11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * Implementation of the security services. 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Authors : Stephen Smalley, <sds@epoch.ncsc.mil> 51da177e4SLinus Torvalds * James Morris <jmorris@redhat.com> 61da177e4SLinus Torvalds * 71da177e4SLinus Torvalds * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 81da177e4SLinus Torvalds * 91da177e4SLinus Torvalds * Support for enhanced MLS infrastructure. 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 121da177e4SLinus Torvalds * 131da177e4SLinus Torvalds * Added conditional policy language extensions 141da177e4SLinus Torvalds * 151da177e4SLinus Torvalds * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 161da177e4SLinus Torvalds * Copyright (C) 2003 - 2004 Tresys Technology, LLC 171da177e4SLinus Torvalds * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 181da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or modify 191da177e4SLinus Torvalds * it under the terms of the GNU General Public License as published by 201da177e4SLinus Torvalds * the Free Software Foundation, version 2. 211da177e4SLinus Torvalds */ 221da177e4SLinus Torvalds #include <linux/kernel.h> 231da177e4SLinus Torvalds #include <linux/slab.h> 241da177e4SLinus Torvalds #include <linux/string.h> 251da177e4SLinus Torvalds #include <linux/spinlock.h> 261da177e4SLinus Torvalds #include <linux/errno.h> 271da177e4SLinus Torvalds #include <linux/in.h> 281da177e4SLinus Torvalds #include <linux/sched.h> 291da177e4SLinus Torvalds #include <linux/audit.h> 301da177e4SLinus Torvalds #include <asm/semaphore.h> 311da177e4SLinus Torvalds #include "flask.h" 321da177e4SLinus Torvalds #include "avc.h" 331da177e4SLinus Torvalds #include "avc_ss.h" 341da177e4SLinus Torvalds #include "security.h" 351da177e4SLinus Torvalds #include "context.h" 361da177e4SLinus Torvalds #include "policydb.h" 371da177e4SLinus Torvalds #include "sidtab.h" 381da177e4SLinus Torvalds #include "services.h" 391da177e4SLinus Torvalds #include "conditional.h" 401da177e4SLinus Torvalds #include "mls.h" 411da177e4SLinus Torvalds 421da177e4SLinus Torvalds extern void selnl_notify_policyload(u32 seqno); 431da177e4SLinus Torvalds unsigned int policydb_loaded_version; 441da177e4SLinus Torvalds 451da177e4SLinus Torvalds static DEFINE_RWLOCK(policy_rwlock); 461da177e4SLinus Torvalds #define POLICY_RDLOCK read_lock(&policy_rwlock) 471da177e4SLinus Torvalds #define POLICY_WRLOCK write_lock_irq(&policy_rwlock) 481da177e4SLinus Torvalds #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) 491da177e4SLinus Torvalds #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) 501da177e4SLinus Torvalds 511da177e4SLinus Torvalds static DECLARE_MUTEX(load_sem); 521da177e4SLinus Torvalds #define LOAD_LOCK down(&load_sem) 531da177e4SLinus Torvalds #define LOAD_UNLOCK up(&load_sem) 541da177e4SLinus Torvalds 551da177e4SLinus Torvalds static struct sidtab sidtab; 561da177e4SLinus Torvalds struct policydb policydb; 571da177e4SLinus Torvalds int ss_initialized = 0; 581da177e4SLinus Torvalds 591da177e4SLinus Torvalds /* 601da177e4SLinus Torvalds * The largest sequence number that has been used when 611da177e4SLinus Torvalds * providing an access decision to the access vector cache. 621da177e4SLinus Torvalds * The sequence number only changes when a policy change 631da177e4SLinus Torvalds * occurs. 641da177e4SLinus Torvalds */ 651da177e4SLinus Torvalds static u32 latest_granting = 0; 661da177e4SLinus Torvalds 671da177e4SLinus Torvalds /* Forward declaration. */ 681da177e4SLinus Torvalds static int context_struct_to_string(struct context *context, char **scontext, 691da177e4SLinus Torvalds u32 *scontext_len); 701da177e4SLinus Torvalds 711da177e4SLinus Torvalds /* 721da177e4SLinus Torvalds * Return the boolean value of a constraint expression 731da177e4SLinus Torvalds * when it is applied to the specified source and target 741da177e4SLinus Torvalds * security contexts. 751da177e4SLinus Torvalds * 761da177e4SLinus Torvalds * xcontext is a special beast... It is used by the validatetrans rules 771da177e4SLinus Torvalds * only. For these rules, scontext is the context before the transition, 781da177e4SLinus Torvalds * tcontext is the context after the transition, and xcontext is the context 791da177e4SLinus Torvalds * of the process performing the transition. All other callers of 801da177e4SLinus Torvalds * constraint_expr_eval should pass in NULL for xcontext. 811da177e4SLinus Torvalds */ 821da177e4SLinus Torvalds static int constraint_expr_eval(struct context *scontext, 831da177e4SLinus Torvalds struct context *tcontext, 841da177e4SLinus Torvalds struct context *xcontext, 851da177e4SLinus Torvalds struct constraint_expr *cexpr) 861da177e4SLinus Torvalds { 871da177e4SLinus Torvalds u32 val1, val2; 881da177e4SLinus Torvalds struct context *c; 891da177e4SLinus Torvalds struct role_datum *r1, *r2; 901da177e4SLinus Torvalds struct mls_level *l1, *l2; 911da177e4SLinus Torvalds struct constraint_expr *e; 921da177e4SLinus Torvalds int s[CEXPR_MAXDEPTH]; 931da177e4SLinus Torvalds int sp = -1; 941da177e4SLinus Torvalds 951da177e4SLinus Torvalds for (e = cexpr; e; e = e->next) { 961da177e4SLinus Torvalds switch (e->expr_type) { 971da177e4SLinus Torvalds case CEXPR_NOT: 981da177e4SLinus Torvalds BUG_ON(sp < 0); 991da177e4SLinus Torvalds s[sp] = !s[sp]; 1001da177e4SLinus Torvalds break; 1011da177e4SLinus Torvalds case CEXPR_AND: 1021da177e4SLinus Torvalds BUG_ON(sp < 1); 1031da177e4SLinus Torvalds sp--; 1041da177e4SLinus Torvalds s[sp] &= s[sp+1]; 1051da177e4SLinus Torvalds break; 1061da177e4SLinus Torvalds case CEXPR_OR: 1071da177e4SLinus Torvalds BUG_ON(sp < 1); 1081da177e4SLinus Torvalds sp--; 1091da177e4SLinus Torvalds s[sp] |= s[sp+1]; 1101da177e4SLinus Torvalds break; 1111da177e4SLinus Torvalds case CEXPR_ATTR: 1121da177e4SLinus Torvalds if (sp == (CEXPR_MAXDEPTH-1)) 1131da177e4SLinus Torvalds return 0; 1141da177e4SLinus Torvalds switch (e->attr) { 1151da177e4SLinus Torvalds case CEXPR_USER: 1161da177e4SLinus Torvalds val1 = scontext->user; 1171da177e4SLinus Torvalds val2 = tcontext->user; 1181da177e4SLinus Torvalds break; 1191da177e4SLinus Torvalds case CEXPR_TYPE: 1201da177e4SLinus Torvalds val1 = scontext->type; 1211da177e4SLinus Torvalds val2 = tcontext->type; 1221da177e4SLinus Torvalds break; 1231da177e4SLinus Torvalds case CEXPR_ROLE: 1241da177e4SLinus Torvalds val1 = scontext->role; 1251da177e4SLinus Torvalds val2 = tcontext->role; 1261da177e4SLinus Torvalds r1 = policydb.role_val_to_struct[val1 - 1]; 1271da177e4SLinus Torvalds r2 = policydb.role_val_to_struct[val2 - 1]; 1281da177e4SLinus Torvalds switch (e->op) { 1291da177e4SLinus Torvalds case CEXPR_DOM: 1301da177e4SLinus Torvalds s[++sp] = ebitmap_get_bit(&r1->dominates, 1311da177e4SLinus Torvalds val2 - 1); 1321da177e4SLinus Torvalds continue; 1331da177e4SLinus Torvalds case CEXPR_DOMBY: 1341da177e4SLinus Torvalds s[++sp] = ebitmap_get_bit(&r2->dominates, 1351da177e4SLinus Torvalds val1 - 1); 1361da177e4SLinus Torvalds continue; 1371da177e4SLinus Torvalds case CEXPR_INCOMP: 1381da177e4SLinus Torvalds s[++sp] = ( !ebitmap_get_bit(&r1->dominates, 1391da177e4SLinus Torvalds val2 - 1) && 1401da177e4SLinus Torvalds !ebitmap_get_bit(&r2->dominates, 1411da177e4SLinus Torvalds val1 - 1) ); 1421da177e4SLinus Torvalds continue; 1431da177e4SLinus Torvalds default: 1441da177e4SLinus Torvalds break; 1451da177e4SLinus Torvalds } 1461da177e4SLinus Torvalds break; 1471da177e4SLinus Torvalds case CEXPR_L1L2: 1481da177e4SLinus Torvalds l1 = &(scontext->range.level[0]); 1491da177e4SLinus Torvalds l2 = &(tcontext->range.level[0]); 1501da177e4SLinus Torvalds goto mls_ops; 1511da177e4SLinus Torvalds case CEXPR_L1H2: 1521da177e4SLinus Torvalds l1 = &(scontext->range.level[0]); 1531da177e4SLinus Torvalds l2 = &(tcontext->range.level[1]); 1541da177e4SLinus Torvalds goto mls_ops; 1551da177e4SLinus Torvalds case CEXPR_H1L2: 1561da177e4SLinus Torvalds l1 = &(scontext->range.level[1]); 1571da177e4SLinus Torvalds l2 = &(tcontext->range.level[0]); 1581da177e4SLinus Torvalds goto mls_ops; 1591da177e4SLinus Torvalds case CEXPR_H1H2: 1601da177e4SLinus Torvalds l1 = &(scontext->range.level[1]); 1611da177e4SLinus Torvalds l2 = &(tcontext->range.level[1]); 1621da177e4SLinus Torvalds goto mls_ops; 1631da177e4SLinus Torvalds case CEXPR_L1H1: 1641da177e4SLinus Torvalds l1 = &(scontext->range.level[0]); 1651da177e4SLinus Torvalds l2 = &(scontext->range.level[1]); 1661da177e4SLinus Torvalds goto mls_ops; 1671da177e4SLinus Torvalds case CEXPR_L2H2: 1681da177e4SLinus Torvalds l1 = &(tcontext->range.level[0]); 1691da177e4SLinus Torvalds l2 = &(tcontext->range.level[1]); 1701da177e4SLinus Torvalds goto mls_ops; 1711da177e4SLinus Torvalds mls_ops: 1721da177e4SLinus Torvalds switch (e->op) { 1731da177e4SLinus Torvalds case CEXPR_EQ: 1741da177e4SLinus Torvalds s[++sp] = mls_level_eq(l1, l2); 1751da177e4SLinus Torvalds continue; 1761da177e4SLinus Torvalds case CEXPR_NEQ: 1771da177e4SLinus Torvalds s[++sp] = !mls_level_eq(l1, l2); 1781da177e4SLinus Torvalds continue; 1791da177e4SLinus Torvalds case CEXPR_DOM: 1801da177e4SLinus Torvalds s[++sp] = mls_level_dom(l1, l2); 1811da177e4SLinus Torvalds continue; 1821da177e4SLinus Torvalds case CEXPR_DOMBY: 1831da177e4SLinus Torvalds s[++sp] = mls_level_dom(l2, l1); 1841da177e4SLinus Torvalds continue; 1851da177e4SLinus Torvalds case CEXPR_INCOMP: 1861da177e4SLinus Torvalds s[++sp] = mls_level_incomp(l2, l1); 1871da177e4SLinus Torvalds continue; 1881da177e4SLinus Torvalds default: 1891da177e4SLinus Torvalds BUG(); 1901da177e4SLinus Torvalds return 0; 1911da177e4SLinus Torvalds } 1921da177e4SLinus Torvalds break; 1931da177e4SLinus Torvalds default: 1941da177e4SLinus Torvalds BUG(); 1951da177e4SLinus Torvalds return 0; 1961da177e4SLinus Torvalds } 1971da177e4SLinus Torvalds 1981da177e4SLinus Torvalds switch (e->op) { 1991da177e4SLinus Torvalds case CEXPR_EQ: 2001da177e4SLinus Torvalds s[++sp] = (val1 == val2); 2011da177e4SLinus Torvalds break; 2021da177e4SLinus Torvalds case CEXPR_NEQ: 2031da177e4SLinus Torvalds s[++sp] = (val1 != val2); 2041da177e4SLinus Torvalds break; 2051da177e4SLinus Torvalds default: 2061da177e4SLinus Torvalds BUG(); 2071da177e4SLinus Torvalds return 0; 2081da177e4SLinus Torvalds } 2091da177e4SLinus Torvalds break; 2101da177e4SLinus Torvalds case CEXPR_NAMES: 2111da177e4SLinus Torvalds if (sp == (CEXPR_MAXDEPTH-1)) 2121da177e4SLinus Torvalds return 0; 2131da177e4SLinus Torvalds c = scontext; 2141da177e4SLinus Torvalds if (e->attr & CEXPR_TARGET) 2151da177e4SLinus Torvalds c = tcontext; 2161da177e4SLinus Torvalds else if (e->attr & CEXPR_XTARGET) { 2171da177e4SLinus Torvalds c = xcontext; 2181da177e4SLinus Torvalds if (!c) { 2191da177e4SLinus Torvalds BUG(); 2201da177e4SLinus Torvalds return 0; 2211da177e4SLinus Torvalds } 2221da177e4SLinus Torvalds } 2231da177e4SLinus Torvalds if (e->attr & CEXPR_USER) 2241da177e4SLinus Torvalds val1 = c->user; 2251da177e4SLinus Torvalds else if (e->attr & CEXPR_ROLE) 2261da177e4SLinus Torvalds val1 = c->role; 2271da177e4SLinus Torvalds else if (e->attr & CEXPR_TYPE) 2281da177e4SLinus Torvalds val1 = c->type; 2291da177e4SLinus Torvalds else { 2301da177e4SLinus Torvalds BUG(); 2311da177e4SLinus Torvalds return 0; 2321da177e4SLinus Torvalds } 2331da177e4SLinus Torvalds 2341da177e4SLinus Torvalds switch (e->op) { 2351da177e4SLinus Torvalds case CEXPR_EQ: 2361da177e4SLinus Torvalds s[++sp] = ebitmap_get_bit(&e->names, val1 - 1); 2371da177e4SLinus Torvalds break; 2381da177e4SLinus Torvalds case CEXPR_NEQ: 2391da177e4SLinus Torvalds s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1); 2401da177e4SLinus Torvalds break; 2411da177e4SLinus Torvalds default: 2421da177e4SLinus Torvalds BUG(); 2431da177e4SLinus Torvalds return 0; 2441da177e4SLinus Torvalds } 2451da177e4SLinus Torvalds break; 2461da177e4SLinus Torvalds default: 2471da177e4SLinus Torvalds BUG(); 2481da177e4SLinus Torvalds return 0; 2491da177e4SLinus Torvalds } 2501da177e4SLinus Torvalds } 2511da177e4SLinus Torvalds 2521da177e4SLinus Torvalds BUG_ON(sp != 0); 2531da177e4SLinus Torvalds return s[0]; 2541da177e4SLinus Torvalds } 2551da177e4SLinus Torvalds 2561da177e4SLinus Torvalds /* 2571da177e4SLinus Torvalds * Compute access vectors based on a context structure pair for 2581da177e4SLinus Torvalds * the permissions in a particular class. 