diff options
author | Harry Ciao <qingtao.cao@windriver.com> | 2011-03-02 00:32:33 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2011-03-03 15:19:43 -0500 |
commit | 6f5317e730505d5cbc851c435a2dfe3d5a21d343 (patch) | |
tree | 02088cf519a00db5c6fbdb2cc8776402413eb662 /security | |
parent | 4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad (diff) |
SELinux: Socket retains creator role and MLS attribute
The socket SID would be computed on creation and no longer inherit
its creator's SID by default. Socket may have a different type but
needs to retain the creator's role and MLS attribute in order not
to break labeled networking and network access control.
The kernel value for a class would be used to determine if the class
if one of socket classes. If security_compute_sid is called from
userspace the policy value for a class would be mapped to the relevant
kernel value first.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/mls.c | 5 | ||||
-rw-r--r-- | security/selinux/ss/mls.h | 3 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 28 |
3 files changed, 29 insertions, 7 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 1ef8e4e89880..e96174216bc9 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -512,7 +512,8 @@ int mls_compute_sid(struct context *scontext, | |||
512 | struct context *tcontext, | 512 | struct context *tcontext, |
513 | u16 tclass, | 513 | u16 tclass, |
514 | u32 specified, | 514 | u32 specified, |
515 | struct context *newcontext) | 515 | struct context *newcontext, |
516 | bool sock) | ||
516 | { | 517 | { |
517 | struct range_trans rtr; | 518 | struct range_trans rtr; |
518 | struct mls_range *r; | 519 | struct mls_range *r; |
@@ -531,7 +532,7 @@ int mls_compute_sid(struct context *scontext, | |||
531 | return mls_range_set(newcontext, r); | 532 | return mls_range_set(newcontext, r); |
532 | /* Fallthrough */ | 533 | /* Fallthrough */ |
533 | case AVTAB_CHANGE: | 534 | case AVTAB_CHANGE: |
534 | if (tclass == policydb.process_class) | 535 | if ((tclass == policydb.process_class) || (sock == true)) |
535 | /* Use the process MLS attributes. */ | 536 | /* Use the process MLS attributes. */ |
536 | return mls_context_cpy(newcontext, scontext); | 537 | return mls_context_cpy(newcontext, scontext); |
537 | else | 538 | else |
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index cd9152632e54..037bf9d82d41 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
@@ -49,7 +49,8 @@ int mls_compute_sid(struct context *scontext, | |||
49 | struct context *tcontext, | 49 | struct context *tcontext, |
50 | u16 tclass, | 50 | u16 tclass, |
51 | u32 specified, | 51 | u32 specified, |
52 | struct context *newcontext); | 52 | struct context *newcontext, |
53 | bool sock); | ||
53 | 54 | ||
54 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | 55 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, |
55 | struct context *usercon); | 56 | struct context *usercon); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2e36e03c21f2..3e7544d2a07b 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -201,6 +201,21 @@ static u16 unmap_class(u16 tclass) | |||
201 | return tclass; | 201 | return tclass; |
202 | } | 202 | } |
203 | 203 | ||
204 | /* | ||
205 | * Get kernel value for class from its policy value | ||
206 | */ | ||
207 | static u16 map_class(u16 pol_value) | ||
208 | { | ||
209 | u16 i; | ||
210 | |||
211 | for (i = 1; i < current_mapping_size; i++) { | ||
212 | if (current_mapping[i].value == pol_value) | ||
213 | return i; | ||
214 | } | ||
215 | |||
216 | return pol_value; | ||
217 | } | ||
218 | |||
204 | static void map_decision(u16 tclass, struct av_decision *avd, | 219 | static void map_decision(u16 tclass, struct av_decision *avd, |
205 | int allow_unknown) | 220 | int allow_unknown) |
206 | { | 221 | { |
@@ -1374,6 +1389,7 @@ static int security_compute_sid(u32 ssid, | |||
1374 | struct avtab_node *node; | 1389 | struct avtab_node *node; |
1375 | u16 tclass; | 1390 | u16 tclass; |
1376 | int rc = 0; | 1391 | int rc = 0; |
1392 | bool sock; | ||
1377 | 1393 | ||
1378 | if (!ss_initialized) { | 1394 | if (!ss_initialized) { |
1379 | switch (orig_tclass) { | 1395 | switch (orig_tclass) { |
@@ -1391,10 +1407,13 @@ static int security_compute_sid(u32 ssid, | |||
1391 | 1407 | ||
1392 | read_lock(&policy_rwlock); | 1408 | read_lock(&policy_rwlock); |
1393 | 1409 | ||
1394 | if (kern) | 1410 | if (kern) { |
1395 | tclass = unmap_class(orig_tclass); | 1411 | tclass = unmap_class(orig_tclass); |
1396 | else | 1412 | sock = security_is_socket_class(orig_tclass); |
1413 | } else { | ||
1397 | tclass = orig_tclass; | 1414 | tclass = orig_tclass; |
1415 | sock = security_is_socket_class(map_class(tclass)); | ||
1416 | } | ||
1398 | 1417 | ||
1399 | scontext = sidtab_search(&sidtab, ssid); | 1418 | scontext = sidtab_search(&sidtab, ssid); |
1400 | if (!scontext) { | 1419 | if (!scontext) { |
@@ -1425,7 +1444,7 @@ static int security_compute_sid(u32 ssid, | |||
1425 | } | 1444 | } |
1426 | 1445 | ||
1427 | /* Set the role and type to default values. */ | 1446 | /* Set the role and type to default values. */ |
1428 | if (tclass == policydb.process_class) { | 1447 | if ((tclass == policydb.process_class) || (sock == true)) { |
1429 | /* Use the current role and type of process. */ | 1448 | /* Use the current role and type of process. */ |
1430 | newcontext.role = scontext->role; | 1449 | newcontext.role = scontext->role; |
1431 | newcontext.type = scontext->type; | 1450 | newcontext.type = scontext->type; |
@@ -1482,7 +1501,8 @@ static int security_compute_sid(u32 ssid, | |||
1482 | 1501 | ||
1483 | /* Set the MLS attributes. | 1502 | /* Set the MLS attributes. |
1484 | This is done last because it may allocate memory. */ | 1503 | This is done last because it may allocate memory. */ |
1485 | rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext); | 1504 | rc = mls_compute_sid(scontext, tcontext, tclass, specified, |
1505 | &newcontext, sock); | ||
1486 | if (rc) | 1506 | if (rc) |
1487 | goto out_unlock; | 1507 | goto out_unlock; |
1488 | 1508 | ||