]> git.saurik.com Git - apple/xnu.git/blob - security/mac_internal.h
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / security / mac_internal.h
1 /*
2 * Copyright (c) 2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*-
30 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
31 * Copyright (c) 2001 Ilmar S. Habibulin
32 * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc.
33 * Copyright (c) 2005 SPARTA, Inc.
34 * All rights reserved.
35 *
36 * This software was developed by Robert Watson and Ilmar Habibulin for the
37 * TrustedBSD Project.
38 *
39 * This software was developed for the FreeBSD Project in part by Network
40 * Associates Laboratories, the Security Research Division of Network
41 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
42 * as part of the DARPA CHATS research program.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 */
66
67 #ifndef _SECURITY_MAC_INTERNAL_H_
68 #define _SECURITY_MAC_INTERNAL_H_
69
70 #ifndef PRIVATE
71 #warning "MAC policy is not KPI, see Technical Q&A QA1574, this header will be removed in next version"
72 #endif
73
74 #include <string.h>
75 #include <sys/param.h>
76 #include <sys/queue.h>
77 #include <security/mac.h>
78 #include <security/mac_framework.h>
79 #include <security/mac_policy.h>
80 #include <security/mac_data.h>
81 #include <sys/sysctl.h>
82 #include <kern/locks.h>
83 #include <sys/kernel.h>
84 #include <sys/lock.h>
85 #include <sys/malloc.h>
86 #include <sys/sbuf.h>
87 #include <sys/proc.h>
88 #include <sys/systm.h>
89 #include <sys/socket.h>
90 #include <sys/socketvar.h>
91 #include <sys/vnode.h>
92
93 /*
94 * MAC Framework sysctl namespace.
95 */
96
97 SYSCTL_DECL(_security);
98 SYSCTL_DECL(_security_mac);
99
100 extern int mac_late;
101
102 struct mac_policy_list_element {
103 struct mac_policy_conf *mpc;
104 };
105
106 struct mac_policy_list {
107 u_int numloaded;
108 u_int max;
109 u_int maxindex;
110 u_int staticmax;
111 u_int chunks;
112 u_int freehint;
113 struct mac_policy_list_element *entries;
114 };
115
116 typedef struct mac_policy_list mac_policy_list_t;
117
118
119 /*
120 * Policy that has registered with the framework for a specific
121 * label namespace name.
122 */
123 struct mac_label_listener {
124 mac_policy_handle_t mll_handle;
125 LIST_ENTRY(mac_label_listener) mll_list;
126 };
127
128 LIST_HEAD(mac_label_listeners_t, mac_label_listener);
129
130 /*
131 * Type of list used to manage label namespace names.
132 */
133 struct mac_label_element {
134 char mle_name[MAC_MAX_LABEL_ELEMENT_NAME];
135 struct mac_label_listeners_t mle_listeners;
136 LIST_ENTRY(mac_label_element) mle_list;
137 };
138
139 LIST_HEAD(mac_label_element_list_t, mac_label_element);
140
141 /*
142 * MAC Framework global variables.
143 */
144
145 extern struct mac_label_element_list_t mac_label_element_list;
146 extern struct mac_label_element_list_t mac_static_label_element_list;
147
148 extern struct mac_policy_list mac_policy_list;
149
150 /*
151 * global flags to control whether a MACF subsystem is configured
152 * at all in the system.
153 */
154 extern unsigned int mac_device_enforce;
155 extern unsigned int mac_pipe_enforce;
156 extern unsigned int mac_posixsem_enforce;
157 extern unsigned int mac_posixshm_enforce;
158 extern unsigned int mac_proc_enforce;
159 extern unsigned int mac_socket_enforce;
160 extern unsigned int mac_system_enforce;
161 extern unsigned int mac_sysvmsg_enforce;
162 extern unsigned int mac_sysvsem_enforce;
163 extern unsigned int mac_sysvshm_enforce;
164 extern unsigned int mac_vm_enforce;
165 extern unsigned int mac_vnode_enforce;
166
167 extern unsigned int mac_label_vnodes;
168 extern unsigned int mac_vnode_label_count;
169
170 static bool mac_proc_check_enforce(proc_t p);
171
172 static __inline__ bool
173 mac_proc_check_enforce(proc_t p)
174 {
175 #if CONFIG_MACF
176 // Don't apply policies to the kernel itself.
