^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Implementation of the security services.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Authors : Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * Support for enhanced MLS infrastructure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * Support for context based audit filters.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * Added conditional policy language extensions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * Updated: Hewlett-Packard <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * Added support for NetLabel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * Added support for the policy capability bitmap
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * Updated: Chad Sellers <csellers@tresys.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * Added validation of kernel classes and permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) * Updated: KaiGai Kohei <kaigai@ak.jp.nec.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) * Added support for bounds domain and audit messaged on masked permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) * Updated: Guido Trentalancia <guido@trentalancia.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) * Added support for runtime switching of the policy type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * Copyright (C) 2008, 2009 NEC Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #include <linux/rcupdate.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) #include <linux/in.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) #include <linux/vmalloc.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) #include <net/netlabel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #include "flask.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) #include "avc.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) #include "avc_ss.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) #include "security.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) #include "context.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) #include "policydb.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) #include "sidtab.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) #include "services.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) #include "conditional.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) #include "mls.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) #include "objsec.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) #include "netlabel.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) #include "xfrm.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) #include "ebitmap.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) #include "audit.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) #include "policycap_names.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) #include <trace/hooks/selinux.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) struct convert_context_args {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) struct selinux_state *state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) struct policydb *oldp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) struct policydb *newp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) struct selinux_policy_convert_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) struct convert_context_args args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) struct sidtab_convert_params sidtab_params;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) /* Forward declaration. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) static int context_struct_to_string(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) struct context *context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) char **scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) u32 *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) static int sidtab_entry_to_string(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) struct sidtab *sidtab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) struct sidtab_entry *entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) char **scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) u32 *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) static void context_struct_compute_av(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) struct context *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) struct context *tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) struct extended_perms *xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) static int selinux_set_mapping(struct policydb *pol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) struct security_class_mapping *map,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) struct selinux_map *out_map)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) u16 i, j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) unsigned k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) bool print_unknown_handle = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) /* Find number of classes in the input mapping */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) if (!map)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) i = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) while (map[i].name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) i++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) /* Allocate space for the class records, plus one for class zero */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) if (!out_map->mapping)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) /* Store the raw class and permission values */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) j = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) while (map[j].name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) struct security_class_mapping *p_in = map + (j++);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) struct selinux_mapping *p_out = out_map->mapping + j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) /* An empty class string skips ahead */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) if (!strcmp(p_in->name, "")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) p_out->num_perms = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) p_out->value = string_to_security_class(pol, p_in->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (!p_out->value) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) pr_info("SELinux: Class %s not defined in policy.\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) p_in->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) if (pol->reject_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) p_out->num_perms = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) print_unknown_handle = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) k = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) while (p_in->perms[k]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) /* An empty permission string skips ahead */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) if (!*p_in->perms[k]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) k++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) p_out->perms[k] = string_to_av_perm(pol, p_out->value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) p_in->perms[k]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) if (!p_out->perms[k]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) p_in->perms[k], p_in->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) if (pol->reject_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) print_unknown_handle = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) k++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) p_out->num_perms = k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) if (print_unknown_handle)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) pr_info("SELinux: the above unknown classes and permissions will be %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) pol->allow_unknown ? "allowed" : "denied");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) out_map->size = i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) kfree(out_map->mapping);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) out_map->mapping = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * Get real, policy values from mapped values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) static u16 unmap_class(struct selinux_map *map, u16 tclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) if (tclass < map->size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) return map->mapping[tclass].value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) return tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) * Get kernel value for class from its policy value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) static u16 map_class(struct selinux_map *map, u16 pol_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) u16 i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) for (i = 1; i < map->size; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) if (map->mapping[i].value == pol_value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) return i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) return SECCLASS_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) static void map_decision(struct selinux_map *map,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) u16 tclass, struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) int allow_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) if (tclass < map->size) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) struct selinux_mapping *mapping = &map->mapping[tclass];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) unsigned int i, n = mapping->num_perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) u32 result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) for (i = 0, result = 0; i < n; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) if (avd->allowed & mapping->perms[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) if (allow_unknown && !mapping->perms[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) avd->allowed = result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) for (i = 0, result = 0; i < n; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) if (avd->auditallow & mapping->perms[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) avd->auditallow = result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) for (i = 0, result = 0; i < n; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) if (avd->auditdeny & mapping->perms[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) if (!allow_unknown && !mapping->perms[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) * In case the kernel has a bug and requests a permission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) * between num_perms and the maximum permission number, we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) * should audit that denial
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) for (; i < (sizeof(u32)*8); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) result |= 1<<i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) avd->auditdeny = result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) int security_mls_enabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) int mls_enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) mls_enabled = policy->policydb.mls_enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) return mls_enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) * Return the boolean value of a constraint expression
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) * when it is applied to the specified source and target
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) * security contexts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) * xcontext is a special beast... It is used by the validatetrans rules
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) * only. For these rules, scontext is the context before the transition,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) * tcontext is the context after the transition, and xcontext is the context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) * of the process performing the transition. All other callers of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) * constraint_expr_eval should pass in NULL for xcontext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) static int constraint_expr_eval(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) struct context *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) struct context *tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) struct context *xcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) struct constraint_expr *cexpr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) u32 val1, val2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) struct context *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) struct role_datum *r1, *r2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) struct mls_level *l1, *l2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) struct constraint_expr *e;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) int s[CEXPR_MAXDEPTH];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) int sp = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) for (e = cexpr; e; e = e->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) switch (e->expr_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) case CEXPR_NOT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) BUG_ON(sp < 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) s[sp] = !s[sp];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) case CEXPR_AND:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) BUG_ON(sp < 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) sp--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) s[sp] &= s[sp + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) case CEXPR_OR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) BUG_ON(sp < 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) sp--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) s[sp] |= s[sp + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) case CEXPR_ATTR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) if (sp == (CEXPR_MAXDEPTH - 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) switch (e->attr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) case CEXPR_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) val1 = scontext->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) val2 = tcontext->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) case CEXPR_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) val1 = scontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) val2 = tcontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) case CEXPR_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) val1 = scontext->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) val2 = tcontext->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) r1 = policydb->role_val_to_struct[val1 - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) r2 = policydb->role_val_to_struct[val2 - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) switch (e->op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) case CEXPR_DOM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) s[++sp] = ebitmap_get_bit(&r1->dominates,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) val2 - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) case CEXPR_DOMBY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) s[++sp] = ebitmap_get_bit(&r2->dominates,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) val1 - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) case CEXPR_INCOMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) s[++sp] = (!ebitmap_get_bit(&r1->dominates,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) val2 - 1) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) !ebitmap_get_bit(&r2->dominates,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) val1 - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) case CEXPR_L1L2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) l1 = &(scontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) l2 = &(tcontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) case CEXPR_L1H2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) l1 = &(scontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) l2 = &(tcontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) case CEXPR_H1L2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) l1 = &(scontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) l2 = &(tcontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) case CEXPR_H1H2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) l1 = &(scontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) l2 = &(tcontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) case CEXPR_L1H1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) l1 = &(scontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) l2 = &(scontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) case CEXPR_L2H2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) l1 = &(tcontext->range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) l2 = &(tcontext->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) goto mls_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) mls_ops:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) switch (e->op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) case CEXPR_EQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) s[++sp] = mls_level_eq(l1, l2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) case CEXPR_NEQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) s[++sp] = !mls_level_eq(l1, l2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) case CEXPR_DOM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) s[++sp] = mls_level_dom(l1, l2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) case CEXPR_DOMBY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) s[++sp] = mls_level_dom(l2, l1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) case CEXPR_INCOMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) s[++sp] = mls_level_incomp(l2, l1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) switch (e->op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) case CEXPR_EQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) s[++sp] = (val1 == val2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) case CEXPR_NEQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) s[++sp] = (val1 != val2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) case CEXPR_NAMES:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) if (sp == (CEXPR_MAXDEPTH-1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) c = scontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) if (e->attr & CEXPR_TARGET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) c = tcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) else if (e->attr & CEXPR_XTARGET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) c = xcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) if (!c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) if (e->attr & CEXPR_USER)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) val1 = c->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) else if (e->attr & CEXPR_ROLE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) val1 = c->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) else if (e->attr & CEXPR_TYPE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) val1 = c->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) switch (e->op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) case CEXPR_EQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) case CEXPR_NEQ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) BUG_ON(sp != 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) return s[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) * security_dump_masked_av - dumps masked permissions during
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) * security_compute_av due to RBAC, MLS/Constraint and Type bounds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) static int dump_masked_av_helper(void *k, void *d, void *args)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) struct perm_datum *pdatum = d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) char **permission_names = args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) BUG_ON(pdatum->value < 1 || pdatum->value > 32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) permission_names[pdatum->value - 1] = (char *)k;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) static void security_dump_masked_av(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) struct context *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) struct context *tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) u32 permissions,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) const char *reason)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) struct common_datum *common_dat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) struct class_datum *tclass_dat;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) char *tclass_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) char *scontext_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) char *tcontext_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) char *permission_names[32];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) int index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) u32 length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) bool need_comma = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) if (!permissions)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) tclass_dat = policydb->class_val_to_struct[tclass - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) common_dat = tclass_dat->comdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) /* init permission_names */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) if (common_dat &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) hashtab_map(&common_dat->permissions.table,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) dump_masked_av_helper, permission_names) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) if (hashtab_map(&tclass_dat->permissions.table,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) dump_masked_av_helper, permission_names) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) /* get scontext/tcontext in text form */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) if (context_struct_to_string(policydb, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) &scontext_name, &length) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) if (context_struct_to_string(policydb, tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) &tcontext_name, &length) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) /* audit a message */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) ab = audit_log_start(audit_context(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) GFP_ATOMIC, AUDIT_SELINUX_ERR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) if (!ab)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) audit_log_format(ab, "op=security_compute_av reason=%s "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) "scontext=%s tcontext=%s tclass=%s perms=",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) reason, scontext_name, tcontext_name, tclass_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) for (index = 0; index < 32; index++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) u32 mask = (1 << index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) if ((mask & permissions) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) audit_log_format(ab, "%s%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) need_comma ? "," : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) permission_names[index]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) ? permission_names[index] : "????");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) need_comma = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) /* release scontext/tcontext */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) kfree(tcontext_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) kfree(scontext_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) * security_boundary_permission - drops violated permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) * on boundary constraint.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) static void type_attribute_bounds_av(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) struct context *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) struct context *tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) struct av_decision *avd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) struct context lo_scontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) struct context lo_tcontext, *tcontextp = tcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) struct av_decision lo_avd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) struct type_datum *source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) struct type_datum *target;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) u32 masked = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) source = policydb->type_val_to_struct[scontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) BUG_ON(!source);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) if (!source->bounds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) target = policydb->type_val_to_struct[tcontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) BUG_ON(!target);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) memset(&lo_avd, 0, sizeof(lo_avd));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) lo_scontext.type = source->bounds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) if (target->bounds) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) lo_tcontext.type = target->bounds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) tcontextp = &lo_tcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) context_struct_compute_av(policydb, &lo_scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) tcontextp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) &lo_avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) masked = ~lo_avd.allowed & avd->allowed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) if (likely(!masked))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) return; /* no masked permission */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) /* mask violated permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) avd->allowed &= ~masked;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) /* audit masked permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) security_dump_masked_av(policydb, scontext, tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) tclass, masked, "bounds");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) * flag which drivers have permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) * only looking for ioctl based extended permssions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) void services_compute_xperms_drivers(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) struct extended_perms *xperms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) struct avtab_node *node)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) unsigned int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) /* if one or more driver has all permissions allowed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) for (i = 0; i < ARRAY_SIZE(xperms->drivers.p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) xperms->drivers.p[i] |= node->datum.u.xperms->perms.p[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) /* if allowing permissions within a driver */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) security_xperm_set(xperms->drivers.p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) node->datum.u.xperms->driver);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) /* If no ioctl commands are allowed, ignore auditallow and auditdeny */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) if (node->key.specified & AVTAB_XPERMS_ALLOWED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) xperms->len = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) * Compute access vectors and extended permissions based on a context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) * structure pair for the permissions in a particular class.