OpenCores
URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [security/] [selinux/] [ss/] [services.c] - Blame information for rev 67

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 62 marcus.erl
/*
2
 * Implementation of the security services.
3
 *
4
 * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
5
 *           James Morris <jmorris@redhat.com>
6
 *
7
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8
 *
9
 *      Support for enhanced MLS infrastructure.
10
 *      Support for context based audit filters.
11
 *
12
 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13
 *
14
 *      Added conditional policy language extensions
15
 *
16
 * Updated: Hewlett-Packard <paul.moore@hp.com>
17
 *
18
 *      Added support for NetLabel
19
 *
20
 * Updated: Chad Sellers <csellers@tresys.com>
21
 *
22
 *  Added validation of kernel classes and permissions
23
 *
24
 * Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
25
 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
26
 * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
27
 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
28
 *      This program is free software; you can redistribute it and/or modify
29
 *      it under the terms of the GNU General Public License as published by
30
 *      the Free Software Foundation, version 2.
31
 */
32
#include <linux/kernel.h>
33
#include <linux/slab.h>
34
#include <linux/string.h>
35
#include <linux/spinlock.h>
36
#include <linux/rcupdate.h>
37
#include <linux/errno.h>
38
#include <linux/in.h>
39
#include <linux/sched.h>
40
#include <linux/audit.h>
41
#include <linux/mutex.h>
42
#include <net/netlabel.h>
43
 
44
#include "flask.h"
45
#include "avc.h"
46
#include "avc_ss.h"
47
#include "security.h"
48
#include "context.h"
49
#include "policydb.h"
50
#include "sidtab.h"
51
#include "services.h"
52
#include "conditional.h"
53
#include "mls.h"
54
#include "objsec.h"
55
#include "netlabel.h"
56
#include "xfrm.h"
57
#include "ebitmap.h"
58
 
59
extern void selnl_notify_policyload(u32 seqno);
60
unsigned int policydb_loaded_version;
61
 
62
/*
63
 * This is declared in avc.c
64
 */
65
extern const struct selinux_class_perm selinux_class_perm;
66
 
67
static DEFINE_RWLOCK(policy_rwlock);
68
#define POLICY_RDLOCK read_lock(&policy_rwlock)
69
#define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
70
#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
71
#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
72
 
73
static DEFINE_MUTEX(load_mutex);
74
#define LOAD_LOCK mutex_lock(&load_mutex)
75
#define LOAD_UNLOCK mutex_unlock(&load_mutex)
76
 
77
static struct sidtab sidtab;
78
struct policydb policydb;
79
int ss_initialized = 0;
80
 
81
/*
82
 * The largest sequence number that has been used when
83
 * providing an access decision to the access vector cache.
84
 * The sequence number only changes when a policy change
85
 * occurs.
86
 */
87
static u32 latest_granting = 0;
88
 
89
/* Forward declaration. */
90
static int context_struct_to_string(struct context *context, char **scontext,
91
                                    u32 *scontext_len);
92
 
93
/*
94
 * Return the boolean value of a constraint expression
95
 * when it is applied to the specified source and target
96
 * security contexts.
97
 *
98
 * xcontext is a special beast...  It is used by the validatetrans rules
99
 * only.  For these rules, scontext is the context before the transition,
100
 * tcontext is the context after the transition, and xcontext is the context
101
 * of the process performing the transition.  All other callers of
102
 * constraint_expr_eval should pass in NULL for xcontext.
103
 */
104
static int constraint_expr_eval(struct context *scontext,
105
                                struct context *tcontext,
106
                                struct context *xcontext,
107
                                struct constraint_expr *cexpr)
108
{
109
        u32 val1, val2;
110
        struct context *c;
111
        struct role_datum *r1, *r2;
112
        struct mls_level *l1, *l2;
113
        struct constraint_expr *e;
114
        int s[CEXPR_MAXDEPTH];
115
        int sp = -1;
116
 
117
        for (e = cexpr; e; e = e->next) {
118
                switch (e->expr_type) {
119
                case CEXPR_NOT:
120
                        BUG_ON(sp < 0);
121
                        s[sp] = !s[sp];
122
                        break;
123
                case CEXPR_AND:
124
                        BUG_ON(sp < 1);
125
                        sp--;
126
                        s[sp] &= s[sp+1];
127
                        break;
128
                case CEXPR_OR:
129
                        BUG_ON(sp < 1);
130
                        sp--;
131
                        s[sp] |= s[sp+1];
132
                        break;
133
                case CEXPR_ATTR:
134
                        if (sp == (CEXPR_MAXDEPTH-1))
135
                                return 0;
136
                        switch (e->attr) {
137
                        case CEXPR_USER:
138
                                val1 = scontext->user;
139
                                val2 = tcontext->user;
140
                                break;
141
                        case CEXPR_TYPE:
142
                                val1 = scontext->type;
143
                                val2 = tcontext->type;
144
                                break;
145
                        case CEXPR_ROLE:
146
                                val1 = scontext->role;
147
                                val2 = tcontext->role;
148
                                r1 = policydb.role_val_to_struct[val1 - 1];
149
                                r2 = policydb.role_val_to_struct[val2 - 1];
150
                                switch (e->op) {
151
                                case CEXPR_DOM:
152
                                        s[++sp] = ebitmap_get_bit(&r1->dominates,
153
                                                                  val2 - 1);
154
                                        continue;
155
                                case CEXPR_DOMBY:
156
                                        s[++sp] = ebitmap_get_bit(&r2->dominates,
157
                                                                  val1 - 1);
158
                                        continue;
159
                                case CEXPR_INCOMP:
160
                                        s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
161
                                                                     val2 - 1) &&
162
                                                    !ebitmap_get_bit(&r2->dominates,
163
                                                                     val1 - 1) );
164
                                        continue;
165
                                default:
166
                                        break;
167
                                }
168
                                break;
169
                        case CEXPR_L1L2:
170
                                l1 = &(scontext->range.level[0]);
171
                                l2 = &(tcontext->range.level[0]);
172
                                goto mls_ops;
173
                        case CEXPR_L1H2:
174
                                l1 = &(scontext->range.level[0]);
175
                                l2 = &(tcontext->range.level[1]);
176
                                goto mls_ops;
177
                        case CEXPR_H1L2:
178
                                l1 = &(scontext->range.level[1]);
179
                                l2 = &(tcontext->range.level[0]);
180
                                goto mls_ops;
181
                        case CEXPR_H1H2:
182
                                l1 = &(scontext->range.level[1]);
183
                                l2 = &(tcontext->range.level[1]);
184
                                goto mls_ops;
185
                        case CEXPR_L1H1:
186
                                l1 = &(scontext->range.level[0]);
187
                                l2 = &(scontext->range.level[1]);
188
                                goto mls_ops;
189
                        case CEXPR_L2H2:
190
                                l1 = &(tcontext->range.level[0]);
191
                                l2 = &(tcontext->range.level[1]);
192
                                goto mls_ops;
193
mls_ops:
194
                        switch (e->op) {
195
                        case CEXPR_EQ:
196
                                s[++sp] = mls_level_eq(l1, l2);
197
                                continue;
198
                        case CEXPR_NEQ:
199
                                s[++sp] = !mls_level_eq(l1, l2);
200
                                continue;
201
                        case CEXPR_DOM:
202
                                s[++sp] = mls_level_dom(l1, l2);
203
                                continue;
204
                        case CEXPR_DOMBY:
205
                                s[++sp] = mls_level_dom(l2, l1);
206
                                continue;
207
                        case CEXPR_INCOMP:
208
                                s[++sp] = mls_level_incomp(l2, l1);
209
                                continue;
210
                        default:
211
                                BUG();
212
                                return 0;
213
                        }
214
                        break;
215
                        default:
216
                                BUG();
217
                                return 0;
218
                        }
219
 
220
                        switch (e->op) {
221
                        case CEXPR_EQ:
222
                                s[++sp] = (val1 == val2);
223
                                break;
224
                        case CEXPR_NEQ:
225
                                s[++sp] = (val1 != val2);
226
                                break;
227
                        default:
228
                                BUG();
229
                                return 0;
230
                        }
231
                        break;
232
                case CEXPR_NAMES:
233
                        if (sp == (CEXPR_MAXDEPTH-1))
234
                                return 0;
235
                        c = scontext;
236
                        if (e->attr & CEXPR_TARGET)
237
                                c = tcontext;
238
                        else if (e->attr & CEXPR_XTARGET) {
239
                                c = xcontext;
240
                                if (!c) {
241
                                        BUG();
242
                                        return 0;
243
                                }
244
                        }
245
                        if (e->attr & CEXPR_USER)
246
                                val1 = c->user;
247
                        else if (e->attr & CEXPR_ROLE)
248
                                val1 = c->role;
249
                        else if (e->attr & CEXPR_TYPE)
250
                                val1 = c->type;
251
                        else {
252
                                BUG();
253
                                return 0;
254
                        }
255
 
256
                        switch (e->op) {
257
                        case CEXPR_EQ:
258
                                s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
259
                                break;
260
                        case CEXPR_NEQ:
261
                                s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
262
                                break;
263
                        default:
264
                                BUG();
265
                                return 0;
266
                        }
267
                        break;
268
                default:
269
                        BUG();
270
                        return 0;
271
                }
272
        }
273
 
274
        BUG_ON(sp != 0);
275
        return s[0];
276
}
277
 
278
/*
279
 * Compute access vectors based on a context structure pair for
280
 * the permissions in a particular class.
281
 */
282
static int context_struct_compute_av(struct context *scontext,
283
                                     struct context *tcontext,
284
                                     u16 tclass,
285
                                     u32 requested,
286
                                     struct av_decision *avd)
287
{
288
        struct constraint_node *constraint;
289
        struct role_allow *ra;
290
        struct avtab_key avkey;
291
        struct avtab_node *node;
292
        struct class_datum *tclass_datum;
293
        struct ebitmap *sattr, *tattr;
294
        struct ebitmap_node *snode, *tnode;
295
        const struct selinux_class_perm *kdefs = &selinux_class_perm;
296
        unsigned int i, j;
297
 
298
        /*
299
         * Remap extended Netlink classes for old policy versions.
300
         * Do this here rather than socket_type_to_security_class()
301
         * in case a newer policy version is loaded, allowing sockets
302
         * to remain in the correct class.
303
         */
304
        if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
305
                if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
306
                    tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
307
                        tclass = SECCLASS_NETLINK_SOCKET;
308
 
309
        /*
310
         * Initialize the access vectors to the default values.
311
         */
312
        avd->allowed = 0;
313
        avd->decided = 0xffffffff;
314
        avd->auditallow = 0;
315
        avd->auditdeny = 0xffffffff;
316
        avd->seqno = latest_granting;
317
 
318
        /*
319
         * Check for all the invalid cases.
320
         * - tclass 0
321
         * - tclass > policy and > kernel
322
         * - tclass > policy but is a userspace class
323
         * - tclass > policy but we do not allow unknowns
324
         */
325
        if (unlikely(!tclass))
326
                goto inval_class;
327
        if (unlikely(tclass > policydb.p_classes.nprim))
328
                if (tclass > kdefs->cts_len ||
329
                    !kdefs->class_to_string[tclass - 1] ||
330
                    !policydb.allow_unknown)
331
                        goto inval_class;
332
 
