]> git.saurik.com Git - apple/xnu.git/blame - security/mac_audit.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / security / mac_audit.c
CommitLineData
2d21ac55 1/*
f427ee49 2 * Copyright (c) 2006-2020 Apple Inc. All rights reserved.
2d21ac55
A		 3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
0a7de745 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
0a7de745 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
0a7de745 17 *
2d21ac55
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
0a7de745 25 *
2d21ac55
A		 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
30 * Copyright (c) 2001 Ilmar S. Habibulin
31 * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc.
32 *
33 * This software was developed by Robert Watson and Ilmar Habibulin for the
34 * TrustedBSD Project.
35 *
36 * This software was developed for the FreeBSD Project in part by Network
37 * Associates Laboratories, the Security Research Division of Network
38 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
39 * as part of the DARPA CHATS research program.
40 *
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
43 * are met:
44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in the
48 * documentation and/or other materials provided with the distribution.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 *
62 */
63#include <sys/param.h>
0a7de745
A		 64#include <sys/types.h>
65#include <sys/vnode.h>
2d21ac55
A		 66#include <sys/vnode_internal.h>
67#include <sys/kauth.h>
0a7de745 68#include <sys/queue.h>
2d21ac55
A		 69#include <security/mac_internal.h>
70#include <bsd/bsm/audit.h>
b0d623f7 71#include <bsd/security/audit/audit.h>
2d21ac55
A		 72#include <bsd/sys/malloc.h>
73#include <vm/vm_kern.h>
2d21ac55
A		 74#include <kern/zalloc.h>
75
b0d623f7 76#if CONFIG_AUDIT
2d21ac55 77
f427ee49
A		 78ZONE_DECLARE(mac_audit_data_zone, "mac_audit_data_zone",
79 MAC_AUDIT_DATA_LIMIT, ZC_NONE);
2d21ac55
A		 80
81int
82mac_system_check_audit(struct ucred *cred, void *record, int length)
83{
84 int error;
85
86 MAC_CHECK(system_check_audit, cred, record, length);
87
0a7de745 88 return error;
2d21ac55
A		 89}
90
91int
92mac_system_check_auditon(struct ucred *cred, int cmd)
93{
94 int error;
95
96 MAC_CHECK(system_check_auditon, cred, cmd);
97
0a7de745 98 return error;
2d21ac55
A		 99}
100
101int
102mac_system_check_auditctl(struct ucred *cred, struct vnode *vp)
103{
104 int error;
105 struct label *vl = vp ? vp->v_label : NULL;
106
107 MAC_CHECK(system_check_auditctl, cred, vp, vl);
108
0a7de745 109 return error;
2d21ac55
A		 110}
111
112int
113mac_proc_check_getauid(struct proc *curp)
114{
115 kauth_cred_t cred;
116 int error;
117
3e170ce0 118#if SECURITY_MAC_CHECK_ENFORCE
5ba3f43e 119 /* 21167099 - only check if we allow write */
0a7de745 120 if (!mac_proc_enforce) {
5ba3f43e 121 return 0;
0a7de745 122 }
3e170ce0 123#endif
0a7de745
A		 124
125 if (!mac_proc_check_enforce(curp)) {
2d21ac55 126 return 0;
0a7de745 127 }
2d21ac55
A		 128
129 cred = kauth_cred_proc_ref(curp);
130 MAC_CHECK(proc_check_getauid, cred);
131 kauth_cred_unref(&cred);
132
0a7de745 133 return error;
2d21ac55
A		 134}
135
136int
137mac_proc_check_setauid(struct proc *curp, uid_t auid)
138{
139 kauth_cred_t cred;
140 int error;
141
3e170ce0 142#if SECURITY_MAC_CHECK_ENFORCE
5ba3f43e 143 /* 21167099 - only check if we allow write */
0a7de745 144 if (!mac_proc_enforce) {
5ba3f43e 145 return 0;
0a7de745 146 }
3e170ce0 147#endif
0a7de745 148 if (!mac_proc_check_enforce(curp)) {
5ba3f43e 149 return 0;
0a7de745 150 }
2d21ac55
A		 151
152 cred = kauth_cred_proc_ref(curp);
153 MAC_CHECK(proc_check_setauid, cred, auid);
154 kauth_cred_unref(&cred);
155
0a7de745 156 return error;
2d21ac55
A		 157}
158
0a7de745
A		 159int
160mac_proc_check_getaudit(struct proc *curp)
2d21ac55
A		 161{
162 kauth_cred_t cred;
163 int error;
164
3e170ce0 165#if SECURITY_MAC_CHECK_ENFORCE
5ba3f43e 166 /* 21167099 - only check if we allow write */
0a7de745 167 if (!mac_proc_enforce) {
5ba3f43e 168 return 0;
0a7de745 169 }
3e170ce0 170#endif
0a7de745 171 if (!mac_proc_check_enforce(curp)) {
5ba3f43e 172 return 0;
0a7de745 173 }
2d21ac55
A		 174
175 cred = kauth_cred_proc_ref(curp);
176 MAC_CHECK(proc_check_getaudit, cred);
177 kauth_cred_unref(&cred);
178
0a7de745 179 return error;
2d21ac55
A		 180}
181
182int
b0d623f7 183mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai)
2d21ac55
A		 184{
185 kauth_cred_t cred;
186 int error;
187
3e170ce0 188#if SECURITY_MAC_CHECK_ENFORCE
5ba3f43e 189 /* 21167099 - only check if we allow write */
0a7de745 190 if (!mac_proc_enforce) {
5ba3f43e 191 return 0;
0a7de745 192 }
3e170ce0 193#endif
0a7de745 194 if (!mac_proc_check_enforce(curp)) {
5ba3f43e 195 return 0;
0a7de745 196 }
2d21ac55
A		 197
198 cred = kauth_cred_proc_ref(curp);
199 MAC_CHECK(proc_check_setaudit, cred, ai);
200 kauth_cred_unref(&cred);
201
0a7de745 202 return error;
2d21ac55
A		 203}
204
205#if 0
206/*
207 * This is the framework entry point for MAC policies to use to add
208 * arbitrary data to the current audit record.
0a7de745 209 * (Currently not supported, as no existing audit viewers would
2d21ac55 210 * display this format)
0a7de745 211 *
2d21ac55
A		 212 */
213int
214mac_audit_data(int len, u_char *data, mac_policy_handle_t handle)
215{
216 char *sanitized;
217
0a7de745
A		 218 if ((len <= 0) || (len > MAC_AUDIT_DATA_LIMIT)) {
219 return EINVAL;
220 }
2d21ac55
A		 221
222 sanitized = (char *)zalloc(mac_audit_data_zone);
223
224 bcopy(data, sanitized, len);
0a7de745 225 return audit_mac_data(MAC_AUDIT_DATA_TYPE, len, sanitized);
2d21ac55
A		 226}
227#endif
228
229/*
230 * This is the entry point a MAC policy will call to add NULL-
231 * terminated ASCII text to the current audit record.
232 */
233int
234mac_audit_text(char *text, mac_policy_handle_t handle)
235{
236 char *sanitized;
237 const char *name;
cb323159 238 size_t i, size, plen, text_len;
2d21ac55
A		 239
240 name = mac_get_mpc(handle)->mpc_name;
cb323159 241 text_len = strlen(text);
2d21ac55 242 plen = 2 + strlen(name);
cb323159 243 if (plen + text_len >= MAC_AUDIT_DATA_LIMIT) {
0a7de745
A		 244 return EINVAL;
245 }
2d21ac55
A		 246
247 /*
248 * Make sure the text is only composed of only ASCII printable
249 * characters.
250 */
cb323159 251 for (i = 0; i < text_len; i++) {
0a7de745
A		 252 if (text[i] < (char) 32 || text[i] > (char) 126) {
253 return EINVAL;
254 }
255 }
2d21ac55 256
cb323159 257 size = text_len + plen + 1;
0a7de745 258 sanitized = (char *)zalloc(mac_audit_data_zone);
2d21ac55
A		 259
260 strlcpy(sanitized, name, MAC_AUDIT_DATA_LIMIT);
cb323159
A		 261 strlcat(sanitized, ": ", MAC_AUDIT_DATA_LIMIT);
262 strlcat(sanitized, text, MAC_AUDIT_DATA_LIMIT);
2d21ac55 263
0a7de745 264 return audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, (u_char *)sanitized);
2d21ac55
A		 265}
266
267int
268mac_audit_check_preselect(struct ucred *cred, unsigned short syscode, void *args)
269{
270 struct mac_policy_conf *mpc;
271 int ret, error;
272 u_int i;
273
274 ret = MAC_AUDIT_DEFAULT;
275 for (i = 0; i < mac_policy_list.staticmax; i++) {
276 mpc = mac_policy_list.entries[i].mpc;
0a7de745 277 if (mpc == NULL) {
2d21ac55 278 continue;
0a7de745 279 }
2d21ac55
A		 280
281 if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) {
282 error = mpc->mpc_ops->mpo_audit_check_preselect(cred,
283 syscode, args);
284 ret = (ret > error ? ret : error);
285 }
286 }
287 if (mac_policy_list_conditional_busy() != 0) {
288 for (; i <= mac_policy_list.maxindex; i++) {
289 mpc = mac_policy_list.entries[i].mpc;
0a7de745 290 if (mpc == NULL) {
2d21ac55 291 continue;
0a7de745 292 }
2d21ac55
A		 293
294 if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) {
295 error = mpc->mpc_ops->mpo_audit_check_preselect(cred,
296 syscode, args);
297 ret = (ret > error ? ret : error);
298 }
299 }
300 mac_policy_list_unbusy();
301 }
302
0a7de745 303 return ret;
2d21ac55
A		 304}
305
306int
307mac_audit_check_postselect(struct ucred *cred, unsigned short syscode,
308 void *args, int error, int retval, int mac_forced)
309{
310 struct mac_policy_conf *mpc;
311 int ret, mac_error;
312 u_int i;
313
314 /*
315 * If the audit was forced by a MAC policy by mac_audit_check_preselect(),
316 * echo that.
