diff options
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index abe99d881376..6633fb059313 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -132,10 +132,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_us | |||
| 132 | goto out; | 132 | goto out; |
| 133 | 133 | ||
| 134 | /* | 134 | /* |
| 135 | * Does the subject have permission to set security or permission to | 135 | * Does the subject have permission to set security context? |
| 136 | * do the relabel? | ||
| 137 | * Must be permitted to relabel from default socket type (process type) | ||
| 138 | * to specified context | ||
| 139 | */ | 136 | */ |
| 140 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | 137 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, |
| 141 | SECCLASS_ASSOCIATION, | 138 | SECCLASS_ASSOCIATION, |
| @@ -201,6 +198,23 @@ void selinux_xfrm_policy_free(struct xfrm_policy *xp) | |||
| 201 | } | 198 | } |
| 202 | 199 | ||
| 203 | /* | 200 | /* |
| 201 | * LSM hook implementation that authorizes deletion of labeled policies. | ||
| 202 | */ | ||
| 203 | int selinux_xfrm_policy_delete(struct xfrm_policy *xp) | ||
| 204 | { | ||
| 205 | struct task_security_struct *tsec = current->security; | ||
| 206 | struct xfrm_sec_ctx *ctx = xp->security; | ||
| 207 | int rc = 0; | ||
| 208 | |||
| 209 | if (ctx) | ||
| 210 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | ||
| 211 | SECCLASS_ASSOCIATION, | ||
| 212 | ASSOCIATION__SETCONTEXT, NULL); | ||
| 213 | |||
| 214 | return rc; | ||
| 215 | } | ||
| 216 | |||
| 217 | /* | ||
| 204 | * LSM hook implementation that allocs and transfers sec_ctx spec to | 218 | * LSM hook implementation that allocs and transfers sec_ctx spec to |
| 205 | * xfrm_state. | 219 | * xfrm_state. |
| 206 | */ | 220 | */ |
| @@ -292,6 +306,23 @@ u32 selinux_socket_getpeer_dgram(struct sk_buff *skb) | |||
| 292 | return SECSID_NULL; | 306 | return SECSID_NULL; |
| 293 | } | 307 | } |
| 294 | 308 | ||
| 309 | /* | ||
| 310 | * LSM hook implementation that authorizes deletion of labeled SAs. | ||
| 311 | */ | ||
| 312 | int selinux_xfrm_state_delete(struct xfrm_state *x) | ||
| 313 | { | ||
| 314 | struct task_security_struct *tsec = current->security; | ||
| 315 | struct xfrm_sec_ctx *ctx = x->security; | ||
| 316 | int rc = 0; | ||
| 317 | |||
| 318 | if (ctx) | ||
| 319 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | ||
| 320 | SECCLASS_ASSOCIATION, | ||
| 321 | ASSOCIATION__SETCONTEXT, NULL); | ||
| 322 | |||
| 323 | return rc; | ||
| 324 | } | ||
| 325 | |||
| 295 | /* | 326 | /* |
| 296 | * LSM hook that controls access to unlabelled packets. If | 327 | * LSM hook that controls access to unlabelled packets. If |
| 297 | * a xfrm_state is authorizable (defined by macro) then it was | 328 | * a xfrm_state is authorizable (defined by macro) then it was |
| @@ -356,18 +387,12 @@ int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb) | |||
| 356 | struct xfrm_state *x = dst_test->xfrm; | 387 | struct xfrm_state *x = dst_test->xfrm; |
| 357 | 388 | ||
| 358 | if (x && selinux_authorizable_xfrm(x)) | 389 | if (x && selinux_authorizable_xfrm(x)) |
| 359 | goto accept; | 390 | goto out; |
| 360 | } | 391 | } |
| 361 | } | 392 | } |
| 362 | 393 | ||
| 363 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, | 394 | rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, |
| 364 | ASSOCIATION__SENDTO, NULL); | 395 | ASSOCIATION__SENDTO, NULL); |
| 365 | if (rc) | 396 | out: |
| 366 | goto drop; | 397 | return rc; |
| 367 | |||
| 368 | accept: | ||
| 369 | return NF_ACCEPT; | ||
| 370 | |||
| 371 | drop: | ||
| 372 | return NF_DROP; | ||
| 373 | } | 398 | } |