | #ifndef _SECURITY_MAC_INTERNAL_H_ |
| 68 | #define _SECURITY_MAC_INTERNAL_H_ |
| 69 | |
| 70 | #ifndef PRIVATE |
| 71 | #warning "MAC policy is not KPI, see Technical Q&A QA1574, this header will be removed in next version" |
| 72 | #endif |
| 73 | |
| 74 | #include <string.h> |
| 75 | #include <sys/param.h> |
| 76 | #include <sys/queue.h> |
| 77 | #include <security/mac.h> |
| 78 | #include <security/mac_framework.h> |
| 79 | #include <security/mac_policy.h> |
| 80 | #include <security/mac_data.h> |
| 81 | #include <sys/sysctl.h> |
| 82 | #include <kern/locks.h> |
| 83 | #include <sys/kernel.h> |
| 84 | #include <sys/lock.h> |
| 85 | #include <sys/malloc.h> |
| 86 | #include <sys/sbuf.h> |
| 87 | #include <sys/proc.h> |
| 88 | #include <sys/systm.h> |
| 89 | #include <sys/socket.h> |
| 90 | #include <sys/socketvar.h> |
| 91 | #include <sys/vnode.h> |
| 92 | #include <mach/sdt.h> |
| 93 | |
| 94 | /* |
| 95 | * MAC Framework sysctl namespace. |
| 96 | */ |
| 97 | |
| 98 | SYSCTL_DECL(_security); |
| 99 | SYSCTL_DECL(_security_mac); |
| 100 | |
| 101 | extern int mac_late; |
| 102 | |
| 103 | struct mac_policy_list_element { |
| 104 | struct mac_policy_conf *mpc; |
| 105 | }; |
| 106 | |
| 107 | struct mac_policy_list { |
| 108 | u_int numloaded; |
| 109 | u_int max; |
| 110 | u_int maxindex; |
| 111 | u_int staticmax; |
| 112 | u_int chunks; |
| 113 | u_int freehint; |
| 114 | struct mac_policy_list_element *entries; |
| 115 | }; |
| 116 | |
| 117 | typedef struct mac_policy_list mac_policy_list_t; |
| 118 | |
| 119 | |
| 120 | /* |
| 121 | * Policy that has registered with the framework for a specific |
| 122 | * label namespace name. |
| 123 | */ |
| 124 | struct mac_label_listener { |
| 125 | mac_policy_handle_t mll_handle; |
| 126 | SLIST_ENTRY(mac_label_listener) mll_list; |
| 127 | }; |
| 128 | |
| 129 | SLIST_HEAD(mac_label_listeners_t, mac_label_listener); |
| 130 | |
| 131 | /* |
| 132 | * Type of list used to manage label namespace names. |
| 133 | */ |
| 134 | struct mac_label_element { |
| 135 | char mle_name[MAC_MAX_LABEL_ELEMENT_NAME]; |
| 136 | struct mac_label_listeners_t mle_listeners; |
| 137 | SLIST_ENTRY(mac_label_element) mle_list; |
| 138 | }; |
| 139 | |
| 140 | SLIST_HEAD(mac_label_element_list_t, mac_label_element); |
| 141 | |
| 142 | /* |
| 143 | * MAC Framework global variables. |
| 144 | */ |
| 145 | |
| 146 | extern struct mac_label_element_list_t mac_label_element_list; |
| 147 | extern struct mac_label_element_list_t mac_static_label_element_list; |
| 148 | |
| 149 | extern struct mac_policy_list mac_policy_list; |
| 150 | |
| 151 | /* |
| 152 | * global flags to control whether a MACF subsystem is configured |
| 153 | * at all in the system. |
| 154 | */ |
| 155 | extern unsigned int mac_device_enforce; |
| 156 | extern unsigned int mac_pipe_enforce; |
| 157 | extern unsigned int mac_posixsem_enforce; |
| 158 | extern unsigned int mac_posixshm_enforce; |
| 159 | extern unsigned int mac_proc_enforce; |
| 160 | extern unsigned int mac_socket_enforce; |
| 161 | extern unsigned int mac_system_enforce; |
| 162 | extern unsigned int mac_sysvmsg_enforce; |
| 163 | extern unsigned int mac_sysvsem_enforce; |
| 164 | extern unsigned int mac_sysvshm_enforce; |
| 165 | extern unsigned int mac_vm_enforce; |
| 166 | extern unsigned int mac_vnode_enforce; |
| 167 | |
| 168 | extern unsigned int mac_label_vnodes; |
| 169 | extern unsigned int mac_vnode_label_count; |
| 170 | |
| 171 | static bool mac_proc_check_enforce(proc_t p); |
