2 * Implementation of the multi-level security (MLS) policy.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 * Support for enhanced MLS infrastructure.
11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/string.h>
17 #include <linux/errno.h>
24 * Return the length in bytes for the MLS fields of the
25 * security context string representation of `context'.
27 int mls_compute_context_len(struct context * context)
30 struct ebitmap_node *node;
32 if (!selinux_mls_enabled)
35 len = 1; /* for the beginning ":" */
36 for (l = 0; l < 2; l++) {
38 len += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
40 ebitmap_for_each_bit(&context->range.level[l].cat, node, i) {
41 if (ebitmap_node_get_bit(node, i)) {
47 len += strlen(policydb.p_cat_val_to_name[i]) + 1;
51 len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1;
55 /* Handle case where last category is the end of range */
57 len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1;
60 if (mls_level_eq(&context->range.level[0],
61 &context->range.level[1]))
72 * Write the security context string representation of
73 * the MLS fields of `context' into the string `*scontext'.
74 * Update `*scontext' to point to the end of the MLS fields.
76 void mls_sid_to_context(struct context *context,
80 int i, l, range, wrote_sep;
81 struct ebitmap_node *node;
83 if (!selinux_mls_enabled)
86 scontextp = *scontext;
91 for (l = 0; l < 2; l++) {
95 policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
96 scontextp += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
99 ebitmap_for_each_bit(&context->range.level[l].cat, node, i) {
100 if (ebitmap_node_get_bit(node, i)) {
111 strcpy(scontextp, policydb.p_cat_val_to_name[i]);
112 scontextp += strlen(policydb.p_cat_val_to_name[i]);
121 strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]);
122 scontextp += strlen(policydb.p_cat_val_to_name[i - 1]);
128 /* Handle case where last category is the end of range */
135 strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]);
136 scontextp += strlen(policydb.p_cat_val_to_name[i - 1]);
140 if (mls_level_eq(&context->range.level[0],
141 &context->range.level[1]))
150 *scontext = scontextp;
155 * Return 1 if the MLS fields in the security context
156 * structure `c' are valid. Return 0 otherwise.
158 int mls_context_isvalid(struct policydb *p, struct context *c)
160 struct level_datum *levdatum;
161 struct user_datum *usrdatum;
162 struct ebitmap_node *node;
165 if (!selinux_mls_enabled)
169 * MLS range validity checks: high must dominate low, low level must
170 * be valid (category set <-> sensitivity check), and high level must
171 * be valid (category set <-> sensitivity check)
173 if (!mls_level_dom(&c->range.level[1], &c->range.level[0]))
174 /* High does not dominate low. */
177 for (l = 0; l < 2; l++) {
178 if (!c->range.level[l].sens || c->range.level[l].sens > p->p_levels.nprim)
180 levdatum = hashtab_search(p->p_levels.table,
181 p->p_sens_val_to_name[c->range.level[l].sens - 1]);
185 ebitmap_for_each_bit(&c->range.level[l].cat, node, i) {
186 if (ebitmap_node_get_bit(node, i)) {
187 if (i > p->p_cats.nprim)
189 if (!ebitmap_get_bit(&levdatum->level->cat, i))
191 * Category may not be associated with
192 * sensitivity in low level.
199 if (c->role == OBJECT_R_VAL)
203 * User must be authorized for the MLS range.
205 if (!c->user || c->user > p->p_users.nprim)
207 usrdatum = p->user_val_to_struct[c->user - 1];
208 if (!mls_range_contains(usrdatum->range, c->range))
209 return 0; /* user may not be associated with range */
215 * Copies the MLS range from `src' into `dst'.
217 static inline int mls_copy_context(struct context *dst,
222 /* Copy the MLS range from the source context */
223 for (l = 0; l < 2; l++) {
224 dst->range.level[l].sens = src->range.level[l].sens;
225 rc = ebitmap_cpy(&dst->range.level[l].cat,
226 &src->range.level[l].cat);
235 * Set the MLS fields in the security context structure
236 * `context' based on the string representation in
237 * the string `*scontext'. Update `*scontext' to
238 * point to the end of the string representation of
241 * This function modifies the string in place, inserting
242 * NULL characters to terminate the MLS fields.
244 * If a def_sid is provided and no MLS field is present,
245 * copy the MLS field of the associated default context.
246 * Used for upgraded to MLS systems where objects may lack
249 * Policy read-lock must be held for sidtab lookup.
252 int mls_context_to_sid(char oldc,
254 struct context *context,
260 char *scontextp, *p, *rngptr;
261 struct level_datum *levdatum;
262 struct cat_datum *catdatum, *rngdatum;
265 if (!selinux_mls_enabled) {
266 if (def_sid != SECSID_NULL && oldc)
267 *scontext += strlen(*scontext)+1;
272 * No MLS component to the security context, try and map to
273 * default if provided.
