diff options
-rw-r--r-- | security/selinux/Makefile | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 39 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 2 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 2 | ||||
-rw-r--r-- | security/selinux/include/xfrm.h | 54 | ||||
-rw-r--r-- | security/selinux/xfrm.c | 311 |
6 files changed, 410 insertions, 0 deletions
diff --git a/security/selinux/Makefile b/security/selinux/Makefile index b038cd0fae2e..06d54d9d20a5 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile | |||
@@ -8,5 +8,7 @@ selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o | |||
8 | 8 | ||
9 | selinux-$(CONFIG_SECURITY_NETWORK) += netif.o | 9 | selinux-$(CONFIG_SECURITY_NETWORK) += netif.o |
10 | 10 | ||
11 | selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o | ||
12 | |||
11 | EXTRA_CFLAGS += -Isecurity/selinux/include | 13 | EXTRA_CFLAGS += -Isecurity/selinux/include |
12 | 14 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fc774436a264..3d496eae1b47 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -73,6 +73,7 @@ | |||
73 | #include "avc.h" | 73 | #include "avc.h" |
74 | #include "objsec.h" | 74 | #include "objsec.h" |
75 | #include "netif.h" | 75 | #include "netif.h" |
76 | #include "xfrm.h" | ||
76 | 77 | ||
77 | #define XATTR_SELINUX_SUFFIX "selinux" | 78 | #define XATTR_SELINUX_SUFFIX "selinux" |
78 | #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX | 79 | #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX |
@@ -3349,6 +3350,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
3349 | err = avc_has_perm(sock_sid, port_sid, | 3350 | err = avc_has_perm(sock_sid, port_sid, |
3350 | sock_class, recv_perm, &ad); | 3351 | sock_class, recv_perm, &ad); |
3351 | } | 3352 | } |
3353 | |||
3354 | if (!err) | ||
3355 | err = selinux_xfrm_sock_rcv_skb(sock_sid, skb); | ||
3356 | |||
3352 | out: | 3357 | out: |
3353 | return err; | 3358 | return err; |
3354 | } | 3359 | } |
@@ -3401,6 +3406,24 @@ static void selinux_sk_free_security(struct sock *sk) | |||
3401 | sk_free_security(sk); | 3406 | sk_free_security(sk); |
3402 | } | 3407 | } |
3403 | 3408 | ||
3409 | static unsigned int selinux_sk_getsid_security(struct sock *sk, struct flowi *fl, u8 dir) | ||
3410 | { | ||
3411 | struct inode_security_struct *isec; | ||
3412 | u32 sock_sid = SECINITSID_ANY_SOCKET; | ||
3413 | |||
3414 | if (!sk) | ||
3415 | return selinux_no_sk_sid(fl); | ||
3416 | |||
3417 | read_lock_bh(&sk->sk_callback_lock); | ||
3418 | isec = get_sock_isec(sk); | ||
3419 | |||
3420 | if (isec) | ||
3421 | sock_sid = isec->sid; | ||
3422 | |||
3423 | read_unlock_bh(&sk->sk_callback_lock); | ||
3424 | return sock_sid; | ||
3425 | } | ||
3426 | |||
3404 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | 3427 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) |
3405 | { | 3428 | { |
3406 | int err = 0; | 3429 | int err = 0; |
@@ -3536,6 +3559,11 @@ static unsigned int selinux_ip_postroute_last(unsigned int hooknum, | |||
3536 | send_perm, &ad) ? NF_DROP : NF_ACCEPT; | 3559 | send_perm, &ad) ? NF_DROP : NF_ACCEPT; |
3537 | } | 3560 | } |
3538 | 3561 | ||
3562 | if (err != NF_ACCEPT) | ||
3563 | goto out; | ||
3564 | |||
3565 | err = selinux_xfrm_postroute_last(isec->sid, skb); | ||
3566 | |||
3539 | out: | 3567 | out: |
3540 | return err; | 3568 | return err; |
3541 | } | 3569 | } |
@@ -4380,6 +4408,16 @@ static struct security_operations selinux_ops = { | |||
4380 | .socket_getpeersec = selinux_socket_getpeersec, | 4408 | .socket_getpeersec = selinux_socket_getpeersec, |
4381 | .sk_alloc_security = selinux_sk_alloc_security, | 4409 | .sk_alloc_security = selinux_sk_alloc_security, |
