1 // SPDX-License-Identifier: GPL-2.0
3 * Implementation of the multi-level security (MLS) policy.
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
15 * Updated: Hewlett-Packard <paul@paul-moore.com>
17 * Added support to import/export the MLS label from NetLabel
19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
22 #include <linux/kernel.h>
23 #include <linux/slab.h>
24 #include <linux/string.h>
25 #include <linux/errno.h>
26 #include <net/netlabel.h>
33 * Return the length in bytes for the MLS fields of the
34 * security context string representation of `context'.
36 int mls_compute_context_len(struct policydb *p, struct context *context)
38 int i, l, len, head, prev;
41 struct ebitmap_node *node;
46 len = 1; /* for the beginning ":" */
47 for (l = 0; l < 2; l++) {
48 int index_sens = context->range.level[l].sens;
49 len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1));
54 e = &context->range.level[l].cat;
55 ebitmap_for_each_positive_bit(e, node, i) {
57 /* one or more negative bits are skipped */
59 nm = sym_name(p, SYM_CATS, prev);
60 len += strlen(nm) + 1;
62 nm = sym_name(p, SYM_CATS, i);
63 len += strlen(nm) + 1;
69 nm = sym_name(p, SYM_CATS, prev);
70 len += strlen(nm) + 1;
73 if (mls_level_eq(&context->range.level[0],
74 &context->range.level[1]))
85 * Write the security context string representation of
86 * the MLS fields of `context' into the string `*scontext'.
87 * Update `*scontext' to point to the end of the MLS fields.
89 void mls_sid_to_context(struct policydb *p,
90 struct context *context,
96 struct ebitmap_node *node;
101 scontextp = *scontext;
106 for (l = 0; l < 2; l++) {
107 strcpy(scontextp, sym_name(p, SYM_LEVELS,
108 context->range.level[l].sens - 1));
109 scontextp += strlen(scontextp);
114 e = &context->range.level[l].cat;
115 ebitmap_for_each_positive_bit(e, node, i) {
117 /* one or more negative bits are skipped */
123 nm = sym_name(p, SYM_CATS, prev);
124 strcpy(scontextp, nm);
125 scontextp += strlen(nm);
131 nm = sym_name(p, SYM_CATS, i);
132 strcpy(scontextp, nm);
133 scontextp += strlen(nm);
144 nm = sym_name(p, SYM_CATS, prev);
145 strcpy(scontextp, nm);
146 scontextp += strlen(nm);
150 if (mls_level_eq(&context->range.level[0],
151 &context->range.level[1]))
158 *scontext = scontextp;
161 int mls_level_isvalid(struct policydb *p, struct mls_level *l)
163 struct level_datum *levdatum;
165 if (!l->sens || l->sens > p->p_levels.nprim)
167 levdatum = symtab_search(&p->p_levels,
168 sym_name(p, SYM_LEVELS, l->sens - 1));
173 * Return 1 iff all the bits set in l->cat are also be set in
174 * levdatum->level->cat and no bit in l->cat is larger than
177 return ebitmap_contains(&levdatum->level->cat, &l->cat,
181 int mls_range_isvalid(struct policydb *p, struct mls_range *r)
183 return (mls_level_isvalid(p, &r->level[0]) &&
184 mls_level_isvalid(p, &r->level[1]) &&
185 mls_level_dom(&r->level[1], &r->level[0]));
189 * Return 1 if the MLS fields in the security context
190 * structure `c' are valid. Return 0 otherwise.
192 int mls_context_isvalid(struct policydb *p, struct context *c)
194 struct user_datum *usrdatum;
199 if (!mls_range_isvalid(p, &c->range))
202 if (c->role == OBJECT_R_VAL)
206 * User must be authorized for the MLS range.
208 if (!c->user || c->user > p->p_users.nprim)
210 usrdatum = p->user_val_to_struct[c->user - 1];
211 if (!mls_range_contains(usrdatum->range, c->range))
212 return 0; /* user may not be associated with range */
218 * Set the MLS fields in the security context structure
219 * `context' based on the string representation in
220 * the string `scontext'.
222 * This function modifies the string in place, inserting
223 * NULL characters to terminate the MLS fields.
225 * If a def_sid is provided and no MLS field is present,
226 * copy the MLS field of the associated default context.
227 * Used for upgraded to MLS systems where objects may lack
230 * Policy read-lock must be held for sidtab lookup.
233 int mls_context_to_sid(struct policydb *pol,
236 struct context *context,
240 char *sensitivity, *cur_cat, *next_cat, *rngptr;
241 struct level_datum *levdatum;
242 struct cat_datum *catdatum, *rngdatum;
246 if (!pol->mls_enabled) {
248 * With no MLS, only return -EINVAL if there is a MLS field
249 * and it did not come from an xattr.
251 if (oldc && def_sid == SECSID_NULL)
257 * No MLS component to the security context, try and map to
258 * default if provided.