2591da177e4SLinus Torvalds */ 2601da177e4SLinus Torvalds static int context_struct_compute_av(struct context *scontext, 2611da177e4SLinus Torvalds struct context *tcontext, 2621da177e4SLinus Torvalds u16 tclass, 2631da177e4SLinus Torvalds u32 requested, 2641da177e4SLinus Torvalds struct av_decision *avd) 2651da177e4SLinus Torvalds { 2661da177e4SLinus Torvalds struct constraint_node *constraint; 2671da177e4SLinus Torvalds struct role_allow *ra; 2681da177e4SLinus Torvalds struct avtab_key avkey; 269782ebb99SStephen Smalley struct avtab_node *node; 2701da177e4SLinus Torvalds struct class_datum *tclass_datum; 271782ebb99SStephen Smalley struct ebitmap *sattr, *tattr; 272782ebb99SStephen Smalley struct ebitmap_node *snode, *tnode; 273782ebb99SStephen Smalley unsigned int i, j; 2741da177e4SLinus Torvalds 2751da177e4SLinus Torvalds /* 2761da177e4SLinus Torvalds * Remap extended Netlink classes for old policy versions. 2771da177e4SLinus Torvalds * Do this here rather than socket_type_to_security_class() 2781da177e4SLinus Torvalds * in case a newer policy version is loaded, allowing sockets 2791da177e4SLinus Torvalds * to remain in the correct class. 2801da177e4SLinus Torvalds */ 2811da177e4SLinus Torvalds if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) 2821da177e4SLinus Torvalds if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET && 2831da177e4SLinus Torvalds tclass <= SECCLASS_NETLINK_DNRT_SOCKET) 2841da177e4SLinus Torvalds tclass = SECCLASS_NETLINK_SOCKET; 2851da177e4SLinus Torvalds 2861da177e4SLinus Torvalds if (!tclass || tclass > policydb.p_classes.nprim) { 2871da177e4SLinus Torvalds printk(KERN_ERR "security_compute_av: unrecognized class %d\n", 2881da177e4SLinus Torvalds tclass); 2891da177e4SLinus Torvalds return -EINVAL; 2901da177e4SLinus Torvalds } 2911da177e4SLinus Torvalds tclass_datum = policydb.class_val_to_struct[tclass - 1]; 2921da177e4SLinus Torvalds 2931da177e4SLinus Torvalds /* 2941da177e4SLinus Torvalds * Initialize the access vectors to the default values. 2951da177e4SLinus Torvalds */ 2961da177e4SLinus Torvalds avd->allowed = 0; 2971da177e4SLinus Torvalds avd->decided = 0xffffffff; 2981da177e4SLinus Torvalds avd->auditallow = 0; 2991da177e4SLinus Torvalds avd->auditdeny = 0xffffffff; 3001da177e4SLinus Torvalds avd->seqno = latest_granting; 3011da177e4SLinus Torvalds 3021da177e4SLinus Torvalds /* 3031da177e4SLinus Torvalds * If a specific type enforcement rule was defined for 3041da177e4SLinus Torvalds * this permission check, then use it. 3051da177e4SLinus Torvalds */ 3061da177e4SLinus Torvalds avkey.target_class = tclass; 307782ebb99SStephen Smalley avkey.specified = AVTAB_AV; 308782ebb99SStephen Smalley sattr = &policydb.type_attr_map[scontext->type - 1]; 309782ebb99SStephen Smalley tattr = &policydb.type_attr_map[tcontext->type - 1]; 310782ebb99SStephen Smalley ebitmap_for_each_bit(sattr, snode, i) { 311782ebb99SStephen Smalley if (!ebitmap_node_get_bit(snode, i)) 312782ebb99SStephen Smalley continue; 313782ebb99SStephen Smalley ebitmap_for_each_bit(tattr, tnode, j) { 314782ebb99SStephen Smalley if (!ebitmap_node_get_bit(tnode, j)) 315782ebb99SStephen Smalley continue; 316782ebb99SStephen Smalley avkey.source_type = i + 1; 317782ebb99SStephen Smalley avkey.target_type = j + 1; 318782ebb99SStephen Smalley for (node = avtab_search_node(&policydb.te_avtab, &avkey); 319782ebb99SStephen Smalley node != NULL; 320782ebb99SStephen Smalley node = avtab_search_node_next(node, avkey.specified)) { 321782ebb99SStephen Smalley if (node->key.specified == AVTAB_ALLOWED) 322782ebb99SStephen Smalley avd->allowed |= node->datum.data; 323782ebb99SStephen Smalley else if (node->key.specified == AVTAB_AUDITALLOW) 324782ebb99SStephen Smalley avd->auditallow |= node->datum.data; 325782ebb99SStephen Smalley else if (node->key.specified == AVTAB_AUDITDENY) 326782ebb99SStephen Smalley avd->auditdeny &= node->datum.data; 3271da177e4SLinus Torvalds } 3281da177e4SLinus Torvalds 3291da177e4SLinus Torvalds /* Check conditional av table for additional permissions */ 3301da177e4SLinus Torvalds cond_compute_av(&policydb.te_cond_avtab, &avkey, avd); 3311da177e4SLinus Torvalds 332782ebb99SStephen Smalley } 333782ebb99SStephen Smalley } 334782ebb99SStephen Smalley 3351da177e4SLinus Torvalds /* 3361da177e4SLinus Torvalds * Remove any permissions prohibited by a constraint (this includes 3371da177e4SLinus Torvalds * the MLS policy). 3381da177e4SLinus Torvalds */ 3391da177e4SLinus Torvalds constraint = tclass_datum->constraints; 3401da177e4SLinus Torvalds while (constraint) { 3411da177e4SLinus Torvalds if ((constraint->permissions & (avd->allowed)) && 3421da177e4SLinus Torvalds !constraint_expr_eval(scontext, tcontext, NULL, 3431da177e4SLinus Torvalds constraint->expr)) { 3441da177e4SLinus Torvalds avd->allowed = (avd->allowed) & ~(constraint->permissions); 3451da177e4SLinus Torvalds } 3461da177e4SLinus Torvalds constraint = constraint->next; 3471da177e4SLinus Torvalds } 3481da177e4SLinus Torvalds 3491da177e4SLinus Torvalds /* 3501da177e4SLinus Torvalds * If checking process transition permission and the 3511da177e4SLinus Torvalds * role is changing, then check the (current_role, new_role) 3521da177e4SLinus Torvalds * pair. 3531da177e4SLinus Torvalds */ 3541da177e4SLinus Torvalds if (tclass == SECCLASS_PROCESS && 3551da177e4SLinus Torvalds (avd->allowed & (PROCESS__TRANSITION | PROCESS__DYNTRANSITION)) && 3561da177e4SLinus Torvalds scontext->role != tcontext->role) { 3571da177e4SLinus Torvalds for (ra = policydb.role_allow; ra; ra = ra->next) { 3581da177e4SLinus Torvalds if (scontext->role == ra->role && 3591da177e4SLinus Torvalds tcontext->role == ra->new_role) 3601da177e4SLinus Torvalds break; 3611da177e4SLinus Torvalds } 3621da177e4SLinus Torvalds if (!ra) 3631da177e4SLinus Torvalds avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION | 3641da177e4SLinus Torvalds PROCESS__DYNTRANSITION); 3651da177e4SLinus Torvalds } 3661da177e4SLinus Torvalds 3671da177e4SLinus Torvalds return 0; 3681da177e4SLinus Torvalds } 3691da177e4SLinus Torvalds 3701da177e4SLinus Torvalds static int security_validtrans_handle_fail(struct context *ocontext, 3711da177e4SLinus Torvalds struct context *ncontext, 3721da177e4SLinus Torvalds struct context *tcontext, 3731da177e4SLinus Torvalds u16 tclass) 3741da177e4SLinus Torvalds { 3751da177e4SLinus Torvalds char *o = NULL, *n = NULL, *t = NULL; 3761da177e4SLinus Torvalds u32 olen, nlen, tlen; 3771da177e4SLinus Torvalds 3781da177e4SLinus Torvalds if (context_struct_to_string(ocontext, &o, &olen) < 0) 3791da177e4SLinus Torvalds goto out; 3801da177e4SLinus Torvalds if (context_struct_to_string(ncontext, &n, &nlen) < 0) 3811da177e4SLinus Torvalds goto out; 3821da177e4SLinus Torvalds if (context_struct_to_string(tcontext, &t, &tlen) < 0) 3831da177e4SLinus Torvalds goto out; 3849ad9ad38SDavid Woodhouse audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, 3851da177e4SLinus Torvalds "security_validate_transition: denied for" 3861da177e4SLinus Torvalds " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", 3871da177e4SLinus Torvalds o, n, t, policydb.p_class_val_to_name[tclass-1]); 3881da177e4SLinus Torvalds out: 3891da177e4SLinus Torvalds kfree(o); 3901da177e4SLinus Torvalds kfree(n); 3911da177e4SLinus Torvalds kfree(t); 3921da177e4SLinus Torvalds 3931da177e4SLinus Torvalds if (!selinux_enforcing) 3941da177e4SLinus Torvalds return 0; 3951da177e4SLinus Torvalds return -EPERM; 3961da177e4SLinus Torvalds } 3971da177e4SLinus Torvalds 3981da177e4SLinus Torvalds int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, 3991da177e4SLinus Torvalds u16 tclass) 4001da177e4SLinus Torvalds { 4011da177e4SLinus Torvalds struct context *ocontext; 4021da177e4SLinus Torvalds struct context *ncontext; 4031da177e4SLinus Torvalds struct context *tcontext; 4041da177e4SLinus Torvalds struct class_datum *tclass_datum; 4051da177e4SLinus Torvalds struct constraint_node *constraint; 4061da177e4SLinus Torvalds int rc = 0; 4071da177e4SLinus Torvalds 4081da177e4SLinus Torvalds if (!ss_initialized) 4091da177e4SLinus Torvalds return 0; 4101da177e4SLinus Torvalds 4111da177e4SLinus Torvalds POLICY_RDLOCK; 4121da177e4SLinus Torvalds 4131da177e4SLinus Torvalds /* 4141da177e4SLinus Torvalds * Remap extended Netlink classes for old policy versions. 4151da177e4SLinus Torvalds * Do this here rather than socket_type_to_security_class() 4161da177e4SLinus Torvalds * in case a newer policy version is loaded, allowing sockets 4171da177e4SLinus Torvalds * to remain in the correct class. 