aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorHarry Ciao <qingtao.cao@windriver.com>2011-03-02 00:32:33 -0500
committerEric Paris <eparis@redhat.com>2011-03-03 15:19:43 -0500
commit6f5317e730505d5cbc851c435a2dfe3d5a21d343 (patch)
tree02088cf519a00db5c6fbdb2cc8776402413eb662 /security
parent4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad (diff)
SELinux: Socket retains creator role and MLS attribute
The socket SID would be computed on creation and no longer inherit its creator's SID by default. Socket may have a different type but needs to retain the creator's role and MLS attribute in order not to break labeled networking and network access control. The kernel value for a class would be used to determine if the class if one of socket classes. If security_compute_sid is called from userspace the policy value for a class would be mapped to the relevant kernel value first. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/mls.c5
-rw-r--r--security/selinux/ss/mls.h3
-rw-r--r--security/selinux/ss/services.c28
3 files changed, 29 insertions, 7 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 1ef8e4e89880..e96174216bc9 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -512,7 +512,8 @@ int mls_compute_sid(struct context *scontext,
512 struct context *tcontext, 512 struct context *tcontext,
513 u16 tclass, 513 u16 tclass,
514 u32 specified, 514 u32 specified,
515 struct context *newcontext) 515 struct context *newcontext,
516 bool sock)
516{ 517{
517 struct range_trans rtr; 518 struct range_trans rtr;
518 struct mls_range *r; 519 struct mls_range *r;
@@ -531,7 +532,7 @@ int mls_compute_sid(struct context *scontext,
531 return mls_range_set(newcontext, r); 532 return mls_range_set(newcontext, r);
532 /* Fallthrough */ 533 /* Fallthrough */
533 case AVTAB_CHANGE: 534 case AVTAB_CHANGE:
534 if (tclass == policydb.process_class) 535 if ((tclass == policydb.process_class) || (sock == true))
535 /* Use the process MLS attributes. */ 536 /* Use the process MLS attributes. */
536 return mls_context_cpy(newcontext, scontext); 537 return mls_context_cpy(newcontext, scontext);
537 else 538 else
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index cd9152632e54..037bf9d82d41 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -49,7 +49,8 @@ int mls_compute_sid(struct context *scontext,
49 struct context *tcontext, 49 struct context *tcontext,
50 u16 tclass, 50 u16 tclass,
51 u32 specified, 51 u32 specified,
52 struct context *newcontext); 52 struct context *newcontext,
53 bool sock);
53 54
54int mls_setup_user_range(struct context *fromcon, struct user_datum *user, 55int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
55 struct context *usercon); 56 struct context *usercon);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2e36e03c21f2..3e7544d2a07b 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -201,6 +201,21 @@ static u16 unmap_class(u16 tclass)
201 return tclass; 201 return tclass;
202} 202}
203 203
204/*
205 * Get kernel value for class from its policy value
206 */
207static u16 map_class(u16 pol_value)
208{
209 u16 i;
210
211 for (i = 1; i < current_mapping_size; i++) {
212 if (current_mapping[i].value == pol_value)
213 return i;
214 }
215
216 return pol_value;
217}
218
204static void map_decision(u16 tclass, struct av_decision *avd, 219static void map_decision(u16 tclass, struct av_decision *avd,
205 int allow_unknown) 220 int allow_unknown)
206{ 221{
@@ -1374,6 +1389,7 @@ static int security_compute_sid(u32 ssid,
1374 struct avtab_node *node; 1389 struct avtab_node *node;
1375 u16 tclass; 1390 u16 tclass;
1376 int rc = 0; 1391 int rc = 0;
1392 bool sock;
1377 1393
1378 if (!ss_initialized) { 1394 if (!ss_initialized) {
1379 switch (orig_tclass) { 1395 switch (orig_tclass) {
@@ -1391,10 +1407,13 @@ static int security_compute_sid(u32 ssid,
1391 1407
1392 read_lock(&policy_rwlock); 1408 read_lock(&policy_rwlock);
1393 1409
1394 if (kern) 1410 if (kern) {
1395 tclass = unmap_class(orig_tclass); 1411 tclass = unmap_class(orig_tclass);
1396 else 1412 sock = security_is_socket_class(orig_tclass);
1413 } else {
1397 tclass = orig_tclass; 1414 tclass = orig_tclass;
1415 sock = security_is_socket_class(map_class(tclass));
1416 }
1398 1417
1399 scontext = sidtab_search(&sidtab, ssid); 1418 scontext = sidtab_search(&sidtab, ssid);
1400 if (!scontext) { 1419 if (!scontext) {
@@ -1425,7 +1444,7 @@ static int security_compute_sid(u32 ssid,
1425 } 1444 }
1426 1445
1427 /* Set the role and type to default values. */ 1446 /* Set the role and type to default values. */
1428 if (tclass == policydb.process_class) { 1447 if ((tclass == policydb.process_class) || (sock == true)) {
1429 /* Use the current role and type of process. */ 1448 /* Use the current role and type of process. */
1430 newcontext.role = scontext->role; 1449 newcontext.role = scontext->role;
1431 newcontext.type = scontext->type; 1450 newcontext.type = scontext->type;
@@ -1482,7 +1501,8 @@ static int security_compute_sid(u32 ssid,
1482 1501
1483 /* Set the MLS attributes. 1502 /* Set the MLS attributes.
1484 This is done last because it may allocate memory. */ 1503 This is done last because it may allocate memory. */
1485 rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext); 1504 rc = mls_compute_sid(scontext, tcontext, tclass, specified,
1505 &newcontext, sock);
1486 if (rc) 1506 if (rc)
1487 goto out_unlock; 1507 goto out_unlock;
1488 1508