261 struct context *defcon;
263 if (def_sid == SECSID_NULL)
266 defcon = sidtab_search(s, def_sid);
270 return mls_context_cpy(context, defcon);
274 * If we're dealing with a range, figure out where the two parts
275 * of the range begin.
277 rangep[0] = scontext;
278 rangep[1] = strchr(scontext, '-');
284 /* For each part of the range: */
285 for (l = 0; l < 2; l++) {
286 /* Split sensitivity and category set. */
287 sensitivity = rangep[l];
288 if (sensitivity == NULL)
290 next_cat = strchr(sensitivity, ':');
292 *(next_cat++) = '\0';
294 /* Parse sensitivity. */
295 levdatum = symtab_search(&pol->p_levels, sensitivity);
298 context->range.level[l].sens = levdatum->level->sens;
300 /* Extract category set. */
301 while (next_cat != NULL) {
303 next_cat = strchr(next_cat, ',');
304 if (next_cat != NULL)
305 *(next_cat++) = '\0';
307 /* Separate into range if exists */
308 rngptr = strchr(cur_cat, '.');
309 if (rngptr != NULL) {
314 catdatum = symtab_search(&pol->p_cats, cur_cat);
318 rc = ebitmap_set_bit(&context->range.level[l].cat,
319 catdatum->value - 1, 1);
323 /* If range, set all categories in range */
327 rngdatum = symtab_search(&pol->p_cats, rngptr);
331 if (catdatum->value >= rngdatum->value)
334 for (i = catdatum->value; i < rngdatum->value; i++) {
335 rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
342 /* If we didn't see a '-', the range start is also the range end. */
343 if (rangep[1] == NULL) {
344 context->range.level[1].sens = context->range.level[0].sens;
345 rc = ebitmap_cpy(&context->range.level[1].cat,
346 &context->range.level[0].cat);
355 * Set the MLS fields in the security context structure
356 * `context' based on the string representation in
357 * the string `str'. This function will allocate temporary memory with the
358 * given constraints of gfp_mask.
360 int mls_from_string(struct policydb *p, char *str, struct context *context,
369 tmpstr = kstrdup(str, gfp_mask);
373 rc = mls_context_to_sid(p, ':', tmpstr, context,
382 * Copies the MLS range `range' into `context'.
384 int mls_range_set(struct context *context,
385 struct mls_range *range)
389 /* Copy the MLS range into the context */
390 for (l = 0; l < 2; l++) {
391 context->range.level[l].sens = range->level[l].sens;
392 rc = ebitmap_cpy(&context->range.level[l].cat,
393 &range->level[l].cat);
401 int mls_setup_user_range(struct policydb *p,
402 struct context *fromcon, struct user_datum *user,
403 struct context *usercon)
405 if (p->mls_enabled) {
406 struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
407 struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
408 struct mls_level *user_low = &(user->range.level[0]);
409 struct mls_level *user_clr = &(user->range.level[1]);
410 struct mls_level *user_def = &(user->dfltlevel);
411 struct mls_level *usercon_sen = &(usercon->range.level[0]);
412 struct mls_level *usercon_clr = &(usercon->range.level[1]);
414 /* Honor the user's default level if we can */
415 if (mls_level_between(user_def, fromcon_sen, fromcon_clr))
416 *usercon_sen = *user_def;
417 else if (mls_level_between(fromcon_sen, user_def, user_clr))
418 *usercon_sen = *fromcon_sen;
419 else if (mls_level_between(fromcon_clr, user_low, user_def))
420 *usercon_sen = *user_low;
424 /* Lower the clearance of available contexts
425 if the clearance of "fromcon" is lower than
426 that of the user's default clearance (but
427 only if the "fromcon" clearance dominates
428 the user's computed sensitivity level) */
429 if (mls_level_dom(user_clr, fromcon_clr))
430 *usercon_clr = *fromcon_clr;
431 else if (mls_level_dom(fromcon_clr, user_clr))
432 *usercon_clr = *user_clr;
441 * Convert the MLS fields in the security context
442 * structure `oldc' from the values specified in the
443 * policy `oldp' to the values specified in the policy `newp',
444 * storing the resulting context in `newc'.