4181da177e4SLinus Torvalds */ 4191da177e4SLinus Torvalds if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) 4201da177e4SLinus Torvalds if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET && 4211da177e4SLinus Torvalds tclass <= SECCLASS_NETLINK_DNRT_SOCKET) 4221da177e4SLinus Torvalds tclass = SECCLASS_NETLINK_SOCKET; 4231da177e4SLinus Torvalds 4241da177e4SLinus Torvalds if (!tclass || tclass > policydb.p_classes.nprim) { 4251da177e4SLinus Torvalds printk(KERN_ERR "security_validate_transition: " 4261da177e4SLinus Torvalds "unrecognized class %d\n", tclass); 4271da177e4SLinus Torvalds rc = -EINVAL; 4281da177e4SLinus Torvalds goto out; 4291da177e4SLinus Torvalds } 4301da177e4SLinus Torvalds tclass_datum = policydb.class_val_to_struct[tclass - 1]; 4311da177e4SLinus Torvalds 4321da177e4SLinus Torvalds ocontext = sidtab_search(&sidtab, oldsid); 4331da177e4SLinus Torvalds if (!ocontext) { 4341da177e4SLinus Torvalds printk(KERN_ERR "security_validate_transition: " 4351da177e4SLinus Torvalds " unrecognized SID %d\n", oldsid); 4361da177e4SLinus Torvalds rc = -EINVAL; 4371da177e4SLinus Torvalds goto out; 4381da177e4SLinus Torvalds } 4391da177e4SLinus Torvalds 4401da177e4SLinus Torvalds ncontext = sidtab_search(&sidtab, newsid); 4411da177e4SLinus Torvalds if (!ncontext) { 4421da177e4SLinus Torvalds printk(KERN_ERR "security_validate_transition: " 4431da177e4SLinus Torvalds " unrecognized SID %d\n", newsid); 4441da177e4SLinus Torvalds rc = -EINVAL; 4451da177e4SLinus Torvalds goto out; 4461da177e4SLinus Torvalds } 4471da177e4SLinus Torvalds 4481da177e4SLinus Torvalds tcontext = sidtab_search(&sidtab, tasksid); 4491da177e4SLinus Torvalds if (!tcontext) { 4501da177e4SLinus Torvalds printk(KERN_ERR "security_validate_transition: " 4511da177e4SLinus Torvalds " unrecognized SID %d\n", tasksid); 4521da177e4SLinus Torvalds rc = -EINVAL; 4531da177e4SLinus Torvalds goto out; 4541da177e4SLinus Torvalds } 4551da177e4SLinus Torvalds 4561da177e4SLinus Torvalds constraint = tclass_datum->validatetrans; 4571da177e4SLinus Torvalds while (constraint) { 4581da177e4SLinus Torvalds if (!constraint_expr_eval(ocontext, ncontext, tcontext, 4591da177e4SLinus Torvalds constraint->expr)) { 4601da177e4SLinus Torvalds rc = security_validtrans_handle_fail(ocontext, ncontext, 4611da177e4SLinus Torvalds tcontext, tclass); 4621da177e4SLinus Torvalds goto out; 4631da177e4SLinus Torvalds } 4641da177e4SLinus Torvalds constraint = constraint->next; 4651da177e4SLinus Torvalds } 4661da177e4SLinus Torvalds 4671da177e4SLinus Torvalds out: 4681da177e4SLinus Torvalds POLICY_RDUNLOCK; 4691da177e4SLinus Torvalds return rc; 4701da177e4SLinus Torvalds } 4711da177e4SLinus Torvalds 4721da177e4SLinus Torvalds /** 4731da177e4SLinus Torvalds * security_compute_av - Compute access vector decisions. 4741da177e4SLinus Torvalds * @ssid: source security identifier 4751da177e4SLinus Torvalds * @tsid: target security identifier 4761da177e4SLinus Torvalds * @tclass: target security class 4771da177e4SLinus Torvalds * @requested: requested permissions 4781da177e4SLinus Torvalds * @avd: access vector decisions 4791da177e4SLinus Torvalds * 4801da177e4SLinus Torvalds * Compute a set of access vector decisions based on the 4811da177e4SLinus Torvalds * SID pair (@ssid, @tsid) for the permissions in @tclass. 4821da177e4SLinus Torvalds * Return -%EINVAL if any of the parameters are invalid or %0 4831da177e4SLinus Torvalds * if the access vector decisions were computed successfully. 4841da177e4SLinus Torvalds */ 4851da177e4SLinus Torvalds int security_compute_av(u32 ssid, 4861da177e4SLinus Torvalds u32 tsid, 4871da177e4SLinus Torvalds u16 tclass, 4881da177e4SLinus Torvalds u32 requested, 4891da177e4SLinus Torvalds struct av_decision *avd) 4901da177e4SLinus Torvalds { 4911da177e4SLinus Torvalds struct context *scontext = NULL, *tcontext = NULL; 4921da177e4SLinus Torvalds int rc = 0; 4931da177e4SLinus Torvalds 4941da177e4SLinus Torvalds if (!ss_initialized) { 4954c443d1bSStephen Smalley avd->allowed = 0xffffffff; 4964c443d1bSStephen Smalley avd->decided = 0xffffffff; 4971da177e4SLinus Torvalds avd->auditallow = 0; 4981da177e4SLinus Torvalds avd->auditdeny = 0xffffffff; 4991da177e4SLinus Torvalds avd->seqno = latest_granting; 5001da177e4SLinus Torvalds return 0; 5011da177e4SLinus Torvalds } 5021da177e4SLinus Torvalds 5031da177e4SLinus Torvalds POLICY_RDLOCK; 5041da177e4SLinus Torvalds 5051da177e4SLinus Torvalds scontext = sidtab_search(&sidtab, ssid); 5061da177e4SLinus Torvalds if (!scontext) { 5071da177e4SLinus Torvalds printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", 5081da177e4SLinus Torvalds ssid); 5091da177e4SLinus Torvalds rc = -EINVAL; 5101da177e4SLinus Torvalds goto out; 5111da177e4SLinus Torvalds } 5121da177e4SLinus Torvalds tcontext = sidtab_search(&sidtab, tsid); 5131da177e4SLinus Torvalds if (!tcontext) { 5141da177e4SLinus Torvalds printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", 5151da177e4SLinus Torvalds tsid); 5161da177e4SLinus Torvalds rc = -EINVAL; 5171da177e4SLinus Torvalds goto out; 5181da177e4SLinus Torvalds } 5191da177e4SLinus Torvalds 5201da177e4SLinus Torvalds rc = context_struct_compute_av(scontext, tcontext, tclass, 5211da177e4SLinus Torvalds requested, avd); 5221da177e4SLinus Torvalds out: 5231da177e4SLinus Torvalds POLICY_RDUNLOCK; 5241da177e4SLinus Torvalds return rc; 5251da177e4SLinus Torvalds } 5261da177e4SLinus Torvalds 5271da177e4SLinus Torvalds /* 5281da177e4SLinus Torvalds * Write the security context string representation of 5291da177e4SLinus Torvalds * the context structure `context' into a dynamically 5301da177e4SLinus Torvalds * allocated string of the correct size. Set `*scontext' 5311da177e4SLinus Torvalds * to point to this string and set `*scontext_len' to 5321da177e4SLinus Torvalds * the length of the string. 5331da177e4SLinus Torvalds */ 5341da177e4SLinus Torvalds static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len) 5351da177e4SLinus Torvalds { 5361da177e4SLinus Torvalds char *scontextp; 5371da177e4SLinus Torvalds 5381da177e4SLinus Torvalds *scontext = NULL; 5391da177e4SLinus Torvalds *scontext_len = 0; 5401da177e4SLinus Torvalds 5411da177e4SLinus Torvalds /* Compute the size of the context. */ 5421da177e4SLinus Torvalds *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1; 5431da177e4SLinus Torvalds *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1; 5441da177e4SLinus Torvalds *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1; 5451da177e4SLinus Torvalds *scontext_len += mls_compute_context_len(context); 5461da177e4SLinus Torvalds 5471da177e4SLinus Torvalds /* Allocate space for the context; caller must free this space. */ 5481da177e4SLinus Torvalds scontextp = kmalloc(*scontext_len, GFP_ATOMIC); 5491da177e4SLinus Torvalds if (!scontextp) { 5501da177e4SLinus Torvalds return -ENOMEM; 5511da177e4SLinus Torvalds } 5521da177e4SLinus Torvalds *scontext = scontextp; 5531da177e4SLinus Torvalds 5541da177e4SLinus Torvalds /* 5551da177e4SLinus Torvalds * Copy the user name, role name and type name into the context. 5561da177e4SLinus Torvalds */ 5571da177e4SLinus Torvalds sprintf(scontextp, "%s:%s:%s", 5581da177e4SLinus Torvalds policydb.p_user_val_to_name[context->user - 1], 5591da177e4SLinus Torvalds policydb.p_role_val_to_name[context->role - 1], 5601da177e4SLinus Torvalds policydb.p_type_val_to_name[context->type - 1]); 5611da177e4SLinus Torvalds scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) + 5621da177e4SLinus Torvalds 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + 5631da177e4SLinus Torvalds 1 + strlen(policydb.p_type_val_to_name[context->type - 1]); 5641da177e4SLinus Torvalds 5651da177e4SLinus Torvalds mls_sid_to_context(context, &scontextp); 5661da177e4SLinus Torvalds 5671da177e4SLinus Torvalds *scontextp = 0; 5681da177e4SLinus Torvalds 5691da177e4SLinus Torvalds return 0; 5701da177e4SLinus Torvalds } 5711da177e4SLinus Torvalds 5721da177e4SLinus Torvalds #include "initial_sid_to_string.h" 5731da177e4SLinus Torvalds 5741da177e4SLinus Torvalds /** 5751da177e4SLinus Torvalds * security_sid_to_context - Obtain a context for a given SID. 5761da177e4SLinus Torvalds * @sid: security identifier, SID 5771da177e4SLinus Torvalds * @scontext: security context 5781da177e4SLinus Torvalds * @scontext_len: length in bytes 5791da177e4SLinus Torvalds * 5801da177e4SLinus Torvalds * Write the string representation of the context associated with @sid 5811da177e4SLinus Torvalds * into a dynamically allocated string of the correct size. Set @scontext 5821da177e4SLinus Torvalds * to point to this string and set @scontext_len to the length of the string. 5831da177e4SLinus Torvalds */ 5841da177e4SLinus Torvalds int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) 5851da177e4SLinus Torvalds { 5861da177e4SLinus Torvalds struct context *context; 5871da177e4SLinus Torvalds int rc = 0; 5881da177e4SLinus Torvalds 5891da177e4SLinus Torvalds if (!ss_initialized) { 5901da177e4SLinus Torvalds if (sid <= SECINITSID_NUM) { 5911da177e4SLinus Torvalds char *scontextp; 5921da177e4SLinus Torvalds 5931da177e4SLinus Torvalds *scontext_len = strlen(initial_sid_to_string[sid]) + 1; 5941da177e4SLinus Torvalds scontextp = kmalloc(*scontext_len,GFP_ATOMIC); 5951da177e4SLinus Torvalds strcpy(scontextp, initial_sid_to_string[sid]); 5961da177e4SLinus Torvalds *scontext = scontextp; 5971da177e4SLinus Torvalds goto out; 5981da177e4SLinus Torvalds } 5991da177e4SLinus Torvalds printk(KERN_ERR "security_sid_to_context: called before initial " 6001da177e4SLinus Torvalds "load_policy on unknown SID %d\n", sid); 6011da177e4SLinus Torvalds rc = -EINVAL; 6021da177e4SLinus Torvalds goto out; 6031da177e4SLinus Torvalds } 6041da177e4SLinus Torvalds POLICY_RDLOCK; 6051da177e4SLinus Torvalds context = sidtab_search(&sidtab, sid); 6061da177e4SLinus Torvalds if (!context) { 6071da177e4SLinus Torvalds printk(KERN_ERR "security_sid_to_context: unrecognized SID " 6081da177e4SLinus Torvalds "%d\n", sid); 6091da177e4SLinus Torvalds rc = -EINVAL; 6101da177e4SLinus Torvalds goto out_unlock; 6111da177e4SLinus Torvalds } 6121da177e4SLinus Torvalds rc = context_struct_to_string(context, scontext, scontext_len); 6131da177e4SLinus Torvalds out_unlock: 6141da177e4SLinus Torvalds POLICY_RDUNLOCK; 6151da177e4SLinus Torvalds out: 6161da177e4SLinus Torvalds return rc; 6171da177e4SLinus Torvalds 6181da177e4SLinus Torvalds } 6191da177e4SLinus Torvalds 620f5c1d5b2SJames Morris static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 6211da177e4SLinus Torvalds { 6221da177e4SLinus Torvalds char *scontext2; 6231da177e4SLinus Torvalds struct context context; 6241da177e4SLinus Torvalds struct role_datum *role; 6251da177e4SLinus Torvalds struct type_datum *typdatum; 6261da177e4SLinus Torvalds struct user_datum *usrdatum; 6271da177e4SLinus Torvalds char *scontextp, *p, oldc; 6281da177e4SLinus Torvalds int rc = 0; 6291da177e4SLinus Torvalds 6301da177e4SLinus Torvalds if (!ss_initialized) { 6311da177e4SLinus Torvalds int i; 6321da177e4SLinus Torvalds 6331da177e4SLinus Torvalds for (i = 1; i < SECINITSID_NUM; i++) { 6341da177e4SLinus Torvalds if (!strcmp(initial_sid_to_string[i], scontext)) { 6351da177e4SLinus Torvalds *sid = i; 6361da177e4SLinus Torvalds goto out; 6371da177e4SLinus Torvalds } 6381da177e4SLinus Torvalds } 6391da177e4SLinus Torvalds *sid = SECINITSID_KERNEL; 6401da177e4SLinus Torvalds goto out; 6411da177e4SLinus Torvalds } 6421da177e4SLinus Torvalds *sid = SECSID_NULL; 6431da177e4SLinus Torvalds 6441da177e4SLinus Torvalds /* Copy the string so that we can modify the copy as we parse it. 6451da177e4SLinus Torvalds The string should already by null terminated, but we append a 6461da177e4SLinus Torvalds null suffix to the copy to avoid problems with the existing 6471da177e4SLinus Torvalds attr package, which doesn't view the null terminator as part 6481da177e4SLinus Torvalds of the attribute value. */ 6491da177e4SLinus Torvalds scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); 6501da177e4SLinus Torvalds if (!scontext2) { 6511da177e4SLinus Torvalds rc = -ENOMEM; 6521da177e4SLinus Torvalds goto out; 6531da177e4SLinus Torvalds } 6541da177e4SLinus Torvalds memcpy(scontext2, scontext, scontext_len); 