1 files changed, 234 insertions, 1 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 61492485de84..7177e98df7f3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -7,12 +7,13 @@
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 *      Support for enhanced MLS infrastructure.
+ *      Support for context based audit filters.
 *
 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 *
 *      Added conditional policy language extensions
 *
- * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
 *      This program is free software; you can redistribute it and/or modify
@@ -1811,3 +1812,235 @@ out:
        POLICY_RDUNLOCK;
        return rc;
 }
+struct selinux_audit_rule {
+        u32 au_seqno;
+        struct context au_ctxt;
+};
+void selinux_audit_rule_free(struct selinux_audit_rule *rule)
+{
+        if (rule) {
+                context_destroy(&rule->au_ctxt);
+                kfree(rule);
+        }
+}
+int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
+                            struct selinux_audit_rule **rule)
+{
+        struct selinux_audit_rule *tmprule;
+        struct role_datum *roledatum;
+        struct type_datum *typedatum;
+        struct user_datum *userdatum;
+        int rc = 0;
+        *rule = NULL;
+        if (!ss_initialized)
+                return -ENOTSUPP;
+        switch (field) {
+        case AUDIT_SE_USER:
+        case AUDIT_SE_ROLE:
+        case AUDIT_SE_TYPE:
+                /* only 'equals' and 'not equals' fit user, role, and type */
+                if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
+                        return -EINVAL;
+                break;
+        case AUDIT_SE_SEN:
+        case AUDIT_SE_CLR:
+                /* we do not allow a range, indicated by the presense of '-' */
+                if (strchr(rulestr, '-'))
+                        return -EINVAL;
+                break;
+        default:
+                /* only the above fields are valid */
+                return -EINVAL;
+        }
+        tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
+        if (!tmprule)
+                return -ENOMEM;
+        context_init(&tmprule->au_ctxt);
+        POLICY_RDLOCK;
+        tmprule->au_seqno = latest_granting;
+        switch (field) {
+        case AUDIT_SE_USER:
+                userdatum = hashtab_search(policydb.p_users.table, rulestr);
+                if (!userdatum)
+                        rc = -EINVAL;
+                else
+                        tmprule->au_ctxt.user = userdatum->value;
+                break;
+        case AUDIT_SE_ROLE:
+                roledatum = hashtab_search(policydb.p_roles.table, rulestr);
+                if (!roledatum)
+                        rc = -EINVAL;
+                else
+                        tmprule->au_ctxt.role = roledatum->value;
+                break;
+        case AUDIT_SE_TYPE:
+                typedatum = hashtab_search(policydb.p_types.table, rulestr);
+                if (!typedatum)
+                        rc = -EINVAL;
+                else
+                        tmprule->au_ctxt.type = typedatum->value;
+                break;
+        case AUDIT_SE_SEN:
+        case AUDIT_SE_CLR:
+                rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
+                break;
+        }
+        POLICY_RDUNLOCK;
+        if (rc) {
+                selinux_audit_rule_free(tmprule);
+                tmprule = NULL;
+        }
+        *rule = tmprule;
+        return rc;
+}
+int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
+                             struct selinux_audit_rule *rule,
+                             struct audit_context *actx)
+{
+        struct context *ctxt;
+        struct mls_level *level;
+        int match = 0;
+        if (!rule) {
+                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
+                          "selinux_audit_rule_match: missing rule\n");
+                return -ENOENT;
+        }
+        POLICY_RDLOCK;
+        if (rule->au_seqno < latest_granting) {
+                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
+                          "selinux_audit_rule_match: stale rule\n");
+                match = -ESTALE;
+                goto out;
+        }
+        ctxt = sidtab_search(&sidtab, ctxid);
+        if (!ctxt) {
+                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
+                          "selinux_audit_rule_match: unrecognized SID %d\n",
+                          ctxid);
+                match = -ENOENT;
+                goto out;
+        }
+        /* a field/op pair that is not caught here will simply fall through
+           without a match */
+        switch (field) {
+        case AUDIT_SE_USER:
+                switch (op) {
+                case AUDIT_EQUAL:
+                        match = (ctxt->user == rule->au_ctxt.user);
+                        break;
+                case AUDIT_NOT_EQUAL:
+                        match = (ctxt->user != rule->au_ctxt.user);
+                        break;
+                }
+                break;
+        case AUDIT_SE_ROLE:
+                switch (op) {
+                case AUDIT_EQUAL:
+                        match = (ctxt->role == rule->au_ctxt.role);
+                        break;
+                case AUDIT_NOT_EQUAL:
+                        match = (ctxt->role != rule->au_ctxt.role);
+                        break;
+                }
+                break;
+        case AUDIT_SE_TYPE:
+                switch (op) {
+                case AUDIT_EQUAL:
+                        match = (ctxt->type == rule->au_ctxt.type);
+                        break;
+                case AUDIT_NOT_EQUAL:
+                        match = (ctxt->type != rule->au_ctxt.type);
+                        break;
+                }
+                break;
+        case AUDIT_SE_SEN:
+        case AUDIT_SE_CLR:
+                level = (op == AUDIT_SE_SEN ?
