X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/527f99514973766e9c0382a4d8550dfb00f54939..0a7de7458d150b5d4dffc935ba399be265ef0a1a:/security/mac_base.c diff --git a/security/mac_base.c b/security/mac_base.c index 2bd03b8eb..c31e5fdc6 100644 --- a/security/mac_base.c +++ b/security/mac_base.c @@ -2,7 +2,7 @@ * Copyright (c) 2007-2016 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in @@ -11,10 +11,10 @@ * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. - * + * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -22,7 +22,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /*- @@ -109,22 +109,22 @@ #include #endif -/* +/* * define MB_DEBUG to display run-time debugging information * #define MB_DEBUG 1 */ #ifdef MB_DEBUG -#define DPRINTF(x) printf x +#define DPRINTF(x) printf x #else #define MB_DEBUG #define DPRINTF(x) #endif #if CONFIG_MACF -SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW|CTLFLAG_LOCKED, 0, +SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Security Controls"); -SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW|CTLFLAG_LOCKED, 0, +SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "TrustedBSD MAC policy controls"); /* @@ -150,7 +150,7 @@ SYSCTL_UINT(_security_mac, OID_AUTO, max_slots, CTLFLAG_RD | CTLFLAG_LOCKED, * access to this variable is serialized during the boot process. Following * the end of serialization, we don't update this flag; no locking. */ -int mac_late = 0; +int mac_late = 0; /* * Flag to indicate whether or not we should allocate label storage for @@ -164,9 +164,9 @@ int mac_late = 0; * be a problem. Note: currently no locking. Will this be a problem? */ #if CONFIG_MACF_NET -unsigned int mac_label_mbufs = 1; +unsigned int mac_label_mbufs = 1; SYSCTL_UINT(_security_mac, OID_AUTO, label_mbufs, SECURITY_MAC_CTLFLAGS, - &mac_label_mbufs, 0, "Label all MBUFs"); + &mac_label_mbufs, 0, "Label all MBUFs"); #endif @@ -181,19 +181,19 @@ SYSCTL_UINT(_security_mac, OID_AUTO, label_mbufs, SECURITY_MAC_CTLFLAGS, * already has to deal with uninitialized labels, this probably won't * be a problem. */ -unsigned int mac_label_vnodes = 0; +unsigned int mac_label_vnodes = 0; SYSCTL_UINT(_security_mac, OID_AUTO, labelvnodes, SECURITY_MAC_CTLFLAGS, &mac_label_vnodes, 0, "Label all vnodes"); unsigned int mac_device_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, device_enforce, SECURITY_MAC_CTLFLAGS, - &mac_device_enforce, 0, "Enforce MAC policy on device operations"); + &mac_device_enforce, 0, "Enforce MAC policy on device operations"); -unsigned int mac_pipe_enforce = 1; +unsigned int mac_pipe_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, pipe_enforce, SECURITY_MAC_CTLFLAGS, &mac_pipe_enforce, 0, "Enforce MAC policy on pipe operations"); -unsigned int mac_posixsem_enforce = 1; +unsigned int mac_posixsem_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, posixsem_enforce, SECURITY_MAC_CTLFLAGS, &mac_posixsem_enforce, 0, "Enforce MAC policy on POSIX semaphores"); @@ -201,37 +201,37 @@ unsigned int mac_posixshm_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, posixshm_enforce, SECURITY_MAC_CTLFLAGS, &mac_posixshm_enforce, 0, "Enforce MAC policy on Posix Shared Memory"); -unsigned int mac_proc_enforce = 1; +unsigned int mac_proc_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, proc_enforce, SECURITY_MAC_CTLFLAGS, - &mac_proc_enforce, 0, "Enforce MAC policy on process operations"); + &mac_proc_enforce, 0, "Enforce MAC policy on process operations"); unsigned int mac_socket_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, socket_enforce, SECURITY_MAC_CTLFLAGS, - &mac_socket_enforce, 0, "Enforce MAC policy on socket operations"); + &mac_socket_enforce, 0, "Enforce MAC policy on socket operations"); -unsigned int mac_system_enforce = 1; +unsigned int mac_system_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, system_enforce, SECURITY_MAC_CTLFLAGS, &mac_system_enforce, 0, "Enforce MAC policy on system-wide interfaces"); -unsigned int mac_sysvmsg_enforce = 1; +unsigned int mac_sysvmsg_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, sysvmsg_enforce, SECURITY_MAC_CTLFLAGS, &mac_sysvmsg_enforce, 0, "Enforce MAC policy on System V IPC message queues"); -unsigned int mac_sysvsem_enforce = 1; +unsigned int mac_sysvsem_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, sysvsem_enforce, SECURITY_MAC_CTLFLAGS, &mac_sysvsem_enforce, 0, "Enforce MAC policy on System V IPC semaphores"); -unsigned int mac_sysvshm_enforce = 1; +unsigned int mac_sysvshm_enforce = 1; SYSCTL_INT(_security_mac, OID_AUTO, sysvshm_enforce, SECURITY_MAC_CTLFLAGS, &mac_sysvshm_enforce, 0, "Enforce MAC policy on System V Shared Memory"); -unsigned int mac_vm_enforce = 1; +unsigned int mac_vm_enforce = 1; SYSCTL_INT(_security_mac, OID_AUTO, vm_enforce, SECURITY_MAC_CTLFLAGS, - &mac_vm_enforce, 0, "Enforce MAC policy on VM operations"); + &mac_vm_enforce, 0, "Enforce MAC policy on VM operations"); -unsigned int mac_vnode_enforce = 1; +unsigned int mac_vnode_enforce = 1; SYSCTL_UINT(_security_mac, OID_AUTO, vnode_enforce, SECURITY_MAC_CTLFLAGS, - &mac_vnode_enforce, 0, "Enforce MAC policy on vnode operations"); + &mac_vnode_enforce, 0, "Enforce MAC policy on vnode operations"); #if CONFIG_AUDIT /* @@ -279,7 +279,7 @@ mac_policy_list_t mac_policy_list; * mac_label_element_list holds the master list of label namespaces for * all the policies. When a policy is loaded, each of it's label namespace * elements is added to the master list if not already present. When a - * policy is unloaded, the namespace elements are removed if no other + * policy is unloaded, the namespace elements are removed if no other * policy is