6551da177e4SLinus Torvalds scontext2[scontext_len] = 0; 6561da177e4SLinus Torvalds 6571da177e4SLinus Torvalds context_init(&context); 6581da177e4SLinus Torvalds *sid = SECSID_NULL; 6591da177e4SLinus Torvalds 6601da177e4SLinus Torvalds POLICY_RDLOCK; 6611da177e4SLinus Torvalds 6621da177e4SLinus Torvalds /* Parse the security context. */ 6631da177e4SLinus Torvalds 6641da177e4SLinus Torvalds rc = -EINVAL; 6651da177e4SLinus Torvalds scontextp = (char *) scontext2; 6661da177e4SLinus Torvalds 6671da177e4SLinus Torvalds /* Extract the user. */ 6681da177e4SLinus Torvalds p = scontextp; 6691da177e4SLinus Torvalds while (*p && *p != ':') 6701da177e4SLinus Torvalds p++; 6711da177e4SLinus Torvalds 6721da177e4SLinus Torvalds if (*p == 0) 6731da177e4SLinus Torvalds goto out_unlock; 6741da177e4SLinus Torvalds 6751da177e4SLinus Torvalds *p++ = 0; 6761da177e4SLinus Torvalds 6771da177e4SLinus Torvalds usrdatum = hashtab_search(policydb.p_users.table, scontextp); 6781da177e4SLinus Torvalds if (!usrdatum) 6791da177e4SLinus Torvalds goto out_unlock; 6801da177e4SLinus Torvalds 6811da177e4SLinus Torvalds context.user = usrdatum->value; 6821da177e4SLinus Torvalds 6831da177e4SLinus Torvalds /* Extract role. */ 6841da177e4SLinus Torvalds scontextp = p; 6851da177e4SLinus Torvalds while (*p && *p != ':') 6861da177e4SLinus Torvalds p++; 6871da177e4SLinus Torvalds 6881da177e4SLinus Torvalds if (*p == 0) 6891da177e4SLinus Torvalds goto out_unlock; 6901da177e4SLinus Torvalds 6911da177e4SLinus Torvalds *p++ = 0; 6921da177e4SLinus Torvalds 6931da177e4SLinus Torvalds role = hashtab_search(policydb.p_roles.table, scontextp); 6941da177e4SLinus Torvalds if (!role) 6951da177e4SLinus Torvalds goto out_unlock; 6961da177e4SLinus Torvalds context.role = role->value; 6971da177e4SLinus Torvalds 6981da177e4SLinus Torvalds /* Extract type. */ 6991da177e4SLinus Torvalds scontextp = p; 7001da177e4SLinus Torvalds while (*p && *p != ':') 7011da177e4SLinus Torvalds p++; 7021da177e4SLinus Torvalds oldc = *p; 7031da177e4SLinus Torvalds *p++ = 0; 7041da177e4SLinus Torvalds 7051da177e4SLinus Torvalds typdatum = hashtab_search(policydb.p_types.table, scontextp); 7061da177e4SLinus Torvalds if (!typdatum) 7071da177e4SLinus Torvalds goto out_unlock; 7081da177e4SLinus Torvalds 7091da177e4SLinus Torvalds context.type = typdatum->value; 7101da177e4SLinus Torvalds 711f5c1d5b2SJames Morris rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid); 7121da177e4SLinus Torvalds if (rc) 7131da177e4SLinus Torvalds goto out_unlock; 7141da177e4SLinus Torvalds 7151da177e4SLinus Torvalds if ((p - scontext2) < scontext_len) { 7161da177e4SLinus Torvalds rc = -EINVAL; 7171da177e4SLinus Torvalds goto out_unlock; 7181da177e4SLinus Torvalds } 7191da177e4SLinus Torvalds 7201da177e4SLinus Torvalds /* Check the validity of the new context. */ 7211da177e4SLinus Torvalds if (!policydb_context_isvalid(&policydb, &context)) { 7221da177e4SLinus Torvalds rc = -EINVAL; 7231da177e4SLinus Torvalds goto out_unlock; 7241da177e4SLinus Torvalds } 7251da177e4SLinus Torvalds /* Obtain the new sid. */ 7261da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, &context, sid); 7271da177e4SLinus Torvalds out_unlock: 7281da177e4SLinus Torvalds POLICY_RDUNLOCK; 7291da177e4SLinus Torvalds context_destroy(&context); 7301da177e4SLinus Torvalds kfree(scontext2); 7311da177e4SLinus Torvalds out: 7321da177e4SLinus Torvalds return rc; 7331da177e4SLinus Torvalds } 7341da177e4SLinus Torvalds 735f5c1d5b2SJames Morris /** 736f5c1d5b2SJames Morris * security_context_to_sid - Obtain a SID for a given security context. 737f5c1d5b2SJames Morris * @scontext: security context 738f5c1d5b2SJames Morris * @scontext_len: length in bytes 739f5c1d5b2SJames Morris * @sid: security identifier, SID 740f5c1d5b2SJames Morris * 741f5c1d5b2SJames Morris * Obtains a SID associated with the security context that 742f5c1d5b2SJames Morris * has the string representation specified by @scontext. 743f5c1d5b2SJames Morris * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient 744f5c1d5b2SJames Morris * memory is available, or 0 on success. 745f5c1d5b2SJames Morris */ 746f5c1d5b2SJames Morris int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) 747f5c1d5b2SJames Morris { 748f5c1d5b2SJames Morris return security_context_to_sid_core(scontext, scontext_len, 749f5c1d5b2SJames Morris sid, SECSID_NULL); 750f5c1d5b2SJames Morris } 751f5c1d5b2SJames Morris 752f5c1d5b2SJames Morris /** 753f5c1d5b2SJames Morris * security_context_to_sid_default - Obtain a SID for a given security context, 754f5c1d5b2SJames Morris * falling back to specified default if needed. 755f5c1d5b2SJames Morris * 756f5c1d5b2SJames Morris * @scontext: security context 757f5c1d5b2SJames Morris * @scontext_len: length in bytes 758f5c1d5b2SJames Morris * @sid: security identifier, SID 759f5c1d5b2SJames Morris * @def_sid: default SID to assign on errror 760f5c1d5b2SJames Morris * 761f5c1d5b2SJames Morris * Obtains a SID associated with the security context that 762f5c1d5b2SJames Morris * has the string representation specified by @scontext. 763f5c1d5b2SJames Morris * The default SID is passed to the MLS layer to be used to allow 764f5c1d5b2SJames Morris * kernel labeling of the MLS field if the MLS field is not present 765f5c1d5b2SJames Morris * (for upgrading to MLS without full relabel). 766f5c1d5b2SJames Morris * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient 767f5c1d5b2SJames Morris * memory is available, or 0 on success. 768f5c1d5b2SJames Morris */ 769f5c1d5b2SJames Morris int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 770f5c1d5b2SJames Morris { 771f5c1d5b2SJames Morris return security_context_to_sid_core(scontext, scontext_len, 772f5c1d5b2SJames Morris sid, def_sid); 773f5c1d5b2SJames Morris } 774f5c1d5b2SJames Morris 7751da177e4SLinus Torvalds static int compute_sid_handle_invalid_context( 7761da177e4SLinus Torvalds struct context *scontext, 7771da177e4SLinus Torvalds struct context *tcontext, 7781da177e4SLinus Torvalds u16 tclass, 7791da177e4SLinus Torvalds struct context *newcontext) 7801da177e4SLinus Torvalds { 7811da177e4SLinus Torvalds char *s = NULL, *t = NULL, *n = NULL; 7821da177e4SLinus Torvalds u32 slen, tlen, nlen; 7831da177e4SLinus Torvalds 7841da177e4SLinus Torvalds if (context_struct_to_string(scontext, &s, &slen) < 0) 7851da177e4SLinus Torvalds goto out; 7861da177e4SLinus Torvalds if (context_struct_to_string(tcontext, &t, &tlen) < 0) 7871da177e4SLinus Torvalds goto out; 7881da177e4SLinus Torvalds if (context_struct_to_string(newcontext, &n, &nlen) < 0) 7891da177e4SLinus Torvalds goto out; 7909ad9ad38SDavid Woodhouse audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, 7911da177e4SLinus Torvalds "security_compute_sid: invalid context %s" 7921da177e4SLinus Torvalds " for scontext=%s" 7931da177e4SLinus Torvalds " tcontext=%s" 7941da177e4SLinus Torvalds " tclass=%s", 7951da177e4SLinus Torvalds n, s, t, policydb.p_class_val_to_name[tclass-1]); 7961da177e4SLinus Torvalds out: 7971da177e4SLinus Torvalds kfree(s); 7981da177e4SLinus Torvalds kfree(t); 7991da177e4SLinus Torvalds kfree(n); 8001da177e4SLinus Torvalds if (!selinux_enforcing) 8011da177e4SLinus Torvalds return 0; 8021da177e4SLinus Torvalds return -EACCES; 8031da177e4SLinus Torvalds } 8041da177e4SLinus Torvalds 8051da177e4SLinus Torvalds static int security_compute_sid(u32 ssid, 8061da177e4SLinus Torvalds u32 tsid, 8071da177e4SLinus Torvalds u16 tclass, 8081da177e4SLinus Torvalds u32 specified, 8091da177e4SLinus Torvalds u32 *out_sid) 8101da177e4SLinus Torvalds { 8111da177e4SLinus Torvalds struct context *scontext = NULL, *tcontext = NULL, newcontext; 8121da177e4SLinus Torvalds struct role_trans *roletr = NULL; 8131da177e4SLinus Torvalds struct avtab_key avkey; 8141da177e4SLinus Torvalds struct avtab_datum *avdatum; 8151da177e4SLinus Torvalds struct avtab_node *node; 8161da177e4SLinus Torvalds int rc = 0; 8171da177e4SLinus Torvalds 8181da177e4SLinus Torvalds if (!ss_initialized) { 8191da177e4SLinus Torvalds switch (tclass) { 8201da177e4SLinus Torvalds case SECCLASS_PROCESS: 8211da177e4SLinus Torvalds *out_sid = ssid; 8221da177e4SLinus Torvalds break; 8231da177e4SLinus Torvalds default: 8241da177e4SLinus Torvalds *out_sid = tsid; 8251da177e4SLinus Torvalds break; 8261da177e4SLinus Torvalds } 8271da177e4SLinus Torvalds goto out; 8281da177e4SLinus Torvalds } 8291da177e4SLinus Torvalds 8301da177e4SLinus Torvalds POLICY_RDLOCK; 8311da177e4SLinus Torvalds 8321da177e4SLinus Torvalds scontext = sidtab_search(&sidtab, ssid); 8331da177e4SLinus Torvalds if (!scontext) { 8341da177e4SLinus Torvalds printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", 8351da177e4SLinus Torvalds ssid); 8361da177e4SLinus Torvalds rc = -EINVAL; 8371da177e4SLinus Torvalds goto out_unlock; 8381da177e4SLinus Torvalds } 8391da177e4SLinus Torvalds tcontext = sidtab_search(&sidtab, tsid); 8401da177e4SLinus Torvalds if (!tcontext) { 8411da177e4SLinus Torvalds printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", 8421da177e4SLinus Torvalds tsid); 8431da177e4SLinus Torvalds rc = -EINVAL; 8441da177e4SLinus Torvalds goto out_unlock; 8451da177e4SLinus Torvalds } 8461da177e4SLinus Torvalds 8471da177e4SLinus Torvalds context_init(&newcontext); 8481da177e4SLinus Torvalds 8491da177e4SLinus Torvalds /* Set the user identity. */ 8501da177e4SLinus Torvalds switch (specified) { 8511da177e4SLinus Torvalds case AVTAB_TRANSITION: 8521da177e4SLinus Torvalds case AVTAB_CHANGE: 8531da177e4SLinus Torvalds /* Use the process user identity. */ 8541da177e4SLinus Torvalds newcontext.user = scontext->user; 8551da177e4SLinus Torvalds break; 8561da177e4SLinus Torvalds case AVTAB_MEMBER: 8571da177e4SLinus Torvalds /* Use the related object owner. */ 8581da177e4SLinus Torvalds newcontext.user = tcontext->user; 8591da177e4SLinus Torvalds break; 8601da177e4SLinus Torvalds } 8611da177e4SLinus Torvalds 8621da177e4SLinus Torvalds /* Set the role and type to default values. */ 8631da177e4SLinus Torvalds switch (tclass) { 8641da177e4SLinus Torvalds case SECCLASS_PROCESS: 8651da177e4SLinus Torvalds /* Use the current role and type of process. */ 8661da177e4SLinus Torvalds newcontext.role = scontext->role; 8671da177e4SLinus Torvalds newcontext.type = scontext->type; 8681da177e4SLinus Torvalds break; 8691da177e4SLinus Torvalds default: 8701da177e4SLinus Torvalds /* Use the well-defined object role. */ 8711da177e4SLinus Torvalds newcontext.role = OBJECT_R_VAL; 8721da177e4SLinus Torvalds /* Use the type of the related object. */ 8731da177e4SLinus Torvalds newcontext.type = tcontext->type; 8741da177e4SLinus Torvalds } 8751da177e4SLinus Torvalds 8761da177e4SLinus Torvalds /* Look for a type transition/member/change rule. */ 8771da177e4SLinus Torvalds avkey.source_type = scontext->type; 8781da177e4SLinus Torvalds avkey.target_type = tcontext->type; 8791da177e4SLinus Torvalds avkey.target_class = tclass; 880782ebb99SStephen Smalley avkey.specified = specified; 881782ebb99SStephen Smalley avdatum = avtab_search(&policydb.te_avtab, &avkey); 8821da177e4SLinus