aboutsummaryrefslogtreecommitdiff
path: root/security/selinux/ss/services.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r--security/selinux/ss/services.c450
1 files changed, 285 insertions, 165 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index dcc2e1c4fd8..8e42da12010 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -71,14 +71,6 @@ int selinux_policycap_openperm;
extern const struct selinux_class_perm selinux_class_perm;
static DEFINE_RWLOCK(policy_rwlock);
-#define POLICY_RDLOCK read_lock(&policy_rwlock)
-#define POLICY_WRLOCK write_lock_irq(&policy_rwlock)
-#define POLICY_RDUNLOCK read_unlock(&policy_rwlock)
-#define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock)
-
-static DEFINE_MUTEX(load_mutex);
-#define LOAD_LOCK mutex_lock(&load_mutex)
-#define LOAD_UNLOCK mutex_unlock(&load_mutex)
static struct sidtab sidtab;
struct policydb policydb;
@@ -332,7 +324,7 @@ static int context_struct_compute_av(struct context *scontext,
goto inval_class;
if (unlikely(tclass > policydb.p_classes.nprim))
if (tclass > kdefs->cts_len ||
- !kdefs->class_to_string[tclass - 1] ||
+ !kdefs->class_to_string[tclass] ||
!policydb.allow_unknown)
goto inval_class;
@@ -415,9 +407,19 @@ static int context_struct_compute_av(struct context *scontext,
return 0;
inval_class:
- printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__,
- tclass);
- return -EINVAL;
+ if (!tclass || tclass > kdefs->cts_len ||
+ !kdefs->class_to_string[tclass]) {
+ if (printk_ratelimit())
+ printk(KERN_ERR "SELinux: %s: unrecognized class %d\n",
+ __func__, tclass);
+ return -EINVAL;
+ }
+
+ /*
+ * Known to the kernel, but not to the policy.
+ * Handle as a denial (allowed is 0).
+ */
+ return 0;
}
/*
@@ -429,7 +431,7 @@ int security_permissive_sid(u32 sid)
u32 type;
int rc;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
context = sidtab_search(&sidtab, sid);
BUG_ON(!context);
@@ -441,7 +443,7 @@ int security_permissive_sid(u32 sid)
*/
rc = ebitmap_get_bit(&policydb.permissive_map, type);
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -486,7 +488,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
if (!ss_initialized)
return 0;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
/*
* Remap extended Netlink classes for old policy versions.
@@ -543,7 +545,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -578,7 +580,7 @@ int security_compute_av(u32 ssid,
return 0;
}
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
@@ -598,7 +600,7 @@ int security_compute_av(u32 ssid,
rc = context_struct_compute_av(scontext, tcontext, tclass,
requested, avd);
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -616,6 +618,14 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
*scontext = NULL;
*scontext_len = 0;
+ if (context->len) {
+ *scontext_len = context->len;
+ *scontext = kstrdup(context->str, GFP_ATOMIC);
+ if (!(*scontext))
+ return -ENOMEM;
+ return 0;
+ }
+
/* Compute the size of the context. */
*scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
*scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
@@ -655,17 +665,8 @@ const char *security_get_initial_sid_context(u32 sid)
return initial_sid_to_string[sid];
}
-/**
- * security_sid_to_context - Obtain a context for a given SID.
- * @sid: security identifier, SID
- * @scontext: security context
- * @scontext_len: length in bytes
- *
- * Write the string representation of the context associated with @sid
- * into a dynamically allocated string of the correct size. Set @scontext
- * to point to this string and set @scontext_len to the length of the string.
- */
-int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
+static int security_sid_to_context_core(u32 sid, char **scontext,
+ u32 *scontext_len, int force)
{
struct context *context;
int rc = 0;
@@ -692,8 +693,11 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
rc = -EINVAL;
goto out;
}
- POLICY_RDLOCK;
- context = sidtab_search(&sidtab, sid);
+ read_lock(&policy_rwlock);
+ if (force)
+ context = sidtab_search_force(&sidtab, sid);
+ else
+ context = sidtab_search(&sidtab, sid);
if (!context) {
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
__func__, sid);
@@ -702,59 +706,54 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
}
rc = context_struct_to_string(context, scontext, scontext_len);
out_unlock:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
out:
return rc;
}
-static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
- u32 *sid, u32 def_sid, gfp_t gfp_flags)
+/**
+ * security_sid_to_context - Obtain a context for a given SID.