interested in that namespace element. */ struct mac_label_element_list_t mac_label_element_list; @@ -291,7 +291,7 @@ mac_policy_grab_exclusive(void) lck_mtx_lock(mac_policy_mtx); while (mac_policy_busy != 0) { lck_mtx_sleep(mac_policy_mtx, LCK_SLEEP_UNLOCK, - (event_t)&mac_policy_busy, THREAD_UNINT); + (event_t)&mac_policy_busy, THREAD_UNINT); lck_mtx_lock(mac_policy_mtx); } } @@ -299,7 +299,6 @@ mac_policy_grab_exclusive(void) static __inline void mac_policy_release_exclusive(void) { - KASSERT(mac_policy_busy == 0, ("mac_policy_release_exclusive(): not exclusive")); lck_mtx_unlock(mac_policy_mtx); @@ -309,7 +308,7 @@ mac_policy_release_exclusive(void) void mac_policy_list_busy(void) { - lck_mtx_lock(mac_policy_mtx); + lck_mtx_lock(mac_policy_mtx); mac_policy_busy++; lck_mtx_unlock(mac_policy_mtx); } @@ -319,17 +318,19 @@ mac_policy_list_conditional_busy(void) { int ret; - if (mac_policy_list.numloaded <= mac_policy_list.staticmax) - return(0); + if (mac_policy_list.numloaded <= mac_policy_list.staticmax) { + return 0; + } lck_mtx_lock(mac_policy_mtx); if (mac_policy_list.numloaded > mac_policy_list.staticmax) { mac_policy_busy++; ret = 1; - } else + } else { ret = 0; + } lck_mtx_unlock(mac_policy_mtx); - return (ret); + return ret; } void @@ -338,8 +339,9 @@ mac_policy_list_unbusy(void) lck_mtx_lock(mac_policy_mtx); mac_policy_busy--; KASSERT(mac_policy_busy >= 0, ("MAC_POLICY_LIST_LOCK")); - if (mac_policy_busy == 0) + if (mac_policy_busy == 0) { thread_wakeup(&mac_policy_busy); + } lck_mtx_unlock(mac_policy_mtx); } @@ -366,13 +368,12 @@ mac_policy_init(void) mac_policy_list.entries = kalloc(sizeof(struct mac_policy_list_element) * MAC_POLICY_LIST_CHUNKSIZE); #endif - bzero(mac_policy_list.entries, sizeof(struct mac_policy_list_element) * MAC_POLICY_LIST_CHUNKSIZE); + bzero(mac_policy_list.entries, sizeof(struct mac_policy_list_element) * MAC_POLICY_LIST_CHUNKSIZE); LIST_INIT(&mac_label_element_list); LIST_INIT(&mac_static_label_element_list); mac_lck_grp_attr = lck_grp_attr_alloc_init(); - lck_grp_attr_setstat(mac_lck_grp_attr); mac_lck_grp = lck_grp_alloc_init("MAC lock", mac_lck_grp_attr); mac_lck_attr = lck_attr_alloc_init(); lck_attr_setdefault(mac_lck_attr); @@ -380,7 +381,7 @@ mac_policy_init(void) lck_attr_free(mac_lck_attr); lck_grp_attr_free(mac_lck_grp_attr); lck_grp_free(mac_lck_grp); - + mac_labelzone_init(); } @@ -397,7 +398,6 @@ void (*load_security_extensions_function)(void) = 0; void mac_policy_initmach(void) { - /* * For the purposes of modules that want to know if they were * loaded "early", set the mac_late flag once we've processed @@ -422,8 +422,8 @@ mac_policy_initbsd(void) #if CONFIG_AUDIT mac_audit_data_zone = zinit(MAC_AUDIT_DATA_LIMIT, - AQ_HIWATER * MAC_AUDIT_DATA_LIMIT, - 8192, "mac_audit_data_zone"); + AQ_HIWATER * MAC_AUDIT_DATA_LIMIT, + 8192, "mac_audit_data_zone"); #endif printf("MAC Framework successfully initialized\n"); @@ -439,8 +439,9 @@ mac_policy_initbsd(void) for (i = 0; i <= mac_policy_list.maxindex; i++) { mpc = mac_get_mpc(i); - if ((mpc != NULL) && (mpc->mpc_ops->mpo_policy_initbsd != NULL)) + if ((mpc != NULL) && (mpc->mpc_ops->mpo_policy_initbsd != NULL)) { (*(mpc->mpc_ops->mpo_policy_initbsd))(mpc); + } } mac_policy_release_exclusive(); @@ -448,8 +449,8 @@ mac_policy_initbsd(void) /* * After a policy has been loaded, add the label namespaces managed by the - * policy to either the static or non-static label namespace list. - * A namespace is added to the the list only if it is not already on one of + * policy to either the static or non-static label namespace list. + * A namespace is added to the the list only if it is not already on one of * the lists. */ void @@ -464,66 +465,76 @@ mac_policy_addto_labellist(mac_policy_handle_t handle, int static_entry) mpc = mac_get_mpc(handle); - if (mpc->mpc_labelnames == NULL) + if (mpc->mpc_labelnames == NULL) { return; + } - if (mpc->mpc_labelname_count == 0) + if (mpc->mpc_labelname_count == 0) { return; + } - if (static_entry) + if (static_entry) { list = &mac_static_label_element_list; - else + } else { list = &mac_label_element_list; + } /* * Before we grab the policy list lock, allocate enough memory - * to contain the potential new elements so we don't have to + * to contain the potential new elements so we don't have to * give up the lock, or allocate with the lock held. */ MALLOC(new_mles, struct mac_label_element **, sizeof(struct mac_label_element *) * mpc->mpc_labelname_count, M_MACTEMP, M_WAITOK | M_ZERO); - for (idx = 0; idx < mpc->mpc_labelname_count; idx++) - MALLOC(new_mles[idx], struct mac_label_element *, + for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { + MALLOC(new_mles[idx], struct mac_label_element *, sizeof(struct mac_label_element), M_MACTEMP, M_WAITOK); + } mle_free = 0; MALLOC(new_mlls, struct mac_label_listener **, sizeof(struct mac_label_listener *) * mpc->mpc_labelname_count, M_MACTEMP, M_WAITOK); - for (idx = 0; idx < mpc->mpc_labelname_count; idx++) + for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { MALLOC(new_mlls[idx], struct mac_label_listener *, sizeof(struct mac_label_listener), M_MACTEMP, M_WAITOK); + } mll_free = 0; - if (mac_late) + if (mac_late) { mac_policy_grab_exclusive(); + } for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { - - if (*(name = mpc->mpc_labelnames[idx]) == '?') + if (*(name = mpc->mpc_labelnames[idx]) == '?') { name++; + } /* - * Check both label element lists and add to the + * Check both label element lists and add to the * appropriate list only if not already on a list. */ LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) { - if (*(name2 = mle->mle_name) == '?') + if (*(name2 = mle->mle_name) == '?') { name2++; - if (strcmp(name, name2) == 0) + } + if (strcmp(name, name2) == 0) { break; + } } if (mle == NULL) { LIST_FOREACH(mle, &mac_label_element_list, mle_list) { - if (*(name2 = mle->mle_name) == '?') + if (*(name2 = mle->mle_name) == '?') { name2++; - if (strcmp(name, name2) == 0) + } + if (strcmp(name, name2) == 0) { break; + } } } if (mle == NULL) { mle = new_mles[mle_free]; strlcpy(mle->mle_name, mpc->mpc_labelnames[idx], - MAC_MAX_LABEL_ELEMENT_NAME); + MAC_MAX_LABEL_ELEMENT_NAME); LIST_INIT(&mle->mle_listeners); LIST_INSERT_HEAD(list, mle, mle_list); mle_free++; @@ -534,15 +545,18 @@ mac_policy_addto_labellist(mac_policy_handle_t handle, int static_entry) mll_list); mll_free++; } - if (mac_late) + if (mac_late) { mac_policy_release_exclusive(); + } /* Free up any unused label elements and listeners */ - for (idx = mle_free; idx < mpc->mpc_labelname_count; idx++) + for (idx = mle_free; idx < mpc->mpc_labelname_count; idx++) { FREE(new_mles[idx], M_MACTEMP); + } FREE(new_mles, M_MACTEMP); - for (idx = mll_free; idx < mpc->mpc_labelname_count; idx++) + for (idx = mll_free; idx < mpc->mpc_labelname_count; idx++) { FREE(new_mlls[idx], M_MACTEMP); + } FREE(new_mlls, M_MACTEMP); } @@ -563,11 +577,13 @@ mac_policy_removefrom_labellist(mac_policy_handle_t handle) mpc = mac_get_mpc(handle); - if (mpc->mpc_labelnames == NULL) + if (mpc->mpc_labelnames == NULL) { return; + } - if (mpc->mpc_labelname_count == 0) + if (mpc->mpc_labelname_count == 0) { return; + } /* * Unregister policy as being interested in any label @@ -627,9 +643,10 @@ mac_policy_fixup_mmd_list(struct mac_module_data *new) if (arr->type == MAC_DATA_TYPE_DICT) { dict = (struct mac_module_data_list *)aele->value; DPRINTF(("fixup_mmd: dict @%p\n", dict)); - for (k = 0; k < dict->count; k++) + for (k = 0; k < dict->count; k++) { mmd_fixup_ele(old, new, &(dict->list[k])); + } } } } @@ -651,17 +668,21 @@ mac_policy_register(struct mac_policy_conf *mpc, mac_policy_handle_t *handlep, * Some preliminary checks to make sure the policy's conf structure * contains the required fields. */ - if (mpc->mpc_name == NULL) + if (mpc->mpc_name == NULL) { panic("policy's name is not set\n"); + } - if (mpc->mpc_fullname == NULL) + if (mpc->mpc_fullname == NULL) { panic("policy's full name is not set\n"); + } - if (mpc->mpc_labelname_count > MAC_MAX_MANAGED_NAMESPACES) + if (mpc->mpc_labelname_count > MAC_MAX_MANAGED_NAMESPACES) { panic("policy's managed label namespaces exceeds maximum\n"); + } - if (mpc->mpc_ops == NULL) + if (mpc->mpc_ops == NULL) { panic("policy's OPs field is NULL\n"); + } error = 0; @@ -669,7 +690,7 @@ mac_policy_register(struct mac_policy_conf *mpc, mac_policy_handle_t *handlep, if (mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_NOTLATE) { printf("Module %s does not support late loading.\n", mpc->mpc_name); - return (EPERM); + return EPERM; } mac_policy_grab_exclusive(); } @@ -683,17 +704,17 @@ mac_policy_register(struct mac_policy_conf *mpc, mac_policy_handle_t *handlep, bzero(&tmac_policy_list_element[mac_policy_list.max], sizeof(struct mac_policy_list_element) * MAC_POLICY_LIST_CHUNKSIZE); - + /* copy old entries into new list */ - memcpy(tmac_policy_list_element, mac_policy_list.entries, - sizeof(struct mac_policy_list_element) * - MAC_POLICY_LIST_CHUNKSIZE * mac_policy_list.chunks); - + memcpy(tmac_policy_list_element, mac_policy_list.entries, + sizeof(struct mac_policy_list_element) * + MAC_POLICY_LIST_CHUNKSIZE * mac_policy_list.chunks); + /* free old array */ kfree(mac_policy_list.entries, sizeof(struct mac_policy_list_element) * MAC_POLICY_LIST_CHUNKSIZE * mac_policy_list.chunks); - + mac_policy_list.entries = tmac_policy_list_element; /* Update maximums, etc */ @@ -701,14 +722,15 @@ mac_policy_register(struct mac_policy_conf *mpc, mac_policy_handle_t *handlep, mac_policy_list.chunks++; #else printf("out of space in mac_policy_list.\n"); - return (ENOMEM); + return ENOMEM; #endif /* CONFIG_EMBEDDED */ } /* Check for policy with same name already loaded */ for (i = 0; i <= mac_policy_list.maxindex; i++) { - if (mac_policy_list.entries[i].mpc == NULL) - continue; + if (mac_policy_list.entries[i].mpc == NULL) { + continue; + } if (strcmp(mac_policy_list.entries[i].mpc->mpc_name, mpc->mpc_name) == 0) { @@ -768,37 +790,41 @@ mac_policy_register(struct mac_policy_conf *mpc, mac_policy_handle_t *handlep, mac_policy_list.entries[*handlep].mpc = mpc; /* Update counters, etc */ - if (*handlep > mac_policy_list.maxindex) + if (*handlep > mac_policy_list.maxindex) { mac_policy_list.maxindex = *handlep; + } mac_policy_list.numloaded++; - + /* Per-policy initialization. */ - printf ("calling mpo_policy_init for %s\n", mpc->mpc_name); - if (mpc->mpc_ops->mpo_policy_init != NULL) + printf("calling mpo_policy_init for %s\n", mpc->mpc_name); + if (mpc->mpc_ops->mpo_policy_init != NULL) { (*(mpc->mpc_ops->mpo_policy_init))(mpc); + } if (mac_late && mpc->mpc_ops->mpo_policy_initbsd != NULL) { - printf ("calling mpo_policy_initbsd for %s\n", mpc->mpc_name); + printf("calling mpo_policy_initbsd for %s\n", mpc->mpc_name); (*(mpc->mpc_ops->mpo_policy_initbsd))(mpc); } mac_policy_updateflags(); - if (mac_late) + if (mac_late) { mac_policy_release_exclusive(); + } mac_policy_addto_labellist(*handlep, static_entry); printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname, mpc->mpc_name); - return (0); + return 0; out: - if (mac_late) + if (mac_late) { mac_policy_release_exclusive(); + } - return (error); + return error; } int @@ -815,7 +841,7 @@ mac_policy_unregister(mac_policy_handle_t handle) mpc = mac_get_mpc(handle); if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) { mac_policy_release_exclusive(); - return (0); + return 0; } #if 0 @@ -824,7 +850,7 @@ mac_policy_unregister(mac_policy_handle_t handle) */ if (mpc->mpc_field_off != NULL) { MAC_POLICY_LIST_UNLOCK(); - return (EBUSY); + return EBUSY; } #endif /* @@ -833,26 +859,29 @@ mac_policy_unregister(mac_policy_handle_t handle) */ if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) { mac_policy_release_exclusive(); - return (EBUSY); + return EBUSY; } mac_policy_removefrom_labellist(handle); mac_get_mpc(handle) = NULL; if (handle < mac_policy_list.freehint && - handle >= mac_policy_list.staticmax) + handle >= mac_policy_list.staticmax) { mac_policy_list.freehint = handle; + } - if (handle == mac_policy_list.maxindex) + if (handle == mac_policy_list.maxindex) { mac_policy_list.maxindex--; + } - mac_policy_list.numloaded--; + mac_policy_list.numloaded--; if (mpc->mpc_field_off != NULL) { mac_slot_offsets_free |= (1 << *mpc->mpc_field_off); } - if (mpc->mpc_ops->mpo_policy_destroy != NULL) + if (mpc->mpc_ops->mpo_policy_destroy != NULL) { (*(mpc->mpc_ops->mpo_policy_destroy))(mpc); + } mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED; mac_policy_updateflags(); @@ -868,7 +897,7 @@ mac_policy_unregister(mac_policy_handle_t handle) printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname, mpc->mpc_name); - return (0); + return 0; } /* @@ -878,40 +907,45 @@ mac_policy_unregister(mac_policy_handle_t handle) int mac_error_select(int error1, int error2) { - /* Certain decision-making errors take top priority. */ - if (error1 == EDEADLK || error2 == EDEADLK) - return (EDEADLK); + if (error1 == EDEADLK || error2 == EDEADLK) { + return EDEADLK; + } /* Invalid arguments should be reported where possible. */ - if (error1 == EINVAL || error2 == EINVAL) - return (EINVAL); + if (error1 == EINVAL || error2 == EINVAL) { + return EINVAL; + } /* Precedence goes to "visibility", with both process and file. */ - if (error1 == ESRCH || error2 == ESRCH) - return (ESRCH); + if (error1 == ESRCH || error2 == ESRCH) { + return ESRCH; + } - if (error1 == ENOENT || error2 == ENOENT) - return (ENOENT); + if (error1 == ENOENT || error2 == ENOENT) { + return ENOENT; + } /* Precedence goes to DAC/MAC protections. */ - if (error1 == EACCES || error2 == EACCES) - return (EACCES); + if (error1 == EACCES || error2 == EACCES) { + return EACCES; + } /* Precedence goes to privilege. */ - if (error1 == EPERM || error2 == EPERM) - return (EPERM); + if (error1 == EPERM || error2 == EPERM) { + return EPERM; + } /* Precedence goes to error over success; otherwise, arbitrary. */ - if (error1 != 0) - return (error1); - return (error2); + if (error1 != 0) { + return error1; + } + return error2; } void mac_label_init(struct label *label) { - bzero(label, sizeof(*label)); label->l_flags = MAC_FLAG_INITIALIZED; } @@ -919,7 +953,6 @@ mac_label_init(struct label *label) void mac_label_destroy(struct label *label) { - KASSERT(label->l_flags & MAC_FLAG_INITIALIZED, ("destroying uninitialized label")); @@ -930,11 +963,11 @@ mac_label_destroy(struct label *label) int mac_check_structmac_consistent(struct user_mac *mac) { + if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN || mac->m_buflen == 0) { + return EINVAL; + } - if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN || mac->m_buflen == 0) - return (EINVAL); - - return (0); + return 0; } /* @@ -958,37 +991,45 @@ mac_label_externalize(size_t mpo_externalize_off, struct label *label, if (element[0] == '?') { element++; ignorenotfound = 1; - } else if (element[0] == '*' && element[1] == '\0') + } else if (element[0] == '*' && element[1] == '\0') { all_labels = 1; + } element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { name = mle->mle_name; if (all_labels) { - if (*name == '?') - continue; + if (*name == '?') { + continue; + } } else { - if (*name == '?') + if (*name == '?') { name++; - if (strcmp(name, element) != 0) + } + if (strcmp(name, element) != 0) { continue; + } } LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc; - if (mpc == NULL) + if (mpc == NULL) { continue; + } mpo_externalize = *(const typeof(mpo_externalize) *) ((const char *)mpc->mpc_ops + mpo_externalize_off); - if (mpo_externalize == NULL) + if (mpo_externalize == NULL) { continue; + } error = sbuf_printf(sb, "%s/", name); - if (error) + if (error) { goto done; + } error = mpo_externalize(label, mle->mle_name, sb); if (error) { - if (error != ENOENT) + if (error != ENOENT) { goto done; + } /* * If a policy doesn't have a label to * externalize it returns ENOENT. This @@ -1002,8 +1043,9 @@ element_loop: continue; } error = sbuf_putc(sb, ','); - if (error) + if (error) { goto done; + } count++; } } @@ -1014,13 +1056,15 @@ element_loop: goto element_loop; } done: - if (busy) + if (busy) { mac_policy_list_unbusy(); + } if (!error && count == 0) { - if (!all_labels && !ignorenotfound) - error = ENOENT; /* XXX: ENOLABEL? */ + if (!all_labels && !ignorenotfound) { + error = ENOENT; /* XXX: ENOLABEL? */ + } } - return (error); + return error; } /* @@ -1040,14 +1084,14 @@ mac_externalize(size_t mpo_externalize_off, struct label *label, int error = 0, len; /* allocate a scratch buffer the size of the string */ - MALLOC(scratch_base, char *, strlen(elementlist)+1, M_MACTEMP, M_WAITOK); + MALLOC(scratch_base, char *, strlen(elementlist) + 1, M_MACTEMP, M_WAITOK); if (scratch_base == NULL) { error = ENOMEM; goto out; } /* copy the elementlist to the scratch buffer */ - strlcpy(scratch_base, elementlist, strlen(elementlist)+1); + strlcpy(scratch_base, elementlist, strlen(elementlist) + 1); /* * set up a temporary pointer that can be used to iterate the @@ -1065,18 +1109,21 @@ mac_externalize(size_t