Torvalds 8831da177e4SLinus Torvalds /* If no permanent rule, also check for enabled conditional rules */ 8841da177e4SLinus Torvalds if(!avdatum) { 885782ebb99SStephen Smalley node = avtab_search_node(&policydb.te_cond_avtab, &avkey); 8861da177e4SLinus Torvalds for (; node != NULL; node = avtab_search_node_next(node, specified)) { 887782ebb99SStephen Smalley if (node->key.specified & AVTAB_ENABLED) { 8881da177e4SLinus Torvalds avdatum = &node->datum; 8891da177e4SLinus Torvalds break; 8901da177e4SLinus Torvalds } 8911da177e4SLinus Torvalds } 8921da177e4SLinus Torvalds } 8931da177e4SLinus Torvalds 894782ebb99SStephen Smalley if (avdatum) { 8951da177e4SLinus Torvalds /* Use the type from the type transition/member/change rule. */ 896782ebb99SStephen Smalley newcontext.type = avdatum->data; 8971da177e4SLinus Torvalds } 8981da177e4SLinus Torvalds 8991da177e4SLinus Torvalds /* Check for class-specific changes. */ 9001da177e4SLinus Torvalds switch (tclass) { 9011da177e4SLinus Torvalds case SECCLASS_PROCESS: 9021da177e4SLinus Torvalds if (specified & AVTAB_TRANSITION) { 9031da177e4SLinus Torvalds /* Look for a role transition rule. */ 9041da177e4SLinus Torvalds for (roletr = policydb.role_tr; roletr; 9051da177e4SLinus Torvalds roletr = roletr->next) { 9061da177e4SLinus Torvalds if (roletr->role == scontext->role && 9071da177e4SLinus Torvalds roletr->type == tcontext->type) { 9081da177e4SLinus Torvalds /* Use the role transition rule. */ 9091da177e4SLinus Torvalds newcontext.role = roletr->new_role; 9101da177e4SLinus Torvalds break; 9111da177e4SLinus Torvalds } 9121da177e4SLinus Torvalds } 9131da177e4SLinus Torvalds } 9141da177e4SLinus Torvalds break; 9151da177e4SLinus Torvalds default: 9161da177e4SLinus Torvalds break; 9171da177e4SLinus Torvalds } 9181da177e4SLinus Torvalds 9191da177e4SLinus Torvalds /* Set the MLS attributes. 9201da177e4SLinus Torvalds This is done last because it may allocate memory. */ 9211da177e4SLinus Torvalds rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext); 9221da177e4SLinus Torvalds if (rc) 9231da177e4SLinus Torvalds goto out_unlock; 9241da177e4SLinus Torvalds 9251da177e4SLinus Torvalds /* Check the validity of the context. */ 9261da177e4SLinus Torvalds if (!policydb_context_isvalid(&policydb, &newcontext)) { 9271da177e4SLinus Torvalds rc = compute_sid_handle_invalid_context(scontext, 9281da177e4SLinus Torvalds tcontext, 9291da177e4SLinus Torvalds tclass, 9301da177e4SLinus Torvalds &newcontext); 9311da177e4SLinus Torvalds if (rc) 9321da177e4SLinus Torvalds goto out_unlock; 9331da177e4SLinus Torvalds } 9341da177e4SLinus Torvalds /* Obtain the sid for the context. */ 9351da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); 9361da177e4SLinus Torvalds out_unlock: 9371da177e4SLinus Torvalds POLICY_RDUNLOCK; 9381da177e4SLinus Torvalds context_destroy(&newcontext); 9391da177e4SLinus Torvalds out: 9401da177e4SLinus Torvalds return rc; 9411da177e4SLinus Torvalds } 9421da177e4SLinus Torvalds 9431da177e4SLinus Torvalds /** 9441da177e4SLinus Torvalds * security_transition_sid - Compute the SID for a new subject/object. 9451da177e4SLinus Torvalds * @ssid: source security identifier 9461da177e4SLinus Torvalds * @tsid: target security identifier 9471da177e4SLinus Torvalds * @tclass: target security class 9481da177e4SLinus Torvalds * @out_sid: security identifier for new subject/object 9491da177e4SLinus Torvalds * 9501da177e4SLinus Torvalds * Compute a SID to use for labeling a new subject or object in the 9511da177e4SLinus Torvalds * class @tclass based on a SID pair (@ssid, @tsid). 9521da177e4SLinus Torvalds * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM 9531da177e4SLinus Torvalds * if insufficient memory is available, or %0 if the new SID was 9541da177e4SLinus Torvalds * computed successfully. 9551da177e4SLinus Torvalds */ 9561da177e4SLinus Torvalds int security_transition_sid(u32 ssid, 9571da177e4SLinus Torvalds u32 tsid, 9581da177e4SLinus Torvalds u16 tclass, 9591da177e4SLinus Torvalds u32 *out_sid) 9601da177e4SLinus Torvalds { 9611da177e4SLinus Torvalds return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid); 9621da177e4SLinus Torvalds } 9631da177e4SLinus Torvalds 9641da177e4SLinus Torvalds /** 9651da177e4SLinus Torvalds * security_member_sid - Compute the SID for member selection. 9661da177e4SLinus Torvalds * @ssid: source security identifier 9671da177e4SLinus Torvalds * @tsid: target security identifier 9681da177e4SLinus Torvalds * @tclass: target security class 9691da177e4SLinus Torvalds * @out_sid: security identifier for selected member 9701da177e4SLinus Torvalds * 9711da177e4SLinus Torvalds * Compute a SID to use when selecting a member of a polyinstantiated 9721da177e4SLinus Torvalds * object of class @tclass based on a SID pair (@ssid, @tsid). 9731da177e4SLinus Torvalds * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM 9741da177e4SLinus Torvalds * if insufficient memory is available, or %0 if the SID was 9751da177e4SLinus Torvalds * computed successfully. 9761da177e4SLinus Torvalds */ 9771da177e4SLinus Torvalds int security_member_sid(u32 ssid, 9781da177e4SLinus Torvalds u32 tsid, 9791da177e4SLinus Torvalds u16 tclass, 9801da177e4SLinus Torvalds u32 *out_sid) 9811da177e4SLinus Torvalds { 9821da177e4SLinus Torvalds return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid); 9831da177e4SLinus Torvalds } 9841da177e4SLinus Torvalds 9851da177e4SLinus Torvalds /** 9861da177e4SLinus Torvalds * security_change_sid - Compute the SID for object relabeling. 9871da177e4SLinus Torvalds * @ssid: source security identifier 9881da177e4SLinus Torvalds * @tsid: target security identifier 9891da177e4SLinus Torvalds * @tclass: target security class 9901da177e4SLinus Torvalds * @out_sid: security identifier for selected member 9911da177e4SLinus Torvalds * 9921da177e4SLinus Torvalds * Compute a SID to use for relabeling an object of class @tclass 9931da177e4SLinus Torvalds * based on a SID pair (@ssid, @tsid). 9941da177e4SLinus Torvalds * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM 9951da177e4SLinus Torvalds * if insufficient memory is available, or %0 if the SID was 9961da177e4SLinus Torvalds * computed successfully. 9971da177e4SLinus Torvalds */ 9981da177e4SLinus Torvalds int security_change_sid(u32 ssid, 9991da177e4SLinus Torvalds u32 tsid, 10001da177e4SLinus Torvalds u16 tclass, 10011da177e4SLinus Torvalds u32 *out_sid) 10021da177e4SLinus Torvalds { 10031da177e4SLinus Torvalds return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid); 10041da177e4SLinus Torvalds } 10051da177e4SLinus Torvalds 10061da177e4SLinus Torvalds /* 10071da177e4SLinus Torvalds * Verify that each permission that is defined under the 10081da177e4SLinus Torvalds * existing policy is still defined with the same value 10091da177e4SLinus Torvalds * in the new policy. 10101da177e4SLinus Torvalds */ 10111da177e4SLinus Torvalds static int validate_perm(void *key, void *datum, void *p) 10121da177e4SLinus Torvalds { 10131da177e4SLinus Torvalds struct hashtab *h; 10141da177e4SLinus Torvalds struct perm_datum *perdatum, *perdatum2; 10151da177e4SLinus Torvalds int rc = 0; 10161da177e4SLinus Torvalds 10171da177e4SLinus Torvalds 10181da177e4SLinus Torvalds h = p; 10191da177e4SLinus Torvalds perdatum = datum; 10201da177e4SLinus Torvalds 10211da177e4SLinus Torvalds perdatum2 = hashtab_search(h, key); 10221da177e4SLinus Torvalds if (!perdatum2) { 10231da177e4SLinus Torvalds printk(KERN_ERR "security: permission %s disappeared", 10241da177e4SLinus Torvalds (char *)key); 10251da177e4SLinus Torvalds rc = -ENOENT; 10261da177e4SLinus Torvalds goto out; 10271da177e4SLinus Torvalds } 10281da177e4SLinus Torvalds if (perdatum->value != perdatum2->value) { 10291da177e4SLinus Torvalds printk(KERN_ERR "security: the value of permission %s changed", 10301da177e4SLinus Torvalds (char *)key); 10311da177e4SLinus Torvalds rc = -EINVAL; 10321da177e4SLinus Torvalds } 10331da177e4SLinus Torvalds out: 10341da177e4SLinus Torvalds return rc; 10351da177e4SLinus Torvalds } 10361da177e4SLinus Torvalds 10371da177e4SLinus Torvalds /* 10381da177e4SLinus Torvalds * Verify that each class that is defined under the 10391da177e4SLinus Torvalds * existing policy is still defined with the same 10401da177e4SLinus Torvalds * attributes in the new policy. 10411da177e4SLinus Torvalds */ 10421da177e4SLinus Torvalds static int validate_class(void *key, void *datum, void *p) 10431da177e4SLinus Torvalds { 10441da177e4SLinus Torvalds struct policydb *newp; 10451da177e4SLinus Torvalds struct class_datum *cladatum, *cladatum2; 10461da177e4SLinus Torvalds int rc; 10471da177e4SLinus Torvalds 10481da177e4SLinus Torvalds newp = p; 10491da177e4SLinus Torvalds cladatum = datum; 10501da177e4SLinus Torvalds 10511da177e4SLinus Torvalds cladatum2 = hashtab_search(newp->p_classes.table, key); 10521da177e4SLinus Torvalds if (!cladatum2) { 10531da177e4SLinus Torvalds printk(KERN_ERR "security: class %s disappeared\n", 10541da177e4SLinus Torvalds (char *)key); 10551da177e4SLinus Torvalds rc = -ENOENT; 10561da177e4SLinus Torvalds goto out; 10571da177e4SLinus Torvalds } 10581da177e4SLinus Torvalds if (cladatum->value != cladatum2->value) { 10591da177e4SLinus Torvalds printk(KERN_ERR "security: the value of class %s changed\n", 10601da177e4SLinus Torvalds (char *)key); 10611da177e4SLinus Torvalds rc = -EINVAL; 10621da177e4SLinus Torvalds goto out; 10631da177e4SLinus Torvalds } 10641da177e4SLinus Torvalds if ((cladatum->comdatum && !cladatum2->comdatum) || 10651da177e4SLinus Torvalds (!cladatum->comdatum && cladatum2->comdatum)) { 10661da177e4SLinus Torvalds printk(KERN_ERR "security: the inherits clause for the access " 10671da177e4SLinus Torvalds "vector definition for class %s changed\n", (char *)key); 10681da177e4SLinus Torvalds rc = -EINVAL; 10691da177e4SLinus Torvalds goto out; 10701da177e4SLinus Torvalds } 10711da177e4SLinus Torvalds if (cladatum->comdatum) { 10721da177e4SLinus Torvalds rc = hashtab_map(cladatum->comdatum->permissions.table, validate_perm, 10731da177e4SLinus Torvalds cladatum2->comdatum->permissions.table); 10741da177e4SLinus Torvalds if (rc) { 10751da177e4SLinus Torvalds printk(" in the access vector definition for class " 10761da177e4SLinus Torvalds "%s\n", (char *)key); 10771da177e4SLinus Torvalds goto out; 10781da177e4SLinus Torvalds } 10791da177e4SLinus Torvalds } 10801da177e4SLinus Torvalds rc = hashtab_map(cladatum->permissions.table, validate_perm, 10811da177e4SLinus Torvalds cladatum2->permissions.table); 10821da177e4SLinus Torvalds if (rc) 10831da177e4SLinus Torvalds printk(" in access vector definition for class %s\n", 10841da177e4SLinus Torvalds (char *)key); 10851da177e4SLinus Torvalds out: 10861da177e4SLinus Torvalds return rc; 10871da177e4SLinus Torvalds } 10881da177e4SLinus Torvalds 10891da177e4SLinus Torvalds /* Clone the SID into the new SID table. */ 10901da177e4SLinus Torvalds static int clone_sid(u32 sid, 10911da177e4SLinus Torvalds struct context *context, 10921da177e4SLinus Torvalds void *arg) 10931da177e4SLinus Torvalds { 10941da177e4SLinus Torvalds struct sidtab *s = arg; 10951da177e4SLinus Torvalds 10961da177e4SLinus Torvalds return sidtab_insert(s, sid, context); 10971da177e4SLinus Torvalds } 10981da177e4SLinus Torvalds 10991da177e4SLinus Torvalds static inline int convert_context_handle_invalid_context(struct context *context) 11001da177e4SLinus Torvalds { 11011da177e4SLinus Torvalds int rc = 0; 11021da177e4SLinus Torvalds 11031da177e4SLinus Torvalds if (selinux_enforcing) { 11041da177e4SLinus Torvalds rc = -EINVAL; 11051da177e4SLinus Torvalds } else { 11061da177e4SLinus Torvalds char *s; 11071da177e4SLinus Torvalds u32 len; 11081da177e4SLinus Torvalds 11091da177e4SLinus Torvalds context_struct_to_string(context, &s, &len); 11101da177e4SLinus Torvalds printk(KERN_ERR "security: context %s is invalid\n", s); 11111da177e4SLinus Torvalds kfree(s); 11121da177e4SLinus Torvalds } 11131da177e4SLinus Torvalds return rc; 11141da177e4SLinus Torvalds } 11151da177e4SLinus Torvalds 11161da177e4SLinus Torvalds struct convert_context_args { 11171da177e4SLinus Torvalds struct policydb *oldp; 11181da177e4SLinus Torvalds struct policydb *newp; 11191da177e4SLinus Torvalds }; 11201da177e4SLinus Torvalds 11211da177e4SLinus Torvalds /* 11221da177e4SLinus Torvalds * Convert the values in the security context 11231da177e4SLinus Torvalds * structure `c' from the values specified 11241da177e4SLinus Torvalds * in the policy `p->oldp' to the values specified 11251da177e4SLinus Torvalds * in the policy `p->newp'. Verify that the 11261da177e4SLinus Torvalds * context is valid under the new policy. 