2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
|
* Implementation of the access vector table type.
|
|
|
|
|
*
|
2017-08-17 17:32:36 +00:00
|
|
|
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
|
|
|
|
|
*
|
2008-04-18 21:38:28 +00:00
|
|
|
* Added conditional policy language extensions
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
|
* Copyright (C) 2003 Tresys Technology, LLC
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
2008-04-18 21:38:28 +00:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
2005-04-16 22:20:36 +00:00
|
|
|
* the Free Software Foundation, version 2.
|
2007-08-24 02:55:11 +00:00
|
|
|
*
|
|
|
|
|
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
|
2008-04-18 21:38:28 +00:00
|
|
|
* Tuned number of hash slots for avtab to reduce memory usage
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/slab.h>
|
|
|
|
|
#include <linux/errno.h>
|
|
|
|
|
#include "avtab.h"
|
|
|
|
|
#include "policydb.h"
|
|
|
|
|
|
2021-01-06 13:26:21 +00:00
|
|
|
static struct kmem_cache *avtab_node_cachep __ro_after_init;
|
|
|
|
|
static struct kmem_cache *avtab_xperms_cachep __ro_after_init;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2015-03-24 20:54:17 +00:00
|
|
|
/* Based on MurmurHash3, written by Austin Appleby and placed in the
|
|
|
|
|
* public domain.
|
|
|
|
|
*/
|
2021-03-30 13:16:46 +00:00
|
|
|
static inline int avtab_hash(const struct avtab_key *keyp, u32 mask)
|
2007-08-24 02:55:11 +00:00
|
|
|
{
|
2015-03-24 20:54:17 +00:00
|
|
|
static const u32 c1 = 0xcc9e2d51;
|
|
|
|
|
static const u32 c2 = 0x1b873593;
|
|
|
|
|
static const u32 r1 = 15;
|
|
|
|
|
static const u32 r2 = 13;
|
|
|
|
|
static const u32 m = 5;
|
|
|
|
|
static const u32 n = 0xe6546b64;
|
|
|
|
|
|
|
|
|
|
u32 hash = 0;
|
|
|
|
|
|
2022-05-02 14:10:51 +00:00
|
|
|
#define mix(input) do { \
|
|
|
|
|
u32 v = input; \
|
|
|
|
|
v *= c1; \
|
|
|
|
|
v = (v << r1) | (v >> (32 - r1)); \
|
|
|
|
|
v *= c2; \
|
|
|
|
|
hash ^= v; \
|
|
|
|
|
hash = (hash << r2) | (hash >> (32 - r2)); \
|
|
|
|
|
hash = hash * m + n; \
|
|
|
|
|
} while (0)
|
2015-03-24 20:54:17 +00:00
|
|
|
|
|
|
|
|
mix(keyp->target_class);
|
|
|
|
|
mix(keyp->target_type);
|
|
|
|
|
mix(keyp->source_type);
|
|
|
|
|
|
|
|
|
|
#undef mix
|
|
|
|
|
|
|
|
|
|
hash ^= hash >> 16;
|
|
|
|
|
hash *= 0x85ebca6b;
|
|
|
|
|
hash ^= hash >> 13;
|
|
|
|
|
hash *= 0xc2b2ae35;
|
|
|
|
|
hash ^= hash >> 16;
|
|
|
|
|
|
|
|
|
|
return hash & mask;
|
2007-08-24 02:55:11 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
static struct avtab_node*
|
|
|
|
|
avtab_insert_node(struct avtab *h, int hvalue,
|
2022-01-25 14:14:16 +00:00
|
|
|
struct avtab_node *prev,
|
2021-03-30 13:16:46 +00:00
|
|
|
const struct avtab_key *key, const struct avtab_datum *datum)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2008-04-18 21:38:28 +00:00
|
|
|
