]> git.saurik.com Git - apple/xnu.git/blob - security/mac_audit.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1504.9.37.tar.gz
[apple/xnu.git] / security / mac_audit.c
1 /*
2 * Copyright (c) 2006-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
30 * Copyright (c) 2001 Ilmar S. Habibulin
31 * Copyright (c) 2001, 2002, 2003, 2004 Networks Associates Technology, Inc.
32 *
33 * This software was developed by Robert Watson and Ilmar Habibulin for the
34 * TrustedBSD Project.
35 *
36 * This software was developed for the FreeBSD Project in part by Network
37 * Associates Laboratories, the Security Research Division of Network
38 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
39 * as part of the DARPA CHATS research program.
40 *
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
43 * are met:
44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in the
48 * documentation and/or other materials provided with the distribution.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 *
62 */
63 #include <sys/param.h>
64 #include <sys/types.h>
65 #include <sys/vnode.h>
66 #include <sys/vnode_internal.h>
67 #include <sys/kauth.h>
68 #include <sys/queue.h>
69 #include <security/mac_internal.h>
70 #include <bsd/bsm/audit.h>
71 #include <bsd/security/audit/audit.h>
72 #include <bsd/sys/malloc.h>
73 #include <vm/vm_kern.h>
74 #include <kern/kalloc.h>
75 #include <kern/zalloc.h>
76
77
78 int mac_audit(__unused int len, __unused u_char *data);
79
80
81 #if CONFIG_AUDIT
82
83 /* The zone allocator is initialized in mac_base.c. */
84 zone_t mac_audit_data_zone;
85
86 int
87 mac_system_check_audit(struct ucred *cred, void *record, int length)
88 {
89 int error;
90
91 MAC_CHECK(system_check_audit, cred, record, length);
92
93 return (error);
94 }
95
96 int
97 mac_system_check_auditon(struct ucred *cred, int cmd)
98 {
99 int error;
100
101 MAC_CHECK(system_check_auditon, cred, cmd);
102
103 return (error);
104 }
105
106 int
107 mac_system_check_auditctl(struct ucred *cred, struct vnode *vp)
108 {
109 int error;
110 struct label *vl = vp ? vp->v_label : NULL;
111
112 MAC_CHECK(system_check_auditctl, cred, vp, vl);
113
114 return (error);
115 }
116
117 int
118 mac_proc_check_getauid(struct proc *curp)
119 {
120 kauth_cred_t cred;
121 int error;
122
123 if (!mac_proc_enforce ||
124 !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
125 return 0;
126
127 cred = kauth_cred_proc_ref(curp);
128 MAC_CHECK(proc_check_getauid, cred);
129 kauth_cred_unref(&cred);
130
131 return (error);
132 }
133
134 int
135 mac_proc_check_setauid(struct proc *curp, uid_t auid)
136 {
137 kauth_cred_t cred;
138 int error;
139
140 if (!mac_proc_enforce ||
141 !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
142 return 0;
143
144 cred = kauth_cred_proc_ref(curp);
145 MAC_CHECK(proc_check_setauid, cred, auid);
146 kauth_cred_unref(&cred);
147
148 return (error);
149 }
150
151 int
152 mac_proc_check_getaudit(struct proc *curp)
153 {
154 kauth_cred_t cred;
155 int error;
156
157 if (!mac_proc_enforce ||
158 !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
159 return 0;
160
161 cred = kauth_cred_proc_ref(curp);
162 MAC_CHECK(proc_check_getaudit, cred);
163 kauth_cred_unref(&cred);
164
165 return (error);
166 }
167
168 int
169 mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai)
170 {
171 kauth_cred_t cred;
172 int error;
173
174 if (!mac_proc_enforce ||
175 !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
176 return 0;
177
178 cred = kauth_cred_proc_ref(curp);
179 MAC_CHECK(proc_check_setaudit, cred, ai);
180 kauth_cred_unref(&cred);
181
182 return (error);
183 }
184
185 #if 0
186 /*
187 * This is the framework entry point for MAC policies to use to add
188 * arbitrary data to the current audit record.
189 * (Currently not supported, as no existing audit viewers would
190 * display this format)
191 *
192 */
193 int
194 mac_audit_data(int len, u_char *data, mac_policy_handle_t handle)
195 {
196 char *sanitized;
197
198 if ((len <= 0) || (len > MAC_AUDIT_DATA_LIMIT))
199 return (EINVAL);
200
201 sanitized = (char *)zalloc(mac_audit_data_zone);
202
203 bcopy(data, sanitized, len);
204 return (audit_mac_data(MAC_AUDIT_DATA_TYPE, len, sanitized));
205 }
206 #endif
207
208 /*
209 * This is the entry point a MAC policy will call to add NULL-
210 * terminated ASCII text to the current audit record.
211 */
212 int
213 mac_audit_text(char *text, mac_policy_handle_t handle)
214 {
215 char *sanitized;
216 const char *name;
217 int i, size, plen, len;
218
219 name = mac_get_mpc(handle)->mpc_name;
220 len = strlen(text);
221 plen = 2 + strlen(name);
222 if (plen + len >= MAC_AUDIT_DATA_LIMIT)
223 return (EINVAL);
224
225 /*
226 * Make sure the text is only composed of only ASCII printable
227 * characters.