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) static void context_struct_compute_av(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) struct context *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) struct context *tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) struct extended_perms *xperms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) struct constraint_node *constraint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) struct role_allow *ra;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) struct avtab_key avkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) struct avtab_node *node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) struct class_datum *tclass_datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) struct ebitmap *sattr, *tattr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) struct ebitmap_node *snode, *tnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) unsigned int i, j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) avd->allowed = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) avd->auditallow = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) avd->auditdeny = 0xffffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) if (xperms) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) memset(&xperms->drivers, 0, sizeof(xperms->drivers));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) xperms->len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) if (printk_ratelimit())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) pr_warn("SELinux: Invalid class %hu\n", tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) tclass_datum = policydb->class_val_to_struct[tclass - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) * If a specific type enforcement rule was defined for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) * this permission check, then use it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) avkey.target_class = tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) avkey.specified = AVTAB_AV | AVTAB_XPERMS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) sattr = &policydb->type_attr_map_array[scontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) tattr = &policydb->type_attr_map_array[tcontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) ebitmap_for_each_positive_bit(sattr, snode, i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) ebitmap_for_each_positive_bit(tattr, tnode, j) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) avkey.source_type = i + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) avkey.target_type = j + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) for (node = avtab_search_node(&policydb->te_avtab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) &avkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) node = avtab_search_node_next(node, avkey.specified)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) if (node->key.specified == AVTAB_ALLOWED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) avd->allowed |= node->datum.u.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) else if (node->key.specified == AVTAB_AUDITALLOW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) avd->auditallow |= node->datum.u.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) else if (node->key.specified == AVTAB_AUDITDENY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) avd->auditdeny &= node->datum.u.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) else if (xperms && (node->key.specified & AVTAB_XPERMS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) services_compute_xperms_drivers(xperms, node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) /* Check conditional av table for additional permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) cond_compute_av(&policydb->te_cond_avtab, &avkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) avd, xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) * Remove any permissions prohibited by a constraint (this includes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) * the MLS policy).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) constraint = tclass_datum->constraints;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) while (constraint) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) if ((constraint->permissions & (avd->allowed)) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) !constraint_expr_eval(policydb, scontext, tcontext, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) constraint->expr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) avd->allowed &= ~(constraint->permissions);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) constraint = constraint->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) * If checking process transition permission and the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) * role is changing, then check the (current_role, new_role)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) * pair.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) if (tclass == policydb->process_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) (avd->allowed & policydb->process_trans_perms) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) scontext->role != tcontext->role) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) for (ra = policydb->role_allow; ra; ra = ra->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) if (scontext->role == ra->role &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) tcontext->role == ra->new_role)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) if (!ra)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) avd->allowed &= ~policydb->process_trans_perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) * If the given source and target types have boundary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) * constraint, lazy checks have to mask any violated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) * permission and notice it to userspace via audit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) type_attribute_bounds_av(policydb, scontext, tcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) tclass, avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) static int security_validtrans_handle_fail(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) struct sidtab_entry *oentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) struct sidtab_entry *nentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) struct sidtab_entry *tentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) u16 tclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) struct policydb *p = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) struct sidtab *sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) char *o = NULL, *n = NULL, *t = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) u32 olen, nlen, tlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) if (sidtab_entry_to_string(p, sidtab, oentry, &o, &olen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) if (sidtab_entry_to_string(p, sidtab, nentry, &n, &nlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) if (sidtab_entry_to_string(p, sidtab, tentry, &t, &tlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) "op=security_validate_transition seresult=denied"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) o, n, t, sym_name(p, SYM_CLASSES, tclass-1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) kfree(o);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) kfree(n);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) kfree(t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) if (!enforcing_enabled(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) static int security_compute_validatetrans(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) u32 oldsid, u32 newsid, u32 tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) u16 orig_tclass, bool user)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) struct sidtab_entry *oentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) struct sidtab_entry *nentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) struct sidtab_entry *tentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) struct class_datum *tclass_datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) struct constraint_node *constraint;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) u16 tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) if (!user)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) tclass = unmap_class(&policy->map, orig_tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) tclass = orig_tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) if (!tclass || tclass > policydb->p_classes.nprim) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) tclass_datum = policydb->class_val_to_struct[tclass - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) oentry = sidtab_search_entry(sidtab, oldsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) if (!oentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) __func__, oldsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) nentry = sidtab_search_entry(sidtab, newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) if (!nentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) __func__, newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) tentry = sidtab_search_entry(sidtab, tasksid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) if (!tentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) __func__, tasksid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) constraint = tclass_datum->validatetrans;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) while (constraint) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) if (!constraint_expr_eval(policydb, &oentry->context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) &nentry->context, &tentry->context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) constraint->expr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) if (user)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) rc = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) rc = security_validtrans_handle_fail(state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) oentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) nentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) tentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) constraint = constraint->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) int security_validate_transition_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) u32 oldsid, u32 newsid, u32 tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) u16 tclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) return security_compute_validatetrans(state, oldsid, newsid, tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) tclass, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) int security_validate_transition(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) u32 oldsid, u32 newsid, u32 tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) u16 orig_tclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) return security_compute_validatetrans(state, oldsid, newsid, tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) orig_tclass, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) * security_bounded_transition - check whether the given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) * transition is directed to bounded, or not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) * It returns 0, if @newsid is bounded by @oldsid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) * Otherwise, it returns error code.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) * @oldsid : current security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) * @newsid : destinated security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) int security_bounded_transition(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) u32 old_sid, u32 new_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) struct sidtab_entry *old_entry, *new_entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) struct type_datum *type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) int index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) old_entry = sidtab_search_entry(sidtab, old_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) if (!old_entry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) pr_err("SELinux: %s: unrecognized SID %u\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) __func__, old_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) new_entry = sidtab_search_entry(sidtab, new_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896) if (!new_entry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) pr_err("SELinux: %s: unrecognized SID %u\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) __func__, new_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) /* type/domain unchanged */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) if (old_entry->context.type == new_entry->context.type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) index = new_entry->context.type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) while (true) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) type = policydb->type_val_to_struct[index - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) BUG_ON(!type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) /* not bounded anymore */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) rc = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) if (!type->bounds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) /* @newsid is bounded by @oldsid */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) if (type->bounds == old_entry->context.type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) index = type->bounds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926) char *old_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) char *new_name = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) u32 length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) if (!sidtab_entry_to_string(policydb, sidtab, old_entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) &old_name, &length) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932) !sidtab_entry_to_string(policydb, sidtab, new_entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) &new_name, &length)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) audit_log(audit_context(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) GFP_ATOMIC, AUDIT_SELINUX_ERR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) "op=security_bounded_transition "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) "seresult=denied "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) "oldcontext=%s newcontext=%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) old_name, new_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941) kfree(new_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) kfree(old_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) static void avd_init(struct selinux_policy *policy, struct av_decision *avd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952) avd->allowed = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) avd->auditallow = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) avd->auditdeny = 0xffffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955) if (policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) avd->seqno = policy->latest_granting;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958) avd->seqno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) avd->flags = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) struct avtab_node *node)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) unsigned int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) if (xpermd->driver != node->datum.u.xperms->driver)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) if (!security_xperm_test(node->datum.u.xperms->perms.p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972) xpermd->driver))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) if (node->key.specified == AVTAB_XPERMS_ALLOWED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979) xpermd->used |= XPERMS_ALLOWED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) memset(xpermd->allowed->p, 0xff,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) sizeof(xpermd->allowed->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) for (i = 0; i < ARRAY_SIZE(xpermd->allowed->p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986) xpermd->allowed->p[i] |=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) node->datum.u.xperms->perms.p[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) } else if (node->key.specified == AVTAB_XPERMS_AUDITALLOW) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) xpermd->used |= XPERMS_AUDITALLOW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) memset(xpermd->auditallow->p, 0xff,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) sizeof(xpermd->auditallow->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) for (i = 0; i < ARRAY_SIZE(xpermd->auditallow->p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) xpermd->auditallow->p[i] |=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998) node->datum.u.xperms->perms.p[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) } else if (node->key.specified == AVTAB_XPERMS_DONTAUDIT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) xpermd->used |= XPERMS_DONTAUDIT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) memset(xpermd->dontaudit->p, 0xff,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) sizeof(xpermd->dontaudit->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) for (i = 0; i < ARRAY_SIZE(xpermd->dontaudit->p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) xpermd->dontaudit->p[i] |=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) node->datum.u.xperms->perms.p[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) void security_compute_xperms_decision(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) u16 orig_tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) u8 driver,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) struct extended_perms_decision *xpermd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) u16 tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) struct context *scontext, *tcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) struct avtab_key avkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) struct avtab_node *node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) struct ebitmap *sattr, *tattr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) struct ebitmap_node *snode, *tnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) unsigned int i, j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) xpermd->driver = driver;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) xpermd->used = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) memset(xpermd->allowed->p, 0, sizeof(xpermd->allowed->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) scontext = sidtab_search(sidtab, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) if (!scontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) __func__, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) tcontext = sidtab_search(sidtab, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) if (!tcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) __func__, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) tclass = unmap_class(&policy->map, orig_tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063) if (unlikely(orig_tclass && !tclass)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) if (policydb->allow_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) pr_warn_ratelimited("SELinux: Invalid class %hu\n", tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) avkey.target_class = tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) avkey.specified = AVTAB_XPERMS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) sattr = &policydb->type_attr_map_array[scontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) tattr = &policydb->type_attr_map_array[tcontext->type - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) ebitmap_for_each_positive_bit(sattr, snode, i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) ebitmap_for_each_positive_bit(tattr, tnode, j) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) avkey.source_type = i + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) avkey.target_type = j + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) for (node = avtab_search_node(&policydb->te_avtab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) &avkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) node = avtab_search_node_next(node, avkey.specified))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) services_compute_xperms_decision(xpermd, node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) cond_compute_xperms(&policydb->te_cond_avtab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) &avkey, xpermd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) allow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) * security_compute_av - Compute access vector decisions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) * @ssid: source security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) * @tsid: target security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) * @tclass: target security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106) * @avd: access vector decisions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) * @xperms: extended permissions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) * Compute a set of access vector decisions based on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) * SID pair (@ssid, @tsid) for the permissions in @tclass.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) void security_compute_av(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) u16 orig_tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) struct extended_perms *xperms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) u16 tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) struct context *scontext = NULL, *tcontext = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) avd_init(policy, avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) xperms->len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) scontext = sidtab_search(sidtab, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) if (!scontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) __func__, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) /* permissive domain? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) avd->flags |= AVD_FLAGS_PERMISSIVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) tcontext = sidtab_search(sidtab, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) if (!tcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) __func__, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) tclass = unmap_class(&policy->map, orig_tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) if (unlikely(orig_tclass && !tclass)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) if (policydb->allow_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) map_decision(&policy->map, orig_tclass, avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) policydb->allow_unknown);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) allow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) avd->allowed = 0xffffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) void security_compute_av_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) struct av_decision *avd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180) struct context *scontext = NULL, *tcontext = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184) avd_init(policy, avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) scontext = sidtab_search(sidtab, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) if (!scontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) __func__, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) /* permissive domain? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) avd->flags |= AVD_FLAGS_PERMISSIVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) tcontext = sidtab_search(sidtab, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) if (!tcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) __func__, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) if (unlikely(!tclass)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) if (policydb->allow_unknown)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) goto allow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) allow:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) avd->allowed = 0xffffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) * Write the security context string representation of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) * the context structure `context' into a dynamically