struct avtab_node *newnode;
|
2015-07-10 21:19:56 +00:00
|
|
|
struct avtab_extended_perms *xperms;
|
2007-02-10 09:45:03 +00:00
|
|
|
newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (newnode == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
newnode->key = *key;
|
2015-07-10 21:19:56 +00:00
|
|
|
|
|
|
|
|
if (key->specified & AVTAB_XPERMS) {
|
|
|
|
|
xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
|
|
|
|
|
if (xperms == NULL) {
|
|
|
|
|
kmem_cache_free(avtab_node_cachep, newnode);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
*xperms = *(datum->u.xperms);
|
|
|
|
|
newnode->datum.u.xperms = xperms;
|
|
|
|
|
} else {
|
|
|
|
|
newnode->datum.u.data = datum->u.data;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (prev) {
|
|
|
|
|
newnode->next = prev->next;
|
|
|
|
|
prev->next = newnode;
|
|
|
|
|
} else {
|
2019-03-12 06:31:10 +00:00
|
|
|
struct avtab_node **n = &h->htable[hvalue];
|
|
|
|
|
|
|
|
|
|
newnode->next = *n;
|
|
|
|
|
*n = newnode;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h->nel++;
|
|
|
|
|
return newnode;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-30 13:16:46 +00:00
|
|
|
static int avtab_insert(struct avtab *h, const struct avtab_key *key,
|
|
|
|
|
const struct avtab_datum *datum)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int hvalue;
|
|
|
|
|
struct avtab_node *prev, *cur, *newnode;
|
2005-09-03 22:55:16 +00:00
|
|
|
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-04-02 08:56:18 +00:00
|
|
|
if (!h || !h->nslot)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-08-24 02:55:11 +00:00
|
|
|
hvalue = avtab_hash(key, h->mask);
|
2019-03-12 06:31:10 +00:00
|
|
|
for (prev = NULL, cur = h->htable[hvalue];
|
2005-04-16 22:20:36 +00:00
|
|
|
cur;
|
|
|
|
|
prev = cur, cur = cur->next) {
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class == cur->key.target_class &&
|
2015-07-10 21:19:56 +00:00
|
|
|
(specified & cur->key.specified)) {
|
|
|
|
|
/* extended perms may not be unique */
|
|
|
|
|
if (specified & AVTAB_XPERMS)
|
|
|
|
|
break;
|
2005-04-16 22:20:36 +00:00
|
|
|
return -EEXIST;
|
2015-07-10 21:19:56 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
if (key->source_type < cur->key.source_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type < cur->key.target_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class < cur->key.target_class)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-25 14:14:16 +00:00
|
|
|
newnode = avtab_insert_node(h, hvalue, prev, key, datum);
|
2008-04-18 21:38:28 +00:00
|
|
|
if (!newnode)
|
2005-04-16 22:20:36 +00:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unlike avtab_insert(), this function allow multiple insertions of the same
|
|
|
|
|
* key/specified mask into the table, as needed by the conditional avtab.
|
|
|
|
|
* It also returns a pointer to the node inserted.
