Context Navigation

source: src/linux/xscale/linux-2.6.24/security/selinux/ss/services.c @ 9148

Last change on this file since 9148 was 9148, checked in by BrainSlayer, 5 years ago
update to 2.6.24.3
File size: 61.8 KB

Line
1	/*
2	* Implementation of the security services.
3	*
4	* Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
5	* James Morris <jmorris@redhat.com>
6	*
7	* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8	*
9	* Support for enhanced MLS infrastructure.
10	* Support for context based audit filters.
11	*
12	* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13	*
14	* Added conditional policy language extensions
15	*
16	* Updated: Hewlett-Packard <paul.moore@hp.com>
17	*
18	* Added support for NetLabel
19	*
20	* Updated: Chad Sellers <csellers@tresys.com>
21	*
22	* Added validation of kernel classes and permissions
23	*
24	* Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
25	* Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
26	* Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
27	* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
28	* This program is free software; you can redistribute it and/or modify
29	* it under the terms of the GNU General Public License as published by
30	* the Free Software Foundation, version 2.
31	*/
32	#include <linux/kernel.h>
33	#include <linux/slab.h>
34	#include <linux/string.h>
35	#include <linux/spinlock.h>
36	#include <linux/rcupdate.h>
37	#include <linux/errno.h>
38	#include <linux/in.h>
39	#include <linux/sched.h>
40	#include <linux/audit.h>
41	#include <linux/mutex.h>
42	#include <net/netlabel.h>
43
44	#include "flask.h"
45	#include "avc.h"
46	#include "avc_ss.h"
47	#include "security.h"
48	#include "context.h"
49	#include "policydb.h"
50	#include "sidtab.h"
51	#include "services.h"
52	#include "conditional.h"
53	#include "mls.h"
54	#include "objsec.h"
55	#include "netlabel.h"
56	#include "xfrm.h"
57	#include "ebitmap.h"
58
59	extern void selnl_notify_policyload(u32 seqno);
60	unsigned int policydb_loaded_version;
61
62	/*
63	* This is declared in avc.c
64	*/
65	extern const struct selinux_class_perm selinux_class_perm;
66
67	static DEFINE_RWLOCK(policy_rwlock);
68	#define POLICY_RDLOCK read_lock(&policy_rwlock)
69	#define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
70	#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
71	#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
72
73	static DEFINE_MUTEX(load_mutex);
74	#define LOAD_LOCK mutex_lock(&load_mutex)
75	#define LOAD_UNLOCK mutex_unlock(&load_mutex)
76
77	static struct sidtab sidtab;
78	struct policydb policydb;
79	int ss_initialized = 0;
80
81	/*
82	* The largest sequence number that has been used when
83	* providing an access decision to the access vector cache.
84	* The sequence number only changes when a policy change
85	* occurs.
86	*/
87	static u32 latest_granting = 0;
88
89	/* Forward declaration. */
90	static int context_struct_to_string(struct context context, char *scontext,
91	u32 *scontext_len);
92
93	/*
94	* Return the boolean value of a constraint expression
95	* when it is applied to the specified source and target
96	* security contexts.
97	*
98	* xcontext is a special beast... It is used by the validatetrans rules
99	* only. For these rules, scontext is the context before the transition,
100	* tcontext is the context after the transition, and xcontext is the context
101	* of the process performing the transition. All other callers of
102	* constraint_expr_eval should pass in NULL for xcontext.
103	*/
104	static int constraint_expr_eval(struct context *scontext,
105	struct context *tcontext,
106	struct context *xcontext,
107	struct constraint_expr *cexpr)
108	{
109	u32 val1, val2;
110	struct context *c;
111	struct role_datum r1, r2;
112	struct mls_level l1, l2;
113	struct constraint_expr *e;
114	int s[CEXPR_MAXDEPTH];
115	int sp = -1;
116
117	for (e = cexpr; e; e = e->next) {
118	switch (e->expr_type) {
119	case CEXPR_NOT:
120	BUG_ON(sp < 0);
121	s[sp] = !s[sp];
122	break;
123	case CEXPR_AND:
124	BUG_ON(sp < 1);
125	sp--;
126	s[sp] &= s[sp+1];
127	break;
128	case CEXPR_OR:
129	BUG_ON(sp < 1);
130	sp--;
131	s[sp] \|= s[sp+1];
132	break;
133	case CEXPR_ATTR:
134	if (sp == (CEXPR_MAXDEPTH-1))
135	return 0;
136	switch (e->attr) {
137	case CEXPR_USER:
138	val1 = scontext->user;
139	val2 = tcontext->user;
140	break;
141	case CEXPR_TYPE:
142	val1 = scontext->type;
143	val2 = tcontext->type;
144	break;
145	case CEXPR_ROLE:
146	val1 = scontext->role;
147	val2 = tcontext->role;
148	r1 = policydb.role_val_to_struct[val1 - 1];
149	r2 = policydb.role_val_to_struct[val2 - 1];
150	switch (e->op) {
151	case CEXPR_DOM:
152	s[++sp] = ebitmap_get_bit(&r1->dominates,
153	val2 - 1);
154	continue;
155	case CEXPR_DOMBY:
156	s[++sp] = ebitmap_get_bit(&r2->dominates,
157	val1 - 1);
158	continue;
159	case CEXPR_INCOMP:
160	s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
161	val2 - 1) &&
162	!ebitmap_get_bit(&r2->dominates,
163	val1 - 1) );
164	continue;
165	default:
166	break;
167	}
168	break;
169	case CEXPR_L1L2:
170	l1 = &(scontext->range.level[0]);
171	l2 = &(tcontext->range.level[0]);
172	goto mls_ops;
173	case CEXPR_L1H2:
174	l1 = &(scontext->range.level[0]);
175	l2 = &(tcontext->range.level[1]);
176	goto mls_ops;
177	case CEXPR_H1L2:
178	l1 = &(scontext->range.level[1]);
179	l2 = &(tcontext->range.level[0]);
180	goto mls_ops;
181	case CEXPR_H1H2:
182	l1 = &(scontext->range.level[1]);
183	l2 = &(tcontext->range.level[1]);
184	goto mls_ops;
185	case CEXPR_L1H1:
186	l1 = &(scontext->range.level[0]);
187	l2 = &(scontext->range.level[1]);
188	goto mls_ops;
189	case CEXPR_L2H2:
190	l1 = &(tcontext->range.level[0]);
191	l2 = &(tcontext->range.level[1]);
192	goto mls_ops;
193	mls_ops:
194	switch (e->op) {
195	case CEXPR_EQ:
196	s[++sp] = mls_level_eq(l1, l2);
197	continue;
198	case CEXPR_NEQ:
199	s[++sp] = !mls_level_eq(l1, l2);
200	continue;
201	case CEXPR_DOM:
202	s[++sp] = mls_level_dom(l1, l2);
203	continue;
204	case CEXPR_DOMBY:
205	s[++sp] = mls_level_dom(l2, l1);
206	continue;
207	case CEXPR_INCOMP:
208	s[++sp] = mls_level_incomp(l2, l1);
209	continue;
210	default:
211	BUG();
212	return 0;
213	}
214	break;
215	default:
216	BUG();
217	return 0;
218	}
219
220	switch (e->op) {
221	case CEXPR_EQ:
222	s[++sp] = (val1 == val2);
223	break;
224	case CEXPR_NEQ:
225	s[++sp] = (val1 != val2);
226	break;
227	default:
228	BUG();
229	return 0;
230	}
231	break;
232	case CEXPR_NAMES:
233	if (sp == (CEXPR_MAXDEPTH-1))
234	return 0;
235	c = scontext;
236	if (e->attr & CEXPR_TARGET)
237	c = tcontext;
238	else if (e->attr & CEXPR_XTARGET) {
239	c = xcontext;
240	if (!c) {
241	BUG();
242	return 0;
243	}
244	}
245	if (e->attr & CEXPR_USER)
246	val1 = c->user;
247	else if (e->attr & CEXPR_ROLE)
248	val1 = c->role;
249	else if (e->attr & CEXPR_TYPE)
250	val1 = c->type;
251	else {
252	BUG();
253	return 0;
254	}
255
256	switch (e->op) {
257	case CEXPR_EQ:
258	s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
259	break;
260	case CEXPR_NEQ:
261	s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
262	break;
263	default:
264	BUG();
265	return 0;
266	}
267	break;
268	default:
269	BUG();
270	return 0;
271	}
272	}
273
274	BUG_ON(sp != 0);
275	return s[0];
276	}
277
278	/*
279	* Compute access vectors based on a context structure pair for
280	* the permissions in a particular class.
281	*/
282	static int context_struct_compute_av(struct context *scontext,
283	struct context *tcontext,
284	u16 tclass,
285	u32 requested,
286	struct av_decision *avd)
287	{
288	struct constraint_node *constraint;
289	struct role_allow *ra;
290	struct avtab_key avkey;
291	struct avtab_node *node;
292	struct class_datum *tclass_datum;
293	struct ebitmap sattr, tattr;
294	struct ebitmap_node snode, tnode;
295	const struct selinux_class_perm *kdefs = &selinux_class_perm;
296	unsigned int i, j;
297
298	/*
299	* Remap extended Netlink classes for old policy versions.
300	* Do this here rather than socket_type_to_security_class()
301	* in case a newer policy version is loaded, allowing sockets
302	* to remain in the correct class.
303	*/
304	if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
305	if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
306	tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
307	tclass = SECCLASS_NETLINK_SOCKET;
308
309	/*
310	* Initialize the access vectors to the default values.
311	*/
312	avd->allowed = 0;
313	avd->decided = 0xffffffff;
314	avd->auditallow = 0;
315	avd->auditdeny = 0xffffffff;
316	avd->seqno = latest_granting;
317
318	/*
319	* Check for all the invalid cases.
320	* - tclass 0
321	* - tclass > policy and > kernel
322	* - tclass > policy but is a userspace class
323	* - tclass > policy but we do not allow unknowns
324	*/
325	if (unlikely(!tclass))
326	goto inval_class;
327	if (unlikely(tclass > policydb.p_classes.nprim))
328	if (tclass > kdefs->cts_len \|\|
329	!kdefs->class_to_string[tclass - 1] \|\|
330	!policydb.allow_unknown)
331	goto inval_class;
332
333	/*
334	* Kernel class and we allow unknown so pad the allow decision
335	* the pad will be all 1 for unknown classes.
336	*/
337	if (tclass <= kdefs->cts_len && policydb.allow_unknown)
338	avd->allowed = policydb.undefined_perms[tclass - 1];
339
340	/*
341	* Not in policy. Since decision is completed (all 1 or all 0) return.
342	*/
343	if (unlikely(tclass > policydb.p_classes.nprim))
344	return 0;
345
346	tclass_datum = policydb.class_val_to_struct[tclass - 1];
347
348	/*
349	* If a specific type enforcement rule was defined for
350	* this permission check, then use it.
351	*/
352	avkey.target_class = tclass;
353	avkey.specified = AVTAB_AV;
354	sattr = &policydb.type_attr_map[scontext->type - 1];
355	tattr = &policydb.type_attr_map[tcontext->type - 1];
356	ebitmap_for_each_positive_bit(sattr, snode, i) {
357	ebitmap_for_each_positive_bit(tattr, tnode, j) {
358	avkey.source_type = i + 1;
359	avkey.target_type = j + 1;
360	for (node = avtab_search_node(&policydb.te_avtab, &avkey);
361	node != NULL;
362	node = avtab_search_node_next(node, avkey.specified)) {
363	if (node->key.specified == AVTAB_ALLOWED)
364	avd->allowed \|= node->datum.data;
365	else if (node->key.specified == AVTAB_AUDITALLOW)
366	avd->auditallow \|= node->datum.data;
367	else if (node->key.specified == AVTAB_AUDITDENY)
368	avd->auditdeny &= node->datum.data;
369	}
370
371	/* Check conditional av table for additional permissions */
372	cond_compute_av(&policydb.te_cond_avtab, &avkey, avd);
373
374	}
375	}
376
377	/*
378	* Remove any permissions prohibited by a constraint (this includes
379	* the MLS policy).
380	*/
381	constraint = tclass_datum->constraints;
382	while (constraint) {
383	if ((constraint->permissions & (avd->allowed)) &&
384	!constraint_expr_eval(scontext, tcontext, NULL,
385	constraint->expr)) {
386	avd->allowed = (avd->allowed) & ~(constraint->permissions);
387	}
388	constraint = constraint->next;
389	}
390
391	/*
392	* If checking process transition permission and the
393	* role is changing, then check the (current_role, new_role)
394	* pair.
395	*/
396	if (tclass == SECCLASS_PROCESS &&
397	(avd->allowed & (PROCESS__TRANSITION \| PROCESS__DYNTRANSITION)) &&
398	scontext->role != tcontext->role) {
399	for (ra = policydb.role_allow; ra; ra = ra->next) {
400	if (scontext->role == ra->role &&
401	tcontext->role == ra->new_role)
402	break;
403	}
404	if (!ra)
405	avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION \|
406	PROCESS__DYNTRANSITION);
407	}
408
409	return 0;
410
411	inval_class:
412	printk(KERN_ERR "%s: unrecognized class %d\n", __FUNCTION__, tclass);
413	return -EINVAL;
414	}
415
416	static int security_validtrans_handle_fail(struct context *ocontext,
417	struct context *ncontext,
418	struct context *tcontext,
419	u16 tclass)
420	{
421	char o = NULL, n = NULL, *t = NULL;
422	u32 olen, nlen, tlen;
423
424	if (context_struct_to_string(ocontext, &o, &olen) < 0)
425	goto out;
426	if (context_struct_to_string(ncontext, &n, &nlen) < 0)
427	goto out;
428	if (context_struct_to_string(tcontext, &t, &tlen) < 0)
429	goto out;
430	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
431	"security_validate_transition: denied for"
432	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
433	o, n, t, policydb.p_class_val_to_name[tclass-1]);
434	out:
435	kfree(o);
436	kfree(n);
437	kfree(t);
438
439	if (!selinux_enforcing)
440	return 0;
441	return -EPERM;
442	}
443
444	int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
445	u16 tclass)
446	{
447	struct context *ocontext;
448	struct context *ncontext;
449	struct context *tcontext;
450	struct class_datum *tclass_datum;
451	struct constraint_node *constraint;
452	int rc = 0;
453
454	if (!ss_initialized)
455	return 0;
456
457	POLICY_RDLOCK;
458
459	/*
460	* Remap extended Netlink classes for old policy versions.
461	* Do this here rather than socket_type_to_security_class()
462	* in case a newer policy version is loaded, allowing sockets
463	* to remain in the correct class.
464	*/
465	if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
466	if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
467	tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
468	tclass = SECCLASS_NETLINK_SOCKET;
469
470	if (!tclass \|\| tclass > policydb.p_classes.nprim) {
471	printk(KERN_ERR "security_validate_transition: "
472	"unrecognized class %d\n", tclass);
473	rc = -EINVAL;
474	goto out;
475	}
476	tclass_datum = policydb.class_val_to_struct[tclass - 1];
477
478	ocontext = sidtab_search(&sidtab, oldsid);
479	if (!ocontext) {
480	printk(KERN_ERR "security_validate_transition: "
481	" unrecognized SID %d\n", oldsid);
482	rc = -EINVAL;
483	goto out;
484	}
485
486	ncontext = sidtab_search(&sidtab, newsid);
487	if (!ncontext) {
488	printk(KERN_ERR "security_validate_transition: "
489	" unrecognized SID %d\n", newsid);
490	rc = -EINVAL;
491	goto out;
492	}
493
494	tcontext = sidtab_search(&sidtab, tasksid);
495	if (!tcontext) {
496	printk(KERN_ERR "security_validate_transition: "
497	" unrecognized SID %d\n", tasksid);
498	rc = -EINVAL;
499	goto out;
500	}
501
502	constraint = tclass_datum->validatetrans;
503	while (constraint) {
504	if (!constraint_expr_eval(ocontext, ncontext, tcontext,
505	constraint->expr)) {
506	rc = security_validtrans_handle_fail(ocontext, ncontext,
507	tcontext, tclass);
508	goto out;
509	}
510	constraint = constraint->next;
511	}
512
513	out:
514	POLICY_RDUNLOCK;
515	return rc;
516	}
517
518	/**
519	* security_compute_av - Compute access vector decisions.
520	* @ssid: source security identifier
521	* @tsid: target security identifier
522	* @tclass: target security class
523	* @requested: requested permissions
524	* @avd: access vector decisions
525	*
526	* Compute a set of access vector decisions based on the
527	* SID pair (@ssid, @tsid) for the permissions in @tclass.
528	* Return -%EINVAL if any of the parameters are invalid or %0
529	* if the access vector decisions were computed successfully.
530	*/
531	int security_compute_av(u32 ssid,
532	u32 tsid,
533	u16 tclass,
534	u32 requested,
535	struct av_decision *avd)
536	{
537	struct context scontext = NULL, tcontext = NULL;
538	int rc = 0;
539
540	if (!ss_initialized) {
541	avd->allowed = 0xffffffff;
542	avd->decided = 0xffffffff;
543	avd->auditallow = 0;
544	avd->auditdeny = 0xffffffff;
545	avd->seqno = latest_granting;
546	return 0;
547	}
548
549	POLICY_RDLOCK;
550
551	scontext = sidtab_search(&sidtab, ssid);
552	if (!scontext) {
553	printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
554	ssid);
555	rc = -EINVAL;
556	goto out;
557	}
558	tcontext = sidtab_search(&sidtab, tsid);
559	if (!tcontext) {
560	printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
561	tsid);
562	rc = -EINVAL;
563	goto out;
564	}
565
566	rc = context_struct_compute_av(scontext, tcontext, tclass,
567	requested, avd);
568	out:
569	POLICY_RDUNLOCK;
570	return rc;
571	}
572
573	/*
574	* Write the security context string representation of
575	* the context structure `context' into a dynamically
576	* allocated string of the correct size. Set `*scontext'
577	* to point to this string and set `*scontext_len' to
578	* the length of the string.
579	*/
580	static int context_struct_to_string(struct context context, char scontext, u32 scontext_len)
581	{
582	char *scontextp;
583
584	*scontext = NULL;
585	*scontext_len = 0;
586
587	/* Compute the size of the context. */
588	*scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
589	*scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
590	*scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
591	*scontext_len += mls_compute_context_len(context);
592
593	/* Allocate space for the context; caller must free this space. */
594	scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
595	if (!scontextp) {
596	return -ENOMEM;
597	}
598	*scontext = scontextp;
599
600	/*
601	* Copy the user name, role name and type name into the context.
602	*/
603	sprintf(scontextp, "%s:%s:%s",
604	policydb.p_user_val_to_name[context->user - 1],
605	policydb.p_role_val_to_name[context->role - 1],
606	policydb.p_type_val_to_name[context->type - 1]);
607	scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
608	1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
609	1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
610
611	mls_sid_to_context(context, &scontextp);
612
613	*scontextp = 0;
614
615	return 0;
616	}
617
618	#include "initial_sid_to_string.h"
619
620	const char *security_get_initial_sid_context(u32 sid)
621	{
622	if (unlikely(sid > SECINITSID_NUM))
623	return NULL;
624	return initial_sid_to_string[sid];
625	}
626
627	/**
628	* security_sid_to_context - Obtain a context for a given SID.
629	* @sid: security identifier, SID
630	* @scontext: security context
631	* @scontext_len: length in bytes
632	*
633	* Write the string representation of the context associated with @sid
634	* into a dynamically allocated string of the correct size. Set @scontext
635	* to point to this string and set @scontext_len to the length of the string.
636	*/
637	int security_sid_to_context(u32 sid, char *scontext, u32 scontext_len)
638	{
639	struct context *context;
640	int rc = 0;
641
642	*scontext = NULL;
643	*scontext_len = 0;
644
645	if (!ss_initialized) {
646	if (sid <= SECINITSID_NUM) {
647	char *scontextp;
648
649	*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
650	scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
651	if (!scontextp) {
652	rc = -ENOMEM;
653	goto out;
654	}
655	strcpy(scontextp, initial_sid_to_string[sid]);
656	*scontext = scontextp;
657	goto out;
658	}
659	printk(KERN_ERR "security_sid_to_context: called before initial "
660	"load_policy on unknown SID %d\n", sid);
661	rc = -EINVAL;
662	goto out;
663	}
664	POLICY_RDLOCK;
665	context = sidtab_search(&sidtab, sid);
666	if (!context) {
667	printk(KERN_ERR "security_sid_to_context: unrecognized SID "
668	"%d\n", sid);
669	rc = -EINVAL;
670	goto out_unlock;
671	}
672	rc = context_struct_to_string(context, scontext, scontext_len);
673	out_unlock:
674	POLICY_RDUNLOCK;
675	out:
676	return rc;
677
678	}
679
680	static int security_context_to_sid_core(char scontext, u32 scontext_len, u32 sid, u32 def_sid)
681	{
682	char *scontext2;
683	struct context context;
684	struct role_datum *role;
685	struct type_datum *typdatum;
686	struct user_datum *usrdatum;
687	char scontextp, p, oldc;
688	int rc = 0;
689
690	if (!ss_initialized) {
691	int i;
692
693	for (i = 1; i < SECINITSID_NUM; i++) {
694	if (!strcmp(initial_sid_to_string[i], scontext)) {
695	*sid = i;
696	goto out;
697	}
698	}
699	*sid = SECINITSID_KERNEL;
700	goto out;
701	}
702	*sid = SECSID_NULL;
703
704	/* Copy the string so that we can modify the copy as we parse it.
705	The string should already by null terminated, but we append a
706	null suffix to the copy to avoid problems with the existing
707	attr package, which doesn't view the null terminator as part
708	of the attribute value. */
709	scontext2 = kmalloc(scontext_len+1,GFP_KERNEL);
710	if (!scontext2) {
711	rc = -ENOMEM;
712	goto out;
713	}
714	memcpy(scontext2, scontext, scontext_len);
715	scontext2[scontext_len] = 0;
716
717	context_init(&context);
718	*sid = SECSID_NULL;
719
720	POLICY_RDLOCK;
721
722	/* Parse the security context. */
723
724	rc = -EINVAL;
725	scontextp = (char *) scontext2;
726
727	/* Extract the user. */
728	p = scontextp;
729	while (p && p != ':')
730	p++;
731
732	if (*p == 0)
733	goto out_unlock;
734
735	*p++ = 0;
736
737	usrdatum = hashtab_search(policydb.p_users.table, scontextp);
738	if (!usrdatum)
739	goto out_unlock;
740
741	context.user = usrdatum->value;
742
743	/* Extract role. */
744	scontextp = p;
745	while (p && p != ':')
746	p++;
747
748	if (*p == 0)
749	goto out_unlock;
750
751	*p++ = 0;
752
753	role = hashtab_search(policydb.p_roles.table, scontextp);
754	if (!role)
755	goto out_unlock;
756	context.role = role->value;
757
758	/* Extract type. */
759	scontextp = p;
760	while (p && p != ':')
761	p++;
762	oldc = *p;
763	*p++ = 0;
764
765	typdatum = hashtab_search(policydb.p_types.table, scontextp);
766	if (!typdatum)
767	goto out_unlock;
768
769	context.type = typdatum->value;
770
771	rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
772	if (rc)
773	goto out_unlock;
774
775	if ((p - scontext2) < scontext_len) {
776	rc = -EINVAL;
777	goto out_unlock;
778	}
779
780	/* Check the validity of the new context. */
781	if (!policydb_context_isvalid(&policydb, &context)) {
782	rc = -EINVAL;
783	goto out_unlock;
784	}
785	/* Obtain the new sid. */
786	rc = sidtab_context_to_sid(&sidtab, &context, sid);
787	out_unlock:
788	POLICY_RDUNLOCK;
789	context_destroy(&context);
790	kfree(scontext2);
791	out:
792	return rc;
793	}
794
795	/**
796	* security_context_to_sid - Obtain a SID for a given security context.
797	* @scontext: security context
798	* @scontext_len: length in bytes
799	* @sid: security identifier, SID
800	*
801	* Obtains a SID associated with the security context that
802	* has the string representation specified by @scontext.
803	* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
804	* memory is available, or 0 on success.
805	*/
806	int security_context_to_sid(char scontext, u32 scontext_len, u32 sid)
807	{
808	return security_context_to_sid_core(scontext, scontext_len,
809	sid, SECSID_NULL);
810	}
811
812	/**
813	* security_context_to_sid_default - Obtain a SID for a given security context,
814	* falling back to specified default if needed.
815	*
816	* @scontext: security context
817	* @scontext_len: length in bytes
818	* @sid: security identifier, SID
819	* @def_sid: default SID to assign on error
820	*
821	* Obtains a SID associated with the security context that
822	* has the string representation specified by @scontext.
823	* The default SID is passed to the MLS layer to be used to allow
824	* kernel labeling of the MLS field if the MLS field is not present
825	* (for upgrading to MLS without full relabel).
826	* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
827	* memory is available, or 0 on success.
828	*/
829	int security_context_to_sid_default(char scontext, u32 scontext_len, u32 sid, u32 def_sid)
830	{
831	return security_context_to_sid_core(scontext, scontext_len,
832	sid, def_sid);
833	}
834
835	static int compute_sid_handle_invalid_context(
836	struct context *scontext,
837	struct context *tcontext,
838	u16 tclass,
839	struct context *newcontext)
840	{
841	char s = NULL, t = NULL, *n = NULL;
842	u32 slen, tlen, nlen;
843
844	if (context_struct_to_string(scontext, &s, &slen) < 0)
845	goto out;
846	if (context_struct_to_string(tcontext, &t, &tlen) < 0)
847	goto out;
848	if (context_struct_to_string(newcontext, &n, &nlen) < 0)
849	goto out;
850	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
851	"security_compute_sid: invalid context %s"
852	" for scontext=%s"
853	" tcontext=%s"
854	" tclass=%s",
855	n, s, t, policydb.p_class_val_to_name[tclass-1]);
856	out:
857	kfree(s);
858	kfree(t);
859	kfree(n);
860	if (!selinux_enforcing)
861	return 0;
862	return -EACCES;
863	}
864
865	static int security_compute_sid(u32 ssid,
866	u32 tsid,
867	u16 tclass,
868	u32 specified,
869	u32 *out_sid)
870	{
871	struct context scontext = NULL, tcontext = NULL, newcontext;
872	struct role_trans *roletr = NULL;
873	struct avtab_key avkey;
874	struct avtab_datum *avdatum;
875	struct avtab_node *node;
876	int rc = 0;
877
878	if (!ss_initialized) {
879	switch (tclass) {
880	case SECCLASS_PROCESS:
881	*out_sid = ssid;
882	break;
883	default:
884	*out_sid = tsid;
885	break;
886	}
887	goto out;
888	}
889
890	context_init(&newcontext);
891
892	POLICY_RDLOCK;
893
894	scontext = sidtab_search(&sidtab, ssid);
895	if (!scontext) {
896	printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
897	ssid);
898	rc = -EINVAL;
899	goto out_unlock;
900	}
901	tcontext = sidtab_search(&sidtab, tsid);
902	if (!tcontext) {
903	printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
904	tsid);
905	rc = -EINVAL;
906	goto out_unlock;
907	}
908
909	/* Set the user identity. */
910	switch (specified) {
911	case AVTAB_TRANSITION:
912	case AVTAB_CHANGE:
913	/* Use the process user identity. */
914	newcontext.user = scontext->user;
915	break;
916	case AVTAB_MEMBER:
917	/* Use the related object owner. */
918	newcontext.user = tcontext->user;
919	break;
920	}
921
922	/* Set the role and type to default values. */
923	switch (tclass) {
924	case SECCLASS_PROCESS:
925	/* Use the current role and type of process. */
926	newcontext.role = scontext->role;
927	newcontext.type = scontext->type;
928	break;
929	default:
930	/* Use the well-defined object role. */
931	newcontext.role = OBJECT_R_VAL;
932	/* Use the type of the related object. */
933	newcontext.type = tcontext->type;
934	}
935
936	/* Look for a type transition/member/change rule. */
937	avkey.source_type = scontext->type;
938	avkey.target_type = tcontext->type;
939	avkey.target_class = tclass;
940	avkey.specified = specified;
941	avdatum = avtab_search(&policydb.te_avtab, &avkey);
942
943	/* If no permanent rule, also check for enabled conditional rules */
944	if(!avdatum) {
945	node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
946	for (; node != NULL; node = avtab_search_node_next(node, specified)) {
947	if (node->key.specified & AVTAB_ENABLED) {
948	avdatum = &node->datum;
949	break;
950	}
951	}
952	}
953
954	if (avdatum) {
955	/* Use the type from the type transition/member/change rule. */
956	newcontext.type = avdatum->data;
957	}
958
959	/* Check for class-specific changes. */
960	switch (tclass) {
961	case SECCLASS_PROCESS:
962	if (specified & AVTAB_TRANSITION) {
963	/* Look for a role transition rule. */
964	for (roletr = policydb.role_tr; roletr;
965	roletr = roletr->next) {
966	if (roletr->role == scontext->role &&
967	roletr->type == tcontext->type) {
968	/* Use the role transition rule. */
969	newcontext.role = roletr->new_role;
970	break;
971	}
972	}
973	}
974	break;
975	default:
976	break;
977	}
978
979	/* Set the MLS attributes.
980	This is done last because it may allocate memory. */
981	rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);
982	if (rc)
983	goto out_unlock;
984
985	/* Check the validity of the context. */
986	if (!policydb_context_isvalid(&policydb, &newcontext)) {
987	rc = compute_sid_handle_invalid_context(scontext,
988	tcontext,
989	tclass,
990	&newcontext);
991	if (rc)
992	goto out_unlock;
993	}
994	/* Obtain the sid for the context. */
995	rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
996	out_unlock:
997	POLICY_RDUNLOCK;
998	context_destroy(&newcontext);
999	out:
1000	return rc;
1001	}
1002
1003	/**
1004	* security_transition_sid - Compute the SID for a new subject/object.
1005	* @ssid: source security identifier
1006	* @tsid: target security identifier
1007	* @tclass: target security class
1008	* @out_sid: security identifier for new subject/object
1009	*
1010	* Compute a SID to use for labeling a new subject or object in the
1011	* class @tclass based on a SID pair (@ssid, @tsid).
1012	* Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1013	* if insufficient memory is available, or %0 if the new SID was
1014	* computed successfully.
1015	*/
1016	int security_transition_sid(u32 ssid,
1017	u32 tsid,
1018	u16 tclass,
1019	u32 *out_sid)
1020	{
1021	return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
1022	}
1023
1024	/**
1025	* security_member_sid - Compute the SID for member selection.
