services.c 64 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713
  1. /*
  2. * Implementation of the security services.
  3. *
  4. * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
  5. * James Morris <jmorris@redhat.com>
  6. *
  7. * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
  8. *
  9. * Support for enhanced MLS infrastructure.
  10. * Support for context based audit filters.
  11. *
  12. * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
  13. *
  14. * Added conditional policy language extensions
  15. *
  16. * Updated: Hewlett-Packard <paul.moore@hp.com>
  17. *
  18. * Added support for NetLabel
  19. * Added support for the policy capability bitmap
  20. *
  21. * Updated: Chad Sellers <csellers@tresys.com>
  22. *
  23. * Added validation of kernel classes and permissions
  24. *
  25. * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
  26. * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
  27. * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
  28. * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  29. * This program is free software; you can redistribute it and/or modify
  30. * it under the terms of the GNU General Public License as published by
  31. * the Free Software Foundation, version 2.
  32. */
  33. #include <linux/kernel.h>
  34. #include <linux/slab.h>
  35. #include <linux/string.h>
  36. #include <linux/spinlock.h>
  37. #include <linux/rcupdate.h>
  38. #include <linux/errno.h>
  39. #include <linux/in.h>
  40. #include <linux/sched.h>
  41. #include <linux/audit.h>
  42. #include <linux/mutex.h>
  43. #include <linux/selinux.h>
  44. #include <net/netlabel.h>
  45. #include "flask.h"
  46. #include "avc.h"
  47. #include "avc_ss.h"
  48. #include "security.h"
  49. #include "context.h"
  50. #include "policydb.h"
  51. #include "sidtab.h"
  52. #include "services.h"
  53. #include "conditional.h"
  54. #include "mls.h"
  55. #include "objsec.h"
  56. #include "netlabel.h"
  57. #include "xfrm.h"
  58. #include "ebitmap.h"
  59. #include "audit.h"
  60. extern void selnl_notify_policyload(u32 seqno);
  61. unsigned int policydb_loaded_version;
  62. int selinux_policycap_netpeer;
  63. int selinux_policycap_openperm;
  64. /*
  65. * This is declared in avc.c
  66. */
  67. extern const struct selinux_class_perm selinux_class_perm;
  68. static DEFINE_RWLOCK(policy_rwlock);
  69. #define POLICY_RDLOCK read_lock(&policy_rwlock)
  70. #define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
  71. #define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
  72. #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
  73. static DEFINE_MUTEX(load_mutex);
  74. #define LOAD_LOCK mutex_lock(&load_mutex)
  75. #define LOAD_UNLOCK mutex_unlock(&load_mutex)
  76. static struct sidtab sidtab;
  77. struct policydb policydb;
  78. int ss_initialized = 0;
  79. /*
  80. * The largest sequence number that has been used when
  81. * providing an access decision to the access vector cache.
  82. * The sequence number only changes when a policy change
  83. * occurs.
  84. */
  85. static u32 latest_granting = 0;
  86. /* Forward declaration. */
  87. static int context_struct_to_string(struct context *context, char **scontext,
  88. u32 *scontext_len);
  89. /*
  90. * Return the boolean value of a constraint expression
  91. * when it is applied to the specified source and target
  92. * security contexts.
  93. *
  94. * xcontext is a special beast... It is used by the validatetrans rules
  95. * only. For these rules, scontext is the context before the transition,
  96. * tcontext is the context after the transition, and xcontext is the context
  97. * of the process performing the transition. All other callers of
  98. * constraint_expr_eval should pass in NULL for xcontext.
  99. */
  100. static int constraint_expr_eval(struct context *scontext,
  101. struct context *tcontext,
  102. struct context *xcontext,
  103. struct constraint_expr *cexpr)
  104. {
  105. u32 val1, val2;
  106. struct context *c;
  107. struct role_datum *r1, *r2;
  108. struct mls_level *l1, *l2;
  109. struct constraint_expr *e;
  110. int s[CEXPR_MAXDEPTH];
  111. int sp = -1;
  112. for (e = cexpr; e; e = e->next) {
  113. switch (e->expr_type) {
  114. case CEXPR_NOT:
  115. BUG_ON(sp < 0);
  116. s[sp] = !s[sp];
  117. break;
  118. case CEXPR_AND:
  119. BUG_ON(sp < 1);
  120. sp--;
  121. s[sp] &= s[sp+1];
  122. break;
  123. case CEXPR_OR:
  124. BUG_ON(sp < 1);
  125. sp--;
  126. s[sp] |= s[sp+1];
  127. break;
  128. case CEXPR_ATTR:
  129. if (sp == (CEXPR_MAXDEPTH-1))
  130. return 0;
  131. switch (e->attr) {
  132. case CEXPR_USER:
  133. val1 = scontext->user;
  134. val2 = tcontext->user;
  135. break;
  136. case CEXPR_TYPE:
  137. val1 = scontext->type;
  138. val2 = tcontext->type;
  139. break;
  140. case CEXPR_ROLE:
  141. val1 = scontext->role;
  142. val2 = tcontext->role;
  143. r1 = policydb.role_val_to_struct[val1 - 1];
  144. r2 = policydb.role_val_to_struct[val2 - 1];
  145. switch (e->op) {
  146. case CEXPR_DOM:
  147. s[++sp] = ebitmap_get_bit(&r1->dominates,
  148. val2 - 1);
  149. continue;
  150. case CEXPR_DOMBY:
  151. s[++sp] = ebitmap_get_bit(&r2->dominates,
  152. val1 - 1);
  153. continue;
  154. case CEXPR_INCOMP:
  155. s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
  156. val2 - 1) &&
  157. !ebitmap_get_bit(&r2->dominates,
  158. val1 - 1) );
  159. continue;
  160. default:
  161. break;
  162. }
  163. break;
  164. case CEXPR_L1L2:
  165. l1 = &(scontext->range.level[0]);
  166. l2 = &(tcontext->range.level[0]);
  167. goto mls_ops;
  168. case CEXPR_L1H2:
  169. l1 = &(scontext->range.level[0]);
  170. l2 = &(tcontext->range.level[1]);
  171. goto mls_ops;
  172. case CEXPR_H1L2:
  173. l1 = &(scontext->range.level[1]);
  174. l2 = &(tcontext->range.level[0]);
  175. goto mls_ops;
  176. case CEXPR_H1H2:
  177. l1 = &(scontext->range.level[1]);
  178. l2 = &(tcontext->range.level[1]);
  179. goto mls_ops;
  180. case CEXPR_L1H1:
  181. l1 = &(scontext->range.level[0]);
  182. l2 = &(scontext->range.level[1]);
  183. goto mls_ops;
  184. case CEXPR_L2H2:
  185. l1 = &(tcontext->range.level[0]);
  186. l2 = &(tcontext->range.level[1]);
  187. goto mls_ops;
  188. mls_ops:
  189. switch (e->op) {
  190. case CEXPR_EQ:
  191. s[++sp] = mls_level_eq(l1, l2);
  192. continue;
  193. case CEXPR_NEQ:
  194. s[++sp] = !mls_level_eq(l1, l2);
  195. continue;
  196. case CEXPR_DOM:
  197. s[++sp] = mls_level_dom(l1, l2);
  198. continue;
  199. case CEXPR_DOMBY:
  200. s[++sp] = mls_level_dom(l2, l1);
  201. continue;
  202. case CEXPR_INCOMP:
  203. s[++sp] = mls_level_incomp(l2, l1);
  204. continue;
  205. default:
  206. BUG();
  207. return 0;
  208. }
  209. break;
  210. default:
  211. BUG();
  212. return 0;
  213. }
  214. switch (e->op) {
  215. case CEXPR_EQ:
  216. s[++sp] = (val1 == val2);
  217. break;
  218. case CEXPR_NEQ:
  219. s[++sp] = (val1 != val2);
  220. break;
  221. default:
  222. BUG();
  223. return 0;
  224. }
  225. break;
  226. case CEXPR_NAMES:
  227. if (sp == (CEXPR_MAXDEPTH-1))
  228. return 0;
  229. c = scontext;
  230. if (e->attr & CEXPR_TARGET)
  231. c = tcontext;
  232. else if (e->attr & CEXPR_XTARGET) {
  233. c = xcontext;
  234. if (!c) {
  235. BUG();
  236. return 0;
  237. }
  238. }
  239. if (e->attr & CEXPR_USER)
  240. val1 = c->user;
  241. else if (e->attr & CEXPR_ROLE)
  242. val1 = c->role;
  243. else if (e->attr & CEXPR_TYPE)
  244. val1 = c->type;
  245. else {
  246. BUG();
  247. return 0;
  248. }
  249. switch (e->op) {
  250. case CEXPR_EQ:
  251. s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
  252. break;
  253. case CEXPR_NEQ:
  254. s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
  255. break;
  256. default:
  257. BUG();
  258. return 0;
  259. }
  260. break;
  261. default:
  262. BUG();
  263. return 0;
  264. }
  265. }
  266. BUG_ON(sp != 0);
  267. return s[0];
  268. }
  269. /*
  270. * Compute access vectors based on a context structure pair for
  271. * the permissions in a particular class.
  272. */
  273. static int context_struct_compute_av(struct context *scontext,
  274. struct context *tcontext,
  275. u16 tclass,
  276. u32 requested,
  277. struct av_decision *avd)
  278. {
  279. struct constraint_node *constraint;
  280. struct role_allow *ra;
  281. struct avtab_key avkey;
  282. struct avtab_node *node;
  283. struct class_datum *tclass_datum;
  284. struct ebitmap *sattr, *tattr;
  285. struct ebitmap_node *snode, *tnode;
  286. const struct selinux_class_perm *kdefs = &selinux_class_perm;
  287. unsigned int i, j;
  288. /*
  289. * Remap extended Netlink classes for old policy versions.
  290. * Do this here rather than socket_type_to_security_class()
  291. * in case a newer policy version is loaded, allowing sockets
  292. * to remain in the correct class.
  293. */
  294. if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
  295. if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
  296. tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
  297. tclass = SECCLASS_NETLINK_SOCKET;
  298. /*
  299. * Initialize the access vectors to the default values.
  300. */
  301. avd->allowed = 0;
  302. avd->decided = 0xffffffff;
  303. avd->auditallow = 0;
  304. avd->auditdeny = 0xffffffff;
  305. avd->seqno = latest_granting;
  306. /*
  307. * Check for all the invalid cases.
  308. * - tclass 0
  309. * - tclass > policy and > kernel
  310. * - tclass > policy but is a userspace class
  311. * - tclass > policy but we do not allow unknowns
  312. */
  313. if (unlikely(!tclass))
  314. goto inval_class;
  315. if (unlikely(tclass > policydb.p_classes.nprim))
  316. if (tclass > kdefs->cts_len ||
  317. !kdefs->class_to_string[tclass - 1] ||
  318. !policydb.allow_unknown)
  319. goto inval_class;
  320. /*
  321. * Kernel class and we allow unknown so pad the allow decision
  322. * the pad will be all 1 for unknown classes.