333
        /*
334
         * Kernel class and we allow unknown so pad the allow decision
335
         * the pad will be all 1 for unknown classes.
336
         */
337
        if (tclass <= kdefs->cts_len && policydb.allow_unknown)
338
                avd->allowed = policydb.undefined_perms[tclass - 1];
339
 
340
        /*
341
         * Not in policy. Since decision is completed (all 1 or all 0) return.
342
         */
343
        if (unlikely(tclass > policydb.p_classes.nprim))
344
                return 0;
345
 
346
        tclass_datum = policydb.class_val_to_struct[tclass - 1];
347
 
348
        /*
349
         * If a specific type enforcement rule was defined for
350
         * this permission check, then use it.
351
         */
352
        avkey.target_class = tclass;
353
        avkey.specified = AVTAB_AV;
354
        sattr = &policydb.type_attr_map[scontext->type - 1];
355
        tattr = &policydb.type_attr_map[tcontext->type - 1];
356
        ebitmap_for_each_positive_bit(sattr, snode, i) {
357
                ebitmap_for_each_positive_bit(tattr, tnode, j) {
358
                        avkey.source_type = i + 1;
359
                        avkey.target_type = j + 1;
360
                        for (node = avtab_search_node(&policydb.te_avtab, &avkey);
361
                             node != NULL;
362
                             node = avtab_search_node_next(node, avkey.specified)) {
363
                                if (node->key.specified == AVTAB_ALLOWED)
364
                                        avd->allowed |= node->datum.data;
365
                                else if (node->key.specified == AVTAB_AUDITALLOW)
366
                                        avd->auditallow |= node->datum.data;
367
                                else if (node->key.specified == AVTAB_AUDITDENY)
368
                                        avd->auditdeny &= node->datum.data;
369
                        }
370
 
371
                        /* Check conditional av table for additional permissions */
372
                        cond_compute_av(&policydb.te_cond_avtab, &avkey, avd);
373
 
374
                }
375
        }
376
 
377
        /*
378
         * Remove any permissions prohibited by a constraint (this includes
379
         * the MLS policy).
380
         */
381
        constraint = tclass_datum->constraints;
382
        while (constraint) {
383
                if ((constraint->permissions & (avd->allowed)) &&
384
                    !constraint_expr_eval(scontext, tcontext, NULL,
385
                                          constraint->expr)) {
386
                        avd->allowed = (avd->allowed) & ~(constraint->permissions);
387
                }
388
                constraint = constraint->next;
389
        }
390
 
391
        /*
392
         * If checking process transition permission and the
393
         * role is changing, then check the (current_role, new_role)
394
         * pair.
395
         */
396
        if (tclass == SECCLASS_PROCESS &&
397
            (avd->allowed & (PROCESS__TRANSITION | PROCESS__DYNTRANSITION)) &&
398
            scontext->role != tcontext->role) {
399
                for (ra = policydb.role_allow; ra; ra = ra->next) {
400
                        if (scontext->role == ra->role &&
401
                            tcontext->role == ra->new_role)
402
                                break;
403
                }
404
                if (!ra)
405
                        avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
406
                                                        PROCESS__DYNTRANSITION);
407
        }
408
 
409
        return 0;
410
 
411
inval_class:
412
        printk(KERN_ERR "%s:  unrecognized class %d\n", __FUNCTION__, tclass);
413
        return -EINVAL;
414
}
415
 
416
static int security_validtrans_handle_fail(struct context *ocontext,
417
                                           struct context *ncontext,
418
                                           struct context *tcontext,
419
                                           u16 tclass)
420
{
421
        char *o = NULL, *n = NULL, *t = NULL;
422
        u32 olen, nlen, tlen;
423
 
424
        if (context_struct_to_string(ocontext, &o, &olen) < 0)
425
                goto out;
426
        if (context_struct_to_string(ncontext, &n, &nlen) < 0)
427
                goto out;
428
        if (context_struct_to_string(tcontext, &t, &tlen) < 0)
429
                goto out;
430
        audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
431
                  "security_validate_transition:  denied for"
432
                  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
433
                  o, n, t, policydb.p_class_val_to_name[tclass-1]);
434
out:
435
        kfree(o);
436
        kfree(n);
437
        kfree(t);
438
 
439
        if (!selinux_enforcing)
440
                return 0;
441
        return -EPERM;
442
}
443
 
444
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
445
                                 u16 tclass)
446
{
447
        struct context *ocontext;
448
        struct context *ncontext;
449
        struct context *tcontext;
450
        struct class_datum *tclass_datum;
451
        struct constraint_node *constraint;
452
        int rc = 0;
453
 
454
        if (!ss_initialized)
455
                return 0;
456
 
457
        POLICY_RDLOCK;
458
 
459
        /*
460
         * Remap extended Netlink classes for old policy versions.
461
         * Do this here rather than socket_type_to_security_class()
462
         * in case a newer policy version is loaded, allowing sockets
463
         * to remain in the correct class.
464
         */
465
        if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
466
                if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
467
                    tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
468
                        tclass = SECCLASS_NETLINK_SOCKET;
469
 
470
        if (!tclass || tclass > policydb.p_classes.nprim) {
471
                printk(KERN_ERR "security_validate_transition:  "
472
                       "unrecognized class %d\n", tclass);
473
                rc = -EINVAL;
474
                goto out;
475
        }
476
        tclass_datum = policydb.class_val_to_struct[tclass - 1];
477
 
478
        ocontext = sidtab_search(&sidtab, oldsid);
479
        if (!ocontext) {
480
                printk(KERN_ERR "security_validate_transition: "
481
                       " unrecognized SID %d\n", oldsid);
482
                rc = -EINVAL;
483
                goto out;
484
        }
485
 
486
        ncontext = sidtab_search(&sidtab, newsid);
487
        if (!ncontext) {
488
                printk(KERN_ERR "security_validate_transition: "
489
                       " unrecognized SID %d\n", newsid);
490
                rc = -EINVAL;
491
                goto out;
492
        }
493
 
494
        tcontext = sidtab_search(&sidtab, tasksid);
495
        if (!tcontext) {
496
                printk(KERN_ERR "security_validate_transition: "
497
                       " unrecognized SID %d\n", tasksid);
498
                rc = -EINVAL;
499
                goto out;
500
        }
501
 
502
        constraint = tclass_datum->validatetrans;
503
        while (constraint) {
504
                if (!constraint_expr_eval(ocontext, ncontext, tcontext,
505
                                          constraint->expr)) {
506
                        rc = security_validtrans_handle_fail(ocontext, ncontext,
507
                                                             tcontext, tclass);
508
                        goto out;
509
                }
510
                constraint = constraint->next;
511
        }
512
 
513
out:
514
        POLICY_RDUNLOCK;
515
        return rc;
516
}
517
 
518
/**
519
 * security_compute_av - Compute access vector decisions.
520
 * @ssid: source security identifier
521
 * @tsid: target security identifier
522
 * @tclass: target security class
523
 * @requested: requested permissions
524
 * @avd: access vector decisions
525
 *
526
 * Compute a set of access vector decisions based on the
527
 * SID pair (@ssid, @tsid) for the permissions in @tclass.
528
 * Return -%EINVAL if any of the parameters are invalid or %0
529
 * if the access vector decisions were computed successfully.
530
 */
531
int security_compute_av(u32 ssid,
532
                        u32 tsid,
533
                        u16 tclass,
534
                        u32 requested,
535
                        struct av_decision *avd)
536
{
537
        struct context *scontext = NULL, *tcontext = NULL;
538
        int rc = 0;
539
 
540
        if (!ss_initialized) {
541
                avd->allowed = 0xffffffff;
542
                avd->decided = 0xffffffff;
543
                avd->auditallow = 0;
544
                avd->auditdeny = 0xffffffff;
545
                avd->seqno = latest_granting;
546
                return 0;
547
        }
548
 
549
        POLICY_RDLOCK;
550
 
551
        scontext = sidtab_search(&sidtab, ssid);
552
        if (!scontext) {
553
                printk(KERN_ERR "security_compute_av:  unrecognized SID %d\n",
554
                       ssid);
555
                rc = -EINVAL;
556
                goto out;
557
        }
558
        tcontext = sidtab_search(&sidtab, tsid);
559
        if (!tcontext) {
560
                printk(KERN_ERR "security_compute_av:  unrecognized SID %d\n",
561
                       tsid);
562
                rc = -EINVAL;
563
                goto out;
564
        }
565
 
566
        rc = context_struct_compute_av(scontext, tcontext, tclass,
567
                                       requested, avd);
568
out:
569
        POLICY_RDUNLOCK;
570
        return rc;
571
}
572
 
573
/*
574
 * Write the security context string representation of
575
 * the context structure `context' into a dynamically
576
 * allocated string of the correct size.  Set `*scontext'
577
 * to point to this string and set `*scontext_len' to
578
 * the length of the string.
579
 */
580
static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
581
{
582
        char *scontextp;
583
 
584
        *scontext = NULL;
585
        *scontext_len = 0;
586
 
587
        /* Compute the size of the context. */
588
        *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
589
        *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
590
        *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
591
        *scontext_len += mls_compute_context_len(context);
592
 
593
        /* Allocate space for the context; caller must free this space. */
594
        scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
595
        if (!scontextp) {
596
                return -ENOMEM;
597
        }
598
        *scontext = scontextp;
599
 
600
        /*
601
         * Copy the user name, role name and type name into the context.
602
         */
603
        sprintf(scontextp, "%s:%s:%s",
604
                policydb.p_user_val_to_name[context->user - 1],
605
                policydb.p_role_val_to_name[context->role - 1],
606
                policydb.p_type_val_to_name[context->type - 1]);
607
        scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
608
                     1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
609
                     1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
610
 
611
        mls_sid_to_context(context, &scontextp);
612
 
613
        *scontextp = 0;
614
 
615
        return 0;
616
}
617
 
618
#include "initial_sid_to_string.h"
619
 
620
const char *security_get_initial_sid_context(u32 sid)
621
{
622
        if (unlikely(sid > SECINITSID_NUM))
623
                return NULL;
624
        return initial_sid_to_string[sid];
625
}
626
 
627
/**
628
 * security_sid_to_context - Obtain a context for a given SID.
629
 * @sid: security identifier, SID
630
 * @scontext: security context
631
 * @scontext_len: length in bytes
632
 *
633
 * Write the string representation of the context associated with @sid
634
 * into a dynamically allocated string of the correct size.  Set @scontext
635
 * to point to this string and set @scontext_len to the length of the string.
636
 */
637
int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
638
{
639
        struct context *context;
640
        int rc = 0;
641
 
642
        *scontext = NULL;
643
        *scontext_len  = 0;
644
 
645
        if (!ss_initialized) {
646
                if (sid <= SECINITSID_NUM) {
647
                        char *scontextp;
648
 