| 172 | |
| 173 | static __inline__ bool |
| 174 | mac_proc_check_enforce(proc_t p) |
| 175 | { |
| 176 | #if CONFIG_MACF |
| 177 | // Don't apply policies to the kernel itself. |
| 178 | return p != kernproc; |
| 179 | #else |
| 180 | #pragma unused(p) |
| 181 | return false; |
| 182 | #endif // CONFIG_MACF |
| 183 | } |
| 184 | |
| 185 | static bool mac_cred_check_enforce(kauth_cred_t cred); |
| 186 | |
| 187 | static __inline__ bool |
| 188 | mac_cred_check_enforce(kauth_cred_t cred) |
| 189 | { |
| 190 | #if CONFIG_MACF |
| 191 | return cred != proc_ucred_unsafe(p: kernproc); |
| 192 | #else |
| 193 | #pragma unused(p) |
| 194 | return false; |
| 195 | #endif // CONFIG_MACF |
| 196 | } |
| 197 | |
| 198 | /* |
| 199 | * MAC Framework infrastructure functions. |
| 200 | */ |
| 201 | |
| 202 | int mac_error_select(int error1, int error2); |
| 203 | |
| 204 | void mac_policy_list_busy(void); |
| 205 | int mac_policy_list_conditional_busy(void); |
| 206 | void mac_policy_list_unbusy(void); |
| 207 | |
| 208 | #if KERNEL |
| 209 | int mac_check_structmac_consistent(struct user_mac *mac); |
| 210 | #else |
| 211 | int mac_check_structmac_consistent(struct mac *mac); |
| 212 | #endif |
| 213 | |
| 214 | int mac_cred_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); |
| 215 | int mac_vnode_label_externalize(struct label *, char *e, char *out, size_t olen, int flags); |
| 216 | |
| 217 | int mac_cred_label_internalize(struct label *label, char *string); |
| 218 | int mac_vnode_label_internalize(struct label *label, char *string); |
| 219 | |
| 220 | typedef int (^mac_getter_t)(char *, char *, size_t); |
| 221 | typedef int (^mac_setter_t)(char *, size_t); |
| 222 | |
| 223 | int mac_do_get(struct proc *p, user_addr_t mac_p, mac_getter_t getter); |
| 224 | int mac_do_set(struct proc *p, user_addr_t mac_p, mac_setter_t setter); |
| 225 | |
| 226 | #define MAC_POLICY_ITERATE(...) do { \ |
| 227 | struct mac_policy_conf *mpc; \ |
| 228 | u_int i; \ |
| 229 | \ |
| 230 | for (i = 0; i < mac_policy_list.staticmax; i++) { \ |
| 231 | mpc = mac_policy_list.entries[i].mpc; \ |
| 232 | if (mpc == NULL) \ |
| 233 | continue; \ |
| 234 | \ |
| 235 | __VA_ARGS__ \ |
| 236 | } \ |
| 237 | if (mac_policy_list_conditional_busy() != 0) { \ |
| 238 | for (; i <= mac_policy_list.maxindex; i++) { \ |
| 239 | mpc = mac_policy_list.entries[i].mpc; \ |
| 240 | if (mpc == NULL) \ |
| 241 | continue; \ |
| 242 | \ |
| 243 | __VA_ARGS__ \ |
| 244 | } \ |
| 245 | mac_policy_list_unbusy(); \ |
| 246 | } \ |
| 247 | } while (0) |
| 248 | |
| 249 | enum mac_iterate_types { |
| 250 | MAC_ITERATE_CHECK = 0, // error starts at 0, callbacks can change it |
| 251 | MAC_ITERATE_GRANT = 1, // error starts as EPERM, callbacks can clear it |
| 252 | MAC_ITERATE_PERFORM = 2, // no result |
| 253 | }; |
| 254 | |
| 255 | /* |
| 256 | * MAC_CHECK performs the designated check by walking the policy |
| 257 | * module list and checking with each as to how it feels about the |
| 258 | * request. Note that it returns its value via 'error' in the scope |
| 259 | * of the caller. |
| 260 | */ |
| 261 | #define MAC_CHECK(check, args...) do { \ |
| 262 | error = 0; \ |
| 263 | MAC_POLICY_ITERATE({ \ |
| 264 | if (mpc->mpc_ops->mpo_ ## check != NULL) { \ |
| 265 | DTRACE_MACF3(mac__call__ ## check, void *, mpc, int, error, int, MAC_ITERATE_CHECK); \ |
| 266 | int __step_err = mpc->mpc_ops->mpo_ ## check (args); \ |
| 267 | DTRACE_MACF2(mac__rslt__ ## check, void *, mpc, int, __step_err); \ |