|
|
|
|
|
*/
|
2021-03-30 13:16:46 +00:00
|
|
|
struct avtab_node *avtab_insert_nonunique(struct avtab *h,
|
|
|
|
|
const struct avtab_key *key,
|
|
|
|
|
const struct avtab_datum *datum)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int hvalue;
|
2008-07-20 23:50:20 +00:00
|
|
|
struct avtab_node *prev, *cur;
|
2005-09-03 22:55:16 +00:00
|
|
|
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-04-02 08:56:18 +00:00
|
|
|
if (!h || !h->nslot)
|
2005-04-16 22:20:36 +00:00
|
|
|
return NULL;
|
2007-08-24 02:55:11 +00:00
|
|
|
hvalue = avtab_hash(key, h->mask);
|
2019-03-12 06:31:10 +00:00
|
|
|
for (prev = NULL, cur = h->htable[hvalue];
|
2005-04-16 22:20:36 +00:00
|
|
|
cur;
|
|
|
|
|
prev = cur, cur = cur->next) {
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class == cur->key.target_class &&
|
2005-09-03 22:55:16 +00:00
|
|
|
(specified & cur->key.specified))
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
|
if (key->source_type < cur->key.source_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type < cur->key.target_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class < cur->key.target_class)
|
|
|
|
|
break;
|
|
|
|
|
}
|
2022-01-25 14:14:16 +00:00
|
|
|
return avtab_insert_node(h, hvalue, prev, key, datum);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-30 13:16:46 +00:00
|
|
|
struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int hvalue;
|
|
|
|
|
struct avtab_node *cur;
|
2005-09-03 22:55:16 +00:00
|
|
|
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-04-02 08:56:18 +00:00
|
|
|
if (!h || !h->nslot)
|
2005-04-16 22:20:36 +00:00
|
|
|
return NULL;
|
|
|
|
|
|
2007-08-24 02:55:11 +00:00
|
|
|
hvalue = avtab_hash(key, h->mask);
|
2019-03-12 06:31:10 +00:00
|
|
|
for (cur = h->htable[hvalue]; cur;
|
2015-03-24 20:54:16 +00:00
|
|
|
cur = cur->next) {
|
2005-04-16 22:20:36 +00:00
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class == cur->key.target_class &&
|
2005-09-03 22:55:16 +00:00
|
|
|
(specified & cur->key.specified))
|
2005-04-16 22:20:36 +00:00
|
|
|
return &cur->datum;
|
|
|
|
|
|
|
|
|
|
if (key->source_type < cur->key.source_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type < cur->key.target_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class < cur->key.target_class)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This search function returns a node pointer, and can be used in
|
|
|
|
|
* conjunction with avtab_search_next_node()
|
|
|
|
|
*/
|
2021-03-30 13:16:46 +00:00
|
|
|
struct avtab_node *avtab_search_node(struct avtab *h,
|
|
|
|
|
const struct avtab_key *key)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int hvalue;
|
|
|
|
|
struct avtab_node *cur;
|
2005-09-03 22:55:16 +00:00
|
|
|
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-04-02 08:56:18 +00:00
|
|
|
if (!h || !h->nslot)
|
2005-04-16 22:20:36 +00:00
|
|
|
return NULL;
|
|
|
|
|
|
2007-08-24 02:55:11 +00:00
|
|
|
hvalue = avtab_hash(key, h->mask);
|
2019-03-12 06:31:10 +00:00
|
|
|
for (cur = h->htable[hvalue]; cur;
|
2015-03-24 20:54:16 +00:00
|
|
|
cur = cur->next) {
|
2005-04-16 22:20:36 +00:00
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class == cur->key.target_class &&
|
2005-09-03 22:55:16 +00:00
|
|
|
(specified & cur->key.specified))
|
2005-04-16 22:20:36 +00:00
|
|
|
return cur;
|
|
|
|
|
|
|
|
|
|
if (key->source_type < cur->key.source_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type < cur->key.target_type)
|
|
|
|
|
break;
|
|
|
|
|
if (key->source_type == cur->key.source_type &&
|
|
|
|
|
key->target_type == cur->key.target_type &&
|
|
|
|
|
key->target_class < cur->key.target_class)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct avtab_node*
|
|
|
|
|
avtab_search_node_next(struct avtab_node *node, int specified)
|
|
|
|
|
{
|
|
|
|
|
struct avtab_node *cur;
|
|
|
|
|
|
|
|
|
|
if (!node)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2005-09-03 22:55:16 +00:00
|
|
|
specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
