aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/selinux/mdp/mdp.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-05-07 21:48:09 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2019-05-07 21:48:09 -0400
commitf72dae20891d7bcc43e9263ab206960b6ae5209f (patch)
tree59a5b8c026adad15855d3824d1a7014468033274 /scripts/selinux/mdp/mdp.c
parent498e8631f27ed649bd3e31998a00b2b9b288cf3a (diff)
parent35a196bef449b5824033865b963ed9a43fb8c730 (diff)
Merge tag 'selinux-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: "We've got a few SELinux patches for the v5.2 merge window, the highlights are below: - Add LSM hooks, and the SELinux implementation, for proper labeling of kernfs. While we are only including the SELinux implementation here, the rest of the LSM folks have given the hooks a thumbs-up. - Update the SELinux mdp (Make Dummy Policy) script to actually work on a modern system. - Disallow userspace to change the LSM credentials via /proc/self/attr when the task's credentials are already overridden. The change was made in procfs because all the LSM folks agreed this was the Right Thing To Do and duplicating it across each LSM was going to be annoying" * tag 'selinux-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: proc: prevent changes to overridden credentials selinux: Check address length before reading address family kernfs: fix xattr name handling in LSM helpers MAINTAINERS: update SELinux file patterns selinux: avoid uninitialized variable warning selinux: remove useless assignments LSM: lsm_hooks.h - fix missing colon in docstring selinux: Make selinux_kernfs_init_security static kernfs: initialize security of newly created nodes selinux: implement the kernfs_init_security hook LSM: add new hook for kernfs node initialization kernfs: use simple_xattrs for security attributes selinux: try security xattr after genfs for kernfs filesystems kernfs: do not alloc iattrs in kernfs_xattr_get kernfs: clean up struct kernfs_iattrs scripts/selinux: fix build selinux: use kernel linux/socket.h for genheaders and mdp scripts/selinux: modernize mdp
Diffstat (limited to 'scripts/selinux/mdp/mdp.c')
-rw-r--r--scripts/selinux/mdp/mdp.c165
1 files changed, 140 insertions, 25 deletions
diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
index 6d51b74bc679..18fd6143888b 100644
--- a/scripts/selinux/mdp/mdp.c
+++ b/scripts/selinux/mdp/mdp.c
@@ -32,6 +32,7 @@
32#include <stdlib.h> 32#include <stdlib.h>
33#include <unistd.h> 33#include <unistd.h>
34#include <string.h> 34#include <string.h>
35#include <linux/kconfig.h>
35 36
36static void usage(char *name) 37static void usage(char *name)
37{ 38{
@@ -94,10 +95,31 @@ int main(int argc, char *argv[])
94 } 95 }
95 fprintf(fout, "\n"); 96 fprintf(fout, "\n");
96 97
97 /* NOW PRINT OUT MLS STUFF */ 98 /* print out mls declarations and constraints */
98 if (mls) { 99 if (mls) {
99 printf("MLS not yet implemented\n"); 100 fprintf(fout, "sensitivity s0;\n");
100 exit(1); 101 fprintf(fout, "sensitivity s1;\n");
102 fprintf(fout, "dominance { s0 s1 }\n");
103 fprintf(fout, "category c0;\n");
104 fprintf(fout, "category c1;\n");
105 fprintf(fout, "level s0:c0.c1;\n");
106 fprintf(fout, "level s1:c0.c1;\n");
107#define SYSTEMLOW "s0"
108#define SYSTEMHIGH "s1:c0.c1"
109 for (i = 0; secclass_map[i].name; i++) {
110 struct security_class_mapping *map = &secclass_map[i];
111
112 fprintf(fout, "mlsconstrain %s {\n", map->name);
113 for (j = 0; map->perms[j]; j++)
114 fprintf(fout, "\t%s\n", map->perms[j]);
115 /*
116 * This requires all subjects and objects to be
117 * single-level (l2 eq h2), and that the subject
118 * level dominate the object level (h1 dom h2)
119 * in order to have any permissions to it.