649
                        *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
650
                        scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
651
                        if (!scontextp) {
652
                                rc = -ENOMEM;
653
                                goto out;
654
                        }
655
                        strcpy(scontextp, initial_sid_to_string[sid]);
656
                        *scontext = scontextp;
657
                        goto out;
658
                }
659
                printk(KERN_ERR "security_sid_to_context:  called before initial "
660
                       "load_policy on unknown SID %d\n", sid);
661
                rc = -EINVAL;
662
                goto out;
663
        }
664
        POLICY_RDLOCK;
665
        context = sidtab_search(&sidtab, sid);
666
        if (!context) {
667
                printk(KERN_ERR "security_sid_to_context:  unrecognized SID "
668
                       "%d\n", sid);
669
                rc = -EINVAL;
670
                goto out_unlock;
671
        }
672
        rc = context_struct_to_string(context, scontext, scontext_len);
673
out_unlock:
674
        POLICY_RDUNLOCK;
675
out:
676
        return rc;
677
 
678
}
679
 
680
static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
681
{
682
        char *scontext2;
683
        struct context context;
684
        struct role_datum *role;
685
        struct type_datum *typdatum;
686
        struct user_datum *usrdatum;
687
        char *scontextp, *p, oldc;
688
        int rc = 0;
689
 
690
        if (!ss_initialized) {
691
                int i;
692
 
693
                for (i = 1; i < SECINITSID_NUM; i++) {
694
                        if (!strcmp(initial_sid_to_string[i], scontext)) {
695
                                *sid = i;
696
                                goto out;
697
                        }
698
                }
699
                *sid = SECINITSID_KERNEL;
700
                goto out;
701
        }
702
        *sid = SECSID_NULL;
703
 
704
        /* Copy the string so that we can modify the copy as we parse it.
705
           The string should already by null terminated, but we append a
706
           null suffix to the copy to avoid problems with the existing
707
           attr package, which doesn't view the null terminator as part
708
           of the attribute value. */
709
        scontext2 = kmalloc(scontext_len+1,GFP_KERNEL);
710
        if (!scontext2) {
711
                rc = -ENOMEM;
712
                goto out;
713
        }
714
        memcpy(scontext2, scontext, scontext_len);
715
        scontext2[scontext_len] = 0;
716
 
717
        context_init(&context);
718
        *sid = SECSID_NULL;
719
 
720
        POLICY_RDLOCK;
721
 
722
        /* Parse the security context. */
723
 
724
        rc = -EINVAL;
725
        scontextp = (char *) scontext2;
726
 
727
        /* Extract the user. */
728
        p = scontextp;
729
        while (*p && *p != ':')
730
                p++;
731
 
732
        if (*p == 0)
733
                goto out_unlock;
734
 
735
        *p++ = 0;
736
 
737
        usrdatum = hashtab_search(policydb.p_users.table, scontextp);
738
        if (!usrdatum)
739
                goto out_unlock;
740
 
741
        context.user = usrdatum->value;
742
 
743
        /* Extract role. */
744
        scontextp = p;
745
        while (*p && *p != ':')
746
                p++;
747
 
748
        if (*p == 0)
749
                goto out_unlock;
750
 
751
        *p++ = 0;
752
 
753
        role = hashtab_search(policydb.p_roles.table, scontextp);
754
        if (!role)
755
                goto out_unlock;
756
        context.role = role->value;
757
 
758
        /* Extract type. */
759
        scontextp = p;
760
        while (*p && *p != ':')
761
                p++;
762
        oldc = *p;
763
        *p++ = 0;
764
 
765
        typdatum = hashtab_search(policydb.p_types.table, scontextp);
766
        if (!typdatum)
767
                goto out_unlock;
768
 
769
        context.type = typdatum->value;
770
 
771
        rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
772
        if (rc)
773
                goto out_unlock;
774
 
775
        if ((p - scontext2) < scontext_len) {
776
                rc = -EINVAL;
777
                goto out_unlock;
778
        }
779
 
780
        /* Check the validity of the new context. */
781
        if (!policydb_context_isvalid(&policydb, &context)) {
782
                rc = -EINVAL;
783
                goto out_unlock;
784
        }
785
        /* Obtain the new sid. */
786
        rc = sidtab_context_to_sid(&sidtab, &context, sid);
787
out_unlock:
788
        POLICY_RDUNLOCK;
789
        context_destroy(&context);
790
        kfree(scontext2);
791
out:
792
        return rc;
793
}
794
 
795
/**
796
 * security_context_to_sid - Obtain a SID for a given security context.
797
 * @scontext: security context
798
 * @scontext_len: length in bytes
799
 * @sid: security identifier, SID
800
 *
801
 * Obtains a SID associated with the security context that
802
 * has the string representation specified by @scontext.
803
 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
804
 * memory is available, or 0 on success.
805
 */
806
int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
807
{
808
        return security_context_to_sid_core(scontext, scontext_len,
809
                                            sid, SECSID_NULL);
810
}
811
 
812
/**
813
 * security_context_to_sid_default - Obtain a SID for a given security context,
814
 * falling back to specified default if needed.
815
 *
816
 * @scontext: security context
817
 * @scontext_len: length in bytes
818
 * @sid: security identifier, SID
819
 * @def_sid: default SID to assign on error
820
 *
821
 * Obtains a SID associated with the security context that
822
 * has the string representation specified by @scontext.
823
 * The default SID is passed to the MLS layer to be used to allow
824
 * kernel labeling of the MLS field if the MLS field is not present
825
 * (for upgrading to MLS without full relabel).
826
 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
827
 * memory is available, or 0 on success.
828
 */
829
int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
830
{
831
        return security_context_to_sid_core(scontext, scontext_len,
832
                                            sid, def_sid);
833
}
834
 
835
static int compute_sid_handle_invalid_context(
836
        struct context *scontext,
837
        struct context *tcontext,
838
        u16 tclass,
839
        struct context *newcontext)
840
{
841
        char *s = NULL, *t = NULL, *n = NULL;
842
        u32 slen, tlen, nlen;
843
 
844
        if (context_struct_to_string(scontext, &s, &slen) < 0)
845
                goto out;
846
        if (context_struct_to_string(tcontext, &t, &tlen) < 0)
847
                goto out;
848
        if (context_struct_to_string(newcontext, &n, &nlen) < 0)
849
                goto out;
850
        audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
851
                  "security_compute_sid:  invalid context %s"
852
                  " for scontext=%s"
853
                  " tcontext=%s"
854
                  " tclass=%s",
855
                  n, s, t, policydb.p_class_val_to_name[tclass-1]);
856
out:
857
        kfree(s);
858
        kfree(t);
859
        kfree(n);
860
        if (!selinux_enforcing)
861
                return 0;
862
        return -EACCES;
863
}
864
 
865
static int security_compute_sid(u32 ssid,
866
                                u32 tsid,
867
                                u16 tclass,
868
                                u32 specified,
869
                                u32 *out_sid)
870
{
871
        struct context *scontext = NULL, *tcontext = NULL, newcontext;
872
        struct role_trans *roletr = NULL;
873
        struct avtab_key avkey;
874
        struct avtab_datum *avdatum;
875
        struct avtab_node *node;
876
        int rc = 0;
877
 
878
        if (!ss_initialized) {
879
                switch (tclass) {
880
                case SECCLASS_PROCESS:
881
                        *out_sid = ssid;
882
                        break;
883
                default:
884
                        *out_sid = tsid;
885
                        break;
886
                }
887
                goto out;
888
        }
889
 
890
        context_init(&newcontext);
891
 
892
        POLICY_RDLOCK;
893
 
894
        scontext = sidtab_search(&sidtab, ssid);
895
        if (!scontext) {
896
                printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",
897
                       ssid);
898
                rc = -EINVAL;
899
                goto out_unlock;
900
        }
901
        tcontext = sidtab_search(&sidtab, tsid);
902
        if (!tcontext) {
903
                printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",
904
                       tsid);
905
                rc = -EINVAL;
906
                goto out_unlock;
907
        }
908
 
909
        /* Set the user identity. */
910
        switch (specified) {
911
        case AVTAB_TRANSITION:
912
        case AVTAB_CHANGE:
913
                /* Use the process user identity. */
914
                newcontext.user = scontext->user;
915
                break;
916
        case AVTAB_MEMBER:
917
                /* Use the related object owner. */
918
                newcontext.user = tcontext->user;
919
                break;
920
        }
921
 
922
        /* Set the role and type to default values. */
923
        switch (tclass) {
924
        case SECCLASS_PROCESS:
925
                /* Use the current role and type of process. */
926
                newcontext.role = scontext->role;
927
                newcontext.type = scontext->type;
928
                break;
929
        default:
930
                /* Use the well-defined object role. */
931
                newcontext.role = OBJECT_R_VAL;
932
                /* Use the type of the related object. */
933
                newcontext.type = tcontext->type;
934
        }
935
 
936
        /* Look for a type transition/member/change rule. */
937
        avkey.source_type = scontext->type;
938
        avkey.target_type = tcontext->type;
939
        avkey.target_class = tclass;
940
        avkey.specified = specified;
941
        avdatum = avtab_search(&policydb.te_avtab, &avkey);
942
 
943
        /* If no permanent rule, also check for enabled conditional rules */
944
        if(!avdatum) {
945
                node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
946
                for (; node != NULL; node = avtab_search_node_next(node, specified)) {
947
                        if (node->key.specified & AVTAB_ENABLED) {
948
                                avdatum = &node->datum;
949
                                break;
950
                        }
951
                }
952
        }
953
 
954
        if (avdatum) {
955
                /* Use the type from the type transition/member/change rule. */
956
                newcontext.type = avdatum->data;
957
        }
958
 
959
        /* Check for class-specific changes. */
960
        switch (tclass) {
961
        case SECCLASS_PROCESS:
962
                if (specified & AVTAB_TRANSITION) {
963
                        /* Look for a role transition rule. */
964
                        for (roletr = policydb.role_tr; roletr;
965
                             roletr = roletr->next) {
966
                                if (roletr->role == scontext->role &&
967
                                    roletr->type == tcontext->type) {
968
                                        /* Use the role transition rule. */
969
                                        newcontext.role = roletr->new_role;
970
                                        break;
971
                                }
972
                        }
973
                }
974
                break;
975
        default:
976
                break;
977
        }
978
 
979
        /* Set the MLS attributes.
980
           This is done last because it may allocate memory. */
981
        rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);
982
        if (rc)
983
                goto out_unlock;
984
 
985
        /* Check the validity of the context. */
986
        if (!policydb_context_isvalid(&policydb, &newcontext)) {
987
                rc = compute_sid_handle_invalid_context(scontext,
988
                                                        tcontext,
989
                                                        tclass,
990
                                                        &newcontext);
991
                if (rc)
992
                        goto out_unlock;
993
        }
994
        /* Obtain the sid for the context. */
995
        rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
996
out_unlock:
997
        POLICY_RDUNLOCK;
998
        context_destroy(&newcontext);
999
out:
1000
        return rc;
1001
}
1002
 
1003
/**
1004
 * security_transition_sid - Compute the SID for a new subject/object.
1005
 * @ssid: source security identifier
1006
 * @tsid: target security identifier
1007
 * @tclass: target security class
1008
 * @out_sid: security identifier for new subject/object
1009
 *
1010
 * Compute a SID to use for labeling a new subject or object in the
1011
 * class @tclass based on a SID pair (@ssid, @tsid).
1012
 * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1013
 * if insufficient memory is available, or %0 if the new SID was
1014
 * computed successfully.
1015
 */
1016
int security_transition_sid(u32 ssid,
1017
                            u32 tsid,
1018
                            u16 tclass,
1019
                            u32 *out_sid)
1020
{
1021
        return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
1022
}
1023
 