177 return p != kernproc;
178 #else
179 #pragma unused(p)
180 return false;
181 #endif // CONFIG_MACF
182 }
183
184 static bool mac_cred_check_enforce(kauth_cred_t cred);
185
186 static __inline__ bool
187 mac_cred_check_enforce(kauth_cred_t cred)
188 {
189 #if CONFIG_MACF
190 return cred != proc_ucred(kernproc);
191 #else
192 #pragma unused(p)
193 return false;
194 #endif // CONFIG_MACF
195 }
196
197 /*
198 * MAC Framework infrastructure functions.
199 */
200
201 int mac_error_select(int error1, int error2);
202
203 void mac_policy_list_busy(void);
204 int mac_policy_list_conditional_busy(void);
205 void mac_policy_list_unbusy(void);
206
207 void mac_labelzone_init(void);
208 struct label *mac_labelzone_alloc(int flags);
209 void mac_labelzone_free(struct label *label);
210
211 void mac_label_init(struct label *label);
212 void mac_label_destroy(struct label *label);
213 #if KERNEL
214 int mac_check_structmac_consistent(struct user_mac *mac);
215 #else
216 int mac_check_structmac_consistent(struct mac *mac);
217 #endif
218
219 int mac_cred_label_externalize(struct label *, char *e, char *out, size_t olen, int flags);
220 int mac_vnode_label_externalize(struct label *, char *e, char *out, size_t olen, int flags);
221
222 int mac_cred_label_internalize(struct label *label, char *string);
223 int mac_vnode_label_internalize(struct label *label, char *string);
224
225 /*
226 * MAC_CHECK performs the designated check by walking the policy
227 * module list and checking with each as to how it feels about the
228 * request. Note that it returns its value via 'error' in the scope
229 * of the caller.
230 */
231 #define MAC_CHECK(check, args...) do { \
232 struct mac_policy_conf *mpc; \
233 u_int i; \
234 \
235 error = 0; \
236 for (i = 0; i < mac_policy_list.staticmax; i++) { \
237 mpc = mac_policy_list.entries[i].mpc; \
238 if (mpc == NULL) \
239 continue; \
240 \
241 if (mpc->mpc_ops->mpo_ ## check != NULL) \
242 error = mac_error_select( \
243 mpc->mpc_ops->mpo_ ## check (args), \
244 error); \
245 } \
246 if (mac_policy_list_conditional_busy() != 0) { \
247 for (; i <= mac_policy_list.maxindex; i++) { \
248 mpc = mac_policy_list.entries[i].mpc; \
249 if (mpc == NULL) \
250 continue; \
251 \
252 if (mpc->mpc_ops->mpo_ ## check != NULL) \
253 error = mac_error_select( \
254 mpc->mpc_ops->mpo_ ## check (args), \
255 error); \
256 } \
257 mac_policy_list_unbusy(); \
258 } \
259 } while (0)
260
261 /*
262 * MAC_GRANT performs the designated check by walking the policy
263 * module list and checking with each as to how it feels about the
264 * request. Unlike MAC_CHECK, it grants if any policies return '0',
265 * and otherwise returns EPERM. Note that it returns its value via
266 * 'error' in the scope of the caller.
267 */
268 #define MAC_GRANT(check, args...) do { \
269 struct mac_policy_conf *mpc; \
270 u_int i; \
271 \
272 error = EPERM; \
273 for (i = 0; i < mac_policy_list.staticmax; i++) { \
274 mpc = mac_policy_list.entries[i].mpc; \
275 if (mpc == NULL) \
276 continue; \
277 \
278 if (mpc->mpc_ops->mpo_ ## check != NULL) { \
279 if (mpc->mpc_ops->mpo_ ## check (args) == 0) \
280 error = 0; \
281 } \
282 } \
283 if (mac_policy_list_conditional_busy() != 0) { \
284 for (; i <= mac_policy_list.maxindex; i++) { \
285 mpc = mac_policy_list.entries[i].mpc; \
286 if (mpc == NULL) \
287 continue; \
288 \
289 if (mpc->mpc_ops->mpo_ ## check != NULL) { \
290 if (mpc->mpc_ops->mpo_ ## check (args) \
291 == 0) \
292 error = 0; \
293 } \
294 } \
295 mac_policy_list_unbusy(); \
296 } \
297 } while (0)
298
299 /*
300 * MAC_BOOLEAN performs the designated boolean composition by walking
301 * the module list, invoking each instance of the operation, and
302 * combining the results using the passed C operator. Note that it
303 * returns its value via 'result' in the scope of the caller, which
304 * should be initialized by the caller in a meaningful way to get
305 * a meaningful result.