4382 | .sk_free_security = selinux_sk_free_security, | 4410 | .sk_free_security = selinux_sk_free_security, |
4411 | .sk_getsid = selinux_sk_getsid_security, | ||
4412 | #endif | ||
4413 | |||
4414 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
4415 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, | ||
4416 | .xfrm_policy_clone_security = selinux_xfrm_policy_clone, | ||
4417 | .xfrm_policy_free_security = selinux_xfrm_policy_free, | ||
4418 | .xfrm_state_alloc_security = selinux_xfrm_state_alloc, | ||
4419 | .xfrm_state_free_security = selinux_xfrm_state_free, | ||
4420 | .xfrm_policy_lookup = selinux_xfrm_policy_lookup, | ||
4383 | #endif | 4421 | #endif |
4384 | }; | 4422 | }; |
4385 | 4423 | ||
@@ -4491,6 +4529,7 @@ static int __init selinux_nf_ip_init(void) | |||
4491 | panic("SELinux: nf_register_hook for IPv6: error %d\n", err); | 4529 | panic("SELinux: nf_register_hook for IPv6: error %d\n", err); |
4492 | 4530 | ||
4493 | #endif /* IPV6 */ | 4531 | #endif /* IPV6 */ |
4532 | |||
4494 | out: | 4533 | out: |
4495 | return err; | 4534 | return err; |
4496 | } | 4535 | } |
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 1deb59e1b762..71aeb12f07c8 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -238,3 +238,5 @@ | |||
238 | S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") | 238 | S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") |
239 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") | 239 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") |
240 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") | 240 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") |
241 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom") | ||
242 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index a78b5d59c9fc..d1d0996049e3 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -908,6 +908,8 @@ | |||
908 | 908 | ||
909 | #define ASSOCIATION__SENDTO 0x00000001UL | 909 | #define ASSOCIATION__SENDTO 0x00000001UL |
910 | #define ASSOCIATION__RECVFROM 0x00000002UL | 910 | #define ASSOCIATION__RECVFROM 0x00000002UL |
911 | #define ASSOCIATION__RELABELFROM 0x00000004UL | ||
912 | #define ASSOCIATION__RELABELTO 0x00000008UL | ||
911 | 913 | ||
912 | #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL | 914 | #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL |
913 | #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL | 915 | #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL |
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h new file mode 100644 index 000000000000..8e87996c6dd5 --- /dev/null +++ b/security/selinux/include/xfrm.h | |||
@@ -0,0 +1,54 @@ | |||
1 | /* | ||
2 | * SELinux support for the XFRM LSM hooks | ||
3 | * | ||
4 | * Author : Trent Jaeger, <jaegert@us.ibm.com> | ||
5 | */ | ||
6 | #ifndef _SELINUX_XFRM_H_ | ||
7 | #define _SELINUX_XFRM_H_ | ||
8 | |||
9 | int selinux_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | ||
10 | int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new); | ||
11 | void selinux_xfrm_policy_free(struct xfrm_policy *xp); | ||
12 | int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); | ||
13 | void selinux_xfrm_state_free(struct xfrm_state *x); | ||
14 | int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir); | ||
15 | |||
16 | /* | ||
17 | * Extract the security blob from the sock (it's actually on the socket) | ||
18 | */ | ||
19 | static inline struct inode_security_struct *get_sock_isec(struct sock *sk) | ||
20 | { | ||
21 | if (!sk->sk_socket) | ||
22 | return NULL; | ||
23 | |||
24 | return SOCK_INODE(sk->sk_socket)->i_security; | ||