1024
/**
1025
 * security_member_sid - Compute the SID for member selection.
1026
 * @ssid: source security identifier
1027
 * @tsid: target security identifier
1028
 * @tclass: target security class
1029
 * @out_sid: security identifier for selected member
1030
 *
1031
 * Compute a SID to use when selecting a member of a polyinstantiated
1032
 * object of class @tclass based on a SID pair (@ssid, @tsid).
1033
 * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1034
 * if insufficient memory is available, or %0 if the SID was
1035
 * computed successfully.
1036
 */
1037
int security_member_sid(u32 ssid,
1038
                        u32 tsid,
1039
                        u16 tclass,
1040
                        u32 *out_sid)
1041
{
1042
        return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
1043
}
1044
 
1045
/**
1046
 * security_change_sid - Compute the SID for object relabeling.
1047
 * @ssid: source security identifier
1048
 * @tsid: target security identifier
1049
 * @tclass: target security class
1050
 * @out_sid: security identifier for selected member
1051
 *
1052
 * Compute a SID to use for relabeling an object of class @tclass
1053
 * based on a SID pair (@ssid, @tsid).
1054
 * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1055
 * if insufficient memory is available, or %0 if the SID was
1056
 * computed successfully.
1057
 */
1058
int security_change_sid(u32 ssid,
1059
                        u32 tsid,
1060
                        u16 tclass,
1061
                        u32 *out_sid)
1062
{
1063
        return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
1064
}
1065
 
1066
/*
1067
 * Verify that each kernel class that is defined in the
1068
 * policy is correct
1069
 */
1070
static int validate_classes(struct policydb *p)
1071
{
1072
        int i, j;
1073
        struct class_datum *cladatum;
1074
        struct perm_datum *perdatum;
1075
        u32 nprim, tmp, common_pts_len, perm_val, pol_val;
1076
        u16 class_val;
1077
        const struct selinux_class_perm *kdefs = &selinux_class_perm;
1078
        const char *def_class, *def_perm, *pol_class;
1079
        struct symtab *perms;
1080
 
1081
        if (p->allow_unknown) {
1082
                u32 num_classes = kdefs->cts_len;
1083
                p->undefined_perms = kcalloc(num_classes, sizeof(u32), GFP_KERNEL);
1084
                if (!p->undefined_perms)
1085
                        return -ENOMEM;
1086
        }
1087
 
1088
        for (i = 1; i < kdefs->cts_len; i++) {
1089
                def_class = kdefs->class_to_string[i];
1090
                if (!def_class)
1091
                        continue;
1092
                if (i > p->p_classes.nprim) {
1093
                        printk(KERN_INFO
1094
                               "security:  class %s not defined in policy\n",
1095
                               def_class);
1096
                        if (p->reject_unknown)
1097
                                return -EINVAL;
1098
                        if (p->allow_unknown)
1099
                                p->undefined_perms[i-1] = ~0U;
1100
                        continue;
1101
                }
1102
                pol_class = p->p_class_val_to_name[i-1];
1103
                if (strcmp(pol_class, def_class)) {
1104
                        printk(KERN_ERR
1105
                               "security:  class %d is incorrect, found %s but should be %s\n",
1106
                               i, pol_class, def_class);
1107
                        return -EINVAL;
1108
                }
1109
        }
1110
        for (i = 0; i < kdefs->av_pts_len; i++) {
1111
                class_val = kdefs->av_perm_to_string[i].tclass;
1112
                perm_val = kdefs->av_perm_to_string[i].value;
1113
                def_perm = kdefs->av_perm_to_string[i].name;
1114
                if (class_val > p->p_classes.nprim)
1115
                        continue;
1116
                pol_class = p->p_class_val_to_name[class_val-1];
1117
                cladatum = hashtab_search(p->p_classes.table, pol_class);
1118
                BUG_ON(!cladatum);
1119
                perms = &cladatum->permissions;
1120
                nprim = 1 << (perms->nprim - 1);
1121
                if (perm_val > nprim) {
1122
                        printk(KERN_INFO
1123
                               "security:  permission %s in class %s not defined in policy\n",
1124
                               def_perm, pol_class);
1125
                        if (p->reject_unknown)
1126
                                return -EINVAL;
1127
                        if (p->allow_unknown)
1128
                                p->undefined_perms[class_val-1] |= perm_val;
1129
                        continue;
1130
                }
1131
                perdatum = hashtab_search(perms->table, def_perm);
1132
                if (perdatum == NULL) {
1133
                        printk(KERN_ERR
1134
                               "security:  permission %s in class %s not found in policy, bad policy\n",
1135
                               def_perm, pol_class);
1136
                        return -EINVAL;
1137
                }
1138
                pol_val = 1 << (perdatum->value - 1);
1139
                if (pol_val != perm_val) {
1140
                        printk(KERN_ERR
1141
                               "security:  permission %s in class %s has incorrect value\n",
1142
                               def_perm, pol_class);
1143
                        return -EINVAL;
1144
                }
1145
        }
1146
        for (i = 0; i < kdefs->av_inherit_len; i++) {
1147
                class_val = kdefs->av_inherit[i].tclass;
1148
                if (class_val > p->p_classes.nprim)
1149
                        continue;
1150
                pol_class = p->p_class_val_to_name[class_val-1];
1151
                cladatum = hashtab_search(p->p_classes.table, pol_class);
1152
                BUG_ON(!cladatum);
1153
                if (!cladatum->comdatum) {
1154
                        printk(KERN_ERR
1155
                               "security:  class %s should have an inherits clause but does not\n",
1156
                               pol_class);
1157
                        return -EINVAL;
1158
                }
1159
                tmp = kdefs->av_inherit[i].common_base;
1160
                common_pts_len = 0;
1161
                while (!(tmp & 0x01)) {
1162
                        common_pts_len++;
1163
                        tmp >>= 1;
1164
                }
1165
                perms = &cladatum->comdatum->permissions;
1166
                for (j = 0; j < common_pts_len; j++) {
1167
                        def_perm = kdefs->av_inherit[i].common_pts[j];
1168
                        if (j >= perms->nprim) {
1169
                                printk(KERN_INFO
1170
                                       "security:  permission %s in class %s not defined in policy\n",
1171
                                       def_perm, pol_class);
1172
                                if (p->reject_unknown)
1173
                                        return -EINVAL;
1174
                                if (p->allow_unknown)
1175
                                        p->undefined_perms[class_val-1] |= (1 << j);
1176
                                continue;
1177
                        }
1178
                        perdatum = hashtab_search(perms->table, def_perm);
1179
                        if (perdatum == NULL) {
1180
                                printk(KERN_ERR
1181
                                       "security:  permission %s in class %s not found in policy, bad policy\n",
1182
                                       def_perm, pol_class);
1183
                                return -EINVAL;
1184
                        }
1185
                        if (perdatum->value != j + 1) {
1186
                                printk(KERN_ERR
1187
                                       "security:  permission %s in class %s has incorrect value\n",
1188
                                       def_perm, pol_class);
1189
                                return -EINVAL;
1190
                        }
1191
                }
1192
        }
1193
        return 0;
1194
}
1195
 
1196
/* Clone the SID into the new SID table. */
1197
static int clone_sid(u32 sid,
1198
                     struct context *context,
1199
                     void *arg)
1200
{
1201
        struct sidtab *s = arg;
1202
 
1203
        return sidtab_insert(s, sid, context);
1204
}
1205
 
1206
static inline int convert_context_handle_invalid_context(struct context *context)
1207
{
1208
        int rc = 0;
1209
 
1210
        if (selinux_enforcing) {
1211
                rc = -EINVAL;
1212
        } else {
1213
                char *s;
1214
                u32 len;
1215
 
1216
                context_struct_to_string(context, &s, &len);
1217
                printk(KERN_ERR "security:  context %s is invalid\n", s);
1218
                kfree(s);
1219
        }
1220
        return rc;
1221
}
1222
 
1223
struct convert_context_args {
1224
        struct policydb *oldp;
1225
        struct policydb *newp;
1226
};
1227
 
1228
/*
1229
 * Convert the values in the security context
1230
 * structure `c' from the values specified
1231
 * in the policy `p->oldp' to the values specified
1232
 * in the policy `p->newp'.  Verify that the
1233
 * context is valid under the new policy.
1234
 */
1235
static int convert_context(u32 key,
1236
                           struct context *c,
1237
                           void *p)
1238
{
1239
        struct convert_context_args *args;
1240
        struct context oldc;
1241
        struct role_datum *role;
1242
        struct type_datum *typdatum;
1243
        struct user_datum *usrdatum;
1244
        char *s;
1245
        u32 len;
1246
        int rc;
1247
 
1248
        args = p;
1249
 
1250
        rc = context_cpy(&oldc, c);
1251
        if (rc)
1252
                goto out;
1253
 
1254
        rc = -EINVAL;
1255
 
1256
        /* Convert the user. */
1257
        usrdatum = hashtab_search(args->newp->p_users.table,
1258
                                  args->oldp->p_user_val_to_name[c->user - 1]);
1259
        if (!usrdatum) {
1260
                goto bad;
1261
        }
1262
        c->user = usrdatum->value;
1263
 
1264
        /* Convert the role. */
1265
        role = hashtab_search(args->newp->p_roles.table,
1266
                              args->oldp->p_role_val_to_name[c->role - 1]);
1267
        if (!role) {
1268
                goto bad;
1269
        }
1270
        c->role = role->value;
1271
 
1272
        /* Convert the type. */
1273
        typdatum = hashtab_search(args->newp->p_types.table,
1274
                                  args->oldp->p_type_val_to_name[c->type - 1]);
1275
        if (!typdatum) {
1276
                goto bad;
1277
        }
1278
        c->type = typdatum->value;
1279
 
1280
        rc = mls_convert_context(args->oldp, args->newp, c);
1281
        if (rc)
1282
                goto bad;
1283
 
1284
        /* Check the validity of the new context. */
1285
        if (!policydb_context_isvalid(args->newp, c)) {
1286
                rc = convert_context_handle_invalid_context(&oldc);
1287
                if (rc)
1288
                        goto bad;
1289
        }
1290
 
1291
        context_destroy(&oldc);
1292
out:
1293
        return rc;
1294
bad:
1295
        context_struct_to_string(&oldc, &s, &len);
1296
        context_destroy(&oldc);
1297
        printk(KERN_ERR "security:  invalidating context %s\n", s);
1298
        kfree(s);
1299
        goto out;
1300
}
1301
 
1302
extern void selinux_complete_init(void);
1303
static int security_preserve_bools(struct policydb *p);
1304
 
1305
/**
1306
 * security_load_policy - Load a security policy configuration.
1307
 * @data: binary policy data
1308
 * @len: length of data in bytes
1309
 *
1310
 * Load a new set of security policy configuration data,
1311
 * validate it and convert the SID table as necessary.
1312
 * This function will flush the access vector cache after
1313
 * loading the new policy.
1314
 */
1315
int security_load_policy(void *data, size_t len)
1316
{
1317
        struct policydb oldpolicydb, newpolicydb;
1318
        struct sidtab oldsidtab, newsidtab;
1319
        struct convert_context_args args;
1320
        u32 seqno;
1321
        int rc = 0;
1322
        struct policy_file file = { data, len }, *fp = &file;
1323
 
