1 // SPDX-License-Identifier: GPL-2.0
3 * Implementation of the multi-level security (MLS) policy.
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
15 * Updated: Hewlett-Packard <paul@paul-moore.com>
17 * Added support to import/export the MLS label from NetLabel
19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
22 #include <linux/kernel.h>
23 #include <linux/slab.h>
24 #include <linux/string.h>
25 #include <linux/errno.h>
26 #include <net/netlabel.h>
33 * Return the length in bytes for the MLS fields of the
34 * security context string representation of `context'.
36 int mls_compute_context_len(struct context *context)
38 int i, l, len, head, prev;
41 struct ebitmap_node *node;
43 if (!policydb.mls_enabled)
46 len = 1; /* for the beginning ":" */
47 for (l = 0; l < 2; l++) {
48 int index_sens = context->range.level[l].sens;
49 len += strlen(sym_name(&policydb, SYM_LEVELS, index_sens - 1));
54 e = &context->range.level[l].cat;
55 ebitmap_for_each_positive_bit(e, node, i) {
57 /* one or more negative bits are skipped */
59 nm = sym_name(&policydb, SYM_CATS, prev);
60 len += strlen(nm) + 1;
62 nm = sym_name(&policydb, SYM_CATS, i);
63 len += strlen(nm) + 1;
69 nm = sym_name(&policydb, SYM_CATS, prev);
70 len += strlen(nm) + 1;
73 if (mls_level_eq(&context->range.level[0],
74 &context->range.level[1]))
85 * Write the security context string representation of
86 * the MLS fields of `context' into the string `*scontext'.
87 * Update `*scontext' to point to the end of the MLS fields.
89 void mls_sid_to_context(struct context *context,
95 struct ebitmap_node *node;
97 if (!policydb.mls_enabled)
100 scontextp = *scontext;
105 for (l = 0; l < 2; l++) {
106 strcpy(scontextp, sym_name(&policydb, SYM_LEVELS,
107 context->range.level[l].sens - 1));
108 scontextp += strlen(scontextp);
113 e = &context->range.level[l].cat;
114 ebitmap_for_each_positive_bit(e, node, i) {
116 /* one or more negative bits are skipped */
122 nm = sym_name(&policydb, SYM_CATS, prev);
123 strcpy(scontextp, nm);
124 scontextp += strlen(nm);
130 nm = sym_name(&policydb, SYM_CATS, i);
131 strcpy(scontextp, nm);
132 scontextp += strlen(nm);
143 nm = sym_name(&policydb, SYM_CATS, prev);
144 strcpy(scontextp, nm);
145 scontextp += strlen(nm);
149 if (mls_level_eq(&context->range.level[0],
150 &context->range.level[1]))
157 *scontext = scontextp;
161 int mls_level_isvalid(struct policydb *p, struct mls_level *l)
163 struct level_datum *levdatum;
165 if (!l->sens || l->sens > p->p_levels.nprim)
167 levdatum = hashtab_search(p->p_levels.table,
168 sym_name(p, SYM_LEVELS, l->sens - 1));
173 * Return 1 iff all the bits set in l->cat are also be set in
174 * levdatum->level->cat and no bit in l->cat is larger than
177 return ebitmap_contains(&levdatum->level->cat, &l->cat,
181 int mls_range_isvalid(struct policydb *p, struct mls_range *r)
183 return (mls_level_isvalid(p, &r->level[0]) &&
184 mls_level_isvalid(p, &r->level[1]) &&
185 mls_level_dom(&r->level[1], &r->level[0]));
189 * Return 1 if the MLS fields in the security context
190 * structure `c' are valid. Return 0 otherwise.
192 int mls_context_isvalid(struct policydb *p, struct context *c)
194 struct user_datum *usrdatum;
199 if (!mls_range_isvalid(p, &c->range))
202 if (c->role == OBJECT_R_VAL)
206 * User must be authorized for the MLS range.
208 if (!c->user || c->user > p->p_users.nprim)
210 usrdatum = p->user_val_to_struct[c->user - 1];
211 if (!mls_range_contains(usrdatum->range, c->range))
212 return 0; /* user may not be associated with range */
218 * Set the MLS fields in the security context structure
219 * `context' based on the string representation in
220 * the string `*scontext'. Update `*scontext' to
221 * point to the end of the string representation of
224 * This function modifies the string in place, inserting
225 * NULL characters to terminate the MLS fields.
227 * If a def_sid is provided and no MLS field is present,
228 * copy the MLS field of the associated default context.
229 * Used for upgraded to MLS systems where objects may lack
232 * Policy read-lock must be held for sidtab lookup.