11271da177e4SLinus Torvalds */ 11281da177e4SLinus Torvalds static int convert_context(u32 key, 11291da177e4SLinus Torvalds struct context *c, 11301da177e4SLinus Torvalds void *p) 11311da177e4SLinus Torvalds { 11321da177e4SLinus Torvalds struct convert_context_args *args; 11331da177e4SLinus Torvalds struct context oldc; 11341da177e4SLinus Torvalds struct role_datum *role; 11351da177e4SLinus Torvalds struct type_datum *typdatum; 11361da177e4SLinus Torvalds struct user_datum *usrdatum; 11371da177e4SLinus Torvalds char *s; 11381da177e4SLinus Torvalds u32 len; 11391da177e4SLinus Torvalds int rc; 11401da177e4SLinus Torvalds 11411da177e4SLinus Torvalds args = p; 11421da177e4SLinus Torvalds 11431da177e4SLinus Torvalds rc = context_cpy(&oldc, c); 11441da177e4SLinus Torvalds if (rc) 11451da177e4SLinus Torvalds goto out; 11461da177e4SLinus Torvalds 11471da177e4SLinus Torvalds rc = -EINVAL; 11481da177e4SLinus Torvalds 11491da177e4SLinus Torvalds /* Convert the user. */ 11501da177e4SLinus Torvalds usrdatum = hashtab_search(args->newp->p_users.table, 11511da177e4SLinus Torvalds args->oldp->p_user_val_to_name[c->user - 1]); 11521da177e4SLinus Torvalds if (!usrdatum) { 11531da177e4SLinus Torvalds goto bad; 11541da177e4SLinus Torvalds } 11551da177e4SLinus Torvalds c->user = usrdatum->value; 11561da177e4SLinus Torvalds 11571da177e4SLinus Torvalds /* Convert the role. */ 11581da177e4SLinus Torvalds role = hashtab_search(args->newp->p_roles.table, 11591da177e4SLinus Torvalds args->oldp->p_role_val_to_name[c->role - 1]); 11601da177e4SLinus Torvalds if (!role) { 11611da177e4SLinus Torvalds goto bad; 11621da177e4SLinus Torvalds } 11631da177e4SLinus Torvalds c->role = role->value; 11641da177e4SLinus Torvalds 11651da177e4SLinus Torvalds /* Convert the type. */ 11661da177e4SLinus Torvalds typdatum = hashtab_search(args->newp->p_types.table, 11671da177e4SLinus Torvalds args->oldp->p_type_val_to_name[c->type - 1]); 11681da177e4SLinus Torvalds if (!typdatum) { 11691da177e4SLinus Torvalds goto bad; 11701da177e4SLinus Torvalds } 11711da177e4SLinus Torvalds c->type = typdatum->value; 11721da177e4SLinus Torvalds 11731da177e4SLinus Torvalds rc = mls_convert_context(args->oldp, args->newp, c); 11741da177e4SLinus Torvalds if (rc) 11751da177e4SLinus Torvalds goto bad; 11761da177e4SLinus Torvalds 11771da177e4SLinus Torvalds /* Check the validity of the new context. */ 11781da177e4SLinus Torvalds if (!policydb_context_isvalid(args->newp, c)) { 11791da177e4SLinus Torvalds rc = convert_context_handle_invalid_context(&oldc); 11801da177e4SLinus Torvalds if (rc) 11811da177e4SLinus Torvalds goto bad; 11821da177e4SLinus Torvalds } 11831da177e4SLinus Torvalds 11841da177e4SLinus Torvalds context_destroy(&oldc); 11851da177e4SLinus Torvalds out: 11861da177e4SLinus Torvalds return rc; 11871da177e4SLinus Torvalds bad: 11881da177e4SLinus Torvalds context_struct_to_string(&oldc, &s, &len); 11891da177e4SLinus Torvalds context_destroy(&oldc); 11901da177e4SLinus Torvalds printk(KERN_ERR "security: invalidating context %s\n", s); 11911da177e4SLinus Torvalds kfree(s); 11921da177e4SLinus Torvalds goto out; 11931da177e4SLinus Torvalds } 11941da177e4SLinus Torvalds 11951da177e4SLinus Torvalds extern void selinux_complete_init(void); 11961da177e4SLinus Torvalds 11971da177e4SLinus Torvalds /** 11981da177e4SLinus Torvalds * security_load_policy - Load a security policy configuration. 11991da177e4SLinus Torvalds * @data: binary policy data 12001da177e4SLinus Torvalds * @len: length of data in bytes 12011da177e4SLinus Torvalds * 12021da177e4SLinus Torvalds * Load a new set of security policy configuration data, 12031da177e4SLinus Torvalds * validate it and convert the SID table as necessary. 12041da177e4SLinus Torvalds * This function will flush the access vector cache after 12051da177e4SLinus Torvalds * loading the new policy. 12061da177e4SLinus Torvalds */ 12071da177e4SLinus Torvalds int security_load_policy(void *data, size_t len) 12081da177e4SLinus Torvalds { 12091da177e4SLinus Torvalds struct policydb oldpolicydb, newpolicydb; 12101da177e4SLinus Torvalds struct sidtab oldsidtab, newsidtab; 12111da177e4SLinus Torvalds struct convert_context_args args; 12121da177e4SLinus Torvalds u32 seqno; 12131da177e4SLinus Torvalds int rc = 0; 12141da177e4SLinus Torvalds struct policy_file file = { data, len }, *fp = &file; 12151da177e4SLinus Torvalds 12161da177e4SLinus Torvalds LOAD_LOCK; 12171da177e4SLinus Torvalds 12181da177e4SLinus Torvalds if (!ss_initialized) { 12191da177e4SLinus Torvalds avtab_cache_init(); 12201da177e4SLinus Torvalds if (policydb_read(&policydb, fp)) { 12211da177e4SLinus Torvalds LOAD_UNLOCK; 12221da177e4SLinus Torvalds avtab_cache_destroy(); 12231da177e4SLinus Torvalds return -EINVAL; 12241da177e4SLinus Torvalds } 12251da177e4SLinus Torvalds if (policydb_load_isids(&policydb, &sidtab)) { 12261da177e4SLinus Torvalds LOAD_UNLOCK; 12271da177e4SLinus Torvalds policydb_destroy(&policydb); 12281da177e4SLinus Torvalds avtab_cache_destroy(); 12291da177e4SLinus Torvalds return -EINVAL; 12301da177e4SLinus Torvalds } 12311da177e4SLinus Torvalds policydb_loaded_version = policydb.policyvers; 12321da177e4SLinus Torvalds ss_initialized = 1; 12334c443d1bSStephen Smalley seqno = ++latest_granting; 12341da177e4SLinus Torvalds LOAD_UNLOCK; 12351da177e4SLinus Torvalds selinux_complete_init(); 12364c443d1bSStephen Smalley avc_ss_reset(seqno); 12374c443d1bSStephen Smalley selnl_notify_policyload(seqno); 12381da177e4SLinus Torvalds return 0; 12391da177e4SLinus Torvalds } 12401da177e4SLinus Torvalds 12411da177e4SLinus Torvalds #if 0 12421da177e4SLinus Torvalds sidtab_hash_eval(&sidtab, "sids"); 12431da177e4SLinus Torvalds #endif 12441da177e4SLinus Torvalds 12451da177e4SLinus Torvalds if (policydb_read(&newpolicydb, fp)) { 12461da177e4SLinus Torvalds LOAD_UNLOCK; 12471da177e4SLinus Torvalds return -EINVAL; 12481da177e4SLinus Torvalds } 12491da177e4SLinus Torvalds 12501da177e4SLinus Torvalds sidtab_init(&newsidtab); 12511da177e4SLinus Torvalds 12521da177e4SLinus Torvalds /* Verify that the existing classes did not change. */ 12531da177e4SLinus Torvalds if (hashtab_map(policydb.p_classes.table, validate_class, &newpolicydb)) { 12541da177e4SLinus Torvalds printk(KERN_ERR "security: the definition of an existing " 12551da177e4SLinus Torvalds "class changed\n"); 12561da177e4SLinus Torvalds rc = -EINVAL; 12571da177e4SLinus Torvalds goto err; 12581da177e4SLinus Torvalds } 12591da177e4SLinus Torvalds 12601da177e4SLinus Torvalds /* Clone the SID table. */ 12611da177e4SLinus Torvalds sidtab_shutdown(&sidtab); 12621da177e4SLinus Torvalds if (sidtab_map(&sidtab, clone_sid, &newsidtab)) { 12631da177e4SLinus Torvalds rc = -ENOMEM; 12641da177e4SLinus Torvalds goto err; 12651da177e4SLinus Torvalds } 12661da177e4SLinus Torvalds 12671da177e4SLinus Torvalds /* Convert the internal representations of contexts 12681da177e4SLinus Torvalds in the new SID table and remove invalid SIDs. */ 12691da177e4SLinus Torvalds args.oldp = &policydb; 12701da177e4SLinus Torvalds args.newp = &newpolicydb; 12711da177e4SLinus Torvalds sidtab_map_remove_on_error(&newsidtab, convert_context, &args); 12721da177e4SLinus Torvalds 12731da177e4SLinus Torvalds /* Save the old policydb and SID table to free later. */ 12741da177e4SLinus Torvalds memcpy(&oldpolicydb, &policydb, sizeof policydb); 12751da177e4SLinus Torvalds sidtab_set(&oldsidtab, &sidtab); 12761da177e4SLinus Torvalds 12771da177e4SLinus Torvalds /* Install the new policydb and SID table. */ 12781da177e4SLinus Torvalds POLICY_WRLOCK; 12791da177e4SLinus Torvalds memcpy(&policydb, &newpolicydb, sizeof policydb); 12801da177e4SLinus Torvalds sidtab_set(&sidtab, &newsidtab); 12811da177e4SLinus Torvalds seqno = ++latest_granting; 12821da177e4SLinus Torvalds policydb_loaded_version = policydb.policyvers; 12831da177e4SLinus Torvalds POLICY_WRUNLOCK; 12841da177e4SLinus Torvalds LOAD_UNLOCK; 12851da177e4SLinus Torvalds 12861da177e4SLinus Torvalds /* Free the old policydb and SID table. */ 12871da177e4SLinus Torvalds policydb_destroy(&oldpolicydb); 12881da177e4SLinus Torvalds sidtab_destroy(&oldsidtab); 12891da177e4SLinus Torvalds 12901da177e4SLinus Torvalds avc_ss_reset(seqno); 12911da177e4SLinus Torvalds selnl_notify_policyload(seqno); 12921da177e4SLinus Torvalds 12931da177e4SLinus Torvalds return 0; 12941da177e4SLinus Torvalds 12951da177e4SLinus Torvalds err: 12961da177e4SLinus Torvalds LOAD_UNLOCK; 12971da177e4SLinus Torvalds sidtab_destroy(&newsidtab); 12981da177e4SLinus Torvalds policydb_destroy(&newpolicydb); 12991da177e4SLinus Torvalds return rc; 13001da177e4SLinus Torvalds 13011da177e4SLinus Torvalds } 13021da177e4SLinus Torvalds 13031da177e4SLinus Torvalds /** 13041da177e4SLinus Torvalds * security_port_sid - Obtain the SID for a port. 13051da177e4SLinus Torvalds * @domain: communication domain aka address family 13061da177e4SLinus Torvalds * @type: socket type 13071da177e4SLinus Torvalds * @protocol: protocol number 13081da177e4SLinus Torvalds * @port: port number 13091da177e4SLinus Torvalds * @out_sid: security identifier 13101da177e4SLinus Torvalds */ 13111da177e4SLinus Torvalds int security_port_sid(u16 domain, 13121da177e4SLinus Torvalds u16 type, 13131da177e4SLinus Torvalds u8 protocol, 13141da177e4SLinus Torvalds u16 port, 13151da177e4SLinus Torvalds u32 *out_sid) 13161da177e4SLinus Torvalds { 13171da177e4SLinus Torvalds struct ocontext *c; 13181da177e4SLinus Torvalds int rc = 0; 13191da177e4SLinus Torvalds 13201da177e4SLinus Torvalds POLICY_RDLOCK; 13211da177e4SLinus Torvalds 13221da177e4SLinus Torvalds c = policydb.ocontexts[OCON_PORT]; 13231da177e4SLinus Torvalds while (c) { 13241da177e4SLinus Torvalds if (c->u.port.protocol == protocol && 13251da177e4SLinus Torvalds c->u.port.low_port <= port && 13261da177e4SLinus Torvalds c->u.port.high_port >= port) 13271da177e4SLinus Torvalds break; 13281da177e4SLinus Torvalds c = c->next; 13291da177e4SLinus Torvalds } 13301da177e4SLinus Torvalds 13311da177e4SLinus Torvalds if (c) { 13321da177e4SLinus Torvalds if (!c->sid[0]) { 13331da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 13341da177e4SLinus Torvalds &c->context[0], 13351da177e4SLinus Torvalds &c->sid[0]); 13361da177e4SLinus Torvalds if (rc) 13371da177e4SLinus Torvalds goto out; 13381da177e4SLinus Torvalds } 13391da177e4SLinus Torvalds *out_sid = c->sid[0]; 13401da177e4SLinus Torvalds } else { 13411da177e4SLinus Torvalds *out_sid = SECINITSID_PORT; 13421da177e4SLinus Torvalds } 13431da177e4SLinus Torvalds 13441da177e4SLinus Torvalds out: 13451da177e4SLinus Torvalds POLICY_RDUNLOCK; 13461da177e4SLinus Torvalds return rc; 13471da177e4SLinus Torvalds } 13481da177e4SLinus Torvalds 13491da177e4SLinus Torvalds /** 13501da177e4SLinus Torvalds * security_netif_sid - Obtain the SID for a network interface. 