  323. */
  324. if (tclass <= kdefs->cts_len && policydb.allow_unknown)
  325. avd->allowed = policydb.undefined_perms[tclass - 1];
  326. /*
  327. * Not in policy. Since decision is completed (all 1 or all 0) return.
  328. */
  329. if (unlikely(tclass > policydb.p_classes.nprim))
  330. return 0;
  331. tclass_datum = policydb.class_val_to_struct[tclass - 1];
  332. /*
  333. * If a specific type enforcement rule was defined for
  334. * this permission check, then use it.
  335. */
  336. avkey.target_class = tclass;
  337. avkey.specified = AVTAB_AV;
  338. sattr = &policydb.type_attr_map[scontext->type - 1];
  339. tattr = &policydb.type_attr_map[tcontext->type - 1];
  340. ebitmap_for_each_positive_bit(sattr, snode, i) {
  341. ebitmap_for_each_positive_bit(tattr, tnode, j) {
  342. avkey.source_type = i + 1;
  343. avkey.target_type = j + 1;
  344. for (node = avtab_search_node(&policydb.te_avtab, &avkey);
  345. node != NULL;
  346. node = avtab_search_node_next(node, avkey.specified)) {
  347. if (node->key.specified == AVTAB_ALLOWED)
  348. avd->allowed |= node->datum.data;
  349. else if (node->key.specified == AVTAB_AUDITALLOW)
  350. avd->auditallow |= node->datum.data;
  351. else if (node->key.specified == AVTAB_AUDITDENY)
  352. avd->auditdeny &= node->datum.data;
  353. }
  354. /* Check conditional av table for additional permissions */
  355. cond_compute_av(&policydb.te_cond_avtab, &avkey, avd);
  356. }
  357. }
  358. /*
  359. * Remove any permissions prohibited by a constraint (this includes
  360. * the MLS policy).
  361. */
  362. constraint = tclass_datum->constraints;
  363. while (constraint) {
  364. if ((constraint->permissions & (avd->allowed)) &&
  365. !constraint_expr_eval(scontext, tcontext, NULL,
  366. constraint->expr)) {
  367. avd->allowed = (avd->allowed) & ~(constraint->permissions);
  368. }
  369. constraint = constraint->next;
  370. }
  371. /*
  372. * If checking process transition permission and the
  373. * role is changing, then check the (current_role, new_role)
  374. * pair.
  375. */
  376. if (tclass == SECCLASS_PROCESS &&
  377. (avd->allowed & (PROCESS__TRANSITION | PROCESS__DYNTRANSITION)) &&
  378. scontext->role != tcontext->role) {
  379. for (ra = policydb.role_allow; ra; ra = ra->next) {
  380. if (scontext->role == ra->role &&
  381. tcontext->role == ra->new_role)
  382. break;
  383. }
  384. if (!ra)
  385. avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
  386. PROCESS__DYNTRANSITION);
  387. }
  388. return 0;
  389. inval_class:
  390. printk(KERN_ERR "%s: unrecognized class %d\n", __func__, tclass);
  391. return -EINVAL;
  392. }
  393. /*
  394. * Given a sid find if the type has the permissive flag set
  395. */
  396. int security_permissive_sid(u32 sid)
  397. {
  398. struct context *context;
  399. u32 type;
  400. int rc;
  401. POLICY_RDLOCK;
  402. context = sidtab_search(&sidtab, sid);
  403. BUG_ON(!context);
  404. type = context->type;
  405. /*
  406. * we are intentionally using type here, not type-1, the 0th bit may
  407. * someday indicate that we are globally setting permissive in policy.
  408. */
  409. rc = ebitmap_get_bit(&policydb.permissive_map, type);
  410. POLICY_RDUNLOCK;
  411. return rc;
  412. }
  413. static int security_validtrans_handle_fail(struct context *ocontext,
  414. struct context *ncontext,
  415. struct context *tcontext,
  416. u16 tclass)
  417. {
  418. char *o = NULL, *n = NULL, *t = NULL;
  419. u32 olen, nlen, tlen;
  420. if (context_struct_to_string(ocontext, &o, &olen) < 0)
  421. goto out;
  422. if (context_struct_to_string(ncontext, &n, &nlen) < 0)
  423. goto out;
  424. if (context_struct_to_string(tcontext, &t, &tlen) < 0)
  425. goto out;
  426. audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  427. "security_validate_transition: denied for"
  428. " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
  429. o, n, t, policydb.p_class_val_to_name[tclass-1]);
  430. out:
  431. kfree(o);
  432. kfree(n);
  433. kfree(t);
  434. if (!selinux_enforcing)
  435. return 0;
  436. return -EPERM;
  437. }
  438. int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
  439. u16 tclass)
  440. {
  441. struct context *ocontext;
  442. struct context *ncontext;
  443. struct context *tcontext;
  444. struct class_datum *tclass_datum;
  445. struct constraint_node *constraint;
  446. int rc = 0;
  447. if (!ss_initialized)
  448. return 0;
  449. POLICY_RDLOCK;
  450. /*
  451. * Remap extended Netlink classes for old policy versions.
  452. * Do this here rather than socket_type_to_security_class()
  453. * in case a newer policy version is loaded, allowing sockets
  454. * to remain in the correct class.
  455. */
  456. if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
  457. if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
  458. tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
  459. tclass = SECCLASS_NETLINK_SOCKET;
  460. if (!tclass || tclass > policydb.p_classes.nprim) {
  461. printk(KERN_ERR "security_validate_transition: "
  462. "unrecognized class %d\n", tclass);
  463. rc = -EINVAL;
  464. goto out;
  465. }
  466. tclass_datum = policydb.class_val_to_struct[tclass - 1];
  467. ocontext = sidtab_search(&sidtab, oldsid);
  468. if (!ocontext) {
  469. printk(KERN_ERR "security_validate_transition: "
  470. " unrecognized SID %d\n", oldsid);
  471. rc = -EINVAL;
  472. goto out;
  473. }
  474. ncontext = sidtab_search(&sidtab, newsid);
  475. if (!ncontext) {
  476. printk(KERN_ERR "security_validate_transition: "
  477. " unrecognized SID %d\n", newsid);
  478. rc = -EINVAL;
  479. goto out;
  480. }
  481. tcontext = sidtab_search(&sidtab, tasksid);
  482. if (!tcontext) {
  483. printk(KERN_ERR "security_validate_transition: "
  484. " unrecognized SID %d\n", tasksid);
  485. rc = -EINVAL;
  486. goto out;
  487. }
  488. constraint = tclass_datum->validatetrans;
  489. while (constraint) {
  490. if (!constraint_expr_eval(ocontext, ncontext, tcontext,
  491. constraint->expr)) {
  492. rc = security_validtrans_handle_fail(ocontext, ncontext,
  493. tcontext, tclass);
  494. goto out;
  495. }
  496. constraint = constraint->next;
  497. }
  498. out:
  499. POLICY_RDUNLOCK;
  500. return rc;
  501. }
  502. /**
  503. * security_compute_av - Compute access vector decisions.
  504. * @ssid: source security identifier
  505. * @tsid: target security identifier
  506. * @tclass: target security class
  507. * @requested: requested permissions
  508. * @avd: access vector decisions
  509. *
  510. * Compute a set of access vector decisions based on the
  511. * SID pair (@ssid, @tsid) for the permissions in @tclass.
  512. * Return -%EINVAL if any of the parameters are invalid or %0
  513. * if the access vector decisions were computed successfully.
  514. */
  515. int security_compute_av(u32 ssid,
  516. u32 tsid,
  517. u16 tclass,
  518. u32 requested,
  519. struct av_decision *avd)
  520. {
  521. struct context *scontext = NULL, *tcontext = NULL;
  522. int rc = 0;
  523. if (!ss_initialized) {
  524. avd->allowed = 0xffffffff;
  525. avd->decided = 0xffffffff;
  526. avd->auditallow = 0;
  527. avd->auditdeny = 0xffffffff;
  528. avd->seqno = latest_granting;
  529. return 0;
  530. }
  531. POLICY_RDLOCK;
  532. scontext = sidtab_search(&sidtab, ssid);
  533. if (!scontext) {
  534. printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
  535. ssid);
  536. rc = -EINVAL;
  537. goto out;
  538. }
  539. tcontext = sidtab_search(&sidtab, tsid);
  540. if (!tcontext) {
  541. printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
  542. tsid);
  543. rc = -EINVAL;
  544. goto out;
  545. }
  546. rc = context_struct_compute_av(scontext, tcontext, tclass,
  547. requested, avd);
  548. out:
  549. POLICY_RDUNLOCK;
  550. return rc;
  551. }
  552. /*
  553. * Write the security context string representation of
  554. * the context structure `context' into a dynamically
  555. * allocated string of the correct size. Set `*scontext'
  556. * to point to this string and set `*scontext_len' to
  557. * the length of the string.
  558. */
  559. static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
  560. {
  561. char *scontextp;
  562. *scontext = NULL;
  563. *scontext_len = 0;
  564. /* Compute the size of the context. */
  565. *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
  566. *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
  567. *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
  568. *scontext_len += mls_compute_context_len(context);
  569. /* Allocate space for the context; caller must free this space. */
  570. scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
  571. if (!scontextp) {
  572. return -ENOMEM;
  573. }
  574. *scontext = scontextp;
  575. /*
  576. * Copy the user name, role name and type name into the context.
  577. */
  578. sprintf(scontextp, "%s:%s:%s",
  579. policydb.p_user_val_to_name[context->user - 1],
  580. policydb.p_role_val_to_name[context->role - 1],
  581. policydb.p_type_val_to_name[context->type - 1]);
  582. scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
  583. 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
  584. 1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
  585. mls_sid_to_context(context, &scontextp);
  586. *scontextp = 0;
  587. return 0;
  588. }
  589. #include "initial_sid_to_string.h"
  590. const char *security_get_initial_sid_context(u32 sid)
  591. {
  592. if (unlikely(sid > SECINITSID_NUM))
  593. return NULL;
  594. return initial_sid_to_string[sid];
  595. }
  596. /**
  597. * security_sid_to_context - Obtain a context for a given SID.
  598. * @sid: security identifier, SID
  599. * @scontext: security context
  600. * @scontext_len: length in bytes
  601. *
  602. * Write the string representation of the context associated with @sid
  603. * into a dynamically allocated string of the correct size. Set @scontext
  604. * to point to this string and set @scontext_len to the length of the string.