1324
        LOAD_LOCK;
1325
 
1326
        if (!ss_initialized) {
1327
                avtab_cache_init();
1328
                if (policydb_read(&policydb, fp)) {
1329
                        LOAD_UNLOCK;
1330
                        avtab_cache_destroy();
1331
                        return -EINVAL;
1332
                }
1333
                if (policydb_load_isids(&policydb, &sidtab)) {
1334
                        LOAD_UNLOCK;
1335
                        policydb_destroy(&policydb);
1336
                        avtab_cache_destroy();
1337
                        return -EINVAL;
1338
                }
1339
                /* Verify that the kernel defined classes are correct. */
1340
                if (validate_classes(&policydb)) {
1341
                        printk(KERN_ERR
1342
                               "security:  the definition of a class is incorrect\n");
1343
                        LOAD_UNLOCK;
1344
                        sidtab_destroy(&sidtab);
1345
                        policydb_destroy(&policydb);
1346
                        avtab_cache_destroy();
1347
                        return -EINVAL;
1348
                }
1349
                policydb_loaded_version = policydb.policyvers;
1350
                ss_initialized = 1;
1351
                seqno = ++latest_granting;
1352
                LOAD_UNLOCK;
1353
                selinux_complete_init();
1354
                avc_ss_reset(seqno);
1355
                selnl_notify_policyload(seqno);
1356
                selinux_netlbl_cache_invalidate();
1357
                selinux_xfrm_notify_policyload();
1358
                return 0;
1359
        }
1360
 
1361
#if 0
1362
        sidtab_hash_eval(&sidtab, "sids");
1363
#endif
1364
 
1365
        if (policydb_read(&newpolicydb, fp)) {
1366
                LOAD_UNLOCK;
1367
                return -EINVAL;
1368
        }
1369
 
1370
        sidtab_init(&newsidtab);
1371
 
1372
        /* Verify that the kernel defined classes are correct. */
1373
        if (validate_classes(&newpolicydb)) {
1374
                printk(KERN_ERR
1375
                       "security:  the definition of a class is incorrect\n");
1376
                rc = -EINVAL;
1377
                goto err;
1378
        }
1379
 
1380
        rc = security_preserve_bools(&newpolicydb);
1381
        if (rc) {
1382
                printk(KERN_ERR "security:  unable to preserve booleans\n");
1383
                goto err;
1384
        }
1385
 
1386
        /* Clone the SID table. */
1387
        sidtab_shutdown(&sidtab);
1388
        if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
1389
                rc = -ENOMEM;
1390
                goto err;
1391
        }
1392
 
1393
        /* Convert the internal representations of contexts
1394
           in the new SID table and remove invalid SIDs. */
1395
        args.oldp = &policydb;
1396
        args.newp = &newpolicydb;
1397
        sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
1398
 
1399
        /* Save the old policydb and SID table to free later. */
1400
        memcpy(&oldpolicydb, &policydb, sizeof policydb);
1401
        sidtab_set(&oldsidtab, &sidtab);
1402
 
1403
        /* Install the new policydb and SID table. */
1404
        POLICY_WRLOCK;
1405
        memcpy(&policydb, &newpolicydb, sizeof policydb);
1406
        sidtab_set(&sidtab, &newsidtab);
1407
        seqno = ++latest_granting;
1408
        policydb_loaded_version = policydb.policyvers;
1409
        POLICY_WRUNLOCK;
1410
        LOAD_UNLOCK;
1411
 
1412
        /* Free the old policydb and SID table. */
1413
        policydb_destroy(&oldpolicydb);
1414
        sidtab_destroy(&oldsidtab);
1415
 
1416
        avc_ss_reset(seqno);
1417
        selnl_notify_policyload(seqno);
1418
        selinux_netlbl_cache_invalidate();
1419
        selinux_xfrm_notify_policyload();
1420
 
1421
        return 0;
1422
 
1423
err:
1424
        LOAD_UNLOCK;
1425
        sidtab_destroy(&newsidtab);
1426
        policydb_destroy(&newpolicydb);
1427
        return rc;
1428
 
1429
}
1430
 
1431
/**
1432
 * security_port_sid - Obtain the SID for a port.
1433
 * @domain: communication domain aka address family
1434
 * @type: socket type
1435
 * @protocol: protocol number
1436
 * @port: port number
1437
 * @out_sid: security identifier
1438
 */
1439
int security_port_sid(u16 domain,
1440
                      u16 type,
1441
                      u8 protocol,
1442
                      u16 port,
1443
                      u32 *out_sid)
1444
{
1445
        struct ocontext *c;
1446
        int rc = 0;
1447
 
1448
        POLICY_RDLOCK;
1449
 
1450
        c = policydb.ocontexts[OCON_PORT];
1451
        while (c) {
1452
                if (c->u.port.protocol == protocol &&
1453
                    c->u.port.low_port <= port &&
1454
                    c->u.port.high_port >= port)
1455
                        break;
1456
                c = c->next;
1457
        }
1458
 
1459
        if (c) {
1460
                if (!c->sid[0]) {
1461
                        rc = sidtab_context_to_sid(&sidtab,
1462
                                                   &c->context[0],
1463
                                                   &c->sid[0]);
1464
                        if (rc)
1465
                                goto out;
1466
                }
1467
                *out_sid = c->sid[0];
1468
        } else {
1469
                *out_sid = SECINITSID_PORT;
1470
        }
1471
 
1472
out:
1473
        POLICY_RDUNLOCK;
1474
        return rc;
1475
}
1476
 
1477
/**
1478
 * security_netif_sid - Obtain the SID for a network interface.
1479
 * @name: interface name
1480
 * @if_sid: interface SID
1481
 * @msg_sid: default SID for received packets
1482
 */
1483
int security_netif_sid(char *name,
1484
                       u32 *if_sid,
1485
                       u32 *msg_sid)
1486
{
1487
        int rc = 0;
1488
        struct ocontext *c;
1489
 
1490
        POLICY_RDLOCK;
1491
 
1492
        c = policydb.ocontexts[OCON_NETIF];
1493
        while (c) {
1494
                if (strcmp(name, c->u.name) == 0)
1495
                        break;
1496
                c = c->next;
1497
        }
1498
 
1499
        if (c) {
1500
                if (!c->sid[0] || !c->sid[1]) {
1501
                        rc = sidtab_context_to_sid(&sidtab,
1502
                                                  &c->context[0],
1503
                                                  &c->sid[0]);
1504
                        if (rc)
1505
                                goto out;
1506
                        rc = sidtab_context_to_sid(&sidtab,
1507
                                                   &c->context[1],
1508
                                                   &c->sid[1]);
1509
                        if (rc)
1510
                                goto out;
1511
                }
1512
                *if_sid = c->sid[0];
1513
                *msg_sid = c->sid[1];
1514
        } else {
1515
                *if_sid = SECINITSID_NETIF;
1516
                *msg_sid = SECINITSID_NETMSG;
1517
        }
1518
 
1519
out:
1520
        POLICY_RDUNLOCK;
1521
        return rc;
1522
}
1523
 
1524
static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
1525
{
1526
        int i, fail = 0;
1527
 
1528
        for(i = 0; i < 4; i++)
1529
                if(addr[i] != (input[i] & mask[i])) {
1530
                        fail = 1;
1531
                        break;
1532
                }
1533
 
1534
        return !fail;
1535
}
1536
 
1537
/**
1538
 * security_node_sid - Obtain the SID for a node (host).
1539
 * @domain: communication domain aka address family
1540
 * @addrp: address
1541
 * @addrlen: address length in bytes
1542
 * @out_sid: security identifier
1543
 */
1544
int security_node_sid(u16 domain,
1545
                      void *addrp,
1546
                      u32 addrlen,
1547
                      u32 *out_sid)
1548
{
1549
        int rc = 0;
1550
        struct ocontext *c;
1551
 
1552
        POLICY_RDLOCK;
1553
 
1554
        switch (domain) {
1555
        case AF_INET: {
1556
                u32 addr;
1557
 
1558
                if (addrlen != sizeof(u32)) {
1559
                        rc = -EINVAL;
1560
                        goto out;
1561
                }
1562
 
1563
                addr = *((u32 *)addrp);
1564
 
1565
                c = policydb.ocontexts[OCON_NODE];
1566
                while (c) {
1567
                        if (c->u.node.addr == (addr & c->u.node.mask))
1568
                                break;
1569
                        c = c->next;
1570
                }
1571
                break;
1572
        }
1573
 
1574
        case AF_INET6:
1575
                if (addrlen != sizeof(u64) * 2) {
1576
                        rc = -EINVAL;
1577
                        goto out;
1578
                }
1579
                c = policydb.ocontexts[OCON_NODE6];
1580
                while (c) {
1581
                        if (match_ipv6_addrmask(addrp, c->u.node6.addr,
1582
                                                c->u.node6.mask))
1583
                                break;
1584
                        c = c->next;
1585
                }
1586
                break;
1587
 
1588
        default:
1589
                *out_sid = SECINITSID_NODE;
1590
                goto out;
1591
        }
1592
 
1593
        if (c) {
1594
                if (!c->sid[0]) {
1595
                        rc = sidtab_context_to_sid(&sidtab,
1596
                                                   &c->context[0],
1597
                                                   &c->sid[0]);
1598
                        if (rc)
1599
                                goto out;
1600
                }
1601
                *out_sid = c->sid[0];
1602
        } else {
1603
                *out_sid = SECINITSID_NODE;
1604
        }
1605
 
1606
out:
1607
        POLICY_RDUNLOCK;
1608
        return rc;
1609
}
1610
 
1611
#define SIDS_NEL 25
1612
 
1613
/**
1614
 * security_get_user_sids - Obtain reachable SIDs for a user.
1615
 * @fromsid: starting SID
1616
 * @username: username
1617
 * @sids: array of reachable SIDs for user
1618
 * @nel: number of elements in @sids
1619
 *
1620
 * Generate the set of SIDs for legal security contexts
1621
 * for a given user that can be reached by @fromsid.
1622
 * Set *@sids to point to a dynamically allocated
1623
 * array containing the set of SIDs.  Set *@nel to the
1624
 * number of elements in the array.
1625
 */
1626
 
1627
int security_get_user_sids(u32 fromsid,
1628
                           char *username,
1629
                           u32 **sids,
1630
                           u32 *nel)
1631
{
1632
        struct context *fromcon, usercon;
1633
        u32 *mysids = NULL, *mysids2, sid;
1634
        u32 mynel = 0, maxnel = SIDS_NEL;
1635
        struct user_datum *user;
1636
        struct role_datum *role;
1637
        struct ebitmap_node *rnode, *tnode;
1638
        int rc = 0, i, j;
1639
 
1640
        *sids = NULL;
1641
        *nel = 0;
1642
 
1643
        if (!ss_initialized)
1644
                goto out;
1645
 
1646
        POLICY_RDLOCK;
1647
 
1648
        fromcon = sidtab_search(&sidtab, fromsid);
1649
        if (!fromcon) {
1650
                rc = -EINVAL;
1651
                goto out_unlock;
1652
        }
1653
 
