diff options
| -rw-r--r-- | security/selinux/xfrm.c | 54 |
1 files changed, 18 insertions, 36 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index f8d71262b45d..4a7ba4ac487e 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -155,42 +155,30 @@ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) | |||
| 155 | int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) | 155 | int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
| 156 | { | 156 | { |
| 157 | int rc; | 157 | int rc; |
| 158 | u32 sel_sid; | ||
| 159 | 158 | ||
| 160 | /* Context sid is either set to label or ANY_ASSOC */ | 159 | /* All flows should be treated as polmatch'ing an otherwise applicable |
| 161 | if (ctx) { | 160 | * "non-labeled" policy. This would prevent inadvertent "leaks". */ |
| 162 | if (!selinux_authorizable_ctx(ctx)) | 161 | if (!ctx) |
| 163 | return -EINVAL; | ||
| 164 | |||
| 165 | sel_sid = ctx->ctx_sid; | ||
| 166 | } else | ||
| 167 | /* | ||
| 168 | * All flows should be treated as polmatch'ing an | ||
| 169 | * otherwise applicable "non-labeled" policy. This | ||
| 170 | * would prevent inadvertent "leaks". | ||
| 171 | */ | ||
| 172 | return 0; | 162 | return 0; |
| 173 | 163 | ||
| 174 | rc = avc_has_perm(fl_secid, sel_sid, SECCLASS_ASSOCIATION, | 164 | /* Context sid is either set to label or ANY_ASSOC */ |
| 175 | ASSOCIATION__POLMATCH, | 165 | if (!selinux_authorizable_ctx(ctx)) |
| 176 | NULL); | 166 | return -EINVAL; |
| 177 | |||
| 178 | if (rc == -EACCES) | ||
| 179 | return -ESRCH; | ||
| 180 | 167 | ||
| 181 | return rc; | 168 | rc = avc_has_perm(fl_secid, ctx->ctx_sid, |
| 169 | SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL); | ||
| 170 | return (rc == -EACCES ? -ESRCH : rc); | ||
| 182 | } | 171 | } |
| 183 | 172 | ||
| 184 | /* | 173 | /* |
| 185 | * LSM hook implementation that authorizes that a state matches | 174 | * LSM hook implementation that authorizes that a state matches |
| 186 | * the given policy, flow combo. | 175 | * the given policy, flow combo. |
| 187 | */ | 176 | */ |
| 188 | 177 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | |
| 189 | int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, | 178 | struct xfrm_policy *xp, |
| 190 | const struct flowi *fl) | 179 | const struct flowi *fl) |
| 191 | { | 180 | { |
| 192 | u32 state_sid; | 181 | u32 state_sid; |
| 193 | int rc; | ||
| 194 | 182 | ||
| 195 | if (!xp->security) | 183 | if (!xp->security) |
| 196 | if (x->security) | 184 | if (x->security) |
| @@ -213,18 +201,12 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy * | |||
| 213 | if (fl->flowi_secid != state_sid) | 201 | if (fl->flowi_secid != state_sid) |
| 214 | return 0; | 202 | return 0; |
| 215 | 203 | ||
| 216 | rc = avc_has_perm(fl->flowi_secid, state_sid, SECCLASS_ASSOCIATION, | 204 | /* We don't need a separate SA Vs. policy polmatch check since the SA |
| 217 | ASSOCIATION__SENDTO, | 205 | * is now of the same label as the flow and a flow Vs. policy polmatch |
| 218 | NULL)? 0:1; | 206 | * check had already happened in selinux_xfrm_policy_lookup() above. */ |
| 219 | 207 | return (avc_has_perm(fl->flowi_secid, state_sid, | |
| 220 | /* | 208 | SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, |
| 221 | * We don't need a separate SA Vs. policy polmatch check | 209 | NULL) ? 0 : 1); |
| 222 | * since the SA is now of the same label as the flow and | ||
| 223 | * a flow Vs. policy polmatch check had already happened | ||
| 224 | * in selinux_xfrm_policy_lookup() above. | ||
| 225 | */ | ||
| 226 | |||
| 227 | return rc; | ||
| 228 | } | 210 | } |
| 229 | 211 | ||
| 230 | /* | 212 | /* |