  605. */
  606. int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
  607. {
  608. struct context *context;
  609. int rc = 0;
  610. *scontext = NULL;
  611. *scontext_len = 0;
  612. if (!ss_initialized) {
  613. if (sid <= SECINITSID_NUM) {
  614. char *scontextp;
  615. *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
  616. scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
  617. if (!scontextp) {
  618. rc = -ENOMEM;
  619. goto out;
  620. }
  621. strcpy(scontextp, initial_sid_to_string[sid]);
  622. *scontext = scontextp;
  623. goto out;
  624. }
  625. printk(KERN_ERR "security_sid_to_context: called before initial "
  626. "load_policy on unknown SID %d\n", sid);
  627. rc = -EINVAL;
  628. goto out;
  629. }
  630. POLICY_RDLOCK;
  631. context = sidtab_search(&sidtab, sid);
  632. if (!context) {
  633. printk(KERN_ERR "security_sid_to_context: unrecognized SID "
  634. "%d\n", sid);
  635. rc = -EINVAL;
  636. goto out_unlock;
  637. }
  638. rc = context_struct_to_string(context, scontext, scontext_len);
  639. out_unlock:
  640. POLICY_RDUNLOCK;
  641. out:
  642. return rc;
  643. }
  644. static int security_context_to_sid_core(char *scontext, u32 scontext_len,
  645. u32 *sid, u32 def_sid, gfp_t gfp_flags)
  646. {
  647. char *scontext2;
  648. struct context context;
  649. struct role_datum *role;
  650. struct type_datum *typdatum;
  651. struct user_datum *usrdatum;
  652. char *scontextp, *p, oldc;
  653. int rc = 0;
  654. if (!ss_initialized) {
  655. int i;
  656. for (i = 1; i < SECINITSID_NUM; i++) {
  657. if (!strcmp(initial_sid_to_string[i], scontext)) {
  658. *sid = i;
  659. goto out;
  660. }
  661. }
  662. *sid = SECINITSID_KERNEL;
  663. goto out;
  664. }
  665. *sid = SECSID_NULL;
  666. /* Copy the string so that we can modify the copy as we parse it.
  667. The string should already by null terminated, but we append a
  668. null suffix to the copy to avoid problems with the existing
  669. attr package, which doesn't view the null terminator as part
  670. of the attribute value. */
  671. scontext2 = kmalloc(scontext_len+1, gfp_flags);
  672. if (!scontext2) {
  673. rc = -ENOMEM;
  674. goto out;
  675. }
  676. memcpy(scontext2, scontext, scontext_len);
  677. scontext2[scontext_len] = 0;
  678. context_init(&context);
  679. *sid = SECSID_NULL;
  680. POLICY_RDLOCK;
  681. /* Parse the security context. */
  682. rc = -EINVAL;
  683. scontextp = (char *) scontext2;
  684. /* Extract the user. */
  685. p = scontextp;
  686. while (*p && *p != ':')
  687. p++;
  688. if (*p == 0)
  689. goto out_unlock;
  690. *p++ = 0;
  691. usrdatum = hashtab_search(policydb.p_users.table, scontextp);
  692. if (!usrdatum)
  693. goto out_unlock;
  694. context.user = usrdatum->value;
  695. /* Extract role. */
  696. scontextp = p;
  697. while (*p && *p != ':')
  698. p++;
  699. if (*p == 0)
  700. goto out_unlock;
  701. *p++ = 0;
  702. role = hashtab_search(policydb.p_roles.table, scontextp);
  703. if (!role)
  704. goto out_unlock;
  705. context.role = role->value;
  706. /* Extract type. */
  707. scontextp = p;
  708. while (*p && *p != ':')
  709. p++;
  710. oldc = *p;
  711. *p++ = 0;
  712. typdatum = hashtab_search(policydb.p_types.table, scontextp);
  713. if (!typdatum)
  714. goto out_unlock;
  715. context.type = typdatum->value;
  716. rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
  717. if (rc)
  718. goto out_unlock;
  719. if ((p - scontext2) < scontext_len) {
  720. rc = -EINVAL;
  721. goto out_unlock;
  722. }
  723. /* Check the validity of the new context. */
  724. if (!policydb_context_isvalid(&policydb, &context)) {
  725. rc = -EINVAL;
  726. goto out_unlock;
  727. }
  728. /* Obtain the new sid. */
  729. rc = sidtab_context_to_sid(&sidtab, &context, sid);
  730. out_unlock:
  731. POLICY_RDUNLOCK;
  732. context_destroy(&context);
  733. kfree(scontext2);
  734. out:
  735. return rc;
  736. }
  737. /**
  738. * security_context_to_sid - Obtain a SID for a given security context.
  739. * @scontext: security context
  740. * @scontext_len: length in bytes
  741. * @sid: security identifier, SID
  742. *
  743. * Obtains a SID associated with the security context that
  744. * has the string representation specified by @scontext.
  745. * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
  746. * memory is available, or 0 on success.
  747. */
  748. int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
  749. {
  750. return security_context_to_sid_core(scontext, scontext_len,
  751. sid, SECSID_NULL, GFP_KERNEL);
  752. }
  753. /**
  754. * security_context_to_sid_default - Obtain a SID for a given security context,
  755. * falling back to specified default if needed.
  756. *
  757. * @scontext: security context
  758. * @scontext_len: length in bytes
  759. * @sid: security identifier, SID
  760. * @def_sid: default SID to assign on error
  761. *
  762. * Obtains a SID associated with the security context that
  763. * has the string representation specified by @scontext.
  764. * The default SID is passed to the MLS layer to be used to allow
  765. * kernel labeling of the MLS field if the MLS field is not present
  766. * (for upgrading to MLS without full relabel).
  767. * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
  768. * memory is available, or 0 on success.
  769. */
  770. int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid,
  771. u32 def_sid, gfp_t gfp_flags)
  772. {
  773. return security_context_to_sid_core(scontext, scontext_len,
  774. sid, def_sid, gfp_flags);
  775. }
  776. static int compute_sid_handle_invalid_context(
  777. struct context *scontext,
  778. struct context *tcontext,
  779. u16 tclass,
  780. struct context *newcontext)
  781. {
  782. char *s = NULL, *t = NULL, *n = NULL;
  783. u32 slen, tlen, nlen;
  784. if (context_struct_to_string(scontext, &s, &slen) < 0)
  785. goto out;
  786. if (context_struct_to_string(tcontext, &t, &tlen) < 0)
  787. goto out;
  788. if (context_struct_to_string(newcontext, &n, &nlen) < 0)
  789. goto out;
  790. audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  791. "security_compute_sid: invalid context %s"
  792. " for scontext=%s"
  793. " tcontext=%s"
  794. " tclass=%s",
  795. n, s, t, policydb.p_class_val_to_name[tclass-1]);
  796. out:
  797. kfree(s);
  798. kfree(t);
  799. kfree(n);
  800. if (!selinux_enforcing)
  801. return 0;
  802. return -EACCES;
  803. }
  804. static int security_compute_sid(u32 ssid,
  805. u32 tsid,
  806. u16 tclass,
  807. u32 specified,
  808. u32 *out_sid)
  809. {
  810. struct context *scontext = NULL, *tcontext = NULL, newcontext;
  811. struct role_trans *roletr = NULL;
  812. struct avtab_key avkey;
  813. struct avtab_datum *avdatum;
  814. struct avtab_node *node;
  815. int rc = 0;
  816. if (!ss_initialized) {
  817. switch (tclass) {
  818. case SECCLASS_PROCESS:
  819. *out_sid = ssid;
  820. break;
  821. default:
  822. *out_sid = tsid;
  823. break;
  824. }
  825. goto out;
  826. }
  827. context_init(&newcontext);
  828. POLICY_RDLOCK;
  829. scontext = sidtab_search(&sidtab, ssid);
  830. if (!scontext) {
  831. printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
  832. ssid);
  833. rc = -EINVAL;
  834. goto out_unlock;
  835. }
  836. tcontext = sidtab_search(&sidtab, tsid);
  837. if (!tcontext) {
  838. printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
  839. tsid);
  840. rc = -EINVAL;
  841. goto out_unlock;
  842. }
  843. /* Set the user identity. */
  844. switch (specified) {
  845. case AVTAB_TRANSITION:
  846. case AVTAB_CHANGE:
  847. /* Use the process user identity. */
  848. newcontext.user = scontext->user;
  849. break;
  850. case AVTAB_MEMBER:
  851. /* Use the related object owner. */
  852. newcontext.user = tcontext->user;
  853. break;
  854. }
  855. /* Set the role and type to default values. */
  856. switch (tclass) {
  857. case SECCLASS_PROCESS:
  858. /* Use the current role and type of process. */
  859. newcontext.role = scontext->role;
  860. newcontext.type = scontext->type;
  861. break;
  862. default:
  863. /* Use the well-defined object role. */
  864. newcontext.role = OBJECT_R_VAL;
  865. /* Use the type of the related object. */
  866. newcontext.type = tcontext->type;
  867. }
  868. /* Look for a type transition/member/change rule. */
  869. avkey.source_type = scontext->type;
  870. avkey.target_type = tcontext->type;
  871. avkey.target_class = tclass;
  872. avkey.specified = specified;
  873. avdatum = avtab_search(&policydb.te_avtab, &avkey);
  874. /* If no permanent rule, also check for enabled conditional rules */
  875. if(!avdatum) {
  876. node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
  877. for (; node != NULL; node = avtab_search_node_next(node, specified)) {
  878. if (node->key.specified & AVTAB_ENABLED) {
  879. avdatum = &node->datum;
  880. break;
  881. }
  882. }
  883. }
  884. if (avdatum) {
  885. /* Use the type from the type transition/member/change rule. */
  886. newcontext.type = avdatum->data;
  887. }
  888. /* Check for class-specific changes. */
  889. switch (tclass) {
  890. case SECCLASS_PROCESS:
  891. if (specified & AVTAB_TRANSITION) {
  892. /* Look for a role transition rule. */
  893. for (roletr = policydb.role_tr; roletr;
  894. roletr = roletr->next) {
  895. if (roletr->role == scontext->role &&
  896. roletr->type == tcontext->type) {
  897. /* Use the role transition rule. */
  898. newcontext.role = roletr->new_role;
  899. break;
  900. }
  901. }
  902. }
  903. break;
  904. default:
  905. break;
  906. }
  907. /* Set the MLS attributes.
  908. This is done last because it may allocate memory. */
  909. rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);
  910. if (rc)
  911. goto out_unlock;
  912. /* Check the validity of the context. */
  913. if (!policydb_context_isvalid(&policydb, &newcontext)) {
  914. rc = compute_sid_handle_invalid_context(scontext,
  915. tcontext,
  916. tclass,
  917. &newcontext);
  918. if (rc)
  919. goto out_unlock;
  920. }
  921. /* Obtain the sid for the context. */
  922. rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
  923. out_unlock:
  924. POLICY_RDUNLOCK;
  925. context_destroy(&newcontext);
  926. out:
  927. return rc;
  928. }
  929. /**
  930. * security_transition_sid - Compute the SID for a new subject/object.
  931. * @ssid: source security identifier
  932. * @tsid: target security identifier
  933. * @tclass: target security class
  934. * @out_sid: security identifier for new subject/object
  935. *
  936. * Compute a SID to use for labeling a new subject or object in the
  937. * class @tclass based on a SID pair (@ssid, @tsid).
  938. * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
  939. * if insufficient memory is available, or %0 if the new SID was
  940. * computed successfully.
  941. */
  942. int security_transition_sid(u32 ssid,
  943. u32 tsid,
  944. u16 tclass,
  945. u32 *out_sid)
  946. {
  947. return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
  948. }
  949. /**
  950. * security_member_sid - Compute the SID for member selection.
  951. * @ssid: source security identifier
  952. * @tsid: target security identifier
  953. * @tclass: target security class
  954. * @out_sid: security identifier for selected member
  955. *
  956. * Compute a SID to use when selecting a member of a polyinstantiated
  957. * object of class @tclass based on a SID pair (@ssid, @tsid).
  958. * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
  959. * if insufficient memory is available, or %0 if the SID was
  960. * computed successfully.
  961. */
  962. int security_member_sid(u32 ssid,
  963. u32 tsid,
  964. u16 tclass,
  965. u32 *out_sid)
  966. {
  967. return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
  968. }
  969. /**
  970. * security_change_sid - Compute the SID for object relabeling.
  971. * @ssid: source security identifier
  972. * @tsid: target security identifier
  973. * @tclass: target security class
  974. * @out_sid: security identifier for selected member
  975. *
  976. * Compute a SID to use for relabeling an object of class @tclass
  977. * based on a SID pair (@ssid, @tsid).
  978. * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
  979. * if insufficient memory is available, or %0 if the SID was
  980. * computed successfully.
  981. */
  982. int security_change_sid(u32 ssid,
  983. u32 tsid,
  984. u16 tclass,
  985. u32 *out_sid)
  986. {
  987. return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
  988. }
  989. /*
  990. * Verify that each kernel class that is defined in the
  991. * policy is correct
  992. */
  993. static int validate_classes(struct policydb *p)
  994. {
  995. int i, j;
  996. struct class_datum *cladatum;
  997. struct perm_datum *perdatum;
  998. u32 nprim, tmp, common_pts_len, perm_val, pol_val;
  999. u16 class_val;
  1000. const struct selinux_class_perm *kdefs = &selinux_class_perm;
  1001. const char *def_class, *def_perm, *pol_class;
  1002. struct symtab *perms;
  1003. if (p->allow_unknown) {
  1004. u32 num_classes = kdefs->cts_len;
  1005. p->undefined_perms = kcalloc(num_classes, sizeof(u32), GFP_KERNEL);
  1006. if (!p->undefined_perms)
  1007. return -ENOMEM;
  1008. }
  1009. for (i = 1; i < kdefs->cts_len; i++) {
  1010. def_class = kdefs->class_to_string[i];
  1011. if (!def_class)
  1012. continue;
  1013. if (i > p->p_classes.nprim) {
  1014. printk(KERN_INFO
  1015. "SELinux: class %s not defined in policy\n",
  1016. def_class);
  1017. if (p->reject_unknown)
  1018. return -EINVAL;
  1019. if (p->allow_unknown)
  1020. p->undefined_perms[i-1] = ~0U;
  1021. continue;
  1022. }
  1023. pol_class = p->p_class_val_to_name[i-1];
  1024. if (strcmp(pol_class, def_class)) {
  1025. printk(KERN_ERR
  1026. "SELinux: class %d is incorrect, found %s but should be %s\n",
  1027. i, pol_class, def_class);
  1028. return -EINVAL;
  1029. }
  1030. }
  1031. for (i = 0; i < kdefs->av_pts_len; i++) {
  1032. class_val = kdefs->av_perm_to_string[i].tclass;
  1033. perm_val = kdefs->av_perm_to_string[i].value;
  1034. def_perm = kdefs->av_perm_to_string[i].name;
  1035. if (class_val > p->p_classes.nprim)
  1036. continue;
  1037. pol_class = p->p_class_val_to_name[class_val-1];
  1038. cladatum = hashtab_search(p->p_classes.table, pol_class);
  1039. BUG_ON(!cladatum);
  1040. perms = &cladatum->permissions;
  1041. nprim = 1 << (perms->nprim - 1);
  1042. if (perm_val > nprim) {
  1043. printk(KERN_INFO
  1044. "SELinux: permission %s in class %s not defined in policy\n",
  1045. def_perm, pol_class);
  1046. if (p->reject_unknown)
  1047. return -EINVAL;
  1048. if (p->allow_unknown)
  1049. p->undefined_perms[class_val-1] |= perm_val;
  1050. continue;
  1051. }
  1052. perdatum = hashtab_search(perms->table, def_perm);
  1053. if (perdatum == NULL) {
  1054. printk(KERN_ERR
  1055. "SELinux: permission %s in class %s not found in policy, bad policy\n",
  1056. def_perm, pol_class);
  1057. return -EINVAL;
  1058. }
  1059. pol_val = 1 << (perdatum->value - 1);
  1060. if (pol_val != perm_val) {
  1061. printk(KERN_ERR
  1062. "SELinux: permission %s in class %s has incorrect value\n",
  1063. def_perm, pol_class);
  1064. return -EINVAL;
  1065. }
  1066. }
  1067. for (i = 0; i < kdefs->av_inherit_len; i++) {
  1068. class_val = kdefs->av_inherit[i].tclass;
  1069. if (class_val > p->p_classes.nprim)
  1070. continue;
  1071. pol_class = p->p_class_val_to_name[class_val-1];
  1072. cladatum = hashtab_search(p->p_classes.table, pol_class);
  1073. BUG_ON(!cladatum);
  1074. if (!cladatum->comdatum) {
  1075. printk(KERN_ERR
  1076. "SELinux: class %s should have an inherits clause but does not\n",
  1077. pol_class);
  1078. return -EINVAL;
  1079. }
  1080. tmp = kdefs->av_inherit[i].common_base;
  1081. common_pts_len = 0;
  1082. while (!(tmp & 0x01)) {
  1083. common_pts_len++;
  1084. tmp >>= 1;
  1085. }
  1086. perms = &cladatum->comdatum->permissions;
  1087. for (j = 0; j < common_pts_len; j++) {
  1088. def_perm = kdefs->av_inherit[i].common_pts[j];
  1089. if (j >= perms->nprim) {
  1090. printk(KERN_INFO
  1091. "SELinux: permission %s in class %s not defined in policy\n",
  1092. def_perm, pol_class);
  1093. if (p->reject_unknown)
  1094. return -EINVAL;
  1095. if (p->allow_unknown)
  1096. p->undefined_perms[class_val-1] |= (1 << j);
  1097. continue;
  1098. }
  1099. perdatum = hashtab_search(perms->table, def_perm);
  1100. if (perdatum == NULL) {
  1101. printk(KERN_ERR
  1102. "SELinux: permission %s in class %s not found in policy, bad policy\n",
  1103. def_perm, pol_class);
  1104. return -EINVAL;
  1105. }
  1106. if (perdatum->value != j + 1) {
  1107. printk(KERN_ERR
  1108. "SELinux: permission %s in class %s has incorrect value\n",
  1109. def_perm, pol_class);
  1110. return -EINVAL;
  1111. }
  1112. }
  1113. }
  1114. return 0;
  1115. }
  1116. /* Clone the SID into the new SID table. */
  1117. static int clone_sid(u32 sid,
  1118. struct context *context,
  1119. void *arg)
  1120. {
  1121. struct sidtab *s = arg;
  1122. return sidtab_insert(s, sid, context);
  1123. }
  1124. static inline int convert_context_handle_invalid_context(struct context *context)
  1125. {
  1126. int rc = 0;
  1127. if (selinux_enforcing) {
  1128. rc = -EINVAL;
  1129. } else {
  1130. char *s;
  1131. u32 len;
  1132. context_struct_to_string(context, &s, &len);
  1133. printk(KERN_ERR "SELinux: context %s is invalid\n", s);
  1134. kfree(s);
  1135. }
  1136. return rc;
  1137. }
  1138. struct convert_context_args {
  1139. struct policydb *oldp;
  1140. struct policydb *newp;
  1141. };
  1142. /*
  1143. * Convert the values in the security context
  1144. * structure `c' from the values specified
  1145. * in the policy `p->oldp' to the values specified
  1146. * in the policy `p->newp'. Verify that the
  1147. * context is valid under the new policy.
  1148. */
  1149. static int convert_context(u32 key,
  1150. struct context *c,
  1151. void *p)
  1152. {
  1153. struct convert_context_args *args;
  1154. struct context oldc;
  1155. struct role_datum *role;
  1156. struct type_datum *typdatum;
  1157. struct user_datum *usrdatum;
  1158. char *s;
  1159. u32 len;
  1160. int rc;
  1161. args = p;
  1162. rc = context_cpy(&oldc, c);
  1163. if (rc)
  1164. goto out;
  1165. rc = -EINVAL;
  1166. /* Convert the user. */
  1167. usrdatum = hashtab_search(args->newp->p_users.table,
  1168. args->oldp->p_user_val_to_name[c->user - 1]);
  1169. if (!usrdatum) {
  1170. goto bad;
  1171. }
  1172. c->user = usrdatum->value;
  1173. /* Convert the role. */
  1174. role = hashtab_search(args->newp->p_roles.table,
  1175. args->oldp->p_role_val_to_name[c->role - 1]);
  1176. if (!role) {
  1177. goto bad;
  1178. }
  1179. c->role = role->value;
  1180. /* Convert the type. */
  1181. typdatum = hashtab_search(args->newp->p_types.table,
  1182. args->oldp->p_type_val_to_name[c->type - 1]);
  1183. if (!typdatum) {
  1184. goto bad;
  1185. }
  1186. c->type = typdatum->value;
  1187. rc = mls_convert_context(args->oldp, args->newp, c);
  1188. if (rc)
  1189. goto bad;
  1190. /* Check the validity of the new context. */
  1191. if (!policydb_context_isvalid(args->newp, c)) {
  1192. rc = convert_context_handle_invalid_context(&oldc);
  1193. if (rc)
  1194. goto bad;
  1195. }
  1196. context_destroy(&oldc);
  1197. out:
  1198. return rc;
  1199. bad:
  1200. context_struct_to_string(&oldc, &s, &len);
  1201. context_destroy(&oldc);
  1202. printk(KERN_ERR "SELinux: invalidating context %s\n", s);
  1203. kfree(s);
  1204. goto out;
  1205. }
  1206. static void security_load_policycaps(void)
  1207. {
  1208. selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
  1209. POLICYDB_CAPABILITY_NETPEER);
  1210. selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
  1211. POLICYDB_CAPABILITY_OPENPERM);
  1212. }
  1213. extern void selinux_complete_init(void);
  1214. static int security_preserve_bools(struct policydb *p);
  1215. /**
  1216. * security_load_policy - Load a security policy configuration.
  1217. * @data: binary policy data
  1218. * @len: length of data in bytes
  1219. *
  1220. * Load a new set of security policy configuration data,
  1221. * validate it and convert the SID table as necessary.
  1222. * This function will flush the access vector cache after
  1223. * loading the new policy.