13511da177e4SLinus Torvalds * @name: interface name 13521da177e4SLinus Torvalds * @if_sid: interface SID 13531da177e4SLinus Torvalds * @msg_sid: default SID for received packets 13541da177e4SLinus Torvalds */ 13551da177e4SLinus Torvalds int security_netif_sid(char *name, 13561da177e4SLinus Torvalds u32 *if_sid, 13571da177e4SLinus Torvalds u32 *msg_sid) 13581da177e4SLinus Torvalds { 13591da177e4SLinus Torvalds int rc = 0; 13601da177e4SLinus Torvalds struct ocontext *c; 13611da177e4SLinus Torvalds 13621da177e4SLinus Torvalds POLICY_RDLOCK; 13631da177e4SLinus Torvalds 13641da177e4SLinus Torvalds c = policydb.ocontexts[OCON_NETIF]; 13651da177e4SLinus Torvalds while (c) { 13661da177e4SLinus Torvalds if (strcmp(name, c->u.name) == 0) 13671da177e4SLinus Torvalds break; 13681da177e4SLinus Torvalds c = c->next; 13691da177e4SLinus Torvalds } 13701da177e4SLinus Torvalds 13711da177e4SLinus Torvalds if (c) { 13721da177e4SLinus Torvalds if (!c->sid[0] || !c->sid[1]) { 13731da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 13741da177e4SLinus Torvalds &c->context[0], 13751da177e4SLinus Torvalds &c->sid[0]); 13761da177e4SLinus Torvalds if (rc) 13771da177e4SLinus Torvalds goto out; 13781da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 13791da177e4SLinus Torvalds &c->context[1], 13801da177e4SLinus Torvalds &c->sid[1]); 13811da177e4SLinus Torvalds if (rc) 13821da177e4SLinus Torvalds goto out; 13831da177e4SLinus Torvalds } 13841da177e4SLinus Torvalds *if_sid = c->sid[0]; 13851da177e4SLinus Torvalds *msg_sid = c->sid[1]; 13861da177e4SLinus Torvalds } else { 13871da177e4SLinus Torvalds *if_sid = SECINITSID_NETIF; 13881da177e4SLinus Torvalds *msg_sid = SECINITSID_NETMSG; 13891da177e4SLinus Torvalds } 13901da177e4SLinus Torvalds 13911da177e4SLinus Torvalds out: 13921da177e4SLinus Torvalds POLICY_RDUNLOCK; 13931da177e4SLinus Torvalds return rc; 13941da177e4SLinus Torvalds } 13951da177e4SLinus Torvalds 13961da177e4SLinus Torvalds static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask) 13971da177e4SLinus Torvalds { 13981da177e4SLinus Torvalds int i, fail = 0; 13991da177e4SLinus Torvalds 14001da177e4SLinus Torvalds for(i = 0; i < 4; i++) 14011da177e4SLinus Torvalds if(addr[i] != (input[i] & mask[i])) { 14021da177e4SLinus Torvalds fail = 1; 14031da177e4SLinus Torvalds break; 14041da177e4SLinus Torvalds } 14051da177e4SLinus Torvalds 14061da177e4SLinus Torvalds return !fail; 14071da177e4SLinus Torvalds } 14081da177e4SLinus Torvalds 14091da177e4SLinus Torvalds /** 14101da177e4SLinus Torvalds * security_node_sid - Obtain the SID for a node (host). 14111da177e4SLinus Torvalds * @domain: communication domain aka address family 14121da177e4SLinus Torvalds * @addrp: address 14131da177e4SLinus Torvalds * @addrlen: address length in bytes 14141da177e4SLinus Torvalds * @out_sid: security identifier 14151da177e4SLinus Torvalds */ 14161da177e4SLinus Torvalds int security_node_sid(u16 domain, 14171da177e4SLinus Torvalds void *addrp, 14181da177e4SLinus Torvalds u32 addrlen, 14191da177e4SLinus Torvalds u32 *out_sid) 14201da177e4SLinus Torvalds { 14211da177e4SLinus Torvalds int rc = 0; 14221da177e4SLinus Torvalds struct ocontext *c; 14231da177e4SLinus Torvalds 14241da177e4SLinus Torvalds POLICY_RDLOCK; 14251da177e4SLinus Torvalds 14261da177e4SLinus Torvalds switch (domain) { 14271da177e4SLinus Torvalds case AF_INET: { 14281da177e4SLinus Torvalds u32 addr; 14291da177e4SLinus Torvalds 14301da177e4SLinus Torvalds if (addrlen != sizeof(u32)) { 14311da177e4SLinus Torvalds rc = -EINVAL; 14321da177e4SLinus Torvalds goto out; 14331da177e4SLinus Torvalds } 14341da177e4SLinus Torvalds 14351da177e4SLinus Torvalds addr = *((u32 *)addrp); 14361da177e4SLinus Torvalds 14371da177e4SLinus Torvalds c = policydb.ocontexts[OCON_NODE]; 14381da177e4SLinus Torvalds while (c) { 14391da177e4SLinus Torvalds if (c->u.node.addr == (addr & c->u.node.mask)) 14401da177e4SLinus Torvalds break; 14411da177e4SLinus Torvalds c = c->next; 14421da177e4SLinus Torvalds } 14431da177e4SLinus Torvalds break; 14441da177e4SLinus Torvalds } 14451da177e4SLinus Torvalds 14461da177e4SLinus Torvalds case AF_INET6: 14471da177e4SLinus Torvalds if (addrlen != sizeof(u64) * 2) { 14481da177e4SLinus Torvalds rc = -EINVAL; 14491da177e4SLinus Torvalds goto out; 14501da177e4SLinus Torvalds } 14511da177e4SLinus Torvalds c = policydb.ocontexts[OCON_NODE6]; 14521da177e4SLinus Torvalds while (c) { 14531da177e4SLinus Torvalds if (match_ipv6_addrmask(addrp, c->u.node6.addr, 14541da177e4SLinus Torvalds c->u.node6.mask)) 14551da177e4SLinus Torvalds break; 14561da177e4SLinus Torvalds c = c->next; 14571da177e4SLinus Torvalds } 14581da177e4SLinus Torvalds break; 14591da177e4SLinus Torvalds 14601da177e4SLinus Torvalds default: 14611da177e4SLinus Torvalds *out_sid = SECINITSID_NODE; 14621da177e4SLinus Torvalds goto out; 14631da177e4SLinus Torvalds } 14641da177e4SLinus Torvalds 14651da177e4SLinus Torvalds if (c) { 14661da177e4SLinus Torvalds if (!c->sid[0]) { 14671da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 14681da177e4SLinus Torvalds &c->context[0], 14691da177e4SLinus Torvalds &c->sid[0]); 14701da177e4SLinus Torvalds if (rc) 14711da177e4SLinus Torvalds goto out; 14721da177e4SLinus Torvalds } 14731da177e4SLinus Torvalds *out_sid = c->sid[0]; 14741da177e4SLinus Torvalds } else { 14751da177e4SLinus Torvalds *out_sid = SECINITSID_NODE; 14761da177e4SLinus Torvalds } 14771da177e4SLinus Torvalds 14781da177e4SLinus Torvalds out: 14791da177e4SLinus Torvalds POLICY_RDUNLOCK; 14801da177e4SLinus Torvalds return rc; 14811da177e4SLinus Torvalds } 14821da177e4SLinus Torvalds 14831da177e4SLinus Torvalds #define SIDS_NEL 25 14841da177e4SLinus Torvalds 14851da177e4SLinus Torvalds /** 14861da177e4SLinus Torvalds * security_get_user_sids - Obtain reachable SIDs for a user. 14871da177e4SLinus Torvalds * @fromsid: starting SID 14881da177e4SLinus Torvalds * @username: username 14891da177e4SLinus Torvalds * @sids: array of reachable SIDs for user 14901da177e4SLinus Torvalds * @nel: number of elements in @sids 14911da177e4SLinus Torvalds * 14921da177e4SLinus Torvalds * Generate the set of SIDs for legal security contexts 14931da177e4SLinus Torvalds * for a given user that can be reached by @fromsid. 14941da177e4SLinus Torvalds * Set *@sids to point to a dynamically allocated 14951da177e4SLinus Torvalds * array containing the set of SIDs. Set *@nel to the 14961da177e4SLinus Torvalds * number of elements in the array. 14971da177e4SLinus Torvalds */ 14981da177e4SLinus Torvalds 14991da177e4SLinus Torvalds int security_get_user_sids(u32 fromsid, 15001da177e4SLinus Torvalds char *username, 15011da177e4SLinus Torvalds u32 **sids, 15021da177e4SLinus Torvalds u32 *nel) 15031da177e4SLinus Torvalds { 15041da177e4SLinus Torvalds struct context *fromcon, usercon; 15051da177e4SLinus Torvalds u32 *mysids, *mysids2, sid; 15061da177e4SLinus Torvalds u32 mynel = 0, maxnel = SIDS_NEL; 15071da177e4SLinus Torvalds struct user_datum *user; 15081da177e4SLinus Torvalds struct role_datum *role; 15091da177e4SLinus Torvalds struct av_decision avd; 1510782ebb99SStephen Smalley struct ebitmap_node *rnode, *tnode; 15111da177e4SLinus Torvalds int rc = 0, i, j; 15121da177e4SLinus Torvalds 15131da177e4SLinus Torvalds if (!ss_initialized) { 15141da177e4SLinus Torvalds *sids = NULL; 15151da177e4SLinus Torvalds *nel = 0; 15161da177e4SLinus Torvalds goto out; 15171da177e4SLinus Torvalds } 15181da177e4SLinus Torvalds 15191da177e4SLinus Torvalds POLICY_RDLOCK; 15201da177e4SLinus Torvalds 15211da177e4SLinus Torvalds fromcon = sidtab_search(&sidtab, fromsid); 15221da177e4SLinus Torvalds if (!fromcon) { 15231da177e4SLinus Torvalds rc = -EINVAL; 15241da177e4SLinus Torvalds goto out_unlock; 15251da177e4SLinus Torvalds } 15261da177e4SLinus Torvalds 15271da177e4SLinus Torvalds user = hashtab_search(policydb.p_users.table, username); 15281da177e4SLinus Torvalds if (!user) { 15291da177e4SLinus Torvalds rc = -EINVAL; 15301da177e4SLinus Torvalds goto out_unlock; 15311da177e4SLinus Torvalds } 15321da177e4SLinus Torvalds usercon.user = user->value; 15331da177e4SLinus Torvalds 153489d155efSJames Morris mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC); 15351da177e4SLinus Torvalds if (!mysids) { 15361da177e4SLinus Torvalds rc = -ENOMEM; 15371da177e4SLinus Torvalds goto out_unlock; 15381da177e4SLinus Torvalds } 15391da177e4SLinus Torvalds 1540782ebb99SStephen Smalley ebitmap_for_each_bit(&user->roles, rnode, i) { 1541782ebb99SStephen Smalley if (!ebitmap_node_get_bit(rnode, i)) 15421da177e4SLinus Torvalds continue; 15431da177e4SLinus Torvalds role = policydb.role_val_to_struct[i]; 15441da177e4SLinus Torvalds usercon.role = i+1; 1545782ebb99SStephen Smalley ebitmap_for_each_bit(&role->types, tnode, j) { 1546782ebb99SStephen Smalley if (!ebitmap_node_get_bit(tnode, j)) 15471da177e4SLinus Torvalds continue; 15481da177e4SLinus Torvalds usercon.type = j+1; 15491da177e4SLinus Torvalds 15501da177e4SLinus Torvalds if (mls_setup_user_range(fromcon, user, &usercon)) 15511da177e4SLinus Torvalds continue; 15521da177e4SLinus Torvalds 15531da177e4SLinus Torvalds rc = context_struct_compute_av(fromcon, &usercon, 15541da177e4SLinus Torvalds SECCLASS_PROCESS, 15551da177e4SLinus Torvalds PROCESS__TRANSITION, 15561da177e4SLinus Torvalds &avd); 15571da177e4SLinus Torvalds if (rc || !