0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039
0040 #include <linux/kernel.h>
0041 #include <linux/slab.h>
0042 #include <linux/string.h>
0043 #include <linux/spinlock.h>
0044 #include <linux/rcupdate.h>
0045 #include <linux/errno.h>
0046 #include <linux/in.h>
0047 #include <linux/sched.h>
0048 #include <linux/audit.h>
0049 #include <linux/vmalloc.h>
0050 #include <linux/lsm_hooks.h>
0051 #include <net/netlabel.h>
0052
0053 #include "flask.h"
0054 #include "avc.h"
0055 #include "avc_ss.h"
0056 #include "security.h"
0057 #include "context.h"
0058 #include "policydb.h"
0059 #include "sidtab.h"
0060 #include "services.h"
0061 #include "conditional.h"
0062 #include "mls.h"
0063 #include "objsec.h"
0064 #include "netlabel.h"
0065 #include "xfrm.h"
0066 #include "ebitmap.h"
0067 #include "audit.h"
0068 #include "policycap_names.h"
0069 #include "ima.h"
0070
0071 struct convert_context_args {
0072 struct selinux_state *state;
0073 struct policydb *oldp;
0074 struct policydb *newp;
0075 };
0076
0077 struct selinux_policy_convert_data {
0078 struct convert_context_args args;
0079 struct sidtab_convert_params sidtab_params;
0080 };
0081
0082
0083 static int context_struct_to_string(struct policydb *policydb,
0084 struct context *context,
0085 char **scontext,
0086 u32 *scontext_len);
0087
0088 static int sidtab_entry_to_string(struct policydb *policydb,
0089 struct sidtab *sidtab,
0090 struct sidtab_entry *entry,
0091 char **scontext,
0092 u32 *scontext_len);
0093
0094 static void context_struct_compute_av(struct policydb *policydb,
0095 struct context *scontext,
0096 struct context *tcontext,
0097 u16 tclass,
0098 struct av_decision *avd,
0099 struct extended_perms *xperms);
0100
0101 static int selinux_set_mapping(struct policydb *pol,
0102 const struct security_class_mapping *map,
0103 struct selinux_map *out_map)
0104 {
0105 u16 i, j;
0106 unsigned k;
0107 bool print_unknown_handle = false;
0108
0109
0110 if (!map)
0111 return -EINVAL;
0112 i = 0;
0113 while (map[i].name)
0114 i++;
0115
0116
0117 out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC);
0118 if (!out_map->mapping)
0119 return -ENOMEM;
0120
0121
0122 j = 0;
0123 while (map[j].name) {
0124 const struct security_class_mapping *p_in = map + (j++);
0125 struct selinux_mapping *p_out = out_map->mapping + j;
0126
0127
0128 if (!strcmp(p_in->name, "")) {
0129 p_out->num_perms = 0;
0130 continue;
0131 }
0132
0133 p_out->value = string_to_security_class(pol, p_in->name);
0134 if (!p_out->value) {
0135 pr_info("SELinux: Class %s not defined in policy.\n",
0136 p_in->name);
0137 if (pol->reject_unknown)
0138 goto err;
0139 p_out->num_perms = 0;
0140 print_unknown_handle = true;
0141 continue;
0142 }
0143
0144 k = 0;
0145 while (p_in->perms[k]) {
0146
0147 if (!*p_in->perms[k]) {
0148 k++;
0149 continue;
0150 }
0151 p_out->perms[k] = string_to_av_perm(pol, p_out->value,
0152 p_in->perms[k]);
0153 if (!p_out->perms[k]) {
0154 pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
0155 p_in->perms[k], p_in->name);
0156 if (pol->reject_unknown)
0157 goto err;
0158 print_unknown_handle = true;
0159 }
0160
0161 k++;
0162 }
0163 p_out->num_perms = k;
0164 }
0165
0166 if (print_unknown_handle)
0167 pr_info("SELinux: the above unknown classes and permissions will be %s\n",
0168 pol->allow_unknown ? "allowed" : "denied");
0169
0170 out_map->size = i;
0171 return 0;
0172 err:
0173 kfree(out_map->mapping);
0174 out_map->mapping = NULL;
0175 return -EINVAL;
0176 }
0177
0178
0179
0180
0181
0182 static u16 unmap_class(struct selinux_map *map, u16 tclass)
0183 {
0184 if (tclass < map->size)
0185 return map->mapping[tclass].value;
0186
0187 return tclass;
0188 }
0189
0190
0191
0192
0193 static u16 map_class(struct selinux_map *map, u16 pol_value)
0194 {
0195 u16 i;
0196
0197 for (i = 1; i < map->size; i++) {
0198 if (map->mapping[i].value == pol_value)
0199 return i;
0200 }
0201
0202 return SECCLASS_NULL;
0203 }
0204
0205 static void map_decision(struct selinux_map *map,
0206 u16 tclass, struct av_decision *avd,
0207 int allow_unknown)
0208 {
0209 if (tclass < map->size) {
0210 struct selinux_mapping *mapping = &map->mapping[tclass];
0211 unsigned int i, n = mapping->num_perms;
0212 u32 result;
0213
0214 for (i = 0, result = 0; i < n; i++) {
0215 if (avd->allowed & mapping->perms[i])
0216 result |= 1<<i;
0217 if (allow_unknown && !mapping->perms[i])
0218 result |= 1<<i;
0219 }
0220 avd->allowed = result;
0221
0222 for (i = 0, result = 0; i < n; i++)
0223 if (avd->auditallow & mapping->perms[i])
0224 result |= 1<<i;
0225 avd->auditallow = result;
0226
0227 for (i = 0, result = 0; i < n; i++) {
0228 if (avd->auditdeny & mapping->perms[i])
0229 result |= 1<<i;
0230 if (!allow_unknown && !mapping->perms[i])
0231 result |= 1<<i;
0232 }
0233
0234
0235
0236
0237
0238 for (; i < (sizeof(u32)*8); i++)
0239 result |= 1<<i;
0240 avd->auditdeny = result;
0241 }
0242 }
0243
0244 int security_mls_enabled(struct selinux_state *state)
0245 {
0246 int mls_enabled;
0247 struct selinux_policy *policy;
0248
0249 if (!selinux_initialized(state))
0250 return 0;
0251
0252 rcu_read_lock();
0253 policy = rcu_dereference(state->policy);
0254 mls_enabled = policy->policydb.mls_enabled;
0255 rcu_read_unlock();
0256 return mls_enabled;
0257 }
0258
0259
0260
0261
0262
0263
0264
0265
0266
0267
0268
0269
0270 static int constraint_expr_eval(struct policydb *policydb,
0271 struct context *scontext,
0272 struct context *tcontext,
0273 struct context *xcontext,
0274 struct constraint_expr *cexpr)
0275 {
0276 u32 val1, val2;
0277 struct context *c;
0278 struct role_datum *r1, *r2;
0279 struct mls_level *l1, *l2;
0280 struct constraint_expr *e;
0281 int s[CEXPR_MAXDEPTH];
0282 int sp = -1;
0283
0284 for (e = cexpr; e; e = e->next) {
0285 switch (e->expr_type) {
0286 case CEXPR_NOT:
0287 BUG_ON(sp < 0);
0288 s[sp] = !s[sp];
0289 break;
0290 case CEXPR_AND:
0291 BUG_ON(sp < 1);
0292 sp--;
0293 s[sp] &= s[sp + 1];
0294 break;
0295 case CEXPR_OR:
0296 BUG_ON(sp < 1);
0297 sp--;
0298 s[sp] |= s[sp + 1];
0299 break;
0300 case CEXPR_ATTR:
0301 if (sp == (CEXPR_MAXDEPTH - 1))
0302 return 0;
0303 switch (e->attr) {
0304 case CEXPR_USER:
0305 val1 = scontext->user;
0306 val2 = tcontext->user;
0307 break;
0308 case CEXPR_TYPE:
0309 val1 = scontext->type;
0310 val2 = tcontext->type;
0311 break;
0312 case CEXPR_ROLE:
0313 val1 = scontext->role;
0314 val2 = tcontext->role;
0315 r1 = policydb->role_val_to_struct[val1 - 1];
0316 r2 = policydb->role_val_to_struct[val2 - 1];
0317 switch (e->op) {
0318 case CEXPR_DOM:
0319 s[++sp] = ebitmap_get_bit(&r1->dominates,
0320 val2 - 1);
0321 continue;
0322 case CEXPR_DOMBY:
0323 s[++sp] = ebitmap_get_bit(&r2->dominates,
0324 val1 - 1);
0325 continue;
0326 case CEXPR_INCOMP:
0327 s[++sp] = (!ebitmap_get_bit(&r1->dominates,
0328 val2 - 1) &&
0329 !ebitmap_get_bit(&r2->dominates,
0330 val1 - 1));
0331 continue;
0332 default:
0333 break;
0334 }
0335 break;
0336 case CEXPR_L1L2:
0337 l1 = &(scontext->range.level[0]);
0338 l2 = &(tcontext->range.level[0]);
0339 goto mls_ops;
0340 case CEXPR_L1H2:
0341 l1 = &(scontext->range.level[0]);
0342 l2 = &(tcontext->range.level[1]);
0343 goto mls_ops;
0344 case CEXPR_H1L2:
0345 l1 = &(scontext->range.level[1]);
0346 l2 = &(tcontext->range.level[0]);
0347 goto mls_ops;
0348 case CEXPR_H1H2:
0349 l1 = &(scontext->range.level[1]);
0350 l2 = &(tcontext->range.level[1]);
0351 goto mls_ops;
0352 case CEXPR_L1H1:
0353 l1 = &(scontext->range.level[0]);
0354 l2 = &(scontext->range.level[1]);
0355 goto mls_ops;
0356 case CEXPR_L2H2:
0357 l1 = &(tcontext->range.level[0]);
0358 l2 = &(tcontext->range.level[1]);
0359 goto mls_ops;
0360 mls_ops:
0361 switch (e->op) {
0362 case CEXPR_EQ:
0363 s[++sp] = mls_level_eq(l1, l2);
0364 continue;
0365 case CEXPR_NEQ:
0366 s[++sp] = !mls_level_eq(l1, l2);
0367 continue;
0368 case CEXPR_DOM:
0369 s[++sp] = mls_level_dom(l1, l2);
0370 continue;
0371 case CEXPR_DOMBY:
0372 s[++sp] = mls_level_dom(l2, l1);
0373 continue;
0374 case CEXPR_INCOMP:
0375 s[++sp] = mls_level_incomp(l2, l1);
0376 continue;
0377 default:
0378 BUG();
0379 return 0;
0380 }
0381 break;
0382 default:
0383 BUG();
0384 return 0;
0385 }
0386
0387 switch (e->op) {
0388 case CEXPR_EQ:
0389 s[++sp] = (val1 == val2);
0390 break;
0391 case CEXPR_NEQ:
0392 s[++sp] = (val1 != val2);
0393 break;
0394 default:
0395 BUG();
0396 return 0;
0397 }
0398 break;
0399 case CEXPR_NAMES:
0400 if (sp == (CEXPR_MAXDEPTH-1))
0401 return 0;
0402 c = scontext;
0403 if (e->attr & CEXPR_TARGET)
0404 c = tcontext;
0405 else if (e->attr & CEXPR_XTARGET) {
0406 c = xcontext;
0407 if (!c) {
0408 BUG();
0409 return 0;
0410 }
0411 }
0412 if (e->attr & CEXPR_USER)
0413 val1 = c->user;
0414 else if (e->attr & CEXPR_ROLE)
0415 val1 = c->role;
0416 else if (e->attr & CEXPR_TYPE)
0417 val1 = c->type;
0418 else {
0419 BUG();
0420 return 0;
0421 }
0422
0423 switch (e->op) {
0424 case CEXPR_EQ:
0425 s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
0426 break;
0427 case CEXPR_NEQ:
0428 s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
0429 break;
0430 default:
0431 BUG();
0432 return 0;
0433 }
0434 break;
0435 default:
0436 BUG();
0437 return 0;
0438 }
0439 }
0440
0441 BUG_ON(sp != 0);
0442 return s[0];
0443 }
0444
0445
0446
0447
0448
0449 static int dump_masked_av_helper(void *k, void *d, void *args)
0450 {
0451 struct perm_datum *pdatum = d;
0452 char **permission_names = args;
0453
0454 BUG_ON(pdatum->value < 1 || pdatum->value > 32);
0455
0456 permission_names[pdatum->value - 1] = (char *)k;
0457
0458 return 0;
0459 }
0460
0461 static void security_dump_masked_av(struct policydb *policydb,
0462 struct context *scontext,
0463 struct context *tcontext,
0464 u16 tclass,
0465 u32 permissions,
0466 const char *reason)
0467 {
0468 struct common_datum *common_dat;
0469 struct class_datum *tclass_dat;
0470 struct audit_buffer *ab;
0471 char *tclass_name;
0472 char *scontext_name = NULL;
0473 char *tcontext_name = NULL;
0474 char *permission_names[32];
0475 int index;
0476 u32 length;
0477 bool need_comma = false;
0478
0479 if (!permissions)
0480 return;
0481
0482 tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
0483 tclass_dat = policydb->class_val_to_struct[tclass - 1];
0484 common_dat = tclass_dat->comdatum;
0485
0486
0487 if (common_dat &&
0488 hashtab_map(&common_dat->permissions.table,
0489 dump_masked_av_helper, permission_names) < 0)
0490 goto out;
0491
0492 if (hashtab_map(&tclass_dat->permissions.table,
0493 dump_masked_av_helper, permission_names) < 0)
0494 goto out;
0495
0496
0497 if (context_struct_to_string(policydb, scontext,
0498 &scontext_name, &length) < 0)
0499 goto out;
0500
0501 if (context_struct_to_string(policydb, tcontext,
0502 &tcontext_name, &length) < 0)
0503 goto out;
0504
0505
0506 ab = audit_log_start(audit_context(),
0507 GFP_ATOMIC, AUDIT_SELINUX_ERR);
0508 if (!ab)
0509 goto out;
0510
0511 audit_log_format(ab, "op=security_compute_av reason=%s "
0512 "scontext=%s tcontext=%s tclass=%s perms=",
0513 reason, scontext_name, tcontext_name, tclass_name);
0514
0515 for (index = 0; index < 32; index++) {
0516 u32 mask = (1 << index);
0517
0518 if ((mask & permissions) == 0)
0519 continue;
0520
0521 audit_log_format(ab, "%s%s",
0522 need_comma ? "," : "",
0523 permission_names[index]
0524 ? permission_names[index] : "????");