mpo_externalize_off, struct label *label, while ((element = strsep(&scratch, ",")) != NULL) { error = mac_label_externalize(mpo_externalize_off, label, element, &sb); - if (error) + if (error) { break; + } + } + if ((len = sbuf_len(&sb)) > 0) { + sbuf_setpos(&sb, len - 1); /* trim trailing comma */ } - if ((len = sbuf_len(&sb)) > 0) - sbuf_setpos(&sb, len - 1); /* trim trailing comma */ sbuf_finish(&sb); out: - if (scratch_base != NULL) + if (scratch_base != NULL) { FREE(scratch_base, M_MACTEMP); + } - return (error); + return error; } /* @@ -1099,22 +1146,27 @@ mac_label_internalize(size_t mpo_internalize_off, struct label *label, element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { - if (*(name = mle->mle_name) == '?') + if (*(name = mle->mle_name) == '?') { name++; - if (strcmp(element_name, name) != 0) + } + if (strcmp(element_name, name) != 0) { continue; + } LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc; - if (mpc == NULL) + if (mpc == NULL) { continue; + } mpo_internalize = *(const typeof(mpo_internalize) *) ((const char *)mpc->mpc_ops + mpo_internalize_off); - if (mpo_internalize == NULL) + if (mpo_internalize == NULL) { continue; + } error = mpo_internalize(label, element_name, element_data); - if (error) + if (error) { goto done; + } count++; } } @@ -1125,11 +1177,13 @@ element_loop: goto element_loop; } done: - if (busy) + if (busy) { mac_policy_list_unbusy(); - if (!error && count == 0) + } + if (!error && count == 0) { error = ENOPOLICY; - return (error); + } + return error; } int @@ -1149,7 +1203,7 @@ mac_internalize(size_t mpo_internalize_off, struct label *label, error = mac_label_internalize(mpo_internalize_off, label, element_name, element_data); } - return (error); + return error; } /* system calls */ @@ -1176,16 +1230,19 @@ __mac_get_pid(struct proc *p, struct __mac_get_pid_args *uap, int *ret __unused) mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); + if (error) { + return error; + } tproc = proc_find(uap->pid); - if (tproc == NULL) - return (ESRCH); + if (tproc == NULL) { + return ESRCH; + } tcred = kauth_cred_proc_ref(tproc); proc_rele(tproc); @@ -1194,20 +1251,21 @@ __mac_get_pid(struct proc *p, struct __mac_get_pid_args *uap, int *ret __unused) if (error) { FREE(elements, M_MACTEMP); kauth_cred_unref(&tcred); - return (error); + return error; } AUDIT_ARG(mac_string, elements); MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); error = mac_cred_label_externalize(tcred->cr_label, elements, buffer, mac.m_buflen, M_WAITOK); - if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); + if (error == 0) { + error = copyout(buffer, mac.m_string, strlen(buffer) + 1); + } FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); kauth_cred_unref(&tcred); - return (error); + return error; } int @@ -1230,18 +1288,20 @@ __mac_get_proc(proc_t p, struct __mac_get_proc_args *uap, int *ret __unused) mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); + if (error) { + return error; + } MALLOC(elements, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, elements, mac.m_buflen, &ulen); if (error) { FREE(elements, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, elements); @@ -1250,13 +1310,14 @@ __mac_get_proc(proc_t p, struct __mac_get_proc_args *uap, int *ret __unused) MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); error = mac_cred_label_externalize(cr->cr_label, elements, buffer, mac.m_buflen, M_WAITOK); - if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); + if (error == 0) { + error = copyout(buffer, mac.m_string, strlen(buffer) + 1); + } FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); kauth_cred_unref(&cr); - return (error); + return error; } int @@ -1279,26 +1340,29 @@ __mac_set_proc(proc_t p, struct __mac_set_proc_args *uap, int *ret __unused) mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); + if (error) { + return error; + } MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, buffer, mac.m_buflen, &ulen); if (error) { FREE(buffer, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, buffer); intlabel = mac_cred_label_alloc(); error = mac_cred_label_internalize(intlabel, buffer); FREE(buffer, M_MACTEMP); - if (error) + if (error) { goto out; + } error = mac_cred_check_label_update(kauth_cred_get(), intlabel); if (error) { @@ -1306,12 +1370,13 @@ __mac_set_proc(proc_t p, struct __mac_set_proc_args *uap, int *ret __unused) } error = kauth_proc_label_update(p, intlabel); - if (error) + if (error) { goto out; + } out: mac_cred_label_free(intlabel); - return (error); + return error; } int @@ -1326,7 +1391,7 @@ __mac_get_fd(proc_t p, struct __mac_get_fd_args *uap, int *ret __unused) kauth_cred_t my_cred; #if CONFIG_MACF_SOCKET struct socket *so; -#endif /* MAC_SOCKET */ +#endif /* MAC_SOCKET */ struct label *intlabel; AUDIT_ARG(fd, uap->fd); @@ -1343,18 +1408,20 @@ __mac_get_fd(proc_t p, struct __mac_get_fd_args *uap, int *ret __unused) mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - + if (error) { + return error; + } + MALLOC(elements, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, elements, mac.m_buflen, &ulen); if (error) { FREE(elements, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, elements); @@ -1363,9 +1430,9 @@ __mac_get_fd(proc_t p, struct __mac_get_fd_args *uap, int *ret __unused) if (error) { FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } - + my_cred = kauth_cred_proc_ref(p); error = mac_file_check_get(my_cred, fp->f_fglob, elements, mac.m_buflen); kauth_cred_unref(&my_cred); @@ -1373,57 +1440,58 @@ __mac_get_fd(proc_t p, struct __mac_get_fd_args *uap, int *ret __unused) fp_drop(p, uap->fd, fp, 0); FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } - + switch (FILEGLOB_DTYPE(fp->f_fglob)) { - case DTYPE_VNODE: - intlabel = mac_vnode_label_alloc(); - if (intlabel == NULL) { - error = ENOMEM; - break; - } - vp = (struct vnode *)fp->f_fglob->fg_data; - error = vnode_getwithref(vp); - if (error == 0) { - mac_vnode_label_copy(vp->v_label, intlabel); - error = mac_vnode_label_externalize(intlabel, - elements, buffer, - mac.m_buflen, M_WAITOK); - vnode_put(vp); - } - mac_vnode_label_free(intlabel); + case DTYPE_VNODE: + intlabel = mac_vnode_label_alloc(); + if (intlabel == NULL) { + error = ENOMEM; break; - case DTYPE_SOCKET: + } + vp = (struct vnode *)fp->f_fglob->fg_data; + error = vnode_getwithref(vp); + if (error == 0) { + mac_vnode_label_copy(vp->v_label, intlabel); + error = mac_vnode_label_externalize(intlabel, + elements, buffer, + mac.m_buflen, M_WAITOK); + vnode_put(vp); + } + mac_vnode_label_free(intlabel); + break; + case DTYPE_SOCKET: #if CONFIG_MACF_SOCKET - so = (struct socket *) fp->f_fglob->fg_data; - intlabel = mac_socket_label_alloc(MAC_WAITOK); - sock_lock(so, 1); - mac_socket_label_copy(so->so_label, intlabel); - sock_unlock(so, 1); - error = mac_socket_label_externalize(intlabel, elements, buffer, mac.m_buflen); - mac_socket_label_free(intlabel); - break; + so = (struct socket *) fp->f_fglob->fg_data; + intlabel = mac_socket_label_alloc(MAC_WAITOK); + sock_lock(so, 1); + mac_socket_label_copy(so->so_label, intlabel); + sock_unlock(so, 1); + error = mac_socket_label_externalize(intlabel, elements, buffer, mac.m_buflen); + mac_socket_label_free(intlabel); + break; #endif - case DTYPE_PSXSHM: - case DTYPE_PSXSEM: - case DTYPE_PIPE: - case DTYPE_KQUEUE: - case DTYPE_FSEVENTS: - case DTYPE_ATALK: - case DTYPE_NETPOLICY: - default: - error = ENOSYS; // only sockets/vnodes so far - break; + case DTYPE_PSXSHM: + case DTYPE_PSXSEM: + case DTYPE_PIPE: + case DTYPE_KQUEUE: + case DTYPE_FSEVENTS: + case DTYPE_ATALK: + case DTYPE_NETPOLICY: + default: + error = ENOSYS; // only sockets/vnodes so far + break; } fp_drop(p, uap->fd, fp, 0); - - if (error == 0) - error = copyout(buffer, mac.m_string, strlen(buffer)+1); - + + if (error == 0) { + error = copyout(buffer, mac.m_string, strlen(buffer) + 1); + } + FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } static int @@ -1450,12 +1518,14 @@ mac_get_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, int follow) mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); + if (error) { + return error; + } MALLOC(elements, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); @@ -1464,20 +1534,20 @@ mac_get_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, int follow) if (error) { FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, elements); ctx = vfs_context_current(); NDINIT(&nd, LOOKUP, OP_LOOKUP, - LOCKLEAF | (follow ? FOLLOW : NOFOLLOW) | AUDITVNPATH1, - UIO_USERSPACE, path_p, ctx); + LOCKLEAF | (follow ? FOLLOW : NOFOLLOW) | AUDITVNPATH1, + UIO_USERSPACE, path_p, ctx); error = namei(&nd); if (error) { FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } vp = nd.ni_vp; @@ -1486,39 +1556,37 @@ mac_get_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, int follow) intlabel = mac_vnode_label_alloc(); mac_vnode_label_copy(vp->v_label, intlabel); error = mac_vnode_label_externalize(intlabel, elements, buffer, - mac.m_buflen, M_WAITOK); + mac.m_buflen, M_WAITOK); mac_vnode_label_free(intlabel); - if (error == 0) + if (error == 0) { error = copyout(buffer, mac.m_string, strlen(buffer) + 1); + } vnode_put(vp); FREE(buffer, M_MACTEMP); FREE(elements, M_MACTEMP); - return (error); + return error; } int __mac_get_file(proc_t p, struct __mac_get_file_args *uap, - int *ret __unused) + int *ret __unused) { - - return (mac_get_filelink(p, uap->mac_p, uap->path_p, 1)); + return mac_get_filelink(p, uap->mac_p, uap->path_p, 1); } int __mac_get_link(proc_t p, struct __mac_get_link_args *uap, - int *ret __unused) + int *ret __unused) { - - return (mac_get_filelink(p, uap->mac_p, uap->path_p, 0)); + return mac_get_filelink(p, uap->mac_p, uap->path_p, 0); } int __mac_set_fd(proc_t p, struct __mac_set_fd_args *uap, int *ret __unused) { - struct fileproc *fp; struct user_mac mac; struct vfs_context *ctx = vfs_context_current(); @@ -1544,95 +1612,96 @@ __mac_set_fd(proc_t p, struct __mac_set_fd_args *uap, int *ret __unused) mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); - + if (error) { + return error; + } + error = mac_check_structmac_consistent(&mac); - if (error) - return (error); - + if (error) { + return error; + } + MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, buffer, mac.m_buflen, &ulen); if (error) { FREE(buffer, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, buffer); - + error = fp_lookup(p, uap->fd, &fp, 0); if (error) { FREE(buffer, M_MACTEMP); - return (error); + return error; } - + error = mac_file_check_set(vfs_context_ucred(ctx), fp->f_fglob, buffer, mac.m_buflen); if (error) { fp_drop(p, uap->fd, fp, 0); FREE(buffer, M_MACTEMP); - return (error); + return error; } - - switch (FILEGLOB_DTYPE(fp->f_fglob)) { - case DTYPE_VNODE: - if (mac_label_vnodes == 0) { - error = ENOSYS; - break; - } + switch (FILEGLOB_DTYPE(fp->f_fglob)) { + case DTYPE_VNODE: + if (mac_label_vnodes == 0) { + error = ENOSYS; + break; + } - intlabel = mac_vnode_label_alloc(); + intlabel = mac_vnode_label_alloc(); - error = mac_vnode_label_internalize(intlabel, buffer); - if (error) { - mac_vnode_label_free(intlabel); - break; - } + error = mac_vnode_label_internalize(intlabel, buffer); + if (error) { + mac_vnode_label_free(intlabel); + break; + } - vp = (struct vnode *)fp->f_fglob->fg_data; + vp = (struct vnode *)fp->f_fglob->fg_data; - error = vnode_getwithref(vp); - if (error == 0) { - error = vn_setlabel(vp, intlabel, ctx); - vnode_put(vp); - } - mac_vnode_label_free(intlabel); - break; + error = vnode_getwithref(vp); + if (error == 0) { + error = vn_setlabel(vp, intlabel, ctx); + vnode_put(vp); + } + mac_vnode_label_free(intlabel); + break; - case DTYPE_SOCKET: + case DTYPE_SOCKET: #if CONFIG_MACF_SOCKET - intlabel = mac_socket_label_alloc(MAC_WAITOK); - error = mac_socket_label_internalize(intlabel, buffer); - if (error == 0) { - so = (struct socket *) fp->f_fglob->fg_data; - SOCK_LOCK(so); - error = mac_socket_label_update(vfs_context_ucred(ctx), so, intlabel); - SOCK_UNLOCK(so); - } - mac_socket_label_free(intlabel); - break; + intlabel = mac_socket_label_alloc(MAC_WAITOK); + error = mac_socket_label_internalize(intlabel, buffer); + if (error == 0) { + so = (struct socket *) fp->f_fglob->fg_data; + SOCK_LOCK(so); + error = mac_socket_label_update(vfs_context_ucred(ctx), so, intlabel); + SOCK_UNLOCK(so); + } + mac_socket_label_free(intlabel); + break; #endif - case DTYPE_PSXSHM: - case DTYPE_PSXSEM: - case DTYPE_PIPE: - case DTYPE_KQUEUE: - case DTYPE_FSEVENTS: - case DTYPE_ATALK: - case DTYPE_NETPOLICY: - default: - error = ENOSYS; // only sockets/vnodes so far - break; + case DTYPE_PSXSHM: + case DTYPE_PSXSEM: + case DTYPE_PIPE: + case DTYPE_KQUEUE: + case DTYPE_FSEVENTS: + case DTYPE_ATALK: + case DTYPE_NETPOLICY: + default: + error = ENOSYS; // only sockets/vnodes so far + break; } fp_drop(p, uap->fd, fp, 0); FREE(buffer, M_MACTEMP); - return (error); + return error; } static int mac_set_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, - int follow) + int follow) { struct vnode *vp; struct vfs_context *ctx = vfs_context_current(); @@ -1643,8 +1712,9 @@ mac_set_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, int error; size_t ulen; - if (mac_label_vnodes == 0) + if (mac_label_vnodes == 0) { return ENOSYS; + } if (IS_64BIT_PROCESS(p)) { struct user64_mac mac64; @@ -1657,20 +1727,21 @@ mac_set_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); if (error) { printf("mac_set_file: failed structure consistency check\n"); - return (error); + return error; } MALLOC(buffer, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, buffer, mac.m_buflen, &ulen); if (error) { FREE(buffer, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, buffer); @@ -1679,16 +1750,16 @@ mac_set_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, FREE(buffer, M_MACTEMP); if (error) { mac_vnode_label_free(intlabel); - return (error); + return error; } NDINIT(&nd, LOOKUP, OP_LOOKUP, - LOCKLEAF | (follow ? FOLLOW : NOFOLLOW) | AUDITVNPATH1, - UIO_USERSPACE, path_p, ctx); + LOCKLEAF | (follow ? FOLLOW : NOFOLLOW) | AUDITVNPATH1, + UIO_USERSPACE, path_p, ctx); error = namei(&nd); if (error) { mac_vnode_label_free(intlabel); - return (error); + return error; } vp = nd.ni_vp; @@ -1698,23 +1769,21 @@ mac_set_filelink(proc_t p, user_addr_t mac_p, user_addr_t path_p, vnode_put(vp); mac_vnode_label_free(intlabel); - return (error); + return error; } int __mac_set_file(proc_t p, struct __mac_set_file_args *uap, - int *ret __unused) + int *ret __unused) { - - return (mac_set_filelink(p, uap->mac_p, uap->path_p, 1)); + return mac_set_filelink(p, uap->mac_p, uap->path_p, 1); } int __mac_set_link(proc_t p, struct __mac_set_link_args *uap, - int *ret __unused) + int *ret __unused) { - - return (mac_set_filelink(p, uap->mac_p, uap->path_p, 0)); + return mac_set_filelink(p, uap->mac_p, uap->path_p, 0); } /* @@ -1727,7 +1796,7 @@ __mac_set_link(proc_t p, struct __mac_set_link_args *uap, * Indirect: uap->policy Name of target MAC policy * uap->call MAC policy-specific system call to perform * uap->arg MAC policy-specific system call arguments - * + * * Returns: 0 Success * !0 Not success * @@ -1742,8 +1811,9 @@ __mac_syscall(proc_t p, struct __mac_syscall_args *uap, int *retv __unused) size_t ulen; error = copyinstr(uap->policy, target, sizeof(target), &ulen); - if (error) - return (error); + if (error) { + return error; + } AUDIT_ARG(value32, uap->call); AUDIT_ARG(mac_string, target); @@ -1751,21 +1821,23 @@ __mac_syscall(proc_t p, struct __mac_syscall_args *uap, int *retv __unused) for (i = 0; i < mac_policy_list.staticmax; i++) { mpc = mac_policy_list.entries[i].mpc; - if (mpc == NULL) + if (mpc == NULL) { continue; + } if (strcmp(mpc->mpc_name, target) == 0 && mpc->mpc_ops->mpo_policy_syscall != NULL) { error = mpc->mpc_ops->mpo_policy_syscall(p, uap->call, uap->arg); goto done; - } + } } if (mac_policy_list_conditional_busy() != 0) { for (; i <= mac_policy_list.maxindex; i++) { mpc = mac_policy_list.entries[i].mpc; - if (mpc == NULL) + if (mpc == NULL) { continue; + } if (strcmp(mpc->mpc_name, target) == 0 && mpc->mpc_ops->mpo_policy_syscall != NULL) { @@ -1778,7 +1850,7 @@ __mac_syscall(proc_t p, struct __mac_syscall_args *uap, int *retv __unused) } done: - return (error); + return error; } int @@ -1801,18 +1873,20 @@ mac_mount_label_get(struct mount *mp, user_addr_t mac_p) mac.m_buflen = mac32.m_buflen; mac.m_string = mac32.m_string; } - if (error) - return (error); + if (error) { + return error; + } error = mac_check_structmac_consistent(&mac); - if (error) - return (error); + if (error) { + return error; + } MALLOC(elements, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(mac.m_string, elements, mac.m_buflen, &ulen); if (error) { FREE(elements, M_MACTEMP); - return (error); + return error; } AUDIT_ARG(mac_string, elements); @@ -1822,11 +1896,12 @@ mac_mount_label_get(struct mount *mp, user_addr_t mac_p) mac.m_buflen); FREE(elements, M_MACTEMP); - if (error == 0) + if (error == 0) { error = copyout(buffer, mac.m_string, strlen(buffer) + 1); + } FREE(buffer, M_MACTEMP); - return (error); + return error; } /* @@ -1837,7 +1912,7 @@ mac_mount_label_get(struct mount *mp, user_addr_t mac_p) * ret (ignored) * * Indirect: uap->path Pathname - * uap->mac_p MAC info + * uap->mac_p MAC info * * Returns: 0 Success * !0 Not success @@ -1852,10 +1927,10 @@ __mac_get_mount(proc_t p __unused, struct __mac_get_mount_args *uap, int error; NDINIT(&nd, LOOKUP, OP_LOOKUP, FOLLOW | AUDITVNPATH1, - UIO_USERSPACE, uap->path, ctx); + UIO_USERSPACE, uap->path, ctx); error = namei(&nd); if (error) { - return (error); + return error; } mp = nd.ni_vp->v_mount; vnode_put(nd.ni_vp); @@ -1871,14 +1946,13 @@ __mac_get_mount(proc_t p __unused, struct __mac_get_mount_args *uap, * hook is called just before the thread exit from the kernel in ast_taken(). * * Returns: 0 Success - * !0 Not successful + * !0 Not successful */ int mac_schedule_userret(void) { - act_set_astmacf(current_thread()); - return (0); + return 0; } /* @@ -1888,14 +1962,14 @@ mac_schedule_userret(void) * callback. * * params: code exception code - * subcode exception subcode - * flags flags: - * MAC_DOEXCF_TRACED Only do exception if being - * ptrace()'ed. + * subcode exception subcode + * flags flags: + * MAC_DOEXCF_TRACED Only do exception if being + * ptrace()'ed. * * * Returns: 0 Success - * !0 Not successful + * !0 Not successful */ int mac_do_machexc(int64_t code, int64_t subcode, uint32_t flags) @@ -1904,19 +1978,21 @@ mac_do_machexc(int64_t code, int64_t subcode, uint32_t flags) proc_t p = current_proc(); /* Only allow execption codes in MACF's reserved range. */ - if ((code < EXC_MACF_MIN) || (code > EXC_MACF_MAX)) - return (1); + if ((code < EXC_MACF_MIN) || (code > EXC_MACF_MAX)) { + return 1; + } if (flags & MAC_DOEXCF_TRACED && - !(p->p_lflag & P_LTRACED && (p->p_lflag & P_LPPWAIT) == 0)) - return (0); + !(p->p_lflag & P_LTRACED && (p->p_lflag & P_LPPWAIT) == 0)) { + return 0; + } /* Send the Mach exception */ codes[0] = (mach_exception_data_type_t)code; codes[1] = (mach_exception_data_type_t)subcode; - return (bsd_exception(EXC_SOFTWARE, codes, 2) != KERN_SUCCESS); + return bsd_exception(EXC_SOFTWARE, codes, 2) != KERN_SUCCESS; } #else /* MAC */ @@ -1926,108 +2002,84 @@ void (*load_security_extensions_function)(void) = 0; struct sysctl_oid_list sysctl__security_mac_children; int -mac_policy_register(struct mac_policy_conf *mpc __unused, - mac_policy_handle_t *handlep __unused, void *xd __unused) +mac_policy_register(struct mac_policy_conf *mpc __unused, + mac_policy_handle_t *handlep __unused, void *xd __unused) { - - return (0); + return 0; } int mac_policy_unregister(mac_policy_handle_t handle __unused) { - - return (0); + return 0; } int mac_audit_text(char *text __unused, mac_policy_handle_t handle __unused) { - - return (0); + return 0; } int mac_vnop_setxattr(struct vnode *vp __unused, const char *name __unused, char *buf __unused, size_t len __unused) { - - return (ENOENT); + return ENOENT; } int -mac_vnop_getxattr(struct vnode *vp __unused, const char *name __unused, - char *buf __unused, size_t len __unused, size_t *attrlen __unused) +mac_vnop_getxattr(struct vnode *vp __unused, const char *name __unused, + char *buf __unused, size_t len __unused, size_t *attrlen __unused) { - - return (ENOENT); + return ENOENT; } int mac_vnop_removexattr(struct vnode *vp __unused, const char *name __unused) { - - return (ENOENT); + return ENOENT; } int mac_file_setxattr(struct fileglob *fg __unused, const char *name __unused, char *buf __unused, size_t len __unused) { - - return (ENOENT); + return ENOENT; } int mac_file_getxattr(struct fileglob *fg __unused, const char *name __unused, - char *buf __unused, size_t len __unused, size_t *attrlen __unused) + char *buf __unused, size_t len __unused, size_t *attrlen __unused) { - - return (ENOENT); + return ENOENT; } int mac_file_removexattr(struct fileglob *fg __unused, const char *name __unused) { - - return (ENOENT); -} - -intptr_t mac_label_get(struct label *l __unused, int slot __unused) -{ - return 0; + return ENOENT; } -void mac_label_set(struct label *l __unused, int slot __unused, intptr_t v __unused) -{ - return; -} - -int mac_iokit_check_hid_control(kauth_cred_t cred __unused); -int mac_iokit_check_hid_control(kauth_cred_t cred __unused) -{ - return 0; -} - - -int mac_iokit_check_nvram_delete(kauth_cred_t cred __unused, const char *name __unused); -int mac_iokit_check_nvram_delete(kauth_cred_t cred __unused, const char *name __unused) +intptr_t +mac_label_get(struct label *l __unused, int slot __unused) { return 0; } -int mac_iokit_check_nvram_get(kauth_cred_t cred __unused, const char *name __unused); -int mac_iokit_check_nvram_get(kauth_cred_t cred __unused, const char *name __unused) +void +mac_label_set(struct label *l __unused, int slot __unused, intptr_t v __unused) { - return 0; + return; } -int mac_iokit_check_nvram_set(kauth_cred_t cred __unused, const char *name __unused, io_object_t value __unused); -int mac_iokit_check_nvram_set(kauth_cred_t cred __unused, const char *name __unused, io_object_t value __unused) +int mac_iokit_check_hid_control(kauth_cred_t cred __unused); +int +mac_iokit_check_hid_control(kauth_cred_t cred __unused) { return 0; } int mac_vnode_check_trigger_resolve(vfs_context_t ctx __unused, struct vnode *dvp __unused, struct componentname *cnp __unused); -int mac_vnode_check_trigger_resolve(vfs_context_t ctx __unused, struct vnode *dvp __unused, struct componentname *cnp __unused) +int +mac_vnode_check_trigger_resolve(vfs_context_t ctx __unused, struct vnode *dvp __unused, struct componentname *cnp __unused) { return 0; }