(avd.allowed & PROCESS__TRANSITION)) 15581da177e4SLinus Torvalds continue; 15591da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, &usercon, &sid); 15601da177e4SLinus Torvalds if (rc) { 15611da177e4SLinus Torvalds kfree(mysids); 15621da177e4SLinus Torvalds goto out_unlock; 15631da177e4SLinus Torvalds } 15641da177e4SLinus Torvalds if (mynel < maxnel) { 15651da177e4SLinus Torvalds mysids[mynel++] = sid; 15661da177e4SLinus Torvalds } else { 15671da177e4SLinus Torvalds maxnel += SIDS_NEL; 156889d155efSJames Morris mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC); 15691da177e4SLinus Torvalds if (!mysids2) { 15701da177e4SLinus Torvalds rc = -ENOMEM; 15711da177e4SLinus Torvalds kfree(mysids); 15721da177e4SLinus Torvalds goto out_unlock; 15731da177e4SLinus Torvalds } 15741da177e4SLinus Torvalds memcpy(mysids2, mysids, mynel * sizeof(*mysids2)); 15751da177e4SLinus Torvalds kfree(mysids); 15761da177e4SLinus Torvalds mysids = mysids2; 15771da177e4SLinus Torvalds mysids[mynel++] = sid; 15781da177e4SLinus Torvalds } 15791da177e4SLinus Torvalds } 15801da177e4SLinus Torvalds } 15811da177e4SLinus Torvalds 15821da177e4SLinus Torvalds *sids = mysids; 15831da177e4SLinus Torvalds *nel = mynel; 15841da177e4SLinus Torvalds 15851da177e4SLinus Torvalds out_unlock: 15861da177e4SLinus Torvalds POLICY_RDUNLOCK; 15871da177e4SLinus Torvalds out: 15881da177e4SLinus Torvalds return rc; 15891da177e4SLinus Torvalds } 15901da177e4SLinus Torvalds 15911da177e4SLinus Torvalds /** 15921da177e4SLinus Torvalds * security_genfs_sid - Obtain a SID for a file in a filesystem 15931da177e4SLinus Torvalds * @fstype: filesystem type 15941da177e4SLinus Torvalds * @path: path from root of mount 15951da177e4SLinus Torvalds * @sclass: file security class 15961da177e4SLinus Torvalds * @sid: SID for path 15971da177e4SLinus Torvalds * 15981da177e4SLinus Torvalds * Obtain a SID to use for a file in a filesystem that 15991da177e4SLinus Torvalds * cannot support xattr or use a fixed labeling behavior like 16001da177e4SLinus Torvalds * transition SIDs or task SIDs. 16011da177e4SLinus Torvalds */ 16021da177e4SLinus Torvalds int security_genfs_sid(const char *fstype, 16031da177e4SLinus Torvalds char *path, 16041da177e4SLinus Torvalds u16 sclass, 16051da177e4SLinus Torvalds u32 *sid) 16061da177e4SLinus Torvalds { 16071da177e4SLinus Torvalds int len; 16081da177e4SLinus Torvalds struct genfs *genfs; 16091da177e4SLinus Torvalds struct ocontext *c; 16101da177e4SLinus Torvalds int rc = 0, cmp = 0; 16111da177e4SLinus Torvalds 16121da177e4SLinus Torvalds POLICY_RDLOCK; 16131da177e4SLinus Torvalds 16141da177e4SLinus Torvalds for (genfs = policydb.genfs; genfs; genfs = genfs->next) { 16151da177e4SLinus Torvalds cmp = strcmp(fstype, genfs->fstype); 16161da177e4SLinus Torvalds if (cmp <= 0) 16171da177e4SLinus Torvalds break; 16181da177e4SLinus Torvalds } 16191da177e4SLinus Torvalds 16201da177e4SLinus Torvalds if (!genfs || cmp) { 16211da177e4SLinus Torvalds *sid = SECINITSID_UNLABELED; 16221da177e4SLinus Torvalds rc = -ENOENT; 16231da177e4SLinus Torvalds goto out; 16241da177e4SLinus Torvalds } 16251da177e4SLinus Torvalds 16261da177e4SLinus Torvalds for (c = genfs->head; c; c = c->next) { 16271da177e4SLinus Torvalds len = strlen(c->u.name); 16281da177e4SLinus Torvalds if ((!c->v.sclass || sclass == c->v.sclass) && 16291da177e4SLinus Torvalds (strncmp(c->u.name, path, len) == 0)) 16301da177e4SLinus Torvalds break; 16311da177e4SLinus Torvalds } 16321da177e4SLinus Torvalds 16331da177e4SLinus Torvalds if (!c) { 16341da177e4SLinus Torvalds *sid = SECINITSID_UNLABELED; 16351da177e4SLinus Torvalds rc = -ENOENT; 16361da177e4SLinus Torvalds goto out; 16371da177e4SLinus Torvalds } 16381da177e4SLinus Torvalds 16391da177e4SLinus Torvalds if (!c->sid[0]) { 16401da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 16411da177e4SLinus Torvalds &c->context[0], 16421da177e4SLinus Torvalds &c->sid[0]); 16431da177e4SLinus Torvalds if (rc) 16441da177e4SLinus Torvalds goto out; 16451da177e4SLinus Torvalds } 16461da177e4SLinus Torvalds 16471da177e4SLinus Torvalds *sid = c->sid[0]; 16481da177e4SLinus Torvalds out: 16491da177e4SLinus Torvalds POLICY_RDUNLOCK; 16501da177e4SLinus Torvalds return rc; 16511da177e4SLinus Torvalds } 16521da177e4SLinus Torvalds 16531da177e4SLinus Torvalds /** 16541da177e4SLinus Torvalds * security_fs_use - Determine how to handle labeling for a filesystem. 16551da177e4SLinus Torvalds * @fstype: filesystem type 16561da177e4SLinus Torvalds * @behavior: labeling behavior 16571da177e4SLinus Torvalds * @sid: SID for filesystem (superblock) 16581da177e4SLinus Torvalds */ 16591da177e4SLinus Torvalds int security_fs_use( 16601da177e4SLinus Torvalds const char *fstype, 16611da177e4SLinus Torvalds unsigned int *behavior, 16621da177e4SLinus Torvalds u32 *sid) 16631da177e4SLinus Torvalds { 16641da177e4SLinus Torvalds int rc = 0; 16651da177e4SLinus Torvalds struct ocontext *c; 16661da177e4SLinus Torvalds 16671da177e4SLinus Torvalds POLICY_RDLOCK; 16681da177e4SLinus Torvalds 16691da177e4SLinus Torvalds c = policydb.ocontexts[OCON_FSUSE]; 16701da177e4SLinus Torvalds while (c) { 16711da177e4SLinus Torvalds if (strcmp(fstype, c->u.name) == 0) 16721da177e4SLinus Torvalds break; 16731da177e4SLinus Torvalds c = c->next; 16741da177e4SLinus Torvalds } 16751da177e4SLinus Torvalds 16761da177e4SLinus Torvalds if (c) { 16771da177e4SLinus Torvalds *behavior = c->v.behavior; 16781da177e4SLinus Torvalds if (!c->sid[0]) { 16791da177e4SLinus Torvalds rc = sidtab_context_to_sid(&sidtab, 16801da177e4SLinus Torvalds &c->context[0], 16811da177e4SLinus Torvalds &c->sid[0]); 16821da177e4SLinus Torvalds if (rc) 16831da177e4SLinus Torvalds goto out; 16841da177e4SLinus Torvalds } 16851da177e4SLinus Torvalds *sid = c->sid[0]; 16861da177e4SLinus Torvalds } else { 16871da177e4SLinus Torvalds rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid); 16881da177e4SLinus Torvalds if (rc) { 16891da177e4SLinus Torvalds *behavior = SECURITY_FS_USE_NONE; 16901da177e4SLinus Torvalds rc = 0; 16911da177e4SLinus Torvalds } else { 16921da177e4SLinus Torvalds *behavior = SECURITY_FS_USE_GENFS; 16931da177e4SLinus Torvalds } 16941da177e4SLinus Torvalds } 16951da177e4SLinus Torvalds 16961da177e4SLinus Torvalds out: 16971da177e4SLinus Torvalds POLICY_RDUNLOCK; 16981da177e4SLinus Torvalds return rc; 16991da177e4SLinus Torvalds } 17001da177e4SLinus Torvalds 17011da177e4SLinus Torvalds int security_get_bools(int *len, char ***names, int **values) 17021da177e4SLinus Torvalds { 17031da177e4SLinus Torvalds int i, rc = -ENOMEM; 17041da177e4SLinus Torvalds 17051da177e4SLinus Torvalds POLICY_RDLOCK; 17061da177e4SLinus Torvalds *names = NULL; 17071da177e4SLinus Torvalds *values = NULL; 17081da177e4SLinus Torvalds 17091da177e4SLinus Torvalds *len = policydb.p_bools.nprim; 17101da177e4SLinus Torvalds if (!*len) { 17111da177e4SLinus Torvalds rc = 0; 17121da177e4SLinus Torvalds goto out; 17131da177e4SLinus Torvalds } 17141da177e4SLinus Torvalds 1715e0795cf4SJesper Juhl *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC); 17161da177e4SLinus Torvalds if (!*names) 17171da177e4SLinus Torvalds goto err; 17181da177e4SLinus Torvalds 1719e0795cf4SJesper Juhl *values = kcalloc(*len, sizeof(int), GFP_ATOMIC); 17201da177e4SLinus Torvalds if (!*values) 17211da177e4SLinus Torvalds goto err; 17221da177e4SLinus Torvalds 17231da177e4SLinus Torvalds for (i = 0; i < *len; i++) { 17241da177e4SLinus Torvalds size_t name_len; 17251da177e4SLinus Torvalds (*values)[i] = policydb.bool_val_to_struct[i]->state; 17261da177e4SLinus Torvalds name_len = strlen(policydb.p_bool_val_to_name[i]) + 1; 1727e0795cf4SJesper Juhl (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC); 17281da177e4SLinus Torvalds if (!(*names)[i]) 17291da177e4SLinus Torvalds goto err; 17301da177e4SLinus Torvalds strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len); 17311da177e4SLinus Torvalds (*names)[i][name_len - 1] = 0; 17321da177e4SLinus Torvalds } 17331da177e4SLinus Torvalds rc = 0; 17341da177e4SLinus Torvalds out: 17351da177e4SLinus Torvalds POLICY_RDUNLOCK; 17361da177e4SLinus Torvalds return rc; 17371da177e4SLinus Torvalds err: 17381da177e4SLinus Torvalds if (*names) { 17391da177e4SLinus Torvalds for (i = 0; i < *len; i++) 17401da177e4SLinus Torvalds kfree((*names)[i]); 17411da177e4SLinus Torvalds } 17421da177e4SLinus Torvalds kfree(*values); 17431da177e4SLinus Torvalds goto out; 17441da177e4SLinus Torvalds } 17451da177e4SLinus Torvalds 17461da177e4SLinus Torvalds 17471da177e4SLinus Torvalds int security_set_bools(int len, int *values) 17481da177e4SLinus Torvalds { 17491da177e4SLinus Torvalds int i, rc = 0; 17501da177e4SLinus Torvalds int lenp, seqno = 0; 17511da177e4SLinus Torvalds struct cond_node *cur; 17521da177e4SLinus Torvalds 17531da177e4SLinus Torvalds POLICY_WRLOCK; 17541da177e4SLinus Torvalds 17551da177e4SLinus Torvalds lenp = policydb.p_bools.nprim; 17561da177e4SLinus Torvalds if (len != lenp) { 17571da177e4SLinus Torvalds rc = -EFAULT; 17581da177e4SLinus Torvalds goto out; 17591da177e4SLinus Torvalds } 17601da177e4SLinus Torvalds 17611da177e4SLinus Torvalds for (i = 0; i < len; i++) { 1762af601e46SSteve Grubb if (!!values[i] != policydb.bool_val_to_struct[i]->state) { 1763af601e46SSteve Grubb audit_log(current->audit_context, GFP_ATOMIC, 1764af601e46SSteve Grubb AUDIT_MAC_CONFIG_CHANGE, 1765af601e46SSteve Grubb "bool=%s val=%d old_val=%d auid=%u", 1766af601e46SSteve Grubb policydb.p_bool_val_to_name[i], 1767af601e46SSteve Grubb !!values[i], 1768af601e46SSteve Grubb policydb.bool_val_to_struct[i]->state, 1769af601e46SSteve Grubb audit_get_loginuid(current->audit_context)); 1770af601e46SSteve Grubb } 17711da177e4SLinus Torvalds if (values[i]) { 17721da177e4SLinus Torvalds policydb.bool_val_to_struct[i]->state = 1; 17731da177e4SLinus Torvalds } else { 17741da177e4SLinus Torvalds policydb.bool_val_to_struct[i]->state = 0; 17751da177e4SLinus Torvalds } 17761da177e4SLinus Torvalds } 17771da177e4SLinus Torvalds 17781da177e4SLinus Torvalds for (cur = policydb.cond_list; cur != NULL; cur = cur->next) { 17791da177e4SLinus Torvalds rc = evaluate_cond_node(&policydb, cur); 17801da177e4SLinus Torvalds if (rc) 17811da177e4SLinus Torvalds goto out; 17821da177e4SLinus Torvalds } 17831da177e4SLinus Torvalds 17841da177e4SLinus Torvalds seqno = ++latest_granting; 17851da177e4SLinus Torvalds 17861da177e4SLinus Torvalds out: 17871da177e4SLinus Torvalds POLICY_WRUNLOCK; 17881da177e4SLinus Torvalds if (!rc) { 17891da177e4SLinus Torvalds avc_ss_reset(seqno); 17901da177e4SLinus Torvalds selnl_notify_policyload(seqno); 17911da177e4SLinus Torvalds } 17921da177e4SLinus Torvalds return rc; 17931da177e4SLinus Torvalds } 17941da177e4SLinus Torvalds 17951da177e4SLinus Torvalds int security_get_bool_value(int bool) 17961da177e4SLinus Torvalds { 17971da177e4SLinus Torvalds int rc = 0; 17981da177e4SLinus Torvalds int len; 17991da177e4SLinus Torvalds 18001da177e4SLinus Torvalds POLICY_RDLOCK; 18011da177e4SLinus Torvalds 18021da177e4SLinus Torvalds len = policydb.p_bools.nprim; 18031da177e4SLinus Torvalds if (bool >= len) { 18041da177e4SLinus Torvalds rc = -EFAULT; 18051da177e4SLinus Torvalds goto out; 18061da177e4SLinus Torvalds } 18071da177e4SLinus Torvalds 18081da177e4SLinus Torvalds rc = policydb.bool_val_to_struct[bool]->state; 18091da177e4SLinus Torvalds out: 18101da177e4SLinus Torvalds POLICY_RDUNLOCK; 18111da177e4SLinus Torvalds return rc; 18121da177e4SLinus Torvalds } 1813