1654
        user = hashtab_search(policydb.p_users.table, username);
1655
        if (!user) {
1656
                rc = -EINVAL;
1657
                goto out_unlock;
1658
        }
1659
        usercon.user = user->value;
1660
 
1661
        mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
1662
        if (!mysids) {
1663
                rc = -ENOMEM;
1664
                goto out_unlock;
1665
        }
1666
 
1667
        ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
1668
                role = policydb.role_val_to_struct[i];
1669
                usercon.role = i+1;
1670
                ebitmap_for_each_positive_bit(&role->types, tnode, j) {
1671
                        usercon.type = j+1;
1672
 
1673
                        if (mls_setup_user_range(fromcon, user, &usercon))
1674
                                continue;
1675
 
1676
                        rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
1677
                        if (rc)
1678
                                goto out_unlock;
1679
                        if (mynel < maxnel) {
1680
                                mysids[mynel++] = sid;
1681
                        } else {
1682
                                maxnel += SIDS_NEL;
1683
                                mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
1684
                                if (!mysids2) {
1685
                                        rc = -ENOMEM;
1686
                                        goto out_unlock;
1687
                                }
1688
                                memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
1689
                                kfree(mysids);
1690
                                mysids = mysids2;
1691
                                mysids[mynel++] = sid;
1692
                        }
1693
                }
1694
        }
1695
 
1696
out_unlock:
1697
        POLICY_RDUNLOCK;
1698
        if (rc || !mynel) {
1699
                kfree(mysids);
1700
                goto out;
1701
        }
1702
 
1703
        mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
1704
        if (!mysids2) {
1705
                rc = -ENOMEM;
1706
                kfree(mysids);
1707
                goto out;
1708
        }
1709
        for (i = 0, j = 0; i < mynel; i++) {
1710
                rc = avc_has_perm_noaudit(fromsid, mysids[i],
1711
                                          SECCLASS_PROCESS,
1712
                                          PROCESS__TRANSITION, AVC_STRICT,
1713
                                          NULL);
1714
                if (!rc)
1715
                        mysids2[j++] = mysids[i];
1716
                cond_resched();
1717
        }
1718
        rc = 0;
1719
        kfree(mysids);
1720
        *sids = mysids2;
1721
        *nel = j;
1722
out:
1723
        return rc;
1724
}
1725
 
1726
/**
1727
 * security_genfs_sid - Obtain a SID for a file in a filesystem
1728
 * @fstype: filesystem type
1729
 * @path: path from root of mount
1730
 * @sclass: file security class
1731
 * @sid: SID for path
1732
 *
1733
 * Obtain a SID to use for a file in a filesystem that
1734
 * cannot support xattr or use a fixed labeling behavior like
1735
 * transition SIDs or task SIDs.
1736
 */
1737
int security_genfs_sid(const char *fstype,
1738
                       char *path,
1739
                       u16 sclass,
1740
                       u32 *sid)
1741
{
1742
        int len;
1743
        struct genfs *genfs;
1744
        struct ocontext *c;
1745
        int rc = 0, cmp = 0;
1746
 
1747
        POLICY_RDLOCK;
1748
 
1749
        for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
1750
                cmp = strcmp(fstype, genfs->fstype);
1751
                if (cmp <= 0)
1752
                        break;
1753
        }
1754
 
1755
        if (!genfs || cmp) {
1756
                *sid = SECINITSID_UNLABELED;
1757
                rc = -ENOENT;
1758
                goto out;
1759
        }
1760
 
1761
        for (c = genfs->head; c; c = c->next) {
1762
                len = strlen(c->u.name);
1763
                if ((!c->v.sclass || sclass == c->v.sclass) &&
1764
                    (strncmp(c->u.name, path, len) == 0))
1765
                        break;
1766
        }
1767
 
1768
        if (!c) {
1769
                *sid = SECINITSID_UNLABELED;
1770
                rc = -ENOENT;
1771
                goto out;
1772
        }
1773
 
1774
        if (!c->sid[0]) {
1775
                rc = sidtab_context_to_sid(&sidtab,
1776
                                           &c->context[0],
1777
                                           &c->sid[0]);
1778
                if (rc)
1779
                        goto out;
1780
        }
1781
 
1782
        *sid = c->sid[0];
1783
out:
1784
        POLICY_RDUNLOCK;
1785
        return rc;
1786
}
1787
 
1788
/**
1789
 * security_fs_use - Determine how to handle labeling for a filesystem.
1790
 * @fstype: filesystem type
1791
 * @behavior: labeling behavior
1792
 * @sid: SID for filesystem (superblock)
1793
 */
1794
int security_fs_use(
1795
        const char *fstype,
1796
        unsigned int *behavior,
1797
        u32 *sid)
1798
{
1799
        int rc = 0;
1800
        struct ocontext *c;
1801
 
1802
        POLICY_RDLOCK;
1803
 
1804
        c = policydb.ocontexts[OCON_FSUSE];
1805
        while (c) {
1806
                if (strcmp(fstype, c->u.name) == 0)
1807
                        break;
1808
                c = c->next;
1809
        }
1810
 
1811
        if (c) {
1812
                *behavior = c->v.behavior;
1813
                if (!c->sid[0]) {
1814
                        rc = sidtab_context_to_sid(&sidtab,
1815
                                                   &c->context[0],
1816
                                                   &c->sid[0]);
1817
                        if (rc)
1818
                                goto out;
1819
                }
1820
                *sid = c->sid[0];
1821
        } else {
1822
                rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
1823
                if (rc) {
1824
                        *behavior = SECURITY_FS_USE_NONE;
1825
                        rc = 0;
1826
                } else {
1827
                        *behavior = SECURITY_FS_USE_GENFS;
1828
                }
1829
        }
1830
 
1831
out:
1832
        POLICY_RDUNLOCK;
1833
        return rc;
1834
}
1835
 
1836
int security_get_bools(int *len, char ***names, int **values)
1837
{
1838
        int i, rc = -ENOMEM;
1839
 
1840
        POLICY_RDLOCK;
1841
        *names = NULL;
1842
        *values = NULL;
1843
 
1844
        *len = policydb.p_bools.nprim;
1845
        if (!*len) {
1846
                rc = 0;
1847
                goto out;
1848
        }
1849
 
1850
       *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC);
1851
        if (!*names)
1852
                goto err;
1853
 
1854
       *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
1855
        if (!*values)
1856
                goto err;
1857
 
1858
        for (i = 0; i < *len; i++) {
1859
                size_t name_len;
1860
                (*values)[i] = policydb.bool_val_to_struct[i]->state;
1861
                name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
1862
               (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
1863
                if (!(*names)[i])
1864
                        goto err;
1865
                strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
1866
                (*names)[i][name_len - 1] = 0;
1867
        }
1868
        rc = 0;
1869
out:
1870
        POLICY_RDUNLOCK;
1871
        return rc;
1872
err:
1873
        if (*names) {
1874
                for (i = 0; i < *len; i++)
1875
                        kfree((*names)[i]);
1876
        }
1877
        kfree(*values);
1878
        goto out;
1879
}
1880
 
1881
 
1882
int security_set_bools(int len, int *values)
1883
{
1884
        int i, rc = 0;
1885
        int lenp, seqno = 0;
1886
        struct cond_node *cur;
1887
 
1888
        POLICY_WRLOCK;
1889
 
1890
        lenp = policydb.p_bools.nprim;
1891
        if (len != lenp) {
1892
                rc = -EFAULT;
1893
                goto out;
1894
        }
1895
 
1896
        for (i = 0; i < len; i++) {
1897
                if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1898
                        audit_log(current->audit_context, GFP_ATOMIC,
1899
                                AUDIT_MAC_CONFIG_CHANGE,
1900
                                "bool=%s val=%d old_val=%d auid=%u",
1901
                                policydb.p_bool_val_to_name[i],
1902
                                !!values[i],
1903
                                policydb.bool_val_to_struct[i]->state,
1904
                                audit_get_loginuid(current->audit_context));
1905
                }
1906
                if (values[i]) {
1907
                        policydb.bool_val_to_struct[i]->state = 1;
1908
                } else {
1909
                        policydb.bool_val_to_struct[i]->state = 0;
1910
                }
1911
        }
1912
 
1913
        for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
1914
                rc = evaluate_cond_node(&policydb, cur);
1915
                if (rc)
1916
                        goto out;
1917
        }
1918
 
1919
        seqno = ++latest_granting;
1920
 
1921
out:
1922
        POLICY_WRUNLOCK;
1923
        if (!rc) {
1924
                avc_ss_reset(seqno);
1925
                selnl_notify_policyload(seqno);
1926
                selinux_xfrm_notify_policyload();
1927
        }
1928
        return rc;
1929
}
1930
 
1931
int security_get_bool_value(int bool)
1932
{
1933
        int rc = 0;
1934
        int len;
1935
 
1936
        POLICY_RDLOCK;
1937
 
1938
        len = policydb.p_bools.nprim;
1939
        if (bool >= len) {
1940
                rc = -EFAULT;
1941
                goto out;
1942
        }
1943
 
1944
        rc = policydb.bool_val_to_struct[bool]->state;
1945
out:
1946
        POLICY_RDUNLOCK;
1947
        return rc;
1948
}
1949
 
1950
static int security_preserve_bools(struct policydb *p)
1951
{
1952
        int rc, nbools = 0, *bvalues = NULL, i;
1953
        char **bnames = NULL;
1954
        struct cond_bool_datum *booldatum;
1955
        struct cond_node *cur;
1956
 
1957
        rc = security_get_bools(&nbools, &bnames, &bvalues);
1958
        if (rc)
1959
                goto out;
1960
        for (i = 0; i < nbools; i++) {
1961
                booldatum = hashtab_search(p->p_bools.table, bnames[i]);
1962
                if (booldatum)
1963
                        booldatum->state = bvalues[i];
1964
        }
1965
        for (cur = p->cond_list; cur != NULL; cur = cur->next) {
1966
                rc = evaluate_cond_node(p, cur);
1967
                if (rc)
1968
                        goto out;
1969
        }
1970
 
1971
out:
1972
        if (bnames) {
1973
                for (i = 0; i < nbools; i++)
1974
                        kfree(bnames[i]);
1975
        }
1976
        kfree(bnames);
1977
        kfree(bvalues);
1978
        return rc;
1979
}
1980
 
1981
/*
1982
 * security_sid_mls_copy() - computes a new sid based on the given
1983
 * sid and the mls portion of mls_sid.
1984
 */
1985
int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
1986
{
1987
        struct context *context1;
1988
        struct context *context2;
1989
        struct context newcon;
1990
        char *s;
1991
        u32 len;
1992
        int rc = 0;
1993
 
1994
        if (!ss_initialized || !selinux_mls_enabled) {
1995
                *new_sid = sid;
1996
                goto out;
1997
        }
1998
 
1999
        context_init(&newcon);
2000
 
2001
        POLICY_RDLOCK;
2002
        context1 = sidtab_search(&sidtab, sid);
2003
        if (!context1) {
2004
                printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "
2005
                       "%d\n", sid);
2006
                rc = -EINVAL;
2007
                goto out_unlock;
2008
        }
2009
 
2010
        context2 = sidtab_search(&sidtab, mls_sid);
2011
        if (!context2) {
2012
                printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "
2013
                       "%d\n", mls_sid);
2014
                rc = -EINVAL;
2015
                goto out_unlock;
2016
        }
2017
 
