aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2008-02-07 11:21:04 -0500
committerJames Morris <jmorris@namei.org>2008-02-11 04:30:02 -0500
commitb68e418c445e8a468634d0a7ca2fb63bbaa74028 (patch)
treee49b4a94ef28a9288ed6735a994387205b7cc5bd /security
parent19af35546de68c872dcb687613e0902a602cb20e (diff)
selinux: support 64-bit capabilities
Fix SELinux to handle 64-bit capabilities correctly, and to catch future extensions of capabilities beyond 64 bits to ensure that SELinux is properly updated. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c21
-rw-r--r--security/selinux/include/av_perm_to_string.h3
-rw-r--r--security/selinux/include/av_permissions.h3
-rw-r--r--security/selinux/include/class_to_string.h1
-rw-r--r--security/selinux/include/flask.h1
5 files changed, 27 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e5ed07510309..44f16d9041e3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1272,12 +1272,18 @@ static int task_has_perm(struct task_struct *tsk1,
1272 SECCLASS_PROCESS, perms, NULL); 1272 SECCLASS_PROCESS, perms, NULL);
1273} 1273}
1274 1274
1275#if CAP_LAST_CAP > 63
1276#error Fix SELinux to handle capabilities > 63.
1277#endif
1278
1275/* Check whether a task is allowed to use a capability. */ 1279/* Check whether a task is allowed to use a capability. */
1276static int task_has_capability(struct task_struct *tsk, 1280static int task_has_capability(struct task_struct *tsk,
1277 int cap) 1281 int cap)
1278{ 1282{
1279 struct task_security_struct *tsec; 1283 struct task_security_struct *tsec;
1280 struct avc_audit_data ad; 1284 struct avc_audit_data ad;
1285 u16 sclass;
1286 u32 av = CAP_TO_MASK(cap);
1281 1287
1282 tsec = tsk->security; 1288 tsec = tsk->security;
1283 1289
@@ -1285,8 +1291,19 @@ static int task_has_capability(struct task_struct *tsk,
1285 ad.tsk = tsk; 1291 ad.tsk = tsk;
1286 ad.u.cap = cap; 1292 ad.u.cap = cap;
1287 1293
1288 return avc_has_perm(tsec->sid, tsec->sid, 1294 switch (CAP_TO_INDEX(cap)) {
1289 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad); 1295 case 0:
1296 sclass = SECCLASS_CAPABILITY;
1297 break;
1298 case 1:
1299 sclass = SECCLASS_CAPABILITY2;
1300 break;
1301 default:
1302 printk(KERN_ERR
1303 "SELinux: out of range capability %d\n", cap);
1304 BUG();
1305 }
1306 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad);
1290} 1307}
1291 1308
1292/* Check whether a task is allowed to use a system operation. */ 1309/* Check whether a task is allowed to use a system operation. */
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 399f868c5c8f..d5696690d3a2 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -132,6 +132,9 @@
132 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") 132 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
133 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") 133 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
134 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") 134 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
135 S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
136 S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
137 S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
135 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") 138 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
136 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") 139 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
137 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") 140 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 84c9abc80978..75b41311ab86 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -533,6 +533,9 @@
533#define CAPABILITY__LEASE 0x10000000UL 533#define CAPABILITY__LEASE 0x10000000UL
534#define CAPABILITY__AUDIT_WRITE 0x20000000UL 534#define CAPABILITY__AUDIT_WRITE 0x20000000UL
535#define CAPABILITY__AUDIT_CONTROL 0x40000000UL 535#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
536#define CAPABILITY__SETFCAP 0x80000000UL
537#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
538#define CAPABILITY2__MAC_ADMIN 0x00000002UL
536#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL 539#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
537#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL 540#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
538#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL 541#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index b1b0d1d8f950..bd813c366e34 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -71,3 +71,4 @@
71 S_(NULL) 71 S_(NULL)
72 S_(NULL) 72 S_(NULL)
73 S_("peer") 73 S_("peer")
74 S_("capability2")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 09e9dd23ee1a..febf8868e852 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -51,6 +51,7 @@
51#define SECCLASS_DCCP_SOCKET 60 51#define SECCLASS_DCCP_SOCKET 60
52#define SECCLASS_MEMPROTECT 61 52#define SECCLASS_MEMPROTECT 61
53#define SECCLASS_PEER 68 53#define SECCLASS_PEER 68
54#define SECCLASS_CAPABILITY2 69
54 55
55/* 56/*
56 * Security identifier indices for initial entities 57 * Security identifier indices for initial entities