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) * allocated string of the correct size. Set `*scontext'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) * to point to this string and set `*scontext_len' to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) * the length of the string.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) static int context_struct_to_string(struct policydb *p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) struct context *context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) char **scontext, u32 *scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) char *scontextp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) if (scontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) *scontext = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) *scontext_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) if (context->len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) *scontext_len = context->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) if (scontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245) *scontext = kstrdup(context->str, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) if (!(*scontext))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) /* Compute the size of the context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) *scontext_len += strlen(sym_name(p, SYM_USERS, context->user - 1)) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) *scontext_len += strlen(sym_name(p, SYM_ROLES, context->role - 1)) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) *scontext_len += strlen(sym_name(p, SYM_TYPES, context->type - 1)) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) *scontext_len += mls_compute_context_len(p, context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) if (!scontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) /* Allocate space for the context; caller must free this space. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) if (!scontextp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) *scontext = scontextp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) * Copy the user name, role name and type name into the context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) scontextp += sprintf(scontextp, "%s:%s:%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) sym_name(p, SYM_USERS, context->user - 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) sym_name(p, SYM_ROLES, context->role - 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) sym_name(p, SYM_TYPES, context->type - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) mls_sid_to_context(p, context, &scontextp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) *scontextp = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) static int sidtab_entry_to_string(struct policydb *p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) struct sidtab *sidtab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) struct sidtab_entry *entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) char **scontext, u32 *scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) int rc = sidtab_sid2str_get(sidtab, entry, scontext, scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) if (rc != -ENOENT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) rc = context_struct_to_string(p, &entry->context, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) if (!rc && scontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) sidtab_sid2str_put(sidtab, entry, *scontext, *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) #include "initial_sid_to_string.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) int security_sidtab_hash_stats(struct selinux_state *state, char *page)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) pr_err("SELinux: %s: called before initial load_policy\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) rc = sidtab_hash_stats(policy->sidtab, page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) const char *security_get_initial_sid_context(u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) if (unlikely(sid > SECINITSID_NUM))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) return initial_sid_to_string[sid];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) static int security_sid_to_context_core(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) u32 sid, char **scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329) u32 *scontext_len, int force,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) int only_invalid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) struct sidtab_entry *entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) if (scontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) *scontext = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) *scontext_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) if (sid <= SECINITSID_NUM) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) char *scontextp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) const char *s = initial_sid_to_string[sid];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347) if (!s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) *scontext_len = strlen(s) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) if (!scontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) scontextp = kmemdup(s, *scontext_len, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) if (!scontextp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) *scontext = scontextp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) pr_err("SELinux: %s: called before initial "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) "load_policy on unknown SID %d\n", __func__, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) if (force)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) entry = sidtab_search_entry_force(sidtab, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370) entry = sidtab_search_entry(sidtab, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) if (!entry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) __func__, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) if (only_invalid && !entry->context.len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) * security_sid_to_context - Obtain a context for a given SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) * @sid: security identifier, SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392) * @scontext: security context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393) * @scontext_len: length in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) * Write the string representation of the context associated with @sid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) * into a dynamically allocated string of the correct size. Set @scontext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) * to point to this string and set @scontext_len to the length of the string.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) int security_sid_to_context(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) u32 sid, char **scontext, u32 *scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) return security_sid_to_context_core(state, sid, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) scontext_len, 0, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406) int security_sid_to_context_force(struct selinux_state *state, u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) char **scontext, u32 *scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) return security_sid_to_context_core(state, sid, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) scontext_len, 1, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) * security_sid_to_context_inval - Obtain a context for a given SID if it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) * is invalid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) * @sid: security identifier, SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417) * @scontext: security context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) * @scontext_len: length in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) * Write the string representation of the context associated with @sid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) * into a dynamically allocated string of the correct size, but only if the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) * context is invalid in the current policy. Set @scontext to point to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) * this string (or NULL if the context is valid) and set @scontext_len to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424) * the length of the string (or 0 if the context is valid).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) int security_sid_to_context_inval(struct selinux_state *state, u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) char **scontext, u32 *scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) return security_sid_to_context_core(state, sid, scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) scontext_len, 1, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) * Caveat: Mutates scontext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) static int string_to_context_struct(struct policydb *pol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) struct sidtab *sidtabp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) char *scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) struct context *ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) u32 def_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) struct role_datum *role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) struct type_datum *typdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) struct user_datum *usrdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) char *scontextp, *p, oldc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) context_init(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) /* Parse the security context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) scontextp = (char *) scontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) /* Extract the user. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) p = scontextp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) while (*p && *p != ':')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) p++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) if (*p == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) *p++ = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) usrdatum = symtab_search(&pol->p_users, scontextp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) if (!usrdatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) ctx->user = usrdatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) /* Extract role. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) scontextp = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) while (*p && *p != ':')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) p++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) if (*p == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) *p++ = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) role = symtab_search(&pol->p_roles, scontextp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) if (!role)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) ctx->role = role->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486) /* Extract type. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) scontextp = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) while (*p && *p != ':')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) p++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) oldc = *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) *p++ = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) typdatum = symtab_search(&pol->p_types, scontextp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) if (!typdatum || typdatum->attribute)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) ctx->type = typdatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) rc = mls_context_to_sid(pol, oldc, p, ctx, sidtabp, def_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) /* Check the validity of the new context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) if (!policydb_context_isvalid(pol, ctx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) context_destroy(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) static int security_context_to_sid_core(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) u32 *sid, u32 def_sid, gfp_t gfp_flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517) int force)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) char *scontext2, *str = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) struct context context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) /* An empty security context is never valid. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) if (!scontext_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) /* Copy the string to allow changes and ensure a NUL terminator */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) if (!scontext2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) for (i = 1; i < SECINITSID_NUM; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) const char *s = initial_sid_to_string[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) if (s && !strcmp(s, scontext2)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) *sid = i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) *sid = SECINITSID_KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549) *sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) if (force) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) /* Save another copy for storing in uninterpreted form */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554) str = kstrdup(scontext2, gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) if (!str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) rc = string_to_context_struct(policydb, sidtab, scontext2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) &context, def_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) if (rc == -EINVAL && force) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) context.str = str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) context.len = strlen(str) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) str = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) } else if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) rc = sidtab_context_to_sid(sidtab, &context, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) if (context.str) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) str = context.str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) context.str = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) context_destroy(&context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) context_destroy(&context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) kfree(scontext2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) kfree(str);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) * security_context_to_sid - Obtain a SID for a given security context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592) * @scontext: security context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) * @scontext_len: length in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) * @sid: security identifier, SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) * @gfp: context for the allocation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) * Obtains a SID associated with the security context that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) * has the string representation specified by @scontext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599) * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) * memory is available, or 0 on success.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) int security_context_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) const char *scontext, u32 scontext_len, u32 *sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) gfp_t gfp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) return security_context_to_sid_core(state, scontext, scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) sid, SECSID_NULL, gfp, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610) int security_context_str_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) const char *scontext, u32 *sid, gfp_t gfp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613) return security_context_to_sid(state, scontext, strlen(scontext),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614) sid, gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) * security_context_to_sid_default - Obtain a SID for a given security context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) * falling back to specified default if needed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) * @scontext: security context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) * @scontext_len: length in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623) * @sid: security identifier, SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) * @def_sid: default SID to assign on error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626) * Obtains a SID associated with the security context that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) * has the string representation specified by @scontext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628) * The default SID is passed to the MLS layer to be used to allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) * kernel labeling of the MLS field if the MLS field is not present
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) * (for upgrading to MLS without full relabel).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) * Implicitly forces adding of the context even if it cannot be mapped yet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) * memory is available, or 0 on success.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) int security_context_to_sid_default(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) u32 *sid, u32 def_sid, gfp_t gfp_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) return security_context_to_sid_core(state, scontext, scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) sid, def_sid, gfp_flags, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) int security_context_to_sid_force(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) return security_context_to_sid_core(state, scontext, scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) sid, SECSID_NULL, GFP_KERNEL, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) static int compute_sid_handle_invalid_context(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653) struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) struct sidtab_entry *sentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) struct sidtab_entry *tentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) struct context *newcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) struct policydb *policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) struct sidtab *sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) char *s = NULL, *t = NULL, *n = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) u32 slen, tlen, nlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) if (context_struct_to_string(policydb, newcontext, &n, &nlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671) ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) audit_log_format(ab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) "op=security_compute_sid invalid_context=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674) /* no need to record the NUL with untrusted strings */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) audit_log_n_untrustedstring(ab, n, nlen - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) kfree(s);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) kfree(t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) kfree(n);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) if (!enforcing_enabled(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) static void filename_compute_type(struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689) struct context *newcontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) u32 stype, u32 ttype, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) const char *objname)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) struct filename_trans_key ft;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) struct filename_trans_datum *datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) * Most filename trans rules are going to live in specific directories
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) * like /dev or /var/run. This bitmap will quickly skip rule searches
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) * if the ttype does not contain any rules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) ft.ttype = ttype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) ft.tclass = tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) ft.name = objname;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708) datum = policydb_filenametr_search(policydb, &ft);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) while (datum) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) newcontext->type = datum->otype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) datum = datum->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) static int security_compute_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) u16 orig_tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) u32 specified,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) const char *objname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) u32 *out_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) bool kern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) struct class_datum *cladatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) struct context *scontext, *tcontext, newcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) struct sidtab_entry *sentry, *tentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) struct avtab_key avkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) struct avtab_datum *avdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735) struct avtab_node *node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) u16 tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) bool sock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) switch (orig_tclass) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) case SECCLASS_PROCESS: /* kernel value */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) *out_sid = ssid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) *out_sid = tsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) cladatum = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) context_init(&newcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760) if (kern) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) tclass = unmap_class(&policy->map, orig_tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) sock = security_is_socket_class(orig_tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) tclass = orig_tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765) sock = security_is_socket_class(map_class(&policy->map,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) tclass));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) sentry = sidtab_search_entry(sidtab, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) if (!sentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) __func__, ssid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) tentry = sidtab_search_entry(sidtab, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) if (!tentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) __func__, tsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) scontext = &sentry->context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) tcontext = &tentry->context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) if (tclass && tclass <= policydb->p_classes.nprim)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) cladatum = policydb->class_val_to_struct[tclass - 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793) /* Set the user identity. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794) switch (specified) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) case AVTAB_TRANSITION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796) case AVTAB_CHANGE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) if (cladatum && cladatum->default_user == DEFAULT_TARGET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) newcontext.user = tcontext->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800) /* notice this gets both DEFAULT_SOURCE and unset */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) /* Use the process user identity. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) newcontext.user = scontext->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) case AVTAB_MEMBER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) /* Use the related object owner. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) newcontext.user = tcontext->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) /* Set the role to default values. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) if (cladatum && cladatum->default_role == DEFAULT_SOURCE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813) newcontext.role = scontext->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) } else if (cladatum && cladatum->default_role == DEFAULT_TARGET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) newcontext.role = tcontext->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) if ((tclass == policydb->process_class) || sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818) newcontext.role = scontext->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) newcontext.role = OBJECT_R_VAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823) /* Set the type to default values. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) newcontext.type = scontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827) newcontext.type = tcontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) if ((tclass == policydb->process_class) || sock) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830) /* Use the type of process. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) newcontext.type = scontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) /* Use the type of the related object. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) newcontext.type = tcontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) /* Look for a type transition/member/change rule. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) avkey.source_type = scontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) avkey.target_type = tcontext->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) avkey.target_class = tclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) avkey.specified = specified;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843) avdatum = avtab_search(&policydb->te_avtab, &avkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) /* If no permanent rule, also check for enabled conditional rules */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) if (!avdatum) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) for (; node; node = avtab_search_node_next(node, specified)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) if (node->key.specified & AVTAB_ENABLED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) avdatum = &node->datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) if (avdatum) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) /* Use the type from the type transition/member/change rule. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) newcontext.type = avdatum->u.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) /* if we have a objname this is a file trans check so check those rules */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) if (objname)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) filename_compute_type(policydb, &newcontext, scontext->type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) tcontext->type, tclass, objname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) /* Check for class-specific changes. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) if (specified & AVTAB_TRANSITION) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) /* Look for a role transition rule. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869) struct role_trans_datum *rtd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) struct role_trans_key rtk = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) .role = scontext->role,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) .type = tcontext->type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) .tclass = tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) rtd = policydb_roletr_search(policydb, &rtk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) if (rtd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) newcontext.role = rtd->new_role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) /* Set the MLS attributes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) This is done last because it may allocate memory. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883) rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) &newcontext, sock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) /* Check the validity of the context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889) if (!policydb_context_isvalid(policydb, &newcontext)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) rc = compute_sid_handle_invalid_context(state, policy, sentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) tentry, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892) &newcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) /* Obtain the sid for the context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) context_destroy(&newcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905) context_destroy(&newcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) * security_transition_sid - Compute the SID for a new subject/object.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) * @ssid: source security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913) * @tsid: target security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) * @tclass: target security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) * @out_sid: security identifier for new subject/object