25 | } | ||
26 | |||
27 | |||
28 | static inline u32 selinux_no_sk_sid(struct flowi *fl) | ||
29 | { | ||
30 | /* NOTE: no sock occurs on ICMP reply, forwards, ... */ | ||
31 | /* icmp_reply: authorize as kernel packet */ | ||
32 | if (fl && fl->proto == IPPROTO_ICMP) { | ||
33 | return SECINITSID_KERNEL; | ||
34 | } | ||
35 | |||
36 | return SECINITSID_ANY_SOCKET; | ||
37 | } | ||
38 | |||
39 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
40 | int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb); | ||
41 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb); | ||
42 | #else | ||
43 | static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb) | ||
44 | { | ||
45 | return 0; | ||
46 | } | ||
47 | |||
48 | static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb) | ||
49 | { | ||
50 | return NF_ACCEPT; | ||
51 | } | ||
52 | #endif | ||
53 | |||
54 | #endif /* _SELINUX_XFRM_H_ */ | ||
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c new file mode 100644 index 000000000000..c4d87d4dca7b --- /dev/null +++ b/security/selinux/xfrm.c | |||
@@ -0,0 +1,311 @@ | |||
1 | /* | ||
2 | * NSA Security-Enhanced Linux (SELinux) security module | ||
3 | * | ||
4 | * This file contains the SELinux XFRM hook function implementations. | ||
5 | * | ||
6 | * Authors: Serge Hallyn <sergeh@us.ibm.com> | ||
7 | * Trent Jaeger <jaegert@us.ibm.com> | ||
8 | * | ||
9 | * Copyright (C) 2005 International Business Machines Corporation | ||
10 | * | ||
11 | * This program is free software; you can redistribute it and/or modify | ||
12 | * it under the terms of the GNU General Public License version 2, | ||
13 | * as published by the Free Software Foundation. | ||
14 | */ | ||
15 | |||
16 | /* | ||
17 | * USAGE: | ||
18 | * NOTES: | ||
19 | * 1. Make sure to enable the following options in your kernel config: | ||
20 | * CONFIG_SECURITY=y | ||
21 | * CONFIG_SECURITY_NETWORK=y | ||
22 | * CONFIG_SECURITY_NETWORK_XFRM=y | ||
23 | * CONFIG_SECURITY_SELINUX=m/y | ||
24 | * ISSUES: | ||
25 | * 1. Caching packets, so they are not dropped during negotiation | ||
26 | * 2. Emulating a reasonable SO_PEERSEC across machines | ||
27 | * 3. Testing addition of sk_policy's with security context via setsockopt | ||
28 | */ | ||
29 | #include <linux/config.h> | ||
30 | #include <linux/module.h> | ||
31 | #include <linux/kernel.h> | ||
32 | #include <linux/init.h> | ||
33 | #include <linux/security.h> | ||
34 | #include <linux/types.h> | ||
35 | #include <linux/netfilter.h> | ||
36 | #include <linux/netfilter_ipv4.h> | ||
37 | #include <linux/netfilter_ipv6.h> | ||
38 | #include <linux/ip.h> | ||
39 | #include <linux/tcp.h> | ||
40 | #include <linux/skbuff.h> | ||
41 | #include <linux/xfrm.h> | ||
42 | #include <net/xfrm.h> | ||
43 | #include <net/checksum.h> | ||
44 | #include <net/udp.h> | ||
45 | #include <asm/semaphore.h> | ||
46 | |||
47 | #include "avc.h" | ||
48 | #include "objsec.h" | ||
49 | #include "xfrm.h" | ||
50 | |||
51 | |||
52 | /* | ||
53 | * Returns true if an LSM/SELinux context | ||
54 | */ | ||
55 | static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx) | ||
56 | { | ||
57 | return (ctx && | ||
58 | (ctx->ctx_doi == XFRM_SC_DOI_LSM) && | ||
59 | (ctx->ctx_alg == XFRM_SC_ALG_SELINUX)); | ||
60 | } | ||
61 | |||
62 | /* | ||
63 | * Returns true if the xfrm contains a security blob for SELinux | ||
64 | */ | ||
65 | static inline int selinux_authorizable_xfrm(struct xfrm_state *x) | ||
66 | { | ||
67 | return selinux_authorizable_ctx(x->security); | ||
68 | } | ||
69 | |||
70 | /* | ||
71 | * LSM hook implementation that authorizes that a socket can be used | ||