276 struct context *defcon;
278 if (def_sid == SECSID_NULL)
281 defcon = sidtab_search(s, def_sid);
285 rc = mls_copy_context(context, defcon);
289 /* Extract low sensitivity. */
290 scontextp = p = *scontext;
291 while (*p && *p != ':' && *p != '-')
298 for (l = 0; l < 2; l++) {
299 levdatum = hashtab_search(policydb.p_levels.table, scontextp);
305 context->range.level[l].sens = levdatum->level->sens;
308 /* Extract category set. */
311 while (*p && *p != ',' && *p != '-')
317 /* Separate into range if exists */
318 if ((rngptr = strchr(scontextp, '.')) != NULL) {
323 catdatum = hashtab_search(policydb.p_cats.table,
330 rc = ebitmap_set_bit(&context->range.level[l].cat,
331 catdatum->value - 1, 1);
335 /* If range, set all categories in range */
339 rngdatum = hashtab_search(policydb.p_cats.table, rngptr);
345 if (catdatum->value >= rngdatum->value) {
350 for (i = catdatum->value; i < rngdatum->value; i++) {
351 rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
362 /* Extract high sensitivity. */
364 while (*p && *p != ':')
375 context->range.level[1].sens = context->range.level[0].sens;
376 rc = ebitmap_cpy(&context->range.level[1].cat,
377 &context->range.level[0].cat);
388 * Copies the effective MLS range from `src' into `dst'.
390 static inline int mls_scopy_context(struct context *dst,
395 /* Copy the MLS range from the source context */
396 for (l = 0; l < 2; l++) {
397 dst->range.level[l].sens = src->range.level[0].sens;
398 rc = ebitmap_cpy(&dst->range.level[l].cat,
399 &src->range.level[0].cat);
408 * Copies the MLS range `range' into `context'.
410 static inline int mls_range_set(struct context *context,
411 struct mls_range *range)
415 /* Copy the MLS range into the context */
416 for (l = 0; l < 2; l++) {
417 context->range.level[l].sens = range->level[l].sens;
418 rc = ebitmap_cpy(&context->range.level[l].cat,
419 &range->level[l].cat);
427 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
428 struct context *usercon)
430 if (selinux_mls_enabled) {
431 struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
432 struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
433 struct mls_level *user_low = &(user->range.level[0]);
434 struct mls_level *user_clr = &(user->range.level[1]);
435 struct mls_level *user_def = &(user->dfltlevel);
436 struct mls_level *usercon_sen = &(usercon->range.level[0]);
437 struct mls_level *usercon_clr = &(usercon->range.level[1]);
439 /* Honor the user's default level if we can */
440 if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) {
441 *usercon_sen = *user_def;
442 } else if (mls_level_between(fromcon_sen, user_def, user_clr)) {
443 *usercon_sen = *fromcon_sen;
444 } else if (mls_level_between(fromcon_clr, user_low, user_def)) {
445 *usercon_sen = *user_low;
449 /* Lower the clearance of available contexts
450 if the clearance of "fromcon" is lower than
451 that of the user's default clearance (but
452 only if the "fromcon" clearance dominates
453 the user's computed sensitivity level) */
454 if (mls_level_dom(user_clr, fromcon_clr)) {
455 *usercon_clr = *fromcon_clr;
456 } else if (mls_level_dom(fromcon_clr, user_clr)) {
457 *usercon_clr = *user_clr;
466 * Convert the MLS fields in the security context
467 * structure `c' from the values specified in the
468 * policy `oldp' to the values specified in the policy `newp'.
470 int mls_convert_context(struct policydb *oldp,
471 struct policydb *newp,
474 struct level_datum *levdatum;
475 struct cat_datum *catdatum;
476 struct ebitmap bitmap;
477 struct ebitmap_node *node;
480 if (!selinux_mls_enabled)
483 for (l = 0; l < 2; l++) {
484 levdatum = hashtab_search(newp->p_levels.table,
485 oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
489 c->range.level[l].sens = levdatum->level->sens;
491 ebitmap_init(&bitmap);
492 ebitmap_for_each_bit(&c->range.level[l].cat, node, i) {
493 if (ebitmap_node_get_bit(node, i)) {
496 catdatum = hashtab_search(newp->p_cats.table,
497 oldp->p_cat_val_to_name[i]);
500 rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
505 ebitmap_destroy(&c->range.level[l].cat);
506 c->range.level[l].cat = bitmap;
512 int mls_compute_sid(struct context *scontext,
513 struct context *tcontext,
516 struct context *newcontext)
518 if (!selinux_mls_enabled)
522 case AVTAB_TRANSITION:
523 if (tclass == SECCLASS_PROCESS) {
524 struct range_trans *rangetr;
525 /* Look for a range transition rule. */
526 for (rangetr = policydb.range_tr; rangetr;
527 rangetr = rangetr->next) {
528 if (rangetr->dom == scontext->type &&
529 rangetr->type == tcontext->type) {
530 /* Set the range from the rule */
531 return mls_range_set(newcontext,
538 if (tclass == SECCLASS_PROCESS)
539 /* Use the process MLS attributes. */
540 return mls_copy_context(newcontext, scontext);
542 /* Use the process effective MLS attributes. */
543 return mls_scopy_context(newcontext, scontext);
545 /* Only polyinstantiate the MLS attributes if
546 the type is being polyinstantiated */
547 if (newcontext->type != tcontext->type) {
548 /* Use the process effective MLS attributes. */
549 return mls_scopy_context(newcontext, scontext);
551 /* Use the related object MLS attributes. */
552 return mls_copy_context(newcontext, tcontext);
git://git.onelab.eu / linux-2.6.git / blob