SELinux: policy selectable handling of unknown classes and perms

Allow policy to select, in much the same way as it selects MLS support, how the kernel should handle access decisions which contain either unknown classes or unknown permissions in known classes. The three choices for the policy flags are 0 - Deny unknown security access. (default) 2 - reject loading policy if it does not contain all definitions 4 - allow unknown security access The policy's choice is exported through 2 booleans in selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2007-09-21 14:37:10 -0400
committer: James Morris <jmorris@namei.org> 2007-10-16 18:59:33 -0400
commit: 3f12070e27b4a213d62607d2bff139793089a77d (patch)
tree: b6b614737f916c7c3102f66e6ad9e682b9c9bf04 /security/selinux/selinuxfs.c
parent: 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index c9e92daedee2..f5f3e6da5da7 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -103,6 +103,8 @@ enum sel_inos {
        SEL_MEMBER,     /* compute polyinstantiation membership decision */
        SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
        SEL_COMPAT_NET, /* whether to use old compat network packet controls */
+        SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
+        SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
        SEL_INO_NEXT,   /* The next inode number to use */
 };
@@ -177,6 +179,23 @@ static const struct file_operations sel_enforce_ops = {
        .write          = sel_write_enforce,
 };
+static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
+                                        size_t count, loff_t *ppos)
+{
+        char tmpbuf[TMPBUFLEN];
+        ssize_t length;
+        ino_t ino = filp->f_path.dentry->d_inode->i_ino;
+        int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
+                security_get_reject_unknown() : !security_get_allow_unknown();
+        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
+        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
+}
+static const struct file_operations sel_handle_unknown_ops = {
+        .read           = sel_read_handle_unknown,
+};
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static ssize_t sel_write_disable(struct file * file, const char __user * buf,
                                 size_t count, loff_t *ppos)
@@ -309,6 +328,11 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
                length = count;
 out1:
+        printk(KERN_INFO "SELinux: policy loaded with handle_unknown=%s\n",
+               (security_get_reject_unknown() ? "reject" :
+                (security_get_allow_unknown() ? "allow" : "deny")));
        audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
                "policy loaded auid=%u",
                audit_get_loginuid(current->audit_context));
@@ -1575,6 +1599,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
                [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
                [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
                [SEL_COMPAT_NET] = {"compat_net", &sel_compat_net_ops, S_IRUGO|S_IWUSR},
+                [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
+                [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
                /* last one */ {""}
        };
        ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
author	Eric Paris <eparis@redhat.com>	2007-09-21 14:37:10 -0400
committer	James Morris <jmorris@namei.org>	2007-10-16 18:59:33 -0400
commit	3f12070e27b4a213d62607d2bff139793089a77d (patch)
tree	b6b614737f916c7c3102f66e6ad9e682b9c9bf04 /security/selinux/selinuxfs.c
parent	788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (diff)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c9e92daedee2..f5f3e6da5da7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c
@@ -103,6 +103,8 @@ enum sel_inos {
103	SEL_MEMBER, /* compute polyinstantiation membership decision */	103	SEL_MEMBER, /* compute polyinstantiation membership decision */
104	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */	104	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
105	SEL_COMPAT_NET, /* whether to use old compat network packet controls */	105	SEL_COMPAT_NET, /* whether to use old compat network packet controls */
		106	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
		107	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
106	SEL_INO_NEXT, /* The next inode number to use */	108	SEL_INO_NEXT, /* The next inode number to use */
107	};	109	};
108		110
@@ -177,6 +179,23 @@ static const struct file_operations sel_enforce_ops = {
177	.write = sel_write_enforce,	179	.write = sel_write_enforce,
178	};	180	};
179		181
		182	static ssize_t sel_read_handle_unknown(struct file filp, char __user buf,
		183	size_t count, loff_t *ppos)
		184	{
		185	char tmpbuf[TMPBUFLEN];
		186	ssize_t length;
		187	ino_t ino = filp->f_path.dentry->d_inode->i_ino;
		188	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
		189	security_get_reject_unknown() : !security_get_allow_unknown();
		190
		191	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
		192	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
		193	}
		194
		195	static const struct file_operations sel_handle_unknown_ops = {
		196	.read = sel_read_handle_unknown,
		197	};
		198
180	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	199	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
181	static ssize_t sel_write_disable(struct file * file, const char __user * buf,	200	static ssize_t sel_write_disable(struct file * file, const char __user * buf,
182	size_t count, loff_t *ppos)	201	size_t count, loff_t *ppos)
@@ -309,6 +328,11 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
309	length = count;	328	length = count;
310		329
311	out1:	330	out1:
		331
		332	printk(KERN_INFO "SELinux: policy loaded with handle_unknown=%s\n",
		333	(security_get_reject_unknown() ? "reject" :
		334	(security_get_allow_unknown() ? "allow" : "deny")));
		335
312	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,	336	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
313	"policy loaded auid=%u",	337	"policy loaded auid=%u",
314	audit_get_loginuid(current->audit_context));	338	audit_get_loginuid(current->audit_context));
@@ -1575,6 +1599,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
1575	[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO\|S_IWUGO},	1599	[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO\|S_IWUGO},
1576	[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO\|S_IWUSR},	1600	[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO\|S_IWUSR},
1577	[SEL_COMPAT_NET] = {"compat_net", &sel_compat_net_ops, S_IRUGO\|S_IWUSR},	1601	[SEL_COMPAT_NET] = {"compat_net", &sel_compat_net_ops, S_IRUGO\|S_IWUSR},
		1602	[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
		1603	[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1578	/* last one */ {""}	1604	/* last one */ {""}
1579	};	1605	};
1580	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);	1606	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);