+                         &ctxt->range.level[0] : &ctxt->range.level[1]);
+                switch (op) {
+                case AUDIT_EQUAL:
+                        match = mls_level_eq(&rule->au_ctxt.range.level[0],
+                                             level);
+                        break;
+                case AUDIT_NOT_EQUAL:
+                        match = !mls_level_eq(&rule->au_ctxt.range.level[0],
+                                              level);
+                        break;
+                case AUDIT_LESS_THAN:
+                        match = (mls_level_dom(&rule->au_ctxt.range.level[0],
+                                               level) &&
+                                 !mls_level_eq(&rule->au_ctxt.range.level[0],
+                                               level));
+                        break;
+                case AUDIT_LESS_THAN_OR_EQUAL:
+                        match = mls_level_dom(&rule->au_ctxt.range.level[0],
+                                              level);
+                        break;
+                case AUDIT_GREATER_THAN:
+                        match = (mls_level_dom(level,
+                                              &rule->au_ctxt.range.level[0]) &&
+                                 !mls_level_eq(level,
+                                               &rule->au_ctxt.range.level[0]));
+                        break;
+                case AUDIT_GREATER_THAN_OR_EQUAL:
+                        match = mls_level_dom(level,
+                                              &rule->au_ctxt.range.level[0]);
+                        break;
+                }
+        }
+out:
+        POLICY_RDUNLOCK;
+        return match;
+}
+static int (*aurule_callback)(void) = NULL;
+static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
+                               u16 class, u32 perms, u32 *retained)
+{
+        int err = 0;
+        if (event == AVC_CALLBACK_RESET && aurule_callback)
+                err = aurule_callback();
+        return err;
+}
+static int __init aurule_init(void)
+{
+        int err;
+        err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
+                               SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
+        if (err)
+                panic("avc_add_callback() failed, error %d\n", err);
+        return err;
+}
+__initcall(aurule_init);
+void selinux_audit_set_callback(int (*callback)(void))
+{
+        aurule_callback = callback;
+}

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 61492485de84..7177e98df7f3 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -7,12 +7,13 @@
7	* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>	7	* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8	*	8	*
9	* Support for enhanced MLS infrastructure.	9	* Support for enhanced MLS infrastructure.
		10	* Support for context based audit filters.