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) * Compute a SID to use for labeling a new subject or object in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) * class @tclass based on a SID pair (@ssid, @tsid).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) * if insufficient memory is available, or %0 if the new SID was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) * computed successfully.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) int security_transition_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) const struct qstr *qstr, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) return security_compute_sid(state, ssid, tsid, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) AVTAB_TRANSITION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) qstr ? qstr->name : NULL, out_sid, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) int security_transition_sid_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) const char *objname, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) return security_compute_sid(state, ssid, tsid, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) AVTAB_TRANSITION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) objname, out_sid, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) * security_member_sid - Compute the SID for member selection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) * @ssid: source security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) * @tsid: target security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) * @tclass: target security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) * @out_sid: security identifier for selected member
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948) * Compute a SID to use when selecting a member of a polyinstantiated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) * object of class @tclass based on a SID pair (@ssid, @tsid).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) * if insufficient memory is available, or %0 if the SID was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) * computed successfully.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) int security_member_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) return security_compute_sid(state, ssid, tsid, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) AVTAB_MEMBER, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) out_sid, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) * security_change_sid - Compute the SID for object relabeling.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) * @ssid: source security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) * @tsid: target security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) * @tclass: target security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) * @out_sid: security identifier for selected member
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) * Compute a SID to use for relabeling an object of class @tclass
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) * based on a SID pair (@ssid, @tsid).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) * if insufficient memory is available, or %0 if the SID was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976) * computed successfully.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978) int security_change_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) u32 ssid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) return security_compute_sid(state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) ssid, tsid, tclass, AVTAB_CHANGE, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) out_sid, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) static inline int convert_context_handle_invalid_context(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) struct policydb *policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) struct context *context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) char *s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997) if (enforcing_enabled(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000) if (!context_struct_to_string(policydb, context, &s, &len)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) pr_warn("SELinux: Context %s would be invalid if enforcing\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) s);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) kfree(s);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009) * Convert the values in the security context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) * structure `oldc' from the values specified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) * in the policy `p->oldp' to the values specified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012) * in the policy `p->newp', storing the new context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013) * in `newc'. Verify that the context is valid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) * under the new policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) static int convert_context(struct context *oldc, struct context *newc, void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) struct convert_context_args *args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) struct ocontext *oc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) struct role_datum *role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021) struct type_datum *typdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) struct user_datum *usrdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) char *s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) args = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) if (oldc->str) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030) s = kstrdup(oldc->str, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) if (!s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) rc = string_to_context_struct(args->newp, NULL, s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035) newc, SECSID_NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) if (rc == -EINVAL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038) * Retain string representation for later mapping.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040) * IMPORTANT: We need to copy the contents of oldc->str
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) * back into s again because string_to_context_struct()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042) * may have garbled it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044) memcpy(s, oldc->str, oldc->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) context_init(newc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) newc->str = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2047) newc->len = oldc->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2048) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2049) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2050) kfree(s);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2051) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2052) /* Other error condition, e.g. ENOMEM. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2053) pr_err("SELinux: Unable to map context %s, rc = %d.\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2054) oldc->str, -rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2055) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2056) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2057) pr_info("SELinux: Context %s became valid (mapped).\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2058) oldc->str);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2059) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2060) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2061)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2062) context_init(newc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2064) /* Convert the user. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2065) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2066) usrdatum = symtab_search(&args->newp->p_users,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2067) sym_name(args->oldp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2068) SYM_USERS, oldc->user - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2069) if (!usrdatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2070) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2071) newc->user = usrdatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2072)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2073) /* Convert the role. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2074) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2075) role = symtab_search(&args->newp->p_roles,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2076) sym_name(args->oldp, SYM_ROLES, oldc->role - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2077) if (!role)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2078) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2079) newc->role = role->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2080)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2081) /* Convert the type. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2082) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2083) typdatum = symtab_search(&args->newp->p_types,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2084) sym_name(args->oldp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2085) SYM_TYPES, oldc->type - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2086) if (!typdatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2087) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2088) newc->type = typdatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2089)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2090) /* Convert the MLS fields if dealing with MLS policies */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2091) if (args->oldp->mls_enabled && args->newp->mls_enabled) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2092) rc = mls_convert_context(args->oldp, args->newp, oldc, newc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2093) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2094) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2095) } else if (!args->oldp->mls_enabled && args->newp->mls_enabled) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2096) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2097) * Switching between non-MLS and MLS policy:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2098) * ensure that the MLS fields of the context for all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2099) * existing entries in the sidtab are filled in with a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2100) * suitable default value, likely taken from one of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2101) * initial SIDs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2102) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2103) oc = args->newp->ocontexts[OCON_ISID];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2104) while (oc && oc->sid[0] != SECINITSID_UNLABELED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2105) oc = oc->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2106) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2107) if (!oc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2108) pr_err("SELinux: unable to look up"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2109) " the initial SIDs list\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2110) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2111) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2112) rc = mls_range_set(newc, &oc->context[0].range);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2113) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2114) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2117) /* Check the validity of the new context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2118) if (!policydb_context_isvalid(args->newp, newc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2119) rc = convert_context_handle_invalid_context(args->state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2120) args->oldp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2121) oldc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2122) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2123) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2125)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2126) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2127) bad:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2128) /* Map old representation to string and save it. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2129) rc = context_struct_to_string(args->oldp, oldc, &s, &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2130) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2131) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2132) context_destroy(newc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2133) newc->str = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2134) newc->len = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2135) pr_info("SELinux: Context %s became invalid (unmapped).\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2136) newc->str);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2137) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2140) static void security_load_policycaps(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2141) struct selinux_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2142) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2143) struct policydb *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2144) unsigned int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2145) struct ebitmap_node *node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2146)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2147) p = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2149) for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2150) WRITE_ONCE(state->policycap[i],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2151) ebitmap_get_bit(&p->policycaps, i));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2153) for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2154) pr_info("SELinux: policy capability %s=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2155) selinux_policycap_names[i],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2156) ebitmap_get_bit(&p->policycaps, i));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2158) ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2159) if (i >= ARRAY_SIZE(selinux_policycap_names))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2160) pr_info("SELinux: unknown policy capability %u\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2161) i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2164) state->android_netlink_route = p->android_netlink_route;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2165) state->android_netlink_getneigh = p->android_netlink_getneigh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2166) selinux_nlmsg_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2169) static int security_preserve_bools(struct selinux_policy *oldpolicy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2170) struct selinux_policy *newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2172) static void selinux_policy_free(struct selinux_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2173) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2174) if (!policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2175) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2176)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2177) sidtab_destroy(policy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2178) kfree(policy->map.mapping);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2179) policydb_destroy(&policy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2180) kfree(policy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2181) kfree(policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2182) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2184) static void selinux_policy_cond_free(struct selinux_policy *policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2185) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2186) cond_policydb_destroy_dup(&policy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2187) kfree(policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2188) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2189)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2190) void selinux_policy_cancel(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2191) struct selinux_load_state *load_state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2192) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2193) struct selinux_policy *oldpolicy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2195) oldpolicy = rcu_dereference_protected(state->policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2196) lockdep_is_held(&state->policy_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2197)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2198) sidtab_cancel_convert(oldpolicy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2199) selinux_policy_free(load_state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2200) kfree(load_state->convert_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2201) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2203) static void selinux_notify_policy_change(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2204) u32 seqno)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2205) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2206) /* Flush external caches and notify userspace of policy load */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2207) avc_ss_reset(state->avc, seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2208) selnl_notify_policyload(seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2209) selinux_status_update_policyload(state, seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2210) selinux_netlbl_cache_invalidate();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2211) selinux_xfrm_notify_policyload();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2214) void selinux_policy_commit(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2215) struct selinux_load_state *load_state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2216) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2217) struct selinux_policy *oldpolicy, *newpolicy = load_state->policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2218) unsigned long flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2219) u32 seqno;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2221) oldpolicy = rcu_dereference_protected(state->policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2222) lockdep_is_held(&state->policy_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2224) /* If switching between different policy types, log MLS status */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2225) if (oldpolicy) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2226) if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2227) pr_info("SELinux: Disabling MLS support...\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2228) else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2229) pr_info("SELinux: Enabling MLS support...\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2232) /* Set latest granting seqno for new policy. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2233) if (oldpolicy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2234) newpolicy->latest_granting = oldpolicy->latest_granting + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2235) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2236) newpolicy->latest_granting = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2237) seqno = newpolicy->latest_granting;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2238)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2239) /* Install the new policy. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2240) if (oldpolicy) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2241) sidtab_freeze_begin(oldpolicy->sidtab, &flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2242) rcu_assign_pointer(state->policy, newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2243) sidtab_freeze_end(oldpolicy->sidtab, &flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2244) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2245) rcu_assign_pointer(state->policy, newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2246) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2248) /* Load the policycaps from the new policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2249) security_load_policycaps(state, newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2251) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2252) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2253) * After first policy load, the security server is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2254) * marked as initialized and ready to handle requests and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2255) * any objects created prior to policy load are then labeled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2256) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2257) selinux_mark_initialized(state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2258) selinux_complete_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2259) trace_android_vh_selinux_is_initialized(state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2260) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2262) /* Free the old policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2263) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2264) selinux_policy_free(oldpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2265) kfree(load_state->convert_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2267) /* Notify others of the policy change */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2268) selinux_notify_policy_change(state, seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2269) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2270)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2271) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2272) * security_load_policy - Load a security policy configuration.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2273) * @data: binary policy data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2274) * @len: length of data in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2275) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2276) * Load a new set of security policy configuration data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2277) * validate it and convert the SID table as necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2278) * This function will flush the access vector cache after