  1224. */
  1225. int security_load_policy(void *data, size_t len)
  1226. {
  1227. struct policydb oldpolicydb, newpolicydb;
  1228. struct sidtab oldsidtab, newsidtab;
  1229. struct convert_context_args args;
  1230. u32 seqno;
  1231. int rc = 0;
  1232. struct policy_file file = { data, len }, *fp = &file;
  1233. LOAD_LOCK;
  1234. if (!ss_initialized) {
  1235. avtab_cache_init();
  1236. if (policydb_read(&policydb, fp)) {
  1237. LOAD_UNLOCK;
  1238. avtab_cache_destroy();
  1239. return -EINVAL;
  1240. }
  1241. if (policydb_load_isids(&policydb, &sidtab)) {
  1242. LOAD_UNLOCK;
  1243. policydb_destroy(&policydb);
  1244. avtab_cache_destroy();
  1245. return -EINVAL;
  1246. }
  1247. /* Verify that the kernel defined classes are correct. */
  1248. if (validate_classes(&policydb)) {
  1249. printk(KERN_ERR
  1250. "SELinux: the definition of a class is incorrect\n");
  1251. LOAD_UNLOCK;
  1252. sidtab_destroy(&sidtab);
  1253. policydb_destroy(&policydb);
  1254. avtab_cache_destroy();
  1255. return -EINVAL;
  1256. }
  1257. security_load_policycaps();
  1258. policydb_loaded_version = policydb.policyvers;
  1259. ss_initialized = 1;
  1260. seqno = ++latest_granting;
  1261. LOAD_UNLOCK;
  1262. selinux_complete_init();
  1263. avc_ss_reset(seqno);
  1264. selnl_notify_policyload(seqno);
  1265. selinux_netlbl_cache_invalidate();
  1266. selinux_xfrm_notify_policyload();
  1267. return 0;
  1268. }
  1269. #if 0
  1270. sidtab_hash_eval(&sidtab, "sids");
  1271. #endif
  1272. if (policydb_read(&newpolicydb, fp)) {
  1273. LOAD_UNLOCK;
  1274. return -EINVAL;
  1275. }
  1276. sidtab_init(&newsidtab);
  1277. /* Verify that the kernel defined classes are correct. */
  1278. if (validate_classes(&newpolicydb)) {
  1279. printk(KERN_ERR
  1280. "SELinux: the definition of a class is incorrect\n");
  1281. rc = -EINVAL;
  1282. goto err;
  1283. }
  1284. rc = security_preserve_bools(&newpolicydb);
  1285. if (rc) {
  1286. printk(KERN_ERR "SELinux: unable to preserve booleans\n");
  1287. goto err;
  1288. }
  1289. /* Clone the SID table. */
  1290. sidtab_shutdown(&sidtab);
  1291. if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
  1292. rc = -ENOMEM;
  1293. goto err;
  1294. }
  1295. /* Convert the internal representations of contexts
  1296. in the new SID table and remove invalid SIDs. */
  1297. args.oldp = &policydb;
  1298. args.newp = &newpolicydb;
  1299. sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
  1300. /* Save the old policydb and SID table to free later. */
  1301. memcpy(&oldpolicydb, &policydb, sizeof policydb);
  1302. sidtab_set(&oldsidtab, &sidtab);
  1303. /* Install the new policydb and SID table. */
  1304. POLICY_WRLOCK;
  1305. memcpy(&policydb, &newpolicydb, sizeof policydb);
  1306. sidtab_set(&sidtab, &newsidtab);
  1307. security_load_policycaps();
  1308. seqno = ++latest_granting;
  1309. policydb_loaded_version = policydb.policyvers;
  1310. POLICY_WRUNLOCK;
  1311. LOAD_UNLOCK;
  1312. /* Free the old policydb and SID table. */
  1313. policydb_destroy(&oldpolicydb);
  1314. sidtab_destroy(&oldsidtab);
  1315. avc_ss_reset(seqno);
  1316. selnl_notify_policyload(seqno);
  1317. selinux_netlbl_cache_invalidate();
  1318. selinux_xfrm_notify_policyload();
  1319. return 0;
  1320. err:
  1321. LOAD_UNLOCK;
  1322. sidtab_destroy(&newsidtab);
  1323. policydb_destroy(&newpolicydb);
  1324. return rc;
  1325. }
  1326. /**
  1327. * security_port_sid - Obtain the SID for a port.
  1328. * @protocol: protocol number
  1329. * @port: port number
  1330. * @out_sid: security identifier
  1331. */
  1332. int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
  1333. {
  1334. struct ocontext *c;
  1335. int rc = 0;
  1336. POLICY_RDLOCK;
  1337. c = policydb.ocontexts[OCON_PORT];
  1338. while (c) {
  1339. if (c->u.port.protocol == protocol &&
  1340. c->u.port.low_port <= port &&
  1341. c->u.port.high_port >= port)
  1342. break;
  1343. c = c->next;
  1344. }
  1345. if (c) {
  1346. if (!c->sid[0]) {
  1347. rc = sidtab_context_to_sid(&sidtab,
  1348. &c->context[0],
  1349. &c->sid[0]);
  1350. if (rc)
  1351. goto out;
  1352. }
  1353. *out_sid = c->sid[0];
  1354. } else {
  1355. *out_sid = SECINITSID_PORT;
  1356. }
  1357. out:
  1358. POLICY_RDUNLOCK;
  1359. return rc;
  1360. }
  1361. /**
  1362. * security_netif_sid - Obtain the SID for a network interface.
  1363. * @name: interface name
  1364. * @if_sid: interface SID
  1365. */
  1366. int security_netif_sid(char *name, u32 *if_sid)
  1367. {
  1368. int rc = 0;
  1369. struct ocontext *c;
  1370. POLICY_RDLOCK;
  1371. c = policydb.ocontexts[OCON_NETIF];
  1372. while (c) {
  1373. if (strcmp(name, c->u.name) == 0)
  1374. break;
  1375. c = c->next;
  1376. }
  1377. if (c) {
  1378. if (!c->sid[0] || !c->sid[1]) {
  1379. rc = sidtab_context_to_sid(&sidtab,
  1380. &c->context[0],
  1381. &c->sid[0]);
  1382. if (rc)
  1383. goto out;
  1384. rc = sidtab_context_to_sid(&sidtab,
  1385. &c->context[1],
  1386. &c->sid[1]);
  1387. if (rc)
  1388. goto out;
  1389. }
  1390. *if_sid = c->sid[0];
  1391. } else
  1392. *if_sid = SECINITSID_NETIF;
  1393. out:
  1394. POLICY_RDUNLOCK;
  1395. return rc;
  1396. }
  1397. static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
  1398. {
  1399. int i, fail = 0;
  1400. for(i = 0; i < 4; i++)
  1401. if(addr[i] != (input[i] & mask[i])) {
  1402. fail = 1;
  1403. break;
  1404. }
  1405. return !fail;
  1406. }
  1407. /**
  1408. * security_node_sid - Obtain the SID for a node (host).
  1409. * @domain: communication domain aka address family
  1410. * @addrp: address
  1411. * @addrlen: address length in bytes
  1412. * @out_sid: security identifier
  1413. */
  1414. int security_node_sid(u16 domain,
  1415. void *addrp,
  1416. u32 addrlen,
  1417. u32 *out_sid)
  1418. {
  1419. int rc = 0;
  1420. struct ocontext *c;
  1421. POLICY_RDLOCK;
  1422. switch (domain) {
  1423. case AF_INET: {
  1424. u32 addr;
  1425. if (addrlen != sizeof(u32)) {
  1426. rc = -EINVAL;
  1427. goto out;
  1428. }
  1429. addr = *((u32 *)addrp);
  1430. c = policydb.ocontexts[OCON_NODE];
  1431. while (c) {
  1432. if (c->u.node.addr == (addr & c->u.node.mask))
  1433. break;
  1434. c = c->next;
  1435. }
  1436. break;
  1437. }
  1438. case AF_INET6:
  1439. if (addrlen != sizeof(u64) * 2) {
  1440. rc = -EINVAL;
  1441. goto out;
  1442. }
  1443. c = policydb.ocontexts[OCON_NODE6];
  1444. while (c) {
  1445. if (match_ipv6_addrmask(addrp, c->u.node6.addr,
  1446. c->u.node6.mask))
  1447. break;
  1448. c = c->next;
  1449. }
  1450. break;
  1451. default:
  1452. *out_sid = SECINITSID_NODE;
  1453. goto out;
  1454. }
  1455. if (c) {
  1456. if (!c->sid[0]) {
  1457. rc = sidtab_context_to_sid(&sidtab,
  1458. &c->context[0],
  1459. &c->sid[0]);
  1460. if (rc)
  1461. goto out;
  1462. }
  1463. *out_sid = c->sid[0];
  1464. } else {
  1465. *out_sid = SECINITSID_NODE;
  1466. }
  1467. out:
  1468. POLICY_RDUNLOCK;
  1469. return rc;
  1470. }
  1471. #define SIDS_NEL 25
  1472. /**
  1473. * security_get_user_sids - Obtain reachable SIDs for a user.
  1474. * @fromsid: starting SID
  1475. * @username: username
  1476. * @sids: array of reachable SIDs for user
  1477. * @nel: number of elements in @sids
  1478. *
  1479. * Generate the set of SIDs for legal security contexts
  1480. * for a given user that can be reached by @fromsid.
  1481. * Set *@sids to point to a dynamically allocated
  1482. * array containing the set of SIDs. Set *@nel to the
  1483. * number of elements in the array.
  1484. */
  1485. int security_get_user_sids(u32 fromsid,
  1486. char *username,
  1487. u32 **sids,
  1488. u32 *nel)
  1489. {
  1490. struct context *fromcon, usercon;
  1491. u32 *mysids = NULL, *mysids2, sid;
  1492. u32 mynel = 0, maxnel = SIDS_NEL;
  1493. struct user_datum *user;
  1494. struct role_datum *role;
  1495. struct ebitmap_node *rnode, *tnode;
  1496. int rc = 0, i, j;
  1497. *sids = NULL;
  1498. *nel = 0;
  1499. if (!ss_initialized)
  1500. goto out;
  1501. POLICY_RDLOCK;
  1502. fromcon = sidtab_search(&sidtab, fromsid);
  1503. if (!fromcon) {
  1504. rc = -EINVAL;
  1505. goto out_unlock;
  1506. }
  1507. user = hashtab_search(policydb.p_users.table, username);
  1508. if (!user) {
  1509. rc = -EINVAL;
  1510. goto out_unlock;
  1511. }
  1512. usercon.user = user->value;
  1513. mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
  1514. if (!mysids) {
  1515. rc = -ENOMEM;
  1516. goto out_unlock;
  1517. }
  1518. ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
  1519. role = policydb.role_val_to_struct[i];
  1520. usercon.role = i+1;
  1521. ebitmap_for_each_positive_bit(&role->types, tnode, j) {
  1522. usercon.type = j+1;
  1523. if (mls_setup_user_range(fromcon, user, &usercon))
  1524. continue;
  1525. rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
  1526. if (rc)
  1527. goto out_unlock;
  1528. if (mynel < maxnel) {
  1529. mysids[mynel++] = sid;
  1530. } else {
  1531. maxnel += SIDS_NEL;
  1532. mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
  1533. if (!mysids2) {
  1534. rc = -ENOMEM;
  1535. goto out_unlock;
  1536. }
  1537. memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
  1538. kfree(mysids);
  1539. mysids = mysids2;
  1540. mysids[mynel++] = sid;
  1541. }
  1542. }
  1543. }
  1544. out_unlock:
  1545. POLICY_RDUNLOCK;
  1546. if (rc || !mynel) {
  1547. kfree(mysids);
  1548. goto out;
  1549. }
  1550. mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
  1551. if (!mysids2) {
  1552. rc = -ENOMEM;
  1553. kfree(mysids);
  1554. goto out;
  1555. }
  1556. for (i = 0, j = 0; i < mynel; i++) {
  1557. rc = avc_has_perm_noaudit(fromsid, mysids[i],
  1558. SECCLASS_PROCESS,
  1559. PROCESS__TRANSITION, AVC_STRICT,
  1560. NULL);
  1561. if (!rc)
  1562. mysids2[j++] = mysids[i];
  1563. cond_resched();
  1564. }
  1565. rc = 0;
  1566. kfree(mysids);
  1567. *sids = mysids2;
  1568. *nel = j;
  1569. out:
  1570. return rc;
  1571. }
  1572. /**
  1573. * security_genfs_sid - Obtain a SID for a file in a filesystem
  1574. * @fstype: filesystem type
  1575. * @path: path from root of mount
  1576. * @sclass: file security class
  1577. * @sid: SID for path
  1578. *
  1579. * Obtain a SID to use for a file in a filesystem that
  1580. * cannot support xattr or use a fixed labeling behavior like
  1581. * transition SIDs or task SIDs.