446 int mls_convert_context(struct policydb *oldp,
447 struct policydb *newp,
448 struct context *oldc,
449 struct context *newc)
451 struct level_datum *levdatum;
452 struct cat_datum *catdatum;
453 struct ebitmap_node *node;
456 if (!oldp->mls_enabled || !newp->mls_enabled)
459 for (l = 0; l < 2; l++) {
460 char *name = sym_name(oldp, SYM_LEVELS,
461 oldc->range.level[l].sens - 1);
463 levdatum = symtab_search(&newp->p_levels, name);
467 newc->range.level[l].sens = levdatum->level->sens;
469 ebitmap_for_each_positive_bit(&oldc->range.level[l].cat,
473 catdatum = symtab_search(&newp->p_cats,
474 sym_name(oldp, SYM_CATS, i));
477 rc = ebitmap_set_bit(&newc->range.level[l].cat,
478 catdatum->value - 1, 1);
487 int mls_compute_sid(struct policydb *p,
488 struct context *scontext,
489 struct context *tcontext,
492 struct context *newcontext,
495 struct range_trans rtr;
497 struct class_datum *cladatum;
498 int default_range = 0;
504 case AVTAB_TRANSITION:
505 /* Look for a range transition rule. */
506 rtr.source_type = scontext->type;
507 rtr.target_type = tcontext->type;
508 rtr.target_class = tclass;
509 r = policydb_rangetr_search(p, &rtr);
511 return mls_range_set(newcontext, r);
513 if (tclass && tclass <= p->p_classes.nprim) {
514 cladatum = p->class_val_to_struct[tclass - 1];
516 default_range = cladatum->default_range;
519 switch (default_range) {
520 case DEFAULT_SOURCE_LOW:
521 return mls_context_cpy_low(newcontext, scontext);
522 case DEFAULT_SOURCE_HIGH:
523 return mls_context_cpy_high(newcontext, scontext);
524 case DEFAULT_SOURCE_LOW_HIGH:
525 return mls_context_cpy(newcontext, scontext);
526 case DEFAULT_TARGET_LOW:
527 return mls_context_cpy_low(newcontext, tcontext);
528 case DEFAULT_TARGET_HIGH:
529 return mls_context_cpy_high(newcontext, tcontext);
530 case DEFAULT_TARGET_LOW_HIGH:
531 return mls_context_cpy(newcontext, tcontext);
533 return mls_context_glblub(newcontext,
539 if ((tclass == p->process_class) || sock)
540 /* Use the process MLS attributes. */
541 return mls_context_cpy(newcontext, scontext);
543 /* Use the process effective MLS attributes. */
544 return mls_context_cpy_low(newcontext, scontext);
546 /* Use the process effective MLS attributes. */
547 return mls_context_cpy_low(newcontext, scontext);
552 #ifdef CONFIG_NETLABEL
554 * mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
556 * @context: the security context
557 * @secattr: the NetLabel security attributes
560 * Given the security context copy the low MLS sensitivity level into the
561 * NetLabel MLS sensitivity level field.
564 void mls_export_netlbl_lvl(struct policydb *p,
565 struct context *context,
566 struct netlbl_lsm_secattr *secattr)
571 secattr->attr.mls.lvl = context->range.level[0].sens - 1;
572 secattr->flags |= NETLBL_SECATTR_MLS_LVL;
576 * mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
578 * @context: the security context
579 * @secattr: the NetLabel security attributes
582 * Given the security context and the NetLabel security attributes, copy the
583 * NetLabel MLS sensitivity level into the context.
586 void mls_import_netlbl_lvl(struct policydb *p,
587 struct context *context,
588 struct netlbl_lsm_secattr *secattr)
593 context->range.level[0].sens = secattr->attr.mls.lvl + 1;
594 context->range.level[1].sens = context->range.level[0].sens;
598 * mls_export_netlbl_cat - Export the MLS categories to NetLabel
600 * @context: the security context
601 * @secattr: the NetLabel security attributes
604 * Given the security context copy the low MLS categories into the NetLabel
605 * MLS category field. Returns zero on success, negative values on failure.
608 int mls_export_netlbl_cat(struct policydb *p,
609 struct context *context,
610 struct netlbl_lsm_secattr *secattr)
617 rc = ebitmap_netlbl_export(&context->range.level[0].cat,
618 &secattr->attr.mls.cat);
619 if (rc == 0 && secattr->attr.mls.cat != NULL)
620 secattr->flags |= NETLBL_SECATTR_MLS_CAT;
626 * mls_import_netlbl_cat - Import the MLS categories from NetLabel
628 * @context: the security context
629 * @secattr: the NetLabel security attributes
632 * Copy the NetLabel security attributes into the SELinux context; since the
633 * NetLabel security attribute only contains a single MLS category use it for
634 * both the low and high categories of the context. Returns zero on success,
635 * negative values on failure.
638 int mls_import_netlbl_cat(struct policydb *p,
639 struct context *context,
640 struct netlbl_lsm_secattr *secattr)
647 rc = ebitmap_netlbl_import(&context->range.level[0].cat,
648 secattr->attr.mls.cat);
650 goto import_netlbl_cat_failure;
651 memcpy(&context->range.level[1].cat, &context->range.level[0].cat,
652 sizeof(context->range.level[0].cat));
656 import_netlbl_cat_failure:
657 ebitmap_destroy(&context->range.level[0].cat);
660 #endif /* CONFIG_NETLABEL */
projects / releases.git / blob