|
2005-04-16 22:20:36 +00:00
|
|
|
for (cur = node->next; cur; cur = cur->next) {
|
|
|
|
|
if (node->key.source_type == cur->key.source_type &&
|
|
|
|
|
node->key.target_type == cur->key.target_type &&
|
|
|
|
|
node->key.target_class == cur->key.target_class &&
|
2005-09-03 22:55:16 +00:00
|
|
|
(specified & cur->key.specified))
|
2005-04-16 22:20:36 +00:00
|
|
|
return cur;
|
|
|
|
|
|
|
|
|
|
if (node->key.source_type < cur->key.source_type)
|
|
|
|
|
break;
|
|
|
|
|
if (node->key.source_type == cur->key.source_type &&
|
|
|
|
|
node->key.target_type < cur->key.target_type)
|
|
|
|
|
break;
|
|
|
|
|
if (node->key.source_type == cur->key.source_type &&
|
|
|
|
|
node->key.target_type == cur->key.target_type &&
|
|
|
|
|
node->key.target_class < cur->key.target_class)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void avtab_destroy(struct avtab *h)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
struct avtab_node *cur, *temp;
|
|
|
|
|
|
2019-03-12 06:31:10 +00:00
|
|
|
if (!h)
|
2005-04-16 22:20:36 +00:00
|
|
|
return;
|
|
|
|
|
|
2007-08-24 02:55:11 +00:00
|
|
|
for (i = 0; i < h->nslot; i++) {
|
2019-03-12 06:31:10 +00:00
|
|
|
cur = h->htable[i];
|
2008-08-07 00:18:20 +00:00
|
|
|
while (cur) {
|
2005-04-16 22:20:36 +00:00
|
|
|
temp = cur;
|
|
|
|
|
cur = cur->next;
|
2015-07-10 21:19:56 +00:00
|
|
|
if (temp->key.specified & AVTAB_XPERMS)
|
|
|
|
|
kmem_cache_free(avtab_xperms_cachep,
|
|
|
|
|
temp->datum.u.xperms);
|
2005-04-16 22:20:36 +00:00
|
|
|
kmem_cache_free(avtab_node_cachep, temp);
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-03-12 06:31:10 +00:00
|
|
|
kvfree(h->htable);
|
2005-04-16 22:20:36 +00:00
|
|
|
h->htable = NULL;
|
2021-04-02 08:56:18 +00:00
|
|
|
h->nel = 0;
|
2007-08-24 02:55:11 +00:00
|
|
|
h->nslot = 0;
|
|
|
|
|
h->mask = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2020-03-05 19:55:43 +00:00
|
|
|
void avtab_init(struct avtab *h)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2007-08-24 02:55:11 +00:00
|
|
|
h->htable = NULL;
|
|
|
|
|
h->nel = 0;
|
2021-04-02 08:56:18 +00:00
|
|
|
h->nslot = 0;
|
|
|
|
|
h->mask = 0;
|
2007-08-24 02:55:11 +00:00
|
|
|
}
|
|
|
|
|
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
static int avtab_alloc_common(struct avtab *h, u32 nslot)
|
2007-08-24 02:55:11 +00:00
|
|
|
{
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
if (!nslot)
|
|
|
|
|
return 0;
|
2007-08-24 02:55:11 +00:00
|
|
|
|
2019-03-12 06:31:10 +00:00
|
|
|
h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!h->htable)
|
|
|
|
|
return -ENOMEM;
|
2007-08-24 02:55:11 +00:00
|
|
|
|
|
|
|
|
h->nslot = nslot;
|
2021-04-02 08:56:18 +00:00
|
|
|
h->mask = nslot - 1;
|
2005-04-16 22:20:36 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
int avtab_alloc(struct avtab *h, u32 nrules)
|
2020-08-11 19:01:56 +00:00
|
|
|
{
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
int rc;
|
|
|
|
|
u32 nslot = 0;
|
|
|
|
|
|
|
|
|
|
if (nrules != 0) {
|
|
|
|
|
u32 shift = 1;
|
|
|
|
|
u32 work = nrules >> 3;
|
|
|
|
|
while (work) {
|
|
|
|
|
work >>= 1;
|
|
|
|
|
shift++;
|
2020-08-11 19:01:56 +00:00
|
|
|
}
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
nslot = 1 << shift;
|
|
|
|
|
if (nslot > MAX_AVTAB_HASH_BUCKETS)
|
|
|
|
|
nslot = MAX_AVTAB_HASH_BUCKETS;
|
|
|
|
|
|
|
|
|
|
rc = avtab_alloc_common(h, nslot);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
2020-08-11 19:01:56 +00:00
|
|
|
}
|
|
|
|
|
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
|
2020-08-11 19:01:56 +00:00
|
|
|
return 0;
|
selinux: fix cond_list corruption when changing booleans
Currently, duplicate_policydb_cond_list() first copies the whole
conditional avtab and then tries to link to the correct entries in
cond_dup_av_list() using avtab_search(). However, since the conditional
avtab may contain multiple entries with the same key, this approach
often fails to find the right entry, potentially leading to wrong rules
being activated/deactivated when booleans are changed.
