1 /* $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */
3 * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca>
4 * Copyright (c) 2006 nCircle Network Security, Inc.
7 * This software was developed by Robert N. M. Watson for the TrustedBSD
8 * Project under contract to nCircle Network Security, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by Herb Peyerl.
21 * 4. The name of Herb Peyerl may not be used to endorse or promote products
22 * derived from this software without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/cdefs.h>
37 __FBSDID("$FreeBSD$");
39 #include "opt_sysvipc.h"
41 #include <sys/param.h>
42 #include <sys/systm.h>
48 #include <sys/ucred.h>
50 void (*shmfork_hook
)(struct proc
*, struct proc
*) = NULL
;
51 void (*shmexit_hook
)(struct vmspace
*) = NULL
;
53 /* called from kern_fork.c */
59 if (shmfork_hook
!= NULL
)
64 /* called from kern_exit.c */
66 shmexit(struct vmspace
*vm
)
69 if (shmexit_hook
!= NULL
)
75 * Check for IPC permission.
77 * Note: The MAC Framework does not require any modifications to the
78 * ipcperm() function, as access control checks are performed throughout the
79 * implementation of each primitive. Those entry point calls complement the
80 * ipcperm() discertionary checks. Unlike file system discretionary access
81 * control, the original create of an object is given the same rights as the
85 ipcperm(struct thread
*td
, struct ipc_perm
*perm
, int acc_mode
)
87 struct ucred
*cred
= td
->td_ucred
;
88 int error
, obj_mode
, dac_granted
, priv_granted
;
91 if (cred
->cr_uid
== perm
->cuid
|| cred
->cr_uid
== perm
->uid
) {
92 obj_mode
= perm
->mode
;
94 } else if (groupmember(perm
->gid
, cred
) ||
95 groupmember(perm
->cgid
, cred
)) {
96 obj_mode
= perm
->mode
;
99 obj_mode
= perm
->mode
;
104 * While the System V IPC permission model allows IPC_M to be
105 * granted, as part of the mode, our implementation requires
106 * privilege to adminster the object if not the owner or creator.
109 if (obj_mode
& IPC_M
)
110 dac_granted
|= IPC_M
;
112 if (obj_mode
& IPC_R
)
113 dac_granted
|= IPC_R
;
114 if (obj_mode
& IPC_W
)
115 dac_granted
|= IPC_W
;
118 * Simple case: all required rights are granted by DAC.
120 if ((dac_granted
& acc_mode
) == acc_mode
)
124 * Privilege is required to satisfy the request.
127 if ((acc_mode
& IPC_M
) && !(dac_granted
& IPC_M
)) {
128 error
= priv_check(td
, PRIV_IPC_ADMIN
);
130 priv_granted
|= IPC_M
;
133 if ((acc_mode
& IPC_R
) && !(dac_granted
& IPC_R
)) {
134 error
= priv_check(td
, PRIV_IPC_READ
);
136 priv_granted
|= IPC_R
;
139 if ((acc_mode
& IPC_W
) && !(dac_granted
& IPC_W
)) {
140 error
= priv_check(td
, PRIV_IPC_WRITE
);
142 priv_granted
|= IPC_W
;
145 if (((dac_granted
| priv_granted
) & acc_mode
) == acc_mode
)