0525 need_comma = true;
0526 }
0527 audit_log_end(ab);
0528 out:
0529
0530 kfree(tcontext_name);
0531 kfree(scontext_name);
0532 }
0533
0534
0535
0536
0537
0538 static void type_attribute_bounds_av(struct policydb *policydb,
0539 struct context *scontext,
0540 struct context *tcontext,
0541 u16 tclass,
0542 struct av_decision *avd)
0543 {
0544 struct context lo_scontext;
0545 struct context lo_tcontext, *tcontextp = tcontext;
0546 struct av_decision lo_avd;
0547 struct type_datum *source;
0548 struct type_datum *target;
0549 u32 masked = 0;
0550
0551 source = policydb->type_val_to_struct[scontext->type - 1];
0552 BUG_ON(!source);
0553
0554 if (!source->bounds)
0555 return;
0556
0557 target = policydb->type_val_to_struct[tcontext->type - 1];
0558 BUG_ON(!target);
0559
0560 memset(&lo_avd, 0, sizeof(lo_avd));
0561
0562 memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
0563 lo_scontext.type = source->bounds;
0564
0565 if (target->bounds) {
0566 memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
0567 lo_tcontext.type = target->bounds;
0568 tcontextp = &lo_tcontext;
0569 }
0570
0571 context_struct_compute_av(policydb, &lo_scontext,
0572 tcontextp,
0573 tclass,
0574 &lo_avd,
0575 NULL);
0576
0577 masked = ~lo_avd.allowed & avd->allowed;
0578
0579 if (likely(!masked))
0580 return;
0581
0582
0583 avd->allowed &= ~masked;
0584
0585
0586 security_dump_masked_av(policydb, scontext, tcontext,
0587 tclass, masked, "bounds");
0588 }
0589
0590
0591
0592
0593
0594 void services_compute_xperms_drivers(
0595 struct extended_perms *xperms,
0596 struct avtab_node *node)
0597 {
0598 unsigned int i;
0599
0600 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
0601
0602 for (i = 0; i < ARRAY_SIZE(xperms->drivers.p); i++)
0603 xperms->drivers.p[i] |= node->datum.u.xperms->perms.p[i];
0604 } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
0605
0606 security_xperm_set(xperms->drivers.p,
0607 node->datum.u.xperms->driver);
0608 }
0609
0610 xperms->len = 1;
0611 }
0612
0613
0614
0615
0616
0617 static void context_struct_compute_av(struct policydb *policydb,
0618 struct context *scontext,
0619 struct context *tcontext,
0620 u16 tclass,
0621 struct av_decision *avd,
0622 struct extended_perms *xperms)
0623 {
0624 struct constraint_node *constraint;
0625 struct role_allow *ra;
0626 struct avtab_key avkey;
0627 struct avtab_node *node;
0628 struct class_datum *tclass_datum;
0629 struct ebitmap *sattr, *tattr;
0630 struct ebitmap_node *snode, *tnode;
0631 unsigned int i, j;
0632
0633 avd->allowed = 0;
0634 avd->auditallow = 0;
0635 avd->auditdeny = 0xffffffff;
0636 if (xperms) {
0637 memset(&xperms->drivers, 0, sizeof(xperms->drivers));
0638 xperms->len = 0;
0639 }
0640
0641 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
0642 if (printk_ratelimit())
0643 pr_warn("SELinux: Invalid class %hu\n", tclass);
0644 return;
0645 }
0646
0647 tclass_datum = policydb->class_val_to_struct[tclass - 1];
0648
0649
0650
0651
0652
0653 avkey.target_class = tclass;
0654 avkey.specified = AVTAB_AV | AVTAB_XPERMS;
0655 sattr = &policydb->type_attr_map_array[scontext->type - 1];
0656 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
0657 ebitmap_for_each_positive_bit(sattr, snode, i) {
0658 ebitmap_for_each_positive_bit(tattr, tnode, j) {
0659 avkey.source_type = i + 1;
0660 avkey.target_type = j + 1;
0661 for (node = avtab_search_node(&policydb->te_avtab,
0662 &avkey);
0663 node;
0664 node = avtab_search_node_next(node, avkey.specified)) {
0665 if (node->key.specified == AVTAB_ALLOWED)
0666 avd->allowed |= node->datum.u.data;
0667 else if (node->key.specified == AVTAB_AUDITALLOW)
0668 avd->auditallow |= node->datum.u.data;
0669 else if (node->key.specified == AVTAB_AUDITDENY)
0670 avd->auditdeny &= node->datum.u.data;
0671 else if (xperms && (node->key.specified & AVTAB_XPERMS))
0672 services_compute_xperms_drivers(xperms, node);
0673 }
0674
0675
0676 cond_compute_av(&policydb->te_cond_avtab, &avkey,
0677 avd, xperms);
0678
0679 }
0680 }
0681
0682
0683
0684
0685
0686 constraint = tclass_datum->constraints;
0687 while (constraint) {
0688 if ((constraint->permissions & (avd->allowed)) &&
0689 !constraint_expr_eval(policydb, scontext, tcontext, NULL,
0690 constraint->expr)) {
0691 avd->allowed &= ~(constraint->permissions);
0692 }
0693 constraint = constraint->next;
0694 }
0695
0696
0697
0698
0699
0700
0701 if (tclass == policydb->process_class &&
0702 (avd->allowed & policydb->process_trans_perms) &&
0703 scontext->role != tcontext->role) {
0704 for (ra = policydb->role_allow; ra; ra = ra->next) {
0705 if (scontext->role == ra->role &&
0706 tcontext->role == ra->new_role)
0707 break;
0708 }
0709 if (!ra)
0710 avd->allowed &= ~policydb->process_trans_perms;
0711 }
0712
0713
0714
0715
0716
0717
0718 type_attribute_bounds_av(policydb, scontext, tcontext,
0719 tclass, avd);
0720 }
0721
0722 static int security_validtrans_handle_fail(struct selinux_state *state,
0723 struct selinux_policy *policy,
0724 struct sidtab_entry *oentry,
0725 struct sidtab_entry *nentry,
0726 struct sidtab_entry *tentry,
0727 u16 tclass)
0728 {
0729 struct policydb *p = &policy->policydb;
0730 struct sidtab *sidtab = policy->sidtab;
0731 char *o = NULL, *n = NULL, *t = NULL;
0732 u32 olen, nlen, tlen;
0733
0734 if (sidtab_entry_to_string(p, sidtab, oentry, &o, &olen))
0735 goto out;
0736 if (sidtab_entry_to_string(p, sidtab, nentry, &n, &nlen))
0737 goto out;
0738 if (sidtab_entry_to_string(p, sidtab, tentry, &t, &tlen))
0739 goto out;
0740 audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
0741 "op=security_validate_transition seresult=denied"
0742 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
0743 o, n, t, sym_name(p, SYM_CLASSES, tclass-1));
0744 out:
0745 kfree(o);
0746 kfree(n);
0747 kfree(t);
0748
0749 if (!enforcing_enabled(state))
0750 return 0;
0751 return -EPERM;
0752 }
0753
0754 static int security_compute_validatetrans(struct selinux_state *state,
0755 u32 oldsid, u32 newsid, u32 tasksid,
0756 u16 orig_tclass, bool user)
0757 {
0758 struct selinux_policy *policy;
0759 struct policydb *policydb;
0760 struct sidtab *sidtab;
0761 struct sidtab_entry *oentry;
0762 struct sidtab_entry *nentry;
0763 struct sidtab_entry *tentry;
0764 struct class_datum *tclass_datum;
0765 struct constraint_node *constraint;
0766 u16 tclass;
0767 int rc = 0;
0768
0769
0770 if (!selinux_initialized(state))
0771 return 0;
0772
0773 rcu_read_lock();
0774
0775 policy = rcu_dereference(state->policy);
0776 policydb = &policy->policydb;
0777 sidtab = policy->sidtab;
0778
0779 if (!user)
0780 tclass = unmap_class(&policy->map, orig_tclass);
0781 else
0782 tclass = orig_tclass;
0783
0784 if (!tclass || tclass > policydb->p_classes.nprim) {
0785 rc = -EINVAL;
0786 goto out;
0787 }
0788 tclass_datum = policydb->class_val_to_struct[tclass - 1];
0789
0790 oentry = sidtab_search_entry(sidtab, oldsid);
0791 if (!oentry) {
0792 pr_err("SELinux: %s: unrecognized SID %d\n",
0793 __func__, oldsid);
0794 rc = -EINVAL;
0795 goto out;
0796 }
0797
0798 nentry = sidtab_search_entry(sidtab, newsid);
0799 if (!nentry) {
0800 pr_err("SELinux: %s: unrecognized SID %d\n",
0801 __func__, newsid);
0802 rc = -EINVAL;
0803 goto out;
0804 }
0805
0806 tentry = sidtab_search_entry(sidtab, tasksid);
0807 if (!tentry) {
0808 pr_err("SELinux: %s: unrecognized SID %d\n",
0809 __func__, tasksid);
0810 rc = -EINVAL;
0811 goto out;
0812 }
0813
0814 constraint = tclass_datum->validatetrans;
0815 while (constraint) {
0816 if (!constraint_expr_eval(policydb, &oentry->context,
0817 &nentry->context, &tentry->context,
0818 constraint->expr)) {
0819 if (user)
0820 rc = -EPERM;
0821 else
0822 rc = security_validtrans_handle_fail(state,
0823 policy,
0824 oentry,
0825 nentry,
0826 tentry,
0827 tclass);
0828 goto out;
0829 }
0830 constraint = constraint->next;
0831 }
0832
0833 out:
0834 rcu_read_unlock();
0835 return rc;
0836 }
0837
0838 int security_validate_transition_user(struct selinux_state *state,
0839 u32 oldsid, u32 newsid, u32 tasksid,
0840 u16 tclass)
0841 {
0842 return security_compute_validatetrans(state, oldsid, newsid, tasksid,
0843 tclass, true);
0844 }
0845
0846 int security_validate_transition(struct selinux_state *state,
0847 u32 oldsid, u32 newsid, u32 tasksid,
0848 u16 orig_tclass)
0849 {
0850 return security_compute_validatetrans(state, oldsid, newsid, tasksid,
0851 orig_tclass, false);
0852 }
0853
0854
0855
0856
0857
0858
0859
0860
0861
0862
0863
0864 int security_bounded_transition(struct selinux_state *state,
0865 u32 old_sid, u32 new_sid)
0866 {
0867 struct selinux_policy *policy;
0868 struct policydb *policydb;
0869 struct sidtab *sidtab;
0870 struct sidtab_entry *old_entry, *new_entry;
0871 struct type_datum *type;
0872 int index;
0873 int rc;
0874
0875 if (!selinux_initialized(state))
0876 return 0;
0877
0878 rcu_read_lock();
0879 policy = rcu_dereference(state->policy);
0880 policydb = &policy->policydb;
0881 sidtab = policy->sidtab;
0882
0883 rc = -EINVAL;
0884 old_entry = sidtab_search_entry(sidtab, old_sid);
0885 if (!old_entry) {
0886 pr_err("SELinux: %s: unrecognized SID %u\n",
0887 __func__, old_sid);
0888 goto out;
0889 }
0890
0891 rc = -EINVAL;
0892 new_entry = sidtab_search_entry(sidtab, new_sid);
0893 if (!new_entry) {
0894 pr_err("SELinux: %s: unrecognized SID %u\n",
0895 __func__, new_sid);
0896 goto out;
0897 }
0898
0899 rc = 0;
0900
0901 if (old_entry->context.type == new_entry->context.type)
0902 goto out;
0903
0904 index = new_entry->context.type;
0905 while (true) {
0906 type = policydb->type_val_to_struct[index - 1];
0907 BUG_ON(!type);
0908
0909
0910 rc = -EPERM;
0911 if (!type->bounds)
0912 break;
0913
0914
0915 rc = 0;
0916 if (type->bounds == old_entry->context.type)
0917 break;
0918
0919 index = type->bounds;
0920 }
0921
0922 if (rc) {
0923 char *old_name = NULL;
0924 char *new_name = NULL;
0925 u32 length;
0926
0927 if (!sidtab_entry_to_string(policydb, sidtab, old_entry,
0928 &old_name, &length) &&
0929 !sidtab_entry_to_string(policydb, sidtab, new_entry,
0930 &new_name, &length)) {
0931 audit_log(audit_context(),
0932 GFP_ATOMIC, AUDIT_SELINUX_ERR,
0933 "op=security_bounded_transition "
0934 "seresult=denied "
0935 "oldcontext=%s newcontext=%s",
0936 old_name, new_name);
0937 }
0938 kfree(new_name);
0939 kfree(old_name);
0940 }
0941 out:
0942 rcu_read_unlock();
0943
0944 return rc;
0945 }
0946
0947 static void avd_init(struct selinux_policy *policy, struct av_decision *avd)
0948 {
0949 avd->allowed = 0;
0950 avd->auditallow = 0;
0951 avd->auditdeny = 0xffffffff;
0952 if (policy)
0953 avd->seqno = policy->latest_granting;
0954 else
0955 avd->seqno = 0;
0956 avd->flags = 0;
0957 }
0958
0959 void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
0960 struct avtab_node *node)
0961 {
0962 unsigned int i;
0963
0964 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
0965 if (xpermd->driver != node->datum.u.xperms->driver)
0966 return;
0967 } else if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
0968 if (!security_xperm_test(node->datum.u.xperms->perms.p,
0969 xpermd->driver))
0970 return;
0971 } else {
0972 BUG();
0973 }
0974
0975 if (node->key.specified == AVTAB_XPERMS_ALLOWED) {
0976 xpermd->used |= XPERMS_ALLOWED;
0977 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
0978 memset(xpermd->allowed->p, 0xff,
0979 sizeof(xpermd->allowed->p));
