1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42#include <linux/kernel.h>
43#include <linux/slab.h>
44#include <linux/string.h>
45#include <linux/spinlock.h>
46#include <linux/rcupdate.h>
47#include <linux/errno.h>
48#include <linux/in.h>
49#include <linux/sched.h>
50#include <linux/audit.h>
51#include <linux/mutex.h>
52#include <linux/vmalloc.h>
53#include <net/netlabel.h>
54
55#include "flask.h"
56#include "avc.h"
57#include "avc_ss.h"
58#include "security.h"
59#include "context.h"
60#include "policydb.h"
61#include "sidtab.h"
62#include "services.h"
63#include "conditional.h"
64#include "mls.h"
65#include "objsec.h"
66#include "netlabel.h"
67#include "xfrm.h"
68#include "ebitmap.h"
69#include "audit.h"
70
71
72const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
73 "network_peer_controls",
74 "open_perms",
75 "extended_socket_class",
76 "always_check_network",
77 "cgroup_seclabel",
78 "nnp_nosuid_transition"
79};
80
81static struct selinux_ss selinux_ss;
82
83void selinux_ss_init(struct selinux_ss **ss)
84{
85 rwlock_init(&selinux_ss.policy_rwlock);
86 mutex_init(&selinux_ss.status_lock);
87 *ss = &selinux_ss;
88}
89
90
91static int context_struct_to_string(struct policydb *policydb,
92 struct context *context,
93 char **scontext,
94 u32 *scontext_len);
95
96static void context_struct_compute_av(struct policydb *policydb,
97 struct context *scontext,
98 struct context *tcontext,
99 u16 tclass,
100 struct av_decision *avd,
101 struct extended_perms *xperms);
102
103static int selinux_set_mapping(struct policydb *pol,
104 struct security_class_mapping *map,
105 struct selinux_map *out_map)
106{
107 u16 i, j;
108 unsigned k;
109 bool print_unknown_handle = false;
110
111
112 if (!map)
113 return -EINVAL;
114 i = 0;
115 while (map[i].name)
116 i++;
117
118
119 out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC);
120 if (!out_map->mapping)
121 return -ENOMEM;
122
123
124 j = 0;
125 while (map[j].name) {
126 struct security_class_mapping *p_in = map + (j++);
127 struct selinux_mapping *p_out = out_map->mapping + j;
128
129
130 if (!strcmp(p_in->name, "")) {
131 p_out->num_perms = 0;
132 continue;
133 }
134
135 p_out->value = string_to_security_class(pol, p_in->name);
136 if (!p_out->value) {
137 pr_info("SELinux: Class %s not defined in policy.\n",
138 p_in->name);
139 if (pol->reject_unknown)
140 goto err;
141 p_out->num_perms = 0;
142 print_unknown_handle = true;
143 continue;
144 }
145
146 k = 0;
147 while (p_in->perms[k]) {
148
149 if (!*p_in->perms[k]) {
150 k++;
151 continue;
152 }
153 p_out->perms[k] = string_to_av_perm(pol, p_out->value,
154 p_in->perms[k]);
155 if (!p_out->perms[k]) {
156 pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
157 p_in->perms[k], p_in->name);
158 if (pol->reject_unknown)
159 goto err;
160 print_unknown_handle = true;
161 }
162
163 k++;
164 }
165 p_out->num_perms = k;
166 }
167
168 if (print_unknown_handle)
169 pr_info("SELinux: the above unknown classes and permissions will be %s\n",
170 pol->allow_unknown ? "allowed" : "denied");
171
172 out_map->size = i;
173 return 0;
174err:
175 kfree(out_map->mapping);
176 out_map->mapping = NULL;
177 return -EINVAL;
178}
179
180
181
182
183
184static u16 unmap_class(struct selinux_map *map, u16 tclass)
185{
186 if (tclass < map->size)
187 return map->mapping[tclass].value;
188
189 return tclass;
190}
191
192
193
194
195static u16 map_class(struct selinux_map *map, u16 pol_value)
196{
197 u16 i;
198
199 for (i = 1; i < map->size; i++) {
200 if (map->mapping[i].value == pol_value)
201 return i;
202 }
203
204 return SECCLASS_NULL;
205}
206
207static void map_decision(struct selinux_map *map,
208 u16 tclass, struct av_decision *avd,
209 int allow_unknown)
210{
211 if (tclass < map->size) {
212 struct selinux_mapping *mapping = &map->mapping[tclass];
213 unsigned int i, n = mapping->num_perms;
214 u32 result;
215
216 for (i = 0, result = 0; i < n; i++) {
217 if (avd->allowed & mapping->perms[i])
218 result |= 1<<i;
219 if (allow_unknown && !mapping->perms[i])
220 result |= 1<<i;
221 }
222 avd->allowed = result;
223
224 for (i = 0, result = 0; i < n; i++)
225 if (avd->auditallow & mapping->perms[i])
226 result |= 1<<i;
227 avd->auditallow = result;
228
229 for (i = 0, result = 0; i < n; i++) {
230 if (avd->auditdeny & mapping->perms[i])
231 result |= 1<<i;
232 if (!allow_unknown && !mapping->perms[i])
233 result |= 1<<i;
234 }
235
236
237
238
239
240 for (; i < (sizeof(u32)*8); i++)
241 result |= 1<<i;
242 avd->auditdeny = result;
243 }
244}
245
246int security_mls_enabled(struct selinux_state *state)
247{
248 struct policydb *p = &state->ss->policydb;
249
250 return p->mls_enabled;
251}
252
253
254
255
256
257
258
259
260
261
262
263
264static int constraint_expr_eval(struct policydb *policydb,
265 struct context *scontext,
266 struct context *tcontext,
267 struct context *xcontext,
268 struct constraint_expr *cexpr)
269{
270 u32 val1, val2;
271 struct context *c;
272 struct role_datum *r1, *r2;
273 struct mls_level *l1, *l2;
274 struct constraint_expr *e;
275 int s[CEXPR_MAXDEPTH];
276 int sp = -1;
277
278 for (e = cexpr; e; e = e->next) {
279 switch (e->expr_type) {
280 case CEXPR_NOT:
281 BUG_ON(sp < 0);
282 s[sp] = !s[sp];
283 break;
284 case CEXPR_AND:
285 BUG_ON(sp < 1);
286 sp--;
287 s[sp] &= s[sp + 1];
288 break;
289 case CEXPR_OR:
290 BUG_ON(sp < 1);
291 sp--;
292 s[sp] |= s[sp + 1];
293 break;
294 case CEXPR_ATTR:
295 if (sp == (CEXPR_MAXDEPTH - 1))
296 return 0;
297 switch (e->attr) {
298 case CEXPR_USER:
299 val1 = scontext->user;
300 val2 = tcontext->user;
301 break;
302 case CEXPR_TYPE:
303 val1 = scontext->type;
304 val2 = tcontext->type;
305 break;
306 case CEXPR_ROLE:
307 val1 = scontext->role;
308 val2 = tcontext->role;
309 r1 = policydb->role_val_to_struct[val1 - 1];
310 r2 = policydb->role_val_to_struct[val2 - 1];
311 switch (e->op) {
312 case CEXPR_DOM:
313 s[++sp] = ebitmap_get_bit(&r1->dominates,
314 val2 - 1);
315 continue;
316 case CEXPR_DOMBY:
317 s[++sp] = ebitmap_get_bit(&r2->dominates,
318 val1 - 1);
319 continue;
320 case CEXPR_INCOMP:
321 s[++sp] = (!ebitmap_get_bit(&r1->dominates,
322 val2 - 1) &&
323 !ebitmap_get_bit(&r2->dominates,
324 val1 - 1));
325 continue;
326 default:
327 break;
328 }
329 break;
330 case CEXPR_L1L2:
331 l1 = &(scontext->range.level[0]);
332 l2 = &(tcontext->range.level[0]);
333 goto mls_ops;
334 case CEXPR_L1H2:
335 l1 = &(scontext->range.level[0]);
336 l2 = &(tcontext->range.level[1]);
337 goto mls_ops;
338 case CEXPR_H1L2:
339 l1 = &(scontext->range.level[1]);
340 l2 = &(tcontext->range.level[0]);
341 goto mls_ops;
342 case CEXPR_H1H2:
343 l1 = &(scontext->range.level[1]);
344 l2 = &(tcontext->range.level[1]);
345 goto mls_ops;
346 case CEXPR_L1H1:
347 l1 = &(scontext->range.level[0]);
348 l2 = &(scontext->range.level[1]);
349 goto mls_ops;
350 case CEXPR_L2H2:
351 l1 = &(tcontext->range.level[0]);
352 l2 = &(tcontext->range.level[1]);
353 goto mls_ops;
354mls_ops:
355 switch (e->op) {
356 case CEXPR_EQ:
357 s[++sp] = mls_level_eq(l1, l2);
358 continue;
359 case CEXPR_NEQ:
360 s[++sp] = !mls_level_eq(l1, l2);
361 continue;
362 case CEXPR_DOM:
363 s[++sp] = mls_level_dom(l1, l2);
364 continue;
365 case CEXPR_DOMBY:
366 s[++sp] = mls_level_dom(l2, l1);
367 continue;
368 case CEXPR_INCOMP:
369 s[++sp] = mls_level_incomp(l2, l1);
370 continue;
371 default:
372 BUG();
373 return 0;
374 }
375 break;
376 default:
377 BUG();
378 return 0;
379 }
380
381 switch (e->op) {
382 case CEXPR_EQ:
383 s[++sp] = (val1 == val2);
384 break;
385 case CEXPR_NEQ:
386 s[++sp] = (val1 != val2);
387 break;
388 default:
389 BUG();
390 return 0;
391 }
392 break;
393 case CEXPR_NAMES:
394 if (sp == (CEXPR_MAXDEPTH-1))
395 return 0;
396 c = scontext;
397 if (e->attr & CEXPR_TARGET)
398 c = tcontext;
399 else if (e->attr & CEXPR_XTARGET) {
400 c = xcontext;
401 if (!c) {
402 BUG();
403 return 0;
404 }
405 }
406 if (e->attr & CEXPR_USER)
407 val1 = c->user;
408 else if (e->attr & CEXPR_ROLE)
409 val1 = c->role;
410 else if (e->attr & CEXPR_TYPE)
411 val1 = c->type;
412 else {
413 BUG();
414 return 0;
415 }
416
417 switch (e->op) {
418 case CEXPR_EQ:
419 s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
420 break;
421 case CEXPR_NEQ:
422 s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
423 break;
424 default:
425 BUG();
426 return 0;
427 }
428 break;
429 default:
430 BUG();
431 return 0;
432 }
433 }
434
435 BUG_ON(sp != 0);
436 return s[0];
437}
438
439
440
441
442
443static int dump_masked_av_helper(void *k, void *d, void *args)
444{
445 struct perm_datum *pdatum = d;
446 char **permission_names = args;
447
448 BUG_ON(pdatum->value < 1 || pdatum->value > 32);
449
450 permission_names[pdatum->value - 1] = (char *)k;
451
452 return 0;
453}
454
455static void security_dump_masked_av(struct policydb *policydb,
456 struct context *scontext,
457 struct context *tcontext,
458 u16 tclass,
459 u32 permissions,
460 const char *reason)
461{
462 struct common_datum *common_dat;
463 struct class_datum *tclass_dat;
464 struct audit_buffer *ab;
465 char *tclass_name;
466 char *scontext_name = NULL;
467 char *tcontext_name = NULL;
468 char *permission_names[32];
469 int index;
470 u32 length;
471 bool need_comma = false;
472
473 if (!permissions)
474 return;
475
476 tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
477 tclass_dat = policydb->class_val_to_struct[tclass - 1];
478 common_dat = tclass_dat->comdatum;
479
480
481 if (common_dat &&
482 hashtab_map(common_dat->permissions.table,
483 dump_masked_av_helper, permission_names) < 0)
484 goto out;
485
486 if (hashtab_map(tclass_dat->permissions.table,
487 dump_masked_av_helper, permission_names) < 0)
488 goto out;
489
490
491 if (context_struct_to_string(policydb, scontext,
492 &scontext_name, &length) < 0)
493 goto out;
494
495 if (context_struct_to_string(policydb, tcontext,
496 &tcontext_name, &length) < 0)
497 goto out;
498
499
500 ab = audit_log_start(audit_context(),
501 GFP_ATOMIC, AUDIT_SELINUX_ERR);
502 if (!ab)
503 goto out;
504
505 audit_log_format(ab, "op=security_compute_av reason=%s "
506 "scontext=%s tcontext=%s tclass=%s perms=",
507 reason, scontext_name, tcontext_name, tclass_name);
508
509 for (index = 0; index < 32; index++) {
510 u32 mask = (1 << index);
511
512 if ((mask & permissions) == 0)