To fix this, instead start with an empty conditional avtab and add the
individual entries one-by-one while building the new av_lists. This
approach leads to the correct result, since each entry is present in the
av_lists exactly once.
The issue can be reproduced with Fedora policy as follows:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
# setsebool ftpd_anon_write=off ftpd_connect_all_unreserved=off ftpd_connect_db=off ftpd_full_access=off
On fixed kernels, the sesearch output is the same after the setsebool
command:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t public_content_rw_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write }; [ ftpd_anon_write ]:True
While on the broken kernels, it will be different:
# sesearch -s ftpd_t -t public_content_rw_t -c dir -p create -A
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
allow ftpd_t non_security_file_type:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ ftpd_full_access ]:True
While there, also simplify the computation of nslots. This changes the
nslots values for nrules 2 or 3 to just two slots instead of 4, which
makes the sequence more consistent.
Cc: stable@vger.kernel.org
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-04-02 08:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
|
|
|
|
|
{
|
|
|
|
|
return avtab_alloc_common(new, orig->nslot);
|
2020-08-11 19:01:56 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-20 15:05:02 +00:00
|
|
|
void avtab_hash_eval(struct avtab *h, const char *tag)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int i, chain_len, slots_used, max_chain_len;
|
2007-08-24 02:55:11 +00:00
|
|
|
unsigned long long chain2_len_sum;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct avtab_node *cur;
|
|
|
|
|
|
|
|
|
|
slots_used = 0;
|
|
|
|
|
max_chain_len = 0;
|
2007-08-24 02:55:11 +00:00
|
|
|
chain2_len_sum = 0;
|
|
|
|
|
for (i = 0; i < h->nslot; i++) {
|
2019-03-12 06:31:10 +00:00
|
|
|
cur = h->htable[i];
|
2005-04-16 22:20:36 +00:00
|
|
|
if (cur) {
|
|
|
|
|
slots_used++;
|
|
|
|
|
chain_len = 0;
|
|
|
|
|
while (cur) {
|
|
|
|
|
chain_len++;
|
|
|
|
|
cur = cur->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (chain_len > max_chain_len)
|
|
|
|
|
max_chain_len = chain_len;
|
2007-08-24 02:55:11 +00:00
|
|
|
chain2_len_sum += chain_len * chain_len;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
|
2008-05-14 15:27:45 +00:00
|
|
|
"longest chain length %d sum of chain length^2 %llu\n",
|
2007-08-24 02:55:11 +00:00
|
|
|
tag, h->nel, slots_used, h->nslot, max_chain_len,
|
|
|
|
|
chain2_len_sum);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-02 14:43:38 +00:00
|
|
|
static const uint16_t spec_order[] = {
|
2005-09-03 22:55:16 +00:00
|
|
|
AVTAB_ALLOWED,
|
|
|
|
|
AVTAB_AUDITDENY,
|
|
|
|
|
AVTAB_AUDITALLOW,
|
|
|
|
|
AVTAB_TRANSITION,
|
|
|
|
|
AVTAB_CHANGE,
|
2015-07-10 21:19:56 +00:00
|
|
|
AVTAB_MEMBER,
|
|
|
|
|
AVTAB_XPERMS_ALLOWED,
|
|
|
|
|
AVTAB_XPERMS_AUDITALLOW,
|
|
|
|
|
AVTAB_XPERMS_DONTAUDIT
|
2005-09-03 22:55:16 +00:00
|
|
|
};
|
|
|
|
|
|
2007-11-07 15:08:00 +00:00
|
|
|
int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
2021-03-30 13:16:46 +00:00
|
|
|
int (*insertf)(struct avtab *a, const struct avtab_key *k,
|
|
|
|
|
const struct avtab_datum *d, void *p),
|
2005-09-03 22:55:16 +00:00
|
|
|
void *p)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2005-09-03 22:55:17 +00:00
|
|
|
__le16 buf16[4];
|
|
|
|
|
u16 enabled;
|
2007-11-07 15:08:00 +00:00
|
|
|
u32 items, items2, val, vers = pol->policyvers;
|
2005-09-03 22:55:16 +00:00