0980 }
0981 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
0982 for (i = 0; i < ARRAY_SIZE(xpermd->allowed->p); i++)
0983 xpermd->allowed->p[i] |=
0984 node->datum.u.xperms->perms.p[i];
0985 }
0986 } else if (node->key.specified == AVTAB_XPERMS_AUDITALLOW) {
0987 xpermd->used |= XPERMS_AUDITALLOW;
0988 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
0989 memset(xpermd->auditallow->p, 0xff,
0990 sizeof(xpermd->auditallow->p));
0991 }
0992 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
0993 for (i = 0; i < ARRAY_SIZE(xpermd->auditallow->p); i++)
0994 xpermd->auditallow->p[i] |=
0995 node->datum.u.xperms->perms.p[i];
0996 }
0997 } else if (node->key.specified == AVTAB_XPERMS_DONTAUDIT) {
0998 xpermd->used |= XPERMS_DONTAUDIT;
0999 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLDRIVER) {
1000 memset(xpermd->dontaudit->p, 0xff,
1001 sizeof(xpermd->dontaudit->p));
1002 }
1003 if (node->datum.u.xperms->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
1004 for (i = 0; i < ARRAY_SIZE(xpermd->dontaudit->p); i++)
1005 xpermd->dontaudit->p[i] |=
1006 node->datum.u.xperms->perms.p[i];
1007 }
1008 } else {
1009 BUG();
1010 }
1011 }
1012
1013 void security_compute_xperms_decision(struct selinux_state *state,
1014 u32 ssid,
1015 u32 tsid,
1016 u16 orig_tclass,
1017 u8 driver,
1018 struct extended_perms_decision *xpermd)
1019 {
1020 struct selinux_policy *policy;
1021 struct policydb *policydb;
1022 struct sidtab *sidtab;
1023 u16 tclass;
1024 struct context *scontext, *tcontext;
1025 struct avtab_key avkey;
1026 struct avtab_node *node;
1027 struct ebitmap *sattr, *tattr;
1028 struct ebitmap_node *snode, *tnode;
1029 unsigned int i, j;
1030
1031 xpermd->driver = driver;
1032 xpermd->used = 0;
1033 memset(xpermd->allowed->p, 0, sizeof(xpermd->allowed->p));
1034 memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
1035 memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
1036
1037 rcu_read_lock();
1038 if (!selinux_initialized(state))
1039 goto allow;
1040
1041 policy = rcu_dereference(state->policy);
1042 policydb = &policy->policydb;
1043 sidtab = policy->sidtab;
1044
1045 scontext = sidtab_search(sidtab, ssid);
1046 if (!scontext) {
1047 pr_err("SELinux: %s: unrecognized SID %d\n",
1048 __func__, ssid);
1049 goto out;
1050 }
1051
1052 tcontext = sidtab_search(sidtab, tsid);
1053 if (!tcontext) {
1054 pr_err("SELinux: %s: unrecognized SID %d\n",
1055 __func__, tsid);
1056 goto out;
1057 }
1058
1059 tclass = unmap_class(&policy->map, orig_tclass);
1060 if (unlikely(orig_tclass && !tclass)) {
1061 if (policydb->allow_unknown)
1062 goto allow;
1063 goto out;
1064 }
1065
1066
1067 if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
1068 pr_warn_ratelimited("SELinux: Invalid class %hu\n", tclass);
1069 goto out;
1070 }
1071
1072 avkey.target_class = tclass;
1073 avkey.specified = AVTAB_XPERMS;
1074 sattr = &policydb->type_attr_map_array[scontext->type - 1];
1075 tattr = &policydb->type_attr_map_array[tcontext->type - 1];
1076 ebitmap_for_each_positive_bit(sattr, snode, i) {
1077 ebitmap_for_each_positive_bit(tattr, tnode, j) {
1078 avkey.source_type = i + 1;
1079 avkey.target_type = j + 1;
1080 for (node = avtab_search_node(&policydb->te_avtab,
1081 &avkey);
1082 node;
1083 node = avtab_search_node_next(node, avkey.specified))
1084 services_compute_xperms_decision(xpermd, node);
1085
1086 cond_compute_xperms(&policydb->te_cond_avtab,
1087 &avkey, xpermd);
1088 }
1089 }
1090 out:
1091 rcu_read_unlock();
1092 return;
1093 allow:
1094 memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
1095 goto out;
1096 }
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110 void security_compute_av(struct selinux_state *state,
1111 u32 ssid,
1112 u32 tsid,
1113 u16 orig_tclass,
1114 struct av_decision *avd,
1115 struct extended_perms *xperms)
1116 {
1117 struct selinux_policy *policy;
1118 struct policydb *policydb;
1119 struct sidtab *sidtab;
1120 u16 tclass;
1121 struct context *scontext = NULL, *tcontext = NULL;
1122
1123 rcu_read_lock();
1124 policy = rcu_dereference(state->policy);
1125 avd_init(policy, avd);
1126 xperms->len = 0;
1127 if (!selinux_initialized(state))
1128 goto allow;
1129
1130 policydb = &policy->policydb;
1131 sidtab = policy->sidtab;
1132
1133 scontext = sidtab_search(sidtab, ssid);
1134 if (!scontext) {
1135 pr_err("SELinux: %s: unrecognized SID %d\n",
1136 __func__, ssid);
1137 goto out;
1138 }
1139
1140
1141 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1142 avd->flags |= AVD_FLAGS_PERMISSIVE;
1143
1144 tcontext = sidtab_search(sidtab, tsid);
1145 if (!tcontext) {
1146 pr_err("SELinux: %s: unrecognized SID %d\n",
1147 __func__, tsid);
1148 goto out;
1149 }
1150
1151 tclass = unmap_class(&policy->map, orig_tclass);
1152 if (unlikely(orig_tclass && !tclass)) {
1153 if (policydb->allow_unknown)
1154 goto allow;
1155 goto out;
1156 }
1157 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1158 xperms);
1159 map_decision(&policy->map, orig_tclass, avd,
1160 policydb->allow_unknown);
1161 out:
1162 rcu_read_unlock();
1163 return;
1164 allow:
1165 avd->allowed = 0xffffffff;
1166 goto out;
1167 }
1168
1169 void security_compute_av_user(struct selinux_state *state,
1170 u32 ssid,
1171 u32 tsid,
1172 u16 tclass,
1173 struct av_decision *avd)
1174 {
1175 struct selinux_policy *policy;
1176 struct policydb *policydb;
1177 struct sidtab *sidtab;
1178 struct context *scontext = NULL, *tcontext = NULL;
1179
1180 rcu_read_lock();
1181 policy = rcu_dereference(state->policy);
1182 avd_init(policy, avd);
1183 if (!selinux_initialized(state))
1184 goto allow;
1185
1186 policydb = &policy->policydb;
1187 sidtab = policy->sidtab;
1188
1189 scontext = sidtab_search(sidtab, ssid);
1190 if (!scontext) {
1191 pr_err("SELinux: %s: unrecognized SID %d\n",
1192 __func__, ssid);
1193 goto out;
1194 }
1195
1196
1197 if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1198 avd->flags |= AVD_FLAGS_PERMISSIVE;
1199
1200 tcontext = sidtab_search(sidtab, tsid);
1201 if (!tcontext) {
1202 pr_err("SELinux: %s: unrecognized SID %d\n",
1203 __func__, tsid);
1204 goto out;
1205 }
1206
1207 if (unlikely(!tclass)) {
1208 if (policydb->allow_unknown)
1209 goto allow;
1210 goto out;
1211 }
1212
1213 context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1214 NULL);
1215 out:
1216 rcu_read_unlock();
1217 return;
1218 allow:
1219 avd->allowed = 0xffffffff;
1220 goto out;
1221 }
1222
1223
1224
1225
1226
1227
1228
1229
1230 static int context_struct_to_string(struct policydb *p,
1231 struct context *context,
1232 char **scontext, u32 *scontext_len)
1233 {
1234 char *scontextp;
1235
1236 if (scontext)
1237 *scontext = NULL;
1238 *scontext_len = 0;
1239
1240 if (context->len) {
1241 *scontext_len = context->len;
1242 if (scontext) {
1243 *scontext = kstrdup(context->str, GFP_ATOMIC);
1244 if (!(*scontext))
1245 return -ENOMEM;
1246 }
1247 return 0;
1248 }
1249
1250
1251 *scontext_len += strlen(sym_name(p, SYM_USERS, context->user - 1)) + 1;
1252 *scontext_len += strlen(sym_name(p, SYM_ROLES, context->role - 1)) + 1;
1253 *scontext_len += strlen(sym_name(p, SYM_TYPES, context->type - 1)) + 1;
1254 *scontext_len += mls_compute_context_len(p, context);
1255
1256 if (!scontext)
1257 return 0;
1258
1259
1260 scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
1261 if (!scontextp)
1262 return -ENOMEM;
1263 *scontext = scontextp;
1264
1265
1266
1267
1268 scontextp += sprintf(scontextp, "%s:%s:%s",
1269 sym_name(p, SYM_USERS, context->user - 1),
1270 sym_name(p, SYM_ROLES, context->role - 1),
1271 sym_name(p, SYM_TYPES, context->type - 1));
1272
1273 mls_sid_to_context(p, context, &scontextp);
1274
1275 *scontextp = 0;
1276
1277 return 0;
1278 }
1279
1280 static int sidtab_entry_to_string(struct policydb *p,
1281 struct sidtab *sidtab,
1282 struct sidtab_entry *entry,
1283 char **scontext, u32 *scontext_len)
1284 {
1285 int rc = sidtab_sid2str_get(sidtab, entry, scontext, scontext_len);
1286
1287 if (rc != -ENOENT)
1288 return rc;
1289
1290 rc = context_struct_to_string(p, &entry->context, scontext,
1291 scontext_len);
1292 if (!rc && scontext)
1293 sidtab_sid2str_put(sidtab, entry, *scontext, *scontext_len);
1294 return rc;
1295 }
1296
1297 #include "initial_sid_to_string.h"
1298
1299 int security_sidtab_hash_stats(struct selinux_state *state, char *page)
1300 {
1301 struct selinux_policy *policy;
1302 int rc;
1303
1304 if (!selinux_initialized(state)) {
1305 pr_err("SELinux: %s: called before initial load_policy\n",
1306 __func__);
1307 return -EINVAL;
1308 }
1309
1310 rcu_read_lock();
1311 policy = rcu_dereference(state->policy);
1312 rc = sidtab_hash_stats(policy->sidtab, page);
1313 rcu_read_unlock();
1314
1315 return rc;
1316 }
1317
1318 const char *security_get_initial_sid_context(u32 sid)
1319 {
1320 if (unlikely(sid > SECINITSID_NUM))
1321 return NULL;
1322 return initial_sid_to_string[sid];
1323 }
1324
1325 static int security_sid_to_context_core(struct selinux_state *state,
1326 u32 sid, char **scontext,
1327 u32 *scontext_len, int force,
1328 int only_invalid)
1329 {
1330 struct selinux_policy *policy;
1331 struct policydb *policydb;
1332 struct sidtab *sidtab;
1333 struct sidtab_entry *entry;
1334 int rc = 0;
1335
1336 if (scontext)
1337 *scontext = NULL;
1338 *scontext_len = 0;
1339
1340 if (!selinux_initialized(state)) {
1341 if (sid <= SECINITSID_NUM) {
1342 char *scontextp;
1343 const char *s = initial_sid_to_string[sid];
1344
1345 if (!s)
1346 return -EINVAL;
1347 *scontext_len = strlen(s) + 1;
1348 if (!scontext)
1349 return 0;
1350 scontextp = kmemdup(s, *scontext_len, GFP_ATOMIC);
1351 if (!scontextp)
1352 return -ENOMEM;
1353 *scontext = scontextp;
1354 return 0;
1355 }
1356 pr_err("SELinux: %s: called before initial "
1357 "load_policy on unknown SID %d\n", __func__, sid);
1358 return -EINVAL;
1359 }
1360 rcu_read_lock();
1361 policy = rcu_dereference(state->policy);
1362 policydb = &policy->policydb;
1363 sidtab = policy->sidtab;
1364
1365 if (force)
1366 entry = sidtab_search_entry_force(sidtab, sid);
1367 else
1368 entry = sidtab_search_entry(sidtab, sid);
1369 if (!entry) {
1370 pr_err("SELinux: %s: unrecognized SID %d\n",
1371 __func__, sid);
1372 rc = -EINVAL;
1373 goto out_unlock;
1374 }
1375 if (only_invalid && !entry->context.len)
1376 goto out_unlock;
1377
1378 rc = sidtab_entry_to_string(policydb, sidtab, entry, scontext,
1379 scontext_len);
1380
1381 out_unlock:
1382 rcu_read_unlock();
1383 return rc;
1384
1385 }
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398 int security_sid_to_context(struct selinux_state *state,
1399 u32 sid, char **scontext, u32 *scontext_len)
1400 {
1401 return security_sid_to_context_core(state, sid, scontext,
1402 scontext_len, 0, 0);
1403 }
1404
1405 int security_sid_to_context_force(struct selinux_state *state, u32 sid,
1406 char **scontext, u32 *scontext_len)
1407 {
1408 return security_sid_to_context_core(state, sid, scontext,
1409 scontext_len, 1, 0);
1410 }
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426 int security_sid_to_context_inval(struct selinux_state *state, u32 sid,
1427 char **scontext, u32 *scontext_len)
1428 {
1429 return security_sid_to_context_core(state, sid, scontext,
1430 scontext_len, 1, 1);
1431 }
1432
1433
1434
1435
1436 static int string_to_context_struct(struct policydb *pol,
1437 struct sidtab *sidtabp,
1438 char *scontext,
1439 struct context *ctx,
1440 u32 def_sid)
1441 {
1442 struct role_datum *role;
1443 struct type_datum *typdatum;
1444 struct user_datum *usrdatum;
1445 char *scontextp, *p, oldc;
1446 int rc = 0;
1447
1448 context_init(ctx);
1449
1450
1451
1452 rc = -EINVAL;
1453 scontextp = scontext;
1454
1455
1456 p = scontextp;
1457 while (*p && *p != ':')
1458 p++;
1459
1460 if (*p == 0)
1461 goto out;
1462
1463 *p++ = 0;
1464
1465 usrdatum = symtab_search(&pol->p_users, scontextp);
1466 if (!usrdatum)
1467 goto out;
1468
1469 ctx->user = usrdatum->value;
1470
1471
1472 scontextp = p;
1473 while (*p && *p != ':')
1474 p++;
1475
1476 if (*p == 0)
1477 goto out;
1478
1479 *p++ = 0;
1480
1481 role = symtab_search(&pol->p_roles, scontextp);
1482 if (!role)
1483 goto out;
1484 ctx->role = role->value;
1485
1486
1487 scontextp = p;
1488 while (*p && *p != ':')
1489 p++;
1490 oldc = *p;
1491 *p++ = 0;
1492
1493 typdatum = symtab_search(&pol->p_types, scontextp);
1494 if (!typdatum || typdatum->attribute)
1495 goto out;
1496
1497 ctx->type = typdatum->value;
1498
1499 rc = mls_context_to_sid(pol, oldc, p, ctx, sidtabp, def_sid);
1500 if (rc)
1501 goto out;
1502
1503
1504 rc = -EINVAL;
1505 if (!policydb_context_isvalid(pol, ctx))
1506 goto out;
1507 rc = 0;
1508 out:
1509 if (rc)
1510 context_destroy(ctx);
1511 return rc;
1512 }
1513
1514 static int security_context_to_sid_core(struct selinux_state *state,
1515 const char *scontext, u32 scontext_len,
1516 u32 *sid, u32 def_sid, gfp_t gfp_flags,
1517 int force)
1518 {
1519 struct selinux_policy *policy;
1520 struct policydb *policydb;
1521 struct sidtab *sidtab;
1522 char *scontext2, *str = NULL;
1523 struct context context;
1524 int rc = 0;
1525
1526
1527 if (!scontext_len)
1528 return -EINVAL;
1529
1530
1531 scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags);
1532 if (!scontext2)
1533 return -ENOMEM;
1534
1535 if (!selinux_initialized(state)) {
1536 int i;
1537
1538 for (i = 1; i < SECINITSID_NUM; i++) {
1539 const char *s = initial_sid_to_string[i];
1540
1541 if (s && !strcmp(s, scontext2)) {
1542 *sid = i;
1543 goto out;
1544 }
1545 }
1546 *sid = SECINITSID_KERNEL;
1547 goto out;
1548 }
1549 *sid = SECSID_NULL;
1550
1551 if (force) {
1552
1553 rc = -ENOMEM;
1554 str = kstrdup(scontext2, gfp_flags);
1555 if (!str)
1556 goto out;
1557 }
1558 retry:
1559 rcu_read_lock();
1560 policy = rcu_dereference(state->policy);
1561 policydb = &policy->policydb;
1562 sidtab = policy->sidtab;
1563 rc = string_to_context_struct(policydb, sidtab, scontext2,
1564 &context, def_sid);
1565 if (rc == -EINVAL && force) {
1566 context.str = str;
1567 context.len = strlen(str) + 1;
1568 str = NULL;
1569 } else if (rc)
1570 goto out_unlock;
1571 rc = sidtab_context_to_sid(sidtab, &context, sid);
1572 if (rc == -ESTALE) {
1573 rcu_read_unlock();
1574 if (context.str) {
1575 str = context.str;
1576 context.str = NULL;
1577 }
1578 context_destroy(&context);
1579 goto retry;
1580 }
1581 context_destroy(&context);
1582 out_unlock:
1583 rcu_read_unlock();
1584 out:
1585 kfree(scontext2);
1586 kfree(str);
1587 return rc;
1588 }
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603 int security_context_to_sid(struct selinux_state *state,
1604 const char *scontext, u32 scontext_len, u32 *sid,
1605 gfp_t gfp)
1606 {
1607 return security_context_to_sid_core(state, scontext, scontext_len,
1608 sid, SECSID_NULL, gfp, 0);
1609 }
1610
1611 int security_context_str_to_sid(struct selinux_state *state,
1612 const char *scontext, u32 *sid, gfp_t gfp)
1613 {
1614 return security_context_to_sid(state, scontext, strlen(scontext),
1615 sid, gfp);
1616 }
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638 int security_context_to_sid_default(struct selinux_state *state,
1639 const char *scontext, u32 scontext_len,
1640 u32 *sid, u32 def_sid, gfp_t gfp_flags)
1641 {
1642 return security_context_to_sid_core(state, scontext, scontext_len,
1643 sid, def_sid, gfp_flags, 1);
1644 }
1645
1646 int security_context_to_sid_force(struct selinux_state *state,
1647 const char *scontext, u32 scontext_len,
1648 u32 *sid)
1649 {
1650 return security_context_to_sid_core(state, scontext, scontext_len,
1651 sid, SECSID_NULL, GFP_KERNEL, 1);
1652 }
1653
1654 static int compute_sid_handle_invalid_context(
1655 struct selinux_state *state,
1656 struct selinux_policy *policy,
1657 struct sidtab_entry *sentry,
1658 struct sidtab_entry *tentry,
1659 u16 tclass,
1660 struct context *newcontext)
1661 {
1662 struct policydb *policydb = &policy->policydb;
1663 struct sidtab *sidtab = policy->sidtab;
1664 char *s = NULL, *t = NULL, *n = NULL;
1665 u32 slen, tlen, nlen;
1666 struct audit_buffer *ab;
1667
1668 if (sidtab_entry_to_string(policydb, sidtab, sentry, &s, &slen))
1669 goto out;
1670 if (sidtab_entry_to_string(policydb, sidtab, tentry, &t, &tlen))
1671 goto out;
1672 if (context_struct_to_string(policydb, newcontext, &n, &nlen))
1673 goto out;
1674 ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR);
1675 if (!ab)
1676 goto out;
1677 audit_log_format(ab,
1678 "op=security_compute_sid invalid_context=");
1679
1680 audit_log_n_untrustedstring(ab, n, nlen - 1);
1681 audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s",
1682 s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
1683 audit_log_end(ab);
1684 out:
1685 kfree(s);
1686 kfree(t);
1687 kfree(n);
1688 if (!enforcing_enabled(state))
1689 return 0;
1690 return -EACCES;
1691 }
1692
1693 static void filename_compute_type(struct policydb *policydb,
1694 struct context *newcontext,
1695 u32 stype, u32 ttype, u16 tclass,
1696 const char *objname)
1697 {
1698 struct filename_trans_key ft;
1699 struct filename_trans_datum *datum;
1700
1701
1702
1703
1704
1705
1706 if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
1707 return;
1708
1709 ft.ttype = ttype;
1710 ft.tclass = tclass;
1711 ft.name = objname;
1712
1713 datum = policydb_filenametr_search(policydb, &ft);
1714 while (datum) {
1715 if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
1716 newcontext->type = datum->otype;
1717 return;
1718 }
1719 datum = datum->next;
1720 }
1721 }
1722
1723 static int security_compute_sid(struct selinux_state *state,
1724 u32 ssid,
1725 u32 tsid,
1726 u16 orig_tclass,
1727 u32 specified,
1728 const char *objname,
1729 u32 *out_sid,
1730 bool kern)
1731 {
1732 struct selinux_policy *policy;
1733 struct policydb *policydb;
1734 struct sidtab *sidtab;
1735 struct class_datum *cladatum;
1736 struct context *scontext, *tcontext, newcontext;
1737 struct sidtab_entry *sentry, *tentry;
1738 struct avtab_key avkey;
1739 struct avtab_datum *avdatum;
1740 struct avtab_node *node;
1741 u16 tclass;
1742 int rc = 0;
1743 bool sock;
1744
1745 if (!selinux_initialized(state)) {
1746 switch (orig_tclass) {
1747 case SECCLASS_PROCESS:
1748 *out_sid = ssid;
1749 break;
1750 default:
1751 *out_sid = tsid;
1752 break;
1753 }
1754 goto out;
1755 }
1756
1757 retry:
1758 cladatum = NULL;
1759 context_init(&newcontext);
1760
1761 rcu_read_lock();
1762
1763 policy = rcu_dereference(state->policy);
1764
1765 if (kern) {
1766 tclass = unmap_class(&policy->map, orig_tclass);
1767 sock = security_is_socket_class(orig_tclass);
1768 } else {
1769 tclass = orig_tclass;
1770 sock = security_is_socket_class(map_class(&policy->map,
1771 tclass));
1772 }
1773
1774 policydb = &policy->policydb;
1775 sidtab = policy->sidtab;
1776
1777 sentry = sidtab_search_entry(sidtab, ssid);
1778 if (!sentry) {
1779 pr_err("SELinux: %s: unrecognized SID %d\n",
1780 __func__, ssid);
1781 rc = -EINVAL;
1782 goto out_unlock;
1783 }
1784 tentry = sidtab_search_entry(sidtab, tsid);
1785 if (!tentry) {
1786 pr_err("SELinux: %s: unrecognized SID %d\n",
1787 __func__, tsid);
1788 rc = -EINVAL;
1789 goto out_unlock;
1790 }
1791
1792 scontext = &sentry->context;
1793 tcontext = &tentry->context;
1794
1795 if (tclass && tclass <= policydb->p_classes.nprim)
1796 cladatum = policydb->class_val_to_struct[tclass - 1];
1797
1798
1799 switch (specified) {
1800 case AVTAB_TRANSITION:
1801 case AVTAB_CHANGE:
1802 if (cladatum && cladatum->default_user == DEFAULT_TARGET) {
1803 newcontext.user = tcontext->user;
1804 } else {
1805
1806
1807 newcontext.user = scontext->user;
1808 }
1809 break;
1810 case AVTAB_MEMBER:
1811
1812 newcontext.user = tcontext->user;
1813 break;
1814 }
1815
1816
1817 if (cladatum && cladatum->default_role == DEFAULT_SOURCE) {
1818 newcontext.role = scontext->role;
1819 } else if (cladatum && cladatum->default_role == DEFAULT_TARGET) {
1820 newcontext.role = tcontext->role;
1821 } else {
1822 if ((tclass == policydb->process_class) || sock)
1823 newcontext.role = scontext->role;
1824 else
1825 newcontext.role = OBJECT_R_VAL;
1826 }
1827
1828
1829 if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
1830 newcontext.type = scontext->type;
1831 } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
1832 newcontext.type = tcontext->type;
1833 } else {
1834 if ((tclass == policydb->process_class) || sock) {
1835
1836 newcontext.type = scontext->type;
1837 } else {
1838
1839 newcontext.type = tcontext->type;
1840 }
1841 }
1842
1843
1844 avkey.source_type = scontext->type;
1845 avkey.target_type = tcontext->type;
1846 avkey.target_class = tclass;
1847 avkey.specified = specified;
1848 avdatum = avtab_search(&policydb->te_avtab, &avkey);
1849
1850
1851 if (!avdatum) {
1852 node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
1853 for (; node; node = avtab_search_node_next(node, specified)) {
1854 if (node->key.specified & AVTAB_ENABLED) {
1855 avdatum = &node->datum;
1856 break;
1857 }
1858 }
1859 }
1860
1861 if (avdatum) {
1862
1863 newcontext.type = avdatum->u.data;
1864 }
1865
1866
1867 if (objname)
1868 filename_compute_type(policydb, &newcontext, scontext->type,
1869 tcontext->type, tclass, objname);
1870
1871
1872 if (specified & AVTAB_TRANSITION) {
1873
1874 struct role_trans_datum *rtd;
1875 struct role_trans_key rtk = {
1876 .role = scontext->role,
1877 .type = tcontext->type,
1878 .tclass = tclass,
1879 };
1880
1881 rtd = policydb_roletr_search(policydb, &rtk);
1882 if (rtd)
1883 newcontext.role = rtd->new_role;
1884 }
1885
1886
1887
1888 rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
1889 &newcontext, sock);
1890 if (rc)
1891 goto out_unlock;
1892
1893
1894 if (!policydb_context_isvalid(policydb, &newcontext)) {
1895 rc = compute_sid_handle_invalid_context(state, policy, sentry,
1896 tentry, tclass,
1897 &newcontext);
1898 if (rc)
1899 goto out_unlock;
1900 }
1901
1902 rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
1903 if (rc == -ESTALE) {
1904 rcu_read_unlock();
1905 context_destroy(&newcontext);
1906 goto retry;
1907 }
1908 out_unlock:
1909 rcu_read_unlock();
1910 context_destroy(&newcontext);
1911 out:
1912 return rc;
1913 }
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930 int security_transition_sid(struct selinux_state *state,
1931 u32 ssid, u32 tsid, u16 tclass,
1932 const struct qstr *qstr, u32 *out_sid)
1933 {
1934 return security_compute_sid(state, ssid, tsid, tclass,
1935 AVTAB_TRANSITION,
1936 qstr ? qstr->name : NULL, out_sid, true);
1937 }
1938
1939 int security_transition_sid_user(struct selinux_state *state,
1940 u32 ssid, u32 tsid, u16 tclass,
1941 const char *objname, u32 *out_sid)
1942 {
1943 return security_compute_sid(state, ssid, tsid, tclass,
1944 AVTAB_TRANSITION,
1945 objname, out_sid, false);
1946 }
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962 int security_member_sid(struct selinux_state *state,
1963 u32 ssid,
1964 u32 tsid,
1965 u16 tclass,
1966 u32 *out_sid)
1967 {
1968 return security_compute_sid(state, ssid, tsid, tclass,
1969 AVTAB_MEMBER, NULL,
1970 out_sid, false);
1971 }
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987 int security_change_sid(struct selinux_state *state,
1988 u32 ssid,
1989 u32 tsid,
1990 u16 tclass,
1991 u32 *out_sid)
1992 {
1993 return security_compute_sid(state,
1994 ssid, tsid, tclass, AVTAB_CHANGE, NULL,
1995 out_sid, false);
1996 }
1997
1998 static inline int convert_context_handle_invalid_context(
1999 struct selinux_state *state,
2000 struct policydb *policydb,
2001 struct context *context)
2002 {
2003 char *s;
2004 u32 len;
2005
2006 if (enforcing_enabled(state))
2007 return -EINVAL;
2008
2009 if (!context_struct_to_string(policydb, context, &s, &len)) {
2010 pr_warn("SELinux: Context %s would be invalid if enforcing\n",
2011 s);
2012 kfree(s);
2013 }
2014 return 0;
2015 }
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025 static int convert_context(struct context *oldc, struct context *newc, void *p)
2026 {
2027 struct convert_context_args *args;
2028 struct ocontext *oc;
2029 struct role_datum *role;
2030 struct type_datum *typdatum;
2031 struct user_datum *usrdatum;
2032 char *s;
2033 u32 len;
2034 int rc;
2035
2036 args = p;
2037
2038 if (oldc->str) {
2039 s = kstrdup(oldc->str, GFP_KERNEL);
2040 if (!s)
2041 return -ENOMEM;
2042
2043 rc = string_to_context_struct(args->newp, NULL, s,
2044 newc, SECSID_NULL);
2045 if (rc == -EINVAL) {
2046
2047
2048
2049
2050
2051
2052
2053 memcpy(s, oldc->str, oldc->len);
2054 context_init(newc);
2055 newc->str = s;
2056 newc->len = oldc->len;
2057 return 0;
2058 }
2059 kfree(s);
2060 if (rc) {
2061
2062 pr_err("SELinux: Unable to map context %s, rc = %d.\n",
2063 oldc->str, -rc);
2064 return rc;
2065 }
2066 pr_info("SELinux: Context %s became valid (mapped).\n",
2067 oldc->str);
2068 return 0;
2069 }
2070
2071 context_init(newc);
2072
2073
2074 usrdatum = symtab_search(&args->newp->p_users,
2075 sym_name(args->oldp,
2076 SYM_USERS, oldc->user - 1));
2077 if (!usrdatum)
2078 goto bad;
2079 newc->user = usrdatum->value;
2080
2081
2082 role = symtab_search(&args->newp->p_roles,
2083 sym_name(args->oldp, SYM_ROLES, oldc->role - 1));
2084 if (!role)
2085 goto bad;
2086 newc->role = role->value;
2087
2088
2089 typdatum = symtab_search(&args->newp->p_types,
2090 sym_name(args->oldp,
2091 SYM_TYPES, oldc->type - 1));
2092 if (!typdatum)
2093 goto bad;
2094 newc->type = typdatum->value;
2095
2096
2097 if (args->oldp->mls_enabled && args->newp->mls_enabled) {
2098 rc = mls_convert_context(args->oldp, args->newp, oldc, newc);
2099 if (rc)
2100 goto bad;
2101 } else if (!args->oldp->mls_enabled && args->newp->mls_enabled) {
2102
2103
2104
2105
2106
2107
2108
2109 oc = args->newp->ocontexts[OCON_ISID];
2110 while (oc && oc->sid[0] != SECINITSID_UNLABELED)
2111 oc = oc->next;
2112 if (!oc) {
2113 pr_err("SELinux: unable to look up"
2114 " the initial SIDs list\n");
2115 goto bad;
2116 }
2117 rc = mls_range_set(newc, &oc->context[0].range);
2118 if (rc)
2119 goto bad;
2120 }
2121
2122
2123 if (!policydb_context_isvalid(args->newp, newc)) {
2124 rc = convert_context_handle_invalid_context(args->state,
2125 args->oldp,
2126 oldc);
2127 if (rc)
2128 goto bad;
2129 }
2130
2131 return 0;
2132 bad:
2133
2134 rc = context_struct_to_string(args->oldp, oldc, &s, &len);
2135 if (rc)
2136 return rc;
2137 context_destroy(newc);
2138 newc->str = s;
2139 newc->len = len;
2140 pr_info("SELinux: Context %s became invalid (unmapped).\n",
2141 newc->str);
2142 return 0;
2143 }
2144
2145 static void security_load_policycaps(struct selinux_state *state,
2146 struct selinux_policy *policy)
2147 {
2148 struct policydb *p;
2149 unsigned int i;
2150 struct ebitmap_node *node;
2151
2152 p = &policy->policydb;
2153
2154 for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
2155 WRITE_ONCE(state->policycap[i],
2156 ebitmap_get_bit(&p->policycaps, i));
2157
2158 for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
2159 pr_info("SELinux: policy capability %s=%d\n",
2160 selinux_policycap_names[i],
2161 ebitmap_get_bit(&p->policycaps, i));
2162
2163 ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
2164 if (i >= ARRAY_SIZE(selinux_policycap_names))
2165 pr_info("SELinux: unknown policy capability %u\n",
2166 i);
2167 }
2168 }
2169
2170 static int security_preserve_bools(struct selinux_policy *oldpolicy,
2171 struct selinux_policy *newpolicy);
2172
2173 static void selinux_policy_free(struct selinux_policy *policy)
2174 {
2175 if (!policy)
2176 return;
2177
2178 sidtab_destroy(policy->sidtab);
2179 kfree(policy->map.mapping);
2180 policydb_destroy(&policy->policydb);
2181 kfree(policy->sidtab);
2182 kfree(policy);
2183 }
2184
2185 static void selinux_policy_cond_free(struct selinux_policy *policy)
2186 {
2187 cond_policydb_destroy_dup(&policy->policydb);
2188 kfree(policy);
2189 }
2190
2191 void selinux_policy_cancel(struct selinux_state *state,
2192 struct selinux_load_state *load_state)
2193 {
2194 struct selinux_policy *oldpolicy;
2195
2196 oldpolicy = rcu_dereference_protected(state->policy,
2197 lockdep_is_held(&state->policy_mutex));
2198
2199 sidtab_cancel_convert(oldpolicy->sidtab);
2200 selinux_policy_free(load_state->policy);
2201 kfree(load_state->convert_data);
2202 }
2203
2204 static void selinux_notify_policy_change(struct selinux_state *state,
2205 u32 seqno)
2206 {
2207
2208 avc_ss_reset(state->avc, seqno);
2209 selnl_notify_policyload(seqno);
2210 selinux_status_update_policyload(state, seqno);
2211 selinux_netlbl_cache_invalidate();
2212 selinux_xfrm_notify_policyload();
2213 selinux_ima_measure_state_locked(state);
2214 }
2215
2216 void selinux_policy_commit(struct selinux_state *state,
2217 struct selinux_load_state *load_state)
2218 {
2219 struct selinux_policy *oldpolicy, *newpolicy = load_state->policy;
2220 unsigned long flags;
2221 u32 seqno;
2222
2223 oldpolicy = rcu_dereference_protected(state->policy,
2224 lockdep_is_held(&state->policy_mutex));
2225
2226
2227 if (oldpolicy) {
2228 if (oldpolicy->policydb.mls_enabled && !newpolicy->policydb.mls_enabled)
2229 pr_info("SELinux: Disabling MLS support...\n");
2230 else if (!oldpolicy->policydb.mls_enabled && newpolicy->policydb.mls_enabled)
2231 pr_info("SELinux: Enabling MLS support...\n");
2232 }
2233
2234
2235 if (oldpolicy)
2236 newpolicy->latest_granting = oldpolicy->latest_granting + 1;
2237 else
2238 newpolicy->latest_granting = 1;
2239 seqno = newpolicy->latest_granting;
2240
2241
2242 if (oldpolicy) {
2243 sidtab_freeze_begin(oldpolicy->sidtab, &flags);
2244 rcu_assign_pointer(state->policy, newpolicy);
2245 sidtab_freeze_end(oldpolicy->sidtab, &flags);
2246 } else {
2247 rcu_assign_pointer(state->policy, newpolicy);
2248 }
2249
2250
2251 security_load_policycaps(state, newpolicy);
2252
2253 if (!selinux_initialized(state)) {
2254
2255
2256
2257
2258
2259 selinux_mark_initialized(state);
2260 selinux_complete_init();
2261 }
2262
2263
2264 synchronize_rcu();
2265 selinux_policy_free(oldpolicy);
2266 kfree(load_state->convert_data);
2267
2268
2269 selinux_notify_policy_change(state, seqno);
2270 }
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284 int security_load_policy(struct selinux_state *state, void *data, size_t len,
2285 struct selinux_load_state *load_state)
2286 {
2287 struct selinux_policy *newpolicy, *oldpolicy;
2288 struct selinux_policy_convert_data *convert_data;
2289 int rc = 0;
2290 struct policy_file file = { data, len }, *fp = &file;
2291
2292 newpolicy = kzalloc(sizeof(*newpolicy), GFP_KERNEL);
2293 if (!newpolicy)
2294 return -ENOMEM;
2295
2296 newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL);
2297 if (!newpolicy->sidtab) {
2298 rc = -ENOMEM;
2299 goto err_policy;
2300 }
2301
2302 rc = policydb_read(&newpolicy->policydb, fp);
2303 if (rc)
2304 goto err_sidtab;
2305
2306 newpolicy->policydb.len = len;
2307 rc = selinux_set_mapping(&newpolicy->policydb, secclass_map,
2308 &newpolicy->map);
2309 if (rc)
2310 goto err_policydb;
2311
2312 rc = policydb_load_isids(&newpolicy->policydb, newpolicy->sidtab);
2313 if (rc) {
2314 pr_err("SELinux: unable to load the initial SIDs\n");
2315 goto err_mapping;
2316 }
2317
2318 if (!selinux_initialized(state)) {
2319
2320 load_state->policy = newpolicy;
2321 load_state->convert_data = NULL;
2322 return 0;
2323 }
2324
2325 oldpolicy = rcu_dereference_protected(state->policy,
2326 lockdep_is_held(&state->policy_mutex));
2327
2328
2329 rc = security_preserve_bools(oldpolicy, newpolicy);
2330 if (rc) {
2331 pr_err("SELinux: unable to preserve booleans\n");
2332 goto err_free_isids;
2333 }
2334
2335 convert_data = kmalloc(sizeof(*convert_data), GFP_KERNEL);
2336 if (!convert_data) {
2337 rc = -ENOMEM;
2338 goto err_free_isids;
2339 }
2340
2341
2342
2343
2344
2345 convert_data->args.state = state;
2346 convert_data->args.oldp = &oldpolicy->policydb;
2347 convert_data->args.newp = &newpolicy->policydb;
2348
2349 convert_data->sidtab_params.func = convert_context;
2350 convert_data->sidtab_params.args = &convert_data->args;
2351 convert_data->sidtab_params.target = newpolicy->sidtab;
2352
2353 rc = sidtab_convert(oldpolicy->sidtab, &convert_data->sidtab_params);
2354 if (rc) {
2355 pr_err("SELinux: unable to convert the internal"
2356 " representation of contexts in the new SID"
2357 " table\n");
2358 goto err_free_convert_data;
2359 }
2360
2361 load_state->policy = newpolicy;
2362 load_state->convert_data = convert_data;
2363 return 0;
2364
2365 err_free_convert_data:
2366 kfree(convert_data);
2367 err_free_isids:
2368 sidtab_destroy(newpolicy->sidtab);
2369 err_mapping:
2370 kfree(newpolicy->map.mapping);
2371 err_policydb:
2372 policydb_destroy(&newpolicy->policydb);
2373 err_sidtab:
2374 kfree(newpolicy->sidtab);
2375 err_policy:
2376 kfree(newpolicy);
2377
2378 return rc;
2379 }
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395 static int ocontext_to_sid(struct sidtab *sidtab, struct ocontext *c,
2396 size_t index, u32 *out_sid)
2397 {
2398 int rc;
2399 u32 sid;
2400
2401
2402 sid = smp_load_acquire(&c->sid[index]);
2403 if (!sid) {
2404 rc = sidtab_context_to_sid(sidtab, &c->context[index], &sid);
2405 if (rc)
2406 return rc;
2407
2408
2409
2410
2411
2412 smp_store_release(&c->sid[index], sid);
2413 }
2414 *out_sid = sid;
2415 return 0;
2416 }
2417
2418
2419
2420
2421
2422
2423
2424
2425 int security_port_sid(struct selinux_state *state,
2426 u8 protocol, u16 port, u32 *out_sid)
2427 {
2428 struct selinux_policy *policy;
2429 struct policydb *policydb;
2430 struct sidtab *sidtab;
2431 struct ocontext *c;
2432 int rc;
2433
2434 if (!selinux_initialized(state)) {
2435 *out_sid = SECINITSID_PORT;
2436 return 0;
2437 }
2438
2439 retry:
2440 rc = 0;
2441 rcu_read_lock();
2442 policy = rcu_dereference(state->policy);
2443 policydb = &policy->policydb;
2444 sidtab = policy->sidtab;
2445
2446 c = policydb->ocontexts[OCON_PORT];
2447 while (c) {
2448 if (c->u.port.protocol == protocol &&
2449 c->u.port.low_port <= port &&
2450 c->u.port.high_port >= port)
2451 break;
2452 c = c->next;
2453 }
2454
2455 if (c) {
2456 rc = ocontext_to_sid(sidtab, c, 0, out_sid);
2457 if (rc == -ESTALE) {
2458 rcu_read_unlock();
2459 goto retry;
2460 }
2461 if (rc)
2462 goto out;
2463 } else {
2464 *out_sid = SECINITSID_PORT;
2465 }
2466
2467 out:
2468 rcu_read_unlock();
2469 return rc;
2470 }
2471
2472
2473
2474
2475
2476
2477
2478
2479 int security_ib_pkey_sid(struct selinux_state *state,
2480 u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
2481 {
2482 struct selinux_policy *policy;
2483 struct policydb *policydb;
2484 struct sidtab *sidtab;
2485 struct ocontext *c;
2486 int rc;
2487
2488 if (!selinux_initialized(state)) {
2489 *out_sid = SECINITSID_UNLABELED;
2490 return 0;
2491 }
2492
2493 retry:
2494 rc = 0;
2495 rcu_read_lock();
2496 policy = rcu_dereference(state->policy);
2497 policydb = &policy->policydb;
2498 sidtab = policy->sidtab;
2499
2500 c = policydb->ocontexts[OCON_IBPKEY];
2501 while (c) {
2502 if (c->u.ibpkey.low_pkey <= pkey_num &&
2503 c->u.ibpkey.high_pkey >= pkey_num &&
2504 c->u.ibpkey.subnet_prefix == subnet_prefix)
2505 break;
2506
2507 c = c->next;
2508 }
2509
2510 if (c) {
2511 rc = ocontext_to_sid(sidtab, c, 0, out_sid);
2512 if (rc == -ESTALE) {
2513 rcu_read_unlock();
2514 goto retry;
2515 }
2516 if (rc)
2517 goto out;
2518 } else
2519 *out_sid = SECINITSID_UNLABELED;
2520
2521 out:
2522 rcu_read_unlock();
2523 return rc;
2524 }
2525
2526
2527
2528
2529
2530
2531
2532
2533 int security_ib_endport_sid(struct selinux_state *state,
2534 const char *dev_name, u8 port_num, u32 *out_sid)
2535 {
2536 struct selinux_policy *policy;
2537 struct policydb *policydb;
2538 struct sidtab *sidtab;
2539 struct ocontext *c;
2540 int rc;
2541
2542 if (!selinux_initialized(state)) {
2543 *out_sid = SECINITSID_UNLABELED;
2544 return 0;
2545 }
2546
2547 retry:
2548 rc = 0;
2549 rcu_read_lock();
2550 policy = rcu_dereference(state->policy);
2551 policydb = &policy->policydb;
2552 sidtab = policy->sidtab;
2553
2554 c = policydb->ocontexts[OCON_IBENDPORT];
2555 while (c) {
2556 if (c->u.ibendport.port == port_num &&
2557 !strncmp(c->u.ibendport.dev_name,
2558 dev_name,
2559 IB_DEVICE_NAME_MAX))
2560 break;
2561
2562 c = c->next;
2563 }
2564
2565 if (c) {
2566 rc = ocontext_to_sid(sidtab, c, 0, out_sid);
2567 if (rc == -ESTALE) {
2568 rcu_read_unlock();
2569 goto retry;
2570 }
2571 if (rc)
2572 goto out;
2573 } else
2574 *out_sid = SECINITSID_UNLABELED;
2575
2576 out:
2577 rcu_read_unlock();
2578 return rc;
2579 }
2580
2581
2582
2583
2584
2585
2586
2587 int security_netif_sid(struct selinux_state *state,
2588 char *name, u32 *if_sid)
2589 {
2590 struct selinux_policy *policy;
2591 struct policydb *policydb;
2592 struct sidtab *sidtab;
2593 int rc;
2594 struct ocontext *c;
2595
2596 if (!selinux_initialized(state)) {
2597 *if_sid = SECINITSID_NETIF;
2598 return 0;
2599 }
2600
2601 retry:
2602 rc = 0;
2603 rcu_read_lock();
2604 policy = rcu_dereference(state->policy);
2605 policydb = &policy->policydb;
2606 sidtab = policy->sidtab;
2607
2608 c = policydb->ocontexts[OCON_NETIF];
2609 while (c) {
2610 if (strcmp(name, c->u.name) == 0)
2611 break;
2612 c = c->next;
2613 }
2614
2615 if (c) {
2616 rc = ocontext_to_sid(sidtab, c, 0, if_sid);
2617 if (rc == -ESTALE) {
2618 rcu_read_unlock();
2619 goto retry;
2620 }
2621 if (rc)
2622 goto out;
2623 } else
2624 *if_sid = SECINITSID_NETIF;
2625
2626 out:
2627 rcu_read_unlock();
2628 return rc;
2629 }
2630
2631 static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
2632 {
2633 int i, fail = 0;
2634
2635 for (i = 0; i < 4; i++)
2636 if (addr[i] != (input[i] & mask[i])) {
2637 fail = 1;
2638 break;
2639 }
2640
2641 return !fail;
2642 }
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652 int security_node_sid(struct selinux_state *state,
2653 u16 domain,
2654 void *addrp,
2655 u32 addrlen,
2656 u32 *out_sid)
2657 {
2658 struct selinux_policy *policy;
2659 struct policydb *policydb;
2660 struct sidtab *sidtab;
2661 int rc;
2662 struct ocontext *c;
2663
2664 if (!selinux_initialized(state)) {
2665 *out_sid = SECINITSID_NODE;
2666 return 0;
2667 }
2668
2669 retry:
2670 rcu_read_lock();
2671 policy = rcu_dereference(state->policy);
2672 policydb = &policy->policydb;
2673 sidtab = policy->sidtab;
2674
2675 switch (domain) {
2676 case AF_INET: {
2677 u32 addr;
2678
2679 rc = -EINVAL;
2680 if (addrlen != sizeof(u32))
2681 goto out;
2682
2683 addr = *((u32 *)addrp);
2684
2685 c = policydb->ocontexts[OCON_NODE];
2686 while (c) {
2687 if (c->u.node.addr == (addr & c->u.node.mask))
2688 break;
2689 c = c->next;
2690 }
2691 break;
2692 }
2693
2694 case AF_INET6:
2695 rc = -EINVAL;
2696 if (addrlen != sizeof(u64) * 2)
2697 goto out;
2698 c = policydb->ocontexts[OCON_NODE6];
2699 while (c) {
2700 if (match_ipv6_addrmask(addrp, c->u.node6.addr,
2701 c->u.node6.mask))
2702 break;
2703 c = c->next;
2704 }
2705 break;
2706
2707 default:
2708 rc = 0;
2709 *out_sid = SECINITSID_NODE;
2710 goto out;
2711 }
2712
2713 if (c) {
2714 rc = ocontext_to_sid(sidtab, c, 0, out_sid);
2715 if (rc == -ESTALE) {
2716 rcu_read_unlock();
2717 goto retry;
2718 }
2719 if (rc)
2720 goto out;
2721 } else {
2722 *out_sid = SECINITSID_NODE;
2723 }
2724
2725 rc = 0;
2726 out:
2727 rcu_read_unlock();
2728 return rc;
2729 }
2730
2731 #define SIDS_NEL 25
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748 int security_get_user_sids(struct selinux_state *state,
2749 u32 fromsid,
2750 char *username,
2751 u32 **sids,
2752 u32 *nel)
2753 {
2754 struct selinux_policy *policy;
2755 struct policydb *policydb;
2756 struct sidtab *sidtab;
2757 struct context *fromcon, usercon;
2758 u32 *mysids = NULL, *mysids2, sid;
2759 u32 i, j, mynel, maxnel = SIDS_NEL;
2760 struct user_datum *user;
2761 struct role_datum *role;
2762 struct ebitmap_node *rnode, *tnode;
2763 int rc;
2764
2765 *sids = NULL;
2766 *nel = 0;
2767
2768 if (!selinux_initialized(state))
2769 return 0;
2770
2771 mysids = kcalloc(maxnel, sizeof(*mysids), GFP_KERNEL);
2772 if (!mysids)
2773 return -ENOMEM;
2774
2775 retry:
2776 mynel = 0;
2777 rcu_read_lock();
2778 policy = rcu_dereference(state->policy);
2779 policydb = &policy->policydb;
2780 sidtab = policy->sidtab;
2781
2782 context_init(&usercon);
2783
2784 rc = -EINVAL;
2785 fromcon = sidtab_search(sidtab, fromsid);
2786 if (!fromcon)
2787 goto out_unlock;
2788
2789 rc = -EINVAL;
2790 user = symtab_search(&policydb->p_users, username);
2791 if (!user)
2792 goto out_unlock;
2793
2794 usercon.user = user->value;
2795
2796 ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
2797 role = policydb->role_val_to_struct[i];
2798 usercon.role = i + 1;
2799 ebitmap_for_each_positive_bit(&role->types, tnode, j) {
2800 usercon.type = j + 1;
2801
2802 if (mls_setup_user_range(policydb, fromcon, user,
2803 &usercon))
2804 continue;
2805
2806 rc = sidtab_context_to_sid(sidtab, &usercon, &sid);
2807 if (rc == -ESTALE) {
2808 rcu_read_unlock();
2809 goto retry;
2810 }
2811 if (rc)
2812 goto out_unlock;
2813 if (mynel < maxnel) {
2814 mysids[mynel++] = sid;
2815 } else {
2816 rc = -ENOMEM;
2817 maxnel += SIDS_NEL;
2818 mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
2819 if (!mysids2)
2820 goto out_unlock;
2821 memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
2822 kfree(mysids);
2823 mysids = mysids2;
2824 mysids[mynel++] = sid;
2825 }
2826 }
2827 }
2828 rc = 0;
2829 out_unlock:
2830 rcu_read_unlock();
2831 if (rc || !mynel) {
2832 kfree(mysids);
2833 return rc;
2834 }
2835
2836 rc = -ENOMEM;
2837 mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
2838 if (!mysids2) {
2839 kfree(mysids);
2840 return rc;
2841 }
2842 for (i = 0, j = 0; i < mynel; i++) {
2843 struct av_decision dummy_avd;
2844 rc = avc_has_perm_noaudit(state,
2845 fromsid, mysids[i],
2846 SECCLASS_PROCESS,
2847 PROCESS__TRANSITION, AVC_STRICT,
2848 &dummy_avd);
2849 if (!rc)
2850 mysids2[j++] = mysids[i];
2851 cond_resched();
2852 }
2853 kfree(mysids);
2854 *sids = mysids2;
2855 *nel = j;
2856 return 0;
2857 }
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874 static inline int __security_genfs_sid(struct selinux_policy *policy,
2875 const char *fstype,
2876 const char *path,
2877 u16 orig_sclass,
2878 u32 *sid)
2879 {
2880 struct policydb *policydb = &policy->policydb;
2881 struct sidtab *sidtab = policy->sidtab;
2882 int len;
2883 u16 sclass;
2884 struct genfs *genfs;
2885 struct ocontext *c;
2886 int cmp = 0;
2887
2888 while (path[0] == '/' && path[1] == '/')
2889 path++;
2890
2891 sclass = unmap_class(&policy->map, orig_sclass);
2892 *sid = SECINITSID_UNLABELED;
2893
2894 for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
2895 cmp = strcmp(fstype, genfs->fstype);
2896 if (cmp <= 0)
2897 break;
2898 }
2899
2900 if (!genfs || cmp)
2901 return -ENOENT;
2902
2903 for (c = genfs->head; c; c = c->next) {
2904 len = strlen(c->u.name);
2905 if ((!c->v.sclass || sclass == c->v.sclass) &&
2906 (strncmp(c->u.name, path, len) == 0))
2907 break;
2908 }
2909
2910 if (!c)
2911 return -ENOENT;
2912
2913 return ocontext_to_sid(sidtab, c, 0, sid);
2914 }
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927 int security_genfs_sid(struct selinux_state *state,
2928 const char *fstype,
2929 const char *path,
2930 u16 orig_sclass,
2931 u32 *sid)
2932 {
2933 struct selinux_policy *policy;
2934 int retval;
2935
2936 if (!selinux_initialized(state)) {
2937 *sid = SECINITSID_UNLABELED;
2938 return 0;
2939 }
2940
2941 do {
2942 rcu_read_lock();
2943 policy = rcu_dereference(state->policy);
2944 retval = __security_genfs_sid(policy, fstype, path,
2945 orig_sclass, sid);
2946 rcu_read_unlock();
2947 } while (retval == -ESTALE);
2948 return retval;
2949 }
2950
2951 int selinux_policy_genfs_sid(struct selinux_policy *policy,
2952 const char *fstype,
2953 const char *path,
2954 u16 orig_sclass,
2955 u32 *sid)
2956 {
2957
2958 return __security_genfs_sid(policy, fstype, path, orig_sclass, sid);
2959 }
2960
2961
2962
2963
2964
2965
2966 int security_fs_use(struct selinux_state *state, struct super_block *sb)
2967 {
2968 struct selinux_policy *policy;
2969 struct policydb *policydb;
2970 struct sidtab *sidtab;
2971 int rc;
2972 struct ocontext *c;
2973 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2974 const char *fstype = sb->s_type->name;
2975
2976 if (!selinux_initialized(state)) {
2977 sbsec->behavior = SECURITY_FS_USE_NONE;
2978 sbsec->sid = SECINITSID_UNLABELED;
2979 return 0;
2980 }
2981
2982 retry:
2983 rcu_read_lock();
2984 policy = rcu_dereference(state->policy);
2985 policydb = &policy->policydb;
2986 sidtab = policy->sidtab;
2987
2988 c = policydb->ocontexts[OCON_FSUSE];
2989 while (c) {
2990 if (strcmp(fstype, c->u.name) == 0)
2991 break;
2992 c = c->next;
2993 }
2994
2995 if (c) {
2996 sbsec->behavior = c->v.behavior;
2997 rc = ocontext_to_sid(sidtab, c, 0, &sbsec->sid);
2998 if (rc == -ESTALE) {
2999 rcu_read_unlock();
3000 goto retry;
3001 }
3002 if (rc)
3003 goto out;
3004 } else {
3005 rc = __security_genfs_sid(policy, fstype, "/",
3006 SECCLASS_DIR, &sbsec->sid);
3007 if (rc == -ESTALE) {
3008 rcu_read_unlock();
3009 goto retry;
3010 }
3011 if (rc) {
3012 sbsec->behavior = SECURITY_FS_USE_NONE;
3013 rc = 0;
3014 } else {
3015 sbsec->behavior = SECURITY_FS_USE_GENFS;
3016 }
3017 }
3018
3019 out:
3020 rcu_read_unlock();
3021 return rc;
3022 }
3023