  1582. */
  1583. int security_genfs_sid(const char *fstype,
  1584. char *path,
  1585. u16 sclass,
  1586. u32 *sid)
  1587. {
  1588. int len;
  1589. struct genfs *genfs;
  1590. struct ocontext *c;
  1591. int rc = 0, cmp = 0;
  1592. while (path[0] == '/' && path[1] == '/')
  1593. path++;
  1594. POLICY_RDLOCK;
  1595. for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
  1596. cmp = strcmp(fstype, genfs->fstype);
  1597. if (cmp <= 0)
  1598. break;
  1599. }
  1600. if (!genfs || cmp) {
  1601. *sid = SECINITSID_UNLABELED;
  1602. rc = -ENOENT;
  1603. goto out;
  1604. }
  1605. for (c = genfs->head; c; c = c->next) {
  1606. len = strlen(c->u.name);
  1607. if ((!c->v.sclass || sclass == c->v.sclass) &&
  1608. (strncmp(c->u.name, path, len) == 0))
  1609. break;
  1610. }
  1611. if (!c) {
  1612. *sid = SECINITSID_UNLABELED;
  1613. rc = -ENOENT;
  1614. goto out;
  1615. }
  1616. if (!c->sid[0]) {
  1617. rc = sidtab_context_to_sid(&sidtab,
  1618. &c->context[0],
  1619. &c->sid[0]);
  1620. if (rc)
  1621. goto out;
  1622. }
  1623. *sid = c->sid[0];
  1624. out:
  1625. POLICY_RDUNLOCK;
  1626. return rc;
  1627. }
  1628. /**
  1629. * security_fs_use - Determine how to handle labeling for a filesystem.
  1630. * @fstype: filesystem type
  1631. * @behavior: labeling behavior
  1632. * @sid: SID for filesystem (superblock)
  1633. */
  1634. int security_fs_use(
  1635. const char *fstype,
  1636. unsigned int *behavior,
  1637. u32 *sid)
  1638. {
  1639. int rc = 0;
  1640. struct ocontext *c;
  1641. POLICY_RDLOCK;
  1642. c = policydb.ocontexts[OCON_FSUSE];
  1643. while (c) {
  1644. if (strcmp(fstype, c->u.name) == 0)
  1645. break;
  1646. c = c->next;
  1647. }
  1648. if (c) {
  1649. *behavior = c->v.behavior;
  1650. if (!c->sid[0]) {
  1651. rc = sidtab_context_to_sid(&sidtab,
  1652. &c->context[0],
  1653. &c->sid[0]);
  1654. if (rc)
  1655. goto out;
  1656. }
  1657. *sid = c->sid[0];
  1658. } else {
  1659. rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
  1660. if (rc) {
  1661. *behavior = SECURITY_FS_USE_NONE;
  1662. rc = 0;
  1663. } else {
  1664. *behavior = SECURITY_FS_USE_GENFS;
  1665. }
  1666. }
  1667. out:
  1668. POLICY_RDUNLOCK;
  1669. return rc;
  1670. }
  1671. int security_get_bools(int *len, char ***names, int **values)
  1672. {
  1673. int i, rc = -ENOMEM;
  1674. POLICY_RDLOCK;
  1675. *names = NULL;
  1676. *values = NULL;
  1677. *len = policydb.p_bools.nprim;
  1678. if (!*len) {
  1679. rc = 0;
  1680. goto out;
  1681. }
  1682. *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC);
  1683. if (!*names)
  1684. goto err;
  1685. *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
  1686. if (!*values)
  1687. goto err;
  1688. for (i = 0; i < *len; i++) {
  1689. size_t name_len;
  1690. (*values)[i] = policydb.bool_val_to_struct[i]->state;
  1691. name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
  1692. (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
  1693. if (!(*names)[i])
  1694. goto err;
  1695. strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
  1696. (*names)[i][name_len - 1] = 0;
  1697. }
  1698. rc = 0;
  1699. out:
  1700. POLICY_RDUNLOCK;
  1701. return rc;
  1702. err:
  1703. if (*names) {
  1704. for (i = 0; i < *len; i++)
  1705. kfree((*names)[i]);
  1706. }
  1707. kfree(*values);
  1708. goto out;
  1709. }
  1710. int security_set_bools(int len, int *values)
  1711. {
  1712. int i, rc = 0;
  1713. int lenp, seqno = 0;
  1714. struct cond_node *cur;
  1715. POLICY_WRLOCK;
  1716. lenp = policydb.p_bools.nprim;
  1717. if (len != lenp) {
  1718. rc = -EFAULT;
  1719. goto out;
  1720. }
  1721. for (i = 0; i < len; i++) {
  1722. if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
  1723. audit_log(current->audit_context, GFP_ATOMIC,
  1724. AUDIT_MAC_CONFIG_CHANGE,
  1725. "bool=%s val=%d old_val=%d auid=%u ses=%u",
  1726. policydb.p_bool_val_to_name[i],
  1727. !!values[i],
  1728. policydb.bool_val_to_struct[i]->state,
  1729. audit_get_loginuid(current),
  1730. audit_get_sessionid(current));
  1731. }
  1732. if (values[i]) {
  1733. policydb.bool_val_to_struct[i]->state = 1;
  1734. } else {
  1735. policydb.bool_val_to_struct[i]->state = 0;
  1736. }
  1737. }
  1738. for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
  1739. rc = evaluate_cond_node(&policydb, cur);
  1740. if (rc)
  1741. goto out;
  1742. }
  1743. seqno = ++latest_granting;
  1744. out:
  1745. POLICY_WRUNLOCK;
  1746. if (!rc) {
  1747. avc_ss_reset(seqno);
  1748. selnl_notify_policyload(seqno);
  1749. selinux_xfrm_notify_policyload();
  1750. }
  1751. return rc;
  1752. }
  1753. int security_get_bool_value(int bool)
  1754. {
  1755. int rc = 0;
  1756. int len;
  1757. POLICY_RDLOCK;
  1758. len = policydb.p_bools.nprim;
  1759. if (bool >= len) {
  1760. rc = -EFAULT;
  1761. goto out;
  1762. }
  1763. rc = policydb.bool_val_to_struct[bool]->state;
  1764. out:
  1765. POLICY_RDUNLOCK;
  1766. return rc;
  1767. }
  1768. static int security_preserve_bools(struct policydb *p)
  1769. {
  1770. int rc, nbools = 0, *bvalues = NULL, i;
  1771. char **bnames = NULL;
  1772. struct cond_bool_datum *booldatum;
  1773. struct cond_node *cur;
  1774. rc = security_get_bools(&nbools, &bnames, &bvalues);
  1775. if (rc)
  1776. goto out;
  1777. for (i = 0; i < nbools; i++) {
  1778. booldatum = hashtab_search(p->p_bools.table, bnames[i]);
  1779. if (booldatum)
  1780. booldatum->state = bvalues[i];
  1781. }
  1782. for (cur = p->cond_list; cur != NULL; cur = cur->next) {
  1783. rc = evaluate_cond_node(p, cur);
  1784. if (rc)
  1785. goto out;
  1786. }
  1787. out:
  1788. if (bnames) {
  1789. for (i = 0; i < nbools; i++)
  1790. kfree(bnames[i]);
  1791. }
  1792. kfree(bnames);
  1793. kfree(bvalues);
  1794. return rc;
  1795. }
  1796. /*
  1797. * security_sid_mls_copy() - computes a new sid based on the given
  1798. * sid and the mls portion of mls_sid.
