bsd/kern/kern_priv.c

   1 /*
   2  * Copyright (c) 2010 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28 /*-
  29  * Copyright (c) 2006 nCircle Network Security, Inc.
  30  * Copyright (c) 2009 Robert N. M. Watson
  31  * All rights reserved.
  32  *
  33  * This software was developed by Robert N. M. Watson for the TrustedBSD
  34  * Project under contract to nCircle Network Security, Inc.
  35  *
  36  * Redistribution and use in source and binary forms, with or without
  37  * modification, are permitted provided that the following conditions
  38  * are met:
  39  * 1. Redistributions of source code must retain the above copyright
  40  *    notice, this list of conditions and the following disclaimer.
  41  * 2. Redistributions in binary form must reproduce the above copyright
  42  *    notice, this list of conditions and the following disclaimer in the
  43  *    documentation and/or other materials provided with the distribution.
  44  *
  45  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  46  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  47  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  48  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
  49  * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  50  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
  51  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  52  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  53  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  54  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  55  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  56  */
  57
  58 #include <sys/cdefs.h>
  59
  60 #include <sys/param.h>
  61 #include <sys/kernel.h>
  62 #include <sys/priv.h>
  63 #include <sys/proc.h>
  64 #include <sys/systm.h>
  65 #include <sys/kauth.h>
  66
  67 #if CONFIG_MACF
  68 #include <security/mac_framework.h>
  69 #endif
  70
  71 int proc_check_footprint_priv(void);
  72
  73 /*
  74  * Check a credential for privilege.  Lots of good reasons to deny privilege;
  75  * only a few to grant it.
  76  */
  77 int
  78 priv_check_cred(kauth_cred_t cred, int priv, __unused int flags)
  79 {
  80 #if !CONFIG_MACF
  81 #pragma unused(priv)
  82 #endif
  83         int error;
  84
  85         /*
  86          * We first evaluate policies that may deny the granting of
  87          * privilege unilaterally.
  88          */
  89 #if CONFIG_MACF
  90         error = mac_priv_check(cred, priv);
  91         if (error)
  92                 goto out;
  93 #endif
  94
  95         /*
  96          * Having determined if privilege is restricted by various policies,
  97          * now determine if privilege is granted.  At this point, any policy
  98          * may grant privilege.  For now, we allow short-circuit boolean
  99          * evaluation, so may not call all policies.  Perhaps we should.
 100          */
 101         if (kauth_cred_getuid(cred) == 0) {
 102                 error = 0;
 103                 goto out;
 104         }
 105
 106         /*
 107          * Now check with MAC, if enabled, to see if a policy module grants
 108          * privilege.
 109          */
 110 #if CONFIG_MACF
 111         if (mac_priv_grant(cred, priv) == 0) {
 112                 error = 0;
 113                 goto out;
 114         }
 115 #endif
 116
 117         /*
 118          * The default is deny, so if no policies have granted it, reject
 119          * with a privilege error here.
 120          */
 121         error = EPERM;
 122 out:
 123         return (error);
 124 }
 125
 126 int
 127 proc_check_footprint_priv(void)
 128 {
 129         return (priv_check_cred(kauth_cred_get(), PRIV_VM_FOOTPRINT_LIMIT, 0));
 130 }