3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2013, Joyent, Inc. All rights reserved.
24 */
25
26 #include <sys/types.h>
27 #include <sys/sysmacros.h>
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/cred_impl.h>
31 #include <sys/vnode.h>
32 #include <sys/vfs.h>
33 #include <sys/stat.h>
34 #include <sys/errno.h>
35 #include <sys/kmem.h>
36 #include <sys/user.h>
37 #include <sys/proc.h>
38 #include <sys/acct.h>
39 #include <sys/ipc_impl.h>
40 #include <sys/cmn_err.h>
41 #include <sys/debug.h>
42 #include <sys/policy.h>
43 #include <sys/kobj.h>
44 #include <sys/msg.h>
45 #include <sys/devpolicy.h>
46 #include <c2/audit.h>
47 #include <sys/varargs.h>
48 #include <sys/klpd.h>
49 #include <sys/modctl.h>
50 #include <sys/disp.h>
51 #include <sys/zone.h>
52 #include <inet/optcom.h>
53 #include <sys/sdt.h>
54 #include <sys/vfs.h>
55 #include <sys/mntent.h>
56 #include <sys/contract_impl.h>
57 #include <sys/dld_ioc.h>
58
59 /*
60 * There are two possible layers of privilege routines and two possible
61 * levels of secpolicy. Plus one other we may not be interested in, so
62 * we may need as many as 6 but no more.
63 */
64 #define MAXPRIVSTACK 6
65
66 int priv_debug = 0;
67 int priv_basic_test = -1;
68
69 /*
70 * This file contains the majority of the policy routines.
71 * Since the policy routines are defined by function and not
72 * by privilege, there is quite a bit of duplication of
73 * functions.
74 *
75 * The secpolicy functions must not make assumptions about
76 * locks held or not held as any lock can be held while they're
77 * being called.
1226 secpolicy_vnode_remove(const cred_t *cr)
1227 {
1228 return (PRIV_POLICY(cr, PRIV_FILE_OWNER, B_FALSE, EACCES,
1229 "sticky directory"));
1230 }
1231
1232 int
1233 secpolicy_vnode_owner(const cred_t *cr, uid_t owner)
1234 {
1235 boolean_t allzone = (owner == 0);
1236
1237 if (owner == cr->cr_uid)
1238 return (0);
1239
1240 return (PRIV_POLICY(cr, PRIV_FILE_OWNER, allzone, EPERM, NULL));
1241 }
1242
1243 void
1244 secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
1245 {
1246 if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
1247 secpolicy_vnode_setid_retain(cr,
1248 (vap->va_mode & S_ISUID) != 0 &&
1249 (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
1250 vap->va_mask |= AT_MODE;
1251 vap->va_mode &= ~(S_ISUID|S_ISGID);
1252 }
1253 }
1254
1255 int
1256 secpolicy_setid_setsticky_clear(vnode_t *vp, vattr_t *vap, const vattr_t *ovap,
1257 cred_t *cr)
1258 {
1259 int error;
1260
1261 if ((vap->va_mode & S_ISUID) != 0 &&
1262 (error = secpolicy_vnode_setid_modify(cr,
1263 ovap->va_uid)) != 0) {
1264 return (error);
1265 }
|
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2015 Joyent, Inc.
24 */
25
26 #include <sys/types.h>
27 #include <sys/sysmacros.h>
28 #include <sys/param.h>
29 #include <sys/systm.h>
30 #include <sys/cred_impl.h>
31 #include <sys/vnode.h>
32 #include <sys/vfs.h>
33 #include <sys/stat.h>
34 #include <sys/errno.h>
35 #include <sys/kmem.h>
36 #include <sys/user.h>
37 #include <sys/proc.h>
38 #include <sys/acct.h>
39 #include <sys/ipc_impl.h>
40 #include <sys/cmn_err.h>
41 #include <sys/debug.h>
42 #include <sys/policy.h>
43 #include <sys/kobj.h>
44 #include <sys/msg.h>
45 #include <sys/devpolicy.h>
46 #include <c2/audit.h>
47 #include <sys/varargs.h>
48 #include <sys/klpd.h>
49 #include <sys/modctl.h>
50 #include <sys/disp.h>
51 #include <sys/zone.h>
52 #include <inet/optcom.h>
53 #include <sys/sdt.h>
54 #include <sys/vfs.h>
55 #include <sys/mntent.h>
56 #include <sys/contract_impl.h>
57 #include <sys/dld_ioc.h>
58 #include <sys/brand.h>
59
60 /*
61 * There are two possible layers of privilege routines and two possible
62 * levels of secpolicy. Plus one other we may not be interested in, so
63 * we may need as many as 6 but no more.
64 */
65 #define MAXPRIVSTACK 6
66
67 int priv_debug = 0;
68 int priv_basic_test = -1;
69
70 /*
71 * This file contains the majority of the policy routines.
72 * Since the policy routines are defined by function and not
73 * by privilege, there is quite a bit of duplication of
74 * functions.
75 *
76 * The secpolicy functions must not make assumptions about
77 * locks held or not held as any lock can be held while they're
78 * being called.
1227 secpolicy_vnode_remove(const cred_t *cr)
1228 {
1229 return (PRIV_POLICY(cr, PRIV_FILE_OWNER, B_FALSE, EACCES,
1230 "sticky directory"));
1231 }
1232
1233 int
1234 secpolicy_vnode_owner(const cred_t *cr, uid_t owner)
1235 {
1236 boolean_t allzone = (owner == 0);
1237
1238 if (owner == cr->cr_uid)
1239 return (0);
1240
1241 return (PRIV_POLICY(cr, PRIV_FILE_OWNER, allzone, EPERM, NULL));
1242 }
1243
1244 void
1245 secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
1246 {
1247 proc_t *p = curproc;
1248
1249 /*
1250 * Allow the brand to override this behaviour.
1251 */
1252 if (PROC_IS_BRANDED(p) && BROP(p)->b_setid_clear != NULL) {
1253 /*
1254 * This brand hook will return 0 if handling is complete, or
1255 * some other value if the brand would like us to fall back to
1256 * the usual behaviour.
1257 */
1258 if (BROP(p)->b_setid_clear(vap, cr) == 0) {
1259 return;
1260 }
1261 }
1262
1263 if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
1264 secpolicy_vnode_setid_retain(cr,
1265 (vap->va_mode & S_ISUID) != 0 &&
1266 (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
1267 vap->va_mask |= AT_MODE;
1268 vap->va_mode &= ~(S_ISUID|S_ISGID);
1269 }
1270 }
1271
1272 int
1273 secpolicy_setid_setsticky_clear(vnode_t *vp, vattr_t *vap, const vattr_t *ovap,
1274 cred_t *cr)
1275 {
1276 int error;
1277
1278 if ((vap->va_mode & S_ISUID) != 0 &&
1279 (error = secpolicy_vnode_setid_modify(cr,
1280 ovap->va_uid)) != 0) {
1281 return (error);
1282 }
|