235 int mls_context_to_sid(struct policydb *pol,
238 struct context *context,
244 char *scontextp, *p, *rngptr;
245 struct level_datum *levdatum;
246 struct cat_datum *catdatum, *rngdatum;
249 if (!pol->mls_enabled) {
250 if (def_sid != SECSID_NULL && oldc)
251 *scontext += strlen(*scontext) + 1;
256 * No MLS component to the security context, try and map to
257 * default if provided.
260 struct context *defcon;
262 if (def_sid == SECSID_NULL)
265 defcon = sidtab_search(s, def_sid);
269 rc = mls_context_cpy(context, defcon);
273 /* Extract low sensitivity. */
274 scontextp = p = *scontext;
275 while (*p && *p != ':' && *p != '-')
282 for (l = 0; l < 2; l++) {
283 levdatum = hashtab_search(pol->p_levels.table, scontextp);
289 context->range.level[l].sens = levdatum->level->sens;
292 /* Extract category set. */
295 while (*p && *p != ',' && *p != '-')
301 /* Separate into range if exists */
302 rngptr = strchr(scontextp, '.');
303 if (rngptr != NULL) {
308 catdatum = hashtab_search(pol->p_cats.table,
315 rc = ebitmap_set_bit(&context->range.level[l].cat,
316 catdatum->value - 1, 1);
320 /* If range, set all categories in range */
324 rngdatum = hashtab_search(pol->p_cats.table, rngptr);
330 if (catdatum->value >= rngdatum->value) {
335 for (i = catdatum->value; i < rngdatum->value; i++) {
336 rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
347 /* Extract high sensitivity. */
349 while (*p && *p != ':')
360 context->range.level[1].sens = context->range.level[0].sens;
361 rc = ebitmap_cpy(&context->range.level[1].cat,
362 &context->range.level[0].cat);
373 * Set the MLS fields in the security context structure
374 * `context' based on the string representation in
375 * the string `str'. This function will allocate temporary memory with the
376 * given constraints of gfp_mask.
378 int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
380 char *tmpstr, *freestr;
383 if (!policydb.mls_enabled)
386 /* we need freestr because mls_context_to_sid will change
387 the value of tmpstr */
388 tmpstr = freestr = kstrdup(str, gfp_mask);
392 rc = mls_context_to_sid(&policydb, ':', &tmpstr, context,
401 * Copies the MLS range `range' into `context'.
403 int mls_range_set(struct context *context,
404 struct mls_range *range)
408 /* Copy the MLS range into the context */
409 for (l = 0; l < 2; l++) {
410 context->range.level[l].sens = range->level[l].sens;
411 rc = ebitmap_cpy(&context->range.level[l].cat,
412 &range->level[l].cat);
420 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
421 struct context *usercon)
423 if (policydb.mls_enabled) {
424 struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
425 struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
426 struct mls_level *user_low = &(user->range.level[0]);
427 struct mls_level *user_clr = &(user->range.level[1]);
428 struct mls_level *user_def = &(user->dfltlevel);
429 struct mls_level *usercon_sen = &(usercon->range.level[0]);
430 struct mls_level *usercon_clr = &(usercon->range.level[1]);
432 /* Honor the user's default level if we can */
433 if (mls_level_between(user_def, fromcon_sen, fromcon_clr))
434 *usercon_sen = *user_def;
435 else if (mls_level_between(fromcon_sen, user_def, user_clr))
436 *usercon_sen = *fromcon_sen;
437 else if (mls_level_between(fromcon_clr, user_low, user_def))
438 *usercon_sen = *user_low;
442 /* Lower the clearance of available contexts
443 if the clearance of "fromcon" is lower than
444 that of the user's default clearance (but
445 only if the "fromcon" clearance dominates
446 the user's computed sensitivity level) */
447 if (mls_level_dom(user_clr, fromcon_clr))
448 *usercon_clr = *fromcon_clr;
449 else if (mls_level_dom(fromcon_clr, user_clr))
450 *usercon_clr = *user_clr;
459 * Convert the MLS fields in the security context
460 * structure `c' from the values specified in the
461 * policy `oldp' to the values specified in the policy `newp'.