|
|
|
struct avtab_key key;
|
|
|
|
|
struct avtab_datum datum;
|
2015-07-10 21:19:56 +00:00
|
|
|
struct avtab_extended_perms xperms;
|
|
|
|
|
__le32 buf32[ARRAY_SIZE(xperms.perms.p)];
|
2005-09-03 22:55:16 +00:00
|
|
|
int i, rc;
|
2007-11-07 15:08:00 +00:00
|
|
|
unsigned set;
|
2005-09-03 22:55:16 +00:00
|
|
|
|
|
|
|
|
memset(&key, 0, sizeof(struct avtab_key));
|
|
|
|
|
memset(&datum, 0, sizeof(struct avtab_datum));
|
|
|
|
|
|
|
|
|
|
if (vers < POLICYDB_VERSION_AVTAB) {
|
|
|
|
|
rc = next_entry(buf32, fp, sizeof(u32));
|
2010-06-12 18:50:35 +00:00
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return rc;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
items2 = le32_to_cpu(buf32[0]);
|
|
|
|
|
if (items2 > ARRAY_SIZE(buf32)) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: entry overflow\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
rc = next_entry(buf32, fp, sizeof(u32)*items2);
|
2010-06-12 18:50:35 +00:00
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return rc;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
items = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-09-03 22:55:16 +00:00
|
|
|
val = le32_to_cpu(buf32[items++]);
|
|
|
|
|
key.source_type = (u16)val;
|
|
|
|
|
if (key.source_type != val) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated source type\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
val = le32_to_cpu(buf32[items++]);
|
|
|
|
|
key.target_type = (u16)val;
|
|
|
|
|
if (key.target_type != val) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated target type\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
val = le32_to_cpu(buf32[items++]);
|
|
|
|
|
key.target_class = (u16)val;
|
|
|
|
|
if (key.target_class != val) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated target class\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
val = le32_to_cpu(buf32[items++]);
|
|
|
|
|
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
|
|
|
|
|
|
|
|
|
|
if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: null entry\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
if ((val & AVTAB_AV) &&
|
|
|
|
|
(val & AVTAB_TYPE)) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: entry has both access vectors and types\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
2015-07-10 21:19:56 +00:00
|
|
|
if (val & AVTAB_XPERMS) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: entry has extended permissions\n");
|
2015-07-10 21:19:56 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
2005-09-03 22:55:16 +00:00
|
|
|
|
2006-01-06 08:11:23 +00:00
|
|
|
for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
|
2005-09-03 22:55:16 +00:00
|
|
|
if (val & spec_order[i]) {
|
|
|
|
|
key.specified = spec_order[i] | enabled;
|
2015-07-10 21:19:56 +00:00
|
|
|
datum.u.data = le32_to_cpu(buf32[items++]);
|
2005-09-03 22:55:16 +00:00
|
|
|
rc = insertf(a, &key, &datum, p);
|
2008-04-18 21:38:28 +00:00
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (items != items2) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
|
|
|
|
|
items2, items);
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2005-09-03 22:55:16 +00:00
|
|
|
}
|
|
|
|
|
return 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2005-09-03 22:55:16 +00:00
|
|
|
|
|
|
|
|
rc = next_entry(buf16, fp, sizeof(u16)*4);
|
2010-06-12 18:50:35 +00:00
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return rc;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2005-09-03 22:55:16 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
items = 0;
