1 // SPDX-License-Identifier: GPL-2.0
3 * Implementation of the multi-level security (MLS) policy.
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
15 * Updated: Hewlett-Packard <paul@paul-moore.com>
17 * Added support to import/export the MLS label from NetLabel
19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
22 #include <linux/kernel.h>
23 #include <linux/slab.h>
24 #include <linux/string.h>
25 #include <linux/errno.h>
26 #include <net/netlabel.h>
33 * Return the length in bytes for the MLS fields of the
34 * security context string representation of `context'.
36 int mls_compute_context_len(struct policydb *p, struct context *context)
38 int i, l, len, head, prev;
41 struct ebitmap_node *node;
46 len = 1; /* for the beginning ":" */
47 for (l = 0; l < 2; l++) {
48 int index_sens = context->range.level[l].sens;
49 len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1));
54 e = &context->range.level[l].cat;
55 ebitmap_for_each_positive_bit(e, node, i) {
57 /* one or more negative bits are skipped */
59 nm = sym_name(p, SYM_CATS, prev);
60 len += strlen(nm) + 1;
62 nm = sym_name(p, SYM_CATS, i);
63 len += strlen(nm) + 1;
69 nm = sym_name(p, SYM_CATS, prev);
70 len += strlen(nm) + 1;
73 if (mls_level_eq(&context->range.level[0],
74 &context->range.level[1]))
85 * Write the security context string representation of
86 * the MLS fields of `context' into the string `*scontext'.
87 * Update `*scontext' to point to the end of the MLS fields.
89 void mls_sid_to_context(struct policydb *p,
90 struct context *context,
96 struct ebitmap_node *node;
101 scontextp = *scontext;
106 for (l = 0; l < 2; l++) {
107 strcpy(scontextp, sym_name(p, SYM_LEVELS,
108 context->range.level[l].sens - 1));
109 scontextp += strlen(scontextp);
114 e = &context->range.level[l].cat;
115 ebitmap_for_each_positive_bit(e, node, i) {
117 /* one or more negative bits are skipped */
123 nm = sym_name(p, SYM_CATS, prev);
124 strcpy(scontextp, nm);
125 scontextp += strlen(nm);
131 nm = sym_name(p, SYM_CATS, i);
132 strcpy(scontextp, nm);
133 scontextp += strlen(nm);
144 nm = sym_name(p, SYM_CATS, prev);
145 strcpy(scontextp, nm);
146 scontextp += strlen(nm);
150 if (mls_level_eq(&context->range.level[0],
151 &context->range.level[1]))
158 *scontext = scontextp;
162 int mls_level_isvalid(struct policydb *p, struct mls_level *l)
164 struct level_datum *levdatum;
166 if (!l->sens || l->sens > p->p_levels.nprim)
168 levdatum = hashtab_search(p->p_levels.table,
169 sym_name(p, SYM_LEVELS, l->sens - 1));
174 * Return 1 iff all the bits set in l->cat are also be set in
175 * levdatum->level->cat and no bit in l->cat is larger than
178 return ebitmap_contains(&levdatum->level->cat, &l->cat,
182 int mls_range_isvalid(struct policydb *p, struct mls_range *r)
184 return (mls_level_isvalid(p, &r->level[0]) &&
185 mls_level_isvalid(p, &r->level[1]) &&
186 mls_level_dom(&r->level[1], &r->level[0]));
190 * Return 1 if the MLS fields in the security context
191 * structure `c' are valid. Return 0 otherwise.
193 int mls_context_isvalid(struct policydb *p, struct context *c)
195 struct user_datum *usrdatum;
200 if (!mls_range_isvalid(p, &c->range))
203 if (c->role == OBJECT_R_VAL)
207 * User must be authorized for the MLS range.
209 if (!c->user || c->user > p->p_users.nprim)
211 usrdatum = p->user_val_to_struct[c->user - 1];
212 if (!mls_range_contains(usrdatum->range, c->range))
213 return 0; /* user may not be associated with range */
219 * Set the MLS fields in the security context structure
220 * `context' based on the string representation in
221 * the string `scontext'.
223 * This function modifies the string in place, inserting
224 * NULL characters to terminate the MLS fields.
226 * If a def_sid is provided and no MLS field is present,
227 * copy the MLS field of the associated default context.
228 * Used for upgraded to MLS systems where objects may lack
231 * Policy read-lock must be held for sidtab lookup.
234 int mls_context_to_sid(struct policydb *pol,
237 struct context *context,
241 char *sensitivity, *cur_cat, *next_cat, *rngptr;
242 struct level_datum *levdatum;
243 struct cat_datum *catdatum, *rngdatum;
247 if (!pol->mls_enabled) {
249 * With no MLS, only return -EINVAL if there is a MLS field
250 * and it did not come from an xattr.