463 int mls_convert_context(struct policydb *oldp,
464 struct policydb *newp,
467 struct level_datum *levdatum;
468 struct cat_datum *catdatum;
469 struct ebitmap bitmap;
470 struct ebitmap_node *node;
473 if (!policydb.mls_enabled)
476 for (l = 0; l < 2; l++) {
477 levdatum = hashtab_search(newp->p_levels.table,
478 sym_name(oldp, SYM_LEVELS,
479 c->range.level[l].sens - 1));
483 c->range.level[l].sens = levdatum->level->sens;
485 ebitmap_init(&bitmap);
486 ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) {
489 catdatum = hashtab_search(newp->p_cats.table,
490 sym_name(oldp, SYM_CATS, i));
493 rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
499 ebitmap_destroy(&c->range.level[l].cat);
500 c->range.level[l].cat = bitmap;
506 int mls_compute_sid(struct context *scontext,
507 struct context *tcontext,
510 struct context *newcontext,
513 struct range_trans rtr;
515 struct class_datum *cladatum;
516 int default_range = 0;
518 if (!policydb.mls_enabled)
522 case AVTAB_TRANSITION:
523 /* Look for a range transition rule. */
524 rtr.source_type = scontext->type;
525 rtr.target_type = tcontext->type;
526 rtr.target_class = tclass;
527 r = hashtab_search(policydb.range_tr, &rtr);
529 return mls_range_set(newcontext, r);
531 if (tclass && tclass <= policydb.p_classes.nprim) {
532 cladatum = policydb.class_val_to_struct[tclass - 1];
534 default_range = cladatum->default_range;
537 switch (default_range) {
538 case DEFAULT_SOURCE_LOW:
539 return mls_context_cpy_low(newcontext, scontext);
540 case DEFAULT_SOURCE_HIGH:
541 return mls_context_cpy_high(newcontext, scontext);
542 case DEFAULT_SOURCE_LOW_HIGH:
543 return mls_context_cpy(newcontext, scontext);
544 case DEFAULT_TARGET_LOW:
545 return mls_context_cpy_low(newcontext, tcontext);
546 case DEFAULT_TARGET_HIGH:
547 return mls_context_cpy_high(newcontext, tcontext);
548 case DEFAULT_TARGET_LOW_HIGH:
549 return mls_context_cpy(newcontext, tcontext);
554 if ((tclass == policydb.process_class) || (sock == true))
555 /* Use the process MLS attributes. */
556 return mls_context_cpy(newcontext, scontext);
558 /* Use the process effective MLS attributes. */
559 return mls_context_cpy_low(newcontext, scontext);
561 /* Use the process effective MLS attributes. */
562 return mls_context_cpy_low(newcontext, scontext);
569 #ifdef CONFIG_NETLABEL
571 * mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
572 * @context: the security context
573 * @secattr: the NetLabel security attributes
576 * Given the security context copy the low MLS sensitivity level into the
577 * NetLabel MLS sensitivity level field.
580 void mls_export_netlbl_lvl(struct context *context,
581 struct netlbl_lsm_secattr *secattr)
583 if (!policydb.mls_enabled)
586 secattr->attr.mls.lvl = context->range.level[0].sens - 1;
587 secattr->flags |= NETLBL_SECATTR_MLS_LVL;
591 * mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
592 * @context: the security context
593 * @secattr: the NetLabel security attributes
596 * Given the security context and the NetLabel security attributes, copy the
597 * NetLabel MLS sensitivity level into the context.
600 void mls_import_netlbl_lvl(struct context *context,
601 struct netlbl_lsm_secattr *secattr)
603 if (!policydb.mls_enabled)
606 context->range.level[0].sens = secattr->attr.mls.lvl + 1;
607 context->range.level[1].sens = context->range.level[0].sens;
611 * mls_export_netlbl_cat - Export the MLS categories to NetLabel
612 * @context: the security context
613 * @secattr: the NetLabel security attributes
616 * Given the security context copy the low MLS categories into the NetLabel
617 * MLS category field. Returns zero on success, negative values on failure.
620 int mls_export_netlbl_cat(struct context *context,
621 struct netlbl_lsm_secattr *secattr)
625 if (!policydb.mls_enabled)
628 rc = ebitmap_netlbl_export(&context->range.level[0].cat,
629 &secattr->attr.mls.cat);
630 if (rc == 0 && secattr->attr.mls.cat != NULL)
631 secattr->flags |= NETLBL_SECATTR_MLS_CAT;
637 * mls_import_netlbl_cat - Import the MLS categories from NetLabel
638 * @context: the security context
639 * @secattr: the NetLabel security attributes
642 * Copy the NetLabel security attributes into the SELinux context; since the
643 * NetLabel security attribute only contains a single MLS category use it for
644 * both the low and high categories of the context. Returns zero on success,
645 * negative values on failure.
648 int mls_import_netlbl_cat(struct context *context,
649 struct netlbl_lsm_secattr *secattr)
653 if (!policydb.mls_enabled)
656 rc = ebitmap_netlbl_import(&context->range.level[0].cat,
657 secattr->attr.mls.cat);
659 goto import_netlbl_cat_failure;
660 memcpy(&context->range.level[1].cat, &context->range.level[0].cat,
661 sizeof(context->range.level[0].cat));
665 import_netlbl_cat_failure:
666 ebitmap_destroy(&context->range.level[0].cat);
669 #endif /* CONFIG_NETLABEL */
git.samba.org / sfrench / cifs-2.6.git / blob