|
2005-09-03 22:55:16 +00:00
|
|
|
key.source_type = le16_to_cpu(buf16[items++]);
|
|
|
|
|
key.target_type = le16_to_cpu(buf16[items++]);
|
|
|
|
|
key.target_class = le16_to_cpu(buf16[items++]);
|
|
|
|
|
key.specified = le16_to_cpu(buf16[items++]);
|
|
|
|
|
|
2007-11-07 15:08:00 +00:00
|
|
|
if (!policydb_type_isvalid(pol, key.source_type) ||
|
|
|
|
|
!policydb_type_isvalid(pol, key.target_type) ||
|
|
|
|
|
!policydb_class_isvalid(pol, key.target_class)) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: invalid type or class\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2007-11-07 15:08:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
set = 0;
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
|
|
|
|
|
if (key.specified & spec_order[i])
|
|
|
|
|
set++;
|
|
|
|
|
}
|
|
|
|
|
if (!set || set > 1) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: more than one specifier\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2007-11-07 15:08:00 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-10 21:19:56 +00:00
|
|
|
if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
|
|
|
|
|
(key.specified & AVTAB_XPERMS)) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: policy version %u does not "
|
2015-07-10 21:19:56 +00:00
|
|
|
"support extended permissions rules and one "
|
|
|
|
|
"was specified\n", vers);
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
} else if (key.specified & AVTAB_XPERMS) {
|
|
|
|
|
memset(&xperms, 0, sizeof(struct avtab_extended_perms));
|
|
|
|
|
rc = next_entry(&xperms.specified, fp, sizeof(u8));
|
|
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2015-07-10 21:19:56 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
rc = next_entry(&xperms.driver, fp, sizeof(u8));
|
|
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2015-07-10 21:19:56 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
|
|
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2015-07-10 21:19:56 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
|
|
|
|
|
xperms.perms.p[i] = le32_to_cpu(buf32[i]);
|
|
|
|
|
datum.u.xperms = &xperms;
|
|
|
|
|
} else {
|
|
|
|
|
rc = next_entry(buf32, fp, sizeof(u32));
|
|
|
|
|
if (rc) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated entry\n");
|
2015-07-10 21:19:56 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
datum.u.data = le32_to_cpu(*buf32);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2007-11-07 15:08:00 +00:00
|
|
|
if ((key.specified & AVTAB_TYPE) &&
|
2015-07-10 21:19:56 +00:00
|
|
|
!policydb_type_isvalid(pol, datum.u.data)) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: invalid type\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
return -EINVAL;
|
2007-11-07 15:08:00 +00:00
|
|
|
}
|
2005-09-03 22:55:16 +00:00
|
|
|
return insertf(a, &key, &datum, p);
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2021-03-30 13:16:46 +00:00
|
|
|
static int avtab_insertf(struct avtab *a, const struct avtab_key *k,
|
|
|
|
|
const struct avtab_datum *d, void *p)
|
2005-09-03 22:55:16 +00:00
|
|
|
{
|
|
|
|
|
return avtab_insert(a, k, d);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
2007-11-07 15:08:00 +00:00
|
|
|
int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int rc;
|
2005-09-03 22:55:17 +00:00
|
|
|
__le32 buf[1];
|
2005-04-16 22:20:36 +00:00
|
|
|
u32 nel, i;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rc = next_entry(buf, fp, sizeof(u32));
|
|
|
|
|
if (rc < 0) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: truncated table\n");
|