72 | * with the corresponding xfrm_sec_ctx and direction. | ||
73 | */ | ||
74 | int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | ||
75 | { | ||
76 | int rc = 0; | ||
77 | u32 sel_sid = SECINITSID_UNLABELED; | ||
78 | struct xfrm_sec_ctx *ctx; | ||
79 | |||
80 | /* Context sid is either set to label or ANY_ASSOC */ | ||
81 | if ((ctx = xp->security)) { | ||
82 | if (!selinux_authorizable_ctx(ctx)) | ||
83 | return -EINVAL; | ||
84 | |||
85 | sel_sid = ctx->ctx_sid; | ||
86 | } | ||
87 | |||
88 | rc = avc_has_perm(sk_sid, sel_sid, SECCLASS_ASSOCIATION, | ||
89 | ((dir == FLOW_DIR_IN) ? ASSOCIATION__RECVFROM : | ||
90 | ((dir == FLOW_DIR_OUT) ? ASSOCIATION__SENDTO : | ||
91 | (ASSOCIATION__SENDTO | ASSOCIATION__RECVFROM))), | ||
92 | NULL); | ||
93 | |||
94 | return rc; | ||
95 | } | ||
96 | |||
97 | /* | ||
98 | * Security blob allocation for xfrm_policy and xfrm_state | ||
99 | * CTX does not have a meaningful value on input | ||
100 | */ | ||
101 | static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *uctx) | ||
102 | { | ||
103 | int rc = 0; | ||
104 | struct task_security_struct *tsec = current->security; | ||
105 | struct xfrm_sec_ctx *ctx; | ||
106 | |||
107 | BUG_ON(!uctx); | ||
108 | BUG_ON(uctx->ctx_doi != XFRM_SC_ALG_SELINUX); | ||
109 | |||
110 | if (uctx->ctx_len >= PAGE_SIZE) | ||
111 | return -ENOMEM; | ||
112 | |||
113 | *ctxp = ctx = kmalloc(sizeof(*ctx) + | ||
114 | uctx->ctx_len, | ||
115 | GFP_KERNEL); | ||
116 | |||
117 | if (!ctx) | ||
118 | return -ENOMEM; | ||
119 | |||
120 | ctx->ctx_doi = uctx->ctx_doi; | ||
121 | ctx->ctx_len = uctx->ctx_len; | ||
122 | ctx->ctx_alg = uctx->ctx_alg; | ||
123 | |||
124 | memcpy(ctx->ctx_str, | ||
125 | uctx+1, | ||
126 | ctx->ctx_len); | ||
127 | rc = security_context_to_sid(ctx->ctx_str, | ||
128 | ctx->ctx_len, | ||
129 | &ctx->ctx_sid); | ||
130 | |||
131 | if (rc) | ||
132 | goto out; | ||
133 | |||
134 | /* | ||
135 | * Does the subject have permission to set security or permission to | ||
136 | * do the relabel? | ||
137 | * Must be permitted to relabel from default socket type (process type) | ||
138 | * to specified context | ||
139 | */ | ||
140 | rc = avc_has_perm(tsec->sid, tsec->sid, | ||
141 | SECCLASS_ASSOCIATION, | ||
142 | ASSOCIATION__RELABELFROM, NULL); | ||
143 | if (rc) | ||
144 | goto out; | ||
145 | |||
146 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | ||
147 | SECCLASS_ASSOCIATION, | ||
148 | ASSOCIATION__RELABELTO, NULL); | ||
149 | if (rc) | ||
150 | goto out; | ||
151 | |||
152 | return rc; | ||
153 | |||
154 | out: | ||
155 | *ctxp = 0; | ||
156 | kfree(ctx); | ||
157 | return rc; | ||
158 | } | ||
159 | |||
160 | /* | ||
161 | * LSM hook implementation that allocs and transfers uctx spec to | ||
162 | * xfrm_policy. | ||
163 | */ | ||
164 | int selinux_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *uctx) | ||
165 | { | ||
166 | int err; | ||
167 | |||
168 | BUG_ON(!xp); | ||
169 | |||
170 | err = selinux_xfrm_sec_ctx_alloc(&xp->security, uctx); | ||
171 | return err; | ||
172 | } | ||
173 | |||
174 | |||
175 | /* | ||
176 | * LSM hook implementation that copies security data structure from old to | ||
177 | * new for policy cloning. | ||
178 | */ | ||
179 | int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | ||
180 | { | ||
181 | struct xfrm_sec_ctx *old_ctx, *new_ctx; | ||
182 | |||
183 | old_ctx = old->security; | ||
184 | |||
185 | if (old_ctx) { | ||
186 | new_ctx = new->security = kmalloc(sizeof(*new_ctx) + | ||
187 | old_ctx->ctx_len, | ||
188 | GFP_KERNEL); | ||
189 | |||
190 | if (!new_ctx) | ||
191 | return -ENOMEM; | ||
192 | |||
193 | memcpy(new_ctx, old_ctx, sizeof(*new_ctx)); | ||