1026	* @ssid: source security identifier
1027	* @tsid: target security identifier
1028	* @tclass: target security class
1029	* @out_sid: security identifier for selected member
1030	*
1031	* Compute a SID to use when selecting a member of a polyinstantiated
1032	* object of class @tclass based on a SID pair (@ssid, @tsid).
1033	* Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1034	* if insufficient memory is available, or %0 if the SID was
1035	* computed successfully.
1036	*/
1037	int security_member_sid(u32 ssid,
1038	u32 tsid,
1039	u16 tclass,
1040	u32 *out_sid)
1041	{
1042	return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
1043	}
1044
1045	/**
1046	* security_change_sid - Compute the SID for object relabeling.
1047	* @ssid: source security identifier
1048	* @tsid: target security identifier
1049	* @tclass: target security class
1050	* @out_sid: security identifier for selected member
1051	*
1052	* Compute a SID to use for relabeling an object of class @tclass
1053	* based on a SID pair (@ssid, @tsid).
1054	* Return -%EINVAL if any of the parameters are invalid, -%ENOMEM
1055	* if insufficient memory is available, or %0 if the SID was
1056	* computed successfully.
1057	*/
1058	int security_change_sid(u32 ssid,
1059	u32 tsid,
1060	u16 tclass,
1061	u32 *out_sid)
1062	{
1063	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
1064	}
1065
1066	/*
1067	* Verify that each kernel class that is defined in the
1068	* policy is correct
1069	*/
1070	static int validate_classes(struct policydb *p)
1071	{
1072	int i, j;
1073	struct class_datum *cladatum;
1074	struct perm_datum *perdatum;
1075	u32 nprim, tmp, common_pts_len, perm_val, pol_val;
1076	u16 class_val;
1077	const struct selinux_class_perm *kdefs = &selinux_class_perm;
1078	const char def_class, def_perm, *pol_class;
1079	struct symtab *perms;
1080
1081	if (p->allow_unknown) {
1082	u32 num_classes = kdefs->cts_len;
1083	p->undefined_perms = kcalloc(num_classes, sizeof(u32), GFP_KERNEL);
1084	if (!p->undefined_perms)
1085	return -ENOMEM;
1086	}
1087
1088	for (i = 1; i < kdefs->cts_len; i++) {
1089	def_class = kdefs->class_to_string[i];
1090	if (!def_class)
1091	continue;
1092	if (i > p->p_classes.nprim) {
1093	printk(KERN_INFO
1094	"security: class %s not defined in policy\n",
1095	def_class);
1096	if (p->reject_unknown)
1097	return -EINVAL;
1098	if (p->allow_unknown)
1099	p->undefined_perms[i-1] = ~0U;
1100	continue;
1101	}
1102	pol_class = p->p_class_val_to_name[i-1];
1103	if (strcmp(pol_class, def_class)) {
1104	printk(KERN_ERR
1105	"security: class %d is incorrect, found %s but should be %s\n",
1106	i, pol_class, def_class);
1107	return -EINVAL;
1108	}
1109	}
1110	for (i = 0; i < kdefs->av_pts_len; i++) {
1111	class_val = kdefs->av_perm_to_string[i].tclass;
1112	perm_val = kdefs->av_perm_to_string[i].value;
1113	def_perm = kdefs->av_perm_to_string[i].name;
1114	if (class_val > p->p_classes.nprim)
1115	continue;
1116	pol_class = p->p_class_val_to_name[class_val-1];
1117	cladatum = hashtab_search(p->p_classes.table, pol_class);
1118	BUG_ON(!cladatum);
1119	perms = &cladatum->permissions;
1120	nprim = 1 << (perms->nprim - 1);
1121	if (perm_val > nprim) {
1122	printk(KERN_INFO
1123	"security: permission %s in class %s not defined in policy\n",
1124	def_perm, pol_class);
1125	if (p->reject_unknown)
1126	return -EINVAL;
1127	if (p->allow_unknown)
1128	p->undefined_perms[class_val-1] \|= perm_val;
1129	continue;
1130	}
1131	perdatum = hashtab_search(perms->table, def_perm);
1132	if (perdatum == NULL) {
1133	printk(KERN_ERR
1134	"security: permission %s in class %s not found in policy, bad policy\n",
1135	def_perm, pol_class);
1136	return -EINVAL;
1137	}
1138	pol_val = 1 << (perdatum->value - 1);
1139	if (pol_val != perm_val) {
1140	printk(KERN_ERR
1141	"security: permission %s in class %s has incorrect value\n",
1142	def_perm, pol_class);
1143	return -EINVAL;
1144	}
1145	}
1146	for (i = 0; i < kdefs->av_inherit_len; i++) {
1147	class_val = kdefs->av_inherit[i].tclass;
1148	if (class_val > p->p_classes.nprim)
1149	continue;
1150	pol_class = p->p_class_val_to_name[class_val-1];
1151	cladatum = hashtab_search(p->p_classes.table, pol_class);
1152	BUG_ON(!cladatum);
1153	if (!cladatum->comdatum) {
1154	printk(KERN_ERR
1155	"security: class %s should have an inherits clause but does not\n",
1156	pol_class);
1157	return -EINVAL;
1158	}
1159	tmp = kdefs->av_inherit[i].common_base;
1160	common_pts_len = 0;
1161	while (!(tmp & 0x01)) {
1162	common_pts_len++;
1163	tmp >>= 1;
1164	}
1165	perms = &cladatum->comdatum->permissions;
1166	for (j = 0; j < common_pts_len; j++) {
1167	def_perm = kdefs->av_inherit[i].common_pts[j];
1168	if (j >= perms->nprim) {
1169	printk(KERN_INFO
1170	"security: permission %s in class %s not defined in policy\n",
1171	def_perm, pol_class);
1172	if (p->reject_unknown)
1173	return -EINVAL;
1174	if (p->allow_unknown)
1175	p->undefined_perms[class_val-1] \|= (1 << j);
1176	continue;
1177	}
1178	perdatum = hashtab_search(perms->table, def_perm);
1179	if (perdatum == NULL) {
1180	printk(KERN_ERR
1181	"security: permission %s in class %s not found in policy, bad policy\n",
1182	def_perm, pol_class);
1183	return -EINVAL;
1184	}
1185	if (perdatum->value != j + 1) {
1186	printk(KERN_ERR
1187	"security: permission %s in class %s has incorrect value\n",
1188	def_perm, pol_class);
1189	return -EINVAL;
1190	}
1191	}
1192	}
1193	return 0;
1194	}
1195
1196	/* Clone the SID into the new SID table. */
1197	static int clone_sid(u32 sid,
1198	struct context *context,
1199	void *arg)
1200	{
1201	struct sidtab *s = arg;
1202
1203	return sidtab_insert(s, sid, context);
1204	}
1205
1206	static inline int convert_context_handle_invalid_context(struct context *context)
1207	{
1208	int rc = 0;
1209
1210	if (selinux_enforcing) {
1211	rc = -EINVAL;
1212	} else {
1213	char *s;
1214	u32 len;
1215
1216	context_struct_to_string(context, &s, &len);
1217	printk(KERN_ERR "security: context %s is invalid\n", s);
1218	kfree(s);
1219	}
1220	return rc;
1221	}
1222
1223	struct convert_context_args {
1224	struct policydb *oldp;
1225	struct policydb *newp;
1226	};
1227
1228	/*
1229	* Convert the values in the security context
1230	* structure `c' from the values specified
1231	* in the policy `p->oldp' to the values specified
1232	* in the policy `p->newp'. Verify that the
1233	* context is valid under the new policy.
1234	*/
1235	static int convert_context(u32 key,
1236	struct context *c,
1237	void *p)
1238	{
1239	struct convert_context_args *args;
1240	struct context oldc;
1241	struct role_datum *role;
1242	struct type_datum *typdatum;
1243	struct user_datum *usrdatum;
1244	char *s;
1245	u32 len;
1246	int rc;
1247
1248	args = p;
1249
1250	rc = context_cpy(&oldc, c);
1251	if (rc)
1252	goto out;
1253
1254	rc = -EINVAL;
1255
1256	/* Convert the user. */
1257	usrdatum = hashtab_search(args->newp->p_users.table,
1258	args->oldp->p_user_val_to_name[c->user - 1]);
1259	if (!usrdatum) {
1260	goto bad;
1261	}
1262	c->user = usrdatum->value;
1263
1264	/* Convert the role. */
1265	role = hashtab_search(args->newp->p_roles.table,
1266	args->oldp->p_role_val_to_name[c->role - 1]);
1267	if (!role) {
1268	goto bad;
1269	}
1270	c->role = role->value;
1271
1272	/* Convert the type. */
1273	typdatum = hashtab_search(args->newp->p_types.table,
1274	args->oldp->p_type_val_to_name[c->type - 1]);
1275	if (!typdatum) {
1276	goto bad;
1277	}
1278	c->type = typdatum->value;
1279
1280	rc = mls_convert_context(args->oldp, args->newp, c);
1281	if (rc)
1282	goto bad;
1283
1284	/* Check the validity of the new context. */
1285	if (!policydb_context_isvalid(args->newp, c)) {
1286	rc = convert_context_handle_invalid_context(&oldc);
1287	if (rc)
1288	goto bad;
1289	}
1290
1291	context_destroy(&oldc);
1292	out:
1293	return rc;
1294	bad:
1295	context_struct_to_string(&oldc, &s, &len);
1296	context_destroy(&oldc);
1297	printk(KERN_ERR "security: invalidating context %s\n", s);
1298	kfree(s);
1299	goto out;
1300	}
1301
1302	extern void selinux_complete_init(void);
1303	static int security_preserve_bools(struct policydb *p);
1304
1305	/**
1306	* security_load_policy - Load a security policy configuration.
1307	* @data: binary policy data
1308	* @len: length of data in bytes
1309	*
1310	* Load a new set of security policy configuration data,
1311	* validate it and convert the SID table as necessary.
1312	* This function will flush the access vector cache after
1313	* loading the new policy.
1314	*/
1315	int security_load_policy(void *data, size_t len)
1316	{
1317	struct policydb oldpolicydb, newpolicydb;
1318	struct sidtab oldsidtab, newsidtab;
1319	struct convert_context_args args;
1320	u32 seqno;
1321	int rc = 0;
1322	struct policy_file file = { data, len }, *fp = &file;
1323
1324	LOAD_LOCK;
1325
1326	if (!ss_initialized) {
1327	avtab_cache_init();
1328	if (policydb_read(&policydb, fp)) {
1329	LOAD_UNLOCK;
1330	avtab_cache_destroy();
1331	return -EINVAL;
1332	}
1333	if (policydb_load_isids(&policydb, &sidtab)) {
1334	LOAD_UNLOCK;
1335	policydb_destroy(&policydb);
1336	avtab_cache_destroy();
1337	return -EINVAL;
1338	}
1339	/* Verify that the kernel defined classes are correct. */
1340	if (validate_classes(&policydb)) {
1341	printk(KERN_ERR
1342	"security: the definition of a class is incorrect\n");
1343	LOAD_UNLOCK;
1344	sidtab_destroy(&sidtab);
1345	policydb_destroy(&policydb);
1346	avtab_cache_destroy();
1347	return -EINVAL;
1348	}
1349	policydb_loaded_version = policydb.policyvers;
1350	ss_initialized = 1;
1351	seqno = ++latest_granting;
1352	LOAD_UNLOCK;
1353	selinux_complete_init();
1354	avc_ss_reset(seqno);
1355	selnl_notify_policyload(seqno);
1356	selinux_netlbl_cache_invalidate();
1357	selinux_xfrm_notify_policyload();
1358	return 0;
1359	}
1360
1361	#if 0
1362	sidtab_hash_eval(&sidtab, "sids");
1363	#endif
1364
1365	if (policydb_read(&newpolicydb, fp)) {
1366	LOAD_UNLOCK;
1367	return -EINVAL;
1368	}
1369
1370	sidtab_init(&newsidtab);
1371
1372	/* Verify that the kernel defined classes are correct. */
1373	if (validate_classes(&newpolicydb)) {
1374	printk(KERN_ERR
1375	"security: the definition of a class is incorrect\n");
1376	rc = -EINVAL;
1377	goto err;
1378	}
1379
1380	rc = security_preserve_bools(&newpolicydb);
1381	if (rc) {
1382	printk(KERN_ERR "security: unable to preserve booleans\n");
1383	goto err;
1384	}
1385
1386	/* Clone the SID table. */
1387	sidtab_shutdown(&sidtab);
1388	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
1389	rc = -ENOMEM;
1390	goto err;
1391	}
1392
1393	/* Convert the internal representations of contexts
1394	in the new SID table and remove invalid SIDs. */
1395	args.oldp = &policydb;
1396	args.newp = &newpolicydb;
1397	sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
1398
1399	/* Save the old policydb and SID table to free later. */
1400	memcpy(&oldpolicydb, &policydb, sizeof policydb);
1401	sidtab_set(&oldsidtab, &sidtab);
1402
1403	/* Install the new policydb and SID table. */
1404	POLICY_WRLOCK;
1405	memcpy(&policydb, &newpolicydb, sizeof policydb);
1406	sidtab_set(&sidtab, &newsidtab);
1407	seqno = ++latest_granting;
1408	policydb_loaded_version = policydb.policyvers;
1409	POLICY_WRUNLOCK;
1410	LOAD_UNLOCK;
1411
1412	/* Free the old policydb and SID table. */
1413	policydb_destroy(&oldpolicydb);
1414	sidtab_destroy(&oldsidtab);
1415
1416	avc_ss_reset(seqno);
1417	selnl_notify_policyload(seqno);
1418	selinux_netlbl_cache_invalidate();
1419	selinux_xfrm_notify_policyload();
1420
1421	return 0;
1422
1423	err:
1424	LOAD_UNLOCK;
1425	sidtab_destroy(&newsidtab);
1426	policydb_destroy(&newpolicydb);
1427	return rc;
1428
1429	}
1430
1431	/**
1432	* security_port_sid - Obtain the SID for a port.
1433	* @domain: communication domain aka address family
1434	* @type: socket type
1435	* @protocol: protocol number
1436	* @port: port number
1437	* @out_sid: security identifier
1438	*/
1439	int security_port_sid(u16 domain,
1440	u16 type,
1441	u8 protocol,
1442	u16 port,
1443	u32 *out_sid)
1444	{
1445	struct ocontext *c;
1446	int rc = 0;
1447
1448	POLICY_RDLOCK;
1449
1450	c = policydb.ocontexts[OCON_PORT];
1451	while (c) {
1452	if (c->u.port.protocol == protocol &&
1453	c->u.port.low_port <= port &&
1454	c->u.port.high_port >= port)
1455	break;
1456	c = c->next;
1457	}
1458
1459	if (c) {
1460	if (!c->sid[0]) {
1461	rc = sidtab_context_to_sid(&sidtab,
1462	&c->context[0],
1463	&c->sid[0]);
1464	if (rc)
1465	goto out;
1466	}
1467	*out_sid = c->sid[0];
1468	} else {
1469	*out_sid = SECINITSID_PORT;
1470	}
1471
1472	out:
1473	POLICY_RDUNLOCK;
1474	return rc;
1475	}
1476
1477	/**
1478	* security_netif_sid - Obtain the SID for a network interface.
1479	* @name: interface name
1480	* @if_sid: interface SID
1481	* @msg_sid: default SID for received packets
1482	*/
1483	int security_netif_sid(char *name,
1484	u32 *if_sid,
1485	u32 *msg_sid)
1486	{
1487	int rc = 0;
1488	struct ocontext *c;
1489
1490	POLICY_RDLOCK;
1491
1492	c = policydb.ocontexts[OCON_NETIF];
1493	while (c) {
1494	if (strcmp(name, c->u.name) == 0)
1495	break;
1496	c = c->next;
1497	}
1498
1499	if (c) {
1500	if (!c->sid[0] \|\| !c->sid[1]) {
1501	rc = sidtab_context_to_sid(&sidtab,
1502	&c->context[0],
1503	&c->sid[0]);
1504	if (rc)
1505	goto out;
1506	rc = sidtab_context_to_sid(&sidtab,
1507	&c->context[1],
1508	&c->sid[1]);
1509	if (rc)
1510	goto out;
1511	}
1512	*if_sid = c->sid[0];
1513	*msg_sid = c->sid[1];
1514	} else {
1515	*if_sid = SECINITSID_NETIF;
1516	*msg_sid = SECINITSID_NETMSG;
1517	}
1518
1519	out:
1520	POLICY_RDUNLOCK;
1521	return rc;
1522	}
1523
1524	static int match_ipv6_addrmask(u32 input, u32 addr, u32 *mask)
1525	{
1526	int i, fail = 0;
1527
1528	for(i = 0; i < 4; i++)
1529	if(addr[i] != (input[i] & mask[i])) {
1530	fail = 1;
1531	break;
1532	}
1533
1534	return !fail;
1535	}
1536
1537	/**
1538	* security_node_sid - Obtain the SID for a node (host).
1539	* @domain: communication domain aka address family
1540	* @addrp: address
1541	* @addrlen: address length in bytes
1542	* @out_sid: security identifier
1543	*/
1544	int security_node_sid(u16 domain,
1545	void *addrp,
1546	u32 addrlen,
1547	u32 *out_sid)
1548	{
1549	int rc = 0;
1550	struct ocontext *c;
1551
1552	POLICY_RDLOCK;
1553
1554	switch (domain) {
1555	case AF_INET: {
1556	u32 addr;
1557
1558	if (addrlen != sizeof(u32)) {
1559	rc = -EINVAL;
1560	goto out;
1561	}
1562
1563	addr = ((u32 )addrp);
1564
1565	c = policydb.ocontexts[OCON_NODE];
1566	while (c) {
1567	if (c->u.node.addr == (addr & c->u.node.mask))
1568	break;
1569	c = c->next;
1570	}
1571	break;
1572	}
1573
1574	case AF_INET6:
1575	if (addrlen != sizeof(u64) * 2) {
1576	rc = -EINVAL;
1577	goto out;
1578	}
1579	c = policydb.ocontexts[OCON_NODE6];
1580	while (c) {
1581	if (match_ipv6_addrmask(addrp, c->u.node6.addr,
1582	c->u.node6.mask))
1583	break;
1584	c = c->next;
1585	}
1586	break;
1587
1588	default:
1589	*out_sid = SECINITSID_NODE;
1590	goto out;
1591	}
1592
1593	if (c) {
1594	if (!c->sid[0]) {
1595	rc = sidtab_context_to_sid(&sidtab,
1596	&c->context[0],
1597	&c->sid[0]);
1598	if (rc)
1599	goto out;
1600	}
1601	*out_sid = c->sid[0];
1602	} else {
1603	*out_sid = SECINITSID_NODE;
1604	}
1605
1606	out:
1607	POLICY_RDUNLOCK;
1608	return rc;
1609	}
1610
1611	#define SIDS_NEL 25
1612
1613	/**
1614	* security_get_user_sids - Obtain reachable SIDs for a user.
1615	* @fromsid: starting SID
1616	* @username: username
1617	* @sids: array of reachable SIDs for user
1618	* @nel: number of elements in @sids
1619	*
1620	* Generate the set of SIDs for legal security contexts
1621	* for a given user that can be reached by @fromsid.
1622	* Set *@sids to point to a dynamically allocated
1623	* array containing the set of SIDs. Set *@nel to the
1624	* number of elements in the array.
1625	*/
1626
1627	int security_get_user_sids(u32 fromsid,
1628	char *username,
1629	u32 **sids,
1630	u32 *nel)
1631	{
1632	struct context *fromcon, usercon;
1633	u32 mysids = NULL, mysids2, sid;
1634	u32 mynel = 0, maxnel = SIDS_NEL;
1635	struct user_datum *user;
1636	struct role_datum *role;
1637	struct ebitmap_node rnode, tnode;
1638	int rc = 0, i, j;
1639
1640	*sids = NULL;
1641	*nel = 0;
1642
1643	if (!ss_initialized)
1644	goto out;
1645
1646	POLICY_RDLOCK;
1647
1648	fromcon = sidtab_search(&sidtab, fromsid);
1649	if (!fromcon) {
1650	rc = -EINVAL;
1651	goto out_unlock;
1652	}
1653
1654	user = hashtab_search(policydb.p_users.table, username);
1655	if (!user) {
1656	rc = -EINVAL;
1657	goto out_unlock;
1658	}
1659	usercon.user = user->value;
1660
1661	mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
1662	if (!mysids) {
1663	rc = -ENOMEM;
1664	goto out_unlock;
1665	}
1666
1667	ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
1668	role = policydb.role_val_to_struct[i];
1669	usercon.role = i+1;
1670	ebitmap_for_each_positive_bit(&role->types, tnode, j) {
1671	usercon.type = j+1;
1672
1673	if (mls_setup_user_range(fromcon, user, &usercon))
1674	continue;
1675
1676	rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
1677	if (rc)
1678	goto out_unlock;
1679	if (mynel < maxnel) {
1680	mysids[mynel++] = sid;
1681	} else {
1682	maxnel += SIDS_NEL;
1683	mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
1684	if (!mysids2) {
1685	rc = -ENOMEM;
1686	goto out_unlock;
1687	}
1688	memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
1689	kfree(mysids);
1690	mysids = mysids2;
1691	mysids[mynel++] = sid;
1692	}
1693	}
1694	}
1695
1696	out_unlock:
1697	POLICY_RDUNLOCK;
1698	if (rc \|\| !mynel) {
1699	kfree(mysids);
1700	goto out;
1701	}
1702
1703	mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
1704	if (!mysids2) {
1705	rc = -ENOMEM;
1706	kfree(mysids);
1707	goto out;
1708	}
1709	for (i = 0, j = 0; i < mynel; i++) {
1710	rc = avc_has_perm_noaudit(fromsid, mysids[i],
1711	SECCLASS_PROCESS,
1712	PROCESS__TRANSITION, AVC_STRICT,
1713	NULL);
1714	if (!rc)
1715	mysids2[j++] = mysids[i];
1716	cond_resched();
1717	}
1718	rc = 0;
1719	kfree(mysids);
1720	*sids = mysids2;
1721	*nel = j;
1722	out:
1723	return rc;
1724	}
1725
1726	/**
1727	* security_genfs_sid - Obtain a SID for a file in a filesystem
1728	* @fstype: filesystem type
1729	* @path: path from root of mount
1730	* @sclass: file security class
1731	* @sid: SID for path
1732	*
1733	* Obtain a SID to use for a file in a filesystem that
1734	* cannot support xattr or use a fixed labeling behavior like
1735	* transition SIDs or task SIDs.
1736	*/
1737	int security_genfs_sid(const char *fstype,
1738	char *path,
1739	u16 sclass,
1740	u32 *sid)
1741	{
1742	int len;
1743	struct genfs *genfs;
1744	struct ocontext *c;
1745	int rc = 0, cmp = 0;
1746
1747	while (path[0] == '/' && path[1] == '/')
1748	path++;
1749
1750	POLICY_RDLOCK;
1751
1752	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
1753	cmp = strcmp(fstype, genfs->fstype);
1754	if (cmp <= 0)
1755	break;
1756	}
1757
1758	if (!genfs \|\| cmp) {
1759	*sid = SECINITSID_UNLABELED;
1760	rc = -ENOENT;
1761	goto out;
1762	}
1763
1764	for (c = genfs->head; c; c = c->next) {
1765	len = strlen(c->u.name);
1766	if ((!c->v.sclass \|\| sclass == c->v.sclass) &&
1767	(strncmp(c->u.name, path, len) == 0))
1768	break;
1769	}
1770
1771	if (!c) {
1772	*sid = SECINITSID_UNLABELED;
1773	rc = -ENOENT;
1774	goto out;
1775	}
1776
1777	if (!c->sid[0]) {
1778	rc = sidtab_context_to_sid(&sidtab,
1779	&c->context[0],
1780	&c->sid[0]);
1781	if (rc)
1782	goto out;
1783	}
1784
1785	*sid = c->sid[0];
1786	out:
1787	POLICY_RDUNLOCK;
1788	return rc;
1789	}
1790
1791	/**
1792	* security_fs_use - Determine how to handle labeling for a filesystem.
1793	* @fstype: filesystem type
1794	* @behavior: labeling behavior
1795	* @sid: SID for filesystem (superblock)
1796	*/
1797	int security_fs_use(
1798	const char *fstype,
1799	unsigned int *behavior,
1800	u32 *sid)
1801	{
1802	int rc = 0;
1803	struct ocontext *c;
1804
1805	POLICY_RDLOCK;
1806
1807	c = policydb.ocontexts[OCON_FSUSE];
1808	while (c) {
1809	if (strcmp(fstype, c->u.name) == 0)
1810	break;
1811	c = c->next;
1812	}
1813
1814	if (c) {
1815	*behavior = c->v.behavior;
1816	if (!c->sid[0]) {
1817	rc = sidtab_context_to_sid(&sidtab,
1818	&c->context[0],
1819	&c->sid[0]);
1820	if (rc)
1821	goto out;
1822	}
1823	*sid = c->sid[0];
1824	} else {
1825	rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
1826	if (rc) {
1827	*behavior = SECURITY_FS_USE_NONE;
1828	rc = 0;
1829	} else {
1830	*behavior = SECURITY_FS_USE_GENFS;
1831	}
1832	}
1833
1834	out:
1835	POLICY_RDUNLOCK;
1836	return rc;
1837	}
1838
1839	int security_get_bools(int len, char names, int values)
1840	{
1841	int i, rc = -ENOMEM;
1842
1843	POLICY_RDLOCK;
1844	*names = NULL;
1845	*values = NULL;
1846
1847	*len = policydb.p_bools.nprim;
1848	if (!*len) {
1849	rc = 0;
1850	goto out;
1851	}
1852
1853	names = kcalloc(len, sizeof(char*), GFP_ATOMIC);
1854	if (!*names)
1855	goto err;
1856
1857	values = kcalloc(len, sizeof(int), GFP_ATOMIC);
1858	if (!*values)
1859	goto err;
1860
1861	for (i = 0; i < *len; i++) {
1862	size_t name_len;
1863	(*values)[i] = policydb.bool_val_to_struct[i]->state;
1864	name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
1865	(names)[i] = kmalloc(sizeof(char) name_len, GFP_ATOMIC);
1866	if (!(*names)[i])
1867	goto err;
1868	strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
1869	(*names)[i][name_len - 1] = 0;
1870	}
1871	rc = 0;
1872	out:
1873	POLICY_RDUNLOCK;
1874	return rc;
1875	err:
1876	if (*names) {
1877	for (i = 0; i < *len; i++)
1878	kfree((*names)[i]);
1879	}
1880	kfree(*values);
1881	goto out;
1882	}
1883
1884
1885	int security_set_bools(int len, int *values)
1886	{
1887	int i, rc = 0;
1888	int lenp, seqno = 0;
1889	struct cond_node *cur;
1890
1891	POLICY_WRLOCK;
1892
1893	lenp = policydb.p_bools.nprim;
1894	if (len != lenp) {
1895	rc = -EFAULT;
1896	goto out;
1897	}
1898
1899	for (i = 0; i < len; i++) {
1900	if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1901	audit_log(current->audit_context, GFP_ATOMIC,
1902	AUDIT_MAC_CONFIG_CHANGE,
1903	"bool=%s val=%d old_val=%d auid=%u",
1904	policydb.p_bool_val_to_name[i],
1905	!!values[i],
1906	policydb.bool_val_to_struct[i]->state,
1907	audit_get_loginuid(current->audit_context));
1908	}
1909	if (values[i]) {
1910	policydb.bool_val_to_struct[i]->state = 1;
1911	} else {
1912	policydb.bool_val_to_struct[i]->state = 0;
1913	}
1914	}
1915
1916	for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
1917	rc = evaluate_cond_node(&policydb, cur);
1918	if (rc)
1919	goto out;
1920	}
1921
1922	seqno = ++latest_granting;
1923
1924	out:
1925	POLICY_WRUNLOCK;
1926	if (!rc) {
1927	avc_ss_reset(seqno);
1928	selnl_notify_policyload(seqno);
1929	selinux_xfrm_notify_policyload();
1930	}
1931	return rc;
1932	}
1933
1934	int security_get_bool_value(int bool)
1935	{
1936	int rc = 0;
1937	int len;
1938
1939	POLICY_RDLOCK;
1940
1941	len = policydb.p_bools.nprim;
1942	if (bool >= len) {
1943	rc = -EFAULT;
1944	goto out;
1945	}
1946
1947	rc = policydb.bool_val_to_struct[bool]->state;
1948	out:
1949	POLICY_RDUNLOCK;
1950	return rc;
1951	}
1952
1953	static int security_preserve_bools(struct policydb *p)
1954	{
1955	int rc, nbools = 0, *bvalues = NULL, i;
1956	char **bnames = NULL;
1957	struct cond_bool_datum *booldatum;
1958	struct cond_node *cur;
1959
1960	rc = security_get_bools(&nbools, &bnames, &bvalues);
1961	if (rc)
1962	goto out;
1963	for (i = 0; i < nbools; i++) {
1964	booldatum = hashtab_search(p->p_bools.table, bnames[i]);
1965	if (booldatum)
1966	booldatum->state = bvalues[i];
1967	}
1968	for (cur = p->cond_list; cur != NULL; cur = cur->next) {
1969	rc = evaluate_cond_node(p, cur);
1970	if (rc)
1971	goto out;
1972	}
1973
1974	out:
1975	if (bnames) {
1976	for (i = 0; i < nbools; i++)
1977	kfree(bnames[i]);
1978	}
1979	kfree(bnames);
1980	kfree(bvalues);
1981	return rc;
1982	}
1983
1984	/*
1985	* security_sid_mls_copy() - computes a new sid based on the given
1986	* sid and the mls portion of mls_sid.