306 */
307 #define MAC_BOOLEAN(operation, composition, args...) do { \
308 struct mac_policy_conf *mpc; \
309 u_int i; \
310 \
311 for (i = 0; i < mac_policy_list.staticmax; i++) { \
312 mpc = mac_policy_list.entries[i].mpc; \
313 if (mpc == NULL) \
314 continue; \
315 \
316 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
317 result = result composition \
318 mpc->mpc_ops->mpo_ ## operation \
319 (args); \
320 } \
321 if (mac_policy_list_conditional_busy() != 0) { \
322 for (; i <= mac_policy_list.maxindex; i++) { \
323 mpc = mac_policy_list.entries[i].mpc; \
324 if (mpc == NULL) \
325 continue; \
326 \
327 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
328 result = result composition \
329 mpc->mpc_ops->mpo_ ## operation \
330 (args); \
331 } \
332 mac_policy_list_unbusy(); \
333 } \
334 } while (0)
335
336 #define MAC_INTERNALIZE(obj, label, instring) \
337 mac_internalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_internalize), label, instring)
338
339 #define MAC_EXTERNALIZE(obj, label, elementlist, outbuf, outbuflen) \
340 mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize), label, elementlist, outbuf, outbuflen)
341
342 #define MAC_EXTERNALIZE_AUDIT(obj, label, outbuf, outbuflen) \
343 mac_externalize(offsetof(struct mac_policy_ops, mpo_ ## obj ## _label_externalize_audit), label, "*", outbuf, outbuflen)
344
345 /*
346 * MAC_PERFORM performs the designated operation by walking the policy
347 * module list and invoking that operation for each policy.
348 */
349 #define MAC_PERFORM(operation, args...) do { \
350 struct mac_policy_conf *mpc; \
351 u_int i; \
352 \
353 for (i = 0; i < mac_policy_list.staticmax; i++) { \
354 mpc = mac_policy_list.entries[i].mpc; \
355 if (mpc == NULL) \
356 continue; \
357 \
358 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
359 mpc->mpc_ops->mpo_ ## operation (args); \
360 } \
361 if (mac_policy_list_conditional_busy() != 0) { \
362 for (; i <= mac_policy_list.maxindex; i++) { \
363 mpc = mac_policy_list.entries[i].mpc; \
364 if (mpc == NULL) \
365 continue; \
366 \
367 if (mpc->mpc_ops->mpo_ ## operation != NULL) \
368 mpc->mpc_ops->mpo_ ## operation (args); \
369 } \
370 mac_policy_list_unbusy(); \
371 } \
372 } while (0)
373
374 struct __mac_get_pid_args;
375 struct __mac_get_proc_args;
376 struct __mac_set_proc_args;
377 struct __mac_get_lcid_args;
378 struct __mac_get_fd_args;
379 struct __mac_get_file_args;
380 struct __mac_get_link_args;
381 struct __mac_set_fd_args;
382 struct __mac_set_file_args;
383 struct __mac_syscall_args;
384
385 void mac_policy_addto_labellist(const mac_policy_handle_t, int);
386 void mac_policy_removefrom_labellist(const mac_policy_handle_t);
387
388 int mac_externalize(size_t mpo_externalize_off, struct label *label,
389 const char *elementlist, char *outbuf, size_t outbuflen);
390 int mac_internalize(size_t mpo_internalize_off, struct label *label,
391 char *elementlist);
392 #endif /* !_SECURITY_MAC_INTERNAL_H_ */
mirror of XNU