317 */
0a7de745
A		 318 if (mac_forced) {
319 return MAC_AUDIT_YES;
320 }
2d21ac55
A		 321
322 ret = MAC_AUDIT_DEFAULT;
323 for (i = 0; i < mac_policy_list.staticmax; i++) {
324 mpc = mac_policy_list.entries[i].mpc;
0a7de745 325 if (mpc == NULL) {
2d21ac55 326 continue;
0a7de745 327 }
2d21ac55
A		 328
329 if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) {
330 mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred,
331 syscode, args, error, retval);
332 ret = (ret > mac_error ? ret : mac_error);
333 }
334 }
335 if (mac_policy_list_conditional_busy() != 0) {
336 for (; i <= mac_policy_list.maxindex; i++) {
337 mpc = mac_policy_list.entries[i].mpc;
0a7de745 338 if (mpc == NULL) {
2d21ac55 339 continue;
0a7de745 340 }
2d21ac55
A		 341
342 if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) {
343 mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred,
344 syscode, args, error, retval);
345 ret = (ret > mac_error ? ret : mac_error);
346 }
347 }
348 mac_policy_list_unbusy();
349 }
350
0a7de745 351 return ret;
2d21ac55
A		 352}
353
0a7de745 354#else /* !CONFIG_AUDIT */
2d21ac55
A		 355
356/*
357 * Function stubs for when AUDIT isn't defined.
358 */
359
360int
b0d623f7 361mac_system_check_audit(__unused struct ucred *cred, __unused void *record, __unused int length)
2d21ac55 362{
0a7de745 363 return 0;
2d21ac55
A		 364}
365
366int
b0d623f7 367mac_system_check_auditon(__unused struct ucred *cred, __unused int cmd)
2d21ac55 368{
0a7de745 369 return 0;
2d21ac55
A		 370}
371
372int
b0d623f7 373mac_system_check_auditctl(__unused struct ucred *cred, __unused struct vnode *vp)
2d21ac55 374{
0a7de745 375 return 0;
2d21ac55
A		 376}
377
378int
379mac_proc_check_getauid(__unused struct proc *curp)
380{
0a7de745 381 return 0;
2d21ac55
A		 382}
383
384int
385mac_proc_check_setauid(__unused struct proc *curp, __unused uid_t auid)
386{
0a7de745 387 return 0;
2d21ac55
A		 388}
389
390int
391mac_proc_check_getaudit(__unused struct proc *curp)
392{
0a7de745 393 return 0;
2d21ac55
A		 394}
395
396int
b0d623f7
A		 397mac_proc_check_setaudit(__unused struct proc *curp,
398 __unused struct auditinfo_addr *ai)
2d21ac55 399{
0a7de745 400 return 0;
2d21ac55
A		 401}
402
403int
404mac_audit_check_preselect(__unused struct ucred *cred, __unused unsigned short syscode,
405 __unused void *args)
406{
0a7de745 407 return MAC_AUDIT_DEFAULT;
2d21ac55
A		 408}
409
410int
411mac_audit_check_postselect(__unused struct ucred *cred, __unused unsigned short syscode,
412 __unused void *args, __unused int error, __unused int retval, __unused int mac_forced)
413{
0a7de745 414 return MAC_AUDIT_DEFAULT;
2d21ac55
A		 415}
416
4a3eedf9
A		 417int
418mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle)
419{
0a7de745 420 return 0;
4a3eedf9 421}
0a7de745 422#endif /* !CONFIG_AUDIT */
mirror of XNU