513 continue;
514
515 audit_log_format(ab, "%s%s",
516 need_comma ? "," : "",
517 permission_names[index]
518 ? permission_names[index] : "????");
519 need_comma = true;
520 }
521 audit_log_end(ab);
522out:
523
524 kfree(tcontext_name);
525 kfree(scontext_name);
526
527 return;
528}
529
530
531
532
533
534static void type_attribute_bounds_av(struct policydb *policydb,
535 struct context *scontext,
536 struct context *tcontext,
537 u16 tclass,
538 struct av_decision *avd)
539{
540 struct context lo_scontext;
541 struct context lo_tcontext, *tcontextp = tcontext;
542 struct av_decision lo_avd;
543 struct type_datum *source;
544 struct type_datum *target;
545 u32 masked = 0;
546
547 source = policydb->type_val_to_struct_array[scontext->type - 1];
548 BUG_ON(!source);
549
550 if (!source->bounds)
551 return;
552
553 target = policydb->type_val_to_struct_array[tcontext->type - 1];
554 BUG_ON(!target);
555
556 memset(&lo_avd, 0, sizeof(lo_avd));
557
558 memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
559 lo_scontext.type = source->bounds;
560
561 if (target->bounds) {
562 memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
563 lo_tcontext.type = target->bounds;
564 tcontextp = &lo_tcontext;
565 }
566
567 context_struct_compute_av(policydb, &lo_scontext,
568 tcontextp,
569 tclass,
570 &lo_avd,
571 NULL);
572
573 masked = ~lo_avd.allowed & avd->allowed;
574
575 if (likely(!masked))
576 return;
577
578
579 avd->allowed &= ~masked;
580
581
582 security_dump_masked_av(policydb, scontext, tcontext,
583 tclass, masked, "bounds");
584}
585
586
587
588
589
590void services_compute_xperms_drivers(
591 struct extended_perms *xperms,
592 struct avtab_node *node)
593{
594 unsigned int i;
595
596 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
597
598 for (i = 0; i < ARRAY_SIZE(xperms->drivers.p); i++)
599 xperms->drivers.p[i] |= node->datum.u.xperms->perms.p[i];
600 } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
601
602 security_xperm_set(xperms->drivers.p,
603 node->datum.u.xperms->driver);
604 }
605
606
607 if (node->key.specified & AVTAB_XPERMS_ALLOWED)
608 xperms->len = 1;
609}
610
611
612
613
614
615static void context_struct_compute_av(struct policydb *policydb,
616 struct context *scontext,
617 struct context *tcontext,
618 u16 tclass,
619 struct av_decision *avd,
620 struct extended_perms *xperms)
621{
622 struct constraint_node *constraint;
623 struct role_allow *ra;
624 struct avtab_key avkey;
625 struct avtab_node *node;
626 struct class_datum *tclass_datum;
627 struct ebitmap *sattr, *tattr;
628 struct ebitmap_node *snode, *tnode;
629 unsigned int i, j;
630
631 avd->allowed = 0;
632 avd->auditallow = 0;
633 avd->auditdeny = 0xffffffff;
634 if (xperms) {
635 memset(&xperms->drivers, 0, sizeof(xperms->drivers));
636 xperms->len = 0;
637 }
638
639 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
640 if (printk_ratelimit())
641 pr_warn("SELinux: Invalid class %hu\n", tclass);
642 return;
643 }
644
645 tclass_datum = policydb->class_val_to_struct[tclass - 1];
646
647
648
649
650
651 avkey.target_class = tclass;
652 avkey.specified = AVTAB_AV | AVTAB_XPERMS;
653 sattr = &policydb->type_attr_map_array[scontext->type - 1];
654 BUG_ON(!sattr);
655 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
656 BUG_ON(!tattr);
657 ebitmap_for_each_positive_bit(sattr, snode, i) {
658 ebitmap_for_each_positive_bit(tattr, tnode, j) {
659 avkey.source_type = i + 1;
660 avkey.target_type = j + 1;
661 for (node = avtab_search_node(&policydb->te_avtab,
662 &avkey);
663 node;
664 node = avtab_search_node_next(node, avkey.specified)) {
665 if (node->key.specified == AVTAB_ALLOWED)
666 avd->allowed |= node->datum.u.data;
667 else if (node->key.specified == AVTAB_AUDITALLOW)
668 avd->auditallow |= node->datum.u.data;
669 else if (node->key.specified == AVTAB_AUDITDENY)
670 avd->auditdeny &= node->datum.u.data;
671 else if (xperms && (node->key.specified & AVTAB_XPERMS))
672 services_compute_xperms_drivers(xperms, node);
673 }
674
675
676 cond_compute_av(&policydb->te_cond_avtab, &avkey,
677 avd, xperms);
678
679 }
680 }
681
682
683
684
685
686 constraint = tclass_datum->constraints;
687 while (constraint) {
688 if ((constraint->permissions & (avd->allowed)) &&
689 !constraint_expr_eval(policydb, scontext, tcontext, NULL,
690 constraint->expr)) {
691 avd->allowed &= ~(constraint->permissions);
692 }
693 constraint = constraint->next;
694 }
695
696
697
698
699
700
701 if (tclass == policydb->process_class &&
702 (avd->allowed & policydb->process_trans_perms) &&
703 scontext->role != tcontext->role) {
704 for (ra = policydb->role_allow; ra; ra = ra->next) {
705 if (scontext->role == ra->role &&
706 tcontext->role == ra->new_role)
707 break;
708 }
709 if (!ra)
710 avd->allowed &= ~policydb->process_trans_perms;
711 }
712
713
714
715
716
717
718 type_attribute_bounds_av(policydb, scontext, tcontext,
719 tclass, avd);
720}
721
722static int security_validtrans_handle_fail(struct selinux_state *state,
723 struct context *ocontext,
724 struct context *ncontext,
725 struct context *tcontext,
726 u16 tclass)
727{
728 struct policydb *p = &state->ss->policydb;
729 char *o = NULL, *n = NULL, *t = NULL;
730 u32 olen, nlen, tlen;
731
732 if (context_struct_to_string(p, ocontext, &o, &olen))
733 goto out;
734 if (context_struct_to_string(p, ncontext, &n, &nlen))
735 goto out;
736 if (context_struct_to_string(p, tcontext, &t, &tlen))
737 goto out;
738 audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
739 "op=security_validate_transition seresult=denied"
740 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
741 o, n, t, sym_name(p, SYM_CLASSES, tclass-1));
742out:
743 kfree(o);
744 kfree(n);
745 kfree(t);
746
747 if (!enforcing_enabled(state))
748 return 0;
749 return -EPERM;
750}
751
752static int security_compute_validatetrans(struct selinux_state *state,
753 u32 oldsid, u32 newsid, u32 tasksid,
754 u16 orig_tclass, bool user)
755{
756 struct policydb *policydb;
757 struct sidtab *sidtab;
758 struct context *ocontext;
759 struct context *ncontext;
760 struct context *tcontext;
761 struct class_datum *tclass_datum;
762 struct constraint_node *constraint;
763 u16 tclass;
764 int rc = 0;
765
766
767 if (!state->initialized)
768 return 0;
769
770 read_lock(&state->ss->policy_rwlock);
771
772 policydb = &state->ss->policydb;
773 sidtab = state->ss->sidtab;
774
775 if (!user)
776 tclass = unmap_class(&state->ss->map, orig_tclass);
777 else
778 tclass = orig_tclass;
779
780 if (!tclass || tclass > policydb->p_classes.nprim) {
781 rc = -EINVAL;
782 goto out;
783 }
784 tclass_datum = policydb->class_val_to_struct[tclass - 1];
785
786 ocontext = sidtab_search(sidtab, oldsid);
787 if (!ocontext) {
788 pr_err("SELinux: %s: unrecognized SID %d\n",
789 __func__, oldsid);
790 rc = -EINVAL;
791 goto out;
792 }
793
794 ncontext = sidtab_search(sidtab, newsid);
795 if (!ncontext) {
796 pr_err("SELinux: %s: unrecognized SID %d\n",
797 __func__, newsid);
798 rc = -EINVAL;
799 goto out;
800 }
801
802 tcontext = sidtab_search(sidtab, tasksid);
803 if (!tcontext) {
804 pr_err("SELinux: %s: unrecognized SID %d\n",
805 __func__, tasksid);
806 rc = -EINVAL;
807 goto out;
808 }
809
810 constraint = tclass_datum->validatetrans;
811 while (constraint) {
812 if (!constraint_expr_eval(policydb, ocontext, ncontext,
813 tcontext, constraint->expr)) {
814 if (user)
815 rc = -EPERM;
816 else
817 rc = security_validtrans_handle_fail(state,
818 ocontext,
819 ncontext,
820 tcontext,
821 tclass);
822 goto out;
823 }
824 constraint = constraint->next;
825 }
826
827out:
828 read_unlock(&state->ss->policy_rwlock);
829 return rc;
830}
831
832int security_validate_transition_user(struct selinux_state *state,
833 u32 oldsid, u32 newsid, u32 tasksid,
834 u16 tclass)
835{
836 return security_compute_validatetrans(state, oldsid, newsid, tasksid,
837 tclass, true);
838}
839
840int security_validate_transition(struct selinux_state *state,
841 u32 oldsid, u32 newsid, u32 tasksid,
842 u16 orig_tclass)
843{
844 return security_compute_validatetrans(state, oldsid, newsid, tasksid,
845 orig_tclass, false);
846}
847
848
849
850
851
852
853
854
855
856
857int security_bounded_transition(struct selinux_state *state,
858 u32 old_sid, u32 new_sid)
859{
860 struct policydb *policydb;
861 struct sidtab *sidtab;
862 struct context *old_context, *new_context;
863 struct type_datum *type;
864 int index;
865 int rc;
866
867 if (!state->initialized)
868 return 0;
869
870 read_lock(&state->ss->policy_rwlock);
871
872 policydb = &state->ss->policydb;
873 sidtab = state->ss->sidtab;
874
875 rc = -EINVAL;
876 old_context = sidtab_search(sidtab, old_sid);
877 if (!old_context) {
878 pr_err("SELinux: %s: unrecognized SID %u\n",
879 __func__, old_sid);
880 goto out;
881 }
882
883 rc = -EINVAL;
884 new_context = sidtab_search(sidtab, new_sid);
885 if (!new_context) {
886 pr_err("SELinux: %s: unrecognized SID %u\n",
887 __func__, new_sid);
888 goto out;
889 }
890
891 rc = 0;
892
893 if (old_context->type == new_context->type)
894 goto out;
895
896 index = new_context->type;
897 while (true) {
898 type = policydb->type_val_to_struct_array[index - 1];
899 BUG_ON(!type);
900
901
902 rc = -EPERM;
903 if (!type->bounds)
904 break;
905
906
907 rc = 0;
908 if (type->bounds == old_context->type)
909 break;
910
911 index = type->bounds;
912 }
913
914 if (rc) {
915 char *old_name = NULL;
916 char *new_name = NULL;
917 u32 length;
918
919 if (!context_struct_to_string(policydb, old_context,
920 &old_name, &length) &&
921 !context_struct_to_string(policydb, new_context,
922 &new_name, &length)) {
923 audit_log(audit_context(),
924 GFP_ATOMIC, AUDIT_SELINUX_ERR,
925 "op=security_bounded_transition "
926 "seresult=denied "
927 "oldcontext=%s newcontext=%s",
928 old_name, new_name);
929 }
930 kfree(new_name);
931 kfree(old_name);
932 }
933out:
934 read_unlock(&state->ss->policy_rwlock);
935
936 return rc;
937}
938
939static void avd_init(struct selinux_state *state, struct av_decision *avd)
940{
941 avd->allowed = 0;
942 avd->auditallow = 0;
943 avd->auditdeny = 0xffffffff;
944 avd->seqno = state->ss->latest_granting;
945 avd->flags = 0;
946}
947
948void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
949 struct avtab_node *node)
950{
951 unsigned int i;
952