120 */
121 fprintf(fout, "} (l2 eq h2 and h1 dom h2);\n\n");
122 }
101 } 123 }
102 124
103 /* types, roles, and allows */ 125 /* types, roles, and allows */
@@ -107,34 +129,127 @@ int main(int argc, char *argv[])
107 for (i = 0; secclass_map[i].name; i++) 129 for (i = 0; secclass_map[i].name; i++)
108 fprintf(fout, "allow base_t base_t:%s *;\n", 130 fprintf(fout, "allow base_t base_t:%s *;\n",
109 secclass_map[i].name); 131 secclass_map[i].name);
110 fprintf(fout, "user user_u roles { base_r };\n"); 132 fprintf(fout, "user user_u roles { base_r }");
111 fprintf(fout, "\n"); 133 if (mls)
134 fprintf(fout, " level %s range %s - %s", SYSTEMLOW,
135 SYSTEMLOW, SYSTEMHIGH);
136 fprintf(fout, ";\n");
137
138#define SUBJUSERROLETYPE "user_u:base_r:base_t"
139#define OBJUSERROLETYPE "user_u:object_r:base_t"
112 140
113 /* default sids */ 141 /* default sids */
114 for (i = 1; i < initial_sid_to_string_len; i++) 142 for (i = 1; i < initial_sid_to_string_len; i++)
115 fprintf(fout, "sid %s user_u:base_r:base_t\n", initial_sid_to_string[i]); 143 fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n",
144 initial_sid_to_string[i], mls ? ":" SYSTEMLOW : "");
116 fprintf(fout, "\n"); 145 fprintf(fout, "\n");
117 146
118 fprintf(fout, "fs_use_xattr ext2 user_u:base_r:base_t;\n"); 147#define FS_USE(behavior, fstype) \
119 fprintf(fout, "fs_use_xattr ext3 user_u:base_r:base_t;\n"); 148 fprintf(fout, "fs_use_%s %s " OBJUSERROLETYPE "%s;\n", \
120 fprintf(fout, "fs_use_xattr ext4 user_u:base_r:base_t;\n"); 149 behavior, fstype, mls ? ":" SYSTEMLOW : "")
121 fprintf(fout, "fs_use_xattr jfs user_u:base_r:base_t;\n"); 150
122 fprintf(fout, "fs_use_xattr xfs user_u:base_r:base_t;\n"); 151 /*
123 fprintf(fout, "fs_use_xattr reiserfs user_u:base_r:base_t;\n"); 152 * Filesystems whose inode labels can be fetched via getxattr.
124 fprintf(fout, "fs_use_xattr jffs2 user_u:base_r:base_t;\n"); 153 */
125 fprintf(fout, "fs_use_xattr gfs2 user_u:base_r:base_t;\n"); 154#ifdef CONFIG_EXT2_FS_SECURITY
155 FS_USE("xattr", "ext2");
156#endif
157#ifdef CONFIG_EXT4_FS_SECURITY
158#ifdef CONFIG_EXT4_USE_FOR_EXT2
159 FS_USE("xattr", "ext2");
160#endif
161 FS_USE("xattr", "ext3");
162 FS_USE("xattr", "ext4");
163#endif
164#ifdef CONFIG_JFS_SECURITY
165 FS_USE("xattr", "jfs");
166#endif
167#ifdef CONFIG_REISERFS_FS_SECURITY
168 FS_USE("xattr", "reiserfs");
169#endif
170#ifdef CONFIG_JFFS2_FS_SECURITY
171 FS_USE("xattr", "jffs2");
172#endif
173#ifdef CONFIG_XFS_FS
174 FS_USE("xattr", "xfs");
175#endif
176#ifdef CONFIG_GFS2_FS
177 FS_USE("xattr", "gfs2");
178#endif
179#ifdef CONFIG_BTRFS_FS
180 FS_USE("xattr", "btrfs");
181#endif
182#ifdef CONFIG_F2FS_FS_SECURITY
183 FS_USE("xattr", "f2fs");
184#endif
185#ifdef CONFIG_OCFS2_FS
186 FS_USE("xattr", "ocsfs2");
187#endif
188#ifdef CONFIG_OVERLAY_FS
189 FS_USE("xattr", "overlay");
190#endif
191#ifdef CONFIG_SQUASHFS_XATTR
192 FS_USE("xattr", "squashfs");
193#endif
194
195 /*
196 * Filesystems whose inodes are labeled from allocating task.
197 */
198 FS_USE("task", "pipefs");
199 FS_USE("task", "sockfs");
126 200
127 fprintf(fout, "fs_use_task eventpollfs user_u:base_r:base_t;\n"); 201 /*
128 fprintf(fout, "fs_use_task pipefs user_u:base_r:base_t;\n"); 202 * Filesystems whose inode labels are computed from both
129 fprintf(fout, "fs_use_task sockfs user_u:base_r:base_t;\n"); 203 * the allocating task and the superblock label.
204 */
205#ifdef CONFIG_UNIX98_PTYS
206 FS_USE("trans", "devpts");
207#endif
208#ifdef CONFIG_HUGETLBFS
209 FS_USE("trans", "hugetlbfs");
210#endif
211#ifdef CONFIG_TMPFS
212 FS_USE("trans", "tmpfs");
213#endif
214#ifdef CONFIG_DEVTMPFS
215 FS_USE("trans", "devtmpfs");
216#endif
217#ifdef CONFIG_POSIX_MQUEUE
218 FS_USE("trans", "mqueue");
219#endif
130 220
131 fprintf(fout, "fs_use_trans mqueue user_u:base_r:base_t;\n"); 221#define GENFSCON(fstype, prefix) \
132 fprintf(fout, "fs_use_trans devpts user_u:base_r:base_t;\n"); 222 fprintf(fout, "genfscon %s %s " OBJUSERROLETYPE "%s\n", \
133 fprintf(fout, "fs_use_trans hugetlbfs user_u:base_r:base_t;\n"); 223 fstype, prefix, mls ? ":" SYSTEMLOW : "")
134 fprintf(fout, "fs_use_trans tmpfs user_u:base_r:base_t;\n");
135 fprintf(fout, "fs_use_trans shm user_u:base_r:base_t;\n");
136 224
137 fprintf(fout, "genfscon proc / user_u:base_r:base_t\n"); 225 /*
226 * Filesystems whose inodes are labeled from path prefix match
227 * relative to the filesystem root. Depending on the filesystem,
228 * only a single label for all inodes may be supported. Here
229 * we list the filesystem types for which per-file labeling is
230 * supported using genfscon; any other filesystem type can also
231 * be added by only with a single entry for all of its inodes.
232 */
233#ifdef CONFIG_PROC_FS
234 GENFSCON("proc", "/");
235#endif
236#ifdef CONFIG_SECURITY_SELINUX
237 GENFSCON("selinuxfs", "/");
238#endif
239#ifdef CONFIG_SYSFS
240 GENFSCON("sysfs", "/");
241#endif
242#ifdef CONFIG_DEBUG_FS
243 GENFSCON("debugfs", "/");
244#endif
245#ifdef CONFIG_TRACING
246 GENFSCON("tracefs", "/");
247#endif
248#ifdef CONFIG_PSTORE
249 GENFSCON("pstore", "/");
250#endif
251 GENFSCON("cgroup", "/");
252 GENFSCON("cgroup2", "/");
138 253
139 fclose(fout); 254 fclose(fout);
140 255
@@ -143,8 +258,8 @@ int main(int argc, char *argv[])
143 printf("Wrote policy, but cannot open %s for writing\n", ctxout); 258 printf("Wrote policy, but cannot open %s for writing\n", ctxout);
144 usage(argv[0]); 259 usage(argv[0]);
145 } 260 }
146 fprintf(fout, "/ user_u:base_r:base_t\n"); 261 fprintf(fout, "/ " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
147 fprintf(fout, "/.* user_u:base_r:base_t\n"); 262 fprintf(fout, "/.* " OBJUSERROLETYPE "%s\n", mls ? ":" SYSTEMLOW : "");
148 fclose(fout); 263 fclose(fout);
149 264
150 return 0; 265 return 0;