10	*	11	*
11	* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>	12	* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
12	*	13	*
13	* Added conditional policy language extensions	14	* Added conditional policy language extensions
14	*	15	*
15	* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.	16	* Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
16	* Copyright (C) 2003 - 2004 Tresys Technology, LLC	17	* Copyright (C) 2003 - 2004 Tresys Technology, LLC
17	* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>	18	* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
18	* This program is free software; you can redistribute it and/or modify	19	* This program is free software; you can redistribute it and/or modify
@@ -1811,3 +1812,235 @@ out:
1811	POLICY_RDUNLOCK;	1812	POLICY_RDUNLOCK;
1812	return rc;	1813	return rc;
1813	}	1814	}
		1815
		1816	struct selinux_audit_rule {
		1817	u32 au_seqno;
		1818	struct context au_ctxt;
		1819	};
		1820
		1821	void selinux_audit_rule_free(struct selinux_audit_rule *rule)
		1822	{
		1823	if (rule) {
		1824	context_destroy(&rule->au_ctxt);
		1825	kfree(rule);
		1826	}
		1827	}
		1828
		1829	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
		1830	struct selinux_audit_rule **rule)
		1831	{
		1832	struct selinux_audit_rule *tmprule;
		1833	struct role_datum *roledatum;
		1834	struct type_datum *typedatum;
		1835	struct user_datum *userdatum;
		1836	int rc = 0;
		1837
		1838	*rule = NULL;
		1839
		1840	if (!ss_initialized)
		1841	return -ENOTSUPP;
		1842
		1843	switch (field) {
		1844	case AUDIT_SE_USER:
		1845	case AUDIT_SE_ROLE:
		1846	case AUDIT_SE_TYPE:
		1847	/* only 'equals' and 'not equals' fit user, role, and type */
		1848	if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
		1849	return -EINVAL;
		1850	break;
		1851	case AUDIT_SE_SEN:
		1852	case AUDIT_SE_CLR:
		1853	/* we do not allow a range, indicated by the presense of '-' */
		1854	if (strchr(rulestr, '-'))
		1855	return -EINVAL;
		1856	break;
		1857	default:
		1858	/* only the above fields are valid */
		1859	return -EINVAL;
		1860	}
		1861
		1862	tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
		1863	if (!tmprule)
		1864	return -ENOMEM;
		1865
		1866	context_init(&tmprule->au_ctxt);
		1867
		1868	POLICY_RDLOCK;
		1869
		1870	tmprule->au_seqno = latest_granting;
		1871
		1872	switch (field) {
		1873	case AUDIT_SE_USER:
		1874	userdatum = hashtab_search(policydb.p_users.table, rulestr);
		1875	if (!userdatum)
		1876	rc = -EINVAL;
		1877	else
		1878	tmprule->au_ctxt.user = userdatum->value;
		1879	break;
		1880	case AUDIT_SE_ROLE:
		1881	roledatum = hashtab_search(policydb.p_roles.table, rulestr);
		1882	if (!roledatum)
		1883	rc = -EINVAL;
		1884	else
		1885	tmprule->au_ctxt.role = roledatum->value;
		1886	break;
		1887	case AUDIT_SE_TYPE:
		1888	typedatum = hashtab_search(policydb.p_types.table, rulestr);
		1889	if (!typedatum)
		1890	rc = -EINVAL;
		1891	else
		1892	tmprule->au_ctxt.type = typedatum->value;
		1893	break;
		1894	case AUDIT_SE_SEN:
		1895	case AUDIT_SE_CLR:
		1896	rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
		1897	break;
		1898	}
		1899
		1900	POLICY_RDUNLOCK;
		1901
		1902	if (rc) {
		1903	selinux_audit_rule_free(tmprule);
		1904	tmprule = NULL;
		1905	}
		1906
		1907	*rule = tmprule;
		1908
		1909	return rc;
		1910	}
		1911
		1912	int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
		1913	struct selinux_audit_rule *rule,
		1914	struct audit_context *actx)
		1915	{
		1916	struct context *ctxt;
		1917	struct mls_level *level;