2005-04-16 22:20:36 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
nel = le32_to_cpu(buf[0]);
|
|
|
|
|
if (!nel) {
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: table is empty\n");
|
2005-04-16 22:20:36 +00:00
|
|
|
rc = -EINVAL;
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
2007-08-24 02:55:11 +00:00
|
|
|
|
|
|
|
|
rc = avtab_alloc(a, nel);
|
|
|
|
|
if (rc)
|
|
|
|
|
goto bad;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
for (i = 0; i < nel; i++) {
|
2007-11-07 15:08:00 +00:00
|
|
|
rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (rc) {
|
|
|
|
|
if (rc == -ENOMEM)
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: out of memory\n");
|
2005-09-03 22:55:16 +00:00
|
|
|
else if (rc == -EEXIST)
|
2018-06-12 08:09:04 +00:00
|
|
|
pr_err("SELinux: avtab: duplicate entry\n");
|
2010-06-12 18:50:35 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = 0;
|
|
|
|
|
out:
|
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
|
|
bad:
|
|
|
|
|
avtab_destroy(a);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-30 13:16:46 +00:00
|
|
|
int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp)
|
2010-10-13 21:50:25 +00:00
|
|
|
{
|
|
|
|
|
__le16 buf16[4];
|
2015-07-10 21:19:56 +00:00
|
|
|
__le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
|
2010-10-13 21:50:25 +00:00
|
|
|
int rc;
|
2015-07-10 21:19:56 +00:00
|
|
|
unsigned int i;
|
2010-10-13 21:50:25 +00:00
|
|
|
|
|
|
|
|
buf16[0] = cpu_to_le16(cur->key.source_type);
|
|
|
|
|
buf16[1] = cpu_to_le16(cur->key.target_type);
|
|
|
|
|
buf16[2] = cpu_to_le16(cur->key.target_class);
|
|
|
|
|
buf16[3] = cpu_to_le16(cur->key.specified);
|
|
|
|
|
rc = put_entry(buf16, sizeof(u16), 4, fp);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
2015-07-10 21:19:56 +00:00
|
|
|
|
|
|
|
|
if (cur->key.specified & AVTAB_XPERMS) {
|
|
|
|
|
rc = put_entry(&cur->datum.u.xperms->specified, sizeof(u8), 1, fp);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
rc = put_entry(&cur->datum.u.xperms->driver, sizeof(u8), 1, fp);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
|
|
|
|
|
buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
|
|
|
|
|
rc = put_entry(buf32, sizeof(u32),
|
|
|
|
|
ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
|
|
|
|
|
} else {
|
|
|
|
|
buf32[0] = cpu_to_le32(cur->datum.u.data);
|
|
|
|
|
rc = put_entry(buf32, sizeof(u32), 1, fp);
|
|
|
|
|
}
|
2010-10-13 21:50:25 +00:00
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int avtab_write(struct policydb *p, struct avtab *a, void *fp)
|
|
|
|
|
{
|
|
|
|
|
unsigned int i;
|
|
|
|
|
int rc = 0;
|
|
|
|
|
struct avtab_node *cur;
|
|
|
|
|
__le32 buf[1];
|
|
|
|
|
|
|
|
|
|
buf[0] = cpu_to_le32(a->nel);
|
|
|
|
|
rc = put_entry(buf, sizeof(u32), 1, fp);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < a->nslot; i++) {
|
2019-03-12 06:31:10 +00:00
|
|
|
for (cur = a->htable[i]; cur;
|
2015-03-24 20:54:16 +00:00
|
|
|
cur = cur->next) {
|
2010-10-13 21:50:25 +00:00
|
|
|
rc = avtab_write_item(p, cur, fp);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2018-03-01 23:48:02 +00:00
|
|
|
|
|
|
|
|
void __init avtab_cache_init(void)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
avtab_node_cachep = kmem_cache_create("avtab_node",
|
|
|
|
|
sizeof(struct avtab_node),
|
2007-07-20 01:11:58 +00:00
|
|
|
0, SLAB_PANIC, NULL);
|
2015-07-10 21:19:56 +00:00
|
|
|
avtab_xperms_cachep = kmem_cache_create("avtab_extended_perms",
|
|
|
|
|
sizeof(struct avtab_extended_perms),
|
|
|
|
|
0, SLAB_PANIC, NULL);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|