953 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
954 if (xpermd->driver != node->datum.u.xperms->driver)
955 return;
956 } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
957 if (!security_xperm_test(node->datum.u.xperms->perms.p,
958 xpermd->driver))
959 return;
960 } else {
961 BUG();
962 }
963
964 if (node->key.specified == AVTAB_XPERMS_ALLOWED) {
965 xpermd->used |= XPERMS_ALLOWED;
966 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
967 memset(xpermd->allowed->p, 0xff,
968 sizeof(xpermd->allowed->p));
969 }
970 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
971 for (i = 0; i < ARRAY_SIZE(xpermd->allowed->p); i++)
972 xpermd->allowed->p[i] |=
973 node->datum.u.xperms->perms.p[i];
974 }
975 } else if (node->key.specified == AVTAB_XPERMS_AUDITALLOW) {
976 xpermd->used |= XPERMS_AUDITALLOW;
977 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
978 memset(xpermd->auditallow->p, 0xff,
979 sizeof(xpermd->auditallow->p));
980 }
981 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
982 for (i = 0; i < ARRAY_SIZE(xpermd->auditallow->p); i++)
983 xpermd->auditallow->p[i] |=
984 node->datum.u.xperms->perms.p[i];
985 }
986 } else if (node->key.specified == AVTAB_XPERMS_DONTAUDIT) {
987 xpermd->used |= XPERMS_DONTAUDIT;
988 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
989 memset(xpermd->dontaudit->p, 0xff,
990 sizeof(xpermd->dontaudit->p));
991 }
992 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
993 for (i = 0; i < ARRAY_SIZE(xpermd->dontaudit->p); i++)
994 xpermd->dontaudit->p[i] |=
995 node->datum.u.xperms->perms.p[i];
996 }
997 } else {
998 BUG();
999 }
1000}
1001
1002void security_compute_xperms_decision(struct selinux_state *state,
1003 u32 ssid,
1004 u32 tsid,
1005 u16 orig_tclass,
1006 u8 driver,
1007 struct extended_perms_decision *xpermd)
1008{
1009 struct policydb *policydb;
1010 struct sidtab *sidtab;
1011 u16 tclass;
1012 struct context *scontext, *tcontext;
1013 struct avtab_key avkey;
1014 struct avtab_node *node;
1015 struct ebitmap *sattr, *tattr;
1016 struct ebitmap_node *snode, *tnode;
1017 unsigned int i, j;
1018
1019 xpermd->driver = driver;
1020 xpermd->used = 0;
1021 memset(xpermd->allowed->p, 0, sizeof(xpermd->allowed->p));
1022 memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
1023 memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
1024
1025 read_lock(&state->ss->policy_rwlock);
1026 if (!state->initialized)
1027 goto allow;
1028
1029 policydb = &state->ss->policydb;
1030 sidtab = state->ss->sidtab;
1031
1032 scontext = sidtab_search(sidtab, ssid);
1033 if (!scontext) {
1034 pr_err("SELinux: %s: unrecognized SID %d\n",
1035 __func__, ssid);
1036 goto out;
1037 }
1038
1039 tcontext = sidtab_search(sidtab, tsid);
1040 if (!tcontext) {
1041 pr_err("SELinux: %s: unrecognized SID %d\n",
1042 __func__, tsid);
1043 goto out;
1044 }
1045
1046 tclass = unmap_class(&state->ss->map, orig_tclass);
1047 if (unlikely(orig_tclass && !tclass)) {
1048 if (policydb->allow_unknown)
1049 goto allow;
1050 goto out;
1051 }
1052
1053
1054 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
1055 pr_warn_ratelimited("SELinux: Invalid class %hu\n", tclass);
1056 goto out;
1057 }
1058
1059 avkey.target_class = tclass;
1060 avkey.specified = AVTAB_XPERMS;
1061 sattr = &policydb->type_attr_map_array[scontext->type - 1];
1062 BUG_ON(!sattr);
1063 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
1064 BUG_ON(!tattr);
1065 ebitmap_for_each_positive_bit(sattr, snode, i) {
1066 ebitmap_for_each_positive_bit(tattr, tnode, j) {
1067 avkey.source_type = i + 1;
1068 avkey.target_type = j + 1;
1069 for (node = avtab_search_node(&policydb->te_avtab,
1070 &avkey);
1071 node;
1072 node = avtab_search_node_next(node, avkey.specified))
1073 services_compute_xperms_decision(xpermd, node);
1074
1075 cond_compute_xperms(&policydb->te_cond_avtab,
1076 &avkey, xpermd);
1077 }
1078 }
1079out:
1080 read_unlock(&state->ss->policy_rwlock);
1081 return;
1082allow:
1083 memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
1084 goto out;
1085}
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098void security_compute_av(struct selinux_state *state,
1099 u32 ssid,
1100 u32 tsid,
1101 u16 orig_tclass,
1102 struct av_decision *avd,
1103 struct extended_perms *xperms)
1104{
1105 struct policydb *policydb;
1106 struct sidtab *sidtab;
1107 u16 tclass;
1108 struct context *scontext = NULL, *tcontext = NULL;
1109
1110 read_lock(&state->ss->policy_rwlock);
1111 avd_init(state, avd);
1112 xperms->len = 0;
1113 if (!state->initialized)
1114 goto allow;
1115
1116 policydb = &state->ss->policydb;
1117 sidtab = state->ss->sidtab;
1118
1119 scontext = sidtab_search(sidtab, ssid);
1120 if (!scontext) {
1121 pr_err("SELinux: %s: unrecognized SID %d\n",
1122 __func__, ssid);
1123 goto out;
1124 }
1125
1126
1127 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1128 avd->flags |= AVD_FLAGS_PERMISSIVE;
1129
1130 tcontext = sidtab_search(sidtab, tsid);
1131 if (!tcontext) {
1132 pr_err("SELinux: %s: unrecognized SID %d\n",
1133 __func__, tsid);
1134 goto out;
1135 }
1136
1137 tclass = unmap_class(&state->ss->map, orig_tclass);
1138 if (unlikely(orig_tclass && !tclass)) {
1139 if (policydb->allow_unknown)
1140 goto allow;
1141 goto out;
1142 }
1143 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1144 xperms);
1145 map_decision(&state->ss->map, orig_tclass, avd,
1146 policydb->allow_unknown);
1147out:
1148 read_unlock(&state->ss->policy_rwlock);
1149 return;
1150allow:
1151 avd->allowed = 0xffffffff;
1152 goto out;
1153}
1154
1155void security_compute_av_user(struct selinux_state *state,
1156 u32 ssid,
1157 u32 tsid,
1158 u16 tclass,
1159 struct av_decision *avd)
1160{
1161 struct policydb *policydb;
1162 struct sidtab *sidtab;
1163 struct context *scontext = NULL, *tcontext = NULL;
1164
1165 read_lock(&state->ss->policy_rwlock);
1166 avd_init(state, avd);
1167 if (!state->initialized)
1168 goto allow;
1169
1170 policydb = &state->ss->policydb;
1171 sidtab = state->ss->sidtab;
1172
1173 scontext = sidtab_search(sidtab, ssid);
1174 if (!scontext) {
1175 pr_err("SELinux: %s: unrecognized SID %d\n",
1176 __func__, ssid);
1177 goto out;
1178 }
1179
1180
1181 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1182 avd->flags |= AVD_FLAGS_PERMISSIVE;
1183
1184 tcontext = sidtab_search(sidtab, tsid);
1185 if (!tcontext) {
1186 pr_err("SELinux: %s: unrecognized SID %d\n",
1187 __func__, tsid);
1188 goto out;
1189 }
1190
1191 if (unlikely(!tclass)) {
1192 if (policydb->allow_unknown)
1193 goto allow;
1194 goto out;
1195 }
1196
1197 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1198 NULL);
1199 out:
1200 read_unlock(&state->ss->policy_rwlock);
1201 return;
1202allow:
1203 avd->allowed = 0xffffffff;
1204 goto out;
1205}
1206
1207
1208
1209
1210
1211
1212
1213
1214static int context_struct_to_string(struct policydb *p,
1215 struct context *context,
1216 char **scontext, u32 *scontext_len)
1217{
1218 char *scontextp;
1219
1220 if (scontext)
1221 *scontext = NULL;
1222 *scontext_len = 0;
1223
1224 if (context->len) {
1225 *scontext_len = context->len;
1226 if (scontext) {
1227 *scontext = kstrdup(context->str, GFP_ATOMIC);
1228 if (!(*scontext))
1229 return -ENOMEM;
1230 }
1231 return 0;
1232 }
1233
1234
1235 *scontext_len += strlen(sym_name(p, SYM_USERS, context->user - 1)) + 1;
1236 *scontext_len += strlen(sym_name(p, SYM_ROLES, context->role - 1)) + 1;
1237 *scontext_len += strlen(sym_name(p, SYM_TYPES, context->type - 1)) + 1;
1238 *scontext_len += mls_compute_context_len(p, context);
1239
1240 if (!scontext)
1241 return 0;
1242
1243
1244 scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
1245 if (!scontextp)
1246 return -ENOMEM;
1247 *scontext = scontextp;
1248
1249
1250
1251
1252 scontextp += sprintf(scontextp, "%s:%s:%s",
1253 sym_name(p, SYM_USERS, context->user - 1),
1254 sym_name(p, SYM_ROLES, context->role - 1),
1255 sym_name(p, SYM_TYPES, context->type - 1));
1256
1257 mls_sid_to_context(p, context, &scontextp);
1258
1259 *scontextp = 0;
1260
1261 return 0;
1262}
1263
1264#include "initial_sid_to_string.h"
1265
1266const char *security_get_initial_sid_context(u32 sid)
1267{
1268 if (unlikely(sid > SECINITSID_NUM))
1269 return NULL;
1270 return initial_sid_to_string[sid];
1271}
1272
1273static int security_sid_to_context_core(struct selinux_state *state,
1274 u32 sid, char **scontext,
1275 u32 *scontext_len, int force,
1276 int only_invalid)
1277{
1278 struct policydb *policydb;
1279 struct sidtab *sidtab;
1280 struct context *context;
1281 int rc = 0;
1282
1283 if (scontext)
1284 *scontext = NULL;
1285 *scontext_len = 0;
1286
1287 if (!state->initialized) {
1288 if (sid <= SECINITSID_NUM) {
1289 char *scontextp;
1290
1291 *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
1292 if (!scontext)
1293 goto out;
1294 scontextp = kmemdup(initial_sid_to_string[sid],
1295 *scontext_len, GFP_ATOMIC);
1296 if (!scontextp) {
1297 rc = -ENOMEM;
1298 goto out;
1299 }
1300 *scontext = scontextp;
1301 goto out;
1302 }
1303 pr_err("SELinux: %s: called before initial "
1304 "load_policy on unknown SID %d\n", __func__, sid);
1305 rc = -EINVAL;
1306 goto out;
1307 }
1308 read_lock(&state->ss->policy_rwlock);
1309 policydb = &state->ss->policydb;
1310 sidtab = state->ss->sidtab;
1311 if (force)
1312 context = sidtab_search_force(sidtab, sid);
1313 else
1314 context = sidtab_search(sidtab, sid);
1315 if (!context) {
1316 pr_err("SELinux: %s: unrecognized SID %d\n",
1317 __func__, sid);
1318 rc = -EINVAL;
1319 goto out_unlock;
1320 }
1321 if (only_invalid && !context->len) {
1322 scontext = NULL;
1323 scontext_len = 0;
1324 rc = 0;
1325 } else {
1326 rc = context_struct_to_string(policydb, context, scontext,
1327 scontext_len);
1328 }
1329out_unlock:
1330 read_unlock(&state->ss->policy_rwlock);
1331out:
1332 return rc;
1333
1334}
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346int security_sid_to_context(struct selinux_state *state,
1347 u32 sid, char **scontext, u32 *scontext_len)
1348{
1349 return security_sid_to_context_core(state, sid, scontext,
1350 scontext_len, 0, 0);
1351}
1352
1353int security_sid_to_context_force(struct selinux_state *state, u32 sid,
1354 char **scontext, u32 *scontext_len)
1355{
1356 return security_sid_to_context_core(state, sid, scontext,
