^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Access vector cache interface for object managers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Author : Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #ifndef _SELINUX_AVC_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #define _SELINUX_AVC_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/stddef.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/kdev_t.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/lsm_audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include "flask.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include "av_permissions.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include "security.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * An entry in the AVC.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct avc_entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) struct task_struct;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) struct inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) struct sock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) struct sk_buff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * AVC statistics
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct avc_cache_stats {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) unsigned int lookups;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) unsigned int misses;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) unsigned int allocations;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) unsigned int reclaims;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) unsigned int frees;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) * We only need this data after we have decided to send an audit message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) struct selinux_audit_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) u32 ssid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) u32 tsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) u16 tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) u32 requested;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) u32 audited;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) u32 denied;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) int result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) struct selinux_state *state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) * AVC operations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) void __init avc_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) static inline u32 avc_audit_required(u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) u32 auditdeny,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) u32 *deniedp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) u32 denied, audited;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) denied = requested & ~avd->allowed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) if (unlikely(denied)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) audited = denied & avd->auditdeny;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) * auditdeny is TRICKY! Setting a bit in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) * this field means that ANY denials should NOT be audited if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) * the policy contains an explicit dontaudit rule for that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * permission. Take notice that this is unrelated to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * actual permissions that were denied. As an example lets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * assume:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) * denied == READ
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) * auditdeny & ACCESS == 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) * We will NOT audit the denial even though the denied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) * permission was READ and the auditdeny checks were for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) * ACCESS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) if (auditdeny && !(auditdeny & avd->auditdeny))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) audited = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) } else if (result)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) audited = denied = requested;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) audited = requested & avd->auditallow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) *deniedp = denied;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) return audited;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) int slow_avc_audit(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) u32 requested, u32 audited, u32 denied, int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) struct common_audit_data *a);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) * avc_audit - Audit the granting or denial of permissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) * @ssid: source security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * @tsid: target security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) * @tclass: target security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) * @requested: requested permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) * @avd: access vector decisions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) * @result: result from avc_has_perm_noaudit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) * @a: auxiliary audit data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) * @flags: VFS walk flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) * Audit the granting or denial of permissions in accordance
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) * with the policy. This function is typically called by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) * avc_has_perm() after a permission check, but can also be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) * called directly by callers who use avc_has_perm_noaudit()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) * in order to separate the permission check from the auditing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) * For example, this separation is useful when the permission check must
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) * be performed under a lock, to allow the lock to be released
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) * before calling the auditing code.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) static inline int avc_audit(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) u16 tclass, u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) int result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) struct common_audit_data *a,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) u32 audited, denied;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) audited = avc_audit_required(requested, avd, result, 0, &denied);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) if (likely(!audited))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) /* fall back to ref-walk if we have to generate audit */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if (flags & MAY_NOT_BLOCK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) return -ECHILD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) return slow_avc_audit(state, ssid, tsid, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) requested, audited, denied, result,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) a);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) #define AVC_STRICT 1 /* Ignore permissive mode. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) #define AVC_EXTENDED_PERMS 2 /* update extended permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) #define AVC_NONBLOCKING 4 /* non blocking */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) int avc_has_perm_noaudit(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) u16 tclass, u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) unsigned flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) struct av_decision *avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) int avc_has_perm(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) u16 tclass, u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) struct common_audit_data *auditdata);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) int avc_has_perm_flags(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) u16 tclass, u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) struct common_audit_data *auditdata,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) int flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) int avc_has_extended_perms(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) u32 ssid, u32 tsid, u16 tclass, u32 requested,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) u8 driver, u8 perm, struct common_audit_data *ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) u32 avc_policy_seqno(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) #define AVC_CALLBACK_GRANT 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) #define AVC_CALLBACK_TRY_REVOKE 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) #define AVC_CALLBACK_REVOKE 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) #define AVC_CALLBACK_RESET 8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) #define AVC_CALLBACK_AUDITDENY_ENABLE 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) #define AVC_CALLBACK_AUDITDENY_DISABLE 128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) #define AVC_CALLBACK_ADD_XPERMS 256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) int avc_add_callback(int (*callback)(u32 event), u32 events);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) /* Exported to selinuxfs */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) struct selinux_avc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) int avc_get_hash_stats(struct selinux_avc *avc, char *page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) unsigned int avc_get_cache_threshold(struct selinux_avc *avc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) void avc_set_cache_threshold(struct selinux_avc *avc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) unsigned int cache_threshold);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) /* Attempt to free avc node cache */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) void avc_disable(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) #endif /* _SELINUX_AVC_H_ */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags