PageRenderTime 48ms CodeModel.GetById 8ms RepoModel.GetById 1ms app.codeStats 0ms

/security/selinux/ss/services.c

https://gitlab.com/LiquidSmooth-Devices/android_kernel_htc_msm8974
C | 2877 lines | 2367 code | 469 blank | 41 comment | 442 complexity | 31ad24ff7ada71a99565e5cd23638c3d MD5 | raw file
Possible License(s): GPL-2.0

Large files files are truncated, but you can click here to view the full file

    

  1. /*
    2. 

  2.  * Implementation of the security services.
    3. 

  3.  *
    4. 

  4.  * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
    5. 

  5.  *	     James Morris <jmorris@redhat.com>
    6. 

  6.  *
    7. 

  7.  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
    8. 

  8.  *
    9. 

  9.  *	Support for enhanced MLS infrastructure.
    10. 

  10.  *	Support for context based audit filters.
    11. 

  11.  *
    12. 

  12.  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
    13. 

  13.  *
    14. 

  14.  *	Added conditional policy language extensions
    15. 

  15.  *
    16. 

  16.  * Updated: Hewlett-Packard <paul@paul-moore.com>
    17. 

  17.  *
    18. 

  18.  *      Added support for NetLabel
    19. 

  19.  *      Added support for the policy capability bitmap
    20. 

  20.  *
    21. 

  21.  * Updated: Chad Sellers <csellers@tresys.com>
    22. 

  22.  *
    23. 

  23.  *  Added validation of kernel classes and permissions
    24. 

  24.  *
    25. 

  25.  * Updated: KaiGai Kohei <kaigai@ak.jp.nec.com>
    26. 

  26.  *
    27. 

  27.  *  Added support for bounds domain and audit messaged on masked permissions
    28. 

  28.  *
    29. 

  29.  * Updated: Guido Trentalancia <guido@trentalancia.com>
    30. 

  30.  *
    31. 

  31.  *  Added support for runtime switching of the policy type
    32. 

  32.  *
    33. 

  33.  * Copyright (C) 2008, 2009 NEC Corporation
    34. 

  34.  * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
    35. 

  35.  * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
    36. 

  36.  * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
    37. 

  37.  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
    38. 

  38.  *	This program is free software; you can redistribute it and/or modify
    39. 

  39.  *	it under the terms of the GNU General Public License as published by
    40. 

  40.  *	the Free Software Foundation, version 2.
    41. 

  41.  */
    42. 

  42. #include <linux/kernel.h>
    43. 

  43. #include <linux/slab.h>
    44. 

  44. #include <linux/string.h>
    45. 

  45. #include <linux/spinlock.h>
    46. 

  46. #include <linux/rcupdate.h>
    47. 

  47. #include <linux/errno.h>
    48. 

  48. #include <linux/in.h>
    49. 

  49. #include <linux/sched.h>
    50. 

  50. #include <linux/audit.h>
    51. 

  51. #include <linux/mutex.h>
    52. 

  52. #include <linux/selinux.h>
    53. 

  53. #include <linux/flex_array.h>
    54. 

  54. #include <linux/vmalloc.h>
    55. 

  55. #include <net/netlabel.h>
    56. 

  56. 

  57. #include "flask.h"
    58. 

  58. #include "avc.h"
    59. 

  59. #include "avc_ss.h"
    60. 

  60. #include "security.h"
    61. 

  61. #include "context.h"
    62. 

  62. #include "policydb.h"
    63. 

  63. #include "sidtab.h"
    64. 

  64. #include "services.h"
    65. 

  65. #include "conditional.h"
    66. 

  66. #include "mls.h"
    67. 

  67. #include "objsec.h"
    68. 

  68. #include "netlabel.h"
    69. 

  69. #include "xfrm.h"
    70. 

  70. #include "ebitmap.h"
    71. 

  71. #include "audit.h"
    72. 

  72. 

  73. int selinux_policycap_netpeer;
    74. 

  74. int selinux_policycap_openperm;
    75. 

  75. 

  76. static DEFINE_RWLOCK(policy_rwlock);
    77. 

  77. 

  78. static struct sidtab sidtab;
    79. 

  79. struct policydb policydb;
    80. 

  80. int ss_initialized;
    81. 

  81. 

  82. static u32 latest_granting;
    83. 

  83. 

  84. static int context_struct_to_string(struct context *context, char **scontext,
    85. 

  85. 				    u32 *scontext_len);
    86. 

  86. 

  87. static void context_struct_compute_av(struct context *scontext,
    88. 

  88. 				      struct context *tcontext,
    89. 

  89. 				      u16 tclass,
    90. 

  90. 				      struct av_decision *avd);
    91. 

  91. 

  92. struct selinux_mapping {
    93. 

  93. 	u16 value; 
    94. 

  94. 	unsigned num_perms;
    95. 

  95. 	u32 perms[sizeof(u32) * 8];
    96. 

  96. };
    97. 

  97. 

  98. static struct selinux_mapping *current_mapping;
    99. 

  99. static u16 current_mapping_size;
    100. 

  100. 

  101. static int selinux_set_mapping(struct policydb *pol,
    102. 

  102. 			       struct security_class_mapping *map,
    103. 

  103. 			       struct selinux_mapping **out_map_p,
    104. 

  104. 			       u16 *out_map_size)
    105. 

  105. {
    106. 

  106. 	struct selinux_mapping *out_map = NULL;
    107. 

  107. 	size_t size = sizeof(struct selinux_mapping);
    108. 

  108. 	u16 i, j;
    109. 

  109. 	unsigned k;
    110. 

  110. 	bool print_unknown_handle = false;
    111. 

  111. 

  112. 	
    113. 

  113. 	if (!map)
    114. 

  114. 		return -EINVAL;
    115. 

  115. 	i = 0;
    116. 

  116. 	while (map[i].name)
    117. 

  117. 		i++;
    118. 

  118. 

  119. 	
    120. 

  120. 	out_map = kcalloc(++i, size, GFP_ATOMIC);
    121. 

  121. 	if (!out_map)
    122. 

  122. 		return -ENOMEM;
    123. 

  123. 

  124. 	
    125. 

  125. 	j = 0;
    126. 

  126. 	while (map[j].name) {
    127. 

  127. 		struct security_class_mapping *p_in = map + (j++);
    128. 

  128. 		struct selinux_mapping *p_out = out_map + j;
    129. 

  129. 

  130. 		
    131. 

  131. 		if (!strcmp(p_in->name, "")) {
    132. 

  132. 			p_out->num_perms = 0;
    133. 

  133. 			continue;
    134. 

  134. 		}
    135. 

  135. 

  136. 		p_out->value = string_to_security_class(pol, p_in->name);
    137. 

  137. 		if (!p_out->value) {
    138. 

  138. 			printk(KERN_INFO
    139. 

  139. 			       "SELinux:  Class %s not defined in policy.\n",
    140. 

  140. 			       p_in->name);
    141. 

  141. 			if (pol->reject_unknown)
    142. 

  142. 				goto err;
    143. 

  143. 			p_out->num_perms = 0;
    144. 

  144. 			print_unknown_handle = true;
    145. 

  145. 			continue;
    146. 

  146. 		}
    147. 

  147. 

  148. 		k = 0;
    149. 

  149. 		while (p_in->perms && p_in->perms[k]) {
    150. 

  150. 			
    151. 

  151. 			if (!*p_in->perms[k]) {
    152. 

  152. 				k++;
    153. 

  153. 				continue;
    154. 

  154. 			}
    155. 

  155. 			p_out->perms[k] = string_to_av_perm(pol, p_out->value,
    156. 

  156. 							    p_in->perms[k]);
    157. 

  157. 			if (!p_out->perms[k]) {
    158. 

  158. 				printk(KERN_INFO
    159. 

  159. 				       "SELinux:  Permission %s in class %s not defined in policy.\n",
    160. 

  160. 				       p_in->perms[k], p_in->name);
    161. 

  161. 				if (pol->reject_unknown)
    162. 

  162. 					goto err;
    163. 

  163. 				print_unknown_handle = true;
    164. 

  164. 			}
    165. 

  165. 

  166. 			k++;
    167. 

  167. 		}
    168. 

  168. 		p_out->num_perms = k;
    169. 

  169. 	}
    170. 

  170. 

  171. 	if (print_unknown_handle)
    172. 

  172. 		printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
    173. 

  173. 		       pol->allow_unknown ? "allowed" : "denied");
    174. 

  174. 

  175. 	*out_map_p = out_map;
    176. 

  176. 	*out_map_size = i;
    177. 

  177. 	return 0;
    178. 

  178. err:
    179. 

  179. 	kfree(out_map);
    180. 

  180. 	return -EINVAL;
    181. 

  181. }
    182. 

  182. 

  183. 

  184. static u16 unmap_class(u16 tclass)
    185. 

  185. {
    186. 

  186. 	if (tclass < current_mapping_size)
    187. 

  187. 		return current_mapping[tclass].value;
    188. 

  188. 

  189. 	return tclass;
    190. 

  190. }
    191. 

  191. 

  192. static u16 map_class(u16 pol_value)
    193. 

  193. {
    194. 

  194. 	u16 i;
    195. 

  195. 

  196. 	for (i = 1; i < current_mapping_size; i++) {
    197. 

  197. 		if (current_mapping[i].value == pol_value)
    198. 

  198. 			return i;
    199. 

  199. 	}
    200. 

  200. 

  201. 	return SECCLASS_NULL;
    202. 

  202. }
    203. 

  203. 

  204. static void map_decision(u16 tclass, struct av_decision *avd,
    205. 

  205. 			 int allow_unknown)
    206. 

  206. {
    207. 

  207. 	if (tclass < current_mapping_size) {
    208. 

  208. 		unsigned i, n = current_mapping[tclass].num_perms;
    209. 

  209. 		u32 result;
    210. 

  210. 

  211. 		for (i = 0, result = 0; i < n; i++) {
    212. 

  212. 			if (avd->allowed & current_mapping[tclass].perms[i])
    213. 

  213. 				result |= 1<<i;
    214. 

  214. 			if (allow_unknown && !current_mapping[tclass].perms[i])
    215. 

  215. 				result |= 1<<i;
    216. 

  216. 		}
    217. 

  217. 		avd->allowed = result;
    218. 

  218. 

  219. 		for (i = 0, result = 0; i < n; i++)
    220. 

  220. 			if (avd->auditallow & current_mapping[tclass].perms[i])
    221. 

  221. 				result |= 1<<i;
    222. 

  222. 		avd->auditallow = result;
    223. 

  223. 

  224. 		for (i = 0, result = 0; i < n; i++) {
    225. 

  225. 			if (avd->auditdeny & current_mapping[tclass].perms[i])
    226. 

  226. 				result |= 1<<i;
    227. 

  227. 			if (!allow_unknown && !current_mapping[tclass].perms[i])
    228. 

  228. 				result |= 1<<i;
    229. 

  229. 		}
    230. 

  230. 		for (; i < (sizeof(u32)*8); i++)
    231. 

  231. 			result |= 1<<i;
    232. 

  232. 		avd->auditdeny = result;
    233. 

  233. 	}
    234. 

  234. }
    235. 

  235. 

  236. int security_mls_enabled(void)
    237. 

  237. {
    238. 

  238. 	return policydb.mls_enabled;
    239. 

  239. }
    240. 

  240. 

  241. static int constraint_expr_eval(struct context *scontext,
    242. 

  242. 				struct context *tcontext,
    243. 

  243. 				struct context *xcontext,
    244. 

  244. 				struct constraint_expr *cexpr)
    245. 

  245. {
    246. 

  246. 	u32 val1, val2;
    247. 

  247. 	struct context *c;
    248. 

  248. 	struct role_datum *r1, *r2;
    249. 

  249. 	struct mls_level *l1, *l2;
    250. 

  250. 	struct constraint_expr *e;
    251. 

  251. 	int s[CEXPR_MAXDEPTH] = {0};
    252. 

  252. 	int sp = -1;
    253. 

  253. 

  254. 	for (e = cexpr; e; e = e->next) {
    255. 

  255. 		switch (e->expr_type) {
    256. 

  256. 		case CEXPR_NOT:
    257. 

  257. 			BUG_ON(sp < 0);
    258. 

  258. 			s[sp] = !s[sp];
    259. 

  259. 			break;
    260. 

  260. 		case CEXPR_AND:
    261. 

  261. 			BUG_ON(sp < 1);
    262. 

  262. 			sp--;
    263. 

  263. 			s[sp] &= s[sp + 1];
    264. 

  264. 			break;
    265. 

  265. 		case CEXPR_OR:
    266. 

  266. 			BUG_ON(sp < 1);
    267. 

  267. 			sp--;
    268. 

  268. 			s[sp] |= s[sp + 1];
    269. 

  269. 			break;
    270. 

  270. 		case CEXPR_ATTR:
    271. 

  271. 			if (sp == (CEXPR_MAXDEPTH - 1))
    272. 

  272. 				return 0;
    273. 

  273. 			switch (e->attr) {
    274. 

  274. 			case CEXPR_USER:
    275. 

  275. 				val1 = scontext->user;
    276. 

  276. 				val2 = tcontext->user;
    277. 

  277. 				break;
    278. 

  278. 			case CEXPR_TYPE:
    279. 

  279. 				val1 = scontext->type;
    280. 

  280. 				val2 = tcontext->type;
    281. 

  281. 				break;
    282. 

  282. 			case CEXPR_ROLE:
    283. 

  283. 				val1 = scontext->role;
    284. 

  284. 				val2 = tcontext->role;
    285. 

  285. 				r1 = policydb.role_val_to_struct[val1 - 1];
    286. 

  286. 				r2 = policydb.role_val_to_struct[val2 - 1];
    287. 

  287. 				switch (e->op) {
    288. 

  288. 				case CEXPR_DOM:
    289. 

  289. 					s[++sp] = ebitmap_get_bit(&r1->dominates,
    290. 

  290. 								  val2 - 1);
    291. 

  291. 					continue;
    292. 

  292. 				case CEXPR_DOMBY:
    293. 

  293. 					s[++sp] = ebitmap_get_bit(&r2->dominates,
    294. 

  294. 								  val1 - 1);
    295. 

  295. 					continue;
    296. 

  296. 				case CEXPR_INCOMP:
    297. 

  297. 					s[++sp] = (!ebitmap_get_bit(&r1->dominates,
    298. 

  298. 								    val2 - 1) &&
    299. 

  299. 						   !ebitmap_get_bit(&r2->dominates,
    300. 

  300. 								    val1 - 1));
    301. 

  301. 					continue;
    302. 

  302. 				default:
    303. 

  303. 					break;
    304. 

  304. 				}
    305. 

  305. 				break;
    306. 

  306. 			case CEXPR_L1L2:
    307. 

  307. 				l1 = &(scontext->range.level[0]);
    308. 

  308. 				l2 = &(tcontext->range.level[0]);
    309. 

  309. 				goto mls_ops;
    310. 

  310. 			case CEXPR_L1H2:
    311. 

  311. 				l1 = &(scontext->range.level[0]);
    312. 

  312. 				l2 = &(tcontext->range.level[1]);
    313. 

  313. 				goto mls_ops;
    314. 

  314. 			case CEXPR_H1L2:
    315. 

  315. 				l1 = &(scontext->range.level[1]);
    316. 

  316. 				l2 = &(tcontext->range.level[0]);
    317. 

  317. 				goto mls_ops;
    318. 

  318. 			case CEXPR_H1H2:
    319. 

  319. 				l1 = &(scontext->range.level[1]);
    320. 

  320. 				l2 = &(tcontext->range.level[1]);
    321. 

  321. 				goto mls_ops;
    322. 

  322. 			case CEXPR_L1H1:
    323. 

  323. 				l1 = &(scontext->range.level[0]);
    324. 

  324. 				l2 = &(scontext->range.level[1]);
    325. 

  325. 				goto mls_ops;
    326. 

  326. 			case CEXPR_L2H2:
    327. 

  327. 				l1 = &(tcontext->range.level[0]);
    328. 

  328. 				l2 = &(tcontext->range.level[1]);
    329. 

  329. 				goto mls_ops;
    330. 

  330. mls_ops:
    331. 

  331. 			switch (e->op) {
    332. 

  332. 			case CEXPR_EQ:
    333. 

  333. 				s[++sp] = mls_level_eq(l1, l2);
    334. 

  334. 				continue;
    335. 

  335. 			case CEXPR_NEQ:
    336. 

  336. 				s[++sp] = !mls_level_eq(l1, l2);
    337. 

  337. 				continue;
    338. 

  338. 			case CEXPR_DOM:
    339. 

  339. 				s[++sp] = mls_level_dom(l1, l2);
    340. 

  340. 				continue;
    341. 

  341. 			case CEXPR_DOMBY:
    342. 

  342. 				s[++sp] = mls_level_dom(l2, l1);
    343. 

  343. 				continue;
    344. 

  344. 			case CEXPR_INCOMP:
    345. 

  345. 				s[++sp] = mls_level_incomp(l2, l1);
    346. 

  346. 				continue;
    347. 

  347. 			default:
    348. 

  348. 				BUG();
    349. 

  349. 				return 0;
    350. 

  350. 			}
    351. 

  351. 			break;
    352. 

  352. 			default:
    353. 

  353. 				BUG();
    354. 

  354. 				return 0;
    355. 

  355. 			}
    356. 

  356. 

  357. 			switch (e->op) {
    358. 

  358. 			case CEXPR_EQ:
    359. 

  359. 				s[++sp] = (val1 == val2);
    360. 

  360. 				break;
    361. 

  361. 			case CEXPR_NEQ:
    362. 

  362. 				s[++sp] = (val1 != val2);
    363. 

  363. 				break;
    364. 

  364. 			default:
    365. 

  365. 				BUG();
    366. 

  366. 				return 0;
    367. 

  367. 			}
    368. 

  368. 			break;
    369. 

  369. 		case CEXPR_NAMES:
    370. 

  370. 			if (sp == (CEXPR_MAXDEPTH-1))
    371. 

  371. 				return 0;
    372. 

  372. 			c = scontext;
    373. 

  373. 			if (e->attr & CEXPR_TARGET)
    374. 

  374. 				c = tcontext;
    375. 

  375. 			else if (e->attr & CEXPR_XTARGET) {
    376. 

  376. 				c = xcontext;
    377. 

  377. 				if (!c) {
    378. 

  378. 					BUG();
    379. 

  379. 					return 0;
    380. 

  380. 				}
    381. 

  381. 			}
    382. 

  382. 			if (e->attr & CEXPR_USER)
    383. 

  383. 				val1 = c->user;
    384. 

  384. 			else if (e->attr & CEXPR_ROLE)
    385. 

  385. 				val1 = c->role;
    386. 

  386. 			else if (e->attr & CEXPR_TYPE)
    387. 

  387. 				val1 = c->type;
    388. 

  388. 			else {
    389. 

  389. 				BUG();
    390. 

  390. 				return 0;
    391. 

  391. 			}
    392. 

  392. 

  393. 			switch (e->op) {
    394. 

  394. 			case CEXPR_EQ:
    395. 

  395. 				s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
    396. 

  396. 				break;
    397. 

  397. 			case CEXPR_NEQ:
    398. 

  398. 				s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
    399. 

  399. 				break;
    400. 

  400. 			default:
    401. 

  401. 				BUG();
    402. 

  402. 				return 0;
    403. 

  403. 			}
    404. 

  404. 			break;
    405. 

  405. 		default:
    406. 

  406. 			BUG();
    407. 

  407. 			return 0;
    408. 

  408. 		}
    409. 

  409. 	}
    410. 

  410. 

  411. 	BUG_ON(sp != 0);
    412. 

  412. 	return s[0];
    413. 

  413. }
    414. 

  414. 

  415. static int dump_masked_av_helper(void *k, void *d, void *args)
    416. 

  416. {
    417. 

  417. 	struct perm_datum *pdatum = d;
    418. 

  418. 	char **permission_names = args;
    419. 

  419. 

  420. 	BUG_ON(pdatum->value < 1 || pdatum->value > 32);
    421. 

  421. 

  422. 	permission_names[pdatum->value - 1] = (char *)k;
    423. 

  423. 

  424. 	return 0;
    425. 

  425. }
    426. 

  426. 

  427. static void security_dump_masked_av(struct context *scontext,
    428. 

  428. 				    struct context *tcontext,
    429. 

  429. 				    u16 tclass,
    430. 

  430. 				    u32 permissions,
    431. 

  431. 				    const char *reason)
    432. 

  432. {
    433. 

  433. 	struct common_datum *common_dat;
    434. 

  434. 	struct class_datum *tclass_dat;
    435. 

  435. 	struct audit_buffer *ab;
    436. 

  436. 	char *tclass_name;
    437. 

  437. 	char *scontext_name = NULL;
    438. 

  438. 	char *tcontext_name = NULL;
    439. 

  439. 	char *permission_names[32];
    440. 

  440. 	int index;
    441. 

  441. 	u32 length;
    442. 

  442. 	bool need_comma = false;
    443. 

  443. 

  444. 	if (!permissions)
    445. 

  445. 		return;
    446. 

  446. 

  447. 	tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);
    448. 

  448. 	tclass_dat = policydb.class_val_to_struct[tclass - 1];
    449. 

  449. 	common_dat = tclass_dat->comdatum;
    450. 

  450. 

  451. 	
    452. 

  452. 	if (common_dat &&
    453. 

  453. 	    hashtab_map(common_dat->permissions.table,
    454. 

  454. 			dump_masked_av_helper, permission_names) < 0)
    455. 

  455. 		goto out;
    456. 

  456. 

  457. 	if (hashtab_map(tclass_dat->permissions.table,
    458. 

  458. 			dump_masked_av_helper, permission_names) < 0)
    459. 

  459. 		goto out;
    460. 

  460. 

  461. 	
    462. 

  462. 	if (context_struct_to_string(scontext,
    463. 

  463. 				     &scontext_name, &length) < 0)
    464. 

  464. 		goto out;
    465. 

  465. 

  466. 	if (context_struct_to_string(tcontext,
    467. 

  467. 				     &tcontext_name, &length) < 0)
    468. 

  468. 		goto out;
    469. 

  469. 

  470. 	
    471. 

  471. 	ab = audit_log_start(current->audit_context,
    472. 

  472. 			     GFP_ATOMIC, AUDIT_SELINUX_ERR);
    473. 

  473. 	if (!ab)
    474. 

  474. 		goto out;
    475. 

  475. 

  476. 	audit_log_format(ab, "op=security_compute_av reason=%s "
    477. 

  477. 			 "scontext=%s tcontext=%s tclass=%s perms=",
    478. 

  478. 			 reason, scontext_name, tcontext_name, tclass_name);
    479. 

  479. 

  480. 	for (index = 0; index < 32; index++) {
    481. 

  481. 		u32 mask = (1 << index);
    482. 

  482. 

  483. 		if ((mask & permissions) == 0)
    484. 

  484. 			continue;
    485. 

  485. 

  486. 		audit_log_format(ab, "%s%s",
    487. 

  487. 				 need_comma ? "," : "",
    488. 

  488. 				 permission_names[index]
    489. 

  489. 				 ? permission_names[index] : "????");
    490. 

  490. 		need_comma = true;
    491. 

  491. 	}
    492. 

  492. 	audit_log_end(ab);
    493. 

  493. out:
    494. 

  494. 	
    495. 

  495. 	kfree(tcontext_name);
    496. 

  496. 	kfree(scontext_name);
    497. 

  497. 

  498. 	return;
    499. 

  499. }
    500. 

  500. 

  501. static void type_attribute_bounds_av(struct context *scontext,
    502. 

  502. 				     struct context *tcontext,
    503. 

  503. 				     u16 tclass,
    504. 

  504. 				     struct av_decision *avd)
    505. 

  505. {
    506. 

  506. 	struct context lo_scontext;
    507. 

  507. 	struct context lo_tcontext;
    508. 

  508. 	struct av_decision lo_avd;
    509. 

  509. 	struct type_datum *source;
    510. 

  510. 	struct type_datum *target;
    511. 

  511. 	u32 masked = 0;
    512. 

  512. 

  513. 	source = flex_array_get_ptr(policydb.type_val_to_struct_array,
    514. 

  514. 				    scontext->type - 1);
    515. 

  515. 	BUG_ON(!source);
    516. 

  516. 

  517. 	target = flex_array_get_ptr(policydb.type_val_to_struct_array,
    518. 

  518. 				    tcontext->type - 1);
    519. 

  519. 	BUG_ON(!target);
    520. 

  520. 

  521. 	if (source->bounds) {
    522. 

  522. 		memset(&lo_avd, 0, sizeof(lo_avd));
    523. 

  523. 

  524. 		memcpy(&lo_scontext, scontext, sizeof(lo_scontext));
    525. 

  525. 		lo_scontext.type = source->bounds;
    526. 

  526. 

  527. 		context_struct_compute_av(&lo_scontext,
    528. 

  528. 					  tcontext,
    529. 

  529. 					  tclass,
    530. 

  530. 					  &lo_avd);
    531. 

  531. 		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
    532. 

  532. 			return;		
    533. 

  533. 		masked = ~lo_avd.allowed & avd->allowed;
    534. 

  534. 	}
    535. 

  535. 

  536. 	if (target->bounds) {
    537. 

  537. 		memset(&lo_avd, 0, sizeof(lo_avd));
    538. 

  538. 

  539. 		memcpy(&lo_tcontext, tcontext, sizeof(lo_tcontext));
    540. 

  540. 		lo_tcontext.type = target->bounds;
    541. 

  541. 

  542. 		context_struct_compute_av(scontext,
    543. 

  543. 					  &lo_tcontext,
    544. 

  544. 					  tclass,
    545. 

  545. 					  &lo_avd);
    546. 

  546. 		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
    547. 

  547. 			return;		
    548. 

  548. 		masked = ~lo_avd.allowed & avd->allowed;
    549. 

  549. 	}
    550. 

  550. 

  551. 	if (source->bounds && target->bounds) {
    552. 

  552. 		memset(&lo_avd, 0, sizeof(lo_avd));
    553. 

  553. 

  554. 		context_struct_compute_av(&lo_scontext,
    555. 

  555. 					  &lo_tcontext,
    556. 

  556. 					  tclass,
    557. 

  557. 					  &lo_avd);
    558. 

  558. 		if ((lo_avd.allowed & avd->allowed) == avd->allowed)
    559. 

  559. 			return;		
    560. 

  560. 		masked = ~lo_avd.allowed & avd->allowed;
    561. 

  561. 	}
    562. 

  562. 

  563. 	if (masked) {
    564. 

  564. 		
    565. 

  565. 		avd->allowed &= ~masked;
    566. 

  566. 

  567. 		
    568. 

  568. 		security_dump_masked_av(scontext, tcontext,
    569. 

  569. 					tclass, masked, "bounds");
    570. 

  570. 	}
    571. 

  571. }
    572. 

  572. 

  573. static void context_struct_compute_av(struct context *scontext,
    574. 

  574. 				      struct context *tcontext,
    575. 

  575. 				      u16 tclass,
    576. 

  576. 				      struct av_decision *avd)
    577. 

  577. {
    578. 

  578. 	struct constraint_node *constraint;
    579. 

  579. 	struct role_allow *ra;
    580. 

  580. 	struct avtab_key avkey;
    581. 

  581. 	struct avtab_node *node;
    582. 

  582. 	struct class_datum *tclass_datum;
    583. 

  583. 	struct ebitmap *sattr, *tattr;
    584. 

  584. 	struct ebitmap_node *snode, *tnode;
    585. 

  585. 	unsigned int i, j;
    586. 

  586. 

  587. 	avd->allowed = 0;
    588. 

  588. 	avd->auditallow = 0;
    589. 

  589. 	avd->auditdeny = 0xffffffff;
    590. 

  590. 

  591. 	if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
    592. 

  592. 		if (printk_ratelimit())
    593. 

  593. 			printk(KERN_WARNING "SELinux:  Invalid class %hu\n", tclass);
    594. 

  594. 		return;
    595. 

  595. 	}
    596. 

  596. 

  597. 	tclass_datum = policydb.class_val_to_struct[tclass - 1];
    598. 

  598. 

  599. 	avkey.target_class = tclass;
    600. 

  600. 	avkey.specified = AVTAB_AV;
    601. 

  601. 	sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1);
    602. 

  602. 	BUG_ON(!sattr);
    603. 

  603. 	tattr = flex_array_get(policydb.type_attr_map_array, tcontext->type - 1);
    604. 

  604. 	BUG_ON(!tattr);
    605. 

  605. 	ebitmap_for_each_positive_bit(sattr, snode, i) {
    606. 

  606. 		ebitmap_for_each_positive_bit(tattr, tnode, j) {
    607. 

  607. 			avkey.source_type = i + 1;
    608. 

  608. 			avkey.target_type = j + 1;
    609. 

  609. 			for (node = avtab_search_node(&policydb.te_avtab, &avkey);
    610. 

  610. 			     node;
    611. 

  611. 			     node = avtab_search_node_next(node, avkey.specified)) {
    612. 

  612. 				if (node->key.specified == AVTAB_ALLOWED)
    613. 

  613. 					avd->allowed |= node->datum.data;
    614. 

  614. 				else if (node->key.specified == AVTAB_AUDITALLOW)
    615. 

  615. 					avd->auditallow |= node->datum.data;
    616. 

  616. 				else if (node->key.specified == AVTAB_AUDITDENY)
    617. 

  617. 					avd->auditdeny &= node->datum.data;
    618. 

  618. 			}
    619. 

  619. 

  620. 			
    621. 

  621. 			cond_compute_av(&policydb.te_cond_avtab, &avkey, avd);
    622. 

  622. 

  623. 		}
    624. 

  624. 	}
    625. 

  625. 

  626. 	constraint = tclass_datum->constraints;
    627. 

  627. 	while (constraint) {
    628. 

  628. 		if ((constraint->permissions & (avd->allowed)) &&
    629. 

  629. 		    !constraint_expr_eval(scontext, tcontext, NULL,
    630. 

  630. 					  constraint->expr)) {
    631. 

  631. 			avd->allowed &= ~(constraint->permissions);
    632. 

  632. 		}
    633. 

  633. 		constraint = constraint->next;
    634. 

  634. 	}
    635. 

  635. 

  636. 	if (tclass == policydb.process_class &&
    637. 

  637. 	    (avd->allowed & policydb.process_trans_perms) &&
    638. 

  638. 	    scontext->role != tcontext->role) {
    639. 

  639. 		for (ra = policydb.role_allow; ra; ra = ra->next) {
    640. 

  640. 			if (scontext->role == ra->role &&
    641. 

  641. 			    tcontext->role == ra->new_role)
    642. 

  642. 				break;
    643. 

  643. 		}
    644. 

  644. 		if (!ra)
    645. 

  645. 			avd->allowed &= ~policydb.process_trans_perms;
    646. 

  646. 	}
    647. 

  647. 

  648. 	type_attribute_bounds_av(scontext, tcontext,
    649. 

  649. 				 tclass, avd);
    650. 

  650. }
    651. 

  651. 

  652. static int security_validtrans_handle_fail(struct context *ocontext,
    653. 

  653. 					   struct context *ncontext,
    654. 

  654. 					   struct context *tcontext,
    655. 

  655. 					   u16 tclass)
    656. 

  656. {
    657. 

  657. 	char *o = NULL, *n = NULL, *t = NULL;
    658. 

  658. 	u32 olen, nlen, tlen;
    659. 

  659. 

  660. 	if (context_struct_to_string(ocontext, &o, &olen))
    661. 

  661. 		goto out;
    662. 

  662. 	if (context_struct_to_string(ncontext, &n, &nlen))
    663. 

  663. 		goto out;
    664. 

  664. 	if (context_struct_to_string(tcontext, &t, &tlen))
    665. 

  665. 		goto out;
    666. 

  666. 	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
    667. 

  667. 		  "security_validate_transition:  denied for"
    668. 

  668. 		  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
    669. 

  669. 		  o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
    670. 

  670. out:
    671. 

  671. 	kfree(o);
    672. 

  672. 	kfree(n);
    673. 

  673. 	kfree(t);
    674. 

  674. 

  675. 	if (!selinux_enforcing)
    676. 

  676. 		return 0;
    677. 

  677. 	return -EPERM;
    678. 

  678. }
    679. 

  679. 

  680. int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
    681. 

  681. 				 u16 orig_tclass)
    682. 

  682. {
    683. 

  683. 	struct context *ocontext;
    684. 

  684. 	struct context *ncontext;
    685. 

  685. 	struct context *tcontext;
    686. 

  686. 	struct class_datum *tclass_datum;
    687. 

  687. 	struct constraint_node *constraint;
    688. 

  688. 	u16 tclass;
    689. 

  689. 	int rc = 0;
    690. 

  690. 

  691. 	if (!ss_initialized)
    692. 

  692. 		return 0;
    693. 

  693. 

  694. 	read_lock(&policy_rwlock);
    695. 

  695. 

  696. 	tclass = unmap_class(orig_tclass);
    697. 

  697. 

  698. 	if (!tclass || tclass > policydb.p_classes.nprim) {
    699. 

  699. 		printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n",
    700. 

  700. 			__func__, tclass);
    701. 

  701. 		rc = -EINVAL;
    702. 

  702. 		goto out;
    703. 

  703. 	}
    704. 

  704. 	tclass_datum = policydb.class_val_to_struct[tclass - 1];
    705. 

  705. 

  706. 	ocontext = sidtab_search(&sidtab, oldsid);
    707. 

  707. 	if (!ocontext) {
    708. 

  708. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    709. 

  709. 			__func__, oldsid);
    710. 

  710. 		rc = -EINVAL;
    711. 

  711. 		goto out;
    712. 

  712. 	}
    713. 

  713. 

  714. 	ncontext = sidtab_search(&sidtab, newsid);
    715. 

  715. 	if (!ncontext) {
    716. 

  716. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    717. 

  717. 			__func__, newsid);
    718. 

  718. 		rc = -EINVAL;
    719. 

  719. 		goto out;
    720. 

  720. 	}
    721. 

  721. 

  722. 	tcontext = sidtab_search(&sidtab, tasksid);
    723. 

  723. 	if (!tcontext) {
    724. 

  724. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    725. 

  725. 			__func__, tasksid);
    726. 

  726. 		rc = -EINVAL;
    727. 

  727. 		goto out;
    728. 

  728. 	}
    729. 

  729. 

  730. 	constraint = tclass_datum->validatetrans;
    731. 

  731. 	while (constraint) {
    732. 

  732. 		if (!constraint_expr_eval(ocontext, ncontext, tcontext,
    733. 

  733. 					  constraint->expr)) {
    734. 

  734. 			rc = security_validtrans_handle_fail(ocontext, ncontext,
    735. 

  735. 							     tcontext, tclass);
    736. 

  736. 			goto out;
    737. 

  737. 		}
    738. 

  738. 		constraint = constraint->next;
    739. 

  739. 	}
    740. 

  740. 

  741. out:
    742. 

  742. 	read_unlock(&policy_rwlock);
    743. 

  743. 	return rc;
    744. 

  744. }
    745. 

  745. 

  746. int security_bounded_transition(u32 old_sid, u32 new_sid)
    747. 

  747. {
    748. 

  748. 	struct context *old_context, *new_context;
    749. 

  749. 	struct type_datum *type;
    750. 

  750. 	int index;
    751. 

  751. 	int rc;
    752. 

  752. 

  753. 	read_lock(&policy_rwlock);
    754. 

  754. 

  755. 	rc = -EINVAL;
    756. 

  756. 	old_context = sidtab_search(&sidtab, old_sid);
    757. 

  757. 	if (!old_context) {
    758. 

  758. 		printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
    759. 

  759. 		       __func__, old_sid);
    760. 

  760. 		goto out;
    761. 

  761. 	}
    762. 

  762. 

  763. 	rc = -EINVAL;
    764. 

  764. 	new_context = sidtab_search(&sidtab, new_sid);
    765. 

  765. 	if (!new_context) {
    766. 

  766. 		printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
    767. 

  767. 		       __func__, new_sid);
    768. 

  768. 		goto out;
    769. 

  769. 	}
    770. 

  770. 

  771. 	rc = 0;
    772. 

  772. 	
    773. 

  773. 	if (old_context->type == new_context->type)
    774. 

  774. 		goto out;
    775. 

  775. 

  776. 	index = new_context->type;
    777. 

  777. 	while (true) {
    778. 

  778. 		type = flex_array_get_ptr(policydb.type_val_to_struct_array,
    779. 

  779. 					  index - 1);
    780. 

  780. 		BUG_ON(!type);
    781. 

  781. 

  782. 		
    783. 

  783. 		rc = -EPERM;
    784. 

  784. 		if (!type->bounds)
    785. 

  785. 			break;
    786. 

  786. 

  787. 		
    788. 

  788. 		rc = 0;
    789. 

  789. 		if (type->bounds == old_context->type)
    790. 

  790. 			break;
    791. 

  791. 

  792. 		index = type->bounds;
    793. 

  793. 	}
    794. 

  794. 

  795. 	if (rc) {
    796. 

  796. 		char *old_name = NULL;
    797. 

  797. 		char *new_name = NULL;
    798. 

  798. 		u32 length;
    799. 

  799. 

  800. 		if (!context_struct_to_string(old_context,
    801. 

  801. 					      &old_name, &length) &&
    802. 

  802. 		    !context_struct_to_string(new_context,
    803. 

  803. 					      &new_name, &length)) {
    804. 

  804. 			audit_log(current->audit_context,
    805. 

  805. 				  GFP_ATOMIC, AUDIT_SELINUX_ERR,
    806. 

  806. 				  "op=security_bounded_transition "
    807. 

  807. 				  "result=denied "
    808. 

  808. 				  "oldcontext=%s newcontext=%s",
    809. 

  809. 				  old_name, new_name);
    810. 

  810. 		}
    811. 

  811. 		kfree(new_name);
    812. 

  812. 		kfree(old_name);
    813. 

  813. 	}
    814. 

  814. out:
    815. 

  815. 	read_unlock(&policy_rwlock);
    816. 

  816. 

  817. 	return rc;
    818. 

  818. }
    819. 

  819. 

  820. static void avd_init(struct av_decision *avd)
    821. 

  821. {
    822. 

  822. 	avd->allowed = 0;
    823. 

  823. 	avd->auditallow = 0;
    824. 

  824. 	avd->auditdeny = 0xffffffff;
    825. 

  825. 	avd->seqno = latest_granting;
    826. 

  826. 	avd->flags = 0;
    827. 

  827. }
    828. 

  828. 

  829. 

  830. void security_compute_av(u32 ssid,
    831. 

  831. 			 u32 tsid,
    832. 

  832. 			 u16 orig_tclass,
    833. 

  833. 			 struct av_decision *avd)
    834. 

  834. {
    835. 

  835. 	u16 tclass;
    836. 

  836. 	struct context *scontext = NULL, *tcontext = NULL;
    837. 

  837. 

  838. 	read_lock(&policy_rwlock);
    839. 

  839. 	avd_init(avd);
    840. 

  840. 	if (!ss_initialized)
    841. 

  841. 		goto allow;
    842. 

  842. 

  843. 	scontext = sidtab_search(&sidtab, ssid);
    844. 

  844. 	if (!scontext) {
    845. 

  845. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    846. 

  846. 		       __func__, ssid);
    847. 

  847. 		goto out;
    848. 

  848. 	}
    849. 

  849. 

  850. 	
    851. 

  851. 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
    852. 

  852. 		avd->flags |= AVD_FLAGS_PERMISSIVE;
    853. 

  853. 

  854. 	tcontext = sidtab_search(&sidtab, tsid);
    855. 

  855. 	if (!tcontext) {
    856. 

  856. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    857. 

  857. 		       __func__, tsid);
    858. 

  858. 		goto out;
    859. 

  859. 	}
    860. 

  860. 

  861. 	tclass = unmap_class(orig_tclass);
    862. 

  862. 	if (unlikely(orig_tclass && !tclass)) {
    863. 

  863. 		if (policydb.allow_unknown)
    864. 

  864. 			goto allow;
    865. 

  865. 		goto out;
    866. 

  866. 	}
    867. 

  867. 	context_struct_compute_av(scontext, tcontext, tclass, avd);
    868. 

  868. 	map_decision(orig_tclass, avd, policydb.allow_unknown);
    869. 

  869. out:
    870. 

  870. 	read_unlock(&policy_rwlock);
    871. 

  871. 	return;
    872. 

  872. allow:
    873. 

  873. 	avd->allowed = 0xffffffff;
    874. 

  874. 	goto out;
    875. 

  875. }
    876. 

  876. 

  877. void security_compute_av_user(u32 ssid,
    878. 

  878. 			      u32 tsid,
    879. 

  879. 			      u16 tclass,
    880. 

  880. 			      struct av_decision *avd)
    881. 

  881. {
    882. 

  882. 	struct context *scontext = NULL, *tcontext = NULL;
    883. 

  883. 

  884. 	read_lock(&policy_rwlock);
    885. 

  885. 	avd_init(avd);
    886. 

  886. 	if (!ss_initialized)
    887. 

  887. 		goto allow;
    888. 

  888. 

  889. 	scontext = sidtab_search(&sidtab, ssid);
    890. 

  890. 	if (!scontext) {
    891. 

  891. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    892. 

  892. 		       __func__, ssid);
    893. 

  893. 		goto out;
    894. 

  894. 	}
    895. 

  895. 

  896. 	
    897. 

  897. 	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
    898. 

  898. 		avd->flags |= AVD_FLAGS_PERMISSIVE;
    899. 

  899. 