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2279) * loading the new policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2280) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2281) int security_load_policy(struct selinux_state *state, void *data, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2282) struct selinux_load_state *load_state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2283) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2284) struct selinux_policy *newpolicy, *oldpolicy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2285) struct selinux_policy_convert_data *convert_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2286) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2287) struct policy_file file = { data, len }, *fp = &file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2289) newpolicy = kzalloc(sizeof(*newpolicy), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2290) if (!newpolicy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2291) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2293) newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2294) if (!newpolicy->sidtab) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2295) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2296) goto err_policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2297) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2299) rc = policydb_read(&newpolicy->policydb, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2300) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2301) goto err_sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2303) newpolicy->policydb.len = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2304) rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2305) &newpolicy->map);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2306) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2307) goto err_policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2309) rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2310) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2311) pr_err("SELinux: unable to load the initial SIDs\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2312) goto err_mapping;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2313) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2315) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2316) /* First policy load, so no need to preserve state from old policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2317) load_state->policy = newpolicy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2318) load_state->convert_data = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2319) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2320) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2321)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2322) oldpolicy = rcu_dereference_protected(state->policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2323) lockdep_is_held(&state->policy_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2324)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2325) /* Preserve active boolean values from the old policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2326) rc = security_preserve_bools(oldpolicy, newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2327) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2328) pr_err("SELinux: unable to preserve booleans\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2329) goto err_free_isids;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2330) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2332) convert_data = kmalloc(sizeof(*convert_data), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2333) if (!convert_data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2334) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2335) goto err_free_isids;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2336) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2338) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2339) * Convert the internal representations of contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2340) * in the new SID table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2341) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2342) convert_data->args.state = state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2343) convert_data->args.oldp = &oldpolicy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2344) convert_data->args.newp = &newpolicy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2345)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2346) convert_data->sidtab_params.func = convert_context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2347) convert_data->sidtab_params.args = &convert_data->args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2348) convert_data->sidtab_params.target = newpolicy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2349)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2350) rc = sidtab_convert(oldpolicy->sidtab, &convert_data->sidtab_params);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2351) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2352) pr_err("SELinux: unable to convert the internal"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2353) " representation of contexts in the new SID"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2354) " table\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2355) goto err_free_convert_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2356) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2357)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2358) load_state->policy = newpolicy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2359) load_state->convert_data = convert_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2360) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2361)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2362) err_free_convert_data:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2363) kfree(convert_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2364) err_free_isids:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2365) sidtab_destroy(newpolicy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2366) err_mapping:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2367) kfree(newpolicy->map.mapping);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2368) err_policydb:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2369) policydb_destroy(&newpolicy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2370) err_sidtab:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2371) kfree(newpolicy->sidtab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2372) err_policy:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2373) kfree(newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2375) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2376) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2377)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2378) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2379) * ocontext_to_sid - Helper to safely get sid for an ocontext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2380) * @sidtab: SID table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2381) * @c: ocontext structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2382) * @index: index of the context entry (0 or 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2383) * @out_sid: pointer to the resulting SID value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2384) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2385) * For all ocontexts except OCON_ISID the SID fields are populated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2386) * on-demand when needed. Since updating the SID value is an SMP-sensitive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2387) * operation, this helper must be used to do that safely.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2388) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2389) * WARNING: This function may return -ESTALE, indicating that the caller
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2390) * must retry the operation after re-acquiring the policy pointer!
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2391) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2392) static int ocontext_to_sid(struct sidtab *sidtab, struct ocontext *c,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2393) size_t index, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2394) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2395) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2396) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2397)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2398) /* Ensure the associated sidtab entry is visible to this thread. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2399) sid = smp_load_acquire(&c->sid[index]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2400) if (!sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2401) rc = sidtab_context_to_sid(sidtab, &c->context[index], &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2402) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2403) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2404)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2405) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2406) * Ensure the new sidtab entry is visible to other threads
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2407) * when they see the SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2408) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2409) smp_store_release(&c->sid[index], sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2410) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2411) *out_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2412) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2413) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2414)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2415) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2416) * security_port_sid - Obtain the SID for a port.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2417) * @protocol: protocol number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2418) * @port: port number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2419) * @out_sid: security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2420) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2421) int security_port_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2422) u8 protocol, u16 port, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2423) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2424) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2425) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2426) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2427) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2428) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2430) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2431) *out_sid = SECINITSID_PORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2432) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2433) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2434)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2435) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2436) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2437) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2438) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2439) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2440) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2441)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2442) c = policydb->ocontexts[OCON_PORT];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2443) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2444) if (c->u.port.protocol == protocol &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2445) c->u.port.low_port <= port &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2446) c->u.port.high_port >= port)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2447) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2448) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2449) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2451) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2452) rc = ocontext_to_sid(sidtab, c, 0, out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2453) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2454) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2455) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2456) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2457) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2458) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2459) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2460) *out_sid = SECINITSID_PORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2461) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2463) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2464) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2465) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2468) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2469) * security_pkey_sid - Obtain the SID for a pkey.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2470) * @subnet_prefix: Subnet Prefix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2471) * @pkey_num: pkey number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2472) * @out_sid: security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2473) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2474) int security_ib_pkey_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2475) u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2476) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2477) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2478) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2479) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2480) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2481) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2483) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2484) *out_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2485) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2486) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2488) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2489) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2490) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2491) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2492) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2493) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2495) c = policydb->ocontexts[OCON_IBPKEY];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2496) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2497) if (c->u.ibpkey.low_pkey <= pkey_num &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2498) c->u.ibpkey.high_pkey >= pkey_num &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2499) c->u.ibpkey.subnet_prefix == subnet_prefix)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2500) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2501)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2502) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2503) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2504)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2505) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2506) rc = ocontext_to_sid(sidtab, c, 0, out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2507) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2508) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2509) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2510) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2511) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2512) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2513) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2514) *out_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2516) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2517) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2518) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2519) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2521) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2522) * security_ib_endport_sid - Obtain the SID for a subnet management interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2523) * @dev_name: device name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2524) * @port: port number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2525) * @out_sid: security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2526) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2527) int security_ib_endport_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2528) const char *dev_name, u8 port_num, u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2529) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2530) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2531) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2532) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2533) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2534) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2536) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2537) *out_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2538) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2539) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2540)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2541) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2542) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2543) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2544) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2545) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2546) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2548) c = policydb->ocontexts[OCON_IBENDPORT];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2549) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2550) if (c->u.ibendport.port == port_num &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2551) !strncmp(c->u.ibendport.dev_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2552) dev_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2553) IB_DEVICE_NAME_MAX))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2554) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2556) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2557) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2558)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2559) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2560) rc = ocontext_to_sid(sidtab, c, 0, out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2561) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2562) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2563) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2565) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2566) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2567) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2568) *out_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2569)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2570) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2571) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2572) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2573) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2575) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2576) * security_netif_sid - Obtain the SID for a network interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2577) * @name: interface name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2578) * @if_sid: interface SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2579) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2580) int security_netif_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2581) char *name, u32 *if_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2582) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2583) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2584) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2585) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2586) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2587) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2589) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2590) *if_sid = SECINITSID_NETIF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2591) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2592) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2594) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2595) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2596) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2597) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2598) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2599) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2600)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2601) c = policydb->ocontexts[OCON_NETIF];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2602) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2603) if (strcmp(name, c->u.name) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2604) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2605) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2606) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2607)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2608) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2609) rc = ocontext_to_sid(sidtab, c, 0, if_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2610) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2611) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2612) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2613) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2614) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2615) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2616) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2617) *if_sid = SECINITSID_NETIF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2618)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2619) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2620) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2621) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2624) static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2625) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2626) int i, fail = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2627)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2628) for (i = 0; i < 4; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2629) if (addr[i] != (input[i] & mask[i])) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2630) fail = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2631) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2632) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2634) return !fail;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2635) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2636)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2637) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2638) * security_node_sid - Obtain the SID for a node (host).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2639) * @domain: communication domain aka address family
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2640) * @addrp: address
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2641) * @addrlen: address length in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2642) * @out_sid: security identifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2643) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2644) int security_node_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2645) u16 domain,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2646) void *addrp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2647) u32 addrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2648) u32 *out_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2649) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2650) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2651) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2652) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2653) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2654) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2655)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2656) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2657) *out_sid = SECINITSID_NODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2658) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2659) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2660)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2661) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2662) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2663) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2664) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2665) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2666)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2667) switch (domain) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2668) case AF_INET: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2669) u32 addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2670)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2671) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2672) if (addrlen != sizeof(u32))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2673) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2675) addr = *((u32 *)addrp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2677) c = policydb->ocontexts[OCON_NODE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2678) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2679) if (c->u.node.addr == (addr & c->u.node.mask))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2680) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2681) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2682) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2683) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2685)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2686) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2687) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2688) if (addrlen != sizeof(u64) * 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2689) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2690) c = policydb->ocontexts[OCON_NODE6];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2691) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2692) if (match_ipv6_addrmask(addrp, c->u.node6.addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2693) c->u.node6.mask))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2694) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2695) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2696) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2697) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2699) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2700) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2701) *out_sid = SECINITSID_NODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2702) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2703) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2705) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2706) rc = ocontext_to_sid(sidtab, c, 0, out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2707) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2708) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2709) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2710) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2711) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2712) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2713) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2714) *out_sid = SECINITSID_NODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2717) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2718) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2719) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2720) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2721) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2722)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2723) #define SIDS_NEL 25
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2724)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2725) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2726) * security_get_user_sids - Obtain reachable SIDs for a user.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2727) * @fromsid: starting SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2728) * @username: username
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2729) * @sids: array of reachable SIDs for user
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2730) * @nel: number of elements in @sids