+ * @sid: security identifier, SID
+ * @scontext: security context
+ * @scontext_len: length in bytes
+ *
+ * Write the string representation of the context associated with @sid
+ * into a dynamically allocated string of the correct size. Set @scontext
+ * to point to this string and set @scontext_len to the length of the string.
+ */
+int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
+{
+ return security_sid_to_context_core(sid, scontext, scontext_len, 0);
+}
+
+int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len)
+{
+ return security_sid_to_context_core(sid, scontext, scontext_len, 1);
+}
+
+/*
+ * Caveat: Mutates scontext.
+ */
+static int string_to_context_struct(struct policydb *pol,
+ struct sidtab *sidtabp,
+ char *scontext,
+ u32 scontext_len,
+ struct context *ctx,
+ u32 def_sid)
{
- char *scontext2;
- struct context context;
struct role_datum *role;
struct type_datum *typdatum;
struct user_datum *usrdatum;
char *scontextp, *p, oldc;
int rc = 0;
- if (!ss_initialized) {
- int i;
-
- for (i = 1; i < SECINITSID_NUM; i++) {
- if (!strcmp(initial_sid_to_string[i], scontext)) {
- *sid = i;
- goto out;
- }
- }
- *sid = SECINITSID_KERNEL;
- goto out;
- }
- *sid = SECSID_NULL;
-
- /* Copy the string so that we can modify the copy as we parse it.
- The string should already by null terminated, but we append a
- null suffix to the copy to avoid problems with the existing
- attr package, which doesn't view the null terminator as part
- of the attribute value. */
- scontext2 = kmalloc(scontext_len+1, gfp_flags);
- if (!scontext2) {
- rc = -ENOMEM;
- goto out;
- }
- memcpy(scontext2, scontext, scontext_len);
- scontext2[scontext_len] = 0;
-
- context_init(&context);
- *sid = SECSID_NULL;
-
- POLICY_RDLOCK;
+ context_init(ctx);
/* Parse the security context. */
rc = -EINVAL;
- scontextp = (char *) scontext2;
+ scontextp = (char *) scontext;
/* Extract the user. */
p = scontextp;
@@ -762,15 +761,15 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
p++;
if (*p == 0)
- goto out_unlock;
+ goto out;
*p++ = 0;
- usrdatum = hashtab_search(policydb.p_users.table, scontextp);
+ usrdatum = hashtab_search(pol->p_users.table, scontextp);
if (!usrdatum)
- goto out_unlock;
+ goto out;
- context.user = usrdatum->value;
+ ctx->user = usrdatum->value;
/* Extract role. */
scontextp = p;
@@ -778,14 +777,14 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
p++;
if (*p == 0)
- goto out_unlock;
+ goto out;
*p++ = 0;
- role = hashtab_search(policydb.p_roles.table, scontextp);
+ role = hashtab_search(pol->p_roles.table, scontextp);
if (!role)
- goto out_unlock;
- context.role = role->value;
+ goto out;
+ ctx->role = role->value;
/* Extract type. */
scontextp = p;
@@ -794,33 +793,87 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
oldc = *p;
*p++ = 0;
- typdatum = hashtab_search(policydb.p_types.table, scontextp);
+ typdatum = hashtab_search(pol->p_types.table, scontextp);
if (!typdatum)
- goto out_unlock;
+ goto out;
- context.type = typdatum->value;
+ ctx->type = typdatum->value;
- rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
+ rc = mls_context_to_sid(pol, oldc, &p, ctx, sidtabp, def_sid);
if (rc)
- goto out_unlock;
+ goto out;
- if ((p - scontext2) < scontext_len) {
+ if ((p - scontext) < scontext_len) {
rc = -EINVAL;
- goto out_unlock;
+ goto out;
}
/* Check the validity of the new context. */
- if (!policydb_context_isvalid(&policydb, &context)) {
+ if (!policydb_context_isvalid(pol, ctx)) {
rc = -EINVAL;
- goto out_unlock;
+ context_destroy(ctx);
+ goto out;
}
- /* Obtain the new sid. */
+ rc = 0;
+out:
+ return rc;
+}
+
+static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
+ u32 *sid, u32 def_sid, gfp_t gfp_flags,
+ int force)
+{
