[PATCH] SELinux: default labeling of MLS field

Implement kernel labeling of the MLS (multilevel security) field of security contexts for files which have no existing MLS field. This is to enable upgrades of a system from non-MLS to MLS without performing a full filesystem relabel including all of the mountpoints, which would be quite painful for users. With this patch, with MLS enabled, if a file has no MLS field, the kernel internally adds an MLS field to the in-core inode (but not to the on-disk file). This MLS field added is the default for the superblock, allowing per-mountpoint control over the values via fixed policy or mount options. This patch has been tested by enabling MLS without relabeling its filesystem, and seems to be working correctly. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: James Morris <jmorris@redhat.com> 2005-07-28 04:07:37 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-07-28 11:39:02 -0400
commit: f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52 (patch)
tree: e896d0b6b9f561c9d124fa81efd261518ccbddf4 /security/selinux/ss/services.c
parent: e1699f508ab5098de4b258268fa8913db38d9d35 (diff)
1 files changed, 42 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 922bb45054aa..014120474e69 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -601,18 +601,7 @@ out:
 }
-/**
+static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
- * security_context_to_sid - Obtain a SID for a given security context.
- * @scontext: security context
- * @scontext_len: length in bytes
- * @sid: security identifier, SID
- *
- * Obtains a SID associated with the security context that
- * has the string representation specified by @scontext.
- * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
- * memory is available, or 0 on success.
- */
-int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
 {
        char *scontext2;
        struct context context;
@@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
        context.type = typdatum->value;
-        rc = mls_context_to_sid(oldc, &p, &context);
+        rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
        if (rc)
                goto out_unlock;
@@ -727,6 +716,46 @@ out:
        return rc;
 }
+/**
+ * security_context_to_sid - Obtain a SID for a given security context.
+ * @scontext: security context
+ * @scontext_len: length in bytes
+ * @sid: security identifier, SID
+ *
+ * Obtains a SID associated with the security context that
+ * has the string representation specified by @scontext.
+ * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
+ * memory is available, or 0 on success.
+ */
+int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
+{
+        return security_context_to_sid_core(scontext, scontext_len,
+                                            sid, SECSID_NULL);
+}
+/**
+ * security_context_to_sid_default - Obtain a SID for a given security context,
+ * falling back to specified default if needed.
+ *
+ * @scontext: security context
+ * @scontext_len: length in bytes
+ * @sid: security identifier, SID
+ * @def_sid: default SID to assign on errror
+ *
+ * Obtains a SID associated with the security context that
+ * has the string representation specified by @scontext.
+ * The default SID is passed to the MLS layer to be used to allow
+ * kernel labeling of the MLS field if the MLS field is not present
+ * (for upgrading to MLS without full relabel).
+ * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
+ * memory is available, or 0 on success.
+ */
+int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
+{
+        return security_context_to_sid_core(scontext, scontext_len,
+                                            sid, def_sid);
+}
 static int compute_sid_handle_invalid_context(
        struct context *scontext,
        struct context *tcontext,
author	James Morris <jmorris@redhat.com>	2005-07-28 04:07:37 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-07-28 11:39:02 -0400
commit	f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52 (patch)
tree	e896d0b6b9f561c9d124fa81efd261518ccbddf4 /security/selinux/ss/services.c
parent	e1699f508ab5098de4b258268fa8913db38d9d35 (diff)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 922bb45054aa..014120474e69 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -601,18 +601,7 @@ out:
601		601
602	}	602	}
603		603
604	/**	604	static int security_context_to_sid_core(char scontext, u32 scontext_len, u32 sid, u32 def_sid)
605	* security_context_to_sid - Obtain a SID for a given security context.
606	* @scontext: security context
607	* @scontext_len: length in bytes
608	* @sid: security identifier, SID
609	*
610	* Obtains a SID associated with the security context that
611	* has the string representation specified by @scontext.
612	* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
613	* memory is available, or 0 on success.
614	*/
615	int security_context_to_sid(char scontext, u32 scontext_len, u32 sid)
616	{	605	{
617	char *scontext2;	606	char *scontext2;
618	struct context context;	607	struct context context;
@@ -703,7 +692,7 @@ int security_context_to_sid(char scontext, u32 scontext_len, u32 sid)
703		692
704	context.type = typdatum->value;	693	context.type = typdatum->value;
705		694
706	rc = mls_context_to_sid(oldc, &p, &context);	695	rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
707	if (rc)	696	if (rc)
708	goto out_unlock;	697	goto out_unlock;
709		698
@@ -727,6 +716,46 @@ out:
727	return rc;	716	return rc;
728	}	717	}
729		718
		719	/**
		720	* security_context_to_sid - Obtain a SID for a given security context.
		721	* @scontext: security context
		722	* @scontext_len: length in bytes
		723	* @sid: security identifier, SID
		724	*
		725	* Obtains a SID associated with the security context that
		726	* has the string representation specified by @scontext.
		727	* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
		728	* memory is available, or 0 on success.
		729	*/
		730	int security_context_to_sid(char scontext, u32 scontext_len, u32 sid)
		731	{
		732	return security_context_to_sid_core(scontext, scontext_len,
		733	sid, SECSID_NULL);
		734	}
		735
		736	/**
		737	* security_context_to_sid_default - Obtain a SID for a given security context,
		738	* falling back to specified default if needed.
		739	*
		740	* @scontext: security context
		741	* @scontext_len: length in bytes
		742	* @sid: security identifier, SID
		743	* @def_sid: default SID to assign on errror
		744	*
		745	* Obtains a SID associated with the security context that
		746	* has the string representation specified by @scontext.
		747	* The default SID is passed to the MLS layer to be used to allow
		748	* kernel labeling of the MLS field if the MLS field is not present
		749	* (for upgrading to MLS without full relabel).
		750	* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
		751	* memory is available, or 0 on success.
		752	*/
		753	int security_context_to_sid_default(char scontext, u32 scontext_len, u32 sid, u32 def_sid)
		754	{
		755	return security_context_to_sid_core(scontext, scontext_len,
		756	sid, def_sid);
		757	}
		758
730	static int compute_sid_handle_invalid_context(	759	static int compute_sid_handle_invalid_context(
731	struct context *scontext,	760	struct context *scontext,
732	struct context *tcontext,	761	struct context *tcontext,