2018
        newcon.user = context1->user;
2019
        newcon.role = context1->role;
2020
        newcon.type = context1->type;
2021
        rc = mls_context_cpy(&newcon, context2);
2022
        if (rc)
2023
                goto out_unlock;
2024
 
2025
        /* Check the validity of the new context. */
2026
        if (!policydb_context_isvalid(&policydb, &newcon)) {
2027
                rc = convert_context_handle_invalid_context(&newcon);
2028
                if (rc)
2029
                        goto bad;
2030
        }
2031
 
2032
        rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);
2033
        goto out_unlock;
2034
 
2035
bad:
2036
        if (!context_struct_to_string(&newcon, &s, &len)) {
2037
                audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2038
                          "security_sid_mls_copy: invalid context %s", s);
2039
                kfree(s);
2040
        }
2041
 
2042
out_unlock:
2043
        POLICY_RDUNLOCK;
2044
        context_destroy(&newcon);
2045
out:
2046
        return rc;
2047
}
2048
 
2049
static int get_classes_callback(void *k, void *d, void *args)
2050
{
2051
        struct class_datum *datum = d;
2052
        char *name = k, **classes = args;
2053
        int value = datum->value - 1;
2054
 
2055
        classes[value] = kstrdup(name, GFP_ATOMIC);
2056
        if (!classes[value])
2057
                return -ENOMEM;
2058
 
2059
        return 0;
2060
}
2061
 
2062
int security_get_classes(char ***classes, int *nclasses)
2063
{
2064
        int rc = -ENOMEM;
2065
 
2066
        POLICY_RDLOCK;
2067
 
2068
        *nclasses = policydb.p_classes.nprim;
2069
        *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);
2070
        if (!*classes)
2071
                goto out;
2072
 
2073
        rc = hashtab_map(policydb.p_classes.table, get_classes_callback,
2074
                        *classes);
2075
        if (rc < 0) {
2076
                int i;
2077
                for (i = 0; i < *nclasses; i++)
2078
                        kfree((*classes)[i]);
2079
                kfree(*classes);
2080
        }
2081
 
2082
out:
2083
        POLICY_RDUNLOCK;
2084
        return rc;
2085
}
2086
 
2087
static int get_permissions_callback(void *k, void *d, void *args)
2088
{
2089
        struct perm_datum *datum = d;
2090
        char *name = k, **perms = args;
2091
        int value = datum->value - 1;
2092
 
2093
        perms[value] = kstrdup(name, GFP_ATOMIC);
2094
        if (!perms[value])
2095
                return -ENOMEM;
2096
 
2097
        return 0;
2098
}
2099
 
2100
int security_get_permissions(char *class, char ***perms, int *nperms)
2101
{
2102
        int rc = -ENOMEM, i;
2103
        struct class_datum *match;
2104
 
2105
        POLICY_RDLOCK;
2106
 
2107
        match = hashtab_search(policydb.p_classes.table, class);
2108
        if (!match) {
2109
                printk(KERN_ERR "%s:  unrecognized class %s\n",
2110
                        __FUNCTION__, class);
2111
                rc = -EINVAL;
2112
                goto out;
2113
        }
2114
 
2115
        *nperms = match->permissions.nprim;
2116
        *perms = kcalloc(*nperms, sizeof(*perms), GFP_ATOMIC);
2117
        if (!*perms)
2118
                goto out;
2119
 
2120
        if (match->comdatum) {
2121
                rc = hashtab_map(match->comdatum->permissions.table,
2122
                                get_permissions_callback, *perms);
2123
                if (rc < 0)
2124
                        goto err;
2125
        }
2126
 
2127
        rc = hashtab_map(match->permissions.table, get_permissions_callback,
2128
                        *perms);
2129
        if (rc < 0)
2130
                goto err;
2131
 
2132
out:
2133
        POLICY_RDUNLOCK;
2134
        return rc;
2135
 
2136
err:
2137
        POLICY_RDUNLOCK;
2138
        for (i = 0; i < *nperms; i++)
2139
                kfree((*perms)[i]);
2140
        kfree(*perms);
2141
        return rc;
2142
}
2143
 
2144
int security_get_reject_unknown(void)
2145
{
2146
        return policydb.reject_unknown;
2147
}
2148
 
2149
int security_get_allow_unknown(void)
2150
{
2151
        return policydb.allow_unknown;
2152
}
2153
 
2154
struct selinux_audit_rule {
2155
        u32 au_seqno;
2156
        struct context au_ctxt;
2157
};
2158
 
2159
void selinux_audit_rule_free(struct selinux_audit_rule *rule)
2160
{
2161
        if (rule) {
2162
                context_destroy(&rule->au_ctxt);
2163
                kfree(rule);
2164
        }
2165
}
2166
 
2167
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
2168
                            struct selinux_audit_rule **rule)
2169
{
2170
        struct selinux_audit_rule *tmprule;
2171
        struct role_datum *roledatum;
2172
        struct type_datum *typedatum;
2173
        struct user_datum *userdatum;
2174
        int rc = 0;
2175
 
2176
        *rule = NULL;
2177
 
2178
        if (!ss_initialized)
2179
                return -EOPNOTSUPP;
2180
 
2181
        switch (field) {
2182
        case AUDIT_SUBJ_USER:
2183
        case AUDIT_SUBJ_ROLE:
2184
        case AUDIT_SUBJ_TYPE:
2185
        case AUDIT_OBJ_USER:
2186
        case AUDIT_OBJ_ROLE:
2187
        case AUDIT_OBJ_TYPE:
2188
                /* only 'equals' and 'not equals' fit user, role, and type */
2189
                if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
2190
                        return -EINVAL;
2191
                break;
2192
        case AUDIT_SUBJ_SEN:
2193
        case AUDIT_SUBJ_CLR:
2194
        case AUDIT_OBJ_LEV_LOW:
2195
        case AUDIT_OBJ_LEV_HIGH:
2196
                /* we do not allow a range, indicated by the presense of '-' */
2197
                if (strchr(rulestr, '-'))
2198
                        return -EINVAL;
2199
                break;
2200
        default:
2201
                /* only the above fields are valid */
2202
                return -EINVAL;
2203
        }
2204
 
2205
        tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
2206
        if (!tmprule)
2207
                return -ENOMEM;
2208
 
2209
        context_init(&tmprule->au_ctxt);
2210
 
2211
        POLICY_RDLOCK;
2212
 
2213
        tmprule->au_seqno = latest_granting;
2214
 
2215
        switch (field) {
2216
        case AUDIT_SUBJ_USER:
2217
        case AUDIT_OBJ_USER:
2218
                userdatum = hashtab_search(policydb.p_users.table, rulestr);
2219
                if (!userdatum)
2220
                        rc = -EINVAL;
2221
                else
2222
                        tmprule->au_ctxt.user = userdatum->value;
2223
                break;
2224
        case AUDIT_SUBJ_ROLE:
2225
        case AUDIT_OBJ_ROLE:
2226
                roledatum = hashtab_search(policydb.p_roles.table, rulestr);
2227
                if (!roledatum)
2228
                        rc = -EINVAL;
2229
                else
2230
                        tmprule->au_ctxt.role = roledatum->value;
2231
                break;
2232
        case AUDIT_SUBJ_TYPE:
2233
        case AUDIT_OBJ_TYPE:
2234
                typedatum = hashtab_search(policydb.p_types.table, rulestr);
2235
                if (!typedatum)
2236
                        rc = -EINVAL;
2237
                else
2238
                        tmprule->au_ctxt.type = typedatum->value;
2239
                break;
2240
        case AUDIT_SUBJ_SEN:
2241
        case AUDIT_SUBJ_CLR:
2242
        case AUDIT_OBJ_LEV_LOW:
2243
        case AUDIT_OBJ_LEV_HIGH:
2244
                rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
2245
                break;
2246
        }
2247
 
2248
        POLICY_RDUNLOCK;
2249
 
2250
        if (rc) {
2251
                selinux_audit_rule_free(tmprule);
2252
                tmprule = NULL;
2253
        }
2254
 
2255
        *rule = tmprule;
2256
 
2257
        return rc;
2258
}
2259
 
2260
int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
2261
                             struct selinux_audit_rule *rule,
2262
                             struct audit_context *actx)
2263
{
2264
        struct context *ctxt;
2265
        struct mls_level *level;
2266
        int match = 0;
2267
 
2268
        if (!rule) {
2269
                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2270
                          "selinux_audit_rule_match: missing rule\n");
2271
                return -ENOENT;
2272
        }
2273
 
2274
        POLICY_RDLOCK;
2275
 
2276
        if (rule->au_seqno < latest_granting) {
2277
                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2278
                          "selinux_audit_rule_match: stale rule\n");
2279
                match = -ESTALE;
2280
                goto out;
2281
        }
2282
 
2283
        ctxt = sidtab_search(&sidtab, sid);
2284
        if (!ctxt) {
2285
                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2286
                          "selinux_audit_rule_match: unrecognized SID %d\n",
2287
                          sid);
2288
                match = -ENOENT;
2289
                goto out;
2290
        }
2291
 
2292
        /* a field/op pair that is not caught here will simply fall through
2293
           without a match */
2294
        switch (field) {
2295
        case AUDIT_SUBJ_USER:
2296
        case AUDIT_OBJ_USER:
2297
                switch (op) {
2298
                case AUDIT_EQUAL:
2299
                        match = (ctxt->user == rule->au_ctxt.user);
2300
                        break;
2301
                case AUDIT_NOT_EQUAL:
2302
                        match = (ctxt->user != rule->au_ctxt.user);
2303
                        break;
2304
                }
2305
                break;
2306
        case AUDIT_SUBJ_ROLE:
2307
        case AUDIT_OBJ_ROLE:
2308
                switch (op) {
2309
                case AUDIT_EQUAL:
2310
                        match = (ctxt->role == rule->au_ctxt.role);
2311
                        break;
2312
                case AUDIT_NOT_EQUAL:
2313
                        match = (ctxt->role != rule->au_ctxt.role);
2314
                        break;
2315
                }
2316
                break;
2317
        case AUDIT_SUBJ_TYPE:
2318
        case AUDIT_OBJ_TYPE:
2319
                switch (op) {
2320
                case AUDIT_EQUAL:
2321
                        match = (ctxt->type == rule->au_ctxt.type);
2322
                        break;
2323
                case AUDIT_NOT_EQUAL:
2324
                        match = (ctxt->type != rule->au_ctxt.type);
2325
                        break;
2326
                }
2327
                break;
2328
        case AUDIT_SUBJ_SEN:
2329
        case AUDIT_SUBJ_CLR:
2330
        case AUDIT_OBJ_LEV_LOW:
2331
        case AUDIT_OBJ_LEV_HIGH:
2332
                level = ((field == AUDIT_SUBJ_SEN ||
2333
                          field == AUDIT_OBJ_LEV_LOW) ?
2334
                         &ctxt->range.level[0] : &ctxt->range.level[1]);
2335
                switch (op) {
2336
                case AUDIT_EQUAL:
2337
                        match = mls_level_eq(&rule->au_ctxt.range.level[0],
2338
                                             level);
2339
                        break;
2340
                case AUDIT_NOT_EQUAL:
2341
                        match = !mls_level_eq(&rule->au_ctxt.range.level[0],
2342
                                              level);
2343
                        break;
2344
                case AUDIT_LESS_THAN:
2345
                        match = (mls_level_dom(&rule->au_ctxt.range.level[0],
2346
                                               level) &&
2347
                                 !mls_level_eq(&rule->au_ctxt.range.level[0],
2348
                                               level));
2349
                        break;
2350
                case AUDIT_LESS_THAN_OR_EQUAL:
2351
                        match = mls_level_dom(&rule->au_ctxt.range.level[0],
2352
                                              level);
2353
                        break;
2354
                case AUDIT_GREATER_THAN:
2355
                        match = (mls_level_dom(level,
2356
                                              &rule->au_ctxt.range.level[0]) &&
2357
                                 !mls_level_eq(level,
2358
                                               &rule->au_ctxt.range.level[0]));
2359
                        break;
2360
                case AUDIT_GREATER_THAN_OR_EQUAL:
2361
                        match = mls_level_dom(level,
2362
                                              &rule->au_ctxt.range.level[0]);
2363
                        break;
2364
                }
2365
        }
2366
 