+ char *scontext2, *str = NULL;
+ struct context context;
+ int rc = 0;
+
+ if (!ss_initialized) {
+ int i;
+
+ for (i = 1; i < SECINITSID_NUM; i++) {
+ if (!strcmp(initial_sid_to_string[i], scontext)) {
+ *sid = i;
+ return 0;
+ }
+ }
+ *sid = SECINITSID_KERNEL;
+ return 0;
+ }
+ *sid = SECSID_NULL;
+
+ /* Copy the string so that we can modify the copy as we parse it. */
+ scontext2 = kmalloc(scontext_len+1, gfp_flags);
+ if (!scontext2)
+ return -ENOMEM;
+ memcpy(scontext2, scontext, scontext_len);
+ scontext2[scontext_len] = 0;
+
+ if (force) {
+ /* Save another copy for storing in uninterpreted form */
+ str = kstrdup(scontext2, gfp_flags);
+ if (!str) {
+ kfree(scontext2);
+ return -ENOMEM;
+ }
+ }
+
+ read_lock(&policy_rwlock);
+ rc = string_to_context_struct(&policydb, &sidtab,
+ scontext2, scontext_len,
+ &context, def_sid);
+ if (rc == -EINVAL && force) {
+ context.str = str;
+ context.len = scontext_len;
+ str = NULL;
+ } else if (rc)
+ goto out;
rc = sidtab_context_to_sid(&sidtab, &context, sid);
-out_unlock:
- POLICY_RDUNLOCK;
- context_destroy(&context);
- kfree(scontext2);
+ if (rc)
+ context_destroy(&context);
out:
+ read_unlock(&policy_rwlock);
+ kfree(scontext2);
+ kfree(str);
return rc;
}
@@ -838,7 +891,7 @@ out:
int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
{
return security_context_to_sid_core(scontext, scontext_len,
- sid, SECSID_NULL, GFP_KERNEL);
+ sid, SECSID_NULL, GFP_KERNEL, 0);
}
/**
@@ -855,6 +908,7 @@ int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
* The default SID is passed to the MLS layer to be used to allow
* kernel labeling of the MLS field if the MLS field is not present
* (for upgrading to MLS without full relabel).
+ * Implicitly forces adding of the context even if it cannot be mapped yet.
* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
* memory is available, or 0 on success.
*/
@@ -862,7 +916,14 @@ int security_context_to_sid_default(const char *scontext, u32 scontext_len,
u32 *sid, u32 def_sid, gfp_t gfp_flags)
{
return security_context_to_sid_core(scontext, scontext_len,
- sid, def_sid, gfp_flags);
+ sid, def_sid, gfp_flags, 1);
+}
+
+int security_context_to_sid_force(const char *scontext, u32 scontext_len,
+ u32 *sid)
+{
+ return security_context_to_sid_core(scontext, scontext_len,
+ sid, SECSID_NULL, GFP_KERNEL, 1);
}
static int compute_sid_handle_invalid_context(
@@ -922,7 +983,7 @@ static int security_compute_sid(u32 ssid,
context_init(&newcontext);
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
@@ -1027,7 +1088,7 @@ static int security_compute_sid(u32 ssid,
/* Obtain the sid for the context. */
rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
out_unlock:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
context_destroy(&newcontext);
out:
return rc;
@@ -1110,6 +1171,7 @@ static int validate_classes(struct policydb *p)
const struct selinux_class_perm *kdefs = &selinux_class_perm;
const char *def_class, *def_perm, *pol_class;
struct symtab *perms;
+ bool print_unknown_handle = 0;
if (p->allow_unknown) {
u32 num_classes = kdefs->cts_len;
@@ -1130,6 +1192,7 @@ static int validate_classes(struct policydb *p)
return -EINVAL;
if (p->allow_unknown)
p->undefined_perms[i-1] = ~0U;
+ print_unknown_handle = 1;
continue;
}
pol_class = p->p_class_val_to_name[i-1];
@@ -1159,6 +1222,7 @@ static int validate_classes(struct policydb *p)
return -EINVAL;
if (p->allow_unknown)
p->undefined_perms[class_val-1] |= perm_val;
+ print_unknown_handle = 1;
continue;
}
perdatum = hashtab_search(perms->table, def_perm);
@@ -1206,6 +1270,7 @@ static int validate_classes(struct policydb *p)
return -EINVAL;
if (p->allow_unknown)
p->undefined_perms[class_val-1] |= (1 << j);
+ print_unknown_handle = 1;