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2731) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2732) * Generate the set of SIDs for legal security contexts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2733) * for a given user that can be reached by @fromsid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2734) * Set *@sids to point to a dynamically allocated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2735) * array containing the set of SIDs. Set *@nel to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2736) * number of elements in the array.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2737) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2738)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2739) int security_get_user_sids(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2740) u32 fromsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2741) char *username,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2742) u32 **sids,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2743) u32 *nel)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2744) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2745) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2746) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2747) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2748) struct context *fromcon, usercon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2749) u32 *mysids = NULL, *mysids2, sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2750) u32 i, j, mynel, maxnel = SIDS_NEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2751) struct user_datum *user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2752) struct role_datum *role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2753) struct ebitmap_node *rnode, *tnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2754) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2756) *sids = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2757) *nel = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2759) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2760) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2761)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2762) mysids = kcalloc(maxnel, sizeof(*mysids), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2763) if (!mysids)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2764) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2766) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2767) mynel = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2768) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2769) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2770) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2771) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2772)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2773) context_init(&usercon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2774)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2775) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2776) fromcon = sidtab_search(sidtab, fromsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2777) if (!fromcon)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2778) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2779)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2780) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2781) user = symtab_search(&policydb->p_users, username);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2782) if (!user)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2783) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2785) usercon.user = user->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2786)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2787) ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2788) role = policydb->role_val_to_struct[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2789) usercon.role = i + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2790) ebitmap_for_each_positive_bit(&role->types, tnode, j) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2791) usercon.type = j + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2792)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2793) if (mls_setup_user_range(policydb, fromcon, user,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2794) &usercon))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2795) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2797) rc = sidtab_context_to_sid(sidtab, &usercon, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2798) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2799) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2800) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2801) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2802) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2803) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2804) if (mynel < maxnel) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2805) mysids[mynel++] = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2806) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2807) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2808) maxnel += SIDS_NEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2809) mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2810) if (!mysids2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2811) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2812) memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2813) kfree(mysids);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2814) mysids = mysids2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2815) mysids[mynel++] = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2816) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2817) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2818) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2819) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2820) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2821) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2822) if (rc || !mynel) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2823) kfree(mysids);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2824) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2825) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2826)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2827) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2828) mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2829) if (!mysids2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2830) kfree(mysids);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2831) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2832) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2833) for (i = 0, j = 0; i < mynel; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2834) struct av_decision dummy_avd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2835) rc = avc_has_perm_noaudit(state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2836) fromsid, mysids[i],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2837) SECCLASS_PROCESS, /* kernel value */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2838) PROCESS__TRANSITION, AVC_STRICT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2839) &dummy_avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2840) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2841) mysids2[j++] = mysids[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2842) cond_resched();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2843) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2844) kfree(mysids);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2845) *sids = mysids2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2846) *nel = j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2847) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2848) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2850) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2851) * __security_genfs_sid - Helper to obtain a SID for a file in a filesystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2852) * @fstype: filesystem type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2853) * @path: path from root of mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2854) * @sclass: file security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2855) * @sid: SID for path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2856) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2857) * Obtain a SID to use for a file in a filesystem that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2858) * cannot support xattr or use a fixed labeling behavior like
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2859) * transition SIDs or task SIDs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2860) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2861) * WARNING: This function may return -ESTALE, indicating that the caller
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2862) * must retry the operation after re-acquiring the policy pointer!
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2863) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2864) static inline int __security_genfs_sid(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2865) const char *fstype,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2866) char *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2867) u16 orig_sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2868) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2869) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2870) struct policydb *policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2871) struct sidtab *sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2872) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2873) u16 sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2874) struct genfs *genfs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2875) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2876) int cmp = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2878) while (path[0] == '/' && path[1] == '/')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2879) path++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2881) sclass = unmap_class(&policy->map, orig_sclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2882) *sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2884) for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2885) cmp = strcmp(fstype, genfs->fstype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2886) if (cmp <= 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2887) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2888) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2889)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2890) if (!genfs || cmp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2891) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2892)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2893) for (c = genfs->head; c; c = c->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2894) len = strlen(c->u.name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2895) if ((!c->v.sclass || sclass == c->v.sclass) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2896) (strncmp(c->u.name, path, len) == 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2897) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2898) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2899)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2900) if (!c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2901) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2902)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2903) return ocontext_to_sid(sidtab, c, 0, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2904) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2906) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2907) * security_genfs_sid - Obtain a SID for a file in a filesystem
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2908) * @fstype: filesystem type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2909) * @path: path from root of mount
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2910) * @sclass: file security class
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2911) * @sid: SID for path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2912) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2913) * Acquire policy_rwlock before calling __security_genfs_sid() and release
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2914) * it afterward.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2915) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2916) int security_genfs_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2917) const char *fstype,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2918) char *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2919) u16 orig_sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2920) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2921) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2922) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2923) int retval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2924)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2925) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2926) *sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2927) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2928) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2929)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2930) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2931) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2932) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2933) retval = __security_genfs_sid(policy, fstype, path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2934) orig_sclass, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2935) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2936) } while (retval == -ESTALE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2937) return retval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2938) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2939)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2940) int selinux_policy_genfs_sid(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2941) const char *fstype,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2942) char *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2943) u16 orig_sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2944) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2945) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2946) /* no lock required, policy is not yet accessible by other threads */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2947) return __security_genfs_sid(policy, fstype, path, orig_sclass, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2948) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2949)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2950) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2951) * security_fs_use - Determine how to handle labeling for a filesystem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2952) * @sb: superblock in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2953) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2954) int security_fs_use(struct selinux_state *state, struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2955) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2956) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2957) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2958) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2959) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2960) struct ocontext *c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2961) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2962) const char *fstype = sb->s_type->name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2963)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2964) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2965) sbsec->behavior = SECURITY_FS_USE_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2966) sbsec->sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2967) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2968) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2969)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2970) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2971) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2972) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2973) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2974) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2975) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2976)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2977) c = policydb->ocontexts[OCON_FSUSE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2978) while (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2979) if (strcmp(fstype, c->u.name) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2980) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2981) c = c->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2982) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2983)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2984) if (c) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2985) sbsec->behavior = c->v.behavior;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2986) rc = ocontext_to_sid(sidtab, c, 0, &sbsec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2987) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2988) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2989) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2990) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2991) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2992) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2993) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2994) rc = __security_genfs_sid(policy, fstype, "/",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2995) SECCLASS_DIR, &sbsec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2996) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2997) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2998) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2999) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3000) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3001) sbsec->behavior = SECURITY_FS_USE_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3002) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3003) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3004) sbsec->behavior = SECURITY_FS_USE_GENFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3005) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3006) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3008) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3009) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3010) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3011) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3013) int security_get_bools(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3014) u32 *len, char ***names, int **values)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3015) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3016) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3017) u32 i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3018) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3019)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3020) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3021)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3022) *names = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3023) *values = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3024)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3025) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3026) *len = policydb->p_bools.nprim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3027) if (!*len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3028) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3029)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3030) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3031) *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3032) if (!*names)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3033) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3034)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3035) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3036) *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3037) if (!*values)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3038) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3039)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3040) for (i = 0; i < *len; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3041) (*values)[i] = policydb->bool_val_to_struct[i]->state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3043) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3044) (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3045) GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3046) if (!(*names)[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3047) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3048) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3049) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3050) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3051) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3052) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3053) if (*names) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3054) for (i = 0; i < *len; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3055) kfree((*names)[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3056) kfree(*names);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3058) kfree(*values);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3059) *len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3060) *names = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3061) *values = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3062) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3063) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3064)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3065)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3066) int security_set_bools(struct selinux_state *state, u32 len, int *values)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3067) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3068) struct selinux_policy *newpolicy, *oldpolicy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3069) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3070) u32 i, seqno = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3071)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3072) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3073) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3074)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3075) oldpolicy = rcu_dereference_protected(state->policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3076) lockdep_is_held(&state->policy_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3077)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3078) /* Consistency check on number of booleans, should never fail */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3079) if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3080) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3081)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3082) newpolicy = kmemdup(oldpolicy, sizeof(*newpolicy), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3083) if (!newpolicy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3084) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3086) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3087) * Deep copy only the parts of the policydb that might be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3088) * modified as a result of changing booleans.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3089) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3090) rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3091) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3092) kfree(newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3093) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3094) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3095)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3096) /* Update the boolean states in the copy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3097) for (i = 0; i < len; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3098) int new_state = !!values[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3099) int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3101) if (new_state != old_state) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3102) audit_log(audit_context(), GFP_ATOMIC,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3103) AUDIT_MAC_CONFIG_CHANGE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3104) "bool=%s val=%d old_val=%d auid=%u ses=%u",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3105) sym_name(&newpolicy->policydb, SYM_BOOLS, i),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3106) new_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3107) old_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3108) from_kuid(&init_user_ns, audit_get_loginuid(current)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3109) audit_get_sessionid(current));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3110) newpolicy->policydb.bool_val_to_struct[i]->state = new_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3111) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3114) /* Re-evaluate the conditional rules in the copy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3115) evaluate_cond_nodes(&newpolicy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3117) /* Set latest granting seqno for new policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3118) newpolicy->latest_granting = oldpolicy->latest_granting + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3119) seqno = newpolicy->latest_granting;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3121) /* Install the new policy */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3122) rcu_assign_pointer(state->policy, newpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3124) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3125) * Free the conditional portions of the old policydb
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3126) * that were copied for the new policy, and the oldpolicy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3127) * structure itself but not what it references.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3128) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3129) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3130) selinux_policy_cond_free(oldpolicy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3132) /* Notify others of the policy change */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3133) selinux_notify_policy_change(state, seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3134) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3135) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3137) int security_get_bool_value(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3138) u32 index)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3140) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3141) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3142) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3143) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3145) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3146) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3148) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3149) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3150) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3152) rc = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3153) len = policydb->p_bools.nprim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3154) if (index >= len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3155) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3157) rc = policydb->bool_val_to_struct[index]->state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3158) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3159) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3160) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3161) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3163) static int security_preserve_bools(struct selinux_policy *oldpolicy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3164) struct selinux_policy *newpolicy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3165) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3166) int rc, *bvalues = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3167) char **bnames = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3168) struct cond_bool_datum *booldatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3169) u32 i, nbools = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3171) rc = security_get_bools(oldpolicy, &nbools, &bnames, &bvalues);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3172) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3173) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3174) for (i = 0; i < nbools; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3175) booldatum = symtab_search(&newpolicy->policydb.p_bools,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3176) bnames[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3177) if (booldatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3178) booldatum->state = bvalues[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3180) evaluate_cond_nodes(&newpolicy->policydb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3182) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3183) if (bnames) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3184) for (i = 0; i < nbools; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3185) kfree(bnames[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3187) kfree(bnames);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3188) kfree(bvalues);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3189) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3190) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3192) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3193) * security_sid_mls_copy() - computes a new sid based on the given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3194) * sid and the mls portion of mls_sid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3195) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3196) int security_sid_mls_copy(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3197) u32 sid, u32 mls_sid, u32 *new_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3198) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3199) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3200) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3201) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3202) struct context *context1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3203) struct context *context2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3204) struct context newcon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3205) char *s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3206) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3207) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3209) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3210) *new_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3211) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3214) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3215) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3216) context_init(&newcon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3218) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3219) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3220) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3221) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3223) if (!policydb->mls_enabled) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3224) *new_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3225) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3226) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3228) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3229) context1 = sidtab_search(sidtab, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3230) if (!context1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3231) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3232) __func__, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3233) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3236) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3237) context2 = sidtab_search(sidtab, mls_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3238) if (!context2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3239) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3240) __func__, mls_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3241) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3243)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3244) newcon.user = context1->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3245) newcon.role = context1->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3246) newcon.type = context1->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3247) rc = mls_context_cpy(&newcon, context2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3248) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3249) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3251) /* Check the validity of the new context. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3252) if (!policydb_context_isvalid(policydb, &newcon)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3253) rc = convert_context_handle_invalid_context(state, policydb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3254) &newcon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3255) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3256) if (!context_struct_to_string(policydb, &newcon, &s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3257) &len)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3258) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3259)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3260) ab = audit_log_start(audit_context(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3261) GFP_ATOMIC,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3262) AUDIT_SELINUX_ERR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3263) audit_log_format(ab,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3264) "op=security_sid_mls_copy invalid_context=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3265) /* don't record NUL with untrusted strings */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3266) audit_log_n_untrustedstring(ab, s, len - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3267) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3268) kfree(s);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3269) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3270) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3271) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3272) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3273) rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3274) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3275) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3276) context_destroy(&newcon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3277) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3278) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3279) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3280) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3281) context_destroy(&newcon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3282) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3283) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3285) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3286) * security_net_peersid_resolve - Compare and resolve two network peer SIDs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3287) * @nlbl_sid: NetLabel SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3288) * @nlbl_type: NetLabel labeling protocol type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3289) * @xfrm_sid: XFRM SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3290) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3291) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3292) * Compare the @nlbl_sid and @xfrm_sid values and if the two SIDs can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3293) * resolved into a single SID it is returned via @peer_sid and the function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3294) * returns zero. Otherwise @peer_sid is set to SECSID_NULL and the function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3295) * returns a negative value. A table summarizing the behavior is below:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3296) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3297) * | function return | @sid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3298) * ------------------------------+-----------------+-----------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3299) * no peer labels | 0 | SECSID_NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3300) * single peer label | 0 | <peer_label>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3301) * multiple, consistent labels | 0 | <peer_label>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3302) * multiple, inconsistent labels | -<errno> | SECSID_NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3303) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3304) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3305) int security_net_peersid_resolve(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3306) u32 nlbl_sid, u32 nlbl_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3307) u32 xfrm_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3308) u32 *peer_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3309) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3310) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3311) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3312) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3313) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3314) struct context *nlbl_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3315) struct context *xfrm_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3317) *peer_sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3319) /* handle the common (which also happens to be the set of easy) cases
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3320) * right away, these two if statements catch everything involving a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3321) * single or absent peer SID/label */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3322) if (xfrm_sid == SECSID_NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3323) *peer_sid = nlbl_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3324) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3325) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3326) /* NOTE: an nlbl_type == NETLBL_NLTYPE_UNLABELED is a "fallback" label
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3327) * and is treated as if nlbl_sid == SECSID_NULL when a XFRM SID/label
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3328) * is present */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3329) if (nlbl_sid == SECSID_NULL || nlbl_type == NETLBL_NLTYPE_UNLABELED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3330) *peer_sid = xfrm_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3331) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3332) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3333)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3334) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3335) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3336)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3337) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3338) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3339) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3340) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3342) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3343) * We don't need to check initialized here since the only way both
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3344) * nlbl_sid and xfrm_sid are not equal to SECSID_NULL would be if the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3345) * security server was initialized and state->initialized was true.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3346) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3347) if (!policydb->mls_enabled) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3348) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3349) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3350) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3351)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3352) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3353) nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3354) if (!nlbl_ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3355) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3356) __func__, nlbl_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3357) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3358) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3359) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3360) xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3361) if (!xfrm_ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3362) pr_err("SELinux: %s: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3363) __func__, xfrm_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3364) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3365) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3366) rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3367) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3368) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3369)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3370) /* at present NetLabel SIDs/labels really only carry MLS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3371) * information so if the MLS portion of the NetLabel SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3372) * matches the MLS portion of the labeled XFRM SID/label
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3373) * then pass along the XFRM SID as it is the most
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3374) * expressive */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3375) *peer_sid = xfrm_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3376) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3377) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3378) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3379) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3380)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3381) static int get_classes_callback(void *k, void *d, void *args)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3382) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3383) struct class_datum *datum = d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3384) char *name = k, **classes = args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3385) int value = datum->value - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3387) classes[value] = kstrdup(name, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3388) if (!classes[value])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3389) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3390)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3391) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3392) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3394) int security_get_classes(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3395) char ***classes, int *nclasses)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3396) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3397) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3398) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3399)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3400) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3401)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3402) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3403) *nclasses = policydb->p_classes.nprim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3404) *classes = kcalloc(*nclasses, sizeof(**classes), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3405) if (!*classes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3406) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3408) rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3409) *classes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3410) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3411) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3412) for (i = 0; i < *nclasses; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3413) kfree((*classes)[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3414) kfree(*classes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3415) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3417) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3418) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3419) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3420)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3421) static int get_permissions_callback(void *k, void *d, void *args)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3422) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3423) struct perm_datum *datum = d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3424) char *name = k, **perms = args;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3425) int value = datum->value - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3426)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3427) perms[value] = kstrdup(name, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3428) if (!perms[value])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3429) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3431) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3434) int security_get_permissions(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3435) char *class, char ***perms, int *nperms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3436) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3437) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3438) int rc, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3439) struct class_datum *match;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3440)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3441) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3442)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3443) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3444) match = symtab_search(&policydb->p_classes, class);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3445) if (!match) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3446) pr_err("SELinux: %s: unrecognized class %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3447) __func__, class);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3448) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3449) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3451) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3452) *nperms = match->permissions.nprim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3453) *perms = kcalloc(*nperms, sizeof(**perms), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3454) if (!*perms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3455) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3456)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3457) if (match->comdatum) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3458) rc = hashtab_map(&match->comdatum->permissions.table,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3459) get_permissions_callback, *perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3460) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3461) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3462) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3463)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3464) rc = hashtab_map(&match->permissions.table, get_permissions_callback,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3465) *perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3466) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3467) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3469) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3470) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3471)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3472) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3473) for (i = 0; i < *nperms; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3474) kfree((*perms)[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3475) kfree(*perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3476) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3477) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3479) int security_get_reject_unknown(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3480) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3481) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3482) int value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3483)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3484) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3485) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3487) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3488) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3489) value = policy->policydb.reject_unknown;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3490) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3491) return value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3492) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3494) int security_get_allow_unknown(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3495) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3496) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3497) int value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3499) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3500) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3501)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3502) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3503) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3504) value = policy->policydb.allow_unknown;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3505) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3506) return value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3507) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3509) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3510) * security_policycap_supported - Check for a specific policy capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3511) * @req_cap: capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3512) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3513) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3514) * This function queries the currently loaded policy to see if it supports the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3515) * capability specified by @req_cap. Returns true (1) if the capability is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3516) * supported, false (0) if it isn't supported.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3517) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3518) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3519) int security_policycap_supported(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3520) unsigned int req_cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3521) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3522) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3523) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3524)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3525) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3526) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3527)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3528) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3529) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3530) rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3531) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3533) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3534) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3535)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3536) struct selinux_audit_rule {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3537) u32 au_seqno;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3538) struct context au_ctxt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3539) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3540)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3541) void selinux_audit_rule_free(void *vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3542) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3543) struct selinux_audit_rule *rule = vrule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3545) if (rule) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3546) context_destroy(&rule->au_ctxt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3547) kfree(rule);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3548) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3549) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3551) int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3552) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3553) struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3554) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3555) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3556) struct selinux_audit_rule *tmprule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3557) struct role_datum *roledatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3558) struct type_datum *typedatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3559) struct user_datum *userdatum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3560) struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3561) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3563) *rule = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3565) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3566) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3568) switch (field) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3569) case AUDIT_SUBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3570) case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3571) case AUDIT_SUBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3572) case AUDIT_OBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3573) case AUDIT_OBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3574) case AUDIT_OBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3575) /* only 'equals' and 'not equals' fit user, role, and type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3576) if (op != Audit_equal && op != Audit_not_equal)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3577) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3578) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3579) case AUDIT_SUBJ_SEN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3580) case AUDIT_SUBJ_CLR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3581) case AUDIT_OBJ_LEV_LOW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3582) case AUDIT_OBJ_LEV_HIGH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3583) /* we do not allow a range, indicated by the presence of '-' */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3584) if (strchr(rulestr, '-'))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3585) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3586) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3587) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3588) /* only the above fields are valid */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3589) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3590) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3592) tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3593) if (!tmprule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3594) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3595)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3596) context_init(&tmprule->au_ctxt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3597)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3598) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3599) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3600) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3602) tmprule->au_seqno = policy->latest_granting;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3603)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3604) switch (field) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3605) case AUDIT_SUBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3606) case AUDIT_OBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3607) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3608) userdatum = symtab_search(&policydb->p_users, rulestr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3609) if (!userdatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3610) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3611) tmprule->au_ctxt.user = userdatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3612) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3613) case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3614) case AUDIT_OBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3615) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3616) roledatum = symtab_search(&policydb->p_roles, rulestr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3617) if (!roledatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3618) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3619) tmprule->au_ctxt.role = roledatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3620) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3621) case AUDIT_SUBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3622) case AUDIT_OBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3623) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3624) typedatum = symtab_search(&policydb->p_types, rulestr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3625) if (!typedatum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3626) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3627) tmprule->au_ctxt.type = typedatum->value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3628) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3629) case AUDIT_SUBJ_SEN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3630) case AUDIT_SUBJ_CLR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3631) case AUDIT_OBJ_LEV_LOW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3632) case AUDIT_OBJ_LEV_HIGH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3633) rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3634) GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3635) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3636) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3637) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3638) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3639) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3640) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3641) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3643) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3644) selinux_audit_rule_free(tmprule);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3645) tmprule = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3646) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3647)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3648) *rule = tmprule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3649)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3650) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3651) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3652)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3653) /* Check to see if the rule contains any selinux fields */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3654) int selinux_audit_rule_known(struct audit_krule *rule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3655) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3656) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3657)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3658) for (i = 0; i < rule->field_count; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3659) struct audit_field *f = &rule->fields[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3660) switch (f->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3661) case AUDIT_SUBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3662) case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3663) case AUDIT_SUBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3664) case AUDIT_SUBJ_SEN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3665) case AUDIT_SUBJ_CLR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3666) case AUDIT_OBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3667) case AUDIT_OBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3668) case AUDIT_OBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3669) case AUDIT_OBJ_LEV_LOW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3670) case AUDIT_OBJ_LEV_HIGH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3671) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3672) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3673) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3675) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3676) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3677)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3678) int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3679) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3680) struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3681) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3682) struct context *ctxt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3683) struct mls_level *level;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3684) struct selinux_audit_rule *rule = vrule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3685) int match = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3686)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3687) if (unlikely(!rule)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3688) WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3689) return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3690) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3691)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3692) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3693) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3695) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3697) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3699) if (rule->au_seqno < policy->latest_granting) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3700) match = -ESTALE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3701) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3702) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3704) ctxt = sidtab_search(policy->sidtab, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3705) if (unlikely(!ctxt)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3706) WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3707) sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3708) match = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3709) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3710) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3712) /* a field/op pair that is not caught here will simply fall through
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3713) without a match */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3714) switch (field) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3715) case AUDIT_SUBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3716) case AUDIT_OBJ_USER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3717) switch (op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3718) case Audit_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3719) match = (ctxt->user == rule->au_ctxt.user);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3720) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3721) case Audit_not_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3722) match = (ctxt->user != rule->au_ctxt.user);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3723) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3724) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3725) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3726) case AUDIT_SUBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3727) case AUDIT_OBJ_ROLE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3728) switch (op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3729) case Audit_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3730) match = (ctxt->role == rule->au_ctxt.role);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3731) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3732) case Audit_not_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3733) match = (ctxt->role != rule->au_ctxt.role);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3734) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3735) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3736) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3737) case AUDIT_SUBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3738) case AUDIT_OBJ_TYPE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3739) switch (op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3740) case Audit_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3741) match = (ctxt->type == rule->au_ctxt.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3742) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3743) case Audit_not_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3744) match = (ctxt->type != rule->au_ctxt.type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3745) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3746) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3747) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3748) case AUDIT_SUBJ_SEN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3749) case AUDIT_SUBJ_CLR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3750) case AUDIT_OBJ_LEV_LOW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3751) case AUDIT_OBJ_LEV_HIGH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3752) level = ((field == AUDIT_SUBJ_SEN ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3753) field == AUDIT_OBJ_LEV_LOW) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3754) &ctxt->range.level[0] : &ctxt->range.level[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3755) switch (op) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3756) case Audit_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3757) match = mls_level_eq(&rule->au_ctxt.range.level[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3758) level);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3759) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3760) case Audit_not_equal:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3761) match = !mls_level_eq(&rule->au_ctxt.range.level[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3762) level);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3763) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3764) case Audit_lt:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3765) match = (mls_level_dom(&rule->au_ctxt.range.level[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3766) level) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3767) !mls_level_eq(&rule->au_ctxt.range.level[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3768) level));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3769) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3770) case Audit_le:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3771) match = mls_level_dom(&rule->au_ctxt.range.level[0],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3772) level);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3773) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3774) case Audit_gt:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3775) match = (mls_level_dom(level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3776) &rule->au_ctxt.range.level[0]) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3777) !mls_level_eq(level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3778) &rule->au_ctxt.range.level[0]));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3779) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3780) case Audit_ge:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3781) match = mls_level_dom(level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3782) &rule->au_ctxt.range.level[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3783) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3784) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3785) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3786)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3787) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3788) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3789) return match;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3790) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3791)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3792) static int (*aurule_callback)(void) = audit_update_lsm_rules;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3794) static int aurule_avc_callback(u32 event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3795) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3796) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3797)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3798) if (event == AVC_CALLBACK_RESET && aurule_callback)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3799) err = aurule_callback();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3800) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3801) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3802)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3803) static int __init aurule_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3804) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3805) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3806)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3807) err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3808) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3809) panic("avc_add_callback() failed, error %d\n", err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3810)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3811) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3812) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3813) __initcall(aurule_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3814)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3815) #ifdef CONFIG_NETLABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3816) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3817) * security_netlbl_cache_add - Add an entry to the NetLabel cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3818) * @secattr: the NetLabel packet security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3819) * @sid: the SELinux SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3820) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3821) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3822) * Attempt to cache the context in @ctx, which was derived from the packet in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3823) * @skb, in the NetLabel subsystem cache. This function assumes @secattr has
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3824) * already been initialized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3825) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3826) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3827) static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3828) u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3829) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3830) u32 *sid_cache;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3831)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3832) sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3833) if (sid_cache == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3834) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3835) secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3836) if (secattr->cache == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3837) kfree(sid_cache);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3838) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3839) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3840)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3841) *sid_cache = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3842) secattr->cache->free = kfree;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3843) secattr->cache->data = sid_cache;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3844) secattr->flags |= NETLBL_SECATTR_CACHE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3845) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3847) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3848) * security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3849) * @secattr: the NetLabel packet security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3850) * @sid: the SELinux SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3851) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3852) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3853) * Convert the given NetLabel security attributes in @secattr into a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3854) * SELinux SID. If the @secattr field does not contain a full SELinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3855) * SID/context then use SECINITSID_NETMSG as the foundation. If possible the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3856) * 'cache' field of @secattr is set and the CACHE flag is set; this is to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3857) * allow the @secattr to be used by NetLabel to cache the secattr to SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3858) * conversion for future lookups. Returns zero on success, negative values on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3859) * failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3860) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3861) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3862) int security_netlbl_secattr_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3863) struct netlbl_lsm_secattr *secattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3864) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3865) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3866) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3867) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3868) struct sidtab *sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3869) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3870) struct context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3871) struct context ctx_new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3872)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3873) if (!selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3874) *sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3875) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3876) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3878) retry:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3879) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3880) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3881) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3882) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3883) sidtab = policy->sidtab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3884)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3885) if (secattr->flags & NETLBL_SECATTR_CACHE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3886) *sid = *(u32 *)secattr->cache->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3887) else if (secattr->flags & NETLBL_SECATTR_SECID)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3888) *sid = secattr->attr.secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3889) else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3890) rc = -EIDRM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3891) ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3892) if (ctx == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3893) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3894)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3895) context_init(&ctx_new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3896) ctx_new.user = ctx->user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3897) ctx_new.role = ctx->role;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3898) ctx_new.type = ctx->type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3899) mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3900) if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3901) rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3902) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3903) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3904) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3905) rc = -EIDRM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3906) if (!mls_context_isvalid(policydb, &ctx_new)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3907) ebitmap_destroy(&ctx_new.range.level[0].cat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3908) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3909) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3910)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3911) rc = sidtab_context_to_sid(sidtab, &ctx_new, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3912) ebitmap_destroy(&ctx_new.range.level[0].cat);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3913) if (rc == -ESTALE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3914) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3915) goto retry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3916) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3917) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3918) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3919)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3920) security_netlbl_cache_add(secattr, *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3921) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3922) *sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3923)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3924) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3925) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3926) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3927) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3928)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3929) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3930) * security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3931) * @sid: the SELinux SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3932) * @secattr: the NetLabel packet security attributes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3933) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3934) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3935) * Convert the given SELinux SID in @sid into a NetLabel security attribute.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3936) * Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3937) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3938) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3939) int security_netlbl_sid_to_secattr(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3940) u32 sid, struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3941) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3942) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3943) struct policydb *policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3944) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3945) struct context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3946)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3947) if (!selinux_initialized(state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3948) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3949)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3950) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3951) policy = rcu_dereference(state->policy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3952) policydb = &policy->policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3953)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3954) rc = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3955) ctx = sidtab_search(policy->sidtab, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3956) if (ctx == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3957) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3958)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3959) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3960) secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3961) GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3962) if (secattr->domain == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3963) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3965) secattr->attr.secid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3966) secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3967) mls_export_netlbl_lvl(policydb, ctx, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3968) rc = mls_export_netlbl_cat(policydb, ctx, secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3969) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3970) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3971) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3972) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3973) #endif /* CONFIG_NETLABEL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3974)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3975) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3976) * security_read_policy - read the policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3977) * @data: binary policy data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3978) * @len: length of data in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3979) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3980) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3981) int security_read_policy(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3982) void **data, size_t *len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3983) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3984) struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3985) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3986) struct policy_file fp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3987)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3988) policy = rcu_dereference_protected(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3989) state->policy, lockdep_is_held(&state->policy_mutex));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3990) if (!policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3991) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3992)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3993) *len = policy->policydb.len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3994) *data = vmalloc_user(*len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3995) if (!*data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3996) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3997)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3998) fp.data = *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3999) fp.len = *len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4000)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4001) rc = policydb_write(&policy->policydb, &fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4002) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4003) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4004)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4005) *len = (unsigned long)fp.data - (unsigned long)*data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4006) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4008) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags