[PATCH] Capture selinux subject/object context information.

This patch extends existing audit records with subject/object context
information. Audit records associated with filesystem inodes, ipc, and
tasks now contain SELinux label information in the field "subj" if the
item is performing the action, or in "obj" if the item is the receiver
of an action.

These labels are collected via hooks in SELinux and appended to the
appropriate record in the audit code.

This additional information is required for Common Criteria Labeled
Security Protection Profile (LSPP).

[AV: fixed kmalloc flags use]
[folded leak fixes]
[folded cleanup from akpm (kfree(NULL)]
[folded audit_inode_context() leak fix]
[folded akpm's fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]

Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

2 files changed, 51 insertions, 51 deletions

diff --git a/security/dummy.c b/security/dummy.c
index f1a5bd98bf10..6febe7d39fa0 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -558,6 +558,11 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
         return 0;
 }
 
+static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
+{
+        return -EOPNOTSUPP;
+}
+
 static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
 {
         return 0;
@@ -959,6 +964,7 @@ void security_fixup_ops (struct security_operations *ops)
         set_to_dummy_if_null(ops, task_reparent_to_init);
         set_to_dummy_if_null(ops, task_to_inode);
         set_to_dummy_if_null(ops, ipc_permission);
+        set_to_dummy_if_null(ops, ipc_getsecurity);
         set_to_dummy_if_null(ops, msg_msg_alloc_security);
         set_to_dummy_if_null(ops, msg_msg_free_security);
         set_to_dummy_if_null(ops, msg_queue_alloc_security);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b65c201e9ff5..9c08a19cc81b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -117,6 +117,32 @@ static struct security_operations *secondary_ops = NULL;
 static LIST_HEAD(superblock_security_head);
 static DEFINE_SPINLOCK(sb_security_lock);
 
+/* Return security context for a given sid or just the context 
+   length if the buffer is null or length is 0 */
+static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
+{
+        char *context;
+        unsigned len;
+        int rc;
+
+        rc = security_sid_to_context(sid, &context, &len);
+        if (rc)
+                return rc;
+
+        if (!buffer || !size)
+                goto getsecurity_exit;
+
+        if (size < len) {
+                len = -ERANGE;
+                goto getsecurity_exit;
+        }
+        memcpy(buffer, context, len);
+
+getsecurity_exit:
+        kfree(context);
+        return len;
+}
+
 /* Allocate and free functions for each kind of security blob. */
 
 static int task_alloc_security(struct task_struct *task)
@@ -2209,6 +2235,11 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
         return -EACCES;
 }
 
+static const char *selinux_inode_xattr_getsuffix(void)
+{
+      return XATTR_SELINUX_SUFFIX;
+}
+
 /*
  * Copy the in-core inode security context value to the user.  If the
  * getxattr() prior to this succeeded, check to see if we need to
@@ -2219,44 +2250,11 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
 static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err)
 {
         struct inode_security_struct *isec = inode->i_security;
-        char *context;
-        unsigned len;
-        int rc;
-
-        if (strcmp(name, XATTR_SELINUX_SUFFIX)) {
-                rc = -EOPNOTSUPP;
-                goto out;
-        }
-
-        rc = security_sid_to_context(isec->sid, &context, &len);
-        if (rc)
-                goto out;
-
-        /* Probe for required buffer size */
-        if (!buffer || !size) {
-                rc = len;
-                goto out_free;
-        }
 
-        if (size < len) {
-                rc = -ERANGE;
-                goto out_free;
-        }
+        if (strcmp(name, XATTR_SELINUX_SUFFIX))
+                return -EOPNOTSUPP;
 
-        if (err > 0) {
-                if ((len == err) && !(memcmp(context, buffer, len))) {
-                        /* Don't need to canonicalize value */
-                        rc = err;
-                        goto out_free;
-                }
-                memset(buffer, 0, size);
-        }
-        memcpy(buffer, context, len);
-        rc = len;
-out_free:
-        kfree(context);
-out:
-        return rc;
+        return selinux_getsecurity(isec->sid, buffer, size);
 }
 
 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
@@ -4022,6 +4020,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
         return ipc_has_perm(ipcp, av);
 }
 
+static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
+{
+        struct ipc_security_struct *isec = ipcp->security;
+
+        return selinux_getsecurity(isec->sid, buffer, size);
+}
+
 /* module stacking operations */
 static int selinux_register_security (const char *name, struct security_operations *ops)
 {
@@ -4063,8 +4068,7 @@ static int selinux_getprocattr(struct task_struct *p,
                                char *name, void *value, size_t size)
 {
         struct task_security_struct *tsec;
-        u32 sid, len;
-        char *context;
+        u32 sid;
         int error;
 
         if (current != p) {
@@ -4073,9 +4077,6 @@ static int selinux_getprocattr(struct task_struct *p,
                         return error;
         }
 
-        if (!size)
-                return -ERANGE;
-
         tsec = p->security;
 
         if (!strcmp(name, "current"))
@@ -4092,16 +4093,7 @@ static int selinux_getprocattr(struct task_struct *p,
         if (!sid)
                 return 0;
 
-        error = security_sid_to_context(sid, &context, &len);
-        if (error)
-                return error;
-        if (len > size) {
-                kfree(context);
-                return -ERANGE;
-        }
-        memcpy(value, context, len);
-        kfree(context);
-        return len;
+        return selinux_getsecurity(sid, value, size);
 }
 
 static int selinux_setprocattr(struct task_struct *p,
@@ -4259,6 +4251,7 @@ static struct security_operations selinux_ops = {
         .inode_getxattr =               selinux_inode_getxattr,
         .inode_listxattr =              selinux_inode_listxattr,
         .inode_removexattr =            selinux_inode_removexattr,
+        .inode_xattr_getsuffix =        selinux_inode_xattr_getsuffix,
         .inode_getsecurity =            selinux_inode_getsecurity,
         .inode_setsecurity =            selinux_inode_setsecurity,
         .inode_listsecurity =           selinux_inode_listsecurity,
@@ -4296,6 +4289,7 @@ static struct security_operations selinux_ops = {
         .task_to_inode =                selinux_task_to_inode,
 
         .ipc_permission =               selinux_ipc_permission,
+        .ipc_getsecurity =              selinux_ipc_getsecurity,
 
         .msg_msg_alloc_security =       selinux_msg_msg_alloc_security,
         .msg_msg_free_security =        selinux_msg_msg_free_security,