  900. 	tcontext = sidtab_search(&sidtab, tsid);
    901. 

  901. 	if (!tcontext) {
    902. 

  902. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    903. 

  903. 		       __func__, tsid);
    904. 

  904. 		goto out;
    905. 

  905. 	}
    906. 

  906. 

  907. 	if (unlikely(!tclass)) {
    908. 

  908. 		if (policydb.allow_unknown)
    909. 

  909. 			goto allow;
    910. 

  910. 		goto out;
    911. 

  911. 	}
    912. 

  912. 

  913. 	context_struct_compute_av(scontext, tcontext, tclass, avd);
    914. 

  914.  out:
    915. 

  915. 	read_unlock(&policy_rwlock);
    916. 

  916. 	return;
    917. 

  917. allow:
    918. 

  918. 	avd->allowed = 0xffffffff;
    919. 

  919. 	goto out;
    920. 

  920. }
    921. 

  921. 

  922. static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
    923. 

  923. {
    924. 

  924. 	char *scontextp;
    925. 

  925. 

  926. 	if (scontext)
    927. 

  927. 		*scontext = NULL;
    928. 

  928. 	*scontext_len = 0;
    929. 

  929. 

  930. 	if (context->len) {
    931. 

  931. 		*scontext_len = context->len;
    932. 

  932. 		if (scontext) {
    933. 

  933. 			*scontext = kstrdup(context->str, GFP_ATOMIC);
    934. 

  934. 			if (!(*scontext))
    935. 

  935. 				return -ENOMEM;
    936. 

  936. 		}
    937. 

  937. 		return 0;
    938. 

  938. 	}
    939. 

  939. 

  940. 	
    941. 

  941. 	*scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
    942. 

  942. 	*scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
    943. 

  943. 	*scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
    944. 

  944. 	*scontext_len += mls_compute_context_len(context);
    945. 

  945. 

  946. 	if (!scontext)
    947. 

  947. 		return 0;
    948. 

  948. 

  949. 	
    950. 

  950. 	scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
    951. 

  951. 	if (!scontextp)
    952. 

  952. 		return -ENOMEM;
    953. 

  953. 	*scontext = scontextp;
    954. 

  954. 

  955. 	snprintf(scontextp, *scontext_len, "%s:%s:%s",
    956. 

  956. 		sym_name(&policydb, SYM_USERS, context->user - 1),
    957. 

  957. 		sym_name(&policydb, SYM_ROLES, context->role - 1),
    958. 

  958. 		sym_name(&policydb, SYM_TYPES, context->type - 1));
    959. 

  959. 	scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +
    960. 

  960. 		     1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +
    961. 

  961. 		     1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));
    962. 

  962. 

  963. 	mls_sid_to_context(context, &scontextp);
    964. 

  964. 

  965. 	*scontextp = 0;
    966. 

  966. 

  967. 	return 0;
    968. 

  968. }
    969. 

  969. 

  970. #include "initial_sid_to_string.h"
    971. 

  971. 

  972. const char *security_get_initial_sid_context(u32 sid)
    973. 

  973. {
    974. 

  974. 	if (unlikely(sid > SECINITSID_NUM))
    975. 

  975. 		return NULL;
    976. 

  976. 	return initial_sid_to_string[sid];
    977. 

  977. }
    978. 

  978. 

  979. static int security_sid_to_context_core(u32 sid, char **scontext,
    980. 

  980. 					u32 *scontext_len, int force)
    981. 

  981. {
    982. 

  982. 	struct context *context;
    983. 

  983. 	int rc = 0;
    984. 

  984. 

  985. 	if (scontext)
    986. 

  986. 		*scontext = NULL;
    987. 

  987. 	*scontext_len  = 0;
    988. 

  988. 

  989. 	if (!ss_initialized) {
    990. 

  990. 		if (sid <= SECINITSID_NUM) {
    991. 

  991. 			char *scontextp;
    992. 

  992. 

  993. 			*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
    994. 

  994. 			if (!scontext)
    995. 

  995. 				goto out;
    996. 

  996. 			scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
    997. 

  997. 			if (!scontextp) {
    998. 

  998. 				rc = -ENOMEM;
    999. 

  999. 				goto out;
    1000. 

  1000. 			}
    1001. 

  1001. 			strcpy(scontextp, initial_sid_to_string[sid]);
    1002. 

  1002. 			*scontext = scontextp;
    1003. 

  1003. 			goto out;
    1004. 

  1004. 		}
    1005. 

  1005. 		printk(KERN_ERR "SELinux: %s:  called before initial "
    1006. 

  1006. 		       "load_policy on unknown SID %d\n", __func__, sid);
    1007. 

  1007. 		rc = -EINVAL;
    1008. 

  1008. 		goto out;
    1009. 

  1009. 	}
    1010. 

  1010. 	read_lock(&policy_rwlock);
    1011. 

  1011. 	if (force)
    1012. 

  1012. 		context = sidtab_search_force(&sidtab, sid);
    1013. 

  1013. 	else
    1014. 

  1014. 		context = sidtab_search(&sidtab, sid);
    1015. 

  1015. 	if (!context) {
    1016. 

  1016. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    1017. 

  1017. 			__func__, sid);
    1018. 

  1018. 		rc = -EINVAL;
    1019. 

  1019. 		goto out_unlock;
    1020. 

  1020. 	}
    1021. 

  1021. 	rc = context_struct_to_string(context, scontext, scontext_len);
    1022. 

  1022. out_unlock:
    1023. 

  1023. 	read_unlock(&policy_rwlock);
    1024. 

  1024. out:
    1025. 

  1025. 	return rc;
    1026. 

  1026. 

  1027. }
    1028. 

  1028. 

  1029. int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
    1030. 

  1030. {
    1031. 

  1031. 	return security_sid_to_context_core(sid, scontext, scontext_len, 0);
    1032. 

  1032. }
    1033. 

  1033. 

  1034. int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len)
    1035. 

  1035. {
    1036. 

  1036. 	return security_sid_to_context_core(sid, scontext, scontext_len, 1);
    1037. 

  1037. }
    1038. 

  1038. 

  1039. static int string_to_context_struct(struct policydb *pol,
    1040. 

  1040. 				    struct sidtab *sidtabp,
    1041. 

  1041. 				    char *scontext,
    1042. 

  1042. 				    u32 scontext_len,
    1043. 

  1043. 				    struct context *ctx,
    1044. 

  1044. 				    u32 def_sid)
    1045. 

  1045. {
    1046. 

  1046. 	struct role_datum *role;
    1047. 

  1047. 	struct type_datum *typdatum;
    1048. 

  1048. 	struct user_datum *usrdatum;
    1049. 

  1049. 	char *scontextp, *p, oldc;
    1050. 

  1050. 	int rc = 0;
    1051. 

  1051. 

  1052. 	context_init(ctx);
    1053. 

  1053. 

  1054. 	
    1055. 

  1055. 

  1056. 	rc = -EINVAL;
    1057. 

  1057. 	scontextp = (char *) scontext;
    1058. 

  1058. 

  1059. 	
    1060. 

  1060. 	p = scontextp;
    1061. 

  1061. 	while (*p && *p != ':')
    1062. 

  1062. 		p++;
    1063. 

  1063. 

  1064. 	if (*p == 0)
    1065. 

  1065. 		goto out;
    1066. 

  1066. 

  1067. 	*p++ = 0;
    1068. 

  1068. 

  1069. 	usrdatum = hashtab_search(pol->p_users.table, scontextp);
    1070. 

  1070. 	if (!usrdatum)
    1071. 

  1071. 		goto out;
    1072. 

  1072. 

  1073. 	ctx->user = usrdatum->value;
    1074. 

  1074. 

  1075. 	
    1076. 

  1076. 	scontextp = p;
    1077. 

  1077. 	while (*p && *p != ':')
    1078. 

  1078. 		p++;
    1079. 

  1079. 

  1080. 	if (*p == 0)
    1081. 

  1081. 		goto out;
    1082. 

  1082. 

  1083. 	*p++ = 0;
    1084. 

  1084. 

  1085. 	role = hashtab_search(pol->p_roles.table, scontextp);
    1086. 

  1086. 	if (!role)
    1087. 

  1087. 		goto out;
    1088. 

  1088. 	ctx->role = role->value;
    1089. 

  1089. 

  1090. 	
    1091. 

  1091. 	scontextp = p;
    1092. 

  1092. 	while (*p && *p != ':')
    1093. 

  1093. 		p++;
    1094. 

  1094. 	oldc = *p;
    1095. 

  1095. 	*p++ = 0;
    1096. 

  1096. 

  1097. 	typdatum = hashtab_search(pol->p_types.table, scontextp);
    1098. 

  1098. 	if (!typdatum || typdatum->attribute)
    1099. 

  1099. 		goto out;
    1100. 

  1100. 

  1101. 	ctx->type = typdatum->value;
    1102. 

  1102. 

  1103. 	rc = mls_context_to_sid(pol, oldc, &p, ctx, sidtabp, def_sid);
    1104. 

  1104. 	if (rc)
    1105. 

  1105. 		goto out;
    1106. 

  1106. 

  1107. 	rc = -EINVAL;
    1108. 

  1108. 	if ((p - scontext) < scontext_len)
    1109. 

  1109. 		goto out;
    1110. 

  1110. 

  1111. 	
    1112. 

  1112. 	if (!policydb_context_isvalid(pol, ctx))
    1113. 

  1113. 		goto out;
    1114. 

  1114. 	rc = 0;
    1115. 

  1115. out:
    1116. 

  1116. 	if (rc)
    1117. 

  1117. 		context_destroy(ctx);
    1118. 

  1118. 	return rc;
    1119. 

  1119. }
    1120. 

  1120. 

  1121. static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
    1122. 

  1122. 					u32 *sid, u32 def_sid, gfp_t gfp_flags,
    1123. 

  1123. 					int force)
    1124. 

  1124. {
    1125. 

  1125. 	char *scontext2, *str = NULL;
    1126. 

  1126. 	struct context context;
    1127. 

  1127. 	int rc = 0;
    1128. 

  1128. 

  1129. 	
    1130. 

  1130. 	if (!scontext_len)
    1131. 

  1131. 		return -EINVAL;
    1132. 

  1132. 

  1133. 	if (!ss_initialized) {
    1134. 

  1134. 		int i;
    1135. 

  1135. 

  1136. 		for (i = 1; i < SECINITSID_NUM; i++) {
    1137. 

  1137. 			if (!strcmp(initial_sid_to_string[i], scontext)) {
    1138. 

  1138. 				*sid = i;
    1139. 

  1139. 				return 0;
    1140. 

  1140. 			}
    1141. 

  1141. 		}
    1142. 

  1142. 		*sid = SECINITSID_KERNEL;
    1143. 

  1143. 		return 0;
    1144. 

  1144. 	}
    1145. 

  1145. 	*sid = SECSID_NULL;
    1146. 

  1146. 

  1147. 	
    1148. 

  1148. 	scontext2 = kmalloc(scontext_len + 1, gfp_flags);
    1149. 

  1149. 	if (!scontext2)
    1150. 

  1150. 		return -ENOMEM;
    1151. 

  1151. 	memcpy(scontext2, scontext, scontext_len);
    1152. 

  1152. 	scontext2[scontext_len] = 0;
    1153. 

  1153. 

  1154. 	if (force) {
    1155. 

  1155. 		
    1156. 

  1156. 		rc = -ENOMEM;
    1157. 

  1157. 		str = kstrdup(scontext2, gfp_flags);
    1158. 

  1158. 		if (!str)
    1159. 

  1159. 			goto out;
    1160. 

  1160. 	}
    1161. 

  1161. 

  1162. 	read_lock(&policy_rwlock);
    1163. 

  1163. 	rc = string_to_context_struct(&policydb, &sidtab, scontext2,
    1164. 

  1164. 				      scontext_len, &context, def_sid);
    1165. 

  1165. 	if (rc == -EINVAL && force) {
    1166. 

  1166. 		context.str = str;
    1167. 

  1167. 		context.len = scontext_len;
    1168. 

  1168. 		str = NULL;
    1169. 

  1169. 	} else if (rc)
    1170. 

  1170. 		goto out_unlock;
    1171. 

  1171. 	rc = sidtab_context_to_sid(&sidtab, &context, sid);
    1172. 

  1172. 	context_destroy(&context);
    1173. 

  1173. out_unlock:
    1174. 

  1174. 	read_unlock(&policy_rwlock);
    1175. 

  1175. out:
    1176. 

  1176. 	kfree(scontext2);
    1177. 

  1177. 	kfree(str);
    1178. 

  1178. 	return rc;
    1179. 

  1179. }
    1180. 

  1180. 

  1181. int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
    1182. 

  1182. {
    1183. 

  1183. 	return security_context_to_sid_core(scontext, scontext_len,
    1184. 

  1184. 					    sid, SECSID_NULL, GFP_KERNEL, 0);
    1185. 

  1185. }
    1186. 

  1186. 

  1187. int security_context_to_sid_default(const char *scontext, u32 scontext_len,
    1188. 

  1188. 				    u32 *sid, u32 def_sid, gfp_t gfp_flags)
    1189. 

  1189. {
    1190. 

  1190. 	return security_context_to_sid_core(scontext, scontext_len,
    1191. 

  1191. 					    sid, def_sid, gfp_flags, 1);
    1192. 

  1192. }
    1193. 

  1193. 

  1194. int security_context_to_sid_force(const char *scontext, u32 scontext_len,
    1195. 

  1195. 				  u32 *sid)
    1196. 

  1196. {
    1197. 

  1197. 	return security_context_to_sid_core(scontext, scontext_len,
    1198. 

  1198. 					    sid, SECSID_NULL, GFP_KERNEL, 1);
    1199. 

  1199. }
    1200. 

  1200. 

  1201. static int compute_sid_handle_invalid_context(
    1202. 

  1202. 	struct context *scontext,
    1203. 

  1203. 	struct context *tcontext,
    1204. 

  1204. 	u16 tclass,
    1205. 

  1205. 	struct context *newcontext)
    1206. 

  1206. {
    1207. 

  1207. 	char *s = NULL, *t = NULL, *n = NULL;
    1208. 

  1208. 	u32 slen, tlen, nlen;
    1209. 

  1209. 

  1210. 	if (context_struct_to_string(scontext, &s, &slen))
    1211. 

  1211. 		goto out;
    1212. 

  1212. 	if (context_struct_to_string(tcontext, &t, &tlen))
    1213. 

  1213. 		goto out;
    1214. 

  1214. 	if (context_struct_to_string(newcontext, &n, &nlen))
    1215. 

  1215. 		goto out;
    1216. 

  1216. 	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
    1217. 

  1217. 		  "security_compute_sid:  invalid context %s"
    1218. 

  1218. 		  " for scontext=%s"
    1219. 

  1219. 		  " tcontext=%s"
    1220. 

  1220. 		  " tclass=%s",
    1221. 

  1221. 		  n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
    1222. 

  1222. out:
    1223. 

  1223. 	kfree(s);
    1224. 

  1224. 	kfree(t);
    1225. 

  1225. 	kfree(n);
    1226. 

  1226. 	if (!selinux_enforcing)
    1227. 

  1227. 		return 0;
    1228. 

  1228. 	return -EACCES;
    1229. 

  1229. }
    1230. 

  1230. 

  1231. static void filename_compute_type(struct policydb *p, struct context *newcontext,
    1232. 

  1232. 				  u32 stype, u32 ttype, u16 tclass,
    1233. 

  1233. 				  const char *objname)
    1234. 

  1234. {
    1235. 

  1235. 	struct filename_trans ft;
    1236. 

  1236. 	struct filename_trans_datum *otype;
    1237. 

  1237. 

  1238. 	if (!ebitmap_get_bit(&p->filename_trans_ttypes, ttype))
    1239. 

  1239. 		return;
    1240. 

  1240. 

  1241. 	ft.stype = stype;
    1242. 

  1242. 	ft.ttype = ttype;
    1243. 

  1243. 	ft.tclass = tclass;
    1244. 

  1244. 	ft.name = objname;
    1245. 

  1245. 

  1246. 	otype = hashtab_search(p->filename_trans, &ft);
    1247. 

  1247. 	if (otype)
    1248. 

  1248. 		newcontext->type = otype->otype;
    1249. 

  1249. }
    1250. 

  1250. 

  1251. static int security_compute_sid(u32 ssid,
    1252. 

  1252. 				u32 tsid,
    1253. 

  1253. 				u16 orig_tclass,
    1254. 

  1254. 				u32 specified,
    1255. 

  1255. 				const char *objname,
    1256. 

  1256. 				u32 *out_sid,
    1257. 

  1257. 				bool kern)
    1258. 

  1258. {
    1259. 

  1259. 	struct context *scontext = NULL, *tcontext = NULL, newcontext;
    1260. 

  1260. 	struct role_trans *roletr = NULL;
    1261. 

  1261. 	struct avtab_key avkey;
    1262. 

  1262. 	struct avtab_datum *avdatum;
    1263. 

  1263. 	struct avtab_node *node;
    1264. 

  1264. 	u16 tclass;
    1265. 

  1265. 	int rc = 0;
    1266. 

  1266. 	bool sock;
    1267. 

  1267. 

  1268. 	if (!ss_initialized) {
    1269. 

  1269. 		switch (orig_tclass) {
    1270. 

  1270. 		case SECCLASS_PROCESS: 
    1271. 

  1271. 			*out_sid = ssid;
    1272. 

  1272. 			break;
    1273. 

  1273. 		default:
    1274. 

  1274. 			*out_sid = tsid;
    1275. 

  1275. 			break;
    1276. 

  1276. 		}
    1277. 

  1277. 		goto out;
    1278. 

  1278. 	}
    1279. 

  1279. 

  1280. 	context_init(&newcontext);
    1281. 

  1281. 

  1282. 	read_lock(&policy_rwlock);
    1283. 

  1283. 

  1284. 	if (kern) {
    1285. 

  1285. 		tclass = unmap_class(orig_tclass);
    1286. 

  1286. 		sock = security_is_socket_class(orig_tclass);
    1287. 

  1287. 	} else {
    1288. 

  1288. 		tclass = orig_tclass;
    1289. 

  1289. 		sock = security_is_socket_class(map_class(tclass));
    1290. 

  1290. 	}
    1291. 

  1291. 

  1292. 	scontext = sidtab_search(&sidtab, ssid);
    1293. 

  1293. 	if (!scontext) {
    1294. 

  1294. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    1295. 

  1295. 		       __func__, ssid);
    1296. 

  1296. 		rc = -EINVAL;
    1297. 

  1297. 		goto out_unlock;
    1298. 

  1298. 	}
    1299. 

  1299. 	tcontext = sidtab_search(&sidtab, tsid);
    1300. 

  1300. 	if (!tcontext) {
    1301. 

  1301. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    1302. 

  1302. 		       __func__, tsid);
    1303. 

  1303. 		rc = -EINVAL;
    1304. 

  1304. 		goto out_unlock;
    1305. 

  1305. 	}
    1306. 

  1306. 

  1307. 	
    1308. 

  1308. 	switch (specified) {
    1309. 

  1309. 	case AVTAB_TRANSITION:
    1310. 

  1310. 	case AVTAB_CHANGE:
    1311. 

  1311. 		
    1312. 

  1312. 		newcontext.user = scontext->user;
    1313. 

  1313. 		break;
    1314. 

  1314. 	case AVTAB_MEMBER:
    1315. 

  1315. 		
    1316. 

  1316. 		newcontext.user = tcontext->user;
    1317. 

  1317. 		break;
    1318. 

  1318. 	}
    1319. 

  1319. 

  1320. 	
    1321. 

  1321. 	if ((tclass == policydb.process_class) || (sock == true)) {
    1322. 

  1322. 		
    1323. 

  1323. 		newcontext.role = scontext->role;
    1324. 

  1324. 		newcontext.type = scontext->type;
    1325. 

  1325. 	} else {
    1326. 

  1326. 		
    1327. 

  1327. 		newcontext.role = OBJECT_R_VAL;
    1328. 

  1328. 		
    1329. 

  1329. 		newcontext.type = tcontext->type;
    1330. 

  1330. 	}
    1331. 

  1331. 

  1332. 	
    1333. 

  1333. 	avkey.source_type = scontext->type;
    1334. 

  1334. 	avkey.target_type = tcontext->type;
    1335. 

  1335. 	avkey.target_class = tclass;
    1336. 

  1336. 	avkey.specified = specified;
    1337. 

  1337. 	avdatum = avtab_search(&policydb.te_avtab, &avkey);
    1338. 

  1338. 

  1339. 	
    1340. 

  1340. 	if (!avdatum) {
    1341. 

  1341. 		node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
    1342. 

  1342. 		for (; node; node = avtab_search_node_next(node, specified)) {
    1343. 

  1343. 			if (node->key.specified & AVTAB_ENABLED) {
    1344. 

  1344. 				avdatum = &node->datum;
    1345. 

  1345. 				break;
    1346. 

  1346. 			}
    1347. 

  1347. 		}
    1348. 

  1348. 	}
    1349. 

  1349. 

  1350. 	if (avdatum) {
    1351. 

  1351. 		
    1352. 

  1352. 		newcontext.type = avdatum->data;
    1353. 

  1353. 	}
    1354. 

  1354. 

  1355. 	
    1356. 

  1356. 	if (objname)
    1357. 

  1357. 		filename_compute_type(&policydb, &newcontext, scontext->type,
    1358. 

  1358. 				      tcontext->type, tclass, objname);
    1359. 

  1359. 

  1360. 	
    1361. 

  1361. 	if (specified & AVTAB_TRANSITION) {
    1362. 

  1362. 		
    1363. 

  1363. 		for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
    1364. 

  1364. 			if ((roletr->role == scontext->role) &&
    1365. 

  1365. 			    (roletr->type == tcontext->type) &&
    1366. 

  1366. 			    (roletr->tclass == tclass)) {
    1367. 

  1367. 				
    1368. 

  1368. 				newcontext.role = roletr->new_role;
    1369. 

  1369. 				break;
    1370. 

  1370. 			}
    1371. 

  1371. 		}
    1372. 

  1372. 	}
    1373. 

  1373. 

  1374. 	rc = mls_compute_sid(scontext, tcontext, tclass, specified,
    1375. 

  1375. 			     &newcontext, sock);
    1376. 

  1376. 	if (rc)
    1377. 

  1377. 		goto out_unlock;
    1378. 

  1378. 

  1379. 	
    1380. 

  1380. 	if (!policydb_context_isvalid(&policydb, &newcontext)) {
    1381. 

  1381. 		rc = compute_sid_handle_invalid_context(scontext,
    1382. 

  1382. 							tcontext,
    1383. 

  1383. 							tclass,
    1384. 

  1384. 							&newcontext);
    1385. 

  1385. 		if (rc)
    1386. 

  1386. 			goto out_unlock;
    1387. 

  1387. 	}
    1388. 

  1388. 	
    1389. 

  1389. 	rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
    1390. 

  1390. out_unlock:
    1391. 

  1391. 	read_unlock(&policy_rwlock);
    1392. 

  1392. 	context_destroy(&newcontext);
    1393. 

  1393. out:
    1394. 

  1394. 	return rc;
    1395. 

  1395. }
    1396. 

  1396. 

  1397. int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
    1398. 

  1398. 			    const struct qstr *qstr, u32 *out_sid)
    1399. 

  1399. {
    1400. 

  1400. 	return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
    1401. 

  1401. 				    qstr ? qstr->name : NULL, out_sid, true);
    1402. 

  1402. }
    1403. 

  1403. 

  1404. int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass,
    1405. 

  1405. 				 const char *objname, u32 *out_sid)
    1406. 

  1406. {
    1407. 

  1407. 	return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
    1408. 

  1408. 				    objname, out_sid, false);
    1409. 

  1409. }
    1410. 

  1410. 

  1411. int security_member_sid(u32 ssid,
    1412. 

  1412. 			u32 tsid,
    1413. 

  1413. 			u16 tclass,
    1414. 

  1414. 			u32 *out_sid)
    1415. 

  1415. {
    1416. 

  1416. 	return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, NULL,
    1417. 

  1417. 				    out_sid, false);
    1418. 

  1418. }
    1419. 

  1419. 

  1420. int security_change_sid(u32 ssid,
    1421. 

  1421. 			u32 tsid,
    1422. 

  1422. 			u16 tclass,
    1423. 

  1423. 			u32 *out_sid)
    1424. 

  1424. {
    1425. 

  1425. 	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, NULL,
    1426. 

  1426. 				    out_sid, false);
    1427. 

  1427. }
    1428. 

  1428. 

  1429. static int clone_sid(u32 sid,
    1430. 

  1430. 		     struct context *context,
    1431. 

  1431. 		     void *arg)
    1432. 

  1432. {
    1433. 

  1433. 	struct sidtab *s = arg;
    1434. 

  1434. 

  1435. 	if (sid > SECINITSID_NUM)
    1436. 

  1436. 		return sidtab_insert(s, sid, context);
    1437. 

  1437. 	else
    1438. 

  1438. 		return 0;
    1439. 

  1439. }
    1440. 

  1440. 

  1441. static inline int convert_context_handle_invalid_context(struct context *context)
    1442. 

  1442. {
    1443. 

  1443. 	char *s;
    1444. 

  1444. 	u32 len;
    1445. 

  1445. 

  1446. 	if (selinux_enforcing)
    1447. 

  1447. 		return -EINVAL;
    1448. 

  1448. 

  1449. 	if (!context_struct_to_string(context, &s, &len)) {
    1450. 

  1450. 		printk(KERN_WARNING "SELinux:  Context %s would be invalid if enforcing\n", s);
    1451. 

  1451. 		kfree(s);
    1452. 

  1452. 	}
    1453. 

  1453. 	return 0;
    1454. 

  1454. }
    1455. 

  1455. 

  1456. struct convert_context_args {
    1457. 

  1457. 	struct policydb *oldp;
    1458. 

  1458. 	struct policydb *newp;
    1459. 

  1459. };
    1460. 

  1460. 

  1461. static int convert_context(u32 key,
    1462. 

  1462. 			   struct context *c,
    1463. 

  1463. 			   void *p)
    1464. 

  1464. {
    1465. 

  1465. 	struct convert_context_args *args;
    1466. 

  1466. 	struct context oldc;
    1467. 

  1467. 	struct ocontext *oc;
    1468. 

  1468. 	struct mls_range *range;
    1469. 

  1469. 	struct role_datum *role;
    1470. 

  1470. 	struct type_datum *typdatum;
    1471. 

  1471. 	struct user_datum *usrdatum;
    1472. 

  1472. 	char *s;
    1473. 

  1473. 	u32 len;
    1474. 

  1474. 	int rc = 0;
    1475. 

  1475. 

  1476. 	if (key <= SECINITSID_NUM)
    1477. 

  1477. 		goto out;
    1478. 

  1478. 

  1479. 	args = p;
    1480. 

  1480. 

  1481. 	if (c->str) {
    1482. 

  1482. 		struct context ctx;
    1483. 

  1483. 

  1484. 		rc = -ENOMEM;
    1485. 

  1485. 		s = kstrdup(c->str, GFP_KERNEL);
    1486. 

  1486. 		if (!s)
    1487. 

  1487. 			goto out;
    1488. 

  1488. 

  1489. 		rc = string_to_context_struct(args->newp, NULL, s,
    1490. 

  1490. 					      c->len, &ctx, SECSID_NULL);
    1491. 

  1491. 		kfree(s);
    1492. 

  1492. 		if (!rc) {
    1493. 

  1493. 			printk(KERN_INFO "SELinux:  Context %s became valid (mapped).\n",
    1494. 

  1494. 			       c->str);
    1495. 

  1495. 			
    1496. 

  1496. 			kfree(c->str);
    1497. 

  1497. 			memcpy(c, &ctx, sizeof(*c));
    1498. 