continue;
}
perdatum = hashtab_search(perms->table, def_perm);
@@ -1223,6 +1288,9 @@ static int validate_classes(struct policydb *p)
}
}
}
+ if (print_unknown_handle)
+ printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
+ (security_get_allow_unknown() ? "allowed" : "denied"));
return 0;
}
@@ -1246,9 +1314,12 @@ static inline int convert_context_handle_invalid_context(struct context *context
char *s;
u32 len;
- context_struct_to_string(context, &s, &len);
- printk(KERN_ERR "SELinux: context %s is invalid\n", s);
- kfree(s);
+ if (!context_struct_to_string(context, &s, &len)) {
+ printk(KERN_WARNING
+ "SELinux: Context %s would be invalid if enforcing\n",
+ s);
+ kfree(s);
+ }
}
return rc;
}
@@ -1280,6 +1351,37 @@ static int convert_context(u32 key,
args = p;
+ if (c->str) {
+ struct context ctx;
+ s = kstrdup(c->str, GFP_KERNEL);
+ if (!s) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ rc = string_to_context_struct(args->newp, NULL, s,
+ c->len, &ctx, SECSID_NULL);
+ kfree(s);
+ if (!rc) {
+ printk(KERN_INFO
+ "SELinux: Context %s became valid (mapped).\n",
+ c->str);
+ /* Replace string with mapped representation. */
+ kfree(c->str);
+ memcpy(c, &ctx, sizeof(*c));
+ goto out;
+ } else if (rc == -EINVAL) {
+ /* Retain string representation for later mapping. */
+ rc = 0;
+ goto out;
+ } else {
+ /* Other error condition, e.g. ENOMEM. */
+ printk(KERN_ERR
+ "SELinux: Unable to map context %s, rc = %d.\n",
+ c->str, -rc);
+ goto out;
+ }
+ }
+
rc = context_cpy(&oldc, c);
if (rc)
goto out;
@@ -1319,13 +1421,21 @@ static int convert_context(u32 key,
}
context_destroy(&oldc);
+ rc = 0;
out:
return rc;
bad:
- context_struct_to_string(&oldc, &s, &len);
+ /* Map old representation to string and save it. */
+ if (context_struct_to_string(&oldc, &s, &len))
+ return -ENOMEM;
context_destroy(&oldc);
- printk(KERN_ERR "SELinux: invalidating context %s\n", s);
- kfree(s);
+ context_destroy(c);
+ c->str = s;
+ c->len = len;
+ printk(KERN_INFO
+ "SELinux: Context %s became invalid (unmapped).\n",
+ c->str);
+ rc = 0;
goto out;
}
@@ -1359,17 +1469,13 @@ int security_load_policy(void *data, size_t len)
int rc = 0;
struct policy_file file = { data, len }, *fp = &file;
- LOAD_LOCK;
-
if (!ss_initialized) {
avtab_cache_init();
if (policydb_read(&policydb, fp)) {
- LOAD_UNLOCK;
avtab_cache_destroy();
return -EINVAL;
}
if (policydb_load_isids(&policydb, &sidtab)) {
- LOAD_UNLOCK;
policydb_destroy(&policydb);
avtab_cache_destroy();
return -EINVAL;
@@ -1378,7 +1484,6 @@ int security_load_policy(void *data, size_t len)
if (validate_classes(&policydb)) {
printk(KERN_ERR
"SELinux: the definition of a class is incorrect\n");
- LOAD_UNLOCK;
sidtab_destroy(&sidtab);
policydb_destroy(&policydb);
avtab_cache_destroy();
@@ -1388,7 +1493,6 @@ int security_load_policy(void *data, size_t len)
policydb_loaded_version = policydb.policyvers;
ss_initialized = 1;
seqno = ++latest_granting;
- LOAD_UNLOCK;
selinux_complete_init();
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
@@ -1401,12 +1505,13 @@ int security_load_policy(void *data, size_t len)
sidtab_hash_eval(&sidtab, "sids");
#endif
- if (policydb_read(&newpolicydb, fp)) {
- LOAD_UNLOCK;
+ if (policydb_read(&newpolicydb, fp))
return -EINVAL;
- }
- sidtab_init(&newsidtab);
+ if (sidtab_init(&newsidtab)) {
+ policydb_destroy(&newpolicydb);
+ return -ENOMEM;
+ }
/* Verify that the kernel defined classes are correct. */
if (validate_classes(&newpolicydb)) {
@@ -1429,25 +1534,28 @@ int security_load_policy(void *data, size_t len)
goto err;
}
- /* Convert the internal representations of contexts
- in the new SID table and remove invalid SIDs. */
+ /*
+ * Convert the internal representations of contexts
+ * in the new SID table.
+ */
args.oldp = &policydb;
args.newp = &newpolicydb;
- sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
+ rc = sidtab_map(&newsidtab, convert_context, &args);
+ if (rc)
+ goto err;
/* Save the old policydb and SID table to free later. */
memcpy(&oldpolicydb, &policydb, sizeof policydb);
sidtab_set(&oldsidtab, &sidtab);
/* Install the new policydb and SID table. */
- POLICY_WRLOCK;
+ write_lock_irq(&policy_rwlock);
memcpy(&policydb, &newpolicydb, sizeof policydb);
sidtab_set(&sidtab, &newsidtab);
security_load_policycaps();
seqno = ++latest_granting;
policydb_loaded_version = policydb.policyvers;
- POLICY_WRUNLOCK;
- LOAD_UNLOCK;
+ write_unlock_irq(&policy_rwlock);
/* Free the old policydb and SID table. */
policydb_destroy(&oldpolicydb);
@@ -1461,7 +1569,6 @@ int security_load_policy(void *data, size_t len)
return 0;
err:
- LOAD_UNLOCK;
sidtab_destroy(&newsidtab);
policydb_destroy(&newpolicydb);
return rc;
@@ -1479,7 +1586,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
struct ocontext *c;
int rc = 0;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
c = policydb.ocontexts[OCON_PORT];
while (c) {
@@ -1504,7 +1611,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -1518,7 +1625,7 @@ int security_netif_sid(char *name, u32 *if_sid)
int rc = 0;
struct ocontext *c;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
c = policydb.ocontexts[OCON_NETIF];
while (c) {
@@ -1545,7 +1652,7 @@ int security_netif_sid(char *name, u32 *if_sid)
*if_sid = SECINITSID_NETIF;
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -1577,7 +1684,7 @@ int security_node_sid(u16 domain,
int rc = 0;
struct ocontext *c;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
switch (domain) {
case AF_INET: {
@@ -1632,7 +1739,7 @@ int security_node_sid(u16 domain,
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -1671,7 +1778,9 @@ int security_get_user_sids(u32 fromsid,
if (!ss_initialized)
goto out;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
+
+ context_init(&usercon);
fromcon = sidtab_search(&sidtab, fromsid);
if (!fromcon) {
@@ -1722,7 +1831,7 @@ int security_get_user_sids(u32 fromsid,
}
out_unlock:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
if (rc || !mynel) {
kfree(mysids);
goto out;
@@ -1775,7 +1884,7 @@ int security_genfs_sid(const char *fstype,
while (path[0] == '/' && path[1] == '/')
path++;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
cmp = strcmp(fstype, genfs->fstype);
@@ -1812,7 +1921,7 @@ int security_genfs_sid(const char *fstype,
*sid = c->sid[0];
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -1825,12 +1934,13 @@ out:
int security_fs_use(
const char *fstype,
unsigned int *behavior,
- u32 *sid)
+ u32 *sid,
+ bool can_xattr)
{
int rc = 0;
struct ocontext *c;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
c = policydb.ocontexts[OCON_FSUSE];
while (c) {
@@ -1839,6 +1949,7 @@ int security_fs_use(
c = c->next;
}
+ /* look for labeling behavior defined in policy */
if (c) {
*behavior = c->v.behavior;
if (!c->sid[0]) {
@@ -1849,18 +1960,27 @@ int security_fs_use(
goto out;
}
*sid = c->sid[0];
+ goto out;
+ }
+
+ /* labeling behavior not in policy, use xattrs if possible */
+ if (can_xattr) {
+ *behavior = SECURITY_FS_USE_XATTR;
+ *sid = SECINITSID_FS;
+ goto out;
+ }
+
+ /* no behavior in policy and can't use xattrs, try GENFS */
+ rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
+ if (rc) {
+ *behavior = SECURITY_FS_USE_NONE;
+ rc = 0;
} else {
- rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
- if (rc) {
- *behavior = SECURITY_FS_USE_NONE;
- rc = 0;
- } else {
- *behavior = SECURITY_FS_USE_GENFS;
- }
+ *behavior = SECURITY_FS_USE_GENFS;
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -1868,7 +1988,7 @@ int security_get_bools(int *len, char ***names, int **values)
{
int i, rc = -ENOMEM;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
*names = NULL;
*values = NULL;
@@ -1898,7 +2018,7 @@ int security_get_bools(int *len, char ***names, int **values)
}
rc = 0;
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
err:
if (*names) {
@@ -1916,7 +2036,7 @@ int security_set_bools(int len, int *values)
int lenp, seqno = 0;
struct cond_node *cur;
- POLICY_WRLOCK;
+ write_lock_irq(&policy_rwlock);
lenp = policydb.p_bools.nprim;
if (len != lenp) {
@@ -1950,7 +2070,7 @@ int security_set_bools(int len, int *values)
seqno = ++latest_granting;
out:
- POLICY_WRUNLOCK;
+ write_unlock_irq(&policy_rwlock);
if (!rc) {
avc_ss_reset(seqno);
selnl_notify_policyload(seqno);