1987	*/
1988	int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
1989	{
1990	struct context *context1;
1991	struct context *context2;
1992	struct context newcon;
1993	char *s;
1994	u32 len;
1995	int rc = 0;
1996
1997	if (!ss_initialized \|\| !selinux_mls_enabled) {
1998	*new_sid = sid;
1999	goto out;
2000	}
2001
2002	context_init(&newcon);
2003
2004	POLICY_RDLOCK;
2005	context1 = sidtab_search(&sidtab, sid);
2006	if (!context1) {
2007	printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
2008	"%d\n", sid);
2009	rc = -EINVAL;
2010	goto out_unlock;
2011	}
2012
2013	context2 = sidtab_search(&sidtab, mls_sid);
2014	if (!context2) {
2015	printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
2016	"%d\n", mls_sid);
2017	rc = -EINVAL;
2018	goto out_unlock;
2019	}
2020
2021	newcon.user = context1->user;
2022	newcon.role = context1->role;
2023	newcon.type = context1->type;
2024	rc = mls_context_cpy(&newcon, context2);
2025	if (rc)
2026	goto out_unlock;
2027
2028	/* Check the validity of the new context. */
2029	if (!policydb_context_isvalid(&policydb, &newcon)) {
2030	rc = convert_context_handle_invalid_context(&newcon);
2031	if (rc)
2032	goto bad;
2033	}
2034
2035	rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);
2036	goto out_unlock;
2037
2038	bad:
2039	if (!context_struct_to_string(&newcon, &s, &len)) {
2040	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2041	"security_sid_mls_copy: invalid context %s", s);
2042	kfree(s);
2043	}
2044
2045	out_unlock:
2046	POLICY_RDUNLOCK;
2047	context_destroy(&newcon);
2048	out:
2049	return rc;
2050	}
2051
2052	static int get_classes_callback(void k, void d, void *args)
2053	{
2054	struct class_datum *datum = d;
2055	char name = k, *classes = args;
2056	int value = datum->value - 1;
2057
2058	classes[value] = kstrdup(name, GFP_ATOMIC);
2059	if (!classes[value])
2060	return -ENOMEM;
2061
2062	return 0;
2063	}
2064
2065	int security_get_classes(char **classes, int nclasses)
2066	{
2067	int rc = -ENOMEM;
2068
2069	POLICY_RDLOCK;
2070
2071	*nclasses = policydb.p_classes.nprim;
2072	classes = kcalloc(nclasses, sizeof(*classes), GFP_ATOMIC);
2073	if (!*classes)
2074	goto out;
2075
2076	rc = hashtab_map(policydb.p_classes.table, get_classes_callback,
2077	*classes);
2078	if (rc < 0) {
2079	int i;
2080	for (i = 0; i < *nclasses; i++)
2081	kfree((*classes)[i]);
2082	kfree(*classes);
2083	}
2084
2085	out:
2086	POLICY_RDUNLOCK;
2087	return rc;
2088	}
2089
2090	static int get_permissions_callback(void k, void d, void *args)
2091	{
2092	struct perm_datum *datum = d;
2093	char name = k, *perms = args;
2094	int value = datum->value - 1;
2095
2096	perms[value] = kstrdup(name, GFP_ATOMIC);
2097	if (!perms[value])
2098	return -ENOMEM;
2099
2100	return 0;
2101	}
2102
2103	int security_get_permissions(char class, char *perms, int nperms)
2104	{
2105	int rc = -ENOMEM, i;
2106	struct class_datum *match;
2107
2108	POLICY_RDLOCK;
2109
2110	match = hashtab_search(policydb.p_classes.table, class);
2111	if (!match) {
2112	printk(KERN_ERR "%s: unrecognized class %s\n",
2113	__FUNCTION__, class);
2114	rc = -EINVAL;
2115	goto out;
2116	}
2117
2118	*nperms = match->permissions.nprim;
2119	perms = kcalloc(nperms, sizeof(*perms), GFP_ATOMIC);
2120	if (!*perms)
2121	goto out;
2122
2123	if (match->comdatum) {
2124	rc = hashtab_map(match->comdatum->permissions.table,
2125	get_permissions_callback, *perms);
2126	if (rc < 0)
2127	goto err;
2128	}
2129
2130	rc = hashtab_map(match->permissions.table, get_permissions_callback,
2131	*perms);
2132	if (rc < 0)
2133	goto err;
2134
2135	out:
2136	POLICY_RDUNLOCK;
2137	return rc;
2138
2139	err:
2140	POLICY_RDUNLOCK;
2141	for (i = 0; i < *nperms; i++)
2142	kfree((*perms)[i]);
2143	kfree(*perms);
2144	return rc;
2145	}
2146
2147	int security_get_reject_unknown(void)
2148	{
2149	return policydb.reject_unknown;
2150	}
2151
2152	int security_get_allow_unknown(void)
2153	{
2154	return policydb.allow_unknown;
2155	}
2156
2157	struct selinux_audit_rule {
2158	u32 au_seqno;
2159	struct context au_ctxt;
2160	};
2161
2162	void selinux_audit_rule_free(struct selinux_audit_rule *rule)
2163	{
2164	if (rule) {
2165	context_destroy(&rule->au_ctxt);
2166	kfree(rule);
2167	}
2168	}
2169
2170	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
2171	struct selinux_audit_rule **rule)
2172	{
2173	struct selinux_audit_rule *tmprule;
2174	struct role_datum *roledatum;
2175	struct type_datum *typedatum;
2176	struct user_datum *userdatum;
2177	int rc = 0;
2178
2179	*rule = NULL;
2180
2181	if (!ss_initialized)
2182	return -EOPNOTSUPP;
2183
2184	switch (field) {
2185	case AUDIT_SUBJ_USER:
2186	case AUDIT_SUBJ_ROLE:
2187	case AUDIT_SUBJ_TYPE:
2188	case AUDIT_OBJ_USER:
2189	case AUDIT_OBJ_ROLE:
2190	case AUDIT_OBJ_TYPE:
2191	/* only 'equals' and 'not equals' fit user, role, and type */
2192	if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
2193	return -EINVAL;
2194	break;
2195	case AUDIT_SUBJ_SEN:
2196	case AUDIT_SUBJ_CLR:
2197	case AUDIT_OBJ_LEV_LOW:
2198	case AUDIT_OBJ_LEV_HIGH:
2199	/* we do not allow a range, indicated by the presense of '-' */
2200	if (strchr(rulestr, '-'))
2201	return -EINVAL;
2202	break;
2203	default:
2204	/* only the above fields are valid */
2205	return -EINVAL;
2206	}
2207
2208	tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
2209	if (!tmprule)
2210	return -ENOMEM;
2211
2212	context_init(&tmprule->au_ctxt);
2213
2214	POLICY_RDLOCK;
2215
2216	tmprule->au_seqno = latest_granting;
2217
2218	switch (field) {
2219	case AUDIT_SUBJ_USER:
2220	case AUDIT_OBJ_USER:
2221	userdatum = hashtab_search(policydb.p_users.table, rulestr);
2222	if (!userdatum)
2223	rc = -EINVAL;
2224	else
2225	tmprule->au_ctxt.user = userdatum->value;
2226	break;
2227	case AUDIT_SUBJ_ROLE:
2228	case AUDIT_OBJ_ROLE:
2229	roledatum = hashtab_search(policydb.p_roles.table, rulestr);
2230	if (!roledatum)
2231	rc = -EINVAL;
2232	else
2233	tmprule->au_ctxt.role = roledatum->value;
2234	break;
2235	case AUDIT_SUBJ_TYPE:
2236	case AUDIT_OBJ_TYPE:
2237	typedatum = hashtab_search(policydb.p_types.table, rulestr);
2238	if (!typedatum)
2239	rc = -EINVAL;
2240	else
2241	tmprule->au_ctxt.type = typedatum->value;
2242	break;
2243	case AUDIT_SUBJ_SEN:
2244	case AUDIT_SUBJ_CLR:
2245	case AUDIT_OBJ_LEV_LOW:
2246	case AUDIT_OBJ_LEV_HIGH:
2247	rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
2248	break;
2249	}
2250
2251	POLICY_RDUNLOCK;
2252
2253	if (rc) {
2254	selinux_audit_rule_free(tmprule);
2255	tmprule = NULL;
2256	}
2257
2258	*rule = tmprule;
2259
2260	return rc;
2261	}
2262
2263	int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
2264	struct selinux_audit_rule *rule,
2265	struct audit_context *actx)
2266	{
2267	struct context *ctxt;
2268	struct mls_level *level;
2269	int match = 0;
2270
2271	if (!rule) {
2272	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2273	"selinux_audit_rule_match: missing rule\n");
2274	return -ENOENT;
2275	}
2276
2277	POLICY_RDLOCK;
2278
2279	if (rule->au_seqno < latest_granting) {
2280	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2281	"selinux_audit_rule_match: stale rule\n");
2282	match = -ESTALE;
2283	goto out;
2284	}
2285
2286	ctxt = sidtab_search(&sidtab, sid);
2287	if (!ctxt) {
2288	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
2289	"selinux_audit_rule_match: unrecognized SID %d\n",
2290	sid);
2291	match = -ENOENT;
2292	goto out;
2293	}
2294
2295	/* a field/op pair that is not caught here will simply fall through
2296	without a match */
2297	switch (field) {
2298	case AUDIT_SUBJ_USER:
2299	case AUDIT_OBJ_USER:
2300	switch (op) {
2301	case AUDIT_EQUAL:
2302	match = (ctxt->user == rule->au_ctxt.user);
2303	break;
2304	case AUDIT_NOT_EQUAL:
2305	match = (ctxt->user != rule->au_ctxt.user);
2306	break;
2307	}
2308	break;
2309	case AUDIT_SUBJ_ROLE:
2310	case AUDIT_OBJ_ROLE:
2311	switch (op) {
2312	case AUDIT_EQUAL:
2313	match = (ctxt->role == rule->au_ctxt.role);
2314	break;
2315	case AUDIT_NOT_EQUAL:
2316	match = (ctxt->role != rule->au_ctxt.role);
2317	break;
2318	}
2319	break;
2320	case AUDIT_SUBJ_TYPE:
2321	case AUDIT_OBJ_TYPE:
2322	switch (op) {
2323	case AUDIT_EQUAL:
2324	match = (ctxt->type == rule->au_ctxt.type);
2325	break;
2326	case AUDIT_NOT_EQUAL:
2327	match = (ctxt->type != rule->au_ctxt.type);
2328	break;
2329	}
2330	break;
2331	case AUDIT_SUBJ_SEN:
2332	case AUDIT_SUBJ_CLR:
2333	case AUDIT_OBJ_LEV_LOW:
2334	case AUDIT_OBJ_LEV_HIGH:
2335	level = ((field == AUDIT_SUBJ_SEN \|\|
2336	field == AUDIT_OBJ_LEV_LOW) ?
2337	&ctxt->range.level[0] : &ctxt->range.level[1]);
2338	switch (op) {
2339	case AUDIT_EQUAL:
2340	match = mls_level_eq(&rule->au_ctxt.range.level[0],
2341	level);
2342	break;
2343	case AUDIT_NOT_EQUAL:
2344	match = !mls_level_eq(&rule->au_ctxt.range.level[0],
2345	level);
2346	break;
2347	case AUDIT_LESS_THAN:
2348	match = (mls_level_dom(&rule->au_ctxt.range.level[0],
2349	level) &&
2350	!mls_level_eq(&rule->au_ctxt.range.level[0],
2351	level));
2352	break;
2353	case AUDIT_LESS_THAN_OR_EQUAL:
2354	match = mls_level_dom(&rule->au_ctxt.range.level[0],
2355	level);
2356	break;
2357	case AUDIT_GREATER_THAN:
2358	match = (mls_level_dom(level,
2359	&rule->au_ctxt.range.level[0]) &&
2360	!mls_level_eq(level,
2361	&rule->au_ctxt.range.level[0]));
2362	break;
2363	case AUDIT_GREATER_THAN_OR_EQUAL:
2364	match = mls_level_dom(level,
2365	&rule->au_ctxt.range.level[0]);
2366	break;
2367	}
2368	}
2369
2370	out:
2371	POLICY_RDUNLOCK;
2372	return match;
2373	}
2374
2375	static int (*aurule_callback)(void) = NULL;
2376
2377	static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
2378	u16 class, u32 perms, u32 *retained)
2379	{
2380	int err = 0;
2381
2382	if (event == AVC_CALLBACK_RESET && aurule_callback)
2383	err = aurule_callback();
2384	return err;
2385	}
2386
2387	static int __init aurule_init(void)
2388	{
2389	int err;
2390
2391	err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
2392	SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
2393	if (err)
2394	panic("avc_add_callback() failed, error %d\n", err);
2395
2396	return err;
2397	}
2398	__initcall(aurule_init);
2399
2400	void selinux_audit_set_callback(int (*callback)(void))
2401	{
2402	aurule_callback = callback;
2403	}
2404
2405	#ifdef CONFIG_NETLABEL
2406	/*
2407	* NetLabel cache structure
2408	*/
2409	#define NETLBL_CACHE(x) ((struct selinux_netlbl_cache *)(x))
2410	#define NETLBL_CACHE_T_NONE 0
2411	#define NETLBL_CACHE_T_SID 1
2412	#define NETLBL_CACHE_T_MLS 2
2413	struct selinux_netlbl_cache {
2414	u32 type;
2415	union {
2416	u32 sid;
2417	struct mls_range mls_label;
2418	} data;
2419	};
2420
2421	/**
2422	* security_netlbl_cache_free - Free the NetLabel cached data
2423	* @data: the data to free
2424	*
2425	* Description:
2426	* This function is intended to be used as the free() callback inside the
2427	* netlbl_lsm_cache structure.
2428	*
2429	*/
2430	static void security_netlbl_cache_free(const void *data)
2431	{
2432	struct selinux_netlbl_cache *cache;
2433
2434	if (data == NULL)
2435	return;
2436
2437	cache = NETLBL_CACHE(data);
2438	switch (cache->type) {
2439	case NETLBL_CACHE_T_MLS:
2440	ebitmap_destroy(&cache->data.mls_label.level[0].cat);
2441	break;
2442	}
2443	kfree(data);
2444	}
2445
2446	/**
2447	* security_netlbl_cache_add - Add an entry to the NetLabel cache
2448	* @secattr: the NetLabel packet security attributes
2449	* @ctx: the SELinux context
2450	*
2451	* Description:
2452	* Attempt to cache the context in @ctx, which was derived from the packet in
2453	* @skb, in the NetLabel subsystem cache. This function assumes @secattr has
2454	* already been initialized.
2455	*
2456	*/
2457	static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
2458	struct context *ctx)
2459	{
2460	struct selinux_netlbl_cache *cache = NULL;
2461
2462	secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC);
2463	if (secattr->cache == NULL)
2464	return;
2465
2466	cache = kzalloc(sizeof(*cache), GFP_ATOMIC);
2467	if (cache == NULL)
2468	return;
2469
2470	cache->type = NETLBL_CACHE_T_MLS;
2471	if (ebitmap_cpy(&cache->data.mls_label.level[0].cat,
2472	&ctx->range.level[0].cat) != 0) {
2473	kfree(cache);
2474	return;
2475	}
2476	cache->data.mls_label.level[1].cat.highbit =
2477	cache->data.mls_label.level[0].cat.highbit;
2478	cache->data.mls_label.level[1].cat.node =
2479	cache->data.mls_label.level[0].cat.node;
2480	cache->data.mls_label.level[0].sens = ctx->range.level[0].sens;
2481	cache->data.mls_label.level[1].sens = ctx->range.level[0].sens;
2482
2483	secattr->cache->free = security_netlbl_cache_free;
2484	secattr->cache->data = (void *)cache;
2485	secattr->flags \|= NETLBL_SECATTR_CACHE;
2486	}
2487
2488	/**
2489	* security_netlbl_secattr_to_sid - Convert a NetLabel secattr to a SELinux SID
2490	* @secattr: the NetLabel packet security attributes
2491	* @base_sid: the SELinux SID to use as a context for MLS only attributes
2492	* @sid: the SELinux SID
2493	*
2494	* Description:
2495	* Convert the given NetLabel security attributes in @secattr into a
2496	* SELinux SID. If the @secattr field does not contain a full SELinux
2497	* SID/context then use the context in @base_sid as the foundation. If
2498	* possibile the 'cache' field of @secattr is set and the CACHE flag is set;
2499	* this is to allow the @secattr to be used by NetLabel to cache the secattr to
2500	* SID conversion for future lookups. Returns zero on success, negative
2501	* values on failure.
2502	*
2503	*/
2504	int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
2505	u32 base_sid,
2506	u32 *sid)
2507	{
2508	int rc = -EIDRM;
2509	struct context *ctx;
2510	struct context ctx_new;
2511	struct selinux_netlbl_cache *cache;
2512
2513	if (!ss_initialized) {
2514	*sid = SECSID_NULL;
2515	return 0;
2516	}
2517
2518	POLICY_RDLOCK;
2519
2520	if (secattr->flags & NETLBL_SECATTR_CACHE) {
2521	cache = NETLBL_CACHE(secattr->cache->data);
2522	switch (cache->type) {
2523	case NETLBL_CACHE_T_SID:
2524	*sid = cache->data.sid;
2525	rc = 0;
2526	break;
2527	case NETLBL_CACHE_T_MLS:
2528	ctx = sidtab_search(&sidtab, base_sid);
2529	if (ctx == NULL)
2530	goto netlbl_secattr_to_sid_return;
2531
2532	ctx_new.user = ctx->user;
2533	ctx_new.role = ctx->role;
2534	ctx_new.type = ctx->type;
2535	ctx_new.range.level[0].sens =
2536	cache->data.mls_label.level[0].sens;
2537	ctx_new.range.level[0].cat.highbit =
2538	cache->data.mls_label.level[0].cat.highbit;
2539	ctx_new.range.level[0].cat.node =
2540	cache->data.mls_label.level[0].cat.node;
2541	ctx_new.range.level[1].sens =
2542	cache->data.mls_label.level[1].sens;
2543	ctx_new.range.level[1].cat.highbit =
2544	cache->data.mls_label.level[1].cat.highbit;
2545	ctx_new.range.level[1].cat.node =
2546	cache->data.mls_label.level[1].cat.node;
2547
2548	rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
2549	break;
2550	default:
2551	goto netlbl_secattr_to_sid_return;
2552	}
2553	} else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
2554	ctx = sidtab_search(&sidtab, base_sid);
2555	if (ctx == NULL)
2556	goto netlbl_secattr_to_sid_return;
2557
2558	ctx_new.user = ctx->user;
2559	ctx_new.role = ctx->role;
2560	ctx_new.type = ctx->type;
2561	mls_import_netlbl_lvl(&ctx_new, secattr);
2562	if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
2563	if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
2564	secattr->mls_cat) != 0)
2565	goto netlbl_secattr_to_sid_return;
2566	ctx_new.range.level[1].cat.highbit =
2567	ctx_new.range.level[0].cat.highbit;
2568	ctx_new.range.level[1].cat.node =
2569	ctx_new.range.level[0].cat.node;
2570	} else {
2571	ebitmap_init(&ctx_new.range.level[0].cat);
2572	ebitmap_init(&ctx_new.range.level[1].cat);
2573	}
2574	if (mls_context_isvalid(&policydb, &ctx_new) != 1)
2575	goto netlbl_secattr_to_sid_return_cleanup;
2576
2577	rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
2578	if (rc != 0)
2579	goto netlbl_secattr_to_sid_return_cleanup;
2580
2581	security_netlbl_cache_add(secattr, &ctx_new);
2582
2583	ebitmap_destroy(&ctx_new.range.level[0].cat);
2584	} else {
2585	*sid = SECSID_NULL;
2586	rc = 0;
2587	}
2588
2589	netlbl_secattr_to_sid_return:
2590	POLICY_RDUNLOCK;
2591	return rc;
2592	netlbl_secattr_to_sid_return_cleanup:
2593	ebitmap_destroy(&ctx_new.range.level[0].cat);
2594	goto netlbl_secattr_to_sid_return;
2595	}
2596
2597	/**
2598	* security_netlbl_sid_to_secattr - Convert a SELinux SID to a NetLabel secattr
2599	* @sid: the SELinux SID
2600	* @secattr: the NetLabel packet security attributes
2601	*
2602	* Description:
2603	* Convert the given SELinux SID in @sid into a NetLabel security attribute.
2604	* Returns zero on success, negative values on failure.
2605	*
2606	*/
2607	int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
2608	{
2609	int rc = -ENOENT;
2610	struct context *ctx;
2611
2612	if (!ss_initialized)
2613	return 0;
2614
2615	POLICY_RDLOCK;
2616	ctx = sidtab_search(&sidtab, sid);
2617	if (ctx == NULL)
2618	goto netlbl_sid_to_secattr_failure;
2619	secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
2620	GFP_ATOMIC);
2621	secattr->flags \|= NETLBL_SECATTR_DOMAIN;
2622	mls_export_netlbl_lvl(ctx, secattr);
2623	rc = mls_export_netlbl_cat(ctx, secattr);
2624	if (rc != 0)
2625	goto netlbl_sid_to_secattr_failure;
2626	POLICY_RDUNLOCK;
2627
2628	return 0;
2629
2630	netlbl_sid_to_secattr_failure:
2631	POLICY_RDUNLOCK;
2632	return rc;
2633	}
2634	#endif /* CONFIG_NETLABEL */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: