selinux/include/security.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * Security server interface.
0004  *
0005  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
0006  *
0007  */
0008
0009 #ifndef _SELINUX_SECURITY_H_
0010 #define _SELINUX_SECURITY_H_
0011
0012 #include <linux/compiler.h>
0013 #include <linux/dcache.h>
0014 #include <linux/magic.h>
0015 #include <linux/types.h>
0016 #include <linux/rcupdate.h>
0017 #include <linux/refcount.h>
0018 #include <linux/workqueue.h>
0019 #include <linux/delay.h>
0020 #include <linux/printk.h>
0021 #include "flask.h"
0022 #include "policycap.h"
0023
0024 #define SECSID_NULL         0x00000000 /* unspecified SID */
0025 #define SECSID_WILD         0xffffffff /* wildcard SID */
0026 #define SECCLASS_NULL           0x0000 /* no class */
0027
0028 /* Identify specific policy version changes */
0029 #define POLICYDB_VERSION_BASE       15
0030 #define POLICYDB_VERSION_BOOL       16
0031 #define POLICYDB_VERSION_IPV6       17
0032 #define POLICYDB_VERSION_NLCLASS    18
0033 #define POLICYDB_VERSION_VALIDATETRANS  19
0034 #define POLICYDB_VERSION_MLS        19
0035 #define POLICYDB_VERSION_AVTAB      20
0036 #define POLICYDB_VERSION_RANGETRANS 21
0037 #define POLICYDB_VERSION_POLCAP     22
0038 #define POLICYDB_VERSION_PERMISSIVE 23
0039 #define POLICYDB_VERSION_BOUNDARY   24
0040 #define POLICYDB_VERSION_FILENAME_TRANS 25
0041 #define POLICYDB_VERSION_ROLETRANS  26
0042 #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS    27
0043 #define POLICYDB_VERSION_DEFAULT_TYPE   28
0044 #define POLICYDB_VERSION_CONSTRAINT_NAMES   29
0045 #define POLICYDB_VERSION_XPERMS_IOCTL   30
0046 #define POLICYDB_VERSION_INFINIBAND     31
0047 #define POLICYDB_VERSION_GLBLUB     32
0048 #define POLICYDB_VERSION_COMP_FTRANS    33 /* compressed filename transitions */
0049
0050 /* Range of policy versions we understand*/
0051 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
0052 #define POLICYDB_VERSION_MAX   POLICYDB_VERSION_COMP_FTRANS
0053
0054 /* Mask for just the mount related flags */
0055 #define SE_MNTMASK  0x0f
0056 /* Super block security struct flags for mount options */
0057 /* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
0058 #define CONTEXT_MNT 0x01
0059 #define FSCONTEXT_MNT   0x02
0060 #define ROOTCONTEXT_MNT 0x04
0061 #define DEFCONTEXT_MNT  0x08
0062 #define SBLABEL_MNT 0x10
0063 /* Non-mount related flags */
0064 #define SE_SBINITIALIZED    0x0100
0065 #define SE_SBPROC       0x0200
0066 #define SE_SBGENFS      0x0400
0067 #define SE_SBGENFS_XATTR    0x0800
0068
0069 #define CONTEXT_STR "context"
0070 #define FSCONTEXT_STR   "fscontext"
0071 #define ROOTCONTEXT_STR "rootcontext"
0072 #define DEFCONTEXT_STR  "defcontext"
0073 #define SECLABEL_STR "seclabel"
0074
0075 struct netlbl_lsm_secattr;
0076
0077 extern int selinux_enabled_boot;
0078
0079 /*
0080  * type_datum properties
0081  * available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY
0082  */
0083 #define TYPEDATUM_PROPERTY_PRIMARY  0x0001
0084 #define TYPEDATUM_PROPERTY_ATTRIBUTE    0x0002
0085
0086 /* limitation of boundary depth  */
0087 #define POLICYDB_BOUNDS_MAXDEPTH    4
0088
0089 struct selinux_avc;
0090 struct selinux_policy;
0091
0092 struct selinux_state {
0093 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
0094     bool disabled;
0095 #endif
0096 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
0097     bool enforcing;
0098 #endif
0099     bool checkreqprot;
0100     bool initialized;
0101     bool policycap[__POLICYDB_CAP_MAX];
0102
0103     struct page *status_page;
0104     struct mutex status_lock;
0105
0106     struct selinux_avc *avc;
0107     struct selinux_policy __rcu *policy;
0108     struct mutex policy_mutex;
0109 } __randomize_layout;
0110
0111 void selinux_avc_init(struct selinux_avc **avc);
0112
0113 extern struct selinux_state selinux_state;
0114
0115 static inline bool selinux_initialized(const struct selinux_state *state)
0116 {
0117     /* do a synchronized load to avoid race conditions */
0118     return smp_load_acquire(&state->initialized);
0119 }
0120
0121 static inline void selinux_mark_initialized(struct selinux_state *state)
0122 {
0123     /* do a synchronized write to avoid race conditions */
0124     smp_store_release(&state->initialized, true);
0125 }
0126
0127 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
0128 static inline bool enforcing_enabled(struct selinux_state *state)
0129 {
0130     return READ_ONCE(state->enforcing);
0131 }
0132
0133 static inline void enforcing_set(struct selinux_state *state, bool value)
0134 {
0135     WRITE_ONCE(state->enforcing, value);
0136 }
0137 #else
0138 static inline bool enforcing_enabled(struct selinux_state *state)
0139 {
0140     return true;
0141 }
0142
0143 static inline void enforcing_set(struct selinux_state *state, bool value)
0144 {
0145 }
0146 #endif
0147
0148 static inline bool checkreqprot_get(const struct selinux_state *state)
0149 {
0150     return READ_ONCE(state->checkreqprot);
0151 }
0152
0153 static inline void checkreqprot_set(struct selinux_state *state, bool value)
0154 {
0155     if (value)
0156         pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n");
0157     WRITE_ONCE(state->checkreqprot, value);
0158 }
0159
0160 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
0161 static inline bool selinux_disabled(struct selinux_state *state)
0162 {
0163     return READ_ONCE(state->disabled);
0164 }
0165
0166 static inline void selinux_mark_disabled(struct selinux_state *state)
0167 {
0168     WRITE_ONCE(state->disabled, true);
0169 }
0170 #else
0171 static inline bool selinux_disabled(struct selinux_state *state)
0172 {
0173     return false;
0174 }
0175 #endif
0176
0177 static inline bool selinux_policycap_netpeer(void)
0178 {
0179     struct selinux_state *state = &selinux_state;
0180
0181     return READ_ONCE(state->policycap[POLICYDB_CAP_NETPEER]);
0182 }
0183
0184 static inline bool selinux_policycap_openperm(void)
0185 {
0186     struct selinux_state *state = &selinux_state;
0187
0188     return READ_ONCE(state->policycap[POLICYDB_CAP_OPENPERM]);
0189 }
0190
0191 static inline bool selinux_policycap_extsockclass(void)
0192 {
0193     struct selinux_state *state = &selinux_state;
0194
0195     return READ_ONCE(state->policycap[POLICYDB_CAP_EXTSOCKCLASS]);
0196 }
0197
0198 static inline bool selinux_policycap_alwaysnetwork(void)
0199 {
0200     struct selinux_state *state = &selinux_state;
0201
0202     return READ_ONCE(state->policycap[POLICYDB_CAP_ALWAYSNETWORK]);
0203 }
0204
0205 static inline bool selinux_policycap_cgroupseclabel(void)
0206 {
0207     struct selinux_state *state = &selinux_state;
0208
0209     return READ_ONCE(state->policycap[POLICYDB_CAP_CGROUPSECLABEL]);
0210 }
0211
0212 static inline bool selinux_policycap_nnp_nosuid_transition(void)
0213 {
0214     struct selinux_state *state = &selinux_state;
0215
0216     return READ_ONCE(state->policycap[POLICYDB_CAP_NNP_NOSUID_TRANSITION]);
0217 }
0218
0219 static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
0220 {
0221     struct selinux_state *state = &selinux_state;
0222
0223     return READ_ONCE(state->policycap[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]);
0224 }
0225
0226 static inline bool selinux_policycap_ioctl_skip_cloexec(void)
0227 {
0228     struct selinux_state *state = &selinux_state;
0229
0230     return READ_ONCE(state->policycap[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]);
0231 }
0232
0233 struct selinux_policy_convert_data;
0234
0235 struct selinux_load_state {
0236     struct selinux_policy *policy;
0237     struct selinux_policy_convert_data *convert_data;
0238 };
0239
0240 int security_mls_enabled(struct selinux_state *state);
0241 int security_load_policy(struct selinux_state *state,
0242              void *data, size_t len,
0243              struct selinux_load_state *load_state);
0244 void selinux_policy_commit(struct selinux_state *state,
0245                struct selinux_load_state *load_state);
0246 void selinux_policy_cancel(struct selinux_state *state,
0247                struct selinux_load_state *load_state);
0248 int security_read_policy(struct selinux_state *state,
0249              void **data, size_t *len);
0250 int security_read_state_kernel(struct selinux_state *state,
0251                    void **data, size_t *len);
0252 int security_policycap_supported(struct selinux_state *state,
0253                  unsigned int req_cap);
0254
0255 #define SEL_VEC_MAX 32
0256 struct av_decision {
0257     u32 allowed;
0258     u32 auditallow;
0259     u32 auditdeny;
0260     u32 seqno;
0261     u32 flags;
0262 };
0263
0264 #define XPERMS_ALLOWED 1
0265 #define XPERMS_AUDITALLOW 2
0266 #define XPERMS_DONTAUDIT 4
0267
0268 #define security_xperm_set(perms, x) ((perms)[(x) >> 5] |= 1 << ((x) & 0x1f))
0269 #define security_xperm_test(perms, x) (1 & ((perms)[(x) >> 5] >> ((x) & 0x1f)))
0270 struct extended_perms_data {
0271     u32 p[8];
0272 };
0273
0274 struct extended_perms_decision {
0275     u8 used;
0276     u8 driver;
0277     struct extended_perms_data *allowed;
0278     struct extended_perms_data *auditallow;
0279     struct extended_perms_data *dontaudit;
0280 };
0281
0282 struct extended_perms {
0283     u16 len;    /* length associated decision chain */
0284     struct extended_perms_data drivers; /* flag drivers that are used */
0285 };
0286
0287 /* definitions of av_decision.flags */
0288 #define AVD_FLAGS_PERMISSIVE    0x0001
0289
0290 void security_compute_av(struct selinux_state *state,
0291              u32 ssid, u32 tsid,
0292              u16 tclass, struct av_decision *avd,
0293              struct extended_perms *xperms);
0294
0295 void security_compute_xperms_decision(struct selinux_state *state,
0296                       u32 ssid, u32 tsid, u16 tclass,
0297                       u8 driver,
0298                       struct extended_perms_decision *xpermd);
0299
0300 void security_compute_av_user(struct selinux_state *state,
0301                   u32 ssid, u32 tsid,
0302                   u16 tclass, struct av_decision *avd);
0303
0304 int security_transition_sid(struct selinux_state *state,
0305                 u32 ssid, u32 tsid, u16 tclass,
0306                 const struct qstr *qstr, u32 *out_sid);
0307
0308 int security_transition_sid_user(struct selinux_state *state,
0309                  u32 ssid, u32 tsid, u16 tclass,
0310                  const char *objname, u32 *out_sid);
0311
0312 int security_member_sid(struct selinux_state *state, u32 ssid, u32 tsid,
0313             u16 tclass, u32 *out_sid);
0314
0315 int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
0316             u16 tclass, u32 *out_sid);
0317
0318 int security_sid_to_context(struct selinux_state *state, u32 sid,
0319                 char **scontext, u32 *scontext_len);
0320
0321 int security_sid_to_context_force(struct selinux_state *state,
0322                   u32 sid, char **scontext, u32 *scontext_len);
0323
0324 int security_sid_to_context_inval(struct selinux_state *state,
0325                   u32 sid, char **scontext, u32 *scontext_len);
0326
0327 int security_context_to_sid(struct selinux_state *state,
0328                 const char *scontext, u32 scontext_len,
0329                 u32 *out_sid, gfp_t gfp);
0330
0331 int security_context_str_to_sid(struct selinux_state *state,
0332                 const char *scontext, u32 *out_sid, gfp_t gfp);
0333
0334 int security_context_to_sid_default(struct selinux_state *state,
0335                     const char *scontext, u32 scontext_len,
0336                     u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
0337
0338 int security_context_to_sid_force(struct selinux_state *state,
0339                   const char *scontext, u32 scontext_len,
0340                   u32 *sid);
0341
0342 int security_get_user_sids(struct selinux_state *state,
0343                u32 callsid, char *username,
0344                u32 **sids, u32 *nel);
0345
0346 int security_port_sid(struct selinux_state *state,
0347               u8 protocol, u16 port, u32 *out_sid);
0348
0349 int security_ib_pkey_sid(struct selinux_state *state,
0350              u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
0351
0352 int security_ib_endport_sid(struct selinux_state *state,
0353                 const char *dev_name, u8 port_num, u32 *out_sid);
0354
0355 int security_netif_sid(struct selinux_state *state,
0356                char *name, u32 *if_sid);
0357
0358 int security_node_sid(struct selinux_state *state,
0359               u16 domain, void *addr, u32 addrlen,
0360               u32 *out_sid);
0361
0362 int security_validate_transition(struct selinux_state *state,
0363                  u32 oldsid, u32 newsid, u32 tasksid,
0364                  u16 tclass);
0365
0366 int security_validate_transition_user(struct selinux_state *state,
0367                       u32 oldsid, u32 newsid, u32 tasksid,
0368                       u16 tclass);
0369
0370 int security_bounded_transition(struct selinux_state *state,
0371                 u32 oldsid, u32 newsid);
0372
0373 int security_sid_mls_copy(struct selinux_state *state,
0374               u32 sid, u32 mls_sid, u32 *new_sid);
0375
0376 int security_net_peersid_resolve(struct selinux_state *state,
0377                  u32 nlbl_sid, u32 nlbl_type,
0378                  u32 xfrm_sid,
0379                  u32 *peer_sid);
0380
0381 int security_get_classes(struct selinux_policy *policy,
0382              char ***classes, int *nclasses);
0383 int security_get_permissions(struct selinux_policy *policy,
0384                  char *class, char ***perms, int *nperms);
0385 int security_get_reject_unknown(struct selinux_state *state);
0386 int security_get_allow_unknown(struct selinux_state *state);
0387
0388 #define SECURITY_FS_USE_XATTR       1 /* use xattr */
0389 #define SECURITY_FS_USE_TRANS       2 /* use transition SIDs, e.g. devpts/tmpfs */
0390 #define SECURITY_FS_USE_TASK        3 /* use task SIDs, e.g. pipefs/sockfs */
0391 #define SECURITY_FS_USE_GENFS       4 /* use the genfs support */
0392 #define SECURITY_FS_USE_NONE        5 /* no labeling support */
0393 #define SECURITY_FS_USE_MNTPOINT    6 /* use mountpoint labeling */
0394 #define SECURITY_FS_USE_NATIVE      7 /* use native label support */
0395 #define SECURITY_FS_USE_MAX     7 /* Highest SECURITY_FS_USE_XXX */
0396
0397 int security_fs_use(struct selinux_state *state, struct super_block *sb);
0398
0399 int security_genfs_sid(struct selinux_state *state,
0400                const char *fstype, const char *path, u16 sclass,
0401                u32 *sid);
0402
0403 int selinux_policy_genfs_sid(struct selinux_policy *policy,
0404                const char *fstype, const char *path, u16 sclass,
0405                u32 *sid);
0406
0407 #ifdef CONFIG_NETLABEL
0408 int security_netlbl_secattr_to_sid(struct selinux_state *state,
0409                    struct netlbl_lsm_secattr *secattr,
0410                    u32 *sid);
0411
0412 int security_netlbl_sid_to_secattr(struct selinux_state *state,
0413                    u32 sid,
0414                    struct netlbl_lsm_secattr *secattr);
0415 #else
0416 static inline int security_netlbl_secattr_to_sid(struct selinux_state *state,
0417                         struct netlbl_lsm_secattr *secattr,
0418                         u32 *sid)
0419 {
0420     return -EIDRM;
0421 }
0422
0423 static inline int security_netlbl_sid_to_secattr(struct selinux_state *state,
0424                      u32 sid,
0425                      struct netlbl_lsm_secattr *secattr)
0426 {
0427     return -ENOENT;
0428 }
0429 #endif /* CONFIG_NETLABEL */
0430
0431 const char *security_get_initial_sid_context(u32 sid);
0432
0433 /*
0434  * status notifier using mmap interface
0435  */
0436 extern struct page *selinux_kernel_status_page(struct selinux_state *state);
0437
0438 #define SELINUX_KERNEL_STATUS_VERSION   1
0439 struct selinux_kernel_status {
0440     u32 version;    /* version number of the structure */
0441     u32 sequence;   /* sequence number of seqlock logic */
0442     u32 enforcing;  /* current setting of enforcing mode */
0443     u32 policyload; /* times of policy reloaded */
0444     u32 deny_unknown;   /* current setting of deny_unknown */
0445     /*
0446      * The version > 0 supports above members.
0447      */
0448 } __packed;
0449
0450 extern void selinux_status_update_setenforce(struct selinux_state *state,
0451                          int enforcing);
0452 extern void selinux_status_update_policyload(struct selinux_state *state,
0453                          int seqno);
0454 extern void selinux_complete_init(void);
0455 extern int selinux_disable(struct selinux_state *state);
0456 extern void exit_sel_fs(void);
0457 extern struct path selinux_null;
0458 extern void selnl_notify_setenforce(int val);
0459 extern void selnl_notify_policyload(u32 seqno);
0460 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
0461
0462 extern void avtab_cache_init(void);
0463 extern void ebitmap_cache_init(void);
0464 extern void hashtab_cache_init(void);
0465 extern int security_sidtab_hash_stats(struct selinux_state *state, char *page);
0466
0467 #endif /* _SELINUX_SECURITY_H_ */