194 | memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len); | ||
195 | } | ||
196 | return 0; | ||
197 | } | ||
198 | |||
199 | /* | ||
200 | * LSM hook implementation that frees xfrm_policy security information. | ||
201 | */ | ||
202 | void selinux_xfrm_policy_free(struct xfrm_policy *xp) | ||
203 | { | ||
204 | struct xfrm_sec_ctx *ctx = xp->security; | ||
205 | if (ctx) | ||
206 | kfree(ctx); | ||
207 | } | ||
208 | |||
209 | /* | ||
210 | * LSM hook implementation that allocs and transfers sec_ctx spec to | ||
211 | * xfrm_state. | ||
212 | */ | ||
213 | int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uctx) | ||
214 | { | ||
215 | int err; | ||
216 | |||
217 | BUG_ON(!x); | ||
218 | |||
219 | err = selinux_xfrm_sec_ctx_alloc(&x->security, uctx); | ||
220 | return err; | ||
221 | } | ||
222 | |||
223 | /* | ||
224 | * LSM hook implementation that frees xfrm_state security information. | ||
225 | */ | ||
226 | void selinux_xfrm_state_free(struct xfrm_state *x) | ||
227 | { | ||
228 | struct xfrm_sec_ctx *ctx = x->security; | ||
229 | if (ctx) | ||
230 | kfree(ctx); | ||
231 | } | ||
232 | |||
233 | /* | ||
234 | * LSM hook that controls access to unlabelled packets. If | ||
235 | * a xfrm_state is authorizable (defined by macro) then it was | ||
236 | * already authorized by the IPSec process. If not, then | ||
237 | * we need to check for unlabelled access since this may not have | ||
238 | * gone thru the IPSec process. | ||
239 | */ | ||
240 | int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb) | ||
241 | { | ||
242 | int i, rc = 0; | ||
243 | struct sec_path *sp; | ||
244 | |||
245 | sp = skb->sp; | ||
246 | |||
247 | if (sp) { | ||
248 | /* | ||
249 | * __xfrm_policy_check does not approve unless xfrm_policy_ok | ||
250 | * says that spi's match for policy and the socket. | ||
251 | * | ||
252 | * Only need to verify the existence of an authorizable sp. | ||
253 | */ | ||
254 | for (i = 0; i < sp->len; i++) { | ||
255 | struct xfrm_state *x = sp->x[i].xvec; | ||
256 | |||
257 | if (x && selinux_authorizable_xfrm(x)) | ||
258 | goto accept; | ||
259 | } | ||
260 | } | ||
261 | |||
262 | /* check SELinux sock for unlabelled access */ | ||
263 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, | ||
264 | ASSOCIATION__RECVFROM, NULL); | ||
265 | if (rc) | ||
266 | goto drop; | ||
267 | |||
268 | accept: | ||
269 | return 0; | ||
270 | |||
271 | drop: | ||
272 | return rc; | ||
273 | } | ||
274 | |||
275 | /* | ||
276 | * POSTROUTE_LAST hook's XFRM processing: | ||
277 | * If we have no security association, then we need to determine | ||
278 | * whether the socket is allowed to send to an unlabelled destination. | ||
279 | * If we do have a authorizable security association, then it has already been | ||
280 | * checked in xfrm_policy_lookup hook. | ||
281 | */ | ||
282 | int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb) | ||
283 | { | ||
284 | struct dst_entry *dst; | ||
285 | int rc = 0; | ||
286 | |||
287 | dst = skb->dst; | ||
288 | |||
289 | if (dst) { | ||
290 | struct dst_entry *dst_test; | ||
291 | |||
292 | for (dst_test = dst; dst_test != 0; | ||
293 | dst_test = dst_test->child) { | ||
294 | struct xfrm_state *x = dst_test->xfrm; | ||
295 | |||
296 | if (x && selinux_authorizable_xfrm(x)) | ||
297 | goto accept; | ||
298 | } | ||
299 | } | ||
300 | |||
301 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, | ||
302 | ASSOCIATION__SENDTO, NULL); | ||
303 | if (rc) | ||
304 | goto drop; | ||
305 | |||
306 | accept: | ||
307 | return NF_ACCEPT; | ||
308 | |||
309 | drop: | ||
310 | return NF_DROP; | ||
311 | } | ||