*
* This file contains the SELinux hook function implementations.
*
- * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
* Chris Vance, <cvance@nai.com>
* Wayne Salamon, <wsalamon@nai.com>
* James Morris <jmorris@redhat.com>
if (!strcmp(sb->s_type->name, "debugfs") ||
!strcmp(sb->s_type->name, "tracefs") ||
!strcmp(sb->s_type->name, "sysfs") ||
- !strcmp(sb->s_type->name, "pstore"))
+ !strcmp(sb->s_type->name, "pstore") ||
+ !strcmp(sb->s_type->name, "cgroup") ||
+ !strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS;
if (!sbsec->behavior) {
case SOCK_SEQPACKET:
return SECCLASS_UNIX_STREAM_SOCKET;
case SOCK_DGRAM:
+ case SOCK_RAW:
return SECCLASS_UNIX_DGRAM_SOCKET;
}
break;
int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
int rc;
+ u32 av;
if (!nnp && !nosuid)
return 0; /* neither NNP nor nosuid */
return 0; /* No change in credentials */
/*
- * The only transitions we permit under NNP or nosuid
- * are transitions to bounded SIDs, i.e. SIDs that are
- * guaranteed to only be allowed a subset of the permissions
- * of the current SID.
+ * If the policy enables the nnp_nosuid_transition policy capability,
+ * then we permit transitions under NNP or nosuid if the
+ * policy allows the corresponding permission between
+ * the old and new contexts.
*/
- rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
- if (rc) {
- /*
- * On failure, preserve the errno values for NNP vs nosuid.
- * NNP: Operation not permitted for caller.
- * nosuid: Permission denied to file.
- */
+ if (selinux_policycap_nnp_nosuid_transition) {
+ av = 0;
if (nnp)
- return -EPERM;
- else
- return -EACCES;
+ av |= PROCESS2__NNP_TRANSITION;
+ if (nosuid)
+ av |= PROCESS2__NOSUID_TRANSITION;
+ rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
+ SECCLASS_PROCESS2, av, NULL);
+ if (!rc)
+ return 0;
}
- return 0;
+
+ /*
+ * We also permit NNP or nosuid transitions to bounded SIDs,
+ * i.e. SIDs that are guaranteed to only be allowed a subset
+ * of the permissions of the current SID.
+ */
+ rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
+ if (!rc)
+ return 0;
+
+ /*
+ * On failure, preserve the errno values for NNP vs nosuid.
+ * NNP: Operation not permitted for caller.
+ * nosuid: Permission denied to file.
+ */
+ if (nnp)
+ return -EPERM;
+ return -EACCES;
}
static int selinux_bprm_set_creds(struct linux_binprm *bprm)