diff options
author | Paul Moore <paul.moore@hp.com> | 2009-08-28 18:12:49 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-08-31 18:29:52 -0400 |
commit | ed6d76e4c32de0c2ad5f1d572b948ef49e465176 (patch) | |
tree | 893914916ad849fefed72df48bca0bf9c78e392d /security | |
parent | 2b980dbd77d229eb60588802162c9659726b11f4 (diff) |
selinux: Support for the new TUN LSM hooks
Add support for the new TUN LSM hooks: security_tun_dev_create(),
security_tun_dev_post_create() and security_tun_dev_attach(). This includes
the addition of a new object class, tun_socket, which represents the socks
associated with TUN devices. The _tun_dev_create() and _tun_dev_post_create()
hooks are fairly similar to the standard socket functions but _tun_dev_attach()
is a bit special. The _tun_dev_attach() is unique because it involves a
domain attaching to an existing TUN device and its associated tun_socket
object, an operation which does not exist with standard sockets and most
closely resembles a relabel operation.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 60 | ||||
-rw-r--r-- | security/selinux/include/av_inherit.h | 1 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 22 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 1 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 1 |
5 files changed, 83 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ac79f9ef2da8..27b4c5527358 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -13,8 +13,8 @@ | |||
13 | * Eric Paris <eparis@redhat.com> | 13 | * Eric Paris <eparis@redhat.com> |
14 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 14 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
15 | * <dgoeddel@trustedcs.com> | 15 | * <dgoeddel@trustedcs.com> |
16 | * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. | 16 | * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P. |
17 | * Paul Moore <paul.moore@hp.com> | 17 | * Paul Moore <paul.moore@hp.com> |
18 | * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. | 18 | * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. |
19 | * Yuichi Nakamura <ynakam@hitachisoft.jp> | 19 | * Yuichi Nakamura <ynakam@hitachisoft.jp> |
20 | * | 20 | * |
@@ -4325,6 +4325,59 @@ static void selinux_req_classify_flow(const struct request_sock *req, | |||
4325 | fl->secid = req->secid; | 4325 | fl->secid = req->secid; |
4326 | } | 4326 | } |
4327 | 4327 | ||
4328 | static int selinux_tun_dev_create(void) | ||
4329 | { | ||
4330 | u32 sid = current_sid(); | ||
4331 | |||
4332 | /* we aren't taking into account the "sockcreate" SID since the socket | ||
4333 | * that is being created here is not a socket in the traditional sense, | ||
4334 | * instead it is a private sock, accessible only to the kernel, and | ||
4335 | * representing a wide range of network traffic spanning multiple | ||
4336 | * connections unlike traditional sockets - check the TUN driver to | ||
4337 | * get a better understanding of why this socket is special */ | ||
4338 | |||
4339 | return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, | ||
4340 | NULL); | ||
4341 | } | ||
4342 | |||
4343 | static void selinux_tun_dev_post_create(struct sock *sk) | ||
4344 | { | ||
4345 | struct sk_security_struct *sksec = sk->sk_security; | ||
4346 | |||
4347 | /* we don't currently perform any NetLabel based labeling here and it | ||
4348 | * isn't clear that we would want to do so anyway; while we could apply | ||
4349 | * labeling without the support of the TUN user the resulting labeled | ||
4350 | * traffic from the other end of the connection would almost certainly | ||
4351 | * cause confusion to the TUN user that had no idea network labeling | ||
4352 | * protocols were being used */ | ||
4353 | |||
4354 | /* see the comments in selinux_tun_dev_create() about why we don't use | ||
4355 | * the sockcreate SID here */ | ||
4356 | |||
4357 | sksec->sid = current_sid(); | ||
4358 | sksec->sclass = SECCLASS_TUN_SOCKET; | ||
4359 | } | ||
4360 | |||
4361 | static int selinux_tun_dev_attach(struct sock *sk) | ||
4362 | { | ||
4363 | struct sk_security_struct *sksec = sk->sk_security; | ||
4364 | u32 sid = current_sid(); | ||
4365 | int err; | ||
4366 | |||
4367 | err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET, | ||
4368 | TUN_SOCKET__RELABELFROM, NULL); | ||
4369 | if (err) | ||
4370 | return err; | ||
4371 | err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, | ||
4372 | TUN_SOCKET__RELABELTO, NULL); | ||
4373 | if (err) | ||
4374 | return err; | ||
4375 | |||
4376 | sksec->sid = sid; | ||
4377 | |||
4378 | return 0; | ||
4379 | } | ||
4380 | |||
4328 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | 4381 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) |
4329 | { | 4382 | { |
4330 | int err = 0; | 4383 | int err = 0; |
@@ -5494,6 +5547,9 @@ static struct security_operations selinux_ops = { | |||
5494 | .inet_csk_clone = selinux_inet_csk_clone, | 5547 | .inet_csk_clone = selinux_inet_csk_clone, |
5495 | .inet_conn_established = selinux_inet_conn_established, | 5548 | .inet_conn_established = selinux_inet_conn_established, |
5496 | .req_classify_flow = selinux_req_classify_flow, | 5549 | .req_classify_flow = selinux_req_classify_flow, |
5550 | .tun_dev_create = selinux_tun_dev_create, | ||
5551 | .tun_dev_post_create = selinux_tun_dev_post_create, | ||
5552 | .tun_dev_attach = selinux_tun_dev_attach, | ||
5497 | 5553 | ||
5498 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 5554 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
5499 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, | 5555 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, |
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h index 8377a4ba3b95..abedcd704dae 100644 --- a/security/selinux/include/av_inherit.h +++ b/security/selinux/include/av_inherit.h | |||
@@ -15,6 +15,7 @@ | |||
15 | S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) | 15 | S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) |
16 | S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) | 16 | S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) |
17 | S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) | 17 | S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) |
18 | S_(SECCLASS_TUN_SOCKET, socket, 0x00400000UL) | ||
18 | S_(SECCLASS_IPC, ipc, 0x00000200UL) | 19 | S_(SECCLASS_IPC, ipc, 0x00000200UL) |
19 | S_(SECCLASS_SEM, ipc, 0x00000200UL) | 20 | S_(SECCLASS_SEM, ipc, 0x00000200UL) |
20 | S_(SECCLASS_MSGQ, ipc, 0x00000200UL) | 21 | S_(SECCLASS_MSGQ, ipc, 0x00000200UL) |
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 21c722669902..0546d616ccac 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -423,6 +423,28 @@ | |||
423 | #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL | 423 | #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL |
424 | #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL | 424 | #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL |
425 | #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL | 425 | #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL |
426 | #define TUN_SOCKET__IOCTL 0x00000001UL | ||
427 | #define TUN_SOCKET__READ 0x00000002UL | ||
428 | #define TUN_SOCKET__WRITE 0x00000004UL | ||
429 | #define TUN_SOCKET__CREATE 0x00000008UL | ||
430 | #define TUN_SOCKET__GETATTR 0x00000010UL | ||
431 | #define TUN_SOCKET__SETATTR 0x00000020UL | ||
432 | #define TUN_SOCKET__LOCK 0x00000040UL | ||
433 | #define TUN_SOCKET__RELABELFROM 0x00000080UL | ||
434 | #define TUN_SOCKET__RELABELTO 0x00000100UL | ||
435 | #define TUN_SOCKET__APPEND 0x00000200UL | ||
436 | #define TUN_SOCKET__BIND 0x00000400UL | ||
437 | #define TUN_SOCKET__CONNECT 0x00000800UL | ||
438 | #define TUN_SOCKET__LISTEN 0x00001000UL | ||
439 | #define TUN_SOCKET__ACCEPT 0x00002000UL | ||
440 | #define TUN_SOCKET__GETOPT 0x00004000UL | ||
441 | #define TUN_SOCKET__SETOPT 0x00008000UL | ||
442 | #define TUN_SOCKET__SHUTDOWN 0x00010000UL | ||
443 | #define TUN_SOCKET__RECVFROM 0x00020000UL | ||
444 | #define TUN_SOCKET__SENDTO 0x00040000UL | ||
445 | #define TUN_SOCKET__RECV_MSG 0x00080000UL | ||
446 | #define TUN_SOCKET__SEND_MSG 0x00100000UL | ||
447 | #define TUN_SOCKET__NAME_BIND 0x00200000UL | ||
426 | #define PROCESS__FORK 0x00000001UL | 448 | #define PROCESS__FORK 0x00000001UL |
427 | #define PROCESS__TRANSITION 0x00000002UL | 449 | #define PROCESS__TRANSITION 0x00000002UL |
428 | #define PROCESS__SIGCHLD 0x00000004UL | 450 | #define PROCESS__SIGCHLD 0x00000004UL |
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index 21ec786611d4..7ab9299bfb6b 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -77,3 +77,4 @@ | |||
77 | S_(NULL) | 77 | S_(NULL) |
78 | S_(NULL) | 78 | S_(NULL) |
79 | S_("kernel_service") | 79 | S_("kernel_service") |
80 | S_("tun_socket") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index 882f27d66fac..f248500a1e3c 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -53,6 +53,7 @@ | |||
53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 68 |
54 | #define SECCLASS_CAPABILITY2 69 | 54 | #define SECCLASS_CAPABILITY2 69 |
55 | #define SECCLASS_KERNEL_SERVICE 74 | 55 | #define SECCLASS_KERNEL_SERVICE 74 |
56 | #define SECCLASS_TUN_SOCKET 75 | ||
56 | 57 | ||
57 | /* | 58 | /* |
58 | * Security identifier indices for initial entities | 59 | * Security identifier indices for initial entities |