2367
out:
2368
        POLICY_RDUNLOCK;
2369
        return match;
2370
}
2371
 
2372
static int (*aurule_callback)(void) = NULL;
2373
 
2374
static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
2375
                               u16 class, u32 perms, u32 *retained)
2376
{
2377
        int err = 0;
2378
 
2379
        if (event == AVC_CALLBACK_RESET && aurule_callback)
2380
                err = aurule_callback();
2381
        return err;
2382
}
2383
 
2384
static int __init aurule_init(void)
2385
{
2386
        int err;
2387
 
2388
        err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
2389
                               SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
2390
        if (err)
2391
                panic("avc_add_callback() failed, error %d\n", err);
2392
 
2393
        return err;
2394
}
2395
__initcall(aurule_init);
2396
 
2397
void selinux_audit_set_callback(int (*callback)(void))
2398
{
2399
        aurule_callback = callback;
2400
}
2401
 
2402
#ifdef CONFIG_NETLABEL
2403
/*
2404
 * NetLabel cache structure
2405
 */
2406
#define NETLBL_CACHE(x)           ((struct selinux_netlbl_cache *)(x))
2407
#define NETLBL_CACHE_T_NONE       0
2408
#define NETLBL_CACHE_T_SID        1
2409
#define NETLBL_CACHE_T_MLS        2
2410
struct selinux_netlbl_cache {
2411
        u32 type;
2412
        union {
2413
                u32 sid;
2414
                struct mls_range mls_label;
2415
        } data;
2416
};
2417
 
2418
/**
2419
 * security_netlbl_cache_free - Free the NetLabel cached data
2420
 * @data: the data to free
2421
 *
2422
 * Description:
2423
 * This function is intended to be used as the free() callback inside the
2424
 * netlbl_lsm_cache structure.
2425
 *
2426
 */
2427
static void security_netlbl_cache_free(const void *data)
2428
{
2429
        struct selinux_netlbl_cache *cache;
2430
 
2431
        if (data == NULL)
2432
                return;
2433
 
2434
        cache = NETLBL_CACHE(data);
2435
        switch (cache->type) {
2436
        case NETLBL_CACHE_T_MLS:
2437
                ebitmap_destroy(&cache->data.mls_label.level[0].cat);
2438
                break;
2439
        }
2440
        kfree(data);
2441
}
2442
 
2443
/**
2444
 * security_netlbl_cache_add - Add an entry to the NetLabel cache
2445
 * @secattr: the NetLabel packet security attributes
2446
 * @ctx: the SELinux context
2447
 *
2448
 * Description:
2449
 * Attempt to cache the context in @ctx, which was derived from the packet in
2450
 * @skb, in the NetLabel subsystem cache.  This function assumes @secattr has
2451
 * already been initialized.
2452
 *
2453
 */
2454
static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
2455
                                      struct context *ctx)
2456
{
2457
        struct selinux_netlbl_cache *cache = NULL;
2458
 
2459
        secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
2460
        if (secattr->cache == NULL)
2461
                return;
2462
 
2463
        cache = kzalloc(sizeof(*cache), GFP_ATOMIC);
2464
        if (cache == NULL)
2465
                return;
2466
 
2467
        cache->type = NETLBL_CACHE_T_MLS;
2468
        if (ebitmap_cpy(&cache->data.mls_label.level[0].cat,
2469
                        &ctx->range.level[0].cat) != 0) {
2470
                kfree(cache);
2471
                return;
2472
        }
2473
        cache->data.mls_label.level[1].cat.highbit =
2474
                cache->data.mls_label.level[0].cat.highbit;
2475
        cache->data.mls_label.level[1].cat.node =
2476
                cache->data.mls_label.level[0].cat.node;
2477
        cache->data.mls_label.level[0].sens = ctx->range.level[0].sens;
2478
        cache->data.mls_label.level[1].sens = ctx->range.level[0].sens;
2479
 
2480
        secattr->cache->free = security_netlbl_cache_free;
2481
        secattr->cache->data = (void *)cache;
2482
        secattr->flags |= NETLBL_SECATTR_CACHE;
2483
}
2484
 
2485
/**
2486
 * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
2487
 * @secattr: the NetLabel packet security attributes
2488
 * @base_sid: the SELinux SID to use as a context for MLS only attributes
2489
 * @sid: the SELinux SID
2490
 *
2491
 * Description:
2492
 * Convert the given NetLabel security attributes in @secattr into a
2493
 * SELinux SID.  If the @secattr field does not contain a full SELinux
2494
 * SID/context then use the context in @base_sid as the foundation.  If
2495
 * possibile the 'cache' field of @secattr is set and the CACHE flag is set;
2496
 * this is to allow the @secattr to be used by NetLabel to cache the secattr to
2497
 * SID conversion for future lookups.  Returns zero on success, negative
2498
 * values on failure.
2499
 *
2500
 */
2501
int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
2502
                                   u32 base_sid,
2503
                                   u32 *sid)
2504
{
2505
        int rc = -EIDRM;
2506
        struct context *ctx;
2507
        struct context ctx_new;
2508
        struct selinux_netlbl_cache *cache;
2509
 
2510
        if (!ss_initialized) {
2511
                *sid = SECSID_NULL;
2512
                return 0;
2513
        }
2514
 
2515
        POLICY_RDLOCK;
2516
 
2517
        if (secattr->flags & NETLBL_SECATTR_CACHE) {
2518
                cache = NETLBL_CACHE(secattr->cache->data);
2519
                switch (cache->type) {
2520
                case NETLBL_CACHE_T_SID:
2521
                        *sid = cache->data.sid;
2522
                        rc = 0;
2523
                        break;
2524
                case NETLBL_CACHE_T_MLS:
2525
                        ctx = sidtab_search(&sidtab, base_sid);
2526
                        if (ctx == NULL)
2527
                                goto netlbl_secattr_to_sid_return;
2528
 
2529
                        ctx_new.user = ctx->user;
2530
                        ctx_new.role = ctx->role;
2531
                        ctx_new.type = ctx->type;
2532
                        ctx_new.range.level[0].sens =
2533
                                cache->data.mls_label.level[0].sens;
2534
                        ctx_new.range.level[0].cat.highbit =
2535
                                cache->data.mls_label.level[0].cat.highbit;
2536
                        ctx_new.range.level[0].cat.node =
2537
                                cache->data.mls_label.level[0].cat.node;
2538
                        ctx_new.range.level[1].sens =
2539
                                cache->data.mls_label.level[1].sens;
2540
                        ctx_new.range.level[1].cat.highbit =
2541
                                cache->data.mls_label.level[1].cat.highbit;
2542
                        ctx_new.range.level[1].cat.node =
2543
                                cache->data.mls_label.level[1].cat.node;
2544
 
2545
                        rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
2546
                        break;
2547
                default:
2548
                        goto netlbl_secattr_to_sid_return;
2549
                }
2550
        } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
2551
                ctx = sidtab_search(&sidtab, base_sid);
2552
                if (ctx == NULL)
2553
                        goto netlbl_secattr_to_sid_return;
2554
 
2555
                ctx_new.user = ctx->user;
2556
                ctx_new.role = ctx->role;
2557
                ctx_new.type = ctx->type;
2558
                mls_import_netlbl_lvl(&ctx_new, secattr);
2559
                if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
2560
                        if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
2561
                                                  secattr->mls_cat) != 0)
2562
                                goto netlbl_secattr_to_sid_return;
2563
                        ctx_new.range.level[1].cat.highbit =
2564
                                ctx_new.range.level[0].cat.highbit;
2565
                        ctx_new.range.level[1].cat.node =
2566
                                ctx_new.range.level[0].cat.node;
2567
                } else {
2568
                        ebitmap_init(&ctx_new.range.level[0].cat);
2569
                        ebitmap_init(&ctx_new.range.level[1].cat);
2570
                }
2571
                if (mls_context_isvalid(&policydb, &ctx_new) != 1)
2572
                        goto netlbl_secattr_to_sid_return_cleanup;
2573
 
2574
                rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
2575
                if (rc != 0)
2576
                        goto netlbl_secattr_to_sid_return_cleanup;
2577
 
2578
                security_netlbl_cache_add(secattr, &ctx_new);
2579
 
2580
                ebitmap_destroy(&ctx_new.range.level[0].cat);
2581
        } else {
2582
                *sid = SECSID_NULL;
2583
                rc = 0;
2584
        }
2585
 
2586
netlbl_secattr_to_sid_return:
2587
        POLICY_RDUNLOCK;
2588
        return rc;
2589
netlbl_secattr_to_sid_return_cleanup:
2590
        ebitmap_destroy(&ctx_new.range.level[0].cat);
2591
        goto netlbl_secattr_to_sid_return;
2592
}
2593
 
2594
/**
2595
 * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
2596
 * @sid: the SELinux SID
2597
 * @secattr: the NetLabel packet security attributes
2598
 *
2599
 * Description:
2600
 * Convert the given SELinux SID in @sid into a NetLabel security attribute.
2601
 * Returns zero on success, negative values on failure.
2602
 *
2603
 */
2604
int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
2605
{
2606
        int rc = -ENOENT;
2607
        struct context *ctx;
2608
 
2609
        if (!ss_initialized)
2610
                return 0;
2611
 
2612
        POLICY_RDLOCK;
2613
        ctx = sidtab_search(&sidtab, sid);
2614
        if (ctx == NULL)
2615
                goto netlbl_sid_to_secattr_failure;
2616
        secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
2617
                                  GFP_ATOMIC);
2618
        secattr->flags |= NETLBL_SECATTR_DOMAIN;
2619
        mls_export_netlbl_lvl(ctx, secattr);
2620
        rc = mls_export_netlbl_cat(ctx, secattr);
2621
        if (rc != 0)
2622
                goto netlbl_sid_to_secattr_failure;
2623
        POLICY_RDUNLOCK;
2624
 
2625
        return 0;
2626
 
2627
netlbl_sid_to_secattr_failure:
2628
        POLICY_RDUNLOCK;
2629
        netlbl_secattr_destroy(secattr);
2630
        return rc;
2631
}
2632
#endif /* CONFIG_NETLABEL */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.