1357 scontext_len, 1, 0);
1358}
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373int security_sid_to_context_inval(struct selinux_state *state, u32 sid,
1374 char **scontext, u32 *scontext_len)
1375{
1376 return security_sid_to_context_core(state, sid, scontext,
1377 scontext_len, 1, 1);
1378}
1379
1380
1381
1382
1383static int string_to_context_struct(struct policydb *pol,
1384 struct sidtab *sidtabp,
1385 char *scontext,
1386 struct context *ctx,
1387 u32 def_sid)
1388{
1389 struct role_datum *role;
1390 struct type_datum *typdatum;
1391 struct user_datum *usrdatum;
1392 char *scontextp, *p, oldc;
1393 int rc = 0;
1394
1395 context_init(ctx);
1396
1397
1398
1399 rc = -EINVAL;
1400 scontextp = (char *) scontext;
1401
1402
1403 p = scontextp;
1404 while (*p && *p != ':')
1405 p++;
1406
1407 if (*p == 0)
1408 goto out;
1409
1410 *p++ = 0;
1411
1412 usrdatum = hashtab_search(pol->p_users.table, scontextp);
1413 if (!usrdatum)
1414 goto out;
1415
1416 ctx->user = usrdatum->value;
1417
1418
1419 scontextp = p;
1420 while (*p && *p != ':')
1421 p++;
1422
1423 if (*p == 0)
1424 goto out;
1425
1426 *p++ = 0;
1427
1428 role = hashtab_search(pol->p_roles.table, scontextp);
1429 if (!role)
1430 goto out;
1431 ctx->role = role->value;
1432
1433
1434 scontextp = p;
1435 while (*p && *p != ':')
1436 p++;
1437 oldc = *p;
1438 *p++ = 0;
1439
1440 typdatum = hashtab_search(pol->p_types.table, scontextp);
1441 if (!typdatum || typdatum->attribute)
1442 goto out;
1443
1444 ctx->type = typdatum->value;
1445
1446 rc = mls_context_to_sid(pol, oldc, p, ctx, sidtabp, def_sid);
1447 if (rc)
1448 goto out;
1449
1450
1451 rc = -EINVAL;
1452 if (!policydb_context_isvalid(pol, ctx))
1453 goto out;
1454 rc = 0;
1455out:
1456 if (rc)
1457 context_destroy(ctx);
1458 return rc;
1459}
1460
1461static int security_context_to_sid_core(struct selinux_state *state,
1462 const char *scontext, u32 scontext_len,
1463 u32 *sid, u32 def_sid, gfp_t gfp_flags,
1464 int force)
1465{
1466 struct policydb *policydb;
1467 struct sidtab *sidtab;
1468 char *scontext2, *str = NULL;
1469 struct context context;
1470 int rc = 0;
1471
1472
1473 if (!scontext_len)
1474 return -EINVAL;
1475
1476
1477 scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags);
1478 if (!scontext2)
1479 return -ENOMEM;
1480
1481 if (!state->initialized) {
1482 int i;
1483
1484 for (i = 1; i < SECINITSID_NUM; i++) {
1485 if (!strcmp(initial_sid_to_string[i], scontext2)) {
1486 *sid = i;
1487 goto out;
1488 }
1489 }
1490 *sid = SECINITSID_KERNEL;
1491 goto out;
1492 }
1493 *sid = SECSID_NULL;
1494
1495 if (force) {
1496
1497 rc = -ENOMEM;
1498 str = kstrdup(scontext2, gfp_flags);
1499 if (!str)
1500 goto out;
1501 }
1502 read_lock(&state->ss->policy_rwlock);
1503 policydb = &state->ss->policydb;
1504 sidtab = state->ss->sidtab;
1505 rc = string_to_context_struct(policydb, sidtab, scontext2,
1506 &context, def_sid);
1507 if (rc == -EINVAL && force) {
1508 context.str = str;
1509 context.len = strlen(str) + 1;
1510 str = NULL;
1511 } else if (rc)
1512 goto out_unlock;
1513 rc = sidtab_context_to_sid(sidtab, &context, sid);
1514 context_destroy(&context);
1515out_unlock:
1516 read_unlock(&state->ss->policy_rwlock);
1517out:
1518 kfree(scontext2);
1519 kfree(str);
1520 return rc;
1521}
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535int security_context_to_sid(struct selinux_state *state,
1536 const char *scontext, u32 scontext_len, u32 *sid,
1537 gfp_t gfp)
1538{
1539 return security_context_to_sid_core(state, scontext, scontext_len,
1540 sid, SECSID_NULL, gfp, 0);
1541}
1542
1543int security_context_str_to_sid(struct selinux_state *state,
1544 const char *scontext, u32 *sid, gfp_t gfp)
1545{
1546 return security_context_to_sid(state, scontext, strlen(scontext),
1547 sid, gfp);
1548}
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568int security_context_to_sid_default(struct selinux_state *state,
1569 const char *scontext, u32 scontext_len,
1570 u32 *sid, u32 def_sid, gfp_t gfp_flags)
1571{
1572 return security_context_to_sid_core(state, scontext, scontext_len,
1573 sid, def_sid, gfp_flags, 1);
1574}
1575
1576int security_context_to_sid_force(struct selinux_state *state,
1577 const char *scontext, u32 scontext_len,
1578 u32 *sid)
1579{
1580 return security_context_to_sid_core(state, scontext, scontext_len,
1581 sid, SECSID_NULL, GFP_KERNEL, 1);
1582}
1583
1584static int compute_sid_handle_invalid_context(
1585 struct selinux_state *state,
1586 struct context *scontext,
1587 struct context *tcontext,
1588 u16 tclass,
1589 struct context *newcontext)
1590{
1591 struct policydb *policydb = &state->ss->policydb;
1592 char *s = NULL, *t = NULL, *n = NULL;
1593 u32 slen, tlen, nlen;
1594
1595 if (context_struct_to_string(policydb, scontext, &s, &slen))
1596 goto out;
1597 if (context_struct_to_string(policydb, tcontext, &t, &tlen))
1598 goto out;
1599 if (context_struct_to_string(policydb, newcontext, &n, &nlen))
1600 goto out;
1601 audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
1602 "op=security_compute_sid invalid_context=%s"
1603 " scontext=%s"
1604 " tcontext=%s"
1605 " tclass=%s",
1606 n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
1607out:
1608 kfree(s);
1609 kfree(t);
1610 kfree(n);
1611 if (!enforcing_enabled(state))
1612 return 0;
1613 return -EACCES;
1614}
1615
1616static void filename_compute_type(struct policydb *policydb,
1617 struct context *newcontext,
1618 u32 stype, u32 ttype, u16 tclass,
1619 const char *objname)
1620{
1621 struct filename_trans ft;
1622 struct filename_trans_datum *otype;
1623
1624
1625
1626
1627
1628
1629 if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
1630 return;
1631
1632 ft.stype = stype;
1633 ft.ttype = ttype;
1634 ft.tclass = tclass;
1635 ft.name = objname;
1636
1637 otype = hashtab_search(policydb->filename_trans, &ft);
1638 if (otype)
1639 newcontext->type = otype->otype;
1640}
1641
1642static int security_compute_sid(struct selinux_state *state,
1643 u32 ssid,
1644 u32 tsid,
1645 u16 orig_tclass,
1646 u32 specified,
1647 const char *objname,
1648 u32 *out_sid,
1649 bool kern)
1650{
1651 struct policydb *policydb;
1652 struct sidtab *sidtab;
1653 struct class_datum *cladatum = NULL;
1654 struct context *scontext = NULL, *tcontext = NULL, newcontext;
1655 struct role_trans *roletr = NULL;
1656 struct avtab_key avkey;
1657 struct avtab_datum *avdatum;
1658 struct avtab_node *node;
1659 u16 tclass;
1660 int rc = 0;
1661 bool sock;
1662
1663 if (!state->initialized) {
1664 switch (orig_tclass) {
1665 case SECCLASS_PROCESS:
1666 *out_sid = ssid;
1667 break;
1668 default:
1669 *out_sid = tsid;
1670 break;
1671 }
1672 goto out;
1673 }
1674
1675 context_init(&newcontext);
1676
1677 read_lock(&state->ss->policy_rwlock);
1678
1679 if (kern) {
1680 tclass = unmap_class(&state->ss->map, orig_tclass);
1681 sock = security_is_socket_class(orig_tclass);
1682 } else {
1683 tclass = orig_tclass;
1684 sock = security_is_socket_class(map_class(&state->ss->map,
1685 tclass));
1686 }
1687
1688 policydb = &state->ss->policydb;
1689 sidtab = state->ss->sidtab;
1690
1691 scontext = sidtab_search(sidtab, ssid);
1692 if (!scontext) {
1693 pr_err("SELinux: %s: unrecognized SID %d\n",
1694 __func__, ssid);
1695 rc = -EINVAL;
1696 goto out_unlock;
1697 }
1698 tcontext = sidtab_search(sidtab, tsid);
1699 if (!tcontext) {
1700 pr_err("SELinux: %s: unrecognized SID %d\n",
1701 __func__, tsid);
1702 rc = -EINVAL;
1703 goto out_unlock;
1704 }
1705
1706 if (tclass && tclass <= policydb->p_classes.nprim)
1707 cladatum = policydb->class_val_to_struct[tclass - 1];
1708
1709
1710 switch (specified) {
1711 case AVTAB_TRANSITION:
1712 case AVTAB_CHANGE:
1713 if (cladatum && cladatum->default_user == DEFAULT_TARGET) {
1714 newcontext.user = tcontext->user;
1715 } else {
1716
1717
1718 newcontext.user = scontext->user;
1719 }
1720 break;
1721 case AVTAB_MEMBER:
1722
1723 newcontext.user = tcontext->user;
1724 break;
1725 }
1726
1727
1728 if (cladatum && cladatum->default_role == DEFAULT_SOURCE) {
1729 newcontext.role = scontext->role;
1730 } else if (cladatum && cladatum->default_role == DEFAULT_TARGET) {
1731 newcontext.role = tcontext->role;
1732 } else {
1733 if ((tclass == policydb->process_class) || (sock == true))
1734 newcontext.role = scontext->role;
1735 else
1736 newcontext.role = OBJECT_R_VAL;
1737 }
1738
1739
1740 if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
1741 newcontext.type = scontext->type;
1742 } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
1743 newcontext.type = tcontext->type;
1744 } else {
1745 if ((tclass == policydb->process_class) || (sock == true)) {
1746
1747 newcontext.type = scontext->type;
1748 } else {
1749
1750 newcontext.type = tcontext->type;
1751 }
1752 }
1753
1754
1755 avkey.source_type = scontext->type;
1756 avkey.target_type = tcontext->type;
1757 avkey.target_class = tclass;
1758 avkey.specified = specified;
1759 avdatum = avtab_search(&policydb->te_avtab, &avkey);
1760
1761
1762 if (!avdatum) {
1763 node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
1764 for (; node; node = avtab_search_node_next(node, specified)) {
1765 if (node->key.specified & AVTAB_ENABLED) {
1766 avdatum = &node->datum;
1767 break;
1768 }
1769 }
1770 }
1771
1772 if (avdatum) {
1773
1774 newcontext.type = avdatum->u.data;
1775 }
1776
1777
1778 if (objname)
1779 filename_compute_type(policydb, &newcontext, scontext->type,
1780 tcontext->type, tclass, objname);
1781
1782
1783 if (specified & AVTAB_TRANSITION) {
1784
1785 for (roletr = policydb->role_tr; roletr;
1786 roletr = roletr->next) {
1787 if ((roletr->role == scontext->role) &&
1788 (roletr->type == tcontext->type) &&
1789 (roletr->tclass == tclass)) {
1790
1791 newcontext.role = roletr->new_role;
1792 break;
1793 }
1794 }
1795 }
1796
1797
1798
1799 rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
1800 &newcontext, sock);
1801 if (rc)
1802 goto out_unlock;
1803
1804
1805 if (!policydb_context_isvalid(policydb, &newcontext)) {
1806 rc = compute_sid_handle_invalid_context(state, scontext,
1807 tcontext,
1808 tclass,
1809 &newcontext);
1810 if (rc)
1811 goto out_unlock;
1812 }
1813
1814 rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
1815out_unlock:
1816 read_unlock(&state->ss->policy_rwlock);