252 if (oldc && def_sid == SECSID_NULL)
258 * No MLS component to the security context, try and map to
259 * default if provided.
262 struct context *defcon;
264 if (def_sid == SECSID_NULL)
267 defcon = sidtab_search(s, def_sid);
271 return mls_context_cpy(context, defcon);
275 * If we're dealing with a range, figure out where the two parts
276 * of the range begin.
278 rangep[0] = scontext;
279 rangep[1] = strchr(scontext, '-');
285 /* For each part of the range: */
286 for (l = 0; l < 2; l++) {
287 /* Split sensitivity and category set. */
288 sensitivity = rangep[l];
289 if (sensitivity == NULL)
291 next_cat = strchr(sensitivity, ':');
293 *(next_cat++) = '\0';
295 /* Parse sensitivity. */
296 levdatum = hashtab_search(pol->p_levels.table, sensitivity);
299 context->range.level[l].sens = levdatum->level->sens;
301 /* Extract category set. */
302 while (next_cat != NULL) {
304 next_cat = strchr(next_cat, ',');
305 if (next_cat != NULL)
306 *(next_cat++) = '\0';
308 /* Separate into range if exists */
309 rngptr = strchr(cur_cat, '.');
310 if (rngptr != NULL) {
315 catdatum = hashtab_search(pol->p_cats.table, cur_cat);
319 rc = ebitmap_set_bit(&context->range.level[l].cat,
320 catdatum->value - 1, 1);
324 /* If range, set all categories in range */
328 rngdatum = hashtab_search(pol->p_cats.table, rngptr);
332 if (catdatum->value >= rngdatum->value)
335 for (i = catdatum->value; i < rngdatum->value; i++) {
336 rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
343 /* If we didn't see a '-', the range start is also the range end. */
344 if (rangep[1] == NULL) {
345 context->range.level[1].sens = context->range.level[0].sens;
346 rc = ebitmap_cpy(&context->range.level[1].cat,
347 &context->range.level[0].cat);
356 * Set the MLS fields in the security context structure
357 * `context' based on the string representation in
358 * the string `str'. This function will allocate temporary memory with the
359 * given constraints of gfp_mask.
361 int mls_from_string(struct policydb *p, char *str, struct context *context,
370 tmpstr = kstrdup(str, gfp_mask);
374 rc = mls_context_to_sid(p, ':', tmpstr, context,
383 * Copies the MLS range `range' into `context'.
385 int mls_range_set(struct context *context,
386 struct mls_range *range)
390 /* Copy the MLS range into the context */
391 for (l = 0; l < 2; l++) {
392 context->range.level[l].sens = range->level[l].sens;
393 rc = ebitmap_cpy(&context->range.level[l].cat,
394 &range->level[l].cat);
402 int mls_setup_user_range(struct policydb *p,
403 struct context *fromcon, struct user_datum *user,
404 struct context *usercon)
406 if (p->mls_enabled) {
407 struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
408 struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
409 struct mls_level *user_low = &(user->range.level[0]);
410 struct mls_level *user_clr = &(user->range.level[1]);
411 struct mls_level *user_def = &(user->dfltlevel);
412 struct mls_level *usercon_sen = &(usercon->range.level[0]);
413 struct mls_level *usercon_clr = &(usercon->range.level[1]);
415 /* Honor the user's default level if we can */
416 if (mls_level_between(user_def, fromcon_sen, fromcon_clr))
417 *usercon_sen = *user_def;
418 else if (mls_level_between(fromcon_sen, user_def, user_clr))
419 *usercon_sen = *fromcon_sen;
420 else if (mls_level_between(fromcon_clr, user_low, user_def))
421 *usercon_sen = *user_low;
425 /* Lower the clearance of available contexts
426 if the clearance of "fromcon" is lower than
427 that of the user's default clearance (but
428 only if the "fromcon" clearance dominates
429 the user's computed sensitivity level) */
430 if (mls_level_dom(user_clr, fromcon_clr))
431 *usercon_clr = *fromcon_clr;
432 else if (mls_level_dom(fromcon_clr, user_clr))
433 *usercon_clr = *user_clr;
442 * Convert the MLS fields in the security context
443 * structure `oldc' from the values specified in the
444 * policy `oldp' to the values specified in the policy `newp',
445 * storing the resulting context in `newc'.