  1498. 			goto out;
    1499. 

  1499. 		} else if (rc == -EINVAL) {
    1500. 

  1500. 			
    1501. 

  1501. 			rc = 0;
    1502. 

  1502. 			goto out;
    1503. 

  1503. 		} else {
    1504. 

  1504. 			
    1505. 

  1505. 			printk(KERN_ERR "SELinux:   Unable to map context %s, rc = %d.\n",
    1506. 

  1506. 			       c->str, -rc);
    1507. 

  1507. 			goto out;
    1508. 

  1508. 		}
    1509. 

  1509. 	}
    1510. 

  1510. 

  1511. 	rc = context_cpy(&oldc, c);
    1512. 

  1512. 	if (rc)
    1513. 

  1513. 		goto out;
    1514. 

  1514. 

  1515. 	
    1516. 

  1516. 	rc = -EINVAL;
    1517. 

  1517. 	usrdatum = hashtab_search(args->newp->p_users.table,
    1518. 

  1518. 				  sym_name(args->oldp, SYM_USERS, c->user - 1));
    1519. 

  1519. 	if (!usrdatum)
    1520. 

  1520. 		goto bad;
    1521. 

  1521. 	c->user = usrdatum->value;
    1522. 

  1522. 

  1523. 	
    1524. 

  1524. 	rc = -EINVAL;
    1525. 

  1525. 	role = hashtab_search(args->newp->p_roles.table,
    1526. 

  1526. 			      sym_name(args->oldp, SYM_ROLES, c->role - 1));
    1527. 

  1527. 	if (!role)
    1528. 

  1528. 		goto bad;
    1529. 

  1529. 	c->role = role->value;
    1530. 

  1530. 

  1531. 	
    1532. 

  1532. 	rc = -EINVAL;
    1533. 

  1533. 	typdatum = hashtab_search(args->newp->p_types.table,
    1534. 

  1534. 				  sym_name(args->oldp, SYM_TYPES, c->type - 1));
    1535. 

  1535. 	if (!typdatum)
    1536. 

  1536. 		goto bad;
    1537. 

  1537. 	c->type = typdatum->value;
    1538. 

  1538. 

  1539. 	
    1540. 

  1540. 	if (args->oldp->mls_enabled && args->newp->mls_enabled) {
    1541. 

  1541. 		rc = mls_convert_context(args->oldp, args->newp, c);
    1542. 

  1542. 		if (rc)
    1543. 

  1543. 			goto bad;
    1544. 

  1544. 	} else if (args->oldp->mls_enabled && !args->newp->mls_enabled) {
    1545. 

  1545. 		mls_context_destroy(c);
    1546. 

  1546. 	} else if (!args->oldp->mls_enabled && args->newp->mls_enabled) {
    1547. 

  1547. 		oc = args->newp->ocontexts[OCON_ISID];
    1548. 

  1548. 		while (oc && oc->sid[0] != SECINITSID_UNLABELED)
    1549. 

  1549. 			oc = oc->next;
    1550. 

  1550. 		rc = -EINVAL;
    1551. 

  1551. 		if (!oc) {
    1552. 

  1552. 			printk(KERN_ERR "SELinux:  unable to look up"
    1553. 

  1553. 				" the initial SIDs list\n");
    1554. 

  1554. 			goto bad;
    1555. 

  1555. 		}
    1556. 

  1556. 		range = &oc->context[0].range;
    1557. 

  1557. 		rc = mls_range_set(c, range);
    1558. 

  1558. 		if (rc)
    1559. 

  1559. 			goto bad;
    1560. 

  1560. 	}
    1561. 

  1561. 

  1562. 	
    1563. 

  1563. 	if (!policydb_context_isvalid(args->newp, c)) {
    1564. 

  1564. 		rc = convert_context_handle_invalid_context(&oldc);
    1565. 

  1565. 		if (rc)
    1566. 

  1566. 			goto bad;
    1567. 

  1567. 	}
    1568. 

  1568. 

  1569. 	context_destroy(&oldc);
    1570. 

  1570. 

  1571. 	rc = 0;
    1572. 

  1572. out:
    1573. 

  1573. 	return rc;
    1574. 

  1574. bad:
    1575. 

  1575. 	
    1576. 

  1576. 	rc = context_struct_to_string(&oldc, &s, &len);
    1577. 

  1577. 	if (rc)
    1578. 

  1578. 		return rc;
    1579. 

  1579. 	context_destroy(&oldc);
    1580. 

  1580. 	context_destroy(c);
    1581. 

  1581. 	c->str = s;
    1582. 

  1582. 	c->len = len;
    1583. 

  1583. 	printk(KERN_INFO "SELinux:  Context %s became invalid (unmapped).\n",
    1584. 

  1584. 	       c->str);
    1585. 

  1585. 	rc = 0;
    1586. 

  1586. 	goto out;
    1587. 

  1587. }
    1588. 

  1588. 

  1589. static void security_load_policycaps(void)
    1590. 

  1590. {
    1591. 

  1591. 	selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
    1592. 

  1592. 						  POLICYDB_CAPABILITY_NETPEER);
    1593. 

  1593. 	selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
    1594. 

  1594. 						  POLICYDB_CAPABILITY_OPENPERM);
    1595. 

  1595. }
    1596. 

  1596. 

  1597. static int security_preserve_bools(struct policydb *p);
    1598. 

  1598. 

  1599. int security_load_policy(void *data, size_t len)
    1600. 

  1600. {
    1601. 

  1601. 	struct policydb oldpolicydb, newpolicydb;
    1602. 

  1602. 	struct sidtab oldsidtab, newsidtab;
    1603. 

  1603. 	struct selinux_mapping *oldmap, *map = NULL;
    1604. 

  1604. 	struct convert_context_args args;
    1605. 

  1605. 	u32 seqno;
    1606. 

  1606. 	u16 map_size;
    1607. 

  1607. 	int rc = 0;
    1608. 

  1608. 	struct policy_file file = { data, len }, *fp = &file;
    1609. 

  1609. 

  1610. 	if (!ss_initialized) {
    1611. 

  1611. 		avtab_cache_init();
    1612. 

  1612. 		rc = policydb_read(&policydb, fp);
    1613. 

  1613. 		if (rc) {
    1614. 

  1614. 			avtab_cache_destroy();
    1615. 

  1615. 			return rc;
    1616. 

  1616. 		}
    1617. 

  1617. 

  1618. 		policydb.len = len;
    1619. 

  1619. 		rc = selinux_set_mapping(&policydb, secclass_map,
    1620. 

  1620. 					 &current_mapping,
    1621. 

  1621. 					 &current_mapping_size);
    1622. 

  1622. 		if (rc) {
    1623. 

  1623. 			policydb_destroy(&policydb);
    1624. 

  1624. 			avtab_cache_destroy();
    1625. 

  1625. 			return rc;
    1626. 

  1626. 		}
    1627. 

  1627. 

  1628. 		rc = policydb_load_isids(&policydb, &sidtab);
    1629. 

  1629. 		if (rc) {
    1630. 

  1630. 			policydb_destroy(&policydb);
    1631. 

  1631. 			avtab_cache_destroy();
    1632. 

  1632. 			return rc;
    1633. 

  1633. 		}
    1634. 

  1634. 

  1635. 		security_load_policycaps();
    1636. 

  1636. 		ss_initialized = 1;
    1637. 

  1637. 		seqno = ++latest_granting;
    1638. 

  1638. 		selinux_complete_init();
    1639. 

  1639. 		avc_ss_reset(seqno);
    1640. 

  1640. 		selnl_notify_policyload(seqno);
    1641. 

  1641. 		selinux_status_update_policyload(seqno);
    1642. 

  1642. 		selinux_netlbl_cache_invalidate();
    1643. 

  1643. 		selinux_xfrm_notify_policyload();
    1644. 

  1644. 		return 0;
    1645. 

  1645. 	}
    1646. 

  1646. 

  1647. #if 0
    1648. 

  1648. 	sidtab_hash_eval(&sidtab, "sids");
    1649. 

  1649. #endif
    1650. 

  1650. 

  1651. 	rc = policydb_read(&newpolicydb, fp);
    1652. 

  1652. 	if (rc)
    1653. 

  1653. 		return rc;
    1654. 

  1654. 

  1655. 	newpolicydb.len = len;
    1656. 

  1656. 	
    1657. 

  1657. 	if (policydb.mls_enabled && !newpolicydb.mls_enabled)
    1658. 

  1658. 		printk(KERN_INFO "SELinux: Disabling MLS support...\n");
    1659. 

  1659. 	else if (!policydb.mls_enabled && newpolicydb.mls_enabled)
    1660. 

  1660. 		printk(KERN_INFO "SELinux: Enabling MLS support...\n");
    1661. 

  1661. 

  1662. 	rc = policydb_load_isids(&newpolicydb, &newsidtab);
    1663. 

  1663. 	if (rc) {
    1664. 

  1664. 		printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
    1665. 

  1665. 		policydb_destroy(&newpolicydb);
    1666. 

  1666. 		return rc;
    1667. 

  1667. 	}
    1668. 

  1668. 

  1669. 	rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
    1670. 

  1670. 	if (rc)
    1671. 

  1671. 		goto err;
    1672. 

  1672. 

  1673. 	rc = security_preserve_bools(&newpolicydb);
    1674. 

  1674. 	if (rc) {
    1675. 

  1675. 		printk(KERN_ERR "SELinux:  unable to preserve booleans\n");
    1676. 

  1676. 		goto err;
    1677. 

  1677. 	}
    1678. 

  1678. 

  1679. 	
    1680. 

  1680. 	sidtab_shutdown(&sidtab);
    1681. 

  1681. 

  1682. 	rc = sidtab_map(&sidtab, clone_sid, &newsidtab);
    1683. 

  1683. 	if (rc)
    1684. 

  1684. 		goto err;
    1685. 

  1685. 

  1686. 	args.oldp = &policydb;
    1687. 

  1687. 	args.newp = &newpolicydb;
    1688. 

  1688. 	rc = sidtab_map(&newsidtab, convert_context, &args);
    1689. 

  1689. 	if (rc) {
    1690. 

  1690. 		printk(KERN_ERR "SELinux:  unable to convert the internal"
    1691. 

  1691. 			" representation of contexts in the new SID"
    1692. 

  1692. 			" table\n");
    1693. 

  1693. 		goto err;
    1694. 

  1694. 	}
    1695. 

  1695. 

  1696. 	
    1697. 

  1697. 	memcpy(&oldpolicydb, &policydb, sizeof policydb);
    1698. 

  1698. 	sidtab_set(&oldsidtab, &sidtab);
    1699. 

  1699. 

  1700. 	
    1701. 

  1701. 	write_lock_irq(&policy_rwlock);
    1702. 

  1702. 	memcpy(&policydb, &newpolicydb, sizeof policydb);
    1703. 

  1703. 	sidtab_set(&sidtab, &newsidtab);
    1704. 

  1704. 	security_load_policycaps();
    1705. 

  1705. 	oldmap = current_mapping;
    1706. 

  1706. 	current_mapping = map;
    1707. 

  1707. 	current_mapping_size = map_size;
    1708. 

  1708. 	seqno = ++latest_granting;
    1709. 

  1709. 	write_unlock_irq(&policy_rwlock);
    1710. 

  1710. 

  1711. 	
    1712. 

  1712. 	policydb_destroy(&oldpolicydb);
    1713. 

  1713. 	sidtab_destroy(&oldsidtab);
    1714. 

  1714. 	kfree(oldmap);
    1715. 

  1715. 

  1716. 	avc_ss_reset(seqno);
    1717. 

  1717. 	selnl_notify_policyload(seqno);
    1718. 

  1718. 	selinux_status_update_policyload(seqno);
    1719. 

  1719. 	selinux_netlbl_cache_invalidate();
    1720. 

  1720. 	selinux_xfrm_notify_policyload();
    1721. 

  1721. 

  1722. 	return 0;
    1723. 

  1723. 

  1724. err:
    1725. 

  1725. 	kfree(map);
    1726. 

  1726. 	sidtab_destroy(&newsidtab);
    1727. 

  1727. 	policydb_destroy(&newpolicydb);
    1728. 

  1728. 	return rc;
    1729. 

  1729. 

  1730. }
    1731. 

  1731. 

  1732. size_t security_policydb_len(void)
    1733. 

  1733. {
    1734. 

  1734. 	size_t len;
    1735. 

  1735. 

  1736. 	read_lock(&policy_rwlock);
    1737. 

  1737. 	len = policydb.len;
    1738. 

  1738. 	read_unlock(&policy_rwlock);
    1739. 

  1739. 

  1740. 	return len;
    1741. 

  1741. }
    1742. 

  1742. 

  1743. int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
    1744. 

  1744. {
    1745. 

  1745. 	struct ocontext *c;
    1746. 

  1746. 	int rc = 0;
    1747. 

  1747. 

  1748. 	read_lock(&policy_rwlock);
    1749. 

  1749. 

  1750. 	c = policydb.ocontexts[OCON_PORT];
    1751. 

  1751. 	while (c) {
    1752. 

  1752. 		if (c->u.port.protocol == protocol &&
    1753. 

  1753. 		    c->u.port.low_port <= port &&
    1754. 

  1754. 		    c->u.port.high_port >= port)
    1755. 

  1755. 			break;
    1756. 

  1756. 		c = c->next;
    1757. 

  1757. 	}
    1758. 

  1758. 

  1759. 	if (c) {
    1760. 

  1760. 		if (!c->sid[0]) {
    1761. 

  1761. 			rc = sidtab_context_to_sid(&sidtab,
    1762. 

  1762. 						   &c->context[0],
    1763. 

  1763. 						   &c->sid[0]);
    1764. 

  1764. 			if (rc)
    1765. 

  1765. 				goto out;
    1766. 

  1766. 		}
    1767. 

  1767. 		*out_sid = c->sid[0];
    1768. 

  1768. 	} else {
    1769. 

  1769. 		*out_sid = SECINITSID_PORT;
    1770. 

  1770. 	}
    1771. 

  1771. 

  1772. out:
    1773. 

  1773. 	read_unlock(&policy_rwlock);
    1774. 

  1774. 	return rc;
    1775. 

  1775. }
    1776. 

  1776. 

  1777. int security_netif_sid(char *name, u32 *if_sid)
    1778. 

  1778. {
    1779. 

  1779. 	int rc = 0;
    1780. 

  1780. 	struct ocontext *c;
    1781. 

  1781. 

  1782. 	read_lock(&policy_rwlock);
    1783. 

  1783. 

  1784. 	c = policydb.ocontexts[OCON_NETIF];
    1785. 

  1785. 	while (c) {
    1786. 

  1786. 		if (strcmp(name, c->u.name) == 0)
    1787. 

  1787. 			break;
    1788. 

  1788. 		c = c->next;
    1789. 

  1789. 	}
    1790. 

  1790. 

  1791. 	if (c) {
    1792. 

  1792. 		if (!c->sid[0] || !c->sid[1]) {
    1793. 

  1793. 			rc = sidtab_context_to_sid(&sidtab,
    1794. 

  1794. 						  &c->context[0],
    1795. 

  1795. 						  &c->sid[0]);
    1796. 

  1796. 			if (rc)
    1797. 

  1797. 				goto out;
    1798. 

  1798. 			rc = sidtab_context_to_sid(&sidtab,
    1799. 

  1799. 						   &c->context[1],
    1800. 

  1800. 						   &c->sid[1]);
    1801. 

  1801. 			if (rc)
    1802. 

  1802. 				goto out;
    1803. 

  1803. 		}
    1804. 

  1804. 		*if_sid = c->sid[0];
    1805. 

  1805. 	} else
    1806. 

  1806. 		*if_sid = SECINITSID_NETIF;
    1807. 

  1807. 

  1808. out:
    1809. 

  1809. 	read_unlock(&policy_rwlock);
    1810. 

  1810. 	return rc;
    1811. 

  1811. }
    1812. 

  1812. 

  1813. static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
    1814. 

  1814. {
    1815. 

  1815. 	int i, fail = 0;
    1816. 

  1816. 

  1817. 	for (i = 0; i < 4; i++)
    1818. 

  1818. 		if (addr[i] != (input[i] & mask[i])) {
    1819. 

  1819. 			fail = 1;
    1820. 

  1820. 			break;
    1821. 

  1821. 		}
    1822. 

  1822. 

  1823. 	return !fail;
    1824. 

  1824. }
    1825. 

  1825. 

  1826. int security_node_sid(u16 domain,
    1827. 

  1827. 		      void *addrp,
    1828. 

  1828. 		      u32 addrlen,
    1829. 

  1829. 		      u32 *out_sid)
    1830. 

  1830. {
    1831. 

  1831. 	int rc;
    1832. 

  1832. 	struct ocontext *c;
    1833. 

  1833. 

  1834. 	read_lock(&policy_rwlock);
    1835. 

  1835. 

  1836. 	switch (domain) {
    1837. 

  1837. 	case AF_INET: {
    1838. 

  1838. 		u32 addr;
    1839. 

  1839. 

  1840. 		rc = -EINVAL;
    1841. 

  1841. 		if (addrlen != sizeof(u32))
    1842. 

  1842. 			goto out;
    1843. 

  1843. 

  1844. 		addr = *((u32 *)addrp);
    1845. 

  1845. 

  1846. 		c = policydb.ocontexts[OCON_NODE];
    1847. 

  1847. 		while (c) {
    1848. 

  1848. 			if (c->u.node.addr == (addr & c->u.node.mask))
    1849. 

  1849. 				break;
    1850. 

  1850. 			c = c->next;
    1851. 

  1851. 		}
    1852. 

  1852. 		break;
    1853. 

  1853. 	}
    1854. 

  1854. 

  1855. 	case AF_INET6:
    1856. 

  1856. 		rc = -EINVAL;
    1857. 

  1857. 		if (addrlen != sizeof(u64) * 2)
    1858. 

  1858. 			goto out;
    1859. 

  1859. 		c = policydb.ocontexts[OCON_NODE6];
    1860. 

  1860. 		while (c) {
    1861. 

  1861. 			if (match_ipv6_addrmask(addrp, c->u.node6.addr,
    1862. 

  1862. 						c->u.node6.mask))
    1863. 

  1863. 				break;
    1864. 

  1864. 			c = c->next;
    1865. 

  1865. 		}
    1866. 

  1866. 		break;
    1867. 

  1867. 

  1868. 	default:
    1869. 

  1869. 		rc = 0;
    1870. 

  1870. 		*out_sid = SECINITSID_NODE;
    1871. 

  1871. 		goto out;
    1872. 

  1872. 	}
    1873. 

  1873. 

  1874. 	if (c) {
    1875. 

  1875. 		if (!c->sid[0]) {
    1876. 

  1876. 			rc = sidtab_context_to_sid(&sidtab,
    1877. 

  1877. 						   &c->context[0],
    1878. 

  1878. 						   &c->sid[0]);
    1879. 

  1879. 			if (rc)
    1880. 

  1880. 				goto out;
    1881. 

  1881. 		}
    1882. 

  1882. 		*out_sid = c->sid[0];
    1883. 

  1883. 	} else {
    1884. 

  1884. 		*out_sid = SECINITSID_NODE;
    1885. 

  1885. 	}
    1886. 

  1886. 

  1887. 	rc = 0;
    1888. 

  1888. out:
    1889. 

  1889. 	read_unlock(&policy_rwlock);
    1890. 

  1890. 	return rc;
    1891. 

  1891. }
    1892. 

  1892. 

  1893. #define SIDS_NEL 25
    1894. 

  1894. 

  1895. 

  1896. int security_get_user_sids(u32 fromsid,
    1897. 

  1897. 			   char *username,
    1898. 

  1898. 			   u32 **sids,
    1899. 

  1899. 			   u32 *nel)
    1900. 

  1900. {
    1901. 

  1901. 	struct context *fromcon, usercon;
    1902. 

  1902. 	u32 *mysids = NULL, *mysids2, sid;
    1903. 

  1903. 	u32 mynel = 0, maxnel = SIDS_NEL;
    1904. 

  1904. 	struct user_datum *user;
    1905. 

  1905. 	struct role_datum *role;
    1906. 

  1906. 	struct ebitmap_node *rnode, *tnode;
    1907. 

  1907. 	int rc = 0, i, j;
    1908. 

  1908. 

  1909. 	*sids = NULL;
    1910. 

  1910. 	*nel = 0;
    1911. 

  1911. 

  1912. 	if (!ss_initialized)
    1913. 

  1913. 		goto out;
    1914. 

  1914. 

  1915. 	read_lock(&policy_rwlock);
    1916. 

  1916. 

  1917. 	context_init(&usercon);
    1918. 

  1918. 

  1919. 	rc = -EINVAL;
    1920. 

  1920. 	fromcon = sidtab_search(&sidtab, fromsid);
    1921. 

  1921. 	if (!fromcon)
    1922. 

  1922. 		goto out_unlock;
    1923. 

  1923. 

  1924. 	rc = -EINVAL;
    1925. 

  1925. 	user = hashtab_search(policydb.p_users.table, username);
    1926. 

  1926. 	if (!user)
    1927. 

  1927. 		goto out_unlock;
    1928. 

  1928. 

  1929. 	usercon.user = user->value;
    1930. 

  1930. 

  1931. 	rc = -ENOMEM;
    1932. 

  1932. 	mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
    1933. 

  1933. 	if (!mysids)
    1934. 

  1934. 		goto out_unlock;
    1935. 

  1935. 

  1936. 	ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
    1937. 

  1937. 		role = policydb.role_val_to_struct[i];
    1938. 

  1938. 		usercon.role = i + 1;
    1939. 

  1939. 		ebitmap_for_each_positive_bit(&role->types, tnode, j) {
    1940. 

  1940. 			usercon.type = j + 1;
    1941. 

  1941. 

  1942. 			if (mls_setup_user_range(fromcon, user, &usercon))
    1943. 

  1943. 				continue;
    1944. 

  1944. 

  1945. 			rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
    1946. 

  1946. 			if (rc)
    1947. 

  1947. 				goto out_unlock;
    1948. 

  1948. 			if (mynel < maxnel) {
    1949. 

  1949. 				mysids[mynel++] = sid;
    1950. 

  1950. 			} else {
    1951. 

  1951. 				rc = -ENOMEM;
    1952. 

  1952. 				maxnel += SIDS_NEL;
    1953. 

  1953. 				mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
    1954. 

  1954. 				if (!mysids2)
    1955. 

  1955. 					goto out_unlock;
    1956. 

  1956. 				memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
    1957. 

  1957. 				kfree(mysids);
    1958. 

  1958. 				mysids = mysids2;
    1959. 

  1959. 				mysids[mynel++] = sid;
    1960. 

  1960. 			}
    1961. 

  1961. 		}
    1962. 

  1962. 	}
    1963. 

  1963. 	rc = 0;
    1964. 

  1964. out_unlock:
    1965. 

  1965. 	read_unlock(&policy_rwlock);
    1966. 

  1966. 	if (rc || !mynel) {
    1967. 

  1967. 		kfree(mysids);
    1968. 

  1968. 		goto out;
    1969. 

  1969. 	}
    1970. 

  1970. 

  1971. 	rc = -ENOMEM;
    1972. 

  1972. 	mysids2 = kcalloc(mynel, sizeof(*mysids2), GFP_KERNEL);
    1973. 

  1973. 	if (!mysids2) {
    1974. 

  1974. 		kfree(mysids);
    1975. 

  1975. 		goto out;
    1976. 

  1976. 	}
    1977. 

  1977. 	for (i = 0, j = 0; i < mynel; i++) {
    1978. 

  1978. 		struct av_decision dummy_avd;
    1979. 

  1979. 		rc = avc_has_perm_noaudit(fromsid, mysids[i],
    1980. 

  1980. 					  SECCLASS_PROCESS, 
    1981. 

  1981. 					  PROCESS__TRANSITION, AVC_STRICT,
    1982. 

  1982. 					  &dummy_avd);
    1983. 

  1983. 		if (!rc)
    1984. 

  1984. 			mysids2[j++] = mysids[i];
    1985. 

  1985. 		cond_resched();
    1986. 

  1986. 	}
    1987. 

  1987. 	rc = 0;
    1988. 

  1988. 	kfree(mysids);
    1989. 

  1989. 	*sids = mysids2;
    1990. 

  1990. 	*nel = j;
    1991. 

  1991. out:
    1992. 

  1992. 	return rc;
    1993. 

  1993. }
    1994. 

  1994. 

  1995. int security_genfs_sid(const char *fstype,
    1996. 

  1996. 		       char *path,
    1997. 

  1997. 		       u16 orig_sclass,
    1998. 

  1998. 		       u32 *sid)
    1999. 

  1999. {
    2000. 

  2000. 	int len;
    2001. 

  2001. 	u16 sclass;
    2002. 

  2002. 	struct genfs *genfs;
    2003. 

  2003. 	struct ocontext *c;
    2004. 

  2004. 	int rc, cmp = 0;
    2005. 

  2005. 

  2006. 	while (path[0] == '/' && path[1] == '/')
    2007. 

  2007. 		path++;
    2008. 

  2008. 

  2009. 	read_lock(&policy_rwlock);
    2010. 

  2010. 

  2011. 	sclass = unmap_class(orig_sclass);
    2012. 

  2012. 	*sid = SECINITSID_UNLABELED;
    2013. 

  2013. 

  2014. 	for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
    2015. 

  2015. 		cmp = strcmp(fstype, genfs->fstype);
    2016. 

  2016. 		if (cmp <= 0)
    2017. 

  2017. 			break;
    2018. 

  2018. 	}
    2019. 

  2019. 

  2020. 	rc = -ENOENT;
    2021. 

  2021. 	if (!genfs || cmp)
    2022. 

  2022. 		goto out;
    2023. 

  2023. 

  2024. 	for (c = genfs->head; c; c = c->next) {
    2025. 

  2025. 		len = strlen(c->u.name);
    2026. 

  2026. 		if ((!c->v.sclass || sclass == c->v.sclass) &&
    2027. 

  2027. 		    (strncmp(c->u.name, path, len) == 0))
    2028. 

  2028. 			break;
    2029. 

  2029. 	}
    2030. 

  2030. 

  2031. 	rc = -ENOENT;
    2032. 

  2032. 	if (!c)
    2033. 

  2033. 		goto out;
    2034. 

  2034. 

  2035. 	if (!c->sid[0]) {
    2036. 

  2036. 		rc = sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]);
    2037. 

  2037. 		if (rc)
    2038. 

  2038. 			goto out;
    2039. 

  2039. 	}
    2040. 

  2040. 

  2041. 	*sid = c->sid[0];
    2042. 

  2042. 	rc = 0;
    2043. 

  2043. out:
    2044. 

  2044. 	read_unlock(&policy_rwlock);
    2045. 

  2045. 	return rc;
    2046. 

  2046. }
    2047. 

  2047. 

  2048. int security_fs_use(
    2049. 

  2049. 	const char *fstype,
    2050. 

  2050. 	unsigned int *behavior,
    2051. 

  2051. 	u32 *sid)
    2052. 

  2052. {
    2053. 

  2053. 	int rc = 0;
    2054. 

  2054. 	struct ocontext *c;
    2055. 

  2055. 

  2056. 	read_lock(&policy_rwlock);
    2057. 

  2057. 

  2058. 	c = policydb.ocontexts[OCON_FSUSE];
    2059. 

  2059. 	while (c) {
    2060. 

  2060. 		if (strcmp(fstype, c->u.name) == 0)
    2061. 

  2061. 			break;
    2062. 

  2062. 		c = c->next;
    2063. 

  2063. 	}
    2064. 

  2064. 

  2065. 	if (c) {
    2066. 

  2066. 		*behavior = c->v.behavior;
    2067. 

  2067. 		if (!c->sid[0]) {
    2068. 

  2068. 			rc = sidtab_context_to_sid(&sidtab, &c->context[0],
    2069. 

  2069. 						   &c->sid[0]);
    2070. 

  2070. 			if (rc)
    2071. 

  2071. 				goto out;
    2072. 

  2072. 		}
    2073. 

  2073. 		*sid = c->sid[0];
    2074. 

  2074. 	} else {
    2075. 

  2075. 		rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
    2076. 

  2076. 		if (rc) {
    2077. 

  2077. 			*behavior = SECURITY_FS_USE_NONE;
    2078. 

  2078. 			rc = 0;
    2079. 

  2079. 		} else {
    2080. 

  2080. 			*behavior = SECURITY_FS_USE_GENFS;
    2081. 

  2081. 		}
    2082. 

  2082. 	}
    2083. 

  2083. 

  2084. out:
    2085. 

  2085. 	read_unlock(&policy_rwlock);
    2086. 

  2086. 	return rc;
    2087. 

  2087. }
    2088. 

  2088. 

  2089. int security_get_bools(int *len, char ***names, int **values)
    2090. 

  2090. {
    2091. 

  2091. 	int i, rc;
    2092. 

  2092. 

  2093. 	read_lock(&policy_rwlock);
    2094. 

  2094. 	*names = NULL;
    2095. 

  2095. 	*values = NULL;
    2096. 

  2096. 

  2097. 	rc = 0;
    2098. 

  2098. 	*len = policydb.p_bools.nprim;
    2099. 

  2099. 	if (!*len)
    2100. 

  2100. 		goto out;
    2101. 

  2101. 

  2102. 	rc = -ENOMEM;
    2103. 

  2103. 	*names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
    2104. 

  2104. 	if (!*names)
    2105. 

  2105. 		goto err;
    2106. 

  2106. 

  2107. 	rc = -ENOMEM;
    2108. 

  2108. 	*values = kcalloc(*len, sizeof(int), GFP_ATOMIC);
    2109. 

  2109. 	if (!*values)
    2110. 

  2110. 		goto err;
    2111. 

  2111. 

  2112. 	for (i = 0; i < *len; i++) {
    2113. 

  2113. 		size_t name_len;
    2114. 

  2114. 

  2115. 		(*values)[i] = policydb.bool_val_to_struct[i]->state;
    2116. 

  2116. 		name_len = strlen(sym_name(&policydb, SYM_BOOLS, i)) + 1;
    2117. 

  2117. 

  2118. 		rc = -ENOMEM;
    2119. 

  2119. 		(*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
    2120. 

  2120. 		if (!(*names)[i])
    2121. 

  2121. 			goto err;
    2122. 

  2122. 

  2123. 		strncpy((*names)[i], sym_name(&policydb, SYM_BOOLS, i), name_len);
    2124. 

  2124. 		(*names)[i][name_len - 1] = 0;
    2125. 

  2125. 	}
    2126. 

  2126. 	rc = 0;
    2127. 

  2127. out:
    2128. 

  2128. 	read_unlock(&policy_rwlock);
    2129. 

  2129. 	return rc;
    2130. 

  2130. err:
    2131. 

  2131. 	if (*names) {
    2132. 

  2132. 		for (i = 0; i < *len; i++)
    2133. 

  2133. 			kfree((*names)[i]);
    2134. 

  2134. 	}
    2135. 

  2135. 	kfree(*values);
    2136. 

  2136. 	goto out;
    2137. 

  2137. }
    2138. 

  2138. 

  2139. 

  2140. int security_set_bools(int len, int *values)
    2141. 

  2141. {
    2142. 

  2142. 	int i, rc;
    2143. 

  2143. 	int lenp, seqno = 0;
    2144. 

  2144. 	struct cond_node *cur;
    2145. 

  2145. 

  2146. 	write_lock_irq(&policy_rwlock);
    2147. 

  2147. 

  2148. 	rc = -EFAULT;
    2149. 

  2149. 	lenp = policydb.p_bools.nprim;
    2150. 

  2150. 	if (len != lenp)
    2151. 

  2151. 		goto out;
    2152. 

  2152. 

  2153. 	for (i = 0; i < len; i++) {
    2154. 

  2154. 		if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
    2155. 

  2155. 			audit_log(current->audit_context, GFP_ATOMIC,
    2156. 

  2156. 				AUDIT_MAC_CONFIG_CHANGE,
    2157. 

  2157. 				"bool=%s val=%d old_val=%d auid=%u ses=%u",
    2158. 

  2158. 				sym_name(&policydb, SYM_BOOLS, i),
    2159. 

  2159. 				!!values[i],
    2160. 

  2160. 				policydb.bool_val_to_struct[i]->state,
    2161. 

  2161. 				audit_get_loginuid(current),
    2162. 

  2162. 				audit_get_sessionid(current));
    2163. 

  2163. 		}
    2164. 

  2164. 		if (values[i])
    2165. 

  2165. 			policydb.bool_val_to_struct[i]->state = 1;
    2166. 

  2166. 		else
    2167. 

  2167. 			policydb.bool_val_to_struct[i]->state = 0;
    2168. 

  2168. 	}
    2169. 

  2169. 

  2170. 	for (cur = policydb.cond_list; cur; cur = cur->next) {
    2171. 

  2171. 		rc = evaluate_cond_node(&policydb, cur);
    2172. 

  2172. 		if (rc)
    2173. 

  2173. 			goto out;
    2174. 

  2174. 	}
    2175. 

  2175. 

  2176. 	seqno = ++latest_granting;
    2177. 

  2177. 	rc = 0;
    2178. 

  2178. out:
    2179. 

  2179. 	write_unlock_irq(&policy_rwlock);
    2180. 

  2180. 	if (!rc) {
    2181. 

  2181. 		avc_ss_reset(seqno);
    2182. 

  2182. 		selnl_notify_policyload(seqno);
    2183. 

  2183. 		selinux_status_update_policyload(seqno);
    2184. 

  2184. 		selinux_xfrm_notify_policyload();
    2185. 

  2185. 	}
    2186. 

  2186. 	return rc;
    2187. 

  2187. }
    2188. 

  2188. 

  2189. int security_get_bool_value(int bool)
    2190. 

  2190. {
    2191. 

  2191. 	int rc;
    2192. 

  2192. 	int len;
    2193. 

  2193. 

  2194. 	read_lock(&policy_rwlock);
    2195. 

  2195. 

  2196. 	rc = -EFAULT;
    2197. 

  2197. 	len = policydb.p_bools.nprim;
    2198. 

  2198. 	if (bool >= len)
    2199. 

  2199. 		goto out;
    2200. 

  2200. 

  2201. 	rc = policydb.bool_val_to_struct[bool]->state;
    2202. 

  2202. out:
    2203. 

  2203. 	read_unlock(&policy_rwlock);
    2204. 

  2204. 	return rc;
    2205. 

  2205. }
    2206. 

  2206. 

  2207. static int security_preserve_bools(struct policydb *p)
    2208. 

  2208. {
    2209. 

  2209. 	int rc, nbools = 0, *bvalues = NULL, i;
    2210. 

  2210. 	char **bnames = NULL;
    2211. 

  2211. 	struct cond_bool_datum *booldatum;
    2212. 

  2212. 	struct cond_node *cur;
    2213. 

  2213. 

  2214. 	rc = security_get_bools(&nbools, &bnames, &bvalues);
    2215. 

  2215. 	if (rc)
    2216. 

  2216. 		goto out;
    2217. 

  2217. 	for (i = 0; i < nbools; i++) {
    2218. 

  2218. 		booldatum = hashtab_search(p->p_bools.table, bnames[i]);
    2219. 

  2219. 		if (booldatum)
    2220. 

  2220. 			booldatum->state = bvalues[i];
    2221. 

  2221. 	}
    2222. 

  2222. 	for (cur = p->cond_list; cur; cur = cur->next) {
    2223. 

  2223. 		rc = evaluate_cond_node(p, cur);
    2224. 

  2224. 		if (rc)
    2225. 

  2225. 			goto out;
    2226. 

  2226. 	}
    2227. 

  2227. 

  2228. out:
    2229. 

  2229. 	if (bnames) {
    2230. 

  2230. 		for (i = 0; i < nbools; i++)
    2231. 

  2231. 			kfree(bnames[i]);
    2232. 

  2232. 	}
    2233. 

  2233. 	kfree(bnames);
    2234. 

  2234. 	kfree(bvalues);
    2235. 

  2235. 	return rc;
    2236. 

  2236. }
    2237. 

  2237. 

  2238. int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
    2239. 

  2239. {
    2240. 

  2240. 	struct context *context1;
    2241. 

  2241. 	struct context *context2;
    2242. 

  2242. 	struct context newcon;
    2243. 

  2243. 	char *s;
    2244. 

  2244. 	u32 len;
    2245. 

  2245. 	int rc;
    2246. 

  2246. 

  2247. 	rc = 0;
    2248. 

  2248. 	if (!ss_initialized || !policydb.mls_enabled) {
    2249. 

  2249. 		*new_sid = sid;
    2250. 

  2250. 		goto out;
    2251. 

  2251. 	}
    2252. 

  2252. 

  2253. 	context_init(&newcon);
    2254. 

  2254. 

  2255. 	read_lock(&policy_rwlock);
    2256. 

  2256. 

  2257. 	rc = -EINVAL;
    2258. 

  2258. 	context1 = sidtab_search(&sidtab, sid);
    2259. 

  2259. 	if (!context1) {
    2260. 

  2260. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    2261. 

  2261. 			__func__, sid);
    2262. 

  2262. 		goto out_unlock;
    2263. 

  2263. 	}
    2264. 

  2264. 

  2265. 	rc = -EINVAL;
    2266. 

  2266. 	context2 = sidtab_search(&sidtab, mls_sid);
    2267. 

  2267. 	if (!context2) {
    2268. 

  2268. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    2269. 

  2269. 			__func__, mls_sid);
    2270. 

  2270. 		goto out_unlock;
    2271. 

  2271. 	}
    2272. 

  2272. 

  2273. 	newcon.user = context1->user;
    2274. 

  2274. 	newcon.role = context1->role;
    2275. 

  2275. 	newcon.type = context1->type;
    2276. 

  2276. 	rc = mls_context_cpy(&newcon, context2);
    2277. 

  2277. 	if (rc)
    2278. 

  2278. 		goto out_unlock;
    2279. 

  2279. 

  2280. 	
    2281. 

  2281. 	if (!policydb_context_isvalid(&policydb, &newcon)) {
    2282. 

  2282. 		rc = convert_context_handle_invalid_context(&newcon);
    2283. 

  2283. 		if (rc) {
    2284. 

  2284. 			if (!context_struct_to_string(&newcon, &s, &len)) {
    2285. 

  2285. 				audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
    2286. 

  2286. 					  "security_sid_mls_copy: invalid context %s", s);
    2287. 

  2287. 				kfree(s);
    2288. 

  2288. 			}
    2289. 

  2289. 			goto out_unlock;
    2290. 

  2290. 		}
    2291. 

  2291. 	}
    2292. 

  2292. 

  2293. 	rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);
    2294. 

  2294. out_unlock:
    2295. 

  2295. 	read_unlock(&policy_rwlock);
    2296. 

  2296. 	context_destroy(&newcon);
    2297. 

  2297. out:
    2298. 

  2298. 	return rc;
    2299. 

  2299. }
    2300. 

  2300. 

  2301. int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
    2302. 

  2302. 				 u32 xfrm_sid,
    2303. 

  2303. 				 u32 *peer_sid)
    2304. 

  2304. {
    2305. 

  2305. 	int rc;
    2306. 

  2306. 	struct context *nlbl_ctx;
    2307. 

  2307. 	struct context *xfrm_ctx;
    2308. 

  2308. 

  2309. 	*peer_sid = SECSID_NULL;
    2310. 

  2310. 

  2311. 	if (xfrm_sid == SECSID_NULL) {
    2312. 

  2312. 		*peer_sid = nlbl_sid;
    2313. 

  2313. 		return 0;
    2314. 

  2314. 	}
    2315. 

  2315. 	if (nlbl_sid == SECSID_NULL || nlbl_type == NETLBL_NLTYPE_UNLABELED) {
    2316. 

  2316. 		*peer_sid = xfrm_sid;
    2317. 

  2317. 		return 0;
    2318. 

  2318. 	}
    2319. 

  2319. 

  2320. 	if (!policydb.mls_enabled)
    2321. 

  2321. 		return 0;
    2322. 

  2322. 

  2323. 	read_lock(&policy_rwlock);
    2324. 

  2324. 

  2325. 	rc = -EINVAL;
    2326. 

  2326. 	nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
    2327. 

  2327. 	if (!nlbl_ctx) {
    2328. 

  2328. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    2329. 

  2329. 		       __func__, nlbl_sid);
    2330. 

  2330. 		goto out;
    2331. 

  2331. 	}
    2332. 

  2332. 	rc = -EINVAL;
    2333. 

  2333. 	xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
    2334. 

  2334. 	if (!xfrm_ctx) {
    2335. 

  2335. 		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
    2336. 

  2336. 		       __func__, xfrm_sid);
    2337. 

  2337. 		goto out;
    2338. 

  2338. 	}
    2339. 

  2339. 	rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
    2340. 

  2340. 	if (rc)
    2341. 

  2341. 		goto out;
    2342. 

  2342. 

  2343. 	*peer_sid = xfrm_sid;
    2344. 

  2344. out:
    2345. 

  2345. 	read_unlock(&policy_rwlock);
    2346. 

  2346. 	return rc;
    2347. 

  2347. }
    2348. 

  2348. 

  2349. static int get_classes_callback(void *k, void *d, void *args)
    2350. 

  2350. {
    2351. 

  2351. 	struct class_datum *datum = d;
    2352. 

  2352. 	char *name = k, **classes = args;
    2353. 

  2353. 	int value = datum->value - 1;
    2354. 

  2354. 

  2355. 	classes[value] = kstrdup(n
    2356.

Large files files are truncated, but you can click here to view the full file