3024 int security_get_bools(struct selinux_policy *policy,
3025 u32 *len, char ***names, int **values)
3026 {
3027 struct policydb *policydb;
3028 u32 i;
3029 int rc;
3030
3031 policydb = &policy->policydb;
3032
3033 *names = NULL;
3034 *values = NULL;
3035
3036 rc = 0;
3037 *len = policydb->p_bools.nprim;
3038 if (!*len)
3039 goto out;
3040
3041 rc = -ENOMEM;
3042 *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
3043 if (!*names)
3044 goto err;
3045
3046 rc = -ENOMEM;
3047 *values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
3048 if (!*values)
3049 goto err;
3050
3051 for (i = 0; i < *len; i++) {
3052 (*values)[i] = policydb->bool_val_to_struct[i]->state;
3053
3054 rc = -ENOMEM;
3055 (*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
3056 GFP_ATOMIC);
3057 if (!(*names)[i])
3058 goto err;
3059 }
3060 rc = 0;
3061 out:
3062 return rc;
3063 err:
3064 if (*names) {
3065 for (i = 0; i < *len; i++)
3066 kfree((*names)[i]);
3067 kfree(*names);
3068 }
3069 kfree(*values);
3070 *len = 0;
3071 *names = NULL;
3072 *values = NULL;
3073 goto out;
3074 }
3075
3076
3077 int security_set_bools(struct selinux_state *state, u32 len, int *values)
3078 {
3079 struct selinux_policy *newpolicy, *oldpolicy;
3080 int rc;
3081 u32 i, seqno = 0;
3082
3083 if (!selinux_initialized(state))
3084 return -EINVAL;
3085
3086 oldpolicy = rcu_dereference_protected(state->policy,
3087 lockdep_is_held(&state->policy_mutex));
3088
3089
3090 if (WARN_ON(len != oldpolicy->policydb.p_bools.nprim))
3091 return -EINVAL;
3092
3093 newpolicy = kmemdup(oldpolicy, sizeof(*newpolicy), GFP_KERNEL);
3094 if (!newpolicy)
3095 return -ENOMEM;
3096
3097
3098
3099
3100
3101 rc = cond_policydb_dup(&newpolicy->policydb, &oldpolicy->policydb);
3102 if (rc) {
3103 kfree(newpolicy);
3104 return -ENOMEM;
3105 }
3106
3107
3108 for (i = 0; i < len; i++) {
3109 int new_state = !!values[i];
3110 int old_state = newpolicy->policydb.bool_val_to_struct[i]->state;
3111
3112 if (new_state != old_state) {
3113 audit_log(audit_context(), GFP_ATOMIC,
3114 AUDIT_MAC_CONFIG_CHANGE,
3115 "bool=%s val=%d old_val=%d auid=%u ses=%u",
3116 sym_name(&newpolicy->policydb, SYM_BOOLS, i),
3117 new_state,
3118 old_state,
3119 from_kuid(&init_user_ns, audit_get_loginuid(current)),
3120 audit_get_sessionid(current));
3121 newpolicy->policydb.bool_val_to_struct[i]->state = new_state;
3122 }
3123 }
3124
3125
3126 evaluate_cond_nodes(&newpolicy->policydb);
3127
3128
3129 newpolicy->latest_granting = oldpolicy->latest_granting + 1;
3130 seqno = newpolicy->latest_granting;
3131
3132
3133 rcu_assign_pointer(state->policy, newpolicy);
3134
3135
3136
3137
3138
3139
3140 synchronize_rcu();
3141 selinux_policy_cond_free(oldpolicy);
3142
3143
3144 selinux_notify_policy_change(state, seqno);
3145 return 0;
3146 }
3147
3148 int security_get_bool_value(struct selinux_state *state,
3149 u32 index)
3150 {
3151 struct selinux_policy *policy;
3152 struct policydb *policydb;
3153 int rc;
3154 u32 len;
3155
3156 if (!selinux_initialized(state))
3157 return 0;
3158
3159 rcu_read_lock();
3160 policy = rcu_dereference(state->policy);
3161 policydb = &policy->policydb;
3162
3163 rc = -EFAULT;
3164 len = policydb->p_bools.nprim;
3165 if (index >= len)
3166 goto out;
3167
3168 rc = policydb->bool_val_to_struct[index]->state;
3169 out:
3170 rcu_read_unlock();
3171 return rc;
3172 }
3173
3174 static int security_preserve_bools(struct selinux_policy *oldpolicy,
3175 struct selinux_policy *newpolicy)
3176 {
3177 int rc, *bvalues = NULL;
3178 char **bnames = NULL;
3179 struct cond_bool_datum *booldatum;
3180 u32 i, nbools = 0;
3181
3182 rc = security_get_bools(oldpolicy, &nbools, &bnames, &bvalues);
3183 if (rc)
3184 goto out;
3185 for (i = 0; i < nbools; i++) {
3186 booldatum = symtab_search(&newpolicy->policydb.p_bools,
3187 bnames[i]);
3188 if (booldatum)
3189 booldatum->state = bvalues[i];
3190 }
3191 evaluate_cond_nodes(&newpolicy->policydb);
3192
3193 out:
3194 if (bnames) {
3195 for (i = 0; i < nbools; i++)
3196 kfree(bnames[i]);
3197 }
3198 kfree(bnames);
3199 kfree(bvalues);
3200 return rc;
3201 }
3202
3203
3204
3205
3206
3207 int security_sid_mls_copy(struct selinux_state *state,
3208 u32 sid, u32 mls_sid, u32 *new_sid)
3209 {
3210 struct selinux_policy *policy;
3211 struct policydb *policydb;
3212 struct sidtab *sidtab;
3213 struct context *context1;
3214 struct context *context2;
3215 struct context newcon;
3216 char *s;
3217 u32 len;
3218 int rc;
3219
3220 if (!selinux_initialized(state)) {
3221 *new_sid = sid;
3222 return 0;
3223 }
3224
3225 retry:
3226 rc = 0;
3227 context_init(&newcon);
3228
3229 rcu_read_lock();
3230 policy = rcu_dereference(state->policy);
3231 policydb = &policy->policydb;
3232 sidtab = policy->sidtab;
3233
3234 if (!policydb->mls_enabled) {
3235 *new_sid = sid;
3236 goto out_unlock;
3237 }
3238
3239 rc = -EINVAL;
3240 context1 = sidtab_search(sidtab, sid);
3241 if (!context1) {
3242 pr_err("SELinux: %s: unrecognized SID %d\n",
3243 __func__, sid);
3244 goto out_unlock;
3245 }
3246
3247 rc = -EINVAL;
3248 context2 = sidtab_search(sidtab, mls_sid);
3249 if (!context2) {
3250 pr_err("SELinux: %s: unrecognized SID %d\n",
3251 __func__, mls_sid);
3252 goto out_unlock;
3253 }
3254
3255 newcon.user = context1->user;
3256 newcon.role = context1->role;
3257 newcon.type = context1->type;
3258 rc = mls_context_cpy(&newcon, context2);
3259 if (rc)
3260 goto out_unlock;
3261
3262
3263 if (!policydb_context_isvalid(policydb, &newcon)) {
3264 rc = convert_context_handle_invalid_context(state, policydb,
3265 &newcon);
3266 if (rc) {
3267 if (!context_struct_to_string(policydb, &newcon, &s,
3268 &len)) {
3269 struct audit_buffer *ab;
3270
3271 ab = audit_log_start(audit_context(),
3272 GFP_ATOMIC,
3273 AUDIT_SELINUX_ERR);
3274 audit_log_format(ab,
3275 "op=security_sid_mls_copy invalid_context=");
3276
3277 audit_log_n_untrustedstring(ab, s, len - 1);
3278 audit_log_end(ab);
3279 kfree(s);
3280 }
3281 goto out_unlock;
3282 }
3283 }
3284 rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
3285 if (rc == -ESTALE) {
3286 rcu_read_unlock();
3287 context_destroy(&newcon);
3288 goto retry;
3289 }
3290 out_unlock:
3291 rcu_read_unlock();
3292 context_destroy(&newcon);
3293 return rc;
3294 }
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318 int security_net_peersid_resolve(struct selinux_state *state,
3319 u32 nlbl_sid, u32 nlbl_type,
3320 u32 xfrm_sid,
3321 u32 *peer_sid)
3322 {
3323 struct selinux_policy *policy;
3324 struct policydb *policydb;
3325 struct sidtab *sidtab;
3326 int rc;
3327 struct context *nlbl_ctx;
3328 struct context *xfrm_ctx;
3329
3330 *peer_sid = SECSID_NULL;
3331
3332
3333
3334
3335 if (xfrm_sid == SECSID_NULL) {
3336 *peer_sid = nlbl_sid;
3337 return 0;
3338 }
3339
3340
3341
3342 if (nlbl_sid == SECSID_NULL || nlbl_type == NETLBL_NLTYPE_UNLABELED) {
3343 *peer_sid = xfrm_sid;
3344 return 0;
3345 }
3346
3347 if (!selinux_initialized(state))
3348 return 0;
3349
3350 rcu_read_lock();
3351 policy = rcu_dereference(state->policy);
3352 policydb = &policy->policydb;
3353 sidtab = policy->sidtab;
3354
3355
3356
3357
3358
3359
3360 if (!policydb->mls_enabled) {
3361 rc = 0;
3362 goto out;
3363 }
3364
3365 rc = -EINVAL;
3366 nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
3367 if (!nlbl_ctx) {
3368 pr_err("SELinux: %s: unrecognized SID %d\n",
3369 __func__, nlbl_sid);
3370 goto out;
3371 }
3372 rc = -EINVAL;
3373 xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
3374 if (!xfrm_ctx) {
3375 pr_err("SELinux: %s: unrecognized SID %d\n",
3376 __func__, xfrm_sid);
3377 goto out;
3378 }
3379 rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
3380 if (rc)
3381 goto out;
3382
3383
3384
3385
3386
3387
3388 *peer_sid = xfrm_sid;
3389 out:
3390 rcu_read_unlock();
3391 return rc;
3392 }
3393
3394 static int get_classes_callback(void *k, void *d, void *args)
3395 {
3396 struct class_datum *datum = d;
3397 char *name = k, **classes = args;
3398 int value = datum->value - 1;
3399
3400 classes[value] = kstrdup(name, GFP_ATOMIC);
3401 if (!classes[value])
3402 return -ENOMEM;
3403
3404 return 0;
3405 }
3406
3407 int security_get_classes(struct selinux_policy *policy,
3408 char ***classes, int *nclasses)
3409 {
3410 struct policydb *policydb;
3411 int rc;
3412
3413 policydb = &policy->policydb;
3414
3415 rc = -ENOMEM;
3416 *nclasses = policydb->p_classes.nprim;
3417 *classes = kcalloc(*nclasses, sizeof(**classes), GFP_ATOMIC);
3418 if (!*classes)
3419 goto out;
3420
3421 rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,
3422 *classes);
3423 if (rc) {
3424 int i;
3425 for (i = 0; i < *nclasses; i++)
3426 kfree((*classes)[i]);
3427 kfree(*classes);
3428 }
3429
3430 out:
3431 return rc;
3432 }
3433
3434 static int get_permissions_callback(void *k, void *d, void *args)
3435 {
3436 struct perm_datum *datum = d;
3437 char *name = k, **perms = args;
3438 int value = datum->value - 1;
3439
3440 perms[value] = kstrdup(name, GFP_ATOMIC);
3441 if (!perms[value])
3442 return -ENOMEM;
3443
3444 return 0;
3445 }
3446
3447 int security_get_permissions(struct selinux_policy *policy,
3448 char *class, char ***perms, int *nperms)
3449 {
3450 struct policydb *policydb;
3451 int rc, i;
3452 struct class_datum *match;
3453
3454 policydb = &policy->policydb;
3455
3456 rc = -EINVAL;
3457 match = symtab_search(&policydb->p_classes, class);
3458 if (!match) {
3459 pr_err("SELinux: %s: unrecognized class %s\n",
3460 __func__, class);
3461 goto out;
3462 }
3463
3464 rc = -ENOMEM;
3465 *nperms = match->permissions.nprim;
3466 *perms = kcalloc(*nperms, sizeof(**perms), GFP_ATOMIC);
3467 if (!*perms)
3468 goto out;
3469
3470 if (match->comdatum) {
3471 rc = hashtab_map(&match->comdatum->permissions.table,
3472 get_permissions_callback, *perms);
3473 if (rc)
3474 goto err;
3475 }
3476
3477 rc = hashtab_map(&match->permissions.table, get_permissions_callback,
3478 *perms);
3479 if (rc)
3480 goto err;
3481
3482 out:
3483 return rc;
3484
3485 err:
3486 for (i = 0; i < *nperms; i++)
3487 kfree((*perms)[i]);
3488 kfree(*perms);
3489 return rc;
3490 }
3491
3492 int security_get_reject_unknown(struct selinux_state *state)
3493 {
3494 struct selinux_policy *policy;
3495 int value;
3496
3497 if (!selinux_initialized(state))
3498 return 0;
3499
3500 rcu_read_lock();
3501 policy = rcu_dereference(state->policy);
3502 value = policy->policydb.reject_unknown;
3503 rcu_read_unlock();
3504 return value;
3505 }
3506
3507 int security_get_allow_unknown(struct selinux_state *state)
3508 {
3509 struct selinux_policy *policy;
3510 int value;
3511
3512 if (!selinux_initialized(state))
3513 return 0;
3514
3515 rcu_read_lock();
3516 policy = rcu_dereference(state->policy);
3517 value = policy->policydb.allow_unknown;
3518 rcu_read_unlock();
3519 return value;
3520 }
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533 int security_policycap_supported(struct selinux_state *state,
3534 unsigned int req_cap)
3535 {
3536 struct selinux_policy *policy;
3537 int rc;
3538
3539 if (!selinux_initialized(state))
3540 return 0;
3541
3542 rcu_read_lock();
3543 policy = rcu_dereference(state->policy);
3544 rc = ebitmap_get_bit(&policy->policydb.policycaps, req_cap);
3545 rcu_read_unlock();
3546
3547 return rc;
3548 }
3549
3550 struct selinux_audit_rule {
3551 u32 au_seqno;
3552 struct context au_ctxt;
3553 };
3554
3555 void selinux_audit_rule_free(void *vrule)
3556 {
3557 struct selinux_audit_rule *rule = vrule;
3558
3559 if (rule) {
3560 context_destroy(&rule->au_ctxt);
3561 kfree(rule);
3562 }
3563 }
3564
3565 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3566 {
3567 struct selinux_state *state = &selinux_state;
3568 struct selinux_policy *policy;
3569 struct policydb *policydb;
3570 struct selinux_audit_rule *tmprule;
3571 struct role_datum *roledatum;
3572 struct type_datum *typedatum;
3573 struct user_datum *userdatum;
3574 struct selinux_audit_rule **rule = (struct selinux_audit_rule **)vrule;
3575 int rc = 0;
3576
3577 *rule = NULL;
3578
3579 if (!selinux_initialized(state))
3580 return -EOPNOTSUPP;
3581
3582 switch (field) {
3583 case AUDIT_SUBJ_USER:
3584 case AUDIT_SUBJ_ROLE:
3585 case AUDIT_SUBJ_TYPE:
3586 case AUDIT_OBJ_USER:
3587 case AUDIT_OBJ_ROLE:
3588 case AUDIT_OBJ_TYPE:
3589
3590 if (op != Audit_equal && op != Audit_not_equal)
3591 return -EINVAL;
3592 break;
3593 case AUDIT_SUBJ_SEN:
3594 case AUDIT_SUBJ_CLR:
3595 case AUDIT_OBJ_LEV_LOW:
3596 case AUDIT_OBJ_LEV_HIGH:
3597
3598 if (strchr(rulestr, '-'))
3599 return -EINVAL;
3600 break;
3601 default:
3602
3603 return -EINVAL;
3604 }
3605
3606 tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
3607 if (!tmprule)
3608 return -ENOMEM;
3609
3610 context_init(&tmprule->au_ctxt);
3611
3612 rcu_read_lock();
3613 policy = rcu_dereference(state->policy);
3614 policydb = &policy->policydb;
3615
3616 tmprule->au_seqno = policy->latest_granting;
3617
3618 switch (field) {
3619 case AUDIT_SUBJ_USER:
3620 case AUDIT_OBJ_USER:
3621 rc = -EINVAL;
3622 userdatum = symtab_search(&policydb->p_users, rulestr);
3623 if (!userdatum)
3624 goto out;
3625 tmprule->au_ctxt.user = userdatum->value;
3626 break;
3627 case AUDIT_SUBJ_ROLE:
3628 case AUDIT_OBJ_ROLE:
3629 rc = -EINVAL;
3630 roledatum = symtab_search(&policydb->p_roles, rulestr);
3631 if (!roledatum)
3632 goto out;
3633 tmprule->au_ctxt.role = roledatum->value;
3634 break;
3635 case AUDIT_SUBJ_TYPE:
3636 case AUDIT_OBJ_TYPE:
3637 rc = -EINVAL;
3638 typedatum = symtab_search(&policydb->p_types, rulestr);
3639 if (!typedatum)
3640 goto out;
3641 tmprule->au_ctxt.type = typedatum->value;
3642 break;
3643 case AUDIT_SUBJ_SEN:
3644 case AUDIT_SUBJ_CLR:
3645 case AUDIT_OBJ_LEV_LOW:
3646 case AUDIT_OBJ_LEV_HIGH:
3647 rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
3648 GFP_ATOMIC);
3649 if (rc)
3650 goto out;
3651 break;
3652 }
3653 rc = 0;
3654 out:
3655 rcu_read_unlock();
3656
3657 if (rc) {
3658 selinux_audit_rule_free(tmprule);
3659 tmprule = NULL;
3660 }
3661
3662 *rule = tmprule;
3663
3664 return rc;
3665 }
3666
3667
3668 int selinux_audit_rule_known(struct audit_krule *rule)
3669 {
3670 int i;
3671
3672 for (i = 0; i < rule->field_count; i++) {
3673 struct audit_field *f = &rule->fields[i];
3674 switch (f->type) {
3675 case AUDIT_SUBJ_USER:
3676 case AUDIT_SUBJ_ROLE:
3677 case AUDIT_SUBJ_TYPE:
3678 case AUDIT_SUBJ_SEN:
3679 case AUDIT_SUBJ_CLR:
3680 case AUDIT_OBJ_USER:
3681 case AUDIT_OBJ_ROLE:
3682 case AUDIT_OBJ_TYPE:
3683 case AUDIT_OBJ_LEV_LOW:
3684 case AUDIT_OBJ_LEV_HIGH:
3685 return 1;
3686 }
3687 }
3688
3689 return 0;
3690 }
3691
3692 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
3693 {
3694 struct selinux_state *state = &selinux_state;
3695 struct selinux_policy *policy;
3696 struct context *ctxt;
3697 struct mls_level *level;
3698 struct selinux_audit_rule *rule = vrule;
3699 int match = 0;
3700
3701 if (unlikely(!rule)) {
3702 WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
3703 return -ENOENT;
3704 }
3705
3706 if (!selinux_initialized(state))
3707 return 0;
3708
3709 rcu_read_lock();
3710
3711 policy = rcu_dereference(state->policy);
3712
3713 if (rule->au_seqno < policy->latest_granting) {
3714 match = -ESTALE;
3715 goto out;
3716 }
3717
3718 ctxt = sidtab_search(policy->sidtab, sid);
3719 if (unlikely(!ctxt)) {
3720 WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
3721 sid);
3722 match = -ENOENT;
3723 goto out;
3724 }
3725
3726
3727
3728 switch (field) {
3729 case AUDIT_SUBJ_USER:
3730 case AUDIT_OBJ_USER:
3731 switch (op) {
3732 case Audit_equal:
3733 match = (ctxt->user == rule->au_ctxt.user);
3734 break;
3735 case Audit_not_equal:
3736 match = (ctxt->user != rule->au_ctxt.user);
3737 break;
3738 }
3739 break;
3740 case AUDIT_SUBJ_ROLE:
3741 case AUDIT_OBJ_ROLE:
3742 switch (op) {
3743 case Audit_equal:
3744 match = (ctxt->role == rule->au_ctxt.role);
3745 break;
3746 case Audit_not_equal:
3747 match = (ctxt->role != rule->au_ctxt.role);
3748 break;
3749 }
3750 break;
3751 case AUDIT_SUBJ_TYPE:
3752 case AUDIT_OBJ_TYPE:
3753 switch (op) {
3754 case Audit_equal:
3755 match = (ctxt->type == rule->au_ctxt.type);
3756 break;
3757 case Audit_not_equal:
3758 match = (ctxt->type != rule->au_ctxt.type);
3759 break;
3760 }
3761 break;
3762 case AUDIT_SUBJ_SEN:
3763 case AUDIT_SUBJ_CLR:
3764 case AUDIT_OBJ_LEV_LOW:
3765 case AUDIT_OBJ_LEV_HIGH:
3766 level = ((field == AUDIT_SUBJ_SEN ||
3767 field == AUDIT_OBJ_LEV_LOW) ?
3768 &ctxt->range.level[0] : &ctxt->range.level[1]);
3769 switch (op) {
3770 case Audit_equal:
3771 match = mls_level_eq(&rule->au_ctxt.range.level[0],
3772 level);
3773 break;
3774 case Audit_not_equal:
3775 match = !mls_level_eq(&rule->au_ctxt.range.level[0],
3776 level);
3777 break;
3778 case Audit_lt:
3779 match = (mls_level_dom(&rule->au_ctxt.range.level[0],
3780 level) &&
3781 !mls_level_eq(&rule->au_ctxt.range.level[0],
3782 level));
3783 break;
3784 case Audit_le:
3785 match = mls_level_dom(&rule->au_ctxt.range.level[0],
3786 level);
3787 break;
3788 case Audit_gt:
3789 match = (mls_level_dom(level,
3790 &rule->au_ctxt.range.level[0]) &&
3791 !mls_level_eq(level,
3792 &rule->au_ctxt.range.level[0]));
3793 break;
3794 case Audit_ge:
3795 match = mls_level_dom(level,
3796 &rule->au_ctxt.range.level[0]);
3797 break;
3798 }
3799 }
3800
3801 out:
3802 rcu_read_unlock();
3803 return match;
3804 }
3805
3806 static int aurule_avc_callback(u32 event)
3807 {
3808 if (event == AVC_CALLBACK_RESET)
3809 return audit_update_lsm_rules();
3810 return 0;
3811 }
3812
3813 static int __init aurule_init(void)
3814 {
3815 int err;
3816
3817 err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
3818 if (err)
3819 panic("avc_add_callback() failed, error %d\n", err);
3820
3821 return err;
3822 }
3823 __initcall(aurule_init);
3824
3825 #ifdef CONFIG_NETLABEL
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837 static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
3838 u32 sid)
3839 {
3840 u32 *sid_cache;
3841
3842 sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC);
3843 if (sid_cache == NULL)
3844 return;
3845 secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
3846 if (secattr->cache == NULL) {
3847 kfree(sid_cache);
3848 return;
3849 }
3850
3851 *sid_cache = sid;
3852 secattr->cache->free = kfree;
3853 secattr->cache->data = sid_cache;
3854 secattr->flags |= NETLBL_SECATTR_CACHE;
3855 }
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873 int security_netlbl_secattr_to_sid(struct selinux_state *state,
3874 struct netlbl_lsm_secattr *secattr,
3875 u32 *sid)
3876 {
3877 struct selinux_policy *policy;
3878 struct policydb *policydb;
3879 struct sidtab *sidtab;
3880 int rc;
3881 struct context *ctx;
3882 struct context ctx_new;
3883
3884 if (!selinux_initialized(state)) {
3885 *sid = SECSID_NULL;
3886 return 0;
3887 }
3888
3889 retry:
3890 rc = 0;
3891 rcu_read_lock();
3892 policy = rcu_dereference(state->policy);
3893 policydb = &policy->policydb;
3894 sidtab = policy->sidtab;
3895
3896 if (secattr->flags & NETLBL_SECATTR_CACHE)
3897 *sid = *(u32 *)secattr->cache->data;
3898 else if (secattr->flags & NETLBL_SECATTR_SECID)
3899 *sid = secattr->attr.secid;
3900 else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
3901 rc = -EIDRM;
3902 ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
3903 if (ctx == NULL)
3904 goto out;
3905
3906 context_init(&ctx_new);
3907 ctx_new.user = ctx->user;
3908 ctx_new.role = ctx->role;
3909 ctx_new.type = ctx->type;
3910 mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
3911 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
3912 rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
3913 if (rc)
3914 goto out;
3915 }
3916 rc = -EIDRM;
3917 if (!mls_context_isvalid(policydb, &ctx_new)) {
3918 ebitmap_destroy(&ctx_new.range.level[0].cat);
3919 goto out;
3920 }
3921
3922 rc = sidtab_context_to_sid(sidtab, &ctx_new, sid);
3923 ebitmap_destroy(&ctx_new.range.level[0].cat);
3924 if (rc == -ESTALE) {
3925 rcu_read_unlock();
3926 goto retry;
3927 }
3928 if (rc)
3929 goto out;
3930
3931 security_netlbl_cache_add(secattr, *sid);
3932 } else
3933 *sid = SECSID_NULL;
3934
3935 out:
3936 rcu_read_unlock();
3937 return rc;
3938 }
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951 int security_netlbl_sid_to_secattr(struct selinux_state *state,
3952 u32 sid, struct netlbl_lsm_secattr *secattr)
3953 {
3954 struct selinux_policy *policy;
3955 struct policydb *policydb;
3956 int rc;
3957 struct context *ctx;
3958
3959 if (!selinux_initialized(state))
3960 return 0;
3961
3962 rcu_read_lock();
3963 policy = rcu_dereference(state->policy);
3964 policydb = &policy->policydb;
3965
3966 rc = -ENOENT;
3967 ctx = sidtab_search(policy->sidtab, sid);
3968 if (ctx == NULL)
3969 goto out;
3970
3971 rc = -ENOMEM;
3972 secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
3973 GFP_ATOMIC);
3974 if (secattr->domain == NULL)
3975 goto out;
3976
3977 secattr->attr.secid = sid;
3978 secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
3979 mls_export_netlbl_lvl(policydb, ctx, secattr);
3980 rc = mls_export_netlbl_cat(policydb, ctx, secattr);
3981 out:
3982 rcu_read_unlock();
3983 return rc;
3984 }
3985 #endif
3986
3987
3988
3989
3990
3991
3992
3993
3994 static int __security_read_policy(struct selinux_policy *policy,
3995 void *data, size_t *len)
3996 {
3997 int rc;
3998 struct policy_file fp;
3999
4000 fp.data = data;
4001 fp.len = *len;
4002
4003 rc = policydb_write(&policy->policydb, &fp);
4004 if (rc)
4005 return rc;
4006
4007 *len = (unsigned long)fp.data - (unsigned long)data;
4008 return 0;
4009 }
4010
4011
4012
4013
4014
4015
4016
4017
4018 int security_read_policy(struct selinux_state *state,
4019 void **data, size_t *len)
4020 {
4021 struct selinux_policy *policy;
4022
4023 policy = rcu_dereference_protected(
4024 state->policy, lockdep_is_held(&state->policy_mutex));
4025 if (!policy)
4026 return -EINVAL;
4027
4028 *len = policy->policydb.len;
4029 *data = vmalloc_user(*len);
4030 if (!*data)
4031 return -ENOMEM;
4032
4033 return __security_read_policy(policy, *data, len);
4034 }
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048 int security_read_state_kernel(struct selinux_state *state,
4049 void **data, size_t *len)
4050 {
4051 int err;
4052 struct selinux_policy *policy;
4053
4054 policy = rcu_dereference_protected(
4055 state->policy, lockdep_is_held(&state->policy_mutex));
4056 if (!policy)
4057 return -EINVAL;
4058
4059 *len = policy->policydb.len;
4060 *data = vmalloc(*len);
4061 if (!*data)
4062 return -ENOMEM;
4063
4064 err = __security_read_policy(policy, *data, len);
4065 if (err) {
4066 vfree(*data);
4067 *data = NULL;
4068 *len = 0;
4069 }
4070 return err;
4071 }