  1799. */
  1800. int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
  1801. {
  1802. struct context *context1;
  1803. struct context *context2;
  1804. struct context newcon;
  1805. char *s;
  1806. u32 len;
  1807. int rc = 0;
  1808. if (!ss_initialized || !selinux_mls_enabled) {
  1809. *new_sid = sid;
  1810. goto out;
  1811. }
  1812. context_init(&newcon);
  1813. POLICY_RDLOCK;
  1814. context1 = sidtab_search(&sidtab, sid);
  1815. if (!context1) {
  1816. printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
  1817. "%d\n", sid);
  1818. rc = -EINVAL;
  1819. goto out_unlock;
  1820. }
  1821. context2 = sidtab_search(&sidtab, mls_sid);
  1822. if (!context2) {
  1823. printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
  1824. "%d\n", mls_sid);
  1825. rc = -EINVAL;
  1826. goto out_unlock;
  1827. }
  1828. newcon.user = context1->user;
  1829. newcon.role = context1->role;
  1830. newcon.type = context1->type;
  1831. rc = mls_context_cpy(&newcon, context2);
  1832. if (rc)
  1833. goto out_unlock;
  1834. /* Check the validity of the new context. */
  1835. if (!policydb_context_isvalid(&policydb, &newcon)) {
  1836. rc = convert_context_handle_invalid_context(&newcon);
  1837. if (rc)
  1838. goto bad;
  1839. }
  1840. rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);
  1841. goto out_unlock;
  1842. bad:
  1843. if (!context_struct_to_string(&newcon, &s, &len)) {
  1844. audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  1845. "security_sid_mls_copy: invalid context %s", s);
  1846. kfree(s);
  1847. }
  1848. out_unlock:
  1849. POLICY_RDUNLOCK;
  1850. context_destroy(&newcon);
  1851. out:
  1852. return rc;
  1853. }
  1854. /**
  1855. * security_net_peersid_resolve - Compare and resolve two network peer SIDs
  1856. * @nlbl_sid: NetLabel SID
  1857. * @nlbl_type: NetLabel labeling protocol type
  1858. * @xfrm_sid: XFRM SID
  1859. *
  1860. * Description:
  1861. * Compare the @nlbl_sid and @xfrm_sid values and if the two SIDs can be
  1862. * resolved into a single SID it is returned via @peer_sid and the function
  1863. * returns zero. Otherwise @peer_sid is set to SECSID_NULL and the function
  1864. * returns a negative value. A table summarizing the behavior is below:
  1865. *
  1866. * | function return | @sid
  1867. * ------------------------------+-----------------+-----------------
  1868. * no peer labels | 0 | SECSID_NULL
  1869. * single peer label | 0 | <peer_label>
  1870. * multiple, consistent labels | 0 | <peer_label>
  1871. * multiple, inconsistent labels | -<errno> | SECSID_NULL
  1872. *
  1873. */
  1874. int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
  1875. u32 xfrm_sid,
  1876. u32 *peer_sid)
  1877. {
  1878. int rc;
  1879. struct context *nlbl_ctx;
  1880. struct context *xfrm_ctx;
  1881. /* handle the common (which also happens to be the set of easy) cases
  1882. * right away, these two if statements catch everything involving a
  1883. * single or absent peer SID/label */
  1884. if (xfrm_sid == SECSID_NULL) {
  1885. *peer_sid = nlbl_sid;
  1886. return 0;
  1887. }
  1888. /* NOTE: an nlbl_type == NETLBL_NLTYPE_UNLABELED is a "fallback" label
  1889. * and is treated as if nlbl_sid == SECSID_NULL when a XFRM SID/label
  1890. * is present */
  1891. if (nlbl_sid == SECSID_NULL || nlbl_type == NETLBL_NLTYPE_UNLABELED) {
  1892. *peer_sid = xfrm_sid;
  1893. return 0;
  1894. }
  1895. /* we don't need to check ss_initialized here since the only way both
  1896. * nlbl_sid and xfrm_sid are not equal to SECSID_NULL would be if the
  1897. * security server was initialized and ss_initialized was true */
  1898. if (!selinux_mls_enabled) {
  1899. *peer_sid = SECSID_NULL;
  1900. return 0;
  1901. }
  1902. POLICY_RDLOCK;
  1903. nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
  1904. if (!nlbl_ctx) {
  1905. printk(KERN_ERR
  1906. "security_sid_mls_cmp: unrecognized SID %d\n",
  1907. nlbl_sid);
  1908. rc = -EINVAL;
  1909. goto out_slowpath;
  1910. }
  1911. xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
  1912. if (!xfrm_ctx) {
  1913. printk(KERN_ERR
  1914. "security_sid_mls_cmp: unrecognized SID %d\n",
  1915. xfrm_sid);
  1916. rc = -EINVAL;
  1917. goto out_slowpath;
  1918. }
  1919. rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
  1920. out_slowpath:
  1921. POLICY_RDUNLOCK;
  1922. if (rc == 0)
  1923. /* at present NetLabel SIDs/labels really only carry MLS
  1924. * information so if the MLS portion of the NetLabel SID
  1925. * matches the MLS portion of the labeled XFRM SID/label
  1926. * then pass along the XFRM SID as it is the most
  1927. * expressive */
  1928. *peer_sid = xfrm_sid;
  1929. else
  1930. *peer_sid = SECSID_NULL;
  1931. return rc;
  1932. }
  1933. static int get_classes_callback(void *k, void *d, void *args)
  1934. {
  1935. struct class_datum *datum = d;
  1936. char *name = k, **classes = args;
  1937. int value = datum->value - 1;
  1938. classes[value] = kstrdup(name, GFP_ATOMIC);
  1939. if (!classes[value])
  1940. return -ENOMEM;
  1941. return 0;
  1942. }
  1943. int security_get_classes(char ***classes, int *nclasses)
  1944. {
  1945. int rc = -ENOMEM;
  1946. POLICY_RDLOCK;
  1947. *nclasses = policydb.p_classes.nprim;
  1948. *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);
  1949. if (!*classes)
  1950. goto out;
  1951. rc = hashtab_map(policydb.p_classes.table, get_classes_callback,
  1952. *classes);
  1953. if (rc < 0) {
  1954. int i;
  1955. for (i = 0; i < *nclasses; i++)
  1956. kfree((*classes)[i]);
  1957. kfree(*classes);
  1958. }
  1959. out:
  1960. POLICY_RDUNLOCK;
  1961. return rc;
  1962. }
  1963. static int get_permissions_callback(void *k, void *d, void *args)
  1964. {
  1965. struct perm_datum *datum = d;
  1966. char *name = k, **perms = args;
  1967. int value = datum->value - 1;
  1968. perms[value] = kstrdup(name, GFP_ATOMIC);
  1969. if (!perms[value])
  1970. return -ENOMEM;
  1971. return 0;
  1972. }
  1973. int security_get_permissions(char *class, char ***perms, int *nperms)
  1974. {
  1975. int rc = -ENOMEM, i;
  1976. struct class_datum *match;
  1977. POLICY_RDLOCK;
  1978. match = hashtab_search(policydb.p_classes.table, class);
  1979. if (!match) {
  1980. printk(KERN_ERR "%s: unrecognized class %s\n",
  1981. __func__, class);
  1982. rc = -EINVAL;
  1983. goto out;
  1984. }
  1985. *nperms = match->permissions.nprim;
  1986. *perms = kcalloc(*nperms, sizeof(*perms), GFP_ATOMIC);
  1987. if (!*perms)
  1988. goto out;
  1989. if (match->comdatum) {
  1990. rc = hashtab_map(match->comdatum->permissions.table,
  1991. get_permissions_callback, *perms);
  1992. if (rc < 0)
  1993. goto err;
  1994. }
  1995. rc = hashtab_map(match->permissions.table, get_permissions_callback,
  1996. *perms);
  1997. if (rc < 0)
  1998. goto err;
  1999. out:
  2000. POLICY_RDUNLOCK;
  2001. return rc;
  2002. err:
  2003. POLICY_RDUNLOCK;
  2004. for (i = 0; i < *nperms; i++)
  2005. kfree((*perms)[i]);
  2006. kfree(*perms);
  2007. return rc;
  2008. }
  2009. int security_get_reject_unknown(void)
  2010. {
  2011. return policydb.reject_unknown;
  2012. }
  2013. int security_get_allow_unknown(void)
  2014. {
  2015. return policydb.allow_unknown;
  2016. }
  2017. /**
  2018. * security_policycap_supported - Check for a specific policy capability
  2019. * @req_cap: capability
  2020. *
  2021. * Description:
  2022. * This function queries the currently loaded policy to see if it supports the
  2023. * capability specified by @req_cap. Returns true (1) if the capability is
  2024. * supported, false (0) if it isn't supported.
  2025. *
  2026. */
  2027. int security_policycap_supported(unsigned int req_cap)
  2028. {
  2029. int rc;
  2030. POLICY_RDLOCK;
  2031. rc = ebitmap_get_bit(&policydb.policycaps, req_cap);
  2032. POLICY_RDUNLOCK;
  2033. return rc;
  2034. }
  2035. struct selinux_audit_rule {
  2036. u32 au_seqno;
  2037. struct context au_ctxt;
  2038. };
  2039. void selinux_audit_rule_free(void *vrule)
  2040. {
  2041. struct selinux_audit_rule *rule = vrule;
  2042. if (rule) {
  2043. context_destroy(&rule->au_ctxt);
  2044. kfree(rule);
  2045. }
  2046. }
  2047. int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
  2048. {
  2049. struct selinux_audit_rule *tmprule;
  2050. struct role_datum *roledatum;
  2051. struct type_datum *typedatum;
  2052. struct user_datum *userdatum;
  2053. struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
  2054. int rc = 0;
  2055. *rule = NULL;
  2056. if (!ss_initialized)
  2057. return -EOPNOTSUPP;
  2058. switch (field) {
  2059. case AUDIT_SUBJ_USER:
  2060. case AUDIT_SUBJ_ROLE:
  2061. case AUDIT_SUBJ_TYPE:
  2062. case AUDIT_OBJ_USER:
  2063. case AUDIT_OBJ_ROLE:
  2064. case AUDIT_OBJ_TYPE:
  2065. /* only 'equals' and 'not equals' fit user, role, and type */
  2066. if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
  2067. return -EINVAL;
  2068. break;
  2069. case AUDIT_SUBJ_SEN:
  2070. case AUDIT_SUBJ_CLR:
  2071. case AUDIT_OBJ_LEV_LOW:
  2072. case AUDIT_OBJ_LEV_HIGH:
  2073. /* we do not allow a range, indicated by the presense of '-' */
  2074. if (strchr(rulestr, '-'))
  2075. return -EINVAL;
  2076. break;
  2077. default:
  2078. /* only the above fields are valid */
  2079. return -EINVAL;
  2080. }
  2081. tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
  2082. if (!tmprule)
  2083. return -ENOMEM;
  2084. context_init(&tmprule->au_ctxt);
  2085. POLICY_RDLOCK;
  2086. tmprule->au_seqno = latest_granting;
  2087. switch (field) {
  2088. case AUDIT_SUBJ_USER:
  2089. case AUDIT_OBJ_USER:
  2090. userdatum = hashtab_search(policydb.p_users.table, rulestr);
  2091. if (!userdatum)
  2092. rc = -EINVAL;
  2093. else
  2094. tmprule->au_ctxt.user = userdatum->value;
  2095. break;
  2096. case AUDIT_SUBJ_ROLE:
  2097. case AUDIT_OBJ_ROLE:
  2098. roledatum = hashtab_search(policydb.p_roles.table, rulestr);
  2099. if (!roledatum)
  2100. rc = -EINVAL;
  2101. else
  2102. tmprule->au_ctxt.role = roledatum->value;