1817 context_destroy(&newcontext);
1818out:
1819 return rc;
1820}
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835int security_transition_sid(struct selinux_state *state,
1836 u32 ssid, u32 tsid, u16 tclass,
1837 const struct qstr *qstr, u32 *out_sid)
1838{
1839 return security_compute_sid(state, ssid, tsid, tclass,
1840 AVTAB_TRANSITION,
1841 qstr ? qstr->name : NULL, out_sid, true);
1842}
1843
1844int security_transition_sid_user(struct selinux_state *state,
1845 u32 ssid, u32 tsid, u16 tclass,
1846 const char *objname, u32 *out_sid)
1847{
1848 return security_compute_sid(state, ssid, tsid, tclass,
1849 AVTAB_TRANSITION,
1850 objname, out_sid, false);
1851}
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866int security_member_sid(struct selinux_state *state,
1867 u32 ssid,
1868 u32 tsid,
1869 u16 tclass,
1870 u32 *out_sid)
1871{
1872 return security_compute_sid(state, ssid, tsid, tclass,
1873 AVTAB_MEMBER, NULL,
1874 out_sid, false);
1875}
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890int security_change_sid(struct selinux_state *state,
1891 u32 ssid,
1892 u32 tsid,
1893 u16 tclass,
1894 u32 *out_sid)
1895{
1896 return security_compute_sid(state,
1897 ssid, tsid, tclass, AVTAB_CHANGE, NULL,
1898 out_sid, false);
1899}
1900
1901static inline int convert_context_handle_invalid_context(
1902 struct selinux_state *state,
1903 struct context *context)
1904{
1905 struct policydb *policydb = &state->ss->policydb;
1906 char *s;
1907 u32 len;
1908
1909 if (enforcing_enabled(state))
1910 return -EINVAL;
1911
1912 if (!context_struct_to_string(policydb, context, &s, &len)) {
1913 pr_warn("SELinux: Context %s would be invalid if enforcing\n",
1914 s);
1915 kfree(s);
1916 }
1917 return 0;
1918}
1919
1920struct convert_context_args {
1921 struct selinux_state *state;
1922 struct policydb *oldp;
1923 struct policydb *newp;
1924};
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934static int convert_context(struct context *oldc, struct context *newc, void *p)
1935{
1936 struct convert_context_args *args;
1937 struct ocontext *oc;
1938 struct role_datum *role;
1939 struct type_datum *typdatum;
1940 struct user_datum *usrdatum;
1941 char *s;
1942 u32 len;
1943 int rc;
1944
1945 args = p;
1946
1947 if (oldc->str) {
1948 s = kstrdup(oldc->str, GFP_KERNEL);
1949 if (!s)
1950 return -ENOMEM;
1951
1952 rc = string_to_context_struct(args->newp, NULL, s,
1953 newc, SECSID_NULL);
1954 if (rc == -EINVAL) {
1955
1956 context_init(newc);
1957 newc->str = s;
1958 newc->len = oldc->len;
1959 return 0;
1960 }
1961 kfree(s);
1962 if (rc) {
1963
1964 pr_err("SELinux: Unable to map context %s, rc = %d.\n",
1965 oldc->str, -rc);
1966 return rc;
1967 }
1968 pr_info("SELinux: Context %s became valid (mapped).\n",
1969 oldc->str);
1970 return 0;
1971 }
1972
1973 context_init(newc);
1974
1975
1976 rc = -EINVAL;
1977 usrdatum = hashtab_search(args->newp->p_users.table,
1978 sym_name(args->oldp,
1979 SYM_USERS, oldc->user - 1));
1980 if (!usrdatum)
1981 goto bad;
1982 newc->user = usrdatum->value;
1983
1984
1985 rc = -EINVAL;
1986 role = hashtab_search(args->newp->p_roles.table,
1987 sym_name(args->oldp, SYM_ROLES, oldc->role - 1));
1988 if (!role)
1989 goto bad;
1990 newc->role = role->value;
1991
1992
1993 rc = -EINVAL;
1994 typdatum = hashtab_search(args->newp->p_types.table,
1995 sym_name(args->oldp,
1996 SYM_TYPES, oldc->type - 1));
1997 if (!typdatum)
1998 goto bad;
1999 newc->type = typdatum->value;
2000
2001
2002 if (args->oldp->mls_enabled && args->newp->mls_enabled) {
2003 rc = mls_convert_context(args->oldp, args->newp, oldc, newc);
2004 if (rc)
2005 goto bad;
2006 } else if (!args->oldp->mls_enabled && args->newp->mls_enabled) {
2007
2008
2009
2010
2011
2012
2013
2014 oc = args->newp->ocontexts[OCON_ISID];
2015 while (oc && oc->sid[0] != SECINITSID_UNLABELED)
2016 oc = oc->next;
2017 rc = -EINVAL;
2018 if (!oc) {
2019 pr_err("SELinux: unable to look up"
2020 " the initial SIDs list\n");
2021 goto bad;
2022 }
2023 rc = mls_range_set(newc, &oc->context[0].range);
2024 if (rc)
2025 goto bad;
2026 }
2027
2028
2029 if (!policydb_context_isvalid(args->newp, newc)) {
2030 rc = convert_context_handle_invalid_context(args->state, oldc);
2031 if (rc)
2032 goto bad;
2033 }
2034
2035 return 0;
2036bad:
2037
2038 rc = context_struct_to_string(args->oldp, oldc, &s, &len);
2039 if (rc)
2040 return rc;
2041 context_destroy(newc);
2042 newc->str = s;
2043 newc->len = len;
2044 pr_info("SELinux: Context %s became invalid (unmapped).\n",
2045 newc->str);
2046 return 0;
2047}
2048
2049static void security_load_policycaps(struct selinux_state *state)
2050{
2051 struct policydb *p = &state->ss->policydb;
2052 unsigned int i;
2053 struct ebitmap_node *node;
2054
2055 for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
2056 state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
2057
2058 for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
2059 pr_info("SELinux: policy capability %s=%d\n",
2060 selinux_policycap_names[i],
2061 ebitmap_get_bit(&p->policycaps, i));
2062
2063 ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
2064 if (i >= ARRAY_SIZE(selinux_policycap_names))
2065 pr_info("SELinux: unknown policy capability %u\n",
2066 i);
2067 }
2068}
2069
2070static int security_preserve_bools(struct selinux_state *state,
2071 struct policydb *newpolicydb);
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083int security_load_policy(struct selinux_state *state, void *data, size_t len)
2084{
2085 struct policydb *policydb;
2086 struct sidtab *oldsidtab, *newsidtab;
2087 struct policydb *oldpolicydb, *newpolicydb;
2088 struct selinux_mapping *oldmapping;
2089 struct selinux_map newmap;
2090 struct sidtab_convert_params convert_params;
2091 struct convert_context_args args;
2092 u32 seqno;
2093 int rc = 0;
2094 struct policy_file file = { data, len }, *fp = &file;
2095
2096 oldpolicydb = kcalloc(2, sizeof(*oldpolicydb), GFP_KERNEL);
2097 if (!oldpolicydb) {
2098 rc = -ENOMEM;
2099 goto out;
2100 }
2101 newpolicydb = oldpolicydb + 1;
2102
2103 policydb = &state->ss->policydb;
2104
2105 newsidtab = kmalloc(sizeof(*newsidtab), GFP_KERNEL);
2106 if (!newsidtab) {
2107 rc = -ENOMEM;
2108 goto out;
2109 }
2110
2111 if (!state->initialized) {
2112 rc = policydb_read(policydb, fp);
2113 if (rc) {
2114 kfree(newsidtab);
2115 goto out;
2116 }
2117
2118 policydb->len = len;
2119 rc = selinux_set_mapping(policydb, secclass_map,
2120 &state->ss->map);
2121 if (rc) {
2122 kfree(newsidtab);
2123 policydb_destroy(policydb);
2124 goto out;
2125 }
2126
2127 rc = policydb_load_isids(policydb, newsidtab);
2128 if (rc) {
2129 kfree(newsidtab);
2130 policydb_destroy(policydb);
2131 goto out;
2132 }
2133
2134 state->ss->sidtab = newsidtab;
2135 security_load_policycaps(state);
2136 state->initialized = 1;
2137 seqno = ++state->ss->latest_granting;
2138 selinux_complete_init();
2139 avc_ss_reset(state->avc, seqno);
2140 selnl_notify_policyload(seqno);
2141 selinux_status_update_policyload(state, seqno);
2142 selinux_netlbl_cache_invalidate();
2143 selinux_xfrm_notify_policyload();
2144 goto out;
2145 }
2146
2147 rc = policydb_read(newpolicydb, fp);
2148 if (rc) {
2149 kfree(newsidtab);
2150 goto out;
2151 }
2152
2153 newpolicydb->len = len;
2154
2155 if (policydb->mls_enabled && !newpolicydb->mls_enabled)
2156 pr_info("SELinux: Disabling MLS support...\n");
2157 else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
2158 pr_info("SELinux: Enabling MLS support...\n");
2159
2160 rc = policydb_load_isids(newpolicydb, newsidtab);
2161 if (rc) {
2162 pr_err("SELinux: unable to load the initial SIDs\n");
2163 policydb_destroy(newpolicydb);
2164 kfree(newsidtab);
2165 goto out;
2166 }
2167
2168 rc = selinux_set_mapping(newpolicydb, secclass_map, &newmap);
2169 if (rc)
2170 goto err;
2171
2172 rc = security_preserve_bools(state, newpolicydb);
2173 if (rc) {
2174 pr_err("SELinux: unable to preserve booleans\n");
2175 goto err;
2176 }
2177
2178 oldsidtab = state->ss->sidtab;
2179
2180
2181
2182
2183
2184 args.state = state;
2185 args.oldp = policydb;
2186 args.newp = newpolicydb;
2187
2188 convert_params.func = convert_context;
2189 convert_params.args = &args;
2190 convert_params.target = newsidtab;
2191
2192 rc = sidtab_convert(oldsidtab, &convert_params);
2193 if (rc) {
2194 pr_err("SELinux: unable to convert the internal"
2195 " representation of contexts in the new SID"
2196 " table\n");
2197 goto err;
2198 }
2199
2200
2201 memcpy(oldpolicydb, policydb, sizeof(*policydb));
2202
2203
2204 write_lock_irq(&state->ss->policy_rwlock);
2205 memcpy(policydb, newpolicydb, sizeof(*policydb));
2206 state->ss->sidtab = newsidtab;
2207 security_load_policycaps(state);
2208 oldmapping = state->ss->map.mapping;
2209 state->ss->map.mapping = newmap.mapping;
2210 state->ss->map.size = newmap.size;
2211 seqno = ++state->ss->latest_granting;
2212 write_unlock_irq(&state->ss->policy_rwlock);
2213
2214
2215 policydb_destroy(oldpolicydb);
2216 sidtab_destroy(oldsidtab);
2217 kfree(oldsidtab);
2218 kfree(oldmapping);
2219
2220 avc_ss_reset(state->avc, seqno);
2221 selnl_notify_policyload(seqno);
2222 selinux_status_update_policyload(state, seqno);
2223 selinux_netlbl_cache_invalidate();
2224 selinux_xfrm_notify_policyload();
2225
2226 rc = 0;
2227 goto out;
2228
2229err:
2230 kfree(newmap.mapping);
2231 sidtab_destroy(newsidtab);
2232 kfree(newsidtab);
2233 policydb_destroy(newpolicydb);
2234
2235out:
2236 kfree(oldpolicydb);
2237 return rc;
2238}
2239
2240size_t security_policydb_len(struct selinux_state *state)
2241{
2242 struct policydb *p = &state->ss->policydb;
2243 size_t len;
2244
2245 read_lock(&state->ss->policy_rwlock);
2246 len = p->len;
2247 read_unlock(&state->ss->policy_rwlock);
2248
2249 return len;
2250}
2251
2252
2253
2254
2255
2256
2257
2258int security_port_sid(struct selinux_state *state,
2259 u8 protocol, u16 port, u32 *out_sid)
2260{
2261 struct policydb *policydb;
2262 struct sidtab *sidtab;
2263 struct ocontext *c;
2264 int rc = 0;
2265
2266 read_lock(&state->ss->policy_rwlock);
2267
2268 policydb = &state->ss->policydb;
2269 sidtab = state->ss->sidtab;
2270
2271 c = policydb->ocontexts[OCON_PORT];
2272 while (c) {
2273 if (c->u.port.protocol == protocol &&
2274 c->u.port.low_port <= port &&
2275 c->u.port.high_port >= port)