		1918	int match = 0;
		1919
		1920	if (!rule) {
		1921	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
		1922	"selinux_audit_rule_match: missing rule\n");
		1923	return -ENOENT;
		1924	}
		1925
		1926	POLICY_RDLOCK;
		1927
		1928	if (rule->au_seqno < latest_granting) {
		1929	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
		1930	"selinux_audit_rule_match: stale rule\n");
		1931	match = -ESTALE;
		1932	goto out;
		1933	}
		1934
		1935	ctxt = sidtab_search(&sidtab, ctxid);
		1936	if (!ctxt) {
		1937	audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
		1938	"selinux_audit_rule_match: unrecognized SID %d\n",
		1939	ctxid);
		1940	match = -ENOENT;
		1941	goto out;
		1942	}
		1943
		1944	/* a field/op pair that is not caught here will simply fall through
		1945	without a match */
		1946	switch (field) {
		1947	case AUDIT_SE_USER:
		1948	switch (op) {
		1949	case AUDIT_EQUAL:
		1950	match = (ctxt->user == rule->au_ctxt.user);
		1951	break;
		1952	case AUDIT_NOT_EQUAL:
		1953	match = (ctxt->user != rule->au_ctxt.user);
		1954	break;
		1955	}
		1956	break;
		1957	case AUDIT_SE_ROLE:
		1958	switch (op) {
		1959	case AUDIT_EQUAL:
		1960	match = (ctxt->role == rule->au_ctxt.role);
		1961	break;
		1962	case AUDIT_NOT_EQUAL:
		1963	match = (ctxt->role != rule->au_ctxt.role);
		1964	break;
		1965	}
		1966	break;
		1967	case AUDIT_SE_TYPE:
		1968	switch (op) {
		1969	case AUDIT_EQUAL:
		1970	match = (ctxt->type == rule->au_ctxt.type);
		1971	break;
		1972	case AUDIT_NOT_EQUAL:
		1973	match = (ctxt->type != rule->au_ctxt.type);
		1974	break;
		1975	}
		1976	break;
		1977	case AUDIT_SE_SEN:
		1978	case AUDIT_SE_CLR:
		1979	level = (op == AUDIT_SE_SEN ?
		1980	&ctxt->range.level[0] : &ctxt->range.level[1]);
		1981	switch (op) {
		1982	case AUDIT_EQUAL:
		1983	match = mls_level_eq(&rule->au_ctxt.range.level[0],
		1984	level);
		1985	break;
		1986	case AUDIT_NOT_EQUAL:
		1987	match = !mls_level_eq(&rule->au_ctxt.range.level[0],
		1988	level);
		1989	break;
		1990	case AUDIT_LESS_THAN:
		1991	match = (mls_level_dom(&rule->au_ctxt.range.level[0],
		1992	level) &&
		1993	!mls_level_eq(&rule->au_ctxt.range.level[0],
		1994	level));
		1995	break;
		1996	case AUDIT_LESS_THAN_OR_EQUAL:
		1997	match = mls_level_dom(&rule->au_ctxt.range.level[0],
		1998	level);
		1999	break;
		2000	case AUDIT_GREATER_THAN:
		2001	match = (mls_level_dom(level,
		2002	&rule->au_ctxt.range.level[0]) &&
		2003	!mls_level_eq(level,
		2004	&rule->au_ctxt.range.level[0]));
		2005	break;
		2006	case AUDIT_GREATER_THAN_OR_EQUAL:
		2007	match = mls_level_dom(level,
		2008	&rule->au_ctxt.range.level[0]);
		2009	break;
		2010	}
		2011	}
		2012
		2013	out:
		2014	POLICY_RDUNLOCK;
		2015	return match;
		2016	}
		2017
		2018	static int (*aurule_callback)(void) = NULL;
		2019
		2020	static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
		2021	u16 class, u32 perms, u32 *retained)
		2022	{
		2023	int err = 0;
		2024
		2025	if (event == AVC_CALLBACK_RESET && aurule_callback)
		2026	err = aurule_callback();
		2027	return err;
		2028	}
		2029
		2030	static int __init aurule_init(void)
		2031	{
		2032	int err;
		2033
		2034	err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
		2035	SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
		2036	if (err)
		2037	panic("avc_add_callback() failed, error %d\n", err);
		2038
		2039	return err;
		2040	}
		2041	__initcall(aurule_init);
		2042
		2043	void selinux_audit_set_callback(int (*callback)(void))
		2044	{
		2045	aurule_callback = callback;
		2046	}