  2103. break;
  2104. case AUDIT_SUBJ_TYPE:
  2105. case AUDIT_OBJ_TYPE:
  2106. typedatum = hashtab_search(policydb.p_types.table, rulestr);
  2107. if (!typedatum)
  2108. rc = -EINVAL;
  2109. else
  2110. tmprule->au_ctxt.type = typedatum->value;
  2111. break;
  2112. case AUDIT_SUBJ_SEN:
  2113. case AUDIT_SUBJ_CLR:
  2114. case AUDIT_OBJ_LEV_LOW:
  2115. case AUDIT_OBJ_LEV_HIGH:
  2116. rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
  2117. break;
  2118. }
  2119. POLICY_RDUNLOCK;
  2120. if (rc) {
  2121. selinux_audit_rule_free(tmprule);
  2122. tmprule = NULL;
  2123. }
  2124. *rule = tmprule;
  2125. return rc;
  2126. }
  2127. /* Check to see if the rule contains any selinux fields */
  2128. int selinux_audit_rule_known(struct audit_krule *rule)
  2129. {
  2130. int i;
  2131. for (i = 0; i < rule->field_count; i++) {
  2132. struct audit_field *f = &rule->fields[i];
  2133. switch (f->type) {
  2134. case AUDIT_SUBJ_USER:
  2135. case AUDIT_SUBJ_ROLE:
  2136. case AUDIT_SUBJ_TYPE:
  2137. case AUDIT_SUBJ_SEN:
  2138. case AUDIT_SUBJ_CLR:
  2139. case AUDIT_OBJ_USER:
  2140. case AUDIT_OBJ_ROLE:
  2141. case AUDIT_OBJ_TYPE:
  2142. case AUDIT_OBJ_LEV_LOW:
  2143. case AUDIT_OBJ_LEV_HIGH:
  2144. return 1;
  2145. }
  2146. }
  2147. return 0;
  2148. }
  2149. int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
  2150. struct audit_context *actx)
  2151. {
  2152. struct context *ctxt;
  2153. struct mls_level *level;
  2154. struct selinux_audit_rule *rule = vrule;
  2155. int match = 0;
  2156. if (!rule) {
  2157. audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  2158. "selinux_audit_rule_match: missing rule\n");
  2159. return -ENOENT;
  2160. }
  2161. POLICY_RDLOCK;
  2162. if (rule->au_seqno < latest_granting) {
  2163. audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  2164. "selinux_audit_rule_match: stale rule\n");
  2165. match = -ESTALE;
  2166. goto out;
  2167. }
  2168. ctxt = sidtab_search(&sidtab, sid);
  2169. if (!ctxt) {
  2170. audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
  2171. "selinux_audit_rule_match: unrecognized SID %d\n",
  2172. sid);
  2173. match = -ENOENT;
  2174. goto out;
  2175. }
  2176. /* a field/op pair that is not caught here will simply fall through
  2177. without a match */
  2178. switch (field) {
  2179. case AUDIT_SUBJ_USER:
  2180. case AUDIT_OBJ_USER:
  2181. switch (op) {
  2182. case AUDIT_EQUAL:
  2183. match = (ctxt->user == rule->au_ctxt.user);
  2184. break;
  2185. case AUDIT_NOT_EQUAL:
  2186. match = (ctxt->user != rule->au_ctxt.user);
  2187. break;
  2188. }
  2189. break;
  2190. case AUDIT_SUBJ_ROLE:
  2191. case AUDIT_OBJ_ROLE:
  2192. switch (op) {
  2193. case AUDIT_EQUAL:
  2194. match = (ctxt->role == rule->au_ctxt.role);
  2195. break;
  2196. case AUDIT_NOT_EQUAL:
  2197. match = (ctxt->role != rule->au_ctxt.role);
  2198. break;
  2199. }
  2200. break;
  2201. case AUDIT_SUBJ_TYPE:
  2202. case AUDIT_OBJ_TYPE:
  2203. switch (op) {
  2204. case AUDIT_EQUAL:
  2205. match = (ctxt->type == rule->au_ctxt.type);
  2206. break;
  2207. case AUDIT_NOT_EQUAL:
  2208. match = (ctxt->type != rule->au_ctxt.type);
  2209. break;
  2210. }
  2211. break;
  2212. case AUDIT_SUBJ_SEN:
  2213. case AUDIT_SUBJ_CLR:
  2214. case AUDIT_OBJ_LEV_LOW:
  2215. case AUDIT_OBJ_LEV_HIGH:
  2216. level = ((field == AUDIT_SUBJ_SEN ||
  2217. field == AUDIT_OBJ_LEV_LOW) ?
  2218. &ctxt->range.level[0] : &ctxt->range.level[1]);
  2219. switch (op) {
  2220. case AUDIT_EQUAL:
  2221. match = mls_level_eq(&rule->au_ctxt.range.level[0],
  2222. level);
  2223. break;
  2224. case AUDIT_NOT_EQUAL:
  2225. match = !mls_level_eq(&rule->au_ctxt.range.level[0],
  2226. level);
  2227. break;
  2228. case AUDIT_LESS_THAN:
  2229. match = (mls_level_dom(&rule->au_ctxt.range.level[0],
  2230. level) &&
  2231. !mls_level_eq(&rule->au_ctxt.range.level[0],
  2232. level));
  2233. break;
  2234. case AUDIT_LESS_THAN_OR_EQUAL:
  2235. match = mls_level_dom(&rule->au_ctxt.range.level[0],
  2236. level);
  2237. break;
  2238. case AUDIT_GREATER_THAN:
  2239. match = (mls_level_dom(level,
  2240. &rule->au_ctxt.range.level[0]) &&
  2241. !mls_level_eq(level,
  2242. &rule->au_ctxt.range.level[0]));
  2243. break;
  2244. case AUDIT_GREATER_THAN_OR_EQUAL:
  2245. match = mls_level_dom(level,
  2246. &rule->au_ctxt.range.level[0]);
  2247. break;
  2248. }
  2249. }
  2250. out:
  2251. POLICY_RDUNLOCK;
  2252. return match;
  2253. }
  2254. static int (*aurule_callback)(void) = audit_update_lsm_rules;
  2255. static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
  2256. u16 class, u32 perms, u32 *retained)
  2257. {
  2258. int err = 0;
  2259. if (event == AVC_CALLBACK_RESET && aurule_callback)
  2260. err = aurule_callback();
  2261. return err;
  2262. }
  2263. static int __init aurule_init(void)
  2264. {
  2265. int err;
  2266. err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
  2267. SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
  2268. if (err)
  2269. panic("avc_add_callback() failed, error %d\n", err);
  2270. return err;
  2271. }
  2272. __initcall(aurule_init);
  2273. #ifdef CONFIG_NETLABEL
  2274. /**
  2275. * security_netlbl_cache_add - Add an entry to the NetLabel cache
  2276. * @secattr: the NetLabel packet security attributes
  2277. * @sid: the SELinux SID
  2278. *
  2279. * Description:
  2280. * Attempt to cache the context in @ctx, which was derived from the packet in
  2281. * @skb, in the NetLabel subsystem cache. This function assumes @secattr has
  2282. * already been initialized.
  2283. *
  2284. */
  2285. static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
  2286. u32 sid)
  2287. {
  2288. u32 *sid_cache;
  2289. sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC);
  2290. if (sid_cache == NULL)
  2291. return;
  2292. secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
  2293. if (secattr->cache == NULL) {
  2294. kfree(sid_cache);
  2295. return;
  2296. }
  2297. *sid_cache = sid;
  2298. secattr->cache->free = kfree;
  2299. secattr->cache->data = sid_cache;
  2300. secattr->flags |= NETLBL_SECATTR_CACHE;
  2301. }
  2302. /**
  2303. * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
  2304. * @secattr: the NetLabel packet security attributes
  2305. * @sid: the SELinux SID
  2306. *
  2307. * Description:
  2308. * Convert the given NetLabel security attributes in @secattr into a
  2309. * SELinux SID. If the @secattr field does not contain a full SELinux
  2310. * SID/context then use SECINITSID_NETMSG as the foundation. If possibile the
  2311. * 'cache' field of @secattr is set and the CACHE flag is set; this is to
  2312. * allow the @secattr to be used by NetLabel to cache the secattr to SID
  2313. * conversion for future lookups. Returns zero on success, negative values on
  2314. * failure.
  2315. *
  2316. */
  2317. int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
  2318. u32 *sid)
  2319. {
  2320. int rc = -EIDRM;
  2321. struct context *ctx;
  2322. struct context ctx_new;
  2323. if (!ss_initialized) {
  2324. *sid = SECSID_NULL;
  2325. return 0;
  2326. }
  2327. POLICY_RDLOCK;
  2328. if (secattr->flags & NETLBL_SECATTR_CACHE) {
  2329. *sid = *(u32 *)secattr->cache->data;
  2330. rc = 0;
  2331. } else if (secattr->flags & NETLBL_SECATTR_SECID) {
  2332. *sid = secattr->attr.secid;
  2333. rc = 0;
  2334. } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
  2335. ctx = sidtab_search(&sidtab, SECINITSID_NETMSG);
  2336. if (ctx == NULL)
  2337. goto netlbl_secattr_to_sid_return;
  2338. ctx_new.user = ctx->user;
  2339. ctx_new.role = ctx->role;
  2340. ctx_new.type = ctx->type;
  2341. mls_import_netlbl_lvl(&ctx_new, secattr);
  2342. if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
  2343. if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
  2344. secattr->attr.mls.cat) != 0)
  2345. goto netlbl_secattr_to_sid_return;
  2346. ctx_new.range.level[1].cat.highbit =
  2347. ctx_new.range.level[0].cat.highbit;
  2348. ctx_new.range.level[1].cat.node =
  2349. ctx_new.range.level[0].cat.node;
  2350. } else {
  2351. ebitmap_init(&ctx_new.range.level[0].cat);
  2352. ebitmap_init(&ctx_new.range.level[1].cat);
  2353. }
  2354. if (mls_context_isvalid(&policydb, &ctx_new) != 1)
  2355. goto netlbl_secattr_to_sid_return_cleanup;
  2356. rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
  2357. if (rc != 0)
  2358. goto netlbl_secattr_to_sid_return_cleanup;
  2359. security_netlbl_cache_add(secattr, *sid);
  2360. ebitmap_destroy(&ctx_new.range.level[0].cat);
  2361. } else {
  2362. *sid = SECSID_NULL;
  2363. rc = 0;
  2364. }
  2365. netlbl_secattr_to_sid_return:
  2366. POLICY_RDUNLOCK;
  2367. return rc;
  2368. netlbl_secattr_to_sid_return_cleanup:
  2369. ebitmap_destroy(&ctx_new.range.level[0].cat);
  2370. goto netlbl_secattr_to_sid_return;
  2371. }
  2372. /**
  2373. * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
  2374. * @sid: the SELinux SID
  2375. * @secattr: the NetLabel packet security attributes
  2376. *
  2377. * Description:
  2378. * Convert the given SELinux SID in @sid into a NetLabel security attribute.
  2379. * Returns zero on success, negative values on failure.
  2380. *
  2381. */
  2382. int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
  2383. {
  2384. int rc = -ENOENT;
  2385. struct context *ctx;
  2386. if (!ss_initialized)
  2387. return 0;
  2388. POLICY_RDLOCK;
  2389. ctx = sidtab_search(&sidtab, sid);
  2390. if (ctx == NULL)
  2391. goto netlbl_sid_to_secattr_failure;
  2392. secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
  2393. GFP_ATOMIC);
  2394. secattr->flags |= NETLBL_SECATTR_DOMAIN;
  2395. mls_export_netlbl_lvl(ctx, secattr);
  2396. rc = mls_export_netlbl_cat(ctx, secattr);
  2397. if (rc != 0)
  2398. goto netlbl_sid_to_secattr_failure;
  2399. POLICY_RDUNLOCK;
  2400. return 0;
  2401. netlbl_sid_to_secattr_failure:
  2402. POLICY_RDUNLOCK;
  2403. return rc;
  2404. }
  2405. #endif /* CONFIG_NETLABEL */