2276 break;
2277 c = c->next;
2278 }
2279
2280 if (c) {
2281 if (!c->sid[0]) {
2282 rc = sidtab_context_to_sid(sidtab,
2283 &c->context[0],
2284 &c->sid[0]);
2285 if (rc)
2286 goto out;
2287 }
2288 *out_sid = c->sid[0];
2289 } else {
2290 *out_sid = SECINITSID_PORT;
2291 }
2292
2293out:
2294 read_unlock(&state->ss->policy_rwlock);
2295 return rc;
2296}
2297
2298
2299
2300
2301
2302
2303
2304int security_ib_pkey_sid(struct selinux_state *state,
2305 u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
2306{
2307 struct policydb *policydb;
2308 struct sidtab *sidtab;
2309 struct ocontext *c;
2310 int rc = 0;
2311
2312 read_lock(&state->ss->policy_rwlock);
2313
2314 policydb = &state->ss->policydb;
2315 sidtab = state->ss->sidtab;
2316
2317 c = policydb->ocontexts[OCON_IBPKEY];
2318 while (c) {
2319 if (c->u.ibpkey.low_pkey <= pkey_num &&
2320 c->u.ibpkey.high_pkey >= pkey_num &&
2321 c->u.ibpkey.subnet_prefix == subnet_prefix)
2322 break;
2323
2324 c = c->next;
2325 }
2326
2327 if (c) {
2328 if (!c->sid[0]) {
2329 rc = sidtab_context_to_sid(sidtab,
2330 &c->context[0],
2331 &c->sid[0]);
2332 if (rc)
2333 goto out;
2334 }
2335 *out_sid = c->sid[0];
2336 } else
2337 *out_sid = SECINITSID_UNLABELED;
2338
2339out:
2340 read_unlock(&state->ss->policy_rwlock);
2341 return rc;
2342}
2343
2344
2345
2346
2347
2348
2349
2350int security_ib_endport_sid(struct selinux_state *state,
2351 const char *dev_name, u8 port_num, u32 *out_sid)
2352{
2353 struct policydb *policydb;
2354 struct sidtab *sidtab;
2355 struct ocontext *c;
2356 int rc = 0;
2357
2358 read_lock(&state->ss->policy_rwlock);
2359
2360 policydb = &state->ss->policydb;
2361 sidtab = state->ss->sidtab;
2362
2363 c = policydb->ocontexts[OCON_IBENDPORT];
2364 while (c) {
2365 if (c->u.ibendport.port == port_num &&
2366 !strncmp(c->u.ibendport.dev_name,
2367 dev_name,
2368 IB_DEVICE_NAME_MAX))
2369 break;
2370
2371 c = c->next;
2372 }
2373
2374 if (c) {
2375 if (!c->sid[0]) {
2376 rc = sidtab_context_to_sid(sidtab,
2377 &c->context[0],
2378 &c->sid[0]);
2379 if (rc)
2380 goto out;
2381 }
2382 *out_sid = c->sid[0];
2383 } else
2384 *out_sid = SECINITSID_UNLABELED;
2385
2386out:
2387 read_unlock(&state->ss->policy_rwlock);
2388 return rc;
2389}
2390
2391
2392
2393
2394
2395
2396int security_netif_sid(struct selinux_state *state,
2397 char *name, u32 *if_sid)
2398{
2399 struct policydb *policydb;
2400 struct sidtab *sidtab;
2401 int rc = 0;
2402 struct ocontext *c;
2403
2404 read_lock(&state->ss->policy_rwlock);
2405
2406 policydb = &state->ss->policydb;
2407 sidtab = state->ss->sidtab;
2408
2409 c = policydb->ocontexts[OCON_NETIF];
2410 while (c) {
2411 if (strcmp(name, c->u.name) == 0)
2412 break;
2413 c = c->next;
2414 }
2415
2416 if (c) {
2417 if (!c->sid[0] || !c->sid[1]) {
2418 rc = sidtab_context_to_sid(sidtab,
2419 &c->context[0],
2420 &c->sid[0]);
2421 if (rc)
2422 goto out;
2423 rc = sidtab_context_to_sid(sidtab,
2424 &c->context[1],
2425 &c->sid[1]);
2426 if (rc)
2427 goto out;
2428 }
2429 *if_sid = c->sid[0];
2430 } else
2431 *if_sid = SECINITSID_NETIF;
2432
2433out:
2434 read_unlock(&state->ss->policy_rwlock);
2435 return rc;
2436}
2437
2438static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
2439{
2440 int i, fail = 0;
2441
2442 for (i = 0; i < 4; i++)
2443 if (addr[i] != (input[i] & mask[i])) {
2444 fail = 1;
2445 break;
2446 }
2447
2448 return !fail;
2449}
2450
2451
2452
2453
2454
2455
2456
2457
2458int security_node_sid(struct selinux_state *state,
2459 u16 domain,
2460 void *addrp,
2461 u32 addrlen,
2462 u32 *out_sid)
2463{
2464 struct policydb *policydb;
2465 struct sidtab *sidtab;
2466 int rc;
2467 struct ocontext *c;
2468
2469 read_lock(&state->ss->policy_rwlock);
2470
2471 policydb = &state->ss->policydb;
2472 sidtab = state->ss->sidtab;
2473
2474 switch (domain) {
2475 case AF_INET: {
2476 u32 addr;
2477
2478 rc = -EINVAL;
2479 if (addrlen != sizeof(u32))
2480 goto out;
2481
2482 addr = *((u32 *)addrp);
2483
2484 c = policydb->ocontexts[OCON_NODE];
2485 while (c) {
2486 if (c->u.node.addr == (addr & c->u.node.mask))
2487 break;
2488 c = c->next;
2489 }
2490 break;
2491 }
2492
2493 case AF_INET6:
2494 rc = -EINVAL;
2495 if (addrlen != sizeof(u64) * 2)
2496 goto out;
2497 c = policydb->ocontexts[OCON_NODE6];
2498 while (c) {
2499 if (match_ipv6_addrmask(addrp, c->u.node6.addr,
2500 c->u.node6.mask))
2501 break;
2502 c = c->next;
2503 }
2504 break;
2505
2506 default:
2507 rc = 0;
2508 *out_sid = SECINITSID_NODE;
2509 goto out;
2510 }
2511
2512 if (c) {
2513 if (!c->sid[0]) {
2514 rc = sidtab_context_to_sid(sidtab,
2515 &c->context[0],
2516 &c->sid[0]);
2517 if (rc)
2518 goto out;
2519 }
2520 *out_sid = c->sid[0];
2521 } else {
2522 *out_sid = SECINITSID_NODE;
2523 }
2524
2525 rc = 0;
2526out:
2527 read_unlock(&state->ss->policy_rwlock);
2528 return rc;
2529}
2530
2531#define SIDS_NEL 25
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547int security_get_user_sids(struct selinux_state *state,
2548 u32 fromsid,
2549 char *username,
2550 u32 **sids,
2551 u32 *nel)
2552{
2553 struct policydb *policydb;
2554 struct sidtab *sidtab;
2555 struct context *fromcon, usercon;
2556 u32 *mysids = NULL, *mysids2, sid;
2557 u32 mynel = 0, maxnel = SIDS_NEL;
2558 struct user_datum *user;
2559 struct role_datum *role;
2560 struct ebitmap_node *rnode, *tnode;
2561 int rc = 0, i, j;
2562
2563 *sids = NULL;
2564 *nel = 0;
2565
2566 if (!state->initialized)
2567 goto out;
2568
2569 read_lock(&state->ss->policy_rwlock);
2570
2571 policydb = &state->ss->policydb;
2572 sidtab = state->ss->sidtab;
2573
2574 context_init(&usercon);
2575
2576 rc = -EINVAL;
2577 fromcon = sidtab_search(sidtab, fromsid);
2578 if (!fromcon)
2579 goto out_unlock;
2580
2581 rc = -EINVAL;
2582 user = hashtab_search(policydb->p_users.table, username);
2583 if (!user)
2584 goto out_unlock;
2585
2586 usercon.user = user->value;
2587
2588 rc = -ENOMEM;
2589 mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
2590 if (!mysids)
2591 goto out_unlock;
2592
2593 ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
2594 role = policydb->role_val_to_struct[i];
2595 usercon.role = i + 1;
2596 ebitmap_for_each_positive_bit(&role->types, tnode, j) {
2597 usercon.type = j + 1;
2598
2599 if (mls_setup_user_range(policydb, fromcon, user,
2600 &usercon))
2601 continue;
2602
2603 rc = sidtab_context_to_sid(sidtab, &usercon, &sid);
2604 if (rc)
2605 goto out_unlock;
2606 if (mynel < maxnel) {
2607 mysids[mynel++] = sid;
2608 } else {
2609 rc = -ENOMEM;
2610 maxnel += SIDS_NEL;
2611 mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
2612 if (!mysids2)
2613 goto out_unlock;
2614 memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
2615 kfree(mysids);
2616 mysids = mysids2;
2617 mysids[mynel++] = sid;
2618 }
2619 }
2620 }
2621 rc = 0;
2622out_unlock:
2623 read_unlock(&state->ss->policy_rwlock);
2624 if (rc || !mynel) {
2625 kfree(mysids);
2626 goto out;
2627 }
2628
2629 rc = -ENOMEM;
2630 mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
2631 if (!mysids2) {
2632 kfree(mysids);
2633 goto out;
2634 }
2635 for (i = 0, j = 0; i < mynel; i++) {
2636 struct av_decision dummy_avd;
2637 rc = avc_has_perm_noaudit(state,
2638 fromsid, mysids[i],
2639 SECCLASS_PROCESS,
2640 PROCESS__TRANSITION, AVC_STRICT,
2641 &dummy_avd);
2642 if (!rc)
2643 mysids2[j++] = mysids[i];
2644 cond_resched();
2645 }
2646 rc = 0;
2647 kfree(mysids);
2648 *sids = mysids2;
2649 *nel = j;
2650out:
2651 return rc;
2652}
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667static inline int __security_genfs_sid(struct selinux_state *state,
2668 const char *fstype,
2669 char *path,
2670 u16 orig_sclass,
2671 u32 *sid)
2672{
2673 struct policydb *policydb = &state->ss->policydb;
2674 struct sidtab *sidtab = state->ss->sidtab;
2675 int len;
2676 u16 sclass;
2677 struct genfs *genfs;
2678 struct ocontext *c;
2679 int rc, cmp = 0;
2680
2681 while (path[0] == '/' && path[1] == '/')
2682 path++;
2683
2684 sclass = unmap_class(&state->ss->map, orig_sclass);
2685 *sid = SECINITSID_UNLABELED;
2686
2687 for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
2688 cmp = strcmp(fstype, genfs->fstype);
2689 if (cmp <= 0)
2690 break;
2691 }
2692
2693 rc = -ENOENT;
2694 if (!genfs || cmp)
2695 goto out;
2696
2697 for (c = genfs->head; c; c = c->next) {
2698 len = strlen(c->u.name);
2699 if ((!c->v.sclass || sclass == c->v.sclass) &&
2700 (strncmp(c->u.name, path, len) == 0))
2701 break;
2702 }
2703
2704 rc = -ENOENT;
2705 if (!c)
2706 goto out;
2707
2708 if (!c->sid[0]) {
2709 rc = sidtab_context_to_sid(sidtab, &c->context[0], &c->sid[0]);
2710 if (rc)
2711 goto out;
2712 }
2713
2714 *sid = c->sid[0];
2715 rc = 0;
2716out:
2717 return rc;
2718}
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730int security_genfs_sid(struct selinux_state *state,
2731 const char *fstype,
2732 char *path,
2733 u16 orig_sclass,
2734 u32 *sid)
2735{
2736 int retval;
2737
2738 read_lock(&state->ss->policy_rwlock);
2739 retval = __security_genfs_sid(state, fstype, path, orig_sclass, sid);
2740 read_unlock(&state->ss->policy_rwlock);
2741 return retval;
2742}
2743
2744
2745
2746
2747
2748int security_fs_use(struct selinux_state *state, struct super_block *sb)
2749{
2750 struct policydb *policydb;
2751 struct sidtab *sidtab;
2752 int rc = 0;
2753 struct ocontext *c;
2754 struct superblock_security_struct *sbsec = sb->s_security;
2755 const char *fstype = sb->s_type->name;
2756
2757 read_lock(&state->ss->policy_rwlock);
2758
2759 policydb = &state->ss->policydb;
2760 sidtab = state->ss->sidtab;
2761
2762 c = policydb->ocontexts[OCON_FSUSE];
2763 while (c) {
2764 if (strcmp(fstype, c->u.name) == 0)
2765 break;
2766 c = c->next;
2767 }
2768
2769 if (c) {
2770 sbsec->behavior = c->v.behavior;
2771 if (!c->sid[0]) {
2772 rc = sidtab_context_to_sid(sidtab, &c->context[0],
2773 &c->sid[0]);
2774 if (rc)
2775 goto out;
2776 }
2777 sbsec->sid = c->sid[0];
2778 } else {
2779 rc = __security_genfs_sid(state, fstype, "/", SECCLASS_DIR,
2780 &sbsec->sid);
2781 if (rc) {
2782 sbsec->behavior = SECURITY_FS_USE_NONE;
2783 rc = 0;
2784 } else {
2785 sbsec->behavior = SECURITY_FS_USE_GENFS;
2786 }
2787 }
2788
2789out:
2790 read_unlock(&state->ss->policy_rwlock);
2791 return rc;
2792}
2793
2794int security_get_bools(struct selinux_state *state,
