diff options
Diffstat (limited to 'security/selinux/xfrm.c')
-rw-r--r-- | security/selinux/xfrm.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index abe99d881376..6633fb059313 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -132,10 +132,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us | |||
132 | goto out; | 132 | goto out; |
133 | 133 | ||
134 | /* | 134 | /* |
135 | * Does the subject have permission to set security or permission to | 135 | * Does the subject have permission to set security context? |
136 | * do the relabel? | ||
137 | * Must be permitted to relabel from default socket type (process type) | ||
138 | * to specified context | ||
139 | */ | 136 | */ |
140 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | 137 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, |
141 | SECCLASS_ASSOCIATION, | 138 | SECCLASS_ASSOCIATION, |
@@ -201,6 +198,23 @@ void selinux_xfrm_policy_free(struct xfrm_policy *xp) | |||
201 | } | 198 | } |
202 | 199 | ||
203 | /* | 200 | /* |
201 | * LSM hook implementation that authorizes deletion of labeled policies. | ||
202 | */ | ||
203 | int selinux_xfrm_policy_delete(struct xfrm_policy *xp) | ||
204 | { | ||
205 | struct task_security_struct *tsec = current->security; | ||
206 | struct xfrm_sec_ctx *ctx = xp->security; | ||
207 | int rc = 0; | ||
208 | |||
209 | if (ctx) | ||
210 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | ||
211 | SECCLASS_ASSOCIATION, | ||
212 | ASSOCIATION__SETCONTEXT, NULL); | ||
213 | |||
214 | return rc; | ||
215 | } | ||
216 | |||
217 | /* | ||
204 | * LSM hook implementation that allocs and transfers sec_ctx spec to | 218 | * LSM hook implementation that allocs and transfers sec_ctx spec to |
205 | * xfrm_state. | 219 | * xfrm_state. |
206 | */ | 220 | */ |
@@ -292,6 +306,23 @@ u32 selinux_socket_getpeer_dgram(struct sk_buff *skb) | |||
292 | return SECSID_NULL; | 306 | return SECSID_NULL; |
293 | } | 307 | } |
294 | 308 | ||
309 | /* | ||
310 | * LSM hook implementation that authorizes deletion of labeled SAs. | ||
311 | */ | ||
312 | int selinux_xfrm_state_delete(struct xfrm_state *x) | ||
313 | { | ||
314 | struct task_security_struct *tsec = current->security; | ||
315 | struct xfrm_sec_ctx *ctx = x->security; | ||
316 | int rc = 0; | ||
317 | |||
318 | if (ctx) | ||
319 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | ||
320 | SECCLASS_ASSOCIATION, | ||
321 | ASSOCIATION__SETCONTEXT, NULL); | ||
322 | |||
323 | return rc; | ||
324 | } | ||
325 | |||
295 | /* | 326 | /* |
296 | * LSM hook that controls access to unlabelled packets. If | 327 | * LSM hook that controls access to unlabelled packets. If |
297 | * a xfrm_state is authorizable (defined by macro) then it was | 328 | * a xfrm_state is authorizable (defined by macro) then it was |
@@ -356,18 +387,12 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb) | |||
356 | struct xfrm_state *x = dst_test->xfrm; | 387 | struct xfrm_state *x = dst_test->xfrm; |
357 | 388 | ||
358 | if (x && selinux_authorizable_xfrm(x)) | 389 | if (x && selinux_authorizable_xfrm(x)) |
359 | goto accept; | 390 | goto out; |
360 | } | 391 | } |
361 | } | 392 | } |
362 | 393 | ||
363 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, | 394 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, |
364 | ASSOCIATION__SENDTO, NULL); | 395 | ASSOCIATION__SENDTO, NULL); |
365 | if (rc) | 396 | out: |
366 | goto drop; | 397 | return rc; |
367 | |||
368 | accept: | ||
369 | return NF_ACCEPT; | ||
370 | |||
371 | drop: | ||
372 | return NF_DROP; | ||
373 | } | 398 | } |