diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-16 05:59:26 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:42 -0500 |
| commit | 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (patch) | |
| tree | 65707c5309133a33140c39145ae91b7c1679a877 /security/selinux | |
| parent | 36c4f1b18c8a7d0adb4085e7f531860b837bb6b0 (diff) | |
audit: validate comparison operations, store them in sane form
Don't store the field->op in the messy (and very inconvenient for e.g.
audit_comparator()) form; translate to dense set of values and do full
validation of userland-submitted value while we are at it.
->audit_init_rule() and ->audit_match_rule() get new values now; in-tree
instances updated.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/ss/services.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 343c8ab14af0..c65e4fe4a0f1 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -2602,7 +2602,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
| 2602 | case AUDIT_OBJ_ROLE: | 2602 | case AUDIT_OBJ_ROLE: |
| 2603 | case AUDIT_OBJ_TYPE: | 2603 | case AUDIT_OBJ_TYPE: |
| 2604 | /* only 'equals' and 'not equals' fit user, role, and type */ | 2604 | /* only 'equals' and 'not equals' fit user, role, and type */ |
| 2605 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) | 2605 | if (op != Audit_equal && op != Audit_not_equal) |
| 2606 | return -EINVAL; | 2606 | return -EINVAL; |
| 2607 | break; | 2607 | break; |
| 2608 | case AUDIT_SUBJ_SEN: | 2608 | case AUDIT_SUBJ_SEN: |
| @@ -2736,10 +2736,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2736 | case AUDIT_SUBJ_USER: | 2736 | case AUDIT_SUBJ_USER: |
| 2737 | case AUDIT_OBJ_USER: | 2737 | case AUDIT_OBJ_USER: |
| 2738 | switch (op) { | 2738 | switch (op) { |
| 2739 | case AUDIT_EQUAL: | 2739 | case Audit_equal: |
| 2740 | match = (ctxt->user == rule->au_ctxt.user); | 2740 | match = (ctxt->user == rule->au_ctxt.user); |
| 2741 | break; | 2741 | break; |
| 2742 | case AUDIT_NOT_EQUAL: | 2742 | case Audit_not_equal: |
| 2743 | match = (ctxt->user != rule->au_ctxt.user); | 2743 | match = (ctxt->user != rule->au_ctxt.user); |
| 2744 | break; | 2744 | break; |
| 2745 | } | 2745 | } |
| @@ -2747,10 +2747,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2747 | case AUDIT_SUBJ_ROLE: | 2747 | case AUDIT_SUBJ_ROLE: |
| 2748 | case AUDIT_OBJ_ROLE: | 2748 | case AUDIT_OBJ_ROLE: |
| 2749 | switch (op) { | 2749 | switch (op) { |
| 2750 | case AUDIT_EQUAL: | 2750 | case Audit_equal: |
| 2751 | match = (ctxt->role == rule->au_ctxt.role); | 2751 | match = (ctxt->role == rule->au_ctxt.role); |
| 2752 | break; | 2752 | break; |
| 2753 | case AUDIT_NOT_EQUAL: | 2753 | case Audit_not_equal: |
| 2754 | match = (ctxt->role != rule->au_ctxt.role); | 2754 | match = (ctxt->role != rule->au_ctxt.role); |
| 2755 | break; | 2755 | break; |
| 2756 | } | 2756 | } |
| @@ -2758,10 +2758,10 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2758 | case AUDIT_SUBJ_TYPE: | 2758 | case AUDIT_SUBJ_TYPE: |
| 2759 | case AUDIT_OBJ_TYPE: | 2759 | case AUDIT_OBJ_TYPE: |
| 2760 | switch (op) { | 2760 | switch (op) { |
| 2761 | case AUDIT_EQUAL: | 2761 | case Audit_equal: |
| 2762 | match = (ctxt->type == rule->au_ctxt.type); | 2762 | match = (ctxt->type == rule->au_ctxt.type); |
| 2763 | break; | 2763 | break; |
| 2764 | case AUDIT_NOT_EQUAL: | 2764 | case Audit_not_equal: |
| 2765 | match = (ctxt->type != rule->au_ctxt.type); | 2765 | match = (ctxt->type != rule->au_ctxt.type); |
| 2766 | break; | 2766 | break; |
| 2767 | } | 2767 | } |
| @@ -2774,31 +2774,31 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
| 2774 | field == AUDIT_OBJ_LEV_LOW) ? | 2774 | field == AUDIT_OBJ_LEV_LOW) ? |
| 2775 | &ctxt->range.level[0] : &ctxt->range.level[1]); | 2775 | &ctxt->range.level[0] : &ctxt->range.level[1]); |
| 2776 | switch (op) { | 2776 | switch (op) { |
| 2777 | case AUDIT_EQUAL: | 2777 | case Audit_equal: |
| 2778 | match = mls_level_eq(&rule->au_ctxt.range.level[0], | 2778 | match = mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2779 | level); | 2779 | level); |
| 2780 | break; | 2780 | break; |
| 2781 | case AUDIT_NOT_EQUAL: | 2781 | case Audit_not_equal: |
| 2782 | match = !mls_level_eq(&rule->au_ctxt.range.level[0], | 2782 | match = !mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2783 | level); | 2783 | level); |
| 2784 | break; | 2784 | break; |
| 2785 | case AUDIT_LESS_THAN: | 2785 | case Audit_lt: |
| 2786 | match = (mls_level_dom(&rule->au_ctxt.range.level[0], | 2786 | match = (mls_level_dom(&rule->au_ctxt.range.level[0], |
| 2787 | level) && | 2787 | level) && |
| 2788 | !mls_level_eq(&rule->au_ctxt.range.level[0], | 2788 | !mls_level_eq(&rule->au_ctxt.range.level[0], |
| 2789 | level)); | 2789 | level)); |
| 2790 | break; | 2790 | break; |
| 2791 | case AUDIT_LESS_THAN_OR_EQUAL: | 2791 | case Audit_le: |
| 2792 | match = mls_level_dom(&rule->au_ctxt.range.level[0], | 2792 | match = mls_level_dom(&rule->au_ctxt.range.level[0], |
| 2793 | level); | 2793 | level); |
| 2794 | break; | 2794 | break; |
| 2795 | case AUDIT_GREATER_THAN: | 2795 | case Audit_gt: |
| 2796 | match = (mls_level_dom(level, | 2796 | match = (mls_level_dom(level, |
| 2797 | &rule->au_ctxt.range.level[0]) && | 2797 | &rule->au_ctxt.range.level[0]) && |
| 2798 | !mls_level_eq(level, | 2798 | !mls_level_eq(level, |
| 2799 | &rule->au_ctxt.range.level[0])); | 2799 | &rule->au_ctxt.range.level[0])); |
| 2800 | break; | 2800 | break; |
| 2801 | case AUDIT_GREATER_THAN_OR_EQUAL: | 2801 | case Audit_ge: |
| 2802 | match = mls_level_dom(level, | 2802 | match = mls_level_dom(level, |
| 2803 | &rule->au_ctxt.range.level[0]); | 2803 | &rule->au_ctxt.range.level[0]); |
| 2804 | break; | 2804 | break; |