2795 int *len, char ***names, int **values)
2796{
2797 struct policydb *policydb;
2798 int i, rc;
2799
2800 if (!state->initialized) {
2801 *len = 0;
2802 *names = NULL;
2803 *values = NULL;
2804 return 0;
2805 }
2806
2807 read_lock(&state->ss->policy_rwlock);
2808
2809 policydb = &state->ss->policydb;
2810
2811 *names = NULL;
2812 *values = NULL;
2813
2814 rc = 0;
2815 *len = policydb->p_bools.nprim;
2816 if (!*len)
2817 goto out;
2818
2819 rc = -ENOMEM;
2820 *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
2821 if (!*names)
2822 goto err;
2823
2824 rc = -ENOMEM;
2825 *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
2826 if (!*values)
2827 goto err;
2828
2829 for (i = 0; i < *len; i++) {
2830 (*values)[i] = policydb->bool_val_to_struct[i]->state;
2831
2832 rc = -ENOMEM;
2833 (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
2834 GFP_ATOMIC);
2835 if (!(*names)[i])
2836 goto err;
2837 }
2838 rc = 0;
2839out:
2840 read_unlock(&state->ss->policy_rwlock);
2841 return rc;
2842err:
2843 if (*names) {
2844 for (i = 0; i < *len; i++)
2845 kfree((*names)[i]);
2846 }
2847 kfree(*values);
2848 goto out;
2849}
2850
2851
2852int security_set_bools(struct selinux_state *state, int len, int *values)
2853{
2854 struct policydb *policydb;
2855 int i, rc;
2856 int lenp, seqno = 0;
2857 struct cond_node *cur;
2858
2859 write_lock_irq(&state->ss->policy_rwlock);
2860
2861 policydb = &state->ss->policydb;
2862
2863 rc = -EFAULT;
2864 lenp = policydb->p_bools.nprim;
2865 if (len != lenp)
2866 goto out;
2867
2868 for (i = 0; i < len; i++) {
2869 if (!!values[i] != policydb->bool_val_to_struct[i]->state) {
2870 audit_log(audit_context(), GFP_ATOMIC,
2871 AUDIT_MAC_CONFIG_CHANGE,
2872 "bool=%s val=%d old_val=%d auid=%u ses=%u",
2873 sym_name(policydb, SYM_BOOLS, i),
2874 !!values[i],
2875 policydb->bool_val_to_struct[i]->state,
2876 from_kuid(&init_user_ns, audit_get_loginuid(current)),
2877 audit_get_sessionid(current));
2878 }
2879 if (values[i])
2880 policydb->bool_val_to_struct[i]->state = 1;
2881 else
2882 policydb->bool_val_to_struct[i]->state = 0;
2883 }
2884
2885 for (cur = policydb->cond_list; cur; cur = cur->next) {
2886 rc = evaluate_cond_node(policydb, cur);
2887 if (rc)
2888 goto out;
2889 }
2890
2891 seqno = ++state->ss->latest_granting;
2892 rc = 0;
2893out:
2894 write_unlock_irq(&state->ss->policy_rwlock);
2895 if (!rc) {
2896 avc_ss_reset(state->avc, seqno);
2897 selnl_notify_policyload(seqno);
2898 selinux_status_update_policyload(state, seqno);
2899 selinux_xfrm_notify_policyload();
2900 }
2901 return rc;
2902}
2903
2904int security_get_bool_value(struct selinux_state *state,
2905 int index)
2906{
2907 struct policydb *policydb;
2908 int rc;
2909 int len;
2910
2911 read_lock(&state->ss->policy_rwlock);
2912
2913 policydb = &state->ss->policydb;
2914
2915 rc = -EFAULT;
2916 len = policydb->p_bools.nprim;
2917 if (index >= len)
2918 goto out;
2919
2920 rc = policydb->bool_val_to_struct[index]->state;
2921out:
2922 read_unlock(&state->ss->policy_rwlock);
2923 return rc;
2924}
2925
2926static int security_preserve_bools(struct selinux_state *state,
2927 struct policydb *policydb)
2928{
2929 int rc, nbools = 0, *bvalues = NULL, i;
2930 char **bnames = NULL;
2931 struct cond_bool_datum *booldatum;
2932 struct cond_node *cur;
2933
2934 rc = security_get_bools(state, &nbools, &bnames, &bvalues);
2935 if (rc)
2936 goto out;
2937 for (i = 0; i < nbools; i++) {
2938 booldatum = hashtab_search(policydb->p_bools.table, bnames[i]);
2939 if (booldatum)
2940 booldatum->state = bvalues[i];
2941 }
2942 for (cur = policydb->cond_list; cur; cur = cur->next) {
2943 rc = evaluate_cond_node(policydb, cur);
2944 if (rc)
2945 goto out;
2946 }
2947
2948out:
2949 if (bnames) {
2950 for (i = 0; i < nbools; i++)
2951 kfree(bnames[i]);
2952 }
2953 kfree(bnames);
2954 kfree(bvalues);
2955 return rc;
2956}
2957
2958
2959
2960
2961
2962int security_sid_mls_copy(struct selinux_state *state,
2963 u32 sid, u32 mls_sid, u32 *new_sid)
2964{
2965 struct policydb *policydb = &state->ss->policydb;
2966 struct sidtab *sidtab = state->ss->sidtab;
2967 struct context *context1;
2968 struct context *context2;
2969 struct context newcon;
2970 char *s;
2971 u32 len;
2972 int rc;
2973
2974 rc = 0;
2975 if (!state->initialized || !policydb->mls_enabled) {
2976 *new_sid = sid;
2977 goto out;
2978 }
2979
2980 context_init(&newcon);
2981
2982 read_lock(&state->ss->policy_rwlock);
2983
2984 rc = -EINVAL;
2985 context1 = sidtab_search(sidtab, sid);
2986 if (!context1) {
2987 pr_err("SELinux: %s: unrecognized SID %d\n",
2988 __func__, sid);
2989 goto out_unlock;
2990 }
2991
2992 rc = -EINVAL;
2993 context2 = sidtab_search(sidtab, mls_sid);
2994 if (!context2) {
2995 pr_err("SELinux: %s: unrecognized SID %d\n",
2996 __func__, mls_sid);
2997 goto out_unlock;
2998 }
2999
3000 newcon.user = context1->user;
3001 newcon.role = context1->role;
3002 newcon.type = context1->type;
3003 rc = mls_context_cpy(&newcon, context2);
3004 if (rc)
3005 goto out_unlock;
3006
3007
3008 if (!policydb_context_isvalid(policydb, &newcon)) {
3009 rc = convert_context_handle_invalid_context(state, &newcon);
3010 if (rc) {
3011 if (!context_struct_to_string(policydb, &newcon, &s,
3012 &len)) {
3013 audit_log(audit_context(),
3014 GFP_ATOMIC, AUDIT_SELINUX_ERR,
3015 "op=security_sid_mls_copy "
3016 "invalid_context=%s", s);
3017 kfree(s);
3018 }
3019 goto out_unlock;
3020 }
3021 }
3022
3023 rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
3024out_unlock:
3025 read_unlock(&state->ss->policy_rwlock);
3026 context_destroy(&newcon);
3027out:
3028 return rc;
3029}
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051int security_net_peersid_resolve(struct selinux_state *state,
3052 u32 nlbl_sid, u32 nlbl_type,
3053 u32 xfrm_sid,
3054 u32 *peer_sid)
3055{
3056 struct policydb *policydb = &state->ss->policydb;
3057 struct sidtab *sidtab = state->ss->sidtab;
3058 int rc;
3059 struct context *nlbl_ctx;
3060 struct context *xfrm_ctx;
3061
3062 *peer_sid = SECSID_NULL;
3063
3064
3065
3066
3067 if (xfrm_sid == SECSID_NULL) {
3068 *peer_sid = nlbl_sid;
3069 return 0;
3070 }
3071
3072
3073
3074 if (nlbl_sid == SECSID_NULL || nlbl_type == NETLBL_NLTYPE_UNLABELED) {
3075 *peer_sid = xfrm_sid;
3076 return 0;
3077 }
3078
3079
3080
3081
3082
3083
3084 if (!policydb->mls_enabled)
3085 return 0;
3086
3087 read_lock(&state->ss->policy_rwlock);
3088
3089 rc = -EINVAL;
3090 nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
3091 if (!nlbl_ctx) {
3092 pr_err("SELinux: %s: unrecognized SID %d\n",
3093 __func__, nlbl_sid);
3094 goto out;
3095 }
3096 rc = -EINVAL;
3097 xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
3098 if (!xfrm_ctx) {
3099 pr_err("SELinux: %s: unrecognized SID %d\n",
3100 __func__, xfrm_sid);
3101 goto out;
3102 }
3103 rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
3104 if (rc)
3105 goto out;
3106
3107
3108
3109
3110
3111
3112 *peer_sid = xfrm_sid;
3113out:
3114 read_unlock(&state->ss->policy_rwlock);
3115 return rc;
3116}
3117
3118static int get_classes_callback(void *k, void *d, void *args)
3119{
3120 struct class_datum *datum = d;
3121 char *name = k, **classes = args;
3122 int value = datum->value - 1;
3123
3124 classes[value] = kstrdup(name, GFP_ATOMIC);
3125 if (!classes[value])
3126 return -ENOMEM;
3127
3128 return 0;
3129}
3130
3131int security_get_classes(struct selinux_state *state,
3132 char ***classes, int *nclasses)
3133{
3134 struct policydb *policydb = &state->ss->policydb;
3135 int rc;
3136
3137 if (!state->initialized) {
3138 *nclasses = 0;
3139 *classes = NULL;
3140 return 0;
3141 }
3142
3143 read_lock(&state->ss->policy_rwlock);
3144
3145 rc = -ENOMEM;
3146 *nclasses = policydb->p_classes.nprim;
3147 *classes = kcalloc(*nclasses, sizeof(**classes), GFP_ATOMIC);
3148 if (!*classes)
3149 goto out;
3150
3151 rc = hashtab_map(policydb->p_classes.table, get_classes_callback,
3152 *classes);
3153 if (rc) {
3154 int i;
3155 for (i = 0; i < *nclasses; i++)
3156 kfree((*classes)[i]);
3157 kfree(*classes);
3158 }
3159
3160out:
3161 read_unlock(&state->ss->policy_rwlock);
3162 return rc;
3163}
3164
3165static int get_permissions_callback(void *k, void *d, void *args)
3166{
3167 struct perm_datum *datum = d;
3168 char *name = k, **perms = args;
3169 int value = datum->value - 1;
3170
3171 perms[value] = kstrdup(name, GFP_ATOMIC);
3172 if (!perms[value])
3173 return -ENOMEM;
3174
3175 return 0;
3176}
3177
3178int security_get_permissions(struct selinux_state *state,
3179 char *class, char ***perms, int *nperms)
3180{
3181 struct policydb *policydb = &state->ss->policydb;
3182 int rc, i;
3183 struct class_datum *match;
3184
3185 read_lock(&state->ss->policy_rwlock);
3186
3187 rc = -EINVAL;
3188 match = hashtab_search(policydb->p_classes.table, class);
3189 if (!match) {
3190 pr_err("SELinux: %s: unrecognized class %s\n",
3191 __func__, class);
3192 goto out;
3193 }
3194
3195 rc = -ENOMEM;
3196 *nperms = match->permissions.nprim;
3197 *perms = kcalloc(*nperms, sizeof(**perms), GFP_ATOMIC);
3198 if (!*perms)
3199 goto out;
3200
3201 if (match->comdatum) {
3202 rc = hashtab_map(match->comdatum->permissions.table,
3203 get_permissions_callback, *perms);
3204 if (rc)
3205 goto err;
3206 }
3207
3208 rc = hashtab_map(match->permissions.table, get_permissions_callback,
3209 *perms);
3210 if (rc)
3211 goto err;
3212
3213out:
3214 read_unlock(&state->ss->policy_rwlock);
3215 return rc;
3216
3217err:
3218 read_unlock(&state->ss->policy_rwlock);
3219 for (i = 0; i < *nperms; i++)
3220 kfree((*perms)[i]);
3221 kfree(*perms);
3222 return rc;
3223}
3224
3225int security_get_reject_unknown(struct selinux_state *state)
3226{
3227 return state->ss->policydb.reject_unknown;
3228}
3229
3230int security_get_allow_unknown(struct selinux_state *state)
3231{
3232 return state->ss->policydb.allow_unknown;
3233}
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245int security_policycap_supported(struct selinux_state *state,
3246 unsigned int req_cap)
3247{
3248 struct policydb *policydb = &state->ss->policydb;
3249 int rc;
3250
3251 read_lock(&state->ss->policy_rwlock);
3252 rc = ebitmap_get_bit(&policydb->policycaps, req_cap);
3253 read_unlock(&state->ss->policy_rwlock);
3254
3255 return rc;
3256}
3257
3258struct selinux_audit_rule {
3259 u32 au_seqno;
3260 struct context au_ctxt;
3261};
3262
3263void selinux_audit_rule_free(void *vrule)
3264{
3265 struct selinux_audit_rule *rule = vrule;
3266
3267 if (rule) {
3268 context_destroy(&rule->au_ctxt);
3269 kfree(rule);
3270 }
3271}
3272
3273int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3274{
3275 struct selinux_state *state = &selinux_state;
3276 struct policydb *policydb = &state->ss->policydb;
3277 struct selinux_audit_rule *tmprule;
3278 struct role_datum *roledatum;
3279 struct type_datum *typedatum;
3280 struct user_datum *userdatum;
3281 struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
3282 int rc = 0;
3283
3284 *rule = NULL;
3285
3286 if (!state->initialized)
3287 return -EOPNOTSUPP;
3288
3289 switch (field) {
3290 case AUDIT_SUBJ_USER:
3291 case AUDIT_SUBJ_ROLE:
3292 case AUDIT_SUBJ_TYPE:
3293 case AUDIT_OBJ_USER:
3294 case AUDIT_OBJ_ROLE:
3295 case AUDIT_OBJ_TYPE:
3296
3297 if (op != Audit_equal && op != Audit_not_equal)
3298 return -EINVAL;
3299 break;
3300 case AUDIT_SUBJ_SEN:
3301 case AUDIT_SUBJ_CLR:
3302 case AUDIT_OBJ_LEV_LOW:
3303 case AUDIT_OBJ_LEV_HIGH:
3304
3305 if (strchr(rulestr, '-'))
3306 return -EINVAL;
3307 break;
3308 default:
3309
3310 return -EINVAL;
3311 }
3312
3313 tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
3314 if (!tmprule)
3315 return -ENOMEM;
3316
3317 context_init(&tmprule->au_ctxt);
3318
3319 read_lock(&state->ss->policy_rwlock);
3320
3321 tmprule->au_seqno = state->ss->latest_granting;
3322
3323 switch (field) {
3324 case AUDIT_SUBJ_USER:
3325 case AUDIT_OBJ_USER:
3326 rc = -EINVAL;
3327 userdatum = hashtab_search(policydb->p_users.table, rulestr);
3328 if (!userdatum)
3329 goto out;
3330 tmprule->au_ctxt.user = userdatum->value;
3331 break;
3332 case AUDIT_SUBJ_ROLE:
3333 case AUDIT_OBJ_ROLE:
3334 rc = -EINVAL;
3335 roledatum = hashtab_search(policydb->p_roles.table, rulestr);
3336 if (!roledatum)
3337 goto out;
3338 tmprule->au_ctxt.role = roledatum->value;
3339 break;
3340 case AUDIT_SUBJ_TYPE:
3341 case AUDIT_OBJ_TYPE:
3342 rc = -EINVAL;
3343 typedatum = hashtab_search(policydb->p_types.table, rulestr);
3344 if (!typedatum)
3345 goto out;
3346 tmprule->au_ctxt.type = typedatum->value;
3347 break;
3348 case AUDIT_SUBJ_SEN:
3349 case AUDIT_SUBJ_CLR:
3350 case AUDIT_OBJ_LEV_LOW:
3351 case AUDIT_OBJ_LEV_HIGH:
3352 rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
3353 GFP_ATOMIC);
3354 if (rc)
3355 goto out;
3356 break;
3357 }
3358 rc = 0;
3359out:
3360 read_unlock(&state->ss->policy_rwlock);
3361
3362 if (rc) {
3363 selinux_audit_rule_free(tmprule);
3364 tmprule = NULL;
3365 }
3366
3367 *rule = tmprule;
3368
3369 return rc;
3370}
3371
3372
3373int selinux_audit_rule_known(struct audit_krule *rule)
3374{
3375 int i;
3376
3377 for (i = 0; i < rule->field_count; i++) {
3378 struct audit_field *f = &rule->fields[i];
3379 switch (f->type) {
3380 case AUDIT_SUBJ_USER:
3381 case AUDIT_SUBJ_ROLE:
3382 case AUDIT_SUBJ_TYPE:
3383 case AUDIT_SUBJ_SEN:
3384 case AUDIT_SUBJ_CLR:
3385 case AUDIT_OBJ_USER:
3386 case AUDIT_OBJ_ROLE:
3387 case AUDIT_OBJ_TYPE:
3388 case AUDIT_OBJ_LEV_LOW:
3389 case AUDIT_OBJ_LEV_HIGH:
3390 return 1;
3391 }
3392 }
3393
3394 return 0;
3395}
3396
3397int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
3398{
3399 struct selinux_state *state = &selinux_state;
3400 struct context *ctxt;
3401 struct mls_level *level;
3402 struct selinux_audit_rule *rule = vrule;
3403 int match = 0;
3404
3405 if (unlikely(!rule)) {
3406 WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
3407 return -ENOENT;
3408 }
3409
3410 read_lock(&state->ss->policy_rwlock);
3411
3412 if (rule->au_seqno < state->ss->latest_granting) {
3413 match = -ESTALE;
3414 goto out;
3415 }
3416
3417 ctxt = sidtab_search(state->ss->sidtab, sid);
3418 if (unlikely(!ctxt)) {
3419 WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
3420 sid);
3421 match = -ENOENT;
3422 goto out;
3423 }
3424
3425
3426
3427 switch (field) {
3428 case AUDIT_SUBJ_USER:
3429 case AUDIT_OBJ_USER:
3430 switch (op) {
3431 case Audit_equal:
3432 match = (ctxt->user == rule->au_ctxt.user);
3433 break;
3434 case Audit_not_equal:
3435 match = (ctxt->user != rule->au_ctxt.user);
3436 break;
3437 }
3438 break;
3439 case AUDIT_SUBJ_ROLE:
3440 case AUDIT_OBJ_ROLE:
3441 switch (op) {
3442 case Audit_equal:
3443 match = (ctxt->role == rule->au_ctxt.role);
3444 break;
3445 case Audit_not_equal:
3446 match = (ctxt->role != rule->au_ctxt.role);
3447 break;
3448 }
3449 break;
3450 case AUDIT_SUBJ_TYPE:
3451 case AUDIT_OBJ_TYPE:
3452 switch (op) {
3453 case Audit_equal:
3454 match = (ctxt->type == rule->au_ctxt.type);
3455 break;
3456 case Audit_not_equal:
3457 match = (ctxt->type != rule->au_ctxt.type);
3458 break;
3459 }
3460 break;
3461 case AUDIT_SUBJ_SEN:
3462 case AUDIT_SUBJ_CLR:
3463 case AUDIT_OBJ_LEV_LOW:
3464 case AUDIT_OBJ_LEV_HIGH:
3465 level = ((field == AUDIT_SUBJ_SEN ||
3466 field == AUDIT_OBJ_LEV_LOW) ?
3467 &ctxt->range.level[0] : &ctxt->range.level[1]);
3468 switch (op) {
3469 case Audit_equal:
3470 match = mls_level_eq(&rule->au_ctxt.range.level[0],
3471 level);
3472 break;
3473 case Audit_not_equal:
3474 match = !mls_level_eq(&rule->au_ctxt.range.level[0],
3475 level);
3476 break;
3477 case Audit_lt:
3478 match = (mls_level_dom(&rule->au_ctxt.range.level[0],
3479 level) &&
3480 !mls_level_eq(&rule->au_ctxt.range.level[0],
3481 level));
3482 break;
3483 case Audit_le:
3484 match = mls_level_dom(&rule->au_ctxt.range.level[0],
3485 level);
3486 break;
3487 case Audit_gt:
3488 match = (mls_level_dom(level,
3489 &rule->au_ctxt.range.level[0]) &&
3490 !mls_level_eq(level,
3491 &rule->au_ctxt.range.level[0]));
3492 break;
3493 case Audit_ge:
3494 match = mls_level_dom(level,
3495 &rule->au_ctxt.range.level[0]);
3496 break;
3497 }
3498 }
3499
3500out:
3501 read_unlock(&state->ss->policy_rwlock);
3502 return match;
3503}
3504
3505static int (*aurule_callback)(void) = audit_update_lsm_rules;
3506
3507static int aurule_avc_callback(u32 event)
3508{
3509 int err = 0;
3510
3511 if (event == AVC_CALLBACK_RESET && aurule_callback)
3512 err = aurule_callback();
3513 return err;
3514}
3515
3516static int __init aurule_init(void)
3517{
3518 int err;
3519
3520 err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
3521 if (err)
3522 panic("avc_add_callback() failed, error %d\n", err);
3523
3524 return err;
3525}
3526__initcall(aurule_init);
3527
3528#ifdef CONFIG_NETLABEL
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
3541 u32 sid)
3542{
3543 u32 *sid_cache;
3544
3545 sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC);
3546 if (sid_cache == NULL)
3547 return;
3548 secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
3549 if (secattr->cache == NULL) {
3550 kfree(sid_cache);
3551 return;
3552 }
3553
3554 *sid_cache = sid;
3555 secattr->cache->free = kfree;
3556 secattr->cache->data = sid_cache;
3557 secattr->flags |= NETLBL_SECATTR_CACHE;
3558}
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575int security_netlbl_secattr_to_sid(struct selinux_state *state,
3576 struct netlbl_lsm_secattr *secattr,
3577 u32 *sid)
3578{
3579 struct policydb *policydb = &state->ss->policydb;
3580 struct sidtab *sidtab = state->ss->sidtab;
3581 int rc;
3582 struct context *ctx;
3583 struct context ctx_new;
3584
3585 if (!state->initialized) {
3586 *sid = SECSID_NULL;
3587 return 0;
3588 }
3589
3590 read_lock(&state->ss->policy_rwlock);
3591
3592 if (secattr->flags & NETLBL_SECATTR_CACHE)
3593 *sid = *(u32 *)secattr->cache->data;
3594 else if (secattr->flags & NETLBL_SECATTR_SECID)
3595 *sid = secattr->attr.secid;
3596 else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
3597 rc = -EIDRM;
3598 ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
3599 if (ctx == NULL)
3600 goto out;
3601
3602 context_init(&ctx_new);
3603 ctx_new.user = ctx->user;
3604 ctx_new.role = ctx->role;
3605 ctx_new.type = ctx->type;
3606 mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
3607 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
3608 rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
3609 if (rc)
3610 goto out;
3611 }
3612 rc = -EIDRM;
3613 if (!mls_context_isvalid(policydb, &ctx_new))
3614 goto out_free;
3615
3616 rc = sidtab_context_to_sid(sidtab, &ctx_new, sid);
3617 if (rc)
3618 goto out_free;
3619
3620 security_netlbl_cache_add(secattr, *sid);
3621
3622 ebitmap_destroy(&ctx_new.range.level[0].cat);
3623 } else
3624 *sid = SECSID_NULL;
3625
3626 read_unlock(&state->ss->policy_rwlock);
3627 return 0;
3628out_free:
3629 ebitmap_destroy(&ctx_new.range.level[0].cat);
3630out:
3631 read_unlock(&state->ss->policy_rwlock);
3632 return rc;
3633}
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645int security_netlbl_sid_to_secattr(struct selinux_state *state,
3646 u32 sid, struct netlbl_lsm_secattr *secattr)
3647{
3648 struct policydb *policydb = &state->ss->policydb;
3649 int rc;
3650 struct context *ctx;
3651
3652 if (!state->initialized)
3653 return 0;
3654
3655 read_lock(&state->ss->policy_rwlock);
3656
3657 rc = -ENOENT;
3658 ctx = sidtab_search(state->ss->sidtab, sid);
3659 if (ctx == NULL)
3660 goto out;
3661
3662 rc = -ENOMEM;
3663 secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
3664 GFP_ATOMIC);
3665 if (secattr->domain == NULL)
3666 goto out;
3667
3668 secattr->attr.secid = sid;
3669 secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
3670 mls_export_netlbl_lvl(policydb, ctx, secattr);
3671 rc = mls_export_netlbl_cat(policydb, ctx, secattr);
3672out:
3673 read_unlock(&state->ss->policy_rwlock);
3674 return rc;
3675}
3676#endif
3677
3678
3679
3680
3681
3682
3683
3684int security_read_policy(struct selinux_state *state,
3685 void **data, size_t *len)
3686{
3687 struct policydb *policydb = &state->ss->policydb;
3688 int rc;
3689 struct policy_file fp;
3690
3691 if (!state->initialized)
3692 return -EINVAL;
3693
3694 *len = security_policydb_len(state);
3695
3696 *data = vmalloc_user(*len);
3697 if (!*data)
3698 return -ENOMEM;
3699
3700 fp.data = *data;
3701 fp.len = *len;
3702
3703 read_lock(&state->ss->policy_rwlock);
3704 rc = policydb_write(policydb, &fp);
3705 read_unlock(&state->ss->policy_rwlock);
3706
3707 if (rc)
3708 return rc;
3709
3710 *len = (unsigned long)fp.data - (unsigned long)*data;
3711 return 0;
3712
3713}
3714