[PATCH] SELinux: default labeling of MLS field

Implement kernel labeling of the MLS (multilevel security) field of security contexts for files which have no existing MLS field. This is to enable upgrades of a system from non-MLS to MLS without performing a full filesystem relabel including all of the mountpoints, which would be quite painful for users. With this patch, with MLS enabled, if a file has no MLS field, the kernel internally adds an MLS field to the in-core inode (but not to the on-disk file). This MLS field added is the default for the superblock, allowing per-mountpoint control over the values via fixed policy or mount options. This patch has been tested by enabling MLS without relabeling its filesystem, and seems to be working correctly. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: James Morris <jmorris@redhat.com> 2005-07-28 04:07:37 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-07-28 11:39:02 -0400
commit: f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52 (patch)
tree: e896d0b6b9f561c9d124fa81efd261518ccbddf4 /security/selinux/ss/mls.c
parent: e1699f508ab5098de4b258268fa8913db38d9d35 (diff)
1 files changed, 48 insertions, 23 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 756036bcc243..d4c32c39ccc9 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -15,6 +15,7 @@
 #include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/errno.h>
+#include "sidtab.h"
 #include "mls.h"
 #include "policydb.h"
 #include "services.h"
@@ -208,6 +209,26 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
 }
 /*
+ * Copies the MLS range from `src' into `dst'.
+ */
+static inline int mls_copy_context(struct context *dst,
+                                   struct context *src)
+{
+        int l, rc = 0;
+        /* Copy the MLS range from the source context */
+        for (l = 0; l < 2; l++) {
+                dst->range.level[l].sens = src->range.level[l].sens;
+                rc = ebitmap_cpy(&dst->range.level[l].cat,
+                                 &src->range.level[l].cat);
+                if (rc)
+                        break;
+        }
+        return rc;
+}
+/*
 * Set the MLS fields in the security context structure
 * `context' based on the string representation in
 * the string `*scontext'.  Update `*scontext' to
@@ -216,10 +237,20 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
 *
 * This function modifies the string in place, inserting
 * NULL characters to terminate the MLS fields.
+ *
+ * If a def_sid is provided and no MLS field is present,
+ * copy the MLS field of the associated default context.
+ * Used for upgraded to MLS systems where objects may lack
+ * MLS fields.
+ *
+ * Policy read-lock must be held for sidtab lookup.
+ *
 */
 int mls_context_to_sid(char oldc,
                       char **scontext,
-                       struct context *context)
+                       struct context *context,
+                       struct sidtab *s,
+                       u32 def_sid)
 {
        char delim;
@@ -231,9 +262,23 @@ int mls_context_to_sid(char oldc,
        if (!selinux_mls_enabled)
                return 0;
-        /* No MLS component to the security context. */
+        /*
-        if (!oldc)
+         * No MLS component to the security context, try and map to
+         * default if provided.
+         */
+        if (!oldc) {
+                struct context *defcon;
+                if (def_sid == SECSID_NULL)
+                        goto out;
+                defcon = sidtab_search(s, def_sid);
+                if (!defcon)
+                        goto out;
+                rc = mls_copy_context(context, defcon);
                goto out;
+        }
        /* Extract low sensitivity. */
        scontextp = p = *scontext;
@@ -334,26 +379,6 @@ out:
 }
 /*
- * Copies the MLS range from `src' into `dst'.
- */
-static inline int mls_copy_context(struct context *dst,
-                                   struct context *src)
-{
-        int l, rc = 0;
-        /* Copy the MLS range from the source context */
-        for (l = 0; l < 2; l++) {
-                dst->range.level[l].sens = src->range.level[l].sens;
-                rc = ebitmap_cpy(&dst->range.level[l].cat,
-                                 &src->range.level[l].cat);
-                if (rc)
-                        break;
-        }
-        return rc;
-}
-/*
 * Copies the effective MLS range from `src' into `dst'.
 */
 static inline int mls_scopy_context(struct context *dst,
author	James Morris <jmorris@redhat.com>	2005-07-28 04:07:37 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-07-28 11:39:02 -0400
commit	f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52 (patch)
tree	e896d0b6b9f561c9d124fa81efd261518ccbddf4 /security/selinux/ss/mls.c
parent	e1699f508ab5098de4b258268fa8913db38d9d35 (diff)