aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2009-08-28 18:12:49 -0400
committerJames Morris <jmorris@namei.org>2009-08-31 18:29:52 -0400
commited6d76e4c32de0c2ad5f1d572b948ef49e465176 (patch)
tree893914916ad849fefed72df48bca0bf9c78e392d /security
parent2b980dbd77d229eb60588802162c9659726b11f4 (diff)
selinux: Support for the new TUN LSM hooks
Add support for the new TUN LSM hooks: security_tun_dev_create(), security_tun_dev_post_create() and security_tun_dev_attach(). This includes the addition of a new object class, tun_socket, which represents the socks associated with TUN devices. The _tun_dev_create() and _tun_dev_post_create() hooks are fairly similar to the standard socket functions but _tun_dev_attach() is a bit special. The _tun_dev_attach() is unique because it involves a domain attaching to an existing TUN device and its associated tun_socket object, an operation which does not exist with standard sockets and most closely resembles a relabel operation. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c60
-rw-r--r--security/selinux/include/av_inherit.h1
-rw-r--r--security/selinux/include/av_permissions.h22
-rw-r--r--security/selinux/include/class_to_string.h1
-rw-r--r--security/selinux/include/flask.h1
5 files changed, 83 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ac79f9ef2da8..27b4c5527358 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -13,8 +13,8 @@
13 * Eric Paris <eparis@redhat.com> 13 * Eric Paris <eparis@redhat.com>
14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
15 * <dgoeddel@trustedcs.com> 15 * <dgoeddel@trustedcs.com>
16 * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. 16 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
17 * Paul Moore <paul.moore@hp.com> 17 * Paul Moore <paul.moore@hp.com>
18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. 18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
19 * Yuichi Nakamura <ynakam@hitachisoft.jp> 19 * Yuichi Nakamura <ynakam@hitachisoft.jp>
20 * 20 *
@@ -4325,6 +4325,59 @@ static void selinux_req_classify_flow(const struct request_sock *req,
4325 fl->secid = req->secid; 4325 fl->secid = req->secid;
4326} 4326}
4327 4327
4328static int selinux_tun_dev_create(void)
4329{
4330 u32 sid = current_sid();
4331
4332 /* we aren't taking into account the "sockcreate" SID since the socket
4333 * that is being created here is not a socket in the traditional sense,
4334 * instead it is a private sock, accessible only to the kernel, and
4335 * representing a wide range of network traffic spanning multiple
4336 * connections unlike traditional sockets - check the TUN driver to
4337 * get a better understanding of why this socket is special */
4338
4339 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4340 NULL);
4341}
4342
4343static void selinux_tun_dev_post_create(struct sock *sk)
4344{
4345 struct sk_security_struct *sksec = sk->sk_security;
4346
4347 /* we don't currently perform any NetLabel based labeling here and it
4348 * isn't clear that we would want to do so anyway; while we could apply
4349 * labeling without the support of the TUN user the resulting labeled
4350 * traffic from the other end of the connection would almost certainly
4351 * cause confusion to the TUN user that had no idea network labeling
4352 * protocols were being used */
4353
4354 /* see the comments in selinux_tun_dev_create() about why we don't use
4355 * the sockcreate SID here */
4356
4357 sksec->sid = current_sid();
4358 sksec->sclass = SECCLASS_TUN_SOCKET;
4359}
4360
4361static int selinux_tun_dev_attach(struct sock *sk)
4362{
4363 struct sk_security_struct *sksec = sk->sk_security;
4364 u32 sid = current_sid();
4365 int err;
4366
4367 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4368 TUN_SOCKET__RELABELFROM, NULL);
4369 if (err)
4370 return err;
4371 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4372 TUN_SOCKET__RELABELTO, NULL);
4373 if (err)
4374 return err;
4375
4376 sksec->sid = sid;
4377
4378 return 0;
4379}
4380
4328static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) 4381static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4329{ 4382{
4330 int err = 0; 4383 int err = 0;
@@ -5494,6 +5547,9 @@ static struct security_operations selinux_ops = {
5494 .inet_csk_clone = selinux_inet_csk_clone, 5547 .inet_csk_clone = selinux_inet_csk_clone,
5495 .inet_conn_established = selinux_inet_conn_established, 5548 .inet_conn_established = selinux_inet_conn_established,
5496 .req_classify_flow = selinux_req_classify_flow, 5549 .req_classify_flow = selinux_req_classify_flow,
5550 .tun_dev_create = selinux_tun_dev_create,
5551 .tun_dev_post_create = selinux_tun_dev_post_create,
5552 .tun_dev_attach = selinux_tun_dev_attach,
5497 5553
5498#ifdef CONFIG_SECURITY_NETWORK_XFRM 5554#ifdef CONFIG_SECURITY_NETWORK_XFRM
5499 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, 5555 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
index 8377a4ba3b95..abedcd704dae 100644
--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
@@ -15,6 +15,7 @@
15 S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) 15 S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
16 S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) 16 S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
17 S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) 17 S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
18 S_(SECCLASS_TUN_SOCKET, socket, 0x00400000UL)
18 S_(SECCLASS_IPC, ipc, 0x00000200UL) 19 S_(SECCLASS_IPC, ipc, 0x00000200UL)
19 S_(SECCLASS_SEM, ipc, 0x00000200UL) 20 S_(SECCLASS_SEM, ipc, 0x00000200UL)
20 S_(SECCLASS_MSGQ, ipc, 0x00000200UL) 21 S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 21c722669902..0546d616ccac 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -423,6 +423,28 @@
423#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL 423#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
424#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL 424#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
425#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL 425#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
426#define TUN_SOCKET__IOCTL 0x00000001UL
427#define TUN_SOCKET__READ 0x00000002UL
428#define TUN_SOCKET__WRITE 0x00000004UL
429#define TUN_SOCKET__CREATE 0x00000008UL
430#define TUN_SOCKET__GETATTR 0x00000010UL
431#define TUN_SOCKET__SETATTR 0x00000020UL
432#define TUN_SOCKET__LOCK 0x00000040UL
433#define TUN_SOCKET__RELABELFROM 0x00000080UL
434#define TUN_SOCKET__RELABELTO 0x00000100UL
435#define TUN_SOCKET__APPEND 0x00000200UL
436#define TUN_SOCKET__BIND 0x00000400UL
437#define TUN_SOCKET__CONNECT 0x00000800UL
438#define TUN_SOCKET__LISTEN 0x00001000UL
439#define TUN_SOCKET__ACCEPT 0x00002000UL
440#define TUN_SOCKET__GETOPT 0x00004000UL
441#define TUN_SOCKET__SETOPT 0x00008000UL
442#define TUN_SOCKET__SHUTDOWN 0x00010000UL
443#define TUN_SOCKET__RECVFROM 0x00020000UL
444#define TUN_SOCKET__SENDTO 0x00040000UL
445#define TUN_SOCKET__RECV_MSG 0x00080000UL
446#define TUN_SOCKET__SEND_MSG 0x00100000UL
447#define TUN_SOCKET__NAME_BIND 0x00200000UL
426#define PROCESS__FORK 0x00000001UL 448#define PROCESS__FORK 0x00000001UL
427#define PROCESS__TRANSITION 0x00000002UL 449#define PROCESS__TRANSITION 0x00000002UL
428#define PROCESS__SIGCHLD 0x00000004UL 450#define PROCESS__SIGCHLD 0x00000004UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index 21ec786611d4..7ab9299bfb6b 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -77,3 +77,4 @@
77 S_(NULL) 77 S_(NULL)
78 S_(NULL) 78 S_(NULL)
79 S_("kernel_service") 79 S_("kernel_service")
80 S_("tun_socket")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 882f27d66fac..f248500a1e3c 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -53,6 +53,7 @@
53#define SECCLASS_PEER 68 53#define SECCLASS_PEER 68
54#define SECCLASS_CAPABILITY2 69 54#define SECCLASS_CAPABILITY2 69
55#define SECCLASS_KERNEL_SERVICE 74 55#define SECCLASS_KERNEL_SERVICE 74
56#define SECCLASS_TUN_SOCKET 75
56 57
57/* 58/*
58 * Security identifier indices for initial entities 59 * Security identifier indices for initial entities