]>
Commit | Line | Data |
---|---|---|
2d21ac55 A |
1 | /* |
2 | * Copyright (c) 2006-2007 Apple Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
27 | */ | |
28 | /* | |
29 | * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson | |
30 | * Copyright (c) 2001 Ilmar S. Habibulin | |
31 | * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc. | |
32 | * | |
33 | * This software was developed by Robert Watson and Ilmar Habibulin for the | |
34 | * TrustedBSD Project. | |
35 | * | |
36 | * This software was developed for the FreeBSD Project in part by Network | |
37 | * Associates Laboratories, the Security Research Division of Network | |
38 | * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), | |
39 | * as part of the DARPA CHATS research program. | |
40 | * | |
41 | * Redistribution and use in source and binary forms, with or without | |
42 | * modification, are permitted provided that the following conditions | |
43 | * are met: | |
44 | * 1. Redistributions of source code must retain the above copyright | |
45 | * notice, this list of conditions and the following disclaimer. | |
46 | * 2. Redistributions in binary form must reproduce the above copyright | |
47 | * notice, this list of conditions and the following disclaimer in the | |
48 | * documentation and/or other materials provided with the distribution. | |
49 | * | |
50 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
51 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
52 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
60 | * SUCH DAMAGE. | |
61 | * | |
62 | */ | |
63 | #include <sys/param.h> | |
64 | #include <sys/types.h> | |
65 | #include <sys/vnode.h> | |
66 | #include <sys/vnode_internal.h> | |
67 | #include <sys/kauth.h> | |
68 | #include <sys/queue.h> | |
69 | #include <security/mac_internal.h> | |
70 | #include <bsd/bsm/audit.h> | |
b0d623f7 | 71 | #include <bsd/security/audit/audit.h> |
2d21ac55 A |
72 | #include <bsd/sys/malloc.h> |
73 | #include <vm/vm_kern.h> | |
74 | #include <kern/kalloc.h> | |
75 | #include <kern/zalloc.h> | |
76 | ||
b0d623f7 | 77 | #if CONFIG_AUDIT |
2d21ac55 A |
78 | |
79 | /* The zone allocator is initialized in mac_base.c. */ | |
80 | zone_t mac_audit_data_zone; | |
81 | ||
82 | int | |
83 | mac_system_check_audit(struct ucred *cred, void *record, int length) | |
84 | { | |
85 | int error; | |
86 | ||
87 | MAC_CHECK(system_check_audit, cred, record, length); | |
88 | ||
89 | return (error); | |
90 | } | |
91 | ||
92 | int | |
93 | mac_system_check_auditon(struct ucred *cred, int cmd) | |
94 | { | |
95 | int error; | |
96 | ||
97 | MAC_CHECK(system_check_auditon, cred, cmd); | |
98 | ||
99 | return (error); | |
100 | } | |
101 | ||
102 | int | |
103 | mac_system_check_auditctl(struct ucred *cred, struct vnode *vp) | |
104 | { | |
105 | int error; | |
106 | struct label *vl = vp ? vp->v_label : NULL; | |
107 | ||
108 | MAC_CHECK(system_check_auditctl, cred, vp, vl); | |
109 | ||
110 | return (error); | |
111 | } | |
112 | ||
113 | int | |
114 | mac_proc_check_getauid(struct proc *curp) | |
115 | { | |
116 | kauth_cred_t cred; | |
117 | int error; | |
118 | ||
3e170ce0 | 119 | #if SECURITY_MAC_CHECK_ENFORCE |
5ba3f43e A |
120 | /* 21167099 - only check if we allow write */ |
121 | if (!mac_proc_enforce) | |
122 | return 0; | |
3e170ce0 A |
123 | #endif |
124 | ||
5ba3f43e | 125 | if (!mac_proc_check_enforce(curp)) |
2d21ac55 A |
126 | return 0; |
127 | ||
128 | cred = kauth_cred_proc_ref(curp); | |
129 | MAC_CHECK(proc_check_getauid, cred); | |
130 | kauth_cred_unref(&cred); | |
131 | ||
132 | return (error); | |
133 | } | |
134 | ||
135 | int | |
136 | mac_proc_check_setauid(struct proc *curp, uid_t auid) | |
137 | { | |
138 | kauth_cred_t cred; | |
139 | int error; | |
140 | ||
3e170ce0 | 141 | #if SECURITY_MAC_CHECK_ENFORCE |
5ba3f43e A |
142 | /* 21167099 - only check if we allow write */ |
143 | if (!mac_proc_enforce) | |
144 | return 0; | |
3e170ce0 | 145 | #endif |
5ba3f43e A |
146 | if (!mac_proc_check_enforce(curp)) |
147 | return 0; | |
2d21ac55 A |
148 | |