447 int mls_convert_context(struct policydb *oldp,
448 struct policydb *newp,
449 struct context *oldc,
450 struct context *newc)
452 struct level_datum *levdatum;
453 struct cat_datum *catdatum;
454 struct ebitmap_node *node;
457 if (!oldp->mls_enabled || !newp->mls_enabled)
460 for (l = 0; l < 2; l++) {
461 levdatum = hashtab_search(newp->p_levels.table,
462 sym_name(oldp, SYM_LEVELS,
463 oldc->range.level[l].sens - 1));
467 newc->range.level[l].sens = levdatum->level->sens;
469 ebitmap_for_each_positive_bit(&oldc->range.level[l].cat,
473 catdatum = hashtab_search(newp->p_cats.table,
474 sym_name(oldp, SYM_CATS, i));
477 rc = ebitmap_set_bit(&newc->range.level[l].cat,
478 catdatum->value - 1, 1);
487 int mls_compute_sid(struct policydb *p,
488 struct context *scontext,
489 struct context *tcontext,
492 struct context *newcontext,
495 struct range_trans rtr;
497 struct class_datum *cladatum;
498 int default_range = 0;
504 case AVTAB_TRANSITION:
505 /* Look for a range transition rule. */
506 rtr.source_type = scontext->type;
507 rtr.target_type = tcontext->type;
508 rtr.target_class = tclass;
509 r = hashtab_search(p->range_tr, &rtr);
511 return mls_range_set(newcontext, r);
513 if (tclass && tclass <= p->p_classes.nprim) {
514 cladatum = p->class_val_to_struct[tclass - 1];
516 default_range = cladatum->default_range;
519 switch (default_range) {
520 case DEFAULT_SOURCE_LOW:
521 return mls_context_cpy_low(newcontext, scontext);
522 case DEFAULT_SOURCE_HIGH:
523 return mls_context_cpy_high(newcontext, scontext);
524 case DEFAULT_SOURCE_LOW_HIGH:
525 return mls_context_cpy(newcontext, scontext);
526 case DEFAULT_TARGET_LOW:
527 return mls_context_cpy_low(newcontext, tcontext);
528 case DEFAULT_TARGET_HIGH:
529 return mls_context_cpy_high(newcontext, tcontext);
530 case DEFAULT_TARGET_LOW_HIGH:
531 return mls_context_cpy(newcontext, tcontext);
536 if ((tclass == p->process_class) || (sock == true))
537 /* Use the process MLS attributes. */
538 return mls_context_cpy(newcontext, scontext);
540 /* Use the process effective MLS attributes. */
541 return mls_context_cpy_low(newcontext, scontext);
543 /* Use the process effective MLS attributes. */
544 return mls_context_cpy_low(newcontext, scontext);
551 #ifdef CONFIG_NETLABEL
553 * mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
554 * @context: the security context
555 * @secattr: the NetLabel security attributes
558 * Given the security context copy the low MLS sensitivity level into the
559 * NetLabel MLS sensitivity level field.
562 void mls_export_netlbl_lvl(struct policydb *p,
563 struct context *context,
564 struct netlbl_lsm_secattr *secattr)
569 secattr->attr.mls.lvl = context->range.level[0].sens - 1;
570 secattr->flags |= NETLBL_SECATTR_MLS_LVL;
574 * mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
575 * @context: the security context
576 * @secattr: the NetLabel security attributes
579 * Given the security context and the NetLabel security attributes, copy the
580 * NetLabel MLS sensitivity level into the context.
583 void mls_import_netlbl_lvl(struct policydb *p,
584 struct context *context,
585 struct netlbl_lsm_secattr *secattr)
590 context->range.level[0].sens = secattr->attr.mls.lvl + 1;
591 context->range.level[1].sens = context->range.level[0].sens;
595 * mls_export_netlbl_cat - Export the MLS categories to NetLabel
596 * @context: the security context
597 * @secattr: the NetLabel security attributes
600 * Given the security context copy the low MLS categories into the NetLabel
601 * MLS category field. Returns zero on success, negative values on failure.
604 int mls_export_netlbl_cat(struct policydb *p,
605 struct context *context,
606 struct netlbl_lsm_secattr *secattr)
613 rc = ebitmap_netlbl_export(&context->range.level[0].cat,
614 &secattr->attr.mls.cat);
615 if (rc == 0 && secattr->attr.mls.cat != NULL)
616 secattr->flags |= NETLBL_SECATTR_MLS_CAT;
622 * mls_import_netlbl_cat - Import the MLS categories from NetLabel
623 * @context: the security context
624 * @secattr: the NetLabel security attributes
627 * Copy the NetLabel security attributes into the SELinux context; since the
628 * NetLabel security attribute only contains a single MLS category use it for
629 * both the low and high categories of the context. Returns zero on success,
630 * negative values on failure.
633 int mls_import_netlbl_cat(struct policydb *p,
634 struct context *context,
635 struct netlbl_lsm_secattr *secattr)
642 rc = ebitmap_netlbl_import(&context->range.level[0].cat,
643 secattr->attr.mls.cat);
645 goto import_netlbl_cat_failure;
646 memcpy(&context->range.level[1].cat, &context->range.level[0].cat,
647 sizeof(context->range.level[0].cat));
651 import_netlbl_cat_failure:
652 ebitmap_destroy(&context->range.level[0].cat);
655 #endif /* CONFIG_NETLABEL */
projects / releases.git / blob