| 268 | error = mac_error_select(__step_err, error); \ |
| 269 | } \ |
| 270 | }); \ |
| 271 | } while (0) |
| 272 | |
| 273 | /* |
| 274 | * MAC_GRANT performs the designated check by walking the policy |
| 275 | * module list and checking with each as to how it feels about the |
| 276 | * request. Unlike MAC_CHECK, it grants if any policies return '0', |
| 277 | * and otherwise returns EPERM. Note that it returns its value via |
| 278 | * 'error' in the scope of the caller. |
| 279 | */ |
| 280 | #define MAC_GRANT(check, args...) do { \ |
| 281 | error = EPERM; \ |
| 282 | MAC_POLICY_ITERATE({ \ |
| 283 | if (mpc->mpc_ops->mpo_ ## check != NULL) { \ |
| 284 | DTRACE_MACF3(mac__call__ ## check, void *, mpc, int, error, int, MAC_ITERATE_GRANT); \ |
| 285 | int __step_res = mpc->mpc_ops->mpo_ ## check (args); \ |
| 286 | if (__step_res == 0) { \ |
| 287 | error = 0; \ |
| 288 | } \ |
| 289 | DTRACE_MACF2(mac__rslt__ ## check, void *, mpc, int, __step_res); \ |
| 290 | } \ |
| 291 | }); \ |
| 292 | } while (0) |
| 293 | |
| 294 | #define MAC_INTERNALIZE(obj, label, instring) \ |
| 295 | mac_internalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_internalize), label, instring) |
| 296 | |
| 297 | #define MAC_EXTERNALIZE(obj, label, elementlist, outbuf, outbuflen) \ |
| 298 | mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize), label, elementlist, outbuf, outbuflen) |
| 299 | |
| 300 | #define MAC_EXTERNALIZE_AUDIT(obj, label, outbuf, outbuflen) \ |
| 301 | mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize_audit), label, "*", outbuf, outbuflen) |
| 302 | |
| 303 | #define MAC_PERFORM_CALL(operation, mpc) DTRACE_MACF3(mac__call__ ## operation, void *, mpc, int, 0, int, MAC_ITERATE_PERFORM) |
| 304 | #define MAC_PERFORM_RSLT(operation, mpc) DTRACE_MACF2(mac__rslt__ ## operation, void *, mpc, int, 0) |
| 305 | |
| 306 | /* |
| 307 | * MAC_PERFORM performs the designated operation by walking the policy |
| 308 | * module list and invoking that operation for each policy. |
| 309 | */ |
| 310 | #define MAC_PERFORM(operation, args...) do { \ |
| 311 | MAC_POLICY_ITERATE({ \ |
| 312 | if (mpc->mpc_ops->mpo_ ## operation != NULL) { \ |
| 313 | MAC_PERFORM_CALL(operation, mpc); \ |
| 314 | mpc->mpc_ops->mpo_ ## operation (args); \ |
| 315 | MAC_PERFORM_RSLT(operation, mpc); \ |
| 316 | } \ |
| 317 | }); \ |
| 318 | } while (0) |
| 319 | |
| 320 | |
| 321 | # |
| 322 | struct __mac_get_pid_args; |
| 323 | struct __mac_get_proc_args; |
| 324 | struct __mac_set_proc_args; |
| 325 | struct __mac_get_lcid_args; |
| 326 | struct __mac_get_fd_args; |
| 327 | struct __mac_get_file_args; |
| 328 | struct __mac_get_link_args; |
| 329 | struct __mac_set_fd_args; |
| 330 | struct __mac_set_file_args; |
| 331 | struct __mac_syscall_args; |
| 332 | |
| 333 | void mac_policy_addto_labellist(const mac_policy_handle_t, int); |
| 334 | void mac_policy_removefrom_labellist(const mac_policy_handle_t); |
| 335 | |
| 336 | int mac_externalize(size_t mpo_externalize_off, struct label *label, |
| 337 | const char *elementlist, char *outbuf, size_t outbuflen); |
| 338 | int mac_internalize(size_t mpo_internalize_off, struct label *label, |
| 339 | char *elementlist); |
| 340 | #endif /* !_SECURITY_MAC_INTERNAL_H_ */ |
| 341 |
Generated while processing xnu/security/mac_data.c
Generated on 2024-Jun-06 from project xnu revision 10063.121.3
Powered by 
Code Browser 2.1
Generator usage only permitted with license.