149 | cred = kauth_cred_proc_ref(curp); | |
150 | MAC_CHECK(proc_check_setauid, cred, auid); | |
151 | kauth_cred_unref(&cred); | |
152 | ||
153 | return (error); | |
154 | } | |
155 | ||
156 | int | |
157 | mac_proc_check_getaudit(struct proc *curp) | |
158 | { | |
159 | kauth_cred_t cred; | |
160 | int error; | |
161 | ||
3e170ce0 | 162 | #if SECURITY_MAC_CHECK_ENFORCE |
5ba3f43e A |
163 | /* 21167099 - only check if we allow write */ |
164 | if (!mac_proc_enforce) | |
165 | return 0; | |
3e170ce0 | 166 | #endif |
5ba3f43e A |
167 | if (!mac_proc_check_enforce(curp)) |
168 | return 0; | |
2d21ac55 A |
169 | |
170 | cred = kauth_cred_proc_ref(curp); | |
171 | MAC_CHECK(proc_check_getaudit, cred); | |
172 | kauth_cred_unref(&cred); | |
173 | ||
174 | return (error); | |
175 | } | |
176 | ||
177 | int | |
b0d623f7 | 178 | mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai) |
2d21ac55 A |
179 | { |
180 | kauth_cred_t cred; | |
181 | int error; | |
182 | ||
3e170ce0 | 183 | #if SECURITY_MAC_CHECK_ENFORCE |
5ba3f43e A |
184 | /* 21167099 - only check if we allow write */ |
185 | if (!mac_proc_enforce) | |
186 | return 0; | |
3e170ce0 | 187 | #endif |
5ba3f43e A |
188 | if (!mac_proc_check_enforce(curp)) |
189 | return 0; | |
2d21ac55 A |
190 | |
191 | cred = kauth_cred_proc_ref(curp); | |
192 | MAC_CHECK(proc_check_setaudit, cred, ai); | |
193 | kauth_cred_unref(&cred); | |
194 | ||
195 | return (error); | |
196 | } | |
197 | ||
198 | #if 0 | |
199 | /* | |
200 | * This is the framework entry point for MAC policies to use to add | |
201 | * arbitrary data to the current audit record. | |
202 | * (Currently not supported, as no existing audit viewers would | |
203 | * display this format) | |
204 | * | |
205 | */ | |
206 | int | |
207 | mac_audit_data(int len, u_char *data, mac_policy_handle_t handle) | |
208 | { | |
209 | char *sanitized; | |
210 | ||
211 | if ((len <= 0) || (len > MAC_AUDIT_DATA_LIMIT)) | |
212 | return (EINVAL); | |
213 | ||
214 | sanitized = (char *)zalloc(mac_audit_data_zone); | |
215 | ||
216 | bcopy(data, sanitized, len); | |
217 | return (audit_mac_data(MAC_AUDIT_DATA_TYPE, len, sanitized)); | |
218 | } | |
219 | #endif | |
220 | ||
221 | /* | |
222 | * This is the entry point a MAC policy will call to add NULL- | |
223 | * terminated ASCII text to the current audit record. | |
224 | */ | |
225 | int | |
226 | mac_audit_text(char *text, mac_policy_handle_t handle) | |
227 | { | |
228 | char *sanitized; | |
229 | const char *name; | |
230 | int i, size, plen, len; | |
231 | ||
232 | name = mac_get_mpc(handle)->mpc_name; | |
233 | len = strlen(text); | |
234 | plen = 2 + strlen(name); | |
235 | if (plen + len >= MAC_AUDIT_DATA_LIMIT) | |
236 | return (EINVAL); | |
237 | ||
238 | /* | |
239 | * Make sure the text is only composed of only ASCII printable | |
240 | * characters. | |
241 | */ | |
242 | for (i=0; i < len; i++) | |
243 | if (text[i] < (char) 32 || text[i] > (char) 126) | |
244 | return (EINVAL); | |
245 | ||
246 | size = len + plen + 1; | |
247 | sanitized = (char *)zalloc(mac_audit_data_zone); | |
248 | ||
249 | strlcpy(sanitized, name, MAC_AUDIT_DATA_LIMIT); | |
250 | strncat(sanitized, ": ", MAC_AUDIT_DATA_LIMIT - plen + 2); | |
251 | strncat(sanitized, text, MAC_AUDIT_DATA_LIMIT - plen); | |
252 | ||
253 | return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, (u_char *)sanitized)); | |
254 | } | |
255 | ||
256 | int | |
257 | mac_audit_check_preselect(struct ucred *cred, unsigned short syscode, void *args) | |
258 | { | |
259 | struct mac_policy_conf *mpc; | |
260 | int ret, error; | |
261 | u_int i; | |
262 | ||
263 | ret = MAC_AUDIT_DEFAULT; | |
264 | for (i = 0; i < mac_policy_list.staticmax; i++) { | |
265 | mpc = mac_policy_list.entries[i].mpc; | |
266 | if (mpc == NULL) | |
267 | continue; | |
268 | ||
269 | if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) { | |
270 | error = mpc->mpc_ops->mpo_audit_check_preselect(cred, | |
271 | syscode, args); | |
272 | ret = (ret > error ? ret : error); | |
273 | } | |
274 | } | |
275 | if (mac_policy_list_conditional_busy() != 0) { | |
276 | for (; i <= mac_policy_list.maxindex; i++) { | |
277 | mpc = mac_policy_list.entries[i].mpc; | |
278 | if (mpc == NULL) | |
279 | continue; | |
280 | ||
281 | if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) { | |
282 | error = mpc->mpc_ops->mpo_audit_check_preselect(cred, | |
283 | syscode, args); | |
284 | ret = (ret > error ? ret : error); | |
285 | } | |
286 | } | |
287 | mac_policy_list_unbusy(); | |
288 | } | |
289 | ||
290 | return (ret); | |
291 | } | |
292 | ||
293 | int | |
294 | mac_audit_check_postselect(struct ucred *cred, unsigned short syscode, | |
295 | void *args, int error, int retval, int mac_forced) | |
296 | { | |
297 | struct mac_policy_conf *mpc; | |
298 | int ret, mac_error; | |
299 | u_int i; | |
300 | ||
301 | /* | |
302 | * If the audit was forced by a MAC policy by mac_audit_check_preselect(), | |
303 | * echo that. | |
304 | */ | |
305 | if (mac_forced) | |
306 | return (MAC_AUDIT_YES); | |
307 | ||
308 | ret = MAC_AUDIT_DEFAULT; | |
309 | for (i = 0; i < mac_policy_list.staticmax; i++) { | |
310 | mpc = mac_policy_list.entries[i].mpc; | |
311 | if (mpc == NULL) | |
312 | continue; | |
313 | ||
314 | if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) { | |
315 | mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred, | |
316 | syscode, args, error, retval); | |
317 | ret = (ret > mac_error ? ret : mac_error); | |
318 | } | |
319 | } | |
320 | if (mac_policy_list_conditional_busy() != 0) { | |
321 | for (; i <= mac_policy_list.maxindex; i++) { | |
322 | mpc = mac_policy_list.entries[i].mpc; | |
323 | if (mpc == NULL) | |
324 | continue; | |
325 | ||
326 | if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) { | |
327 | mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred, | |
328 | syscode, args, error, retval); | |
329 | ret = (ret > mac_error ? ret : mac_error); | |
330 | } | |
331 | } | |
332 | mac_policy_list_unbusy(); | |
333 | } | |
334 | ||
335 | return (ret); | |
336 | } | |
337 | ||
b0d623f7 | 338 | #else /* !CONFIG_AUDIT */ |
2d21ac55 A |
339 | |
340 | /* | |
341 | * Function stubs for when AUDIT isn't defined. | |
342 | */ | |
343 | ||
344 | int | |
b0d623f7 | 345 | mac_system_check_audit(__unused struct ucred *cred, __unused void *record, __unused int length) |
2d21ac55 A |
346 | { |
347 | ||
348 | return (0); | |
349 | } | |
350 | ||
351 | int | |
b0d623f7 | 352 | mac_system_check_auditon(__unused struct ucred *cred, __unused int cmd) |
2d21ac55 A |
353 | { |
354 | ||
355 | return (0); | |
356 | } | |
357 | ||
358 | int | |
b0d623f7 | 359 | mac_system_check_auditctl(__unused struct ucred *cred, __unused struct vnode *vp) |
2d21ac55 A |
360 | { |
361 | ||
362 | return (0); | |
363 | } | |
364 | ||
365 | int | |
366 | mac_proc_check_getauid(__unused struct proc *curp) | |
367 | { | |
368 | ||
369 | return (0); | |
370 | } | |
371 | ||
372 | int | |
373 | mac_proc_check_setauid(__unused struct proc *curp, __unused uid_t auid) | |
374 | { | |
375 | ||
376 | return (0); | |
377 | } | |
378 | ||
379 | int | |
380 | mac_proc_check_getaudit(__unused struct proc *curp) | |
381 | { | |
382 | ||
383 | return (0); | |
384 | } | |
385 | ||
386 | int | |
b0d623f7 A |
387 | mac_proc_check_setaudit(__unused struct proc *curp, |
388 | __unused struct auditinfo_addr *ai) | |
2d21ac55 A |
389 | { |
390 | ||
391 | return (0); | |
392 | } | |
393 | ||
394 | int | |
395 | mac_audit_check_preselect(__unused struct ucred *cred, __unused unsigned short syscode, | |
396 | __unused void *args) | |
397 | { | |
398 | ||
399 | return (MAC_AUDIT_DEFAULT); | |
400 | } | |
401 | ||
402 | int | |
403 | mac_audit_check_postselect(__unused struct ucred *cred, __unused unsigned short syscode, | |
404 | __unused void *args, __unused int error, __unused int retval, __unused int mac_forced) | |
405 | { | |
406 | ||
407 | return (MAC_AUDIT_DEFAULT); | |
408 | } | |
409 | ||
4a3eedf9 A |
410 | int |
411 | mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle) | |
412 | { | |
413 | return (0); | |
414 | } | |
b0d623f7 | 415 | #endif /* !CONFIG_AUDIT */ |