228 */
229 for (i=0; i < len; i++)
230 if (text[i] < (char) 32 || text[i] > (char) 126)
231 return (EINVAL);
232
233 size = len + plen + 1;
234 sanitized = (char *)zalloc(mac_audit_data_zone);
235
236 strlcpy(sanitized, name, MAC_AUDIT_DATA_LIMIT);
237 strncat(sanitized, ": ", MAC_AUDIT_DATA_LIMIT - plen + 2);
238 strncat(sanitized, text, MAC_AUDIT_DATA_LIMIT - plen);
239
240 return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, size, (u_char *)sanitized));
241 }
242
243 int
244 mac_audit_check_preselect(struct ucred *cred, unsigned short syscode, void *args)
245 {
246 struct mac_policy_conf *mpc;
247 int ret, error;
248 u_int i;
249
250 ret = MAC_AUDIT_DEFAULT;
251 for (i = 0; i < mac_policy_list.staticmax; i++) {
252 mpc = mac_policy_list.entries[i].mpc;
253 if (mpc == NULL)
254 continue;
255
256 if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) {
257 error = mpc->mpc_ops->mpo_audit_check_preselect(cred,
258 syscode, args);
259 ret = (ret > error ? ret : error);
260 }
261 }
262 if (mac_policy_list_conditional_busy() != 0) {
263 for (; i <= mac_policy_list.maxindex; i++) {
264 mpc = mac_policy_list.entries[i].mpc;
265 if (mpc == NULL)
266 continue;
267
268 if (mpc->mpc_ops->mpo_audit_check_preselect != NULL) {
269 error = mpc->mpc_ops->mpo_audit_check_preselect(cred,
270 syscode, args);
271 ret = (ret > error ? ret : error);
272 }
273 }
274 mac_policy_list_unbusy();
275 }
276
277 return (ret);
278 }
279
280 int
281 mac_audit_check_postselect(struct ucred *cred, unsigned short syscode,
282 void *args, int error, int retval, int mac_forced)
283 {
284 struct mac_policy_conf *mpc;
285 int ret, mac_error;
286 u_int i;
287
288 /*
289 * If the audit was forced by a MAC policy by mac_audit_check_preselect(),
290 * echo that.
291 */
292 if (mac_forced)
293 return (MAC_AUDIT_YES);
294
295 ret = MAC_AUDIT_DEFAULT;
296 for (i = 0; i < mac_policy_list.staticmax; i++) {
297 mpc = mac_policy_list.entries[i].mpc;
298 if (mpc == NULL)
299 continue;
300
301 if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) {
302 mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred,
303 syscode, args, error, retval);
304 ret = (ret > mac_error ? ret : mac_error);
305 }
306 }
307 if (mac_policy_list_conditional_busy() != 0) {
308 for (; i <= mac_policy_list.maxindex; i++) {
309 mpc = mac_policy_list.entries[i].mpc;
310 if (mpc == NULL)
311 continue;
312
313 if (mpc->mpc_ops->mpo_audit_check_postselect != NULL) {
314 mac_error = mpc->mpc_ops->mpo_audit_check_postselect(cred,
315 syscode, args, error, retval);
316 ret = (ret > mac_error ? ret : mac_error);
317 }
318 }
319 mac_policy_list_unbusy();
320 }
321
322 return (ret);
323 }
324
325 #else /* !CONFIG_AUDIT */
326
327 /*
328 * Function stubs for when AUDIT isn't defined.
329 */
330
331 int
332 mac_system_check_audit(__unused struct ucred *cred, __unused void *record, __unused int length)
333 {
334
335 return (0);
336 }
337
338 int
339 mac_system_check_auditon(__unused struct ucred *cred, __unused int cmd)
340 {
341
342 return (0);
343 }
344
345 int
346 mac_system_check_auditctl(__unused struct ucred *cred, __unused struct vnode *vp)
347 {
348
349 return (0);
350 }
351
352 int
353 mac_proc_check_getauid(__unused struct proc *curp)
354 {
355
356 return (0);
357 }
358
359 int
360 mac_proc_check_setauid(__unused struct proc *curp, __unused uid_t auid)
361 {
362
363 return (0);
364 }
365
366 int
367 mac_proc_check_getaudit(__unused struct proc *curp)
368 {
369
370 return (0);
371 }
372
373 int
374 mac_proc_check_setaudit(__unused struct proc *curp,
375 __unused struct auditinfo_addr *ai)
376 {
377
378 return (0);
379 }
380
381 int
382 mac_audit_check_preselect(__unused struct ucred *cred, __unused unsigned short syscode,
383 __unused void *args)
384 {
385
386 return (MAC_AUDIT_DEFAULT);
387 }
388
389 int
390 mac_audit_check_postselect(__unused struct ucred *cred, __unused unsigned short syscode,
391 __unused void *args, __unused int error, __unused int retval, __unused int mac_forced)
392 {
393
394 return (MAC_AUDIT_DEFAULT);
395 }
396
397 int
398 mac_audit(__unused int len, __unused u_char *data)
399 {
400
401 return (0);
402 }
403
404 int
405 mac_audit_text(__unused char *text, __unused mac_policy_handle_t handle)
406 {
407 return (0);
408 }
409 #endif /* !CONFIG_AUDIT */
mirror of XNU