@@ -1964,7 +2084,7 @@ int security_get_bool_value(int bool)
int rc = 0;
int len;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
len = policydb.p_bools.nprim;
if (bool >= len) {
@@ -1974,7 +2094,7 @@ int security_get_bool_value(int bool)
rc = policydb.bool_val_to_struct[bool]->state;
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -2029,7 +2149,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
context_init(&newcon);
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
context1 = sidtab_search(&sidtab, sid);
if (!context1) {
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
@@ -2071,7 +2191,7 @@ bad:
}
out_unlock:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
context_destroy(&newcon);
out:
return rc;
@@ -2128,7 +2248,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
return 0;
}
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
if (!nlbl_ctx) {
@@ -2147,7 +2267,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
out_slowpath:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
if (rc == 0)
/* at present NetLabel SIDs/labels really only carry MLS
* information so if the MLS portion of the NetLabel SID
@@ -2177,7 +2297,7 @@ int security_get_classes(char ***classes, int *nclasses)
{
int rc = -ENOMEM;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
*nclasses = policydb.p_classes.nprim;
*classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC);
@@ -2194,7 +2314,7 @@ int security_get_classes(char ***classes, int *nclasses)
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -2216,7 +2336,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
int rc = -ENOMEM, i;
struct class_datum *match;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
match = hashtab_search(policydb.p_classes.table, class);
if (!match) {
@@ -2244,11 +2364,11 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
goto err;
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
err:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
for (i = 0; i < *nperms; i++)
kfree((*perms)[i]);
kfree(*perms);
@@ -2279,9 +2399,9 @@ int security_policycap_supported(unsigned int req_cap)
{
int rc;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
rc = ebitmap_get_bit(&policydb.policycaps, req_cap);
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
@@ -2345,7 +2465,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
context_init(&tmprule->au_ctxt);
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
tmprule->au_seqno = latest_granting;
@@ -2382,7 +2502,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
break;
}
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
if (rc) {
selinux_audit_rule_free(tmprule);
@@ -2420,7 +2540,7 @@ int selinux_audit_rule_known(struct audit_krule *rule)
}
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
- struct audit_context *actx)
+ struct audit_context *actx)
{
struct context *ctxt;
struct mls_level *level;
@@ -2433,7 +2553,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
return -ENOENT;
}
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
if (rule->au_seqno < latest_granting) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
@@ -2527,14 +2647,14 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
}
out:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return match;
}
static int (*aurule_callback)(void) = audit_update_lsm_rules;
static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
- u16 class, u32 perms, u32 *retained)
+ u16 class, u32 perms, u32 *retained)
{
int err = 0;
@@ -2615,7 +2735,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
return 0;
}
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
if (secattr->flags & NETLBL_SECATTR_CACHE) {
*sid = *(u32 *)secattr->cache->data;
@@ -2660,7 +2780,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
}
netlbl_secattr_to_sid_return:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
netlbl_secattr_to_sid_return_cleanup:
ebitmap_destroy(&ctx_new.range.level[0].cat);
@@ -2685,7 +2805,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
if (!ss_initialized)
return 0;
- POLICY_RDLOCK;
+ read_lock(&policy_rwlock);
ctx = sidtab_search(&sidtab, sid);
if (ctx == NULL)
goto netlbl_sid_to_secattr_failure;
@@ -2696,12 +2816,12 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
rc = mls_export_netlbl_cat(ctx, secattr);
if (rc != 0)
goto netlbl_sid_to_secattr_failure;
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return 0;
netlbl_sid_to_secattr_failure:
- POLICY_RDUNLOCK;
+ read_unlock(&policy_rwlock);
return rc;
}
#endif /* CONFIG_NETLABEL */